On 05/01/2016 10:34 AM, Carsten Haitzler (The Rasterman) wrote: > On Fri, 29 Apr 2016 18:56:19 -0700 Cedric BAIL <[email protected]> said: > >> cedric pushed a commit to branch master. >> >> http://git.enlightenment.org/core/efl.git/commit/?id=b8860c88f52c7ea3576f88f9399b777646975bd5 >> >> commit b8860c88f52c7ea3576f88f9399b777646975bd5 >> Author: Cedric Bail <[email protected]> >> Date: Fri Apr 29 14:22:01 2016 -0700 >> >> tiff: disable by default as it is full of CVE with apparently no chance >> to get them fixed. >> This can still be manually turned on if you need it. > > the evas tiff loader or libtiff itself? i am not sure disabling by default is > a > good idea regardless of cve's ... >
Links to CVE's would also be useful, if there just silly ones related to corrupt images (DOS) then most users probably don't care having said that efl could get around all those issues by moving the tiff loader into evas_generic_loaders (similar to the librsvg loader). If someone can create a tiff image that lets them read parts of my memory then thats a bigger issue. >> --- >> configure.ac | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/configure.ac b/configure.ac >> index 2d38a43..deafdd8 100644 >> --- a/configure.ac >> +++ b/configure.ac >> @@ -2008,7 +2008,7 @@ ARG_ENABLE_EVAS_IMAGE_LOADER(PMAPS, static) >> ARG_ENABLE_EVAS_IMAGE_LOADER(PNG, static) >> ARG_ENABLE_EVAS_IMAGE_LOADER(PSD, static) >> ARG_ENABLE_EVAS_IMAGE_LOADER(Tga, static) >> -ARG_ENABLE_EVAS_IMAGE_LOADER(Tiff, yes) >> +ARG_ENABLE_EVAS_IMAGE_LOADER(Tiff, no) >> ARG_ENABLE_EVAS_IMAGE_LOADER(WBMP, static) >> ARG_ENABLE_EVAS_IMAGE_LOADER(WEBP, no) >> ARG_ENABLE_EVAS_IMAGE_LOADER(XPM, static) >> >> -- >> >> > > -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adeliade Australia, UTC+9:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
