Re: [Development] QMovie no longer supports .mng

2016-04-27 Thread Thiago Macieira 
On quarta-feira, 27 de abril de 2016 02:10:09 PDT Jake Petroules wrote:
> If we can simply update libmng and recompile against the new version then we
> should do so immediately!

I still vote for carrying fewer dependencies, especially those that try to 
read external files and may be used on untrusted files.

For each and every 3rdparty dependency we bundle or ship a binary for, we 
should have a security champion who follows security announcements for that 
3rd party source and updates our copy and binaries. Especially for the LTS 
release.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] QMovie no longer supports .mng

2016-04-26 Thread Maurice Kalinowski 
> > As a distribution packager, I think that's a good plan. :-) The people 
> > on proprietary operating systems seem less happy about that, as 
> > evidenced by this thread. But that's not MY problem… ;-)
>
> Indeed.
>
> If we want the binaries to include the builds, we could include the DLLs for 
> those libraries too.

For all supported windows platforms? While we shrank the amount of Qt pre-built 
packages, there is still a larger amount of platforms/configurations we support 
and ask users to build from source. Stripping that away might be complicated.

Maurice 

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] QMovie no longer supports .mng

2016-04-26 Thread Jake Petroules 
If we can simply update libmng and recompile against the new version then we 
should do so immediately!

On Apr 26, 2016, at 4:47 PM, Thiago Macieira 
> wrote:

On quarta-feira, 27 de abril de 2016 01:39:38 PDT Kevin Kofler wrote:
Thiago Macieira wrote:
Sorry, just deleting. That makes downloading and maintaining such a
library SEP.

As a distribution packager, I think that's a good plan. :-) The people on
proprietary operating systems seem less happy about that, as evidenced by
this thread. But that's not MY problem… ;-)

Indeed.

If we want the binaries to include the builds, we could include the DLLs for
those libraries too.

--
Thiago Macieira - thiago.macieira (AT) intel.com
 Software Architect - Intel Open Source Technology Center

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

--
Jake Petroules - 
jake.petrou...@theqtcompany.com
Consulting Services Engineer - The Qt Company
Qbs build system evangelist - qbs.io

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] QMovie no longer supports .mng

2016-04-26 Thread Thiago Macieira 
On quarta-feira, 27 de abril de 2016 01:39:38 PDT Kevin Kofler wrote:
> Thiago Macieira wrote:
> > Sorry, just deleting. That makes downloading and maintaining such a
> > library SEP.
> 
> As a distribution packager, I think that's a good plan. :-) The people on
> proprietary operating systems seem less happy about that, as evidenced by
> this thread. But that's not MY problem… ;-)

Indeed.

If we want the binaries to include the builds, we could include the DLLs for 
those libraries too.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] QMovie no longer supports .mng

2016-04-26 Thread Kevin Kofler 
Thiago Macieira wrote:
> Sorry, just deleting. That makes downloading and maintaining such a
> library SEP.

As a distribution packager, I think that's a good plan. :-) The people on 
proprietary operating systems seem less happy about that, as evidenced by 
this thread. But that's not MY problem… ;-)

Kevin Kofler

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] QMovie no longer supports .mng

2016-04-26 Thread Thiago Macieira 
On quarta-feira, 27 de abril de 2016 01:11:28 PDT Kevin Kofler wrote:
> Jake Petroules wrote:
> > The MNG and JPEG2000 plugins are no longer built by default on most
> > platforms because upstream development has stalled and there are known
> > security vulnerabilities. See
> > https://codereview.qt-project.org/#/c/141429/
> 
> For libmng, you bundle the ancient version 1.0.10 from 2009 (!). The current
> version is 2.0.3 from 2015:
> https://sourceforge.net/projects/libmng/files/libmng-devel/
> Despite the new major version number, qt5-qtimageformats compiles with no
> changes against that version.

Nice!

I wonder why the bundled copies are still present. The commit that disabled 
them was "Build MNG and Jpeg2000 plugins only if system libs found".

Deletion in https://codereview.qt-project.org/157156.

> For JPEG2000:
> > You can still build them manually if you really want them. Perhaps you
> > could help port the JPEG2000 plugin to
> > https://github.com/uclouvain/openjpeg
> 
> That would be an option. But I would start by just getting the Jasper
> security fixes from a GNU/Linux distribution (e.g.:
> http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/
> ) and applying them to your bundled copy.

Sorry, just deleting. That makes downloading and maintaining such a library 
SEP.

https://en.wikipedia.org/wiki/SEP_field

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] QMovie no longer supports .mng

2016-04-26 Thread Kevin Kofler 
I wrote:
> For libmng, you bundle the ancient version 1.0.10 from 2009 (!).

Sorry, from 2007, even!

Kevin Kofler

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] QMovie no longer supports .mng

2016-04-26 Thread Kevin Kofler 
Jake Petroules wrote:
> The MNG and JPEG2000 plugins are no longer built by default on most
> platforms because upstream development has stalled and there are known
> security vulnerabilities. See
> https://codereview.qt-project.org/#/c/141429/

For libmng, you bundle the ancient version 1.0.10 from 2009 (!). The current 
version is 2.0.3 from 2015:
https://sourceforge.net/projects/libmng/files/libmng-devel/
Despite the new major version number, qt5-qtimageformats compiles with no 
changes against that version.

For JPEG2000:

> You can still build them manually if you really want them. Perhaps you
> could help port the JPEG2000 plugin to
> https://github.com/uclouvain/openjpeg

That would be an option. But I would start by just getting the Jasper 
security fixes from a GNU/Linux distribution (e.g.:
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/
) and applying them to your bundled copy.

Kevin Kofler

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] QMovie no longer supports .mng

2016-04-24 Thread Jake Petroules 
The MNG and JPEG2000 plugins are no longer built by default on most platforms 
because upstream development has stalled and there are known security 
vulnerabilities. See https://codereview.qt-project.org/#/c/141429/

You can still build them manually if you really want them. Perhaps you could 
help port the JPEG2000 plugin to https://github.com/uclouvain/openjpeg

On Apr 24, 2016, at 2:12 PM, Tom Isaacson 
> wrote:

I've just upgraded from Qt 5.5.1 to 5.6 using Visual Studio 2013 for 32-bit on 
Windows 7 and I've found that QMovie fails to load .mng files. Calling 
QMovie::supportedFormats() just returns "gif". Previously this was working fine.

Is this an intentional change? How can I get round it?

Thanks,

Tom Isaacson

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

--
Jake Petroules - 
jake.petrou...@theqtcompany.com
Consulting Services Engineer - The Qt Company
Qbs build system evangelist - qbs.io

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

[Development] QMovie no longer supports .mng

2016-04-24 Thread Tom Isaacson 
I've just upgraded from Qt 5.5.1 to 5.6 using Visual Studio 2013 for 32-bit on 
Windows 7 and I've found that QMovie fails to load .mng files. Calling 
QMovie::supportedFormats() just returns "gif". Previously this was working fine.

Is this an intentional change? How can I get round it?

Thanks,

Tom Isaacson

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development