"Be sure your sins will find you out!"
zarniwhoop73 at googlemail.com
Mon Aug 2 15:43:55 PDT 2010
ISTR I was the patsy who suggested we patch libpng for the rejected apng code,
using words like "distros will do this". In practice, the main
distros don't, or
tried it and then decided the patch wasn't something they wanted to carry.
Meanwhile, I'm not aware of anywhere that actually uses apng files - there's
probably somewhere within mozilla, just to spite me, but nothing I know of
in the real world.
Also, firefox contains other libs, such as theora, where it _cannot_ be forced
to use system libs, so I guess it's a bit like google products - it carries its
own variants of libraries, and that's how it is.
As part of fixing libpng (to remove the vulnerability), I'll be testing
firefox-3.6.8 against the apng patch from libpng-apng at sourceforge
(our 1.2.42 patch applies but fails to build), but I now think we should
[ in future ] stop carrying the patch.
Feel free to shoot me down in flames if you wish.
After tragedy, and farce, "OMG poneys!"
More information about the blfs-dev