Turning APNG to on by default in graphics/png

Mikhail T. mi+thun at aldan.algebra.com
Wed May 25 19:16:38 UTC 2011

On 25.05.2011 15:02, Andrey Chernov wrote:
>> There used to be concerns about security of animated PNG code, but today I can
>> >  not find any advisories fresher than 2008:
>> >  
>> >       http://osvdb.org/show/osvdb/48766
> Wrong place to find advisores related to subj. See
> http://www.libpng.org/pub/png/libpng.html
> page, right below yellow tables. Latest one fixed Feb 3 2011.
Your link has no information on ANIMATED png. The ANIMATED functionality has no 
advisories since 2008...
>> >  Various Mozilla applications will then be able to LIB_DEPEND on the installed
>> >  png instead of building their own versions.
> FYI: apng is quick hack to overcome animated gifs limitations and libpng
> author is strongly against it, suggesting to use more flexible mng
> instead:http://www.libpng.org/pub/mng
I have this information -- this was discussed (with your and my selves present) 
back in 2008. But we are not going to change the way Mozilla projects are going 
about this... Our options at this point are:

  * continue building a private libpng as part of each Mozilla application -- a 
silly redundancy of patches and waste of time and space;
  * make a separate port (apng or mozilla-png) -- making sure, it does not 
conflict with the "official" png;
  * just turn the APNG option on by default in the existing png port...

I think, the third options is the easiest -- and it has NO downsides... Yours,


More information about the freebsd-ports mailing list