incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tora - Takamichi Akiyama <>
Subject Re: PNG Security Vulnerability fixed in 3.3.0
Date Sun, 18 Dec 2011 21:33:40 GMT

Thank you for your reply.

On 12/18/2011 10:09 AM, Marcus (OOo) wrote:
> *IMHO* to create a patch or update for and to guarantee
> the binary compatibility, you need to use the original environment for
> developing, builing, testing.

That is right!

Even so, there are some cases that we might not need the original 
environment. For instance, exaggerated though, to change the initial 
number of sheets in Calc from 3 to 1, modify one byte from 0x03 to 0x01 
in the .dll file of Calc. It works!

Believe or not, there are demands and those are what I have been doing 
for years. If you want to have an immediate solution and cannot wait for 
the next release, what can we do for you?

Route A)
1. Investigate the problem and create a source code patch.
2. Build bug-fixed .so or .dll files and deliver them to you.
3. File the patch so that the future release will have it.

Route B)
1. File the problem and wait until it is fixed by a developer.
2. Obtain the patch from the source code repository.
3. Build .so or .dll files with the patch and deliver them to you.

I once summarized technical details. It is outdated, though.

We can individually set up a build environment similar to that of 
release engineering team. And it works well so far.

The story I mentioned above, route A and B, could not be applied for all 
the cases, but could for some simple ones such as crash, buffer 
overflow, misinterpretation upon importing/exporting files, and so on.

>> Why not 3.3.0? They say 3.2.1 is conceptually stabler than 3.3.0 since
>> 3.2.1 is a minor, bug-fixed version while 3.3.0 is a major version.
> In theory yes. But have they really tried this out? Have they proved for
> themselves that 3.2.1 is better for their business? If not and 3.3.0 is
> surprisingly better than first thought, then the answer could be very
> easy. ;-)

I understand what you are saying. ;-)
The customer seems to have slightly different thoughts.

They do not really need new functionality of office suite. What they 
really need is the software on which they can do their daily work.

In other words, I am typing this email on my Windows XP laptop. I know 
Windows Vista and 7 are available. But, XP is good enough for me.

I do not say the development effort is unnecessary. It is crucial for 
progress. With understanding customer's variety needs, we could do much 
better work, I think.

Again, does anyone know any information or the best person to contact?

  Security Vulnerability in related to PNG file processing


View raw message