[Kde-imaging] extragear/libs/kipi-plugins/rawconverter [POSSIBLY UNSAFE]
Caulier Gilles
caulier.gilles at kdemail.net
Tue Oct 10 17:58:11 CEST 2006
Le Mardi 10 Octobre 2006 16:49, Angelo Naselli a écrit :
> Alle 15:14, martedì 10 ottobre 2006, Gilles Caulier ha scritto:
> > On Tuesday 10 October 2006 14:59, Angelo Naselli wrote:
> > > Alle 14:35, martedì 10 ottobre 2006, Gilles Caulier ha scritto:
> > > > SVN commit 594192 by cgilles:
> > > >
> > > > kipi-plugins from trunk : RAW Converter : bye bye external dcraw
> > > > depency
> > > >
> > > >
> > > > Raw onverter plugin use a dedicaced dcraw binary program to run. This
> > > > is mandatory since dcraw author have broken the command line options
> > > > compatibility with the 8.x serie.
> > > >
> > > > Also, dcraw is not available like a library!
> > > >
> > > > The dcraw.c source code embeded in plugin is just a copy of official
> > > > implementation, but this one have been completly tested with plugin.
> > >
> > > Does that mean we do have to maintain old dcraw code? Or it's a
> > > a temporary solution?
> >
> > No. The code to maintain is the dcrawiface class, and only when we want
> > to do !
> >
> > I want mean that when we want to update the dcraw.c implementation using
> > the dcraw offical web page (look in Makefile.am for details), we just
> > need to _copy_ the dcraw.c into svn.
> >
> > After, we check if :
> >
> > - it compile.
> > - an option syntax have changed. If yes, dcrawiface.cpp implementation
> > need to be fixed
> > - all regression tests work fine using the plugin.
>
> That unfortunately means, yes.
>
> What happens if, I don't say it is but if, a security problem on dcraw is
> present? You should fix it here and in digikam. How can you do that?
Dave Coffin is very active. I'm sure that it will fix it in a short time. I
have seen that there is 2 or 3 version released by month available on web
project page
> Doing
> by yourself or backporting from dcraw trunk if present
there is no dcraw repository ! Just the last version is avaialble.
> , but that
> unfortunately is not the same version as we're using...
> That is similar to have a fork of dcraw,
no because i don't/won't touch the dcraw implementation. It's completly
different. It's just a simple copy.
> and if, as you said, there are a
> lot of people who want to have libdcraw why not to implement it?
Because it very complicated to do (:=))). Look in dcraw.c for example.
Gilles
More information about the Kde-imaging
mailing list