Lossless image optimization #3341

pull Need4Video wants to merge 1 commits into bitcoin:master from Need4Video:master changing 50 files +0 −0
  1. Need4Video commented at 9:12 AM on December 2, 2013: contributor

    less bytes, same images

  2. Lossless image optimization
    less bytes, same images
    d6cb85d50d
  3. laanwj commented at 9:19 AM on December 2, 2013: member

    ACK

  4. BitcoinPullTester commented at 9:31 AM on December 2, 2013: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/d6cb85d50db46ac46097857dd69f8f1ae5c5e13b for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  5. wtogami commented at 11:45 AM on December 2, 2013: contributor

    http://www.olegkikin.com/png_optimizers/ Which PNG optimizer did you use? Apparently they differ substantially in results. After research on this I personally use only pngout.

  6. Need4Video commented at 12:13 PM on December 2, 2013: contributor

    I used truepng, pngwolfz, pngzopfli, pngout, and then advdef to recompress the iDAT stream. You can try to optimize further the images but it won't save more than 5 bytes.

  7. sipa commented at 12:25 PM on December 2, 2013: member

    ACK

  8. sipa referenced this in commit 9ab7a0609e on Dec 2, 2013
  9. sipa merged this on Dec 2, 2013
  10. sipa closed this on Dec 2, 2013
  11. wtogami commented at 1:03 PM on December 2, 2013: contributor

    gitian win32 still uses libpng-1.5.9.tar.gz

    http://www.libpng.org/pub/png/libpng.html All "modern" versions of libpng through 1.5.9 ... fail to correctly handle malloc() failure for text chunks (in png_set_text_2()), which can lead to memory corruption and the possibility of execution of hostile code.

    Yes it is quite unlikely, but did any of you look into possible security implications of committing PNG's from a random contributor? It is entirely possible to include a hostile payload directly in our gitian builds if we are not paying attention. This gitian build is also the toolchain where we have not enabled hardening due to mingw bugs.

    I hope we get around to upgrading the gitian deps...

  12. Need4Video commented at 1:08 PM on December 2, 2013: contributor

    How would it be possible with smaller images? I think that including a hostile payload would increase the size of the images, isn't it? You can check the images with TweakPNG (http://entropymine.com/jason/tweakpng/).

  13. laanwj commented at 1:16 PM on December 2, 2013: member

    @wtogami let's do the useful thing and upgrade libpng then

  14. wtogami commented at 1:25 PM on December 2, 2013: contributor

    I had been suggesting that since March at least. The response has always been "this code doesn't touch the network, don't worry about it." =)

  15. laanwj commented at 1:54 PM on December 2, 2013: member

    I'm going to remove the gitian libpng dependency completely. It's used for libqrcode, but just the demos, not any part that we use.

  16. wtogami commented at 7:03 PM on December 2, 2013: contributor

    Thank you.

  17. DrahtBot locked this on Sep 8, 2021
Contributors
Need4VideolaanwjBitcoinPullTesterwtogamisipa
Linked (view graph)
#3343 gitian: remove zlib and libpng deps
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me