Comments (15)
Update
There's 100% an issue with the distributed v2.12.5 of pngquant
. The problem doesn't affect all png files this may be why it's not been widely reported.
I've created an automated test using docker which compiles all different versions of pngquant
from source, and it works perfectly, even with v2.12.5
on the images that are affected by the precompiled v2.12.5.
This makes me think it's a 3rd party lib that it requires during build or an issue with the build process of the distributed package.
I will also create an issue on the pngquant
repo, and I'll update you once I know more.
from image-optimizer.
you can add --quality=65-80 option and pngquant will work fine
from image-optimizer.
Sorry to comment on this closed issue, but I think there's a mismatch between the docs and the actual situation. AFAIU, at the end it wasn't related to the pngquant
version. But the readme still states:
This package only supports Pngquant 2.5 and lower.
Even worse, also projects relying on this one, spread this information, see https://github.com/TypistTech/image-optimize-command#optimization-tools
Am I right that the issue was only with packaging on Cent OS/RH? If so, the warning should be removed again. I'm happy to make a pull request (also for TypistTech/image-optimize-command) 😄
from image-optimizer.
I confirm and have the same issue.
An automatic upgrade from pngquant-2.7.2-1.el7.x86_64 @epel --> Update 2.12.5-1.el7.x86_64 @epel causes the above issue.
I've downgraded the pngquant version and it works again.
Images result in a sort of 2 colored gif version
from image-optimizer.
If I understand correctly, this is a bug in pngquant, right? Or is there anything we can do in our package to fix the problem?
from image-optimizer.
Pngquant hasn't updated recently, and no bugs have been reported. It's just that servers recently auto-update to the latest version ( because 2.5 is from 2015)
https://github.com/kornelski/pngquant/blob/master/CHANGELOG
for me it was crucial to rollback (or get rid of the pngquant in the optimizerChainFactory) since images got optimised automatically in an incorrect way.
from image-optimizer.
I’ll close this as the fault lies not within this package.
from image-optimizer.
Well, i think this package should be made either compatible with the current version of Pngquant or it should not promote it's use. As everyone installing this module on a new server will end up with this issue. Maybe there is a problem with the default settings for Pngquant set by this module, and changing those would provide a solution?
Simply closing this issue would mean to ship a broken system.
The easiest solution would be to add a sentence to the readme about the version of Pngquant to use. "This package only supports Pngquant 2.5 and lower"
from image-optimizer.
Added that sentence to the readme.
from image-optimizer.
I just came across this issue when using this package, I think it's the wrong advice to recommend an old package 2.5 and lower due to security reasons.
For example, CVE-2016-5735 affects older versions, the commit Fix integer overflow in rwpng.h (CVE-2016-5735)
is here kornelski/pngquant@b7c2176 which is first tagged in version 2.7.2
.
Full history regarding the file with the vulnerability can be found here https://github.com/kornelski/pngquant/commits/master/rwpng.c, you can see this vulnerability goes back to all prior versions.
It's patched in 2.12.5 2.12.3 2.12.2 2.12.1 2.12.0 2.11.7 2.11.6 2.11.4 2.11.3 2.11.2 2.11.1 2.11.0 2.10.2 2.10.1 2.10.0 2.9.1 2.9.0 2.8.2 2.8.1 2.8.0 2.7.2
.
I'm going to look into what's changed and see if we can get this package working with the latest version of pngquant
or at least advise using a version ^2.7.2
that works in the readme.
from image-optimizer.
Thanks you for your work on this.
from image-optimizer.
We were able to replicate the issue and trace it back to being compiled with gcc version 4.8.5. It only affects the CentOS 7 package pngquant-2.12.5-1.el7.x86_64.rpm. from what I can tell.
I've submitted a bug report to RedHat for them to update the package, you can see that here https://bugzilla.redhat.com/show_bug.cgi?id=1765388.
I've also published our tests and builds here https://github.com/joejordanbrown/pngquant-epel-package-issue.
from image-optimizer.
you can add --quality=65-80 option and pngquant will work fine
I confirm that this resolves the issue
from image-optimizer.
Thanks for your work on this. We'll continue this conversation in #99
from image-optimizer.
This is not a fix, see my comments on #99.
I'm still waiting for the new fixed release to hit the CentOS EPEL repo. I've provided the pull request to fix the issue. Hopefully, it will be published soon.
If you really require the fix now, you can use our RPMs here https://github.com/joejordanbrown/mock-rpm-pngquant/tree/master/result.
yum install https://raw.githubusercontent.com/joejordanbrown/mock-rpm-pngquant/master/result/pngquant-2.12.5-1.el7.x86_64.rpm
The RPM spec file can be found here https://github.com/joejordanbrown/mock-rpm-pngquant/blob/master/data/pngquant.spec which you can use to build PngQuant yourself for sanity.
from image-optimizer.
Related Issues (20)
- Er heeft zich een kritieke fout voorgedaan op deze site.Meer informatie over probleemoplossing in WordPress. Er heeft zich een kritieke fout voorgedaan op deze site.
- image size remain same HOT 2
- how to use with windows.
- PHP Fatal error Call to undefined method fromShellCommandline
- How can I check if binary is present
- Unable to compress b64 images
- Question : AWS S3 HOT 2
- Support for dropbox/lepton for lossless jpeg compression HOT 1
- Use without composer. HOT 1
- Image is not being compressed It produces the image with same size
- FIT_FILL manipulations HOT 1
- broken link to jpegoptim source in README HOT 1
- Feature Request: AVIF image format support
- cwebp optimizer supports only webp images?
- pngquant not running
- No tif/tiff optimizers?
- svgo incompatibilities with OptimizerChainFactory HOT 2
- Deserialization of Untrusted Data in spatie/image-optimizer HOT 2
- How to optimise images?
- Exception - Class Spatie\ImageOptimizer\InvalidArgumentException not found HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from image-optimizer.