Re: Pre-approval for optipng
Nelson A. de Oliveira wrote:
> Hi!
>
> On Wed, 12 Nov 2008 07:26:36 +0100
> Luk Claes <luk@debian.org> wrote:
>
>> Nelson A. de Oliveira wrote:
>>> So do I have a pre-approval to upload it to unstable, including
>>> only a patch to fix SA32651, please?
>> Yes.
>
> OK.
>
> ====================
> debdiff:
>
> diff -urN optipng-0.6.1/debian/changelog optipng-0.6.1.1/debian/changelog
> --- optipng-0.6.1/debian/changelog 2008-11-12 08:57:07.000000000 -0200
> +++ optipng-0.6.1.1/debian/changelog 2008-11-12 08:50:01.000000000 -0200
> @@ -1,3 +1,13 @@
> +optipng (0.6.1.1-1) unstable; urgency=high
> +
> + * New upstream release (kindly provided by Cosmin Truţa, fixing only
> + the security issue found in version 0.6.1):
> + - fix array overflow in the BMP reader (Closes: #505399). This is Secunia
> + Advisory SA32651.
> + * Fix broken link /usr/share/doc/optipng/changelog.gz.
> +
> + -- Nelson A. de Oliveira <naoliv@debian.org> Wed, 12 Nov 2008 08:40:50 -0200
> +
> optipng (0.6.1-2) unstable; urgency=low
>
> * Update debian/copyright.
> diff -urN optipng-0.6.1/debian/links optipng-0.6.1.1/debian/links
> --- optipng-0.6.1/debian/links 2008-11-12 08:57:07.000000000 -0200
> +++ optipng-0.6.1.1/debian/links 2008-11-12 08:43:46.000000000 -0200
> @@ -1 +1 @@
> -usr/share/doc/optipng/HISTORY.txt.gz usr/share/doc/optipng/changelog.gz
> +usr/share/doc/optipng/history.txt.gz usr/share/doc/optipng/changelog.gz
> diff -urN optipng-0.6.1/debian/README.source optipng-0.6.1.1/debian/README.source
> --- optipng-0.6.1/debian/README.source 2008-11-12 08:57:07.000000000 -0200
> +++ optipng-0.6.1.1/debian/README.source 2008-11-12 08:49:57.000000000 -0200
> @@ -1,4 +1,4 @@
> -optipng_0.6.0.orig.tar.gz is a stripped version of the original OptiPNG.
> +optipng_0.6.1.1.orig.tar.gz is a stripped version of the original OptiPNG.
> The following dirs and files were removed:
>
> lib/lib_diff/
> @@ -15,4 +15,8 @@
> src/scripts/visualc.mak
> src/xtra/
>
> -Nelson A. de Oliveira <naoliv@debian.org> Fri, 20 Jun 2008 00:43:42 -0300
> +Note that his package is version 0.6.1 plus the patch optipng-0.6.1.1.diff
> +provided by the upstream author, Cosmin Truţa. This patch fixes an array
> +overflow in the BMP reader (Secunia Advisory SA32651).
> +
> +Nelson A. de Oliveira <naoliv@debian.org> Wed, 12 Nov 2008 08:40:50 -0200
> ====================
>
> ====================
> debdiff (it shows only a minor fix for a broken link):
>
> debdiff optipng_0.6.1-2_i386.deb optipng_0.6.1.1-1_i386.deb
> [The following lists of changes regard files as different if they have
> different names, permissions or owners.]
>
> Files in second .deb but not in first
> -------------------------------------
> lrwxrwxrwx root/root /usr/share/doc/optipng/changelog.gz -> history.txt.gz
>
> Files in first .deb but not in second
> -------------------------------------
> lrwxrwxrwx root/root /usr/share/doc/optipng/changelog.gz -> HISTORY.txt.gz
>
> Control files: lines which differ (wdiff format)
> ------------------------------------------------
> Version: [-0.6.1-2-] {+0.6.1.1-1+}
> ====================
>
> Patch provided by upstream is available at
> http://people.debian.org/~naoliv/misc/optipng-0.6.1.1.diff.txt
>
> lib/pngxtern/pngx.h | 22 ++++++++++++---
> lib/pngxtern/pngxio.c | 26 ++++++++++--------
> lib/pngxtern/pngxmem.c | 41 +++++++++++++++++++++--------
> lib/pngxtern/pngxrbmp.c | 67 +++++++++++++++++++++++++-----------------------
> src/proginfo.h | 2 -
> 5 files changed, 99 insertions(+), 59 deletions(-)
>
> Since there are some modified comments inside the patch, it may look bigger
> than it really is.
>
> Green light to upload it? :-)
Yes, please upload.
Cheers
Luk
Reply to: