Re: Pre-approval for optipng
Luk Claes wrote:
> Nelson A. de Oliveira wrote:
>> Hi!
>>
>> On Wed, 12 Nov 2008 07:26:36 +0100
>> Luk Claes <luk@debian.org> wrote:
>>
>>> Nelson A. de Oliveira wrote:
>>>> So do I have a pre-approval to upload it to unstable, including
>>>> only a patch to fix SA32651, please?
>>> Yes.
>> OK.
>>
>> ====================
>> debdiff:
>>
>> diff -urN optipng-0.6.1/debian/changelog optipng-0.6.1.1/debian/changelog
>> --- optipng-0.6.1/debian/changelog 2008-11-12 08:57:07.000000000 -0200
>> +++ optipng-0.6.1.1/debian/changelog 2008-11-12 08:50:01.000000000 -0200
>> @@ -1,3 +1,13 @@
>> +optipng (0.6.1.1-1) unstable; urgency=high
>> +
>> + * New upstream release (kindly provided by Cosmin Truţa, fixing only
>> + the security issue found in version 0.6.1):
>> + - fix array overflow in the BMP reader (Closes: #505399). This is Secunia
>> + Advisory SA32651.
>> + * Fix broken link /usr/share/doc/optipng/changelog.gz.
>> +
>> + -- Nelson A. de Oliveira <naoliv@debian.org> Wed, 12 Nov 2008 08:40:50 -0200
>> +
>> optipng (0.6.1-2) unstable; urgency=low
>>
>> * Update debian/copyright.
>> diff -urN optipng-0.6.1/debian/links optipng-0.6.1.1/debian/links
>> --- optipng-0.6.1/debian/links 2008-11-12 08:57:07.000000000 -0200
>> +++ optipng-0.6.1.1/debian/links 2008-11-12 08:43:46.000000000 -0200
>> @@ -1 +1 @@
>> -usr/share/doc/optipng/HISTORY.txt.gz usr/share/doc/optipng/changelog.gz
>> +usr/share/doc/optipng/history.txt.gz usr/share/doc/optipng/changelog.gz
>> diff -urN optipng-0.6.1/debian/README.source optipng-0.6.1.1/debian/README.source
>> --- optipng-0.6.1/debian/README.source 2008-11-12 08:57:07.000000000 -0200
>> +++ optipng-0.6.1.1/debian/README.source 2008-11-12 08:49:57.000000000 -0200
>> @@ -1,4 +1,4 @@
>> -optipng_0.6.0.orig.tar.gz is a stripped version of the original OptiPNG.
>> +optipng_0.6.1.1.orig.tar.gz is a stripped version of the original OptiPNG.
>> The following dirs and files were removed:
>>
>> lib/lib_diff/
>> @@ -15,4 +15,8 @@
>> src/scripts/visualc.mak
>> src/xtra/
>>
>> -Nelson A. de Oliveira <naoliv@debian.org> Fri, 20 Jun 2008 00:43:42 -0300
>> +Note that his package is version 0.6.1 plus the patch optipng-0.6.1.1.diff
>> +provided by the upstream author, Cosmin Truţa. This patch fixes an array
>> +overflow in the BMP reader (Secunia Advisory SA32651).
>> +
>> +Nelson A. de Oliveira <naoliv@debian.org> Wed, 12 Nov 2008 08:40:50 -0200
>> ====================
>>
>> ====================
>> debdiff (it shows only a minor fix for a broken link):
>>
>> debdiff optipng_0.6.1-2_i386.deb optipng_0.6.1.1-1_i386.deb
>> [The following lists of changes regard files as different if they have
>> different names, permissions or owners.]
>>
>> Files in second .deb but not in first
>> -------------------------------------
>> lrwxrwxrwx root/root /usr/share/doc/optipng/changelog.gz -> history.txt.gz
>>
>> Files in first .deb but not in second
>> -------------------------------------
>> lrwxrwxrwx root/root /usr/share/doc/optipng/changelog.gz -> HISTORY.txt.gz
>>
>> Control files: lines which differ (wdiff format)
>> ------------------------------------------------
>> Version: [-0.6.1-2-] {+0.6.1.1-1+}
>> ====================
>>
>> Patch provided by upstream is available at
>> http://people.debian.org/~naoliv/misc/optipng-0.6.1.1.diff.txt
>>
>> lib/pngxtern/pngx.h | 22 ++++++++++++---
>> lib/pngxtern/pngxio.c | 26 ++++++++++--------
>> lib/pngxtern/pngxmem.c | 41 +++++++++++++++++++++--------
>> lib/pngxtern/pngxrbmp.c | 67 +++++++++++++++++++++++++-----------------------
>> src/proginfo.h | 2 -
>> 5 files changed, 99 insertions(+), 59 deletions(-)
>>
>> Since there are some modified comments inside the patch, it may look bigger
>> than it really is.
>>
>> Green light to upload it? :-)
>
> Yes, please upload.
Apparently uploaded, so unblocked.
Cheers
Luk
Reply to: