From nobody@FreeBSD.org  Fri Feb 19 06:30:32 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 76BE31065694
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 19 Feb 2010 06:30:32 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 65C9B8FC34
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 19 Feb 2010 06:30:32 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o1J6UVqg016103
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 19 Feb 2010 06:30:31 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o1J6UVH6016102;
	Fri, 19 Feb 2010 06:30:31 GMT
	(envelope-from nobody)
Message-Id: <201002190630.o1J6UVH6016102@www.freebsd.org>
Date: Fri, 19 Feb 2010 06:30:31 GMT
From: Ruslan Mahmatkhanov <cvs-src@yandex.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [UPDATE] graphics/optipng to 0.6.3 [security fix]
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: tom@hur.st

>Number:         144092
>Category:       ports
>Synopsis:       [UPDATE] graphics/optipng to 0.6.3 [security fix]
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 19 06:40:01 UTC 2010
>Closed-Date:    Wed Mar 10 13:29:18 UTC 2010
>Last-Modified:  Wed Mar 10 13:30:12 UTC 2010
>Originator:     Ruslan Mahmatkhanov
>Release:        8.0-STABLE
>Organization:
>Environment:
FreeBSD 8.0-STABLE i386
>Description:
- update to 0.6.3 
It fixes some security issues in past versions.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruNa optipng.old/Makefile optipng/Makefile
--- optipng/Makefile	2009-08-22 04:23:01.000000000 +0400
+++ optipng/Makefile	2010-02-18 21:28:58.000000000 +0300
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	optipng
-PORTVERSION=	0.6.2
+PORTVERSION=	0.6.3
 CATEGORIES=	graphics
 MASTER_SITES=	SF/${PORTNAME}/OptiPNG/${PORTNAME}-${PORTVERSION}
 
diff -ruNa optipng.old/distinfo optipng/distinfo
--- optipng/distinfo	2009-01-19 23:44:24.000000000 +0300
+++ optipng/distinfo	2010-02-18 21:28:51.000000000 +0300
@@ -1,3 +1,3 @@
-MD5 (optipng-0.6.2.tar.gz) = 08b6195bb5895a7fe167fab16dcdf6d5
-SHA256 (optipng-0.6.2.tar.gz) = 84312506ea0c683a4e7675b3c8278067222762520016cc61e53c2b0e679120ca
-SIZE (optipng-0.6.2.tar.gz) = 1052509
+MD5 (optipng-0.6.3.tar.gz) = 6cef405197a878acff4c6216cf38e871
+SHA256 (optipng-0.6.3.tar.gz) = d11630955e2e72f07dd0aa1270f9d20caaef41796fdbfbbc1caad5b931fdf721
+SIZE (optipng-0.6.3.tar.gz) = 1060571


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Fri Feb 19 06:40:40 UTC 2010 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144092 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: tom@hur.st
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/144092: [UPDATE] graphics/optipng to 0.6.3 [security fix]
Date: Fri, 19 Feb 2010 06:40:37 UT

 Maintainer of graphics/optipng,
 
 Please note that PR ports/144092 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/144092
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Fri Feb 19 08:32:07 UTC 2010 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144092 

From: Thomas Hurst <tom@hur.st>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/144092: [UPDATE] graphics/optipng to 0.6.3 [security fix]
Date: Sun, 21 Feb 2010 11:52:14 +0000

 Tested with porttools and the binary verified as working in some simple
 tests.  Please commit.
 
 The security issue is with reading GIF files, CVE-2009-0749:
 
   http://secunia.com/advisories/cve_reference/CVE-2009-0749/
 
 This should probably go into vuxml.
 
 Thanks!
 
 -- 
 Thomas 'Freaky' Hurst
     http://hur.st/

From: Ruslan Mahmatkhanov <cvs-src@yandex.ru>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/144092
Date: Tue, 23 Feb 2010 13:09:30 +0300

 Feature safe: yes
State-Changed-From-To: feedback->closed 
State-Changed-By: miwi 
State-Changed-When: Wed Mar 10 13:29:17 UTC 2010 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=144092 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/144092: commit references a PR
Date: Wed, 10 Mar 2010 13:29:54 +0000 (UTC)

 miwi        2010-03-10 13:29:05 UTC
 
   FreeBSD ports repository
 
   Modified files:
     graphics/optipng     Makefile distinfo 
   Log:
   - Update to 0.6.3
   
   PR:             144092
   Submitted by:   Ruslan Mahmatkhanov <cvs-src@yandex.ru>
   Approved by:    Thomas Hurst <tom@hur.st> (maintainer)
   
   Revision  Changes    Path
   1.7       +1 -1      ports/graphics/optipng/Makefile
   1.8       +3 -3      ports/graphics/optipng/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
