https://bugzilla.redhat.com/show_bug.cgi?id=1886858
Bug ID: 1886858
Summary: Review Request: pngcheck - Verifies the integrity of
PNG, JNG and MNG files
Product: Fedora
Version: rawhide
Hardware: All
OS: Linux
Status: NEW
Component: Package Review
Severity: medium
Assignee: nob...@fedoraproject.org
Reporter: c...@musicinmybrain.net
QA Contact: extras...@fedoraproject.org
CC: package-review@lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Spec URL:
https://gitlab.com/musicinmybrain/pngcheck-rpm/-/raw/master/pngcheck.spec
Patch URL:
https://gitlab.com/musicinmybrain/pngcheck-rpm/-/raw/master/pngcheck-2.3.0-format-security.patch
SRPM URL:
https://kojipkgs.fedoraproject.org//work/tasks/1383/53081383/pngcheck-2.3.0-1.fc34.src.rpm
Description: pngcheck verifies the integrity of PNG, JNG and MNG files (by
checking the
internal 32-bit CRCs [checksums] and decompressing the image data); it can
optionally dump almost all of the chunk-level information in the image in
human-readable form. For example, it can be used to print the basic statistics
about an image (dimensions, bit depth, etc.); to list the color and
transparency info in its palette (assuming it has one); or to extract the
embedded text annotations. This is a command-line program with batch
capabilities.
Included with pngcheck (since version 2.1.0) are two helper utilities:
- pngsplit - break a PNG, MNG or JNG image into constituent chunks (numbered
for easy reassembly)
- png-fix-IDAT-windowsize - fix minor zlib-header breakage caused by libpng
1.2.6
Fedora Account System Username: music
Koji build for Fedora 34:
https://koji.fedoraproject.org/koji/taskinfo?taskID=53081365
Koji build for Fedora 33:
https://koji.fedoraproject.org/koji/taskinfo?taskID=53081635
Koji build for Fedora 32:
https://koji.fedoraproject.org/koji/taskinfo?taskID=53081851
Koji build for EPEL8:
https://koji.fedoraproject.org/koji/taskinfo?taskID=53081964
Koji build for EPEL7:
https://koji.fedoraproject.org/koji/taskinfo?taskID=53082044
Note that pngcheck itself is under a minimal MIT license, while the helper
utilities, packaged in -extras, are GPLv2+. The (sub)package licenses reflect
this.
Upstream is not very active. There is no bug tracker, and the last release was
13 years ago. The utility itself nevertheless remains useful.
A small patch is used to allow the program to build without disabling
-Werror=format-security. This patch, and a separate file containing the MIT
license text, would generally be good suggestions to push back upstream;
however, given the lack of upstream activity, it does seem unlikely that a new
release would be made merely to accommodate Fedora’s preferences.
----
This is my second package for Fedora. I am seeking sponsorship into the
packager group; see my first approved package,
https://bugzilla.redhat.com/show_bug.cgi?id=1885684, for details.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
