Accepting request 626863 from graphics

- security update:
  * CVE-2018-13785 [bsc#1100687]
    + libpng16-CVE-2018-13785.patch

OBS-URL: https://build.opensuse.org/request/show/626863
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=39

libpng16-CVE-2018-13785.patch

@@ -0,0 +1,13 @@
+Index: libpng-1.6.34/pngrutil.c
+===================================================================
+--- libpng-1.6.34.orig/pngrutil.c	2017-09-29 10:40:57.000000000 +0200
++++ libpng-1.6.34/pngrutil.c	2018-08-01 09:59:02.399741891 +0200
+@@ -3149,7 +3149,7 @@ png_check_chunk_length(png_const_structr
+    {
+       png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
+       size_t row_factor =
+-         (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
++         ((size_t)png_ptr->width * (size_t)png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
+           + 1 + (png_ptr->interlaced? 6: 0));
+       if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
+          idat_limit=PNG_UINT_31_MAX;

libpng16.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Aug  1 08:01:23 UTC 2018 - pgajdos@suse.com
+
+- security update:
+  * CVE-2018-13785 [bsc#1100687]
+    + libpng16-CVE-2018-13785.patch
+
 -------------------------------------------------------------------
 Mon Feb  5 15:35:46 UTC 2018 - pgajdos@suse.com
 

libpng16.spec

@@ -35,6 +35,7 @@ Source1:        ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{versio
 Source2:        libpng16.keyring
 Source3:        rpm-macros.libpng-tools
 Source4:        baselibs.conf
+Patch0:         libpng16-CVE-2018-13785.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
@@ -96,6 +97,7 @@ PNG files.
 
 %prep
 %setup -q -n libpng-%{version}
+%patch0 -p1
 
 %build
 # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1