From a6a00192a45e9b8a35b03b5f5472fdd0697798cff9b3000446c458da28872c1b Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Thu, 4 Aug 2016 06:18:33 +0000
Subject: [PATCH 1/2] Accepting request 416808 from
 home:susnux:branches:graphics

Update to 1.6.23
Some possible security fixes.

OBS-URL: https://build.opensuse.org/request/show/416808
OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=81
---
 libpng-1.6.22.tar.xz     |  3 ---
 libpng-1.6.22.tar.xz.asc | 17 -----------------
 libpng-1.6.23.tar.xz     |  3 +++
 libpng-1.6.23.tar.xz.asc | 17 +++++++++++++++++
 libpng16.changes         | 17 +++++++++++++++++
 libpng16.spec            |  2 +-
 6 files changed, 38 insertions(+), 21 deletions(-)
 delete mode 100644 libpng-1.6.22.tar.xz
 delete mode 100644 libpng-1.6.22.tar.xz.asc
 create mode 100644 libpng-1.6.23.tar.xz
 create mode 100644 libpng-1.6.23.tar.xz.asc

diff --git a/libpng-1.6.22.tar.xz b/libpng-1.6.22.tar.xz
deleted file mode 100644
index e4236e0..0000000
--- a/libpng-1.6.22.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6b5a6ad5c5801ec4d24aacc87a0ed7b666cd586478174f69368a1d7747715226
-size 958976
diff --git a/libpng-1.6.22.tar.xz.asc b/libpng-1.6.22.tar.xz.asc
deleted file mode 100644
index f4937cf..0000000
--- a/libpng-1.6.22.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXRuzxAAoJEPVJhL+hbGQPQzUP/jmOI6EBMi+O1kyq+Bio8hL+
-i5Bs5MPGoUxRUcNNWTFVdFfvmXiJtTkAycCoxFJp1ysU4fEPhZ/0U/kvvk+DwzIZ
-zPLXzD9YTeYOi+TAkVbnl0eLI1CJYA7bHlRROv/+Q6mFYnAROweyyzAuZfX3JwQd
-hkN/ugq60Tz7wumtLzz/d0ZGZmBwmq7VDsKLgKC1tksxpmNUjFXKfHwJtsA5FH4T
-dEbz7L9kFuWPrRA/E9rD5sRXxP6Tekqamho+3LNOwI90bkULlBcsOlbctw40yxTJ
-AznmJCXMg3hVyNtLGcEsPlyI/1NOi9DTA8T0Dxj9zRW9b36nPtGAze1oOfk0XYjV
-nBGuP5MJmBP5w+nxohCgAevp/XH0LGr9H/tO/TLZcQ/GTcqFyLASHXBNK6JuQwTK
-YYs77NkBHaaODptZZ1GqPv7AzwKmLhHzjWjm1u93LLlNb8rbpkOdYXbQ5/KKdQOh
-OXpk0g1P0oB1AY62/k82GnHnukULxn5MxWnvCasjfYMKvLWFMOOMIqhwDRXRXTR/
-0TBDAg4F+o053o/wu6ym46UI5EDmvkk7Bv4EN+iFhawtwGztJNnz7XIXA9aDx8vh
-nd2C8Cmt8R5KZaHRVY0ZrGU/Og0S3m3cgfWiYK9wu9z11rPLuOnYFZZ1p+Bn0Lb6
-kJhcMjWGY9WT6hhk9lek
-=QkFl
------END PGP SIGNATURE-----
diff --git a/libpng-1.6.23.tar.xz b/libpng-1.6.23.tar.xz
new file mode 100644
index 0000000..096002f
--- /dev/null
+++ b/libpng-1.6.23.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6d921e7bdaec56e9f6594463ec1fe1981c3cd2d5fc925d3781e219b5349262f1
+size 961520
diff --git a/libpng-1.6.23.tar.xz.asc b/libpng-1.6.23.tar.xz.asc
new file mode 100644
index 0000000..bdd119f
--- /dev/null
+++ b/libpng-1.6.23.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJXWVlfAAoJEPVJhL+hbGQPma8QAPosNmfqgIP+5cvaheoxpb6N
+u6mhl9vrv0/p0q0z1Wzd7viu1Nhd4/Mq9jLoUkpn5Kh49JBA2PCKpLVKUtdFNb9y
+fXDb0Cr6Fm+iE0tvK7HEk3w+U2/TNc2llt6G5ftEVvHXedrXqcUubvo84f+a2bRA
+OqDXqwuUfMcf9pMEg4WxjqJ/WoPr/XkLC5ixWjA1LqPJ8E8nlLg8r03HdebQT93x
+4M0z0HNr20mjUOeCc5JhFWNzJWMDBh60B9GdfQtBSCzTsO/onVNaaTziKI1v9Ef8
+N4sReAi0d4lTkIFjvCoxALyE6QPMaOSA+fp3HYr2ALen83rX3S2DCmcxdQxRMnXN
+qkS0uB2oue3ZGLrKHxu8Xhme8YEyo8IQVs3tYZkiqiRJsNz7MJQ7bg4mz9jT3Ae7
+F3B/T9pDr6HiPj08k8wURUtZeQmfU4M5WXadBnhxhmcatynCpwf/QJK/i/twfI4T
+gajOIyQqHrm6OIaGxG+0gtJG3/mdiftYfyz3280sy0RLDeshyYcx7BEQRLzFp/k3
+zWGUDaO0gyfY5DJibM899a93Z1no5Vkyy1H9lIh4/V5j6eTc+5/dT5mFMbEVTJlX
+36yyYB+izY/r4KtkgCT0KgaTCA8zP8cZCQAPFM1F0OGvZwYZfjUpRlWZlxT2KI9P
+d3d1fcsy9IWU3lZmEk3R
+=0nta
+-----END PGP SIGNATURE-----
diff --git a/libpng16.changes b/libpng16.changes
index 6bb99b7..b0d6cd4 100644
--- a/libpng16.changes
+++ b/libpng16.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Aug  3 22:30:08 UTC 2016 - rpm@fthiessen.de
+
+- Update to new upstream release 1.6.23
+  * Fixes a potential memleak in png_set_tRNS.
+  * Fixed the progressive reader to handle empty first IDAT
+    chunk properly.
+  * Added tests in pngvalid.c to check zero-length IDAT chunks
+    in various positions.
+  * Fixed the sequential reader to handle these more robustly.
+  * Corrected progressive read input buffer in pngvalid.c.
+  * Moved sse2 prototype from pngpriv.h to
+    contrib/intel/intel_sse.patch.
+  * Fixed undefined behavior in png_push_save_buffer().
+    Do not call memcpy() with a null source, even if count is zero.
+  * Fixed bad link to RFC2083 in png.5.
+
 -------------------------------------------------------------------
 Thu May 26 14:55:11 UTC 2016 - pgajdos@suse.com
 
diff --git a/libpng16.spec b/libpng16.spec
index ae9de64..8553cd1 100644
--- a/libpng16.spec
+++ b/libpng16.spec
@@ -19,7 +19,7 @@
 #
 %define major   1
 %define minor   6
-%define micro   22
+%define micro   23
 %define branch  %{major}%{minor}
 %define libname libpng%{branch}-%{branch}
 

From 6bc0cde88a329b8fd2a50c8dc5c963ea376f59ef625cb6fb57798e41693dd0bf Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Thu, 4 Aug 2016 06:31:09 +0000
Subject: [PATCH 2/2] - update to 1.6.24:   Avoid potential overflow of the
 PNG_IMAGE_SIZE macro.   Correct filter heuristic overflow handling.   Use a
 more efficient absolute value calculation on SSE2.   Added pngcp.   etc. see
 ANNOUNCE

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=82
---
 libpng-1.6.23.tar.xz     |  3 ---
 libpng-1.6.23.tar.xz.asc | 17 -----------------
 libpng-1.6.24.tar.xz     |  3 +++
 libpng-1.6.24.tar.xz.asc | 17 +++++++++++++++++
 libpng16.changes         | 10 ++++++++++
 libpng16.spec            |  3 ++-
 6 files changed, 32 insertions(+), 21 deletions(-)
 delete mode 100644 libpng-1.6.23.tar.xz
 delete mode 100644 libpng-1.6.23.tar.xz.asc
 create mode 100644 libpng-1.6.24.tar.xz
 create mode 100644 libpng-1.6.24.tar.xz.asc

diff --git a/libpng-1.6.23.tar.xz b/libpng-1.6.23.tar.xz
deleted file mode 100644
index 096002f..0000000
--- a/libpng-1.6.23.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6d921e7bdaec56e9f6594463ec1fe1981c3cd2d5fc925d3781e219b5349262f1
-size 961520
diff --git a/libpng-1.6.23.tar.xz.asc b/libpng-1.6.23.tar.xz.asc
deleted file mode 100644
index bdd119f..0000000
--- a/libpng-1.6.23.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXWVlfAAoJEPVJhL+hbGQPma8QAPosNmfqgIP+5cvaheoxpb6N
-u6mhl9vrv0/p0q0z1Wzd7viu1Nhd4/Mq9jLoUkpn5Kh49JBA2PCKpLVKUtdFNb9y
-fXDb0Cr6Fm+iE0tvK7HEk3w+U2/TNc2llt6G5ftEVvHXedrXqcUubvo84f+a2bRA
-OqDXqwuUfMcf9pMEg4WxjqJ/WoPr/XkLC5ixWjA1LqPJ8E8nlLg8r03HdebQT93x
-4M0z0HNr20mjUOeCc5JhFWNzJWMDBh60B9GdfQtBSCzTsO/onVNaaTziKI1v9Ef8
-N4sReAi0d4lTkIFjvCoxALyE6QPMaOSA+fp3HYr2ALen83rX3S2DCmcxdQxRMnXN
-qkS0uB2oue3ZGLrKHxu8Xhme8YEyo8IQVs3tYZkiqiRJsNz7MJQ7bg4mz9jT3Ae7
-F3B/T9pDr6HiPj08k8wURUtZeQmfU4M5WXadBnhxhmcatynCpwf/QJK/i/twfI4T
-gajOIyQqHrm6OIaGxG+0gtJG3/mdiftYfyz3280sy0RLDeshyYcx7BEQRLzFp/k3
-zWGUDaO0gyfY5DJibM899a93Z1no5Vkyy1H9lIh4/V5j6eTc+5/dT5mFMbEVTJlX
-36yyYB+izY/r4KtkgCT0KgaTCA8zP8cZCQAPFM1F0OGvZwYZfjUpRlWZlxT2KI9P
-d3d1fcsy9IWU3lZmEk3R
-=0nta
------END PGP SIGNATURE-----
diff --git a/libpng-1.6.24.tar.xz b/libpng-1.6.24.tar.xz
new file mode 100644
index 0000000..c55ac39
--- /dev/null
+++ b/libpng-1.6.24.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7932dc9e5e45d55ece9d204e90196bbb5f2c82741ccb0f7e10d07d364a6fd6dd
+size 977532
diff --git a/libpng-1.6.24.tar.xz.asc b/libpng-1.6.24.tar.xz.asc
new file mode 100644
index 0000000..17f37b4
--- /dev/null
+++ b/libpng-1.6.24.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJXoqdVAAoJEPVJhL+hbGQPwAsP/ineogvpp8AUqFDoyqeJm8xG
+wRD26DmSjDw+SE6RN+EMU7nPNNoYcP5sRLUD6iYa2QQzEfaHYd/3NDBnQ6DjVmen
+Xkne7HYnOWgvyU6L136BN0rac+/M64T4rXFpIn8u1pc4OTEcBpqUKdZk0z7hsNq5
+t72nu5cxtIVW18bdkbyDoQAbMH27HVrF0BQ0HvmS0WM3LHqzv75LF3dF5ar2RqPC
+LxK6G6N7yN7IAUv8PwqoB3+sJuOwfyZH90meRkMGcwK4DXm0cV6yXess3v/OyrdB
+g8xRdTM4IfYg07XWQQnTodGajA1ISUq3dZPGUQrRG2Bwypz2f2cUC54EWToSbF+f
+yrt42uBwAvTGtw7k0k2vd1c6utZxKrQzF3z1dwbPDdXeM3OqvZXysKWQqTwBueNu
+9mKa518T7plSxQzYwNEzagGj8Tuezh6mHVTMPxwrBwND1nEuLq0PQyl7edwak02p
+sEeQliu4VZT60bwMo3LfFj1Mu08tLcL6YJ0f1gNAkT8LL3vtWL4b5Kx9Sff22fsy
+OjQLlhuTgnM/rssTeMiX8Lg6PFn9jG/1m1rI9FPNtNim670T+77WmME8g0oE9hXM
+x3reaEopJqL6OLeYXHLe7Q14jgav2KCNoqJatkdiUUGM0BEH01PxaX/nO4prryus
+3Tz3zfpJyhm5Sjkuaibm
+=My9M
+-----END PGP SIGNATURE-----
diff --git a/libpng16.changes b/libpng16.changes
index b0d6cd4..9d9549b 100644
--- a/libpng16.changes
+++ b/libpng16.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Aug  4 06:20:53 UTC 2016 - pgajdos@suse.com
+
+- update to 1.6.24:
+  Avoid potential overflow of the PNG_IMAGE_SIZE macro.
+  Correct filter heuristic overflow handling.
+  Use a more efficient absolute value calculation on SSE2.
+  Added pngcp.
+  etc. see ANNOUNCE
+
 -------------------------------------------------------------------
 Wed Aug  3 22:30:08 UTC 2016 - rpm@fthiessen.de
 
diff --git a/libpng16.spec b/libpng16.spec
index 8553cd1..b6462a6 100644
--- a/libpng16.spec
+++ b/libpng16.spec
@@ -19,7 +19,7 @@
 #
 %define major   1
 %define minor   6
-%define micro   23
+%define micro   24
 %define branch  %{major}%{minor}
 %define libname libpng%{branch}-%{branch}
 
@@ -159,6 +159,7 @@ cp -a %{SOURCE3} \
 %defattr(-,root,root)
 %{_bindir}/png-fix-itxt
 %{_bindir}/pngfix
+%{_bindir}/pngcp
 %{_sysconfdir}/rpm/macros.libpng-tools
 
 %changelog