- updated to 1.6.11:

* fixed CVE-2014-0333 
  * other bugfixes
- removed libpng16-1.6.6-CVE-2014-0333.patch (upstreamed)

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=55

libpng-1.6.11.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:007ee60b943f20ab13f55c4a590e978cd918a69c4024c1af0d2f34eb16f4b69d
+size 900748

libpng-1.6.11.tar.xz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJTkIujAAoJEPVJhL+hbGQPUCIP/1t/mTnHafSekfL8gUCFIc6I
+t+QD6He/msWExG0ECR2BaCuStP207UoAdMDnFm6nutAiHl7dZ43+Ns/j7GU6L9dE
+qlK94m4y7hgIYfMhJO8d3h4avSVqfLhmlpIfwYGlL4HzF3PkVXdMY4/FLiL7L+5c
+ptpvnHmV4Ekj8UBLxYPZ6Ij5lyN6gaMrfEHGzyy3MhVfVK3pgh1Gq2SkDVKfYzao
+i1tBBkkCCODjcqJyOXXxWHPYcIgkqqtH7M1xqXBIQ578qTqab4oZpmmIIbjQyXVP
+FfxQ4Xc93Sog9D5pblBMfN2P5c8nitBshZOr2DAJ8dCevgMqbe8zXoaFqNev5eOM
+LXvDbcHiWMpcgbu7qz2kqYNMLUKNyabEDHRFo39t4tBAFDiWiUCzy+699epnz98U
+tl+4VU0NgiOrhCv+gWB9nIm39y5ERJwPb8HDtPr4Ahy6v1ygSTSPWqJn8FNhQ28j
+ZphspWANFSr0mDMTFtjc8Oi4Ys68Zf9kl0muZwqpzAolRjPRTraoFvOgfZukj2Tk
+dglDv4oHKxLt13OrvhGqoEBzxyjACQLUWT+eV0QtxZJLDqhFj1YB0BLcmkEryJZE
+gDa+hgyE7oH95t87g8MneGWb8ZC5qopgLeyXXpsQvwKVgZvRNigVOKVIRSREdFUu
++LfIIXoycq4th6YAxvyp
+=TXj6
+-----END PGP SIGNATURE-----

libpng-1.6.9.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fde3a676fe6878c15bfe7849f3209c5cf5fbe1fbbf0063541f0b81eb1022274a
-size 885824

libpng-1.6.9.tar.xz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJS85jBAAoJEPVJhL+hbGQPOucP/2lyr4+JJbmu39L9p4fVxHhU
-505+8fJFfPLo/WdjS8fj/Tp8wPVNViXShGVYvOs9xK7PuBsCtGgu0c0YU3/BPpmN
-JOLvzjKpV5NJCykBVxkHWptHxVUNCNrBeiCTgKvmRxHkWxbWD/DjMp3q8ewtWfdH
-iMCEzzmpGDYttGeRpH2pZ+y5L/ulvsQ/nm1BmMwhGxewhOIri5T9SeRJl+urDSSx
-35DEmgbCi8lX3/oOVxpnoL7fYPcdiwUGRLCqFm6D4Oho1XbmK94buCZZoFT2aKeK
-O79mxGHt7NWMiHFqngHUgGL58DuD0ieJnKYYuRRQG+eycHbLmrEdVp6O6uY3lw7e
-Q0OBliRq+ocResSexeURYHf5BJ6G/N+e10tmir6nhVqIl5MFdZZVOyQFtRCysdpu
-jAzlWnM51SqkiDi9ZjUkm887Ol6JHSWiCJEdrmkLQAazFrxVDE8tmr50FGdFglWl
-ZE8IwhJovBsDag4dfA/ruu0ooXGhIo6F08OF64yYcs/RF9hWQIHTv7/cneP/gChO
-2LJfQZedUGcZbzonMxZVzeftXs2zzMCgk18v1WlRMH9Obj4QjTZe9tRsoK+V82sD
-QLdXzd8Kzw70dNKsIRbqpAq3aEIjZxJzWu8VaCkIEEqH47w3o3efOslTljSeRTLL
-OXSuJnFqEGheFz6lUE7l
-=H68A
------END PGP SIGNATURE-----

libpng16-1.6.9-CVE-2014-0333.patch

@@ -1,11 +0,0 @@
-http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c8815/tree/pngpread.c?diff=4526f546baea7f73097529cb66feb4dbc8da2752
---- pngpread.c
-+++ pngpread.c
-@@ -234,6 +234,7 @@
-          png_error(png_ptr, "Missing PLTE before IDAT");
- 
-       png_ptr->mode |= PNG_HAVE_IDAT;
-+      png_ptr->process_mode = PNG_READ_IDAT_MODE;
- 
-       if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
-          if (png_ptr->push_length == 0)

libpng16.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Jun  6 06:19:35 UTC 2014 - pgajdos@suse.com
+
+- updated to 1.6.11:
+  * fixed CVE-2014-0333 
+  * other bugfixes
+- removed libpng16-1.6.6-CVE-2014-0333.patch (upstreamed)
+
 -------------------------------------------------------------------
 Tue Mar  4 09:58:48 UTC 2014 - pgajdos@suse.com
 

libpng16.spec

@@ -19,7 +19,7 @@
 #
 %define major   1
 %define minor   6
-%define micro   9
+%define micro   11
 %define branch  %{major}%{minor}
 %define libname libpng%{branch}-%{branch}
 
@@ -35,7 +35,6 @@ Source1:        ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{versio
 Source2:        libpng16.keyring
 Source3:        rpm-macros.libpng-tools
 Source4:        baselibs.conf
-Patch0:         libpng16-1.6.9-CVE-2014-0333.patch
 #BuildRequires:  gpg-offline
 BuildRequires:  libtool
 BuildRequires:  pkg-config
@@ -111,7 +110,6 @@ PNG files.
 
 %prep
 %setup -n libpng-%{version}
-%patch0
 
 %build
 export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"