From 8f70075f41193c821ec60ef20913e37c74d6040ff2b815ff4f1730b8f617e73a Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Tue, 4 Mar 2014 10:07:50 +0000
Subject: [PATCH] - fixed CVE-2014-0333 [bnc#866298] - added patches:   *
 libpng16-1.6.6-CVE-2014-0333.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=53
---
 libpng16-1.6.9-CVE-2014-0333.patch | 11 +++++++++++
 libpng16.changes                   |  8 ++++++++
 libpng16.spec                      |  2 ++
 3 files changed, 21 insertions(+)
 create mode 100644 libpng16-1.6.9-CVE-2014-0333.patch

diff --git a/libpng16-1.6.9-CVE-2014-0333.patch b/libpng16-1.6.9-CVE-2014-0333.patch
new file mode 100644
index 0000000..a994d77
--- /dev/null
+++ b/libpng16-1.6.9-CVE-2014-0333.patch
@@ -0,0 +1,11 @@
+http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c8815/tree/pngpread.c?diff=4526f546baea7f73097529cb66feb4dbc8da2752
+--- pngpread.c
++++ pngpread.c
+@@ -234,6 +234,7 @@
+          png_error(png_ptr, "Missing PLTE before IDAT");
+ 
+       png_ptr->mode |= PNG_HAVE_IDAT;
++      png_ptr->process_mode = PNG_READ_IDAT_MODE;
+ 
+       if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
+          if (png_ptr->push_length == 0)
diff --git a/libpng16.changes b/libpng16.changes
index 3bccc1d..3de9d24 100644
--- a/libpng16.changes
+++ b/libpng16.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Mar  4 09:58:48 UTC 2014 - pgajdos@suse.com
+
+- fixed CVE-2014-0333 [bnc#866298]
+
+- added patches:
+  * libpng16-1.6.6-CVE-2014-0333.patch
+
 -------------------------------------------------------------------
 Fri Feb  7 07:32:55 UTC 2014 - pgajdos@suse.com
 
diff --git a/libpng16.spec b/libpng16.spec
index 0976777..d53694f 100644
--- a/libpng16.spec
+++ b/libpng16.spec
@@ -35,6 +35,7 @@ Source1:        ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{versio
 Source2:        libpng16.keyring
 Source3:        rpm-macros.libpng-tools
 Source4:        baselibs.conf
+Patch0:         libpng16-1.6.9-CVE-2014-0333.patch
 #BuildRequires:  gpg-offline
 BuildRequires:  libtool
 BuildRequires:  pkg-config
@@ -110,6 +111,7 @@ PNG files.
 
 %prep
 %setup -n libpng-%{version}
+%patch0
 
 %build
 export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"