Accepting request 224574 from graphics

- fixed CVE-2014-0333 [bnc#866298]
- added patches:
  * libpng16-1.6.6-CVE-2014-0333.patch

OBS-URL: https://build.opensuse.org/request/show/224574
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=16

libpng16-1.6.9-CVE-2014-0333.patch

@@ -0,0 +1,11 @@
+http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c8815/tree/pngpread.c?diff=4526f546baea7f73097529cb66feb4dbc8da2752
+--- pngpread.c
++++ pngpread.c
+@@ -234,6 +234,7 @@
+          png_error(png_ptr, "Missing PLTE before IDAT");
+ 
+       png_ptr->mode |= PNG_HAVE_IDAT;
++      png_ptr->process_mode = PNG_READ_IDAT_MODE;
+ 
+       if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
+          if (png_ptr->push_length == 0)

libpng16.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Mar  4 09:58:48 UTC 2014 - pgajdos@suse.com
+
+- fixed CVE-2014-0333 [bnc#866298]
+
+- added patches:
+  * libpng16-1.6.6-CVE-2014-0333.patch
+
 -------------------------------------------------------------------
 Fri Feb  7 07:32:55 UTC 2014 - pgajdos@suse.com
 

libpng16.spec

@@ -35,6 +35,7 @@ Source1:        ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{versio
 Source2:        libpng16.keyring
 Source3:        rpm-macros.libpng-tools
 Source4:        baselibs.conf
+Patch0:         libpng16-1.6.9-CVE-2014-0333.patch
 #BuildRequires:  gpg-offline
 BuildRequires:  libtool
 BuildRequires:  pkg-config
@@ -110,6 +111,7 @@ PNG files.
 
 %prep
 %setup -n libpng-%{version}
+%patch0
 
 %build
 export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"