Accepting request 224574 from graphics

- fixed CVE-2014-0333 [bnc#866298] - added patches: * libpng16-1.6.6-CVE-2014-0333.patch OBS-URL: https://build.opensuse.org/request/show/224574 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpng16?expand=0&rev=16
2014-03-05 14:36:32 +00:00 · 2014-03-05 14:36:32 +00:00 · 518465b433
commit 518465b433
parent 8efa07f222 8f70075f41
3 changed files with 21 additions and 0 deletions
--- a/libpng16-1.6.9-CVE-2014-0333.patch
+++ b/libpng16-1.6.9-CVE-2014-0333.patch
@ -0,0 +1,11 @@
+http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c8815/tree/pngpread.c?diff=4526f546baea7f73097529cb66feb4dbc8da2752
+--- pngpread.c
+++ pngpread.c
+@@ -234,6 +234,7 @@
+          png_error(png_ptr, "Missing PLTE before IDAT");
+ 
+       png_ptr->mode |= PNG_HAVE_IDAT;
+      png_ptr->process_mode = PNG_READ_IDAT_MODE;
+ 
+       if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
+          if (png_ptr->push_length == 0)
--- a/libpng16.changes
+++ b/libpng16.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Mar  4 09:58:48 UTC 2014 - pgajdos@suse.com
+
+- fixed CVE-2014-0333 [bnc#866298]
+
+- added patches:
+  * libpng16-1.6.6-CVE-2014-0333.patch
+
 -------------------------------------------------------------------
 Fri Feb  7 07:32:55 UTC 2014 - pgajdos@suse.com

--- a/libpng16.spec
+++ b/libpng16.spec
@ -35,6 +35,7 @@ Source1:        ftp://ftp.simplesystems.org/pub/png/src/libpng16/libpng-%{versio
 Source2:        libpng16.keyring
 Source3:        rpm-macros.libpng-tools
 Source4:        baselibs.conf
+Patch0:         libpng16-1.6.9-CVE-2014-0333.patch
 #BuildRequires:  gpg-offline
 BuildRequires:  libtool
 BuildRequires:  pkg-config
@ -110,6 +111,7 @@ PNG files.

 %prep
 %setup -n libpng-%{version}
+%patch0

 %build
 export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"