From 2c0f5fd1217eaca3fe28d8d2b99982eea2c3621e333593206ed3149e5d563fea Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Fri, 20 Dec 2013 07:19:05 +0000
Subject: [PATCH] - updated to 1.6.8:   Changed #ifdef
 PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to     #ifdef
 PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with     what is in
 pngpriv.h.   Moved prototype for png_handle_unknown() in pngpriv.h outside of
     the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.   Enabled
 WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.   Fixed pngvalid
 'fail' function declaration on the Intel C Compiler.     This reverts to the
 previous 'static' implementation and works round     the 'unused static
 function' warning by using PNG_UNUSED().   Handle zero-length PLTE chunk or
 NULL palette with png_error()     instead of png_chunk_report(), which by
 default issues a warning     rather than an error, leading to later reading
 from a NULL pointer     (png_ptr->palette) in png_do_expand_palette(). This
 is CVE-2013-6954     and VU#650142.

OBS-URL: https://build.opensuse.org/package/show/graphics/libpng16?expand=0&rev=49
---
 libpng-1.6.7.tar.xz     |  3 ---
 libpng-1.6.7.tar.xz.asc | 17 -----------------
 libpng-1.6.8.tar.xz     |  3 +++
 libpng-1.6.8.tar.xz.asc | 17 +++++++++++++++++
 libpng16.changes        | 19 +++++++++++++++++++
 libpng16.spec           |  2 +-
 6 files changed, 40 insertions(+), 21 deletions(-)
 delete mode 100644 libpng-1.6.7.tar.xz
 delete mode 100644 libpng-1.6.7.tar.xz.asc
 create mode 100644 libpng-1.6.8.tar.xz
 create mode 100644 libpng-1.6.8.tar.xz.asc

diff --git a/libpng-1.6.7.tar.xz b/libpng-1.6.7.tar.xz
deleted file mode 100644
index 06d305a..0000000
--- a/libpng-1.6.7.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:13c9c853a9a600218fff9961658dc4f485ad2ef9b862315b434dd2fdbbe1f945
-size 873472
diff --git a/libpng-1.6.7.tar.xz.asc b/libpng-1.6.7.tar.xz.asc
deleted file mode 100644
index dedb970..0000000
--- a/libpng-1.6.7.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iQIcBAABAgAGBQJShR/HAAoJEPVJhL+hbGQPVucP/iiHX90XJtzpd21kAIsxjH6N
-2bx8t6z0lanHPX1MRSwqJNwwRVZiooS6Dx160a7MMIY8bhe78bCND2OqhUwGHlsH
-pKzjlfp84pqlAUqr7WOIlX9i+axUU185MOdyefnqYtvPwAsXzDnx55Q0EkfRmMHU
-I3wYF5HaYKHVr6QNsQbXlJF9OBIa/VyZIGomDn/01U+87xd1kCa5IAYWfadbCKxy
-Aw4upXWXEaRPXOc3Q6269RULBcqf2cuZ+v78rAZuyziIz2nHASxuU+JYdOYObB20
-dFu1dxMNyep2+cGKujOZHdaqh8BZJmAXADKm2nQTqv7RE0AlZvfZuSnSKJAllZd2
-j4uI/U2LK099OujF3+28QUiLlaTPm/B9RbVkjhcV4Djw23C9HBsgK1+0YuN8ruYl
-Y2NuHwszGRb9lsdaQRnmt363WrNPE+rpTQLjqR71VbrXzhLnfV7aEQ6ircK/ZCZ6
-mBYHNcNZHnLb2WRVHGu2nIzfFQ4iwD6BfPXobmS+B6mBaesfH8VaJ6obUvNN+tj8
-a3ELV3Cszjfji3wouNC3oq8YOtVVX+CFjt64m8XEEBJRrjyGVj8mlEKozvdwsZBV
-RgChp0jpefI3X59SCh39MULLIubdw7vfdpellOn0OKoKKjogyyJy5ijkYS03Gi4O
-tNsWyzsJCjf6rxOg1Hcu
-=OP9y
------END PGP SIGNATURE-----
diff --git a/libpng-1.6.8.tar.xz b/libpng-1.6.8.tar.xz
new file mode 100644
index 0000000..41af3eb
--- /dev/null
+++ b/libpng-1.6.8.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:24f73d8b5e1d74a9482c81b65c3f93f96c7da7ed0417b8a948a75d2d99133081
+size 876172
diff --git a/libpng-1.6.8.tar.xz.asc b/libpng-1.6.8.tar.xz.asc
new file mode 100644
index 0000000..7f8fe86
--- /dev/null
+++ b/libpng-1.6.8.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQIcBAABAgAGBQJSsw5jAAoJEPVJhL+hbGQPfWwP/0hmqxBUOACnfOLyyQoQxKAv
+PH62hdtGpwmnjUakb6DvHgAoIQla/UycGwBz0ZU7CluBS/xnD/JATYum3W/yRsv4
+pPxDtzI1Qw4kDwHUrwIlLsfUmg7Oor0RLMcAHHNitd/246AzEVsGPmr1agP+/y1a
+XJBFRILwPjMb0h2x0LoYb20t3FIdVeKGnTV76ls0AYc+hOCCOawP/JJi19mgN1lp
+RzM79U7F94+wWxAV43WXZhgaSheHJWQxoE1O+RPOAFWu5d7MBDPzT6Pzj4VoS7Tf
+k1zXx7bhbGUxYUKfyufo69TC8OgXtnWfUHum9oafPDq5AdQe5tBkg4fN28sxPAP5
+xG0LL1JGBgBdb26tAhQsNFOQJduoF30X/lBHcSPpyIbBumIkmWsNtqYTOHV/SZeA
+CPqmjjqPfk25Mmq0+a+SDg33HTi+HcH5bblrtWXNmWFGYvCGcSIsgT3JnLAO2QT9
+ymxT84yVh3rOVIPvkiDpgRI/jQ9T/B0FTQuV/4PSx9elggJmrvmwwGEc/DOd1Moe
+mkX063RV3bVGNn4k9RioVU4gBjmTseKlpvHRLd96mz9EwbB+DS4nS3YytFOT5pYj
+TY+xRfoSNDnHFEuTQ9wNVlL+P5s8cwsuVwjX5FPW9SFNgRABId4BIrJtb2djUXuE
+48KxmF5qpVkh7km9lKo7
+=Fkd6
+-----END PGP SIGNATURE-----
diff --git a/libpng16.changes b/libpng16.changes
index b33829d..ecd1247 100644
--- a/libpng16.changes
+++ b/libpng16.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Fri Dec 20 07:08:48 UTC 2013 - pgajdos@suse.com
+
+- updated to 1.6.8:
+  Changed #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED in pngpread.c to
+    #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED to be consistent with
+    what is in pngpriv.h.
+  Moved prototype for png_handle_unknown() in pngpriv.h outside of
+    the #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED/#endif block.
+  Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
+  Fixed pngvalid 'fail' function declaration on the Intel C Compiler.
+    This reverts to the previous 'static' implementation and works round
+    the 'unused static function' warning by using PNG_UNUSED().
+  Handle zero-length PLTE chunk or NULL palette with png_error()
+    instead of png_chunk_report(), which by default issues a warning
+    rather than an error, leading to later reading from a NULL pointer
+    (png_ptr->palette) in png_do_expand_palette(). This is CVE-2013-6954
+    and VU#650142.
+
 -------------------------------------------------------------------
 Mon Dec  2 09:35:17 UTC 2013 - pgajdos@suse.com
 
diff --git a/libpng16.spec b/libpng16.spec
index 82fd1ed..e511e7f 100644
--- a/libpng16.spec
+++ b/libpng16.spec
@@ -19,7 +19,7 @@
 #
 %define major   1
 %define minor   6
-%define micro   7
+%define micro   8
 %define branch  %{major}%{minor}
 %define libname libpng%{branch}-%{branch}