commit libpng16 for openSUSE:Factory

Wed, 05 Mar 2014 06:37:31 -0800 

Hello community,

here is the log from the commit of package libpng16 for openSUSE:Factory 
checked in at 2014-03-05 15:36:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libpng16 (Old)
 and      /work/SRC/openSUSE:Factory/.libpng16.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libpng16"

Changes:
--------
--- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes        2014-02-09 
13:17:54.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes   2014-03-05 
15:36:32.000000000 +0100
@@ -1,0 +2,8 @@
+Tue Mar  4 09:58:48 UTC 2014 - [email protected]
+
+- fixed CVE-2014-0333 [bnc#866298]
+
+- added patches:
+  * libpng16-1.6.6-CVE-2014-0333.patch
+
+-------------------------------------------------------------------

New:
----
  libpng16-1.6.9-CVE-2014-0333.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libpng16.spec ++++++
--- /var/tmp/diff_new_pack.Xmox17/_old  2014-03-05 15:36:33.000000000 +0100
+++ /var/tmp/diff_new_pack.Xmox17/_new  2014-03-05 15:36:33.000000000 +0100
@@ -35,6 +35,7 @@
 Source2:        libpng16.keyring
 Source3:        rpm-macros.libpng-tools
 Source4:        baselibs.conf
+Patch0:         libpng16-1.6.9-CVE-2014-0333.patch
 #BuildRequires:  gpg-offline
 BuildRequires:  libtool
 BuildRequires:  pkg-config
@@ -110,6 +111,7 @@
 
 %prep
 %setup -n libpng-%{version}
+%patch0
 
 %build
 export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)"


++++++ libpng16-1.6.9-CVE-2014-0333.patch ++++++
http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c8815/tree/pngpread.c?diff=4526f546baea7f73097529cb66feb4dbc8da2752
--- pngpread.c
+++ pngpread.c
@@ -234,6 +234,7 @@
          png_error(png_ptr, "Missing PLTE before IDAT");
 
       png_ptr->mode |= PNG_HAVE_IDAT;
+      png_ptr->process_mode = PNG_READ_IDAT_MODE;
 
       if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
          if (png_ptr->push_length == 0)

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to