Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2014-03-05 15:36:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libpng16" Changes: -------- --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes 2014-02-09 13:17:54.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2014-03-05 15:36:32.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Mar 4 09:58:48 UTC 2014 - pgajdos@suse.com + +- fixed CVE-2014-0333 [bnc#866298] + +- added patches: + * libpng16-1.6.6-CVE-2014-0333.patch + +------------------------------------------------------------------- New: ---- libpng16-1.6.9-CVE-2014-0333.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng16.spec ++++++ --- /var/tmp/diff_new_pack.Xmox17/_old 2014-03-05 15:36:33.000000000 +0100 +++ /var/tmp/diff_new_pack.Xmox17/_new 2014-03-05 15:36:33.000000000 +0100 @@ -35,6 +35,7 @@ Source2: libpng16.keyring Source3: rpm-macros.libpng-tools Source4: baselibs.conf +Patch0: libpng16-1.6.9-CVE-2014-0333.patch #BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config @@ -110,6 +111,7 @@ %prep %setup -n libpng-%{version} +%patch0 %build export CFLAGS="%optflags -O3 -DPNG_SKIP_SETJMP_CHECK $(getconf LFS_CFLAGS)" ++++++ libpng16-1.6.9-CVE-2014-0333.patch ++++++ http://sourceforge.net/p/libpng/code/ci/713a20c57d344b558e48ad8be157c2dd751c... --- pngpread.c +++ pngpread.c @@ -234,6 +234,7 @@ png_error(png_ptr, "Missing PLTE before IDAT"); png_ptr->mode |= PNG_HAVE_IDAT; + png_ptr->process_mode = PNG_READ_IDAT_MODE; if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT)) if (png_ptr->push_length == 0) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org