[libpng15] Adding patch CVE-2013-6954 (#1056856)

[Petr Hracek]

commit 438d5ea42a33f0393438fed82b5dd81affbf02c9
Author: Petr Hracek <phracek at redhat.com>
Date:   Wed Jan 29 10:15:33 2014 +0100

    Adding patch CVE-2013-6954 (#1056856)

 libpng15-CVE-2013-6954.patch |   35 +++++++++++++++++++++++++++++++++++
 libpng15.spec                |    9 ++++++++-
 2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/libpng15-CVE-2013-6954.patch b/libpng15-CVE-2013-6954.patch
new file mode 100644
index 0000000..9619d8a
--- /dev/null
+++ b/libpng15-CVE-2013-6954.patch
@@ -0,0 +1,35 @@
+diff --git a/pngrtran.c b/pngrtran.c
+index 5673193..04eecee 100644
+--- a/pngrtran.c
++++ b/pngrtran.c
+@@ -1900,6 +1900,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr)
+ 
+          info_ptr->bit_depth = 8;
+          info_ptr->num_trans = 0;
++
++         if (png_ptr->palette == NULL)
++            png_error (png_ptr, "Palette is NULL in indexed image");
+       }
+       else
+       {
+diff --git a/pngset.c b/pngset.c
+index 4177e62..3876103 100644
+--- a/pngset.c
++++ b/pngset.c
+@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
+          return;
+       }
+    }
++   if ((num_palette > 0 && palette == NULL) ||
++      (num_palette == 0
++ #       ifdef PNG_MNG_FEATURES_SUPPORTED
++            && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
++ #       endif
++      ))
++   {
++      png_error(png_ptr, "Invalid palette");
++      return;
++   }
+ 
+    /* It may not actually be necessary to set png_ptr->palette here;
+     * we do it for backward compatibility with the way the png_handle_tRNS
diff --git a/libpng15.spec b/libpng15.spec
index 7a6ef54..c40a95c 100644
--- a/libpng15.spec
+++ b/libpng15.spec
@@ -1,7 +1,7 @@
 Summary: Old version of libpng, needed to run old binaries
 Name: libpng15
 Version: 1.5.17
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: zlib
 Group: System Environment/Libraries
 URL: http://www.libpng.org/pub/png/
@@ -12,6 +12,8 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/history/libpng15/libpng-%{versi
 
 Source1: pngusr.dfa
 
+Patch0: libpng15-CVE-2013-6954.patch
+
 BuildRequires: zlib-devel
 
 %description
@@ -23,6 +25,8 @@ version of libpng.
 %prep
 %setup -q -n libpng-%{version}
 
+%patch0 -p1
+
 # Provide pngusr.dfa for build.
 cp -p %{SOURCE1} .
 
@@ -51,6 +55,9 @@ rm -rf $RPM_BUILD_ROOT%{_bindir}/*
 %{_libdir}/libpng15.so.*
 
 %changelog
+* Wed Jan 29 2014 Petr Hracek <phracek at redhat.com> - 1.5.17-2
+- Adding patch CVE-2013-6954 (#1056856)
+
 * Fri Jul 26 2013 Petr Hracek <phracek at redhat.com> - 1.5.17-1
 - Update to libpng 1.5.17 for minor bug fixes