From 5b8b7147ba2a389faef2f319d94b743d371b9051 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 21 Jan 2020 15:51:26 -0500 Subject: [PATCH] import SDL-1.2.15-37.el8 --- ...te_image_size_when_loading_BMP_files.patch | 23 +++++++++++++++++++ SPECS/SDL.spec | 14 ++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch diff --git a/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch b/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch new file mode 100644 index 0000000..13fa786 --- /dev/null +++ b/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch @@ -0,0 +1,23 @@ +changeset: 12960:ad1bbfbca760 +branch: SDL-1.2 +parent: 12914:87d60cae0273 +user: Ozkan Sezer +date: Tue Jul 30 21:30:24 2019 +0300 +summary: Fixed bug 4538 - validate image size when loading BMP files + +diff -r 87d60cae0273 -r ad1bbfbca760 src/video/SDL_bmp.c +--- a/src/video/SDL_bmp.c Tue Jun 18 23:31:40 2019 +0100 ++++ b/src/video/SDL_bmp.c Tue Jul 30 21:30:24 2019 +0300 +@@ -143,6 +143,11 @@ + (void) biYPelsPerMeter; + (void) biClrImportant; + ++ if (biWidth <= 0 || biHeight == 0) { ++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; + diff --git a/SPECS/SDL.spec b/SPECS/SDL.spec index 35c9a20..ec6dc68 100644 --- a/SPECS/SDL.spec +++ b/SPECS/SDL.spec @@ -10,7 +10,7 @@ Name: SDL Version: 1.2.15 -Release: 35%{?dist} +Release: 37%{?dist} Summary: A cross-platform multimedia library URL: http://www.libsdl.org/ # The license of the file src/video/fbcon/riva_mmio.h is bad, but the contents @@ -46,6 +46,8 @@ Patch7: SDL-1.2.15-vec_perm-ppc64le.patch Patch8: 0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch #fixes for small errors Patch9: 0001-fix-small-errors-detected-by-coverity.patch +# upstream bug #4538, in upstream after 1.2.15 +Patch10: SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch BuildRequires: alsa-lib-devel %if %{with arts} @@ -122,6 +124,8 @@ applications. %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 + for F in CREDITS; do iconv -f iso8859-1 -t utf-8 < "$F" > "${F}.utf" touch --reference "$F" "${F}.utf" @@ -198,6 +202,14 @@ rm -f %{buildroot}%{_libdir}/*.la %{_libdir}/lib*.a %changelog +* Thu Nov 21 2019 Wim Taymans - 1.2.15-37 +- Rebuild +- Resolves: rhbz#1756279 + +* Fri Aug 30 2019 Petr Pisar - 1.2.15-36 +- Fix CVE-2019-13616 (a heap buffer over-read in BlitNtoN) (bug #1747237) +- Resolves: rhbz#1756279 + * Mon May 27 2019 Wim Taymans - 1.2.15-35 - Rebuild after gating - Resolves: rhbz#1602687