rpms/SDL
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import SDL-1.2.15-37.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 15:51:26 -05:00 committed by Stepan Oksanichenko
parent eefca940d4
commit 5b8b7147ba
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch Normal file
View File

@ -0,0 +1,23 @@
changeset: 12960:ad1bbfbca760
branch: SDL-1.2
parent: 12914:87d60cae0273
user: Ozkan Sezer <sezeroz@gmail.com>
date: Tue Jul 30 21:30:24 2019 +0300
summary: Fixed bug 4538 - validate image size when loading BMP files
diff -r 87d60cae0273 -r ad1bbfbca760 src/video/SDL_bmp.c
--- a/src/video/SDL_bmp.c Tue Jun 18 23:31:40 2019 +0100
+++ b/src/video/SDL_bmp.c Tue Jul 30 21:30:24 2019 +0300
@@ -143,6 +143,11 @@
(void) biYPelsPerMeter;
(void) biClrImportant;
+ if (biWidth <= 0 || biHeight == 0) {
+ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+ was_error = SDL_TRUE;
+ goto done;
+ }
if (biHeight < 0) {
topDown = SDL_TRUE;
biHeight = -biHeight;

14
SPECS/SDL.spec
View File

@ -10,7 +10,7 @@
Name: SDL Name: SDL
Version: 1.2.15 Version: 1.2.15
Release: 35%{?dist} Release: 37%{?dist}
Summary: A cross-platform multimedia library Summary: A cross-platform multimedia library
URL: http://www.libsdl.org/ URL: http://www.libsdl.org/
# The license of the file src/video/fbcon/riva_mmio.h is bad, but the contents # The license of the file src/video/fbcon/riva_mmio.h is bad, but the contents
@ -46,6 +46,8 @@ Patch7: SDL-1.2.15-vec_perm-ppc64le.patch
Patch8: 0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch Patch8: 0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch
#fixes for small errors #fixes for small errors
Patch9: 0001-fix-small-errors-detected-by-coverity.patch Patch9: 0001-fix-small-errors-detected-by-coverity.patch
# upstream bug #4538, in upstream after 1.2.15
Patch10: SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch
BuildRequires: alsa-lib-devel BuildRequires: alsa-lib-devel
%if %{with arts} %if %{with arts}
@ -122,6 +124,8 @@ applications.
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1
for F in CREDITS; do for F in CREDITS; do
iconv -f iso8859-1 -t utf-8 < "$F" > "${F}.utf" iconv -f iso8859-1 -t utf-8 < "$F" > "${F}.utf"
touch --reference "$F" "${F}.utf" touch --reference "$F" "${F}.utf"
@ -198,6 +202,14 @@ rm -f %{buildroot}%{_libdir}/*.la
%{_libdir}/lib*.a %{_libdir}/lib*.a
%changelog %changelog
* Thu Nov 21 2019 Wim Taymans <wtaymans@redhat.com> - 1.2.15-37
- Rebuild
- Resolves: rhbz#1756279
* Fri Aug 30 2019 Petr Pisar <ppisar@redhat.com> - 1.2.15-36
- Fix CVE-2019-13616 (a heap buffer over-read in BlitNtoN) (bug #1747237)
- Resolves: rhbz#1756279
* Mon May 27 2019 Wim Taymans <wtaymans@redhat.com> - 1.2.15-35 * Mon May 27 2019 Wim Taymans <wtaymans@redhat.com> - 1.2.15-35
- Rebuild after gating - Rebuild after gating
- Resolves: rhbz#1602687 - Resolves: rhbz#1602687