import SDL-1.2.15-36.el8_1

2019-11-25 06:50:29 -05:00 · 2019-11-25 06:50:29 -05:00 · ee45c4983c
parent b91c28ff68
commit ee45c4983c
2 changed files with 32 additions and 1 deletions
--- a/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch
+++ b/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch
@ -0,0 +1,23 @@
+changeset:   12960:ad1bbfbca760
+branch:      SDL-1.2
+parent:      12914:87d60cae0273
+user:        Ozkan Sezer <sezeroz@gmail.com>
+date:        Tue Jul 30 21:30:24 2019 +0300
+summary:     Fixed bug 4538 - validate image size when loading BMP files
+
+diff -r 87d60cae0273 -r ad1bbfbca760 src/video/SDL_bmp.c
+--- a/src/video/SDL_bmp.c	Tue Jun 18 23:31:40 2019 +0100
+++ b/src/video/SDL_bmp.c	Tue Jul 30 21:30:24 2019 +0300
+@@ -143,6 +143,11 @@
+ 	(void) biYPelsPerMeter;
+ 	(void) biClrImportant;
+ 
+	if (biWidth <= 0 || biHeight == 0) {
+		SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+		was_error = SDL_TRUE;
+		goto done;
+	}
+ 	if (biHeight < 0) {
+ 		topDown = SDL_TRUE;
+ 		biHeight = -biHeight;
+
--- a/SPECS/SDL.spec
+++ b/SPECS/SDL.spec
@ -10,7 +10,7 @@

 Name:       SDL
 Version:    1.2.15
-Release:    35%{?dist}
+Release:    36%{?dist}
 Summary:    A cross-platform multimedia library
 URL:        http://www.libsdl.org/
 # The license of the file src/video/fbcon/riva_mmio.h is bad, but the contents
@ -46,6 +46,8 @@ Patch7:     SDL-1.2.15-vec_perm-ppc64le.patch
 Patch8:	    0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch
 #fixes for small errors
 Patch9:	    0001-fix-small-errors-detected-by-coverity.patch
+# upstream bug #4538, in upstream after 1.2.15
+Patch10:    SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch

 BuildRequires:  alsa-lib-devel
 %if %{with arts}
@ -122,6 +124,8 @@ applications.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
+
 for F in CREDITS; do 
    iconv -f iso8859-1 -t utf-8 < "$F" > "${F}.utf"
    touch --reference "$F" "${F}.utf"
@ -198,6 +202,10 @@ rm -f %{buildroot}%{_libdir}/*.la
 %{_libdir}/lib*.a

 %changelog
+* Fri Aug 30 2019 Petr Pisar <ppisar@redhat.com> - 1.2.15-36
+- Fix CVE-2019-13616 (a heap buffer over-read in BlitNtoN) (bug #1747237)
+- Resolves: rhbz#1756279
+
 * Mon May 27 2019 Wim Taymans <wtaymans@redhat.com> - 1.2.15-35
 - Rebuild after gating
 - Resolves: rhbz#1602687