diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-11-20 11:44:53 +0100 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2019-11-20 11:49:24 +0100 |
| commit | a50982cecf73dfa8a835012915ba76eab2dba9e2 (patch) | |
| tree | cff9040a1842501163aed7c5e1b7c0922acaf515 | |
| parent | 9ca7ff46c112e6c03d5874540a286e6e45f1b510 (diff) | |
| download | aports-a50982cecf73dfa8a835012915ba76eab2dba9e2.tar.bz2 aports-a50982cecf73dfa8a835012915ba76eab2dba9e2.tar.xz | |
main/sdl_image: fix CVE-2019-13616
ref #10878
| -rw-r--r-- | main/sdl_image/APKBUILD | 11 | ||||
| -rw-r--r-- | main/sdl_image/CVE-2019-13616.patch | 16 |
2 files changed, 25 insertions, 2 deletions
diff --git a/main/sdl_image/APKBUILD b/main/sdl_image/APKBUILD index 65e0c8b104..e136a29589 100644 --- a/main/sdl_image/APKBUILD +++ b/main/sdl_image/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=sdl_image pkgver=1.2.12 -pkgrel=3 +pkgrel=4 pkgdesc="A simple library to load images of various formats as SDL surfaces" url="http://www.libsdl.org/projects/SDL_image/" arch="all" @@ -12,6 +12,12 @@ makedepends="sdl-dev libpng-dev libjpeg-turbo-dev tiff-dev zlib-dev" install="" subpackages="$pkgname-dev" source="http://www.libsdl.org/projects/SDL_image/release/SDL_image-${pkgver}.tar.gz" + CVE-2019-13616.patch + " + +# secfixes: +# 1.2.12-r4: +# - CVE-2019-13616 _builddir="$srcdir"/SDL_image-$pkgver prepare() { @@ -42,4 +48,5 @@ package() { make DESTDIR="$pkgdir" install || return 1 } -sha512sums="0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136 SDL_image-1.2.12.tar.gz" +sha512sums="0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136 SDL_image-1.2.12.tar.gz +0ae144202435ad35e5ff6ae6b73592cd8ef68dba2704e09ba22f2b9e9d98f547f2ead28327be0594897f2165d2bf5c26f07e8ef72760527e8d9e4e593e8e5f60 CVE-2019-13616.patch" diff --git a/main/sdl_image/CVE-2019-13616.patch b/main/sdl_image/CVE-2019-13616.patch new file mode 100644 index 0000000000..f2ed7c6aa0 --- /dev/null +++ b/main/sdl_image/CVE-2019-13616.patch @@ -0,0 +1,16 @@ +diff --git a/IMG_bmp.c b/IMG_bmp.c +index b3c7580..bfadd45 100644 +--- a/IMG_bmp.c ++++ b/IMG_bmp.c +@@ -272,6 +272,11 @@ static SDL_Surface *LoadBMP_RW (SDL_RWops *src, int freesrc) + biClrUsed = SDL_ReadLE32(src); + biClrImportant = SDL_ReadLE32(src); + } ++ if (biWidth <= 0 || biHeight == 0) { ++ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; |