diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-11-20 11:44:53 +0100 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2019-11-20 11:52:48 +0100 |
| commit | e744b4cb5b3ab1bdb7a54cbe834a92b5c12e6778 (patch) | |
| tree | a2fb2d03311b456972abf9c620344d367a8a9fb8 /main/sdl_image | |
| parent | 170d58419994a0fb495972beef8ef4b82bdc966c (diff) | |
| download | aports-e744b4cb5b3ab1bdb7a54cbe834a92b5c12e6778.tar.bz2 aports-e744b4cb5b3ab1bdb7a54cbe834a92b5c12e6778.tar.xz | |
main/sdl_image: fix CVE-2019-13616
ref #10878
Diffstat (limited to 'main/sdl_image')
| -rw-r--r-- | main/sdl_image/APKBUILD | 13 | ||||
| -rw-r--r-- | main/sdl_image/CVE-2019-13616.patch | 16 |
2 files changed, 26 insertions, 3 deletions
diff --git a/main/sdl_image/APKBUILD b/main/sdl_image/APKBUILD index 39ee67a53d..dbb3d172f5 100644 --- a/main/sdl_image/APKBUILD +++ b/main/sdl_image/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=sdl_image pkgver=1.2.12 -pkgrel=4 +pkgrel=5 pkgdesc="A simple library to load images of various formats as SDL surfaces" url="http://www.libsdl.org/projects/SDL_image/" arch="all" @@ -12,7 +12,13 @@ depends="" makedepends="sdl-dev libpng-dev libjpeg-turbo-dev libwebp-dev tiff-dev zlib-dev" install="" subpackages="$pkgname-dev" -source="https://www.libsdl.org/projects/SDL_image/release/SDL_image-${pkgver}.tar.gz" +source="https://www.libsdl.org/projects/SDL_image/release/SDL_image-${pkgver}.tar.gz + CVE-2019-13616.patch + " + +# secfixes: +# 1.2.12-r5: +# - CVE-2019-13616 builddir="$srcdir"/SDL_image-$pkgver prepare() { @@ -38,4 +44,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136 SDL_image-1.2.12.tar.gz" +sha512sums="0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136 SDL_image-1.2.12.tar.gz +0ae144202435ad35e5ff6ae6b73592cd8ef68dba2704e09ba22f2b9e9d98f547f2ead28327be0594897f2165d2bf5c26f07e8ef72760527e8d9e4e593e8e5f60 CVE-2019-13616.patch" diff --git a/main/sdl_image/CVE-2019-13616.patch b/main/sdl_image/CVE-2019-13616.patch new file mode 100644 index 0000000000..f2ed7c6aa0 --- /dev/null +++ b/main/sdl_image/CVE-2019-13616.patch @@ -0,0 +1,16 @@ +diff --git a/IMG_bmp.c b/IMG_bmp.c +index b3c7580..bfadd45 100644 +--- a/IMG_bmp.c ++++ b/IMG_bmp.c +@@ -272,6 +272,11 @@ static SDL_Surface *LoadBMP_RW (SDL_RWops *src, int freesrc) + biClrUsed = SDL_ReadLE32(src); + biClrImportant = SDL_ReadLE32(src); + } ++ if (biWidth <= 0 || biHeight == 0) { ++ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; |