aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/sdl2_image/APKBUILD41
-rw-r--r--main/sdl2_image/CVE-2017-12122.patch51
-rw-r--r--main/sdl2_image/CVE-2017-14440.patch23
-rw-r--r--main/sdl2_image/CVE-2017-14441.patch26
-rw-r--r--main/sdl2_image/CVE-2017-14442.patch24
-rw-r--r--main/sdl2_image/CVE-2017-14448.patch59
-rw-r--r--main/sdl2_image/CVE-2017-14450.patch25
-rw-r--r--main/sdl2_image/CVE-2017-2887.patch25
-rw-r--r--main/sdl2_image/CVE-2018-3837.patch21
-rw-r--r--main/sdl2_image/CVE-2018-3838.patch40
-rw-r--r--main/sdl2_image/CVE-2018-3839.patch31
11 files changed, 16 insertions, 350 deletions
diff --git a/main/sdl2_image/APKBUILD b/main/sdl2_image/APKBUILD
index 64c70f9116..6023ff887b 100644
--- a/main/sdl2_image/APKBUILD
+++ b/main/sdl2_image/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=sdl2_image
-pkgver=2.0.2
-pkgrel=1
+pkgver=2.0.5
+pkgrel=0
_pkgname=SDL2_image
pkgdesc="A simple library to load images of various formats as SDL surfaces"
url="http://www.libsdl.org/projects/SDL_image/"
@@ -11,22 +11,22 @@ license="zlib"
makedepends="sdl2-dev libpng-dev libjpeg-turbo-dev
libwebp-dev tiff-dev zlib-dev"
subpackages="$pkgname-dev"
-source="http://www.libsdl.org/projects/SDL_image/release/$_pkgname-$pkgver.tar.gz
- CVE-2017-12122.patch
- CVE-2017-14440.patch
- CVE-2017-14441.patch
- CVE-2017-14442.patch
- CVE-2017-14448.patch
- CVE-2017-14450.patch
- CVE-2018-3837.patch
- CVE-2018-3838.patch
- CVE-2018-3839.patch
-"
-
+source="http://www.libsdl.org/projects/SDL_image/release/$_pkgname-$pkgver.tar.gz"
builddir="$srcdir/$_pkgname-$pkgver"
# secfixes:
-#
+# 2.0.5-r0:
+# - CVE-2019-5060 TALOS-2019-0844
+# - CVE-2019-5059 TALOS-2019-0843
+# - CVE-2019-5058 TALOS-2019-0842
+# - CVE-2019-5057 TALOS-2019-0841
+# - CVE-2019-5052 TALOS-2019-0821
+# - CVE-2019-5051 TALOS-2019-0820
+# - CVE-2019-12222
+# - CVE-2019-12221
+# - CVE-2019-12219
+# - CVE-2019-12218
+# - CVE-2019-12217
# 2.0.2-r1:
# - CVE-2017-12122 TALOS-2017-0488
# - CVE-2017-14440 TALOS-2017-0489
@@ -63,13 +63,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="468f1a5aaee0b6920adb80df21aaaa41bfc5c642b4a00ac60244a90c5e9f27b092b73bcdd2c5520aa1de2759e8b174686b186a51f2d07e7e188ce2cd10519724 SDL2_image-2.0.2.tar.gz
-1c3c713af1b3d1996a226741fa0e053e76aee4355c5dfeb9d727b0af016c73760c63907547a11de2d3bb1f23fcbfe5265317d20d54baf10ec8e0cdd25e2370ec CVE-2017-12122.patch
-0527bcb0113d09a935f694192f864457f3d86c2d69ef7bc89036544756ab23c32e5b30e526190b1642f8d0a531c9dd52eaeca9605320578168932d98bb4badea CVE-2017-14440.patch
-6455c44fa0727b91fef53bca887b86fc8ae4652ef13ffcb305d86405fba7d2527941530eba2e87af382a05333694bfa69ea3e2c692422a0eb33ef58538ac74b1 CVE-2017-14441.patch
-ac7be687db2fcea5daa0b8f8685f3b7a106bd748ba8277986515d1129b969fbdc9adb3a4836141f81f3cb51c93539339fad40c9bf132582bc977bc0e0103de83 CVE-2017-14442.patch
-e483cfb17333c2f1f3513549891d6378161f70ad70876fb4a4f44e32c4b85e76503eefbb7294c2ad77ab0cb812e646466169aa2f15637ac8337aa623b328d9b9 CVE-2017-14448.patch
-eec58e6fbe0a96f63a01241bb9a3b26b6dbacdd5a5fcbbae5a62a3f577d8b8ef9cf9ec60f70cec854990a16f53086f510c2adc40d345b15ce8a6412910da1a86 CVE-2017-14450.patch
-59c8d73eb65d896c6ea168ac97a817f482507ae9f694c90359096160d9f0c0f584143762d848cf1d021af4a6d16d33c69ad7382b5a2bc10ee22621304420bc36 CVE-2018-3837.patch
-f0a74538c70e47264f892d6b8f3280c8e45db0e0aa05fb145e4398f5c6b16636da12c66de90835015541a236c065287f715351042a79139cbd1b337b4ed0715c CVE-2018-3838.patch
-09da40655972e32ee9f6498aff12d235e2137dd28e1f3e0fa858d22ee7b228602400b9ce1b40cbf8ec447bf0a07c3c2bd9cf4bcecea0d8360aa5c606d63c53dd CVE-2018-3839.patch"
+sha512sums="77e743d3f32707e015b290c1379ae3c7d7a3fe265995713267f0d0ec6517de4808f0de9890b5ab28445941af5bc9fbff346620629e0d7d7e9f365262cab05ee7 SDL2_image-2.0.5.tar.gz"
diff --git a/main/sdl2_image/CVE-2017-12122.patch b/main/sdl2_image/CVE-2017-12122.patch
deleted file mode 100644
index 9c2f33b170..0000000000
--- a/main/sdl2_image/CVE-2017-12122.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-diff -r 3e1ebbbaba54 -r 16772bbb1b09 IMG_lbm.c
---- a/IMG_lbm.c Wed Jan 24 01:43:46 2018 -0500
-+++ b/IMG_lbm.c Wed Jan 24 01:44:36 2018 -0500
-@@ -245,7 +245,7 @@
- goto done;
- }
-
-- if ( ( Image = SDL_CreateRGBSurface( SDL_SWSURFACE, width, bmhd.h, (bmhd.planes==24 || flagHAM==1)?24:8, 0, 0, 0, 0 ) ) == NULL )
-+ if ( ( Image = SDL_CreateRGBSurface( SDL_SWSURFACE, width, bmhd.h, (nbplanes==24 || flagHAM==1)?24:8, 0, 0, 0, 0 ) ) == NULL )
- goto done;
-
- if ( bmhd.mask & 2 ) /* There is a transparent color */
-@@ -272,7 +272,7 @@
- /* The 32 last colors are the same but divided by 2 */
- /* Some Amiga pictures save 64 colors with 32 last wrong colors, */
- /* they shouldn't !, and here we overwrite these 32 bad colors. */
-- if ( (nbcolors==32 || flagEHB ) && (1<<bmhd.planes)==64 )
-+ if ( (nbcolors==32 || flagEHB ) && (1<<nbplanes)==64 )
- {
- nbcolors = 64;
- ptr = &colormap[0];
-@@ -286,8 +286,8 @@
-
- /* If nbcolors < 2^nbplanes, repeat the colormap */
- /* This happens when pictures have a stencil mask */
-- if ( nbrcolorsfinal > (1<<bmhd.planes) ) {
-- nbrcolorsfinal = (1<<bmhd.planes);
-+ if ( nbrcolorsfinal > (1<<nbplanes) ) {
-+ nbrcolorsfinal = (1<<nbplanes);
- }
- for ( i=nbcolors; i < (Uint32)nbrcolorsfinal; i++ )
- {
-
-
-diff -r 16772bbb1b09 -r 97f7f01e0665 IMG_lbm.c
---- a/IMG_lbm.c Wed Jan 24 01:44:36 2018 -0500
-+++ b/IMG_lbm.c Wed Jan 24 01:45:04 2018 -0500
-@@ -233,6 +233,12 @@
- nbplanes = 1;
- }
-
-+ if ((nbplanes != 1) && (nbplanes != 4) && (nbplanes != 8) && (nbplanes != 24))
-+ {
-+ error="unsupported number of color planes";
-+ goto done;
-+ }
-+
- stencil = (bmhd.mask & 1); /* There is a mask ( 'stencil' ) */
-
- /* Allocate memory for a temporary buffer ( used for
-
diff --git a/main/sdl2_image/CVE-2017-14440.patch b/main/sdl2_image/CVE-2017-14440.patch
deleted file mode 100644
index 49ab2b0323..0000000000
--- a/main/sdl2_image/CVE-2017-14440.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-# HG changeset patch
-# User Ryan C. Gordon <icculus@icculus.org>
-# Date 1516813224 18000
-# Node ID bfa08dc02b3c7b265ead6019f901f17f925570c3
-# Parent 97f7f01e0665b7555a0e5e9465799e80c8f59528
-lbm: Don't overflow static colormap buffer.
-
-diff -r 97f7f01e0665 -r bfa08dc02b3c IMG_lbm.c
---- a/IMG_lbm.c Wed Jan 24 01:45:04 2018 -0500
-+++ b/IMG_lbm.c Wed Jan 24 12:00:24 2018 -0500
-@@ -183,6 +183,11 @@
-
- if ( !SDL_memcmp( id, "CMAP", 4 ) ) /* palette ( Color Map ) */
- {
-+ if (size > sizeof (colormap)) {
-+ error="colormap size is too large";
-+ goto done;
-+ }
-+
- if ( !SDL_RWread( src, &colormap, size, 1 ) )
- {
- error="error reading CMAP chunk";
-
diff --git a/main/sdl2_image/CVE-2017-14441.patch b/main/sdl2_image/CVE-2017-14441.patch
deleted file mode 100644
index 19c30bbf99..0000000000
--- a/main/sdl2_image/CVE-2017-14441.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-# HG changeset patch
-# User Ryan C. Gordon <icculus@icculus.org>
-# Date 1516816924 18000
-# Node ID a1e9b624ca1033f893e93691802682bf36400f7a
-# Parent bfa08dc02b3c7b265ead6019f901f17f925570c3
-ico: reject obviously incorrect image sizes.
-
-diff -r bfa08dc02b3c -r a1e9b624ca10 IMG_bmp.c
---- a/IMG_bmp.c Wed Jan 24 12:00:24 2018 -0500
-+++ b/IMG_bmp.c Wed Jan 24 13:02:04 2018 -0500
-@@ -735,6 +735,14 @@
- goto done;
- }
-
-+ /* sanity check image size, so we don't overflow integers, etc. */
-+ if ((biWidth < 0) || (biWidth > 0xFFFFFF) ||
-+ (biHeight < 0) || (biHeight > 0xFFFFFF)) {
-+ IMG_SetError("Unsupported or invalid ICO dimensions");
-+ was_error = SDL_TRUE;
-+ goto done;
-+ }
-+
- /* Create a RGBA surface */
- biHeight = biHeight >> 1;
- //printf("%d x %d\n", biWidth, biHeight);
-
diff --git a/main/sdl2_image/CVE-2017-14442.patch b/main/sdl2_image/CVE-2017-14442.patch
deleted file mode 100644
index 6fa4524b40..0000000000
--- a/main/sdl2_image/CVE-2017-14442.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-
-# HG changeset patch
-# User Ryan C. Gordon <icculus@icculus.org>
-# Date 1516817527 18000
-# Node ID 37445f6180a8ca7a218ab9f9eaaeaf088b4f6c3a
-# Parent a1e9b624ca1033f893e93691802682bf36400f7a
-bmp: don't overflow palette buffer with bogus biClrUsed values.
-
-diff -r a1e9b624ca10 -r 37445f6180a8 IMG_bmp.c
---- a/IMG_bmp.c Wed Jan 24 13:02:04 2018 -0500
-+++ b/IMG_bmp.c Wed Jan 24 13:12:07 2018 -0500
-@@ -760,6 +760,11 @@
- if (biClrUsed == 0) {
- biClrUsed = 1 << biBitCount;
- }
-+ if (biClrUsed > SDL_arraysize(palette)) {
-+ IMG_SetError("Unsupported or incorrect biClrUsed field");
-+ was_error = SDL_TRUE;
-+ goto done;
-+ }
- for (i = 0; i < (int) biClrUsed; ++i) {
- SDL_RWread(src, &palette[i], 4, 1);
- }
-
diff --git a/main/sdl2_image/CVE-2017-14448.patch b/main/sdl2_image/CVE-2017-14448.patch
deleted file mode 100644
index 6b02f74316..0000000000
--- a/main/sdl2_image/CVE-2017-14448.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-
-# HG changeset patch
-# User Ryan C. Gordon <icculus@icculus.org>
-# Date 1517092075 18000
-# Node ID 7df1580f1695d327c1c4580dccbf7ca6da5aed9e
-# Parent 37445f6180a8ca7a218ab9f9eaaeaf088b4f6c3a
-xcf: deal with bogus data in rle tile decoding.
-
-diff -r 37445f6180a8 -r 7df1580f1695 IMG_xcf.c
---- a/IMG_xcf.c Wed Jan 24 13:12:07 2018 -0500
-+++ b/IMG_xcf.c Sat Jan 27 17:27:55 2018 -0500
-@@ -486,7 +486,7 @@
- t = load = (unsigned char *) SDL_malloc (len);
- reallen = SDL_RWread (src, t, 1, len);
-
-- data = (unsigned char *) SDL_malloc (x*y*bpp);
-+ data = (unsigned char *) SDL_calloc (1, x*y*bpp);
- for (i = 0; i < bpp; i++) {
- d = data + i;
- size = x*y;
-@@ -503,6 +503,12 @@
- t += 2;
- }
-
-+ if (((size_t) (t - load) + length) >= len) {
-+ break; /* bogus data */
-+ } else if (length > size) {
-+ break; /* bogus data */
-+ }
-+
- count += length;
- size -= length;
-
-@@ -518,6 +524,12 @@
- t += 2;
- }
-
-+ if (((size_t) (t - load)) >= len) {
-+ break; /* bogus data */
-+ } else if (length > size) {
-+ break; /* bogus data */
-+ }
-+
- count += length;
- size -= length;
-
-@@ -529,6 +541,11 @@
- }
- }
- }
-+
-+ if (size > 0) {
-+ break; /* just drop out, untouched data initialized to zero. */
-+ }
-+
- }
-
- SDL_free (load);
-
diff --git a/main/sdl2_image/CVE-2017-14450.patch b/main/sdl2_image/CVE-2017-14450.patch
deleted file mode 100644
index c7feeb7f8c..0000000000
--- a/main/sdl2_image/CVE-2017-14450.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-
-# HG changeset patch
-# User Ryan C. Gordon <icculus@icculus.org>
-# Date 1517113689 18000
-# Node ID 45e750f92c843dccea0820d86726e9cf1d524392
-# Parent d0142861559ccd4fde994fbd33c34fbdee25f84c
-gif: report error on bogus LWZ data, instead of overflowing a buffer.
-
-diff -r d0142861559c -r 45e750f92c84 IMG_gif.c
---- a/IMG_gif.c Sat Jan 27 22:50:18 2018 -0500
-+++ b/IMG_gif.c Sat Jan 27 23:28:09 2018 -0500
-@@ -497,8 +497,10 @@
- return -3;
- }
- *sp++ = table[1][code];
-- if (code == table[0][code])
-- RWSetMsg("circular table entry BIG ERROR");
-+ if (code == table[0][code]) {
-+ RWSetMsg("circular table entry BIG ERROR");
-+ return -3;
-+ }
- code = table[0][code];
- }
-
-
diff --git a/main/sdl2_image/CVE-2017-2887.patch b/main/sdl2_image/CVE-2017-2887.patch
deleted file mode 100644
index 8b4d0c571c..0000000000
--- a/main/sdl2_image/CVE-2017-2887.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- a/IMG_xcf.c Mon Sep 18 16:10:17 2017 -0700
-+++ b/IMG_xcf.c Fri Oct 06 15:40:19 2017 -0700
-@@ -251,6 +251,7 @@
- }
-
- static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
-+ Uint32 len;
- prop->id = SDL_ReadBE32 (src);
- prop->length = SDL_ReadBE32 (src);
-
-@@ -274,7 +275,12 @@
- break;
- case PROP_COMPRESSION:
- case PROP_COLOR:
-- SDL_RWread (src, &prop->data, prop->length, 1);
-+ if (prop->length > sizeof(prop->data)) {
-+ len = sizeof(prop->data);
-+ } else {
-+ len = prop->length;
-+ }
-+ SDL_RWread(src, &prop->data, len, 1);
- break;
- case PROP_VISIBLE:
- prop->data.visible = SDL_ReadBE32 (src);
-
diff --git a/main/sdl2_image/CVE-2018-3837.patch b/main/sdl2_image/CVE-2018-3837.patch
deleted file mode 100644
index 823a2b9cbc..0000000000
--- a/main/sdl2_image/CVE-2018-3837.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-
-# HG changeset patch
-# User Ryan C. Gordon <icculus@icculus.org>
-# Date 1518036231 18000
-# Node ID 2938fc80591abeae74b971cbdf966eff3213297e
-# Parent f50c9c46ba52f5a594313774a938844e5cf82b4d
-pcx: don't overflow buffer if bytes-per-line is less than image width.
-
-diff -r f50c9c46ba52 -r 2938fc80591a IMG_pcx.c
---- a/IMG_pcx.c Sun Jan 28 22:10:40 2018 -0800
-+++ b/IMG_pcx.c Wed Feb 07 15:43:51 2018 -0500
-@@ -147,7 +147,7 @@
- if (bpl > surface->pitch) {
- error = "bytes per line is too large (corrupt?)";
- }
-- buf = (Uint8 *)SDL_malloc(bpl);
-+ buf = (Uint8 *)SDL_calloc(SDL_max(bpl, surface->pitch), 1);
- row = (Uint8 *)surface->pixels;
- for ( y=0; y<surface->h; ++y ) {
- /* decode a scan line to a temporary buffer first */
-
diff --git a/main/sdl2_image/CVE-2018-3838.patch b/main/sdl2_image/CVE-2018-3838.patch
deleted file mode 100644
index b0e89b804b..0000000000
--- a/main/sdl2_image/CVE-2018-3838.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-
-# HG changeset patch
-# User Ryan C. Gordon <icculus@icculus.org>
-# Date 1518038334 18000
-# Node ID c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
-# Parent 2938fc80591abeae74b971cbdf966eff3213297e
-xcf: Prevent infinite loop and/or buffer overflow on bogus data.
-
-diff -r 2938fc80591a -r c5f9cbb5d2bb IMG_xcf.c
---- a/IMG_xcf.c Wed Feb 07 15:43:51 2018 -0500
-+++ b/IMG_xcf.c Wed Feb 07 16:18:54 2018 -0500
-@@ -483,6 +483,10 @@
- int i, size, count, j, length;
- unsigned char val;
-
-+ if (len == 0) { /* probably bogus data. */
-+ return NULL;
-+ }
-+
- t = load = (unsigned char *) SDL_malloc (len);
- reallen = SDL_RWread (src, t, 1, len);
-
-@@ -608,6 +612,16 @@
- tile = load_tile(src, ox * oy * 6, hierarchy->bpp, ox, oy);
- }
-
-+ if (!tile) {
-+ if (hierarchy) {
-+ free_xcf_hierarchy(hierarchy);
-+ }
-+ if (level) {
-+ free_xcf_level(level);
-+ }
-+ return 1;
-+ }
-+
- p8 = tile;
- p16 = (Uint16 *) p8;
- p = (Uint32 *) p8;
-
diff --git a/main/sdl2_image/CVE-2018-3839.patch b/main/sdl2_image/CVE-2018-3839.patch
deleted file mode 100644
index 86370cbc4c..0000000000
--- a/main/sdl2_image/CVE-2018-3839.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-
-# HG changeset patch
-# User Ryan C. Gordon <icculus@icculus.org>
-# Date 1518038991 18000
-# Node ID fb643e371806910f1973abfdfe7f981e8dba60f5
-# Parent c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
-xcf: check for some potential integer overflows.
-
-diff -r c5f9cbb5d2bb -r fb643e371806 IMG_xcf.c
---- a/IMG_xcf.c Wed Feb 07 16:18:54 2018 -0500
-+++ b/IMG_xcf.c Wed Feb 07 16:29:51 2018 -0500
-@@ -595,6 +595,18 @@
- SDL_RWseek(src, layer->hierarchy_file_offset, RW_SEEK_SET);
- hierarchy = read_xcf_hierarchy(src);
-
-+ if (hierarchy->bpp > 4) { /* unsupported. */
-+ SDL_Log("Unknown Gimp image bpp (%u)\n", (unsigned int) hierarchy->bpp);
-+ free_xcf_hierarchy(hierarchy);
-+ return 1;
-+ }
-+
-+ if ((hierarchy->width > 20000) || (hierarchy->height > 20000)) { /* arbitrary limit to avoid integer overflow. */
-+ SDL_Log("Gimp image too large (%ux%u)\n", (unsigned int) hierarchy->width, (unsigned int) hierarchy->height);
-+ free_xcf_hierarchy(hierarchy);
-+ return 1;
-+ }
-+
- level = NULL;
- for (i = 0; hierarchy->level_file_offsets[i]; i++) {
- SDL_RWseek(src, hierarchy->level_file_offsets[i], RW_SEEK_SET);
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 08:06:24 +0000