From c22e88769db71ba0fed2cd3d6c33f3eab2c2e0de Mon Sep 17 00:00:00 2001
From: Leo <thinkabit.ukim@gmail.com>
Date: Wed, 20 Nov 2019 11:59:29 +0100
Subject: main/sdl: fix CVE-2019-13616

---
 main/sdl/APKBUILD | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/main/sdl/APKBUILD b/main/sdl/APKBUILD
index 36d9c8753e..6b89d5d0eb 100644
--- a/main/sdl/APKBUILD
+++ b/main/sdl/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=sdl
 pkgver=1.2.15
-pkgrel=8
+pkgrel=9
 pkgdesc="A library for portable low-level access to a video framebuffer, audio output, mouse, and keyboard"
 url="http://www.libsdl.org"
 arch="all"
@@ -27,11 +27,14 @@ source="http://www.libsdl.org/release/SDL-$pkgver.tar.gz
 	0002-CVE-2019-7637.patch
 	SDL-1.2.10-GrabNotViewable.patch
 	SDL-1.2.15-const_XData32.patch
+	CVE-2019-13616.patch::https://hg.libsdl.org/SDL/raw-diff/ad1bbfbca760/src/video/SDL_bmp.c
 	"
 
 _builddir="$srcdir"/SDL-$pkgver
 
 # secfixes:
+#   1.2.15-r9:
+#     - CVE-2019-13616
 #   1.2.15-r8:
 #     - CVE-2019-7572
 #     - CVE-2019-7573
@@ -79,7 +82,6 @@ package() {
 	cd "$srcdir"/SDL-$pkgver
 	make DESTDIR="$pkgdir" install
 }
-
 sha512sums="ac392d916e6953b0925a7cbb0f232affea33339ef69b47a0a7898492afb9784b93138986df53d6da6d3e2ad79af1e9482df565ecca30f89428be0ae6851b1adc  SDL-1.2.15.tar.gz
 8c287d6ffcc159f19d934d560e073a716325b6a62d9dea974b92b2d4a417defc4f8441769b4761c5a2600b10a45ff401b0afbab6823880e3d54eab09e22f9859  0001-CVE-2019-7574.patch
 e713d0f3d24d73831d9f116d4e15e965c5f09e19b15634e8cbf92714612b0172f24a5c542b3fde09732d17b03d7dac3aaac0d8f4e359a45c1c538970413d6e7c  0001-CVE-2019-7572.patch
@@ -95,4 +97,5 @@ a31d5c685fafbca72fdc5336343b74b90b1bfd5af4b6f632b4d8271bb1a218ec6419a7994290f65e
 0ad1e445a067afb726df48eac55d593075c945199bd718b4116af84c15df6f5c095f541a5c8a008aef4474dda874e68517236f2f37e1539e0e5684240b058231  0001-CVE-2019-7637.patch
 105378cf7609872198c83b8824a1c36463b01f5696cda6c184252b728cdd1054cdc2e68a338f5d728facd182628d2a8b29b961664e89d7f9022abc0268c9afc1  0002-CVE-2019-7637.patch
 20049408d4c00d895c39a7901d889d1874ebcd382e93b2e8df38bd3726e2236f4e9a980720724cf176a35d05fb0db5dbcabd42089423adeb404f2dba16d52b7b  SDL-1.2.10-GrabNotViewable.patch
-ae7cdb61930199a7989e1690be37133eddeb8d446fef3fb5bbe0008d5e3b30abb28f4cc8ffea5d7a186ec242f158ed06dbd2b9ea98ca3e3caeed5ab12bac6875  SDL-1.2.15-const_XData32.patch"
+ae7cdb61930199a7989e1690be37133eddeb8d446fef3fb5bbe0008d5e3b30abb28f4cc8ffea5d7a186ec242f158ed06dbd2b9ea98ca3e3caeed5ab12bac6875  SDL-1.2.15-const_XData32.patch
+1b97970d0bcb7c49a3edfab2dd8c622a591ee64543ebe9e03b1de29a5cfb87820100444ff5ba0ce319911d1020ad94f6a8678c31aa13e370d1c9aeed6e3fd669  CVE-2019-13616.patch"
-- 
cgit v1.2.3