Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.8.git;a=commitdiff;h=f5020c5069d378bb237232d2ff25b53c88fe3248
commit f5020c5069d378bb237232d2ff25b53c88fe3248 Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Sat Apr 12 14:46:35 2008 +0200 sdlimage-1.2.6-2kalgan1-i686 - added CVE-2007-6697.patch and CVE-2008-0544.patch - closes #2916 diff --git a/source/xlib/sdlimage/FrugalBuild b/source/xlib/sdlimage/FrugalBuild index 05d7437..2a90960 100644 --- a/source/xlib/sdlimage/FrugalBuild +++ b/source/xlib/sdlimage/FrugalBuild @@ -3,15 +3,18 @@ pkgname=sdlimage pkgver=1.2.6 -pkgrel=1 +pkgrel=2kalgan1 pkgdesc="Image loading library for Simple DirectMedia Layer 1.2" url="http://www.libsdl.org/"; depends=('sdl' 'libjpeg' 'libpng' 'libtiff') groups=('xlib') archs=('i686' 'x86_64') up2date="lynx -dump http://www.libsdl.org/projects/SDL_image/ | grep -m1 tar.gz | sed 's/.*e-\(.*\).t.*/\1/'" -source=(http://www.libsdl.org/projects/SDL_image/release/SDL_image-$pkgver.tar.gz) -sha1sums=('5045df31e4db29d8890110fd18024c9d08efca30') +source=(http://www.libsdl.org/projects/SDL_image/release/SDL_image-$pkgver.tar.gz \ + SDL-cvs-CVE-2007-6697.patch SDL-cvs-CVE-2008-0544.patch) +sha1sums=('5045df31e4db29d8890110fd18024c9d08efca30' \ + '5c75378a36ced7c3c094fc7625f7d2d83acad260' \ + '75bea0903b7e96285d10132e06fa55fb04b1ad34') _F_cd_path="SDL_image-$pkgver" Fconfopts="$Fconfopts --enable-jpeg" diff --git a/source/xlib/sdlimage/SDL-cvs-CVE-2007-6697.patch b/source/xlib/sdlimage/SDL-cvs-CVE-2007-6697.patch new file mode 100644 index 0000000..de9c9c2 --- /dev/null +++ b/source/xlib/sdlimage/SDL-cvs-CVE-2007-6697.patch @@ -0,0 +1,13 @@ +--- SDL_image/IMG_gif.c 2007/02/13 10:09:17 2970 ++++ SDL_image/IMG_gif.c 2007/12/28 16:43:56 3462 +@@ -418,6 +418,10 @@ + static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp; + register int i; + ++ /* Fixed buffer overflow found by Michael Skladnikiewicz */ ++ if (input_code_size > MAX_LWZ_BITS) ++ return -1; ++ + if (flag) { + set_code_size = input_code_size; + code_size = set_code_size + 1; diff --git a/source/xlib/sdlimage/SDL-cvs-CVE-2008-0544.patch b/source/xlib/sdlimage/SDL-cvs-CVE-2008-0544.patch new file mode 100644 index 0000000..d5216d9 --- /dev/null +++ b/source/xlib/sdlimage/SDL-cvs-CVE-2008-0544.patch @@ -0,0 +1,28 @@ +--- SDL_image/IMG_lbm.c 2007/07/20 04:37:11 3341 ++++ SDL_image/IMG_lbm.c 2008/01/03 20:05:34 3521 +@@ -28,6 +28,7 @@ + EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain + (http://www.multimania.com/mavati) in December 2003. + Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004. ++ Buffer overflow fix in RLE decompression by David Raulo in January 2008. + */ + + #include <stdio.h> +@@ -328,7 +329,7 @@ + count ^= 0xFF; + count += 2; /* now it */ + +- if ( !SDL_RWread( src, &color, 1, 1 ) ) ++ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) ) + { + error="error reading BODY chunk"; + goto done; +@@ -339,7 +340,7 @@ + { + ++count; + +- if ( !SDL_RWread( src, ptr, count, 1 ) ) ++ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) ) + { + error="error reading BODY chunk"; + goto done; _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
