aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-11-20 11:44:53 +0100
committerLeo <thinkabit.ukim@gmail.com>2019-11-20 11:52:48 +0100
commite744b4cb5b3ab1bdb7a54cbe834a92b5c12e6778 (patch)
treea2fb2d03311b456972abf9c620344d367a8a9fb8
parent170d58419994a0fb495972beef8ef4b82bdc966c (diff)
downloadaports-e744b4cb5b3ab1bdb7a54cbe834a92b5c12e6778.tar.bz2
aports-e744b4cb5b3ab1bdb7a54cbe834a92b5c12e6778.tar.xz
main/sdl_image: fix CVE-2019-13616
ref #10878
-rw-r--r--main/sdl_image/APKBUILD13
-rw-r--r--main/sdl_image/CVE-2019-13616.patch16
2 files changed, 26 insertions, 3 deletions
diff --git a/main/sdl_image/APKBUILD b/main/sdl_image/APKBUILD
index 39ee67a53d..dbb3d172f5 100644
--- a/main/sdl_image/APKBUILD
+++ b/main/sdl_image/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=sdl_image
pkgver=1.2.12
-pkgrel=4
+pkgrel=5
pkgdesc="A simple library to load images of various formats as SDL surfaces"
url="http://www.libsdl.org/projects/SDL_image/"
arch="all"
@@ -12,7 +12,13 @@ depends=""
makedepends="sdl-dev libpng-dev libjpeg-turbo-dev libwebp-dev tiff-dev zlib-dev"
install=""
subpackages="$pkgname-dev"
-source="https://www.libsdl.org/projects/SDL_image/release/SDL_image-${pkgver}.tar.gz"
+source="https://www.libsdl.org/projects/SDL_image/release/SDL_image-${pkgver}.tar.gz
+ CVE-2019-13616.patch
+ "
+
+# secfixes:
+# 1.2.12-r5:
+# - CVE-2019-13616
builddir="$srcdir"/SDL_image-$pkgver
prepare() {
@@ -38,4 +44,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136 SDL_image-1.2.12.tar.gz"
+sha512sums="0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136 SDL_image-1.2.12.tar.gz
+0ae144202435ad35e5ff6ae6b73592cd8ef68dba2704e09ba22f2b9e9d98f547f2ead28327be0594897f2165d2bf5c26f07e8ef72760527e8d9e4e593e8e5f60 CVE-2019-13616.patch"
diff --git a/main/sdl_image/CVE-2019-13616.patch b/main/sdl_image/CVE-2019-13616.patch
new file mode 100644
index 0000000000..f2ed7c6aa0
--- /dev/null
+++ b/main/sdl_image/CVE-2019-13616.patch
@@ -0,0 +1,16 @@
+diff --git a/IMG_bmp.c b/IMG_bmp.c
+index b3c7580..bfadd45 100644
+--- a/IMG_bmp.c
++++ b/IMG_bmp.c
+@@ -272,6 +272,11 @@ static SDL_Surface *LoadBMP_RW (SDL_RWops *src, int freesrc)
+ biClrUsed = SDL_ReadLE32(src);
+ biClrImportant = SDL_ReadLE32(src);
+ }
++ if (biWidth <= 0 || biHeight == 0) {
++ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ if (biHeight < 0) {
+ topDown = SDL_TRUE;
+ biHeight = -biHeight;