diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2020-05-15 16:54:42 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2020-05-15 16:54:42 +0000 |
| commit | 9a080db70d6d2dec9d4f84309e261af37744dce2 (patch) | |
| tree | 26430821786ca4b4fe44472975828337767e8b4a | |
| parent | 7623c78413fa489e6e45dd2f34fe1a320a36b94c (diff) | |
| download | pkgsrc-9a080db70d6d2dec9d4f84309e261af37744dce2.tar.gz | |
Pullup ticket #6197 - requested by nia
devel/SDL: security fix
Revisions pulled up:
- devel/SDL/Makefile 1.139
- devel/SDL/distinfo 1.83
- devel/SDL/patches/patch-src_video_SDL__bmp.c 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 14 14:44:17 UTC 2020
Modified Files:
pkgsrc/devel/SDL: Makefile distinfo
pkgsrc/devel/SDL/patches: patch-src_video_SDL__bmp.c
Log Message:
SDL: fix CVE-2019-13616
bump PKGREVISION
| -rw-r--r-- | devel/SDL/Makefile | 4 | ||||
| -rw-r--r-- | devel/SDL/distinfo | 4 | ||||
| -rw-r--r-- | devel/SDL/patches/patch-src_video_SDL__bmp.c | 25 |
3 files changed, 24 insertions, 9 deletions
diff --git a/devel/SDL/Makefile b/devel/SDL/Makefile index cd4fa3d065e..321fedf4fb0 100644 --- a/devel/SDL/Makefile +++ b/devel/SDL/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.138 2020/03/08 16:49:09 wiz Exp $ +# $NetBSD: Makefile,v 1.138.2.1 2020/05/15 16:54:42 bsiegert Exp $ DISTNAME= SDL-1.2.15 -PKGREVISION= 30 +PKGREVISION= 31 CATEGORIES= devel games MASTER_SITES= http://www.libsdl.org/release/ diff --git a/devel/SDL/distinfo b/devel/SDL/distinfo index 4fd9ae14c81..58707659f17 100644 --- a/devel/SDL/distinfo +++ b/devel/SDL/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.82 2019/07/24 14:08:23 micha Exp $ +$NetBSD: distinfo,v 1.82.4.1 2020/05/15 16:54:42 bsiegert Exp $ SHA1 (SDL-1.2.15.tar.gz) = 0c5f193ced810b0d7ce3ab06d808cbb5eef03a2c RMD160 (SDL-1.2.15.tar.gz) = d4802a090cb4a24eeb0c8ce5690802f596d394c3 @@ -11,7 +11,7 @@ SHA1 (patch-src_audio_bsd_SDL__bsdaudio.c) = 7f5fbf4d839e52fce028810dc807b404fcd SHA1 (patch-src_audio_dma_SDL__dmaaudio.c) = cede64d04e8872b11851bfcacbc99059df973881 SHA1 (patch-src_audio_sun_SDL__sunaudio.c) = 4b492b40d39e6444037dfda55766e4a149cc6c30 SHA1 (patch-src_joystick_bsd_SDL__sysjoystick.c) = a20608d6a4cc8f2c8f5fb2d77a572f373178151b -SHA1 (patch-src_video_SDL__bmp.c) = 87b14ee02315703479ce522299ffe8d9e83d7e06 +SHA1 (patch-src_video_SDL__bmp.c) = 89252aa0de90a80cb7fa1c0bf6a7e0e73973ff83 SHA1 (patch-src_video_SDL__pixels.c) = e4c1feeda33cdd5e891ff203c573c5f578d17368 SHA1 (patch-src_video_nanox_SDL__nxvideo.c) = 653ff4358d62f7093f646fba5ddae2921876144c SHA1 (patch-src_video_quartz_SDL__QuartzVideo.h) = 19d952bade06dbd646e94f42139c38436969b1a8 diff --git a/devel/SDL/patches/patch-src_video_SDL__bmp.c b/devel/SDL/patches/patch-src_video_SDL__bmp.c index 622d7f46f48..5f0bec5c837 100644 --- a/devel/SDL/patches/patch-src_video_SDL__bmp.c +++ b/devel/SDL/patches/patch-src_video_SDL__bmp.c @@ -1,4 +1,4 @@ -$NetBSD: patch-src_video_SDL__bmp.c,v 1.1 2019/07/21 11:14:38 nia Exp $ +$NetBSD: patch-src_video_SDL__bmp.c,v 1.1.6.1 2020/05/15 16:54:42 bsiegert Exp $ CVE-2019-7635: Reject BMP images with pixel colors out the palette From upstream hg 12831:f1f5878be5db @@ -6,12 +6,27 @@ From upstream hg 12831:f1f5878be5db CVE-2019-7636, CVE-2019-7638 From upstream hg 12612:07c39cbbeacf +CVE-2019-13616: validate image size when loading BMP files +From upstream hg 12960:ad1bbfbca760 + Reject 2, 3, 5, 6, 7-bpp BMP images From upstreah hg 12646:4646533663ae --- src/video/SDL_bmp.c.orig 2012-01-19 06:30:06.000000000 +0000 +++ src/video/SDL_bmp.c -@@ -163,6 +163,14 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops +@@ -143,6 +143,11 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops + (void) biYPelsPerMeter; + (void) biClrImportant; + ++ if (biWidth <= 0 || biHeight == 0) { ++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; +@@ -163,6 +168,14 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops ExpandBMP = biBitCount; biBitCount = 8; break; @@ -26,7 +41,7 @@ From upstreah hg 12646:4646533663ae default: ExpandBMP = 0; break; -@@ -233,6 +241,10 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops +@@ -233,6 +246,10 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops if ( palette ) { if ( biClrUsed == 0 ) { biClrUsed = 1 << biBitCount; @@ -37,7 +52,7 @@ From upstreah hg 12646:4646533663ae } if ( biSize == 12 ) { for ( i = 0; i < (int)biClrUsed; ++i ) { -@@ -296,6 +308,12 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops +@@ -296,6 +313,12 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops } *(bits+i) = (pixel>>shift); pixel <<= ExpandBMP; @@ -50,7 +65,7 @@ From upstreah hg 12646:4646533663ae } } break; -@@ -306,6 +324,16 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops +@@ -306,6 +329,16 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops was_error = SDL_TRUE; goto done; } |