diff --git a/CVE-2019-13616.patch b/CVE-2019-13616.patch new file mode 100644 index 0000000..10e5ac9 --- /dev/null +++ b/CVE-2019-13616.patch @@ -0,0 +1,15 @@ +diff -r b810b78d32cc -r e7ba650a643a src/video/SDL_bmp.c +--- a/src/video/SDL_bmp.c Thu Jul 25 08:05:13 2019 -0500 ++++ b/src/video/SDL_bmp.c Tue Jul 30 11:00:00 2019 -0700 +@@ -226,6 +226,11 @@ + SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR); + } + } ++ if (biWidth <= 0 || biHeight == 0) { ++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; diff --git a/SDL2.changes b/SDL2.changes index d935db7..0149bad 100644 --- a/SDL2.changes +++ b/SDL2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Aug 22 16:43:13 UTC 2019 - Michael Gorse + +- Add CVE-2019-13616.patch: fix heap buffer overflow when reading + a crafted bmp file (boo#1141844 CVE-2019-13616). + ------------------------------------------------------------------- Sun Aug 11 04:29:55 UTC 2019 - Jan Engelhardt @@ -44,7 +50,7 @@ Fri Jul 26 07:44:39 UTC 2019 - Luigi Baldoni * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control whether SDL will synthesize touch events from mouse events * Improved handling of malformed WAVE and BMP files, fixing - potential security exploits + potential security exploits (boo#1142031 CVE-2019-13626) * Removed the Mir video driver in favor of Wayland - Refreshed sdl2-symvers.patch diff --git a/SDL2.spec b/SDL2.spec index 75ee270..62f05ff 100644 --- a/SDL2.spec +++ b/SDL2.spec @@ -32,6 +32,7 @@ Source3: %name.keyring Source4: baselibs.conf Patch1: sdl2-symvers.patch Patch2: SDL2-endian.patch +Patch3: CVE-2019-13616.patch BuildRequires: cmake BuildRequires: dos2unix BuildRequires: gcc-c++