diff --git a/SDL_image-1.2.6-gif-overflow.patch b/SDL_image-1.2.6-gif-overflow.patch new file mode 100644 index 0000000..15be7d1 --- /dev/null +++ b/SDL_image-1.2.6-gif-overflow.patch @@ -0,0 +1,13 @@ +--- IMG_gif.c ++++ IMG_gif.c +@@ -418,6 +418,10 @@ + static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp; + register int i; + ++ /* Fixed buffer overflow found by Michael Skladnikiewicz */ ++ if (input_code_size > MAX_LWZ_BITS) ++ return -1; ++ + if (flag) { + set_code_size = input_code_size; + code_size = set_code_size + 1; diff --git a/SDL_image-1.2.6-lbm-overflow.patch b/SDL_image-1.2.6-lbm-overflow.patch new file mode 100644 index 0000000..1179e4e --- /dev/null +++ b/SDL_image-1.2.6-lbm-overflow.patch @@ -0,0 +1,28 @@ +--- IMG_lbm.c ++++ IMG_lbm.c +@@ -28,6 +28,7 @@ + EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain + (http://www.multimania.com/mavati) in December 2003. + Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004. ++ Buffer overflow fix in RLE decompression by David Raulo in January 2008. + */ + + #include +@@ -328,7 +329,7 @@ + count ^= 0xFF; + count += 2; /* now it */ + +- if ( !SDL_RWread( src, &color, 1, 1 ) ) ++ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) ) + { + error="error reading BODY chunk"; + goto done; +@@ -339,7 +340,7 @@ + { + ++count; + +- if ( !SDL_RWread( src, ptr, count, 1 ) ) ++ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) ) + { + error="error reading BODY chunk"; + goto done; diff --git a/SDL_image.changes b/SDL_image.changes index 1583d9b..187a99c 100644 --- a/SDL_image.changes +++ b/SDL_image.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Jan 29 12:09:41 CET 2008 - prusnak@suse.cz + +- fix buffer overflow in LBM code (lbm-overflow.patch) [#355864] + +------------------------------------------------------------------- +Fri Jan 25 12:58:25 CET 2008 - prusnak@suse.cz + +- fix buffer overflow in GIF code (gif-overflow.patch) [#355864] + ------------------------------------------------------------------- Sun Dec 16 21:40:05 CET 2007 - sndirsch@suse.de diff --git a/SDL_image.spec b/SDL_image.spec index 8ac6973..e837d2f 100644 --- a/SDL_image.spec +++ b/SDL_image.spec @@ -1,7 +1,7 @@ # # spec file for package SDL_image (Version 1.2.6) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -15,8 +15,10 @@ BuildRequires: SDL-devel libjpeg-devel libpng-devel libtiff-devel xorg-x11-deve Url: http://www.libsdl.org/projects/SDL_image/ Summary: Simple DirectMedia Layer--Sample Image Loading Library Version: 1.2.6 -Release: 46 +Release: 59 Source0: %{name}-%{version}.tar.bz2 +Patch0: %{name}-%{version}-gif-overflow.patch +Patch1: %{name}-%{version}-lbm-overflow.patch License: LGPL v2.1 or later Group: System/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -50,6 +52,8 @@ Authors: %prep %setup -q +%patch0 +%patch1 %build %{?suse_update_config:%{suse_update_config -f }} @@ -59,11 +63,9 @@ make %{?jobs:-j %jobs} %install make install DESTDIR=$RPM_BUILD_ROOT -%post -/sbin/ldconfig +%post -p /sbin/ldconfig -%postun -/sbin/ldconfig +%postun -p /sbin/ldconfig %clean rm -rf $RPM_BUILD_ROOT @@ -80,9 +82,13 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/lib*.so %changelog -* Sun Dec 16 2007 - sndirsch@suse.de +* Tue Jan 29 2008 prusnak@suse.cz +- fix buffer overflow in LBM code (lbm-overflow.patch) [#355864] +* Fri Jan 25 2008 prusnak@suse.cz +- fix buffer overflow in GIF code (gif-overflow.patch) [#355864] +* Sun Dec 16 2007 sndirsch@suse.de - fixed BuildRequires for SUSE < 10.2 -* Wed Jul 25 2007 - prusnak@suse.cz +* Wed Jul 25 2007 prusnak@suse.cz - updated to 1.2.6 * PNG and TIFF images are correctly identified even if dynamic libraries to load them aren't available @@ -91,59 +97,59 @@ rm -rf $RPM_BUILD_ROOT * fixed crash in IMG_ReadXPMFromArray() - dropped obsolete patch: * xcfinc.diff (included in update) -* Sun Jul 22 2007 - aj@suse.de +* Sun Jul 22 2007 aj@suse.de - Cleanup build requires. -* Fri Mar 02 2007 - prusnak@suse.cz +* Fri Mar 02 2007 prusnak@suse.cz - cleaned specfile -* Wed Nov 08 2006 - prusnak@suse.cz +* Wed Nov 08 2006 prusnak@suse.cz - increment moved outside of assignement [#218752] -* Fri Sep 29 2006 - schwab@suse.de +* Fri Sep 29 2006 schwab@suse.de - Require libtiff-devel for SDL_image-devel. -* Tue Sep 12 2006 - nadvornik@suse.cz +* Tue Sep 12 2006 nadvornik@suse.cz - updated to 1.2.5: * Added support for dynamically loading libjpeg, libpng, and libtiff. * Added gcc-fat.sh for generating Universal binaries on Mac OS X * Added support for XV thumbnail images * Added support for 32-bit BMP files with alpha - fixed requires of devel subpackage [#192736] -* Fri Mar 10 2006 - bk@suse.de +* Fri Mar 10 2006 bk@suse.de - SDL_image-devel: add libstdc++, gcc and gpm to Requires (.la check) -* Mon Jan 30 2006 - coolo@suse.de +* Mon Jan 30 2006 coolo@suse.de - fixing BuildRequires to include png support -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Tue Jul 19 2005 - nadvornik@suse.cz +* Tue Jul 19 2005 nadvornik@suse.cz - updated to 1.2.4 -* Sat Jan 10 2004 - adrian@suse.de +* Sat Jan 10 2004 adrian@suse.de - add %%run_ldconfig -* Fri Jul 25 2003 - nadvornik@suse.cz +* Fri Jul 25 2003 nadvornik@suse.cz - update to 1.2.3 -* Wed Jul 03 2002 - nadvornik@suse.cz +* Wed Jul 03 2002 nadvornik@suse.cz - updated to 1.2.2 -* Tue Jun 11 2002 - meissner@suse.de +* Tue Jun 11 2002 meissner@suse.de - regenerate auto files, removed acinclude.m4 (which only contains SDL.m4 and libtool.m4). -* Fri May 10 2002 - ro@suse.de +* Fri May 10 2002 ro@suse.de - libdir fixed -* Fri Feb 01 2002 - ro@suse.de +* Fri Feb 01 2002 ro@suse.de - changed neededforbuild to -* Tue Jan 22 2002 - ro@suse.de +* Tue Jan 22 2002 ro@suse.de - changed neededforbuild to -* Tue Jan 08 2002 - nadvornik@suse.cz +* Tue Jan 08 2002 nadvornik@suse.cz - updated to 1.2.1: - added LBM format - fixed transparent GIF and PNG -* Wed Aug 08 2001 - uli@suse.de +* Wed Aug 08 2001 uli@suse.de - fixed neededforbuild wrt SDL renaming -* Wed Jun 20 2001 - nadvornik@suse.cz +* Wed Jun 20 2001 nadvornik@suse.cz - added kdelibs and kdelibs-devel to neededforbuild -* Thu Apr 12 2001 - nadvornik@suse.cz +* Thu Apr 12 2001 nadvornik@suse.cz - update to 1.2.0 -* Mon Mar 26 2001 - ro@suse.de +* Mon Mar 26 2001 ro@suse.de - changed neededforbuild to -* Mon Feb 19 2001 - uli@suse.de +* Mon Feb 19 2001 uli@suse.de - added alsa* to neededforbuild (needed by new SDL) -* Tue Dec 05 2000 - nadvornik@suse.cz +* Tue Dec 05 2000 nadvornik@suse.cz - added suse_update_config -* Tue Nov 28 2000 - nadvornik@suse.cz +* Tue Nov 28 2000 nadvornik@suse.cz - new package