pool/SDL_image
SHA256
3
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/SDL_image?expand=0&rev=6

Browse Source
This commit is contained in:
OBS User unknown 2008-02-01 23:20:41 +00:00 committed by Git OBS Bridge
parent 799578ca3a
commit 621c95c752
4 changed files with 89 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
SDL_image-1.2.6-gif-overflow.patch Normal file
View File

@ -0,0 +1,13 @@
--- IMG_gif.c
+++ IMG_gif.c
@@ -418,6 +418,10 @@
static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
register int i;
+ /* Fixed buffer overflow found by Michael Skladnikiewicz */
+ if (input_code_size > MAX_LWZ_BITS)
+ return -1;
+
if (flag) {
set_code_size = input_code_size;
code_size = set_code_size + 1;

28
SDL_image-1.2.6-lbm-overflow.patch Normal file
View File

@ -0,0 +1,28 @@
--- IMG_lbm.c
+++ IMG_lbm.c
@@ -28,6 +28,7 @@
EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
(http://www.multimania.com/mavati) in December 2003.
Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
+ Buffer overflow fix in RLE decompression by David Raulo in January 2008.
*/
#include <stdio.h>
@@ -328,7 +329,7 @@
count ^= 0xFF;
count += 2; /* now it */
- if ( !SDL_RWread( src, &color, 1, 1 ) )
+ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
{
error="error reading BODY chunk";
goto done;
@@ -339,7 +340,7 @@
{
++count;
- if ( !SDL_RWread( src, ptr, count, 1 ) )
+ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
{
error="error reading BODY chunk";
goto done;

10
SDL_image.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Tue Jan 29 12:09:41 CET 2008 - prusnak@suse.cz
- fix buffer overflow in LBM code (lbm-overflow.patch) [#355864]
-------------------------------------------------------------------
Fri Jan 25 12:58:25 CET 2008 - prusnak@suse.cz
- fix buffer overflow in GIF code (gif-overflow.patch) [#355864]
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Dec 16 21:40:05 CET 2007 - sndirsch@suse.de Sun Dec 16 21:40:05 CET 2007 - sndirsch@suse.de

70
SDL_image.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package SDL_image (Version 1.2.6) # spec file for package SDL_image (Version 1.2.6)
# #
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine # This file and all modifications and additions to the pristine
# package are under the same license as the package itself. # package are under the same license as the package itself.
# #
@ -15,8 +15,10 @@ BuildRequires: SDL-devel libjpeg-devel libpng-devel libtiff-devel xorg-x11-deve
Url: http://www.libsdl.org/projects/SDL_image/ Url: http://www.libsdl.org/projects/SDL_image/
Summary: Simple DirectMedia Layer--Sample Image Loading Library Summary: Simple DirectMedia Layer--Sample Image Loading Library
Version: 1.2.6 Version: 1.2.6
Release: 46 Release: 59
Source0: %{name}-%{version}.tar.bz2 Source0: %{name}-%{version}.tar.bz2
Patch0: %{name}-%{version}-gif-overflow.patch
Patch1: %{name}-%{version}-lbm-overflow.patch
License: LGPL v2.1 or later License: LGPL v2.1 or later
Group: System/Libraries Group: System/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -50,6 +52,8 @@ Authors:
%prep %prep
%setup -q %setup -q
%patch0
%patch1
%build %build
%{?suse_update_config:%{suse_update_config -f }} %{?suse_update_config:%{suse_update_config -f }}
@ -59,11 +63,9 @@ make %{?jobs:-j %jobs}
%install %install
make install DESTDIR=$RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT
%post %post -p /sbin/ldconfig
/sbin/ldconfig
%postun %postun -p /sbin/ldconfig
/sbin/ldconfig
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -80,9 +82,13 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/lib*.so %{_libdir}/lib*.so
%changelog %changelog
* Sun Dec 16 2007 - sndirsch@suse.de * Tue Jan 29 2008 prusnak@suse.cz
- fix buffer overflow in LBM code (lbm-overflow.patch) [#355864]
* Fri Jan 25 2008 prusnak@suse.cz
- fix buffer overflow in GIF code (gif-overflow.patch) [#355864]
* Sun Dec 16 2007 sndirsch@suse.de
- fixed BuildRequires for SUSE < 10.2 - fixed BuildRequires for SUSE < 10.2
* Wed Jul 25 2007 - prusnak@suse.cz * Wed Jul 25 2007 prusnak@suse.cz
- updated to 1.2.6 - updated to 1.2.6
* PNG and TIFF images are correctly identified even if dynamic * PNG and TIFF images are correctly identified even if dynamic
libraries to load them aren't available libraries to load them aren't available
@ -91,59 +97,59 @@ rm -rf $RPM_BUILD_ROOT
* fixed crash in IMG_ReadXPMFromArray() * fixed crash in IMG_ReadXPMFromArray()
- dropped obsolete patch: - dropped obsolete patch:
* xcfinc.diff (included in update) * xcfinc.diff (included in update)
* Sun Jul 22 2007 - aj@suse.de * Sun Jul 22 2007 aj@suse.de
- Cleanup build requires. - Cleanup build requires.
* Fri Mar 02 2007 - prusnak@suse.cz * Fri Mar 02 2007 prusnak@suse.cz
- cleaned specfile - cleaned specfile
* Wed Nov 08 2006 - prusnak@suse.cz * Wed Nov 08 2006 prusnak@suse.cz
- increment moved outside of assignement [#218752] - increment moved outside of assignement [#218752]
* Fri Sep 29 2006 - schwab@suse.de * Fri Sep 29 2006 schwab@suse.de
- Require libtiff-devel for SDL_image-devel. - Require libtiff-devel for SDL_image-devel.
* Tue Sep 12 2006 - nadvornik@suse.cz * Tue Sep 12 2006 nadvornik@suse.cz
- updated to 1.2.5: - updated to 1.2.5:
* Added support for dynamically loading libjpeg, libpng, and libtiff. * Added support for dynamically loading libjpeg, libpng, and libtiff.
* Added gcc-fat.sh for generating Universal binaries on Mac OS X * Added gcc-fat.sh for generating Universal binaries on Mac OS X
* Added support for XV thumbnail images * Added support for XV thumbnail images
* Added support for 32-bit BMP files with alpha * Added support for 32-bit BMP files with alpha
- fixed requires of devel subpackage [#192736] - fixed requires of devel subpackage [#192736]
* Fri Mar 10 2006 - bk@suse.de * Fri Mar 10 2006 bk@suse.de
- SDL_image-devel: add libstdc++, gcc and gpm to Requires (.la check) - SDL_image-devel: add libstdc++, gcc and gpm to Requires (.la check)
* Mon Jan 30 2006 - coolo@suse.de * Mon Jan 30 2006 coolo@suse.de
- fixing BuildRequires to include png support - fixing BuildRequires to include png support
* Wed Jan 25 2006 - mls@suse.de * Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires - converted neededforbuild to BuildRequires
* Tue Jul 19 2005 - nadvornik@suse.cz * Tue Jul 19 2005 nadvornik@suse.cz
- updated to 1.2.4 - updated to 1.2.4
* Sat Jan 10 2004 - adrian@suse.de * Sat Jan 10 2004 adrian@suse.de
- add %%run_ldconfig - add %%run_ldconfig
* Fri Jul 25 2003 - nadvornik@suse.cz * Fri Jul 25 2003 nadvornik@suse.cz
- update to 1.2.3 - update to 1.2.3
* Wed Jul 03 2002 - nadvornik@suse.cz * Wed Jul 03 2002 nadvornik@suse.cz
- updated to 1.2.2 - updated to 1.2.2
* Tue Jun 11 2002 - meissner@suse.de * Tue Jun 11 2002 meissner@suse.de
- regenerate auto files, removed acinclude.m4 (which only contains - regenerate auto files, removed acinclude.m4 (which only contains
SDL.m4 and libtool.m4). SDL.m4 and libtool.m4).
* Fri May 10 2002 - ro@suse.de * Fri May 10 2002 ro@suse.de
- libdir fixed - libdir fixed
* Fri Feb 01 2002 - ro@suse.de * Fri Feb 01 2002 ro@suse.de
- changed neededforbuild <libpng> to <libpng-devel-packages> - changed neededforbuild <libpng> to <libpng-devel-packages>
* Tue Jan 22 2002 - ro@suse.de * Tue Jan 22 2002 ro@suse.de
- changed neededforbuild <kdelibs-artsd> to <kdelibs3-artsd> - changed neededforbuild <kdelibs-artsd> to <kdelibs3-artsd>
* Tue Jan 08 2002 - nadvornik@suse.cz * Tue Jan 08 2002 nadvornik@suse.cz
- updated to 1.2.1: - updated to 1.2.1:
- added LBM format - added LBM format
- fixed transparent GIF and PNG - fixed transparent GIF and PNG
* Wed Aug 08 2001 - uli@suse.de * Wed Aug 08 2001 uli@suse.de
- fixed neededforbuild wrt SDL renaming - fixed neededforbuild wrt SDL renaming
* Wed Jun 20 2001 - nadvornik@suse.cz * Wed Jun 20 2001 nadvornik@suse.cz
- added kdelibs and kdelibs-devel to neededforbuild - added kdelibs and kdelibs-devel to neededforbuild
* Thu Apr 12 2001 - nadvornik@suse.cz * Thu Apr 12 2001 nadvornik@suse.cz
- update to 1.2.0 - update to 1.2.0
* Mon Mar 26 2001 - ro@suse.de * Mon Mar 26 2001 ro@suse.de
- changed neededforbuild <sdl> to <sdl sdl-devel> - changed neededforbuild <sdl> to <sdl sdl-devel>
* Mon Feb 19 2001 - uli@suse.de * Mon Feb 19 2001 uli@suse.de
- added alsa* to neededforbuild (needed by new SDL) - added alsa* to neededforbuild (needed by new SDL)
* Tue Dec 05 2000 - nadvornik@suse.cz * Tue Dec 05 2000 nadvornik@suse.cz
- added suse_update_config - added suse_update_config
* Tue Nov 28 2000 - nadvornik@suse.cz * Tue Nov 28 2000 nadvornik@suse.cz
- new package - new package