From 309fc5c36e9b5ac2b3999646842f56ea61b861e7ed7ad52a62c4bbc388d3ca57 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 23 Aug 2019 11:48:11 +0000 Subject: [PATCH 1/3] Accepting request 725424 from home:mgorse:branches:games - Add CVE-2019-13616.patch: fix heap buffer overflow when reading a crafted bmp file (boo#1141844 CVE-2019-13616). OBS-URL: https://build.opensuse.org/request/show/725424 OBS-URL: https://build.opensuse.org/package/show/games/SDL_image?expand=0&rev=23 --- CVE-2019-13616.patch | 15 +++++++++++++++ SDL_image.changes | 6 ++++++ SDL_image.spec | 8 +++++--- 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 CVE-2019-13616.patch diff --git a/CVE-2019-13616.patch b/CVE-2019-13616.patch new file mode 100644 index 0000000..3feeff0 --- /dev/null +++ b/CVE-2019-13616.patch @@ -0,0 +1,15 @@ +diff -r 9ccaa3a0dfb6 -r a59bfe382008 IMG_bmp.c +--- a/IMG_bmp.c Thu Jul 11 01:01:56 2019 +0300 ++++ b/IMG_bmp.c Tue Jul 30 21:29:15 2019 +0300 +@@ -272,6 +272,11 @@ + biClrUsed = SDL_ReadLE32(src); + biClrImportant = SDL_ReadLE32(src); + } ++ if (biWidth <= 0 || biHeight == 0) { ++ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; diff --git a/SDL_image.changes b/SDL_image.changes index 25f9a8e..8ebf944 100644 --- a/SDL_image.changes +++ b/SDL_image.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Aug 22 19:51:00 UTC 2019 - Michael Gorse + +- Add CVE-2019-13616.patch: fix heap buffer overflow when reading + a crafted bmp file (boo#1141844 CVE-2019-13616). + ------------------------------------------------------------------- Thu Jan 8 09:34:38 UTC 2015 - jengelh@inai.de diff --git a/SDL_image.spec b/SDL_image.spec index 37e389c..3de3329 100644 --- a/SDL_image.spec +++ b/SDL_image.spec @@ -1,7 +1,7 @@ # # spec file for package SDL_image # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,13 +21,14 @@ Name: SDL_image Version: 1.2.12 Release: 0 Summary: SDL image loading library -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Libraries/X11 Url: http://libsdl.org/projects/SDL_image/release-1.2.html # removed VisualC.zip, VisualCE.zip, Watcom-OS2.zip, Xcode.tar.gz, Xcode_iPhone.tar.gz from upstream tarball [bnc#508084] Source: %name-%version-repack.tar.bz2 Source3: baselibs.conf +Patch0: CVE-2019-13616.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libjpeg-devel BuildRequires: libtiff-devel @@ -66,6 +67,7 @@ TIFF and WEBP formats. %prep %setup -q +%patch0 -p1 %build %configure --disable-png-shared --disable-jpg-shared --disable-tif-shared \ From c7bac1f2866517e5745737c5855a70bebec0198864ea42ac5fada304d99b07f8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 23 Aug 2019 13:34:20 +0000 Subject: [PATCH 2/3] - Update to new snapshot 1.2.12+hg695 OBS-URL: https://build.opensuse.org/package/show/games/SDL_image?expand=0&rev=24 --- CVE-2019-13616.patch | 15 --------------- SDL_image-1.2.12+hg695.tar.xz | 3 +++ SDL_image-1.2.12-repack.tar.bz2 | 3 --- SDL_image.changes | 13 +++++++++++++ SDL_image.spec | 19 ++++++++----------- _service | 17 +++++++++++++++++ 6 files changed, 41 insertions(+), 29 deletions(-) delete mode 100644 CVE-2019-13616.patch create mode 100644 SDL_image-1.2.12+hg695.tar.xz delete mode 100644 SDL_image-1.2.12-repack.tar.bz2 create mode 100644 _service diff --git a/CVE-2019-13616.patch b/CVE-2019-13616.patch deleted file mode 100644 index 3feeff0..0000000 --- a/CVE-2019-13616.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -r 9ccaa3a0dfb6 -r a59bfe382008 IMG_bmp.c ---- a/IMG_bmp.c Thu Jul 11 01:01:56 2019 +0300 -+++ b/IMG_bmp.c Tue Jul 30 21:29:15 2019 +0300 -@@ -272,6 +272,11 @@ - biClrUsed = SDL_ReadLE32(src); - biClrImportant = SDL_ReadLE32(src); - } -+ if (biWidth <= 0 || biHeight == 0) { -+ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); -+ was_error = SDL_TRUE; -+ goto done; -+ } - if (biHeight < 0) { - topDown = SDL_TRUE; - biHeight = -biHeight; diff --git a/SDL_image-1.2.12+hg695.tar.xz b/SDL_image-1.2.12+hg695.tar.xz new file mode 100644 index 0000000..ce30f2e --- /dev/null +++ b/SDL_image-1.2.12+hg695.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3610a13328bac9fc641c4718ad298864552f9671d952742b884f61f3c7dffe24 +size 256176 diff --git a/SDL_image-1.2.12-repack.tar.bz2 b/SDL_image-1.2.12-repack.tar.bz2 deleted file mode 100644 index fc399a0..0000000 --- a/SDL_image-1.2.12-repack.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3942454c04f9dd3a73f27537ae6ffaaee3dbc58450af700149d3ba9fce1615d9 -size 303837 diff --git a/SDL_image.changes b/SDL_image.changes index 8ebf944..21c1200 100644 --- a/SDL_image.changes +++ b/SDL_image.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Aug 23 13:23:44 UTC 2019 - Jan Engelhardt + +- Update to new snapshot 1.2.12+hg695 + * Fixed TALOS-2019-0821 CVE-2019-5052 + * Fixed TALOS-2019-0841 CVE-2019-5057 boo#1143763 + * Fixed TALOS-2019-0842 CVE-2019-5058 boo#1143764 + * Fixed TALOS-2019-0843 CVE-2019-5059 boo#1143766 + * Fixed TALOS-2019-0844 CVE-2019-5060 boo#1143768 + * Fixed CVE-2019-7635 + * Fixed CVE-2019-13616 boo#1141844 +- Drop CVE-2019-13616.patch (merged) + ------------------------------------------------------------------- Thu Aug 22 19:51:00 UTC 2019 - Michael Gorse diff --git a/SDL_image.spec b/SDL_image.spec index 3de3329..758b4d6 100644 --- a/SDL_image.spec +++ b/SDL_image.spec @@ -18,21 +18,20 @@ Name: SDL_image %define lname libSDL_image-1_2-0 -Version: 1.2.12 +Version: 1.2.12+hg695 Release: 0 Summary: SDL image loading library License: LGPL-2.1-or-later Group: Development/Libraries/X11 -Url: http://libsdl.org/projects/SDL_image/release-1.2.html +URL: https://libsdl.org/projects/SDL_image/release-1.2.html -# removed VisualC.zip, VisualCE.zip, Watcom-OS2.zip, Xcode.tar.gz, Xcode_iPhone.tar.gz from upstream tarball [bnc#508084] -Source: %name-%version-repack.tar.bz2 +#Hg-Clone: http://hg.libsdl.org/SDL_image/ +Source: %name-%version.tar.xz Source3: baselibs.conf -Patch0: CVE-2019-13616.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libjpeg-devel BuildRequires: libtiff-devel BuildRequires: pkg-config +BuildRequires: xz BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(libwebp) BuildRequires: pkgconfig(sdl) @@ -66,8 +65,7 @@ surfaces. This library supports the BMP, PPM, PCX, GIF, JPEG, PNG, TIFF and WEBP formats. %prep -%setup -q -%patch0 -p1 +%autosetup -p1 %build %configure --disable-png-shared --disable-jpg-shared --disable-tif-shared \ @@ -82,12 +80,11 @@ rm -f "%buildroot/%_libdir"/*.la %postun -n %lname -p /sbin/ldconfig %files -n %lname -%defattr(-,root,root) -%doc CHANGES COPYING README +%license COPYING %_libdir/libSDL_image-1*.so.* %files -n libSDL_image-devel -%defattr(-,root,root) +%doc CHANGES README %_includedir/SDL/ %_libdir/libSDL_image.so %_libdir/pkgconfig/SDL_image.pc diff --git a/_service b/_service new file mode 100644 index 0000000..aa88a4d --- /dev/null +++ b/_service @@ -0,0 +1,17 @@ + + + hg + http://hg.libsdl.org/SDL_image/ + SDL-1.2 + 1.2.12+hg{rev} + + VisualC* + Xcode* + Watcom* + + + *.tar + xz + + + From 4d6e90675fcc38a56e02c3a447ee94d08b8ce0884753d393972e072c3a3f5f58 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 23 Aug 2019 13:45:00 +0000 Subject: [PATCH 3/3] trim spaces OBS-URL: https://build.opensuse.org/package/show/games/SDL_image?expand=0&rev=25 --- SDL_image.changes | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/SDL_image.changes b/SDL_image.changes index 21c1200..9b181eb 100644 --- a/SDL_image.changes +++ b/SDL_image.changes @@ -14,7 +14,7 @@ Fri Aug 23 13:23:44 UTC 2019 - Jan Engelhardt ------------------------------------------------------------------- Thu Aug 22 19:51:00 UTC 2019 - Michael Gorse -- Add CVE-2019-13616.patch: fix heap buffer overflow when reading +- Add CVE-2019-13616.patch: fix heap buffer overflow when reading a crafted bmp file (boo#1141844 CVE-2019-13616). ------------------------------------------------------------------- @@ -33,7 +33,7 @@ Tue Aug 13 12:04:26 UTC 2013 - jengelh@inai.de ------------------------------------------------------------------- Thu Jan 3 02:02:36 UTC 2013 - crrodriguez@opensuse.org -- Disable dynamic loading of common libraries, this +- Disable dynamic loading of common libraries, this is a bad idea to beging with. - Cleanup buildRequires. metpackage xorg-x11-devel is not required @@ -112,7 +112,7 @@ Tue May 19 15:42:59 CEST 2009 - prusnak@suse.cz Sat Feb 28 00:11:03 CET 2009 - crrodriguez@suse.de - remove static libraries and "la" files, useless without - SDL static libraries too. + SDL static libraries too. - fix -devel package dependencies. ------------------------------------------------------------------- @@ -134,7 +134,7 @@ Fri Jan 25 12:58:25 CET 2008 - prusnak@suse.cz ------------------------------------------------------------------- Sun Dec 16 21:40:05 CET 2007 - sndirsch@suse.de -- fixed BuildRequires for SUSE < 10.2 +- fixed BuildRequires for SUSE < 10.2 ------------------------------------------------------------------- Wed Jul 25 17:47:08 CEST 2007 - prusnak@suse.cz @@ -222,7 +222,7 @@ Tue Jun 11 15:50:33 CEST 2002 - meissner@suse.de ------------------------------------------------------------------- Fri May 10 15:43:04 CEST 2002 - ro@suse.de -- libdir fixed +- libdir fixed ------------------------------------------------------------------- Fri Feb 1 00:26:06 CET 2002 - ro@suse.de