From ee16a4849fc333fce631e273504db4674bb6757c2338021f3d938342102f5d45 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 23 Aug 2019 10:23:42 +0000
Subject: [PATCH 1/2] - Update to new upstream release 2.0.5

OBS-URL: https://build.opensuse.org/package/show/games/SDL2_image?expand=0&rev=27
---
 SDL2_image-2.0.4.tar.gz |  3 ---
 SDL2_image-2.0.5.tar.gz |  3 +++
 SDL2_image.changes      | 17 +++++++++++++++++
 SDL2_image.spec         | 22 ++++++++++------------
 4 files changed, 30 insertions(+), 15 deletions(-)
 delete mode 100644 SDL2_image-2.0.4.tar.gz
 create mode 100644 SDL2_image-2.0.5.tar.gz

diff --git a/SDL2_image-2.0.4.tar.gz b/SDL2_image-2.0.4.tar.gz
deleted file mode 100644
index 533db9e..0000000
--- a/SDL2_image-2.0.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e74ec49c2402eb242fbfa16f2f43a19582a74c2eabfbfb873f00d4250038ceac
-size 11682695
diff --git a/SDL2_image-2.0.5.tar.gz b/SDL2_image-2.0.5.tar.gz
new file mode 100644
index 0000000..7853a8f
--- /dev/null
+++ b/SDL2_image-2.0.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bdd5f6e026682f7d7e1be0b6051b209da2f402a2dd8bd1c4bd9c25ad263108d0
+size 11736518
diff --git a/SDL2_image.changes b/SDL2_image.changes
index f9a7f5a..59996ea 100644
--- a/SDL2_image.changes
+++ b/SDL2_image.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri Aug 23 09:53:45 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to new upstream release 2.0.5
+  * Fixed TALOS-2019-0820 CVE-2019-5051
+  * Fixed TALOS-2019-0821 CVE-2019-5052
+  * Fixed TALOS-2019-0841 CVE-2019-5057 boo#1143763
+  * Fixed TALOS-2019-0842 CVE-2019-5058 boo#1143764
+  * Fixed TALOS-2019-0843 CVE-2019-5059 boo#1143766
+  * Fixed TALOS-2019-0844 CVE-2019-5060 boo#1143768
+- Not mentioned by upstream, but issues seemingly further fixed:
+  * Fixed CVE-2019-12218 boo#1135789
+  * Fixed CVE-2019-12217 boo#1135787
+  * Fixed CVE-2019-12220 boo#1135806
+  * Fixed CVE-2019-12221 boo#1135796
+  * Fixed CVE-2019-12222 boo#1136101
+
 -------------------------------------------------------------------
 Wed Nov  7 20:56:03 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/SDL2_image.spec b/SDL2_image.spec
index 60a0114..73d70f2 100644
--- a/SDL2_image.spec
+++ b/SDL2_image.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package SDL2_image
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,15 +18,15 @@
 
 Name:           SDL2_image
 %define lname	libSDL2_image-2_0-0
-Version:        2.0.4
+Version:        2.0.5
 Release:        0
-Summary:        SDL2 image loading library
+Summary:        Simple DirectMedia Layer 2 image loading library
 License:        Zlib
 Group:          Development/Libraries/X11
-Url:            http://libsdl.org/projects/SDL_image/
+URL:            https://libsdl.org/projects/SDL_image/
 
 #Hg-Clone:	http://hg.libsdl.org/SDL_image/
-Source:         http://libsdl.org/projects/SDL_image/release/%name-%version.tar.gz
+Source:         https://libsdl.org/projects/SDL_image/release/%name-%version.tar.gz
 Source2:        baselibs.conf
 BuildRequires:  dos2unix
 BuildRequires:  libjpeg-devel
@@ -35,7 +35,6 @@ BuildRequires:  pkg-config
 BuildRequires:  pkgconfig(libpng)
 BuildRequires:  pkgconfig(libwebp)
 BuildRequires:  pkgconfig(sdl2) >= 2.0.8
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 This is a simple library to load images of various formats as SDL
@@ -43,7 +42,7 @@ surfaces. This library supports the BMP, PPM, PCX, GIF, JPEG, PNG,
 TIFF and WEBP formats.
 
 %package -n %lname
-Summary:        Simple DirectMedia Layer 2 – Image Loading Library
+Summary:        Simple DirectMedia Layer 2 image loading library
 Group:          System/Libraries
 Provides:       SDL2_image = %version-%release
 
@@ -64,7 +63,7 @@ surfaces. This library supports the BMP, PPM, PCX, GIF, JPEG, PNG,
 TIFF and WEBP formats.
 
 %prep
-%setup -q
+%autosetup -p1
 dos2unix *.txt
 rm -rf external
 
@@ -74,19 +73,18 @@ rm -rf external
 make %{?_smp_mflags}
 
 %install
-make install DESTDIR="%buildroot"
+%make_install
 rm -f "%buildroot/%_libdir"/*.la
 
 %post   -n %lname -p /sbin/ldconfig
 %postun -n %lname -p /sbin/ldconfig
 
 %files -n %lname
-%defattr(-,root,root)
-%doc CHANGES.txt COPYING.txt README.txt
+%license COPYING.txt
 %_libdir/libSDL2_image-2*.so.*
 
 %files -n libSDL2_image-devel
-%defattr(-,root,root)
+%doc CHANGES.txt README.txt
 %_includedir/SDL2/
 %_libdir/libSDL2_image.so
 %_libdir/pkgconfig/SDL2_image.pc

From 5f507c54b6a74e79f68731e8cfecd3a47193c254dde830eaef12b622b24b0356 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 23 Aug 2019 14:07:16 +0000
Subject: [PATCH 2/2] - Add CVE-2019-13616.patch: fix heap buffer overflow when
 reading   a crafted bmp file (boo#1141844 CVE-2019-13616).

OBS-URL: https://build.opensuse.org/package/show/games/SDL2_image?expand=0&rev=28
---
 CVE-2019-13616.patch | 15 +++++++++++++++
 SDL2_image.changes   |  6 ++++++
 SDL2_image.spec      |  1 +
 3 files changed, 22 insertions(+)
 create mode 100644 CVE-2019-13616.patch

diff --git a/CVE-2019-13616.patch b/CVE-2019-13616.patch
new file mode 100644
index 0000000..eb11b02
--- /dev/null
+++ b/CVE-2019-13616.patch
@@ -0,0 +1,15 @@
+diff -r f1baffa48926 -r ba45f00879ba IMG_bmp.c
+--- a/IMG_bmp.c	Tue Jul 30 10:16:02 2019 -0700
++++ b/IMG_bmp.c	Tue Jul 30 11:00:12 2019 -0700
+@@ -351,6 +351,11 @@
+             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+         }
+     }
++    if (biWidth <= 0 || biHeight == 0) {
++        IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++        was_error = SDL_TRUE;
++        goto done;
++    }
+     if (biHeight < 0) {
+         topDown = SDL_TRUE;
+         biHeight = -biHeight;
diff --git a/SDL2_image.changes b/SDL2_image.changes
index 59996ea..d2eed4f 100644
--- a/SDL2_image.changes
+++ b/SDL2_image.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 23 14:04:59 UTC 2019 - Michael Gorse <mgorse@suse.com>
+
+- Add CVE-2019-13616.patch: fix heap buffer overflow when reading
+  a crafted bmp file (boo#1141844 CVE-2019-13616).
+
 -------------------------------------------------------------------
 Fri Aug 23 09:53:45 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/SDL2_image.spec b/SDL2_image.spec
index 73d70f2..4ec81cf 100644
--- a/SDL2_image.spec
+++ b/SDL2_image.spec
@@ -28,6 +28,7 @@ URL:            https://libsdl.org/projects/SDL_image/
 #Hg-Clone:	http://hg.libsdl.org/SDL_image/
 Source:         https://libsdl.org/projects/SDL_image/release/%name-%version.tar.gz
 Source2:        baselibs.conf
+Patch1:         CVE-2019-13616.patch
 BuildRequires:  dos2unix
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtiff-devel