rpms/SDL_image/devel SDL_image-buffer-overflow.patch, NONE, 1.1 SDL_image.spec, 1.14, 1.15
Brian Pepple (bpepple)
fedora-extras-commits at redhat.com
Fri Jan 25 14:50:06 UTC 2008
Author: bpepple
Update of /cvs/pkgs/rpms/SDL_image/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5061
Modified Files:
SDL_image.spec
Added Files:
SDL_image-buffer-overflow.patch
Log Message:
* Thu Jan 24 2008 Brian Pepple <bpepple at fedoraproject.org> - 1.2.6-4
- Add patch to fix buffer-overflow. (#430238)
SDL_image-buffer-overflow.patch:
--- NEW FILE SDL_image-buffer-overflow.patch ---
--- trunk/SDL_image/IMG_gif.c 2007/12/28 08:17:23 3461
+++ trunk/SDL_image/IMG_gif.c 2007/12/28 16:43:56 3462
@@ -418,6 +418,10 @@
static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
register int i;
+ /* Fixed buffer overflow found by Michael Skladnikiewicz */
+ if (input_code_size > MAX_LWZ_BITS)
+ return -1;
+
if (flag) {
set_code_size = input_code_size;
code_size = set_code_size + 1;
Index: SDL_image.spec
===================================================================
RCS file: /cvs/pkgs/rpms/SDL_image/devel/SDL_image.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- SDL_image.spec 21 Aug 2007 17:27:51 -0000 1.14
+++ SDL_image.spec 25 Jan 2008 14:49:23 -0000 1.15
@@ -1,12 +1,13 @@
Name: SDL_image
Version: 1.2.6
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Image loading library for SDL
Group: System Environment/Libraries
License: LGPLv2+
URL: http://www.libsdl.org/projects/SDL_image/
Source0: http://www.libsdl.org/projects/%{name}/release/%{name}-%{version}.tar.gz
+Patch0: %{name}-buffer-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: SDL-devel >= 1.2.10
@@ -36,7 +37,7 @@
%prep
%setup -q
-
+%patch0 -p2 -b .overflow
%build
# XCF support is crashy in 1.2.4
@@ -82,6 +83,9 @@
%changelog
+* Thu Jan 24 2008 Brian Pepple <bpepple at fedoraproject.org> - 1.2.6-4
+- Add patch to fix buffer-overflow. (#430238)
+
* Tue Aug 21 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.6-3
- Rebuild.
More information about the fedora-extras-commits
mailing list