Changes - j0ke.net Open Build Service

Changes of Revision 2

[-] [+]	Changed	SDL_image.spec
@@ -1,7 +1,7 @@ # # spec file for package SDL_image (Version 1.2.4) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -9,16 +9,18 @@ # # norootforbuild -# usedforbuild SDL SDL-devel aaa_base aalib aalib-devel acl alsa alsa-devel attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs expat file filesystem fillup findutils flex fontconfig fontconfig-devel gawk gcc gdbm gdbm-devel gettext gettext-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libjpeg libjpeg-devel libnscd libpng libpng-devel libstdc++ libstdc++-devel libtiff libtiff-devel libtool libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt procinfo procps psmisc pwdutils rcs readline resmgr rpm sed slang slang-devel strace sysvinit tar tcpd texinfo timezone unzip util-linux vim xorg-x11 xorg-x11-devel xorg-x11-libs zlib zlib-devel +# usedforbuild SDL SDL-devel aaa_base aalib aalib-devel acl alsa alsa-devel attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs expat file filesystem fillup findutils flex fontconfig fontconfig-devel gawk gcc gdbm gdbm-devel gettext gettext-devel glibc glibc-32bit glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libjpeg libjpeg-devel libmudflap libnscd libpng libpng-devel libstdc++ libstdc++-devel libtiff libtiff-devel libtool libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt procinfo procps psmisc pwdutils rcs readline resmgr rpm sed slang slang-devel strace sysvinit tar tcpd texinfo timezone unzip util-linux vim xorg-x11 xorg-x11-devel xorg-x11-libs zlib zlib-devel Name: SDL_image BuildRequires: SDL-devel libjpeg-devel libpng-devel libtiff-devel xorg-x11 -URL: http://www.libsdl.org/projects/SDL_image/ +Url: http://www.libsdl.org/projects/SDL_image/ Summary: Simple DirectMedia Layer--Sample Image Loading Library Version: 1.2.4 -Release: 16 +Release: 16.8 Source0: %{name}-%{version}.tar.bz2 -License: LGPL +Patch0: %{name}-%{version}-gif-overflow.patch +Patch1: %{name}-%{version}-lbm-overflow.patch +License: LGPL v2.1 or later Group: System/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-build Prefix: %{_prefix} @@ -54,6 +56,8 @@ %prep rm -rf ${RPM_BUILD_ROOT} %setup +%patch0 +%patch1 %build %{?suse_update_config:%{suse_update_config -f }} @@ -90,9 +94,14 @@ %{prefix}/include/SDL/ %{prefix}/%_lib/lib.so -%changelog -n SDL_image - Sun Sep 30 2007 Carsten Schoene <cs@linux-administrator.com> +%changelog +* Sat Feb 02 2008 Carsten Schoene <cs@linux-administrator.com> - import for SLE_10 build + +* Tue Jan 29 2008 - prusnak@suse.cz +- fix buffer overflow in LBM code (lbm-overflow.patch) [#355864] +* Fri Jan 25 2008 - prusnak@suse.cz +- fix buffer overflow in GIF code (gif-overflow.patch) [#355864] * Fri Mar 10 2006 - bk@suse.de - SDL_image-devel: add libstdc++, gcc and gpm to Requires (.la check) * Mon Jan 30 2006 - coolo@suse.de @@ -118,8 +127,8 @@ - changed neededforbuild <kdelibs-artsd> to <kdelibs3-artsd> * Tue Jan 08 2002 - nadvornik@suse.cz - updated to 1.2.1: -- added LBM format -- fixed transparent GIF and PNG + - added LBM format + - fixed transparent GIF and PNG * Wed Aug 08 2001 - uli@suse.de - fixed neededforbuild wrt SDL renaming * Wed Jun 20 2001 - nadvornik@suse.cz
[-] [+]	Added	SDL_image-1.2.4-gif-overflow.patch ^
@@ -0,0 +1,13 @@ +--- IMG_gif.c ++++ IMG_gif.c +@@ -418,6 +418,10 @@ + static int stack[(1 << (MAX_LWZ_BITS)) * 2], sp; + register int i; + ++ / Fixed buffer overflow found by Michael Skladnikiewicz */ ++ if (input_code_size > MAX_LWZ_BITS) ++ return -1; ++ + if (flag) { + set_code_size = input_code_size; + code_size = set_code_size + 1;
[-] [+]	Added	SDL_image-1.2.4-lbm-overflow.patch ^
@@ -0,0 +1,28 @@ +--- IMG_lbm.c ++++ IMG_lbm.c +@@ -28,6 +28,7 @@ + EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain + (http://www.multimania.com/mavati) in December 2003. + Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004. ++ Buffer overflow fix in RLE decompression by David Raulo in January 2008. + / + + #include <stdio.h> +@@ -328,7 +329,7 @@ + count ^= 0xFF; + count += 2; / now it */ + +- if ( !SDL_RWread( src, &color, 1, 1 ) ) ++ if ( ( count > remainingbytes ) \|\| !SDL_RWread( src, &color, 1, 1 ) ) + { + error="error reading BODY chunk"; + goto done; +@@ -339,7 +340,7 @@ + { + ++count; + +- if ( !SDL_RWread( src, ptr, count, 1 ) ) ++ if ( ( count > remainingbytes ) \|\| !SDL_RWread( src, ptr, count, 1 ) ) + { + error="error reading BODY chunk"; + goto done;