Changes - j0ke.net Open Build Service

Changes of Revision 2

[-] [+]	Changed	SDL_image.spec
@@ -1,7 +1,7 @@ # # spec file for package SDL_image (Version 1.2.4) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -9,16 +9,18 @@ # # norootforbuild -# usedforbuild SDL SDL-devel aaa_base aalib aalib-devel acl alsa alsa-devel attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs expat file filesystem fillup findutils flex fontconfig fontconfig-devel gawk gcc gdbm gdbm-devel gettext gettext-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libjpeg libjpeg-devel libnscd libpng libpng-devel libstdc++ libstdc++-devel libtiff libtiff-devel libtool libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt procinfo procps psmisc pwdutils rcs readline resmgr rpm sed slang slang-devel strace sysvinit tar tcpd texinfo timezone unzip util-linux vim xorg-x11 xorg-x11-devel xorg-x11-libs zlib zlib-devel +# usedforbuild SDL SDL-devel aaa_base aalib aalib-devel acl alsa alsa-devel attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs expat file filesystem fillup findutils flex fontconfig fontconfig-devel gawk gcc gdbm gdbm-devel gettext gettext-devel glibc glibc-32bit glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libjpeg libjpeg-devel libmudflap libnscd libpng libpng-devel libstdc++ libstdc++-devel libtiff libtiff-devel libtool libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt procinfo procps psmisc pwdutils rcs readline resmgr rpm sed slang slang-devel strace sysvinit tar tcpd texinfo timezone unzip util-linux vim xorg-x11 xorg-x11-devel xorg-x11-libs zlib zlib-devel Name: SDL_image BuildRequires: SDL-devel libjpeg-devel libpng-devel libtiff-devel xorg-x11 -URL: http://www.libsdl.org/projects/SDL_image/ +Url: http://www.libsdl.org/projects/SDL_image/ Summary: Simple DirectMedia Layer--Sample Image Loading Library Version: 1.2.4 -Release: 16 +Release: 16.8 Source0: %{name}-%{version}.tar.bz2 -License: LGPL +Patch0: %{name}-%{version}-gif-overflow.patch +Patch1: %{name}-%{version}-lbm-overflow.patch +License: LGPL v2.1 or later Group: System/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-build Prefix: %{_prefix} @@ -54,6 +56,8 @@ %prep rm -rf ${RPM_BUILD_ROOT} %setup +%patch0 +%patch1 %build %{?suse_update_config:%{suse_update_config -f }} @@ -90,9 +94,14 @@ %{prefix}/include/SDL/ %{prefix}/%_lib/lib.so -%changelog -n SDL_image - Sun Sep 30 2007 Carsten Schoene <cs@linux-administrator.com> +%changelog +* Sat Feb 02 2008 Carsten Schoene <cs@linux-administrator.com> - import for SLE_10 build + +* Tue Jan 29 2008 - prusnak@suse.cz +- fix buffer overflow in LBM code (lbm-overflow.patch) [#355864] +* Fri Jan 25 2008 - prusnak@suse.cz +- fix buffer overflow in GIF code (gif-overflow.patch) [#355864] * Fri Mar 10 2006 - bk@suse.de - SDL_image-devel: add libstdc++, gcc and gpm to Requires (.la check) * Mon Jan 30 2006 - coolo@suse.de @@ -118,8 +127,8 @@ - changed neededforbuild <kdelibs-artsd> to <kdelibs3-artsd> * Tue Jan 08 2002 - nadvornik@suse.cz - updated to 1.2.1: -- added LBM format -- fixed transparent GIF and PNG + - added LBM format + - fixed transparent GIF and PNG * Wed Aug 08 2001 - uli@suse.de - fixed neededforbuild wrt SDL renaming * Wed Jun 20 2001 - nadvornik@suse.cz x 1 @@ -1,7 +1,7 @@ 2 # 3 # spec file for package SDL_image (Version 1.2.4) 4 # 5 -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. 6 +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. 7 # This file and all modifications and additions to the pristine 8 # package are under the same license as the package itself. 9 # 10 @@ -9,16 +9,18 @@ 11 # 12 13 # norootforbuild 14 -# usedforbuild SDL SDL-devel aaa_base aalib aalib-devel acl alsa alsa-devel attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs expat file filesystem fillup findutils flex fontconfig fontconfig-devel gawk gcc gdbm gdbm-devel gettext gettext-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libjpeg libjpeg-devel libnscd libpng libpng-devel libstdc++ libstdc++-devel libtiff libtiff-devel libtool libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt procinfo procps psmisc pwdutils rcs readline resmgr rpm sed slang slang-devel strace sysvinit tar tcpd texinfo timezone unzip util-linux vim xorg-x11 xorg-x11-devel xorg-x11-libs zlib zlib-devel 15 +# usedforbuild SDL SDL-devel aaa_base aalib aalib-devel acl alsa alsa-devel attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs expat file filesystem fillup findutils flex fontconfig fontconfig-devel gawk gcc gdbm gdbm-devel gettext gettext-devel glibc glibc-32bit glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libjpeg libjpeg-devel libmudflap libnscd libpng libpng-devel libstdc++ libstdc++-devel libtiff libtiff-devel libtool libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt procinfo procps psmisc pwdutils rcs readline resmgr rpm sed slang slang-devel strace sysvinit tar tcpd texinfo timezone unzip util-linux vim xorg-x11 xorg-x11-devel xorg-x11-libs zlib zlib-devel 16 17 Name: SDL_image 18 BuildRequires: SDL-devel libjpeg-devel libpng-devel libtiff-devel xorg-x11 19 -URL: http://www.libsdl.org/projects/SDL_image/ 20 +Url: http://www.libsdl.org/projects/SDL_image/ 21 Summary: Simple DirectMedia Layer--Sample Image Loading Library 22 Version: 1.2.4 23 -Release: 16 24 +Release: 16.8 25 Source0: %{name}-%{version}.tar.bz2 26 -License: LGPL 27 +Patch0: %{name}-%{version}-gif-overflow.patch 28 +Patch1: %{name}-%{version}-lbm-overflow.patch 29 +License: LGPL v2.1 or later 30 Group: System/Libraries 31 BuildRoot: %{_tmppath}/%{name}-%{version}-build 32 Prefix: %{_prefix} 33 @@ -54,6 +56,8 @@ 34 %prep 35 rm -rf ${RPM_BUILD_ROOT} 36 %setup 37 +%patch0 38 +%patch1 39 40 %build 41 %{?suse_update_config:%{suse_update_config -f }} 42 @@ -90,9 +94,14 @@ 43 %{prefix}/include/SDL/ 44 %{prefix}/%_lib/lib.so 45 46 -%changelog -n SDL_image 47 - Sun Sep 30 2007 Carsten Schoene <cs@linux-administrator.com> 48 +%changelog 49 +* Sat Feb 02 2008 Carsten Schoene <cs@linux-administrator.com> 50 - import for SLE_10 build 51 + 52 +* Tue Jan 29 2008 - prusnak@suse.cz 53 +- fix buffer overflow in LBM code (lbm-overflow.patch) [#355864] 54 +* Fri Jan 25 2008 - prusnak@suse.cz 55 +- fix buffer overflow in GIF code (gif-overflow.patch) [#355864] 56 * Fri Mar 10 2006 - bk@suse.de 57 - SDL_image-devel: add libstdc++, gcc and gpm to Requires (.la check) 58 * Mon Jan 30 2006 - coolo@suse.de 59 @@ -118,8 +127,8 @@ 60 - changed neededforbuild <kdelibs-artsd> to <kdelibs3-artsd> 61 * Tue Jan 08 2002 - nadvornik@suse.cz 62 - updated to 1.2.1: 63 -- added LBM format 64 -- fixed transparent GIF and PNG 65 + - added LBM format 66 + - fixed transparent GIF and PNG 67 * Wed Aug 08 2001 - uli@suse.de 68 - fixed neededforbuild wrt SDL renaming 69 * Wed Jun 20 2001 - nadvornik@suse.cz 70
[-] [+]	Added	SDL_image-1.2.4-gif-overflow.patch ^
@@ -0,0 +1,13 @@ +--- IMG_gif.c ++++ IMG_gif.c +@@ -418,6 +418,10 @@ + static int stack[(1 << (MAX_LWZ_BITS)) * 2], sp; + register int i; + ++ / Fixed buffer overflow found by Michael Skladnikiewicz */ ++ if (input_code_size > MAX_LWZ_BITS) ++ return -1; ++ + if (flag) { + set_code_size = input_code_size; + code_size = set_code_size + 1;
[-] [+]	Added	SDL_image-1.2.4-lbm-overflow.patch ^
@@ -0,0 +1,28 @@ +--- IMG_lbm.c ++++ IMG_lbm.c +@@ -28,6 +28,7 @@ + EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain + (http://www.multimania.com/mavati) in December 2003. + Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004. ++ Buffer overflow fix in RLE decompression by David Raulo in January 2008. + / + + #include <stdio.h> +@@ -328,7 +329,7 @@ + count ^= 0xFF; + count += 2; / now it */ + +- if ( !SDL_RWread( src, &color, 1, 1 ) ) ++ if ( ( count > remainingbytes ) \|\| !SDL_RWread( src, &color, 1, 1 ) ) + { + error="error reading BODY chunk"; + goto done; +@@ -339,7 +340,7 @@ + { + ++count; + +- if ( !SDL_RWread( src, ptr, count, 1 ) ) ++ if ( ( count > remainingbytes ) \|\| !SDL_RWread( src, ptr, count, 1 ) ) + { + error="error reading BODY chunk"; + goto done;