Update sdl2-image to 2.0.3 to address vulnerabilities
ClosedPublic
Actions

Authored by kyrios123 on Mar 5 2018, 2:47 PM.

Details

Reviewers

JoshStrobl

Group Reviewers

Triage Team

Commits

R2878:59473a7475a2: Update sdl2-image to 2.0.3 to address vulnerabilities

Summary

Fixed a number of security issues: TALOS-2017-0488, TALOS-2017-0489, TALOS-2017-0490, TALOS-2017-0491, TALOS-2017-0497, TALOS-2017-0498, TALOS-2017-0499
Added a dependency on SDL 2.0.8
Added simple SVG image support based on Nano SVG
Fixed security vulnerability in XCF image loader
Added libpng save support for much smaller 8-bit images
Added JPG save support when built with jpeglib IMG_SaveJPG() and IMG_SaveJPG_RW()

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

Rebuild & play supertux against this version

Diff Detail

Repository

R2878 sdl2-image

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kyrios123 created this revision.Mar 5 2018, 2:47 PM

Herald added a reviewer: Triage Team. · View Herald TranscriptMar 5 2018, 2:47 PM

kyrios123 requested review of this revision.Mar 5 2018, 2:47 PM

kyrios123 added a project: Restricted Project.Mar 5 2018, 2:47 PM

Nuke blank line at eof

joebonrichie added a subscriber: joebonrichie.Mar 9 2018, 5:48 PM

joebonrichie added inline comments.

package.yml
20–21	Why is this patched out, this is resolved by `TALOS-2017-0394` but you don't mention that that this particular CVE is resolved?

@joebonrichie I don't think I need to mention anything because the CVE issue was flagged as resolved when the patch was initially applied, so in my understanding there is no need to indicate that an issue that was already addressed is fixed again.