Page Menu
Home
Solus
Search
Configure Global Search
Log In
Files
F10803598
D1196.id4578.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Referenced Files
None
Subscribers
None
D1196.id4578.diff
View Options
diff --git a/files/security/cve-2017-2887.patch b/files/security/cve-2017-2887.patch
new file mode 100644
--- /dev/null
+++ b/files/security/cve-2017-2887.patch
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Sam Lantinga <slouken@libsdl.org>
+# Date 1507329619 25200
+# Fri Oct 06 15:40:19 2017 -0700
+# Node ID 318484db0705d07d4d1f4c0a1d3d5ea69f6ba2b0
+# Parent 7ad06019831d474380fd5a63e518d21219031519
+Fixed security vulnerability in XCF image loader (thanks Yves!)
+
+diff -r 7ad06019831d -r 318484db0705 IMG_xcf.c
+--- a/IMG_xcf.c Mon Sep 18 16:10:17 2017 -0700
++++ b/IMG_xcf.c Fri Oct 06 15:40:19 2017 -0700
+@@ -251,6 +251,7 @@
+ }
+
+ static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
++ Uint32 len;
+ prop->id = SDL_ReadBE32 (src);
+ prop->length = SDL_ReadBE32 (src);
+
+@@ -274,7 +275,12 @@
+ break;
+ case PROP_COMPRESSION:
+ case PROP_COLOR:
+- SDL_RWread (src, &prop->data, prop->length, 1);
++ if (prop->length > sizeof(prop->data)) {
++ len = sizeof(prop->data);
++ } else {
++ len = prop->length;
++ }
++ SDL_RWread(src, &prop->data, len, 1);
+ break;
+ case PROP_VISIBLE:
+ prop->data.visible = SDL_ReadBE32 (src);
diff --git a/package.yml b/package.yml
--- a/package.yml
+++ b/package.yml
@@ -1,6 +1,6 @@
name : sdl2-image
version : 2.0.1
-release : 4
+release : 5
source :
- https://www.libsdl.org/projects/SDL_image/release/SDL2_image-2.0.1.tar.gz : 3a3eafbceea5125c04be585373bfd8b3a18f259bd7eae3efc4e6d8e60e0d7f64
license : Zlib
@@ -8,24 +8,17 @@
summary : SDL_image is an image file loading library.
description: |
SDL_image is an image file loading library.
+emul32 : yes
+optimize : speed
builddeps :
- - pkgconfig(libpng)
- pkgconfig32(libpng)
- - pkgconfig32(zlib)
- - pkgconfig(libtiff-4)
- pkgconfig32(libtiff-4)
- - libjpeg-turbo-devel
- - libjpeg-turbo-32bit-devel
- - pkgconfig(libwebp)
- pkgconfig32(libwebp)
- - pkgconfig(sdl2)
- pkgconfig32(sdl2)
- - glibc-32bit-devel
- - libgcc-32bit
- - libstdc++-32bit
-emul32 : yes
-optimize : speed
+ - pkgconfig32(zlib)
+ - libjpeg-turbo-32bit-devel
setup : |
+ %patch -p1 < $pkgfiles/security/cve-2017-2887.patch
%configure --disable-static --prefix=/usr
build : |
%make
diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml
--- a/pspec_x86_64.xml
+++ b/pspec_x86_64.xml
@@ -2,8 +2,8 @@
<Source>
<Name>sdl2-image</Name>
<Packager>
- <Name>Ikey Doherty</Name>
- <Email>ikey@solus-project.com</Email>
+ <Name>Pierre-Yves</Name>
+ <Email>pyu@riseup.net</Email>
</Packager>
<License>Zlib</License>
<PartOf>multimedia.library</PartOf>
@@ -29,7 +29,7 @@
</Description>
<PartOf>emul32</PartOf>
<RuntimeDependencies>
- <Dependency release="3">sdl2-image</Dependency>
+ <Dependency release="5">sdl2-image</Dependency>
</RuntimeDependencies>
<Files>
<Path fileType="library">/usr/lib32/lib*.so.*</Path>
@@ -42,8 +42,8 @@
</Description>
<PartOf>programming.devel</PartOf>
<RuntimeDependencies>
- <Dependency release="3">sdl2-image-32bit</Dependency>
- <Dependency release="3">sdl2-image-devel</Dependency>
+ <Dependency release="5">sdl2-image-32bit</Dependency>
+ <Dependency release="5">sdl2-image-devel</Dependency>
</RuntimeDependencies>
<Files>
<Path fileType="library">/usr/lib32/lib*.so</Path>
@@ -57,7 +57,7 @@
</Description>
<PartOf>programming.devel</PartOf>
<RuntimeDependencies>
- <Dependency release="3">sdl2-image</Dependency>
+ <Dependency release="5">sdl2-image</Dependency>
</RuntimeDependencies>
<Files>
<Path fileType="header">/usr/include/</Path>
@@ -66,12 +66,12 @@
</Files>
</Package>
<History>
- <Update release="3">
- <Date>2016-08-12</Date>
+ <Update release="5">
+ <Date>2017-10-11</Date>
<Version>2.0.1</Version>
<Comment>Packaging update</Comment>
- <Name>Ikey Doherty</Name>
- <Email>ikey@solus-project.com</Email>
+ <Name>Pierre-Yves</Name>
+ <Email>pyu@riseup.net</Email>
</Update>
</History>
</PISI>
\ No newline at end of file
File Metadata
Details
Attached
Mime Type
text/plain
Expires
May 30 2023, 12:40 PM (10 w, 3 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5818583
Default Alt Text
D1196.id4578.diff (4 KB)
Attached To
Mode
D1196: Address CVE-2017-2887 in sdl2-image
Attached
Detach File
Event Timeline
Log In to Comment