Date: Mon, 24 Nov 2008 12:47:17 +0100 (CET) From: Marcus von Appen <mva@sysfault.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/129128: [Maintainer-update] graphics/sdl_image: update to 1.2.7 Message-ID: <200811241147.mAOBlHt1038804@medusa.sysfault.org> Resent-Message-ID: <200811241150.mAOBo4f7062168@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129128 >Category: ports >Synopsis: [Maintainer-update] graphics/sdl_image: update to 1.2.7 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Nov 24 11:50:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Marcus von Appen >Release: FreeBSD 7.1-PRERELEASE i386 >Organization: >Environment: System: FreeBSD medusa.sysfault.org 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #3: Sat Nov 22 19:19:14 CET 2008 >Description: - Update to 1.2.7 - This fixes a buffer overflow in the BMP loading code (earlier fixes (LBM, GIF were already incorporated in the 1.2.6 patches) Removed file(s): - files/patch-IMG_gif.c - files/patch-IMG_lbm.c Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- sdl_image-1.2.7.patch begins here --- diff -ruN --exclude=CVS /usr/ports/graphics/sdl_image/Makefile /usr/ports/graphics/sdl_image.new/Makefile --- /usr/ports/graphics/sdl_image/Makefile 2008-08-21 08:17:23.000000000 +0200 +++ /usr/ports/graphics/sdl_image.new/Makefile 2008-11-24 12:44:53.000000000 +0100 @@ -6,8 +6,7 @@ # PORTNAME= sdl_image -PORTVERSION= 1.2.6 -PORTREVISION= 1 +PORTVERSION= 1.2.7 CATEGORIES= graphics MASTER_SITES= http://www.libsdl.org/projects/SDL_image/release/ DISTNAME= SDL_image-${PORTVERSION} diff -ruN --exclude=CVS /usr/ports/graphics/sdl_image/distinfo /usr/ports/graphics/sdl_image.new/distinfo --- /usr/ports/graphics/sdl_image/distinfo 2008-03-13 15:05:28.000000000 +0100 +++ /usr/ports/graphics/sdl_image.new/distinfo 2008-11-24 12:41:51.000000000 +0100 @@ -1,3 +1,3 @@ -MD5 (SDL_image-1.2.6.tar.gz) = b866dc4f647517bdaf57f6ffdefd013e -SHA256 (SDL_image-1.2.6.tar.gz) = 88fcb1dbf934af33163667a6677312065c7d0a7f01cd764e3374c4c19b386ec4 -SIZE (SDL_image-1.2.6.tar.gz) = 1308812 +MD5 (SDL_image-1.2.7.tar.gz) = a729ff61f74f0a45ec7fe36354cf938e +SHA256 (SDL_image-1.2.7.tar.gz) = 14e4d9932ae2af03d814cca9e56ab9ba0091ffe06c9387dde74dfb03a4dde3b3 +SIZE (SDL_image-1.2.7.tar.gz) = 1315517 diff -ruN --exclude=CVS /usr/ports/graphics/sdl_image/files/patch-IMG_gif.c /usr/ports/graphics/sdl_image.new/files/patch-IMG_gif.c --- /usr/ports/graphics/sdl_image/files/patch-IMG_gif.c 2008-05-02 22:06:59.000000000 +0200 +++ /usr/ports/graphics/sdl_image.new/files/patch-IMG_gif.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,13 +0,0 @@ ---- IMG_gif.c 2007/02/13 10:09:17 2970 -+++ IMG_gif.c 2007/12/28 16:43:56 3462 -@@ -418,6 +418,10 @@ - static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp; - register int i; - -+ /* Fixed buffer overflow found by Michael Skladnikiewicz */ -+ if (input_code_size > MAX_LWZ_BITS) -+ return -1; -+ - if (flag) { - set_code_size = input_code_size; - code_size = set_code_size + 1; diff -ruN --exclude=CVS /usr/ports/graphics/sdl_image/files/patch-IMG_lbm.c /usr/ports/graphics/sdl_image.new/files/patch-IMG_lbm.c --- /usr/ports/graphics/sdl_image/files/patch-IMG_lbm.c 2008-05-02 22:06:59.000000000 +0200 +++ /usr/ports/graphics/sdl_image.new/files/patch-IMG_lbm.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,28 +0,0 @@ ---- IMG_lbm.c 2007/07/20 04:37:11 3341 -+++ IMG_lbm.c 2008/01/03 20:05:34 3521 -@@ -28,6 +28,7 @@ - EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain - (http://www.multimania.com/mavati) in December 2003. - Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004. -+ Buffer overflow fix in RLE decompression by David Raulo in January 2008. - */ - - #include <stdio.h> -@@ -328,7 +329,7 @@ - count ^= 0xFF; - count += 2; /* now it */ - -- if ( !SDL_RWread( src, &color, 1, 1 ) ) -+ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) ) - { - error="error reading BODY chunk"; - goto done; -@@ -339,7 +340,7 @@ - { - ++count; - -- if ( !SDL_RWread( src, ptr, count, 1 ) ) -+ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) ) - { - error="error reading BODY chunk"; - goto done; --- sdl_image-1.2.7.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811241147.mAOBlHt1038804>