commit SDL for openSUSE:Factory

Sun, 10 Apr 2022 10:05:23 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package SDL for openSUSE:Factory checked in 
at 2022-04-10 19:05:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/SDL (Old)
 and      /work/SRC/openSUSE:Factory/.SDL.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "SDL"

Sun Apr 10 19:05:06 2022 rev:58 rq:967674 version:1.2.15

Changes:
--------
--- /work/SRC/openSUSE:Factory/SDL/SDL.changes  2022-04-08 00:28:01.102120508 
+0200
+++ /work/SRC/openSUSE:Factory/.SDL.new.1900/SDL.changes        2022-04-10 
19:05:07.670683318 +0200
@@ -1,0 +2,7 @@
+Tue Apr  5 18:42:36 UTC 2022 - Michael Gorse <mgo...@suse.com>
+
+- Add CVE-2021-33657.patch: always create a full 256-entry color
+  map in case color values are out of range (boo#1198001
+  CVE-2021-33657).
+
+-------------------------------------------------------------------

New:
----
  CVE-2021-33657.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ SDL.spec ++++++
--- /var/tmp/diff_new_pack.FKacVi/_old  2022-04-10 19:05:08.338675923 +0200
+++ /var/tmp/diff_new_pack.FKacVi/_new  2022-04-10 19:05:08.342675879 +0200
@@ -47,6 +47,7 @@
 Patch11:        CVE-2019-7636.patch
 Patch12:        CVE-2019-7637.patch
 Patch13:        CVE-2019-13616.patch
+Patch14:        CVE-2021-33657.patch
 BuildRequires:  autoconf
 BuildRequires:  nasm
 BuildRequires:  pkg-config

++++++ CVE-2021-33657.patch ++++++
>From 8c91cf7dba5193f5ce12d06db1336515851c9ee9 Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slou...@libsdl.org>
Date: Tue, 30 Nov 2021 12:36:46 -0800
Subject: [PATCH] Always create a full 256-entry map in case color values are
 out of range

Fixes https://github.com/libsdl-org/SDL/issues/5042

Backported by Mike Gorse <mgo...@suse.com>
---
diff -urp SDL-1.2.15.orig/src/video/SDL_pixels.c 
SDL-1.2.15/src/video/SDL_pixels.c
--- SDL-1.2.15.orig/src/video/SDL_pixels.c      2022-04-04 16:32:20.087032208 
-0500
+++ SDL-1.2.15/src/video/SDL_pixels.c   2022-04-04 16:44:41.758947832 -0500
@@ -479,7 +479,7 @@ static Uint8 *Map1to1(SDL_Palette *src,
                }
                *identical = 0;
        }
-       map = (Uint8 *)SDL_malloc(src->ncolors);
+    map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
        if ( map == NULL ) {
                SDL_OutOfMemory();
                return(NULL);
@@ -500,7 +500,7 @@ static Uint8 *Map1toN(SDL_PixelFormat *s
        SDL_Palette *pal = src->palette;
 
        bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
-       map = (Uint8 *)SDL_malloc(pal->ncolors*bpp);
+       map = (Uint8 *) SDL_calloc(256, bpp);
        if ( map == NULL ) {
                SDL_OutOfMemory();
                return(NULL);

Reply via email to