NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sdl2: security bump to version 2.0.7

Browse Source 
Fixes CVE-2017-2888 - An exploitable integer overflow vulnerability exists
when creating a new RGB Surface in SDL 2.0.5.  A specially crafted file can
cause an integer overflow resulting in too little memory being allocated
which can lead to a buffer overflow and potential code execution.  An
attacker can provide a specially crafted image file to trigger this
vulnerability.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2017-10-26 14:18:43 +02:00
parent 3a798acf23
commit 07a9f0200c
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/sdl2/sdl2.hash
View File

@ -1,2 +1,4 @@
# Locally calculated after checking http://www.libsdl.org/release/SDL2-2.0.6.tar.gz.sig # Locally calculated after checking http://www.libsdl.org/release/SDL2-2.0.7.tar.gz.sig
sha256 03658b5660d16d7b31263a691e058ed37acdab155d68dabbad79998fb552c5df SDL2-2.0.6.tar.gz sha256 ee35c74c4313e2eda104b14b1b86f7db84a04eeab9430d56e001cea268bf4d5e SDL2-2.0.7.tar.gz
# Locally calculated
sha256 bbd2edb1789c33de29bb9f8d1dbe2774584a9ce8c4e3162944b7a3a447f5e85d COPYING.txt

2
package/sdl2/sdl2.mk
View File

@ -4,7 +4,7 @@
# #
################################################################################ ################################################################################
SDL2_VERSION = 2.0.6 SDL2_VERSION = 2.0.7
SDL2_SOURCE = SDL2-$(SDL2_VERSION).tar.gz SDL2_SOURCE = SDL2-$(SDL2_VERSION).tar.gz
SDL2_SITE = http://www.libsdl.org/release SDL2_SITE = http://www.libsdl.org/release
SDL2_LICENSE = Zlib SDL2_LICENSE = Zlib