From afe9db258c4e73adc76dfebeda12abe99bbb821e Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 21 2020 20:51:26 +0000
Subject: import SDL-1.2.15-37.el8


---

diff --git a/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch b/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch
new file mode 100644
index 0000000..13fa786
--- /dev/null
+++ b/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch
@@ -0,0 +1,23 @@
+changeset:   12960:ad1bbfbca760
+branch:      SDL-1.2
+parent:      12914:87d60cae0273
+user:        Ozkan Sezer <sezeroz@gmail.com>
+date:        Tue Jul 30 21:30:24 2019 +0300
+summary:     Fixed bug 4538 - validate image size when loading BMP files
+
+diff -r 87d60cae0273 -r ad1bbfbca760 src/video/SDL_bmp.c
+--- a/src/video/SDL_bmp.c	Tue Jun 18 23:31:40 2019 +0100
++++ b/src/video/SDL_bmp.c	Tue Jul 30 21:30:24 2019 +0300
+@@ -143,6 +143,11 @@
+ 	(void) biYPelsPerMeter;
+ 	(void) biClrImportant;
+ 
++	if (biWidth <= 0 || biHeight == 0) {
++		SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++		was_error = SDL_TRUE;
++		goto done;
++	}
+ 	if (biHeight < 0) {
+ 		topDown = SDL_TRUE;
+ 		biHeight = -biHeight;
+
diff --git a/SPECS/SDL.spec b/SPECS/SDL.spec
index 35c9a20..ec6dc68 100644
--- a/SPECS/SDL.spec
+++ b/SPECS/SDL.spec
@@ -10,7 +10,7 @@
 
 Name:       SDL
 Version:    1.2.15
-Release:    35%{?dist}
+Release:    37%{?dist}
 Summary:    A cross-platform multimedia library
 URL:        http://www.libsdl.org/
 # The license of the file src/video/fbcon/riva_mmio.h is bad, but the contents
@@ -46,6 +46,8 @@ Patch7:     SDL-1.2.15-vec_perm-ppc64le.patch
 Patch8:	    0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch
 #fixes for small errors
 Patch9:	    0001-fix-small-errors-detected-by-coverity.patch
+# upstream bug #4538, in upstream after 1.2.15
+Patch10:    SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch
 
 BuildRequires:  alsa-lib-devel
 %if %{with arts}
@@ -122,6 +124,8 @@ applications.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
+
 for F in CREDITS; do 
     iconv -f iso8859-1 -t utf-8 < "$F" > "${F}.utf"
     touch --reference "$F" "${F}.utf"
@@ -198,6 +202,14 @@ rm -f %{buildroot}%{_libdir}/*.la
 %{_libdir}/lib*.a
 
 %changelog
+* Thu Nov 21 2019 Wim Taymans <wtaymans@redhat.com> - 1.2.15-37
+- Rebuild
+- Resolves: rhbz#1756279
+
+* Fri Aug 30 2019 Petr Pisar <ppisar@redhat.com> - 1.2.15-36
+- Fix CVE-2019-13616 (a heap buffer over-read in BlitNtoN) (bug #1747237)
+- Resolves: rhbz#1756279
+
 * Mon May 27 2019 Wim Taymans <wtaymans@redhat.com> - 1.2.15-35
 - Rebuild after gating
 - Resolves: rhbz#1602687