SDL_image: SDL_image-$(SDL_IMAGE_VERSION).tar.gz
$(EXTRACT_GZ)
patch -p0 < Patches/SDL_image.patch
+ patch -p0 < Patches/SDL_image-CVE-2006-4484.patch
.SDL_image: SDL_image .SDL .png .jpeg .tiff
(cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) CFLAGS="$(CFLAGS)" --enable-tif --disable-sdltest && make && make install)
--- /dev/null
+Common subdirectories: sdl-image1.2-1.2.5/debian and sdl-image1.2-1.2.5-fixed/debian
+diff -up sdl-image1.2-1.2.5/IMG_gif.c sdl-image1.2-1.2.5-fixed/IMG_gif.c
+--- sdl-image1.2-1.2.5/IMG_gif.c 2008-01-30 19:49:29.000000000 -0500
++++ sdl-image1.2-1.2.5-fixed/IMG_gif.c 2008-01-30 19:52:56.000000000 -0500
+@@ -418,6 +418,10 @@ LWZReadByte(SDL_RWops *src, int flag, in
+ static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
+ register int i;
+
++ /* Fixed buffer overflow found by Michael Skladnikiewicz */
++ if (input_code_size > MAX_LWZ_BITS)
++ return -1;
++
+ if (flag) {
+ set_code_size = input_code_size;
+ code_size = set_code_size + 1;