Tue Dec 20 20:40:18 UTC 202220221220204018

d/p2c-2.02-x86_64-1.txz:  Upgraded.
kde/dolphin-22.12.0-x86_64-2.txz:  Rebuilt.
  [PATCH] Revert "portalize drag urls"
  Thanks to marav.
l/gst-plugins-bad-free-1.20.5-x86_64-1.txz:  Upgraded.
l/gst-plugins-base-1.20.5-x86_64-1.txz:  Upgraded.
l/gst-plugins-good-1.20.5-x86_64-1.txz:  Upgraded.
l/gst-plugins-libav-1.20.5-x86_64-1.txz:  Upgraded.
l/gstreamer-1.20.5-x86_64-1.txz:  Upgraded.
l/libqalculate-4.5.0-x86_64-1.txz:  Upgraded.
l/libvncserver-0.9.14-x86_64-1.txz:  Upgraded.
l/sdl-1.2.15-x86_64-14.txz:  Rebuilt.
  This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
  By crafting a malicious .BMP file, an attacker can cause the application
  using this library to crash, denial of service, or code execution.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-33657
  (* Security fix *)
n/gnupg2-2.2.41-x86_64-1.txz:  Upgraded.
n/libksba-1.6.3-x86_64-1.txz:  Upgraded.
  Fix another integer overflow in the CRL's signature parser.
  (* Security fix *)
x/libSM-1.2.4-x86_64-1.txz:  Upgraded.
x/xcb-util-0.4.1-x86_64-1.txz:  Upgraded.
x/xdriinfo-1.0.7-x86_64-1.txz:  Upgraded.

2 files changed, 38 insertions, 2 deletions

diff --git a/source/l/sdl/CVE-2021-33657.patch b/source/l/sdl/CVE-2021-33657.patch
new file mode 100644
index 000000000..3ceb96a17
--- /dev/null
+++ b/source/l/sdl/CVE-2021-33657.patch
@@ -0,0 +1,35 @@
+From d95c1a4bbd644baba748d341b03141e5f0481ae6 Mon Sep 17 00:00:00 2001
+From: Sam Lantinga <slouken@libsdl.org>
+Date: Tue, 30 Nov 2021 12:36:46 -0800
+Subject: [PATCH] Always create a full 256-entry map in case color values are
+ out of range
+
+Fixes https://github.com/libsdl-org/SDL/issues/5042
+
+Backport of CVE-2021-33657 fix from SDL2
+---
+ src/video/SDL_pixels.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c
+index 17f1a7199..d0973f217 100644
+--- a/src/video/SDL_pixels.c
++++ b/src/video/SDL_pixels.c
+@@ -477,7 +477,7 @@ static Uint8 *Map1to1(SDL_Palette *src, SDL_Palette *dst, int *identical)
+ 		}
+ 		*identical = 0;
+ 	}
+-	map = (Uint8 *)SDL_malloc(src->ncolors);
++	map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
+ 	if ( map == NULL ) {
+ 		SDL_OutOfMemory();
+ 		return(NULL);
+@@ -498,7 +498,7 @@ static Uint8 *Map1toN(SDL_PixelFormat *src, SDL_PixelFormat *dst)
+ 	SDL_Palette *pal = src->palette;
+ 
+ 	bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
+-	map = (Uint8 *)SDL_malloc(pal->ncolors*bpp);
++	map = (Uint8 *) SDL_calloc(256, bpp);
+ 	if ( map == NULL ) {
+ 		SDL_OutOfMemory();
+ 		return(NULL);
diff --git a/source/l/sdl/sdl.SlackBuild b/source/l/sdl/sdl.SlackBuild
index 4660aad86..6b1cfb4cf 100755
--- a/source/l/sdl/sdl.SlackBuild
+++ b/source/l/sdl/sdl.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2008, 2009, 2010, 2011, 2013, 2016, 2018, 2020  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2008, 2009, 2010, 2011, 2013, 2016, 2018, 2020, 2022  Patrick J. Volkerding, Sebeka, Minnesota, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -30,7 +30,7 @@ NET=${NET:-$(echo SDL_net-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev
 SOUND=${SOUND:-$(echo SDL_sound-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
 TTF=${TTF:-$(echo SDL_ttf-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
 
-BUILD=${BUILD:-13}
+BUILD=${BUILD:-14}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -84,6 +84,7 @@ find . \
 
 zcat $CWD/libsdl-1.2.15-resizing.patch.gz | patch -p1 --verbose || exit 1
 zcat $CWD/sdl-1.2.14-fix-mouse-clicking.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/CVE-2021-33657.patch.gz | patch -p1 --verbose || exit 1
 
 # We must use --disable-x11-shared or programs linked with SDL will
 # crash on machines that use the closed source nVidia drivers.