diff --git a/.gitignore b/.gitignore index a97a1d1..b163b05 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ /SDL2-2.0.4.tar.gz /SDL2-2.0.5.tar.gz /SDL2-2.0.6.tar.gz +/SDL2-2.0.7.tar.gz diff --git a/SDL2-2.0.6-CVE-2017-2888-2.patch b/SDL2-2.0.6-CVE-2017-2888-2.patch deleted file mode 100644 index a9d0f64..0000000 --- a/SDL2-2.0.6-CVE-2017-2888-2.patch +++ /dev/null @@ -1,49 +0,0 @@ -# HG changeset patch -# User Sam Lantinga -# Date 1508191062 25200 -# Mon Oct 16 14:57:42 2017 -0700 -# Node ID 81a4950907a01359f2f9390875291eb3951e6c6b -# Parent 97bc026b46ded1ef28709d246130e66e81f1b513 -Fixed bug 3890 - Incomplete fix for CVE-2017-2888 - -Felix Geyer - -http://hg.libsdl.org/SDL/rev/7e0f1498ddb5 tries to fix CVE-2017-2888. -Unfortunately compilers may optimize the second condition "(size / surface->pitch) != surface->h" away. -See https://bugzilla.redhat.com/show_bug.cgi?id=1500623#c2 -I've verified that this is also the case on Debian unstable (gcc 7.2). - -diff -r 97bc026b46de -r 81a4950907a0 src/video/SDL_surface.c ---- a/src/video/SDL_surface.c Mon Oct 16 14:39:56 2017 -0700 -+++ b/src/video/SDL_surface.c Mon Oct 16 14:57:42 2017 -0700 -@@ -26,6 +26,10 @@ - #include "SDL_RLEaccel_c.h" - #include "SDL_pixels_c.h" - -+/* Check to make sure we can safely check multiplication of surface w and pitch and it won't overflow size_t */ -+SDL_COMPILE_TIME_ASSERT(surface_size_assumptions, -+ sizeof(int) == sizeof(Sint32) && sizeof(size_t) >= sizeof(Sint32)); -+ - /* Public routines */ - - /* -@@ -91,15 +95,16 @@ - - /* Get the pixels */ - if (surface->w && surface->h) { -- int size = (surface->h * surface->pitch); -- if (size < 0 || (size / surface->pitch) != surface->h) { -+ /* Assumptions checked in surface_size_assumptions assert above */ -+ Sint64 size = ((Sint64)surface->h * surface->pitch); -+ if (size < 0 || size > SDL_MAX_SINT32) { - /* Overflow... */ - SDL_FreeSurface(surface); - SDL_OutOfMemory(); - return NULL; - } - -- surface->pixels = SDL_malloc(size); -+ surface->pixels = SDL_malloc((size_t)size); - if (!surface->pixels) { - SDL_FreeSurface(surface); - SDL_OutOfMemory(); diff --git a/SDL2-2.0.6-CVE-2017-2888.patch b/SDL2-2.0.6-CVE-2017-2888.patch deleted file mode 100644 index daa564c..0000000 --- a/SDL2-2.0.6-CVE-2017-2888.patch +++ /dev/null @@ -1,28 +0,0 @@ -# HG changeset patch -# User Sam Lantinga -# Date 1507331870 25200 -# Fri Oct 06 16:17:50 2017 -0700 -# Node ID 7e0f1498ddb549a338a220534875529ef0ba55ce -# Parent dc7245e3d1f2ae032caa7776940af4aebe6afc05 -Fixed potential overflow in surface allocation (thanks Yves!) - -diff -r dc7245e3d1f2 -r 7e0f1498ddb5 src/video/SDL_surface.c ---- a/src/video/SDL_surface.c Thu Oct 05 09:37:28 2017 -0700 -+++ b/src/video/SDL_surface.c Fri Oct 06 16:17:50 2017 -0700 -@@ -80,7 +80,15 @@ - - /* Get the pixels */ - if (surface->w && surface->h) { -- surface->pixels = SDL_malloc(surface->h * surface->pitch); -+ int size = (surface->h * surface->pitch); -+ if (size < 0 || (size / surface->pitch) != surface->h) { -+ /* Overflow... */ -+ SDL_FreeSurface(surface); -+ SDL_OutOfMemory(); -+ return NULL; -+ } -+ -+ surface->pixels = SDL_malloc(size); - if (!surface->pixels) { - SDL_FreeSurface(surface); - SDL_OutOfMemory(); diff --git a/SDL2-2.0.6-add-min-max-datatypes.patch b/SDL2-2.0.6-add-min-max-datatypes.patch deleted file mode 100644 index af97077..0000000 --- a/SDL2-2.0.6-add-min-max-datatypes.patch +++ /dev/null @@ -1,93 +0,0 @@ -# HG changeset patch -# User Sam Lantinga -# Date 1508189996 25200 -# Mon Oct 16 14:39:56 2017 -0700 -# Node ID 97bc026b46ded1ef28709d246130e66e81f1b513 -# Parent 2eaf345a2a301183f671cdb31852bee8196aaec8 -Added min/max macros for the sized SDL datatypes - -diff -r 2eaf345a2a30 -r 97bc026b46de include/SDL_stdinc.h ---- a/include/SDL_stdinc.h Sun Oct 15 21:21:19 2017 -0700 -+++ b/include/SDL_stdinc.h Mon Oct 16 14:39:56 2017 -0700 -@@ -146,35 +146,51 @@ - /** - * \brief A signed 8-bit integer type. - */ -+#define SDL_MAX_SINT8 ((Sint8)0x7F) /* 127 */ -+#define SDL_MIN_SINT8 ((Sint8)(~0x7F)) /* -128 */ - typedef int8_t Sint8; - /** - * \brief An unsigned 8-bit integer type. - */ -+#define SDL_MAX_UINT8 ((Uint8)0xFF) /* 255 */ -+#define SDL_MIN_UINT8 ((Uint8)0x00) /* 0 */ - typedef uint8_t Uint8; - /** - * \brief A signed 16-bit integer type. - */ -+#define SDL_MAX_SINT16 ((Sint16)0x7FFF) /* 32767 */ -+#define SDL_MIN_SINT16 ((Sint16)(~0x7FFF)) /* -32768 */ - typedef int16_t Sint16; - /** - * \brief An unsigned 16-bit integer type. - */ -+#define SDL_MAX_UINT16 ((Uint16)0xFFFF) /* 65535 */ -+#define SDL_MIN_UINT16 ((Uint16)0x0000) /* 0 */ - typedef uint16_t Uint16; - /** - * \brief A signed 32-bit integer type. - */ -+#define SDL_MAX_SINT32 ((Sint32)0x7FFFFFFF) /* 2147483647 */ -+#define SDL_MIN_SINT32 ((Sint32)(~0x7FFFFFFF)) /* -2147483648 */ - typedef int32_t Sint32; - /** - * \brief An unsigned 32-bit integer type. - */ -+#define SDL_MAX_UINT32 ((Uint32)0xFFFFFFFFu) /* 4294967295 */ -+#define SDL_MIN_UINT32 ((Uint32)0x00000000) /* 0 */ - typedef uint32_t Uint32; - - /** - * \brief A signed 64-bit integer type. - */ -+#define SDL_MAX_SINT64 ((Sint64)0x7FFFFFFFFFFFFFFFll) /* 9223372036854775807 */ -+#define SDL_MIN_SINT64 ((Sint64)(~0x7FFFFFFFFFFFFFFFll)) /* -9223372036854775808 */ - typedef int64_t Sint64; - /** - * \brief An unsigned 64-bit integer type. - */ -+#define SDL_MAX_UINT64 ((Uint64)0xFFFFFFFFFFFFFFFFull) /* 18446744073709551615 */ -+#define SDL_MIN_UINT64 ((Uint64)(0x0000000000000000ull)) /* 0 */ - typedef uint64_t Uint64; - - /* @} *//* Basic data types */ -diff -r 2eaf345a2a30 -r 97bc026b46de test/testplatform.c ---- a/test/testplatform.c Sun Oct 15 21:21:19 2017 -0700 -+++ b/test/testplatform.c Mon Oct 16 14:39:56 2017 -0700 -@@ -30,6 +30,26 @@ - { - int error = 0; - -+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_SINT8, SDL_MAX_SINT8 == 127); -+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_SINT8, SDL_MIN_SINT8 == -128); -+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_UINT8, SDL_MAX_UINT8 == 255); -+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_UINT8, SDL_MIN_UINT8 == 0); -+ -+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_SINT16, SDL_MAX_SINT16 == 32767); -+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_SINT16, SDL_MIN_SINT16 == -32768); -+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_UINT16, SDL_MAX_UINT16 == 65535); -+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_UINT16, SDL_MIN_UINT16 == 0); -+ -+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_SINT32, SDL_MAX_SINT32 == 2147483647); -+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_SINT32, SDL_MIN_SINT32 == ~0x7fffffff); /* Instead of -2147483648, which is treated as unsigned by some compilers */ -+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_UINT32, SDL_MAX_UINT32 == 4294967295u); -+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_UINT32, SDL_MIN_UINT32 == 0); -+ -+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_SINT64, SDL_MAX_SINT64 == 9223372036854775807ll); -+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_SINT64, SDL_MIN_SINT64 == ~0x7fffffffffffffffll); /* Instead of -9223372036854775808, which is treated as unsigned by compilers */ -+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_UINT64, SDL_MAX_UINT64 == 18446744073709551615ull); -+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_UINT64, SDL_MIN_UINT64 == 0); -+ - if (badsize(sizeof(Uint8), 1)) { - if (verbose) - SDL_Log("sizeof(Uint8) != 1, instead = %u\n", diff --git a/SDL2-2.0.6-invalid-dbus-args.patch b/SDL2-2.0.6-invalid-dbus-args.patch deleted file mode 100644 index 3073dcd..0000000 --- a/SDL2-2.0.6-invalid-dbus-args.patch +++ /dev/null @@ -1,30 +0,0 @@ -# HG changeset patch -# User Sam Lantinga -# Date 1507221448 25200 -# Thu Oct 05 09:37:28 2017 -0700 -# Node ID dc7245e3d1f2ae032caa7776940af4aebe6afc05 -# Parent 3a23ca10675256240c5da2e68c6dceacb8d41dde -Fixed bug 3854 - arguments to dbus_type_is_basic() were incorrect - -Aaron - -As of 2.0.6, all of my games are failing with the following error: - -process 31778: arguments to dbus_type_is_basic() were incorrect, assertion "dbus_type_is_valid (typecode) || typecode == DBUS_TYPE_INVALID" failed in file dbus-signature.c line 322. -This is normally a bug in some application using the D-Bus library. - D-Bus not built with -rdynamic so unable to print a backtrace - -(patch by Ozkan Sezer) - -diff -r 3a23ca106752 -r dc7245e3d1f2 src/core/linux/SDL_ibus.c ---- a/src/core/linux/SDL_ibus.c Mon Oct 02 10:50:33 2017 -0700 -+++ b/src/core/linux/SDL_ibus.c Thu Oct 05 09:37:28 2017 -0700 -@@ -479,7 +479,7 @@ - SDL_DBusContext *dbus = SDL_DBus_GetContext(); - - if (IBus_CheckConnection(dbus)) { -- SDL_DBus_CallVoidMethodOnConnection(ibus_conn, IBUS_SERVICE, input_ctx_path, IBUS_INPUT_INTERFACE, method); -+ SDL_DBus_CallVoidMethodOnConnection(ibus_conn, IBUS_SERVICE, input_ctx_path, IBUS_INPUT_INTERFACE, method, DBUS_TYPE_INVALID); - } - } - diff --git a/SDL2.spec b/SDL2.spec index bf5e473..88f188e 100644 --- a/SDL2.spec +++ b/SDL2.spec @@ -1,6 +1,6 @@ Name: SDL2 -Version: 2.0.6 -Release: 4%{?dist} +Version: 2.0.7 +Release: 1%{?dist} Summary: A cross-platform multimedia library License: zlib and MIT @@ -9,17 +9,6 @@ Source0: http://www.libsdl.org/release/%{name}-%{version}.tar.gz Source1: SDL_config.h Patch0: multilib.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1496895 -# https://bugzilla.libsdl.org/show_bug.cgi?id=3854 -# https://hg.libsdl.org/SDL/rev/dc7245e3d1f2 -Patch1: SDL2-2.0.6-invalid-dbus-args.patch -# https://hg.libsdl.org/SDL/rev/7e0f1498ddb5 -Patch2: SDL2-2.0.6-CVE-2017-2888.patch -# https://hg.libsdl.org/SDL/rev/97bc026b46de -# This is needed for next patch -Patch3: SDL2-2.0.6-add-min-max-datatypes.patch -# https://hg.libsdl.org/SDL/rev/81a4950907a0 -Patch4: SDL2-2.0.6-CVE-2017-2888-2.patch BuildRequires: alsa-lib-devel BuildRequires: audiofile-devel @@ -136,6 +125,9 @@ rm -vf %{buildroot}%{_libdir}/*.la %{_libdir}/lib*.a %changelog +* Tue Oct 24 2017 Igor Gnatenko - 2.0.7-1 +- Update to 2.0.7 + * Thu Oct 19 2017 Igor Gnatenko - 2.0.6-4 - Fully fix last overflow diff --git a/sources b/sources index 47709ab..b6d1644 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (SDL2-2.0.6.tar.gz) = ad4dad5663834ee0ffbdca1b531d753449b260c9256df2c48da7261aacd9795d91eef1286525cf914f6b92ba5985de7798f041557574b5d978b8224f10041830 +SHA512 (SDL2-2.0.7.tar.gz) = eed5477843086a0e66552eb197a5c4929134522bc366d873732361ea0df5fb841ef7e2b1913e21d1bae69e6fd3152ee630492e615c58cbe903e7d6e47b587410