Update to 2.0.7

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
This commit is contained in:
Igor Gnatenko 2017-10-24 15:25:26 +02:00
parent 4bbbe7a82f
commit 3b995d2b63
7 changed files with 7 additions and 214 deletions

1
.gitignore vendored
View File

@ -5,3 +5,4 @@
/SDL2-2.0.4.tar.gz
/SDL2-2.0.5.tar.gz
/SDL2-2.0.6.tar.gz
/SDL2-2.0.7.tar.gz

View File

@ -1,49 +0,0 @@
# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1508191062 25200
# Mon Oct 16 14:57:42 2017 -0700
# Node ID 81a4950907a01359f2f9390875291eb3951e6c6b
# Parent 97bc026b46ded1ef28709d246130e66e81f1b513
Fixed bug 3890 - Incomplete fix for CVE-2017-2888
Felix Geyer
http://hg.libsdl.org/SDL/rev/7e0f1498ddb5 tries to fix CVE-2017-2888.
Unfortunately compilers may optimize the second condition "(size / surface->pitch) != surface->h" away.
See https://bugzilla.redhat.com/show_bug.cgi?id=1500623#c2
I've verified that this is also the case on Debian unstable (gcc 7.2).
diff -r 97bc026b46de -r 81a4950907a0 src/video/SDL_surface.c
--- a/src/video/SDL_surface.c Mon Oct 16 14:39:56 2017 -0700
+++ b/src/video/SDL_surface.c Mon Oct 16 14:57:42 2017 -0700
@@ -26,6 +26,10 @@
#include "SDL_RLEaccel_c.h"
#include "SDL_pixels_c.h"
+/* Check to make sure we can safely check multiplication of surface w and pitch and it won't overflow size_t */
+SDL_COMPILE_TIME_ASSERT(surface_size_assumptions,
+ sizeof(int) == sizeof(Sint32) && sizeof(size_t) >= sizeof(Sint32));
+
/* Public routines */
/*
@@ -91,15 +95,16 @@
/* Get the pixels */
if (surface->w && surface->h) {
- int size = (surface->h * surface->pitch);
- if (size < 0 || (size / surface->pitch) != surface->h) {
+ /* Assumptions checked in surface_size_assumptions assert above */
+ Sint64 size = ((Sint64)surface->h * surface->pitch);
+ if (size < 0 || size > SDL_MAX_SINT32) {
/* Overflow... */
SDL_FreeSurface(surface);
SDL_OutOfMemory();
return NULL;
}
- surface->pixels = SDL_malloc(size);
+ surface->pixels = SDL_malloc((size_t)size);
if (!surface->pixels) {
SDL_FreeSurface(surface);
SDL_OutOfMemory();

View File

@ -1,28 +0,0 @@
# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1507331870 25200
# Fri Oct 06 16:17:50 2017 -0700
# Node ID 7e0f1498ddb549a338a220534875529ef0ba55ce
# Parent dc7245e3d1f2ae032caa7776940af4aebe6afc05
Fixed potential overflow in surface allocation (thanks Yves!)
diff -r dc7245e3d1f2 -r 7e0f1498ddb5 src/video/SDL_surface.c
--- a/src/video/SDL_surface.c Thu Oct 05 09:37:28 2017 -0700
+++ b/src/video/SDL_surface.c Fri Oct 06 16:17:50 2017 -0700
@@ -80,7 +80,15 @@
/* Get the pixels */
if (surface->w && surface->h) {
- surface->pixels = SDL_malloc(surface->h * surface->pitch);
+ int size = (surface->h * surface->pitch);
+ if (size < 0 || (size / surface->pitch) != surface->h) {
+ /* Overflow... */
+ SDL_FreeSurface(surface);
+ SDL_OutOfMemory();
+ return NULL;
+ }
+
+ surface->pixels = SDL_malloc(size);
if (!surface->pixels) {
SDL_FreeSurface(surface);
SDL_OutOfMemory();

View File

@ -1,93 +0,0 @@
# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1508189996 25200
# Mon Oct 16 14:39:56 2017 -0700
# Node ID 97bc026b46ded1ef28709d246130e66e81f1b513
# Parent 2eaf345a2a301183f671cdb31852bee8196aaec8
Added min/max macros for the sized SDL datatypes
diff -r 2eaf345a2a30 -r 97bc026b46de include/SDL_stdinc.h
--- a/include/SDL_stdinc.h Sun Oct 15 21:21:19 2017 -0700
+++ b/include/SDL_stdinc.h Mon Oct 16 14:39:56 2017 -0700
@@ -146,35 +146,51 @@
/**
* \brief A signed 8-bit integer type.
*/
+#define SDL_MAX_SINT8 ((Sint8)0x7F) /* 127 */
+#define SDL_MIN_SINT8 ((Sint8)(~0x7F)) /* -128 */
typedef int8_t Sint8;
/**
* \brief An unsigned 8-bit integer type.
*/
+#define SDL_MAX_UINT8 ((Uint8)0xFF) /* 255 */
+#define SDL_MIN_UINT8 ((Uint8)0x00) /* 0 */
typedef uint8_t Uint8;
/**
* \brief A signed 16-bit integer type.
*/
+#define SDL_MAX_SINT16 ((Sint16)0x7FFF) /* 32767 */
+#define SDL_MIN_SINT16 ((Sint16)(~0x7FFF)) /* -32768 */
typedef int16_t Sint16;
/**
* \brief An unsigned 16-bit integer type.
*/
+#define SDL_MAX_UINT16 ((Uint16)0xFFFF) /* 65535 */
+#define SDL_MIN_UINT16 ((Uint16)0x0000) /* 0 */
typedef uint16_t Uint16;
/**
* \brief A signed 32-bit integer type.
*/
+#define SDL_MAX_SINT32 ((Sint32)0x7FFFFFFF) /* 2147483647 */
+#define SDL_MIN_SINT32 ((Sint32)(~0x7FFFFFFF)) /* -2147483648 */
typedef int32_t Sint32;
/**
* \brief An unsigned 32-bit integer type.
*/
+#define SDL_MAX_UINT32 ((Uint32)0xFFFFFFFFu) /* 4294967295 */
+#define SDL_MIN_UINT32 ((Uint32)0x00000000) /* 0 */
typedef uint32_t Uint32;
/**
* \brief A signed 64-bit integer type.
*/
+#define SDL_MAX_SINT64 ((Sint64)0x7FFFFFFFFFFFFFFFll) /* 9223372036854775807 */
+#define SDL_MIN_SINT64 ((Sint64)(~0x7FFFFFFFFFFFFFFFll)) /* -9223372036854775808 */
typedef int64_t Sint64;
/**
* \brief An unsigned 64-bit integer type.
*/
+#define SDL_MAX_UINT64 ((Uint64)0xFFFFFFFFFFFFFFFFull) /* 18446744073709551615 */
+#define SDL_MIN_UINT64 ((Uint64)(0x0000000000000000ull)) /* 0 */
typedef uint64_t Uint64;
/* @} *//* Basic data types */
diff -r 2eaf345a2a30 -r 97bc026b46de test/testplatform.c
--- a/test/testplatform.c Sun Oct 15 21:21:19 2017 -0700
+++ b/test/testplatform.c Mon Oct 16 14:39:56 2017 -0700
@@ -30,6 +30,26 @@
{
int error = 0;
+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_SINT8, SDL_MAX_SINT8 == 127);
+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_SINT8, SDL_MIN_SINT8 == -128);
+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_UINT8, SDL_MAX_UINT8 == 255);
+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_UINT8, SDL_MIN_UINT8 == 0);
+
+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_SINT16, SDL_MAX_SINT16 == 32767);
+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_SINT16, SDL_MIN_SINT16 == -32768);
+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_UINT16, SDL_MAX_UINT16 == 65535);
+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_UINT16, SDL_MIN_UINT16 == 0);
+
+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_SINT32, SDL_MAX_SINT32 == 2147483647);
+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_SINT32, SDL_MIN_SINT32 == ~0x7fffffff); /* Instead of -2147483648, which is treated as unsigned by some compilers */
+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_UINT32, SDL_MAX_UINT32 == 4294967295u);
+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_UINT32, SDL_MIN_UINT32 == 0);
+
+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_SINT64, SDL_MAX_SINT64 == 9223372036854775807ll);
+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_SINT64, SDL_MIN_SINT64 == ~0x7fffffffffffffffll); /* Instead of -9223372036854775808, which is treated as unsigned by compilers */
+ SDL_COMPILE_TIME_ASSERT(SDL_MAX_UINT64, SDL_MAX_UINT64 == 18446744073709551615ull);
+ SDL_COMPILE_TIME_ASSERT(SDL_MIN_UINT64, SDL_MIN_UINT64 == 0);
+
if (badsize(sizeof(Uint8), 1)) {
if (verbose)
SDL_Log("sizeof(Uint8) != 1, instead = %u\n",

View File

@ -1,30 +0,0 @@
# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1507221448 25200
# Thu Oct 05 09:37:28 2017 -0700
# Node ID dc7245e3d1f2ae032caa7776940af4aebe6afc05
# Parent 3a23ca10675256240c5da2e68c6dceacb8d41dde
Fixed bug 3854 - arguments to dbus_type_is_basic() were incorrect
Aaron
As of 2.0.6, all of my games are failing with the following error:
process 31778: arguments to dbus_type_is_basic() were incorrect, assertion "dbus_type_is_valid (typecode) || typecode == DBUS_TYPE_INVALID" failed in file dbus-signature.c line 322.
This is normally a bug in some application using the D-Bus library.
D-Bus not built with -rdynamic so unable to print a backtrace
(patch by Ozkan Sezer)
diff -r 3a23ca106752 -r dc7245e3d1f2 src/core/linux/SDL_ibus.c
--- a/src/core/linux/SDL_ibus.c Mon Oct 02 10:50:33 2017 -0700
+++ b/src/core/linux/SDL_ibus.c Thu Oct 05 09:37:28 2017 -0700
@@ -479,7 +479,7 @@
SDL_DBusContext *dbus = SDL_DBus_GetContext();
if (IBus_CheckConnection(dbus)) {
- SDL_DBus_CallVoidMethodOnConnection(ibus_conn, IBUS_SERVICE, input_ctx_path, IBUS_INPUT_INTERFACE, method);
+ SDL_DBus_CallVoidMethodOnConnection(ibus_conn, IBUS_SERVICE, input_ctx_path, IBUS_INPUT_INTERFACE, method, DBUS_TYPE_INVALID);
}
}

View File

@ -1,6 +1,6 @@
Name: SDL2
Version: 2.0.6
Release: 4%{?dist}
Version: 2.0.7
Release: 1%{?dist}
Summary: A cross-platform multimedia library
License: zlib and MIT
@ -9,17 +9,6 @@ Source0: http://www.libsdl.org/release/%{name}-%{version}.tar.gz
Source1: SDL_config.h
Patch0: multilib.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1496895
# https://bugzilla.libsdl.org/show_bug.cgi?id=3854
# https://hg.libsdl.org/SDL/rev/dc7245e3d1f2
Patch1: SDL2-2.0.6-invalid-dbus-args.patch
# https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
Patch2: SDL2-2.0.6-CVE-2017-2888.patch
# https://hg.libsdl.org/SDL/rev/97bc026b46de
# This is needed for next patch
Patch3: SDL2-2.0.6-add-min-max-datatypes.patch
# https://hg.libsdl.org/SDL/rev/81a4950907a0
Patch4: SDL2-2.0.6-CVE-2017-2888-2.patch
BuildRequires: alsa-lib-devel
BuildRequires: audiofile-devel
@ -136,6 +125,9 @@ rm -vf %{buildroot}%{_libdir}/*.la
%{_libdir}/lib*.a
%changelog
* Tue Oct 24 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.0.7-1
- Update to 2.0.7
* Thu Oct 19 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.0.6-4
- Fully fix last overflow

View File

@ -1 +1 @@
SHA512 (SDL2-2.0.6.tar.gz) = ad4dad5663834ee0ffbdca1b531d753449b260c9256df2c48da7261aacd9795d91eef1286525cf914f6b92ba5985de7798f041557574b5d978b8224f10041830
SHA512 (SDL2-2.0.7.tar.gz) = eed5477843086a0e66552eb197a5c4929134522bc366d873732361ea0df5fb841ef7e2b1913e21d1bae69e6fd3152ee630492e615c58cbe903e7d6e47b587410