import SDL2-2.0.10-2.el8

2020-04-28 04:51:36 -04:00 · 2020-04-28 04:51:36 -04:00 · 5ac68fbc5c
parent e0dac68dda
commit 5ac68fbc5c
5 changed files with 58 additions and 5 deletions
--- a/.SDL2.metadata
+++ b/.SDL2.metadata
@ -1 +1 @@
-959ec6ded277821995d2e3cafd973f6ab9f48ab7 SOURCES/SDL2-2.0.8.tar.gz
+fb31312ea1d4b45db839796ae2336dfe3d5884e5 SOURCES/SDL2-2.0.10.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/SDL2-2.0.8.tar.gz
+SOURCES/SDL2-2.0.10.tar.gz
--- a/SOURCES/CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch
+++ b/SOURCES/CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch
@ -0,0 +1,22 @@
+From 85138c1ec673e05263ae666baf61f79384daf7e0 Mon Sep 17 00:00:00 2001
+From: Sam Lantinga <slouken@libsdl.org>
+Date: Tue, 30 Jul 2019 11:00:00 -0700
+Subject: Fixed bug 4538 - validate image size when loading BMP files
+
+
+diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
+index 0b68918cc..a06b0c94c 100644
+--- a/src/video/SDL_bmp.c
+++ b/src/video/SDL_bmp.c
+@@ -226,6 +226,11 @@ SDL_LoadBMP_RW(SDL_RWops * src, int freesrc)
+             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+         }
+     }
+    if (biWidth <= 0 || biHeight == 0) {
+        SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+        was_error = SDL_TRUE;
+        goto done;
+    }
+     if (biHeight < 0) {
+         topDown = SDL_TRUE;
+         biHeight = -biHeight;
--- a/SOURCES/SDL2-2.0.9-khrplatform.patch
+++ b/SOURCES/SDL2-2.0.9-khrplatform.patch
@ -0,0 +1,15 @@
+diff -up SDL2-2.0.9/include/SDL_opengl_glext.h.khrplatform SDL2-2.0.9/include/SDL_opengl_glext.h
+--- SDL2-2.0.9/include/SDL_opengl_glext.h.khrplatform	2019-02-15 20:22:39.173773779 -0500
+++ SDL2-2.0.9/include/SDL_opengl_glext.h	2019-02-15 20:22:58.176399330 -0500
+@@ -469,8 +469,9 @@ GLAPI void APIENTRY glBlendEquation (GLe
+ typedef long GLsizeiptr;
+ typedef long GLintptr;
+ #else
+-typedef ptrdiff_t GLsizeiptr;
+-typedef ptrdiff_t GLintptr;
+#include <KHR/khrplatform.h>
+typedef khronos_intptr_t GLintptr;
+typedef khronos_ssize_t GLsizeiptr;
+ #endif
+ #define GL_BUFFER_SIZE                    0x8764
+ #define GL_BUFFER_USAGE                   0x8765
--- a/SPECS/SDL2.spec
+++ b/SPECS/SDL2.spec
@ -1,6 +1,6 @@
 Name:           SDL2
-Version:        2.0.8
-Release:        7%{?dist}
+Version:        2.0.10
+Release:        2%{?dist}
 Summary:        Cross-platform multimedia library

 %if 0%{?fedora}
@ -13,7 +13,11 @@ Source0:        http://www.libsdl.org/release/%{name}-%{version}.tar.gz
 Source1:        SDL_config.h

 Patch0:         multilib.patch
+# ptrdiff_t is not the same as khronos defines on 32bit arches
+Patch1:         SDL2-2.0.9-khrplatform.patch
+Patch2:         CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch

+BuildRequires:	gcc
 BuildRequires:  alsa-lib-devel
 BuildRequires:  mesa-libGL-devel
 BuildRequires:  mesa-libGLU-devel
@ -80,7 +84,7 @@ Static libraries for SDL2.
 %prep
 %autosetup -p1
 # Compilation without ESD
-sed -i -e 's/.*AM_PATH_ESD.*//' configure.in
+sed -i -e 's/.*AM_PATH_ESD.*//' configure.ac
 sed -i -e 's/\r//g' TODO.txt README.txt WhatsNew.txt BUGS.txt COPYING.txt CREDITS.txt README-SDL.txt

 %build
@ -144,6 +148,18 @@ rm -vf %{buildroot}%{_libdir}/*.la
 %{_libdir}/lib*.a

 %changelog
+* Fri Nov 22 2019 Wim Taymans <wtaymans@redhat.com> - 2.0.10-2
+- Fix CVE-2019-13616 SDL: heap-based buffer overflow in SDL blit
+  functions in video/SDL_blit*.c
+- Resolves: rhbz#1756279
+
+* Tue Nov 12 2019 Wim Taymans <wtaymans@redhat.com> - 2.0.10-1
+- Update to 2.0.10
+- Resolves: rhbz#1751780
+
+* Fri Feb 15 2019 Tom Callaway <spot@fedoraproject.org> - 2.0.9-3
+- use khrplatform defines, not ptrdiff_t
+
 * Tue Aug 14 2018 Wim Taymans <wtaymans@redhat.com> - 2.0.8-7
 - Disable jack