packages/SDL2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!25 [sync] PR-21: Upgrade SDL2 to 2.0.12 and fix CVE-2020-14409,CVE-2020-14410

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2022-04-12 12:09:43 +00:00 committed by Gitee
commit 4b858bec43
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
8 changed files with 147 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
CVE-2019-13616.patch
View File

@ -1,23 +0,0 @@
# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1564509600 25200
# Node ID e7ba650a643ad88dd8545511a18af1c9dcdfa2da
# Parent b810b78d32cc41a2384d0f14746ae889d443ffa7
Fixed bug 4538 - validate image size when loading BMP files
diff -r b810b78d32cc -r e7ba650a643a src/video/SDL_bmp.c
--- a/src/video/SDL_bmp.c Thu Jul 25 08:05:13 2019 -0500
+++ b/src/video/SDL_bmp.c Tue Jul 30 11:00:00 2019 -0700
@@ -226,6 +226,11 @@
SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
}
}
+ if (biWidth <= 0 || biHeight == 0) {
+ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+ was_error = SDL_TRUE;
+ goto done;
+ }
if (biHeight < 0) {
topDown = SDL_TRUE;
biHeight = -biHeight;

73
CVE-2020-14409_CVE-2020-14410.patch Normal file
View File

@ -0,0 +1,73 @@
From a7ff6e96155f550a5597621ebeddd03c98aa9294 Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Wed, 17 Jun 2020 08:44:45 -0700
Subject: [PATCH] Fixed overflow in surface pitch calculation
---
src/video/SDL_surface.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/src/video/SDL_surface.c b/src/video/SDL_surface.c
index 085d9ff1e17..bff826f7cc6 100644
--- a/src/video/SDL_surface.c
+++ b/src/video/SDL_surface.c
@@ -28,24 +28,23 @@
#include "SDL_yuv_c.h"
-/* Check to make sure we can safely check multiplication of surface w and pitch and it won't overflow size_t */
-SDL_COMPILE_TIME_ASSERT(surface_size_assumptions,
- sizeof(int) == sizeof(Sint32) && sizeof(size_t) >= sizeof(Sint32));
+/* Check to make sure we can safely check multiplication of surface w and pitch and it won't overflow Sint64 */
+SDL_COMPILE_TIME_ASSERT(surface_size_assumptions, sizeof(int) == sizeof(Sint32));
/* Public routines */
/*
* Calculate the pad-aligned scanline width of a surface
*/
-static int
+static Sint64
SDL_CalculatePitch(Uint32 format, int width)
{
- int pitch;
+ Sint64 pitch;
if (SDL_ISPIXELFORMAT_FOURCC(format) || SDL_BITSPERPIXEL(format) >= 8) {
- pitch = (width * SDL_BYTESPERPIXEL(format));
+ pitch = ((Sint64)width * SDL_BYTESPERPIXEL(format));
} else {
- pitch = ((width * SDL_BITSPERPIXEL(format)) + 7) / 8;
+ pitch = (((Sint64)width * SDL_BITSPERPIXEL(format)) + 7) / 8;
}
pitch = (pitch + 3) & ~3; /* 4-byte aligning for speed */
return pitch;
@@ -59,11 +58,19 @@ SDL_Surface *
SDL_CreateRGBSurfaceWithFormat(Uint32 flags, int width, int height, int depth,
Uint32 format)
{
+ Sint64 pitch;
SDL_Surface *surface;
/* The flags are no longer used, make the compiler happy */
(void)flags;
+ pitch = SDL_CalculatePitch(format, width);
+ if (pitch < 0 || pitch > SDL_MAX_SINT32) {
+ /* Overflow... */
+ SDL_OutOfMemory();
+ return NULL;
+ }
+
/* Allocate the surface */
surface = (SDL_Surface *) SDL_calloc(1, sizeof(*surface));
if (surface == NULL) {
@@ -78,7 +85,7 @@ SDL_CreateRGBSurfaceWithFormat(Uint32 flags, int width, int height, int depth,
}
surface->w = width;
surface->h = height;
- surface->pitch = SDL_CalculatePitch(format, width);
+ surface->pitch = (int)pitch;
SDL_SetClipRect(surface, NULL);
if (SDL_ISPIXELFORMAT_INDEXED(surface->format->format)) {

42
Fix-build-against-wayland-1.20.patch Normal file
View File

@ -0,0 +1,42 @@
From 068c13b1cac4fead98a458b70ef482ddc8205358 Mon Sep 17 00:00:00 2001
From: David Redondo <kde@david-redondo.de>
Date: Fri, 10 Dec 2021 16:22:34 +0100
Subject: [PATCH] Fix build against wayland 1.20
Fixes #5088
---
src/video/wayland/SDL_waylanddyn.h | 2 ++
src/video/wayland/SDL_waylandsym.h | 4 ++++
2 files changed, 6 insertions(+)
diff --git a/src/video/wayland/SDL_waylanddyn.h b/src/video/wayland/SDL_waylanddyn.h
index 485a9c1..8ab0505 100644
--- a/src/video/wayland/SDL_waylanddyn.h
+++ b/src/video/wayland/SDL_waylanddyn.h
@@ -78,6 +78,8 @@ void SDL_WAYLAND_UnloadSymbols(void);
#define wl_proxy_set_user_data (*WAYLAND_wl_proxy_set_user_data)
#define wl_proxy_get_user_data (*WAYLAND_wl_proxy_get_user_data)
#define wl_proxy_get_version (*WAYLAND_wl_proxy_get_version)
+#define wl_proxy_marshal_flags (*WAYLAND_wl_proxy_marshal_flags)
+#define wl_proxy_marshal_array_flags (*WAYLAND_wl_proxy_marshal_array_flags)
#define wl_proxy_add_listener (*WAYLAND_wl_proxy_add_listener)
#define wl_proxy_marshal_constructor (*WAYLAND_wl_proxy_marshal_constructor)
#define wl_proxy_marshal_constructor_versioned (*WAYLAND_wl_proxy_marshal_constructor_versioned)
diff --git a/src/video/wayland/SDL_waylandsym.h b/src/video/wayland/SDL_waylandsym.h
index c4c189d..789f49e 100644
--- a/src/video/wayland/SDL_waylandsym.h
+++ b/src/video/wayland/SDL_waylandsym.h
@@ -71,6 +71,10 @@ SDL_WAYLAND_SYM(struct wl_proxy *, wl_proxy_marshal_constructor, (struct wl_prox
SDL_WAYLAND_MODULE(WAYLAND_CLIENT_1_10)
SDL_WAYLAND_SYM(struct wl_proxy *, wl_proxy_marshal_constructor_versioned, (struct wl_proxy *proxy, uint32_t opcode, const struct wl_interface *interface, uint32_t version, ...))
+SDL_WAYLAND_MODULE(WAYLAND_CLIENT_1_20)
+SDL_WAYLAND_SYM(struct wl_proxy*, wl_proxy_marshal_flags, (struct wl_proxy *proxy, uint32_t opcode, const struct wl_interface *interfac, uint32_t version, uint32_t flags, ...))
+SDL_WAYLAND_SYM(struct wl_proxy*, wl_proxy_marshal_array_flags, (struct wl_proxy *proxy, uint32_t opcode, const struct wl_interface *interface, uint32_t version, uint32_t flags, union wl_argument *args))
+
SDL_WAYLAND_INTERFACE(wl_seat_interface)
SDL_WAYLAND_INTERFACE(wl_surface_interface)
SDL_WAYLAND_INTERFACE(wl_shm_pool_interface)
--
1.8.3.1

BIN
SDL2-2.0.12.tar.gz Normal file
View File

Binary file not shown.

BIN
SDL2-2.0.8.tar.gz
View File

Binary file not shown.

15
SDL2-2.0.9-khrplatform.patch Normal file
View File

@ -0,0 +1,15 @@
diff -up SDL2-2.0.9/include/SDL_opengl_glext.h.khrplatform SDL2-2.0.9/include/SDL_opengl_glext.h
--- SDL2-2.0.9/include/SDL_opengl_glext.h.khrplatform 2019-02-15 20:22:39.173773779 -0500
+++ SDL2-2.0.9/include/SDL_opengl_glext.h 2019-02-15 20:22:58.176399330 -0500
@@ -469,8 +469,9 @@ GLAPI void APIENTRY glBlendEquation (GLe
typedef long GLsizeiptr;
typedef long GLintptr;
#else
-typedef ptrdiff_t GLsizeiptr;
-typedef ptrdiff_t GLintptr;
+#include <KHR/khrplatform.h>
+typedef khronos_intptr_t GLintptr;
+typedef khronos_ssize_t GLsizeiptr;
#endif
#define GL_BUFFER_SIZE 0x8764
#define GL_BUFFER_USAGE 0x8765

24
SDL2.spec
View File

@ -1,21 +1,24 @@
Name: SDL2 Name: SDL2
Version: 2.0.8 Version: 2.0.12
Release: 11 Release: 1
Summary: Cross-platform multimedia library Summary: Cross-platform multimedia library
License: zlib and MIT License: zlib and MIT
URL: http://www.libsdl.org/ URL: http://www.libsdl.org/
Source0: http://www.libsdl.org/release/%{name}-%{version}.tar.gz Source0: http://www.libsdl.org/release/%{name}-%{version}.tar.gz
Source1: SDL_config.h Source1: SDL_config.h
Patch0000: multilib.patch Patch0000: multilib.patch
Patch0001: dynapi.patch Patch0001: SDL2-2.0.9-khrplatform.patch
Patch0002: CVE-2019-13616.patch Patch0002: Fix-build-against-wayland-1.20.patch
#https://github.com/libsdl-org/SDL/commit/a7ff6e96155f550a5597621ebeddd03c98aa9294
Patch0003: CVE-2020-14409_CVE-2020-14410.patch
Patch6000: backport-CVE-2021-33657.patch Patch6000: backport-CVE-2021-33657.patch
BuildRequires: alsa-lib-devel audiofile-devel mesa-libGL-devel BuildRequires: alsa-lib-devel audiofile-devel mesa-libGL-devel
BuildRequires: mesa-libGLU-devel mesa-libEGL-devel libglvnd-devel BuildRequires: mesa-libGLU-devel mesa-libEGL-devel libglvnd-devel
BuildRequires: libXext-devel libX11-devel libXi-devel libXrandr-devel BuildRequires: libXext-devel libX11-devel libXi-devel libXrandr-devel
BuildRequires: libXrender-devel libXScrnSaver-devel libusb-devel BuildRequires: libXrender-devel libXScrnSaver-devel libusb-devel
BuildRequires: libXinerama-devel libXcursor-devel systemd-devel BuildRequires: libXinerama-devel libXcursor-devel systemd-devel
BuildRequires: pkgconfig(libpulse-simple) BuildRequires: pkgconfig(libpulse-simple) pkgconfig(jack)
BuildRequires: pkgconfig(dbus-1) pkgconfig(ibus-1.0) BuildRequires: pkgconfig(dbus-1) pkgconfig(ibus-1.0)
BuildRequires: pkgconfig(wayland-client) pkgconfig(wayland-egl) BuildRequires: pkgconfig(wayland-client) pkgconfig(wayland-egl)
BuildRequires: pkgconfig(wayland-cursor) pkgconfig(wayland-protocols) BuildRequires: pkgconfig(wayland-cursor) pkgconfig(wayland-protocols)
@ -40,7 +43,7 @@ developing SDL applications.
%prep %prep
%autosetup -p1 %autosetup -p1
sed -i -e 's/.*AM_PATH_ESD.*//' configure.in sed -i -e 's/.*AM_PATH_ESD.*//' configure.ac
sed -i -e 's/\r//g' TODO.txt README.txt WhatsNew.txt BUGS.txt COPYING.txt CREDITS.txt README-SDL.txt sed -i -e 's/\r//g' TODO.txt README.txt WhatsNew.txt BUGS.txt COPYING.txt CREDITS.txt README-SDL.txt
%build %build
@ -56,14 +59,18 @@ sed -i -e 's/\r//g' TODO.txt README.txt WhatsNew.txt BUGS.txt COPYING.txt CREDIT
%install %install
%make_install %make_install
mv %{buildroot}%{_includedir}/SDL2/SDL_config.h %{buildroot}%{_includedir}/SDL2/SDL_config-%{_arch}.h mv %{buildroot}%{_includedir}/SDL2/SDL_config.h %{buildroot}%{_includedir}/SDL2/SDL_config-%{_arch}.h
install -pm 0644 %{SOURCE1} %{buildroot}%{_includedir}/SDL2/SDL_config.h install -pm 0644 %{SOURCE1} %{buildroot}%{_includedir}/SDL2/SDL_config.h
rm -vf %{buildroot}%{_libdir}/*.la
%ldconfig_scriptlets
%files %files
%license COPYING.txt %license COPYING.txt
%doc BUGS.txt CREDITS.txt README-SDL.txt %doc BUGS.txt CREDITS.txt README-SDL.txt
%{_libdir}/lib*.so.* %{_libdir}/lib*.so.*
%exclude %{_libdir}/*.la
%files devel %files devel
%license COPYING.txt %license COPYING.txt
@ -77,6 +84,9 @@ install -pm 0644 %{SOURCE1} %{buildroot}%{_includedir}/SDL2/SDL_config.h
%{_datadir}/aclocal/* %{_datadir}/aclocal/*
%changelog %changelog
* Tue Apr 12 2022 yaoxin <yaoxin30@h-partners.com> - 2.0.12-1
- Upgrade SDL2 to 2.0.12 and fix CVE-2020-14409,CVE-2020-14410
* Tue Mar 15 2022 yuanxin <yuanxin24@h-partners.com> - 2.0.8-11 * Tue Mar 15 2022 yuanxin <yuanxin24@h-partners.com> - 2.0.8-11
- Type:CVE - Type:CVE
- ID:NA - ID:NA

84
dynapi.patch
View File

@ -1,84 +0,0 @@
# HG changeset patch
# User Ryan C. Gordon <icculus@icculus.org>
# Date 1526575846 14400
# Node ID 7babfecee045fac18d95e5936fede534ca54ed24
# Parent 9e46f3dd75fd2e85e0e3ebb8a77329bc74a16e70
dynapi: don't let system loader resolve the initializer to the wrong version.
Fixes problems launching Firewatch on Linux (which statically links SDL but
also dynamically loads a system-wide copy from a plugin shared library) with
a newer SDL build.
diff -r 9e46f3dd75fd -r 7babfecee045 src/dynapi/SDL_dynapi.c
--- a/src/dynapi/SDL_dynapi.c Fri May 11 09:37:00 2018 +0300
+++ b/src/dynapi/SDL_dynapi.c Thu May 17 12:50:46 2018 -0400
@@ -167,15 +167,10 @@
#error Write me.
#endif
-
-
-/* Here's the exported entry point that fills in the jump table. */
-/* Use specific types when an "int" might suffice to keep this sane. */
-typedef Sint32 (SDLCALL *SDL_DYNAPI_ENTRYFN)(Uint32 apiver, void *table, Uint32 tablesize);
-extern DECLSPEC Sint32 SDLCALL SDL_DYNAPI_entry(Uint32, void *, Uint32);
-
-Sint32
-SDL_DYNAPI_entry(Uint32 apiver, void *table, Uint32 tablesize)
+/* we make this a static function so we can call the correct one without the
+ system's dynamic linker resolving to the wrong version of this. */
+static Sint32
+initialize_jumptable(Uint32 apiver, void *table, Uint32 tablesize)
{
SDL_DYNAPI_jump_table *output_jump_table = (SDL_DYNAPI_jump_table *) table;
@@ -202,6 +197,18 @@
}
+/* Here's the exported entry point that fills in the jump table. */
+/* Use specific types when an "int" might suffice to keep this sane. */
+typedef Sint32 (SDLCALL *SDL_DYNAPI_ENTRYFN)(Uint32 apiver, void *table, Uint32 tablesize);
+extern DECLSPEC Sint32 SDLCALL SDL_DYNAPI_entry(Uint32, void *, Uint32);
+
+Sint32
+SDL_DYNAPI_entry(Uint32 apiver, void *table, Uint32 tablesize)
+{
+ return initialize_jumptable(apiver, table, tablesize);
+}
+
+
/* Obviously we can't use SDL_LoadObject() to load SDL. :) */
/* Also obviously, we never close the loaded library. */
#if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__)
@@ -260,7 +267,7 @@
SDL_InitDynamicAPILocked(void)
{
const char *libname = SDL_getenv_REAL("SDL_DYNAMIC_API");
- SDL_DYNAPI_ENTRYFN entry = SDL_DYNAPI_entry; /* funcs from here by default. */
+ SDL_DYNAPI_ENTRYFN entry = NULL; /* funcs from here by default. */
if (libname) {
entry = (SDL_DYNAPI_ENTRYFN) get_sdlapi_entry(libname, "SDL_DYNAPI_entry");
@@ -268,16 +275,15 @@
/* !!! FIXME: fail to startup here instead? */
/* !!! FIXME: definitely warn user. */
/* Just fill in the function pointers from this library. */
- entry = SDL_DYNAPI_entry;
}
}
- if (entry(SDL_DYNAPI_VERSION, &jump_table, sizeof (jump_table)) < 0) {
+ if (!entry || (entry(SDL_DYNAPI_VERSION, &jump_table, sizeof (jump_table)) < 0)) {
/* !!! FIXME: fail to startup here instead? */
/* !!! FIXME: definitely warn user. */
/* Just fill in the function pointers from this library. */
- if (entry != SDL_DYNAPI_entry) {
- if (!SDL_DYNAPI_entry(SDL_DYNAPI_VERSION, &jump_table, sizeof (jump_table))) {
+ if (!entry) {
+ if (!initialize_jumptable(SDL_DYNAPI_VERSION, &jump_table, sizeof (jump_table))) {
/* !!! FIXME: now we're screwed. Should definitely abort now. */
}
}