diff --git a/.SDL.metadata b/.SDL.metadata new file mode 100644 index 0000000..be113df --- /dev/null +++ b/.SDL.metadata @@ -0,0 +1 @@ +61a0c4976ecc88d1101f1d03105089588d167a40 SOURCES/SDL-1.2.15_repackaged.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..30c5e3f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/SDL-1.2.15_repackaged.tar.gz diff --git a/SOURCES/0001-CVE-2019-7572-Fix-a-buffer-overread-in-IMA_ADPCM_nib.patch b/SOURCES/0001-CVE-2019-7572-Fix-a-buffer-overread-in-IMA_ADPCM_nib.patch new file mode 100644 index 0000000..ed4f00f --- /dev/null +++ b/SOURCES/0001-CVE-2019-7572-Fix-a-buffer-overread-in-IMA_ADPCM_nib.patch @@ -0,0 +1,61 @@ +From 4b4cac39ba7988df9d8def32360dd842b707ba74 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Sat, 8 Jun 2019 17:57:43 -0700 +Subject: [PATCH 01/11] CVE-2019-7572: Fix a buffer overread in + IMA_ADPCM_nibble If an IMA ADPCM block contained an initial index out of step + table range (loaded in IMA_ADPCM_decode()), IMA_ADPCM_nibble() blindly used + this bogus value and that lead to a buffer overread. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch fixes it by moving clamping the index value at the +beginning of IMA_ADPCM_nibble() function instead of the end after +an update. + +CVE-2019-7572 +https://bugzilla.libsdl.org/show_bug.cgi?id=4495 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/audio/SDL_wave.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c +index b4ad6c787..ba1fb5252 100644 +--- a/src/audio/SDL_wave.c ++++ b/src/audio/SDL_wave.c +@@ -264,6 +264,14 @@ static Sint32 IMA_ADPCM_nibble(struct IMA_ADPCM_decodestate *state,Uint8 nybble) + }; + Sint32 delta, step; + ++ /* Clamp index value. The inital value can be invalid. */ ++ if ( state->index > 88 ) { ++ state->index = 88; ++ } else ++ if ( state->index < 0 ) { ++ state->index = 0; ++ } ++ + /* Compute difference and new sample value */ + step = step_table[state->index]; + delta = step >> 3; +@@ -275,12 +283,6 @@ static Sint32 IMA_ADPCM_nibble(struct IMA_ADPCM_decodestate *state,Uint8 nybble) + + /* Update index value */ + state->index += index_table[nybble]; +- if ( state->index > 88 ) { +- state->index = 88; +- } else +- if ( state->index < 0 ) { +- state->index = 0; +- } + + /* Clamp output sample */ + if ( state->sample > max_audioval ) { +-- +2.21.0 + diff --git a/SOURCES/0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch b/SOURCES/0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch new file mode 100644 index 0000000..95ed486 --- /dev/null +++ b/SOURCES/0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch @@ -0,0 +1,41 @@ +From b8dab2d1dae1f6fb0f2b466e2b26645d072b9aaa Mon Sep 17 00:00:00 2001 +From: Sam Lantinga +Date: Sat, 24 Mar 2018 10:15:42 -0700 +Subject: [PATCH] Fixed bug 4108 - Missing break statements in SDL_CDResume and + SDL_CDStop + +Ozkan Sezer + +Two break statements are missing in SDL_cdrom.c:SDL_CDResume() +and SDL_CDStop(), which negate the returned code from driver +and always return 0. The following patch adds those breaks. + +--HG-- +branch : SDL-1.2 +--- + src/cdrom/SDL_cdrom.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/cdrom/SDL_cdrom.c b/src/cdrom/SDL_cdrom.c +index 8f91bb1b3..fac2437e5 100644 +--- a/src/cdrom/SDL_cdrom.c ++++ b/src/cdrom/SDL_cdrom.c +@@ -285,6 +285,7 @@ int SDL_CDResume(SDL_CD *cdrom) + switch (status) { + case CD_PAUSED: + retval = SDL_CDcaps.Resume(cdrom); ++ break; + default: + retval = 0; + break; +@@ -307,6 +308,7 @@ int SDL_CDStop(SDL_CD *cdrom) + case CD_PLAYING: + case CD_PAUSED: + retval = SDL_CDcaps.Stop(cdrom); ++ break; + default: + retval = 0; + break; +-- +2.17.1 + diff --git a/SOURCES/0001-fix-small-errors-detected-by-coverity.patch b/SOURCES/0001-fix-small-errors-detected-by-coverity.patch new file mode 100644 index 0000000..a7b1f9f --- /dev/null +++ b/SOURCES/0001-fix-small-errors-detected-by-coverity.patch @@ -0,0 +1,67 @@ +From a976b037b63d8de9ed0eb920238ac4211b649408 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Mon, 29 Apr 2019 15:50:39 +0200 +Subject: [PATCH] fix small errors detected by coverity + +--- + src/video/SDL_surface.c | 2 +- + src/video/fbcon/SDL_fbevents.c | 2 +- + src/video/fbcon/SDL_fbmatrox.c | 2 ++ + 3 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/video/SDL_surface.c b/src/video/SDL_surface.c +index 0f3ad12c4..0386cb3fb 100644 +--- a/src/video/SDL_surface.c ++++ b/src/video/SDL_surface.c +@@ -116,6 +116,7 @@ SDL_Surface * SDL_CreateRGBSurface (Uint32 flags, + surface->locked = 0; + surface->map = NULL; + surface->unused1 = 0; ++ surface->refcount = 1; + SDL_SetClipRect(surface, NULL); + SDL_FormatChanged(surface); + +@@ -142,7 +143,6 @@ SDL_Surface * SDL_CreateRGBSurface (Uint32 flags, + } + + /* The surface is ready to go */ +- surface->refcount = 1; + #ifdef CHECK_LEAKS + ++surfaces_allocated; + #endif +diff --git a/src/video/fbcon/SDL_fbevents.c b/src/video/fbcon/SDL_fbevents.c +index 5e369a4a8..dd7413df9 100644 +--- a/src/video/fbcon/SDL_fbevents.c ++++ b/src/video/fbcon/SDL_fbevents.c +@@ -575,7 +575,7 @@ int FB_OpenMouse(_THIS) + + /* ELO TOUCHSCREEN SUPPORT */ + +- if ( mousedrv && (SDL_strcmp(mousedrv, "ELO") == 0) ) { ++ if ( mousedrv && (SDL_strcmp(mousedrv, "ELO") == 0) && mousedev ) { + mouse_fd = open(mousedev, O_RDWR); + if ( mouse_fd >= 0 ) { + if(eloInitController(mouse_fd)) { +diff --git a/src/video/fbcon/SDL_fbmatrox.c b/src/video/fbcon/SDL_fbmatrox.c +index 04b90b05d..4e3da4f84 100644 +--- a/src/video/fbcon/SDL_fbmatrox.c ++++ b/src/video/fbcon/SDL_fbmatrox.c +@@ -80,6 +80,7 @@ static int FillHWRect(_THIS, SDL_Surface *dst, SDL_Rect *rect, Uint32 color) + switch (dst->format->BytesPerPixel) { + case 1: + color |= (color<<8); ++ /* fallthrough */ + case 2: + color |= (color<<16); + break; +@@ -191,6 +192,7 @@ static int HWAccelBlit(SDL_Surface *src, SDL_Rect *srcrect, + switch (dst->format->BytesPerPixel) { + case 1: + colorkey |= (colorkey<<8); ++ /* fallthrough */ + case 2: + colorkey |= (colorkey<<16); + break; +-- +2.20.1 + diff --git a/SOURCES/0002-CVE-2019-7578-Fix-a-buffer-overread-in-InitIMA_ADPCM.patch b/SOURCES/0002-CVE-2019-7578-Fix-a-buffer-overread-in-InitIMA_ADPCM.patch new file mode 100644 index 0000000..f5dbd20 --- /dev/null +++ b/SOURCES/0002-CVE-2019-7578-Fix-a-buffer-overread-in-InitIMA_ADPCM.patch @@ -0,0 +1,69 @@ +From 210e68f70a5a007b0664239aa557e6b9d1b3e830 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Sat, 8 Jun 2019 18:02:09 -0700 +Subject: [PATCH 02/11] CVE-2019-7578: Fix a buffer overread in InitIMA_ADPCM + If IMA ADPCM format chunk was too short, InitIMA_ADPCM() parsing it could + read past the end of chunk data. This patch fixes it. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2019-7578 +https://bugzilla.libsdl.org/show_bug.cgi?id=4494 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/audio/SDL_wave.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c +index ba1fb5252..21ee4dc3c 100644 +--- a/src/audio/SDL_wave.c ++++ b/src/audio/SDL_wave.c +@@ -222,11 +222,12 @@ static struct IMA_ADPCM_decoder { + struct IMA_ADPCM_decodestate state[2]; + } IMA_ADPCM_state; + +-static int InitIMA_ADPCM(WaveFMT *format) ++static int InitIMA_ADPCM(WaveFMT *format, int length) + { +- Uint8 *rogue_feel; ++ Uint8 *rogue_feel, *rogue_feel_end; + + /* Set the rogue pointer to the IMA_ADPCM specific data */ ++ if (length < sizeof(*format)) goto too_short; + IMA_ADPCM_state.wavefmt.encoding = SDL_SwapLE16(format->encoding); + IMA_ADPCM_state.wavefmt.channels = SDL_SwapLE16(format->channels); + IMA_ADPCM_state.wavefmt.frequency = SDL_SwapLE32(format->frequency); +@@ -235,11 +236,16 @@ static int InitIMA_ADPCM(WaveFMT *format) + IMA_ADPCM_state.wavefmt.bitspersample = + SDL_SwapLE16(format->bitspersample); + rogue_feel = (Uint8 *)format+sizeof(*format); ++ rogue_feel_end = (Uint8 *)format + length; + if ( sizeof(*format) == 16 ) { + rogue_feel += sizeof(Uint16); + } ++ if (rogue_feel + 2 > rogue_feel_end) goto too_short; + IMA_ADPCM_state.wSamplesPerBlock = ((rogue_feel[1]<<8)|rogue_feel[0]); + return(0); ++too_short: ++ SDL_SetError("Unexpected length of a chunk with an IMA ADPCM format"); ++ return(-1); + } + + static Sint32 IMA_ADPCM_nibble(struct IMA_ADPCM_decodestate *state,Uint8 nybble) +@@ -471,7 +477,7 @@ SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWops *src, int freesrc, + break; + case IMA_ADPCM_CODE: + /* Try to understand this */ +- if ( InitIMA_ADPCM(format) < 0 ) { ++ if ( InitIMA_ADPCM(format, lenread) < 0 ) { + was_error = 1; + goto done; + } +-- +2.21.0 + diff --git a/SOURCES/0003-CVE-2019-7574-Fix-a-buffer-overread-in-IMA_ADPCM_dec.patch b/SOURCES/0003-CVE-2019-7574-Fix-a-buffer-overread-in-IMA_ADPCM_dec.patch new file mode 100644 index 0000000..ac6d98b --- /dev/null +++ b/SOURCES/0003-CVE-2019-7574-Fix-a-buffer-overread-in-IMA_ADPCM_dec.patch @@ -0,0 +1,73 @@ +From db0282cbe00a64cc65ba445ea21928d72dc26d97 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 10 Jun 2019 08:50:59 -0700 +Subject: [PATCH 03/11] CVE-2019-7574: Fix a buffer overread in + IMA_ADPCM_decode If data chunk was shorter than expected based on a WAV + format definition, IMA_ADPCM_decode() tried to read past the data chunk + buffer. This patch fixes it. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2019-7574 +https://bugzilla.libsdl.org/show_bug.cgi?id=4496 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/audio/SDL_wave.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c +index 21ee4dc3c..66f804421 100644 +--- a/src/audio/SDL_wave.c ++++ b/src/audio/SDL_wave.c +@@ -331,7 +331,7 @@ static void Fill_IMA_ADPCM_block(Uint8 *decoded, Uint8 *encoded, + static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + { + struct IMA_ADPCM_decodestate *state; +- Uint8 *freeable, *encoded, *decoded; ++ Uint8 *freeable, *encoded, *encoded_end, *decoded; + Sint32 encoded_len, samplesleft; + unsigned int c, channels; + +@@ -347,6 +347,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + /* Allocate the proper sized output buffer */ + encoded_len = *audio_len; + encoded = *audio_buf; ++ encoded_end = encoded + encoded_len; + freeable = *audio_buf; + *audio_len = (encoded_len/IMA_ADPCM_state.wavefmt.blockalign) * + IMA_ADPCM_state.wSamplesPerBlock* +@@ -362,6 +363,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) { + /* Grab the initial information for this block */ + for ( c=0; c encoded_end) goto invalid_size; + /* Fill the state information for this block */ + state[c].sample = ((encoded[1]<<8)|encoded[0]); + encoded += 2; +@@ -384,6 +386,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + samplesleft = (IMA_ADPCM_state.wSamplesPerBlock-1)*channels; + while ( samplesleft > 0 ) { + for ( c=0; c encoded_end) goto invalid_size; + Fill_IMA_ADPCM_block(decoded, encoded, + c, channels, &state[c]); + encoded += 4; +@@ -395,6 +398,10 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + } + SDL_free(freeable); + return(0); ++invalid_size: ++ SDL_SetError("Unexpected chunk length for an IMA ADPCM decoder"); ++ SDL_free(freeable); ++ return(-1); + } + + SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWops *src, int freesrc, +-- +2.21.0 + diff --git a/SOURCES/0004-CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_deco.patch b/SOURCES/0004-CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_deco.patch new file mode 100644 index 0000000..4a7d1e3 --- /dev/null +++ b/SOURCES/0004-CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_deco.patch @@ -0,0 +1,76 @@ +From d5ec943db7d51fccd7230c9df0c7a2e46d611f50 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 10 Jun 2019 08:54:11 -0700 +Subject: [PATCH 04/11] CVE-2019-7577: Fix a buffer overread in MS_ADPCM_decode + If RIFF/WAV data chunk length is shorter then expected for an audio format + defined in preceeding RIFF/WAV format headers, a buffer overread can happen. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch fixes it by checking a MS ADPCM data to be decoded are not +past the initialized buffer. + +CVE-2019-7577 +Reproducer: https://bugzilla.libsdl.org/show_bug.cgi?id=4492 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/audio/SDL_wave.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c +index 66f804421..6c6eb14eb 100644 +--- a/src/audio/SDL_wave.c ++++ b/src/audio/SDL_wave.c +@@ -115,7 +115,7 @@ static Sint32 MS_ADPCM_nibble(struct MS_ADPCM_decodestate *state, + static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + { + struct MS_ADPCM_decodestate *state[2]; +- Uint8 *freeable, *encoded, *decoded; ++ Uint8 *freeable, *encoded, *encoded_end, *decoded; + Sint32 encoded_len, samplesleft; + Sint8 nybble, stereo; + Sint16 *coeff[2]; +@@ -124,6 +124,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + /* Allocate the proper sized output buffer */ + encoded_len = *audio_len; + encoded = *audio_buf; ++ encoded_end = encoded + encoded_len; + freeable = *audio_buf; + *audio_len = (encoded_len/MS_ADPCM_state.wavefmt.blockalign) * + MS_ADPCM_state.wSamplesPerBlock* +@@ -141,6 +142,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + state[1] = &MS_ADPCM_state.state[stereo]; + while ( encoded_len >= MS_ADPCM_state.wavefmt.blockalign ) { + /* Grab the initial information for this block */ ++ if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto too_short; + state[0]->hPredictor = *encoded++; + if ( stereo ) { + state[1]->hPredictor = *encoded++; +@@ -188,6 +190,8 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + samplesleft = (MS_ADPCM_state.wSamplesPerBlock-2)* + MS_ADPCM_state.wavefmt.channels; + while ( samplesleft > 0 ) { ++ if (encoded + 1 > encoded_end) goto too_short; ++ + nybble = (*encoded)>>4; + new_sample = MS_ADPCM_nibble(state[0],nybble,coeff[0]); + decoded[0] = new_sample&0xFF; +@@ -209,6 +213,10 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + } + SDL_free(freeable); + return(0); ++too_short: ++ SDL_SetError("Too short chunk for a MS ADPCM decoder"); ++ SDL_free(freeable); ++ return(-1); + } + + struct IMA_ADPCM_decodestate { +-- +2.21.0 + diff --git a/SOURCES/0005-CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_nibb.patch b/SOURCES/0005-CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_nibb.patch new file mode 100644 index 0000000..d6a4231 --- /dev/null +++ b/SOURCES/0005-CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_nibb.patch @@ -0,0 +1,58 @@ +From 06d20617d0d5bb89a6caf5f2201c93baf03c43c2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 10 Jun 2019 08:54:29 -0700 +Subject: [PATCH 05/11] CVE-2019-7577: Fix a buffer overread in MS_ADPCM_nibble + and MS_ADPCM_decode If a chunk of RIFF/WAV file with MS ADPCM encoding + contains an invalid predictor (a valid predictor's value is between 0 and 6 + inclusive), a buffer overread can happen when the predictor is used as an + index into an array of MS ADPCM coefficients. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The overead happens when indexing MS_ADPCM_state.aCoeff[] array in +MS_ADPCM_decode() and later when dereferencing a coef pointer in +MS_ADPCM_nibble(). + +This patch fixes it by checking the MS ADPCM predictor values fit +into the valid range. + +CVE-2019-7577 +Reproducer: https://bugzilla.libsdl.org/show_bug.cgi?id=4492 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/audio/SDL_wave.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c +index 6c6eb14eb..3eedd20a1 100644 +--- a/src/audio/SDL_wave.c ++++ b/src/audio/SDL_wave.c +@@ -147,6 +147,9 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + if ( stereo ) { + state[1]->hPredictor = *encoded++; + } ++ if (state[0]->hPredictor >= 7 || state[1]->hPredictor >= 7) { ++ goto invalid_predictor; ++ } + state[0]->iDelta = ((encoded[1]<<8)|encoded[0]); + encoded += sizeof(Sint16); + if ( stereo ) { +@@ -217,6 +220,10 @@ too_short: + SDL_SetError("Too short chunk for a MS ADPCM decoder"); + SDL_free(freeable); + return(-1); ++invalid_predictor: ++ SDL_SetError("Invalid predictor value for a MS ADPCM decoder"); ++ SDL_free(freeable); ++ return(-1); + } + + struct IMA_ADPCM_decodestate { +-- +2.21.0 + diff --git a/SOURCES/0006-CVE-2019-7572-Fix-a-buffer-overwrite-in-IMA_ADPCM_de.patch b/SOURCES/0006-CVE-2019-7572-Fix-a-buffer-overwrite-in-IMA_ADPCM_de.patch new file mode 100644 index 0000000..f72edce --- /dev/null +++ b/SOURCES/0006-CVE-2019-7572-Fix-a-buffer-overwrite-in-IMA_ADPCM_de.patch @@ -0,0 +1,66 @@ +From b637e14f849130449544c8899aed716a2f049b75 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 10 Jun 2019 08:57:11 -0700 +Subject: [PATCH 06/11] CVE-2019-7572: Fix a buffer overwrite in + IMA_ADPCM_decode If data chunk was longer than expected based on a WAV format + definition, IMA_ADPCM_decode() tried to write past the output buffer. This + patch fixes it. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Based on patch from +. + +CVE-2019-7572 +https://bugzilla.libsdl.org/show_bug.cgi?id=4495 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/audio/SDL_wave.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c +index 3eedd20a1..4159eb710 100644 +--- a/src/audio/SDL_wave.c ++++ b/src/audio/SDL_wave.c +@@ -346,7 +346,7 @@ static void Fill_IMA_ADPCM_block(Uint8 *decoded, Uint8 *encoded, + static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + { + struct IMA_ADPCM_decodestate *state; +- Uint8 *freeable, *encoded, *encoded_end, *decoded; ++ Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end; + Sint32 encoded_len, samplesleft; + unsigned int c, channels; + +@@ -373,6 +373,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + return(-1); + } + decoded = *audio_buf; ++ decoded_end = decoded + *audio_len; + + /* Get ready... Go! */ + while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) { +@@ -392,6 +393,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + } + + /* Store the initial sample we start with */ ++ if (decoded + 2 > decoded_end) goto invalid_size; + decoded[0] = (Uint8)(state[c].sample&0xFF); + decoded[1] = (Uint8)(state[c].sample>>8); + decoded += 2; +@@ -402,6 +404,8 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + while ( samplesleft > 0 ) { + for ( c=0; c encoded_end) goto invalid_size; ++ if (decoded + 4 * 4 * channels > decoded_end) ++ goto invalid_size; + Fill_IMA_ADPCM_block(decoded, encoded, + c, channels, &state[c]); + encoded += 4; +-- +2.21.0 + diff --git a/SOURCES/0007-CVE-2019-7573-CVE-2019-7576-Fix-buffer-overreads-in-.patch b/SOURCES/0007-CVE-2019-7573-CVE-2019-7576-Fix-buffer-overreads-in-.patch new file mode 100644 index 0000000..41bf2e4 --- /dev/null +++ b/SOURCES/0007-CVE-2019-7573-CVE-2019-7576-Fix-buffer-overreads-in-.patch @@ -0,0 +1,84 @@ +From 45ef356d8c01a3941286b35b90eb319959f20f2c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 10 Jun 2019 09:06:23 -0700 +Subject: [PATCH 07/11] CVE-2019-7573, CVE-2019-7576: Fix buffer overreads in + InitMS_ADPCM If MS ADPCM format chunk was too short, InitMS_ADPCM() parsing + it could read past the end of chunk data. This patch fixes it. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2019-7573 +https://bugzilla.libsdl.org/show_bug.cgi?id=4491 +CVE-2019-7576 +https://bugzilla.libsdl.org/show_bug.cgi?id=4490 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/audio/SDL_wave.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c +index 4159eb710..88ac2cca6 100644 +--- a/src/audio/SDL_wave.c ++++ b/src/audio/SDL_wave.c +@@ -44,12 +44,13 @@ static struct MS_ADPCM_decoder { + struct MS_ADPCM_decodestate state[2]; + } MS_ADPCM_state; + +-static int InitMS_ADPCM(WaveFMT *format) ++static int InitMS_ADPCM(WaveFMT *format, int length) + { +- Uint8 *rogue_feel; ++ Uint8 *rogue_feel, *rogue_feel_end; + int i; + + /* Set the rogue pointer to the MS_ADPCM specific data */ ++ if (length < sizeof(*format)) goto too_short; + MS_ADPCM_state.wavefmt.encoding = SDL_SwapLE16(format->encoding); + MS_ADPCM_state.wavefmt.channels = SDL_SwapLE16(format->channels); + MS_ADPCM_state.wavefmt.frequency = SDL_SwapLE32(format->frequency); +@@ -58,9 +59,11 @@ static int InitMS_ADPCM(WaveFMT *format) + MS_ADPCM_state.wavefmt.bitspersample = + SDL_SwapLE16(format->bitspersample); + rogue_feel = (Uint8 *)format+sizeof(*format); ++ rogue_feel_end = (Uint8 *)format + length; + if ( sizeof(*format) == 16 ) { + rogue_feel += sizeof(Uint16); + } ++ if (rogue_feel + 4 > rogue_feel_end) goto too_short; + MS_ADPCM_state.wSamplesPerBlock = ((rogue_feel[1]<<8)|rogue_feel[0]); + rogue_feel += sizeof(Uint16); + MS_ADPCM_state.wNumCoef = ((rogue_feel[1]<<8)|rogue_feel[0]); +@@ -70,12 +73,16 @@ static int InitMS_ADPCM(WaveFMT *format) + return(-1); + } + for ( i=0; i rogue_feel_end) goto too_short; + MS_ADPCM_state.aCoeff[i][0] = ((rogue_feel[1]<<8)|rogue_feel[0]); + rogue_feel += sizeof(Uint16); + MS_ADPCM_state.aCoeff[i][1] = ((rogue_feel[1]<<8)|rogue_feel[0]); + rogue_feel += sizeof(Uint16); + } + return(0); ++too_short: ++ SDL_SetError("Unexpected length of a chunk with a MS ADPCM format"); ++ return(-1); + } + + static Sint32 MS_ADPCM_nibble(struct MS_ADPCM_decodestate *state, +@@ -495,7 +502,7 @@ SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWops *src, int freesrc, + break; + case MS_ADPCM_CODE: + /* Try to understand this */ +- if ( InitMS_ADPCM(format) < 0 ) { ++ if ( InitMS_ADPCM(format, lenread) < 0 ) { + was_error = 1; + goto done; + } +-- +2.21.0 + diff --git a/SOURCES/0008-CVE-2019-7575-Fix-a-buffer-overwrite-in-MS_ADPCM_dec.patch b/SOURCES/0008-CVE-2019-7575-Fix-a-buffer-overwrite-in-MS_ADPCM_dec.patch new file mode 100644 index 0000000..b353231 --- /dev/null +++ b/SOURCES/0008-CVE-2019-7575-Fix-a-buffer-overwrite-in-MS_ADPCM_dec.patch @@ -0,0 +1,86 @@ +From 730c8b917e7deecc3cdf9ac9eb20e2b7e6450356 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 10 Jun 2019 09:25:05 -0700 +Subject: [PATCH 08/11] CVE-2019-7575: Fix a buffer overwrite in + MS_ADPCM_decode If a WAV format defines shorter audio stream and decoded MS + ADPCM data chunk is longer, decoding continued past the output audio buffer. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fix is based on a patch from +. + +https://bugzilla.libsdl.org/show_bug.cgi?id=4493 +CVE-2019-7575 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/audio/SDL_wave.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c +index 88ac2cca6..5f9365147 100644 +--- a/src/audio/SDL_wave.c ++++ b/src/audio/SDL_wave.c +@@ -122,7 +122,7 @@ static Sint32 MS_ADPCM_nibble(struct MS_ADPCM_decodestate *state, + static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + { + struct MS_ADPCM_decodestate *state[2]; +- Uint8 *freeable, *encoded, *encoded_end, *decoded; ++ Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end; + Sint32 encoded_len, samplesleft; + Sint8 nybble, stereo; + Sint16 *coeff[2]; +@@ -142,6 +142,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + return(-1); + } + decoded = *audio_buf; ++ decoded_end = decoded + *audio_len; + + /* Get ready... Go! */ + stereo = (MS_ADPCM_state.wavefmt.channels == 2); +@@ -149,7 +150,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + state[1] = &MS_ADPCM_state.state[stereo]; + while ( encoded_len >= MS_ADPCM_state.wavefmt.blockalign ) { + /* Grab the initial information for this block */ +- if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto too_short; ++ if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto invalid_size; + state[0]->hPredictor = *encoded++; + if ( stereo ) { + state[1]->hPredictor = *encoded++; +@@ -179,6 +180,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + coeff[1] = MS_ADPCM_state.aCoeff[state[1]->hPredictor]; + + /* Store the two initial samples we start with */ ++ if (decoded + 4 + (stereo ? 4 : 0) > decoded_end) goto invalid_size; + decoded[0] = state[0]->iSamp2&0xFF; + decoded[1] = state[0]->iSamp2>>8; + decoded += 2; +@@ -200,7 +202,8 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + samplesleft = (MS_ADPCM_state.wSamplesPerBlock-2)* + MS_ADPCM_state.wavefmt.channels; + while ( samplesleft > 0 ) { +- if (encoded + 1 > encoded_end) goto too_short; ++ if (encoded + 1 > encoded_end) goto invalid_size; ++ if (decoded + 4 > decoded_end) goto invalid_size; + + nybble = (*encoded)>>4; + new_sample = MS_ADPCM_nibble(state[0],nybble,coeff[0]); +@@ -223,8 +226,8 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) + } + SDL_free(freeable); + return(0); +-too_short: +- SDL_SetError("Too short chunk for a MS ADPCM decoder"); ++invalid_size: ++ SDL_SetError("Unexpected chunk length for a MS ADPCM decoder"); + SDL_free(freeable); + return(-1); + invalid_predictor: +-- +2.21.0 + diff --git a/SOURCES/0009-CVE-2019-7635-Reject-BMP-images-with-pixel-colors-ou.patch b/SOURCES/0009-CVE-2019-7635-Reject-BMP-images-with-pixel-colors-ou.patch new file mode 100644 index 0000000..7541813 --- /dev/null +++ b/SOURCES/0009-CVE-2019-7635-Reject-BMP-images-with-pixel-colors-ou.patch @@ -0,0 +1,68 @@ +From 974b6b063b652317f1a2df12834c829415529bc5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Tue, 11 Jun 2019 06:28:12 -0700 +Subject: [PATCH 09/11] CVE-2019-7635: Reject BMP images with pixel colors out + the palette If a 1-, 4-, or 8-bit per pixel BMP image declares less used + colors than the palette offers an SDL_Surface with a palette of the indicated + number of used colors is created. If some of the image's pixel refer to a + color number higher then the maximal used colors, a subsequent bliting + operation on the surface will look up a color past a blit map (that is based + on the palette) memory. I.e. passing such SDL_Surface to e.g. an + SDL_DisplayFormat() function will result in a buffer overread in a blit + function. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch fixes it by validing each pixel's color to be less than the +maximal color number in the palette. A validation failure raises an +error from a SDL_LoadBMP_RW() function. + +CVE-2019-7635 +https://bugzilla.libsdl.org/show_bug.cgi?id=4498 + +Signed-off-by: Petr Písař + +--HG-- +branch : SDL-1.2 +--- + src/video/SDL_bmp.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c +index d56cfd83a..8acae3bcb 100644 +--- a/src/video/SDL_bmp.c ++++ b/src/video/SDL_bmp.c +@@ -296,6 +296,12 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops *src, int freesrc) + } + *(bits+i) = (pixel>>shift); + pixel <<= ExpandBMP; ++ if ( bits[i] >= biClrUsed ) { ++ SDL_SetError( ++ "A BMP image contains a pixel with a color out of the palette"); ++ was_error = SDL_TRUE; ++ goto done; ++ } + } } + break; + +@@ -306,6 +312,16 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops *src, int freesrc) + was_error = SDL_TRUE; + goto done; + } ++ if ( 8 == biBitCount && palette && biClrUsed < (1 << biBitCount ) ) { ++ for ( i=0; iw; ++i ) { ++ if ( bits[i] >= biClrUsed ) { ++ SDL_SetError( ++ "A BMP image contains a pixel with a color out of the palette"); ++ was_error = SDL_TRUE; ++ goto done; ++ } ++ } ++ } + #if SDL_BYTEORDER == SDL_BIG_ENDIAN + /* Byte-swap the pixels if needed. Note that the 24bpp + case has already been taken care of above. */ +-- +2.21.0 + diff --git a/SOURCES/0010-CVE-2019-7638-CVE-2019-7636-Refuse-loading-BMP-image.patch b/SOURCES/0010-CVE-2019-7638-CVE-2019-7636-Refuse-loading-BMP-image.patch new file mode 100644 index 0000000..05512b4 --- /dev/null +++ b/SOURCES/0010-CVE-2019-7638-CVE-2019-7636-Refuse-loading-BMP-image.patch @@ -0,0 +1,56 @@ +From 73161afdf77e2cf90f47c9be0bc970dadedb5d7c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 15 Feb 2019 16:52:27 +0100 +Subject: [PATCH 10/11] CVE-2019-7638, CVE-2019-7636: Refuse loading BMP images + with too high number of colors +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If a BMP file that defines more colors than can fit into +a palette of color depth defined in the same BMP file is loaded by +SDL_LoadBMP_RW() function, invalid number of colors is set into +resulting SDL surface. + +Then if the SDL surface is passed to SDL_DisplayFormat() function to +convert the surface format into a native video format, a buffer +overread will happen in Map1to1() or Map1toN() function +(CVE-2019-7638). (The choice of the mapping function depends on +a actual video hardware.) + +In addition SDL_GetRGB() called indirectly from SDL_DisplayFormat() +performs the same buffer overread (CVE-2019-7636). + +There is also probably a buffer overwrite when the SDL_LoadBMP_RW() +loads colors from a file. + +This patch fixes it by refusing loading such badly damaged BMP files. + +CVE-2019-7638 +https://bugzilla.libsdl.org/show_bug.cgi?id=4500 +CVE-2019-7636 +https://bugzilla.libsdl.org/show_bug.cgi?id=4499 + +Signed-off-by: Petr Písař +--- + src/video/SDL_bmp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c +index 8acae3bcb..8eadc5f66 100644 +--- a/src/video/SDL_bmp.c ++++ b/src/video/SDL_bmp.c +@@ -233,6 +233,10 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops *src, int freesrc) + if ( palette ) { + if ( biClrUsed == 0 ) { + biClrUsed = 1 << biBitCount; ++ } else if ( biClrUsed > (1 << biBitCount) ) { ++ SDL_SetError("BMP file has an invalid number of colors"); ++ was_error = SDL_TRUE; ++ goto done; + } + if ( biSize == 12 ) { + for ( i = 0; i < (int)biClrUsed; ++i ) { +-- +2.21.0 + diff --git a/SOURCES/0011-CVE-2019-7637-Fix-in-integer-overflow-in-SDL_Calcula.patch b/SOURCES/0011-CVE-2019-7637-Fix-in-integer-overflow-in-SDL_Calcula.patch new file mode 100644 index 0000000..a3168a0 --- /dev/null +++ b/SOURCES/0011-CVE-2019-7637-Fix-in-integer-overflow-in-SDL_Calcula.patch @@ -0,0 +1,210 @@ +From 7cafd3e820489f17f86d0d897ad9719ef54599f1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 18 Feb 2019 13:53:16 +0100 +Subject: [PATCH 11/11] CVE-2019-7637: Fix in integer overflow in + SDL_CalculatePitch +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If a too large width is passed to SDL_SetVideoMode() the width travels +to SDL_CalculatePitch() where the width (e.g. 65535) is multiplied by +BytesPerPixel (e.g. 4) and the result is stored into Uint16 pitch +variable. During this arithmetics an integer overflow can happen (e.g. +the value is clamped as 65532). As a result SDL_Surface with a pitch +smaller than width * BytesPerPixel is created, too small pixel buffer +is allocated and when the SDL_Surface is processed in SDL_FillRect() +a buffer overflow occurs. + +This can be reproduced with "./graywin -width 21312312313123213213213" +command. + +This patch fixes is by using a very careful arithmetics in +SDL_CalculatePitch(). If an overflow is detected, an error is reported +back as a special 0 value. We assume that 0-width surfaces do not +occur in the wild. Since SDL_CalculatePitch() is a private function, +we can change the semantics. + +CVE-2019-7637 +https://bugzilla.libsdl.org/show_bug.cgi?id=4497 + +Signed-off-by: Petr Písař +--- + src/video/SDL_pixels.c | 41 +++++++++++++++++++++++++++------ + src/video/gapi/SDL_gapivideo.c | 3 +++ + src/video/nanox/SDL_nxvideo.c | 4 ++++ + src/video/ps2gs/SDL_gsvideo.c | 3 +++ + src/video/ps3/SDL_ps3video.c | 3 +++ + src/video/windib/SDL_dibvideo.c | 3 +++ + src/video/windx5/SDL_dx5video.c | 3 +++ + src/video/x11/SDL_x11video.c | 4 ++++ + 8 files changed, 57 insertions(+), 7 deletions(-) + +diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c +index 1a7fd518f..44626b749 100644 +--- a/src/video/SDL_pixels.c ++++ b/src/video/SDL_pixels.c +@@ -286,26 +286,53 @@ void SDL_DitherColors(SDL_Color *colors, int bpp) + } + } + /* +- * Calculate the pad-aligned scanline width of a surface ++ * Calculate the pad-aligned scanline width of a surface. Return 0 in case of ++ * an error. + */ + Uint16 SDL_CalculatePitch(SDL_Surface *surface) + { +- Uint16 pitch; ++ unsigned int pitch = 0; + + /* Surface should be 4-byte aligned for speed */ +- pitch = surface->w*surface->format->BytesPerPixel; ++ /* The code tries to prevent from an Uint16 overflow. */; ++ for (Uint8 byte = surface->format->BytesPerPixel; byte; byte--) { ++ pitch += (unsigned int)surface->w; ++ if (pitch < surface->w) { ++ SDL_SetError("A scanline is too wide"); ++ return(0); ++ } ++ } + switch (surface->format->BitsPerPixel) { + case 1: +- pitch = (pitch+7)/8; ++ if (pitch % 8) { ++ pitch = pitch / 8 + 1; ++ } else { ++ pitch = pitch / 8; ++ } + break; + case 4: +- pitch = (pitch+1)/2; ++ if (pitch % 2) { ++ pitch = pitch / 2 + 1; ++ } else { ++ pitch = pitch / 2; ++ } + break; + default: + break; + } +- pitch = (pitch + 3) & ~3; /* 4-byte aligning */ +- return(pitch); ++ /* 4-byte aligning */ ++ if (pitch & 3) { ++ if (pitch + 3 < pitch) { ++ SDL_SetError("A scanline is too wide"); ++ return(0); ++ } ++ pitch = (pitch + 3) & ~3; ++ } ++ if (pitch > 0xFFFF) { ++ SDL_SetError("A scanline is too wide"); ++ return(0); ++ } ++ return((Uint16)pitch); + } + /* + * Match an RGB value to a particular palette index +diff --git a/src/video/gapi/SDL_gapivideo.c b/src/video/gapi/SDL_gapivideo.c +index 86deadc75..8a0648536 100644 +--- a/src/video/gapi/SDL_gapivideo.c ++++ b/src/video/gapi/SDL_gapivideo.c +@@ -733,6 +733,9 @@ SDL_Surface *GAPI_SetVideoMode(_THIS, SDL_Surface *current, + video->w = gapi->w = width; + video->h = gapi->h = height; + video->pitch = SDL_CalculatePitch(video); ++ if (!current->pitch) { ++ return(NULL); ++ } + + /* Small fix for WinCE/Win32 - when activating window + SDL_VideoSurface is equal to zero, so activating code +diff --git a/src/video/nanox/SDL_nxvideo.c b/src/video/nanox/SDL_nxvideo.c +index b188e0958..cbdd09a08 100644 +--- a/src/video/nanox/SDL_nxvideo.c ++++ b/src/video/nanox/SDL_nxvideo.c +@@ -378,6 +378,10 @@ SDL_Surface * NX_SetVideoMode (_THIS, SDL_Surface * current, + current -> w = width ; + current -> h = height ; + current -> pitch = SDL_CalculatePitch (current) ; ++ if (!current->pitch) { ++ current = NULL; ++ goto done; ++ } + NX_ResizeImage (this, current, flags) ; + } + +diff --git a/src/video/ps2gs/SDL_gsvideo.c b/src/video/ps2gs/SDL_gsvideo.c +index e172c60dc..329086680 100644 +--- a/src/video/ps2gs/SDL_gsvideo.c ++++ b/src/video/ps2gs/SDL_gsvideo.c +@@ -479,6 +479,9 @@ static SDL_Surface *GS_SetVideoMode(_THIS, SDL_Surface *current, + current->w = width; + current->h = height; + current->pitch = SDL_CalculatePitch(current); ++ if (!current->pitch) { ++ return(NULL); ++ } + + /* Memory map the DMA area for block memory transfer */ + if ( ! mapped_mem ) { +diff --git a/src/video/ps3/SDL_ps3video.c b/src/video/ps3/SDL_ps3video.c +index d5519e051..17848e33a 100644 +--- a/src/video/ps3/SDL_ps3video.c ++++ b/src/video/ps3/SDL_ps3video.c +@@ -339,6 +339,9 @@ static SDL_Surface *PS3_SetVideoMode(_THIS, SDL_Surface * current, int width, in + current->w = width; + current->h = height; + current->pitch = SDL_CalculatePitch(current); ++ if (!current->pitch) { ++ return(NULL); ++ } + + /* Alloc aligned mem for current->pixels */ + s_pixels = memalign(16, current->h * current->pitch); +diff --git a/src/video/windib/SDL_dibvideo.c b/src/video/windib/SDL_dibvideo.c +index 6187bfcf7..86ebb12a3 100644 +--- a/src/video/windib/SDL_dibvideo.c ++++ b/src/video/windib/SDL_dibvideo.c +@@ -675,6 +675,9 @@ SDL_Surface *DIB_SetVideoMode(_THIS, SDL_Surface *current, + video->w = width; + video->h = height; + video->pitch = SDL_CalculatePitch(video); ++ if (!current->pitch) { ++ return(NULL); ++ } + + /* Small fix for WinCE/Win32 - when activating window + SDL_VideoSurface is equal to zero, so activating code +diff --git a/src/video/windx5/SDL_dx5video.c b/src/video/windx5/SDL_dx5video.c +index f80ca97b0..39fc4fc37 100644 +--- a/src/video/windx5/SDL_dx5video.c ++++ b/src/video/windx5/SDL_dx5video.c +@@ -1127,6 +1127,9 @@ SDL_Surface *DX5_SetVideoMode(_THIS, SDL_Surface *current, + video->w = width; + video->h = height; + video->pitch = SDL_CalculatePitch(video); ++ if (!current->pitch) { ++ return(NULL); ++ } + + #ifndef NO_CHANGEDISPLAYSETTINGS + /* Set fullscreen mode if appropriate. +diff --git a/src/video/x11/SDL_x11video.c b/src/video/x11/SDL_x11video.c +index 79e60f971..45d1f79be 100644 +--- a/src/video/x11/SDL_x11video.c ++++ b/src/video/x11/SDL_x11video.c +@@ -1220,6 +1220,10 @@ SDL_Surface *X11_SetVideoMode(_THIS, SDL_Surface *current, + current->w = width; + current->h = height; + current->pitch = SDL_CalculatePitch(current); ++ if (!current->pitch) { ++ current = NULL; ++ goto done; ++ } + if (X11_ResizeImage(this, current, flags) < 0) { + current = NULL; + goto done; +-- +2.21.0 + diff --git a/SOURCES/SDL-1.2.10-GrabNotViewable.patch b/SOURCES/SDL-1.2.10-GrabNotViewable.patch new file mode 100644 index 0000000..128cf35 --- /dev/null +++ b/SOURCES/SDL-1.2.10-GrabNotViewable.patch @@ -0,0 +1,22 @@ +Makes SDL-1.2 SDL_WM_GrabInput() non-blocking in case of SDL window is not +viewable. Patch provided by . +See . + +--- ./src/video/x11/SDL_x11wm.c 2007-12-31 04:48:13.000000000 +0000 ++++ ./src/video/x11/SDL_x11wm.c 2009-01-15 10:27:14.000000000 +0000 +@@ -351,13 +351,14 @@ SDL_GrabMode X11_GrabInputNoLock(_THIS, + result = XGrabPointer(SDL_Display, SDL_Window, True, 0, + GrabModeAsync, GrabModeAsync, + SDL_Window, None, CurrentTime); +- if ( result == GrabSuccess ) { ++ if ( result == GrabSuccess || result == GrabNotViewable ) { + break; + } + SDL_Delay(100); + } + if ( result != GrabSuccess ) { + /* Uh, oh, what do we do here? */ ; ++ return(SDL_GRAB_OFF); + } + /* Now grab the keyboard */ + XGrabKeyboard(SDL_Display, WMwindow, True, diff --git a/SOURCES/SDL-1.2.12-multilib.patch b/SOURCES/SDL-1.2.12-multilib.patch new file mode 100644 index 0000000..29e6319 --- /dev/null +++ b/SOURCES/SDL-1.2.12-multilib.patch @@ -0,0 +1,25 @@ +diff -up SDL-1.2.12/sdl-config.in.multilib SDL-1.2.12/sdl-config.in +--- SDL-1.2.12/sdl-config.in.multilib 2007-07-20 07:52:45.000000000 +0200 ++++ SDL-1.2.12/sdl-config.in 2007-11-06 17:07:25.000000000 +0100 +@@ -3,7 +3,6 @@ + prefix=@prefix@ + exec_prefix=@exec_prefix@ + exec_prefix_set=no +-libdir=@libdir@ + + @ENABLE_STATIC_FALSE@usage="\ + @ENABLE_STATIC_FALSE@Usage: sdl-config [--prefix[=DIR]] [--exec-prefix[=DIR]] [--version] [--cflags] [--libs]" +@@ -45,11 +44,11 @@ while test $# -gt 0; do + echo -I@includedir@/SDL @SDL_CFLAGS@ + ;; + @ENABLE_SHARED_TRUE@ --libs) +-@ENABLE_SHARED_TRUE@ echo -L@libdir@ @SDL_RLD_FLAGS@ @SDL_LIBS@ ++@ENABLE_SHARED_TRUE@ echo @SDL_RLD_FLAGS@ @SDL_LIBS@ + @ENABLE_SHARED_TRUE@ ;; + @ENABLE_STATIC_TRUE@@ENABLE_SHARED_TRUE@ --static-libs) + @ENABLE_STATIC_TRUE@@ENABLE_SHARED_FALSE@ --libs|--static-libs) +-@ENABLE_STATIC_TRUE@ echo -L@libdir@ @SDL_RLD_FLAGS@ @SDL_STATIC_LIBS@ ++@ENABLE_STATIC_TRUE@ echo @SDL_RLD_FLAGS@ @SDL_STATIC_LIBS@ + @ENABLE_STATIC_TRUE@ ;; + *) + echo "${usage}" 1>&2 diff --git a/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch b/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch new file mode 100644 index 0000000..13fa786 --- /dev/null +++ b/SOURCES/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch @@ -0,0 +1,23 @@ +changeset: 12960:ad1bbfbca760 +branch: SDL-1.2 +parent: 12914:87d60cae0273 +user: Ozkan Sezer +date: Tue Jul 30 21:30:24 2019 +0300 +summary: Fixed bug 4538 - validate image size when loading BMP files + +diff -r 87d60cae0273 -r ad1bbfbca760 src/video/SDL_bmp.c +--- a/src/video/SDL_bmp.c Tue Jun 18 23:31:40 2019 +0100 ++++ b/src/video/SDL_bmp.c Tue Jul 30 21:30:24 2019 +0300 +@@ -143,6 +143,11 @@ + (void) biYPelsPerMeter; + (void) biClrImportant; + ++ if (biWidth <= 0 || biHeight == 0) { ++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; + diff --git a/SOURCES/SDL-1.2.15-SDL_EnableUNICODE_drops_keyboard_events.patch b/SOURCES/SDL-1.2.15-SDL_EnableUNICODE_drops_keyboard_events.patch new file mode 100644 index 0000000..fdf910e --- /dev/null +++ b/SOURCES/SDL-1.2.15-SDL_EnableUNICODE_drops_keyboard_events.patch @@ -0,0 +1,73 @@ +# HG changeset patch +# User Sam Lantinga +# Date 1397799374 25200 +# Thu Apr 17 22:36:14 2014 -0700 +# Branch SDL-1.2 +# Node ID 0aade9c0203f717fe4b823a176c3c040f1a709f8 +# Parent 22a7f096bb9d4d596f35a93e33608825693462b0 +Fixed bug 2325 - SDL_EnableUNICODE sometimes drops keyboard events completely + +Rafał Mużyło + +The most annoying part of this bug is that though I've found it in two separate apps, I don't have a trivial testcase for it. + +The problem seems to be a condition race, as it's triggered quite randomly (therefore it will be hard to tell whether it really gets fixed, if a probable fix is found). + +While it's specific to SDL 1.2, it seems quite similar to the problem described and fixed in http://forums.libsdl.org/viewtopic.php?p=40503. + +Now, I should start describing the problem. + +A game uses Escape to open menu (the exact key might not be important). Upon opening, it calls SDL_EnableUNICODE(1). Upon closing it calls SDL_EnableUNICODE(0). + +I have an IME running. + +Game uses SDL_PollEvent to get the events. + +If Escape is pressed repeatedly, menu is opened and closed, till it eventually freezes in open state. +"freezes" in this context means "app itself still runs, but no keyboard events are getting delivered (though - for example - mouse events still are)". "getting delivered" should mean "SDL_PollEvent is not receiving any". +If it matters, the last delivered keyboard event is a keypress, the release never arrives. + +It seems (no guarantees, due to random nature of the freeze) that unsetting XMODIFIERS (which - AFAIU - will disable IME as far as SDL is concerned) prevents the freeze, therefore the reference to that SDL2 thread. + +diff -r 22a7f096bb9d -r 0aade9c0203f src/video/x11/SDL_x11events.c +--- a/src/video/x11/SDL_x11events.c Sun Dec 01 00:00:17 2013 -0500 ++++ b/src/video/x11/SDL_x11events.c Thu Apr 17 22:36:14 2014 -0700 +@@ -395,6 +395,8 @@ + { + int posted; + XEvent xevent; ++ int orig_event_type; ++ KeyCode orig_keycode; + + SDL_memset(&xevent, '\0', sizeof (XEvent)); /* valgrind fix. --ryan. */ + XNextEvent(SDL_Display, &xevent); +@@ -410,9 +412,29 @@ + #ifdef X_HAVE_UTF8_STRING + /* If we are translating with IM, we need to pass all events + to XFilterEvent, and discard those filtered events immediately. */ ++ orig_event_type = xevent.type; ++ if (orig_event_type == KeyPress || orig_event_type == KeyRelease) { ++ orig_keycode = xevent.xkey.keycode; ++ } else { ++ orig_keycode = 0; ++ } + if ( SDL_TranslateUNICODE + && SDL_IM != NULL + && XFilterEvent(&xevent, None) ) { ++ if (orig_keycode) { ++ SDL_keysym keysym; ++ static XComposeStatus state; ++ char keybuf[32]; ++ ++ keysym.scancode = xevent.xkey.keycode; ++ keysym.sym = X11_TranslateKeycode(SDL_Display, xevent.xkey.keycode); ++ keysym.mod = KMOD_NONE; ++ keysym.unicode = 0; ++ if (orig_event_type == KeyPress && XLookupString(&xevent.xkey, keybuf, sizeof(keybuf), NULL, &state)) ++ keysym.unicode = (Uint8)keybuf[0]; ++ ++ SDL_PrivateKeyboard(orig_event_type == KeyPress ? SDL_PRESSED : SDL_RELEASED, &keysym); ++ } + return 0; + } + #endif diff --git a/SOURCES/SDL-1.2.15-add_sdl_config_man.patch b/SOURCES/SDL-1.2.15-add_sdl_config_man.patch new file mode 100644 index 0000000..6cdf271 --- /dev/null +++ b/SOURCES/SDL-1.2.15-add_sdl_config_man.patch @@ -0,0 +1,90 @@ +diff -r 91ad7b43317a Makefile.in +--- a/Makefile.in Sun Jun 02 20:48:53 2013 +0600 ++++ b/Makefile.in Wed Jun 19 10:34:27 2013 +0200 +@@ -98,6 +98,11 @@ + $(SHELL) $(auxdir)/mkinstalldirs $(DESTDIR)$(libdir)/pkgconfig + $(INSTALL) -m 644 sdl.pc $(DESTDIR)$(libdir)/pkgconfig + install-man: ++ $(SHELL) $(auxdir)/mkinstalldirs $(DESTDIR)$(mandir)/man1 ++ for src in $(srcdir)/docs/man1/*.1; do \ ++ file=`echo $$src | sed -e 's|^.*/||'`; \ ++ $(INSTALL) -m 644 $$src $(DESTDIR)$(mandir)/man1/$$file; \ ++ done + $(SHELL) $(auxdir)/mkinstalldirs $(DESTDIR)$(mandir)/man3 + for src in $(srcdir)/docs/man3/*.3; do \ + file=`echo $$src | sed -e 's|^.*/||'`; \ +@@ -120,6 +125,10 @@ + rm -f $(DESTDIR)$(datadir)/aclocal/sdl.m4 + rm -f $(DESTDIR)$(libdir)/pkgconfig/sdl.pc + uninstall-man: ++ for src in $(srcdir)/docs/man1/*.1; do \ ++ file=`echo $$src | sed -e 's|^.*/||'`; \ ++ rm -f $(DESTDIR)$(mandir)/man1/$$file; \ ++ done + for src in $(srcdir)/docs/man3/*.3; do \ + file=`echo $$src | sed -e 's|^.*/||'`; \ + rm -f $(DESTDIR)$(mandir)/man3/$$file; \ +diff -r 91ad7b43317a docs/man1/sdl-config.1 +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ b/docs/man1/sdl-config.1 Wed Jun 19 10:34:27 2013 +0200 +@@ -0,0 +1,60 @@ ++.TH sdl-config 1 "2013-06-19" "SDL 1.2" ++.SH NAME ++sdl-config \- script to get information about the installed version of SDL ++.SH SYNOPSIS ++\fBsdl-config ++[\~--prefix[=\fIDIR\fP]\~] ++[\~--exec-prefix[=\fIDIR\fP]\~] ++[\~--version\~] [\~--cflags\~] [\~--libs\~] [\~--static-libs\~]\fR ++.SH DESCRIPTION ++.B sdl-config ++is a tool that is used to configure and determine the compiler and linker ++flags that should be used to compile and link programs, and libraries, and ++plugins that use SDL. It is also used internally by the m4 macros that are ++included with SDL. ++.SH OPTIONS ++.TP ++.B --cflags ++Print the compiler flags that are necessary to compile a program or library ++that uses SDL. ++.TP ++.BI --exec-prefix= DIR ++If specified, use ++.I DIR ++instead of the installation exec prefix that SDL was build with when computing ++the output for the --exec-prefix option. This option must be specified before ++any of the --cflags, and --libs options. ++.TP ++.B --libs ++Print the linker flags that are necessary to link a program that uses SDL. ++.TP ++.BI --prefix= DIR ++If specified, use DIR instead of the installation prefix that SDL was built ++with when computing the output for the --prefix, and --exec-prefix options. ++This option is also used for the exec prefix if --exec-prefix was not ++specified. This option must be specified before any of the --cflags, and ++--libs options. ++.TP ++.B --static-libs ++Print the linker flags that are necessary to statically link a program that uses SDL. ++.TP ++.B --version ++Prints the currently installed version of SDL on standard output. ++.SH EXAMPLES ++.TP ++gcc -o main.o $(sdl-config --cflags) main.c ++is how you might use ++.B sdl-config ++to compile a C source file for an executable program. ++.TP ++gcc -o my_app $(sdl-config --libs) main.o util.o ++is how you might use ++.B sdl-config ++to link compiled objects into an executable program. ++.SH AUTHOR ++The Simple DirectMedia Layer (SDL) library was written by Sam Lantinga. ++.PP ++This manual page was written by Branden Robinson, originally for Progeny ++Linux Systems, Inc., and the Debian Project. ++.PP ++This manual page was modified by Petr Pisar to match original SDL distribution. diff --git a/SOURCES/SDL-1.2.15-const_XData32.patch b/SOURCES/SDL-1.2.15-const_XData32.patch new file mode 100644 index 0000000..0f1c07c --- /dev/null +++ b/SOURCES/SDL-1.2.15-const_XData32.patch @@ -0,0 +1,16 @@ +libX11-1.5.99.901 has changed prototype of _XData32 + + + +diff -r b6b2829cd7ef src/video/x11/SDL_x11sym.h +--- a/src/video/x11/SDL_x11sym.h Wed Feb 27 15:20:31 2013 -0800 ++++ b/src/video/x11/SDL_x11sym.h Wed Mar 27 16:07:23 2013 +0100 +@@ -165,7 +165,7 @@ + */ + #ifdef LONG64 + SDL_X11_MODULE(IO_32BIT) +-SDL_X11_SYM(int,_XData32,(Display *dpy,register long *data,unsigned len),(dpy,data,len),return) ++SDL_X11_SYM(int,_XData32,(Display *dpy,register _Xconst long *data,unsigned len),(dpy,data,len),return) + SDL_X11_SYM(void,_XRead32,(Display *dpy,register long *data,long len),(dpy,data,len),) + #endif + diff --git a/SOURCES/SDL-1.2.15-ignore_insane_joystick_axis.patch b/SOURCES/SDL-1.2.15-ignore_insane_joystick_axis.patch new file mode 100644 index 0000000..33340fd --- /dev/null +++ b/SOURCES/SDL-1.2.15-ignore_insane_joystick_axis.patch @@ -0,0 +1,20 @@ +changeset: 6324:95abff7adcc2 +branch: SDL-1.2 +parent: 6306:2b923729fd01 +user: Ryan C. Gordon +date: Sun Jun 03 04:49:25 2012 -0400 +summary: Linux evdev: ignore joystick axis events if they aren't in a sane range. + +diff -r 2b923729fd01 -r 95abff7adcc2 src/joystick/linux/SDL_sysjoystick.c +--- a/src/joystick/linux/SDL_sysjoystick.c Sat May 12 23:32:51 2012 -0700 ++++ b/src/joystick/linux/SDL_sysjoystick.c Sun Jun 03 04:49:25 2012 -0400 +@@ -1106,6 +1106,9 @@ + } + break; + case EV_ABS: ++ if (code > ABS_MISC) { ++ break; ++ } + switch (code) { + case ABS_HAT0X: + case ABS_HAT0Y: diff --git a/SOURCES/SDL-1.2.15-no-default-backing-store.patch b/SOURCES/SDL-1.2.15-no-default-backing-store.patch new file mode 100644 index 0000000..4d5209d --- /dev/null +++ b/SOURCES/SDL-1.2.15-no-default-backing-store.patch @@ -0,0 +1,24 @@ +Do not harness backing store by default + +xorg-server 1.15 enables backing store if composite extension is enabled +(default settings). Harnessing backing store through compositor leads to +tearing effect. + +This patch reverts default harnessing backing store to conditional use if +SDL_VIDEO_X11_BACKINGSTORE environment variable exists. + + + + +diff -up SDL-1.2.15/src/video/x11/SDL_x11video.c.jx SDL-1.2.15/src/video/x11/SDL_x11video.c +--- SDL-1.2.15/src/video/x11/SDL_x11video.c.jx 2012-01-19 01:30:06.000000000 -0500 ++++ SDL-1.2.15/src/video/x11/SDL_x11video.c 2014-03-04 14:39:34.691545549 -0500 +@@ -1088,7 +1088,7 @@ static int X11_CreateWindow(_THIS, SDL_S + } + } + +-#if 0 /* This is an experiment - are the graphics faster now? - nope. */ ++#if 1 /* This is an experiment - are the graphics faster now? - nope. */ + if ( SDL_getenv("SDL_VIDEO_X11_BACKINGSTORE") ) + #endif + /* Cache the window in the server, when possible */ diff --git a/SOURCES/SDL-1.2.15-vec_perm-ppc64le.patch b/SOURCES/SDL-1.2.15-vec_perm-ppc64le.patch new file mode 100644 index 0000000..77c915b --- /dev/null +++ b/SOURCES/SDL-1.2.15-vec_perm-ppc64le.patch @@ -0,0 +1,87 @@ +Correct vec_perm() application on little-endian 64-bit PowerPC + +The LE transformation for vec_perm has an implicit assumption that the +permutation is being used to reorder vector elements (in this case 4-byte +integer word elements), not to reorder bytes within those elements. Although +this is legal behavior, it is not anticipated by the transformation performed +by the compilers. + +This causes pygame-1.9.1 test failure on PPC64LE because blitted pixmaps are +corrupted there due to how SDL uses vec_perm(). + + + +--- SDL-1.2.15/src/video/SDL_blit_N.c.ori 2017-09-04 05:56:17.759347525 -0400 ++++ SDL-1.2.15/src/video/SDL_blit_N.c 2017-09-06 05:36:20.570789610 -0400 +@@ -146,6 +146,32 @@ static vector unsigned char calc_swizzle + return(vswiz); + } + ++/* reorder bytes for PowerPC little endian */ ++static vector unsigned char reorder_ppc64le_vec(vector unsigned char vpermute) ++{ ++ /* The result vector of calc_swizzle32 reorder bytes using vec_perm. ++ The LE transformation for vec_perm has an implicit assumption ++ that the permutation is being used to reorder vector elements, ++ not to reorder bytes within those elements. ++ Unfortunatly the result order is not the expected one for powerpc ++ little endian when the two first vector parameters of vec_perm are ++ not of type 'vector char'. This is because the numbering from the ++ left for BE, and numbering from the right for LE, produces a ++ different interpretation of what the odd and even lanes are. ++ Refer to fedora bug 1392465 ++ */ ++ ++ const vector unsigned char ppc64le_reorder = VECUINT8_LITERAL( ++ 0x01, 0x00, 0x03, 0x02, ++ 0x05, 0x04, 0x07, 0x06, ++ 0x09, 0x08, 0x0B, 0x0A, ++ 0x0D, 0x0C, 0x0F, 0x0E ); ++ ++ vector unsigned char vswiz_ppc64le; ++ vswiz_ppc64le = vec_perm(vpermute, vpermute, ppc64le_reorder); ++ return(vswiz_ppc64le); ++} ++ + static void Blit_RGB888_RGB565(SDL_BlitInfo *info); + static void Blit_RGB888_RGB565Altivec(SDL_BlitInfo *info) { + int height = info->d_height; +@@ -631,6 +657,12 @@ static void Blit32to32KeyAltivec(SDL_Bli + vsel = (vector unsigned char)vec_and(vs, vrgbmask); + vsel = (vector unsigned char)vec_cmpeq(vs, vckey); + /* permute the src vec to the dest format */ ++ ++#if defined(__powerpc__) && (SDL_BYTEORDER == SDL_LIL_ENDIAN) ++ /* reorder bytes for PowerPC little endian */ ++ vpermute = reorder_ppc64le_vec(vpermute); ++#endif ++ + vs = vec_perm(vs, valpha, vpermute); + /* load the destination vec */ + vd = vec_ld(0, dstp); +@@ -704,6 +736,12 @@ static void ConvertAltivec32to32_noprefe + src += 4; + width -= 4; + vbits = vec_perm(vbits, voverflow, valigner); /* src is ready. */ ++ ++#if defined(__powerpc__) && (SDL_BYTEORDER == SDL_LIL_ENDIAN) ++ /* reorder bytes for PowerPC little endian */ ++ vpermute = reorder_ppc64le_vec(vpermute); ++#endif ++ + vbits = vec_perm(vbits, vzero, vpermute); /* swizzle it. */ + vec_st(vbits, 0, dst); /* store it back out. */ + dst += 4; +@@ -786,6 +824,12 @@ static void ConvertAltivec32to32_prefetc + src += 4; + width -= 4; + vbits = vec_perm(vbits, voverflow, valigner); /* src is ready. */ ++ ++#if defined(__powerpc__) && (SDL_BYTEORDER == SDL_LIL_ENDIAN) ++ /* reorder bytes for PowerPC little endian */ ++ vpermute = reorder_ppc64le_vec(vpermute); ++#endif ++ + vbits = vec_perm(vbits, vzero, vpermute); /* swizzle it. */ + vec_st(vbits, 0, dst); /* store it back out. */ + dst += 4; diff --git a/SOURCES/SDL_config.h b/SOURCES/SDL_config.h new file mode 100644 index 0000000..7fa21b5 --- /dev/null +++ b/SOURCES/SDL_config.h @@ -0,0 +1,78 @@ +/* + SDL - Simple DirectMedia Layer + Copyright (C) 1997-2006 Sam Lantinga + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + Sam Lantinga + slouken@libsdl.org +*/ + +/* + * This SDL_config.h is a wrapper include file for the original SDL_config.h, + * which has been renamed to SDL_config-.h. There are conflicts for the + * original SDL_config.h on multilib systems, which result from arch-specific + * configuration options. Please do not use the arch-specific file directly. + * + * Copyright (C) 2006 Red Hat, Inc. + * Thomas Woerner + */ + +#ifdef SDL_config_wrapper_h +#error "SDL_config_wrapper_h should not be defined!" +#endif +#define SDL_config_wrapper_h + +#if defined(__i386__) +#include "SDL_config-i386.h" +#elif defined(__ia64__) +#include "SDL_config-ia64.h" +#elif defined(__powerpc64__) +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +#include "SDL_config-ppc64.h" +#else +#include "SDL_config-ppc64le.h" +#endif +#elif defined(__powerpc__) +#include "SDL_config-ppc.h" +#elif defined(__s390x__) +#include "SDL_config-s390x.h" +#elif defined(__s390__) +#include "SDL_config-s390.h" +#elif defined(__x86_64__) +#include "SDL_config-x86_64.h" +#elif defined(__arm__) +#include "SDL_config-arm.h" +#elif defined(__alpha__) +#include "SDL_config-alpha.h" +#elif defined(__sparc__) && defined (__arch64__) +#include "SDL_config-sparc64.h" +#elif defined(__sparc__) +#include "SDL_config-sparc.h" +#elif defined(__aarch64__) +#include "SDL_config-aarch64.h" +#elif defined(__mips64) && defined(__MIPSEL__) +#include "SDL_config-mips64el.h" +#elif defined(__mips64) +#include "SDL_config-mips64.h" +#elif defined(__mips) && defined(__MIPSEL__) +#include "SDL_config-mipsel.h" +#elif defined(__mips) +#include "SDL_config-mips.h" +#else +#error "The SDL-devel package is not usable with the architecture." +#endif + +#undef SDL_config_wrapper_h diff --git a/SOURCES/repackage.sh b/SOURCES/repackage.sh new file mode 100755 index 0000000..44d3a34 --- /dev/null +++ b/SOURCES/repackage.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# +# Copyright (C) 2010 Red Hat, Inc. +# Authors: +# Thomas Woerner +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +version=$1 +[ -z "$version" ] && { echo "Usage: $0 "; exit 1; } + +# files to be removed without the main SDL-/ prefix +declare -a REMOVE +REMOVE[${#REMOVE[*]}]="symbian.zip" + +# no changes below this line should be needed + +orig="SDL-${version}" +orig_tgz="${orig}.tar.gz" +repackaged="${orig}_repackaged" +repackaged_tar="${repackaged}.tar" +repackaged_tgz="${repackaged_tar}.gz" + +# pre checks +[ ! -f "${orig_tgz}" ] && { echo "ERROR: ${orig_tgz} does not exist"; exit 1; } +[ -f "${repackaged_tgz}" ] && { echo "ERROR: ${repackaged_tgz} already exist"; exit 1; } + +# repackage +failure=0 +gzip -dc "${orig_tgz}" > "${repackaged_tar}" +for file in "${REMOVE[@]}"; do + tar -f "${repackaged_tar}" --delete "${orig}/${file}" >> repackage.log + [ $? != 0 ] && { echo "ERROR: Could not remove file ${orig}/${file} from archive."; failure=1; } || echo "Removed ${orig}/${file} from archive." +done +[ $failure != 0 ] && { echo "See repackage.log for details."; exit 1; } +gzip -9 -n "${repackaged_tar}" + +# post checks +RET=0 +for file in "${REMOVE[@]}"; do + found=$(tar -ztvf "${repackaged_tgz}" | grep "${file}") + [ -n "$found" ] && { echo "ERROR: file ${file} is still in the repackaged archive."; RET=1; } +done + +[ $RET == 0 ] && echo "Sucessfully repackaged ${orig}: ${repackaged_tgz}" + +exit $RET diff --git a/SPECS/SDL.spec b/SPECS/SDL.spec new file mode 100644 index 0000000..b837c83 --- /dev/null +++ b/SPECS/SDL.spec @@ -0,0 +1,829 @@ +%if 0%{?rhel} +%bcond_with arts +%bcond_with esound +%bcond_with nas +%else +%bcond_without arts +%bcond_without esound +%bcond_without nas +%endif + +Name: SDL +Version: 1.2.15 +Release: 38%{?dist} +Summary: A cross-platform multimedia library +URL: http://www.libsdl.org/ +# The license of the file src/video/fbcon/riva_mmio.h is bad, but the contents +# of the file has been relicensed to MIT in 2008 by Nvidia for the +# xf86_video-nv driver, therefore it can be considered ok. +# The license in the file src/stdlib/SDL_qsort.c is bad, but author relicensed +# it to zlib on 2016-02-21, +# , bug #1381888. +License: LGPLv2+ +# Source: http://www.libsdl.org/release/%%{name}-%%{version}.tar.gz +# To create the repackaged archive use ./repackage.sh %%{version} +Source0: %{name}-%{version}_repackaged.tar.gz +Source1: SDL_config.h +Source2: repackage.sh +Patch0: SDL-1.2.12-multilib.patch +# Rejected by upstream as sdl1155, rh480065 +Patch1: SDL-1.2.10-GrabNotViewable.patch +# Proposded to upstream as sdl1769 +Patch2: SDL-1.2.15-const_XData32.patch +# sdl-config(1) manual from Debian, rh948864 +Patch3: SDL-1.2.15-add_sdl_config_man.patch +# Upstream fix for sdl1486, rh990677 +Patch4: SDL-1.2.15-ignore_insane_joystick_axis.patch +# Do not use backing store by default, sdl2383, rh1073057, rejected by +# upstream +Patch5: SDL-1.2.15-no-default-backing-store.patch +# Fix processing keyboard events if SDL_EnableUNICODE() is enabled, sdl2325, +# rh1126136, in upstream after 1.2.15 +Patch6: SDL-1.2.15-SDL_EnableUNICODE_drops_keyboard_events.patch +# Fix vec_perm() usage on little-endian 64-bit PowerPC, bug #1392465 +Patch7: SDL-1.2.15-vec_perm-ppc64le.patch +#fixed upstream +Patch8: 0001-Fixed-bug-4108-Missing-break-statements-in-SDL_CDRes.patch +#fixes for small errors +Patch9: 0001-fix-small-errors-detected-by-coverity.patch +# upstream bug #4538, in upstream after 1.2.15 +Patch10: SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch + +Patch11: 0001-CVE-2019-7572-Fix-a-buffer-overread-in-IMA_ADPCM_nib.patch +Patch12: 0002-CVE-2019-7578-Fix-a-buffer-overread-in-InitIMA_ADPCM.patch +Patch13: 0003-CVE-2019-7574-Fix-a-buffer-overread-in-IMA_ADPCM_dec.patch +Patch14: 0004-CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_deco.patch +Patch15: 0005-CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_nibb.patch +Patch16: 0006-CVE-2019-7572-Fix-a-buffer-overwrite-in-IMA_ADPCM_de.patch +Patch17: 0007-CVE-2019-7573-CVE-2019-7576-Fix-buffer-overreads-in-.patch +Patch18: 0008-CVE-2019-7575-Fix-a-buffer-overwrite-in-MS_ADPCM_dec.patch +Patch19: 0009-CVE-2019-7635-Reject-BMP-images-with-pixel-colors-ou.patch +Patch20: 0010-CVE-2019-7638-CVE-2019-7636-Refuse-loading-BMP-image.patch +Patch21: 0011-CVE-2019-7637-Fix-in-integer-overflow-in-SDL_Calcula.patch + +BuildRequires: alsa-lib-devel +%if %{with arts} +BuildRequires: arts-devel +%endif +BuildRequires: coreutils +%if %{with esound} +BuildRequires: esound-devel +%endif +BuildRequires: gcc +BuildRequires: glibc-common +BuildRequires: mesa-libGL-devel +BuildRequires: mesa-libGLU-devel +BuildRequires: libXext-devel +BuildRequires: libX11-devel +BuildRequires: libXrandr-devel +BuildRequires: libXrender-devel +BuildRequires: make +%if %{with nas} +BuildRequires: nas-devel +%endif +%ifarch %{ix86} +BuildRequires: nasm +%endif +BuildRequires: pulseaudio-libs-devel +%if %{with esound} +BuildRequires: sed +%endif +# Autotools +BuildRequires: automake +BuildRequires: autoconf +BuildRequires: libtool + +%description +Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed +to provide fast access to the graphics frame buffer and audio device. + +%package devel +Summary: Files needed to develop Simple DirectMedia Layer applications +Requires: SDL%{?_isa} = %{version}-%{release} +Requires: alsa-lib-devel +Requires: mesa-libGL-devel +Requires: mesa-libGLU-devel +Requires: libX11-devel +Requires: libXext-devel +Requires: libXrandr-devel +Requires: libXrender-devel + +%description devel +Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed +to provide fast access to the graphics frame buffer and audio device. This +package provides the libraries, include files, and other resources needed for +developing SDL applications. + +%package static +Summary: Files needed to develop static Simple DirectMedia Layer applications +Requires: SDL-devel%{?_isa} = %{version}-%{release} + +%description static +Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed +to provide fast access to the graphics frame buffer and audio device. This +package provides the static libraries needed for developing static SDL +applications. + +%prep +%setup -q -b0 +%patch0 -p1 +%patch1 -p0 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 + +for F in CREDITS; do + iconv -f iso8859-1 -t utf-8 < "$F" > "${F}.utf" + touch --reference "$F" "${F}.utf" + mv "${F}.utf" "$F" +done +%if %{without esound} +# Compilation without ESD +sed -i -e 's/.*AM_PATH_ESD.*//' configure.in +%endif +# Update config.sub to support aarch64, bug #926510 +cp -p /usr/share/automake-*/config.{sub,guess} build-scripts + +%build +aclocal +libtoolize +autoconf +%configure \ + --disable-video-svga \ + --disable-video-ggi \ + --disable-video-aalib \ + --enable-sdl-dlopen \ +%if %{with arts} + --enable-arts-shared \ +%else + --disable-arts \ +%endif +%if %{with esound} + --enable-esd-shared \ +%else + --disable-esd \ +%endif +%if %{with nas} + --enable-nas-shared \ +%else + --disable-nas \ +%endif + --enable-pulseaudio-shared \ + --enable-alsa \ + --disable-video-ps3 \ + --disable-rpath +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} + +# Rename SDL_config.h to SDL_config-.h to avoid file conflicts on +# multilib systems and install SDL_config.h wrapper +mv %{buildroot}/%{_includedir}/SDL/SDL_config.h %{buildroot}/%{_includedir}/SDL/SDL_config-%{_arch}.h +install -m644 %{SOURCE1} %{buildroot}/%{_includedir}/SDL/SDL_config.h + +# remove libtool .la file +rm -f %{buildroot}%{_libdir}/*.la + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%license COPYING +%doc BUGS CREDITS README-SDL.txt +%{_libdir}/lib*.so.* + +%files devel +%doc README docs.html docs/html docs/index.html TODO WhatsNew +%{_bindir}/*-config +%{_libdir}/lib*.so +%{_libdir}/pkgconfig/sdl.pc +%{_includedir}/SDL +%{_datadir}/aclocal/* +%{_mandir}/man1/* +%{_mandir}/man3/SDL*.3* + +%files static +%{_libdir}/lib*.a + +%changelog +* Tue Dec 15 2020 Owen Taylor - 1.2.15-38 +- Copy config.{sub,guess} from /usr/share/automake +- Resolves: rhbz#1907508 + +* Mon Mar 23 2020 Wim Taymans - 1.2.15-38 +- fix CVEs +- Resolves: rhbz#1716209, rhbz#1716210, rhbz#1716211, rhbz#1716212, + rhbz#1716213, rhbz#1716214, rhbz#1716215, rhbz#1716216, + rhbz#1716217, rhbz#1716218, rhbz#1716219 + +* Thu Nov 21 2019 Wim Taymans - 1.2.15-37 +- Rebuild +- Resolves: rhbz#1756279 + +* Fri Aug 30 2019 Petr Pisar - 1.2.15-36 +- Fix CVE-2019-13616 (a heap buffer over-read in BlitNtoN) (bug #1747237) +- Resolves: rhbz#1756279 + +* Mon May 27 2019 Wim Taymans - 1.2.15-35 +- Rebuild after gating +- Resolves: rhbz#1602687 + +* Tue Apr 30 2019 Wim Taymans - 1.2.15-34 +- Rebuild +- Resolves: rhbz#1602687 + +* Mon Apr 29 2019 Wim Taymans - 1.2.15-33 +- Small fixes for problems found by coverity +- Resolves: rhbz#1602687 + +* Thu Aug 16 2018 Wim Taymans - 1.2.15-32 +- Fix wrong fall throughs in cdrom +- Resolves: rhbz#1602687 + +* Tue Jul 17 2018 Wim Taymans - 1.2.15-31 +- Remove obsolete audiofile-devel BR + +* Wed Feb 07 2018 Fedora Release Engineering - 1.2.15-30 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Sep 19 2017 Petr Pisar - 1.2.15-29 +- Fix vec_perm() usage on little-endian 64-bit PowerPC (bug #1392465) + +* Wed Aug 02 2017 Fedora Release Engineering - 1.2.15-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Sun Jul 30 2017 Florian Weimer - 1.2.15-27 +- Rebuild with binutils fix for ppc64le (#1475636) + +* Wed Jul 26 2017 Fedora Release Engineering - 1.2.15-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 25 2017 Petr Pisar - 1.2.15-25 +- Rebuild with newer GCC to fix miscompilation on PowerPC (bug #1427880) + +* Fri Feb 10 2017 Fedora Release Engineering - 1.2.15-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 10 2017 Petr Pisar - 1.2.15-23 +- Enable setting gamma by programing palette as supported by xorg-server + 1.19.0 again (bug #891973) + +* Wed Feb 03 2016 Fedora Release Engineering - 1.2.15-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Oct 22 2015 Petr Pisar - 1.2.15-20 +- Enable support for ESound + +* Fri Sep 04 2015 Michal Toman - 1.2.15-19 +- Add support for MIPS architecture to SDL_config.h +- Disable support for ESound + +* Tue Jun 16 2015 Fedora Release Engineering - 1.2.15-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Aug 15 2014 Fedora Release Engineering - 1.2.15-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Aug 04 2014 Petr Pisar - 1.2.15-16 +- Fix processing keyboard events if SDL_EnableUNICODE() is enabled + (bug #1126136) + +* Fri Jun 06 2014 Fedora Release Engineering - 1.2.15-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Mar 07 2014 Petr Pisar - 1.2.15-14 +- Do not harness backing store by default. Export SDL_VIDEO_X11_BACKINGSTORE + environment variable to enable it. (bug #1073057) + +* Fri Jan 17 2014 Petr Pisar - 1.2.15-13 +- Add support for ppc64le architecture (bug #1054397) + +* Thu Dec 05 2013 Petr Pisar - 1.2.15-12 +- Ignore joystick axis events if they aren't in a sane range (bug #990677) + +* Tue Jul 30 2013 Petr Pisar - 1.2.15-11 +- Fix a typo in controlling NAS support + +* Fri Jul 26 2013 Petr Pisar - 1.2.15-10 +- Add esound and arts support (bug #851349) +- Add NAS support + +* Wed Jun 19 2013 Petr Pisar - 1.2.15-9 +- Add sdl-config(1) manual page (bug #948864) + +* Thu May 23 2013 Petr Pisar - 1.2.15-8 +- Update header files to support aarch64 (bug #966115) + +* Wed Mar 27 2013 Petr Pisar - 1.2.15-7 +- Update config.sub to support aarch64 (bug #926510) +- Adapt to libX11-1.5.99.901 + +* Wed Feb 13 2013 Fedora Release Engineering - 1.2.15-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 23 2013 Petr Pisar - 1.2.15-5 +- Work around bug in Xorg to allow changing gamma on X11 (bug #891973) + +* Mon Sep 10 2012 Petr Pisar - 1.2.15-4 +- GL and GLU headers have been moved to mesa-GL-devel and mesa-GLU-devel + +* Thu Aug 23 2012 Matthias Clasen - 1.2.15-3 +- Drop esound and arts support (bug #851349) + +* Wed Jul 18 2012 Fedora Release Engineering - 1.2.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Feb 23 2012 Petr Pisar - 1.2.15-1 +- Beautify spec code +- 1.2.15 bump + +* Thu Jan 19 2012 Petr Pisar - 1.2.14-16 +- Replace my patch with upstream one (bug #782251) + +* Tue Jan 17 2012 Petr Pisar - 1.2.14-15 +- Restore compatibility with libX11-1.4.99.1 (bug #782251) + +* Thu Jan 12 2012 Fedora Release Engineering - 1.2.14-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Aug 26 2011 Petr Pisar - 1.2.14-13 +- Don't block SDL_WM_GrabInput() if window is not viewable (bug #480065) + +* Thu Feb 24 2011 Petr Pisar - 1.2.14-12 +- Adapt to nasm-2.09 (bug #678818) + +* Fri Feb 18 2011 Petr Pisar - 1.2.14-11 +- Correct patch application +- Make intradependecies architecture specific + +* Fri Feb 18 2011 Petr Pisar - 1.2.14-10 +- Do not call memcpy() on overlapping areas (bug #669844) + +* Mon Feb 07 2011 Fedora Release Engineering - 1.2.14-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Aug 16 2010 Petr Pisar - 1.2.14-8 +- Kernel joystick structure has grown in unknown 2.6 Linux version (rh624241, + sdl900) + +* Thu Aug 12 2010 Petr Pisar - 1.2.14-7 +- Fix left button press event in windowed mode (rh556608, sdl894) +- Remove unrecognized --disable-debug and --enable-dlopen configure options + (rh581056) + +* Mon Aug 02 2010 Petr Pisar - 1.2.14-6 +- Make repacked source tar ball relative +- Remove useless src/joystick/darwin/10.3.9-FIX/IOHIDLib.h because of APSL-2.0 + license +- Apply SDL-1.2.14-xio_error-rh603984.patch (rh603984, sdl1009) +- Escape spec file comments +- Convert CREDITS to UTF-8 + +* Wed Jun 23 2010 Hans de Goede 1.2.14-5 +- Don't crash when trying to exit because of an xio-error (rh603984, sdl1009) + +* Wed Mar 24 2010 Thomas Woerner 1.2.14-4 +- added repackage.sh script to remove joyos2,h and symbian.zip because of + licensing problems +- added comment about riva_mmio.h license + +* Tue Feb 16 2010 Josh Boyer 1.2.14-3 +- disable ps3 video support that was added in 2.14. It fails to + build on ppc/ppc64 + +* Fri Feb 12 2010 Thomas Woerner 1.2.14-2 +- fixed build for libtool 2.2.6 in F-13 (rhbz#555501) + +* Tue Oct 27 2009 Thomas Woerner 1.2.14-1 +- new version 1.2.14 +- dropped patches for upstream fixes: libdir, dynamic-esd, x11dyn64, + dynamic-pulse, pa-rewrite, rh484362 and rh487720 + +* Fri Jul 24 2009 Fedora Release Engineering - 1.2.13-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Apr 7 2009 Thomas Woerner 1.2.13-9 +- fixed qemu-kvm segfaults on startup in SDL_memcpyMMX/SSE (rhbz#487720) + upstream patch + +* Mon Feb 23 2009 Fedora Release Engineering - 1.2.13-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Feb 13 2009 Hans de Goede 1.2.13-7 +- Rewrite pulseaudio support to stop the crackle crackle with the + new glitch free pulseaudio, this also gives us much better latency, + as good as with directly using alsa (rh 474745, sdl 698) +- Workaround an obscure bug in the inline-asm revcpy function (by disabling it) + This fixes Ri-li crashing on i386 (rh 484121, rh 484362, sdl 699) + +* Tue Sep 2 2008 Thomas Woerner 1.2.13-6 +- dropped pulseaudio hack (rhbz#448270) +- pulseaudio is now used by default +- simplified spec file for new architecture support (rhbz#433618) + +* Mon Jul 14 2008 Tom "spot" Callaway 1.2.13-5 +- fix license tag + +* Wed May 28 2008 Dennis Gilmore 1.2.13-4 +- fix sparc multilib handling + +* Mon Apr 7 2008 Thomas Woerner 1.2.13-3 +- updated PulseAudio driver (rhbz#439847) + Thanks to Lennart Poettering for the patch + +* Fri Feb 1 2008 Thomas Woerner 1.2.13-2 +- new static sub package for static libraries + +* Mon Jan 7 2008 Thomas Woerner 1.2.13-1 +- new version 1.2.13 + - fixes i810 video overlay problem (rhbz#310841) + - fixes c++ style comments in header files (rhbz#426475) +- review fixes: spec file cleanup, dropped static libs (rhbz#226402) +- fixed pulseaudio hack scripts from Warren for multilib systems (rhbz#426579) +- fixed pulseaudio detection in configure to enable dynamic use of pulseaudio + libraries + +* Fri Dec 21 2007 Warren Togami 1.2.12-5 +- correct stupid mistake that broke SDL-devel + RPM should error out if a SourceX is defined twice... + +* Wed Dec 19 2007 Warren Togami 1.2.12-4 +- Build with --enable-pulseaudio-shared for testing purposes (#343911) + It is known to not work in some cases, so not enabled by default. +- Move pulseaudio enabler hack from SDL_mixer (#426275) +- Make pulseaudio enabler hack conditional. It will only attempt to use it if + alsa-plugins-pulseaudio is installed. + +* Tue Nov 6 2007 Thomas Woerner 1.2.12-3 +- fixed latest multiarch conflicts: dropped libdir from sdl-config completely + (rhbz#343141) + +* Tue Aug 28 2007 Thomas Woerner 1.2.12-2 +- use uname -m in multilib patch instead of arch + +* Mon Aug 27 2007 Thomas Woerner 1.2.12-1 +- new version 1.2.12 + fixes TEXTRELs (rhbz#179407) +- added arm support (rhbz#245411) + Thanks to Lennert Buytenhek for the patch +- added alpha support (rhbz#246463) + Thanks to Oliver Falk for the patch +- disabled yasm for SDL (rhbz#234823) + Thanks to Nikolay Ulyanitsky for the patch + +* Tue Mar 20 2007 Thomas Woerner 1.2.11-2 +- use X11 dlopen code for 64 bit architectures (rhbz#207903) + +* Mon Mar 19 2007 Thomas Woerner 1.2.11-1 +- new version 1.2.11 +- fixed man page SDL_ListModes (rhbz#208212) +- fixed spurious esound, audiofile dependencies (rhbz#217389) + Thanks to Ville Skyttä for the patch +- dropped requirements for imake and libXt-devel (rhbz#226402) +- made nasm arch %%{ix86} only (rhbz#226402) +- dropped O3 from options (rhbz#226402) +- dropped tagname environment variable (rhbz#226402) + +* Thu Nov 2 2006 Thomas Woerner 1.2.10-9 +- fixed arch order in SDL_config.h wrapper + +* Fri Oct 27 2006 Thomas Woerner 1.2.10-8 +- fixed multilib conflicts for SDL (#212288) + +* Wed Jul 26 2006 Thomas Woerner 1.2.10-6.2 +- setting the X11 lib and include paths hard to get shared X11 support on all + architectures + +* Wed Jul 26 2006 Thomas Woerner 1.2.10-6.1 +- added build requires for automake and autoconf + +* Tue Jul 25 2006 Thomas Woerner 1.2.10-6 +- dropped libXt build requires, because libSDL does not need libXt at all - + this was an autofoo bug (fixed already) +- fixed multilib devel conflicts (#192749) +- added buidrequires for imake: AC_PATH_X needs imake currently + +* Wed Jul 12 2006 Jesse Keating - 1.2.10-5 +- rebuild +- use %%configure macro + +* Tue Jun 20 2006 Christopher Stone 1.2.10-4 +- added missing (build) requires for libXt libXrender libXrandr +- remove %%makeinstall macro (bad practice) +- use %%{buildroot} macro consistantly + +* Tue Jun 6 2006 Thomas Woerner 1.2.10-2 +- added missing (build) requires for GL and GLU + +* Mon May 22 2006 Thomas Woerner 1.2.10-1 +- new version 1.2.10 +- dropped the following patches because they are not needed anymore: + ppc_modes, gcc4, yuv_mmx_gcc4 and no_exec_stack +- new pagesize patch (drop PAGE_SIZE, use sysconf(_SC_PAGESIZE) instead) + +* Mon Feb 13 2006 Jesse Keating - 1.2.9-5.2.1 +- rebump for build order issues during double-long bump + +* Fri Feb 10 2006 Jesse Keating - 1.2.9-5.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.2.9-5.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Jan 27 2006 Thomas Woerner 1.2.9-5 +- added upstream no exec stack patch + +* Thu Jan 26 2006 Thomas Woerner 1.2.9-4 +- prefer alsa sound output, then artsd and esd + +* Tue Jan 24 2006 Thomas Woerner 1.2.9-3 +- dropped libtool .la files from devel package + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 16 2005 Thomas Woerner 1.2.9-2.1 +- fixed build requires + +* Tue Nov 15 2005 Warren Togami 1.2.9-2 +- -devel req actual X libs + +* Mon Nov 7 2005 Thomas Woerner 1.2.9-1 +- new version 1.2.9 with additional gcc4 fixes +- using xorg-x11-devel instead of XFree86-devel + +* Thu May 26 2005 Bill Nottingham 1.2.8-3.2 +- fix configure script for libdir so library deps are identical on all + arches (#158346) + +* Thu Apr 14 2005 Thomas Woerner 1.2.8-3.1 +- new version of the gcc4 fix + +* Tue Apr 12 2005 Thomas Woerner 1.2.8-3 +- fixed gcc4 compile problems +- fixed x86_64 endian problem + +* Wed Feb 9 2005 Thomas Woerner 1.2.8-2 +- rebuild + +* Fri Dec 17 2004 Thomas Woerner 1.2.8-1 +- new version 1.2.8 + +* Thu Oct 14 2004 Thomas Woerner 1.2.7-8 +- added patch from SDL CVS for arts detection/initialization problem (#113831) + +* Wed Sep 29 2004 Thomas Woerner 1.2.7-7.1 +- moved to new autofoo utils + +* Fri Jul 9 2004 Thomas Woerner 1.2.7-7 +- fixed resolution switching for ppc (#127254) + +* Mon Jun 21 2004 Thomas Woerner 1.2.7-6 +- fixed gcc34 build problems + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Mon May 24 2004 Thomas Woerner 1.2.7-4 +- added requires for alsa-lib-devel (#123374) + +* Wed Mar 31 2004 Harald Hoyer - 1.2.7-3 +- fixed gcc34 compilation issues + +* Wed Mar 10 2004 Thomas Woerner 1.2.7-2.1 +- added buildrequires for alsa-lib-devel +- now using automake 1.5 + +* Tue Mar 9 2004 Thomas Woerner 1.2.7-2 +- Fixed SDL requires for devel package + +* Tue Mar 02 2004 Elliot Lee +- rebuilt +- Revive SDL-ppc64.patch + +* Mon Mar 1 2004 Thomas Woerner 1.2.7-1 +- new version 1.2.7 + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Thu Feb 5 2004 Thomas Woerner 1.2.6-3.1 +- disabled several video modes, hopefuilly fixes (#113831) + +* Thu Jan 29 2004 Thomas Woerner 1.2.6-3 +- fix for alsa 1.0 + +* Tue Nov 25 2003 Thomas Woerner 1.2.6-2 +- removed rpath +- using O3 instead of O2, now (SDL_RLEaccel.c compile error) +- added BuildRequires for nasm + +* Tue Sep 2 2003 Thomas Woerner 1.2.6-1 +- new version 1.2.6 + +* Thu Aug 7 2003 Elliot Lee 1.2.5-9 +- Fix libtool + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed Jun 4 2003 Than Ngo 1.2.5-7 +- fix build problem with gcc 3.3 +- clean up specfile + +* Mon May 19 2003 Thomas Woerner 1.2.5-5 +- rebuild + +* Tue Apr 15 2003 Thomas Woerner 1.2.5-4 +- X11 modes fix (use more than 60 Hz, when possible) + +* Mon Feb 17 2003 Elliot Lee 1.2.5-3.5 +- ppc64 fix + +* Mon Feb 10 2003 Thomas Woerner 1.2.5-3 +- added -fPIC to LDFLAGS + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Dec 10 2002 Thomas Woerner 1.2.5-1 +- new version 1.2.5 +- disabled conflicting automake16 patch +- dgavideo modes fix (#78861) + +* Sun Dec 01 2002 Elliot Lee 1.2.4-7 +- Fix unpackaged files by including them. +- _smp_mflags + +* Fri Nov 29 2002 Tim Powers 1.2.4-6 +- remove unpackaged files from the buildroot +- lib64'ize + +* Sat Jul 20 2002 Florian La Roche +- do not require nasm for mainframe + +* Tue Jul 2 2002 Bernhard Rosenkraenzer 1.2.4-4 +- Fix bug #67255 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Bernhard Rosenkraenzer 1.2.4-1 +- 1.2.4 +- Fix build with automake 1.6 + +* Mon Mar 11 2002 Bernhard Rosenkraenzer 1.2.3-7 +- Fix AM_PATH_SDL automake macro with AC_LANG(c++) (#60533) + +* Thu Feb 28 2002 Bernhard Rosenkraenzer 1.2.3-6 +- Rebuild in current environment + +* Thu Jan 24 2002 Bernhard Rosenkraenzer 1.2.3-5 +- dlopen() aRts and esd rather than linking directly to them. +- make sure aRts and esd are actually used if they're running. + +* Mon Jan 21 2002 Bernhard Rosenkraenzer 1.2.3-4 +- Don't crash without xv optimization: BuildRequire a version of nasm that + works. + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Mon Dec 17 2001 Bernhard Rosenkraenzer 1.2.3-2 +- Rebuild with new aRts, require arts-devel rather than kdelibs-sound-devel +- Temporarily exclude alpha (compiler bugs) + +* Thu Nov 22 2001 Bernhard Rosenkraenzer 1.2.3-1 +- 1.2.3 + +* Sat Nov 17 2001 Bernhard Rosenkraenzer 1.2.2-5 +- Add workaround for automake 1.5 asm bugs + +* Tue Oct 30 2001 Bernhard Rosenkraenzer 1.2.2-4 +- Make sure -fPIC is used on all architectures (#55039) +- Fix build with autoconf 2.5x + +* Fri Aug 31 2001 Bill Nottingham 1.2.2-3 +- rebuild (fixes #50750??) + +* Thu Aug 2 2001 Bernhard Rosenkraenzer 1.2.2-2 +- SDL-devel should require esound-devel and kdelibs-sound-devel (#44884) + +* Tue Jul 24 2001 Bernhard Rosenkraenzer 1.2.2-1 +- Update to 1.2.2; this should fix #47941 +- Add build dependencies + +* Tue Jul 10 2001 Elliot Lee 1.2.1-3 +- Rebuild to eliminate libXv/libXxf86dga deps. + +* Fri Jun 29 2001 Preston Brown +- output same libraries for sdl-config whether --libs or --static-libs + selected. Fixes compilation of most SDL programs. +- properly packaged new HTML documentation + +* Sun Jun 24 2001 Bernhard Rosenkraenzer 1.2.1-1 +- 1.2.1 + +* Mon May 7 2001 Bernhard Rosenkraenzer 1.2.0-2 +- Add Bill's byteorder patch + +* Sun Apr 15 2001 Bernhard Rosenkraenzer +- 1.2.0 + +* Tue Feb 27 2001 Karsten Hopp +- SDL-devel requires SDL + +* Tue Jan 16 2001 Bernhard Rosenkraenzer +- Require arts rather than kdelibs-sound + +* Sun Jan 7 2001 Bernhard Rosenkraenzer +- 1.1.7 + +* Tue Oct 24 2000 Bernhard Rosenkraenzer +- 1.1.6 + +* Mon Aug 7 2000 Bernhard Rosenkraenzer +- build against new DGA +- update to 1.1.4, remove patches (they're now in the base release) + +* Tue Aug 1 2000 Bernhard Rosenkraenzer +- %%post -p /sbin/ldconfig (Bug #14928) +- add URL + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Sun Jun 18 2000 Bill Nottingham +- replace patch that fell out of SRPM + +* Tue Jun 13 2000 Preston Brown +- FHS paths +- use 1.1 (development) version; everything even from Loki links to it! + +* Thu May 4 2000 Bill Nottingham +- autoconf fixes for ia64 + +* Mon Apr 24 2000 Tim Powers +- updated to 1.0.8 + +* Tue Feb 15 2000 Tim Powers +- updated to 1.0.4, fixes problems when run in 8bpp + +* Tue Feb 01 2000 Tim Powers +- applied patch from Hans de Goede for fullscreen toggling. +- using --enable-video-x11-dgamouse since it smoothes the mouse some. + +* Sun Jan 30 2000 Tim Powers +- updated to 1.0.3, bugfix update + +* Fri Jan 28 2000 Tim Powers +- fixed group etc + +* Fri Jan 21 2000 Tim Powers +- build for 6.2 Powertools + +* Wed Jan 19 2000 Sam Lantinga +- Re-integrated spec file into SDL distribution +- 'name' and 'version' come from configure +- Some of the documentation is devel specific +- Removed SMP support from %%build - it doesn't work with libtool anyway + +* Tue Jan 18 2000 Hakan Tandogan +- Hacked Mandrake sdl spec to build 1.1 + +* Sun Dec 19 1999 John Buswell +- Build Release + +* Sat Dec 18 1999 John Buswell +- Add symlink for libSDL-1.0.so.0 required by sdlbomber +- Added docs + +* Thu Dec 09 1999 Lenny Cartier +- v 1.0.0 + +* Mon Nov 1 1999 Chmouel Boudjnah +- First spec file for Mandrake distribution. + +# end of file