* [Buildroot] [PATCH 1/1] package/sdl2: security bump to version 2.26.2
@ 2023-01-27 22:38 Fabrice Fontaine
2023-01-28 21:56 ` Thomas Petazzoni via buildroot
2023-02-14 14:39 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2023-01-27 22:38 UTC (permalink / raw)
To: buildroot; +Cc: Michael Fischer, Fabrice Fontaine
- Drop patch (already in version)
- Fix CVE-2022-4743: A potential memory leak issue was discovered in
SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The
vulnerability allows an attacker to cause a denial of service attack.
https://github.com/libsdl-org/SDL/releases/tag/release-2.26.0
https://github.com/libsdl-org/SDL/releases/tag/release-2.26.1
https://github.com/libsdl-org/SDL/releases/tag/release-2.26.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...t-have-a-mode-configured-use-the-pre.patch | 76 -------------------
package/sdl2/sdl2.hash | 4 +-
package/sdl2/sdl2.mk | 2 +-
3 files changed, 3 insertions(+), 79 deletions(-)
delete mode 100644 package/sdl2/0001-If-a-CRTC-doesn-t-have-a-mode-configured-use-the-pre.patch
diff --git a/package/sdl2/0001-If-a-CRTC-doesn-t-have-a-mode-configured-use-the-pre.patch b/package/sdl2/0001-If-a-CRTC-doesn-t-have-a-mode-configured-use-the-pre.patch
deleted file mode 100644
index c8be280c56..0000000000
--- a/package/sdl2/0001-If-a-CRTC-doesn-t-have-a-mode-configured-use-the-pre.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From da9ba3a2a1536017e4ce1ee0f4276578d1ce6e29 Mon Sep 17 00:00:00 2001
-From: Sam Lantinga <slouken@libsdl.org>
-Date: Fri, 18 Nov 2022 12:17:27 -0800
-Subject: [PATCH] If a CRTC doesn't have a mode configured, use the preferred
- or largest mode as the default mode
-
-Fixes https://github.com/libsdl-org/SDL/issues/6421
-
-[mf@go-sys.de: backport from upstream]
-Signed-off-by: Michael Fischer <mf@go-sys.de>
-[yann.morin.1998@free.fr: do an actual backport]
-Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
----
- src/video/kmsdrm/SDL_kmsdrmvideo.c | 35 +++++++++++++++++++++++++-----
- 1 file changed, 29 insertions(+), 6 deletions(-)
-
-diff --git a/src/video/kmsdrm/SDL_kmsdrmvideo.c b/src/video/kmsdrm/SDL_kmsdrmvideo.c
-index eae721455..eeeefef2b 100644
---- a/src/video/kmsdrm/SDL_kmsdrmvideo.c
-+++ b/src/video/kmsdrm/SDL_kmsdrmvideo.c
-@@ -666,8 +666,8 @@ KMSDRM_CrtcGetVrr(uint32_t drm_fd, uint32_t crtc_id)
- /* Gets a DRM connector, builds an SDL_Display with it, and adds it to the
- list of SDL Displays in _this->displays[] */
- static void
--KMSDRM_AddDisplay (_THIS, drmModeConnector *connector, drmModeRes *resources) {
--
-+KMSDRM_AddDisplay (_THIS, drmModeConnector *connector, drmModeRes *resources)
-+{
- SDL_VideoData *viddata = ((SDL_VideoData *)_this->driverdata);
- SDL_DisplayData *dispdata = NULL;
- SDL_VideoDisplay display = {0};
-@@ -770,14 +770,37 @@ KMSDRM_AddDisplay (_THIS, drmModeConnector *connector, drmModeRes *resources) {
- drmModeModeInfo *mode = &connector->modes[i];
-
- if (!SDL_memcmp(mode, &crtc->mode, sizeof(crtc->mode))) {
-- mode_index = i;
-- break;
-+ mode_index = i;
-+ break;
- }
- }
-
- if (mode_index == -1) {
-- ret = SDL_SetError("Failed to find index of mode attached to the CRTC.");
-- goto cleanup;
-+ int current_area, largest_area = 0;
-+
-+ /* Find the preferred mode or the highest resolution mode */
-+ for (i = 0; i < connector->count_modes; i++) {
-+ drmModeModeInfo *mode = &connector->modes[i];
-+
-+ if (mode->type & DRM_MODE_TYPE_PREFERRED) {
-+ mode_index = i;
-+ break;
-+ }
-+
-+ current_area = mode->hdisplay * mode->vdisplay;
-+ if (current_area > largest_area) {
-+ mode_index = i;
-+ largest_area = current_area;
-+ }
-+ }
-+ if (mode_index != -1) {
-+ crtc->mode = connector->modes[mode_index];
-+ }
-+ }
-+
-+ if (mode_index == -1) {
-+ ret = SDL_SetError("Failed to find index of mode attached to the CRTC.");
-+ goto cleanup;
- }
-
- /*********************************************/
---
-2.25.1
-
diff --git a/package/sdl2/sdl2.hash b/package/sdl2/sdl2.hash
index 923a900dc0..86e0d86e7c 100644
--- a/package/sdl2/sdl2.hash
+++ b/package/sdl2/sdl2.hash
@@ -1,4 +1,4 @@
-# Locally calculated after checking http://www.libsdl.org/release/SDL2-2.24.2.tar.gz.sig
-sha256 b35ef0a802b09d90ed3add0dcac0e95820804202914f5bb7b0feb710f1a1329f SDL2-2.24.2.tar.gz
+# Locally calculated after checking http://www.libsdl.org/release/SDL2-2.26.2.tar.gz.sig
+sha256 95d39bc3de037fbdfa722623737340648de4f180a601b0afad27645d150b99e0 SDL2-2.26.2.tar.gz
# Locally calculated
sha256 fcb07e07ac6bc8b2fcf047b50431ef4ebe5b619d7ca7c82212018309a9067426 LICENSE.txt
diff --git a/package/sdl2/sdl2.mk b/package/sdl2/sdl2.mk
index a1dc8b5b73..8995178e71 100644
--- a/package/sdl2/sdl2.mk
+++ b/package/sdl2/sdl2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SDL2_VERSION = 2.24.2
+SDL2_VERSION = 2.26.2
SDL2_SOURCE = SDL2-$(SDL2_VERSION).tar.gz
SDL2_SITE = http://www.libsdl.org/release
SDL2_LICENSE = Zlib
--
2.39.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/sdl2: security bump to version 2.26.2
2023-01-27 22:38 [Buildroot] [PATCH 1/1] package/sdl2: security bump to version 2.26.2 Fabrice Fontaine
@ 2023-01-28 21:56 ` Thomas Petazzoni via buildroot
2023-02-14 14:39 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-01-28 21:56 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Michael Fischer, buildroot
On Fri, 27 Jan 2023 23:38:55 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> - Drop patch (already in version)
> - Fix CVE-2022-4743: A potential memory leak issue was discovered in
> SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The
> vulnerability allows an attacker to cause a denial of service attack.
>
> https://github.com/libsdl-org/SDL/releases/tag/release-2.26.0
> https://github.com/libsdl-org/SDL/releases/tag/release-2.26.1
> https://github.com/libsdl-org/SDL/releases/tag/release-2.26.2
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...t-have-a-mode-configured-use-the-pre.patch | 76 -------------------
> package/sdl2/sdl2.hash | 4 +-
> package/sdl2/sdl2.mk | 2 +-
> 3 files changed, 3 insertions(+), 79 deletions(-)
> delete mode 100644 package/sdl2/0001-If-a-CRTC-doesn-t-have-a-mode-configured-use-the-pre.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/sdl2: security bump to version 2.26.2
2023-01-27 22:38 [Buildroot] [PATCH 1/1] package/sdl2: security bump to version 2.26.2 Fabrice Fontaine
2023-01-28 21:56 ` Thomas Petazzoni via buildroot
@ 2023-02-14 14:39 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-02-14 14:39 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Michael Fischer, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Drop patch (already in version)
> - Fix CVE-2022-4743: A potential memory leak issue was discovered in
> SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The
> vulnerability allows an attacker to cause a denial of service attack.
> https://github.com/libsdl-org/SDL/releases/tag/release-2.26.0
> https://github.com/libsdl-org/SDL/releases/tag/release-2.26.1
> https://github.com/libsdl-org/SDL/releases/tag/release-2.26.2
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
I fail to see how a memory leak in sdl2 could lead to a remote exploit,
but oh well - Committed to 2022.11.x, thanks.
For 2022.02.x I have instead backported the fix.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-14 14:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-27 22:38 [Buildroot] [PATCH 1/1] package/sdl2: security bump to version 2.26.2 Fabrice Fontaine
2023-01-28 21:56 ` Thomas Petazzoni via buildroot
2023-02-14 14:39 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.