* CVE-2020-14409 Description: "SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file." * CVE-2020-14410 Description: "SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file." Same links for both: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
I suppose itβs time... chewi, any objections?
Do it!
ppc stable ppc64@ CC missing? added
sparc stable
Looking good on ppc64. rdep pygame fails tests (bug #753026). # cat libsdl2-766204.report USE tests started on Mi 28. Apr 01:23:11 CEST 2021 FEATURES=' test' USE='' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='-X -alsa cpu_flags_ppc_altivec -dbus -fcitx4 -gles2 -haptic -ibus -jack joystick kms libsamplerate nas -opengl -oss pulseaudio sound -static-libs threads -udev -video -wayland -xinerama -xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='-X -alsa cpu_flags_ppc_altivec -dbus -fcitx4 -gles2 -haptic -ibus jack -joystick kms -libsamplerate -nas -opengl -oss pulseaudio sound -static-libs threads -udev video -wayland -xinerama -xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='-X -alsa -cpu_flags_ppc_altivec -dbus -fcitx4 gles2 -haptic -ibus jack -joystick -kms libsamplerate nas -opengl -oss pulseaudio sound static-libs threads -udev video -wayland -xinerama -xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X alsa -cpu_flags_ppc_altivec dbus -fcitx4 gles2 -haptic ibus -jack -joystick -kms libsamplerate -nas opengl -oss -pulseaudio sound -static-libs threads udev video wayland -xinerama -xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X -alsa -cpu_flags_ppc_altivec dbus fcitx4 gles2 haptic -ibus -jack -joystick -kms -libsamplerate nas opengl -oss -pulseaudio sound -static-libs threads udev video wayland -xinerama -xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X alsa cpu_flags_ppc_altivec dbus -fcitx4 -gles2 haptic ibus jack joystick kms libsamplerate nas -opengl oss pulseaudio sound -static-libs -threads udev -video -wayland xinerama -xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X -alsa cpu_flags_ppc_altivec -dbus -fcitx4 -gles2 haptic -ibus jack joystick -kms libsamplerate -nas -opengl oss pulseaudio sound -static-libs threads -udev -video -wayland -xinerama xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X alsa cpu_flags_ppc_altivec -dbus -fcitx4 -gles2 haptic -ibus jack joystick -kms libsamplerate -nas opengl -oss pulseaudio sound -static-libs -threads udev video -wayland -xinerama xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X -alsa cpu_flags_ppc_altivec dbus fcitx4 gles2 haptic -ibus -jack joystick kms libsamplerate nas opengl oss pulseaudio sound static-libs threads -udev video -wayland xinerama xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X -alsa -cpu_flags_ppc_altivec dbus -fcitx4 gles2 -haptic -ibus -jack joystick kms libsamplerate -nas opengl oss -pulseaudio sound -static-libs -threads udev video -wayland xinerama xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X alsa cpu_flags_ppc_altivec dbus -fcitx4 -gles2 haptic ibus -jack joystick kms -libsamplerate nas -opengl -oss pulseaudio sound static-libs threads udev video -wayland xinerama xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 USE='X -alsa -cpu_flags_ppc_altivec dbus -fcitx4 gles2 -haptic ibus jack -joystick kms libsamplerate nas -opengl oss pulseaudio sound static-libs threads -udev video wayland xinerama xscreensaver' succeeded for =media-libs/libsdl2-2.0.14-r1 revdep tests started on Mi 28. Apr 15:36:32 CEST 2021 FEATURES=' test' USE='sdl' succeeded for media-libs/openal FEATURES=' test' USE='sdl' succeeded for media-libs/libprojectm FEATURES=' test' USE='sdl' succeeded for media-sound/fluidsynth USE='-X' FEATURES=' test' failed for dev-python/pygame FEATURES=' test' USE='gamepad sdl' succeeded for media-video/mpv FEATURES=' test' USE='examples sdl sdl2' succeeded for dev-games/openscenegraph FEATURES=' test' USE='-static sdl' succeeded for app-emulation/qemu FEATURES=' test' USE='sdl' succeeded for x11-libs/tslib FEATURES=' test' USE='examples' succeeded for media-libs/dumb FEATURES=' test' USE='sdl' succeeded for x11-libs/wxGTK
amd64 stable
ppc64 stable
x86 stable
arm done
arm64 done all arches done
Please cleanup, thanks!
GLSA request filed.
This issue was resolved and addressed in GLSA 202107-55 at https://security.gentoo.org/glsa/202107-55 by GLSA coordinator John Helmert III (ajak).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7123d5088482b6a414f9f3b7da7738360b6d853 commit b7123d5088482b6a414f9f3b7da7738360b6d853 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2021-07-25 00:39:37 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-07-25 01:35:08 +0000 media-libs/libsdl2: drop vulnerable 2.0.12-r2 Bug: https://bugs.gentoo.org/766204 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> media-libs/libsdl2/Manifest | 1 - .../files/libsdl2-2.0.12-egl-detection.patch | 24 --- .../libsdl2/files/libsdl2-2.0.12-static-libs.patch | 48 ----- .../files/libsdl2-2.0.12-vulkan-headers.patch | 17 -- media-libs/libsdl2/libsdl2-2.0.12-r2.ebuild | 204 --------------------- media-libs/libsdl2/metadata.xml | 1 - 6 files changed, 295 deletions(-)
Thanks!