| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| x11_keytounicode.diff | Export X11_KeyToUnicode() to legacy applications, but warn about such usage to stderr Introduced in 1.2.11-3 (Sun, 13 Aug 2006 19:03:51 +0200). |
Sam Hocevar <sam+deb@zoy.org> | yes | debian | 2012-01-22 | |
| fix_build_joystick_freebsd.diff | FreeBSD compile fix. src/joystick/bsd/SDL_sysjoystick.c makes the invalid assumption that __FreeBSD_kernel__ implies presence of "ucr_data" struct member. This breaks recent versions of FreeBSD 10-CURRENT, FreeBSD 9-STABLE and Debian GNU/kFreeBSD "wheezy/sid". |
Robert Millan <rmh@debian.org> | no | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/d836339ffa8885f0db97a1dbedd40ac4af05e4ec | 2022-07-10 | |
| SDL-1.2.15-vec_perm-ppc64le.patch | SDL_blit_N.c: Correct vec_perm() application on little-endian 64-bit PowerPC The LE transformation for vec_perm has an implicit assumption that the permutation is being used to reorder vector elements (in this case 4-byte integer word elements), not to reorder bytes within those elements. Although this is legal behavior, it is not anticipated by the transformation performed by the compilers. This causes pygame-1.9.1 test failure on PPC64LE because blitted pixmaps are corrupted there due to how SDL uses vec_perm(). From RedHat / Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1392465 Original patch was provided by: Menanteau Guy <menantea@linux.vnet.ibm.com> |
Menanteau Guy <menantea@linux.vnet.ibm.com> | no | 2019-09-06 | ||
| CVE-2019-7638-CVE-2019-7636-Refuse-loading-BMP-images-wit.patch | CVE-2019-7638, CVE-2019-7636: Refuse loading BMP images with too high number of colors If a BMP file that defines more colors than can fit into a palette of color depth defined in the same BMP file is loaded by SDL_LoadBMP_RW() function, invalid number of colors is set into resulting SDL surface. Then if the SDL surface is passed to SDL_DisplayFormat() function to convert the surface format into a native video format, a buffer overread will happen in Map1to1() or Map1toN() function (CVE-2019-7638). (The choice of the mapping function depends on a actual video hardware.) In addition SDL_GetRGB() called indirectly from SDL_DisplayFormat() performs the same buffer overread (CVE-2019-7636). There is also probably a buffer overwrite when the SDL_LoadBMP_RW() loads colors from a file. This patch fixes it by refusing loading such badly damaged BMP files. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/3c6f20586bb4ba074c73bb3e06d7123e57d4a226 | 2019-02-18 |
| Reject-2-3-5-6-7-bpp-BMP-images.patch | Reject 2, 3, 5, 6, 7-bpp BMP images BMP decoder assumes less than 8 bit depth images have 1 or 4 bits per pixel. No other depths are correctly translated to an 8bpp surface. This patch rejects loading these images. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/4291cd0e9456cb8037867d9023ec7420f0feea65 | 2019-03-16 |
| CVE-2019-7637.patch | CVE-2019-7637: Fix in integer overflow in SDL_CalculatePitch If a too large width is passed to SDL_SetVideoMode() the width travels to SDL_CalculatePitch() where the width (e.g. 65535) is multiplied by BytesPerPixel (e.g. 4) and the result is stored into Uint16 pitch variable. During this arithmetics an integer overflow can happen (e.g. the value is clamped as 65532). As a result SDL_Surface with a pitch smaller than width * BytesPerPixel is created, too small pixel buffer is allocated and when the SDL_Surface is processed in SDL_FillRect() a buffer overflow occurs. This can be reproduced with "./graywin -width 21312312313123213213213" command. This patch fixes is by using a very careful arithmetics in SDL_CalculatePitch(). If an overflow is detected, an error is reported back as a special 0 value. We assume that 0-width surfaces do not occur in the wild. Since SDL_CalculatePitch() is a private function, we can change the semantics. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/40d97bfe0e3dae1d6e5a91a46af1f15e8f967bc8 | 2019-03-16 |
| Remove-initial-declaration-from-for-loop.patch | Remove initial declaration from for loop | Cameron Cawley <ccawley2011@gmail.com> | no | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/51bb3400817c422715614c335e4740a8388c4662 | 2019-04-24 | |
| CVE-2019-7572-Fix-a-buffer-overread-in-IMA_ADPCM_nibble.patch | CVE-2019-7572: Fix a buffer overread in IMA_ADPCM_nibble If an IMA ADPCM block contained an initial index out of step table range (loaded in IMA_ADPCM_decode()), IMA_ADPCM_nibble() blindly used this bogus value and that lead to a buffer overread. This patch fixes it by moving clamping the index value at the beginning of IMA_ADPCM_nibble() function instead of the end after an update. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/1ead4913fc2314a0ce5de06f29a20a8b0b0a5557 | 2019-06-08 |
| CVE-2019-7578.patch | CVE-2019-7578: Fix a buffer overread in InitIMA_ADPCM If IMA ADPCM format chunk was too short, InitIMA_ADPCM() parsing it could read past the end of chunk data. This patch fixes it. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/c4a9f0080f928f40e826c49b2e8c057ec7843c2f | 2019-06-08 |
| CVE-2019-7574-Fix-a-buffer-overread-in-IMA_ADPCM_decode.patch | CVE-2019-7574: Fix a buffer overread in IMA_ADPCM_decode If data chunk was shorter than expected based on a WAV format definition, IMA_ADPCM_decode() tried to read past the data chunk buffer. This patch fixes it. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/76871a1c52dc74b8ba2357b9d68c34d765ea9db3 | 2019-06-10 |
| CVE-2019-7577-Fix-a-buffer-overread-in-MS_ADPCM_decode.patch | CVE-2019-7577: Fix a buffer overread in MS_ADPCM_decode If RIFF/WAV data chunk length is shorter then expected for an audio format defined in preceeding RIFF/WAV format headers, a buffer overread can happen. This patch fixes it by checking a MS ADPCM data to be decoded are not past the initialized buffer. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/82e503c2e026a8eee64e199c2648c296d924a5ab | 2019-06-10 |
| CVE-2019-7577-1_2.patch | CVE-2019-7577: Fix a buffer overread in MS_ADPCM_nibble and MS_ADPCM_decode If a chunk of RIFF/WAV file with MS ADPCM encoding contains an invalid predictor (a valid predictor's value is between 0 and 6 inclusive), a buffer overread can happen when the predictor is used as an index into an array of MS ADPCM coefficients. The overead happens when indexing MS_ADPCM_state.aCoeff[] array in MS_ADPCM_decode() and later when dereferencing a coef pointer in MS_ADPCM_nibble(). This patch fixes it by checking the MS ADPCM predictor values fit into the valid range. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/68f914a78ef09a4d2db43e0c7c2848a6b7c03655 | 2019-06-10 |
| CVE-2019-7572-Fix-a-buffer-overwrite-in-IMA_ADPCM_decode.patch | CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode If data chunk was longer than expected based on a WAV format definition, IMA_ADPCM_decode() tried to write past the output buffer. This patch fixes it. Based on patch from <https://bugzilla.libsdl.org/show_bug.cgi?id=4496>. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/f22cbe4a3a2cd87392eec69bdcf2b4bd68b4507b | 2019-06-10 |
| CVE-2019-7573-CVE-2019-7576-Fix-buffer-overreads-in-InitM.patch | CVE-2019-7573, CVE-2019-7576: Fix buffer overreads in InitMS_ADPCM If MS ADPCM format chunk was too short, InitMS_ADPCM() parsing it could read past the end of chunk data. This patch fixes it. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/9e69d60b0b724e44637b3e9101758fb385114b69 | 2019-06-10 |
| CVE-2019-7575-Fix-a-buffer-overwrite-in-MS_ADPCM_decode.patch | CVE-2019-7575: Fix a buffer overwrite in MS_ADPCM_decode If a WAV format defines shorter audio stream and decoded MS ADPCM data chunk is longer, decoding continued past the output audio buffer. This fix is based on a patch from <https://bugzilla.libsdl.org/show_bug.cgi?id=4492>. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/c68e0003d2f2b4e50bb1c4412af40c32f0b6396e | 2019-06-10 |
| CVE-2019-7635-Reject-BMP-images-with-pixel-colors-out-the.patch | CVE-2019-7635: Reject BMP images with pixel colors out the palette If a 1-, 4-, or 8-bit per pixel BMP image declares less used colors than the palette offers an SDL_Surface with a palette of the indicated number of used colors is created. If some of the image's pixel refer to a color number higher then the maximal used colors, a subsequent bliting operation on the surface will look up a color past a blit map (that is based on the palette) memory. I.e. passing such SDL_Surface to e.g. an SDL_DisplayFormat() function will result in a buffer overread in a blit function. This patch fixes it by validing each pixel's color to be less than the maximal color number in the palette. A validation failure raises an error from a SDL_LoadBMP_RW() function. |
=?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com> | yes | upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/32c57bf53b18dafb7298d6e9113632728e8fe1ba | 2019-06-11 |
| CVE-2019-13616.patch | Fixed bug 4538 - validate image size when loading BMP files | Ozkan Sezer <sezeroz@gmail.com> | no | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/31a87d75f15c7acd9470fab9ceb129c0a255871f | 2019-07-30 | |
| CVE-2019-7637-2.patch | fix copy+paste mistakes in commit 9b0e5c555c0f (CVE-2019-7637 fix) http://hg.libsdl.org/SDL/rev/9b0e5c555c0f made copy+paste mistakes which resulted in windows versions failing to set video mode. |
Ozkan Sezer <sezeroz@gmail.com> | no | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/267d102f6e9ce32878a6251d5136b176fdd2d49e | 2019-08-02 | |
| SDL_bmp.c-reject-bmp-files-with-zero-bpp.patch | SDL_bmp.c: reject bmp files with zero bpp (2.0 commit: https://hg.libsdl.org/SDL/rev/6203d73874ab) |
Ozkan Sezer <sezeroz@gmail.com> | no | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/9e6e01257ec99a023a5891ef238d30b4d321c06d | 2019-09-03 | |
| properly_handle_focus_events.patch | SDL_x11events.c: properly handle input focus events (fix bug #5426) Since some time I stated to observe an annoying bug with the forward movement suddenly stopping while I was still pressing the corresponding key for the forward movement. Releasing and pressing the key again continued the movement. I observed this in the game "Unreal Tournament 2004", but other software is probably also affected. The stop basically happens after a few minutues of pressing the key, though the time needed to reproduce the issue is not constant. While investigating the issue I found it started with a commit [1] in the Xorg xserver. Digging deeper into the code I found two commits [2] [3] in libsdl2 which looked like they would also fix the issue in libsdl1.2. I backported these two commits to the libsdl1.2 in Debian and can confirm that the bug got fixed by this. [1] https://cgit.freedesktop.org/xorg/xserver/commit/?id=c67f2eac56518163981af59f5accb7c79bc00f6a [2] https://hg.libsdl.org/SDL/rev/a1c4c17410e8 [3] https://hg.libsdl.org/SDL/rev/764129077d18 |
Maximilian Engelhardt <maxi@daemonizer.de> | yes | debian upstream | 2020-12-30 | |
| Always-create-a-full-256-entry-map-in-case-color-values-a.patch | Always create a full 256-entry map in case color values are out of range | Sam Lantinga <slouken@libsdl.org> | yes | debian upstream | upstream, 2.0.20, commit:8c91cf7dba5193f5ce12d06db1336515851c9ee9 | 2021-11-30 |
| SDL_x11yuv.c-fix-possible-use-after-free.patch | SDL_x11yuv.c: fix possible use-after-free | Ozkan Sezer <sezeroz@gmail.com> | yes | debian upstream | upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/d7e00208738a0bc6af302723fe64908ac35b777b | 2022-06-18 |
| build-Use-PKG_PROG_PKG_CONFIG-to-check-for-pkg-config.patch | build: Use PKG_PROG_PKG_CONFIG to check for pkg-config Part of f3bc60c4 "multiple updates to autotools build system from default SDL2 branch" upstream. |
Simon McVittie <smcv@debian.org> | no | upstream, commit:f3bc60c4 | 2021-11-30 | |
| replace-relicenced-SDL_qsort.patch | Use newer relicenced version for SDL_qsort.c Thanks to the anonymous reporter, Ben Hutchings for looking into it and get in contact with the original author, and the original author Gareth McCaughan for prompt relicencing. |
"Manuel A. Fernandez Montecelo" <mafm@debian.org> | no | debian | 2016-02-21 | |
| dont_propagate_lpthread.diff | Do not propagate -lpthread to sdl-config --libs Introduced in 1.2.11-1 (Thu, 20 Jul 2006 14:17:18 +0200). Upstream will not apply it at the moment: Sam Lantinga 2012-01-22 10:54:21 PST At some point it was required that multi-threaded programs using pthreads on Linux link directly to the pthread library. I don't remember all the details, but it had something to do with initializing C runtime variables correctly. I'm sure it's not an issue anymore, but I'd rather not apply this patch in 1.2. I'll go ahead and make this change in 1.3 though. |
Sam Hocevar <sam+deb@zoy.org> | yes | debian | 2012-01-22 | |
| fix_window_resizing.diff | Revert change that breaks window corner resizing | Andrew Caudwell <acaudwell@gmail.com> | yes | debian | 2012-04-10 | |
| fix_joystick_misc_axes.diff | Left/Right Joystick Axis doesn't work with some controllers Introduced in 1.2.15-3 (June 2012) Reviewed in 2013-10-19 for SDL2 and SDL1.2 and submitted new upstream bug report for re-evaluation, the previous one (suggested by the bug submitted) was probably not related. |
Sam Hocevar <sam@hocevar.net> | yes | debian | 2013-10-19 | |
| sdl-check-for-SDL_VIDEO_X11_BACKINGSTORE.patch | Do not harness backing store by default xorg-server 1.15 enables backing store if composite extension is enabled (default settings). Harnessing backing store through compositor leads to tearing effect. This patch reverts default harnessing backing store to conditional use if SDL_VIDEO_X11_BACKINGSTORE environment variable exists. |
Debian SDL packages maintainers | yes | debian upstream | https://bugs.launchpad.net/ubuntu/+source/libsdl1.2/+bug/1280665/comments/1 | 2022-07-10 |
| avoid_maybe_non-DFSG_file.patch | Avoid maybe non-DFSG file Avoid use of source file with vague licensing terms regarding modification |
Debian SDL packages maintainers | no | debian | https://git.parabola.nu/abslibre.git/log/libre/sdl/libre.patch | 2017-07-17 |