!22 add loongarch support SDL

From: @zhangwenlong01 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia

SDL.spec

@@ -1,11 +1,11 @@
 Name:       SDL
 Summary:    A cross-platform multimedia library
 Version:    1.2.15
-Release:    36
+Release:    40
 License:    LGPLv2+
 URL:        http://www.libsdl.org/
 
-Source0:    %{name}-%{version}.tar.gz
+Source0:    http://www.libsdl.org/release/%{name}-%{version}.tar.gz
 Source1:    SDL_config.h
 Patch0:     SDL-1.2.15-add_sdl_config_man.patch
 Patch1:     CVE-2019-7637.patch
@@ -22,8 +22,12 @@ Patch11:    SDL-1.2.15-no-default-backing-store.patch
 Patch12:    SDL-1.2.15-SDL_EnableUNICODE_drops_keyboard_events.patch
 Patch13:    SDL-1.2.15-vec_perm-ppc64le.patch
 Patch14:    CVE-2019-13616.patch
+Patch15:    backport-CVE-2019-7572-Fix-a-buffer-overread-in-IMA_ADPCM_nibble.patch
+Patch16:    backport-CVE-2019-7574-Fix-a-buffer-overread-in-IMA_ADPCM_decode.patch
+Patch17:    backport-CVE-2019-7572-Fix-a-buffer-overwrite-in-IMA_ADPCM_decode.patch
+Patch18:    backport-CVE-2019-7575-Fix-a-buffer-overwrite-in-MS_ADPCM_decode.patch
 
-BuildRequires:  git alsa-lib-devel gdb-headless libtool
+BuildRequires:  alsa-lib-devel gdb-headless libtool
 
 %description
 Simple DirectMedia Layer(SDL) is a cross-platform development library designed\
@@ -49,7 +53,7 @@ Summary:        Help manual for %{name}
 The %{name}-help package conatins man manual etc
 
 %prep
-%autosetup -n %{name}-%{version} -p1 -Sgit
+%autosetup -n %{name}-%{version} -p1
 for F in CREDITS; do
     iconv -f iso8859-1 -t utf-8 < "$F" > "${F}.utf"
     touch --reference "$F" "${F}.utf"
@@ -103,7 +107,19 @@ rm -f %{buildroot}%{_libdir}/*.la
 %{_mandir}/man3/SDL*.3*
 
 %changelog
-* Wed Mar 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.2.15-35
+* Fri Nov 18 2022 Wenlong Zhang<zhangwenlong@loongson.cn> - 1.2.15-40
+- add loongarch support SDL
+
+* Fri Nov 5 2021 yixiangzhike <yixiangzhike007@163.com> - 1.2.15-39
+- DESC: fix CVE-2019-7572 CVE-2019-7574 CVE-2019-7575
+
+* Wed Aug 11 2021 chenyanpanHW <chenyanpan@huawei.com> - 1.2.15-38
+- DESC: delete -Sgit from %autosetup, and delete BuildRequires git
+
+* Fri Sep 11 2020 liuweibo <liuweibo10@huawei.com> - 1.2.15-37
+- Fix Source0
+
+* Wed Mar 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.2.15-36
 - Type:CVE
 - ID:NA
 - SUG:NA

SDL.yaml

@@ -0,0 +1,4 @@
+version_control: hg
+src_repo: http://hg.libsdl.org/SDL
+tag_prefix: "release-"
+seperator: "."

SDL_config.h

@@ -73,6 +73,8 @@
 #include "SDL_config-mips.h"
 #elif defined(__riscv) && defined(__riscv_xlen) && __riscv_xlen == 64
 #include "SDL_config-riscv64.h"
+#elif defined(__loongarch64)
+#include "SDL_config-loongarch64.h"
 #else
 #error "The SDL-devel package is not usable with the architecture."
 #endif

backport-CVE-2019-7572-Fix-a-buffer-overread-in-IMA_ADPCM_nibble.patch

@@ -0,0 +1,55 @@
+From 1ead4913fc2314a0ce5de06f29a20a8b0b0a5557 Mon Sep 17 00:00:00 2001
+From: Petr P?sa? <ppisar@redhat.com>
+Date: Sat, 8 Jun 2019 17:57:43 -0700
+Subject: [PATCH] CVE-2019-7572: Fix a buffer overread in IMA_ADPCM_nibble If
+ an IMA ADPCM block contained an initial index out of step table range (loaded
+ in IMA_ADPCM_decode()), IMA_ADPCM_nibble() blindly used this bogus value and
+ that lead to a buffer overread.
+
+This patch fixes it by moving clamping the index value at the
+beginning of IMA_ADPCM_nibble() function instead of the end after
+an update.
+
+CVE-2019-7572
+https://bugzilla.libsdl.org/show_bug.cgi?id=4495
+
+Signed-off-by: Petr P?sa? <ppisar@redhat.com>
+---
+ src/audio/SDL_wave.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c
+index b4ad6c7..ba1fb52 100644
+--- a/src/audio/SDL_wave.c
++++ b/src/audio/SDL_wave.c
+@@ -264,6 +264,14 @@ static Sint32 IMA_ADPCM_nibble(struct IMA_ADPCM_decodestate *state,Uint8 nybble)
+ 	};
+ 	Sint32 delta, step;
+ 
++	/* Clamp index value. The inital value can be invalid. */
++	if ( state->index > 88 ) {
++		state->index = 88;
++	} else
++	if ( state->index < 0 ) {
++		state->index = 0;
++	}
++
+ 	/* Compute difference and new sample value */
+ 	step = step_table[state->index];
+ 	delta = step >> 3;
+@@ -275,12 +283,6 @@ static Sint32 IMA_ADPCM_nibble(struct IMA_ADPCM_decodestate *state,Uint8 nybble)
+ 
+ 	/* Update index value */
+ 	state->index += index_table[nybble];
+-	if ( state->index > 88 ) {
+-		state->index = 88;
+-	} else
+-	if ( state->index < 0 ) {
+-		state->index = 0;
+-	}
+ 
+ 	/* Clamp output sample */
+ 	if ( state->sample > max_audioval ) {
+-- 
+1.8.3.1
+

backport-CVE-2019-7572-Fix-a-buffer-overwrite-in-IMA_ADPCM_decode.patch

@@ -0,0 +1,60 @@
+From f22cbe4a3a2cd87392eec69bdcf2b4bd68b4507b Mon Sep 17 00:00:00 2001
+From: Petr P?sa? <ppisar@redhat.com>
+Date: Mon, 10 Jun 2019 08:57:11 -0700
+Subject: [PATCH] CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode If
+ data chunk was longer than expected based on a WAV format definition,
+ IMA_ADPCM_decode() tried to write past the output buffer. This patch fixes
+ it.
+
+Based on patch from
+<https://bugzilla.libsdl.org/show_bug.cgi?id=4496>.
+
+CVE-2019-7572
+https://bugzilla.libsdl.org/show_bug.cgi?id=4495
+
+Signed-off-by: Petr P?sa? <ppisar@redhat.com>
+---
+ src/audio/SDL_wave.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c
+index 3eedd20..4159eb7 100644
+--- a/src/audio/SDL_wave.c
++++ b/src/audio/SDL_wave.c
+@@ -346,7 +346,7 @@ static void Fill_IMA_ADPCM_block(Uint8 *decoded, Uint8 *encoded,
+ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ 	struct IMA_ADPCM_decodestate *state;
+-	Uint8 *freeable, *encoded, *encoded_end, *decoded;
++	Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end;
+ 	Sint32 encoded_len, samplesleft;
+ 	unsigned int c, channels;
+ 
+@@ -373,6 +373,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 		return(-1);
+ 	}
+ 	decoded = *audio_buf;
++	decoded_end = decoded + *audio_len;
+ 
+ 	/* Get ready... Go! */
+ 	while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) {
+@@ -392,6 +393,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 			}
+ 
+ 			/* Store the initial sample we start with */
++			if (decoded + 2 > decoded_end) goto invalid_size;
+ 			decoded[0] = (Uint8)(state[c].sample&0xFF);
+ 			decoded[1] = (Uint8)(state[c].sample>>8);
+ 			decoded += 2;
+@@ -402,6 +404,8 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 		while ( samplesleft > 0 ) {
+ 			for ( c=0; c<channels; ++c ) {
+ 				if (encoded + 4 > encoded_end) goto invalid_size;
++				if (decoded + 4 * 4 * channels > decoded_end)
++					goto invalid_size;
+ 				Fill_IMA_ADPCM_block(decoded, encoded,
+ 						c, channels, &state[c]);
+ 				encoded += 4;
+-- 
+1.8.3.1
+

backport-CVE-2019-7574-Fix-a-buffer-overread-in-IMA_ADPCM_decode.patch

@@ -0,0 +1,67 @@
+From 76871a1c52dc74b8ba2357b9d68c34d765ea9db3 Mon Sep 17 00:00:00 2001
+From: Petr P?sa? <ppisar@redhat.com>
+Date: Mon, 10 Jun 2019 08:50:59 -0700
+Subject: [PATCH] CVE-2019-7574: Fix a buffer overread in IMA_ADPCM_decode If
+ data chunk was shorter than expected based on a WAV format definition,
+ IMA_ADPCM_decode() tried to read past the data chunk buffer. This patch fixes
+ it.
+
+CVE-2019-7574
+https://bugzilla.libsdl.org/show_bug.cgi?id=4496
+
+Signed-off-by: Petr P?sa? <ppisar@redhat.com>
+---
+ src/audio/SDL_wave.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c
+index 21ee4dc..66f8044 100644
+--- a/src/audio/SDL_wave.c
++++ b/src/audio/SDL_wave.c
+@@ -331,7 +331,7 @@ static void Fill_IMA_ADPCM_block(Uint8 *decoded, Uint8 *encoded,
+ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ 	struct IMA_ADPCM_decodestate *state;
+-	Uint8 *freeable, *encoded, *decoded;
++	Uint8 *freeable, *encoded, *encoded_end, *decoded;
+ 	Sint32 encoded_len, samplesleft;
+ 	unsigned int c, channels;
+ 
+@@ -347,6 +347,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 	/* Allocate the proper sized output buffer */
+ 	encoded_len = *audio_len;
+ 	encoded = *audio_buf;
++	encoded_end = encoded + encoded_len;
+ 	freeable = *audio_buf;
+ 	*audio_len = (encoded_len/IMA_ADPCM_state.wavefmt.blockalign) * 
+ 				IMA_ADPCM_state.wSamplesPerBlock*
+@@ -362,6 +363,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 	while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) {
+ 		/* Grab the initial information for this block */
+ 		for ( c=0; c<channels; ++c ) {
++			if (encoded + 4 > encoded_end) goto invalid_size;
+ 			/* Fill the state information for this block */
+ 			state[c].sample = ((encoded[1]<<8)|encoded[0]);
+ 			encoded += 2;
+@@ -384,6 +386,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 		samplesleft = (IMA_ADPCM_state.wSamplesPerBlock-1)*channels;
+ 		while ( samplesleft > 0 ) {
+ 			for ( c=0; c<channels; ++c ) {
++				if (encoded + 4 > encoded_end) goto invalid_size;
+ 				Fill_IMA_ADPCM_block(decoded, encoded,
+ 						c, channels, &state[c]);
+ 				encoded += 4;
+@@ -395,6 +398,10 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 	}
+ 	SDL_free(freeable);
+ 	return(0);
++invalid_size:
++	SDL_SetError("Unexpected chunk length for an IMA ADPCM decoder");
++	SDL_free(freeable);
++	return(-1);
+ }
+ 
+ SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWops *src, int freesrc,
+-- 
+1.8.3.1
+

backport-CVE-2019-7575-Fix-a-buffer-overwrite-in-MS_ADPCM_decode.patch

@@ -0,0 +1,80 @@
+From c68e0003d2f2b4e50bb1c4412af40c32f0b6396e Mon Sep 17 00:00:00 2001
+From: Petr P?sa? <ppisar@redhat.com>
+Date: Mon, 10 Jun 2019 09:25:05 -0700
+Subject: [PATCH] CVE-2019-7575: Fix a buffer overwrite in MS_ADPCM_decode If a
+ WAV format defines shorter audio stream and decoded MS ADPCM data chunk is
+ longer, decoding continued past the output audio buffer.
+
+This fix is based on a patch from
+<https://bugzilla.libsdl.org/show_bug.cgi?id=4492>.
+
+https://bugzilla.libsdl.org/show_bug.cgi?id=4493
+CVE-2019-7575
+
+Signed-off-by: Petr P?sa? <ppisar@redhat.com>
+---
+ src/audio/SDL_wave.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c
+index 88ac2cc..5f93651 100644
+--- a/src/audio/SDL_wave.c
++++ b/src/audio/SDL_wave.c
+@@ -122,7 +122,7 @@ static Sint32 MS_ADPCM_nibble(struct MS_ADPCM_decodestate *state,
+ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ 	struct MS_ADPCM_decodestate *state[2];
+-	Uint8 *freeable, *encoded, *encoded_end, *decoded;
++	Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end;
+ 	Sint32 encoded_len, samplesleft;
+ 	Sint8 nybble, stereo;
+ 	Sint16 *coeff[2];
+@@ -142,6 +142,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 		return(-1);
+ 	}
+ 	decoded = *audio_buf;
++	decoded_end = decoded + *audio_len;
+ 
+ 	/* Get ready... Go! */
+ 	stereo = (MS_ADPCM_state.wavefmt.channels == 2);
+@@ -149,7 +150,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 	state[1] = &MS_ADPCM_state.state[stereo];
+ 	while ( encoded_len >= MS_ADPCM_state.wavefmt.blockalign ) {
+ 		/* Grab the initial information for this block */
+-		if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto too_short;
++		if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto invalid_size;
+ 		state[0]->hPredictor = *encoded++;
+ 		if ( stereo ) {
+ 			state[1]->hPredictor = *encoded++;
+@@ -179,6 +180,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 		coeff[1] = MS_ADPCM_state.aCoeff[state[1]->hPredictor];
+ 
+ 		/* Store the two initial samples we start with */
++		if (decoded + 4 + (stereo ? 4 : 0) > decoded_end) goto invalid_size;
+ 		decoded[0] = state[0]->iSamp2&0xFF;
+ 		decoded[1] = state[0]->iSamp2>>8;
+ 		decoded += 2;
+@@ -200,7 +202,8 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 		samplesleft = (MS_ADPCM_state.wSamplesPerBlock-2)*
+ 					MS_ADPCM_state.wavefmt.channels;
+ 		while ( samplesleft > 0 ) {
+-			if (encoded + 1 > encoded_end) goto too_short;
++			if (encoded + 1 > encoded_end) goto invalid_size;
++			if (decoded + 4 > decoded_end) goto invalid_size;
+ 
+ 			nybble = (*encoded)>>4;
+ 			new_sample = MS_ADPCM_nibble(state[0],nybble,coeff[0]);
+@@ -223,8 +226,8 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ 	}
+ 	SDL_free(freeable);
+ 	return(0);
+-too_short:
+-	SDL_SetError("Too short chunk for a MS ADPCM decoder");
++invalid_size:
++	SDL_SetError("Unexpected chunk length for a MS ADPCM decoder");
+ 	SDL_free(freeable);
+ 	return(-1);
+ invalid_predictor:
+-- 
+1.8.3.1
+