import stb-0^20240213gitae721c5-5.el9

9 months ago · b49b120b15
parent 2adbc50838
commit b49b120b15
5 changed files with 85 additions and 3 deletions
--- a/SOURCES/1559.patch
+++ b/SOURCES/1559.patch
@ -0,0 +1,25 @@
 From 3741e6fea656d3f1b9578d59f14d8945aea92a10 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
 Date: Thu, 19 Oct 2023 17:07:26 +0200
 Subject: [PATCH] Out of bounds heap buffer write
 (`GHSL-2023-171/CVE-2023-45681`)
 ---
 stb_vorbis.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/stb_vorbis.c b/stb_vorbis.c
 index 3e5c2504c0..6ebd7dcb95 100644
 --- a/stb_vorbis.c
 +++ b/stb_vorbis.c
@@ -3661,6 +3661,10 @@ static int start_decoder(vorb *f)
    f->comment_list = NULL;
    if (f->comment_list_length > 0)
    {
 +      if (INT_MAX / sizeof(char*) < f->comment_list_length) {
 +         f->comment_list_length = 0;
 +         return error(f, VORBIS_outofmem);
 +      }
       f->comment_list = (char**) setup_malloc(f, sizeof(char*) * (f->comment_list_length));
       if (f->comment_list == NULL)                  return error(f, VORBIS_outofmem);
    }
--- a/SOURCES/README.md
+++ b/SOURCES/README.md
@ -0,0 +1,3 @@
 # stb
 The stb package
--- a/SOURCES/fix-riscv64-compile-uintptr.patch
+++ b/SOURCES/fix-riscv64-compile-uintptr.patch
@ -0,0 +1,13 @@
 diff --git a/stb_sprintf.h b/stb_sprintf.h
 index ca432a6..fb49e4d 100644
 --- a/stb_sprintf.h
 +++ b/stb_sprintf.h
@@ -230,7 +230,7 @@ STBSP__PUBLICDEC void STB_SPRINTF_DECORATE(set_separators)(char comma, char peri
 #define stbsp__uint16 unsigned short
 #ifndef stbsp__uintptr
 -#if defined(__ppc64__) || defined(__powerpc64__) || defined(__aarch64__) || defined(_M_X64) || defined(__x86_64__) || defined(__x86_64) || defined(__s390x__)
 +#if defined(__ppc64__) || defined(__powerpc64__) || defined(__aarch64__) || defined(_M_X64) || defined(__x86_64__) || defined(__x86_64) || defined(__s390x__) || defined(__LP64__) || (defined(__riscv) && __riscv_xlen == 64)
 #define stbsp__uintptr stbsp__uint64
 #else
 #define stbsp__uintptr stbsp__uint32
--- a/SOURCES/stb.rpmlintrc
+++ b/SOURCES/stb.rpmlintrc
@ -0,0 +1,22 @@
 # Not real spelling errors
 #   - "trunc", "eucl", "qsort", "snprintf" are C function names
 #   - "va" and "args" are from "va_args"
 #   - "sprintfs" refers to "the various flavors of sprintf functions"
 #   - "ryg" is a username/handle
 #   - "Doesn" is from "Doesn’t"
 #   - "zlib" is a library name
 #   - "Ogg" is a format
 #   - "init" is short for "initializer"
 #   - "stdlib" is short for "the C standard library"
 #   - "awesomest" is an informal variant of "most awesome"
 addFilter(r"spelling-error \('([Mm]etapackage|[Pp]arser|[Ss]hader|[Rr]oadmap)s?',")
 addFilter(r"spelling-error \('([Rr]eachability|([Tt]|[Uu]nt)raversable)',")
 addFilter(r"spelling-error \('([Tt]ypesafe|[Dd]oesn|[Bb]andlimited|[Mm]orphable)',")
 addFilter(r"spelling-error \('(trunc|eucl|qsort|snprintf|va|args|sprintfs)',")
 addFilter(r"spelling-error \('(ryg|zlib|[Ii]nit|stdlib|[Aa]wesomest|Ogg)',")
 addFilter(r"spelling-error \('([Ww]aveform|[Rr]escale|([Uu]p|[Dd]own)sample)s?',")
 addFilter(r"spelling-error \('([Ee]mbeddable|[Rr]asterize|[Aa]ntialiasing)',")
 # All documentation is in the -doc subpackage.
 addFilter(r" no-documentation$")
 # Consistency with upstream is more important.
 addFilter(r" description-shorter-than-summary")
--- a/SPECS/stb.spec
+++ b/SPECS/stb.spec
@ -1,8 +1,8 @@
 ## START: Set by rpmautospec
-## (rpmautospec version 0.6.1)
+## (rpmautospec version 0.6.3)
 ## RPMAUTOSPEC: autorelease, autochangelog
 %define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
-    release_number = 1;
+    release_number = 5;
    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
    print(release_number + base_release_number - 1);
 }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
@ -193,6 +193,16 @@ Patch:          0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
 # https://github.com/nothings/stb/issues/1552
 Patch:          %{url}/pull/1553.patch
 # riscv64 compile fix
 # https://github.com/nothings/stb/pull/1610
 Patch: fix-riscv64-compile-uintptr.patch
 # Out of bounds heap buffer write (GHSL-2023-171/CVE-2023-45681)
 # https://github.com/nothings/stb/pull/1559
 # Fixes CVE-2023-45681 and duplicate CVE-2023-47212
 # https://bugzilla.redhat.com/show_bug.cgi?id=2278402
 Patch:          %{url}/pull/1559.patch
 %global stb_c_lexer_version 0.12
 %global stb_connected_components_version 0.96
 %global stb_divide_version 0.94
@ -590,7 +600,7 @@ custom widgets and which do not have heavy text-editing requirements (this
 library is not recommended for use for editing large texts, as its performance
 does not scale and it has limited undo).
-Non-trivial behaviors are modelled after Windows text controls.
+Non-trivial behaviors are modeled after Windows text controls.
 %package -n stb_tilemap_editor-devel
@ -991,6 +1001,15 @@ EOF
 %changelog
 ## START: Generated by rpmautospec
 * Thu May 02 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 0^20240213gitae721c5-5
 - Patch for GHSL-2023-171/CVE-2023-45681/CVE-2023-47212
 * Thu May 02 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 0^20240213gitae721c5-4
 - Fix a description to use American English orthography
 * Thu May 02 2024 David Abdurachmanov <davidlt@rivosinc.com> - 0^20240213gitae721c5-2
 - Fix compile error on riscv64
 * Tue Feb 13 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 0^20240213gitae721c5-1
 - Update to 0^20240213gitae721c5
 - stb_image_resize2-devel is updated to 2.06