Compare commits

...

28 Commits

Author SHA1 Message Date
7aafa217aa
Remove patch number
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
2023-12-05 12:23:59 +02:00
718c16b665
Merge remote-tracking branch 'up/main' into main-riscv64
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
2023-12-05 12:23:11 +02:00
Benjamin A. Beasley
7cf08bbaea stb_vorbis: fix GHSL-2023-165 / fix CVE-2023-45675 2023-10-25 11:38:48 -04:00
Benjamin A. Beasley
1cb7df649d stb_image: fix GHSL-2023-151 / fix CVE-2023-45667 2023-10-25 11:38:48 -04:00
Benjamin A. Beasley
a95291a349 stb_image: fix GHSL-2023-150 / fix CVE-2023-45666 2023-10-25 11:34:48 -04:00
Benjamin A. Beasley
348c666fc7 Document another bug, PR, and name (GHSL-2023-149) for CVE-2023-43898 2023-10-25 11:34:48 -04:00
Benjamin A. Beasley
39b8298fe4 stb_image: fix GHSL-2023-148 / fix CVE-2023-45664 2023-10-25 11:34:48 -04:00
Benjamin A. Beasley
6ba8e804fd stb_image: fix GHSL-2023-147 / fix CVE-2023-45663 2023-10-25 11:12:20 -04:00
Benjamin A. Beasley
4f451367e0 stb_image: fix GHSL-2023-146 / fix CVE-2023-45662 2023-10-25 11:05:02 -04:00
Benjamin A. Beasley
82547bda5e stb_image: fix GHSL-2023-145 / fix CVE-2023-45661 2023-10-25 11:03:12 -04:00
Benjamin A. Beasley
0af9698be6 Document that 1454.patch fixes CVE-2023-43898 2023-10-25 11:01:11 -04:00
Benjamin A. Beasley
30227fed91 Backport a PR fixing undefined behavior in stb_image_resize2 2023-10-25 10:57:55 -04:00
Benjamin A. Beasley
856fd8e3a7 Backport three PR’s fixing undefined behavior in stb_image 2023-10-25 10:54:40 -04:00
Benjamin A. Beasley
35bbfbbbca Update to 0^beebb24git20231011 (minor C99 fixes) 2023-10-25 10:51:56 -04:00
Benjamin A. Beasley
7c0d1514d6 Fedora, EPEL9+: drop the initial “0.” from the Release
This was left over from when the snapshot info was in the Release field
instead of the Version field.
2023-10-10 10:20:02 -04:00
Benjamin A. Beasley
9ac556d71c Update to 0^20231009gitc4bbb6e
- A new stb_image_resize2 library is introduced
- Upstream has deprecated stb_image_resize, but we still package it
2023-10-10 07:18:08 -04:00
Benjamin A. Beasley
8fa87433fa Fix some stray comment text
[skip changelog]
2023-10-10 06:59:41 -04:00
Fedora Release Engineering
97f6743b1c Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-22 02:33:09 +00:00
Benjamin A. Beasley
5462095666 Use new (rpm 4.17.1+) bcond style 2023-06-18 11:29:20 -04:00
Benjamin A. Beasley
bae14852ed Remove explicit %set_build_flags, not needed since F36
Remove explicit %set_build_flags, not needed since F36
2023-06-03 11:32:25 -04:00
Benjamin A. Beasley
937b29cb27 Do not number the sole Source
[skip changelog]
2023-05-29 12:59:12 -04:00
Benjamin A. Beasley
c2e8ea77b2 Generate the short commit hash using shell builtins
[skip changelog]
2023-05-26 09:17:57 -04:00
Benjamin A. Beasley
b0c5c6bad2 Fix null pointer dereference in stb_image
https://github.com/nothings/stb/issues/1452
2023-02-25 09:23:28 -05:00
Benjamin A. Beasley
e46eff5325 Update to 5736b1 (version history and README updates) 2023-01-29 19:31:17 -05:00
Benjamin A. Beasley
1284d9bdb1 Update to 6199bf7 (stb_image 2.28)
- Security-related patches for stb_image have been merged upstream, and
  there are other bugfixes.
2023-01-29 12:51:49 -05:00
Fedora Release Engineering
bd81ca6e6f Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-21 04:05:31 +00:00
Benjamin A. Beasley
e53fbc0d95 Patch in a candidate fix for ossfuzz issue 24232
- Improves handling of certain invalid PNGs by stb_image
2022-11-30 18:15:34 -05:00
b5deba8fa5
Fix compile error on riscv64
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
2022-10-18 16:07:34 +03:00
18 changed files with 538 additions and 354 deletions

4
.gitignore vendored
View File

@ -2,3 +2,7 @@
/stb-c0c982601f40183e74d84a61237e968dca08380e.tar.gz
/stb-af1a5bc352164740c1cc1354942b1c6b72eacb8a.tar.gz
/stb-8b5f1f37b5b75829fc72d38e7b5d4bcbf8a26d55.tar.gz
/stb-6199bf77130da41fd424722eeb7a8db4d766c4c6.tar.gz
/stb-5736b15f7ea0ffb08dd38af21067c314d6a3aae9.tar.gz
/stb-c4bbb6e75f688318b2df2b70c2df2d641c1a8481.tar.gz
/stb-beebb24b945efdea3b9bba23affb8eb3ba8982e7.tar.gz

View File

@ -0,0 +1,27 @@
From 800a684d6d3cae7ed2437a23496d9306c0dfa8dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:33:06 +0200
Subject: [PATCH] Fix Null pointer dereference because of an uninitialized
variable
Call `stbi__vertical_flip_slices` only if the previous function didn't fail. Fixes #1550
---
stb_image.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stb_image.h b/stb_image.h
index 49c53d0..de12c06 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -1446,7 +1446,7 @@ STBIDEF stbi_uc *stbi_load_gif_from_memory(stbi_uc const *buffer, int len, int *
stbi__start_mem(&s,buffer,len);
result = (unsigned char*) stbi__load_gif_main(&s, delays, x, y, z, comp, req_comp);
- if (stbi__vertically_flip_on_load) {
+ if (stbi__vertically_flip_on_load && result) {
int channels = req_comp ? req_comp : *comp;
stbi__vertical_flip_slices( result, *x, *y, *z, channels );
}
--
2.41.0

View File

@ -0,0 +1,28 @@
From 4a4c1eeb8540c61ceb3456b3277184bc1c63c9be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:16:34 +0200
Subject: [PATCH 1/2] Fix double-free in stbi__load_gif_main_outofmem
Fixes #1544
---
stb_image.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/stb_image.h b/stb_image.h
index aac3653..d3a1f59 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -6990,6 +6990,10 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
stride = g.w * g.h * 4;
if (out) {
+ if (stride == 0) {
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
+ return ret;
+ }
if (!stbi__mul2sizes_valid(layers, stride)) {
void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
return ret;
--
2.41.0

View File

@ -0,0 +1,46 @@
From 33c3c202425daea456520f92846b37da6a83e1c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:29:56 +0200
Subject: [PATCH 2/2] Fix possible double-free or memory leak in
stbi__load_gif_main
Fixes #1548
---
stb_image.h | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/stb_image.h b/stb_image.h
index d3a1f59..df4ff95 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -6999,8 +6999,11 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
return ret;
}
void *tmp = (stbi_uc*) STBI_REALLOC_SIZED( out, out_size, layers * stride );
- if (!tmp)
- return stbi__load_gif_main_outofmem(&g, out, delays);
+ if (!tmp) {
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
+ if (delays && *delays) *delays = 0;
+ return ret;
+ }
else {
out = (stbi_uc*) tmp;
out_size = layers * stride;
@@ -7019,8 +7022,11 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
return ret;
}
out = (stbi_uc*)stbi__malloc( layers * stride );
- if (!out)
- return stbi__load_gif_main_outofmem(&g, out, delays);
+ if (!out) {
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
+ if (delays && *delays) *delays = 0;
+ return ret;
+ }
out_size = layers * stride;
if (delays) {
*delays = (int*) stbi__malloc( layers * sizeof(int) );
--
2.41.0

View File

@ -1,59 +0,0 @@
From 8075c3442ffeadab7594e1fe3ad13344f9c9c783 Mon Sep 17 00:00:00 2001
From: Neil Bickford <nbickford@nvidia.com>
Date: Thu, 7 Oct 2021 13:00:32 -0700
Subject: [PATCH] Fixes two stb_image issues that could occur with specially
constructed HDR and PGM files.
Signed-off-by: Neil Bickford <nbickford@nvidia.com>
---
stb_image.h | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/stb_image.h b/stb_image.h
index d60371b95..8518c05e7 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -108,7 +108,7 @@ RECENT REVISION HISTORY:
Cass Everitt Ryamond Barbiero github:grim210
Paul Du Bois Engin Manap Aldo Culquicondor github:sammyhw
Philipp Wiesemann Dale Weiler Oriol Ferrer Mesia github:phprus
- Josh Tobin Matthew Gregan github:poppolopoppo
+ Josh Tobin Neil Bickford Matthew Gregan github:poppolopoppo
Julian Raschke Gregory Mullen Christian Floisand github:darealshinji
Baldur Karlsson Kevin Schmidt JR Smith github:Michaelangel007
Brad Weinberger Matvey Cherevko github:mosra
@@ -7187,12 +7187,12 @@ static float *stbi__hdr_load(stbi__context *s, int *x, int *y, int *comp, int re
// Run
value = stbi__get8(s);
count -= 128;
- if (count > nleft) { STBI_FREE(hdr_data); STBI_FREE(scanline); return stbi__errpf("corrupt", "bad RLE data in HDR"); }
+ if ((count == 0) || (count > nleft)) { STBI_FREE(hdr_data); STBI_FREE(scanline); return stbi__errpf("corrupt", "bad RLE data in HDR"); }
for (z = 0; z < count; ++z)
scanline[i++ * 4 + k] = value;
} else {
// Dump
- if (count > nleft) { STBI_FREE(hdr_data); STBI_FREE(scanline); return stbi__errpf("corrupt", "bad RLE data in HDR"); }
+ if ((count == 0) || (count > nleft)) { STBI_FREE(hdr_data); STBI_FREE(scanline); return stbi__errpf("corrupt", "bad RLE data in HDR"); }
for (z = 0; z < count; ++z)
scanline[i++ * 4 + k] = stbi__get8(s);
}
@@ -7446,10 +7446,17 @@ static void *stbi__pnm_load(stbi__context *s, int *x, int *y, int *comp, int req
out = (stbi_uc *) stbi__malloc_mad4(s->img_n, s->img_x, s->img_y, ri->bits_per_channel / 8, 0);
if (!out) return stbi__errpuc("outofmem", "Out of memory");
- stbi__getn(s, out, s->img_n * s->img_x * s->img_y * (ri->bits_per_channel / 8));
+ if (!stbi__getn(s, out, s->img_n * s->img_x * s->img_y * (ri->bits_per_channel / 8))) {
+ STBI_FREE(out);
+ return stbi__errpuc("bad PNM", "PNM file truncated");
+ }
if (req_comp && req_comp != s->img_n) {
- out = stbi__convert_format(out, s->img_n, req_comp, s->img_x, s->img_y);
+ if (ri->bits_per_channel == 16) {
+ out = (stbi_uc *) stbi__convert_format16((stbi__uint16 *) out, s->img_n, req_comp, s->img_x, s->img_y);
+ } else {
+ out = stbi__convert_format(out, s->img_n, req_comp, s->img_x, s->img_y);
+ }
if (out == NULL) return out; // stbi__convert_format frees input on failure
}
return out;

View File

@ -1,244 +0,0 @@
From fa43122a169eb79ced5789f2f261cee7fd4db221 Mon Sep 17 00:00:00 2001
From: Neil Bickford <nbickford@nvidia.com>
Date: Tue, 22 Feb 2022 23:48:42 -0800
Subject: [PATCH 1/4] Add checks for PNM integer read overflows, add a 1GB
limit on IDAT chunk sizes to fix an OOM issue, and check for a situation
where a sequence of bad Huffman code reads could result in a left shift by a
negative number.
---
stb_image.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/stb_image.h b/stb_image.h
index d60371b95..6321f5e02 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -2283,6 +2283,7 @@ static int stbi__jpeg_decode_block_prog_ac(stbi__jpeg *j, short data[64], stbi__
k += (r >> 4) & 15; // run
s = r & 15; // combined length
j->code_buffer <<= s;
+ if (s > j->code_bits) return stbi__err("bad huffman code","Combined length longer than code bits available");
j->code_bits -= s;
zig = stbi__jpeg_dezigzag[k++];
data[zig] = (short) ((r >> 8) * (1 << shift));
@@ -5116,6 +5117,7 @@ static int stbi__parse_png_file(stbi__png *z, int scan, int req_comp)
if (first) return stbi__err("first not IHDR", "Corrupt PNG");
if (pal_img_n && !pal_len) return stbi__err("no PLTE","Corrupt PNG");
if (scan == STBI__SCAN_header) { s->img_n = pal_img_n; return 1; }
+ if (c.length > (1u << 30)) return stbi__err("IDAT size limit", "IDAT section larger than 2^30 bytes");
if ((int)(ioff + c.length) < (int)ioff) return 0;
if (ioff + c.length > idata_limit) {
stbi__uint32 idata_limit_old = idata_limit;
@@ -7486,6 +7488,8 @@ static int stbi__pnm_getinteger(stbi__context *s, char *c)
while (!stbi__at_eof(s) && stbi__pnm_isdigit(*c)) {
value = value*10 + (*c - '0');
*c = (char) stbi__get8(s);
+ if((value > 214748364) || (value == 214748364 && *c > '7'))
+ return stbi__err("integer parse overflow", "Parsing an integer in the PPM header overflowed a 32-bit int");
}
return value;
@@ -7516,9 +7520,13 @@ static int stbi__pnm_info(stbi__context *s, int *x, int *y, int *comp)
stbi__pnm_skip_whitespace(s, &c);
*x = stbi__pnm_getinteger(s, &c); // read width
+ if(*x == 0)
+ return stbi__err("invalid width", "PPM image header had zero or overflowing width");
stbi__pnm_skip_whitespace(s, &c);
*y = stbi__pnm_getinteger(s, &c); // read height
+ if (*y == 0)
+ return stbi__err("invalid width", "PPM image header had zero or overflowing width");
stbi__pnm_skip_whitespace(s, &c);
maxv = stbi__pnm_getinteger(s, &c); // read max value
From 83739b31eeddaaf683948051661ece39af6795cd Mon Sep 17 00:00:00 2001
From: Neil Bickford <nbickford@nvidia.com>
Date: Wed, 23 Feb 2022 00:53:34 -0800
Subject: [PATCH 2/4] Add range checks to fix a few crash issues in stb_image
issues 1289 and 1291
---
stb_image.h | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/stb_image.h b/stb_image.h
index 6321f5e02..800c83db3 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -1985,9 +1985,12 @@ static int stbi__build_huffman(stbi__huffman *h, int *count)
int i,j,k=0;
unsigned int code;
// build size list for each symbol (from JPEG spec)
- for (i=0; i < 16; ++i)
- for (j=0; j < count[i]; ++j)
+ for (i=0; i < 16; ++i) {
+ for (j=0; j < count[i]; ++j) {
h->size[k++] = (stbi_uc) (i+1);
+ if(k >= 257) return stbi__err("bad size list","Corrupt JPEG");
+ }
+ }
h->size[k] = 0;
// compute actual symbols (from jpeg spec)
@@ -2112,6 +2115,8 @@ stbi_inline static int stbi__jpeg_huff_decode(stbi__jpeg *j, stbi__huffman *h)
// convert the huffman code to the symbol id
c = ((j->code_buffer >> (32 - k)) & stbi__bmask[k]) + h->delta[k];
+ if(c < 0 || c >= 256) // symbol id out of bounds!
+ return -1;
STBI_ASSERT((((j->code_buffer) >> (32 - h->size[c])) & stbi__bmask[h->size[c]]) == h->code[c]);
// convert the id to a symbol
@@ -3103,6 +3108,7 @@ static int stbi__process_marker(stbi__jpeg *z, int m)
sizes[i] = stbi__get8(z->s);
n += sizes[i];
}
+ if(n > 256) return stbi__err("bad DHT header","Corrupt JPEG"); // Loop over i < n would write past end of values!
L -= 17;
if (tc == 0) {
if (!stbi__build_huffman(z->huff_dc+th, sizes)) return 0;
From 2cdd738fd112e11bec8d7b2ee96449741a203ee2 Mon Sep 17 00:00:00 2001
From: Neil Bickford <nbickford@nvidia.com>
Date: Wed, 23 Feb 2022 23:48:49 -0800
Subject: [PATCH 3/4] Add checks for signed integer overflow; further guard
against cases where stbi__grow_buffer_unsafe doesn't read all bits required.
---
stb_image.h | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/stb_image.h b/stb_image.h
index 800c83db3..9d10099bb 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -1063,6 +1063,23 @@ static void *stbi__malloc_mad4(int a, int b, int c, int d, int add)
}
#endif
+// returns 1 if the sum of two signed ints is valid (between -2^31 and 2^31-1 inclusive), 0 on overflow.
+static int stbi__addints_valid(int a, int b)
+{
+ if ((a >= 0) != (b >= 0)) return 1; // a and b have different signs, so no overflow
+ if (a < 0 && b < 0) return a >= INT_MIN - b; // same as a + b >= INT_MIN; INT_MIN - b cannot overflow since b < 0.
+ return a <= INT_MAX - b;
+}
+
+// returns 1 if the product of two signed shorts is valid, 0 on overflow.
+static int stbi__mul2shorts_valid(short a, short b)
+{
+ if (b == 0 || b == -1) return 1; // multiplication by 0 is always 0; check for -1 so SHRT_MIN/b doesn't overflow
+ if ((a >= 0) == (b >= 0)) return a <= SHRT_MAX/b; // product is positive, so similar to mul2sizes_valid
+ if (b < 0) return a <= SHRT_MIN / b; // same as a * b >= SHRT_MIN
+ return a >= SHRT_MIN / b;
+}
+
// stbi__err - error
// stbi__errpf - error returning pointer to float
// stbi__errpuc - error returning pointer to unsigned char
@@ -2135,6 +2152,7 @@ stbi_inline static int stbi__extend_receive(stbi__jpeg *j, int n)
unsigned int k;
int sgn;
if (j->code_bits < n) stbi__grow_buffer_unsafe(j);
+ if (j->code_bits < n) return 0; // ran out of bits from stream, return 0s intead of continuing
sgn = j->code_buffer >> 31; // sign bit always in MSB; 0 if MSB clear (positive), 1 if MSB set (negative)
k = stbi_lrot(j->code_buffer, n);
@@ -2149,6 +2167,7 @@ stbi_inline static int stbi__jpeg_get_bits(stbi__jpeg *j, int n)
{
unsigned int k;
if (j->code_bits < n) stbi__grow_buffer_unsafe(j);
+ if (j->code_bits < n) return 0; // ran out of bits from stream, return 0s intead of continuing
k = stbi_lrot(j->code_buffer, n);
j->code_buffer = k & ~stbi__bmask[n];
k &= stbi__bmask[n];
@@ -2160,6 +2179,7 @@ stbi_inline static int stbi__jpeg_get_bit(stbi__jpeg *j)
{
unsigned int k;
if (j->code_bits < 1) stbi__grow_buffer_unsafe(j);
+ if (j->code_bits < 1) return 0; // ran out of bits from stream, return 0s intead of continuing
k = j->code_buffer;
j->code_buffer <<= 1;
--j->code_bits;
@@ -2197,8 +2217,10 @@ static int stbi__jpeg_decode_block(stbi__jpeg *j, short data[64], stbi__huffman
memset(data,0,64*sizeof(data[0]));
diff = t ? stbi__extend_receive(j, t) : 0;
+ if (!stbi__addints_valid(j->img_comp[b].dc_pred, diff)) return stbi__err("bad delta","Corrupt JPEG");
dc = j->img_comp[b].dc_pred + diff;
j->img_comp[b].dc_pred = dc;
+ if (!stbi__mul2shorts_valid(dc, dequant[0])) return stbi__err("can't merge dc and ac", "Corrupt JPEG");
data[0] = (short) (dc * dequant[0]);
// decode AC components, see JPEG spec
@@ -2212,6 +2234,7 @@ static int stbi__jpeg_decode_block(stbi__jpeg *j, short data[64], stbi__huffman
if (r) { // fast-AC path
k += (r >> 4) & 15; // run
s = r & 15; // combined length
+ if (s > j->code_bits) return stbi__err("bad huffman code", "Combined length longer than code bits available");
j->code_buffer <<= s;
j->code_bits -= s;
// decode into unzigzag'd location
@@ -2251,8 +2274,10 @@ static int stbi__jpeg_decode_block_prog_dc(stbi__jpeg *j, short data[64], stbi__
if (t < 0 || t > 15) return stbi__err("can't merge dc and ac", "Corrupt JPEG");
diff = t ? stbi__extend_receive(j, t) : 0;
+ if (!stbi__addints_valid(j->img_comp[b].dc_pred, diff)) return stbi__err("bad delta", "Corrupt JPEG");
dc = j->img_comp[b].dc_pred + diff;
j->img_comp[b].dc_pred = dc;
+ if (!stbi__mul2shorts_valid(dc, 1 << j->succ_low)) return stbi__err("can't merge dc and ac", "Corrupt JPEG");
data[0] = (short) (dc * (1 << j->succ_low));
} else {
// refinement scan for DC coefficient
@@ -2287,8 +2312,8 @@ static int stbi__jpeg_decode_block_prog_ac(stbi__jpeg *j, short data[64], stbi__
if (r) { // fast-AC path
k += (r >> 4) & 15; // run
s = r & 15; // combined length
+ if (s > j->code_bits) return stbi__err("bad huffman code", "Combined length longer than code bits available");
j->code_buffer <<= s;
- if (s > j->code_bits) return stbi__err("bad huffman code","Combined length longer than code bits available");
j->code_bits -= s;
zig = stbi__jpeg_dezigzag[k++];
data[zig] = (short) ((r >> 8) * (1 << shift));
From 51e438b04b50eb98540f6df6057004214e9cc81c Mon Sep 17 00:00:00 2001
From: Neil Bickford <nbickford@nvidia.com>
Date: Fri, 25 Feb 2022 14:27:31 -0800
Subject: [PATCH 4/4] Zero-initialize stbi__jpeg to avoid intermittent errors
found by fuzz-testing
---
stb_image.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/stb_image.h b/stb_image.h
index 9d10099bb..631e4e51c 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -4008,6 +4008,7 @@ static void *stbi__jpeg_load(stbi__context *s, int *x, int *y, int *comp, int re
unsigned char* result;
stbi__jpeg* j = (stbi__jpeg*) stbi__malloc(sizeof(stbi__jpeg));
if (!j) return stbi__errpuc("outofmem", "Out of memory");
+ memset(j, 0, sizeof(stbi__jpeg));
STBI_NOTUSED(ri);
j->s = s;
stbi__setup_jpeg(j);
@@ -4021,6 +4022,7 @@ static int stbi__jpeg_test(stbi__context *s)
int r;
stbi__jpeg* j = (stbi__jpeg*)stbi__malloc(sizeof(stbi__jpeg));
if (!j) return stbi__err("outofmem", "Out of memory");
+ memset(j, 0, sizeof(stbi__jpeg));
j->s = s;
stbi__setup_jpeg(j);
r = stbi__decode_jpeg_header(j, STBI__SCAN_type);
@@ -4046,6 +4048,7 @@ static int stbi__jpeg_info(stbi__context *s, int *x, int *y, int *comp)
int result;
stbi__jpeg* j = (stbi__jpeg*) (stbi__malloc(sizeof(stbi__jpeg)));
if (!j) return stbi__err("outofmem", "Out of memory");
+ memset(j, 0, sizeof(stbi__jpeg));
j->s = s;
result = stbi__jpeg_info_raw(j, x, y, comp);
STBI_FREE(j);

24
1454.patch Normal file
View File

@ -0,0 +1,24 @@
From 4e58258d8c434111fe2e8f1146ae0a72b0e8c554 Mon Sep 17 00:00:00 2001
From: Neil Bickford <nbickford@nvidia.com>
Date: Sat, 25 Feb 2023 05:13:25 -0800
Subject: [PATCH] Fix nullptr dereference when a PIC file causes
stbi__pic_load_core to return 0, and the requested number of components to
stbi_load_from_memory is not 0 or 4
---
stb_image.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stb_image.h b/stb_image.h
index 5e807a0a6..7e6ddeefd 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -6527,7 +6527,7 @@ static void *stbi__pic_load(stbi__context *s,int *px,int *py,int *comp,int req_c
if (!stbi__pic_load_core(s,x,y,comp, result)) {
STBI_FREE(result);
- result=0;
+ return 0;
}
*px = x;
*py = y;

24
1530.patch Normal file
View File

@ -0,0 +1,24 @@
From f100bfc302c0e095856c71a174714cce0a22e30a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 15:30:26 +0200
Subject: [PATCH] Fix integer overflow
Cast to `size_t` to avoid multiplication overflow.
Fixes #1529
---
stb_image.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stb_image.h b/stb_image.h
index 5e807a0a6..552129bc4 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -1207,7 +1207,7 @@ static stbi__uint16 *stbi__convert_8_to_16(stbi_uc *orig, int w, int h, int chan
int img_len = w * h * channels;
stbi__uint16 *enlarged;
- enlarged = (stbi__uint16 *) stbi__malloc(img_len*2);
+ enlarged = (stbi__uint16 *) stbi__malloc(((size_t)img_len)*2);
if (enlarged == NULL) return (stbi__uint16 *) stbi__errpuc("outofmem", "Out of memory");
for (i = 0; i < img_len; ++i)

36
1532.patch Normal file
View File

@ -0,0 +1,36 @@
From 178e1ab7684c46f233082a4f15308a54c9ae5a15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 15:38:33 +0200
Subject: [PATCH] Add overflow checks
Fixes #1531
---
stb_image.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/stb_image.h b/stb_image.h
index 5e807a0a6..aac3653ac 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -6990,6 +6990,10 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
stride = g.w * g.h * 4;
if (out) {
+ if (!stbi__mul2sizes_valid(layers, stride)) {
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
+ return ret;
+ }
void *tmp = (stbi_uc*) STBI_REALLOC_SIZED( out, out_size, layers * stride );
if (!tmp)
return stbi__load_gif_main_outofmem(&g, out, delays);
@@ -7006,6 +7010,10 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
delays_size = layers * sizeof(int);
}
} else {
+ if (!stbi__mul2sizes_valid(layers, stride)) {
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
+ return ret;
+ }
out = (stbi_uc*)stbi__malloc( layers * stride );
if (!out)
return stbi__load_gif_main_outofmem(&g, out, delays);

23
1534.patch Normal file
View File

@ -0,0 +1,23 @@
From d66d0fe8c1a6ed393817791e4376374fa7f4ecc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 15:42:23 +0200
Subject: [PATCH] Fix int overflow
Fixes #1533
---
stb_image.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stb_image.h b/stb_image.h
index 5e807a0a6..6d63ab32b 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -2222,7 +2222,7 @@ static int stbi__jpeg_decode_block(stbi__jpeg *j, short data[64], stbi__huffman
dc = j->img_comp[b].dc_pred + diff;
j->img_comp[b].dc_pred = dc;
if (!stbi__mul2shorts_valid(dc, dequant[0])) return stbi__err("can't merge dc and ac", "Corrupt JPEG");
- data[0] = (short) (dc * dequant[0]);
+ data[0] = (short) ((size_t)dc * dequant[0]);
// decode AC components, see JPEG spec
k = 1;

24
1539.patch Normal file
View File

@ -0,0 +1,24 @@
From 8cfcbf7dde7705c849f4f7a5acb26f79b895fffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 15:57:03 +0200
Subject: [PATCH] Fix wild address read in stbi__gif_load_next
It seems `layers` were forgotten to include in equation.
Fixes #1538
---
stb_image.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stb_image.h b/stb_image.h
index 5e807a0a6..cd09ab697 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -7019,7 +7019,7 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
}
memcpy( out + ((layers - 1) * stride), u, stride );
if (layers >= 2) {
- two_back = out - 2 * stride;
+ two_back = out + (layers - 2) * stride;
}
if (delays) {

25
1541.patch Normal file
View File

@ -0,0 +1,25 @@
From 973cdc889deaae2b97d1bdf9b793b96be02b9b3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:03:41 +0200
Subject: [PATCH] Fix multi-byte read heap buffer overflow in
stbi__vertical_flip
Fixes #1540
---
stb_image.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/stb_image.h b/stb_image.h
index 5e807a0a6..49c53d092 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -1447,7 +1447,8 @@ STBIDEF stbi_uc *stbi_load_gif_from_memory(stbi_uc const *buffer, int len, int *
result = (unsigned char*) stbi__load_gif_main(&s, delays, x, y, z, comp, req_comp);
if (stbi__vertically_flip_on_load) {
- stbi__vertical_flip_slices( result, *x, *y, *z, *comp );
+ int channels = req_comp ? req_comp : *comp;
+ stbi__vertical_flip_slices( result, *x, *y, *z, channels );
}
return result;

38
1543.patch Normal file
View File

@ -0,0 +1,38 @@
From 20f77a9b7f53624014e8c7224eeb182674111bcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:10:45 +0200
Subject: [PATCH] Fix disclosure of uninitialized memory in stbi__tga_load
Fixes #1542
---
stb_image.h | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/stb_image.h b/stb_image.h
index 5e807a0a6..7db6dd3df 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -5933,7 +5933,10 @@ static void *stbi__tga_load(stbi__context *s, int *x, int *y, int *comp, int req
for (i=0; i < tga_height; ++i) {
int row = tga_inverted ? tga_height -i - 1 : i;
stbi_uc *tga_row = tga_data + row*tga_width*tga_comp;
- stbi__getn(s, tga_row, tga_width * tga_comp);
+ if(!stbi__getn(s, tga_row, tga_width * tga_comp)) {
+ STBI_FREE(tga_data);
+ return stbi__errpuc("bad palette", "Corrupt TGA");
+ }
}
} else {
// do I need to load a palette?
@@ -7218,7 +7221,10 @@ static float *stbi__hdr_load(stbi__context *s, int *x, int *y, int *comp, int re
for (i=0; i < width; ++i) {
stbi_uc rgbe[4];
main_decode_loop:
- stbi__getn(s, rgbe, 4);
+ if (!stbi__getn(s, rgbe, 4)) {
+ STBI_FREE(hdr_data);
+ return stbi__errpf("invalid decoded scanline length", "corrupt HDR");
+ }
stbi__hdr_convert(hdr_data + j * width * req_comp + i * req_comp, rgbe, req_comp);
}
}

22
1553.patch Normal file
View File

@ -0,0 +1,22 @@
From 746d207256ef408d92112a13a75aa8a42df6753f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 16:39:06 +0200
Subject: [PATCH] Fix `0` byte write heap buffer overflow in `start_decoder`
Fixes #1552
---
stb_vorbis.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/stb_vorbis.c b/stb_vorbis.c
index 3e5c2504c0..8bc21de6b7 100644
--- a/stb_vorbis.c
+++ b/stb_vorbis.c
@@ -952,6 +952,7 @@ static void *setup_malloc(vorb *f, int sz)
sz = (sz+7) & ~7; // round up to nearest 8 for alignment of future allocs.
f->setup_memory_required += sz;
if (f->alloc.alloc_buffer) {
+ if (sz == 0) return NULL;
void *p = (char *) f->alloc.alloc_buffer + f->setup_offset;
if (f->setup_offset + sz > f->temp_offset) return NULL;
f->setup_offset += sz;

28
1561.patch Normal file
View File

@ -0,0 +1,28 @@
From 6e715778416b229799f85b49fa3ffc0400428f89 Mon Sep 17 00:00:00 2001
From: "Jeff Roberts (LA)" <jeffr@radgametools.com>
Date: Thu, 19 Oct 2023 17:42:58 -0700
Subject: [PATCH] Fixed asan error on tiny input images
---
stb_image_resize2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/stb_image_resize2.h b/stb_image_resize2.h
index e0c428246..1d7bed5bd 100644
--- a/stb_image_resize2.h
+++ b/stb_image_resize2.h
@@ -1,4 +1,4 @@
-/* stb_image_resize2 - v2.01 - public domain image resizing
+/* stb_image_resize2 - v2.02 - public domain image resizing
by Jeff Roberts (v2) and Jorge L Rodriguez
http://github.com/nothings/stb
@@ -3697,7 +3697,7 @@ static int stbir__pack_coefficients( int num_contributors, stbir__contributors*
float * coeffs = coefficents + widest * ( num_contributors - 1 );
// go until no chance of clipping (this is usually less than 8 lops)
- while ( ( ( contribs->n0 + widest*2 ) >= row_width ) && ( contribs >= contributors ) )
+ while ( ( contribs >= contributors ) && ( ( contribs->n0 + widest*2 ) >= row_width ) )
{
// might we clip??
if ( ( contribs->n0 + widest ) > row_width )

View File

@ -0,0 +1,13 @@
diff --git a/stb_sprintf.h b/stb_sprintf.h
index ca432a6..fb49e4d 100644
--- a/stb_sprintf.h
+++ b/stb_sprintf.h
@@ -230,7 +230,7 @@ STBSP__PUBLICDEC void STB_SPRINTF_DECORATE(set_separators)(char comma, char peri
#define stbsp__uint16 unsigned short
#ifndef stbsp__uintptr
-#if defined(__ppc64__) || defined(__powerpc64__) || defined(__aarch64__) || defined(_M_X64) || defined(__x86_64__) || defined(__x86_64) || defined(__s390x__)
+#if defined(__ppc64__) || defined(__powerpc64__) || defined(__aarch64__) || defined(_M_X64) || defined(__x86_64__) || defined(__x86_64) || defined(__s390x__) || defined(__LP64__) || (defined(__riscv) && __riscv_xlen == 64)
#define stbsp__uintptr stbsp__uint64
#else
#define stbsp__uintptr stbsp__uint32

View File

@ -1 +1 @@
SHA512 (stb-8b5f1f37b5b75829fc72d38e7b5d4bcbf8a26d55.tar.gz) = 76e0ed7536146aac71f89d6246235221c1dc0bd035ae4b33d496213acf5be95413cae4455a3f1419f84113320f7bd662dc50b47788cbdc8e7208bbbbcfd23f98
SHA512 (stb-beebb24b945efdea3b9bba23affb8eb3ba8982e7.tar.gz) = 83f09092340f158772c467d2069309c06a7c888d710ea651a974d7be47391d78be36b76e4ad32a38972da5e78561ea8fa13a9e20a81c1b89ff00e8f3dd73c8ed

225
stb.spec
View File

@ -1,5 +1,5 @@
%global commit 8b5f1f37b5b75829fc72d38e7b5d4bcbf8a26d55
%global snapdate 20220908
%global commit beebb24b945efdea3b9bba23affb8eb3ba8982e7
%global snapdate 20231011
# We choose not to package the “stb_include” library (stb_include.h) because,
# during the package review, it was observed that it follows coding practices
@ -9,22 +9,22 @@
# - It uses of strcat/strcpy into a fixed-length buffer that is assumed (but
# not proven) to be large enough for all possible uses
# - It ignores I/O errors (possibly leading to undefined behavior from reading
# uninitialized memory), and so on. Making it
# uninitialized memory), and so on.
#
# A substantial rewrite would be required to mitigate these concerns. If a
# request for this library arises, this decision may be revisited, or the
# necessary rewrite may be done and offered upstream. For now, we omit the
# library and expect it will not be missed.
%bcond_with stb_include
%bcond stb_include 0
Name: stb
# While the individual header-only libraries are versioned, the overall
# collection is not, and there are no releases. See:
# https://github.com/nothings/stb/issues/359
# https://github.com/nothings/stb/issues/1101
%global snapinfo ^%{snapdate}git%(echo '%{commit}' | cut -b -7)
%global snapinfo ^%{snapdate}git%(c='%{commit}'; echo "${c:0:7}")
Version: 0%{snapinfo}
Release: %autorelease -p
Release: %autorelease -e 0.riscv64
Summary: Single-file public domain libraries for C/C++
# See LICENSE.
@ -36,7 +36,7 @@ License: MIT OR Unlicense
# tests/caveview/win32/SDL_windows_main.c are Public Domain
# - tests/caveview/glext.h is MIT (only)
URL: https://github.com/nothings/stb
Source0: %{url}/archive/%{commit}/stb-%{commit}.tar.gz
Source: %{url}/archive/%{commit}/stb-%{commit}.tar.gz
# Fix undefined behavior from array “shape-punning”
# https://github.com/nothings/stb/pull/1194
@ -54,34 +54,8 @@ Patch: %{url}/pull/1196.patch
# https://github.com/nothings/stb/pull/1198
Patch: %{url}/pull/1198.patch
# Candidate fix for:
# https://nvd.nist.gov/vuln/detail/CVE-2021-42715
#
# In stb_image's HDR reader, loading a specially constructed invalid HDR file
# can result in an infinite loop within the RLE decoder
# https://github.com/nothings/stb/issues/1224
#
# ----
#
# Additionally, this is a candidate fix for:
# https://nvd.nist.gov/vuln/detail/CVE-2021-42716
#
# stbi__pnm_load heap-buffer-overflow bug
# https://github.com/nothings/stb/issues/1166
#
# In stb_image's PNM reader, loading a specially constructed valid 16-bit PGM
# file with 4 channels can cause a crash due to an out-of-bounds read
# https://github.com/nothings/stb/issues/1225
#
# ----
#
# Fixes a crash and an infinite loop in stb_image that could occur with
# specially constructed PGM and HDR files
# https://github.com/nothings/stb/pull/1223
Patch: %{url}/pull/1223.patch
# Forward declare stbhw__process struct to fix warnings
# https://github.com/nothings/stb/pull/1225
# https://github.com/nothings/stb/pull/1236
#
# We dont see these warnings in the “compile tests”, but we can reproduce them
# by manually compiling tests/herringbone_map.c; a real user of the
@ -89,21 +63,138 @@ Patch: %{url}/pull/1223.patch
# patch shows it to be correct.
Patch: %{url}/pull/1236.patch
# Candidate fix for:
# https://nvd.nist.gov/vuln/detail/CVE-2022-28041
# Fixes null pointer dereference in https://github.com/nothings/stb/issues/1452
# https://github.com/nothings/stb/pull/1454
#
# stb_image.h v2.27 was discovered to contain an integer overflow via the
# function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers
# to cause a Denial of Service (DoS) via unspecified vectors.
# Fixes:
#
# UBSAN: integer overflow
# https://github.com/nothings/stb/issues/1292
# NULL pointer dereference in the stb_image.h
# https://github.com/nothings/stb/issues/1452
# NULL pointer derefence in PIC loading (CVE-2023-43898)
# https://github.com/nothings/stb/issues/1521
# Null pointer dereference in stbi__convert_format (GHSL-2023-149)
# https://github.com/nothings/stb/issues/1546
#
# ----
# An alternative and equivalent patch is:
#
# Additional stb_image fixes for bugs from ossfuzz and issues 1289, 1291, 1292, and 1293
# https://github.com/nothings/stb/pull/1297
Patch: %{url}/pull/1297.patch
# Fix Null pointer dereference in stbi__convert_format
# https://github.com/nothings/stb/pull/1547
Patch: %{url}/pull/1454.patch
# Fixed asan error on tiny input images
# https://github.com/nothings/stb/pull/1561
#
# Fixes:
#
# stb_image_resize2.h: Address Sanitizer error
# https://github.com/nothings/stb/issues/1526
Patch: %{url}/pull/1561.patch
# Fix integer overflow
# https://github.com/nothings/stb/pull/1530
#
# Fixes:
#
# Integer overflow in stbi__convert_8_to_16
# https://github.com/nothings/stb/issues/1529
Patch: %{url}/pull/1530.patch
# Add overflow checks
# https://github.com/nothings/stb/pull/1532
#
# Fixes:
#
# Integer overflow in stbi__load_gif_main
# https://github.com/nothings/stb/issues/1531
Patch: %{url}/pull/1532.patch
# Fix int overflow
# https://github.com/nothings/stb/pull/1534
#
# Fixes:
#
# Integer overflow in stbi__jpeg_decode_block
# https://github.com/nothings/stb/pull/1533
Patch: %{url}/pull/1534.patch
# Fix wild address read in stbi__gif_load_next
# https://github.com/nothings/stb/pull/1539
#
# Fixes:
#
# Wild address read in stbi__gif_load_next (GHSL-2023-145/CVE-2023-45661)
# https://github.com/nothings/stb/issues/1538
Patch: %{url}/pull/1539.patch
# Fix multi-byte read heap buffer overflow in stbi__vertical_flip
# https://github.com/nothings/stb/pull/1541
#
# Fixes:
#
# Multi-byte read heap buffer overflow in stbi__vertical_flip
# (GHSL-2023-146/CVE-2023-45662)
# https://github.com/nothings/stb/issues/1540
Patch: %{url}/pull/1541.patch
# Fix disclosure of uninitialized memory in stbi__tga_load
# https://github.com/nothings/stb/pull/1543
#
# Fixes:
#
# Disclosure of uninitialized memory in stbi__tga_load
# (GHSL-2023-147/CVE-2023-45663)
# https://github.com/nothings/stb/issues/1542
Patch: %{url}/pull/1543.patch
# Fix double-free in stbi__load_gif_main_outofmem
# https://github.com/nothings/stb/pull/1545
#
# Fixes:
#
# Double-free in stbi__load_gif_main_outofmem (GHSL-2023-148/CVE-2023-45664)
# https://github.com/nothings/stb/issues/1544
#
# Rebased on top of https://github.com/nothings/stb/pull/1539.
Patch: 0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch
# Fix possible double-free or memory leak in stbi__load_gif_main
# https://github.com/nothings/stb/pull/1549
#
# Fixes:
#
# Possible double-free or memory leak in stbi__load_gif_main
# (GHSL-2023-150/CVE-2023-45666)
# https://github.com/nothings/stb/issues/1548
#
# Rebased on top of https://github.com/nothings/stb/pull/1539 and
# https://github.com/nothings/stb/pull/1545.
Patch: 0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch
# Fix Null pointer dereference because of an uninitialized variable
# https://github.com/nothings/stb/pull/1551
#
# Fixes:
#
# Null pointer dereference because of an uninitialized variable
# (GHSL-2023-151/CVE-2023-45667)
# https://github.com/nothings/stb/issues/1550
#
# Rebased on top of https://github.com/nothings/stb/pull/1541.
Patch: 0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
# Fix 0 byte write heap buffer overflow in start_decoder
# https://github.com/nothings/stb/pull/1553
#
# Fixes:
#
# 0 byte write heap buffer overflow in start_decoder
# (GHSL-2023-165/CVE-2023-45675)
# https://github.com/nothings/stb/issues/1552
Patch: %{url}/pull/1553.patch
# riscv64 compile fix
Patch: fix-riscv64-compile-uintptr.patch
%global stb_c_lexer_version 0.12
%global stb_connected_components_version 0.96
@ -113,8 +204,9 @@ Patch: %{url}/pull/1297.patch
%global stb_easy_font_version 1.1
%global stb_herringbone_wang_tile_version 0.7
%global stb_hexwave_version 0.5
%global stb_image_version 2.27
%global stb_image_version 2.28
%global stb_image_resize_version 0.97
%global stb_image_resize2_version 2.02
%global stb_image_write_version 1.16
%global stb_include_version 0.2
%global stb_leakcheck_version 0.6
@ -165,8 +257,15 @@ Requires: stb_hexwave-devel%{?_isa} = %{stb_hexwave_version}%{snapinfo}-%{
Requires: stb_hexwave-static = %{stb_hexwave_version}%{snapinfo}-%{release}
Requires: stb_image-devel%{?_isa} = %{stb_image_version}%{snapinfo}-%{release}
Requires: stb_image-static = %{stb_image_version}%{snapinfo}-%{release}
# For compatibility, we still depend on the subpackages for the original,
# deprecated-upstream stb_image_library in existing stable releases, but we
# drop the dependendency going forward as an acknowledgement of its status.
%if 0%{?fc39} || 0%{?fc38} || 0%{?fc37} || 0%{?el9} || 0%{?el8} || 0%{?el7}
Requires: stb_image_resize-devel%{?_isa} = %{stb_image_resize_version}%{snapinfo}-%{release}
Requires: stb_image_resize-static = %{stb_image_resize_version}%{snapinfo}-%{release}
%endif
Requires: stb_image_resize2-devel%{?_isa} = %{stb_image_resize2_version}%{snapinfo}-%{release}
Requires: stb_image_resize2-static = %{stb_image_resize2_version}%{snapinfo}-%{release}
Requires: stb_image_write-devel%{?_isa} = %{stb_image_write_version}%{snapinfo}-%{release}
Requires: stb_image_write-static = %{stb_image_write_version}%{snapinfo}-%{release}
%if %{with stb_include}
@ -336,8 +435,11 @@ Primarily of interest to game developers and other people who can avoid
problematic images and only need the trivial interface.
# We still package (and have chosen not to deprecate) the original
# stb_image_resize even though upstream has deprecated it. We do not want to
# drive dependent packages back to bundling.
%package -n stb_image_resize-devel
Summary: Resize images larger/smaller with good quality
Summary: Resize images larger/smaller with good quality (original version)
Version: %{stb_image_resize_version}%{snapinfo}
Provides: stb_image_resize-static = %{stb_image_resize_version}%{snapinfo}-%{release}
@ -350,6 +452,19 @@ threads, so it be easily outperformed by libs that use those.) Only scaling and
translation is supported, no rotations or shears. Easy API downsamples
w/Mitchell filter, upsamples w/cubic interpolation.
This is the original version of the stb_image_resize library. It has been
deprecated by its developer; consider porting to stb_image_resize2 instead.
%package -n stb_image_resize2-devel
Summary: Resize images larger/smaller with good quality
Version: %{stb_image_resize2_version}%{snapinfo}
Provides: stb_image_resize2-static = %{stb_image_resize2_version}%{snapinfo}-%{release}
%description -n stb_image_resize2-devel
Image resizing.
%package -n stb_image_write-devel
Summary: Image writing to disk: PNG, TGA, BMP
@ -595,7 +710,8 @@ find . -type f -name '*.exe' -print -delete
# Remove some unused parts of the source tree that could contribute different
# (but acceptable) license terms if they were used—just to prove that we do not
# use them.
rm -rvf deprecated tests/caveview
rm -rvf tests/caveview
find deprecated -type f ! -name 'stb_image_resize.h' -print -delete
%if %{without stb_include}
sed -r -i '/#include[[:blank:]]+"stb_include.h"/d' tests/test_c_compilation.c
@ -605,7 +721,6 @@ sed -r -i '/#include[[:blank:]]+"stb_include.h"/d' tests/test_c_compilation.c
%build
# There is no compiled code to install, since all stb libraries are
# header-only. We do need to build the tests.
%set_build_flags
%make_build -C tests
@ -622,7 +737,8 @@ sed -r -i '/#include[[:blank:]]+"stb_include.h"/d' tests/test_c_compilation.c
# as a symbolic link to the former. This means most projects can unbundle the
# library without having to make their own local symlinks or patch their
# sources.
install -t '%{buildroot}%{_includedir}/stb' -p -m 0644 -D stb_*.h stb_*.c
install -t '%{buildroot}%{_includedir}/stb' -p -m 0644 -D \
stb_*.h stb_*.c deprecated/stb_image_resize.h
%if %{without stb_include}
rm -vf '%{buildroot}%{_includedir}/stb/stb_include.h'
%endif
@ -671,6 +787,7 @@ done <<'EOF'
%{stb_hexwave_version} stb_hexwave.h
%{stb_image_version} stb_image.h
%{stb_image_resize_version} stb_image_resize.h
%{stb_image_resize2_version} stb_image_resize2.h
%{stb_image_write_version} stb_image_write.h
%{stb_include_version} stb_include.h
%{stb_leakcheck_version} stb_leakcheck.h
@ -776,6 +893,14 @@ EOF
%{_includedir}/stb_image_resize.h
%files -n stb_image_resize2-devel
%license LICENSE
# Directory has shared ownership across stb subpackages:
%dir %{_includedir}/stb
%{_includedir}/stb/stb_image_resize2.h
%{_includedir}/stb_image_resize2.h
%files -n stb_image_write-devel
%license LICENSE
# Directory has shared ownership across stb subpackages: