On Wed, Jan 19, 2022 at 10:53:23PM +0000, Thorsten Alteholz wrote:
>...
> +libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium
> +
> + * Non-maintainer upload by the LTS Team.
> + * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble
> + in audio/SDL_wave.c.
> + * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM
> + in audio/SDL_wave.c.
> + * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode
> + in audio/SDL_wave.c.
> + * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode
> + in audio/SDL_wave.c.
> + * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM
> + in audio/SDL_wave.c.
> + * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW
> + in audio/SDL_wave.c.
> + * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM
> + in audio/SDL_wave.c.
> + * CVE-2019-7635: Heap-based buffer over-read in Blit1to4
> + in video/SDL_blit_1.c.
> + * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB
> + in video/SDL_pixels.c.
> + * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect
> + in video/SDL_surface.c.
> + * CVE-2019-7638: Heap-based buffer over-read in Map1toN
> + in video/SDL_pixels.c.
> + * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN
> + in video/SDL_blit_N.c.
> + (patches prepared for LTS by Adrian Bunk)
> +
> + -- Thorsten Alteholz <deb...@alteholz.de> Wed, 19 Jan 2022 23:03:02 +0100
>...
I'd suggest backporting the bullseye/bookworm/sid version instead.
Additional changes are:
* One patch has a different name.
[ Debian Janitor ]
* Trim trailing whitespace.
* Re-export upstream signing key without extra signatures.
[ Maximilian Engelhardt ]
* SDL_x11events.c: properly handle input focus events (Closes: #980253)
#980253 is a regression due to a change in the X server in buster,
so desirable to include.
Everything else is just harmless noise.
The only open bug in the BTS against a post-buster version is #981204
("drop unused Build-Depends").
diffstat compared to buster:
changelog | 26 ++
control | 2
patches/CVE-2019-13616.patch | 22 ++
patches/CVE-2019-7572_CVE-2019-7574.patch | 105 ++++++++++
patches/CVE-2019-7573.patch | 66 ++++++
patches/CVE-2019-7575_7577.patch | 78 +++++++
patches/CVE-2019-7577-1_2.patch | 32 +++
patches/CVE-2019-7578.patch | 53 +++++
patches/CVE-2019-7635_636_638.patch | 81 ++++++++
patches/CVE-2019-7637-2.patch | 46 ++++
patches/CVE-2019-7637.patch | 207 +++++++++++++++++++++
patches/properly_handle_focus_events.patch | 44 ++++
patches/series | 10 +
upstream/signing-key.asc | 57 +----
14 files changed, 781 insertions(+), 48 deletions(-)
diffstat compared to your proposed update:
changelog | 51 ++++++++----------
control | 2
patches/CVE-2019-7637-2.patch | 46 ++++++++++++++++
patches/CVE-2019-7637-followup.patch | 37 -------------
patches/properly_handle_focus_events.patch | 44 ++++++++++++++++
patches/series | 5 -
upstream/signing-key.asc | 57 +++------------------
7 files changed, 126 insertions(+), 116 deletions(-)
Both debdiffs are attached.
cu
Adrian
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/changelog
libsdl1.2-1.2.15+dfsg2/debian/changelog
--- libsdl1.2-1.2.15+dfsg2/debian/changelog 2022-01-20 00:03:02.000000000
+0200
+++ libsdl1.2-1.2.15+dfsg2/debian/changelog 2021-02-18 09:52:57.000000000
+0200
@@ -1,33 +1,28 @@
-libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium
+libsdl1.2 (1.2.15+dfsg2-6) unstable; urgency=medium
- * Non-maintainer upload by the LTS Team.
- * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble
- in audio/SDL_wave.c.
- * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM
- in audio/SDL_wave.c.
- * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode
- in audio/SDL_wave.c.
- * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode
- in audio/SDL_wave.c.
- * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM
- in audio/SDL_wave.c.
- * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW
- in audio/SDL_wave.c.
- * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM
- in audio/SDL_wave.c.
- * CVE-2019-7635: Heap-based buffer over-read in Blit1to4
- in video/SDL_blit_1.c.
- * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB
- in video/SDL_pixels.c.
- * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect
- in video/SDL_surface.c.
- * CVE-2019-7638: Heap-based buffer over-read in Map1toN
- in video/SDL_pixels.c.
- * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN
- in video/SDL_blit_N.c.
- (patches prepared for LTS by Adrian Bunk)
+ * Team upload.
- -- Thorsten Alteholz <deb...@alteholz.de> Wed, 19 Jan 2022 23:03:02 +0100
+ [ Debian Janitor ]
+ * Trim trailing whitespace.
+ * Re-export upstream signing key without extra signatures.
+
+ [ Maximilian Engelhardt ]
+ * SDL_x11events.c: properly handle input focus events (Closes: #980253)
+
+ -- Fabian Greffrath <fab...@debian.org> Thu, 18 Feb 2021 08:52:57 +0100
+
+libsdl1.2 (1.2.15+dfsg2-5) unstable; urgency=medium
+
+ [ Abhijith PA ]
+ * Fix CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575
+ CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636
+ CVE-2019-7637, CVE-2019-7638
+ (Closes: #924609)
+
+ [ Felix Geyer ]
+ * Fix CVE-2019-13616
+
+ -- Felix Geyer <fge...@debian.org> Tue, 17 Sep 2019 22:34:12 +0200
libsdl1.2 (1.2.15+dfsg2-4) unstable; urgency=medium
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/control
libsdl1.2-1.2.15+dfsg2/debian/control
--- libsdl1.2-1.2.15+dfsg2/debian/control 2018-10-20 15:23:36.000000000
+0300
+++ libsdl1.2-1.2.15+dfsg2/debian/control 2021-02-18 09:49:00.000000000
+0200
@@ -8,7 +8,7 @@
Rules-Requires-Root: no
Build-Depends: debhelper (>= 11~),
nasm [any-i386],
- libx11-dev,
+ libx11-dev,
libxext-dev,
libxt-dev,
libxv-dev,
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-2.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-2.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-2.patch 1970-01-01
02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-2.patch 2021-02-18
09:49:00.000000000 +0200
@@ -0,0 +1,46 @@
+# HG changeset patch
+# User Ozkan Sezer <seze...@gmail.com>
+# Date 1564695305 -10800
+# Node ID 32075e9e2135b4a244d13c8be9bb5e5c2ae554ec
+# Parent 37d0eba8fa178404c8128850c26a06d47a2b75de
+fix copy+paste mistakes in commit 9b0e5c555c0f (CVE-2019-7637 fix):
+
+http://hg.libsdl.org/SDL/rev/9b0e5c555c0f made copy+paste mistakes which
+resulted in windows versions failing to set video mode.
+
+diff -r 37d0eba8fa17 -r 32075e9e2135 src/video/gapi/SDL_gapivideo.c
+--- a/src/video/gapi/SDL_gapivideo.c Wed Jul 31 23:50:10 2019 +0300
++++ b/src/video/gapi/SDL_gapivideo.c Fri Aug 02 00:35:05 2019 +0300
+@@ -733,7 +733,7 @@
+ video->w = gapi->w = width;
+ video->h = gapi->h = height;
+ video->pitch = SDL_CalculatePitch(video);
+- if (!current->pitch) {
++ if (!video->pitch) {
+ return(NULL);
+ }
+
+diff -r 37d0eba8fa17 -r 32075e9e2135 src/video/windib/SDL_dibvideo.c
+--- a/src/video/windib/SDL_dibvideo.c Wed Jul 31 23:50:10 2019 +0300
++++ b/src/video/windib/SDL_dibvideo.c Fri Aug 02 00:35:05 2019 +0300
+@@ -675,7 +675,7 @@
+ video->w = width;
+ video->h = height;
+ video->pitch = SDL_CalculatePitch(video);
+- if (!current->pitch) {
++ if (!video->pitch) {
+ return(NULL);
+ }
+
+diff -r 37d0eba8fa17 -r 32075e9e2135 src/video/windx5/SDL_dx5video.c
+--- a/src/video/windx5/SDL_dx5video.c Wed Jul 31 23:50:10 2019 +0300
++++ b/src/video/windx5/SDL_dx5video.c Fri Aug 02 00:35:05 2019 +0300
+@@ -1127,7 +1127,7 @@
+ video->w = width;
+ video->h = height;
+ video->pitch = SDL_CalculatePitch(video);
+- if (!current->pitch) {
++ if (!video->pitch) {
+ return(NULL);
+ }
+
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-followup.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-followup.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-followup.patch
2022-01-20 00:03:02.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-followup.patch
1970-01-01 02:00:00.000000000 +0200
@@ -1,37 +0,0 @@
-Description: fix regression caused by the CVE-2019-7637 fix
- copy and paste issue introduced in CVE-2019-7637.patch.
-Author: Ozkan Sezer <seze...@gmail.com>
-Origin: upstream, https://hg.libsdl.org/SDL/rev/32075e9e2135
---- a/src/video/gapi/SDL_gapivideo.c 2019-10-09 10:07:49.000000000 +0200
-+++ b/src/video/gapi/SDL_gapivideo.c 2019-10-09 10:13:50.170473193 +0200
-@@ -733,7 +733,7 @@
- video->w = gapi->w = width;
- video->h = gapi->h = height;
- video->pitch = SDL_CalculatePitch(video);
-- if (!current->pitch) {
-+ if (!video->pitch) {
- return(NULL);
- }
-
---- a/src/video/windib/SDL_dibvideo.c 2019-10-09 10:07:49.000000000 +0200
-+++ b/src/video/windib/SDL_dibvideo.c 2019-10-09 10:14:16.394299818 +0200
-@@ -675,7 +675,7 @@
- video->w = width;
- video->h = height;
- video->pitch = SDL_CalculatePitch(video);
-- if (!current->pitch) {
-+ if (!video->pitch) {
- return(NULL);
- }
-
---- a/src/video/windx5/SDL_dx5video.c 2019-10-09 10:07:49.000000000 +0200
-+++ b/src/video/windx5/SDL_dx5video.c 2019-10-09 10:14:41.082136703 +0200
-@@ -1127,7 +1127,7 @@
- video->w = width;
- video->h = height;
- video->pitch = SDL_CalculatePitch(video);
-- if (!current->pitch) {
-+ if (!video->pitch) {
- return(NULL);
- }
-
diff -Nru
libsdl1.2-1.2.15+dfsg2/debian/patches/properly_handle_focus_events.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/properly_handle_focus_events.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/properly_handle_focus_events.patch
1970-01-01 02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/properly_handle_focus_events.patch
2021-02-18 09:52:41.000000000 +0200
@@ -0,0 +1,44 @@
+Description: SDL_x11events.c: properly handle input focus events
+ The Xorg xserver changed to send focus events on grab changes in [1]. This
+ patch backports upstream changes [2] and [3] from libsdl2 to libsdl1.2 to
+ properly handle (ignore) those events. Without this patch the focus events
+ will interfere with keyboard handling and cause e.g. sudden stop in games
+ while the forward key is still being pressed.
+ .
+ [1]
https://cgit.freedesktop.org/xorg/xserver/commit/?id=c67f2eac56518163981af59f5accb7c79bc00f6a
+ [2] https://hg.libsdl.org/SDL/rev/a1c4c17410e8
+ [3] https://hg.libsdl.org/SDL/rev/764129077d18
+Author: Maximilian Engelhardt <m...@daemonizer.de>
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=5426
+Bug-Debian: https://bugs.debian.org/980253
+Applied-Upstream: https://hg.libsdl.org/SDL/rev/336bcaa9432c
+--- a/src/video/x11/SDL_x11events.c
++++ b/src/video/x11/SDL_x11events.c
+@@ -457,6 +457,13 @@
+
+ /* Gaining input focus? */
+ case FocusIn: {
++ if (xevent.xfocus.mode == NotifyGrab || xevent.xfocus.mode ==
NotifyUngrab) {
++ /* Someone is handling a global hotkey, ignore it */
++#ifdef DEBUG_XEVENTS
++ printf("FocusIn (NotifyGrab/NotifyUngrab, ignoring)\n");
++#endif
++ break;
++ }
+ #ifdef DEBUG_XEVENTS
+ printf("FocusIn!\n");
+ #endif
+@@ -475,6 +482,13 @@
+
+ /* Losing input focus? */
+ case FocusOut: {
++ if (xevent.xfocus.mode == NotifyGrab || xevent.xfocus.mode ==
NotifyUngrab) {
++ /* Someone is handling a global hotkey, ignore it */
++#ifdef DEBUG_XEVENTS
++ printf("FocusOut (NotifyGrab/NotifyUngrab, ignoring)\n");
++#endif
++ break;
++ }
+ #ifdef DEBUG_XEVENTS
+ printf("FocusOut!\n");
+ #endif
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/series
libsdl1.2-1.2.15+dfsg2/debian/patches/series
--- libsdl1.2-1.2.15+dfsg2/debian/patches/series 2022-01-20
00:03:02.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/series 2021-02-18
09:52:41.000000000 +0200
@@ -7,14 +7,13 @@
sdl-check-for-SDL_VIDEO_X11_BACKINGSTORE.patch
avoid_maybe_non-DFSG_file.patch
SDL-1.2.15-vec_perm-ppc64le.patch
-
CVE-2019-7572_CVE-2019-7574.patch
CVE-2019-7573.patch
CVE-2019-7575_7577.patch
CVE-2019-7578.patch
CVE-2019-7635_636_638.patch
CVE-2019-7637.patch
+CVE-2019-7637-2.patch
CVE-2019-7577-1_2.patch
-CVE-2019-7637-followup.patch
CVE-2019-13616.patch
-
+properly_handle_focus_events.patch
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/upstream/signing-key.asc
libsdl1.2-1.2.15+dfsg2/debian/upstream/signing-key.asc
--- libsdl1.2-1.2.15+dfsg2/debian/upstream/signing-key.asc 2018-10-19
20:57:31.000000000 +0300
+++ libsdl1.2-1.2.15+dfsg2/debian/upstream/signing-key.asc 2021-02-18
09:49:00.000000000 +0200
@@ -1,5 +1,4 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1
mQGiBDpWOb0RBADQwd3d9mzt6KzqlsgXf9mikBuMbpKzYs1SBKYpdzUs9sRY0CnH
vCQTrL5sI57yKLnqEl6SbIiE75ZwrSWwvUDFFTh35Jew5nPZwv64en2kw2y4qrnJ
@@ -11,50 +10,14 @@
QMVuM883LPE59btNzFTAZjlzzIMiaXf5h9EkDARTGQ1wFiO3V5vIbVLh4kAoNfpT
egy7bYn3UrlbKg3V2DbCdEXm1zQufZzK7T0yenA5Ps8xXX7mNrQhU2FtIExhbnRp
bmdhIDxzbG91a2VuQGxpYnNkbC5vcmc+iFcEExECABcFAjpWOb0FCwcKAwQDFQMC
-AxYCAQIXgAAKCRAwpZN3p3Y75t9RAJ48WI+nOPes0WK7t381Ij4JfSYxWQCgjpMa
-Dg3/ah23HZhYtTKtHUzD9ziIRgQQEQIABgUCOoivfAAKCRAAUOX6oWT9DUfdAJ98
-VF1sQJzLBlnEaxwShI7kiJhu0gCgi6RmNv7uvdWcFrx44bIQW6PmeSWIRgQQEQIA
-BgUCOqpvNwAKCRBFGL4/Itst46hqAJ9bnBc6ITeOHrHMpe3GqQ82phQvIQCeL+rF
-bvxq0Zkymxzvpo6f0PQRXoOIRgQQEQIABgUCOsmb0QAKCRDsNH1Owq8moK5WAJwL
-Rg3R4hST2QNQo55DeSSrVdOGkgCfXb2L6H/9lHv6fuEiHS0QI7ZntuiIRgQQEQIA
-BgUCOy1cOAAKCRCWH0qNRXUpuvz8AKDN6Fq5lxOKpKvHvW47D2JbElIgnQCgjLKm
-AsI+jIl61AkGx4QUx2W2jz2IRgQQEQIABgUCPuDQVQAKCRCHKI2OXqAN77RsAKDD
-R0ZHqyC5F+q0kwAko/Sah6UQ5ACg23xKp8AQn5okh+JdV1bTg+fiMk6IRgQQEQIA
-BgUCSD7jIQAKCRCEaROH9mEvTubsAJ9xaD1kfgRr9V1mm8rKfcV/C5czOACgjs/s
-xHvBK0pZhYeMOzCTC8f98VSIRgQSEQIABgUCQYTQkwAKCRBZmXci2GQ9aTkYAJwK
-djDIIkXr0324uhSwMl167EaYQgCfTSn6/HDaS7c7G5I+iLrd6K3EKsuIVwQTEQIA
-FwUCOlY5vQULBwoDBAMVAwIDFgIBAheAAAoJEDClk3endjvm31EAnj+2HLP9MN0j
-cKu4rCzMXZG4dlh4AJwNLRbvQk14n6OED1rmPbbQrd3ds4kBHAQQAQIABgUCUSlA
-SwAKCRC8igP+iWp3vvORB/40VfgODA2qXRFJ9ws4i5QBcF84lPnecxWP89tOd2SG
-VrT4Ttq3fukRr02bnfooC8pEsd/q9Dpl0x5RR1LXL0IQI7RBB63DmrIwUkWRit2J
-+yAjN+8ajujv/Yja3GCVOz+gCOFrlBRgudrevS7L/2pkVrG706GHTvDF3mflrnP4
-JOmGLQmQi2iS5lmvfrt735+2WhWgLLyvjLwQ/FmYMPeIBwxt1f7/QQpVFGBR+Xi1
-RTQ9AYxPYA3dkZNAQJaeMoQOxGHZg4T6ORx9YdQD0kJWVQNxDvJ868co3BxX7e64
-EZrV0wqUy9ZeioxvESV/BS8i+HJ0AOmTqCIKsmHqZ3BgiQEcBBMBAgAGBQJA4Dg8
-AAoJEAuerLG7Symnm/YH/28kPjtCBCOdH/+K7eDE3LGRczXfG1y858cUUyXuofQo
-42O2u/RUHd6305ZtAKTBDwL8Iz6srLokhbeBvc6QalbrfOZ51W7K2s9lUf4D3N7r
-sAdNH7hH+S4jRTrjpobLepA/8CtNH/6gaX2Xx65lIiUpe/jVys91w4vKGnbBwegD
-UZ4BeoA2cGpDih5GT8gnNGIN9fv1ku2IW/v4/7j/TXu1ZzklsTeYNzMp01cXqpFc
-ObOhcpEVfwfwdNgF2HyoK/beuTILaN369L3QTR+2DXz2I10fAYUi4FmaC+tnuTcQ
-UR1nVZupKK+DW3COb9J8CT7hGyYyab1SpPtHpmooLYOJAhwEEAECAAYFAklzvZAA
-CgkQ9XofcAgkdty08Q/+MXVyhq/vrOt5u54JInoDIajHNE9h3cWvWV43emx364J0
-cN46glkhCRjVgUsFEk3kHGQgc+Qmix0vGn1aEgqso6yL9OVNUX+8z6WoOFuyQslI
-VDA5XPTkAZ3iVemZqvTw1LlquR+/XbRER2Qtg4tPI5kBPMPUl5hb4bKiHPnUFb6j
-tLvP3yDa2Uab9eEwXZkCKg4jjKiayk1RqcHQ2h9jL9BymyxY5S4OpbO/8Hw9OOgp
-Pm7+cqbshqO7s9cjQ6FK4oPKS6qY8MDVog1fJbePB5aQtC9szWIXTZIn/7CTYinY
-S7o7J53ZdUw4aeNdzI+p7NiJ75RXDQ++UpiPEG5SPP5eBFTxMzqGG0/ePlXUgihP
-nFvqdVAxFphm67FWzVIpKWKn1io6A1fc7ozKUMuOmbO7DwnyLmYyme33Zw2WUrr4
-lKJomp7cmz+r3byrFAinPY7erhuuHWKIHdibdTjGNUZG5Rp9r3Y2Fjdxw+StJdE9
-q2T2esWXIWoc9vOdJvjmM0b8C3Yx3f6T46pnXbusM9p4xlSQ0KkVYZdk3CR0MFvr
-YLYzxCAp/6M95UKvFCPhgWUuKyLQWfxVtIfVmbImGT4+1rJaJ7VcaD2gYDqD4PSo
-LaZWm1Z9YJlC2GMMLbi53pU+ur+oSWjm/gT1QmplQENbF4UXcb2/CnN3IeuHK+K5
-AQ0EOlY5wxAEAPvjB0B5RNAj8hBF/Lq78w5rJ1/f5RqWXmdfxApuEE/9OEFXUSUX
-ms9f/IWvySdyf48Pk4t2h8b8i7F0f3R+tcCp6m0Pt1BSNHYumfmtonTy5FHqpwBV
-lEi7I0s5mD3kxO+k8PQbATHH5smFnoz2UTc+MzQjUdtTzXUkUgqvf9zTAAMGA/9Y
-/h6rhi3YYXeI6SmbXqcmzsQKzaWVhLew67szejnYsKIJ1ja4MefYlthCXgmIBriN
-ftxIGtBI0Pcmzwpn0eknRNK6NgpmESbGKCWh59JeiAK5hdBPe47LSFVct5zSO9vQ
-hRDyLzhzPPtB3XeoKTUkLWxBSLbeZVwcHPIK/wLal4hGBBgRAgAGBQI6VjnDAAoJ
-EDClk3endjvmxmUAn3Ne6Z3UULpie8RJP15RBt6K2MWFAJ9hK/Ls/FeBJ9d50qxm
-YdZ2RrTXNg==
-=59LX
+AxYCAQIXgAAKCRAwpZN3p3Y75t9RAJ4/thyz/TDdI3CruKwszF2RuHZYeACcDS0W
+70JNeJ+jhA9a5j220K3d3bO5AQ0EOlY5wxAEAPvjB0B5RNAj8hBF/Lq78w5rJ1/f
+5RqWXmdfxApuEE/9OEFXUSUXms9f/IWvySdyf48Pk4t2h8b8i7F0f3R+tcCp6m0P
+t1BSNHYumfmtonTy5FHqpwBVlEi7I0s5mD3kxO+k8PQbATHH5smFnoz2UTc+MzQj
+UdtTzXUkUgqvf9zTAAMGA/9Y/h6rhi3YYXeI6SmbXqcmzsQKzaWVhLew67szejnY
+sKIJ1ja4MefYlthCXgmIBriNftxIGtBI0Pcmzwpn0eknRNK6NgpmESbGKCWh59Je
+iAK5hdBPe47LSFVct5zSO9vQhRDyLzhzPPtB3XeoKTUkLWxBSLbeZVwcHPIK/wLa
+l4hGBBgRAgAGBQI6VjnDAAoJEDClk3endjvmxmUAn3Ne6Z3UULpie8RJP15RBt6K
+2MWFAJ9hK/Ls/FeBJ9d50qxmYdZ2RrTXNg==
+=UAuY
-----END PGP PUBLIC KEY BLOCK-----
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/changelog
libsdl1.2-1.2.15+dfsg2/debian/changelog
--- libsdl1.2-1.2.15+dfsg2/debian/changelog 2018-10-25 02:47:02.000000000
+0300
+++ libsdl1.2-1.2.15+dfsg2/debian/changelog 2021-02-18 09:52:57.000000000
+0200
@@ -1,3 +1,29 @@
+libsdl1.2 (1.2.15+dfsg2-6) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Debian Janitor ]
+ * Trim trailing whitespace.
+ * Re-export upstream signing key without extra signatures.
+
+ [ Maximilian Engelhardt ]
+ * SDL_x11events.c: properly handle input focus events (Closes: #980253)
+
+ -- Fabian Greffrath <fab...@debian.org> Thu, 18 Feb 2021 08:52:57 +0100
+
+libsdl1.2 (1.2.15+dfsg2-5) unstable; urgency=medium
+
+ [ Abhijith PA ]
+ * Fix CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575
+ CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636
+ CVE-2019-7637, CVE-2019-7638
+ (Closes: #924609)
+
+ [ Felix Geyer ]
+ * Fix CVE-2019-13616
+
+ -- Felix Geyer <fge...@debian.org> Tue, 17 Sep 2019 22:34:12 +0200
+
libsdl1.2 (1.2.15+dfsg2-4) unstable; urgency=medium
* d/rules: Add @ in 'tar --mtime="@$(SOURCE_DATE_EPOCH)"', otherwise the
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/control
libsdl1.2-1.2.15+dfsg2/debian/control
--- libsdl1.2-1.2.15+dfsg2/debian/control 2018-10-20 15:23:36.000000000
+0300
+++ libsdl1.2-1.2.15+dfsg2/debian/control 2021-02-18 09:49:00.000000000
+0200
@@ -8,7 +8,7 @@
Rules-Requires-Root: no
Build-Depends: debhelper (>= 11~),
nasm [any-i386],
- libx11-dev,
+ libx11-dev,
libxext-dev,
libxt-dev,
libxv-dev,
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-13616.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-13616.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-13616.patch 1970-01-01
02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-13616.patch 2021-02-18
09:49:00.000000000 +0200
@@ -0,0 +1,22 @@
+# HG changeset patch
+# User Ozkan Sezer <seze...@gmail.com>
+# Date 1564511424 -10800
+# Node ID ad1bbfbca760cbf5bf8131580b24637e5e7d9411
+# Parent 87d60cae0273307b2721685daf3265de5dfda634
+Fixed bug 4538 - validate image size when loading BMP files
+
+diff -r 87d60cae0273 -r ad1bbfbca760 src/video/SDL_bmp.c
+--- a/src/video/SDL_bmp.c Tue Jun 18 23:31:40 2019 +0100
++++ b/src/video/SDL_bmp.c Tue Jul 30 21:30:24 2019 +0300
+@@ -143,6 +143,11 @@
+ (void) biYPelsPerMeter;
+ (void) biClrImportant;
+
++ if (biWidth <= 0 || biHeight == 0) {
++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth,
biHeight);
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ if (biHeight < 0) {
+ topDown = SDL_TRUE;
+ biHeight = -biHeight;
diff -Nru
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7572_CVE-2019-7574.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7572_CVE-2019-7574.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7572_CVE-2019-7574.patch
1970-01-01 02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7572_CVE-2019-7574.patch
2021-02-18 09:49:00.000000000 +0200
@@ -0,0 +1,105 @@
+Description: CVE-2019-7572, CVE-2019-7574
+ CVE-2019-7572: a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
+ CVE-2019-7574: a heap-based buffer over-read in IMA_ADPCM_decode in
audio/SDL_wave.c.
+
+---
+Author: Abhijith PA <abhij...@debian.org>
+Origin: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3610
+ https://bugzilla.libsdl.org/attachment.cgi?id=3612
+ https://bugzilla.libsdl.org/attachment.cgi?id=3618
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4496
+ https://bugzilla.libsdl.org/show_bug.cgi?id=4495
+Last-Update: <2018-03-05>
+
+Index: libsdl1.2-1.2.15/src/audio/SDL_wave.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/audio/SDL_wave.c
++++ libsdl1.2-1.2.15/src/audio/SDL_wave.c
+@@ -264,6 +264,14 @@ static Sint32 IMA_ADPCM_nibble(struct IM
+ };
+ Sint32 delta, step;
+
++ /* Clamp index value. The inital value can be invalid. */
++ if ( state->index > 88 ) {
++ state->index = 88;
++ } else
++ if ( state->index < 0 ) {
++ state->index = 0;
++ }
++
+ /* Compute difference and new sample value */
+ step = step_table[state->index];
+ delta = step >> 3;
+@@ -275,12 +283,6 @@ static Sint32 IMA_ADPCM_nibble(struct IM
+
+ /* Update index value */
+ state->index += index_table[nybble];
+- if ( state->index > 88 ) {
+- state->index = 88;
+- } else
+- if ( state->index < 0 ) {
+- state->index = 0;
+- }
+
+ /* Clamp output sample */
+ if ( state->sample > max_audioval ) {
+@@ -323,7 +325,7 @@ static void Fill_IMA_ADPCM_block(Uint8 *
+ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ struct IMA_ADPCM_decodestate *state;
+- Uint8 *freeable, *encoded, *decoded;
++ Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end;
+ Sint32 encoded_len, samplesleft;
+ unsigned int c, channels;
+
+@@ -339,6 +341,7 @@ static int IMA_ADPCM_decode(Uint8 **audi
+ /* Allocate the proper sized output buffer */
+ encoded_len = *audio_len;
+ encoded = *audio_buf;
++ encoded_end = encoded + encoded_len;
+ freeable = *audio_buf;
+ *audio_len = (encoded_len/IMA_ADPCM_state.wavefmt.blockalign) *
+ IMA_ADPCM_state.wSamplesPerBlock*
+@@ -349,11 +352,13 @@ static int IMA_ADPCM_decode(Uint8 **audi
+ return(-1);
+ }
+ decoded = *audio_buf;
++ decoded_end = decoded + *audio_len;
+
+ /* Get ready... Go! */
+ while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) {
+ /* Grab the initial information for this block */
+ for ( c=0; c<channels; ++c ) {
++ if (encoded + 4 > encoded_end) goto invalid_size;
+ /* Fill the state information for this block */
+ state[c].sample = ((encoded[1]<<8)|encoded[0]);
+ encoded += 2;
+@@ -367,6 +372,7 @@ static int IMA_ADPCM_decode(Uint8 **audi
+ }
+
+ /* Store the initial sample we start with */
++ if (decoded + 2 > decoded_end) goto invalid_size;
+ decoded[0] = (Uint8)(state[c].sample&0xFF);
+ decoded[1] = (Uint8)(state[c].sample>>8);
+ decoded += 2;
+@@ -376,6 +382,9 @@ static int IMA_ADPCM_decode(Uint8 **audi
+ samplesleft = (IMA_ADPCM_state.wSamplesPerBlock-1)*channels;
+ while ( samplesleft > 0 ) {
+ for ( c=0; c<channels; ++c ) {
++ if (encoded + 4 > encoded_end) goto
invalid_size;
++ if (decoded + 4 * 4 * channels > decoded_end)
++ goto invalid_size;
+ Fill_IMA_ADPCM_block(decoded, encoded,
+ c, channels, &state[c]);
+ encoded += 4;
+@@ -387,6 +396,10 @@ static int IMA_ADPCM_decode(Uint8 **audi
+ }
+ SDL_free(freeable);
+ return(0);
++ invalid_size:
++ SDL_SetError("Unexpected chunk length for an IMA ADPCM decoder");
++ SDL_free(freeable);
++ return(-1);
+ }
+
+ SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWops *src, int freesrc,
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7573.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7573.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7573.patch 1970-01-01
02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7573.patch 2021-02-18
09:49:00.000000000 +0200
@@ -0,0 +1,66 @@
+Description: CVE-2019-7573
+ a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the
+ wNumCoef loop).
+
+---
+Author: Abhijith PA <abhij...@debian.org>
+Origin: https://bugzilla.libsdl.org/attachment.cgi?id=3620
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4491
+Last-Update: 2019-03-05
+
+--- libsdl1.2-1.2.15.orig/src/audio/SDL_wave.c
++++ libsdl1.2-1.2.15/src/audio/SDL_wave.c
+@@ -44,12 +44,13 @@ static struct MS_ADPCM_decoder {
+ struct MS_ADPCM_decodestate state[2];
+ } MS_ADPCM_state;
+
+-static int InitMS_ADPCM(WaveFMT *format)
++static int InitMS_ADPCM(WaveFMT *format, int length)
+ {
+- Uint8 *rogue_feel;
++ Uint8 *rogue_feel, *rogue_feel_end;
+ int i;
+
+ /* Set the rogue pointer to the MS_ADPCM specific data */
++ if (length < sizeof(*format)) goto too_short;
+ MS_ADPCM_state.wavefmt.encoding = SDL_SwapLE16(format->encoding);
+ MS_ADPCM_state.wavefmt.channels = SDL_SwapLE16(format->channels);
+ MS_ADPCM_state.wavefmt.frequency = SDL_SwapLE32(format->frequency);
+@@ -58,9 +59,11 @@ static int InitMS_ADPCM(WaveFMT *format)
+ MS_ADPCM_state.wavefmt.bitspersample =
+ SDL_SwapLE16(format->bitspersample);
+ rogue_feel = (Uint8 *)format+sizeof(*format);
++ rogue_feel_end = (Uint8 *)format + length;
+ if ( sizeof(*format) == 16 ) {
+ rogue_feel += sizeof(Uint16);
+ }
++ if (rogue_feel + 4 > rogue_feel_end) goto too_short;
+ MS_ADPCM_state.wSamplesPerBlock = ((rogue_feel[1]<<8)|rogue_feel[0]);
+ rogue_feel += sizeof(Uint16);
+ MS_ADPCM_state.wNumCoef = ((rogue_feel[1]<<8)|rogue_feel[0]);
+@@ -70,12 +73,16 @@ static int InitMS_ADPCM(WaveFMT *format)
+ return(-1);
+ }
+ for ( i=0; i<MS_ADPCM_state.wNumCoef; ++i ) {
++ if (rogue_feel + 4 > rogue_feel_end) goto too_short;
+ MS_ADPCM_state.aCoeff[i][0] =
((rogue_feel[1]<<8)|rogue_feel[0]);
+ rogue_feel += sizeof(Uint16);
+ MS_ADPCM_state.aCoeff[i][1] =
((rogue_feel[1]<<8)|rogue_feel[0]);
+ rogue_feel += sizeof(Uint16);
+ }
+ return(0);
++too_short:
++ SDL_SetError("Unexpected length of a chunk with a MS ADPCM format");
++ return(-1);
+ }
+
+ static Sint32 MS_ADPCM_nibble(struct MS_ADPCM_decodestate *state,
+@@ -474,7 +481,7 @@ SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWop
+ break;
+ case MS_ADPCM_CODE:
+ /* Try to understand this */
+- if ( InitMS_ADPCM(format) < 0 ) {
++ if ( InitMS_ADPCM(format, lenread) < 0 ) {
+ was_error = 1;
+ goto done;
+ }
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7575_7577.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7575_7577.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7575_7577.patch
1970-01-01 02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7575_7577.patch
2021-02-18 09:49:00.000000000 +0200
@@ -0,0 +1,78 @@
+Description: CVE-2019-7575, CVE-2019-7577
+ CVE-2019-7575
+a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
+ CVE-2019-7577
+a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
+
+---
+Author: Abhijith PA <abhij...@debian.org>
+Origin: https://bugzilla.libsdl.org/attachment.cgi?id=3609
+ https://bugzilla.libsdl.org/attachment.cgi?id=3608
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
+ https://bugzilla.libsdl.org/show_bug.cgi?id=4492
+Last-Update: 2019-03-05
+
+--- libsdl1.2-1.2.15.orig/src/audio/SDL_wave.c
++++ libsdl1.2-1.2.15/src/audio/SDL_wave.c
+@@ -122,7 +122,7 @@ static Sint32 MS_ADPCM_nibble(struct MS_
+ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+ struct MS_ADPCM_decodestate *state[2];
+- Uint8 *freeable, *encoded, *decoded;
++ Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end;
+ Sint32 encoded_len, samplesleft;
+ Sint8 nybble, stereo;
+ Sint16 *coeff[2];
+@@ -131,6 +131,7 @@ static int MS_ADPCM_decode(Uint8 **audio
+ /* Allocate the proper sized output buffer */
+ encoded_len = *audio_len;
+ encoded = *audio_buf;
++ encoded_end = encoded + encoded_len;
+ freeable = *audio_buf;
+ *audio_len = (encoded_len/MS_ADPCM_state.wavefmt.blockalign) *
+ MS_ADPCM_state.wSamplesPerBlock*
+@@ -141,6 +142,7 @@ static int MS_ADPCM_decode(Uint8 **audio
+ return(-1);
+ }
+ decoded = *audio_buf;
++ decoded_end = decoded + *audio_len;
+
+ /* Get ready... Go! */
+ stereo = (MS_ADPCM_state.wavefmt.channels == 2);
+@@ -148,6 +150,7 @@ static int MS_ADPCM_decode(Uint8 **audio
+ state[1] = &MS_ADPCM_state.state[stereo];
+ while ( encoded_len >= MS_ADPCM_state.wavefmt.blockalign ) {
+ /* Grab the initial information for this block */
++ if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto
invalid_size;
+ state[0]->hPredictor = *encoded++;
+ if ( stereo ) {
+ state[1]->hPredictor = *encoded++;
+@@ -174,6 +177,7 @@ static int MS_ADPCM_decode(Uint8 **audio
+ coeff[1] = MS_ADPCM_state.aCoeff[state[1]->hPredictor];
+
+ /* Store the two initial samples we start with */
++ if (decoded + 4 + (stereo ? 4 : 0) > decoded_end) goto
invalid_size;
+ decoded[0] = state[0]->iSamp2&0xFF;
+ decoded[1] = state[0]->iSamp2>>8;
+ decoded += 2;
+@@ -195,6 +199,9 @@ static int MS_ADPCM_decode(Uint8 **audio
+ samplesleft = (MS_ADPCM_state.wSamplesPerBlock-2)*
+ MS_ADPCM_state.wavefmt.channels;
+ while ( samplesleft > 0 ) {
++ if (encoded + 1 > encoded_end) goto invalid_size;
++ if (decoded + 4 > decoded_end) goto invalid_size;
++
+ nybble = (*encoded)>>4;
+ new_sample = MS_ADPCM_nibble(state[0],nybble,coeff[0]);
+ decoded[0] = new_sample&0xFF;
+@@ -216,6 +223,10 @@ static int MS_ADPCM_decode(Uint8 **audio
+ }
+ SDL_free(freeable);
+ return(0);
++invalid_size:
++ SDL_SetError("Unexpected chunk length for a MS ADPCM decoder");
++ SDL_free(freeable);
++ return(-1);
+ }
+
+ struct IMA_ADPCM_decodestate {
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7577-1_2.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7577-1_2.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7577-1_2.patch
1970-01-01 02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7577-1_2.patch
2021-02-18 09:49:00.000000000 +0200
@@ -0,0 +1,32 @@
+Description: CVE-2019-7577
+ a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
+
+---
+Author: Abhijith PA <abhij...@debian.org>
+Origin: https://bugzilla.libsdl.org/attachment.cgi?id=3694
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
+Last-Update: 2019-03-13
+
+--- libsdl1.2-1.2.15.orig/src/audio/SDL_wave.c
++++ libsdl1.2-1.2.15/src/audio/SDL_wave.c
+@@ -155,6 +155,9 @@ static int MS_ADPCM_decode(Uint8 **audio
+ if ( stereo ) {
+ state[1]->hPredictor = *encoded++;
+ }
++ if (state[0]->hPredictor >= 7 || state[1]->hPredictor >= 7) {
++ goto invalid_predictor;
++ }
+ state[0]->iDelta = ((encoded[1]<<8)|encoded[0]);
+ encoded += sizeof(Sint16);
+ if ( stereo ) {
+@@ -227,6 +230,10 @@ invalid_size:
+ SDL_SetError("Unexpected chunk length for a MS ADPCM decoder");
+ SDL_free(freeable);
+ return(-1);
++invalid_predictor:
++ SDL_SetError("Invalid predictor value for a MS ADPCM decoder");
++ SDL_free(freeable);
++ return(-1);
+ }
+
+ struct IMA_ADPCM_decodestate {
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7578.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7578.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7578.patch 1970-01-01
02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7578.patch 2021-02-18
09:49:00.000000000 +0200
@@ -0,0 +1,53 @@
+Description: CVE-2019-7578
+
+ If IMA ADPCM format chunk was too short, InitIMA_ADPCM() parsing it
+ could read past the end of chunk data. This patch fixes it.
+---
+Author: Abhijith PA <abhij...@debian.org>
+Origin: https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3623
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
+Last-Update: 2019-03-05
+
+--- libsdl1.2-1.2.15.orig/src/audio/SDL_wave.c
++++ libsdl1.2-1.2.15/src/audio/SDL_wave.c
+@@ -240,11 +240,12 @@ static struct IMA_ADPCM_decoder {
+ struct IMA_ADPCM_decodestate state[2];
+ } IMA_ADPCM_state;
+
+-static int InitIMA_ADPCM(WaveFMT *format)
++static int InitIMA_ADPCM(WaveFMT *format, int length)
+ {
+- Uint8 *rogue_feel;
++ Uint8 *rogue_feel, *rogue_feel_end;
+
+ /* Set the rogue pointer to the IMA_ADPCM specific data */
++ if (length < sizeof(*format)) goto too_short;
+ IMA_ADPCM_state.wavefmt.encoding = SDL_SwapLE16(format->encoding);
+ IMA_ADPCM_state.wavefmt.channels = SDL_SwapLE16(format->channels);
+ IMA_ADPCM_state.wavefmt.frequency = SDL_SwapLE32(format->frequency);
+@@ -253,11 +254,16 @@ static int InitIMA_ADPCM(WaveFMT *format
+ IMA_ADPCM_state.wavefmt.bitspersample =
+ SDL_SwapLE16(format->bitspersample);
+ rogue_feel = (Uint8 *)format+sizeof(*format);
++ rogue_feel_end = (Uint8 *)format + length;
+ if ( sizeof(*format) == 16 ) {
+ rogue_feel += sizeof(Uint16);
+ }
++ if (rogue_feel + 2 > rogue_feel_end) goto too_short;
+ IMA_ADPCM_state.wSamplesPerBlock = ((rogue_feel[1]<<8)|rogue_feel[0]);
+ return(0);
++too_short:
++ SDL_SetError("Unexpected length of a chunk with an IMA ADPCM format");
++ return(-1);
+ }
+
+ static Sint32 IMA_ADPCM_nibble(struct IMA_ADPCM_decodestate *state,Uint8
nybble)
+@@ -500,7 +506,7 @@ SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWop
+ break;
+ case IMA_ADPCM_CODE:
+ /* Try to understand this */
+- if ( InitIMA_ADPCM(format) < 0 ) {
++ if ( InitIMA_ADPCM(format, lenread) < 0 ) {
+ was_error = 1;
+ goto done;
+ }
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7635_636_638.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7635_636_638.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7635_636_638.patch
1970-01-01 02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7635_636_638.patch
2021-02-18 09:49:00.000000000 +0200
@@ -0,0 +1,81 @@
+Description: CVE-2019-7635_CVE-2019-7636, CVE-2019-7638
+ CVE-2019-7635
+a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c
+ CVE-2019-7636
+a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c
+ CVE-2019-7638
+buffer overwrite when the SDL_LoadBMP_RW()
+loads colors from a file.
+
+---
+Author: Abhijith PA <abhij...@debian.org>
+Origin: https://bugzilla.libsdl.org/attachment.cgi?id=3637
+ https://bugzilla.libsdl.org/attachment.cgi?id=3645
+ https://hg.libsdl.org/SDL/rev/19d8c3b9c251
+
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
+ https://bugzilla.libsdl.org/show_bug.cgi?id=4498
+ https://bugzilla.libsdl.org/show_bug.cgi?id=4500
+Last-Update: 2019-03-08
+
+Index: libsdl1.2-1.2.15/src/video/SDL_bmp.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/SDL_bmp.c
++++ libsdl1.2-1.2.15/src/video/SDL_bmp.c
+@@ -163,6 +163,14 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops
+ ExpandBMP = biBitCount;
+ biBitCount = 8;
+ break;
++ case 2:
++ case 3:
++ case 5:
++ case 6:
++ case 7:
++ SDL_SetError("%d-bpp BMP images are not supported",
biBitCount);
++ was_error = SDL_TRUE;
++ goto done;
+ default:
+ ExpandBMP = 0;
+ break;
+@@ -233,6 +241,10 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops
+ if ( palette ) {
+ if ( biClrUsed == 0 ) {
+ biClrUsed = 1 << biBitCount;
++ } else if ( biClrUsed > (1 << biBitCount) ) {
++ SDL_SetError("BMP file has an invalid number of
colors");
++ was_error = SDL_TRUE;
++ goto done;
+ }
+ if ( biSize == 12 ) {
+ for ( i = 0; i < (int)biClrUsed; ++i ) {
+@@ -296,6 +308,12 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops
+ }
+ *(bits+i) = (pixel>>shift);
+ pixel <<= ExpandBMP;
++ if ( bits[i] >= biClrUsed ) {
++ SDL_SetError(
++ "A BMP image contains a pixel
with a color out of the palette");
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ } }
+ break;
+
+@@ -306,6 +324,17 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops
+ was_error = SDL_TRUE;
+ goto done;
+ }
++
++ if ( 8 == biBitCount && palette && biClrUsed < (1 <<
biBitCount ) ) {
++ for ( i=0; i<surface->w; ++i ) {
++ if ( bits[i] >= biClrUsed ) {
++ SDL_SetError(
++ "A BMP image contains a
pixel with a color out of the palette");
++ was_error = SDL_TRUE;
++ goto done;
++ }
++ }
++ }
+ #if SDL_BYTEORDER == SDL_BIG_ENDIAN
+ /* Byte-swap the pixels if needed. Note that the 24bpp
+ case has already been taken care of above. */
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-2.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-2.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-2.patch 1970-01-01
02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637-2.patch 2021-02-18
09:49:00.000000000 +0200
@@ -0,0 +1,46 @@
+# HG changeset patch
+# User Ozkan Sezer <seze...@gmail.com>
+# Date 1564695305 -10800
+# Node ID 32075e9e2135b4a244d13c8be9bb5e5c2ae554ec
+# Parent 37d0eba8fa178404c8128850c26a06d47a2b75de
+fix copy+paste mistakes in commit 9b0e5c555c0f (CVE-2019-7637 fix):
+
+http://hg.libsdl.org/SDL/rev/9b0e5c555c0f made copy+paste mistakes which
+resulted in windows versions failing to set video mode.
+
+diff -r 37d0eba8fa17 -r 32075e9e2135 src/video/gapi/SDL_gapivideo.c
+--- a/src/video/gapi/SDL_gapivideo.c Wed Jul 31 23:50:10 2019 +0300
++++ b/src/video/gapi/SDL_gapivideo.c Fri Aug 02 00:35:05 2019 +0300
+@@ -733,7 +733,7 @@
+ video->w = gapi->w = width;
+ video->h = gapi->h = height;
+ video->pitch = SDL_CalculatePitch(video);
+- if (!current->pitch) {
++ if (!video->pitch) {
+ return(NULL);
+ }
+
+diff -r 37d0eba8fa17 -r 32075e9e2135 src/video/windib/SDL_dibvideo.c
+--- a/src/video/windib/SDL_dibvideo.c Wed Jul 31 23:50:10 2019 +0300
++++ b/src/video/windib/SDL_dibvideo.c Fri Aug 02 00:35:05 2019 +0300
+@@ -675,7 +675,7 @@
+ video->w = width;
+ video->h = height;
+ video->pitch = SDL_CalculatePitch(video);
+- if (!current->pitch) {
++ if (!video->pitch) {
+ return(NULL);
+ }
+
+diff -r 37d0eba8fa17 -r 32075e9e2135 src/video/windx5/SDL_dx5video.c
+--- a/src/video/windx5/SDL_dx5video.c Wed Jul 31 23:50:10 2019 +0300
++++ b/src/video/windx5/SDL_dx5video.c Fri Aug 02 00:35:05 2019 +0300
+@@ -1127,7 +1127,7 @@
+ video->w = width;
+ video->h = height;
+ video->pitch = SDL_CalculatePitch(video);
+- if (!current->pitch) {
++ if (!video->pitch) {
+ return(NULL);
+ }
+
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637.patch 1970-01-01
02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/CVE-2019-7637.patch 2021-02-18
09:49:00.000000000 +0200
@@ -0,0 +1,207 @@
+From 66950da7432b1743e60bebf5bd7fa6108c6585f1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
+Date: Mon, 18 Feb 2019 13:53:16 +0100
+Subject: [PATCH] CVE-2019-7637: Fix in integer overflow in SDL_CalculatePitch
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If a too large width is passed to SDL_SetVideoMode() the width travels
+to SDL_CalculatePitch() where the width (e.g. 65535) is multiplied by
+BytesPerPixel (e.g. 4) and the result is stored into Uint16 pitch
+variable. During this arithmetics an integer overflow can happen (e.g.
+the value is clamped as 65532). As a result SDL_Surface with a pitch
+smaller than width * BytesPerPixel is created, too small pixel buffer
+is allocated and when the SDL_Surface is processed in SDL_FillRect()
+a buffer overflow occurs.
+
+This can be reproduced with "./graywin -width 21312312313123213213213"
+command.
+
+This patch fixes is by using a very careful arithmetics in
+SDL_CalculatePitch(). If an overflow is detected, an error is reported
+back as a special 0 value. We assume that 0-width surfaces do not
+occur in the wild. Since SDL_CalculatePitch() is a private function,
+we can change the semantics.
+
+CVE-2019-7637
+https://bugzilla.libsdl.org/show_bug.cgi?id=4497
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ src/video/SDL_pixels.c | 41 +++++++++++++++++++++++++++------
+ src/video/gapi/SDL_gapivideo.c | 3 +++
+ src/video/nanox/SDL_nxvideo.c | 4 ++++
+ src/video/ps2gs/SDL_gsvideo.c | 3 +++
+ src/video/ps3/SDL_ps3video.c | 3 +++
+ src/video/windib/SDL_dibvideo.c | 3 +++
+ src/video/windx5/SDL_dx5video.c | 3 +++
+ src/video/x11/SDL_x11video.c | 4 ++++
+ 8 files changed, 57 insertions(+), 7 deletions(-)
+
+Index: libsdl1.2-1.2.15/src/video/SDL_pixels.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/SDL_pixels.c
++++ libsdl1.2-1.2.15/src/video/SDL_pixels.c
+@@ -286,26 +286,54 @@ void SDL_DitherColors(SDL_Color *colors,
+ }
+ }
+ /*
+- * Calculate the pad-aligned scanline width of a surface
++ * Calculate the pad-aligned scanline width of a surface. Return 0 in case of
++ * an error.
+ */
+ Uint16 SDL_CalculatePitch(SDL_Surface *surface)
+ {
+- Uint16 pitch;
++ unsigned int pitch = 0;
+
+ /* Surface should be 4-byte aligned for speed */
+- pitch = surface->w*surface->format->BytesPerPixel;
++ /* The code tries to prevent from an Uint16 overflow. */;
++ Uint8 byte;
++ for (byte = surface->format->BytesPerPixel; byte; byte--) {
++ pitch += (unsigned int)surface->w;
++ if (pitch < surface->w) {
++ SDL_SetError("A scanline is too wide");
++ return(0);
++ }
++ }
+ switch (surface->format->BitsPerPixel) {
+ case 1:
+- pitch = (pitch+7)/8;
++ if (pitch % 8) {
++ pitch = pitch / 8 + 1;
++ } else {
++ pitch = pitch / 8;
++ }
+ break;
+ case 4:
+- pitch = (pitch+1)/2;
++ if (pitch % 2) {
++ pitch = pitch / 2 + 1;
++ } else {
++ pitch = pitch / 2;
++ }
+ break;
+ default:
+ break;
+ }
+- pitch = (pitch + 3) & ~3; /* 4-byte aligning */
+- return(pitch);
++ /* 4-byte aligning */
++ if (pitch & 3) {
++ if (pitch + 3 < pitch) {
++ SDL_SetError("A scanline is too wide");
++ return(0);
++ }
++ pitch = (pitch + 3) & ~3;
++ }
++ if (pitch > 0xFFFF) {
++ SDL_SetError("A scanline is too wide");
++ return(0);
++ }
++ return((Uint16)pitch);
+ }
+ /*
+ * Match an RGB value to a particular palette index
+Index: libsdl1.2-1.2.15/src/video/gapi/SDL_gapivideo.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/gapi/SDL_gapivideo.c
++++ libsdl1.2-1.2.15/src/video/gapi/SDL_gapivideo.c
+@@ -733,6 +733,9 @@ SDL_Surface *GAPI_SetVideoMode(_THIS, SD
+ video->w = gapi->w = width;
+ video->h = gapi->h = height;
+ video->pitch = SDL_CalculatePitch(video);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ /* Small fix for WinCE/Win32 - when activating window
+ SDL_VideoSurface is equal to zero, so activating code
+Index: libsdl1.2-1.2.15/src/video/nanox/SDL_nxvideo.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/nanox/SDL_nxvideo.c
++++ libsdl1.2-1.2.15/src/video/nanox/SDL_nxvideo.c
+@@ -378,6 +378,10 @@ SDL_Surface * NX_SetVideoMode (_THIS, SD
+ current -> w = width ;
+ current -> h = height ;
+ current -> pitch = SDL_CalculatePitch (current) ;
++ if (!current->pitch) {
++ current = NULL;
++ goto done;
++ }
+ NX_ResizeImage (this, current, flags) ;
+ }
+
+Index: libsdl1.2-1.2.15/src/video/ps2gs/SDL_gsvideo.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/ps2gs/SDL_gsvideo.c
++++ libsdl1.2-1.2.15/src/video/ps2gs/SDL_gsvideo.c
+@@ -479,6 +479,9 @@ static SDL_Surface *GS_SetVideoMode(_THI
+ current->w = width;
+ current->h = height;
+ current->pitch = SDL_CalculatePitch(current);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ /* Memory map the DMA area for block memory transfer */
+ if ( ! mapped_mem ) {
+Index: libsdl1.2-1.2.15/src/video/ps3/SDL_ps3video.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/ps3/SDL_ps3video.c
++++ libsdl1.2-1.2.15/src/video/ps3/SDL_ps3video.c
+@@ -339,6 +339,9 @@ static SDL_Surface *PS3_SetVideoMode(_TH
+ current->w = width;
+ current->h = height;
+ current->pitch = SDL_CalculatePitch(current);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ /* Alloc aligned mem for current->pixels */
+ s_pixels = memalign(16, current->h * current->pitch);
+Index: libsdl1.2-1.2.15/src/video/windib/SDL_dibvideo.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/windib/SDL_dibvideo.c
++++ libsdl1.2-1.2.15/src/video/windib/SDL_dibvideo.c
+@@ -675,6 +675,9 @@ SDL_Surface *DIB_SetVideoMode(_THIS, SDL
+ video->w = width;
+ video->h = height;
+ video->pitch = SDL_CalculatePitch(video);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ /* Small fix for WinCE/Win32 - when activating window
+ SDL_VideoSurface is equal to zero, so activating code
+Index: libsdl1.2-1.2.15/src/video/windx5/SDL_dx5video.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/windx5/SDL_dx5video.c
++++ libsdl1.2-1.2.15/src/video/windx5/SDL_dx5video.c
+@@ -1127,6 +1127,9 @@ SDL_Surface *DX5_SetVideoMode(_THIS, SDL
+ video->w = width;
+ video->h = height;
+ video->pitch = SDL_CalculatePitch(video);
++ if (!current->pitch) {
++ return(NULL);
++ }
+
+ #ifndef NO_CHANGEDISPLAYSETTINGS
+ /* Set fullscreen mode if appropriate.
+Index: libsdl1.2-1.2.15/src/video/x11/SDL_x11video.c
+===================================================================
+--- libsdl1.2-1.2.15.orig/src/video/x11/SDL_x11video.c
++++ libsdl1.2-1.2.15/src/video/x11/SDL_x11video.c
+@@ -1216,6 +1216,10 @@ SDL_Surface *X11_SetVideoMode(_THIS, SDL
+ current->w = width;
+ current->h = height;
+ current->pitch = SDL_CalculatePitch(current);
++ if (!current->pitch) {
++ current = NULL;
++ goto done;
++ }
+ if (X11_ResizeImage(this, current, flags) < 0) {
+ current = NULL;
+ goto done;
diff -Nru
libsdl1.2-1.2.15+dfsg2/debian/patches/properly_handle_focus_events.patch
libsdl1.2-1.2.15+dfsg2/debian/patches/properly_handle_focus_events.patch
--- libsdl1.2-1.2.15+dfsg2/debian/patches/properly_handle_focus_events.patch
1970-01-01 02:00:00.000000000 +0200
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/properly_handle_focus_events.patch
2021-02-18 09:52:41.000000000 +0200
@@ -0,0 +1,44 @@
+Description: SDL_x11events.c: properly handle input focus events
+ The Xorg xserver changed to send focus events on grab changes in [1]. This
+ patch backports upstream changes [2] and [3] from libsdl2 to libsdl1.2 to
+ properly handle (ignore) those events. Without this patch the focus events
+ will interfere with keyboard handling and cause e.g. sudden stop in games
+ while the forward key is still being pressed.
+ .
+ [1]
https://cgit.freedesktop.org/xorg/xserver/commit/?id=c67f2eac56518163981af59f5accb7c79bc00f6a
+ [2] https://hg.libsdl.org/SDL/rev/a1c4c17410e8
+ [3] https://hg.libsdl.org/SDL/rev/764129077d18
+Author: Maximilian Engelhardt <m...@daemonizer.de>
+Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=5426
+Bug-Debian: https://bugs.debian.org/980253
+Applied-Upstream: https://hg.libsdl.org/SDL/rev/336bcaa9432c
+--- a/src/video/x11/SDL_x11events.c
++++ b/src/video/x11/SDL_x11events.c
+@@ -457,6 +457,13 @@
+
+ /* Gaining input focus? */
+ case FocusIn: {
++ if (xevent.xfocus.mode == NotifyGrab || xevent.xfocus.mode ==
NotifyUngrab) {
++ /* Someone is handling a global hotkey, ignore it */
++#ifdef DEBUG_XEVENTS
++ printf("FocusIn (NotifyGrab/NotifyUngrab, ignoring)\n");
++#endif
++ break;
++ }
+ #ifdef DEBUG_XEVENTS
+ printf("FocusIn!\n");
+ #endif
+@@ -475,6 +482,13 @@
+
+ /* Losing input focus? */
+ case FocusOut: {
++ if (xevent.xfocus.mode == NotifyGrab || xevent.xfocus.mode ==
NotifyUngrab) {
++ /* Someone is handling a global hotkey, ignore it */
++#ifdef DEBUG_XEVENTS
++ printf("FocusOut (NotifyGrab/NotifyUngrab, ignoring)\n");
++#endif
++ break;
++ }
+ #ifdef DEBUG_XEVENTS
+ printf("FocusOut!\n");
+ #endif
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/patches/series
libsdl1.2-1.2.15+dfsg2/debian/patches/series
--- libsdl1.2-1.2.15+dfsg2/debian/patches/series 2018-10-19
20:57:31.000000000 +0300
+++ libsdl1.2-1.2.15+dfsg2/debian/patches/series 2021-02-18
09:52:41.000000000 +0200
@@ -7,3 +7,13 @@
sdl-check-for-SDL_VIDEO_X11_BACKINGSTORE.patch
avoid_maybe_non-DFSG_file.patch
SDL-1.2.15-vec_perm-ppc64le.patch
+CVE-2019-7572_CVE-2019-7574.patch
+CVE-2019-7573.patch
+CVE-2019-7575_7577.patch
+CVE-2019-7578.patch
+CVE-2019-7635_636_638.patch
+CVE-2019-7637.patch
+CVE-2019-7637-2.patch
+CVE-2019-7577-1_2.patch
+CVE-2019-13616.patch
+properly_handle_focus_events.patch
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/upstream/signing-key.asc
libsdl1.2-1.2.15+dfsg2/debian/upstream/signing-key.asc
--- libsdl1.2-1.2.15+dfsg2/debian/upstream/signing-key.asc 2018-10-19
20:57:31.000000000 +0300
+++ libsdl1.2-1.2.15+dfsg2/debian/upstream/signing-key.asc 2021-02-18
09:49:00.000000000 +0200
@@ -1,5 +1,4 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1
mQGiBDpWOb0RBADQwd3d9mzt6KzqlsgXf9mikBuMbpKzYs1SBKYpdzUs9sRY0CnH
vCQTrL5sI57yKLnqEl6SbIiE75ZwrSWwvUDFFTh35Jew5nPZwv64en2kw2y4qrnJ
@@ -11,50 +10,14 @@
QMVuM883LPE59btNzFTAZjlzzIMiaXf5h9EkDARTGQ1wFiO3V5vIbVLh4kAoNfpT
egy7bYn3UrlbKg3V2DbCdEXm1zQufZzK7T0yenA5Ps8xXX7mNrQhU2FtIExhbnRp
bmdhIDxzbG91a2VuQGxpYnNkbC5vcmc+iFcEExECABcFAjpWOb0FCwcKAwQDFQMC
-AxYCAQIXgAAKCRAwpZN3p3Y75t9RAJ48WI+nOPes0WK7t381Ij4JfSYxWQCgjpMa
-Dg3/ah23HZhYtTKtHUzD9ziIRgQQEQIABgUCOoivfAAKCRAAUOX6oWT9DUfdAJ98
-VF1sQJzLBlnEaxwShI7kiJhu0gCgi6RmNv7uvdWcFrx44bIQW6PmeSWIRgQQEQIA
-BgUCOqpvNwAKCRBFGL4/Itst46hqAJ9bnBc6ITeOHrHMpe3GqQ82phQvIQCeL+rF
-bvxq0Zkymxzvpo6f0PQRXoOIRgQQEQIABgUCOsmb0QAKCRDsNH1Owq8moK5WAJwL
-Rg3R4hST2QNQo55DeSSrVdOGkgCfXb2L6H/9lHv6fuEiHS0QI7ZntuiIRgQQEQIA
-BgUCOy1cOAAKCRCWH0qNRXUpuvz8AKDN6Fq5lxOKpKvHvW47D2JbElIgnQCgjLKm
-AsI+jIl61AkGx4QUx2W2jz2IRgQQEQIABgUCPuDQVQAKCRCHKI2OXqAN77RsAKDD
-R0ZHqyC5F+q0kwAko/Sah6UQ5ACg23xKp8AQn5okh+JdV1bTg+fiMk6IRgQQEQIA
-BgUCSD7jIQAKCRCEaROH9mEvTubsAJ9xaD1kfgRr9V1mm8rKfcV/C5czOACgjs/s
-xHvBK0pZhYeMOzCTC8f98VSIRgQSEQIABgUCQYTQkwAKCRBZmXci2GQ9aTkYAJwK
-djDIIkXr0324uhSwMl167EaYQgCfTSn6/HDaS7c7G5I+iLrd6K3EKsuIVwQTEQIA
-FwUCOlY5vQULBwoDBAMVAwIDFgIBAheAAAoJEDClk3endjvm31EAnj+2HLP9MN0j
-cKu4rCzMXZG4dlh4AJwNLRbvQk14n6OED1rmPbbQrd3ds4kBHAQQAQIABgUCUSlA
-SwAKCRC8igP+iWp3vvORB/40VfgODA2qXRFJ9ws4i5QBcF84lPnecxWP89tOd2SG
-VrT4Ttq3fukRr02bnfooC8pEsd/q9Dpl0x5RR1LXL0IQI7RBB63DmrIwUkWRit2J
-+yAjN+8ajujv/Yja3GCVOz+gCOFrlBRgudrevS7L/2pkVrG706GHTvDF3mflrnP4
-JOmGLQmQi2iS5lmvfrt735+2WhWgLLyvjLwQ/FmYMPeIBwxt1f7/QQpVFGBR+Xi1
-RTQ9AYxPYA3dkZNAQJaeMoQOxGHZg4T6ORx9YdQD0kJWVQNxDvJ868co3BxX7e64
-EZrV0wqUy9ZeioxvESV/BS8i+HJ0AOmTqCIKsmHqZ3BgiQEcBBMBAgAGBQJA4Dg8
-AAoJEAuerLG7Symnm/YH/28kPjtCBCOdH/+K7eDE3LGRczXfG1y858cUUyXuofQo
-42O2u/RUHd6305ZtAKTBDwL8Iz6srLokhbeBvc6QalbrfOZ51W7K2s9lUf4D3N7r
-sAdNH7hH+S4jRTrjpobLepA/8CtNH/6gaX2Xx65lIiUpe/jVys91w4vKGnbBwegD
-UZ4BeoA2cGpDih5GT8gnNGIN9fv1ku2IW/v4/7j/TXu1ZzklsTeYNzMp01cXqpFc
-ObOhcpEVfwfwdNgF2HyoK/beuTILaN369L3QTR+2DXz2I10fAYUi4FmaC+tnuTcQ
-UR1nVZupKK+DW3COb9J8CT7hGyYyab1SpPtHpmooLYOJAhwEEAECAAYFAklzvZAA
-CgkQ9XofcAgkdty08Q/+MXVyhq/vrOt5u54JInoDIajHNE9h3cWvWV43emx364J0
-cN46glkhCRjVgUsFEk3kHGQgc+Qmix0vGn1aEgqso6yL9OVNUX+8z6WoOFuyQslI
-VDA5XPTkAZ3iVemZqvTw1LlquR+/XbRER2Qtg4tPI5kBPMPUl5hb4bKiHPnUFb6j
-tLvP3yDa2Uab9eEwXZkCKg4jjKiayk1RqcHQ2h9jL9BymyxY5S4OpbO/8Hw9OOgp
-Pm7+cqbshqO7s9cjQ6FK4oPKS6qY8MDVog1fJbePB5aQtC9szWIXTZIn/7CTYinY
-S7o7J53ZdUw4aeNdzI+p7NiJ75RXDQ++UpiPEG5SPP5eBFTxMzqGG0/ePlXUgihP
-nFvqdVAxFphm67FWzVIpKWKn1io6A1fc7ozKUMuOmbO7DwnyLmYyme33Zw2WUrr4
-lKJomp7cmz+r3byrFAinPY7erhuuHWKIHdibdTjGNUZG5Rp9r3Y2Fjdxw+StJdE9
-q2T2esWXIWoc9vOdJvjmM0b8C3Yx3f6T46pnXbusM9p4xlSQ0KkVYZdk3CR0MFvr
-YLYzxCAp/6M95UKvFCPhgWUuKyLQWfxVtIfVmbImGT4+1rJaJ7VcaD2gYDqD4PSo
-LaZWm1Z9YJlC2GMMLbi53pU+ur+oSWjm/gT1QmplQENbF4UXcb2/CnN3IeuHK+K5
-AQ0EOlY5wxAEAPvjB0B5RNAj8hBF/Lq78w5rJ1/f5RqWXmdfxApuEE/9OEFXUSUX
-ms9f/IWvySdyf48Pk4t2h8b8i7F0f3R+tcCp6m0Pt1BSNHYumfmtonTy5FHqpwBV
-lEi7I0s5mD3kxO+k8PQbATHH5smFnoz2UTc+MzQjUdtTzXUkUgqvf9zTAAMGA/9Y
-/h6rhi3YYXeI6SmbXqcmzsQKzaWVhLew67szejnYsKIJ1ja4MefYlthCXgmIBriN
-ftxIGtBI0Pcmzwpn0eknRNK6NgpmESbGKCWh59JeiAK5hdBPe47LSFVct5zSO9vQ
-hRDyLzhzPPtB3XeoKTUkLWxBSLbeZVwcHPIK/wLal4hGBBgRAgAGBQI6VjnDAAoJ
-EDClk3endjvmxmUAn3Ne6Z3UULpie8RJP15RBt6K2MWFAJ9hK/Ls/FeBJ9d50qxm
-YdZ2RrTXNg==
-=59LX
+AxYCAQIXgAAKCRAwpZN3p3Y75t9RAJ4/thyz/TDdI3CruKwszF2RuHZYeACcDS0W
+70JNeJ+jhA9a5j220K3d3bO5AQ0EOlY5wxAEAPvjB0B5RNAj8hBF/Lq78w5rJ1/f
+5RqWXmdfxApuEE/9OEFXUSUXms9f/IWvySdyf48Pk4t2h8b8i7F0f3R+tcCp6m0P
+t1BSNHYumfmtonTy5FHqpwBVlEi7I0s5mD3kxO+k8PQbATHH5smFnoz2UTc+MzQj
+UdtTzXUkUgqvf9zTAAMGA/9Y/h6rhi3YYXeI6SmbXqcmzsQKzaWVhLew67szejnY
+sKIJ1ja4MefYlthCXgmIBriNftxIGtBI0Pcmzwpn0eknRNK6NgpmESbGKCWh59Je
+iAK5hdBPe47LSFVct5zSO9vQhRDyLzhzPPtB3XeoKTUkLWxBSLbeZVwcHPIK/wLa
+l4hGBBgRAgAGBQI6VjnDAAoJEDClk3endjvmxmUAn3Ne6Z3UULpie8RJP15RBt6K
+2MWFAJ9hK/Ls/FeBJ9d50qxmYdZ2RrTXNg==
+=UAuY
-----END PGP PUBLIC KEY BLOCK-----
