Hello community, here is the log from the commit of package SDL2 for openSUSE:Factory checked in at 2019-09-05 12:33:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SDL2 (Old) and /work/SRC/openSUSE:Factory/.SDL2.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "SDL2" Thu Sep 5 12:33:11 2019 rev:26 rq:725546 version:2.0.10 Changes: -------- --- /work/SRC/openSUSE:Factory/SDL2/SDL2.changes 2018-11-12 09:48:53.580512695 +0100 +++ /work/SRC/openSUSE:Factory/.SDL2.new.7948/SDL2.changes 2019-09-05 12:33:13.455586174 +0200 @@ -1,0 +2,62 @@ +Fri Aug 23 11:19:59 UTC 2019 - Jan Engelhardt <[email protected]> + +- Update sdl2-symvers.patch for SDL 2.0.9/2.0.10. + +------------------------------------------------------------------- +Thu Aug 22 16:43:13 UTC 2019 - Michael Gorse <[email protected]> + +- Add CVE-2019-13616.patch: fix heap buffer overflow when reading + a crafted bmp file (boo#1141844 CVE-2019-13616). + +------------------------------------------------------------------- +Sun Aug 11 04:29:55 UTC 2019 - Jan Engelhardt <[email protected]> + +- Drop libSDL2main.a from libSDL-2_0-devel. It is only used + during build. + +------------------------------------------------------------------- +Wed Jul 31 08:47:44 UTC 2019 - Martin Liška <[email protected]> + +- Use FAT LTO objects in order to provide proper static library. + +------------------------------------------------------------------- +Fri Jul 26 07:44:39 UTC 2019 - Luigi Baldoni <[email protected]> + +- Update to version 2.0.10 + * The SDL_RW* macros have been turned into functions that are + available only in 2.0.10 and onward + * Added SDL_SIMDGetAlignment(), SDL_SIMDAlloc(), and + SDL_SIMDFree(), to allocate memory aligned for SIMD + operations for the current CPU + * Added SDL_RenderDrawPointF(), SDL_RenderDrawPointsF(), + SDL_RenderDrawLineF(), SDL_RenderDrawLinesF(), + SDL_RenderDrawRectF(), SDL_RenderDrawRectsF(), + SDL_RenderFillRectF(), SDL_RenderFillRectsF(), + SDL_RenderCopyF(), SDL_RenderCopyExF(), to allow floating + point precision in the SDL rendering API. + * Added SDL_GetTouchDeviceType() to get the type of a touch + device, which can be a touch screen or a trackpad in relative + or absolute coordinate mode. + * The SDL rendering API now uses batched rendering by default, + for improved performance + * Added SDL_RenderFlush() to force batched render commands to + execute, if you're going to mix SDL rendering with native + rendering + * Added the hint SDL_HINT_RENDER_BATCHING to control whether + batching should be used for the rendering API. This defaults + to "1" if you don't specify what rendering driver to use when + creating the renderer. + * Added the hint SDL_HINT_EVENT_LOGGING to enable logging of + SDL events for debugging purposes + * Added the hint SDL_HINT_GAMECONTROLLERCONFIG_FILE to specify + a file that will be loaded at joystick initialization with + game controller bindings + * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control + whether SDL will synthesize touch events from mouse events + * Improved handling of malformed WAVE and BMP files, fixing + potential security exploits (boo#1142031 CVE-2019-13626) + * Removed the Mir video driver in favor of Wayland + +- Refreshed sdl2-symvers.patch + +------------------------------------------------------------------- Old: ---- SDL2-2.0.9.tar.gz SDL2-2.0.9.tar.gz.sig New: ---- CVE-2019-13616.patch SDL2-2.0.10.tar.gz SDL2-2.0.10.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SDL2.spec ++++++ --- /var/tmp/diff_new_pack.xI5TiJ/_old 2019-09-05 12:33:14.155586037 +0200 +++ /var/tmp/diff_new_pack.xI5TiJ/_new 2019-09-05 12:33:14.155586037 +0200 @@ -1,7 +1,7 @@ # # spec file for package SDL2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,9 +16,10 @@ # +%define sle_version 0 Name: SDL2 %define lname libSDL2-2_0-0 -Version: 2.0.9 +Version: 2.0.10 Release: 0 Summary: Simple DirectMedia Layer Library License: Zlib @@ -32,6 +33,7 @@ Source4: baselibs.conf Patch1: sdl2-symvers.patch Patch2: SDL2-endian.patch +Patch3: CVE-2019-13616.patch BuildRequires: cmake BuildRequires: dos2unix BuildRequires: gcc-c++ @@ -108,8 +110,7 @@ library. %prep -%setup -q -%patch -P 1 -P 2 -p1 +%autosetup -p1 dos2unix WhatsNew.txt dos2unix TODO.txt dos2unix BUGS.txt @@ -119,6 +120,7 @@ dos2unix COPYING.txt %build +%global _lto_cflags %{_lto_cflags} -ffat-lto-objects # In this instance, we do want --with-pic because of libSDL2main.a. %configure --with-pic --disable-alsa-shared --disable-video-directfb \ --enable-video-kmsdrm --enable-video-wayland \ @@ -128,17 +130,15 @@ %ifarch ix86 --enable-sse2=no \ %endif - --enable-sse3=no \ - --disable-rpath \ - --disable-3dnow + --enable-sse3=no --disable-rpath --disable-3dnow make %{?_smp_mflags} V=1 %install -make install DESTDIR="%buildroot" +%make_install rm -f "%buildroot/%_libdir"/*.la # We do not want static libs, but using --disable-static leads to make aborting -# halfway through. SDL2main.a we need to keep(?) for the stub symbol. -find "%buildroot/%_libdir" -type f -name "*.a" ! -name "libSDL2main.a" -delete +# halfway through %%build. Now it can be removed though. +rm -f "%buildroot/%_libdir/"*.a %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig @@ -152,7 +152,6 @@ %doc TODO.txt WhatsNew.txt %_bindir/sdl2-config %_libdir/libSDL2.so -%_libdir/libSDL2main.a %_includedir/SDL2/ %_datadir/aclocal/sdl2.m4 %_libdir/pkgconfig/sdl2.pc ++++++ CVE-2019-13616.patch ++++++ diff -r b810b78d32cc -r e7ba650a643a src/video/SDL_bmp.c --- a/src/video/SDL_bmp.c Thu Jul 25 08:05:13 2019 -0500 +++ b/src/video/SDL_bmp.c Tue Jul 30 11:00:00 2019 -0700 @@ -226,6 +226,11 @@ SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR); } } + if (biWidth <= 0 || biHeight == 0) { + SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); + was_error = SDL_TRUE; + goto done; + } if (biHeight < 0) { topDown = SDL_TRUE; biHeight = -biHeight; ++++++ SDL2-2.0.9.tar.gz -> SDL2-2.0.10.tar.gz ++++++ ++++ 136415 lines of diff (skipped) ++++++ sdl2-symvers.patch ++++++ --- /var/tmp/diff_new_pack.xI5TiJ/_old 2019-09-05 12:33:15.475585778 +0200 +++ /var/tmp/diff_new_pack.xI5TiJ/_new 2019-09-05 12:33:15.475585778 +0200 @@ -4,28 +4,28 @@ Scrape the SDL announcements since 2.0.3 (version in Leap 42.3) and add some symvers so that zypper knows when to upgrade SDL. --- - Makefile.in | 2 - - sdl2.sym | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 69 insertions(+), 1 deletion(-) + Makefile.in | 2 + sdl2.sym | 124 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 125 insertions(+), 1 deletion(-) -Index: SDL2-2.0.8/Makefile.in +Index: SDL2-2.0.10/Makefile.in =================================================================== ---- SDL2-2.0.8.orig/Makefile.in -+++ SDL2-2.0.8/Makefile.in -@@ -122,7 +122,7 @@ LT_AGE = @LT_AGE@ +--- SDL2-2.0.10.orig/Makefile.in ++++ SDL2-2.0.10/Makefile.in +@@ -125,7 +125,7 @@ LT_AGE = @LT_AGE@ LT_CURRENT = @LT_CURRENT@ LT_RELEASE = @LT_RELEASE@ LT_REVISION = @LT_REVISION@ -LT_LDFLAGS = -no-undefined -rpath $(libdir) -release $(LT_RELEASE) -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) +LT_LDFLAGS = -no-undefined -rpath $(libdir) -release $(LT_RELEASE) -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) -Wl,--version-script=sdl2.sym - all: $(srcdir)/configure Makefile $(objects) $(objects)/$(TARGET) $(objects)/$(SDLMAIN_TARGET) $(objects)/$(SDLTEST_TARGET) + all: $(srcdir)/configure Makefile $(objects)/$(TARGET) $(objects)/$(SDLMAIN_TARGET) $(objects)/$(SDLTEST_TARGET) -Index: SDL2-2.0.8/sdl2.sym +Index: SDL2-2.0.10/sdl2.sym =================================================================== --- /dev/null -+++ SDL2-2.0.8/sdl2.sym -@@ -0,0 +1,68 @@ ++++ SDL2-2.0.10/sdl2.sym +@@ -0,0 +1,124 @@ +SUSE_2.0.5 { +global: + SDL_DequeueAudio; @@ -94,3 +94,59 @@ + SDL_SetYUVConversionMode; + SDL_GetYUVConversionMode; +} SUSE_2.0.7; ++SUSE_2.0.9 { ++global: ++ SDL_CreateThreadWithStackSize; ++ SDL_GameControllerGetPlayerIndex; ++ SDL_GameControllerMappingForDeviceIndex; ++ SDL_GameControllerRumble; ++ SDL_GetDisplayOrientation; ++ SDL_HasAVX512F; ++ SDL_HasColorKey; ++ SDL_IsTablet; ++ SDL_JoystickGetDevicePlayerIndex; ++ SDL_JoystickGetPlayerIndex; ++ SDL_JoystickRumble; ++ SDL_LinuxSetThreadPriority; ++ SDL_NumSensors; ++ SDL_SensorClose; ++ SDL_SensorFromInstanceID; ++ SDL_SensorGetData; ++ SDL_SensorGetDeviceInstanceID; ++ SDL_SensorGetDeviceName; ++ SDL_SensorGetDeviceNonPortableType; ++ SDL_SensorGetDeviceType; ++ SDL_SensorGetInstanceID; ++ SDL_SensorGetName; ++ SDL_SensorGetNonPortableType; ++ SDL_SensorGetType; ++ SDL_SensorOpen; ++ SDL_SensorUpdate; ++ SDL_exp; ++ SDL_expf; ++ SDL_wcsdup; ++} SUSE_2.0.8; ++SUSE_2.0.10 { ++global: ++ SDL_GetTouchDeviceType; ++ SDL_RWclose; ++ SDL_RWread; ++ SDL_RWseek; ++ SDL_RWsize; ++ SDL_RWtell; ++ SDL_RWwrite; ++ SDL_RenderCopyExF; ++ SDL_RenderCopyF; ++ SDL_RenderDrawLineF; ++ SDL_RenderDrawLinesF; ++ SDL_RenderDrawPointF; ++ SDL_RenderDrawPointsF; ++ SDL_RenderDrawRectF; ++ SDL_RenderDrawRectsF; ++ SDL_RenderFillRectF; ++ SDL_RenderFillRectsF; ++ SDL_RenderFlush; ++ SDL_SIMDAlloc; ++ SDL_SIMDFree; ++ SDL_SIMDGetAlignment; ++} SUSE_2.0.9;
