From a10583e885741066c79d2b925d93c01fa9af324a70566ea15afb6379fb73cd79 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 11 Aug 2019 04:27:46 +0000 Subject: [PATCH 1/6] Accepting request 720005 from home:marxin:branches:games - Use FAT LTO objects in order to provide proper static library. OBS-URL: https://build.opensuse.org/request/show/720005 OBS-URL: https://build.opensuse.org/package/show/games/SDL2?expand=0&rev=86 --- SDL2.changes | 5 +++++ SDL2.spec | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/SDL2.changes b/SDL2.changes index 467ed8e..7a0b287 100644 --- a/SDL2.changes +++ b/SDL2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jul 31 08:47:44 UTC 2019 - Martin Liška + +- Use FAT LTO objects in order to provide proper static library. + ------------------------------------------------------------------- Sun Nov 4 14:10:15 UTC 2018 - Luigi Baldoni diff --git a/SDL2.spec b/SDL2.spec index 8b71dcc..536ccf2 100644 --- a/SDL2.spec +++ b/SDL2.spec @@ -1,7 +1,7 @@ # # spec file for package SDL2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -119,6 +119,7 @@ dos2unix CREDITS.txt dos2unix COPYING.txt %build +%global _lto_cflags %{_lto_cflags} -ffat-lto-objects # In this instance, we do want --with-pic because of libSDL2main.a. %configure --with-pic --disable-alsa-shared --disable-video-directfb \ --enable-video-kmsdrm --enable-video-wayland \ From 17367f413acc660454eee8f01e868c6adb18a31b7eca4b9d7df1930ece79c9c6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 11 Aug 2019 11:37:08 +0000 Subject: [PATCH 2/6] - Drop libSDL2main.a from libSDL-2_0-devel. It is only used during build. OBS-URL: https://build.opensuse.org/package/show/games/SDL2?expand=0&rev=87 --- SDL2.changes | 6 ++++++ SDL2.spec | 14 +++++--------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/SDL2.changes b/SDL2.changes index 7a0b287..bda47f2 100644 --- a/SDL2.changes +++ b/SDL2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sun Aug 11 04:29:55 UTC 2019 - Jan Engelhardt + +- Drop libSDL2main.a from libSDL-2_0-devel. It is only used + during build. + ------------------------------------------------------------------- Wed Jul 31 08:47:44 UTC 2019 - Martin Liška diff --git a/SDL2.spec b/SDL2.spec index 536ccf2..429047a 100644 --- a/SDL2.spec +++ b/SDL2.spec @@ -108,8 +108,7 @@ This package contains files needed for development with the SDL2 library. %prep -%setup -q -%patch -P 1 -P 2 -p1 +%autosetup -p1 dos2unix WhatsNew.txt dos2unix TODO.txt dos2unix BUGS.txt @@ -129,17 +128,15 @@ dos2unix COPYING.txt %ifarch ix86 --enable-sse2=no \ %endif - --enable-sse3=no \ - --disable-rpath \ - --disable-3dnow + --enable-sse3=no --disable-rpath --disable-3dnow make %{?_smp_mflags} V=1 %install -make install DESTDIR="%buildroot" +%make_install rm -f "%buildroot/%_libdir"/*.la # We do not want static libs, but using --disable-static leads to make aborting -# halfway through. SDL2main.a we need to keep(?) for the stub symbol. -find "%buildroot/%_libdir" -type f -name "*.a" ! -name "libSDL2main.a" -delete +# halfway through %%build. Now it can be removed though. +rm -f "%buildroot/%_libdir/"*.a %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig @@ -153,7 +150,6 @@ find "%buildroot/%_libdir" -type f -name "*.a" ! -name "libSDL2main.a" -delete %doc TODO.txt WhatsNew.txt %_bindir/sdl2-config %_libdir/libSDL2.so -%_libdir/libSDL2main.a %_includedir/SDL2/ %_datadir/aclocal/sdl2.m4 %_libdir/pkgconfig/sdl2.pc From bbd15f9ec106b51fa9467980a5443bf39cfd3dcbbaff5b2067f0928dcd03802b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 11 Aug 2019 12:13:09 +0000 Subject: [PATCH 3/6] Accepting request 718761 from home:alois:branches:games - Update to version 2.0.10 * The SDL_RW* macros have been turned into functions that are available only in 2.0.10 and onward * Added SDL_SIMDGetAlignment(), SDL_SIMDAlloc(), and SDL_SIMDFree(), to allocate memory aligned for SIMD operations for the current CPU * Added SDL_RenderDrawPointF(), SDL_RenderDrawPointsF(), SDL_RenderDrawLineF(), SDL_RenderDrawLinesF(), SDL_RenderDrawRectF(), SDL_RenderDrawRectsF(), SDL_RenderFillRectF(), SDL_RenderFillRectsF(), SDL_RenderCopyF(), SDL_RenderCopyExF(), to allow floating point precision in the SDL rendering API. * Added SDL_GetTouchDeviceType() to get the type of a touch device, which can be a touch screen or a trackpad in relative or absolute coordinate mode. * The SDL rendering API now uses batched rendering by default, for improved performance * Added SDL_RenderFlush() to force batched render commands to execute, if you're going to mix SDL rendering with native rendering * Added the hint SDL_HINT_RENDER_BATCHING to control whether batching should be used for the rendering API. This defaults to "1" if you don't specify what rendering driver to use when creating the renderer. * Added the hint SDL_HINT_EVENT_LOGGING to enable logging of SDL events for debugging purposes * Added the hint SDL_HINT_GAMECONTROLLERCONFIG_FILE to specify a file that will be loaded at joystick initialization with game controller bindings * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control whether SDL will synthesize touch events from mouse events * Improved handling of malformed WAVE and BMP files, fixing potential security exploits * Removed the Mir video driver in favor of Wayland - Refreshed sdl2-symvers.patch OBS-URL: https://build.opensuse.org/request/show/718761 OBS-URL: https://build.opensuse.org/package/show/games/SDL2?expand=0&rev=88 --- SDL2-2.0.10.tar.gz | 3 +++ SDL2-2.0.10.tar.gz.sig | Bin 0 -> 95 bytes SDL2-2.0.9.tar.gz | 3 --- SDL2-2.0.9.tar.gz.sig | Bin 95 -> 0 bytes SDL2.changes | 40 ++++++++++++++++++++++++++++++++++++++++ SDL2.spec | 2 +- sdl2-symvers.patch | 14 +++++++------- 7 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 SDL2-2.0.10.tar.gz create mode 100644 SDL2-2.0.10.tar.gz.sig delete mode 100644 SDL2-2.0.9.tar.gz delete mode 100644 SDL2-2.0.9.tar.gz.sig diff --git a/SDL2-2.0.10.tar.gz b/SDL2-2.0.10.tar.gz new file mode 100644 index 0000000..6c1f190 --- /dev/null +++ b/SDL2-2.0.10.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b4656c13a1f0d0023ae2f4a9cf08ec92fffb464e0f24238337784159b8b91d57 +size 5550762 diff --git a/SDL2-2.0.10.tar.gz.sig b/SDL2-2.0.10.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..6a5931b6af5ce6d921e2dd22ab30d7e7045ce9d439edb8c1e37df9d0fd7ca81b GIT binary patch literal 95 zcmeB(WnmCxVvrS6WD(U!j%^5DT3>$gL7TzS$>qz-te>$m#abHKFmQ1Sz(k&YWLR)e v)xN($gL7TzS$>qz-te>$mMc+Ke!obBT022{;#jv22 vYv=NvnXkH&kLVgjul8QZ^L77xhWP;tH^#mRG4D*(v6M8QBmU~h-^uy_nQbR5 diff --git a/SDL2.changes b/SDL2.changes index bda47f2..d935db7 100644 --- a/SDL2.changes +++ b/SDL2.changes @@ -9,6 +9,46 @@ Wed Jul 31 08:47:44 UTC 2019 - Martin Liška - Use FAT LTO objects in order to provide proper static library. +------------------------------------------------------------------- +Fri Jul 26 07:44:39 UTC 2019 - Luigi Baldoni + +- Update to version 2.0.10 + * The SDL_RW* macros have been turned into functions that are + available only in 2.0.10 and onward + * Added SDL_SIMDGetAlignment(), SDL_SIMDAlloc(), and + SDL_SIMDFree(), to allocate memory aligned for SIMD + operations for the current CPU + * Added SDL_RenderDrawPointF(), SDL_RenderDrawPointsF(), + SDL_RenderDrawLineF(), SDL_RenderDrawLinesF(), + SDL_RenderDrawRectF(), SDL_RenderDrawRectsF(), + SDL_RenderFillRectF(), SDL_RenderFillRectsF(), + SDL_RenderCopyF(), SDL_RenderCopyExF(), to allow floating + point precision in the SDL rendering API. + * Added SDL_GetTouchDeviceType() to get the type of a touch + device, which can be a touch screen or a trackpad in relative + or absolute coordinate mode. + * The SDL rendering API now uses batched rendering by default, + for improved performance + * Added SDL_RenderFlush() to force batched render commands to + execute, if you're going to mix SDL rendering with native + rendering + * Added the hint SDL_HINT_RENDER_BATCHING to control whether + batching should be used for the rendering API. This defaults + to "1" if you don't specify what rendering driver to use when + creating the renderer. + * Added the hint SDL_HINT_EVENT_LOGGING to enable logging of + SDL events for debugging purposes + * Added the hint SDL_HINT_GAMECONTROLLERCONFIG_FILE to specify + a file that will be loaded at joystick initialization with + game controller bindings + * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control + whether SDL will synthesize touch events from mouse events + * Improved handling of malformed WAVE and BMP files, fixing + potential security exploits + * Removed the Mir video driver in favor of Wayland + +- Refreshed sdl2-symvers.patch + ------------------------------------------------------------------- Sun Nov 4 14:10:15 UTC 2018 - Luigi Baldoni diff --git a/SDL2.spec b/SDL2.spec index 429047a..75ee270 100644 --- a/SDL2.spec +++ b/SDL2.spec @@ -18,7 +18,7 @@ Name: SDL2 %define lname libSDL2-2_0-0 -Version: 2.0.9 +Version: 2.0.10 Release: 0 Summary: Simple DirectMedia Layer Library License: Zlib diff --git a/sdl2-symvers.patch b/sdl2-symvers.patch index ab63d84..02c9a9b 100644 --- a/sdl2-symvers.patch +++ b/sdl2-symvers.patch @@ -8,23 +8,23 @@ some symvers so that zypper knows when to upgrade SDL. sdl2.sym | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) -Index: SDL2-2.0.8/Makefile.in +Index: SDL2-2.0.10/Makefile.in =================================================================== ---- SDL2-2.0.8.orig/Makefile.in -+++ SDL2-2.0.8/Makefile.in -@@ -122,7 +122,7 @@ LT_AGE = @LT_AGE@ +--- SDL2-2.0.10.orig/Makefile.in ++++ SDL2-2.0.10/Makefile.in +@@ -125,7 +125,7 @@ LT_AGE = @LT_AGE@ LT_CURRENT = @LT_CURRENT@ LT_RELEASE = @LT_RELEASE@ LT_REVISION = @LT_REVISION@ -LT_LDFLAGS = -no-undefined -rpath $(libdir) -release $(LT_RELEASE) -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) +LT_LDFLAGS = -no-undefined -rpath $(libdir) -release $(LT_RELEASE) -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) -Wl,--version-script=sdl2.sym - all: $(srcdir)/configure Makefile $(objects) $(objects)/$(TARGET) $(objects)/$(SDLMAIN_TARGET) $(objects)/$(SDLTEST_TARGET) + all: $(srcdir)/configure Makefile $(objects)/$(TARGET) $(objects)/$(SDLMAIN_TARGET) $(objects)/$(SDLTEST_TARGET) -Index: SDL2-2.0.8/sdl2.sym +Index: SDL2-2.0.10/sdl2.sym =================================================================== --- /dev/null -+++ SDL2-2.0.8/sdl2.sym ++++ SDL2-2.0.10/sdl2.sym @@ -0,0 +1,68 @@ +SUSE_2.0.5 { +global: From 49aed970ee6fcb147bcc98008ab3fe43f9c200a02d5f238e782f0bec44226e8d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 22 Aug 2019 20:06:02 +0000 Subject: [PATCH 4/6] Accepting request 725412 from home:mgorse:branches:games - Add CVE-2019-13616.patch: fix heap buffer overflow when reading a crafted bmp file (boo#1141844 CVE-2019-13616). potential security exploits (boo#1142031 CVE-2019-13626) OBS-URL: https://build.opensuse.org/request/show/725412 OBS-URL: https://build.opensuse.org/package/show/games/SDL2?expand=0&rev=89 --- CVE-2019-13616.patch | 15 +++++++++++++++ SDL2.changes | 8 +++++++- SDL2.spec | 1 + 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 CVE-2019-13616.patch diff --git a/CVE-2019-13616.patch b/CVE-2019-13616.patch new file mode 100644 index 0000000..10e5ac9 --- /dev/null +++ b/CVE-2019-13616.patch @@ -0,0 +1,15 @@ +diff -r b810b78d32cc -r e7ba650a643a src/video/SDL_bmp.c +--- a/src/video/SDL_bmp.c Thu Jul 25 08:05:13 2019 -0500 ++++ b/src/video/SDL_bmp.c Tue Jul 30 11:00:00 2019 -0700 +@@ -226,6 +226,11 @@ + SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR); + } + } ++ if (biWidth <= 0 || biHeight == 0) { ++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; diff --git a/SDL2.changes b/SDL2.changes index d935db7..0149bad 100644 --- a/SDL2.changes +++ b/SDL2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Aug 22 16:43:13 UTC 2019 - Michael Gorse + +- Add CVE-2019-13616.patch: fix heap buffer overflow when reading + a crafted bmp file (boo#1141844 CVE-2019-13616). + ------------------------------------------------------------------- Sun Aug 11 04:29:55 UTC 2019 - Jan Engelhardt @@ -44,7 +50,7 @@ Fri Jul 26 07:44:39 UTC 2019 - Luigi Baldoni * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control whether SDL will synthesize touch events from mouse events * Improved handling of malformed WAVE and BMP files, fixing - potential security exploits + potential security exploits (boo#1142031 CVE-2019-13626) * Removed the Mir video driver in favor of Wayland - Refreshed sdl2-symvers.patch diff --git a/SDL2.spec b/SDL2.spec index 75ee270..62f05ff 100644 --- a/SDL2.spec +++ b/SDL2.spec @@ -32,6 +32,7 @@ Source3: %name.keyring Source4: baselibs.conf Patch1: sdl2-symvers.patch Patch2: SDL2-endian.patch +Patch3: CVE-2019-13616.patch BuildRequires: cmake BuildRequires: dos2unix BuildRequires: gcc-c++ From b563ea66e7ee7dd1130d0681c43b8d78569f36ce290a9210c3ea06dc6ad75b42 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 23 Aug 2019 11:20:16 +0000 Subject: [PATCH 5/6] - Update sdl2-symvers.patch for SDL 2.0.9/2.0.10. OBS-URL: https://build.opensuse.org/package/show/games/SDL2?expand=0&rev=90 --- SDL2.changes | 5 ++++ SDL2.spec | 1 + sdl2-symvers.patch | 64 +++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 66 insertions(+), 4 deletions(-) diff --git a/SDL2.changes b/SDL2.changes index 0149bad..b8bd2da 100644 --- a/SDL2.changes +++ b/SDL2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Aug 23 11:19:59 UTC 2019 - Jan Engelhardt + +- Update sdl2-symvers.patch for SDL 2.0.9/2.0.10. + ------------------------------------------------------------------- Thu Aug 22 16:43:13 UTC 2019 - Michael Gorse diff --git a/SDL2.spec b/SDL2.spec index 62f05ff..2d2e229 100644 --- a/SDL2.spec +++ b/SDL2.spec @@ -16,6 +16,7 @@ # +%define sle_version 0 Name: SDL2 %define lname libSDL2-2_0-0 Version: 2.0.10 diff --git a/sdl2-symvers.patch b/sdl2-symvers.patch index 02c9a9b..d14463f 100644 --- a/sdl2-symvers.patch +++ b/sdl2-symvers.patch @@ -4,9 +4,9 @@ Date: 2018-01-10 23:56:12.245827883 +0100 Scrape the SDL announcements since 2.0.3 (version in Leap 42.3) and add some symvers so that zypper knows when to upgrade SDL. --- - Makefile.in | 2 - - sdl2.sym | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 69 insertions(+), 1 deletion(-) + Makefile.in | 2 + sdl2.sym | 124 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 125 insertions(+), 1 deletion(-) Index: SDL2-2.0.10/Makefile.in =================================================================== @@ -25,7 +25,7 @@ Index: SDL2-2.0.10/sdl2.sym =================================================================== --- /dev/null +++ SDL2-2.0.10/sdl2.sym -@@ -0,0 +1,68 @@ +@@ -0,0 +1,124 @@ +SUSE_2.0.5 { +global: + SDL_DequeueAudio; @@ -94,3 +94,59 @@ Index: SDL2-2.0.10/sdl2.sym + SDL_SetYUVConversionMode; + SDL_GetYUVConversionMode; +} SUSE_2.0.7; ++SUSE_2.0.9 { ++global: ++ SDL_CreateThreadWithStackSize; ++ SDL_GameControllerGetPlayerIndex; ++ SDL_GameControllerMappingForDeviceIndex; ++ SDL_GameControllerRumble; ++ SDL_GetDisplayOrientation; ++ SDL_HasAVX512F; ++ SDL_HasColorKey; ++ SDL_IsTablet; ++ SDL_JoystickGetDevicePlayerIndex; ++ SDL_JoystickGetPlayerIndex; ++ SDL_JoystickRumble; ++ SDL_LinuxSetThreadPriority; ++ SDL_NumSensors; ++ SDL_SensorClose; ++ SDL_SensorFromInstanceID; ++ SDL_SensorGetData; ++ SDL_SensorGetDeviceInstanceID; ++ SDL_SensorGetDeviceName; ++ SDL_SensorGetDeviceNonPortableType; ++ SDL_SensorGetDeviceType; ++ SDL_SensorGetInstanceID; ++ SDL_SensorGetName; ++ SDL_SensorGetNonPortableType; ++ SDL_SensorGetType; ++ SDL_SensorOpen; ++ SDL_SensorUpdate; ++ SDL_exp; ++ SDL_expf; ++ SDL_wcsdup; ++} SUSE_2.0.8; ++SUSE_2.0.10 { ++global: ++ SDL_GetTouchDeviceType; ++ SDL_RWclose; ++ SDL_RWread; ++ SDL_RWseek; ++ SDL_RWsize; ++ SDL_RWtell; ++ SDL_RWwrite; ++ SDL_RenderCopyExF; ++ SDL_RenderCopyF; ++ SDL_RenderDrawLineF; ++ SDL_RenderDrawLinesF; ++ SDL_RenderDrawPointF; ++ SDL_RenderDrawPointsF; ++ SDL_RenderDrawRectF; ++ SDL_RenderDrawRectsF; ++ SDL_RenderFillRectF; ++ SDL_RenderFillRectsF; ++ SDL_RenderFlush; ++ SDL_SIMDAlloc; ++ SDL_SIMDFree; ++ SDL_SIMDGetAlignment; ++} SUSE_2.0.9; From 8592ca6f753e9dfce822f8414eb7e0f9fc2c8bb6f3e3c9b95c450f27cf01417c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 23 Aug 2019 11:25:04 +0000 Subject: [PATCH 6/6] remove spaces OBS-URL: https://build.opensuse.org/package/show/games/SDL2?expand=0&rev=91 --- SDL2.changes | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SDL2.changes b/SDL2.changes index b8bd2da..45114a6 100644 --- a/SDL2.changes +++ b/SDL2.changes @@ -6,7 +6,7 @@ Fri Aug 23 11:19:59 UTC 2019 - Jan Engelhardt ------------------------------------------------------------------- Thu Aug 22 16:43:13 UTC 2019 - Michael Gorse -- Add CVE-2019-13616.patch: fix heap buffer overflow when reading +- Add CVE-2019-13616.patch: fix heap buffer overflow when reading a crafted bmp file (boo#1141844 CVE-2019-13616). ------------------------------------------------------------------- @@ -107,12 +107,12 @@ Sun Nov 4 14:10:15 UTC 2018 - Luigi Baldoni ------------------------------------------------------------------- Sun Jun 24 22:40:23 UTC 2018 - robert.munteanu@gmail.com -- Add 7babfecee045.patch, fixes launching Firewatch +- Add 7babfecee045.patch, fixes launching Firewatch ------------------------------------------------------------------- Fri May 11 11:08:39 UTC 2018 - crrodriguez@opensuse.org -- SDL2-endian.patch: bring up patch from SDL1, use optimized +- SDL2-endian.patch: bring up patch from SDL1, use optimized byteswap routines from the C library. - build with --disable-3dnow, do not pass -m3dnow to the compiler modern cpus do not support this instructions at all.