Accepting request 1138787 from games

OBS-URL: https://build.opensuse.org/request/show/1138787 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/SDL2?expand=0&rev=60
2024-01-15 21:15:18 +00:00 · 2024-01-15 21:15:18 +00:00 · 75ac389b19
commit 75ac389b19
parent 69d4f86f9b 7cfbd18d36
2 changed files with 92 additions and 2 deletions
--- a/SDL2.changes
+++ b/SDL2.changes
@ -142,6 +142,13 @@ Tue Nov 22 01:03:38 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
    SDL_ControllerSensorEvent, when the hardware provides that
    information.
 - Delete sdl2-khronos.patch (merged)
+- Drop CVE-2022-4743.patch.
+
+-------------------------------------------------------------------
+Tue Nov  3 21:06:13 UTC 2022 - Michael Gorse <mgorse@suse.com>
+
+- Add CVE-2022-4743.patch: fix potential memory leak in
+  GLES_CreateTexture (boo#1206727 CVE-2022-4743).

 -------------------------------------------------------------------
 Tue Nov  1 14:27:40 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
@ -288,6 +295,14 @@ Tue Nov 30 17:30:02 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
 - Drop SDL2-endian.patch (inapplicable),
  sdl2-fix-wayland-fullscreen.patch (merged),
  audio-Support-pulse-as-an-alias-for-pulseaudio.patch (merged)
+- Drop CVE-2021-33657.patch.
+
+-------------------------------------------------------------------
+Tue Nov 10 19:50:12 UTC 2021 - Michael Gorse <mgorse@suse.com>
+
+- Add CVE-2021-33657.patch: always create a full 256-entry color
+  map in case color values are out of range (boo#1198001
+  CVE-2021-33657).

 -------------------------------------------------------------------
 Mon Nov  8 12:52:16 CET 2021 - tiwai@suse.de
@ -340,6 +355,14 @@ Wed Mar 11 10:23:44 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
  * A new video driver for offscreen rendering
  * ARM NEON optimizations
 - Drop CVE-2019-13616.patch (merged upstream)
+- Drop sdl2-surface-pitch-overflow.patch.
+
+-------------------------------------------------------------------
+Tue Jan 14 21:30:34 UTC 2020 - Michael Gorse <mgorse@suse.com>
+
+- Add sdl2-surface-pitch-overflow.patch: fix overflow in surface
+  pitch calculation (boo#1181201 boo#1181202 CVE-2020-14410
+  CVE-2020-14409).

 -------------------------------------------------------------------
 Sun Jan 12 22:53:50 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
@ -350,7 +373,7 @@ Sun Jan 12 22:53:50 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
 Wed Oct  9 13:34:31 UTC 2019 - Stefan Dirsch <sndirsch@suse.com>

 - sdl2-khronos.patch
-  * fixes build on i586 (boo#1153455)
+  * fixes build on i586 (boo#1153455, boo#1158176)

 -------------------------------------------------------------------
 Fri Aug 23 11:19:59 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
@ -415,6 +438,73 @@ Fri Jul 26 07:44:39 UTC 2019 - Luigi Baldoni <aloisio@gmx.com>
    (boo#1124826), CVE-2019-7638 (boo#1124824).

 - Refreshed sdl2-symvers.patch
+- Drop CVE-2019-13626.patch, CVE-2019-7636.patch,
+  CVE-2019-7635.patch.
+
+-------------------------------------------------------------------
+Mon Jul 20 19:33:22 UTC 2019 - Michael Gorse <mgorse@suse.com>
+
+- Add CVE-2019-13626.patch: add safeguards to the wav parser to
+  prevent crashes (boo#1142031 CVE-2019-13626).
+- Drop CVE-2019-7572.patch, CVE-2019-7574.patch,
+  CVE-2019-7575.patch, CVE-2019-7577.patch, and
+  CVE-2019-7578.patch: these are handled by the new code added in
+  CVE-2019-13626.patch.
+
+-------------------------------------------------------------------
+Thu May 23 09:52:38 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Remove CVE-2019-7637.patch, the modification of function 
+  SDL_CalculatePitch is only suit for SDL not SDL2.
+
+-------------------------------------------------------------------
+Wed Mar 20 09:46:14 UTC 2019 - qzheng <qzheng@suse.com>
+
+- Add CVE-2019-7636.patch to fix a heap-based buffer over-read
+  issue (CVE-2019-7636, boo#1124826, CVE-2019-7638, boo#1124824).
+
+-------------------------------------------------------------------
+Wed Mar 20 09:34:39 UTC 2019 - qzheng <qzheng@suse.com>
+
+- Add CVE-2019-7635.patch to fix a heap-based buffer over-read
+  issue (CVE-2019-7635, boo#1124827).
+
+-------------------------------------------------------------------
+Wed Mar 20 09:08:43 UTC 2019 - qzheng <qzheng@suse.com>
+
+- Add CVE-2019-7578.patch to fix a heap-based buffer over-read
+  issue (CVE-2019-7578, boo#1125099, CVE-2019-7576, boo#1124799
+  CVE-2019-7573, boo#1124805).
+
+-------------------------------------------------------------------
+Wed Mar 20 07:50:52 UTC 2019 - qzheng <qzheng@suse.com>
+
+- Add CVE-2019-7572.patch to fix a buffer over-read issue
+  (CVE-2019-7572, boo#1124806).
+
+-------------------------------------------------------------------
+Wed Mar 20 07:19:37 UTC 2019 - qzheng <qzheng@suse.com>
+
+- Add CVE-2019-7574.patch to fix a heap-based buffer over-read
+  issue (CVE-2019-7574, boo#1124803).
+
+-------------------------------------------------------------------
+Thu Feb 28 06:14:19 UTC 2019 - qzheng <qzheng@suse.com>
+
+- Add CVE-2019-7575.patch to fix a heap-based buffer overflow
+  issue (CVE-2019-7575, boo#1124802).
+
+-------------------------------------------------------------------
+Thu Feb 28 02:27:10 UTC 2019 - qzheng <qzheng@suse.com>
+
+- Add CVE-2019-7637.patch to fix a heap-base buffer overflow
+  issue (CVE-2019-7637, boo#1124825).
+
+-------------------------------------------------------------------
+Wed Feb 27 07:45:48 UTC 2019 - qzheng <qzheng@suse.com>
+
+- Add CVE-2019-7577.patch to fix a buffer over-read issue
+  (CVE-2019-7577, boo#1124800).

 -------------------------------------------------------------------
 Sun Nov  4 14:10:15 UTC 2018 - Luigi Baldoni <aloisio@gmx.com>
--- a/SDL2.spec
+++ b/SDL2.spec
@ -1,7 +1,7 @@
 #
 # spec file for package SDL2
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed