From 7cfbd18d36c6a97ad2fadf53f18c1cdf81e545b43909e3e8888f4e0a18de73b1 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 15 Jan 2024 09:34:01 +0000 Subject: [PATCH] Accepting request 1138779 from home:AZhou:branches:games Sync changelog with SLE-15-SP6 so we could bump the version in SLE-15-SP6. OBS-URL: https://build.opensuse.org/request/show/1138779 OBS-URL: https://build.opensuse.org/package/show/games/SDL2?expand=0&rev=176 --- SDL2.changes | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++- SDL2.spec | 2 +- 2 files changed, 92 insertions(+), 2 deletions(-) diff --git a/SDL2.changes b/SDL2.changes index 76008bd..aa29644 100644 --- a/SDL2.changes +++ b/SDL2.changes @@ -142,6 +142,13 @@ Tue Nov 22 01:03:38 UTC 2022 - Jan Engelhardt SDL_ControllerSensorEvent, when the hardware provides that information. - Delete sdl2-khronos.patch (merged) +- Drop CVE-2022-4743.patch. + +------------------------------------------------------------------- +Tue Nov 3 21:06:13 UTC 2022 - Michael Gorse + +- Add CVE-2022-4743.patch: fix potential memory leak in + GLES_CreateTexture (boo#1206727 CVE-2022-4743). ------------------------------------------------------------------- Tue Nov 1 14:27:40 UTC 2022 - Jan Engelhardt @@ -288,6 +295,14 @@ Tue Nov 30 17:30:02 UTC 2021 - Jan Engelhardt - Drop SDL2-endian.patch (inapplicable), sdl2-fix-wayland-fullscreen.patch (merged), audio-Support-pulse-as-an-alias-for-pulseaudio.patch (merged) +- Drop CVE-2021-33657.patch. + +------------------------------------------------------------------- +Tue Nov 10 19:50:12 UTC 2021 - Michael Gorse + +- Add CVE-2021-33657.patch: always create a full 256-entry color + map in case color values are out of range (boo#1198001 + CVE-2021-33657). ------------------------------------------------------------------- Mon Nov 8 12:52:16 CET 2021 - tiwai@suse.de @@ -340,6 +355,14 @@ Wed Mar 11 10:23:44 UTC 2020 - Jan Engelhardt * A new video driver for offscreen rendering * ARM NEON optimizations - Drop CVE-2019-13616.patch (merged upstream) +- Drop sdl2-surface-pitch-overflow.patch. + +------------------------------------------------------------------- +Tue Jan 14 21:30:34 UTC 2020 - Michael Gorse + +- Add sdl2-surface-pitch-overflow.patch: fix overflow in surface + pitch calculation (boo#1181201 boo#1181202 CVE-2020-14410 + CVE-2020-14409). ------------------------------------------------------------------- Sun Jan 12 22:53:50 UTC 2020 - Jan Engelhardt @@ -350,7 +373,7 @@ Sun Jan 12 22:53:50 UTC 2020 - Jan Engelhardt Wed Oct 9 13:34:31 UTC 2019 - Stefan Dirsch - sdl2-khronos.patch - * fixes build on i586 (boo#1153455) + * fixes build on i586 (boo#1153455, boo#1158176) ------------------------------------------------------------------- Fri Aug 23 11:19:59 UTC 2019 - Jan Engelhardt @@ -415,6 +438,73 @@ Fri Jul 26 07:44:39 UTC 2019 - Luigi Baldoni (boo#1124826), CVE-2019-7638 (boo#1124824). - Refreshed sdl2-symvers.patch +- Drop CVE-2019-13626.patch, CVE-2019-7636.patch, + CVE-2019-7635.patch. + +------------------------------------------------------------------- +Mon Jul 20 19:33:22 UTC 2019 - Michael Gorse + +- Add CVE-2019-13626.patch: add safeguards to the wav parser to + prevent crashes (boo#1142031 CVE-2019-13626). +- Drop CVE-2019-7572.patch, CVE-2019-7574.patch, + CVE-2019-7575.patch, CVE-2019-7577.patch, and + CVE-2019-7578.patch: these are handled by the new code added in + CVE-2019-13626.patch. + +------------------------------------------------------------------- +Thu May 23 09:52:38 UTC 2019 - Qiang Zheng + +- Remove CVE-2019-7637.patch, the modification of function + SDL_CalculatePitch is only suit for SDL not SDL2. + +------------------------------------------------------------------- +Wed Mar 20 09:46:14 UTC 2019 - qzheng + +- Add CVE-2019-7636.patch to fix a heap-based buffer over-read + issue (CVE-2019-7636, boo#1124826, CVE-2019-7638, boo#1124824). + +------------------------------------------------------------------- +Wed Mar 20 09:34:39 UTC 2019 - qzheng + +- Add CVE-2019-7635.patch to fix a heap-based buffer over-read + issue (CVE-2019-7635, boo#1124827). + +------------------------------------------------------------------- +Wed Mar 20 09:08:43 UTC 2019 - qzheng + +- Add CVE-2019-7578.patch to fix a heap-based buffer over-read + issue (CVE-2019-7578, boo#1125099, CVE-2019-7576, boo#1124799 + CVE-2019-7573, boo#1124805). + +------------------------------------------------------------------- +Wed Mar 20 07:50:52 UTC 2019 - qzheng + +- Add CVE-2019-7572.patch to fix a buffer over-read issue + (CVE-2019-7572, boo#1124806). + +------------------------------------------------------------------- +Wed Mar 20 07:19:37 UTC 2019 - qzheng + +- Add CVE-2019-7574.patch to fix a heap-based buffer over-read + issue (CVE-2019-7574, boo#1124803). + +------------------------------------------------------------------- +Thu Feb 28 06:14:19 UTC 2019 - qzheng + +- Add CVE-2019-7575.patch to fix a heap-based buffer overflow + issue (CVE-2019-7575, boo#1124802). + +------------------------------------------------------------------- +Thu Feb 28 02:27:10 UTC 2019 - qzheng + +- Add CVE-2019-7637.patch to fix a heap-base buffer overflow + issue (CVE-2019-7637, boo#1124825). + +------------------------------------------------------------------- +Wed Feb 27 07:45:48 UTC 2019 - qzheng + +- Add CVE-2019-7577.patch to fix a buffer over-read issue + (CVE-2019-7577, boo#1124800). ------------------------------------------------------------------- Sun Nov 4 14:10:15 UTC 2018 - Luigi Baldoni diff --git a/SDL2.spec b/SDL2.spec index c74b185..66b00cd 100644 --- a/SDL2.spec +++ b/SDL2.spec @@ -1,7 +1,7 @@ # # spec file for package SDL2 # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed