diff --git a/_service b/_service index 0a6035d..efa7092 100644 --- a/_service +++ b/_service @@ -1,7 +1,7 @@ https://github.com/raysan5/raylib.git - 5.0 + 5.5 @PARENT_TAG@ git examples diff --git a/raylib-5.0.obscpio b/raylib-5.0.obscpio deleted file mode 100644 index ddcc8bb..0000000 --- a/raylib-5.0.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:13b797cc6979739ac8a3ba880638de43cc39e5ef5f61bd706d1ad178b14bde71 -size 63029774 diff --git a/raylib-5.0.tar.xz b/raylib-5.0.tar.xz deleted file mode 100644 index c066244..0000000 --- a/raylib-5.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dfa9c6d1a0a117c034204daf2b6f65139bea51a20106083def018ba0e91e8804 -size 29560808 diff --git a/raylib-5.5.obscpio b/raylib-5.5.obscpio new file mode 100644 index 0000000..041f477 --- /dev/null +++ b/raylib-5.5.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:77a9284668d1572e640f201a7d3ec6450b7f1e87f2486aa233e715e1d2f304be +size 19018765 diff --git a/raylib-5.5.tar.xz b/raylib-5.5.tar.xz new file mode 100644 index 0000000..773c75f --- /dev/null +++ b/raylib-5.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fc1894ed7bb4e262c5ca9f1760595e4770c6b5cad522d33b8e5448011ffbda49 +size 38578872 diff --git a/raylib-CVE-2025-15533-CVE-2025-15534.patch b/raylib-CVE-2025-15533-CVE-2025-15534.patch new file mode 100644 index 0000000..e267bab --- /dev/null +++ b/raylib-CVE-2025-15533-CVE-2025-15534.patch @@ -0,0 +1,93 @@ +Fix CVE-2025-15533 and CVE-2025-15534 + +Based on 5a3391fdce046bc5473e52afbd835dd2dc127146. +Change glyphs[k] -> chars[i]. +Index: raylib-5.5/src/rtext.c +=================================================================== +--- raylib-5.5.orig/src/rtext.c ++++ raylib-5.5/src/rtext.c +@@ -695,8 +695,11 @@ GlyphInfo *LoadFontData(const unsigned c + stbtt_GetCodepointHMetrics(&fontInfo, ch, &chars[i].advanceX, NULL); + chars[i].advanceX = (int)((float)chars[i].advanceX*scaleFactor); + ++ if (chars[i].advanceX < 0) chars[i].advanceX = 0; ++ + Image imSpace = { + .data = RL_CALLOC(chars[i].advanceX*fontSize, 2), ++ .data = (chars[i].advanceX > 0) ? RL_CALLOC(chars[i].advanceX*fontSize, 2) : NULL, + .width = chars[i].advanceX, + .height = fontSize, + .mipmaps = 1, +@@ -796,7 +799,8 @@ Image GenImageFontAtlas(const GlyphInfo + } + #endif + +- atlas.data = (unsigned char *)RL_CALLOC(1, atlas.width*atlas.height); // Create a bitmap to store characters (8 bpp) ++ int atlasDataSize = atlas.width * atlas.height; // Save total size for bounds checking ++ atlas.data = (unsigned char *)RL_CALLOC(1, atlasDataSize); // Create a bitmap to store characters (8 bpp) + atlas.format = PIXELFORMAT_UNCOMPRESSED_GRAYSCALE; + atlas.mipmaps = 1; + +@@ -841,7 +845,17 @@ Image GenImageFontAtlas(const GlyphInfo + { + for (int x = 0; x < glyphs[i].image.width; x++) + { +- ((unsigned char *)atlas.data)[(offsetY + y)*atlas.width + (offsetX + x)] = ((unsigned char *)glyphs[i].image.data)[y*glyphs[i].image.width + x]; ++ int destX = offsetX + x; ++ int destY = offsetY + y; ++ ++ // Security fix: check both lower and upper bounds ++ // destX >= 0: prevent heap underflow (#5434) ++ // destX < atlas.width: prevent heap overflow (#5433) ++ if (destX >= 0 && destX < atlas.width && destY >= 0 && destY < atlas.height) ++ { ++ ((unsigned char *)atlas.data)[destY * atlas.width + destX] = ++ ((unsigned char *)glyphs[i].image.data)[y * glyphs[i].image.width + x]; ++ } + } + } + +@@ -889,7 +903,15 @@ Image GenImageFontAtlas(const GlyphInfo + { + for (int x = 0; x < glyphs[i].image.width; x++) + { +- ((unsigned char *)atlas.data)[(rects[i].y + padding + y)*atlas.width + (rects[i].x + padding + x)] = ((unsigned char *)glyphs[i].image.data)[y*glyphs[i].image.width + x]; ++ int destX = rects[i].x + padding + x; ++ int destY = rects[i].y + padding + y; ++ ++ // Security fix: check both lower and upper bounds ++ if (destX >= 0 && destX < atlas.width && destY >= 0 && destY < atlas.height) ++ { ++ ((unsigned char *)atlas.data)[destY * atlas.width + destX] = ++ ((unsigned char *)glyphs[i].image.data)[y * glyphs[i].image.width + x]; ++ } + } + } + } +@@ -903,14 +925,18 @@ Image GenImageFontAtlas(const GlyphInfo + + #if defined(SUPPORT_FONT_ATLAS_WHITE_REC) + // Add a 3x3 white rectangle at the bottom-right corner of the generated atlas, +- // useful to use as the white texture to draw shapes with raylib, using this rectangle +- // shapes and text can be backed into a single draw call: SetShapesTexture() +- for (int i = 0, k = atlas.width*atlas.height - 1; i < 3; i++) +- { +- ((unsigned char *)atlas.data)[k - 0] = 255; +- ((unsigned char *)atlas.data)[k - 1] = 255; +- ((unsigned char *)atlas.data)[k - 2] = 255; +- k -= atlas.width; ++ // useful to use as the white texture to draw shapes with raylib. ++ // [Security Fix] Ensure the atlas is large enough to hold a 3x3 rectangle. ++ // This prevents heap underflow when width < 3 or height < 3 (Fixes #5434 variant) ++ if (atlas.width >= 3 && atlas.height >= 3) ++ { ++ for (int i = 0, k = atlas.width*atlas.height - 1; i < 3; i++) ++ { ++ ((unsigned char *)atlas.data)[k - 0] = 255; ++ ((unsigned char *)atlas.data)[k - 1] = 255; ++ ((unsigned char *)atlas.data)[k - 2] = 255; ++ k -= atlas.width; ++ } + } + #endif + diff --git a/raylib.changes b/raylib.changes index 1b16002..13c9d01 100644 --- a/raylib.changes +++ b/raylib.changes @@ -1,3 +1,84 @@ +------------------------------------------------------------------- +Mon Jan 19 13:05:48 UTC 2026 - Michael Vetter + +- security update: + * CVE-2025-15533 [bsc#1256900] + Fix heap-based buffer overflow via GenImageFontAtlas function manipulation + * CVE-2025-15534 [bsc#1256901] + Fix integer overflow vulnerability in LoadFontData + * Add raylib-CVE-2025-15533-CVE-2025-15534.patch + +------------------------------------------------------------------- +Wed Nov 27 07:53:33 UTC 2024 - Michael Vetter + +- Update to 5.5: + * NEW raylib pre-configured Windows package: The new raylib portable and + self-contained Windows package for raylib 5.5, intended for nobel devs that + start in programming world, comes with one big addition: support for C code + building for Web platform with one-single-mouse-click! For the last 10 + years, the pre-configured raylib Windows package allowed to edit simple C + projects on Notepad++ and easely compile Windows executables with an + automatic script; this new release adds the possibility to compile the same + C projects for Web platform with a simple mouse click. This new addition + greatly simplifies C to WebAssembly project building for new users. The + raylib Windows Installer package can be downloaded for free from raylib on + itch.io. + * NEW raylib project creator tool: A brand new tool developed to help raylib + users to setup new projects in a professional way. raylib project creator + generates a complete project structure with multiple build systems + ready-to-use and GitHub CI/CD actions pre-configured. It only requires + providing some C files and basic project parameters! The tools is free and + open-source, and it can be used online!. + * NEW Platform backend supported: RGFW: Thanks to the rcore platform-split + implemented in raylib 5.0, adding new platforms backends has been greatly + simplified, new backends can be added using provided template, + self-contained in a single C module, completely portable. A new platform + backend has been added: RGFW. RGFW is a new single-file header-only + portable library (RGFW.h) intended for platform-functionality management + (windowing and inputs); in this case for desktop platforms (Windows, Linux, + macOS) but also for Web platform. It adds a new alternative to the already + existing GLFW and SDL platform backends. + * NEW Platform backend version supported: SDL3: Previous raylib 5.0 added + support for SDL2 library, and raylib 5.5 not only improves SDL2 + functionality, with several issues reviewed, but also adds support for the + recently released big SDL update in years: SDL3. Now users can select at + compile time the desired SDL version to use, increasing the number of + potential platforms supported in the future! + * NEW Retro-console platforms supported: Dreamcast, N64, PSP, PSVita, PS4: + Thanks to the platform-split on raylib 5.0, supporting new platform + backends is easier than ever! Along the raylib rlgl module support for the + OpenGL 1.1 graphics API, it opened the door to multiple homebrew + retro-consoles backend implementations! It's amazing to see raylib running + on +20 year old consoles like Dreamcast, PSP or PSVita, considering the + hardware constraints of those platforms and proves raylib outstanding + versability! Those additional platforms can be found in separate + repositories and have been created by the amazing programmer Antonio Jose + Ramos Marquez (@psxdev). + * NEW GPU Skinning support: After lots of requests for this feature, it has + been finally added to raylib thanks to the contributor Daniel Holden + (@orangeduck), probably the developer that has further pushed models + animations with raylib, developing two amazing tools to visualize and test + animations: GenoView and BVHView. Adding GPU skinning was a tricky feature, + considering it had to be available for all raylib supported platforms, + including limited ones like Raspberry Pi with OpenGL ES 2.0, where some + advance OpenGL features are not available (UBO, SSBO, Transform Feedback) + but a multi-platform solution was found to make it possible. A new example, + models_gpu_skinning has been added to illustrate this new functionality. As + an extra, previous existing CPU animation system has been greatly improved, + multiplying performance by a factor (simplifiying required maths). + * NEW raymath C++ operators: After several requested for this feature, C++ + math operators for Vector2, Vector3, Vector4, Quaternion and Matrix has + been added to raymath as an extension to current implementation. Despite + being only available for C++ because C does not support it, these operators + simplify C++ code when doing math operations. + * Normals support on batching system + * Clipboard images reading support + * CRC32/MD5/SHA1 hash computation + * Gamepad vibration support + * Improved font loading (no GPU required) with BDF fonts support + * Time-based camera movement + * Improved GLTF animations loading + ------------------------------------------------------------------- Sat Nov 18 13:25:40 UTC 2023 - Michael Vetter diff --git a/raylib.obsinfo b/raylib.obsinfo index a7d0789..deac8b8 100644 --- a/raylib.obsinfo +++ b/raylib.obsinfo @@ -1,4 +1,4 @@ name: raylib -version: 5.0 -mtime: 1700044250 -commit: ae50bfa2cc569c0f8d5bc4315d39db64005b1b08 +version: 5.5 +mtime: 1731932470 +commit: c1ab645ca298a2801097931d1079b10ff7eb9df8 diff --git a/raylib.spec b/raylib.spec index 1f345d1..5f71e9e 100644 --- a/raylib.spec +++ b/raylib.spec @@ -1,7 +1,7 @@ # # spec file for package raylib # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,14 @@ Name: raylib -Version: 5.0 +Version: 5.5 Release: 0 Summary: C library for learning video game programming License: Zlib Group: Development/Libraries/C and C++ URL: https://www.raylib.com Source: raylib-%{version}.tar.xz +Patch0: raylib-CVE-2025-15533-CVE-2025-15534.patch BuildRequires: Mesa-libGL-devel BuildRequires: cmake BuildRequires: gcc-c++ @@ -43,21 +44,21 @@ raylib is inspired by the Borland BGI graphics library and by the XNA framework. %package -n raylib-devel Summary: Development files for %{name} Group: Development/Libraries/C and C++ -Requires: libraylib450 = %{version} +Requires: libraylib550 = %{version} Requires: openal-soft-devel %description -n raylib-devel Development files and headers for %{name}. -%package -n libraylib450 +%package -n libraylib550 Summary: C library for learning video game programming Group: System/Libraries -%description -n libraylib450 +%description -n libraylib550 A C library for learning video game programming. %prep -%setup -q +%autosetup -p1 %build %cmake \ @@ -71,10 +72,10 @@ A C library for learning video game programming. %install %cmake_install -%post -n libraylib450 -p /sbin/ldconfig -%postun -n libraylib450 -p /sbin/ldconfig +%post -n libraylib550 -p /sbin/ldconfig +%postun -n libraylib550 -p /sbin/ldconfig -%files -n libraylib450 +%files -n libraylib550 %license LICENSE %{_libdir}/libraylib.so.*