pool/raylib
SHA256
17
0
Fork 3
Code Issues Pull Requests 1 Activity

leap-16.1 #1

Open
jubalh wants to merge 8 commits from jubalh/raylib:leap-16.1 into leap-16.1
pull from: jubalh/raylib:leap-16.1
merge into: pool:leap-16.1
Conversation 4 Commits 8 Files Changed 9 +194 -19
9 changed files with 194 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_service
View File

@@ -1,7 +1,7 @@
<services>
<service name="obs_scm" mode="disabled">
<param name="url">https://github.com/raysan5/raylib.git</param>
<param name="revision">5.0</param>
<param name="revision">5.5</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">examples</param>

3
raylib-5.0.obscpio
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:13b797cc6979739ac8a3ba880638de43cc39e5ef5f61bd706d1ad178b14bde71
size 63029774

3
raylib-5.0.tar.xz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dfa9c6d1a0a117c034204daf2b6f65139bea51a20106083def018ba0e91e8804
size 29560808

3
raylib-5.5.obscpio Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:77a9284668d1572e640f201a7d3ec6450b7f1e87f2486aa233e715e1d2f304be
size 19018765

3
raylib-5.5.tar.xz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fc1894ed7bb4e262c5ca9f1760595e4770c6b5cad522d33b8e5448011ffbda49
size 38578872

93
raylib-CVE-2025-15533-CVE-2025-15534.patch Normal file
View File

@@ -0,0 +1,93 @@
Fix CVE-2025-15533 and CVE-2025-15534
Based on 5a3391fdce046bc5473e52afbd835dd2dc127146.
Change glyphs[k] -> chars[i].
Index: raylib-5.5/src/rtext.c
===================================================================
--- raylib-5.5.orig/src/rtext.c
+++ raylib-5.5/src/rtext.c
@@ -695,8 +695,11 @@ GlyphInfo *LoadFontData(const unsigned c
stbtt_GetCodepointHMetrics(&fontInfo, ch, &chars[i].advanceX, NULL);
chars[i].advanceX = (int)((float)chars[i].advanceX*scaleFactor);
+ if (chars[i].advanceX < 0) chars[i].advanceX = 0;
+
Image imSpace = {
.data = RL_CALLOC(chars[i].advanceX*fontSize, 2),
+ .data = (chars[i].advanceX > 0) ? RL_CALLOC(chars[i].advanceX*fontSize, 2) : NULL,
.width = chars[i].advanceX,
.height = fontSize,
.mipmaps = 1,
@@ -796,7 +799,8 @@ Image GenImageFontAtlas(const GlyphInfo
}
#endif
- atlas.data = (unsigned char *)RL_CALLOC(1, atlas.width*atlas.height); // Create a bitmap to store characters (8 bpp)
+ int atlasDataSize = atlas.width * atlas.height; // Save total size for bounds checking
+ atlas.data = (unsigned char *)RL_CALLOC(1, atlasDataSize); // Create a bitmap to store characters (8 bpp)
atlas.format = PIXELFORMAT_UNCOMPRESSED_GRAYSCALE;
atlas.mipmaps = 1;
@@ -841,7 +845,17 @@ Image GenImageFontAtlas(const GlyphInfo
{
for (int x = 0; x < glyphs[i].image.width; x++)
{
- ((unsigned char *)atlas.data)[(offsetY + y)*atlas.width + (offsetX + x)] = ((unsigned char *)glyphs[i].image.data)[y*glyphs[i].image.width + x];
+ int destX = offsetX + x;
+ int destY = offsetY + y;
+
+ // Security fix: check both lower and upper bounds
+ // destX >= 0: prevent heap underflow (#5434)
+ // destX < atlas.width: prevent heap overflow (#5433)
+ if (destX >= 0 && destX < atlas.width && destY >= 0 && destY < atlas.height)
+ {
+ ((unsigned char *)atlas.data)[destY * atlas.width + destX] =
+ ((unsigned char *)glyphs[i].image.data)[y * glyphs[i].image.width + x];
+ }
}
}
@@ -889,7 +903,15 @@ Image GenImageFontAtlas(const GlyphInfo
{
for (int x = 0; x < glyphs[i].image.width; x++)
{
- ((unsigned char *)atlas.data)[(rects[i].y + padding + y)*atlas.width + (rects[i].x + padding + x)] = ((unsigned char *)glyphs[i].image.data)[y*glyphs[i].image.width + x];
+ int destX = rects[i].x + padding + x;
+ int destY = rects[i].y + padding + y;
+
+ // Security fix: check both lower and upper bounds
+ if (destX >= 0 && destX < atlas.width && destY >= 0 && destY < atlas.height)
+ {
+ ((unsigned char *)atlas.data)[destY * atlas.width + destX] =
+ ((unsigned char *)glyphs[i].image.data)[y * glyphs[i].image.width + x];
+ }
}
}
}
@@ -903,14 +925,18 @@ Image GenImageFontAtlas(const GlyphInfo
#if defined(SUPPORT_FONT_ATLAS_WHITE_REC)
// Add a 3x3 white rectangle at the bottom-right corner of the generated atlas,
- // useful to use as the white texture to draw shapes with raylib, using this rectangle
- // shapes and text can be backed into a single draw call: SetShapesTexture()
- for (int i = 0, k = atlas.width*atlas.height - 1; i < 3; i++)
- {
- ((unsigned char *)atlas.data)[k - 0] = 255;
- ((unsigned char *)atlas.data)[k - 1] = 255;
- ((unsigned char *)atlas.data)[k - 2] = 255;
- k -= atlas.width;
+ // useful to use as the white texture to draw shapes with raylib.
+ // [Security Fix] Ensure the atlas is large enough to hold a 3x3 rectangle.
+ // This prevents heap underflow when width < 3 or height < 3 (Fixes #5434 variant)
+ if (atlas.width >= 3 && atlas.height >= 3)
+ {
+ for (int i = 0, k = atlas.width*atlas.height - 1; i < 3; i++)
+ {
+ ((unsigned char *)atlas.data)[k - 0] = 255;
+ ((unsigned char *)atlas.data)[k - 1] = 255;
+ ((unsigned char *)atlas.data)[k - 2] = 255;
+ k -= atlas.width;
+ }
}
#endif

81
raylib.changes
View File

@@ -1,3 +1,84 @@
-------------------------------------------------------------------
Mon Jan 19 13:05:48 UTC 2026 - Michael Vetter <mvetter@suse.com>
- security update:
* CVE-2025-15533 [bsc#1256900]
Fix heap-based buffer overflow via GenImageFontAtlas function manipulation
* CVE-2025-15534 [bsc#1256901]
Fix integer overflow vulnerability in LoadFontData
* Add raylib-CVE-2025-15533-CVE-2025-15534.patch
-------------------------------------------------------------------
Wed Nov 27 07:53:33 UTC 2024 - Michael Vetter <mvetter@suse.com>
- Update to 5.5:
* NEW raylib pre-configured Windows package: The new raylib portable and
self-contained Windows package for raylib 5.5, intended for nobel devs that
start in programming world, comes with one big addition: support for C code
building for Web platform with one-single-mouse-click! For the last 10
years, the pre-configured raylib Windows package allowed to edit simple C
projects on Notepad++ and easely compile Windows executables with an
automatic script; this new release adds the possibility to compile the same
C projects for Web platform with a simple mouse click. This new addition
greatly simplifies C to WebAssembly project building for new users. The
raylib Windows Installer package can be downloaded for free from raylib on
itch.io.
* NEW raylib project creator tool: A brand new tool developed to help raylib
users to setup new projects in a professional way. raylib project creator
generates a complete project structure with multiple build systems
ready-to-use and GitHub CI/CD actions pre-configured. It only requires
providing some C files and basic project parameters! The tools is free and
open-source, and it can be used online!.
* NEW Platform backend supported: RGFW: Thanks to the rcore platform-split
implemented in raylib 5.0, adding new platforms backends has been greatly
simplified, new backends can be added using provided template,
self-contained in a single C module, completely portable. A new platform
backend has been added: RGFW. RGFW is a new single-file header-only
portable library (RGFW.h) intended for platform-functionality management
(windowing and inputs); in this case for desktop platforms (Windows, Linux,
macOS) but also for Web platform. It adds a new alternative to the already
existing GLFW and SDL platform backends.
* NEW Platform backend version supported: SDL3: Previous raylib 5.0 added
support for SDL2 library, and raylib 5.5 not only improves SDL2
functionality, with several issues reviewed, but also adds support for the
recently released big SDL update in years: SDL3. Now users can select at
compile time the desired SDL version to use, increasing the number of
potential platforms supported in the future!
* NEW Retro-console platforms supported: Dreamcast, N64, PSP, PSVita, PS4:
Thanks to the platform-split on raylib 5.0, supporting new platform
backends is easier than ever! Along the raylib rlgl module support for the
OpenGL 1.1 graphics API, it opened the door to multiple homebrew
retro-consoles backend implementations! It's amazing to see raylib running
on +20 year old consoles like Dreamcast, PSP or PSVita, considering the
hardware constraints of those platforms and proves raylib outstanding
versability! Those additional platforms can be found in separate
repositories and have been created by the amazing programmer Antonio Jose
Ramos Marquez (@psxdev).
* NEW GPU Skinning support: After lots of requests for this feature, it has
been finally added to raylib thanks to the contributor Daniel Holden
(@orangeduck), probably the developer that has further pushed models
animations with raylib, developing two amazing tools to visualize and test
animations: GenoView and BVHView. Adding GPU skinning was a tricky feature,
considering it had to be available for all raylib supported platforms,
including limited ones like Raspberry Pi with OpenGL ES 2.0, where some
advance OpenGL features are not available (UBO, SSBO, Transform Feedback)
but a multi-platform solution was found to make it possible. A new example,
models_gpu_skinning has been added to illustrate this new functionality. As
an extra, previous existing CPU animation system has been greatly improved,
multiplying performance by a factor (simplifiying required maths).
* NEW raymath C++ operators: After several requested for this feature, C++
math operators for Vector2, Vector3, Vector4, Quaternion and Matrix has
been added to raymath as an extension to current implementation. Despite
being only available for C++ because C does not support it, these operators
simplify C++ code when doing math operations.
* Normals support on batching system
* Clipboard images reading support
* CRC32/MD5/SHA1 hash computation
* Gamepad vibration support
* Improved font loading (no GPU required) with BDF fonts support
* Time-based camera movement
* Improved GLTF animations loading
-------------------------------------------------------------------
Sat Nov 18 13:25:40 UTC 2023 - Michael Vetter <mvetter@suse.com>

6
raylib.obsinfo
View File

@@ -1,4 +1,4 @@
name: raylib
version: 5.0
mtime: 1700044250
commit: ae50bfa2cc569c0f8d5bc4315d39db64005b1b08
version: 5.5
mtime: 1731932470
commit: c1ab645ca298a2801097931d1079b10ff7eb9df8

19
raylib.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package raylib
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,13 +17,14 @@
Name: raylib
Version: 5.0
Version: 5.5
Release: 0
Summary: C library for learning video game programming
License: Zlib
Group: Development/Libraries/C and C++
URL: https://www.raylib.com
Source: raylib-%{version}.tar.xz
Patch0: raylib-CVE-2025-15533-CVE-2025-15534.patch
BuildRequires: Mesa-libGL-devel
BuildRequires: cmake
BuildRequires: gcc-c++
@@ -43,21 +44,21 @@ raylib is inspired by the Borland BGI graphics library and by the XNA framework.
%package -n raylib-devel
Summary: Development files for %{name}
Group: Development/Libraries/C and C++
Requires: libraylib450 = %{version}
Requires: libraylib550 = %{version}
Requires: openal-soft-devel
%description -n raylib-devel
Development files and headers for %{name}.
%package -n libraylib450
%package -n libraylib550
Summary: C library for learning video game programming
Group: System/Libraries
%description -n libraylib450
%description -n libraylib550
A C library for learning video game programming.
%prep
%setup -q
%autosetup -p1
%build
%cmake \
@@ -71,10 +72,10 @@ A C library for learning video game programming.
%install
%cmake_install
%post -n libraylib450 -p /sbin/ldconfig
%postun -n libraylib450 -p /sbin/ldconfig
%post -n libraylib550 -p /sbin/ldconfig
%postun -n libraylib550 -p /sbin/ldconfig
%files -n libraylib450
%files -n libraylib550
%license LICENSE
%{_libdir}/libraylib.so.*