Re: update SDL2 to 2.0.8 and security update of sdl2-image to 2.0.3

Thomas Frohwein Sat, 10 Mar 2018 10:18:02 -0800
Ping... and double-ping for the sdl2-image security fix

On Thu, Mar 01, 2018 at 07:52:03PM -0800, Thomas Frohwein wrote:
> Hi,
> 
> Here the diff for updating both sdl2 and sdl2-image. Note that sdl2-image is a
> security update for some buffer overflows and crashes by maliciously-crafted
> data (see details below).
> 
> The diff below updates sdl2 to 2.0.8. This includes the optional mapping of 
> the
> Gamecontroller API via the SDL_GAMECONTROLLERCONFIG env var. To recap, there
> are 2 joystick/gamepad APIs in SDL2. The old joystick API was not an issue, 
> but
> the newer gamecontroller API did not work before the 2.0.7 update. The 2.0.7
> updated included a workaround that mapped the gamecontroller API based on the
> fallback part that was already there for Linux, but that was set at compile
> time only. This update includes a slightly expanded workaround that checks for
> the SDL_GAMECONTROLLERCONFIG env var and maps based on that if found.
> 
> Also bump minor. Runs stone-soup, neverball, megaglest, and FNA games as
> before on brief testing, including sound, graphics, and gamepad.
> 
> The sdl2-image update to 2.0.3 was released today and contains a series of
> security patches. Grab maintainer while at it.
> NOTE: the sdl2-image update needs sdl2 version 2.0.8.
> Also tested with above ports without issues.
> 
> The official release notes:
> 
> Thanks to all the people who contributed code and feedback, SDL 2.0.8 is now 
> available!
> http://www.libsdl.org/download-2.0.php
> In addition to lots of bug fixes and build improvements, here are the major 
> changes in this release:
> General:
> Added SDL_fmod() and SDL_log10()
> Each of the SDL math functions now has the corresponding float version
> Added SDL_SetYUVConversionMode() and SDL_GetYUVConversionMode() to control 
> the formula used when converting to and from YUV colorspace. The options are 
> JPEG, BT.601, and BT.709
> Windows:
> Implemented WASAPI support on Windows UWP and removed the deprecated XAudio2 
> implementation
> Added resampling support on WASAPI on Windows 7 and above
> Windows UWP:
> Added SDL_WinRTGetDeviceFamily() to find out what type of device your 
> application is running on
> Mac OS X:
> Added support for the Vulkan SDK for Mac:
> https://www.lunarg.com/lunarg-releases-vulkan-sdk-1-0-69-0-for-mac/
> Added support for OpenGL ES using ANGLE when it's available
> Mac OS X / iOS / tvOS:
> Added a Metal 2D render implementation
> Added SDL_RenderGetMetalLayer() and SDL_RenderGetMetalCommandEncoder() to 
> insert your own drawing into SDL rendering when using the Metal implementation
> iOS:
> Added the hint SDL_HINT_IOS_HIDE_HOME_INDICATOR to control whether the home 
> indicator bar on iPhone X should be hidden. This defaults to dimming the 
> indicator for fullscreen applications and showing the indicator for windowed 
> applications.
> iOS / Android:
> Added the hint SDL_HINT_RETURN_KEY_HIDES_IME to control whether the return 
> key on the software keyboard should hide the keyboard or send a key event 
> (the default)
> Android:
> SDL now supports building with Android Studio and Gradle by default, and the 
> old Ant project is available in android-project-ant
> SDL now requires the API 19 SDK to build, but can still target devices down 
> to API 14 (Android 4.0.1)
> Added SDL_IsAndroidTV() to tell whether the application is running on Android 
> TV
> Android / tvOS:
> Added the hint SDL_HINT_TV_REMOTE_AS_JOYSTICK to control whether TV remotes 
> should be listed as joystick devices (the default) or send keyboard events.
> Linux:
> Added the hint SDL_HINT_VIDEO_X11_NET_WM_BYPASS_COMPOSITOR to control whether 
> the X server should skip the compositor for the SDL application. This 
> defaults to "1"
> Added the hint SDL_HINT_VIDEO_DOUBLE_BUFFER to control whether the Raspberry 
> Pi and KMSDRM video drivers should use double or triple buffering (the 
> default)
> 
> ----------------
> 
> SDL_image 2.0.3 is now available:
> http://www.libsdl.org/projects/SDL_image/
> 
> This is a security update release, fixing the following security reports:
> TALOS-2017-0488
> TALOS-2017-0489
> TALOS-2017-0490
> TALOS-2017-0491
> TALOS-2017-0497
> TALOS-2017-0498
> TALOS-2017-0499
> 
> You'll need to get SDL 2.0.8 for this release of SDL_image.
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/devel/sdl2/Makefile,v
> retrieving revision 1.20
> diff -u -p -r1.20 Makefile
> --- Makefile  12 Jan 2018 19:32:54 -0000      1.20
> +++ Makefile  2 Mar 2018 03:50:32 -0000
> @@ -4,14 +4,13 @@ COMMENT=    cross-platform multimedia libra
>  BROKEN-hppa= src/atomic/SDL_spinlock.c:101:2: error: \
>               #error Please implement for your platform.
>  
> -V=           2.0.7
> +V=           2.0.8
>  DISTNAME=    SDL2-${V}
>  PKGNAME=     sdl2-${V}
>  CATEGORIES=  devel
>  MASTER_SITES=        https://www.libsdl.org/release/
> -REVISION=    0
>  
> -SHARED_LIBS= SDL2            0.4     # 0.7
> +SHARED_LIBS= SDL2            0.5     # 0.8
>  
>  HOMEPAGE=    https://www.libsdl.org/
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/devel/sdl2/distinfo,v
> retrieving revision 1.6
> diff -u -p -r1.6 distinfo
> --- distinfo  7 Jan 2018 22:56:46 -0000       1.6
> +++ distinfo  2 Mar 2018 03:50:32 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (SDL2-2.0.7.tar.gz) = 7jXHTEMT4u2hBLFLG4b324SgTuq5Qw1W4AHOomi/TV4=
> -SIZE (SDL2-2.0.7.tar.gz) = 4432499
> +SHA256 (SDL2-2.0.8.tar.gz) = 7cd8VzCGYdV26EM0TYY44CWngYv/c/j7+rCcPF/Qkuw=
> +SIZE (SDL2-2.0.8.tar.gz) = 4909017
> Index: patches/patch-src_joystick_SDL_gamecontroller_c
> ===================================================================
> RCS file: 
> /cvs/ports/devel/sdl2/patches/patch-src_joystick_SDL_gamecontroller_c,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_joystick_SDL_gamecontroller_c
> --- patches/patch-src_joystick_SDL_gamecontroller_c   7 Jan 2018 22:56:46 
> -0000       1.1
> +++ patches/patch-src_joystick_SDL_gamecontroller_c   2 Mar 2018 03:50:32 
> -0000
> @@ -6,10 +6,12 @@ everything will be Xbox360 controller (w
>  - note: the actual Xbox360 controller has buttons and axes messed up on
>           openbsd with these mappings
>  
> +EXPERIMENTAL: map to SDL_GAMECONTROLLERCONFIG envvar if available
> +
>  Index: src/joystick/SDL_gamecontroller.c
>  --- src/joystick/SDL_gamecontroller.c.orig
>  +++ src/joystick/SDL_gamecontroller.c
> -@@ -884,15 +884,15 @@ static ControllerMapping_t *SDL_PrivateGetControllerMa
> +@@ -884,15 +884,21 @@ static ControllerMapping_t *SDL_PrivateGetControllerMa
>   #else
>       (void) s_pEmscriptenMapping;  /* pacify ARMCC */
>   #endif
> @@ -20,10 +22,17 @@ Index: src/joystick/SDL_gamecontroller.c
>  +        //if (SDL_strstr(name, "Xbox 360 Wireless Receiver")) {
>               /* The Linux driver xpad.c maps the wireless dpad to buttons */
>               SDL_bool existing;
> -             mapping = SDL_PrivateAddMappingForGUID(guid,
> +-            mapping = SDL_PrivateAddMappingForGUID(guid,
> ++        char guid_str[1024];
> ++            SDL_JoystickGetGUIDString(guid, guid_str, sizeof(guid_str));
> ++        if (SDL_GetHint(SDL_HINT_GAMECONTROLLERCONFIG) == NULL) {
> ++                mapping = SDL_PrivateAddMappingForGUID(guid,
>   "none,X360 Wireless 
> Controller,a:b0,b:b1,back:b6,dpdown:b14,dpleft:b11,dpright:b12,dpup:b13,guide:b8,leftshoulder:b4,leftstick:b9,lefttrigger:a2,leftx:a0,lefty:a1,rightshoulder:b5,rightstick:b10,righttrigger:a5,rightx:a3,righty:a4,start:b7,x:b2,y:b3,",
>                             &existing, 
> SDL_CONTROLLER_MAPPING_PRIORITY_DEFAULT);
>  -        }
> ++        } else {
> ++                mapping = SDL_PrivateAddMappingForGUID(guid, 
> SDL_GetHint(SDL_HINT_GAMECONTROLLERCONFIG), &existing, 
> SDL_CONTROLLER_MAPPING_PRIORITY_DEFAULT);
> ++        }
>  +        //}
>       }
>   #endif /* __LINUX__ */
> Index: patches/patch-src_video_SDL_egl_c
> ===================================================================
> RCS file: /cvs/ports/devel/sdl2/patches/patch-src_video_SDL_egl_c,v
> retrieving revision 1.2
> diff -u -p -r1.2 patch-src_video_SDL_egl_c
> --- patches/patch-src_video_SDL_egl_c 7 Jan 2018 22:56:46 -0000       1.2
> +++ patches/patch-src_video_SDL_egl_c 2 Mar 2018 03:50:32 -0000
> @@ -1,18 +1,21 @@
> -$OpenBSD: patch-src_video_SDL_egl_c,v 1.2 2018/01/07 22:56:46 awolk Exp $
> +$OpenBSD$
> +
> +account for OpenBSD lib name convention
> +
>  Index: src/video/SDL_egl.c
>  --- src/video/SDL_egl.c.orig
>  +++ src/video/SDL_egl.c
> -@@ -64,7 +64,12 @@
> - #define DEFAULT_OGL_ES2 "libGLESv2.dll"
> - #define DEFAULT_OGL_ES_PVR "libGLES_CM.dll"
> - #define DEFAULT_OGL_ES "libGLESv1_CM.dll"
> --
> -+#elif defined(__OpenBSD__)
> -+#define DEFAULT_OGL "libGL.so"
> -+#define DEFAULT_EGL "libEGL.so"
> -+#define DEFAULT_OGL_ES2 "libGLESv2.so"
> -+#define DEFAULT_OGL_ES_PVR "libGLES_CM.so"
> -+#define DEFAULT_OGL_ES "libGLESv1_CM.so"
> +@@ -72,6 +72,13 @@
> + #define DEFAULT_OGL_ES_PVR "libGLES_CM.dylib"   //???
> + #define DEFAULT_OGL_ES "libGLESv1_CM.dylib"     //???
> + 
> +++#elif defined(__OpenBSD__)
> +++#define DEFAULT_OGL "libGL.so"
> +++#define DEFAULT_EGL "libEGL.so"
> +++#define DEFAULT_OGL_ES2 "libGLESv2.so"
> +++#define DEFAULT_OGL_ES_PVR "libGLES_CM.so"
> +++#define DEFAULT_OGL_ES "libGLESv1_CM.so"
> ++
>   #else
>   /* Desktop Linux */
>   #define DEFAULT_OGL "libGL.so.1"
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/devel/sdl2-image/Makefile,v
> retrieving revision 1.8
> diff -u -p -r1.8 Makefile
> --- Makefile  12 Jan 2018 19:32:54 -0000      1.8
> +++ Makefile  2 Mar 2018 03:50:19 -0000
> @@ -1,22 +1,23 @@
>  # $OpenBSD: Makefile,v 1.8 2018/01/12 19:32:54 bentley Exp $
>  
> -V =          2.0.1
> +V =          2.0.3
>  COMMENT =    SDL2 image library
>  DISTNAME =   SDL2_image-${V}
>  PKGNAME =    sdl2-image-${V}
>  CATEGORIES = devel graphics
> -REVISION =   0
>  
> -SHARED_LIBS +=       SDL2_image              0.0 # 0.0
> +SHARED_LIBS +=       SDL2_image              0.1 # 0.3
>  
>  HOMEPAGE =   https://www.libsdl.org/projects/SDL_image/
>  
> +MAINTAINER = Thomas Frohwein <frohw...@ymail.com>
> +
>  # zlib
>  PERMIT_PACKAGE_CDROM =       Yes
>  
>  MASTER_SITES =       https://www.libsdl.org/projects/SDL_image/release/
>  
> -WANTLIB += SDL2 jpeg m png pthread sndio tiff usbhid webp z
> +WANTLIB += SDL2 jpeg m png pthread sndio tiff usbhid webp z samplerate
>  
>  LIB_DEPENDS =        devel/sdl2 \
>               graphics/jpeg \
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/devel/sdl2-image/distinfo,v
> retrieving revision 1.2
> diff -u -p -r1.2 distinfo
> --- distinfo  10 Jan 2016 08:10:16 -0000      1.2
> +++ distinfo  2 Mar 2018 03:50:19 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (SDL2_image-2.0.1.tar.gz) = 
> Oj6vvO6lElwEvlhTc7/Ys6GPJZvX6uPvxObY5g4Nf2Q=
> -SIZE (SDL2_image-2.0.1.tar.gz) = 7797848
> +SHA256 (SDL2_image-2.0.3.tar.gz) = 
> NRDCXac1/82M47ZQcxUP9Pf5STuGboW4NzgIO1VtI2g=
> +SIZE (SDL2_image-2.0.3.tar.gz) = 8685512
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/devel/sdl2-image/pkg/PLIST,v
> retrieving revision 1.2
> diff -u -p -r1.2 PLIST
> --- pkg/PLIST 22 May 2015 11:31:14 -0000      1.2
> +++ pkg/PLIST 2 Mar 2018 03:50:19 -0000
> @@ -1,5 +1,4 @@
>  @comment $OpenBSD: PLIST,v 1.2 2015/05/22 11:31:14 ajacoutot Exp $
> -include/SDL2/
>  include/SDL2/SDL_image.h
>  lib/libSDL2_image.a
>  lib/libSDL2_image.la
>
Re: update SDL2 to 2.0.8 and security update of sdl2-image to 2.0.3

Reply via email to
