debian/0000755000000000000000000000000013542703712007172 5ustar debian/libsdl2-2.0-0-udeb.install0000644000000000000000000000003413542703044013457 0ustar usr/lib/*/libSDL2-2.0.so.0* debian/libsdl2-dev.manpages0000644000000000000000000000002513542703044013011 0ustar debian/sdl2-config.1 debian/libsdl2-dev.examples0000644000000000000000000000002713542703044013036 0ustar debian/examples.tar.gz debian/libsdl2-dev.install0000644000000000000000000000026613542703044012673 0ustar usr/bin/sdl2-config usr/include/SDL2 usr/lib/*/libSDL2*.so usr/lib/*/libSDL2.a usr/lib/*/libSDL2main.a usr/lib/*/libSDL2_test.a usr/lib/*/pkgconfig/sdl2.pc usr/share/aclocal/sdl2.m4 debian/upstream-signing-key.pgp0000644000000000000000000000160113542703044013760 0ustar :V9l٢nbR)w5,X)Ǽ$l#(^lp%@8w䗰sz}lɐB4Qh'nSm|B:,K!2م-?o˔w_&z?mn "ts+CB>IʎEsWˉr"Đr dB=ʔjNP Nޑ ;Gvj5Hv&PŦ9{O4u˄Y/񗮞?|HH~xGg' ]X*Ѝ%%Ԁ{rh@n37,9MTf9s̃"iw$ S p#WmR@(5Sz mR[* 6tE4.}=2zp9>1]~6!Sam Lantinga W:V9   0wv;Q }&1Y jX2L8 :V9@yD#Ek'_^g_ nO8AWQ%_'rvtt~mPR4v.tQUH#K9=1ɅQ7>34#QSu$R X-aw)^& ͥ3z9ذ 61ؖB^ ~HH& g'DҺ6 f&(%^O{HU\;Ѕ/8s Source: http://www.libsdl.org/ Files: * Copyright: 1997-2012 Sam Lantinga License: zlib/libpng Files: src/libm/* Copyright: 1993 by Sun Microsystems, Inc. All rights reserved. License: SunPro Files: src/main/windows/SDL_windows_main.c Copyright: 1998 Sam Lantinga License: PublicDomain_Sam_Lantinga Comment: SDL_main.c, placed in the public domain by Sam Lantinga 4/13/98 Files: src/render/mmx.h Copyright: 1997-99 by H. Dietz and R. Fisher License: zlib/libpng Comment: Copyright but no mention to license. . Included since long ago with SDL (and its Debian package) under directory src/video/mmx.h Files: src/render/SDL_yuv_sw.c Copyright: 1995 Erik Corry 1995 The Regents of the University of California 1995 Brown University License: BrownUn_UnCalifornia_ErikCorry Files: src/stdlib/SDL_qsort.c Copyright: 1998 Gareth McCaughan License: Gareth_McCaughan Files: src/test/SDL_test_md5.c Copyright: 1997-2012 Sam Lantinga 1990 RSA Data Security, Inc. License: zlib/libpng and RSA_Data_Security Files: src/thread/windows/win_ce_semaphore.c Copyright: 1998, Johnson M. Hart (with corrections 2001 by Rainer Loritz) License: Johnson_M._Hart Files: src/video/bwindow/SDL_bkeyboard.cc src/video/bwindow/SDL_bkeyboard.h Copyright: 1997-2012 Sam Lantinga License: LGPL-2.1+ Files: src/video/x11/imKStoUCS.c src/video/x11/imKStoUCS.h Copyright: 1994-2003 The XFree86 Project, Inc. License: MIT/X11 Files: test/test-automation/* Copyright: 2011 Markus Kauppila License: zlib/libpng Files: test/automated/* test/test-automation/src/libSDLtest/common/* Copyright: Edgar Simo "bobbens" License: PublicDomain_Edgar_Simo Files: test/automated/common/im* Copyright: none License: zlib/libpng Comment: Auto-generated code from images, no specific information about the original image Files: test/testhaptic.c Copyright: 1997-2011 Sam Lantinga 2008 Edgar Simo Serra License: BSD_3_clause Files: test/testrumble.c Copyright: 1997-2011 Sam Lantinga 2011 Edgar Simo Serra License: BSD_3_clause Files: test/test-automation/src/libSDLtest/fuzzer/utl_md5.* Copyright: 1990-1991 RSA Data Security, Inc. License: RSA_Data_Security Files: test/shapes/* Copyright: none License: zlib/libpng Comment: No specific information about the images Files: debian/* Copyright: 2011-2013, Manuel A. Fernandez Montecelo 2011-2013, Felix Geyer 2011, Roman Vasiyarov 2010, Jon Dowland 2009, Barry deFreese 2007-2008, Aurelien Jarno 2007-2008, Sam Hocevar (Debian packages) 2002-2007, Josselin Mouette 2001, Christian T. Steigies 2001, Branden Robinson License: LGPL-2.1+ License: zlib/libpng This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. . Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: . 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. License: LGPL-2.1+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. . On Debian systems, the complete text of version 2.1 of the GNU Lesser Public License can be found in '/usr/share/common-licenses/LGPL-2.1'. License: MIT/X11 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is fur- nished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT- NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON- NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. . Except as contained in this notice, the name of the XFree86 Project shall not be used in advertising or otherwise to promote the sale, use or other deal- ings in this Software without prior written authorization from the XFree86 Project. License: BSD_3_clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the LibQxt project nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Comment: Copyright (C) 1997-2011 Sam Lantinga . This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. . Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely. . . Copyright (c) 2011, Edgar Simo Serra All rights reserved. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the Simple Directmedia Layer (SDL) nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: BrownUn_UnCalifornia_ErikCorry /* This code was derived from code carrying the following copyright notices: * Copyright (c) 1995 The Regents of the University of California. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose, without fee, and without written agreement is * hereby granted, provided that the above copyright notice and the following * two paragraphs appear in all copies of this software. * * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT * OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE UNIVERSITY OF * CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS * ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATION TO * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. * * Copyright (c) 1995 Erik Corry * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose, without fee, and without written agreement is * hereby granted, provided that the above copyright notice and the following * two paragraphs appear in all copies of this software. * * IN NO EVENT SHALL ERIK CORRY BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, * SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF * THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF ERIK CORRY HAS BEEN ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * * ERIK CORRY SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" * BASIS, AND ERIK CORRY HAS NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, * UPDATES, ENHANCEMENTS, OR MODIFICATIONS. * * Portions of this software Copyright (c) 1995 Brown University. * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose, without fee, and without written agreement * is hereby granted, provided that the above copyright notice and the * following two paragraphs appear in all copies of this software. * * IN NO EVENT SHALL BROWN UNIVERSITY BE LIABLE TO ANY PARTY FOR * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT * OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF BROWN * UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * BROWN UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" * BASIS, AND BROWN UNIVERSITY HAS NO OBLIGATION TO PROVIDE MAINTENANCE, * SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. */ License: Gareth_McCaughan You may use it in anything you like; you may make money out of it; you may distribute it in object form or as part of an executable without including source code; you don't have to credit me. (But it would be nice if you did.) License: Johnson_M._Hart Permission is granted for any and all use providing that this copyright is properly acknowledged. There are no assurances of suitability for any use whatsoever. License: SunPro Developed at SunPro, a Sun Microsystems, Inc. business. Permission to use, copy, modify, and distribute this software is freely granted, provided that this notice is preserved. License: PublicDomain_Sam_Lantinga Placed in the public domain by Sam Lantinga 4/13/98 License: PublicDomain_Edgar_Simo Written by Edgar Simo "bobbens" . Released under Public Domain. License: RSA_Data_Security *********************************************************************** ** utl_md5.c -- the source code for MD5 routines ** ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** ** Created: 2/17/90 RLR ** ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. ** *********************************************************************** *********************************************************************** ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** ** ** ** License to copy and use this software is granted provided that ** ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** ** Digest Algorithm" in all material mentioning or referencing this ** ** software or this function. ** ** ** ** License is also granted to make and use derivative works ** ** provided that such works are identified as "derived from the RSA ** ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** ** material mentioning or referencing the derived work. ** ** ** ** RSA Data Security, Inc. makes no representations concerning ** ** either the merchantability of this software or the suitability ** ** of this software for any particular purpose. It is provided "as ** ** is" without express or implied warranty of any kind. ** ** ** ** These notices must be retained in any copies of any part of this ** ** documentation and/or software. ** *********************************************************************** debian/compat0000644000000000000000000000000213542703044010366 0ustar 9 debian/watch0000644000000000000000000000021713542703044010221 0ustar version=3 opts=dversionmangle=s/.dfsg\d+$//,pgpsigurlmangle=s/$/.sig/ \ http://www.libsdl.org/release/SDL2-([\d.]+)\.tar\.(?:gz|bz2|xz|lzma) debian/patches/0000755000000000000000000000000013542703352010621 5ustar debian/patches/fix_joystick_misc_axes.diff0000644000000000000000000000111413542703044016206 0ustar Description: Left/Right Joystick Axis doesn't work with some controllers Author: Sam Hocevar Last-Update: 2013-10-19 Bug-Debian: http://bugs.debian.org/673324 Forwarded: https://bugzilla.libsdl.org/show_bug.cgi?id=2165 --- a/src/joystick/linux/SDL_sysjoystick.c +++ b/src/joystick/linux/SDL_sysjoystick.c @@ -500,7 +500,7 @@ ++joystick->nbuttons; } } - for (i = 0; i < ABS_MISC; ++i) { + for (i = 0; i < ABS_MAX; ++i) { /* Skip hats */ if (i == ABS_HAT0X) { i = ABS_HAT3Y; debian/patches/CVE-2017-2888.diff0000644000000000000000000000162413542703332013067 0ustar Description: Fixed potential overflow in surface allocation (thanks Yves!) Author: Sam Lantinga Origin: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878264 Last-Update: 2019-09-10 --- a/src/video/SDL_surface.c +++ b/src/video/SDL_surface.c @@ -88,7 +88,15 @@ SDL_CreateRGBSurface(Uint32 flags, /* Get the pixels */ if (surface->w && surface->h) { - surface->pixels = SDL_malloc(surface->h * surface->pitch); + int size = (surface->h * surface->pitch); + if (size < 0 || (size / surface->pitch) != surface->h) { + /* Overflow... */ + SDL_FreeSurface(surface); + SDL_OutOfMemory(); + return NULL; + } + + surface->pixels = SDL_malloc(size); if (!surface->pixels) { SDL_FreeSurface(surface); SDL_OutOfMemory(); debian/patches/mir_forward_declaration_syswm.diff0000644000000000000000000000157013542703044017576 0ustar Description: Forward Declare MirConnection/MirSurface so we don't have to expose mir headers. Author: Brandon Schaefer Last-Update: 2014-4-17 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libsdl2/+bug/1306629 --- a/include/SDL_syswm.h +++ b/include/SDL_syswm.h @@ -93,11 +93,6 @@ #endif #endif -#if defined(SDL_VIDEO_DRIVER_MIR) -#include -#endif - - /** * These are the various supported windowing subsystems */ @@ -213,8 +208,8 @@ #if defined(SDL_VIDEO_DRIVER_MIR) struct { - MirConnection *connection; /**< Mir display server connection */ - MirSurface *surface; /**< Mir surface */ + struct MirConnection *connection; /**< Mir display server connection */ + struct MirSurface *surface; /**< Mir surface */ } mir; #endif debian/patches/CVE-2019-7635.diff0000644000000000000000000000524513542703245013072 0ustar Description: Fixed CVE-2019-7635 and bug 4498 Heap-Buffer Overflow in Blit1to4 pertaining to SDL_blit_1.c Petr Pisar The root cause is that the POC BMP file declares 3 colors used and 4 bpp palette, but pixel at line 28 and column 1 (counted from 0) has color number 3. Then when the image loaded into a surface is passed to SDL_DisplayFormat(), in order to convert it to a video format, a used bliting function looks up a color number 3 in a 3-element long color bliting map. (The map obviously has the same number entries as the surface format has colors.) Proper fix should refuse broken BMP images that have a pixel with a color index higher than declared number of "used" colors. Possibly more advanced fix could try to relocate the out-of-range color index into a vacant index (if such exists). Author: Sam Lantinga Origin: https://hg.libsdl.org/SDL/rev/7c643f1c1887 Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4498 Last-Update: 2019-09-10 --- a/src/video/SDL_bmp.c +++ b/src/video/SDL_bmp.c @@ -187,6 +187,14 @@ SDL_LoadBMP_RW(SDL_RWops * src, int free ExpandBMP = biBitCount; biBitCount = 8; break; + case 2: + case 3: + case 5: + case 6: + case 7: + SDL_SetError("%d-bpp BMP images are not supported", biBitCount); + was_error = SDL_TRUE; + goto done; default: ExpandBMP = 0; break; @@ -348,19 +356,32 @@ SDL_LoadBMP_RW(SDL_RWops * src, int free goto done; } } - *(bits + i) = (pixel >> shift); + bits[i] = (pixel >> shift); + if (bits[i] >= biClrUsed) { + SDL_SetError("A BMP image contains a pixel with a color out of the palette"); + was_error = SDL_TRUE; + goto done; + } pixel <<= ExpandBMP; } } break; default: - if (SDL_RWread(src, bits, 1, surface->pitch) - != surface->pitch) { + if (SDL_RWread(src, bits, 1, surface->pitch) != surface->pitch) { SDL_Error(SDL_EFREAD); was_error = SDL_TRUE; goto done; } + if (biBitCount == 8 && palette && biClrUsed < (1 << biBitCount)) { + for (i = 0; i < surface->w; ++i) { + if (bits[i] >= biClrUsed) { + SDL_SetError("A BMP image contains a pixel with a color out of the palette"); + was_error = SDL_TRUE; + goto done; + } + } + } #if SDL_BYTEORDER == SDL_BIG_ENDIAN /* Byte-swap the pixels if needed. Note that the 24bpp case has already been taken care of above. */ debian/patches/CVE-2017-2888_CVE-2019-7637.diff0000644000000000000000000000430313542703352014560 0ustar Description: Fixed bug 3890 - Incomplete fix for CVE-2017-2888 Felix Geyer http://hg.libsdl.org/SDL/rev/7e0f1498ddb5 tries to fix CVE-2017-2888. Unfortunately compilers may optimize the second condition "(size / surface->pitch) != surface->h" away. See https://bugzilla.redhat.com/show_bug.cgi?id=1500623#c2 I've verified that this is also the case on Debian unstable (gcc 7.2). [Ubuntu note: Added SDL_MAX_SINT32 defs for compatibility with patch -- Avital] Author: Sam Lantinga Origin: backport, https://hg.libsdl.org/SDL/rev/81a4950907a0 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878264 Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4497 Last-Update: 2019-09-10 --- a/src/video/SDL_surface.c +++ b/src/video/SDL_surface.c @@ -27,6 +27,10 @@ #include "SDL_pixels_c.h" +/* Check to make sure we can safely check multiplication of surface w and pitch and it won't overflow size_t */ +SDL_COMPILE_TIME_ASSERT(surface_size_assumptions, + sizeof(int) == sizeof(Sint32) && sizeof(size_t) >= sizeof(Sint32)); + /* Public routines */ /* * Create an empty RGB surface of the appropriate depth @@ -88,15 +92,16 @@ SDL_CreateRGBSurface(Uint32 flags, /* Get the pixels */ if (surface->w && surface->h) { - int size = (surface->h * surface->pitch); - if (size < 0 || (size / surface->pitch) != surface->h) { + /* Assumptions checked in surface_size_assumptions assert above */ + Sint64 size = ((Sint64)surface->h * surface->pitch); + if (size < 0 || size > SDL_MAX_SINT32) { /* Overflow... */ SDL_FreeSurface(surface); SDL_OutOfMemory(); return NULL; } - surface->pixels = SDL_malloc(size); + surface->pixels = SDL_malloc((size_t)size); if (!surface->pixels) { SDL_FreeSurface(surface); SDL_OutOfMemory(); --- a/include/SDL_stdinc.h +++ b/include/SDL_stdinc.h @@ -142,6 +142,8 @@ typedef int32_t Sint32; /** * \brief An unsigned 32-bit integer type. */ +#define SDL_MAX_SINT32 ((Sint32)0x7FFFFFFF) /* 2147483647 */ +#define SDL_MIN_SINT32 ((Sint32)(~0x7FFFFFFF)) /* -2147483648 */ typedef uint32_t Uint32; /** debian/patches/series0000644000000000000000000000031113542703352012031 0ustar SDL2_dont_propagate_lpthread.diff fix_joystick_misc_axes.diff mir_forward_declaration_syswm.diff CVE-2019-7635.diff CVE-2019-7636_CVE-2019-7638.diff CVE-2017-2888.diff CVE-2017-2888_CVE-2019-7637.diff debian/patches/SDL2_dont_propagate_lpthread.diff0000644000000000000000000000306013542703044017125 0ustar Description: Do not propagate -lpthread to sdl-config --libs (adapted for SDL2) Introduced in 1.2.11-1 (Thu, 20 Jul 2006 14:17:18 +0200). . Upstream will not apply it at the moment: Sam Lantinga 2012-01-22 10:54:21 PST . At some point it was required that multi-threaded programs using pthreads on Linux link directly to the pthread library. I don't remember all the details, but it had something to do with initializing C runtime variables correctly. . I'm sure it's not an issue anymore, but I'd rather not apply this patch in 1.2. I'll go ahead and make this change in 1.3 though. Author: Sam Hocevar Last-Update: 2013-10-19 Bug-Debian: http://bugs.debian.org/375822 Forwarded: http://bugzilla.libsdl.org/show_bug.cgi?id=1392 --- sdl2-config.in | 2 +- sdl2.pc.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/sdl2.pc.in +++ b/sdl2.pc.in @@ -10,6 +10,6 @@ Version: @SDL_VERSION@ Requires: Conflicts: -Libs: -L${libdir} @SDL_RLD_FLAGS@ @SDL_LIBS@ +Libs: -L${libdir} @SDL_RLD_FLAGS@ -lSDL2 Libs.private: @SDL_STATIC_LIBS@ Cflags: -I${includedir}/SDL2 @SDL_CFLAGS@ --- a/sdl2-config.in +++ b/sdl2-config.in @@ -45,7 +45,7 @@ echo -I@includedir@/SDL2 @SDL_CFLAGS@ ;; @ENABLE_SHARED_TRUE@ --libs) -@ENABLE_SHARED_TRUE@ echo -L@libdir@ @SDL_RLD_FLAGS@ @SDL_LIBS@ +@ENABLE_SHARED_TRUE@ echo -L@libdir@ @SDL_RLD_FLAGS@ -lSDL2 @ENABLE_SHARED_TRUE@ ;; @ENABLE_STATIC_TRUE@@ENABLE_SHARED_TRUE@ --static-libs) @ENABLE_STATIC_TRUE@@ENABLE_SHARED_FALSE@ --libs|--static-libs) debian/patches/CVE-2019-7636_CVE-2019-7638.diff0000644000000000000000000000223313542703302014552 0ustar Description: Fixed bug 4500 Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c Petr Pisar The reproducer has these data in BITMAPINFOHEADER: biSize = 40 biBitCount = 8 biClrUsed = 131075 SDL_LoadBMP_RW() function passes biBitCount as a color depth to SDL_CreateRGBSurface(), thus 256-color pallete is allocated. But then biClrUsed colors are read from a file and stored into the palette. SDL_LoadBMP_RW should report an error if biClrUsed is greater than 2^biBitCount. Author: Sam Lantinga Origin: https://hg.libsdl.org/SDL/rev/7c643f1c1887 Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4499 Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4500 Last-Update: 2019-09-10 --- a/src/video/SDL_bmp.c +++ b/src/video/SDL_bmp.c @@ -278,6 +278,10 @@ SDL_LoadBMP_RW(SDL_RWops * src, int free if (palette) { if (biClrUsed == 0) { biClrUsed = 1 << biBitCount; + } else if (biClrUsed > (1 << biBitCount)) { + SDL_SetError("BMP file has an invalid number of colors"); + was_error = SDL_TRUE; + goto done; } if ((int) biClrUsed > palette->ncolors) { palette->ncolors = biClrUsed; debian/source/0000755000000000000000000000000013542703044010470 5ustar debian/source/include-binaries0000644000000000000000000000004013542703044013622 0ustar debian/upstream-signing-key.pgp debian/source/format0000644000000000000000000000001413542703044011676 0ustar 3.0 (quilt) debian/changelog0000644000000000000000000001776213542703525011063 0ustar libsdl2 (2.0.2+dfsg1-3ubuntu1.3) trusty-security; urgency=medium * SECURITY UPDATE: heap-based buffer over-read in Fill_IMA_ADPCM_block - debian/patches/CVE-2017-2888.diff: check var size before mallocing pixels - debian/patches/CVE-2017-2888_CVE-2019-7637.diff: assert size of int before mallocing - CVE-2017-2888 - CVE-2019-7637 * SECURITY UPDATE: heap-based buffer over-read in Blit1to4 - debian/patches/CVE-2019-7635.diff: add error checking to SDL_LoadBMP_RW - CVE-2019-7635 * SECURITY UPDATE: heap-based buffer over-read in Map1toN and SDL_GetRGB - debian/patches/CVE-2019-7636_CVE-2019-7638.patch: add error checking to SDL_LoadBMP_RW - CVE-2019-7636 - CVE-2019-7638 -- Avital Ostromich Wed, 25 Sep 2019 11:26:34 -0400 libsdl2 (2.0.2+dfsg1-3ubuntu1.2) trusty; urgency=medium * Explicitly depend on virtual package libwayland-egl1 to avoid multiarch issues with new graphics stacks (LP: #1536081). -- Vlad Orlov Tue, 19 Apr 2016 14:43:45 +0300 libsdl2 (2.0.2+dfsg1-3ubuntu1.1) trusty-proposed; urgency=medium * New patch: mir_forward_declaration_syswm.diff - Forward declare structs so you don't need mir headers (LP: #1306629) -- Brandon Schaefer Thu, 01 May 2014 13:03:23 -0400 libsdl2 (2.0.2+dfsg1-3ubuntu1) trusty; urgency=medium * Enable Mir video support (LP: #1295389). -- Brandon Schaefer Thu, 10 Apr 2014 01:15:21 +0100 libsdl2 (2.0.2+dfsg1-3) unstable; urgency=medium * Actually change Build-Depends libegl1-mesa-dev to be conditionally [!hurd-any]. It was applied to libgl1-mesa-dev by mistake in -2. -- Manuel A. Fernandez Montecelo Wed, 19 Mar 2014 20:22:29 +0000 libsdl2 (2.0.2+dfsg1-2) unstable; urgency=medium * Conditional dependencies libegl1-mesa-dev [!hurd-any], libgles2-mesa-dev [!hurd-any] and libwayland-dev [linux-any], they do not seem to support these kernels at the moment -- Manuel A. Fernandez Montecelo Tue, 18 Mar 2014 20:17:10 +0000 libsdl2 (2.0.2+dfsg1-1) unstable; urgency=low * New upstream release - Remove patch applied upstream: fix_ftbfs_kfreebsd.diff - Add support for Wayland, including build-depends for libegl1-mesa-dev, libxkbcommon-dev and libwayland-dev. Thanks Franz Schrober for the request and the help to enable it. (Closes: #714482) - Add support for OpenGLES, including build-depends for libgles2-mesa-dev -- Manuel A. Fernandez Montecelo Sat, 15 Mar 2014 00:22:48 +0000 libsdl2 (2.0.1+dfsg1-3) unstable; urgency=medium * Use "dh_autoreconf" to support new architectures -- Manuel A. Fernandez Montecelo Sun, 09 Mar 2014 01:58:11 +0000 libsdl2 (2.0.1+dfsg1-2) unstable; urgency=medium * Fix FTBFS on kFreeBSD. - Add fix_ftbfs_kfreebsd.diff to extend a __FreeBSD__ check to __FreeBSD_kernel__. -- Felix Geyer Sun, 05 Jan 2014 13:42:59 +0100 libsdl2 (2.0.1+dfsg1-1) unstable; urgency=medium * New upstream release (Closes: #728974) - Remove patch applied upstream: bug-723797-false_positives_in_mouse_wheel_code.patch * Bump Standards-Version to 3.9.5, no changes needed. [ Felix Geyer ] * Import upstream gpg key for uscan to verify the orig tarball. -- Manuel A. Fernandez Montecelo Sat, 28 Dec 2013 12:31:19 +0000 libsdl2 (2.0.0+dfsg1-3) unstable; urgency=low * Build-Depends on pkg-config * Apply patch accepted upstream to work around a false-positive in the X11 mouse wheel code (Closes: #723797). Thanks Darren Salt for the report and the fix. * Review and removal of old patches not applied in SDL2, virtually of them applied upstream, or rejected as invalid for good reason, or don't apply any more (code/functionality removed upstream). I forwarded and documented the remaining patches. - 001_autogen_autotools_fix.diff - 020_libcaca_new_api.diff - 030_pulseaudio_enable.diff - 040_propagate_pic_to_nasm.diff - 050_altivec_detection.diff - 060_disable_ipod.diff - 205_lock_keys.diff - 205_x11_keysym_fix.diff - 206_gcc4_compilation_fix.diff - 209_alsa_priority.diff - 214_missing_mmx_blit.diff - 215_kfreebsd_gnu.diff - 216_page_size.diff - 217_x11_keytounicode.diff - 218_double_free.diff - 218_joystick_memmove.diff - 219_pulseaudio_crackles.diff - 220_std_cld.diff - 221_check_SDL_NOKBD_environment_variable.diff - 222_joystick_crash.diff - 310_fixmouseclicks - 310_segfault_noGLX.diff - 320_activate_xrandr_on_default.diff - 320_disappearingcursor.diff -- Manuel A. Fernandez Montecelo Sun, 20 Oct 2013 00:58:48 +0100 libsdl2 (2.0.0+dfsg1-2) unstable; urgency=low * Remove external_header_paths.diff, it's not needed anymore and pulls harmful flags into the pkg-config file. Thanks to Thibaut Girka for the report and analysis. (Closes: #720650) -- Felix Geyer Fri, 30 Aug 2013 20:20:47 +0200 libsdl2 (2.0.0+dfsg1-1) unstable; urgency=low * New upstream release * Filter upstream tarball from binaries and unneeded cruft - Remove from debian/copyright files that are now filtered out when creating the orig.tar * Add build-dependency on libdbus-1-dev, to use D-Bus * Switch to @debian.org address * Bring the man page of sdl-config up to date -- Manuel A. Fernandez Montecelo Mon, 12 Aug 2013 20:45:31 +0100 libsdl2 (2.0.0~rc1-1) unstable; urgency=low * New upstream release candidate. * Filter debian/* when importing new upstream releases. * Bump SHLIBVER to 2.0.0~rc1. * Update debian/docs. * Bump Standards-Version to 3.9.4, no changes needed. * Disable directfb backend for now as it's broken and upstream disables it by default. - Drop the udeb package. * Drop some unused dependencies and confflags. -- Felix Geyer Sun, 02 Jun 2013 18:31:42 +0200 libsdl2 (2.0.0~20130103-1) unstable; urgency=low [ Manuel A. Fernandez Montecelo ] * debian/control: - Updating maintainers/permissions: - Add myself and Felix Geyer - Update Build-Depends: - Remove a few obsolete items - Add items added lately to libsdl1.2, such as libts (touch screen) support - Add "libsdl2-dbg", analog to libsdl1.2-dbg - Change "XC-Package-Type: udeb" to "Package-Type" * debian/compat: set level 9 * debian/source/format: Set to "3.0 (quilt)" - Remove README.source, not needed with new format * debian/sdl2-config.1: Fix typo, "progams"->"programs" * debian/libsdl2-dev.install: - Remove "usr/lib/*/*.la", discouraged - Add man pages: "usr/share/man/man3/*" * debian/libsdl2-dev.manpages: add file to install local "sdl2-config.1" * debian/sources: Removed, possible obsolete file from long ago? * debian/copyright: - Upstream updated to zlib/libpng - Copyright-file format conversion to 1.0 - Complete revamp and detailed research about copyright and licenses used, it's very messy but hopefully complete [ Felix Geyer ] * Simplify debian/rules by using dh(1). -- Manuel A. Fernandez Montecelo Sun, 27 Jan 2013 16:40:49 +0100 libsdl2 (2.0~20120220c-1) experimental; urgency=low * Upstream version was renamed to 2.0 (Closes: #669367). * New upstream snapshot (Closes: #671506). * This package no longer conflicts with libsdl-1.2. * debian/rules: add multiarch support (Closes: #669364). * debian/patches/fix_joystick_misc_axes.diff: fix a joystick remapping bug causing some axes to malfunction. * debian/patches/external_header_paths.diff: provide additional CFLAGS so that headers such as SDL_syswm.h can be included (Closes: #669363). -- Sam Hocevar Thu, 17 May 2012 19:03:59 +0200 libsdl-1.3 (1.3.0~20111204-1) experimental; urgency=low * Initial upload from upstream snapshot. -- Sam Hocevar Sun, 04 Dec 2011 14:35:05 +0100 debian/control0000644000000000000000000000677013542703044010605 0ustar Source: libsdl2 Priority: optional Section: libs Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian SDL packages maintainers Uploaders: Barry deFreese , Sam Hocevar , Manuel A. Fernandez Montecelo , Felix Geyer Standards-Version: 3.9.5 Build-Depends: debhelper (>= 9), dh-autoreconf, libasound2-dev [linux-any], libdbus-1-dev, libegl1-mesa-dev [!hurd-any], libgl1-mesa-dev, libgles2-mesa-dev [!hurd-any], libglu1-mesa-dev, libmirclient-dev [i386 amd64 armhf], libpulse-dev, libts-dev [linux-any], libudev-dev [linux-any], libusb2-dev [kfreebsd-any], libusbhid-dev [kfreebsd-any], libwayland-dev [linux-any], libx11-dev, libxcursor-dev, libxext-dev, libxi-dev, libxinerama-dev, libxkbcommon-dev, libxrandr-dev, libxss-dev, libxt-dev, libxv-dev, libxxf86vm-dev, pkg-config Vcs-Git: git://anonscm.debian.org/pkg-sdl/packages/libsdl2.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-sdl/packages/libsdl2.git Homepage: http://www.libsdl.org/ Package: libsdl2-2.0-0 Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: libwayland-egl1, ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Conflicts: libsdl-1.3-0 Replaces: libsdl-1.3-0 Description: Simple DirectMedia Layer SDL is a library that allows programs portable low level access to a video framebuffer, audio output, mouse, and keyboard. . This version of SDL is compiled with X11, caca and DirectFB graphics drivers and OSS, ALSA, NAS and PulseAudio sound drivers. Package: libsdl2-dev Architecture: any Section: libdevel Depends: ${misc:Depends}, libsdl2-2.0-0 (= ${binary:Version}), libasound2-dev [linux-any], libdbus-1-dev, libegl1-mesa-dev [!hurd-any], libgl1-mesa-dev, libgles2-mesa-dev [!hurd-any], libglu1-mesa-dev, libmirclient-dev [i386 amd64 armhf], libpulse-dev, libts-dev [linux-any], libudev-dev [linux-any], libusb2-dev [kfreebsd-any], libusbhid-dev [kfreebsd-any], libwayland-dev [linux-any], libx11-dev, libxcursor-dev, libxext-dev, libxi-dev, libxinerama-dev, libxkbcommon-dev, libxrandr-dev, libxss-dev, libxt-dev, libxv-dev, libxxf86vm-dev Conflicts: libsdl-1.3-dev Replaces: libsdl-1.3-dev Description: Simple DirectMedia Layer development files SDL is a library that allows programs portable low level access to a video framebuffer, audio output, mouse, and keyboard. . This package contains the files needed to compile and link programs which use SDL. Package: libsdl2-dbg Architecture: any Multi-Arch: same Priority: extra Section: debug Depends: ${misc:Depends}, libsdl2-2.0-0 (= ${binary:Version}), Description: Simple DirectMedia Layer debug files SDL is a library that allows programs portable low level access to a video framebuffer, audio output, mouse, and keyboard. . This package contains the debug symbols for the SDL library. debian/docs0000644000000000000000000000005713542703044010045 0ustar BUGS.txt CREDITS.txt README.txt README-SDL.txt debian/rules0000755000000000000000000000676413542703044010265 0ustar #!/usr/bin/make -f SHLIBVER = 2.0.0 DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) DEB_HOST_ARCH_CPU ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU) DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) MIR_SUPPORTED_ARCH := i386 amd64 armhf confflags = --disable-rpath --enable-sdl-dlopen --disable-loadso \ --disable-nas --disable-esd --disable-arts \ --disable-alsa-shared --disable-pulseaudio-shared \ --disable-x11-shared --disable-video-directfb \ --enable-video-opengles \ --enable-video-wayland --disable-wayland-shared ifeq ($(DEB_HOST_ARCH_CPU),powerpc) confflags += --disable-altivec endif # disable Wayland on non-Linux, they do not support other kernels at the moment ifeq (hurd,$(findstring hurd,$(DEB_HOST_ARCH_CPU))) confflags += --disable-video-wayland endif ifeq (kfreefsd,$(findstring kfreebsd,$(DEB_HOST_ARCH_CPU))) confflags += --disable-video-wayland endif # disable OpenGLES on Hurd, it does not support it at the moment ifeq (hurd,$(findstring hurd,$(DEB_HOST_ARCH_CPU))) confflags += --disable--video-opengles endif ifneq (,$(filter $(MIR_SUPPORTED_ARCH),$(DEB_HOST_ARCH))) confflags += --enable-video-mir --enable-mir-shared endif %: dh $@ --with autoreconf --parallel override_dh_autoreconf: # aclocal needs to include in specific order, and/or it seems that # doesn't try to find .m4 files in /usr/share/aclocal at all. Updates # to both .m4 files and ltmain.sh (aclocal and libtoolize) are necessary # to support new architectures aarch64 (arm64) and powerpc64le, and this # seems the more straight way to achieve it. # # An alternative would be to just build-depend on libesd0-dev, # libasound2-dev and libltdl-dev to provide the files "esd.m4 alsa.m4 # ltdl.m4" in /usr/share/aclocal, and not use the local "acinclude" dir # at all, but this pull even more dependencies, and unneeded ones. # # Another equivalent alternative, but more verbose: # # ACLOCAL="cat acinclude/esd.m4 acinclude/alsa.m4 acinclude/ltdl.m4 \ # /usr/share/aclocal/libtool.m4 \ # /usr/share/aclocal/ltoptions.m4 \ # /usr/share/aclocal/ltversion.m4 \ # /usr/share/aclocal/ltsugar.m4 >> aclocal.m4; aclocal" # LIBTOOLIZE="libtoolize -f -i" dh_autoreconf --as-needed # autoreconf -- -I acinclude -f -i AUTOHEADER=true ACLOCAL="aclocal --force --install -I /usr/share/aclocal/ -I acinclude" LIBTOOLIZE="libtoolize -fi" dh_autoreconf --as-needed # To verify that it worked, grep should find these strings: # #rgrep -i aarch64 . #rgrep -r powerpc64le . override_dh_auto_configure: dh_auto_configure -- $(confflags) override_dh_auto_build: dh_auto_build tar czf debian/examples.tar.gz test override_dh_auto_clean: dh_auto_clean rm -f debian/examples.tar.gz override_dh_install: dh_install --fail-missing -XlibSDL2.la override_dh_link: # to address lintian warning # W: libsdl2-2.0-0: dev-pkg-without-shlib-symlink usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0.0.0 usr/lib/x86_64-linux-gnu/libSDL2-2.0.so dh_link -plibsdl2-dev usr/lib/$(DEB_HOST_MULTIARCH)/libSDL2-2.0.so.0.2.0 usr/lib/$(DEB_HOST_MULTIARCH)/libSDL2-2.0.so dh_link --remaining-packages override_dh_strip: dh_strip --dbg-package=libsdl2-dbg override_dh_makeshlibs: dh_makeshlibs -V"libsdl2-2.0-0 (>= $(SHLIBVER))" debian/libsdl2-2.0-0.install0000644000000000000000000000003413542703044012542 0ustar usr/lib/*/libSDL2-2.0.so.0* debian/gbp.conf0000644000000000000000000000026513542703044010612 0ustar [DEFAULT] pristine-tar = True sign-tags = True [git-import-orig] filter = [ 'Android.mk', 'android-project', 'debian', 'VisualC', 'Xcode', 'Xcode-iOS' ] filter-pristine-tar = True debian/sdl2-config.10000644000000000000000000000446113542703044011366 0ustar .TH sdl2-config 1 "2013-07-27" "SDL 2.0" .SH NAME sdl2-config \- script to get information about the installed version of SDL .SH SYNOPSIS .B sdl2-config [--prefix=[\fIDIR\fR]] [--exec-prefix=[\fIDIR\fR]] [--version] [--cflags] [--libs] [--static-libs] .SH DESCRIPTION .B sdl2-config is a tool that is used to configure and determine the compiler and linker flags that should be used to compile and link programs, libraries, and plugins that use SDL. It is also used internally by the m4 macros that are included with SDL. .SH OPTIONS .TP .B --cflags Print the compiler flags that are necessary to compile a program or library that uses SDL. .TP .BI --exec-prefix\fR[=\fIDIR\fR] If \fIDIR\fR is not specified, print the exec prefix of the current SDL installation. .IP If \fIDIR\fR is specified, use it instead of the installation exec prefix that SDL was built with when computing the output for the --cflags, --libs and --static-libs options. This option must be specified before any of the options --cflags, --libs and --static-libs. .TP .B --libs Print the linker flags that are necessary to link a program that uses SDL. .TP .B --static-libs Print the linker flags that are necessary to statically link a program that uses SDL. .TP .BI --prefix\fR[=\fIDIR\fR] If \fIDIR\fR is not specified, print the prefix of the current SDL installation. .IP If \fIDIR\fR is specified, use it instead of the installation prefix that SDL was built with when computing the output for the --cflags, --libs and --static-libs options. This option is also used for the exec prefix if --exec-prefix was not specified. This option must be specified before any of the options --cflags, --libs and --static-libs. .TP .B --version Prints the currently installed version of SDL on standard output. .SH EXAMPLES .TP gcc -o main.o $(sdl2-config --cflags) main.c is how you might use .B sdl2-config to compile a C source file for an executable program. .TP gcc -o my_app $(sdl2-config --libs) main.o util.o is how you might use .B sdl2-config to link compiled objects into an executable program. .SH AUTHOR The Simple DirectMedia Layer (SDL) library was written by Sam Lantinga. .PP This manual page was written by Branden Robinson, originally for Progeny Linux Systems, Inc., and the Debian Project. .br Updated in 2013 by Manuel A. Fernandez Montecelo .