Tue, 11 Jun 2019 16:19:01 -0400cocoa: Backed out CVDisplayLink code for macOS vsync.
Ryan C. Gordon <icculus@icculus.org> [Tue, 11 Jun 2019 16:19:01 -0400] rev 12840
cocoa: Backed out CVDisplayLink code for macOS vsync.

This was to deal with broken vsync support in macOS 10.14, which we assumed
would remain broken indefinitely, but a later 10.14 released fixed it.

This is a loss of late-swap support, but there are several subtle problems
in our CVDiplayLink code that are also evaporating, to be fair.

Fixes Bugzilla #4575.

(Backed out changeset 73f3ca85ac0e)

Tue, 11 Jun 2019 19:58:10 -0700Fixed bug 4615 - RPM Build fails due to unpackaged files
Sam Lantinga <slouken@libsdl.org> [Tue, 11 Jun 2019 19:58:10 -0700] rev 12839
Fixed bug 4615 - RPM Build fails due to unpackaged files

devbeer

The current SDL2.spec fails to build with:

Checking for unpackaged file(s): /usr/lib/rpm/check-files /tmp/build/rpmbuild/BUILDROOT/SDL2-2.0.9-2.x86_64
error: Installed (but unpackaged) file(s) found:
/usr/lib64/cmake/SDL2/sdl2-config.cmake


RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/lib64/cmake/SDL2/sdl2-config.cmake

Tue, 11 Jun 2019 18:13:46 -0700Fixed bug 4570 - Support Vulkan Portability rather than MoltenVK specifically
Sam Lantinga <slouken@libsdl.org> [Tue, 11 Jun 2019 18:13:46 -0700] rev 12838
Fixed bug 4570 - Support Vulkan Portability rather than MoltenVK specifically

Dzmitry Malyshau

Current code, search paths, and error messages are written to only consider MoltenVK on macOS as a Vulkan Portability implementation. It's not the only implementation available to the users. gfx-portability [1] has been shown to run a number of titles well, including Dota2, Dolphin Emulator, and vkQuake3, often out-performing MoltenVK in frame rate and stability (see Dolphin benchmark [2]).

There is no reason for SDL to be that specific, it's not using any MVK-specific functions other than the WSI initialization ("VK_MVK_macos_surface"). gfx-portability exposes this extension as well, and a more generic WSI extension is in process. It would be good if SDL was written in a more generic way that expect a Vulkan Portability library as opposed to MoltenVK specifically.

[1] https://github.com/gfx-rs/portability
[2] https://gfx-rs.github.io/2019/03/22/dolphin-macos-performance.html

Tue, 11 Jun 2019 15:06:35 -0400software: Fixed compiler warning and dos2unix'd the endlines.
Ryan C. Gordon <icculus@icculus.org> [Tue, 11 Jun 2019 15:06:35 -0400] rev 12837
software: Fixed compiler warning and dos2unix'd the endlines.

Tue, 11 Jun 2019 14:09:53 -0400software: Correctly track viewport and cliprect.
Ryan C. Gordon <icculus@icculus.org> [Tue, 11 Jun 2019 14:09:53 -0400] rev 12836
software: Correctly track viewport and cliprect.

Fixes Bugzilla #4457.

Tue, 11 Jun 2019 13:02:56 -0400direct3d: Use D3DPOOL_MANAGED for vertex buffers.
Ryan C. Gordon <icculus@icculus.org> [Tue, 11 Jun 2019 13:02:56 -0400] rev 12835
direct3d: Use D3DPOOL_MANAGED for vertex buffers.

Fixes Bugzilla #4537.

Tue, 11 Jun 2019 08:33:30 -0700Fix build with the 10.10 SDK
Sam Lantinga <slouken@libsdl.org> [Tue, 11 Jun 2019 08:33:30 -0700] rev 12834
Fix build with the 10.10 SDK

Tue, 11 Jun 2019 10:12:47 -0400direct3d: Fixed SDL_RenderSetClipRect usage.
Ryan C. Gordon <icculus@icculus.org> [Tue, 11 Jun 2019 10:12:47 -0400] rev 12833
direct3d: Fixed SDL_RenderSetClipRect usage.

Fixes Bugzilla #4459.

Tue, 11 Jun 2019 09:29:48 -0400direct3d: don't dereference bogus pointer if current texture was destroyed.
Ryan C. Gordon <icculus@icculus.org> [Tue, 11 Jun 2019 09:29:48 -0400] rev 12832
direct3d: don't dereference bogus pointer if current texture was destroyed.

Fixes Bugzilla #4460.

Tue, 11 Jun 2019 06:28:12 -0700CVE-2019-7635: Reject BMP images with pixel colors out the palette SDL-1.2
Petr Písař <ppisar@redhat.com> [Tue, 11 Jun 2019 06:28:12 -0700] rev 12831
CVE-2019-7635: Reject BMP images with pixel colors out the palette
If a 1-, 4-, or 8-bit per pixel BMP image declares less used colors
than the palette offers an SDL_Surface with a palette of the indicated
number of used colors is created. If some of the image's pixel
refer to a color number higher then the maximal used colors, a subsequent
bliting operation on the surface will look up a color past a blit map
(that is based on the palette) memory. I.e. passing such SDL_Surface
to e.g. an SDL_DisplayFormat() function will result in a buffer overread in
a blit function.

This patch fixes it by validing each pixel's color to be less than the
maximal color number in the palette. A validation failure raises an
error from a SDL_LoadBMP_RW() function.

CVE-2019-7635
https://bugzilla.libsdl.org/show_bug.cgi?id=4498

Signed-off-by: Petr Písař <ppisar@redhat.com>