From jmm at debian.org  Thu Mar 14 21:32:28 2019
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Thu, 14 Mar 2019 22:32:28 +0100
Subject: Bug#924609: libsdl1.2: Multiple security issues
Message-ID: <155259914852.9755.9067377779831343837.reportbug@hullmann.westfalen.local>

Source: libsdl1.2
Severity: grave
Tags: security

Hi,
a number of security issues were found in SDL, please see the following
links for references.

https://security-tracker.debian.org/tracker/CVE-2019-7638
https://security-tracker.debian.org/tracker/CVE-2019-7637
https://security-tracker.debian.org/tracker/CVE-2019-7636
https://security-tracker.debian.org/tracker/CVE-2019-7635
https://security-tracker.debian.org/tracker/CVE-2019-7578
https://security-tracker.debian.org/tracker/CVE-2019-7577
https://security-tracker.debian.org/tracker/CVE-2019-7576
https://security-tracker.debian.org/tracker/CVE-2019-7575
https://security-tracker.debian.org/tracker/CVE-2019-7574
https://security-tracker.debian.org/tracker/CVE-2019-7573
https://security-tracker.debian.org/tracker/CVE-2019-7572

Some bugs have links to upstream fixes, I think we can go ahead and
merge those. The others have proposed patches, but let's not rush
any upload and wait until these are properly reviewed/merged by
upstream.

Cheers,
        Moritz


From jmm at debian.org  Thu Mar 14 21:33:06 2019
From: jmm at debian.org (Moritz Muehlenhoff)
Date: Thu, 14 Mar 2019 22:33:06 +0100
Subject: Bug#924610: libsdl2: Multiple security issues
Message-ID: <155259918693.9928.12981368471743658741.reportbug@hullmann.westfalen.local>

Source: libsdl2
Severity: grave
Tags: security

Hi,
a number of security issues were found in SDL, please see the following
links for references.

https://security-tracker.debian.org/tracker/CVE-2019-7638
https://security-tracker.debian.org/tracker/CVE-2019-7637
https://security-tracker.debian.org/tracker/CVE-2019-7636
https://security-tracker.debian.org/tracker/CVE-2019-7635
https://security-tracker.debian.org/tracker/CVE-2019-7578
https://security-tracker.debian.org/tracker/CVE-2019-7577
https://security-tracker.debian.org/tracker/CVE-2019-7576
https://security-tracker.debian.org/tracker/CVE-2019-7575
https://security-tracker.debian.org/tracker/CVE-2019-7574
https://security-tracker.debian.org/tracker/CVE-2019-7573
https://security-tracker.debian.org/tracker/CVE-2019-7572

Some bugs have links to upstream fixes, I think we can go ahead and
merge those. The others have proposed patches, but let's not rush
any upload and wait until these are properly reviewed/merged by
upstream.

Cheers,
        Moritz


From owner at bugs.debian.org  Thu Mar 14 22:33:05 2019
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 14 Mar 2019 22:33:05 +0000
Subject: Processed: found 924609 in 1.2.15+dfsg2-4, found 924609 in
 1.2.15+dfsg1-4, tagging 924609
References: <1552602479-1975-bts-carnil@debian.org>
Message-ID: <handler.s.C.155260248722683.transcript@bugs.debian.org>

Processing commands for control at bugs.debian.org:

> found 924609 1.2.15+dfsg2-4
Bug #924609 [src:libsdl1.2] libsdl1.2: Multiple security issues
Marked as found in versions libsdl1.2/1.2.15+dfsg2-4.
> found 924609 1.2.15+dfsg1-4
Bug #924609 [src:libsdl1.2] libsdl1.2: Multiple security issues
Marked as found in versions libsdl1.2/1.2.15+dfsg1-4.
> tags 924609 + upstream
Bug #924609 [src:libsdl1.2] libsdl1.2: Multiple security issues
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
924609: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924609
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From owner at bugs.debian.org  Thu Mar 14 22:33:08 2019
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 14 Mar 2019 22:33:08 +0000
Subject: Processed: tagging 924610, found 924610 in 2.0.9+dfsg1-1, found
 924610 in 2.0.5+dfsg1-2
References: <1552602532-3029-bts-carnil@debian.org>
Message-ID: <handler.s.C.155260253823058.transcript@bugs.debian.org>

Processing commands for control at bugs.debian.org:

> tags 924610 + upstream
Bug #924610 [src:libsdl2] libsdl2: Multiple security issues
Added tag(s) upstream.
> found 924610 2.0.9+dfsg1-1
Bug #924610 [src:libsdl2] libsdl2: Multiple security issues
Marked as found in versions libsdl2/2.0.9+dfsg1-1.
> found 924610 2.0.5+dfsg1-2
Bug #924610 [src:libsdl2] libsdl2: Multiple security issues
Marked as found in versions libsdl2/2.0.5+dfsg1-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
924610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924610
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems


From grivalera at yandex.ru  Sat Mar 23 05:43:18 2019
From: grivalera at yandex.ru (Valery)
Date: Sat, 23 Mar 2019 08:43:18 +0300
Subject: Bug#925324: libsdl1.2-dev: problem with compilating with SDL
Message-ID: <155331979898.3175.16216161032213141381.reportbug@deb9-atom>

Package: libsdl1.2-dev
Version: 1.2.15+dfsg2-4
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?


	compiling messages that: 

     /usr/include/SDL/SDL_opengl.h:116: error: "GL_GLEXT_VERSION" redefined [-Werror]
     #define GL_GLEXT_VERSION 29
 
In file included from /usr/include/GL/gl.h:2055,
                 from /usr/include/SDL/SDL_opengl.h:46,
                 from src/Basescape/../Engine/OpenGL.h:14,
                 from src/Basescape/../Engine/Screen.h:22,
                 from src/Basescape/CraftEquipmentState.cpp:23:
/usr/include/GL/glext.h:54: note: this is the location of the previous definition
 #define GL_GLEXT_VERSION 20180725


I have found same error at https://bugzilla.redhat.com/show_bug.cgi?id=1662778
and there are way to repeat error:

printf '#include <SDL_opengl.h>\n' | gcc $(sdl-config --cflags) -x c -c -


   * What exactly did you do (or not do) that was effective (or
     ineffective)?

    I have compiled an OpenXcom project at my system, it appears during compilation
	https://openxcom.org
    note: it was succesfully compilated on two other debian 9 systems.
   This one firstly debian 9, was changed to testing and upgraded to newest kernel and mesa.

   * What was the outcome of this action?

    I haven't idea how to pass it.
    I tried change #ifndef GL_GLEXT_VERSION at /usr/include/SDL/SDL_opengl.h but
    it make more errors, It seems like version number is important.

   * What outcome did you expect instead?

   Maybe change libsdl1.2-dev? I have newest one

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 9.5
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libsdl1.2-dev depends on:
ii  libasound2-dev                 1.1.7-2
ii  libcaca-dev                    0.99.beta19-2+b3
ii  libglu1-mesa-dev [libglu-dev]  9.0.0-2.1+b2
ii  libpulse-dev                   12.2-3
ii  libsdl1.2debian                1.2.15+dfsg2-4
ii  libx11-dev                     2:1.6.7-1
ii  libxext-dev                    2:1.3.3-1+b2

libsdl1.2-dev recommends no packages.

libsdl1.2-dev suggests no packages.

-- no debconf information