SFML community forums
General => General discussions => Topic started by: eXpl0it3r on May 09, 2018, 11:59:11 pm
-
SFML 2.5.0
We're finally here with a new SFML version! :)
Here are some highlights we're excited to share with an official release.
- Modern CMake support with SFMLConfig.cmake
- New system cursor API
- New clipboard API
- Introduction of sf::VertexBuffer
- Added loop points for sf::Music
And many more features and bugfixes for which you can find the full changelog including detailed descriptions here:
https://www.sfml-dev.org/changelog.php#sfml-2.5.0
We're very grateful for everyone contributing, testing and discussing!
Visit https://www.sfml-dev.org/ for download instructions and extensive documentation. We hope you enjoy this release and would love to get some feedback!
-
Awesome, thanks for the ongoing development of this marvelous project!! ;D
Haven't tried out 2.5 yet, but have a little question: On the previous version the kind and versionf of the compiler (IDE) was irrelevant, as far as I remember. Now the download page says "The compiler versions have to match 100%!", what has changed that made the downloads compiler-dependent? :)
-
That message has been there for a while, but it wasn't as obvious so people didn't read it and then wondered why their compiler version didn't work. With the big red box we hope to mitigate that issue a bit, so people see it before they ask on the forum.
There's no standard ABI for C++, as such binaries are only really compatible with one compiler version (on Windows). ;)
-
Great new....many thanks.
I´m new with sfml but in past i build sfml myself from the sources and so there are no problems with the compiler version.
Btw.:I build with cmake for the first time in my life.(before 2.5)
Is it the same way with SFMLConfig.cmake ?
-
Oh okay, thanks for the response!
-
I'm quite hyped for the VertexBuffer and the Clipboard.
Maybe since Clipboard is a fully static class (why not free functions though?) to not have someone create an instance and think they aren't shared the ctor should be private?
Single and no param ctors of VertexBuffer could say what the default for unspecified values is then. VertexArray has that problem too actually.
And I guess convenience update methods from VertexArray to VertexBuffer could be nice too, right now VertexBuffer just became even more useless than std::vector of sf::Vertices that it was in 2.4.x.
-
Any ideas why some AV scanners seem to think that SFML 2.5.0 for Visual Studio contains malware?
https://www.virustotal.com/#/file/ad50ded8aa8938373f853a4f3f43d3f4f496bb185df95cda86b10cb7851840b6/detection
-
Because they don't know the self-compiled binaries and found a random signature that matches something.
AV trigger a lot of false-positives. My AV often deletes just compiled binaries... ::)
You can try and report them as false positives by the respective AV company.
-
Because AV stuff seems to be so much smoke and mirrors (and marketing??).
You can find tons of reports of people complaining about various AVs marking rare games, rare exes, any exes in zips, etc. as viruses or possibly dangerous. They also assign idiotic labels like rootkit, worm, trojan, etc. despite these having proper definitions.
Another thing is that almost no one who hasn't taken a statistics, medical testing or similar-ish class (or got told by someone who did or ran the numbers themselves) understands the implication of even very small false positive ratios if what you're looking for is very rare. E.g. if an AV has 0.1% false positive ratio and 100% real positive (meaning that if it sees a virus - it always catches it) it's still quite bad because of how rare viruses are. With those ratios, if you scan 5000 good files and 1 virus you will get 6 hits - more noise than signal. For context - I've never seen a virus out in the wild (although I'm not a regular computer user) but on my machine I have a bit over 8200 exes and 40 000 dlls right now.
UPX compressed files are also common false positives, as is UPX itself. Same with AHK (base exe is fine, any compiled script - even an empty one which is what I tried - can be marked unsafe or trojan, and compressed with UPX it gets different labels from different AVs and some that have caught it before compression now don't catch it but some others now do but didn't before).
I used to run a different AV than I do now and it kept deleting my own compiled exes because they were not widely used (at least they didn't get called a trojan or some other random label and I got a real reason).
I've also tried my Botes program (it's a GUI app in Pascal, not related to SFML) - it's safe when debug info is stripped, otherwise it's a trojan according to 1 AV. Compressed with UPX without debug info - still fine. But explorer.exe from Windows is fine only without UPX, with UPX it gets flagged by one AV too. I've no idea what's the pattern.
Some people's answer to random stuff getting detected falsely (by often paid products no less): stop using UPX (an open source tool with 100% public spec of how it works, what it does, etc.) because it causes trouble.
I also tried Eicar (the test string for AVs), several AVs didn't catch it and the 'community' votes were like 60% safe 40% unsafe (despite all catching AVs saying 'TEST-FILE-SAFE', etc.)... ::)
I tried all dll, lib and exe files from SFML-2.5.0-windows-vc15-32-bit.zip and unless I missed some the only one that is detected as a virus is this example: https://www.virustotal.com/en/file/a11d0bc18188d1dcdfa7cf75192fe992a71e1d0c1e51ed0248ed876501b11bf6/analysis/1525988276/
Maybe some of the pdb files get detected as viruses because debugging information = scaaary (just like my Botes got flagged if it had debug info included in the exe).
It's really hard to take some AVs seriously between stuff like that, pricing, using Sciter for their candy tablet like and very out of place in Windows UIs (just look at the products https://sciter.com/ lists as users - almost all are AV or similar).
7z.dll was also recently found to have a hole allowing arbitrary code execution and many AVs (supposedly) use it to scan rar and 7z contents. They can afford pricy Sciter but I wonder how many of those vendors have donated money or bug fixes to 7z if they didn't even bother auditing it for coding errors before running it as part of an AV...
-
It´s the heuristic analysis i think.
Bitdefender have sometimes false positives.
In past with Kaspersky and Comodo i haven´t such problems.
Only my 2 cents.
-
Congrats on the release. Thanks everyone who contributed for the hard work, looks like a solid release :D
-
This is great! Will CSFML get a 2.5.0 release?
-
Because AV stuff seems to be so much smoke and mirrors (and marketing??).
[...]
Thank you for your detailed answer (and thanks for all other answers, too). I also don't trust AV software very much (in fact, I'm not running any on my machines), but I found it noteworthy that so many engines seem to have trouble with this file. If it were only one or two, I would have dismissed it as a false positive.
I re-ran the scan, and now there are even 11 engines that claim to have found malware.
https://www.virustotal.com/#/file/ad50ded8aa8938373f853a4f3f43d3f4f496bb185df95cda86b10cb7851840b6/detection
window.exe is reported by 15 engines:
https://www.virustotal.com/#/file/a11d0bc18188d1dcdfa7cf75192fe992a71e1d0c1e51ed0248ed876501b11bf6/detection
What is this file supposed to do?
-
It's just an example (https://github.com/SFML/SFML/blob/master/examples/window/Window.cpp) that renders some OpenGL code to an sf::Window. ;D
I can try and create a new build, but I can't do anything to make AVs happy. ;)
-
You can remove the entire example folder and upload that zip, it's 0/54 then. ;D
https://www.virustotal.com/#/file/734849145a4c9b96a8dce0edfabbcc978700a7d6e81b14de1eb4243cf581a081/detection
I also appended a single 'a' character to the window.exe and it helped (we are down from 15 to 9) too ::):
https://www.virustotal.com/#/file/c8c67757baec6dc7b3029ab8b2447673bf6c54fdda415be4842ec1f7a71f0d55/detection
I get that someone might be paranoid/very security conscious so instead of trusting anyone here just remove the examples folder or compile them yourself (if you really need them, I'm pretty sure I never looked at any myself :P) and scan all the lib, pdb, dll, etc. files with virus total.
If you want you can try asking those AV makers but they might just ignore you or promise that it'll clear up on itself some time.
-
I forgot to mention that SFML-2.4.2-windows-vc14-32-bit.zip is reported by only one of the engines, despite also containing said window.exe
I don't know to what extent these two files differ, but obviously, the AV engines seem to like the old version more ;-)
-
Maybe the AVs consider clipboard access to be sketchy and meant to steal your copy pasted stuff. Some trojans do that to steal passwords or change bank account numbers when you copy from somewhere to a window in the browser when making a payment.
Or maybe it's older VC++ so it's less sketchy on its own.
Or it's just chance...
C'est la vie. ¯\_(ツ)_/¯
-
Awesome, too bad I don't have much time for programming these days, but these releases really make me want to do some of my long dead and buried project ideas ;D
-
I hate AVs even more than viruses. People need to know the truth -- all they need is an up-to-date OS, a good browser and a brain. Nothing more!
From my experience, I had false positives when my app wrote files in its own directory. Everything were fine after I started to use the AppData (ProgramData on Win10) folder which is meant for this purpose. I'm still not a big fan of having an app writing things in multiples directories but seems we don't have the choice
-
Any chance that the C binding of SFML will get updated to 2.5?
-
There's an open PR which anyone and everyone is welcome to review and contribute. ;)
-
+1 for CSFML :)
unfortunately I can not be useful, C/C++ is not my language