From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 14:04:05 2018 Received: (at submit) by debbugs.gnu.org; 11 Nov 2018 19:04:05 +0000 Received: from localhost ([127.0.0.1]:46720 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv1g-0003ju-Pc for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:04:04 -0500 Received: from eggs.gnu.org ([208.118.235.92]:48098) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv1d-0003jP-U6 for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:04:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gLv1W-0008G8-R4 for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:03:56 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:34229) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gLv1V-0008F9-BB for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:03:54 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57693) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gLv1U-0004Vp-Mx for guix-patches@gnu.org; Sun, 11 Nov 2018 14:03:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gLv1N-0008Ay-Dk for guix-patches@gnu.org; Sun, 11 Nov 2018 14:03:50 -0500 Received: from mail-pf1-x429.google.com ([2607:f8b0:4864:20::429]:44936) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gLv1N-00087W-7l for guix-patches@gnu.org; Sun, 11 Nov 2018 14:03:45 -0500 Received: by mail-pf1-x429.google.com with SMTP id b81-v6so2702922pfe.11 for ; Sun, 11 Nov 2018 11:03:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:user-agent:mime-version; bh=IBG9V+6iv0pioIny5uzZBl5fKP0NoCG5rFtALKbjyng=; b=KivLPBEl5JzD6jZXUBCiycLn3Ajc6BnZLWgDQpMLHL/4TSG+Y46rp1NdyitrxMROsz zjCzp6Xl2n89F2HgcRSyUYPxBmZBzoY4OBoSLSX/zQp7KmBCEKqZZsm552Z2CxBXyKAc p2xbh84qvwPvkA6vAdcQWp2l78aQmK3WQhxZqNo7H5LHey1Hj7qWtNfqs0DfQYMB3VS9 pomelt5QkYfLJVAD4RBmYJt7NHgzV4sMejTYmkO1z5e8OLRORrWovs/G/3Rwr+i0l/1F EbzfB0pImRtpG03NsIZ4a4RkQwLfP0pxLdf3HmNgvEdCIARg5Lvcl0tMDCf0dd/jdVKL /HFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent :mime-version; bh=IBG9V+6iv0pioIny5uzZBl5fKP0NoCG5rFtALKbjyng=; b=FFjmm59CXQApsQucBCfXryx18dDMgaRIIk2vNMbCv7cLNsRCbUo13jqWdTZyTXrBVH 6pYVedxYs4iFPuqS2TrEBugrafXgcTyHx6t6Xrg42ydVSjidk7HSVCnedcGWXK/GMgN8 ympue83kdRqAzMQ50dwRrgSf8DSIc9jZ3lqyDFcZnXtb7EZPQqx1eE2cUHH3dAc+iy6B wAmfEeiqKL53blWxNYH0SITx5WIjTZ2XI1Ys8yyZZTXuhtLtgAT0pLbpykLRbD5NSZGa QUaPKGrgWI9NGA3/HtPwnOH1dKjV3U1Di0skUgmxvtrZDN7GPO6ZnaEVPi8Qbzhbjjt4 l9Cg== X-Gm-Message-State: AGRZ1gIeH/W5Ik0PweZdY4m4qjMxuZnELS3GlpsyU6dqu03KXRUfyEod 868gaIbRCVygWaiTq6VfpYE= X-Google-Smtp-Source: AJdET5d24Xpb/lWLpzU8dSWoQJsO3oBDMF4AR0GhVf7XjZFn4OUceMrx7fKcWsgu1WYzzI724yjdhA== X-Received: by 2002:a63:e40c:: with SMTP id a12mr14947751pgi.28.1541963015016; Sun, 11 Nov 2018 11:03:35 -0800 (PST) Received: from debian (1-36-201-233.static.netvigator.com. [1.36.201.233]) by smtp.gmail.com with ESMTPSA id y9-v6sm14656321pfe.152.2018.11.11.11.03.33 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Nov 2018 11:03:34 -0800 (PST) From: Alex Vong To: guix-patches@gnu.org Subject: [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. Date: Mon, 12 Nov 2018 03:03:18 +0800 Message-ID: <871s7r3095.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -3.8 (---) X-Debbugs-Envelope-To: submit Cc: alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.8 (----) --=-=-= Content-Type: text/plain Tags: patch, security Hello Guix, This patch set upgrades teeworlds to its latest version in order to fix CVE-2018-18541, which is present in teeworlds before 0.6.5. Cheers, Alex --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h89wAKCRBh71Au9gJS 8ta7APoCx6Xy7BCPwWgUNIN0Qw2u83sSLsDNdXwqw9PwslgXJQEAwT+wdy+LP17N cFeJYnsxSpV+WC/JrtpMjuu/k8USdA0= =Z4Gr -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 14:06:43 2018 Received: (at 33347) by debbugs.gnu.org; 11 Nov 2018 19:06:43 +0000 Received: from localhost ([127.0.0.1]:46725 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv4C-0003nt-7W for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:06:43 -0500 Received: from mail-pl1-f195.google.com ([209.85.214.195]:39732) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv49-0003nf-Dn for 33347@debbugs.gnu.org; Sun, 11 Nov 2018 14:06:38 -0500 Received: by mail-pl1-f195.google.com with SMTP id b5-v6so3217062pla.6 for <33347@debbugs.gnu.org>; Sun, 11 Nov 2018 11:06:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:user-agent:mime-version; bh=7L/ES5sX+840fk/CEMwifOniDZxSsvJ7kKa1gn/bMOc=; b=ZHXk2NmGMJV9tNKcfZwJHFExkv45wv04CyDhIWCQL8LUhqkOALcz1qvL869OWrMjG5 ufPNsvck8W0DA6LHGBn6UO4nCna1387W3OZ0QxNoS6wCGlhOcGu4obRTg8ASNfdX8VGB Vnf8QJHRYzwr9F8tNtlDnue2sPHxKdS4wq1zzygPBtUhx1tIuJ2gQJ+epaPWNxvdgErp 1iydV0LbJPOABt0/LM+se+7LQ1CiWNAySXQ0UNwSrOmyc3whNZN949kIpgp8I3Gzup/I NRHaL3jk0zg7dEoSHqpAwz9CYJJJKJJe4yQ+wrBgoF+BYQJUq1jJpciWXAqQR6jx4YzO scow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent :mime-version; bh=7L/ES5sX+840fk/CEMwifOniDZxSsvJ7kKa1gn/bMOc=; b=iYURK60ttlcAAHnXSAHDzoi0pYenR9SPIjZi3cM466W4v6FvnSyaAEFaG1E25sOXdW 11EowOyerbV3c9/dbIxeo0F8jsRjuoDm+eUY9/TFt+yH44GKhLFksTBgr2XuHoQffHJm O8t0eO3HpPBqxFcP2E4h1QKD6LNYNDGQxmrKGNgHOJDuQwBvqrjL8XxK/23yLjuAc+Ye wj/F/+7uLHs0Ffjc/6VEOtHyga60dkOzngtlM3FUyS+jYSJYyzf/Dda/EPIhvBDhid4f +YsFTPX0n38865Bft6DdUrrGQGw3JC8+VmBqquIAFZAIqOCNB4+NxJMs15onJ9FEz01e /0vQ== X-Gm-Message-State: AGRZ1gLUaqfK8f46rfVEnb61vOfvSjz8Wn+8JhZYIjNqbZ7QLYg6SmIG hX6qUmR/RvZ5BFX0Py6GHJU= X-Google-Smtp-Source: AJdET5ecktvRxgGwMgIYCFNSsSjmtmooxw2ZkUQkirLmAMGQA/w90a31DlbGjk7VjDus2FUyUz1kww== X-Received: by 2002:a17:902:ac93:: with SMTP id h19-v6mr170522plr.245.1541963191722; Sun, 11 Nov 2018 11:06:31 -0800 (PST) Received: from debian (1-36-201-233.static.netvigator.com. [1.36.201.233]) by smtp.gmail.com with ESMTPSA id p38sm3259445pgm.40.2018.11.11.11.06.30 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Nov 2018 11:06:31 -0800 (PST) From: Alex Vong To: 33347@debbugs.gnu.org Subject: [PATCH 1/4] gnu: Add pnglite. Date: Mon, 12 Nov 2018 03:06:27 +0800 Message-ID: <87wopj1ljg.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: 33347 Cc: alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0001-gnu-Add-pnglite.patch Content-Transfer-Encoding: quoted-printable From=2071b7ccb3de4ca3d08032ca89f8bb2e7782f9959b Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Mon, 12 Nov 2018 01:55:05 +0800 Subject: [PATCH 1/4] gnu: Add pnglite. * gnu/packages/image.scm (pnglite): New variable. =2D-- gnu/packages/image.scm | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 9bf9bd7e5..889128173 100644 =2D-- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -21,6 +21,7 @@ ;;; Copyright =C2=A9 2018 Pierre Neidhardt ;;; Copyright =C2=A9 2018 Marius Bakke ;;; Copyright =C2=A9 2018 Pierre-Antoine Rouby +;;; Copyright =C2=A9 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -253,6 +254,60 @@ files. It can compress them as much as 40% losslessly= .") ;; This package used to be wrongfully name "pngcrunch". (deprecated-package "pngcrunch" pngcrush)) =20 +(define-public pnglite + (let ((commit "11695c56f7d7db806920bd9229b69f230e6ffb38") + (revision "1")) + (package + (name "pnglite") + ;; The project was moved from sourceforge to github. + ;; The latest version in sourceforge was 0.1.17: + ;; https://sourceforge.net/projects/pnglite/files/pnglite/ + ;; No releases are made in github. + (version (git-version "0.1.17" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/dankar/pnglite") + (commit commit))) + (sha256 + (base32 + "1lmmkdxby5b8z9kx3zrpgpk33njpcf2xx8z9bgqag855sjsqbbby")) + (file-name (git-file-name name version)))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f + #:phases + (modify-phases %standard-phases + (delete 'configure) + (replace 'build + (lambda _ + (let ((cflags '("-O2" "-fPIC")) + (ldflags '("-shared"))) + (apply invoke + `("gcc" + "-o" "libpnglite.so" + ,@cflags + ,@ldflags + "pnglite.c")) + #t))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib/")) + (include (string-append out "/include/")) + (doc (string-append out "/share/doc/" + ,name "-" ,version "/"))) + (install-file "libpnglite.so" lib) + (install-file "pnglite.h" include) + (install-file "README.md" doc) + #t)))))) + (inputs `(("zlib" ,zlib))) + (home-page "https://github.com/dankar/pnglite") + (synopsis "Pretty small png library") + (description "A pretty small png library. +Currently all documentation resides in @file{pnglite.h}.") + (license license:zlib)))) + (define-public libjpeg (package (name "libjpeg") =2D-=20 2.19.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h9swAKCRBh71Au9gJS 8iYAAQCwz1cgPN+ocTn/SfrwjwufnKZI8C+JXR/5AqXKJpj6RAD8DbsHTc+H3S2B XfLNg6tAB5EpesW5dpleC8vSkysJ0wY= =bX0y -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 14:07:22 2018 Received: (at 33347) by debbugs.gnu.org; 11 Nov 2018 19:07:22 +0000 Received: from localhost ([127.0.0.1]:46729 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv4o-0003p7-Ot for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:07:22 -0500 Received: from mail-pg1-f173.google.com ([209.85.215.173]:38828) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv4n-0003ou-Jc for 33347@debbugs.gnu.org; Sun, 11 Nov 2018 14:07:18 -0500 Received: by mail-pg1-f173.google.com with SMTP id f8-v6so3024670pgq.5 for <33347@debbugs.gnu.org>; Sun, 11 Nov 2018 11:07:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:user-agent:mime-version; bh=EWA//TS1dLHDfDOoOQ7Cz1ulm3giqCk73ZUWZyETJL8=; b=itHcj9vXiV+L60Rvx5nq4ZUZ579wBde83BWDxOSsA0sLvx4Z2zcKh3YubweTZcx3nx 6FTauw3ykz2flPOlFUdYRGCnrDeOEoktWm3DRCtAEk9pznnDHI/BlHN7e5gMTheNlSRo Le/rUvydCN6SC1aTpG7q+vGlLkRaLvlSwuOemRI3gedWBdI8Vl0BquL2h1IsKUgtEmut KGDjIR4+l+yAs9iUDU1imr3Y2dRqOSr51403XpQjHrsaenzldAbHZDdesDovA1GLTa1L x9MqGWnvr0VrXgdvYXu94bStxpmQZSxuC82hInPhYtoNDHpQV9RXEv2YrYguR1iFvMZ+ K0hQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent :mime-version; bh=EWA//TS1dLHDfDOoOQ7Cz1ulm3giqCk73ZUWZyETJL8=; b=PuyhHScr+qZPSId5iIImA0G10v7j4hoi7bYgx/kzNJghLufkptH6OY9b3YduAeg6WP lJLK8dAUwkDJYoCtKTp1rE8ewAnQaOBekVTd1IvJRJzcGbT/l2Ki2ArNu7lJduyZu6dx 2e3tUirV2uFSIgJLbW3eqG0pOjP+1VTaKrgvZ58l46EizSX3oIRzusnhAJcNh07ZcyBs cvC8OkxBpm0qEXN0VR8w6c7VuIg8pPxCOQEv4pTG2R1DZrIR/9C3C037PLLIosROiB45 Z9oEJlMQIfW5Aj91LHjoL8b+v4v2u4Q81bM1EqRIIoz3vI/vzVE58t+cfFK/stmcWYnJ WmFQ== X-Gm-Message-State: AGRZ1gLr/4t4huVbYSqB27ygM9QhBSe37zftALA4aCWRAODaawkkMKN1 TU1ttbVFn0NOpAL5Tt2xaWE= X-Google-Smtp-Source: AJdET5cuV95Urb+hqzltY6x3afcQRh9s4WOijcjR264AcYPC8G8pXcgX8lYJsPAVWMHbNmYYa9rkAw== X-Received: by 2002:a63:ec13:: with SMTP id j19mr839811pgh.6.1541963232094; Sun, 11 Nov 2018 11:07:12 -0800 (PST) Received: from debian (1-36-201-233.static.netvigator.com. [1.36.201.233]) by smtp.gmail.com with ESMTPSA id a4sm12609816pgv.70.2018.11.11.11.07.10 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Nov 2018 11:07:11 -0800 (PST) From: Alex Vong To: 33347@debbugs.gnu.org Subject: [PATCH 2/4] gnu: Add json-parser. Date: Mon, 12 Nov 2018 03:07:07 +0800 Message-ID: <87sh071lic.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: 33347 Cc: alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0003-gnu-bam-Update-to-0.5.1.patch Content-Transfer-Encoding: quoted-printable From=207caabdd6a49d568463501adadf70f13b818bccec Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Thu, 8 Nov 2018 10:53:43 +0800 Subject: [PATCH 3/4] gnu: bam: Update to 0.5.1. * gnu/packages/build-tools.scm (bam): Update to 0.5.1. [arguments]: Use newly provided Makefile. [inputs]: Add lua. =2D-- gnu/packages/build-tools.scm | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm index 42de56f8c..d24c9ce18 100644 =2D-- a/gnu/packages/build-tools.scm +++ b/gnu/packages/build-tools.scm @@ -5,6 +5,7 @@ ;;; Copyright =C2=A9 2018 Fis Trivial ;;; Copyright =C2=A9 2018 Tom=C3=A1=C5=A1 =C4=8Cech ;;; Copyright =C2=A9 2018 Marius Bakke +;;; Copyright =C2=A9 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -30,6 +31,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages) #:use-module (gnu packages compression) + #:use-module (gnu packages lua) #:use-module (gnu packages python) #:use-module (gnu packages python-crypto) #:use-module (gnu packages python-web) @@ -40,33 +42,28 @@ (define-public bam (package (name "bam") =2D (version "0.4.0") + (version "0.5.1") (source (origin (method url-fetch) =2D (uri (string-append "http://github.com/downloads/matricks/" =2D "bam/bam-" version ".tar.bz2")) + (uri (string-append "https://github.com/matricks/bam" + "/archive/v" version ".tar.gz")) (sha256 (base32 =2D "0z90wvyd4nfl7mybdrv9dsd4caaikc6fxw801b72gqi1m9q0c0sn"))= )) + "1a8m7aa2xc23z3rqi5d15mxwp0hfappbmhkfpn7b3v156fprd1fc")) + (file-name (string-append name "-" version ".tar.gz")))) (build-system gnu-build-system) (arguments =2D `(#:phases + `(#:make-flags `("CC=3Dgcc" + ,(string-append "INSTALL_PREFIX=3D" + (assoc-ref %outputs "out"))) + #:test-target "test" + #:phases (modify-phases %standard-phases =2D (delete 'configure) =2D (replace 'build =2D (lambda _ =2D (zero? (system* "bash" "make_unix.sh")))) =2D (replace 'check =2D (lambda _ =2D (zero? (system* "python" "scripts/test.py")))) =2D (replace 'install =2D (lambda* (#:key outputs #:allow-other-keys) =2D (let ((bin (string-append (assoc-ref outputs "out") "/bin")= )) =2D (mkdir-p bin) =2D (install-file "bam" bin) =2D #t)))))) + (delete 'configure)))) (native-inputs `(("python" ,python-2))) + (inputs + `(("lua" ,lua))) (home-page "https://matricks.github.io/bam/") (synopsis "Fast and flexible build system") (description "Bam is a fast and flexible build system. Bam uses Lua to =2D-=20 2.19.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h93AAKCRBh71Au9gJS 8s5XAP9lptgNvVLzepPWA/zhw/Bo9MY17dZnRFD/ypsebFM1FAD+KsS5qc0smbEV f/6nBhz+WBpJAMnrLHBB1noK7hLMhQU= =vCYn -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 14:09:16 2018 Received: (at 33347) by debbugs.gnu.org; 11 Nov 2018 19:09:17 +0000 Received: from localhost ([127.0.0.1]:46737 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv6i-0003sV-Kg for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:09:16 -0500 Received: from mail-pf1-f177.google.com ([209.85.210.177]:46253) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv6g-0003sD-D0 for 33347@debbugs.gnu.org; Sun, 11 Nov 2018 14:09:15 -0500 Received: by mail-pf1-f177.google.com with SMTP id s9-v6so3191622pfm.13 for <33347@debbugs.gnu.org>; Sun, 11 Nov 2018 11:09:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:user-agent:mime-version; bh=xTu/gqos/6ATg085lZt+LPqTyPqs56xhRFAWFWpxhfo=; b=UCkxIcj6ciA+2dcf/YoK8zj+yeDjhajoG2BOcqcS47QCRUvslqqavEvXtJf4SIfWt/ qmzoMrxxGZTFX7iMYuzabkRU9HSeyx75/gaLXhVySKlAtXmOaZq3UWwhMHusKZ+Y5mUt bdF25H+W1/ZAh/MgBeZWxiLCs5HYNsg5Lb8ii1sjka9TcVJV5edJMhUb+JoRWqoZc91r wHfqVxfKNcwN3/oYsNI2gcv4COF1bMFLAMZVCMMmjJwZOn152v3FQs5TJacucvfG0Ii2 5i6xSn+coLzLhZ7TzTzgqYo2zsSfDE9aFntLYUnv0HwR7wZBu1Lo7914nxFzYnba2s8v GGhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent :mime-version; bh=xTu/gqos/6ATg085lZt+LPqTyPqs56xhRFAWFWpxhfo=; b=C9kRp57edydstdludPE9zmIBup7+k/6d3dosATcsza+87r9c17YrOgrjqeCtucGtve qUu1KF6dM3C99/z7/t7zS9hrP/dzVtJ5B2S+9JVEW+ozMpTJQy8R9xolCw7tjFq5L1yd LMxawmBc94FQcOAb7FSz1pscPMYYWoowYM3O9RNCGu83ygQPOIPZBorJyaYOIOfQO/qt tuky1wfRX5nntx9xZftjawrzbuwOvJ9OHqAfSIkOFoyRq5zhYt8zEehTLLRkHRrOsr+a 9IQ5o5WpvhJoLc0QCmwRu2WvQJK1XnvI0N4ld/ytYIz0TV9ztNJqUN1fL6igVrmHCCcs 8+uQ== X-Gm-Message-State: AGRZ1gKzBsdJ9gpzpDbyq6DcVFnhlcMB8rlVmJ89CJfSXzfGYyMKqtGS +Cipt8I4oS95GAkAAlhgNYk= X-Google-Smtp-Source: AJdET5fUibzaCdX9q9jjy/j+GsGqDVzlJn1I7A7o+SQ2zB7A/wNVEtThIP6BRjeBz4lCcTmEdA7sgg== X-Received: by 2002:a63:6506:: with SMTP id z6-v6mr13965735pgb.219.1541963348840; Sun, 11 Nov 2018 11:09:08 -0800 (PST) Received: from debian (1-36-201-233.static.netvigator.com. [1.36.201.233]) by smtp.gmail.com with ESMTPSA id s144sm13980321pgs.87.2018.11.11.11.09.07 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Nov 2018 11:09:08 -0800 (PST) From: Alex Vong To: 33347@debbugs.gnu.org Subject: [PATCH 3/4] gnu: Add json-parser. Date: Mon, 12 Nov 2018 03:09:04 +0800 Message-ID: <87o9av1lf3.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: 33347 Cc: alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0002-gnu-Add-json-parser.patch Content-Transfer-Encoding: quoted-printable From=206696a1dd8c69b9349c4897d1ce5b73d585d9f077 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Mon, 12 Nov 2018 02:23:27 +0800 Subject: [PATCH 2/4] gnu: Add json-parser. * gnu/packages/web.scm (json-parser): New variable. =2D-- gnu/packages/web.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index b0ab4add8..082337d00 100644 =2D-- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -28,6 +28,7 @@ ;;; Copyright =C2=A9 2018 Pierre-Antoine Rouby ;;; Copyright =C2=A9 2018 G=C3=A1bor Boskovits ;;; Copyright =C2=A9 2018 M=C4=83d=C4=83lin Ionel Patra=C8=99cu +;;; Copyright =C2=A9 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -582,6 +583,32 @@ It aims to conform to RFC 7159.") (("-Werror") "")) #t)))))) =20 +(define-public json-parser + (package + (name "json-parser") + (version "1.1.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/udp/json-parser" + "/archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0cyixd9azd2l86hkha4d11lxz0a54fbwg4hmby6zkfwx4s9qf9sw")))) + (build-system gnu-build-system) + (arguments '(#:tests? #f)) + (home-page "https://github.com/udp/json-parser") + (synopsis "JSON parser written in ANSI C") + (description "Very low footprint JSON parser written in portable ANSI = C. + +@itemize +@item BSD licensed with no dependencies (i.e. just drop the C file into yo= ur +project) +@item Never recurses or allocates more memory than it needs +@item Very simple API with operator sugar for C++ +@end itemize") + (license l:bsd-2))) + (define-public qjson (package (name "qjson") =2D-=20 2.19.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h+UAAKCRBh71Au9gJS 8mdrAP9SaTYcU+CwT9RklhU25NtApL3G3l3N/JY+DPJ9I7sv9wEAtS+p5CWQ/k41 +XLLzBD9Av94+wmJao/SeWFZncJRBQg= =+bND -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 14:09:52 2018 Received: (at 33347) by debbugs.gnu.org; 11 Nov 2018 19:09:52 +0000 Received: from localhost ([127.0.0.1]:46740 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv7H-0003tG-0s for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:09:51 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:46442) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv7F-0003t2-0E for 33347@debbugs.gnu.org; Sun, 11 Nov 2018 14:09:49 -0500 Received: by mail-pl1-f196.google.com with SMTP id t13so255279ply.13 for <33347@debbugs.gnu.org>; Sun, 11 Nov 2018 11:09:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:user-agent:mime-version; bh=qbvTr7kUOgXgSBFh417RDJtPihCIsde+LVRDEtxc/u8=; b=tqi67m8bKvhlI1oZ75+OASfAgfQRxM3nIVbo62YrjftIv70oA9eG8qbWZ3OVd0ts0R 7JJfNCV8Q7ZI5tvLCuBW5xxkXUxLt3f15gysj/VzYNmOV3rpwo7ZNpyAsEYaLUP8rSs9 VgRNAnlUCpeix+dNl4kvXRj2LmcD1pgHUcopcEO9MkzlBgZMDMn0xH1Muirlor36jt9A Ps/s4ndCAWR2bX47z3L+/KT0vJj5qw6kQV32Z2vdOTNehFAMuEdoDGpy+bcH0k+2QbpI out/3XDmp/lxmqi/ZGZqc3YIS2aIKKFhj6hJcGKYkKRWH52kcZ0KqmjgTw77muWy8lnH fcEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent :mime-version; bh=qbvTr7kUOgXgSBFh417RDJtPihCIsde+LVRDEtxc/u8=; b=LOeZ4TRlWU3Rwm3Ctb/0nl5lnnDkFt85U+towltm2kBrbwxdvC8mCAINUEIgP8modP ZjNU5arxnn1wK/3cIyCutWC6Wd/vvQXw+0+ysUV9WCX6a5+q70e3+JDnPhB8PnNrQmeg prPWogmktU/tYalmaZ9VWFVZnGu2clI6FdlwZzanWGXao6JmqhEIn8xDtVMGXcffskGz RMyRR+EjQ1m6Uie7CNDAw6cLIu/hJAomsAuNmdGvM8LkVL8niL5wGyYmab0QlJgmUBGF oFruBDckYDXgJ4OIoZ8d3WbA3Z30CMK12zYZ5iwIAHAcQa9aVzoSoHkq/Fw6MJhUHycF 8eOw== X-Gm-Message-State: AGRZ1gIAoXzF/k8kHyMDUz3WMxPw3uq59kfX3YHIm/21mvdQDTPTMKUg KAhcUjBF+ifu+urkQ3DUbt4= X-Google-Smtp-Source: AJdET5d4fVSyuWqSZqf0EujcH4m/DVEXTQKSmDDO4cTgUJzWFfpwSa2vR6zPDNSwROg2nyOmzu4Myg== X-Received: by 2002:a17:902:e201:: with SMTP id ce1-v6mr17337881plb.138.1541963383513; Sun, 11 Nov 2018 11:09:43 -0800 (PST) Received: from debian (1-36-201-233.static.netvigator.com. [1.36.201.233]) by smtp.gmail.com with ESMTPSA id 137-v6sm15118520pfz.103.2018.11.11.11.09.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Nov 2018 11:09:42 -0800 (PST) From: Alex Vong To: 33347@debbugs.gnu.org Subject: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. Date: Mon, 12 Nov 2018 03:09:39 +0800 Message-ID: <87k1lj1le4.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: 33347 Cc: alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0004-gnu-teeworlds-Update-to-0.7.0-fixes-CVE-2018-18541.patch Content-Transfer-Encoding: quoted-printable From=20340a24167fe00a3ea62804bb97760b8ba3b2f6f8 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Mon, 12 Nov 2018 02:42:25 +0800 Subject: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. * gnu/packages/games.scm (teeworlds): Update to 0.7.0. [source]: Remove all bundled libraries. [arguments]: Adjust accordingly. [inputs]: Use sdl2 instead of sdl and python-wrapper instead of python-2. Add json-parser, libmd and pnglite. * gnu/packages/patches/teeworlds-use-latest-wavpack.patch: Update it. =2D-- gnu/packages/games.scm | 107 ++++++++++++------ .../teeworlds-use-latest-wavpack.patch | 72 +++++++++--- 2 files changed, 129 insertions(+), 50 deletions(-) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index 3679aa09c..8817e4db8 100644 =2D-- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -35,6 +35,7 @@ ;;; Copyright =C2=A9 2018 Tim Gesthuizen ;;; Copyright =C2=A9 2018 Madalin Ionel-Patrascu ;;; Copyright =C2=A9 2018 Benjamin Slade +;;; Copyright =C2=A9 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -4139,31 +4140,41 @@ small robot living in the nano world, repair its ma= ker.") (define-public teeworlds (package (name "teeworlds") =2D (version "0.6.4") + (version "0.7.0") (source (origin (method url-fetch) =2D (uri (string-append "https://github.com/teeworlds/teeworld= s/" =2D "archive/" version "-release.tar.gz")) + (uri (string-append "https://github.com/teeworlds/teeworlds" + "/archive/" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 =2D "1mqhp6xjl75l49050cid36wxyjn1qr0vjx1c709dfg1lkvmgs6l3")) + "1ih79qcfc44biiwyhc51gwvkyab4cy5hya9yc2bq8phf899fpz2q")) (modules '((guix build utils))) =2D (snippet =2D '(begin =2D (for-each delete-file-recursively =2D '("src/engine/external/wavpack/" =2D "src/engine/external/zlib/")) =2D #t)) + (snippet ; remove bundled libraries + '(begin (delete-file-recursively "src/engine/external/") + #t)) (patches (search-patches "teeworlds-use-latest-wavpack.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests included + #:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-26)) #:phases (modify-phases %standard-phases (replace 'configure (lambda* (#:key outputs #:allow-other-keys) + (define (use-latest-json-parser file) + (substitute* file + (("engine/external/json-parser/json\\.h") + "json-parser/json.h") + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);") + "json_parse_ex(&JsonSettings, + pFileData, + strlen(pFileData), + aError);"))) + ;; Embed path to assets. (substitute* "src/engine/shared/storage.cpp" (("#define DATA_DIR.*") @@ -4173,50 +4184,76 @@ small robot living in the nano world, repair its ma= ker.") "\""))) =20 ;; Bam expects all files to have a recent time stamp. =2D (for-each (lambda (file) =2D (utime file 1 1)) + (for-each (cut utime <> 1 1) (find-files ".")) =20 ;; Do not use bundled libraries. (substitute* "bam.lua" =2D (("if config.zlib.value =3D=3D 1 then") =2D "if true then") =2D (("wavpack =3D .*") =2D "wavpack =3D {} =2Dsettings.link.libs:Add(\"wavpack\")\n")) + (("local json =3D Compile.+$") + "local json =3D nil +settings.link.libs:Add(\"jsonparser\")") + (("local md5 =3D Compile.+$") + "local md5 =3D nil +settings.link.libs:Add(\"md\")") + (("local png =3D Compile.+$") + "local png =3D nil +settings.link.libs:Add(\"pnglite\")") + (("local wavpack =3D Compile.+$") + "local wavpack =3D nil +settings.link.libs:Add(\"wavpack\")") + (("if config\\.zlib\\.value =3D=3D 1") + "settings.cc.flags:Add(\"-DLIBMD_MD5_ALADDIN\") +if config.zlib.value")) + (substitute* "src/engine/shared/network_token.cpp" + (("engine/external/md5/md5\\.h") + "md5.h")) + (substitute* "src/engine/client/graphics_threaded.cpp" + (("engine/external/pnglite/pnglite\\.h") + "pnglite.h")) (substitute* "src/engine/client/sound.cpp" =2D (("#include ") =2D "#include ")) + (("engine/external/wavpack/wavpack\\.h") + "wavpack/wavpack.h")) + (for-each use-latest-json-parser + '("src/game/client/components/countryflags.cpp" + "src/game/client/components/menus_settings.cpp" + "src/game/client/components/skins.cpp" + "src/game/client/localization.cpp" + "src/game/editor/auto_map.h" + "src/game/editor/editor.cpp")) #t)) (replace 'build (lambda _ =2D (zero? (system* "bam" "-a" "-v" "release")))) + (invoke "bam" "-a" "-v" "conf=3Drelease"))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) =2D (let* ((out (assoc-ref outputs "out")) =2D (bin (string-append out "/bin")) =2D (data (string-append out "/share/teeworlds/data"))) =2D (mkdir-p bin) =2D (mkdir-p data) =2D (for-each (lambda (file) =2D (install-file file bin)) =2D '("teeworlds" "teeworlds_srv")) =2D (copy-recursively "data" data) + (let* ((arch ,(system->linux-architecture + (or (%current-target-system) + (%current-system)))) + (build (string-append "build/" arch "/release/")) + (data-built (string-append build "data/")) + (out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (data (string-append out "/share/teeworlds/data/"))) + (for-each (cut install-file <> bin) + (map (cut string-append build <>) + '("teeworlds" "teeworlds_srv"))) + (copy-recursively data-built data) #t)))))) =2D ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG =2D ;; library without a build system. (inputs `(("freetype" ,freetype) ("glu" ,glu) + ("json-parser" ,json-parser) + ("libmd" ,libmd) ("mesa" ,mesa) =2D ("sdl-union" ,(sdl-union (list sdl =2D sdl-mixer =2D sdl-image))) + ("pnglite" ,pnglite) + ("sdl2" ,sdl2) + ("sdl2-image" ,sdl2-image) + ("sdl2-mixer" ,sdl2-mixer) ("wavpack" ,wavpack) ("zlib" ,zlib))) (native-inputs `(("bam" ,bam) =2D ("python" ,python-2) + ("python" ,python-wrapper) ("pkg-config" ,pkg-config))) (home-page "https://www.teeworlds.com") (synopsis "2D retro multiplayer shooter game") diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gnu/= packages/patches/teeworlds-use-latest-wavpack.patch index e9fd99108..3ad1340d2 100644 =2D-- a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch +++ b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch @@ -1,10 +1,20 @@ =2DDownloaded from https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/= plain/debian/patches/new-wavpack.patch. +Downloaded from https://salsa.debian.org/games-team/teeworlds/raw/master/d= ebian/patches/new-wavpack.patch. =20 =2DThis patch lets us build teeworlds with wavpack 5.1.0. +From: Markus Koschany +Date: Thu, 25 Oct 2018 20:52:27 +0200 +Subject: new-wavpack =20 +Make wavpack compatible with Debian's version. +--- + src/engine/client/sound.cpp | 33 +++++++++++++++------------------ + src/engine/client/sound.h | 4 ---- + 2 files changed, 15 insertions(+), 22 deletions(-) + +diff --git a/src/engine/client/sound.cpp b/src/engine/client/sound.cpp +index 048ec24..80de3c5 100644 --- a/src/engine/client/sound.cpp +++ b/src/engine/client/sound.cpp =2D@@ -328,17 +328,14 @@ void CSound::RateConvert(int SampleID) +@@ -325,10 +325,6 @@ void CSound::RateConvert(int SampleID) pSample->m_NumFrames =3D NumFrames; } =20=20 @@ -12,10 +22,10 @@ This patch lets us build teeworlds with wavpack 5.1.0. -{ - return io_read(ms_File, pBuffer, Size); -} =2D- =2D int CSound::LoadWV(const char *pFilename) +=20 + ISound::CSampleHandle CSound::LoadWV(const char *pFilename) { =2D CSample *pSample; +@@ -336,6 +332,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFile= name) int SampleID =3D -1; char aError[100]; WavpackContext *pContext; @@ -24,17 +34,18 @@ This patch lets us build teeworlds with wavpack 5.1.0. =20=20 // don't waste memory on sound when we are stress testing if(g_Config.m_DbgStress) =2D@@ -351,19 +348,23 @@ int CSound::LoadWV(const char *pFilename =2D if(!m_pStorage) =2D return -1; +@@ -349,25 +347,29 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFi= lename) + return CSampleHandle(); =20=20 + lock_wait(m_SoundLock); - ms_File =3D m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_= ALL); - if(!ms_File) + File =3D m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL= , aWholePath, sizeof(aWholePath)); + if(!File) { dbg_msg("sound/wv", "failed to open file. filename=3D'%s'", pFilename); =2D return -1; + lock_unlock(m_SoundLock); + return CSampleHandle(); } + else + { @@ -43,7 +54,14 @@ This patch lets us build teeworlds with wavpack 5.1.0. =20=20 SampleID =3D AllocID(); if(SampleID < 0) =2D return -1; + { +- io_close(ms_File); +- ms_File =3D 0; ++ io_close(File); ++ File =3D 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } pSample =3D &m_aSamples[SampleID]; =20=20 - pContext =3D WavpackOpenFileInput(ReadData, aError); @@ -51,7 +69,29 @@ This patch lets us build teeworlds with wavpack 5.1.0. if (pContext) { int m_aSamples =3D WavpackGetNumSamples(pContext); =2D@@ -419,9 +420,6 @@ int CSound::LoadWV(const char *pFilename +@@ -385,8 +387,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFile= name) + if(pSample->m_Channels > 2) + { + dbg_msg("sound/wv", "file is not mono or stereo. filename=3D'%s'", pFi= lename); +- io_close(ms_File); +- ms_File =3D 0; ++ io_close(File); ++ File =3D 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } +@@ -401,8 +403,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFile= name) + if(BitsPerSample !=3D 16) + { + dbg_msg("sound/wv", "bps is %d, not 16, filname=3D'%s'", BitsPerSample= , pFilename); +- io_close(ms_File); +- ms_File =3D 0; ++ io_close(File); ++ File =3D 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } +@@ -429,9 +431,6 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFile= name) dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError); } =20=20 @@ -61,14 +101,16 @@ This patch lets us build teeworlds with wavpack 5.1.0. if(g_Config.m_Debug) dbg_msg("sound/wv", "loaded %s", pFilename); =20=20 =2D@@ -527,7 +525,5 @@ void CSound::StopAll() =2D lock_unlock(m_SoundLock); +@@ -560,7 +559,5 @@ bool CSound::IsPlaying(CSampleHandle SampleID) + return Ret; } =20=20 -IOHANDLE CSound::ms_File =3D 0; - IEngineSound *CreateEngineSound() { return new CSound; } =20=20 +diff --git a/src/engine/client/sound.h b/src/engine/client/sound.h +index ff357c0..cec2cde 100644 --- a/src/engine/client/sound.h +++ b/src/engine/client/sound.h @@ -21,10 +21,6 @@ public: @@ -81,4 +123,4 @@ This patch lets us build teeworlds with wavpack 5.1.0. - virtual bool IsSoundEnabled() { return m_SoundEnabled !=3D 0; } =20=20 =2D virtual int LoadWV(const char *pFilename); + virtual CSampleHandle LoadWV(const char *pFilename); =2D-=20 2.19.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h+cwAKCRBh71Au9gJS 8vuPAQC61zDZU1DCN9gbznDK941IZGv9isiKv1Ik4mWGkE6+zwEAgwfkouzxHBix n7oIl/OXYqCZH9KpJVqPiw+UKrEhrQU= =Xatc -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 14:13:29 2018 Received: (at submit) by debbugs.gnu.org; 11 Nov 2018 19:13:29 +0000 Received: from localhost ([127.0.0.1]:46747 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLvAm-0003yw-49 for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:13:29 -0500 Received: from eggs.gnu.org ([208.118.235.92]:50296) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLvAk-0003yi-Q5 for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:13:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gLvAf-0008Kb-10 for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:13:21 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:39381) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gLvAd-0008Js-6h for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:13:20 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59894) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gLvAb-00086c-II for guix-patches@gnu.org; Sun, 11 Nov 2018 14:13:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gLvAY-0008Hb-DF for guix-patches@gnu.org; Sun, 11 Nov 2018 14:13:17 -0500 Received: from mail-pg1-x543.google.com ([2607:f8b0:4864:20::543]:42186) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gLvAY-0008H8-6S for guix-patches@gnu.org; Sun, 11 Nov 2018 14:13:14 -0500 Received: by mail-pg1-x543.google.com with SMTP id i4-v6so3020659pgq.9 for ; Sun, 11 Nov 2018 11:13:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=VGeDDWTdN2ryX40LJXM3xZpa20mVu1a5rZ1LRc8ajkg=; b=KBXkuIB4lCNhaR6bRS8qonUYKmluguptE70vENz3bPpV6uEcUyDWFaLAqUmyOkFJn5 CGs6hPfJ8CyAVdtVQWsPKHp2e7mq/J+YHw6CwzUXNYpil+4Q1aAnzOO74wWiEjQBUlg3 4FfRHUep/xq9MXQj284zd5RiEhH+1f+1tzaNoZH+Wh/3yWFw7ZEeikMsqUrMMfTW4Dec 7FFAfCUVvy/mrQoXnC0kB+hsCSO64+5onT/JZGTkKVUBC0cVIN954Ac8q0C/T6VVdDPM 3RXdn31SpodLWj9Ko4uW7KE0QnIh19J+a1vhizImvt8+8YEvLpaVtgu3wjXWGaoBbjPT 5P9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=VGeDDWTdN2ryX40LJXM3xZpa20mVu1a5rZ1LRc8ajkg=; b=DJsQUL/tpOs6JbPdX7IR0x/SQrKvqtMWfnNBcv6q9t1SjIZqYUroJiI1cO4bE7sJQa EZG+6YT4tvsGPYoGwpllZIkvcDvAmSdr2FVXiSGi1lC9IBadJPTgKlV3b3Prr8dfrAON PTZCg8N9n48Llm9VRpdmPDIPqaunJDdb1cneFPk7BX5w/EXBSZRfxYCEXFQ1m2GSzXIH EAft2Bk6mT6MwIWS1PLQ0NNQRo/1gECBIwLQ6SpJTeA+xad5g3Y09xcHZKmrOOrisL8X Zhh3TeT6PKV66gZCOl+9AvKwGuBt5NU5Uj9Mh6Y6LeqNuUkckIWiVi/PcHTNN8ryAePO BLPg== X-Gm-Message-State: AGRZ1gJZWXVehzf6ErWSyCfjt/9zpX1ChivGwCFQ0WjXkprk6lo6OMft wkiJnwAat0S/NAKqXto1iGc= X-Google-Smtp-Source: AJdET5e9hkD0SKGsT1uU+tV34QmUJYRH3IGnjc8Em1huhkRwRrd6Ta93PfxbsZNXIn6YFVIulhl9vg== X-Received: by 2002:a63:eb0e:: with SMTP id t14mr15043180pgh.445.1541963593197; Sun, 11 Nov 2018 11:13:13 -0800 (PST) Received: from debian (1-36-201-233.static.netvigator.com. [1.36.201.233]) by smtp.gmail.com with ESMTPSA id b69-v6sm15374986pfc.150.2018.11.11.11.13.11 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Nov 2018 11:13:12 -0800 (PST) From: Alex Vong To: guix-patches@gnu.org Subject: Re: [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. References: <871s7r3095.fsf@gmail.com> Date: Mon, 12 Nov 2018 03:13:09 +0800 In-Reply-To: <871s7r3095.fsf@gmail.com> (Alex Vong's message of "Mon, 12 Nov 2018 03:03:18 +0800") Message-ID: <87a7mf1l8a.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -3.8 (---) X-Debbugs-Envelope-To: submit Cc: alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.8 (----) --=-=-= Content-Type: text/plain Alex Vong writes: > Tags: patch, security > > Hello Guix, > > This patch set upgrades teeworlds to its latest version in order to fix > CVE-2018-18541, which is present in teeworlds before 0.6.5. > I forget to mention I also remove all bundled libraries. > Cheers, > Alex --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h/RQAKCRBh71Au9gJS 8qEIAQC1x22IgYyoL4cUAFSV41dwlXH9rbvwGLvwdPrqpcNBWgD9FeDhiHm13n8v IoTQoNAf25Uj+uR9bEW7sUZRfACDDgg= =TK+i -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 13 11:48:00 2018 Received: (at 33347) by debbugs.gnu.org; 13 Nov 2018 16:48:00 +0000 Received: from localhost ([127.0.0.1]:50531 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMbr6-0003ZL-42 for submit@debbugs.gnu.org; Tue, 13 Nov 2018 11:48:00 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:58763) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMbr4-0003Z7-2E for 33347@debbugs.gnu.org; Tue, 13 Nov 2018 11:47:58 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 10B95891; Tue, 13 Nov 2018 11:47:52 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 13 Nov 2018 11:47:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=Y1kk9DNSXphhAzX9SGwh8n7r ofJ/6RvkQVx13rE8aVE=; b=bqg/JvLlXEEQtBWg0nSk2b7F20NkpXXcpFZEZxCT Ri0TzNVgW+R69TZXhs34nFAKBnAPg3N13JzO/FcCsPMyVHFhLO2uYbZ4xq7az5XX iY9kBrY58LMk8dr8y0Xs7K80cR//8nX0JgAKv3q8ux+shnJRaRiTX1uqENFgAjRa 8A0= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=Y1kk9D NSXphhAzX9SGwh8n7rofJ/6RvkQVx13rE8aVE=; b=TRrnsXp/fC6V1gaLETXTkl Z8hEm9Mml3/SMIvCBEUhhUlq/OUvkn6oIwU4eUnoY7FCSjg7b4jJQ00v2WW2pjTq /mOzhtbNlO7ci1Y/eRS5QFS0Q7bTaSgkvsF0l71ohJhtWiAc93uMvrH89ViBMf/m C2WCJxJ5GzjL6jtX+Z5aoyAlXFbFaVmn+NGEm1OJZgRc+mlKxIu7R3CxYCgKcwap W3isDqJTCeINtZdvaJxn+BZmZIBpw/tEetqJCMTxRKMBUO4DKtllKEapsx/ytuZo 4ENc2aOEduIkAKCPpFrk0g8W7QtUjPHNNeMzF2bNQ0qy/3us95LJv/Vcrm6M0/Rw == X-ME-Sender: X-ME-Proxy: Received: from localhost (pool-71-105-200-72.nycmny.fios.verizon.net [71.105.200.72]) by mail.messagingengine.com (Postfix) with ESMTPA id 3A186102E4; Tue, 13 Nov 2018 11:47:50 -0500 (EST) Date: Tue, 13 Nov 2018 11:47:49 -0500 From: Leo Famulari To: Alex Vong Subject: Re: [bug#33347] [PATCH 3/4] gnu: Add json-parser. Message-ID: <20181113164749.GA8498@jasmine.lan> References: <871s7r3095.fsf@gmail.com> <87o9av1lf3.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: <87o9av1lf3.fsf@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 12, 2018 at 03:09:04AM +0800, Alex Vong wrote: > From 6696a1dd8c69b9349c4897d1ce5b73d585d9f077 Mon Sep 17 00:00:00 2001 > From: Alex Vong > Date: Mon, 12 Nov 2018 02:23:27 +0800 > Subject: [PATCH 2/4] gnu: Add json-parser. >=20 > * gnu/packages/web.scm (json-parser): New variable. > + (arguments '(#:tests? #f)) Please add a comment explaining why we skip the tests. If there are no tests, it can be as simple as "No test suite.". > + (description "Very low footprint JSON parser written in portable ANS= I C. Please use a complete sentence. For example, "This package provides a very low footprint ...". --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvrADUACgkQJkb6MLrK fwjQZA/+NApPELGIyqyMQ51SuTINHyBDwyoB0+PVOtqL8Xob68W4yvTbjHI/enHF r11kckwcCkmbutRs1kRJFtXKQ+IcdtTaZAX4v2ptH7sJUuTXwM9lRX29V66rzeZ5 7eORGz80/ZK53O92zjvewkd8cK/nFsGjsiZ4EphC1OAnJ6Qm85uIkA+KhxN+Vmxy x/G27IOAo/WPBf4PBoVJg1Mq6FGZbhQNXkBkCYItQgbDcGHGRwulfeEkBo4pl3od ZuJ2I5FozcAbwpcPnPw+Z3jvs9eiKvKQbYGjQBVRmlIQ4buRqnjy2CQogpiMrEIk +4YOJCti1mb8gnKAXVUOGgOBEt0TA12G0Vzy4uwnI4d4EM3wZ29Do9y4A85GgtIU NxFsU2Tk/J+ZLheT56JZoxi41/zsOzVFlYMjJ0AywBLzDJuxm6klz3eP2DGEPEO6 /WwvU6ckMw0fpDVpeFf+S9kEn+TkzK/16Fsl1cUm9K8QzELg2aDmcSr+9ympPbAq eJbMzf4wvimexjl3ovQtXoIU6HNXRcUKijL42cLjnk7oEDT/Hc+4Gq0rnwyxXswZ Y4WMTQ0OI5JANDPLWVGMtFagrQ+u8SE+tFcMZNrEKoqdiJkIltge8NK+gOb1PbEa Llak6nva48mZwuHsCVqOT6ctUhbvhopwu1W5+6FA+7OdRIlOeaA= =Eb+Q -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 13 11:49:09 2018 Received: (at 33347) by debbugs.gnu.org; 13 Nov 2018 16:49:09 +0000 Received: from localhost ([127.0.0.1]:50536 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMbsD-0003bN-Dl for submit@debbugs.gnu.org; Tue, 13 Nov 2018 11:49:09 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:43805) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMbsC-0003b9-2Z for 33347@debbugs.gnu.org; Tue, 13 Nov 2018 11:49:08 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 2C1CD93A; Tue, 13 Nov 2018 11:49:02 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 13 Nov 2018 11:49:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=QBw95awvhlMZFbuY37kYXQXd 5JXo3u0yFB9nBS3iOaw=; b=dDCm8p/XTYTjlUEMDYJEPROcoPwZ+lHLQfrX+UkG Hk7Y8e17pUqgsier9MOuSUp4hrzsS+LQL8e2QwIuyZW4/i6ORSf1PfeoLaVX2Ri4 pZt7KYWwhLXsqX7+8nAwUcdHoqeLkXWgLgLAcgAfjZYklraXiPGSKYyMZWKu3sVf udw= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=QBw95a wvhlMZFbuY37kYXQXd5JXo3u0yFB9nBS3iOaw=; b=fWE7urFGyJFdvkOjIuWQgS Oty/9QujzW/m9XN+ot9LSPn5YxTmM+pC/ach489dcavHVklNbfr/krj2Fqm88KPv NGKqg2Cwx6PjQ3WfB3qgP5Y/S7sSrfXokOZKDEWYSNwjRwUorcB6l3BvzcWWCPdr 33eioyCno6YU7zgjIev6MMv4YPWSNPWLE6xwJ5F/HDq4vZdkW/VlZf9U22MI7x5O r1RJbQ/MA+HIFHQIvDpXgCAdvoiaNulxNUKBnWFK4ryv5f/VKA8s2GDhbUAZO6Wm Pk3KtO8txQ+OwvXELPtdTMwNPO7IsWdoGdzeuDfTWhRT3pwJZOi6oTHFwnKBe+mg == X-ME-Sender: X-ME-Proxy: Received: from localhost (pool-71-105-200-72.nycmny.fios.verizon.net [71.105.200.72]) by mail.messagingengine.com (Postfix) with ESMTPA id 295B5102EA; Tue, 13 Nov 2018 11:49:01 -0500 (EST) Date: Tue, 13 Nov 2018 11:49:00 -0500 From: Leo Famulari To: Alex Vong Subject: Re: [bug#33347] [PATCH 2/4] gnu: Add json-parser. Message-ID: <20181113164900.GB8498@jasmine.lan> References: <871s7r3095.fsf@gmail.com> <87sh071lic.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="IrhDeMKUP4DT/M7F" Content-Disposition: inline In-Reply-To: <87sh071lic.fsf@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --IrhDeMKUP4DT/M7F Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 12, 2018 at 03:07:07AM +0800, Alex Vong wrote: > (source (origin > (method url-fetch) > - (uri (string-append "http://github.com/downloads/matricks/" > - "bam/bam-" version ".tar.bz2")) > + (uri (string-append "https://github.com/matricks/bam" > + "/archive/v" version ".tar.gz")) We should consider fetching the source with Git =E2=80=94 these auto-genera= ted GitHub snapshot tarballs may change in the future. --IrhDeMKUP4DT/M7F Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvrAHwACgkQJkb6MLrK fwjziBAAwnrQBmaR6tRhmtssxxKIG0fyMHEIRQ+EqBE1wElb6Y2iZTJwa8No/B7e vfYkhXy+LGnRVCjYwNFcEWgQCGob3HYoU0a5GBLD59AHwGo33NneE8AI/6HXYIQw sJFa8TyBMxd48LqRBrBdZkpVWZg9kub2tJjhTUNwLDg4GqQm2pdKgB3ple3bC/4p k7umQIg3btLt3O9heUanOU7uUARKz4I/0h50Mq2lH4b8tPJ0CnZbXOcQX6qotJc6 bcV0G/rsDxEtWlFbcox3/2aifGHZWLnIIXH9mlP+u8ZHJ7oiaHJMH1RR0K8RUBWo VVhclROD2RK2CiXIedSDwXC+nGUBBXEubRJJMEHdt6qZQuYPnggAdunIP/CASqZX j8fDfRxo5ECNZh+UOzTcR5FAo+AOZ/3grcnxkEGmhD/J+q0ypfLr6jjJBi6Z8psT gkvKlImWqwz41E1JhbTT0G6yOFI3bwyx+DfY1tM7j7R9aiwFFG6be50tvhXTp9NS XKCfsQjOUBBj8oBXcLTo3fxOOZHQ/iSK8jP9/HgCkjo38t0k7SqGk/ZytF/2zMvx 9R7b/2vr5KKjjPJWjaC2dO8xdQScE2nQMtGCRqfSlVsR2RDwT4Ian3ltOmtb1wfg mN2cAhqBDIl7OeoCu8GaHHYIKQXcIN2oYg8hvn5XhMOGkWpKTLs= =1ex1 -----END PGP SIGNATURE----- --IrhDeMKUP4DT/M7F-- From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 13 11:53:19 2018 Received: (at 33347) by debbugs.gnu.org; 13 Nov 2018 16:53:19 +0000 Received: from localhost ([127.0.0.1]:50544 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMbwF-0003he-8C for submit@debbugs.gnu.org; Tue, 13 Nov 2018 11:53:19 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:59159) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMbwD-0003hP-Qh for 33347@debbugs.gnu.org; Tue, 13 Nov 2018 11:53:18 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 6673293A; Tue, 13 Nov 2018 11:53:11 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 13 Nov 2018 11:53:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=fKwhB+353jTY1yRYEzk0MZJ4 YUkZo8U2JXGzT35h4x0=; b=Wc4XTTx6urvIM+Eb049/tm+8f9+ObmJ17AyVAYd4 aK2gONpogmObL/4/g5FZi+f54HKJwPOK3BiFT9oojCwTsr1j7zdRD2MX0njVcsHO nPIbTO11xEQkpOUt2P+d4CrFTW54dJdumUuZh9SnMaHcj4gIs8gXwfew5PCLl7Ob /qg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=fKwhB+ 353jTY1yRYEzk0MZJ4YUkZo8U2JXGzT35h4x0=; b=dyPt5kY0NsNPRRb/8ACvDy vBUqYTTu98VktM7fMFQvXYJ2MxfJU0myz+av8q0iI7ekB4iMIARM5JsPPuYVuGv4 Eyo1nBZb9ghAkQLicbA+hxGurE2fnEdPuIr8SkPOD5cpD1ZDqiE2c+Wc0t71J+eb ZvkMLnBU/Pv/WEhr2GBeZe8y5wuY7sunkvoYxcBf20xFj29amboKZKV1FdJl6zy1 hI3DcKY6u9pUGcwzEOAo1eLMNJoIcQ2XShIf/wnEsI3TIVqhGs9pzKRtgKnPRqF8 ZyCUrHBjWX0ubqDDQYC4bzmLeYMf75YhckeGLQHVXVXpCAlXxZe258ldXMhC17Kg == X-ME-Sender: X-ME-Proxy: Received: from localhost (pool-71-105-200-72.nycmny.fios.verizon.net [71.105.200.72]) by mail.messagingengine.com (Postfix) with ESMTPA id A8B39102DE; Tue, 13 Nov 2018 11:53:10 -0500 (EST) Date: Tue, 13 Nov 2018 11:53:10 -0500 From: Leo Famulari To: Alex Vong Subject: Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. Message-ID: <20181113165310.GC8498@jasmine.lan> References: <871s7r3095.fsf@gmail.com> <87k1lj1le4.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="gr/z0/N6AeWAPJVB" Content-Disposition: inline In-Reply-To: <87k1lj1le4.fsf@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --gr/z0/N6AeWAPJVB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 12, 2018 at 03:09:39AM +0800, Alex Vong wrote: > (replace 'configure > (lambda* (#:key outputs #:allow-other-keys) > + (define (use-latest-json-parser file) > + (substitute* file > + (("engine/external/json-parser/json\\.h") > + "json-parser/json.h") > + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);= ") > + "json_parse_ex(&JsonSettings, > + pFileData, > + strlen(pFileData), > + aError);"))) > + Please add a code comment explaining this. > - ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG > - ;; library without a build system. These sorts of mini-libraries are designed to be copied and pasted into host projects rather than packaged on their own. That's why they don't include a build system. For example, many cryptographic primitive implementations are distributed this way =E2=80=94 that's why you never see= a package for 'SHA256'. Is there a particular reason we should unbundle pnglite? --gr/z0/N6AeWAPJVB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvrAXUACgkQJkb6MLrK fwg5rBAAkV7c6kOp6J0nBxmTjX8ChY3gvrjMyF7S0xBJrR7xLQBz1C+bICdFk7qQ LS5XQ/m0thJmyCIUsaN9XXqTNvX37d3B+ZGqL+DoW1QZ919H98TqMrFxnTaQd+4q qwbQpRFbj1WRgkwQYVydPwall1BzwnxRkxp63UrIa4fnloExaSzLZQKE28ckrDeL OahayLKL/OHqs5ufRDq5TPRFYrccnfc4G29r3tWMf/AxP0bnrpG7ArXf9c9lRdib LvZwfDy3c4Er6fOj7idk90M1+SdTfcXO2mpYCFQ65f/E8vQuxHF7KlOgLGb2upKn 2WECnLFag+10CVgnUGozi7N1N9M+Z8vg4zdnExD5fdlnry205I1itt/+0Al7nvEc hyc1CRyhBxSVqSnPplILL7uXv95UVCppyvJrxaWmsS4pLOOXPbIg1X3t4gaSEvO2 dSrgXHwXJDoR/KQ8aJKaiywKrggNeR9nLipySSVLkPyMi4YW43EC2q6XzKUJurB/ aDtwKVwpseBZ+cKdVBcJQyhjJr6gToB1noCuS0cfJ+EKBJ188kHbGTsa/3ulrHZ8 S43QqjCiw4brxD2dHVtQj/cVZnFH0KkFXF9iGIjvdYKVjn6VWBtZ7CaW36gPRwud LbX46/Dq6hl7wuiidqZzoMtD1pJ5VgIWMvszVXjbnibg55doOrg= =xckU -----END PGP SIGNATURE----- --gr/z0/N6AeWAPJVB-- From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 13 11:54:26 2018 Received: (at 33347) by debbugs.gnu.org; 13 Nov 2018 16:54:26 +0000 Received: from localhost ([127.0.0.1]:50549 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMbxK-0003jR-Jh for submit@debbugs.gnu.org; Tue, 13 Nov 2018 11:54:26 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:55963) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMbxI-0003jC-Ng for 33347@debbugs.gnu.org; Tue, 13 Nov 2018 11:54:25 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 0289FC15; Tue, 13 Nov 2018 11:54:18 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 13 Nov 2018 11:54:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=2hoWM3Ffn7NIB4gEtm4mjNkS 4X819dKSoabrUl4cz3k=; b=y/08WhHFN8lTvBsQjFdAxAzF4pj/jd5pBHmJRUMv mvfa5gVCJ08UcWcZNLyNjXDJ4YlyFb11hTDua7dR0hnV4Znqm7q37QQsKBiBVazz vkbDGbKh9N1UOYdgjk/chxIvINANltMl7VbQzDfZMc3jnp4KvmAb2n2SIIl2Wonm 1Ew= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=2hoWM3 Ffn7NIB4gEtm4mjNkS4X819dKSoabrUl4cz3k=; b=TBv7Sxr2K/oKK+01P9DJGO +U1MwG8L0RDkSxxKA9GbkfHL+0/ARzj//XQvYgqEfoXElIgO+iO/WoxliwQ+WJay g8t1+1XqDwupx0Sg3JoHrt5ssHxrY7jB+cEwTIH0ZHnscVqsMrjbSekT8Og3ktKp /fVU+i5iinf0cCin2E1b53Jn9uFqtJwaxzHPaYnUES2AcugMLF73aa4uZZcnh7RB ojxKeCUjrU7+7K7e28yo9eXduAKpfgMff/edzDPMzX7CBDxnIHeFzrphsQtr5+AI EKiXTlV9bpZVsIla/7+jXxAEmIC4OBI84uN4IdkutCVutETJ4YEXT80Y2SBmffTQ == X-ME-Sender: X-ME-Proxy: Received: from localhost (pool-71-105-200-72.nycmny.fios.verizon.net [71.105.200.72]) by mail.messagingengine.com (Postfix) with ESMTPA id 12554102ED; Tue, 13 Nov 2018 11:54:18 -0500 (EST) Date: Tue, 13 Nov 2018 11:54:17 -0500 From: Leo Famulari To: Alex Vong Subject: Re: [bug#33347] [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. Message-ID: <20181113165417.GD8498@jasmine.lan> References: <871s7r3095.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="fOHHtNG4YXGJ0yqR" Content-Disposition: inline In-Reply-To: <871s7r3095.fsf@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --fOHHtNG4YXGJ0yqR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 12, 2018 at 03:03:18AM +0800, Alex Vong wrote: > Tags: patch, security >=20 > Hello Guix, >=20 > This patch set upgrades teeworlds to its latest version in order to fix > CVE-2018-18541, which is present in teeworlds before 0.6.5. I sent my comments to the individual patches. Thank you! --fOHHtNG4YXGJ0yqR Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvrAbkACgkQJkb6MLrK fwgiexAA3FTA6Ups1nD0VSyWhFFWUCprzhD+pGT+bbSky53wTs189ILkso+MXEzO f8DIQLqJIhemWOxW7bEHbg4J1YU0uIjkIhNExJIiJEJ9OrR1O1QISrqBp8vqwdyD 1KvHuIApOsnKiUPhq4UsABfO2uu5doDC/1m+sQlyA/cLtT3CSE2azedz9NHSNNlr wsKzTg2+GXL+kjJetNA0WQZvmXge6IKJwerEahrfjg+NgkkFqzn/++CSbBWh0dLV Ly4DuEBR26VKxjiw0/DBSAxaEzdxCTHkMNLPNdIuQTaeF3A9ivFUDNr9JrGGpnX7 8amuCMCJo33umg5BOHfhA5CrgeguO/WVm+D+7c6ARVuPXmJop3/LxphN03McL/Rt 8uVf5VBvmNlhJUcuR2b17KkzVs3pbLujYFwptOmbWqVIc9je6CEF1YBkSXUbWaWE c/uN6lJ6qZq2en3xZjbW/qnIXCRhLsn2Lxzb0Brfi2TbSFdbRMztwbqQs9jOaWSh XJZdhi12APXx+8eoq78MLxGYYdmHm59rrzu3U1RJEPAhei1/g+8s6W8BUy6+6B+P 3jog8k9HPg9RTZ/l4AEwxKHS452ZzzVGbO/qA9jSAdO8vsVHmtWn1C+7sX8vQFMJ QWgFCdjFD+R7v+gMXTBRGVOPVWhvfO200ojwvz4F62vYsNjXSb8= =pv2m -----END PGP SIGNATURE----- --fOHHtNG4YXGJ0yqR-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 14 08:14:31 2018 Received: (at 33347) by debbugs.gnu.org; 14 Nov 2018 13:14:31 +0000 Received: from localhost ([127.0.0.1]:51077 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMv03-0003Yv-Ik for submit@debbugs.gnu.org; Wed, 14 Nov 2018 08:14:31 -0500 Received: from mail-pl1-f194.google.com ([209.85.214.194]:45748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMv01-0003Yi-AC for 33347@debbugs.gnu.org; Wed, 14 Nov 2018 08:14:30 -0500 Received: by mail-pl1-f194.google.com with SMTP id a14so3181071plm.12 for <33347@debbugs.gnu.org>; Wed, 14 Nov 2018 05:14:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:cc:subject:in-reply-to:references:user-agent:date :message-id:mime-version; bh=ZIhBGDVMeldzROLuyAiyLrdy89MpZAxV+U0rqPolUco=; b=fMBBtsSJIbGp8hMvJNeG2T7BXQS1+tCkwk8Mr4PKAVXvT+8gD4Y9UQVBuUPMNtT8Zf E30QJKFhqXb8eQ61q3dizUf3ZNRlQp/HnYUn7mZG2IVmiWsxpVEOzcMqm7jKOGpvyYUE WW3kx4kLrZDSlXl1OUKne9rtRuL0sepQAWwuCIvLcRQ3en68TVd47AEUwfm5VDsBQF75 3pwwVQQTjbTmnhfILoa+3VwqRAuM4qHXVULvb8muygnmaCRFYThXTuYXmRWxyGTevKR7 VqquGsA7IMQRer2M9nzzER27eoLeSV5108J3BHsrtS6F+g7HAXK4iVhhSfpw4v8/CnMy W7TQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:cc:subject:in-reply-to:references :user-agent:date:message-id:mime-version; bh=ZIhBGDVMeldzROLuyAiyLrdy89MpZAxV+U0rqPolUco=; b=ZL4TcMUQ3gUdua/vo9g8mBG89cO6WnbIAixkMUut6Y2vsUcgxOCDJZheykIB8g8nE6 K01+YUUzNr6mXysSTgFwPmcoU0u/ak80NLj8A58zX/lJsiqndgVag9JmyIqLJGF4WxQb Tee4kz9CQTOZu+cw/VSGx0RyUdfAbmeGOI9Quq/DSR21COaIi5FDyCRAClWrew2L5rpI Fw9XMVAK2V71DyPkcPlJdAZBB02tzPQc+ofFHcBokIMxrsO7RH794U/piQF5Etv7KvaM qvmZypN9YAemXdnQgqWT8ZNv3U89Nd6oFMGj0zz1LTKM8A1ln9njFpzCZYw6PDkmd2kF TWgA== X-Gm-Message-State: AGRZ1gLP0XYf3zARuDTO9po/IQCw2a+8Yg+KP48J1j7+/USIQ4kGGRb7 YmDbVRGvOX8n/fDD2D9jHpA= X-Google-Smtp-Source: AJdET5fNT9E4X4RUUpbduwE4wtFyyWtPclbhaNRBui2w/EudHMUV+oXfSaYD7R85dSGLJOePfzjUJQ== X-Received: by 2002:a17:902:2ac3:: with SMTP id j61mr1860272plb.185.1542201263419; Wed, 14 Nov 2018 05:14:23 -0800 (PST) Received: from debian (1-64-83-198.static.netvigator.com. [1.64.83.198]) by smtp.gmail.com with ESMTPSA id i193sm31239139pgc.22.2018.11.14.05.14.19 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Nov 2018 05:14:22 -0800 (PST) From: Alex Vong To: Leo Famulari Subject: Re: [bug#33347] [PATCH 3/4] gnu: Add json-parser. In-Reply-To: <20181113164749.GA8498@jasmine.lan> (Leo Famulari's message of "Tue, 13 Nov 2018 11:47:49 -0500") References: <871s7r3095.fsf@gmail.com> <87o9av1lf3.fsf@gmail.com> <20181113164749.GA8498@jasmine.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) Date: Wed, 14 Nov 2018 21:14:03 +0800 Message-ID: <87bm6r3ip0.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org, alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Mon, Nov 12, 2018 at 03:09:04AM +0800, Alex Vong wrote: >> From 6696a1dd8c69b9349c4897d1ce5b73d585d9f077 Mon Sep 17 00:00:00 2001 >> From: Alex Vong >> Date: Mon, 12 Nov 2018 02:23:27 +0800 >> Subject: [PATCH 2/4] gnu: Add json-parser. >>=20 >> * gnu/packages/web.scm (json-parser): New variable. > >> + (arguments '(#:tests? #f)) > > Please add a comment explaining why we skip the tests. If there are no > tests, it can be as simple as "No test suite.". > OK >> + (description "Very low footprint JSON parser written in portable AN= SI C. > > Please use a complete sentence. For example, "This package provides a > very low footprint ...". The description was copied from upstream, but of course we can improve it. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+wfmwAKCRBh71Au9gJS 8r2rAP9UTht2031ZRuMH592By3UXUAy+BvCwcx99WI0XjJnu5gEAnV9ir3/zYRvT k+EirxIZnlAtgp8GzEJlqx0myUCZvQ0= =+4bR -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 14 08:20:15 2018 Received: (at 33347) by debbugs.gnu.org; 14 Nov 2018 13:20:15 +0000 Received: from localhost ([127.0.0.1]:51081 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMv5b-0003hb-88 for submit@debbugs.gnu.org; Wed, 14 Nov 2018 08:20:15 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:45026) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMv5Z-0003hP-Ky for 33347@debbugs.gnu.org; Wed, 14 Nov 2018 08:20:14 -0500 Received: by mail-pl1-f196.google.com with SMTP id s5-v6so7775813plq.11 for <33347@debbugs.gnu.org>; Wed, 14 Nov 2018 05:20:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=25dHQz3Y6IqFqKOGg8ALF/bz2Sc0Mei4XFbwHn0AX6I=; b=BYPWJfJcU1Xd4ZlPjVI1fmlRJi3NE4/iwUymMcCbEFPQbWnx9rJl9KPV87/uYkFiiI sKVzyBcUjlkrQP4MkLXhP2MJkCv3xv/EWBnNF+7vNQ8LgPqKEKWxa+eaUWGNM4PPBilM DtBpLui04P3dryHRw0KlSvUwyoUnlbO+8WIoDly8Gqa+NPQ5HZs5njuw1gRuFuk9rHTQ mYULT+aTHlhRYoKXvM8NphkYggLwtCP0kqlxRU0qirx05Iqmg+sD8URvFdZj0nri6j6u YJRLcblfm/srK18df+aif5neykMsDkSY5trb5b3hNvgLeHlHhR+n1kz+ZHIrEUvYftLL 942g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:cc:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=25dHQz3Y6IqFqKOGg8ALF/bz2Sc0Mei4XFbwHn0AX6I=; b=ezaHCbOCUW0E6qc2K/VfFTTaWdudpat57lJik6v9fc2Wj7fLk6Xfy9jjKwSKjR5c+j LyMcBpr9jaxeMvZm+I0iueYCyM42S4vXupLXNZ7b7714YGZ8UyN3K6J020qZiPhHfH5N xHOPekbVqBT14xDy0tS2CY64K8mhEiPBxoN+FDtLx+oCqJmQMAW2Fo9a+uk9pHc7yKmp +KZ1flzjVS8bzd1Y0of4yF7FufnzC5xttkOfAYH9KR8/AIm+xB++33kfbag7XtQVRIla vu6C5ZXn6OGp65w5+qh3zTBGHzgQVVSIfU55Yv2zCQdoMz6fwvwB0Mv+Aw14kFoLhkJS 8FMA== X-Gm-Message-State: AGRZ1gKP9jaBO8fmcHnwR+7RrV3RlSWQgKUOu3e5vuHoJVWMI6NdCEUj U0wQAd0JQt/vYNilZjl2epY= X-Google-Smtp-Source: AJdET5feL3ZQglPli4Cp1uhGZm9pFcmiseaojnGOFDZQlAB1E5gZ5GSBx5OUrQoWP7+7b1p99u6NDg== X-Received: by 2002:a17:902:a988:: with SMTP id bh8-v6mr1895411plb.163.1542201607917; Wed, 14 Nov 2018 05:20:07 -0800 (PST) Received: from debian (1-64-83-198.static.netvigator.com. [1.64.83.198]) by smtp.gmail.com with ESMTPSA id d2-v6sm25413073pfn.118.2018.11.14.05.20.05 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Nov 2018 05:20:07 -0800 (PST) From: Alex Vong To: Leo Famulari Subject: Re: [bug#33347] [PATCH 2/4] gnu: Add json-parser. References: <871s7r3095.fsf@gmail.com> <87sh071lic.fsf@gmail.com> <20181113164900.GB8498@jasmine.lan> Date: Wed, 14 Nov 2018 21:19:54 +0800 In-Reply-To: <20181113164900.GB8498@jasmine.lan> (Leo Famulari's message of "Tue, 13 Nov 2018 11:49:00 -0500") Message-ID: <877ehf3if9.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org, alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Mon, Nov 12, 2018 at 03:07:07AM +0800, Alex Vong wrote: >> (source (origin >> (method url-fetch) >> - (uri (string-append "http://github.com/downloads/matricks= /" >> - "bam/bam-" version ".tar.bz2")) >> + (uri (string-append "https://github.com/matricks/bam" >> + "/archive/v" version ".tar.gz")) > > We should consider fetching the source with Git =E2=80=94 these auto-gene= rated > GitHub snapshot tarballs may change in the future. OK --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+wg+gAKCRBh71Au9gJS 8nnTAP9kKgCJ46ksir5zFSB42ESKi/s5teYjVOjQKk/t3XTF7AD/by8GJCoNmz9T rT0Ijoke5ftb+liX71rV4tyyF1VigwQ= =iTlA -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 14 08:36:55 2018 Received: (at 33347) by debbugs.gnu.org; 14 Nov 2018 13:36:55 +0000 Received: from localhost ([127.0.0.1]:51088 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMvLj-000465-DK for submit@debbugs.gnu.org; Wed, 14 Nov 2018 08:36:55 -0500 Received: from mail-pg1-f194.google.com ([209.85.215.194]:35564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMvLi-00045t-J7 for 33347@debbugs.gnu.org; Wed, 14 Nov 2018 08:36:54 -0500 Received: by mail-pg1-f194.google.com with SMTP id 32-v6so7392474pgu.2 for <33347@debbugs.gnu.org>; Wed, 14 Nov 2018 05:36:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=/dKFC15myPuatk4bhTEsc62U3+UjR9ZJRGJykRWTDrs=; b=LYs6Met3xANjkKUayZuBoWAoHWMJD81QiVTfsU+vVowo8mqgERi0HgEVEJl1706zfO dot1LGVKkFKxI6ZR1qqSWWFdnJ6rTf3rNLefh5MAiYUBgVAY587Mb5cNyZwNRH3ViFzW bQ40Om/L+ZbHqrGzBFnG2dhQF2bihnNBEO7H2OvqtJYyry7em5MADXjK6R0nF0K9eplw wvpVg/Yo1EhQcpeoevkNpU/RG9CEIWrf1pkXRzbajJyt36B7Wmi+hhZmjKHsiOnCSab7 OCBNLJPfxjnaNxQNwxO0Jh1UsEolviBE4FZceNgQ2xoB2gqgiLp6hqAMyIZOaMscAjgR +mQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:cc:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=/dKFC15myPuatk4bhTEsc62U3+UjR9ZJRGJykRWTDrs=; b=jFYLn1PEYZZnWS7eGc9suycxO2t18xCjv+7kXWg90habTQTeWLClrqiAAS+lc73rQ3 4o18DglmvnM92EcUHv2/uv8sH+iL4fmSd7C6GlFv/Mkfriru3u47ohxWVDqJY9FdPUmp 7DMlhS9jpT2rmF0wcaSBPe2KCEJSw1Mu5Wfzu0b8EnVc61KeDrP0rkRvt7ql5xVk+/6O byoV+NCgsTNZD59e6rKxmFEsuB6PgkBj+vDBb0WIYCX6Ty89kecx0oE+pIU/N8w1LA6g rqHXoPxetp7MQVi5R6o1FLu5nN1I859gvF9nx3QJL5gBcv9198V/zndMXG/FqTib/o5R Gk5w== X-Gm-Message-State: AGRZ1gK0rdrDJNtqV894txvg8WcjxudszSVWlBsJL+IlwkM4f6gm8nk6 ndKQmGjthgXHGWIJ03eKUAE= X-Google-Smtp-Source: AJdET5fpZ0cny9wXUC3BtDJA5MYJKRXsbj+uNNtQrYZSVJUrculV8EksdDX4Zj/CZRy88RSknuPqKA== X-Received: by 2002:a62:1c06:: with SMTP id c6mr1951085pfc.157.1542202608616; Wed, 14 Nov 2018 05:36:48 -0800 (PST) Received: from debian (1-64-83-198.static.netvigator.com. [1.64.83.198]) by smtp.gmail.com with ESMTPSA id 67-v6sm30390759pfk.134.2018.11.14.05.36.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Nov 2018 05:36:47 -0800 (PST) From: Alex Vong To: Leo Famulari Subject: Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. References: <871s7r3095.fsf@gmail.com> <87k1lj1le4.fsf@gmail.com> <20181113165310.GC8498@jasmine.lan> Date: Wed, 14 Nov 2018 21:36:25 +0800 In-Reply-To: <20181113165310.GC8498@jasmine.lan> (Leo Famulari's message of "Tue, 13 Nov 2018 11:53:10 -0500") Message-ID: <8736s33hnq.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org, alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Mon, Nov 12, 2018 at 03:09:39AM +0800, Alex Vong wrote: >> (replace 'configure >> (lambda* (#:key outputs #:allow-other-keys) >> + (define (use-latest-json-parser file) >> + (substitute* file >> + (("engine/external/json-parser/json\\.h") >> + "json-parser/json.h") >> + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\)= ;") >> + "json_parse_ex(&JsonSettings, >> + pFileData, >> + strlen(pFileData), >> + aError);"))) >> + > > Please add a code comment explaining this. > OK >> - ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG >> - ;; library without a build system. > > These sorts of mini-libraries are designed to be copied and pasted into > host projects rather than packaged on their own. That's why they don't > include a build system. For example, many cryptographic primitive > implementations are distributed this way =E2=80=94 that's why you never s= ee a > package for 'SHA256'. Is there a particular reason we should unbundle > pnglite? Well, I though we have a policy to remove bundle dependencies in order to avoid building the same library many times. Do we make exceptions for shared libraries w/o a build system? (an exception I can think of is gnulib) Besides, the FIXME comment seems to suggest future readers to help remove the bundled pnglite. Debian also removes the bundled pnglite in teeworlds[0]. Thanks for all the feedback! [0]: https://packages.debian.org/sid/teeworlds --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+wk2QAKCRBh71Au9gJS 8jRoAQDq5PV9VGZ8JgmIoqVwlO8MJF7pZBJvT8bOSOVP+qNzZAEA4cxSAIZiJ4MZ j5MM/YtuyHmmGa7rkhHHyYdGPFkp1A0= =mO6F -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 14 12:40:22 2018 Received: (at 33347) by debbugs.gnu.org; 14 Nov 2018 17:40:22 +0000 Received: from localhost ([127.0.0.1]:52487 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMz9K-00067v-AN for submit@debbugs.gnu.org; Wed, 14 Nov 2018 12:40:22 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:42795) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gMz9H-00067h-Fp for 33347@debbugs.gnu.org; Wed, 14 Nov 2018 12:40:21 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id EF84421CA5; Wed, 14 Nov 2018 12:40:13 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 14 Nov 2018 12:40:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=7cek/3QukL/j33H6i+5DnMWP TrLPLXQC9FWF7558+ss=; b=13yqax8NM9vogPX0TLxlZgwdfAtCrRq2un45aVHX 6K7PoeGIDLmsrB/GwnznYl10Rph6YLbgIEZ6yFFXYfhYzIdJHwG2C4O4mqJ7dQjb +X2mySCiiaSsQVHjUgUGmbEr+vMT9Fl/QLB/ea9lbywwR3pH82fmn5VhBRNh0w+U aHA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=7cek/3 QukL/j33H6i+5DnMWPTrLPLXQC9FWF7558+ss=; b=orakqx/HaPwyMe5R86fJYB 5qM3OS/DvTJFu11Y9CMKKJlJxHLL4PauArXbxeCoPBj/TkQFa9pIv9UZW2tNfGQZ 8LbyMTQHtFBb04ibIPIJGu8ywVIFiz0HeHq66SbKmD3ljg1I26ngwpmzJHzEhIJY u2xtPDu+FzKgzQouOZgyzYNe4cvM1YF61L0IhZaADDY0YOP3ljdNVv5CijdeQOd/ ZbOeEb/rnx/5Za9CEcGi+R1n24hIe/VrxmASg49XmzzctSc+pKo7y/+xj1zhfWVj jdIWm0FrU724Fg+J+GybKurkP7CeEDRRzgeNVjs6T+FlRf2UEPOVuL+SVYQnb9vQ == X-ME-Sender: X-ME-Proxy: Received: from localhost (unknown [172.56.29.245]) by mail.messagingengine.com (Postfix) with ESMTPA id CADD5E40E6; Wed, 14 Nov 2018 12:40:12 -0500 (EST) Date: Wed, 14 Nov 2018 12:39:31 -0500 From: Leo Famulari To: Alex Vong Subject: Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. Message-ID: <20181114173931.GB2408@jasmine.lan> References: <871s7r3095.fsf@gmail.com> <87k1lj1le4.fsf@gmail.com> <20181113165310.GC8498@jasmine.lan> <8736s33hnq.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xXmbgvnjoT4axfJE" Content-Disposition: inline In-Reply-To: <8736s33hnq.fsf@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --xXmbgvnjoT4axfJE Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 14, 2018 at 09:36:25PM +0800, Alex Vong wrote: > Well, I though we have a policy to remove bundle dependencies in order > to avoid building the same library many times. Do we make exceptions for > shared libraries w/o a build system? (an exception I can think of is > gnulib) In general, yes, our policy is to unbundle things when practical. But there are some commonly used software implementations of basic functions (like base64, sha1 (most hash functions actually), et cetera) that are specifically designed to be copied and pasted into the application that will be using them. You can usually tell this is the case because the thing will not have any build system at all, like you suggest. Also because you find the same copy-pasted code in almost every program you look at, like with base64 and the hash functions. > Besides, the FIXME comment seems to suggest future readers to help > remove the bundled pnglite. Debian also removes the bundled pnglite in > teeworlds[0]. Well, at a certain point it becomes a matter of taste, and the choice should be made by the person doing the work =E2=80=94 you! Either way is fi= ne for Guix :) The important thing is to get this Teeworlds fix pushed without too much delay. --xXmbgvnjoT4axfJE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvsXdMACgkQJkb6MLrK fwgwtRAA5LEBjDS8bZD7YwI6revifNLwVriClW4/n+HS02K0dBiZXUQ3ZbxJ4DYF k79qr9J27P3lkr9iW+ks8LzBJhfSKm7PMKuzVN1cEXmsblOC+7MJctnM0ctANxnm vwk07omESQw6yBvusenrt9GU5kDUtx6coN3KR3gAHZ6UF7ol0rwgeewjgeSOyviP uQrWbAkRlBVr1imGFpqn5JObgYEs0Ffy0O8fq8CNUt++/zIKXXH9OTht+dC1UDDH fuYwLiyzr/OXL+npDTnzwuPRBz/9YKa4a7Ezwcs/H4y7bQqhpZljml+LVPiUJWsm uBKXO2Aa7ytNv096xJGkQSLmpR1V8g5lZPoDfEdk5PAtI52vc0L1vzkWHIQCoaTe Qe0NuM7qNsAbg0qUJAHvANDyBD3AMnLtP/k7Hz5aKz/kwLCGMLMl7bWAuqUH6vC/ MqeazaBfX6b2XfjvE1tzqoSiWyDwLeXNdpz/QVK6zs4Cl8sZ5B+1XUKXX5jTasyz zmzsFwsd0cdh+hDyWMtClKyPgoIUTcXEtj3Q7PGDldYIhKfOotulB8cLlxyHOYnr zp9crwQf40ZMl8TChCJb1V2/a4Xu5M90IspClapJQvW5zpbOuIUzGvFdRxOI/FZn coetY1NO7JDlg7wlHQyHqgIsys3gewK9teRmK2NkYWjTIPGlBUk= =3UKK -----END PGP SIGNATURE----- --xXmbgvnjoT4axfJE-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 14 16:15:29 2018 Received: (at 33347) by debbugs.gnu.org; 14 Nov 2018 21:15:29 +0000 Received: from localhost ([127.0.0.1]:52643 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gN2VK-00051C-2e for submit@debbugs.gnu.org; Wed, 14 Nov 2018 16:15:29 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:44918) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gN2VH-00050w-60 for 33347@debbugs.gnu.org; Wed, 14 Nov 2018 16:15:16 -0500 Received: by mail-pl1-f196.google.com with SMTP id s5-v6so8356661plq.11 for <33347@debbugs.gnu.org>; Wed, 14 Nov 2018 13:15:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=JT8t1Ds+R/6af9L1i2VuZQs3ih5tkSJJIDeKzPJVnW8=; b=LG0sKu2tGllY019HwkzxUgloytzXQJmTomb7BX5KV/luSj53jOBCTxtH7OyQAqUxmo ucHfZXBafKx+u11Qr7NaQTHrVSq2sWyLapfHgUo6SIRuiV4uw3EAQdiiTcsG2N5PqvSs zZJ72UrfNLEnsHcaYGU6sBXnIyTWnS3Dd+I6SJFpHrEHzpAJ5jsBV0NaGbRy7AEgLGOT CT0A85UMk40qQj1hShyjl6HHbvUdnOrMVsgQrw8Rta4TG/KaLyNMxtZGsW+XlXPY4RzW aXEZupAKVUP5hBUfoeXLxz2o/qw1FoNwGxGOd/iaMs3qKw4TLxhP/FSDYdOFyIt04HFV JBig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:cc:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=JT8t1Ds+R/6af9L1i2VuZQs3ih5tkSJJIDeKzPJVnW8=; b=jP29YXxU0E4bFYA4yoDnGBvWqtox8mrCcbpFwI3TNeS/81t/RpIrY9C7GWt0v7wEmK n9bNv6h3/DaGY1HS2W5ZLds8CS+elzD0/jy1OYkGpsQB6IZbkPbl7RG9anwSowf5HWhl iV7SHcno8xTF7nYq0NuPgQrz65TjLgemCatXTjXCDPtp5NKkewLSTSXzAComzV6S7nWZ AFRrgYJJao8PvMrpkqvpvl271ROzxDa/qy17M5N4mw51t60oEsMo8vqFMGRBY4rPxHpW R+He1BPd6g7YtEmC4LgyY5VdBhpxfxBZxKLnCDtA9GeSfuCWocI9eZfTpg3n2wqL9jqz EZgQ== X-Gm-Message-State: AGRZ1gKULcFZWCmWG7dNXfEslP6Jtbfj/H+UwtJoZfm2thf7l6zL00Q4 YGzCBSQbfeiSPz3tQNF9GMg= X-Google-Smtp-Source: AJdET5en0YMfQe9xg+sqvgg2l3fgpmlO8eLN1J+K+B+LRw5/QpXrSdtdRbzFUhEaP+oQgkkapxCtmA== X-Received: by 2002:a17:902:6bc9:: with SMTP id m9-v6mr3593117plt.106.1542230109129; Wed, 14 Nov 2018 13:15:09 -0800 (PST) Received: from debian (n218250002005.netvigator.com. [218.250.2.5]) by smtp.gmail.com with ESMTPSA id l6-v6sm16118527pff.147.2018.11.14.13.15.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Nov 2018 13:15:07 -0800 (PST) From: Alex Vong To: Leo Famulari Subject: Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. References: <871s7r3095.fsf@gmail.com> <87k1lj1le4.fsf@gmail.com> <20181113165310.GC8498@jasmine.lan> <8736s33hnq.fsf@gmail.com> <20181114173931.GB2408@jasmine.lan> Date: Thu, 15 Nov 2018 05:14:50 +0800 In-Reply-To: <20181114173931.GB2408@jasmine.lan> (Leo Famulari's message of "Wed, 14 Nov 2018 12:39:31 -0500") Message-ID: <87va4z1hv9.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 33347 Cc: 33347@debbugs.gnu.org, alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Wed, Nov 14, 2018 at 09:36:25PM +0800, Alex Vong wrote: >> Well, I though we have a policy to remove bundle dependencies in order >> to avoid building the same library many times. Do we make exceptions for >> shared libraries w/o a build system? (an exception I can think of is >> gnulib) > > In general, yes, our policy is to unbundle things when practical. > > But there are some commonly used software implementations of basic > functions (like base64, sha1 (most hash functions actually), et cetera) > that are specifically designed to be copied and pasted into the > application that will be using them. > > You can usually tell this is the case because the thing will not have > any build system at all, like you suggest. Also because you find the > same copy-pasted code in almost every program you look at, like with > base64 and the hash functions. > >> Besides, the FIXME comment seems to suggest future readers to help >> remove the bundled pnglite. Debian also removes the bundled pnglite in >> teeworlds[0]. > > Well, at a certain point it becomes a matter of taste, and the choice > should be made by the person doing the work =E2=80=94 you! Either way is = fine > for Guix :) The important thing is to get this Teeworlds fix pushed > without too much delay. Yes, we should get it fix fast :) I decide not to unbundle md5 because I actually need to use a hack to make teeworlds build with libmd. But I still have pnglite unbundle because it looks standalone enough for me and no hacks are required to unbundle. Here are the new patches: --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0001-gnu-Add-pnglite.patch Content-Transfer-Encoding: quoted-printable From=205e7cb656306622e88352332c6ed9668d8afc60c4 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Mon, 12 Nov 2018 01:55:05 +0800 Subject: [PATCH 1/4] gnu: Add pnglite. * gnu/packages/image.scm (pnglite): New variable. =2D-- gnu/packages/image.scm | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 9bf9bd7e5..6c025e02f 100644 =2D-- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -21,6 +21,7 @@ ;;; Copyright =C2=A9 2018 Pierre Neidhardt ;;; Copyright =C2=A9 2018 Marius Bakke ;;; Copyright =C2=A9 2018 Pierre-Antoine Rouby +;;; Copyright =C2=A9 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -253,6 +254,61 @@ files. It can compress them as much as 40% losslessly= .") ;; This package used to be wrongfully name "pngcrunch". (deprecated-package "pngcrunch" pngcrush)) =20 +(define-public pnglite + (let ((commit "11695c56f7d7db806920bd9229b69f230e6ffb38") + (revision "1")) + (package + (name "pnglite") + ;; The project was moved from sourceforge to github. + ;; The latest version in sourceforge was 0.1.17: + ;; https://sourceforge.net/projects/pnglite/files/pnglite/ + ;; No releases are made in github. + (version (git-version "0.1.17" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/dankar/pnglite") + (commit commit))) + (sha256 + (base32 + "1lmmkdxby5b8z9kx3zrpgpk33njpcf2xx8z9bgqag855sjsqbbby")) + (file-name (git-file-name name version)))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; no tests + #:phases + (modify-phases %standard-phases + (delete 'configure) + (replace 'build + (lambda _ + ;; common build flags for building shared libraries + (let ((cflags '("-O2" "-g" "-fPIC")) + (ldflags '("-shared"))) + (apply invoke + `("gcc" + "-o" "libpnglite.so" + ,@cflags + ,@ldflags + "pnglite.c")) + #t))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib/")) + (include (string-append out "/include/")) + (doc (string-append out "/share/doc/" + ,name "-" ,version "/"))) + (install-file "libpnglite.so" lib) + (install-file "pnglite.h" include) + (install-file "README.md" doc) + #t)))))) + (inputs `(("zlib" ,zlib))) + (home-page "https://github.com/dankar/pnglite") + (synopsis "Pretty small png library") + (description "A pretty small png library. +Currently all documentation resides in @file{pnglite.h}.") + (license license:zlib)))) + (define-public libjpeg (package (name "libjpeg") =2D-=20 2.19.1 --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0002-gnu-Add-json-parser.patch Content-Transfer-Encoding: quoted-printable From=20e786c6e470a6930af9107e9722bea95a03c5d1c9 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Mon, 12 Nov 2018 02:23:27 +0800 Subject: [PATCH 2/4] gnu: Add json-parser. * gnu/packages/web.scm (json-parser): New variable. =2D-- gnu/packages/web.scm | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 03deab422..cde3d00c1 100644 =2D-- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -28,6 +28,7 @@ ;;; Copyright =C2=A9 2018 Pierre-Antoine Rouby ;;; Copyright =C2=A9 2018 G=C3=A1bor Boskovits ;;; Copyright =C2=A9 2018 M=C4=83d=C4=83lin Ionel Patra=C8=99cu +;;; Copyright =C2=A9 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -582,6 +583,37 @@ It aims to conform to RFC 7159.") (("-Werror") "")) #t)))))) =20 +(define-public json-parser + (package + (name "json-parser") + (version "1.1.0") + (source (origin + ;; do not use auto-generated tarballs + (method git-fetch) + (uri (git-reference + (url "https://github.com/udp/json-parser.git") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1ls7z4fx0sq633s5bc0j1gh36sv087gmrgr7rza22wjq2d4606yf")))) + ;; FIXME: we should build the python bindings in a separate package + (build-system gnu-build-system) + ;; the tests are written for the python bindings which are not built h= ere + (arguments '(#:tests? #f)) + (home-page "https://github.com/udp/json-parser") + (synopsis "JSON parser written in ANSI C") + (description "This package provides a very low footprint JSON parser +written in portable ANSI C. + +@itemize +@item BSD licensed with no dependencies (i.e. just drop the C file into yo= ur +project) +@item Never recurses or allocates more memory than it needs +@item Very simple API with operator sugar for C++ +@end itemize") + (license l:bsd-2))) + (define-public qjson (package (name "qjson") =2D-=20 2.19.1 --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0003-gnu-bam-Update-to-0.5.1.patch Content-Transfer-Encoding: quoted-printable From=20b1cdc9568f8d82ed7096328d0b3845fc32b4efe8 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Thu, 8 Nov 2018 10:53:43 +0800 Subject: [PATCH 3/4] gnu: bam: Update to 0.5.1. * gnu/packages/build-tools.scm (bam): Update to 0.5.1. [source]: Switch to git-fetch. [arguments]: Use newly provided Makefile. [inputs]: Add lua. =2D-- gnu/packages/build-tools.scm | 37 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm index 42de56f8c..a52ee480a 100644 =2D-- a/gnu/packages/build-tools.scm +++ b/gnu/packages/build-tools.scm @@ -5,6 +5,7 @@ ;;; Copyright =C2=A9 2018 Fis Trivial ;;; Copyright =C2=A9 2018 Tom=C3=A1=C5=A1 =C4=8Cech ;;; Copyright =C2=A9 2018 Marius Bakke +;;; Copyright =C2=A9 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -30,6 +31,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages) #:use-module (gnu packages compression) + #:use-module (gnu packages lua) #:use-module (gnu packages python) #:use-module (gnu packages python-crypto) #:use-module (gnu packages python-web) @@ -40,33 +42,30 @@ (define-public bam (package (name "bam") =2D (version "0.4.0") + (version "0.5.1") (source (origin =2D (method url-fetch) =2D (uri (string-append "http://github.com/downloads/matricks/" =2D "bam/bam-" version ".tar.bz2")) + ;; do not use auto-generated tarballs + (method git-fetch) + (uri (git-reference + (url "https://github.com/matricks/bam.git") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) (sha256 (base32 =2D "0z90wvyd4nfl7mybdrv9dsd4caaikc6fxw801b72gqi1m9q0c0sn"))= )) + "13br735ig7lygvzyfd15fc2rdygrqm503j6xj5xkrl1r7w2wipq6")))) (build-system gnu-build-system) (arguments =2D `(#:phases + `(#:make-flags `("CC=3Dgcc" + ,(string-append "INSTALL_PREFIX=3D" + (assoc-ref %outputs "out"))) + #:test-target "test" + #:phases (modify-phases %standard-phases =2D (delete 'configure) =2D (replace 'build =2D (lambda _ =2D (zero? (system* "bash" "make_unix.sh")))) =2D (replace 'check =2D (lambda _ =2D (zero? (system* "python" "scripts/test.py")))) =2D (replace 'install =2D (lambda* (#:key outputs #:allow-other-keys) =2D (let ((bin (string-append (assoc-ref outputs "out") "/bin")= )) =2D (mkdir-p bin) =2D (install-file "bam" bin) =2D #t)))))) + (delete 'configure)))) (native-inputs `(("python" ,python-2))) + (inputs + `(("lua" ,lua))) (home-page "https://matricks.github.io/bam/") (synopsis "Fast and flexible build system") (description "Bam is a fast and flexible build system. Bam uses Lua to =2D-=20 2.19.1 --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0004-gnu-teeworlds-Update-to-0.7.0-fixes-CVE-2018-18541.patch Content-Transfer-Encoding: quoted-printable From=203aa13808d20fcf2eea585c85b96e8f6b1f5fe292 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Mon, 12 Nov 2018 02:42:25 +0800 Subject: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. * gnu/packages/games.scm (teeworlds): Update to 0.7.0. [source]: Switch to git-fetch. Remove all bundled libraries except md5. [arguments]: Adjust accordingly. [inputs]: Use sdl2 instead of sdl and python-wrapper instead of python-2. Add json-parser and pnglite. * gnu/packages/patches/teeworlds-use-latest-wavpack.patch: Update it. =2D-- gnu/packages/games.scm | 116 ++++++++++++------ .../teeworlds-use-latest-wavpack.patch | 72 ++++++++--- 2 files changed, 136 insertions(+), 52 deletions(-) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index 3679aa09c..a1a571c51 100644 =2D-- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -35,6 +35,7 @@ ;;; Copyright =C2=A9 2018 Tim Gesthuizen ;;; Copyright =C2=A9 2018 Madalin Ionel-Patrascu ;;; Copyright =C2=A9 2018 Benjamin Slade +;;; Copyright =C2=A9 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -4139,31 +4140,54 @@ small robot living in the nano world, repair its ma= ker.") (define-public teeworlds (package (name "teeworlds") =2D (version "0.6.4") + (version "0.7.0") (source (origin =2D (method url-fetch) =2D (uri (string-append "https://github.com/teeworlds/teeworld= s/" =2D "archive/" version "-release.tar.gz")) =2D (file-name (string-append name "-" version ".tar.gz")) + ;; do not use auto-generated tarballs + (method git-fetch) + (uri (git-reference + (url "https://github.com/teeworlds/teeworlds.git") + (commit version))) + (file-name (git-file-name name version)) (sha256 (base32 =2D "1mqhp6xjl75l49050cid36wxyjn1qr0vjx1c709dfg1lkvmgs6l3")) =2D (modules '((guix build utils))) =2D (snippet =2D '(begin =2D (for-each delete-file-recursively =2D '("src/engine/external/wavpack/" =2D "src/engine/external/zlib/")) + "0jigg2yikihbivzs7hpljr0mghx1l9v4f1cdr8fbmqv2wb51ah8q")) + (modules '((guix build utils) + (ice-9 ftw) + (ice-9 regex) + (srfi srfi-1) + (srfi srfi-26))) + (snippet ; remove bundled libraries except md5 + '(let ((base-dir "src/engine/external/")) + (for-each (compose (cut delete-file-recursively <>) + (cut string-append base-dir <>)) + (remove (cut string-match "(^.)|(^md5$)" <>) + (scandir base-dir))) #t)) (patches (search-patches "teeworlds-use-latest-wavpack.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests included + #:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-26)) #:phases (modify-phases %standard-phases (replace 'configure (lambda* (#:key outputs #:allow-other-keys) + ;; The bundled json-parser uses an old API. + ;; To use the latest non-bundled version, we need to pass the + ;; length of the data in all 'json_parse_ex' calls. + (define (use-latest-json-parser file) + (substitute* file + (("engine/external/json-parser/json\\.h") + "json-parser/json.h") + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);") + "json_parse_ex(&JsonSettings, + pFileData, + strlen(pFileData), + aError);"))) + ;; Embed path to assets. (substitute* "src/engine/shared/storage.cpp" (("#define DATA_DIR.*") @@ -4173,50 +4197,68 @@ small robot living in the nano world, repair its ma= ker.") "\""))) =20 ;; Bam expects all files to have a recent time stamp. =2D (for-each (lambda (file) =2D (utime file 1 1)) + (for-each (cut utime <> 1 1) (find-files ".")) =20 ;; Do not use bundled libraries. (substitute* "bam.lua" =2D (("if config.zlib.value =3D=3D 1 then") =2D "if true then") =2D (("wavpack =3D .*") =2D "wavpack =3D {} =2Dsettings.link.libs:Add(\"wavpack\")\n")) + (("local json =3D Compile.+$") + "local json =3D nil +settings.link.libs:Add(\"jsonparser\")") + (("local png =3D Compile.+$") + "local png =3D nil +settings.link.libs:Add(\"pnglite\")") + (("local wavpack =3D Compile.+$") + "local wavpack =3D nil +settings.link.libs:Add(\"wavpack\")") + (("if config\\.zlib\\.value =3D=3D 1") + "if config.zlib.value")) + (substitute* "src/engine/client/graphics_threaded.cpp" + (("engine/external/pnglite/pnglite\\.h") + "pnglite.h")) (substitute* "src/engine/client/sound.cpp" =2D (("#include ") =2D "#include ")) + (("engine/external/wavpack/wavpack\\.h") + "wavpack/wavpack.h")) + (for-each use-latest-json-parser + '("src/game/client/components/countryflags.cpp" + "src/game/client/components/menus_settings.cpp" + "src/game/client/components/skins.cpp" + "src/game/client/localization.cpp" + "src/game/editor/auto_map.h" + "src/game/editor/editor.cpp")) #t)) (replace 'build (lambda _ =2D (zero? (system* "bam" "-a" "-v" "release")))) + (invoke "bam" "-a" "-v" "conf=3Drelease"))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) =2D (let* ((out (assoc-ref outputs "out")) =2D (bin (string-append out "/bin")) =2D (data (string-append out "/share/teeworlds/data"))) =2D (mkdir-p bin) =2D (mkdir-p data) =2D (for-each (lambda (file) =2D (install-file file bin)) =2D '("teeworlds" "teeworlds_srv")) =2D (copy-recursively "data" data) + (let* ((arch ,(system->linux-architecture + (or (%current-target-system) + (%current-system)))) + (build (string-append "build/" arch "/release/")) + (data-built (string-append build "data/")) + (out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (data (string-append out "/share/teeworlds/data/"))) + (for-each (cut install-file <> bin) + (map (cut string-append build <>) + '("teeworlds" "teeworlds_srv"))) + (copy-recursively data-built data) #t)))))) =2D ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG =2D ;; library without a build system. (inputs `(("freetype" ,freetype) ("glu" ,glu) + ("json-parser" ,json-parser) ("mesa" ,mesa) =2D ("sdl-union" ,(sdl-union (list sdl =2D sdl-mixer =2D sdl-image))) + ("pnglite" ,pnglite) + ("sdl2" ,sdl2) + ("sdl2-image" ,sdl2-image) + ("sdl2-mixer" ,sdl2-mixer) ("wavpack" ,wavpack) ("zlib" ,zlib))) (native-inputs `(("bam" ,bam) =2D ("python" ,python-2) + ("python" ,python-wrapper) ("pkg-config" ,pkg-config))) (home-page "https://www.teeworlds.com") (synopsis "2D retro multiplayer shooter game") diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gnu/= packages/patches/teeworlds-use-latest-wavpack.patch index e9fd99108..3ad1340d2 100644 =2D-- a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch +++ b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch @@ -1,10 +1,20 @@ =2DDownloaded from https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/= plain/debian/patches/new-wavpack.patch. +Downloaded from https://salsa.debian.org/games-team/teeworlds/raw/master/d= ebian/patches/new-wavpack.patch. =20 =2DThis patch lets us build teeworlds with wavpack 5.1.0. +From: Markus Koschany +Date: Thu, 25 Oct 2018 20:52:27 +0200 +Subject: new-wavpack =20 +Make wavpack compatible with Debian's version. +--- + src/engine/client/sound.cpp | 33 +++++++++++++++------------------ + src/engine/client/sound.h | 4 ---- + 2 files changed, 15 insertions(+), 22 deletions(-) + +diff --git a/src/engine/client/sound.cpp b/src/engine/client/sound.cpp +index 048ec24..80de3c5 100644 --- a/src/engine/client/sound.cpp +++ b/src/engine/client/sound.cpp =2D@@ -328,17 +328,14 @@ void CSound::RateConvert(int SampleID) +@@ -325,10 +325,6 @@ void CSound::RateConvert(int SampleID) pSample->m_NumFrames =3D NumFrames; } =20=20 @@ -12,10 +22,10 @@ This patch lets us build teeworlds with wavpack 5.1.0. -{ - return io_read(ms_File, pBuffer, Size); -} =2D- =2D int CSound::LoadWV(const char *pFilename) +=20 + ISound::CSampleHandle CSound::LoadWV(const char *pFilename) { =2D CSample *pSample; +@@ -336,6 +332,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFile= name) int SampleID =3D -1; char aError[100]; WavpackContext *pContext; @@ -24,17 +34,18 @@ This patch lets us build teeworlds with wavpack 5.1.0. =20=20 // don't waste memory on sound when we are stress testing if(g_Config.m_DbgStress) =2D@@ -351,19 +348,23 @@ int CSound::LoadWV(const char *pFilename =2D if(!m_pStorage) =2D return -1; +@@ -349,25 +347,29 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFi= lename) + return CSampleHandle(); =20=20 + lock_wait(m_SoundLock); - ms_File =3D m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_= ALL); - if(!ms_File) + File =3D m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL= , aWholePath, sizeof(aWholePath)); + if(!File) { dbg_msg("sound/wv", "failed to open file. filename=3D'%s'", pFilename); =2D return -1; + lock_unlock(m_SoundLock); + return CSampleHandle(); } + else + { @@ -43,7 +54,14 @@ This patch lets us build teeworlds with wavpack 5.1.0. =20=20 SampleID =3D AllocID(); if(SampleID < 0) =2D return -1; + { +- io_close(ms_File); +- ms_File =3D 0; ++ io_close(File); ++ File =3D 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } pSample =3D &m_aSamples[SampleID]; =20=20 - pContext =3D WavpackOpenFileInput(ReadData, aError); @@ -51,7 +69,29 @@ This patch lets us build teeworlds with wavpack 5.1.0. if (pContext) { int m_aSamples =3D WavpackGetNumSamples(pContext); =2D@@ -419,9 +420,6 @@ int CSound::LoadWV(const char *pFilename +@@ -385,8 +387,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFile= name) + if(pSample->m_Channels > 2) + { + dbg_msg("sound/wv", "file is not mono or stereo. filename=3D'%s'", pFi= lename); +- io_close(ms_File); +- ms_File =3D 0; ++ io_close(File); ++ File =3D 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } +@@ -401,8 +403,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFile= name) + if(BitsPerSample !=3D 16) + { + dbg_msg("sound/wv", "bps is %d, not 16, filname=3D'%s'", BitsPerSample= , pFilename); +- io_close(ms_File); +- ms_File =3D 0; ++ io_close(File); ++ File =3D 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } +@@ -429,9 +431,6 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFile= name) dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError); } =20=20 @@ -61,14 +101,16 @@ This patch lets us build teeworlds with wavpack 5.1.0. if(g_Config.m_Debug) dbg_msg("sound/wv", "loaded %s", pFilename); =20=20 =2D@@ -527,7 +525,5 @@ void CSound::StopAll() =2D lock_unlock(m_SoundLock); +@@ -560,7 +559,5 @@ bool CSound::IsPlaying(CSampleHandle SampleID) + return Ret; } =20=20 -IOHANDLE CSound::ms_File =3D 0; - IEngineSound *CreateEngineSound() { return new CSound; } =20=20 +diff --git a/src/engine/client/sound.h b/src/engine/client/sound.h +index ff357c0..cec2cde 100644 --- a/src/engine/client/sound.h +++ b/src/engine/client/sound.h @@ -21,10 +21,6 @@ public: @@ -81,4 +123,4 @@ This patch lets us build teeworlds with wavpack 5.1.0. - virtual bool IsSoundEnabled() { return m_SoundEnabled !=3D 0; } =20=20 =2D virtual int LoadWV(const char *pFilename); + virtual CSampleHandle LoadWV(const char *pFilename); =2D-=20 2.19.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+yQSwAKCRBh71Au9gJS 8rQJAQDUpO9wIJ3K1NFvTnjVJYmaSK/LQO6GMcTGLY7HHKQWawEAvwWG5AwMiTVz D6oXiHcMpCSH6CpCTdaGMoDE2+rrEQ4= =RPHl -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 21 09:41:41 2018 Received: (at 33347) by debbugs.gnu.org; 21 Nov 2018 14:41:41 +0000 Received: from localhost ([127.0.0.1]:38007 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPTh5-0003OA-Kz for submit@debbugs.gnu.org; Wed, 21 Nov 2018 09:41:41 -0500 Received: from mail-pl1-f195.google.com ([209.85.214.195]:47011) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPTgt-0003Nn-SZ for 33347@debbugs.gnu.org; Wed, 21 Nov 2018 09:41:28 -0500 Received: by mail-pl1-f195.google.com with SMTP id t13so5812356ply.13 for <33347@debbugs.gnu.org>; Wed, 21 Nov 2018 06:41:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=NNHME3Rwi70tbMKPh0M+Ntm1zx5UUzoW+dVDvWwvJO4=; b=PDm7oEW3PORTJCXqcHcrCiPbC2D3WudHvSPTStWXyR5/4BQlqokAU3GNSOKu4TqC72 v2FMspf0R48kWQy/8OkwZSwzf8F+VbeSe++kAWJCQPZsDaTHeOpwELAzqz74Y/MUvbkY 5qYWAwzxlTEQyfqTTYDrvtGVXqP6zs4KkpJNsYVJgdPmgD1QJhTlPWI4g3FNOfkIwrQQ Pk7ReI0XDzkaFUD+FbH9GJlshKlXSi+4e9H9HyqxA8nKjw1KhIvHR5+OUlD4jBqxpwrc 9U1W+0f/YlD/tqk3ye/XhXm+Yko8/X6mYPcpLRX1JJfEz3TE/tE+p9cpfr4hX52+382z sAUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:cc:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=NNHME3Rwi70tbMKPh0M+Ntm1zx5UUzoW+dVDvWwvJO4=; b=gNuDaHYqHweVJl9jwh++l12wrPn2vuv2LxLWo66pkaaWta4RS0YHrY9xNCzb47AJCw m1WlzeeLZfC5jBVtc0MZe3PWibVMLIlc1prVtE+PbusD6eVekuWJezzR1Kv9+1LZ7xpJ 685Eq+d7Whb19p+DQ7JtSY0spdAp6QaOnoIHuF5NpUgWUuuDPbOqkgJgSjmgJdwizEMu fOXobnhTcHl1r9Ovvyrn+Ea9C/E/awBPB2x9QG/oMIOijyDxQxiu4GMEKBonb+5Qwf18 kNdmiJ3DDMfE4/qpdjbyyNrcNB785j7uo/Mn8NIA+DNVnBCAQOXFfyhJQjw2koi06sys fzEA== X-Gm-Message-State: AA+aEWaAnUHb8WJiqxfHUPtajEBMQi6/RtQFT2rUZZ8yycHfswt43vm5 LW1PwddWBkpqR5bZMDaa25g= X-Google-Smtp-Source: AJdET5eBDr7f9D2jYIzFrikelp/uqFZvUvtXpVhESRzjd1cJcwJdRjSLdpg1GhgpvaQRL8UR733l3w== X-Received: by 2002:a63:f141:: with SMTP id o1mr6322249pgk.134.1542811273824; Wed, 21 Nov 2018 06:41:13 -0800 (PST) Received: from debian (42-3-197-124.static.netvigator.com. [42.3.197.124]) by smtp.gmail.com with ESMTPSA id n65-v6sm55496084pfi.185.2018.11.21.06.41.11 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 21 Nov 2018 06:41:13 -0800 (PST) From: Alex Vong To: Leo Famulari Subject: Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. References: <871s7r3095.fsf@gmail.com> <87k1lj1le4.fsf@gmail.com> <20181113165310.GC8498@jasmine.lan> <8736s33hnq.fsf@gmail.com> <20181114173931.GB2408@jasmine.lan> <87va4z1hv9.fsf@gmail.com> Date: Wed, 21 Nov 2018 22:41:08 +0800 In-Reply-To: <87va4z1hv9.fsf@gmail.com> (Alex Vong's message of "Thu, 15 Nov 2018 05:14:50 +0800") Message-ID: <87va4q7at7.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 33347 Cc: guix-devel@gnu.org, 33347@debbugs.gnu.org, alexvong1995@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello everyone, I think Leo may be busy since he hasn't reply yet. Should I just push given the CVE fix? Cheers, Alex Alex Vong writes: > Leo Famulari writes: > >> On Wed, Nov 14, 2018 at 09:36:25PM +0800, Alex Vong wrote: >>> Well, I though we have a policy to remove bundle dependencies in order >>> to avoid building the same library many times. Do we make exceptions for >>> shared libraries w/o a build system? (an exception I can think of is >>> gnulib) >> >> In general, yes, our policy is to unbundle things when practical. >> >> But there are some commonly used software implementations of basic >> functions (like base64, sha1 (most hash functions actually), et cetera) >> that are specifically designed to be copied and pasted into the >> application that will be using them. >> >> You can usually tell this is the case because the thing will not have >> any build system at all, like you suggest. Also because you find the >> same copy-pasted code in almost every program you look at, like with >> base64 and the hash functions. >> >>> Besides, the FIXME comment seems to suggest future readers to help >>> remove the bundled pnglite. Debian also removes the bundled pnglite in >>> teeworlds[0]. >> >> Well, at a certain point it becomes a matter of taste, and the choice >> should be made by the person doing the work =E2=80=94 you! Either way is= fine >> for Guix :) The important thing is to get this Teeworlds fix pushed >> without too much delay. > > Yes, we should get it fix fast :) I decide not to unbundle md5 because I > actually need to use a hack to make teeworlds build with libmd. But I > still have pnglite unbundle because it looks standalone enough for me > and no hacks are required to unbundle. Here are the new patches: > > From 5e7cb656306622e88352332c6ed9668d8afc60c4 Mon Sep 17 00:00:00 2001 > From: Alex Vong > Date: Mon, 12 Nov 2018 01:55:05 +0800 > Subject: [PATCH 1/4] gnu: Add pnglite. > > * gnu/packages/image.scm (pnglite): New variable. > --- > gnu/packages/image.scm | 56 ++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 56 insertions(+) > > diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm > index 9bf9bd7e5..6c025e02f 100644 > --- a/gnu/packages/image.scm > +++ b/gnu/packages/image.scm > @@ -21,6 +21,7 @@ > ;;; Copyright =C2=A9 2018 Pierre Neidhardt > ;;; Copyright =C2=A9 2018 Marius Bakke > ;;; Copyright =C2=A9 2018 Pierre-Antoine Rouby > +;;; Copyright =C2=A9 2018 Alex Vong > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -253,6 +254,61 @@ files. It can compress them as much as 40% lossless= ly.") > ;; This package used to be wrongfully name "pngcrunch". > (deprecated-package "pngcrunch" pngcrush)) >=20=20 > +(define-public pnglite > + (let ((commit "11695c56f7d7db806920bd9229b69f230e6ffb38") > + (revision "1")) > + (package > + (name "pnglite") > + ;; The project was moved from sourceforge to github. > + ;; The latest version in sourceforge was 0.1.17: > + ;; https://sourceforge.net/projects/pnglite/files/pnglite/ > + ;; No releases are made in github. > + (version (git-version "0.1.17" revision commit)) > + (source (origin > + (method git-fetch) > + (uri (git-reference > + (url "https://github.com/dankar/pnglite") > + (commit commit))) > + (sha256 > + (base32 > + "1lmmkdxby5b8z9kx3zrpgpk33njpcf2xx8z9bgqag855sjsqbbby"= )) > + (file-name (git-file-name name version)))) > + (build-system gnu-build-system) > + (arguments > + `(#:tests? #f ; no tests > + #:phases > + (modify-phases %standard-phases > + (delete 'configure) > + (replace 'build > + (lambda _ > + ;; common build flags for building shared libraries > + (let ((cflags '("-O2" "-g" "-fPIC")) > + (ldflags '("-shared"))) > + (apply invoke > + `("gcc" > + "-o" "libpnglite.so" > + ,@cflags > + ,@ldflags > + "pnglite.c")) > + #t))) > + (replace 'install > + (lambda* (#:key outputs #:allow-other-keys) > + (let* ((out (assoc-ref outputs "out")) > + (lib (string-append out "/lib/")) > + (include (string-append out "/include/")) > + (doc (string-append out "/share/doc/" > + ,name "-" ,version "/"))) > + (install-file "libpnglite.so" lib) > + (install-file "pnglite.h" include) > + (install-file "README.md" doc) > + #t)))))) > + (inputs `(("zlib" ,zlib))) > + (home-page "https://github.com/dankar/pnglite") > + (synopsis "Pretty small png library") > + (description "A pretty small png library. > +Currently all documentation resides in @file{pnglite.h}.") > + (license license:zlib)))) > + > (define-public libjpeg > (package > (name "libjpeg") > --=20 > 2.19.1 > > From e786c6e470a6930af9107e9722bea95a03c5d1c9 Mon Sep 17 00:00:00 2001 > From: Alex Vong > Date: Mon, 12 Nov 2018 02:23:27 +0800 > Subject: [PATCH 2/4] gnu: Add json-parser. > > * gnu/packages/web.scm (json-parser): New variable. > --- > gnu/packages/web.scm | 32 ++++++++++++++++++++++++++++++++ > 1 file changed, 32 insertions(+) > > diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm > index 03deab422..cde3d00c1 100644 > --- a/gnu/packages/web.scm > +++ b/gnu/packages/web.scm > @@ -28,6 +28,7 @@ > ;;; Copyright =C2=A9 2018 Pierre-Antoine Rouby > ;;; Copyright =C2=A9 2018 G=C3=A1bor Boskovits > ;;; Copyright =C2=A9 2018 M=C4=83d=C4=83lin Ionel Patra=C8=99cu > +;;; Copyright =C2=A9 2018 Alex Vong > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -582,6 +583,37 @@ It aims to conform to RFC 7159.") > (("-Werror") "")) > #t)))))) >=20=20 > +(define-public json-parser > + (package > + (name "json-parser") > + (version "1.1.0") > + (source (origin > + ;; do not use auto-generated tarballs > + (method git-fetch) > + (uri (git-reference > + (url "https://github.com/udp/json-parser.git") > + (commit (string-append "v" version)))) > + (file-name (git-file-name name version)) > + (sha256 > + (base32 > + "1ls7z4fx0sq633s5bc0j1gh36sv087gmrgr7rza22wjq2d4606yf"))= )) > + ;; FIXME: we should build the python bindings in a separate package > + (build-system gnu-build-system) > + ;; the tests are written for the python bindings which are not built= here > + (arguments '(#:tests? #f)) > + (home-page "https://github.com/udp/json-parser") > + (synopsis "JSON parser written in ANSI C") > + (description "This package provides a very low footprint JSON parser > +written in portable ANSI C. > + > +@itemize > +@item BSD licensed with no dependencies (i.e. just drop the C file into = your > +project) > +@item Never recurses or allocates more memory than it needs > +@item Very simple API with operator sugar for C++ > +@end itemize") > + (license l:bsd-2))) > + > (define-public qjson > (package > (name "qjson") > --=20 > 2.19.1 > > From b1cdc9568f8d82ed7096328d0b3845fc32b4efe8 Mon Sep 17 00:00:00 2001 > From: Alex Vong > Date: Thu, 8 Nov 2018 10:53:43 +0800 > Subject: [PATCH 3/4] gnu: bam: Update to 0.5.1. > > * gnu/packages/build-tools.scm (bam): Update to 0.5.1. > [source]: Switch to git-fetch. > [arguments]: Use newly provided Makefile. > [inputs]: Add lua. > --- > gnu/packages/build-tools.scm | 37 ++++++++++++++++++------------------ > 1 file changed, 18 insertions(+), 19 deletions(-) > > diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm > index 42de56f8c..a52ee480a 100644 > --- a/gnu/packages/build-tools.scm > +++ b/gnu/packages/build-tools.scm > @@ -5,6 +5,7 @@ > ;;; Copyright =C2=A9 2018 Fis Trivial > ;;; Copyright =C2=A9 2018 Tom=C3=A1=C5=A1 =C4=8Cech > ;;; Copyright =C2=A9 2018 Marius Bakke > +;;; Copyright =C2=A9 2018 Alex Vong > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -30,6 +31,7 @@ > #:use-module (guix build-system cmake) > #:use-module (gnu packages) > #:use-module (gnu packages compression) > + #:use-module (gnu packages lua) > #:use-module (gnu packages python) > #:use-module (gnu packages python-crypto) > #:use-module (gnu packages python-web) > @@ -40,33 +42,30 @@ > (define-public bam > (package > (name "bam") > - (version "0.4.0") > + (version "0.5.1") > (source (origin > - (method url-fetch) > - (uri (string-append "http://github.com/downloads/matricks/" > - "bam/bam-" version ".tar.bz2")) > + ;; do not use auto-generated tarballs > + (method git-fetch) > + (uri (git-reference > + (url "https://github.com/matricks/bam.git") > + (commit (string-append "v" version)))) > + (file-name (git-file-name name version)) > (sha256 > (base32 > - "0z90wvyd4nfl7mybdrv9dsd4caaikc6fxw801b72gqi1m9q0c0sn"))= )) > + "13br735ig7lygvzyfd15fc2rdygrqm503j6xj5xkrl1r7w2wipq6"))= )) > (build-system gnu-build-system) > (arguments > - `(#:phases > + `(#:make-flags `("CC=3Dgcc" > + ,(string-append "INSTALL_PREFIX=3D" > + (assoc-ref %outputs "out"))) > + #:test-target "test" > + #:phases > (modify-phases %standard-phases > - (delete 'configure) > - (replace 'build > - (lambda _ > - (zero? (system* "bash" "make_unix.sh")))) > - (replace 'check > - (lambda _ > - (zero? (system* "python" "scripts/test.py")))) > - (replace 'install > - (lambda* (#:key outputs #:allow-other-keys) > - (let ((bin (string-append (assoc-ref outputs "out") "/bin")= )) > - (mkdir-p bin) > - (install-file "bam" bin) > - #t)))))) > + (delete 'configure)))) > (native-inputs > `(("python" ,python-2))) > + (inputs > + `(("lua" ,lua))) > (home-page "https://matricks.github.io/bam/") > (synopsis "Fast and flexible build system") > (description "Bam is a fast and flexible build system. Bam uses Lua= to > --=20 > 2.19.1 > > From 3aa13808d20fcf2eea585c85b96e8f6b1f5fe292 Mon Sep 17 00:00:00 2001 > From: Alex Vong > Date: Mon, 12 Nov 2018 02:42:25 +0800 > Subject: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-1854= 1]. > > * gnu/packages/games.scm (teeworlds): Update to 0.7.0. > [source]: Switch to git-fetch. Remove all bundled libraries except md5. > [arguments]: Adjust accordingly. > [inputs]: Use sdl2 instead of sdl and python-wrapper instead of python-2. > Add json-parser and pnglite. > * gnu/packages/patches/teeworlds-use-latest-wavpack.patch: Update it. > --- > gnu/packages/games.scm | 116 ++++++++++++------ > .../teeworlds-use-latest-wavpack.patch | 72 ++++++++--- > 2 files changed, 136 insertions(+), 52 deletions(-) > > diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm > index 3679aa09c..a1a571c51 100644 > --- a/gnu/packages/games.scm > +++ b/gnu/packages/games.scm > @@ -35,6 +35,7 @@ > ;;; Copyright =C2=A9 2018 Tim Gesthuizen > ;;; Copyright =C2=A9 2018 Madalin Ionel-Patrascu > ;;; Copyright =C2=A9 2018 Benjamin Slade > +;;; Copyright =C2=A9 2018 Alex Vong > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -4139,31 +4140,54 @@ small robot living in the nano world, repair its = maker.") > (define-public teeworlds > (package > (name "teeworlds") > - (version "0.6.4") > + (version "0.7.0") > (source (origin > - (method url-fetch) > - (uri (string-append "https://github.com/teeworlds/teeworld= s/" > - "archive/" version "-release.tar.gz")) > - (file-name (string-append name "-" version ".tar.gz")) > + ;; do not use auto-generated tarballs > + (method git-fetch) > + (uri (git-reference > + (url "https://github.com/teeworlds/teeworlds.git") > + (commit version))) > + (file-name (git-file-name name version)) > (sha256 > (base32 > - "1mqhp6xjl75l49050cid36wxyjn1qr0vjx1c709dfg1lkvmgs6l3")) > - (modules '((guix build utils))) > - (snippet > - '(begin > - (for-each delete-file-recursively > - '("src/engine/external/wavpack/" > - "src/engine/external/zlib/")) > + "0jigg2yikihbivzs7hpljr0mghx1l9v4f1cdr8fbmqv2wb51ah8q")) > + (modules '((guix build utils) > + (ice-9 ftw) > + (ice-9 regex) > + (srfi srfi-1) > + (srfi srfi-26))) > + (snippet ; remove bundled libraries except md5 > + '(let ((base-dir "src/engine/external/")) > + (for-each (compose (cut delete-file-recursively <>) > + (cut string-append base-dir <>)) > + (remove (cut string-match "(^.)|(^md5$)" <>) > + (scandir base-dir))) > #t)) > (patches > (search-patches "teeworlds-use-latest-wavpack.patch")))) > (build-system gnu-build-system) > (arguments > `(#:tests? #f ; no tests included > + #:modules ((guix build gnu-build-system) > + (guix build utils) > + (srfi srfi-26)) > #:phases > (modify-phases %standard-phases > (replace 'configure > (lambda* (#:key outputs #:allow-other-keys) > + ;; The bundled json-parser uses an old API. > + ;; To use the latest non-bundled version, we need to pass t= he > + ;; length of the data in all 'json_parse_ex' calls. > + (define (use-latest-json-parser file) > + (substitute* file > + (("engine/external/json-parser/json\\.h") > + "json-parser/json.h") > + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);= ") > + "json_parse_ex(&JsonSettings, > + pFileData, > + strlen(pFileData), > + aError);"))) > + > ;; Embed path to assets. > (substitute* "src/engine/shared/storage.cpp" > (("#define DATA_DIR.*") > @@ -4173,50 +4197,68 @@ small robot living in the nano world, repair its = maker.") > "\""))) >=20=20 > ;; Bam expects all files to have a recent time stamp. > - (for-each (lambda (file) > - (utime file 1 1)) > + (for-each (cut utime <> 1 1) > (find-files ".")) >=20=20 > ;; Do not use bundled libraries. > (substitute* "bam.lua" > - (("if config.zlib.value =3D=3D 1 then") > - "if true then") > - (("wavpack =3D .*") > - "wavpack =3D {} > -settings.link.libs:Add(\"wavpack\")\n")) > + (("local json =3D Compile.+$") > + "local json =3D nil > +settings.link.libs:Add(\"jsonparser\")") > + (("local png =3D Compile.+$") > + "local png =3D nil > +settings.link.libs:Add(\"pnglite\")") > + (("local wavpack =3D Compile.+$") > + "local wavpack =3D nil > +settings.link.libs:Add(\"wavpack\")") > + (("if config\\.zlib\\.value =3D=3D 1") > + "if config.zlib.value")) > + (substitute* "src/engine/client/graphics_threaded.cpp" > + (("engine/external/pnglite/pnglite\\.h") > + "pnglite.h")) > (substitute* "src/engine/client/sound.cpp" > - (("#include ") > - "#include ")) > + (("engine/external/wavpack/wavpack\\.h") > + "wavpack/wavpack.h")) > + (for-each use-latest-json-parser > + '("src/game/client/components/countryflags.cpp" > + "src/game/client/components/menus_settings.cpp" > + "src/game/client/components/skins.cpp" > + "src/game/client/localization.cpp" > + "src/game/editor/auto_map.h" > + "src/game/editor/editor.cpp")) > #t)) > (replace 'build > (lambda _ > - (zero? (system* "bam" "-a" "-v" "release")))) > + (invoke "bam" "-a" "-v" "conf=3Drelease"))) > (replace 'install > (lambda* (#:key outputs #:allow-other-keys) > - (let* ((out (assoc-ref outputs "out")) > - (bin (string-append out "/bin")) > - (data (string-append out "/share/teeworlds/data"))) > - (mkdir-p bin) > - (mkdir-p data) > - (for-each (lambda (file) > - (install-file file bin)) > - '("teeworlds" "teeworlds_srv")) > - (copy-recursively "data" data) > + (let* ((arch ,(system->linux-architecture > + (or (%current-target-system) > + (%current-system)))) > + (build (string-append "build/" arch "/release/")) > + (data-built (string-append build "data/")) > + (out (assoc-ref outputs "out")) > + (bin (string-append out "/bin/")) > + (data (string-append out "/share/teeworlds/data/"))) > + (for-each (cut install-file <> bin) > + (map (cut string-append build <>) > + '("teeworlds" "teeworlds_srv"))) > + (copy-recursively data-built data) > #t)))))) > - ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG > - ;; library without a build system. > (inputs > `(("freetype" ,freetype) > ("glu" ,glu) > + ("json-parser" ,json-parser) > ("mesa" ,mesa) > - ("sdl-union" ,(sdl-union (list sdl > - sdl-mixer > - sdl-image))) > + ("pnglite" ,pnglite) > + ("sdl2" ,sdl2) > + ("sdl2-image" ,sdl2-image) > + ("sdl2-mixer" ,sdl2-mixer) > ("wavpack" ,wavpack) > ("zlib" ,zlib))) > (native-inputs > `(("bam" ,bam) > - ("python" ,python-2) > + ("python" ,python-wrapper) > ("pkg-config" ,pkg-config))) > (home-page "https://www.teeworlds.com") > (synopsis "2D retro multiplayer shooter game") > diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gn= u/packages/patches/teeworlds-use-latest-wavpack.patch > index e9fd99108..3ad1340d2 100644 > --- a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch > +++ b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch > @@ -1,10 +1,20 @@ > -Downloaded from https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/= plain/debian/patches/new-wavpack.patch. > +Downloaded from https://salsa.debian.org/games-team/teeworlds/raw/master= /debian/patches/new-wavpack.patch. >=20=20 > -This patch lets us build teeworlds with wavpack 5.1.0. > +From: Markus Koschany > +Date: Thu, 25 Oct 2018 20:52:27 +0200 > +Subject: new-wavpack >=20=20 > +Make wavpack compatible with Debian's version. > +--- > + src/engine/client/sound.cpp | 33 +++++++++++++++------------------ > + src/engine/client/sound.h | 4 ---- > + 2 files changed, 15 insertions(+), 22 deletions(-) > + > +diff --git a/src/engine/client/sound.cpp b/src/engine/client/sound.cpp > +index 048ec24..80de3c5 100644 > --- a/src/engine/client/sound.cpp > +++ b/src/engine/client/sound.cpp > -@@ -328,17 +328,14 @@ void CSound::RateConvert(int SampleID) > +@@ -325,10 +325,6 @@ void CSound::RateConvert(int SampleID) > pSample->m_NumFrames =3D NumFrames; > } >=20=20=20 > @@ -12,10 +22,10 @@ This patch lets us build teeworlds with wavpack 5.1.0. > -{ > - return io_read(ms_File, pBuffer, Size); > -} > -- > - int CSound::LoadWV(const char *pFilename) > +=20 > + ISound::CSampleHandle CSound::LoadWV(const char *pFilename) > { > - CSample *pSample; > +@@ -336,6 +332,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFi= lename) > int SampleID =3D -1; > char aError[100]; > WavpackContext *pContext; > @@ -24,17 +34,18 @@ This patch lets us build teeworlds with wavpack 5.1.0. >=20=20=20 > // don't waste memory on sound when we are stress testing > if(g_Config.m_DbgStress) > -@@ -351,19 +348,23 @@ int CSound::LoadWV(const char *pFilename > - if(!m_pStorage) > - return -1; > +@@ -349,25 +347,29 @@ ISound::CSampleHandle CSound::LoadWV(const char *p= Filename) > + return CSampleHandle(); >=20=20=20 > + lock_wait(m_SoundLock); > - ms_File =3D m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYP= E_ALL); > - if(!ms_File) > + File =3D m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_A= LL, aWholePath, sizeof(aWholePath)); > + if(!File) > { > dbg_msg("sound/wv", "failed to open file. filename=3D'%s'", pFilename= ); > - return -1; > + lock_unlock(m_SoundLock); > + return CSampleHandle(); > } > + else > + { > @@ -43,7 +54,14 @@ This patch lets us build teeworlds with wavpack 5.1.0. >=20=20=20 > SampleID =3D AllocID(); > if(SampleID < 0) > - return -1; > + { > +- io_close(ms_File); > +- ms_File =3D 0; > ++ io_close(File); > ++ File =3D 0; > + lock_unlock(m_SoundLock); > + return CSampleHandle(); > + } > pSample =3D &m_aSamples[SampleID]; >=20=20=20 > - pContext =3D WavpackOpenFileInput(ReadData, aError); > @@ -51,7 +69,29 @@ This patch lets us build teeworlds with wavpack 5.1.0. > if (pContext) > { > int m_aSamples =3D WavpackGetNumSamples(pContext); > -@@ -419,9 +420,6 @@ int CSound::LoadWV(const char *pFilename > +@@ -385,8 +387,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFi= lename) > + if(pSample->m_Channels > 2) > + { > + dbg_msg("sound/wv", "file is not mono or stereo. filename=3D'%s'", p= Filename); > +- io_close(ms_File); > +- ms_File =3D 0; > ++ io_close(File); > ++ File =3D 0; > + lock_unlock(m_SoundLock); > + return CSampleHandle(); > + } > +@@ -401,8 +403,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFi= lename) > + if(BitsPerSample !=3D 16) > + { > + dbg_msg("sound/wv", "bps is %d, not 16, filname=3D'%s'", BitsPerSamp= le, pFilename); > +- io_close(ms_File); > +- ms_File =3D 0; > ++ io_close(File); > ++ File =3D 0; > + lock_unlock(m_SoundLock); > + return CSampleHandle(); > + } > +@@ -429,9 +431,6 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFi= lename) > dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError); > } >=20=20=20 > @@ -61,14 +101,16 @@ This patch lets us build teeworlds with wavpack 5.1.= 0. > if(g_Config.m_Debug) > dbg_msg("sound/wv", "loaded %s", pFilename); >=20=20=20 > -@@ -527,7 +525,5 @@ void CSound::StopAll() > - lock_unlock(m_SoundLock); > +@@ -560,7 +559,5 @@ bool CSound::IsPlaying(CSampleHandle SampleID) > + return Ret; > } >=20=20=20 > -IOHANDLE CSound::ms_File =3D 0; > - > IEngineSound *CreateEngineSound() { return new CSound; } >=20=20=20 > +diff --git a/src/engine/client/sound.h b/src/engine/client/sound.h > +index ff357c0..cec2cde 100644 > --- a/src/engine/client/sound.h > +++ b/src/engine/client/sound.h > @@ -21,10 +21,6 @@ public: > @@ -81,4 +123,4 @@ This patch lets us build teeworlds with wavpack 5.1.0. > - > virtual bool IsSoundEnabled() { return m_SoundEnabled !=3D 0; } >=20=20=20 > - virtual int LoadWV(const char *pFilename); > + virtual CSampleHandle LoadWV(const char *pFilename); --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW/VuhAAKCRBh71Au9gJS 8i8EAQDF5p9V/DxO5YEJE5L14IEyyFNgDJGfCLPyCXeWR884YwEAlgf7NIM8OxTz R4a3lMGFNjmkQ5ok0uE6GJHQhPvsyA8= =qMoM -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 21 11:14:49 2018 Received: (at 33347) by debbugs.gnu.org; 21 Nov 2018 16:14:49 +0000 Received: from localhost ([127.0.0.1]:39932 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPV9N-000662-3J for submit@debbugs.gnu.org; Wed, 21 Nov 2018 11:14:49 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:52771) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPV9L-00065h-Ne for 33347@debbugs.gnu.org; Wed, 21 Nov 2018 11:14:48 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id A101A2206B; Wed, 21 Nov 2018 11:14:41 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 21 Nov 2018 11:14:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=cMRPpLz9bDXhzWXXi4gFR7rg kJfFPKkjDdIkKk5ZONA=; b=i3MbSCl5jXdIWESxICzro6DJCeZesm7qZn1tmSDt /gntbqV6V488lBAt7cohvTkIU8wwOtEbTqzei/NEAO5/Nwp4LUdlYCEhgvcb4dmF rNYwHyfVA7Eveh+n9Fch3Or2hH1scNDFB67vY0GvYNYxN05psnN+VqX2jzycukR1 beU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=cMRPpL z9bDXhzWXXi4gFR7rgkJfFPKkjDdIkKk5ZONA=; b=r1P43TqzpzzQ2izENBYW4s vz42aldw2kiWq8dnk1c4eOJHMMugQN83VOydcFkE0lJsZPW694vY6vOfQsRMnZD6 KqS7wjmYjRV3DikF6StF9GToezT1pbM9CDz7uhGPQIfZFGFA08ZQJ+0NjbFeOUze hoXa0Z3Z/WnXABetmeNwdqVaXFg4ty01GFdxiyO+2XssTbFOEmJRKDE/21nXPrxr s238kr2eY64Ke0KxICUeBy+u3U6Bh2KmOZvSwpZLMJF5HL3+LOfpSA/HgRzc2uB4 Eh0Q1AylhvAXYHzB85GjU1LF7Ul3eUBJhZmYq86Qo0eFOmM1o5i7h5JgRGZLiDqw == X-ME-Sender: X-ME-Proxy: Received: from localhost (unknown [73.85.203.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 24D99103E3; Wed, 21 Nov 2018 11:14:38 -0500 (EST) Date: Wed, 21 Nov 2018 11:14:36 -0500 From: Leo Famulari To: Alex Vong Subject: Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. Message-ID: <20181121161436.GA18964@jasmine.lan> References: <871s7r3095.fsf@gmail.com> <87k1lj1le4.fsf@gmail.com> <20181113165310.GC8498@jasmine.lan> <8736s33hnq.fsf@gmail.com> <20181114173931.GB2408@jasmine.lan> <87va4z1hv9.fsf@gmail.com> <87va4q7at7.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Content-Disposition: inline In-Reply-To: <87va4q7at7.fsf@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 33347 Cc: guix-devel@gnu.org, 33347@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Nov 21, 2018 at 10:41:08PM +0800, Alex Vong wrote: > I think Leo may be busy since he hasn't reply yet. Should I just push > given the CVE fix? Yes, please push :) --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlv1hGkACgkQJkb6MLrK fwhAKRAAlaGmq/vO95osnKT+SmVPiipJugODrxTSlTYNmPOmOwsXUPWu3Vmo0O7g KPpQzyLiBaQbTideWIpYRHEuHk0x6cI64qLVaBbY4ixDwafVQ3e6/boT3/ayE6CK xtHpoHlB76xs29G72OqUlETAkNUXg60oIfSFggOXRwImLx+PxydC99qZn3OLj/5L MNcysHkRIlZxTF9j0TL9DQ5VWNSreb+/+UKQkwMyNSv+LiYtR1kjSBhcnVjXG6Ws FjsuVMQNf+uXs2sVXpWKT1SFUGf+JnESLwnuLMXFPnmDd2ziEFvzL8qnuS4o9IjK ENuFiYcMl7mLuD617i26pJLC5MF8Q3mlfRzv6i9a5m1vPS45S2bApHm+2rPWmV29 9VbXPVUdFTkdxv57k3TWa8rPQWWkeo8mwpPqpsg+Y8fbWskCoVsnRhd7Pbpk0yRy HKUY5SHzEMj/UYZqvnoKpM5G/R83hNOxdaNfOZlqcPrdee+SCAYrZTGMUxRIrCuv kRWjlxdc7EBCJ8JLCC1afalRe84C7mEhdx+SnjQOgQ3J1U0UmQDQdRIF1DppjWKz g5whVEa9G3/INpyV8rrUh7D7GD3judzz3xi3nrX70biQn9AqHVDXjF6buGK7j8Yy gcQmwPnRNeUPHVcXeE71RT79NGyv6woPepRVaDKuIa6wTDd1PDI= =wQ6V -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 21 14:51:33 2018 Received: (at 33347-done) by debbugs.gnu.org; 21 Nov 2018 19:51:33 +0000 Received: from localhost ([127.0.0.1]:40167 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPYX7-0000Ul-6E for submit@debbugs.gnu.org; Wed, 21 Nov 2018 14:51:33 -0500 Received: from mail-pl1-f194.google.com ([209.85.214.194]:37505) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPYX4-0000UX-A9 for 33347-done@debbugs.gnu.org; Wed, 21 Nov 2018 14:51:31 -0500 Received: by mail-pl1-f194.google.com with SMTP id b5so6950263plr.4 for <33347-done@debbugs.gnu.org>; Wed, 21 Nov 2018 11:51:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=5Edt0itV++3vlITc2wMPeu+Owak2sf/ekF9/UHXKKW8=; b=UQqf+CvWCtVmOM3K4TWa1+g/RL3jE36ce5DYKb3aWIHVjUPIKGLKQRiSpsItozr/2U VnOBed6OgCRenY19qLWntP/IzmrVB44HvoFYoRTwX1lMTsYUcZ4tJxoIoA335rQXn3Ty O4qIiCMNJr3Cn0wYqhK0MYC8BCZwkA7M8CnyHJAR1Cz6hjio64OiOYc4M2O+RvhwT6Ax IV9ulHMy9xYDkThMTWzRg3+mR2o2NvrMOj0kPNoE6x2QNyVyjld8FAzatnMVxYI682AL J5AEfzLi9Hi7/7TmWHvgO+hDhjyQaadrZ9pwyPAB3UyYIyO3fqRCnPzGHr2yHtmj5Vej Doow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:cc:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=5Edt0itV++3vlITc2wMPeu+Owak2sf/ekF9/UHXKKW8=; b=N13Aka1AHHyD0MDA+UYoJrm4DzmIM/lYPMqj57FJhJsyIp7M7xcQvPvcoL+iDr7rBU MRxmZXHnxKdfytqt+NbvOYaGaN/6wqQbKYDZuUewkZzyefZKwvDuPCCr9Q15yTavknkP z/r/Q2hV3K+PdY+PWILmcVxtC6hbcNRcmMJYdwUvojR7MPrSjMNvL2a+IvU14u/sPgaP auu4Q2/6aC1QP58AKfi3Aj65VBFBMiuhuYtvPKO/Dt1zBksrA2PuWC1Vwz425PlHIUeM snAaZrKt4j/FdxCRRwPlBjU8SFJeVsK+F3puh5BgKLlUUv10mRmGEkPYlGYZwyHpFUne a0Dw== X-Gm-Message-State: AA+aEWYBc3JC3+uRhtPibpBpGJwiPxbCFU2dAGP+s5z/fT/QKivhRH+d VdzaogzBvPVwNMP6q+cMdj8= X-Google-Smtp-Source: AFSGD/XZDpihjotY6ZoMLpiQFEz3DyQ4lNsPgbTyxZVhRjityRB66hFZKDIsJXxggD43ndbYphicmQ== X-Received: by 2002:a17:902:2006:: with SMTP id n6-v6mr8220853pla.131.1542829883488; Wed, 21 Nov 2018 11:51:23 -0800 (PST) Received: from debian (42-3-197-124.static.netvigator.com. [42.3.197.124]) by smtp.gmail.com with ESMTPSA id l62-v6sm61204814pfl.28.2018.11.21.11.51.21 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 21 Nov 2018 11:51:22 -0800 (PST) From: Alex Vong To: 33347-done@debbugs.gnu.org Subject: Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. References: <871s7r3095.fsf@gmail.com> <87k1lj1le4.fsf@gmail.com> <20181113165310.GC8498@jasmine.lan> <8736s33hnq.fsf@gmail.com> <20181114173931.GB2408@jasmine.lan> <87va4z1hv9.fsf@gmail.com> <87va4q7at7.fsf@gmail.com> <20181121161436.GA18964@jasmine.lan> Date: Thu, 22 Nov 2018 03:51:19 +0800 In-Reply-To: <20181121161436.GA18964@jasmine.lan> (Leo Famulari's message of "Wed, 21 Nov 2018 11:14:36 -0500") Message-ID: <87k1l66wg8.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: 33347-done Cc: guix-devel@gnu.org, alexvong1995@gmail.com, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Leo Famulari writes: > On Wed, Nov 21, 2018 at 10:41:08PM +0800, Alex Vong wrote: >> I think Leo may be busy since he hasn't reply yet. Should I just push >> given the CVE fix? > > Yes, please push :) Pushed as 6e35bad0a9d00f1eb94bb427ad856c219655e95d..f9e5caf9bae93fdafbaa6732b3b4eb45f0126656 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW/W3NwAKCRBh71Au9gJS 8hBuAP98sRGADgxaI2FZLgjuduGg1wzO/l/pWc3ILG8uFtgUfQD/XdrVCyQV6RSi ks+PNjFGMlvF2XXOkAOV8YXrLzI8XQQ= =HAma -----END PGP SIGNATURE----- --=-=-=-- From unknown Fri Aug 15 15:34:49 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 20 Dec 2018 12:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator