GNU bug report logs - #33347
[PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].

Previous Next

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Alex Vong <alexvong1995 <at> gmail.com>
Cc: 33347 <at> debbugs.gnu.org
Subject: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
Date: Tue, 13 Nov 2018 11:53:10 -0500

[Message part 1 (text/plain, inline)]

On Mon, Nov 12, 2018 at 03:09:39AM +0800, Alex Vong wrote:
>           (replace 'configure
>             (lambda* (#:key outputs #:allow-other-keys)
> +             (define (use-latest-json-parser file)
> +               (substitute* file
> +                 (("engine/external/json-parser/json\\.h")
> +                  "json-parser/json.h")
> +                 (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);")
> +                  "json_parse_ex(&JsonSettings,
> +                                 pFileData,
> +                                 strlen(pFileData),
> +                                 aError);")))
> +

Please add a code comment explaining this.

> -    ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG
> -    ;; library without a build system.

These sorts of mini-libraries are designed to be copied and pasted into
host projects rather than packaged on their own. That's why they don't
include a build system. For example, many cryptographic primitive
implementations are distributed this way — that's why you never see a
package for 'SHA256'. Is there a particular reason we should unbundle
pnglite?

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.