[PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].

DoneSubmitted by Alex Vong.
Details
2 participants
  • Alex Vong
  • Leo Famulari
Owner
unassigned
Severity
normal
A
A
Alex Vong wrote on 11 Nov 2018 20:03
(address . guix-patches@gnu.org)(address . alexvong1995@gmail.com)
871s7r3095.fsf@gmail.com
Tags: patch, security
Hello Guix,
This patch set upgrades teeworlds to its latest version in order to fixCVE-2018-18541, which is present in teeworlds before 0.6.5.
Cheers,Alex
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h89wAKCRBh71Au9gJS8ta7APoCx6Xy7BCPwWgUNIN0Qw2u83sSLsDNdXwqw9PwslgXJQEAwT+wdy+LP17NcFeJYnsxSpV+WC/JrtpMjuu/k8USdA0==Z4Gr-----END PGP SIGNATURE-----
A
A
Alex Vong wrote on 11 Nov 2018 20:06
[PATCH 1/4] gnu: Add pnglite.
(address . 33347@debbugs.gnu.org)(address . alexvong1995@gmail.com)
87wopj1ljg.fsf@gmail.com
From 71b7ccb3de4ca3d08032ca89f8bb2e7782f9959b Mon Sep 17 00:00:00 2001From: Alex Vong <alexvong1995@gmail.com>Date: Mon, 12 Nov 2018 01:55:05 +0800Subject: [PATCH 1/4] gnu: Add pnglite.
* gnu/packages/image.scm (pnglite): New variable.--- gnu/packages/image.scm | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
Toggle diff (75 lines)diff --git a/gnu/packages/image.scm b/gnu/packages/image.scmindex 9bf9bd7e5..889128173 100644--- a/gnu/packages/image.scm+++ b/gnu/packages/image.scm@@ -21,6 +21,7 @@ ;;; Copyright © 2018 Pierre Neidhardt <mail@ambrevar.xyz> ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2018 Pierre-Antoine Rouby <contact@parouby.fr>+;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -253,6 +254,60 @@ files. It can compress them as much as 40% losslessly.") ;; This package used to be wrongfully name "pngcrunch". (deprecated-package "pngcrunch" pngcrush)) +(define-public pnglite+ (let ((commit "11695c56f7d7db806920bd9229b69f230e6ffb38")+ (revision "1"))+ (package+ (name "pnglite")+ ;; The project was moved from sourceforge to github.+ ;; The latest version in sourceforge was 0.1.17:+ ;; https://sourceforge.net/projects/pnglite/files/pnglite/+ ;; No releases are made in github.+ (version (git-version "0.1.17" revision commit))+ (source (origin+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/dankar/pnglite")+ (commit commit)))+ (sha256+ (base32+ "1lmmkdxby5b8z9kx3zrpgpk33njpcf2xx8z9bgqag855sjsqbbby"))+ (file-name (git-file-name name version))))+ (build-system gnu-build-system)+ (arguments+ `(#:tests? #f+ #:phases+ (modify-phases %standard-phases+ (delete 'configure)+ (replace 'build+ (lambda _+ (let ((cflags '("-O2" "-fPIC"))+ (ldflags '("-shared")))+ (apply invoke+ `("gcc"+ "-o" "libpnglite.so"+ ,@cflags+ ,@ldflags+ "pnglite.c"))+ #t)))+ (replace 'install+ (lambda* (#:key outputs #:allow-other-keys)+ (let* ((out (assoc-ref outputs "out"))+ (lib (string-append out "/lib/"))+ (include (string-append out "/include/"))+ (doc (string-append out "/share/doc/"+ ,name "-" ,version "/")))+ (install-file "libpnglite.so" lib)+ (install-file "pnglite.h" include)+ (install-file "README.md" doc)+ #t))))))+ (inputs `(("zlib" ,zlib)))+ (home-page "https://github.com/dankar/pnglite")+ (synopsis "Pretty small png library")+ (description "A pretty small png library.+Currently all documentation resides in @file{pnglite.h}.")+ (license license:zlib))))+ (define-public libjpeg (package (name "libjpeg")-- 2.19.1
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h9swAKCRBh71Au9gJS8iYAAQCwz1cgPN+ocTn/SfrwjwufnKZI8C+JXR/5AqXKJpj6RAD8DbsHTc+H3S2BXfLNg6tAB5EpesW5dpleC8vSkysJ0wY==bX0y-----END PGP SIGNATURE-----
A
A
Alex Vong wrote on 11 Nov 2018 20:07
[PATCH 2/4] gnu: Add json-parser.
(address . 33347@debbugs.gnu.org)(address . alexvong1995@gmail.com)
87sh071lic.fsf@gmail.com
From 7caabdd6a49d568463501adadf70f13b818bccec Mon Sep 17 00:00:00 2001From: Alex Vong <alexvong1995@gmail.com>Date: Thu, 8 Nov 2018 10:53:43 +0800Subject: [PATCH 3/4] gnu: bam: Update to 0.5.1.
* gnu/packages/build-tools.scm (bam): Update to 0.5.1.[arguments]: Use newly provided Makefile.[inputs]: Add lua.--- gnu/packages/build-tools.scm | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-)
Toggle diff (69 lines)diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scmindex 42de56f8c..d24c9ce18 100644--- a/gnu/packages/build-tools.scm+++ b/gnu/packages/build-tools.scm@@ -5,6 +5,7 @@ ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com> ;;; Copyright © 2018 Tomáš Čech <sleep_walker@gnu.org> ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>+;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -30,6 +31,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages) #:use-module (gnu packages compression)+ #:use-module (gnu packages lua) #:use-module (gnu packages python) #:use-module (gnu packages python-crypto) #:use-module (gnu packages python-web)@@ -40,33 +42,28 @@ (define-public bam (package (name "bam")- (version "0.4.0")+ (version "0.5.1") (source (origin (method url-fetch)- (uri (string-append "http://github.com/downloads/matricks/"- "bam/bam-" version ".tar.bz2"))+ (uri (string-append "https://github.com/matricks/bam"+ "/archive/v" version ".tar.gz")) (sha256 (base32- "0z90wvyd4nfl7mybdrv9dsd4caaikc6fxw801b72gqi1m9q0c0sn"))))+ "1a8m7aa2xc23z3rqi5d15mxwp0hfappbmhkfpn7b3v156fprd1fc"))+ (file-name (string-append name "-" version ".tar.gz")))) (build-system gnu-build-system) (arguments- `(#:phases+ `(#:make-flags `("CC=gcc"+ ,(string-append "INSTALL_PREFIX="+ (assoc-ref %outputs "out")))+ #:test-target "test"+ #:phases (modify-phases %standard-phases- (delete 'configure)- (replace 'build- (lambda _- (zero? (system* "bash" "make_unix.sh"))))- (replace 'check- (lambda _- (zero? (system* "python" "scripts/test.py"))))- (replace 'install- (lambda* (#:key outputs #:allow-other-keys)- (let ((bin (string-append (assoc-ref outputs "out") "/bin")))- (mkdir-p bin)- (install-file "bam" bin)- #t))))))+ (delete 'configure)))) (native-inputs `(("python" ,python-2)))+ (inputs+ `(("lua" ,lua))) (home-page "https://matricks.github.io/bam/") (synopsis "Fast and flexible build system") (description "Bam is a fast and flexible build system. Bam uses Lua to-- 2.19.1
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h93AAKCRBh71Au9gJS8s5XAP9lptgNvVLzepPWA/zhw/Bo9MY17dZnRFD/ypsebFM1FAD+KsS5qc0smbEVf/6nBhz+WBpJAMnrLHBB1noK7hLMhQU==vCYn-----END PGP SIGNATURE-----
A
A
Alex Vong wrote on 11 Nov 2018 20:09
[PATCH 3/4] gnu: Add json-parser.
(address . 33347@debbugs.gnu.org)(address . alexvong1995@gmail.com)
87o9av1lf3.fsf@gmail.com
From 6696a1dd8c69b9349c4897d1ce5b73d585d9f077 Mon Sep 17 00:00:00 2001From: Alex Vong <alexvong1995@gmail.com>Date: Mon, 12 Nov 2018 02:23:27 +0800Subject: [PATCH 2/4] gnu: Add json-parser.
* gnu/packages/web.scm (json-parser): New variable.--- gnu/packages/web.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
Toggle diff (47 lines)diff --git a/gnu/packages/web.scm b/gnu/packages/web.scmindex b0ab4add8..082337d00 100644--- a/gnu/packages/web.scm+++ b/gnu/packages/web.scm@@ -28,6 +28,7 @@ ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr> ;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com> ;;; Copyright © 2018 Mădălin Ionel Patrașcu <madalinionel.patrascu@mdc-berlin.de>+;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -582,6 +583,32 @@ It aims to conform to RFC 7159.") (("-Werror") "")) #t)))))) +(define-public json-parser+ (package+ (name "json-parser")+ (version "1.1.0")+ (source (origin+ (method url-fetch)+ (uri (string-append "https://github.com/udp/json-parser"+ "/archive/v" version ".tar.gz"))+ (file-name (string-append name "-" version ".tar.gz"))+ (sha256+ (base32+ "0cyixd9azd2l86hkha4d11lxz0a54fbwg4hmby6zkfwx4s9qf9sw"))))+ (build-system gnu-build-system)+ (arguments '(#:tests? #f))+ (home-page "https://github.com/udp/json-parser")+ (synopsis "JSON parser written in ANSI C")+ (description "Very low footprint JSON parser written in portable ANSI C.++@itemize+@item BSD licensed with no dependencies (i.e. just drop the C file into your+project)+@item Never recurses or allocates more memory than it needs+@item Very simple API with operator sugar for C+++@end itemize")+ (license l:bsd-2)))+ (define-public qjson (package (name "qjson")-- 2.19.1
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h+UAAKCRBh71Au9gJS8mdrAP9SaTYcU+CwT9RklhU25NtApL3G3l3N/JY+DPJ9I7sv9wEAtS+p5CWQ/k41+XLLzBD9Av94+wmJao/SeWFZncJRBQg==+bND-----END PGP SIGNATURE-----
A
A
Alex Vong wrote on 11 Nov 2018 20:09
[PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
(address . 33347@debbugs.gnu.org)(address . alexvong1995@gmail.com)
87k1lj1le4.fsf@gmail.com
From 340a24167fe00a3ea62804bb97760b8ba3b2f6f8 Mon Sep 17 00:00:00 2001From: Alex Vong <alexvong1995@gmail.com>Date: Mon, 12 Nov 2018 02:42:25 +0800Subject: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
* gnu/packages/games.scm (teeworlds): Update to 0.7.0.[source]: Remove all bundled libraries.[arguments]: Adjust accordingly.[inputs]: Use sdl2 instead of sdl and python-wrapper instead of python-2.Add json-parser, libmd and pnglite.* gnu/packages/patches/teeworlds-use-latest-wavpack.patch: Update it.--- gnu/packages/games.scm | 107 ++++++++++++------ .../teeworlds-use-latest-wavpack.patch | 72 +++++++++--- 2 files changed, 129 insertions(+), 50 deletions(-)
Toggle diff (198 lines)diff --git a/gnu/packages/games.scm b/gnu/packages/games.scmindex 3679aa09c..8817e4db8 100644--- a/gnu/packages/games.scm+++ b/gnu/packages/games.scm@@ -35,6 +35,7 @@ ;;; Copyright © 2018 Tim Gesthuizen <tim.gesthuizen@yahoo.de> ;;; Copyright © 2018 Madalin Ionel-Patrascu <madalinionel.patrascu@mdc-berlin.de> ;;; Copyright © 2018 Benjamin Slade <slade@jnanam.net>+;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -4139,31 +4140,41 @@ small robot living in the nano world, repair its maker.") (define-public teeworlds (package (name "teeworlds")- (version "0.6.4")+ (version "0.7.0") (source (origin (method url-fetch)- (uri (string-append "https://github.com/teeworlds/teeworlds/"- "archive/" version "-release.tar.gz"))+ (uri (string-append "https://github.com/teeworlds/teeworlds"+ "/archive/" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32- "1mqhp6xjl75l49050cid36wxyjn1qr0vjx1c709dfg1lkvmgs6l3"))+ "1ih79qcfc44biiwyhc51gwvkyab4cy5hya9yc2bq8phf899fpz2q")) (modules '((guix build utils)))- (snippet- '(begin- (for-each delete-file-recursively- '("src/engine/external/wavpack/"- "src/engine/external/zlib/"))- #t))+ (snippet ; remove bundled libraries+ '(begin (delete-file-recursively "src/engine/external/")+ #t)) (patches (search-patches "teeworlds-use-latest-wavpack.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests included+ #:modules ((guix build gnu-build-system)+ (guix build utils)+ (srfi srfi-26)) #:phases (modify-phases %standard-phases (replace 'configure (lambda* (#:key outputs #:allow-other-keys)+ (define (use-latest-json-parser file)+ (substitute* file+ (("engine/external/json-parser/json\\.h")+ "json-parser/json.h")+ (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);")+ "json_parse_ex(&JsonSettings,+ pFileData,+ strlen(pFileData),+ aError);")))+ ;; Embed path to assets. (substitute* "src/engine/shared/storage.cpp" (("#define DATA_DIR.*")@@ -4173,50 +4184,76 @@ small robot living in the nano world, repair its maker.") "\""))) ;; Bam expects all files to have a recent time stamp.- (for-each (lambda (file)- (utime file 1 1))+ (for-each (cut utime <> 1 1) (find-files ".")) ;; Do not use bundled libraries. (substitute* "bam.lua"- (("if config.zlib.value == 1 then")- "if true then")- (("wavpack = .*")- "wavpack = {}-settings.link.libs:Add(\"wavpack\")\n"))+ (("local json = Compile.+$")+ "local json = nil+settings.link.libs:Add(\"jsonparser\")")+ (("local md5 = Compile.+$")+ "local md5 = nil+settings.link.libs:Add(\"md\")")+ (("local png = Compile.+$")+ "local png = nil+settings.link.libs:Add(\"pnglite\")")+ (("local wavpack = Compile.+$")+ "local wavpack = nil+settings.link.libs:Add(\"wavpack\")")+ (("if config\\.zlib\\.value == 1")+ "settings.cc.flags:Add(\"-DLIBMD_MD5_ALADDIN\")+if config.zlib.value"))+ (substitute* "src/engine/shared/network_token.cpp"+ (("engine/external/md5/md5\\.h")+ "md5.h"))+ (substitute* "src/engine/client/graphics_threaded.cpp"+ (("engine/external/pnglite/pnglite\\.h")+ "pnglite.h")) (substitute* "src/engine/client/sound.cpp"- (("#include <engine/external/wavpack/wavpack.h>")- "#include <wavpack/wavpack.h>"))+ (("engine/external/wavpack/wavpack\\.h")+ "wavpack/wavpack.h"))+ (for-each use-latest-json-parser+ '("src/game/client/components/countryflags.cpp"+ "src/game/client/components/menus_settings.cpp"+ "src/game/client/components/skins.cpp"+ "src/game/client/localization.cpp"+ "src/game/editor/auto_map.h"+ "src/game/editor/editor.cpp")) #t)) (replace 'build (lambda _- (zero? (system* "bam" "-a" "-v" "release"))))+ (invoke "bam" "-a" "-v" "conf=release"))) (replace 'install (lambda* (#:key outputs #:allow-other-keys)- (let* ((out (assoc-ref outputs "out"))- (bin (string-append out "/bin"))- (data (string-append out "/share/teeworlds/data")))- (mkdir-p bin)- (mkdir-p data)- (for-each (lambda (file)- (install-file file bin))- '("teeworlds" "teeworlds_srv"))- (copy-recursively "data" data)+ (let* ((arch ,(system->linux-architecture+ (or (%current-target-system)+ (%current-system))))+ (build (string-append "build/" arch "/release/"))+ (data-built (string-append build "data/"))+ (out (assoc-ref outputs "out"))+ (bin (string-append out "/bin/"))+ (data (string-append out "/share/teeworlds/data/")))+ (for-each (cut install-file <> bin)+ (map (cut string-append build <>)+ '("teeworlds" "teeworlds_srv")))+ (copy-recursively data-built data) #t))))))- ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG- ;; library without a build system. (inputs `(("freetype" ,freetype) ("glu" ,glu)+ ("json-parser" ,json-parser)+ ("libmd" ,libmd) ("mesa" ,mesa)- ("sdl-union" ,(sdl-union (list sdl- sdl-mixer- sdl-image)))+ ("pnglite" ,pnglite)+ ("sdl2" ,sdl2)+ ("sdl2-image" ,sdl2-image)+ ("sdl2-mixer" ,sdl2-mixer) ("wavpack" ,wavpack) ("zlib" ,zlib))) (native-inputs `(("bam" ,bam)- ("python" ,python-2)+ ("python" ,python-wrapper) ("pkg-config" ,pkg-config))) (home-page "https://www.teeworlds.com") (synopsis "2D retro multiplayer shooter game")diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gnu/packages/patches/teeworlds-use-latest-wavpack.patchindex e9fd99108..3ad1340d2 100644--- a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch+++ b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch@@ -1,10 +1,20 @@-Downloaded from https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/plain/debian/patches/new-wavpack.patch.+Downloaded from https://salsa.debian.org/games-team/teeworlds/raw/master/debian/patches/new-wavpack.patch. -This patch lets us build teeworlds with wavpack 5.1.0.+From: Markus Koschany <apo@debian.org>+Date: Thu, 25 Oct 2018 20:52:27 +0200+Subject: new-wavpack +Make wavpack compatible with Debian's version.+---+ src/engine/client/sound.cpp | 33 +++++++++++++++------------------+ src/engine/client/sound.h | 4 ----+ 2 files changed, 15 insertions(+), 22 deletions(-)++diff --git a/src/engine/client/sound.cpp b/src/engine/client/sound.cpp+index 048ec24..80de3c5 100644 --- a/src/engine/client/sound.cpp +++ b/src/engine/client/sound.cpp-@@ -328,17 +328,14 @@ void CSound::RateConvert(int SampleID)+@@ -325,10 +325,6 @@ void CSound::RateConvert(int SampleID) pSample->m_NumFrames = NumFrames; } @@ -12,10 +22,10 @@ This patch lets us build teeworlds with wavpack 5.1.0. -{ - return io_read(ms_File, pBuffer, Size); -}
--- int CSound::LoadWV(const char *pFilename)+ + ISound::CSampleHandle CSound::LoadWV(const char *pFilename) {- CSample *pSample;+@@ -336,6 +332,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) int SampleID = -1; char aError[100]; WavpackContext *pContext;@@ -24,17 +34,18 @@ This patch lets us build teeworlds with wavpack 5.1.0. // don't waste memory on sound when we are stress testing if(g_Config.m_DbgStress)-@@ -351,19 +348,23 @@ int CSound::LoadWV(const char *pFilename- if(!m_pStorage)- return -1;+@@ -349,25 +347,29 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)+ return CSampleHandle(); + lock_wait(m_SoundLock); - ms_File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL); - if(!ms_File) + File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL, aWholePath, sizeof(aWholePath)); + if(!File) { dbg_msg("sound/wv", "failed to open file. filename='%s'", pFilename);- return -1;+ lock_unlock(m_SoundLock);+ return CSampleHandle(); } + else + {@@ -43,7 +54,14 @@ This patch lets us build teeworlds with wavpack 5.1.0. SampleID = AllocID(); if(SampleID < 0)- return -1;+ {+- io_close(ms_File);+- ms_File = 0;++ io_close(File);++ File = 0;+ lock_unlock(m_SoundLock);+ return CSampleHandle();+ } pSample = &m_aSamples[SampleID]; - pContext = WavpackOpenFileInput(ReadData, aError);@@ -51,7 +69,29 @@ This patch lets us build teeworlds with wavpack 5.1.0. if (pContext) { int m_aSamples = WavpackGetNumSamples(pContext);-@@ -419,9 +420,6 @@ int CSound::LoadWV(const char *pFilename+@@ -385,8 +387,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)+ if(pSample->m_Channels > 2)+ {+ dbg_msg("sound/wv", "file is not mono or stereo. filename='%s'", pFilename);+- io_close(ms_File);+- ms_File = 0;++ io_close(File);++ File = 0;+ lock_unlock(m_SoundLock);+ return CSampleHandle();+ }+@@ -401,8 +403,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)+ if(BitsPerSample != 16)+ {+ dbg_msg("sound/wv", "bps is %d, not 16, filname='%s'", BitsPerSample, pFilename);+- io_close(ms_File);+- ms_File = 0;++ io_close(File);++ File = 0;+ lock_unlock(m_SoundLock);+ return CSampleHandle();+ }+@@ -429,9 +431,6 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError); } @@ -61,14 +101,16 @@ This patch lets us build teeworlds with wavpack 5.1.0. if(g_Config.m_Debug) dbg_msg("sound/wv", "loaded %s", pFilename); -@@ -527,7 +525,5 @@ void CSound::StopAll()- lock_unlock(m_SoundLock);+@@ -560,7 +559,5 @@ bool CSound::IsPlaying(CSampleHandle SampleID)+ return Ret; } -IOHANDLE CSound::ms_File = 0; - IEngineSound *CreateEngineSound() { return new CSound; } +diff --git a/src/engine/client/sound.h b/src/engine/client/sound.h+index ff357c0..cec2cde 100644 --- a/src/engine/client/sound.h +++ b/src/engine/client/sound.h @@ -21,10 +21,6 @@ public:@@ -81,4 +123,4 @@ This patch lets us build teeworlds with wavpack 5.1.0. - virtual bool IsSoundEnabled() { return m_SoundEnabled != 0; } - virtual int LoadWV(const char *pFilename);+ virtual CSampleHandle LoadWV(const char *pFilename);-- 2.19.1
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h+cwAKCRBh71Au9gJS8vuPAQC61zDZU1DCN9gbznDK941IZGv9isiKv1Ik4mWGkE6+zwEAgwfkouzxHBixn7oIl/OXYqCZH9KpJVqPiw+UKrEhrQU==Xatc-----END PGP SIGNATURE-----
A
A
Alex Vong wrote on 11 Nov 2018 20:13
Re: [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
(address . guix-patches@gnu.org)(address . alexvong1995@gmail.com)
87a7mf1l8a.fsf@gmail.com
Alex Vong <alexvong1995@gmail.com> writes:
Toggle quote (7 lines)> Tags: patch, security>> Hello Guix,>> This patch set upgrades teeworlds to its latest version in order to fix> CVE-2018-18541, which is present in teeworlds before 0.6.5.>
I forget to mention I also remove all bundled libraries.
Toggle quote (2 lines)> Cheers,> Alex
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+h/RQAKCRBh71Au9gJS8qEIAQC1x22IgYyoL4cUAFSV41dwlXH9rbvwGLvwdPrqpcNBWgD9FeDhiHm13n8vIoTQoNAf25Uj+uR9bEW7sUZRfACDDgg==TK+i-----END PGP SIGNATURE-----
L
L
Leo Famulari wrote on 13 Nov 2018 17:47
Re: [bug#33347] [PATCH 3/4] gnu: Add json-parser.
(name . Alex Vong)(address . alexvong1995@gmail.com)(address . 33347@debbugs.gnu.org)
20181113164749.GA8498@jasmine.lan
On Mon, Nov 12, 2018 at 03:09:04AM +0800, Alex Vong wrote:
Toggle quote (9 lines)> From 6696a1dd8c69b9349c4897d1ce5b73d585d9f077 Mon Sep 17 00:00:00 2001> From: Alex Vong <alexvong1995@gmail.com>> Date: Mon, 12 Nov 2018 02:23:27 +0800> Subject: [PATCH 2/4] gnu: Add json-parser.> > * gnu/packages/web.scm (json-parser): New variable.
> + (arguments '(#:tests? #f))
Please add a comment explaining why we skip the tests. If there are notests, it can be as simple as "No test suite.".
Toggle quote (2 lines)> + (description "Very low footprint JSON parser written in portable ANSI C.
Please use a complete sentence. For example, "This package provides avery low footprint ...".
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvrADUACgkQJkb6MLrKfwjQZA/+NApPELGIyqyMQ51SuTINHyBDwyoB0+PVOtqL8Xob68W4yvTbjHI/enHFr11kckwcCkmbutRs1kRJFtXKQ+IcdtTaZAX4v2ptH7sJUuTXwM9lRX29V66rzeZ57eORGz80/ZK53O92zjvewkd8cK/nFsGjsiZ4EphC1OAnJ6Qm85uIkA+KhxN+Vmxyx/G27IOAo/WPBf4PBoVJg1Mq6FGZbhQNXkBkCYItQgbDcGHGRwulfeEkBo4pl3odZuJ2I5FozcAbwpcPnPw+Z3jvs9eiKvKQbYGjQBVRmlIQ4buRqnjy2CQogpiMrEIk+4YOJCti1mb8gnKAXVUOGgOBEt0TA12G0Vzy4uwnI4d4EM3wZ29Do9y4A85GgtIUNxFsU2Tk/J+ZLheT56JZoxi41/zsOzVFlYMjJ0AywBLzDJuxm6klz3eP2DGEPEO6/WwvU6ckMw0fpDVpeFf+S9kEn+TkzK/16Fsl1cUm9K8QzELg2aDmcSr+9ympPbAqeJbMzf4wvimexjl3ovQtXoIU6HNXRcUKijL42cLjnk7oEDT/Hc+4Gq0rnwyxXswZY4WMTQ0OI5JANDPLWVGMtFagrQ+u8SE+tFcMZNrEKoqdiJkIltge8NK+gOb1PbEaLlak6nva48mZwuHsCVqOT6ctUhbvhopwu1W5+6FA+7OdRIlOeaA==Eb+Q-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 13 Nov 2018 17:49
Re: [bug#33347] [PATCH 2/4] gnu: Add json-parser.
(name . Alex Vong)(address . alexvong1995@gmail.com)(address . 33347@debbugs.gnu.org)
20181113164900.GB8498@jasmine.lan
On Mon, Nov 12, 2018 at 03:07:07AM +0800, Alex Vong wrote:
Toggle quote (7 lines)> (source (origin> (method url-fetch)> - (uri (string-append "http://github.com/downloads/matricks/"> - "bam/bam-" version ".tar.bz2"))> + (uri (string-append "https://github.com/matricks/bam"> + "/archive/v" version ".tar.gz"))
We should consider fetching the source with Git — these auto-generatedGitHub snapshot tarballs may change in the future.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvrAHwACgkQJkb6MLrKfwjziBAAwnrQBmaR6tRhmtssxxKIG0fyMHEIRQ+EqBE1wElb6Y2iZTJwa8No/B7evfYkhXy+LGnRVCjYwNFcEWgQCGob3HYoU0a5GBLD59AHwGo33NneE8AI/6HXYIQwsJFa8TyBMxd48LqRBrBdZkpVWZg9kub2tJjhTUNwLDg4GqQm2pdKgB3ple3bC/4pk7umQIg3btLt3O9heUanOU7uUARKz4I/0h50Mq2lH4b8tPJ0CnZbXOcQX6qotJc6bcV0G/rsDxEtWlFbcox3/2aifGHZWLnIIXH9mlP+u8ZHJ7oiaHJMH1RR0K8RUBWoVVhclROD2RK2CiXIedSDwXC+nGUBBXEubRJJMEHdt6qZQuYPnggAdunIP/CASqZXj8fDfRxo5ECNZh+UOzTcR5FAo+AOZ/3grcnxkEGmhD/J+q0ypfLr6jjJBi6Z8psTgkvKlImWqwz41E1JhbTT0G6yOFI3bwyx+DfY1tM7j7R9aiwFFG6be50tvhXTp9NSXKCfsQjOUBBj8oBXcLTo3fxOOZHQ/iSK8jP9/HgCkjo38t0k7SqGk/ZytF/2zMvx9R7b/2vr5KKjjPJWjaC2dO8xdQScE2nQMtGCRqfSlVsR2RDwT4Ian3ltOmtb1wfgmN2cAhqBDIl7OeoCu8GaHHYIKQXcIN2oYg8hvn5XhMOGkWpKTLs==1ex1-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 13 Nov 2018 17:53
Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
(name . Alex Vong)(address . alexvong1995@gmail.com)(address . 33347@debbugs.gnu.org)
20181113165310.GC8498@jasmine.lan
On Mon, Nov 12, 2018 at 03:09:39AM +0800, Alex Vong wrote:
Toggle quote (13 lines)> (replace 'configure> (lambda* (#:key outputs #:allow-other-keys)> + (define (use-latest-json-parser file)> + (substitute* file> + (("engine/external/json-parser/json\\.h")> + "json-parser/json.h")> + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);")> + "json_parse_ex(&JsonSettings,> + pFileData,> + strlen(pFileData),> + aError);")))> +
Please add a code comment explaining this.
Toggle quote (3 lines)> - ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG> - ;; library without a build system.
These sorts of mini-libraries are designed to be copied and pasted intohost projects rather than packaged on their own. That's why they don'tinclude a build system. For example, many cryptographic primitiveimplementations are distributed this way — that's why you never see apackage for 'SHA256'. Is there a particular reason we should unbundlepnglite?
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvrAXUACgkQJkb6MLrKfwg5rBAAkV7c6kOp6J0nBxmTjX8ChY3gvrjMyF7S0xBJrR7xLQBz1C+bICdFk7qQLS5XQ/m0thJmyCIUsaN9XXqTNvX37d3B+ZGqL+DoW1QZ919H98TqMrFxnTaQd+4qqwbQpRFbj1WRgkwQYVydPwall1BzwnxRkxp63UrIa4fnloExaSzLZQKE28ckrDeLOahayLKL/OHqs5ufRDq5TPRFYrccnfc4G29r3tWMf/AxP0bnrpG7ArXf9c9lRdibLvZwfDy3c4Er6fOj7idk90M1+SdTfcXO2mpYCFQ65f/E8vQuxHF7KlOgLGb2upKn2WECnLFag+10CVgnUGozi7N1N9M+Z8vg4zdnExD5fdlnry205I1itt/+0Al7nvEchyc1CRyhBxSVqSnPplILL7uXv95UVCppyvJrxaWmsS4pLOOXPbIg1X3t4gaSEvO2dSrgXHwXJDoR/KQ8aJKaiywKrggNeR9nLipySSVLkPyMi4YW43EC2q6XzKUJurB/aDtwKVwpseBZ+cKdVBcJQyhjJr6gToB1noCuS0cfJ+EKBJ188kHbGTsa/3ulrHZ8S43QqjCiw4brxD2dHVtQj/cVZnFH0KkFXF9iGIjvdYKVjn6VWBtZ7CaW36gPRwudLbX46/Dq6hl7wuiidqZzoMtD1pJ5VgIWMvszVXjbnibg55doOrg==xckU-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 13 Nov 2018 17:54
Re: [bug#33347] [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
(name . Alex Vong)(address . alexvong1995@gmail.com)(address . 33347@debbugs.gnu.org)
20181113165417.GD8498@jasmine.lan
On Mon, Nov 12, 2018 at 03:03:18AM +0800, Alex Vong wrote:
Toggle quote (7 lines)> Tags: patch, security> > Hello Guix,> > This patch set upgrades teeworlds to its latest version in order to fix> CVE-2018-18541, which is present in teeworlds before 0.6.5.
I sent my comments to the individual patches. Thank you!
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvrAbkACgkQJkb6MLrKfwgiexAA3FTA6Ups1nD0VSyWhFFWUCprzhD+pGT+bbSky53wTs189ILkso+MXEzOf8DIQLqJIhemWOxW7bEHbg4J1YU0uIjkIhNExJIiJEJ9OrR1O1QISrqBp8vqwdyD1KvHuIApOsnKiUPhq4UsABfO2uu5doDC/1m+sQlyA/cLtT3CSE2azedz9NHSNNlrwsKzTg2+GXL+kjJetNA0WQZvmXge6IKJwerEahrfjg+NgkkFqzn/++CSbBWh0dLVLy4DuEBR26VKxjiw0/DBSAxaEzdxCTHkMNLPNdIuQTaeF3A9ivFUDNr9JrGGpnX78amuCMCJo33umg5BOHfhA5CrgeguO/WVm+D+7c6ARVuPXmJop3/LxphN03McL/Rt8uVf5VBvmNlhJUcuR2b17KkzVs3pbLujYFwptOmbWqVIc9je6CEF1YBkSXUbWaWEc/uN6lJ6qZq2en3xZjbW/qnIXCRhLsn2Lxzb0Brfi2TbSFdbRMztwbqQs9jOaWShXJZdhi12APXx+8eoq78MLxGYYdmHm59rrzu3U1RJEPAhei1/g+8s6W8BUy6+6B+P3jog8k9HPg9RTZ/l4AEwxKHS452ZzzVGbO/qA9jSAdO8vsVHmtWn1C+7sX8vQFMJQWgFCdjFD+R7v+gMXTBRGVOPVWhvfO200ojwvz4F62vYsNjXSb8==pv2m-----END PGP SIGNATURE-----

A
A
Alex Vong wrote on 14 Nov 2018 14:14
Re: [bug#33347] [PATCH 3/4] gnu: Add json-parser.
(name . Leo Famulari)(address . leo@famulari.name)
87bm6r3ip0.fsf@gmail.com
Leo Famulari <leo@famulari.name> writes:
Toggle quote (13 lines)> On Mon, Nov 12, 2018 at 03:09:04AM +0800, Alex Vong wrote:>> From 6696a1dd8c69b9349c4897d1ce5b73d585d9f077 Mon Sep 17 00:00:00 2001>> From: Alex Vong <alexvong1995@gmail.com>>> Date: Mon, 12 Nov 2018 02:23:27 +0800>> Subject: [PATCH 2/4] gnu: Add json-parser.>> >> * gnu/packages/web.scm (json-parser): New variable.>>> + (arguments '(#:tests? #f))>> Please add a comment explaining why we skip the tests. If there are no> tests, it can be as simple as "No test suite.".>
OK
Toggle quote (5 lines)>> + (description "Very low footprint JSON parser written in portable ANSI C.>> Please use a complete sentence. For example, "This package provides a> very low footprint ...".
The description was copied from upstream, but of course we can improveit.
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+wfmwAKCRBh71Au9gJS8r2rAP9UTht2031ZRuMH592By3UXUAy+BvCwcx99WI0XjJnu5gEAnV9ir3/zYRvTk+EirxIZnlAtgp8GzEJlqx0myUCZvQ0==+4bR-----END PGP SIGNATURE-----
A
A
Alex Vong wrote on 14 Nov 2018 14:19
Re: [bug#33347] [PATCH 2/4] gnu: Add json-parser.
(name . Leo Famulari)(address . leo@famulari.name)
877ehf3if9.fsf@gmail.com
Leo Famulari <leo@famulari.name> writes:
Toggle quote (11 lines)> On Mon, Nov 12, 2018 at 03:07:07AM +0800, Alex Vong wrote:>> (source (origin>> (method url-fetch)>> - (uri (string-append "http://github.com/downloads/matricks/">> - "bam/bam-" version ".tar.bz2"))>> + (uri (string-append "https://github.com/matricks/bam">> + "/archive/v" version ".tar.gz"))>> We should consider fetching the source with Git — these auto-generated> GitHub snapshot tarballs may change in the future.
OK
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+wg+gAKCRBh71Au9gJS8nnTAP9kKgCJ46ksir5zFSB42ESKi/s5teYjVOjQKk/t3XTF7AD/by8GJCoNmz9TrT0Ijoke5ftb+liX71rV4tyyF1VigwQ==iTlA-----END PGP SIGNATURE-----
A
A
Alex Vong wrote on 14 Nov 2018 14:36
Re: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
(name . Leo Famulari)(address . leo@famulari.name)
8736s33hnq.fsf@gmail.com
Leo Famulari <leo@famulari.name> writes:
Toggle quote (16 lines)> On Mon, Nov 12, 2018 at 03:09:39AM +0800, Alex Vong wrote:>> (replace 'configure>> (lambda* (#:key outputs #:allow-other-keys)>> + (define (use-latest-json-parser file)>> + (substitute* file>> + (("engine/external/json-parser/json\\.h")>> + "json-parser/json.h")>> + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);")>> + "json_parse_ex(&JsonSettings,>> + pFileData,>> + strlen(pFileData),>> + aError);")))>> +>> Please add a code comment explaining this.>
OK
Toggle quote (10 lines)>> - ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG>> - ;; library without a build system.>> These sorts of mini-libraries are designed to be copied and pasted into> host projects rather than packaged on their own. That's why they don't> include a build system. For example, many cryptographic primitive> implementations are distributed this way — that's why you never see a> package for 'SHA256'. Is there a particular reason we should unbundle> pnglite?
Well, I though we have a policy to remove bundle dependencies in orderto avoid building the same library many times. Do we make exceptions forshared libraries w/o a build system? (an exception I can think of isgnulib)
Besides, the FIXME comment seems to suggest future readers to helpremove the bundled pnglite. Debian also removes the bundled pnglite inteeworlds[0].
Thanks for all the feedback!
[0]: https://packages.debian.org/sid/teeworlds
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+wk2QAKCRBh71Au9gJS8jRoAQDq5PV9VGZ8JgmIoqVwlO8MJF7pZBJvT8bOSOVP+qNzZAEA4cxSAIZiJ4MZj5MM/YtuyHmmGa7rkhHHyYdGPFkp1A0==mO6F-----END PGP SIGNATURE-----
L
L
Leo Famulari wrote on 14 Nov 2018 18:39
(name . Alex Vong)(address . alexvong1995@gmail.com)(address . 33347@debbugs.gnu.org)
20181114173931.GB2408@jasmine.lan
On Wed, Nov 14, 2018 at 09:36:25PM +0800, Alex Vong wrote:
Toggle quote (5 lines)> Well, I though we have a policy to remove bundle dependencies in order> to avoid building the same library many times. Do we make exceptions for> shared libraries w/o a build system? (an exception I can think of is> gnulib)
In general, yes, our policy is to unbundle things when practical.
But there are some commonly used software implementations of basicfunctions (like base64, sha1 (most hash functions actually), et cetera)that are specifically designed to be copied and pasted into theapplication that will be using them.
You can usually tell this is the case because the thing will not haveany build system at all, like you suggest. Also because you find thesame copy-pasted code in almost every program you look at, like withbase64 and the hash functions.
Toggle quote (4 lines)> Besides, the FIXME comment seems to suggest future readers to help> remove the bundled pnglite. Debian also removes the bundled pnglite in> teeworlds[0].
Well, at a certain point it becomes a matter of taste, and the choiceshould be made by the person doing the work — you! Either way is finefor Guix :) The important thing is to get this Teeworlds fix pushedwithout too much delay.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvsXdMACgkQJkb6MLrKfwgwtRAA5LEBjDS8bZD7YwI6revifNLwVriClW4/n+HS02K0dBiZXUQ3ZbxJ4DYFk79qr9J27P3lkr9iW+ks8LzBJhfSKm7PMKuzVN1cEXmsblOC+7MJctnM0ctANxnmvwk07omESQw6yBvusenrt9GU5kDUtx6coN3KR3gAHZ6UF7ol0rwgeewjgeSOyviPuQrWbAkRlBVr1imGFpqn5JObgYEs0Ffy0O8fq8CNUt++/zIKXXH9OTht+dC1UDDHfuYwLiyzr/OXL+npDTnzwuPRBz/9YKa4a7Ezwcs/H4y7bQqhpZljml+LVPiUJWsmuBKXO2Aa7ytNv096xJGkQSLmpR1V8g5lZPoDfEdk5PAtI52vc0L1vzkWHIQCoaTeQe0NuM7qNsAbg0qUJAHvANDyBD3AMnLtP/k7Hz5aKz/kwLCGMLMl7bWAuqUH6vC/MqeazaBfX6b2XfjvE1tzqoSiWyDwLeXNdpz/QVK6zs4Cl8sZ5B+1XUKXX5jTasyzzmzsFwsd0cdh+hDyWMtClKyPgoIUTcXEtj3Q7PGDldYIhKfOotulB8cLlxyHOYnrzp9crwQf40ZMl8TChCJb1V2/a4Xu5M90IspClapJQvW5zpbOuIUzGvFdRxOI/FZncoetY1NO7JDlg7wlHQyHqgIsys3gewK9teRmK2NkYWjTIPGlBUk==3UKK-----END PGP SIGNATURE-----

A
A
Alex Vong wrote on 14 Nov 2018 22:14
(name . Leo Famulari)(address . leo@famulari.name)
87va4z1hv9.fsf@gmail.com
Leo Famulari <leo@famulari.name> writes:
Toggle quote (27 lines)> On Wed, Nov 14, 2018 at 09:36:25PM +0800, Alex Vong wrote:>> Well, I though we have a policy to remove bundle dependencies in order>> to avoid building the same library many times. Do we make exceptions for>> shared libraries w/o a build system? (an exception I can think of is>> gnulib)>> In general, yes, our policy is to unbundle things when practical.>> But there are some commonly used software implementations of basic> functions (like base64, sha1 (most hash functions actually), et cetera)> that are specifically designed to be copied and pasted into the> application that will be using them.>> You can usually tell this is the case because the thing will not have> any build system at all, like you suggest. Also because you find the> same copy-pasted code in almost every program you look at, like with> base64 and the hash functions.>>> Besides, the FIXME comment seems to suggest future readers to help>> remove the bundled pnglite. Debian also removes the bundled pnglite in>> teeworlds[0].>> Well, at a certain point it becomes a matter of taste, and the choice> should be made by the person doing the work — you! Either way is fine> for Guix :) The important thing is to get this Teeworlds fix pushed> without too much delay.
Yes, we should get it fix fast :) I decide not to unbundle md5 because Iactually need to use a hack to make teeworlds build with libmd. But Istill have pnglite unbundle because it looks standalone enough for meand no hacks are required to unbundle. Here are the new patches:
From 5e7cb656306622e88352332c6ed9668d8afc60c4 Mon Sep 17 00:00:00 2001From: Alex Vong <alexvong1995@gmail.com>Date: Mon, 12 Nov 2018 01:55:05 +0800Subject: [PATCH 1/4] gnu: Add pnglite.
* gnu/packages/image.scm (pnglite): New variable.--- gnu/packages/image.scm | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+)
Toggle diff (76 lines)diff --git a/gnu/packages/image.scm b/gnu/packages/image.scmindex 9bf9bd7e5..6c025e02f 100644--- a/gnu/packages/image.scm+++ b/gnu/packages/image.scm@@ -21,6 +21,7 @@ ;;; Copyright © 2018 Pierre Neidhardt <mail@ambrevar.xyz> ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2018 Pierre-Antoine Rouby <contact@parouby.fr>+;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -253,6 +254,61 @@ files. It can compress them as much as 40% losslessly.") ;; This package used to be wrongfully name "pngcrunch". (deprecated-package "pngcrunch" pngcrush)) +(define-public pnglite+ (let ((commit "11695c56f7d7db806920bd9229b69f230e6ffb38")+ (revision "1"))+ (package+ (name "pnglite")+ ;; The project was moved from sourceforge to github.+ ;; The latest version in sourceforge was 0.1.17:+ ;; https://sourceforge.net/projects/pnglite/files/pnglite/+ ;; No releases are made in github.+ (version (git-version "0.1.17" revision commit))+ (source (origin+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/dankar/pnglite")+ (commit commit)))+ (sha256+ (base32+ "1lmmkdxby5b8z9kx3zrpgpk33njpcf2xx8z9bgqag855sjsqbbby"))+ (file-name (git-file-name name version))))+ (build-system gnu-build-system)+ (arguments+ `(#:tests? #f ; no tests+ #:phases+ (modify-phases %standard-phases+ (delete 'configure)+ (replace 'build+ (lambda _+ ;; common build flags for building shared libraries+ (let ((cflags '("-O2" "-g" "-fPIC"))+ (ldflags '("-shared")))+ (apply invoke+ `("gcc"+ "-o" "libpnglite.so"+ ,@cflags+ ,@ldflags+ "pnglite.c"))+ #t)))+ (replace 'install+ (lambda* (#:key outputs #:allow-other-keys)+ (let* ((out (assoc-ref outputs "out"))+ (lib (string-append out "/lib/"))+ (include (string-append out "/include/"))+ (doc (string-append out "/share/doc/"+ ,name "-" ,version "/")))+ (install-file "libpnglite.so" lib)+ (install-file "pnglite.h" include)+ (install-file "README.md" doc)+ #t))))))+ (inputs `(("zlib" ,zlib)))+ (home-page "https://github.com/dankar/pnglite")+ (synopsis "Pretty small png library")+ (description "A pretty small png library.+Currently all documentation resides in @file{pnglite.h}.")+ (license license:zlib))))+ (define-public libjpeg (package (name "libjpeg")-- 2.19.1
From e786c6e470a6930af9107e9722bea95a03c5d1c9 Mon Sep 17 00:00:00 2001From: Alex Vong <alexvong1995@gmail.com>Date: Mon, 12 Nov 2018 02:23:27 +0800Subject: [PATCH 2/4] gnu: Add json-parser.
* gnu/packages/web.scm (json-parser): New variable.--- gnu/packages/web.scm | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)
Toggle diff (52 lines)diff --git a/gnu/packages/web.scm b/gnu/packages/web.scmindex 03deab422..cde3d00c1 100644--- a/gnu/packages/web.scm+++ b/gnu/packages/web.scm@@ -28,6 +28,7 @@ ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr> ;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com> ;;; Copyright © 2018 Mădălin Ionel Patrașcu <madalinionel.patrascu@mdc-berlin.de>+;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -582,6 +583,37 @@ It aims to conform to RFC 7159.") (("-Werror") "")) #t)))))) +(define-public json-parser+ (package+ (name "json-parser")+ (version "1.1.0")+ (source (origin+ ;; do not use auto-generated tarballs+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/udp/json-parser.git")+ (commit (string-append "v" version))))+ (file-name (git-file-name name version))+ (sha256+ (base32+ "1ls7z4fx0sq633s5bc0j1gh36sv087gmrgr7rza22wjq2d4606yf"))))+ ;; FIXME: we should build the python bindings in a separate package+ (build-system gnu-build-system)+ ;; the tests are written for the python bindings which are not built here+ (arguments '(#:tests? #f))+ (home-page "https://github.com/udp/json-parser")+ (synopsis "JSON parser written in ANSI C")+ (description "This package provides a very low footprint JSON parser+written in portable ANSI C.++@itemize+@item BSD licensed with no dependencies (i.e. just drop the C file into your+project)+@item Never recurses or allocates more memory than it needs+@item Very simple API with operator sugar for C+++@end itemize")+ (license l:bsd-2)))+ (define-public qjson (package (name "qjson")-- 2.19.1
From b1cdc9568f8d82ed7096328d0b3845fc32b4efe8 Mon Sep 17 00:00:00 2001From: Alex Vong <alexvong1995@gmail.com>Date: Thu, 8 Nov 2018 10:53:43 +0800Subject: [PATCH 3/4] gnu: bam: Update to 0.5.1.
* gnu/packages/build-tools.scm (bam): Update to 0.5.1.[source]: Switch to git-fetch.[arguments]: Use newly provided Makefile.[inputs]: Add lua.--- gnu/packages/build-tools.scm | 37 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 19 deletions(-)
Toggle diff (72 lines)diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scmindex 42de56f8c..a52ee480a 100644--- a/gnu/packages/build-tools.scm+++ b/gnu/packages/build-tools.scm@@ -5,6 +5,7 @@ ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com> ;;; Copyright © 2018 Tomáš Čech <sleep_walker@gnu.org> ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>+;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -30,6 +31,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages) #:use-module (gnu packages compression)+ #:use-module (gnu packages lua) #:use-module (gnu packages python) #:use-module (gnu packages python-crypto) #:use-module (gnu packages python-web)@@ -40,33 +42,30 @@ (define-public bam (package (name "bam")- (version "0.4.0")+ (version "0.5.1") (source (origin- (method url-fetch)- (uri (string-append "http://github.com/downloads/matricks/"- "bam/bam-" version ".tar.bz2"))+ ;; do not use auto-generated tarballs+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/matricks/bam.git")+ (commit (string-append "v" version))))+ (file-name (git-file-name name version)) (sha256 (base32- "0z90wvyd4nfl7mybdrv9dsd4caaikc6fxw801b72gqi1m9q0c0sn"))))+ "13br735ig7lygvzyfd15fc2rdygrqm503j6xj5xkrl1r7w2wipq6")))) (build-system gnu-build-system) (arguments- `(#:phases+ `(#:make-flags `("CC=gcc"+ ,(string-append "INSTALL_PREFIX="+ (assoc-ref %outputs "out")))+ #:test-target "test"+ #:phases (modify-phases %standard-phases- (delete 'configure)- (replace 'build- (lambda _- (zero? (system* "bash" "make_unix.sh"))))- (replace 'check- (lambda _- (zero? (system* "python" "scripts/test.py"))))- (replace 'install- (lambda* (#:key outputs #:allow-other-keys)- (let ((bin (string-append (assoc-ref outputs "out") "/bin")))- (mkdir-p bin)- (install-file "bam" bin)- #t))))))+ (delete 'configure)))) (native-inputs `(("python" ,python-2)))+ (inputs+ `(("lua" ,lua))) (home-page "https://matricks.github.io/bam/") (synopsis "Fast and flexible build system") (description "Bam is a fast and flexible build system. Bam uses Lua to-- 2.19.1
From 3aa13808d20fcf2eea585c85b96e8f6b1f5fe292 Mon Sep 17 00:00:00 2001From: Alex Vong <alexvong1995@gmail.com>Date: Mon, 12 Nov 2018 02:42:25 +0800Subject: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
* gnu/packages/games.scm (teeworlds): Update to 0.7.0.[source]: Switch to git-fetch. Remove all bundled libraries except md5.[arguments]: Adjust accordingly.[inputs]: Use sdl2 instead of sdl and python-wrapper instead of python-2.Add json-parser and pnglite.* gnu/packages/patches/teeworlds-use-latest-wavpack.patch: Update it.--- gnu/packages/games.scm | 116 ++++++++++++------ .../teeworlds-use-latest-wavpack.patch | 72 ++++++++--- 2 files changed, 136 insertions(+), 52 deletions(-)
Toggle diff (205 lines)diff --git a/gnu/packages/games.scm b/gnu/packages/games.scmindex 3679aa09c..a1a571c51 100644--- a/gnu/packages/games.scm+++ b/gnu/packages/games.scm@@ -35,6 +35,7 @@ ;;; Copyright © 2018 Tim Gesthuizen <tim.gesthuizen@yahoo.de> ;;; Copyright © 2018 Madalin Ionel-Patrascu <madalinionel.patrascu@mdc-berlin.de> ;;; Copyright © 2018 Benjamin Slade <slade@jnanam.net>+;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;;@@ -4139,31 +4140,54 @@ small robot living in the nano world, repair its maker.") (define-public teeworlds (package (name "teeworlds")- (version "0.6.4")+ (version "0.7.0") (source (origin- (method url-fetch)- (uri (string-append "https://github.com/teeworlds/teeworlds/"- "archive/" version "-release.tar.gz"))- (file-name (string-append name "-" version ".tar.gz"))+ ;; do not use auto-generated tarballs+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/teeworlds/teeworlds.git")+ (commit version)))+ (file-name (git-file-name name version)) (sha256 (base32- "1mqhp6xjl75l49050cid36wxyjn1qr0vjx1c709dfg1lkvmgs6l3"))- (modules '((guix build utils)))- (snippet- '(begin- (for-each delete-file-recursively- '("src/engine/external/wavpack/"- "src/engine/external/zlib/"))+ "0jigg2yikihbivzs7hpljr0mghx1l9v4f1cdr8fbmqv2wb51ah8q"))+ (modules '((guix build utils)+ (ice-9 ftw)+ (ice-9 regex)+ (srfi srfi-1)+ (srfi srfi-26)))+ (snippet ; remove bundled libraries except md5+ '(let ((base-dir "src/engine/external/"))+ (for-each (compose (cut delete-file-recursively <>)+ (cut string-append base-dir <>))+ (remove (cut string-match "(^.)|(^md5$)" <>)+ (scandir base-dir))) #t)) (patches (search-patches "teeworlds-use-latest-wavpack.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests included+ #:modules ((guix build gnu-build-system)+ (guix build utils)+ (srfi srfi-26)) #:phases (modify-phases %standard-phases (replace 'configure (lambda* (#:key outputs #:allow-other-keys)+ ;; The bundled json-parser uses an old API.+ ;; To use the latest non-bundled version, we need to pass the+ ;; length of the data in all 'json_parse_ex' calls.+ (define (use-latest-json-parser file)+ (substitute* file+ (("engine/external/json-parser/json\\.h")+ "json-parser/json.h")+ (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);")+ "json_parse_ex(&JsonSettings,+ pFileData,+ strlen(pFileData),+ aError);")))+ ;; Embed path to assets. (substitute* "src/engine/shared/storage.cpp" (("#define DATA_DIR.*")@@ -4173,50 +4197,68 @@ small robot living in the nano world, repair its maker.") "\""))) ;; Bam expects all files to have a recent time stamp.- (for-each (lambda (file)- (utime file 1 1))+ (for-each (cut utime <> 1 1) (find-files ".")) ;; Do not use bundled libraries. (substitute* "bam.lua"- (("if config.zlib.value == 1 then")- "if true then")- (("wavpack = .*")- "wavpack = {}-settings.link.libs:Add(\"wavpack\")\n"))+ (("local json = Compile.+$")+ "local json = nil+settings.link.libs:Add(\"jsonparser\")")+ (("local png = Compile.+$")+ "local png = nil+settings.link.libs:Add(\"pnglite\")")+ (("local wavpack = Compile.+$")+ "local wavpack = nil+settings.link.libs:Add(\"wavpack\")")+ (("if config\\.zlib\\.value == 1")+ "if config.zlib.value"))+ (substitute* "src/engine/client/graphics_threaded.cpp"+ (("engine/external/pnglite/pnglite\\.h")+ "pnglite.h")) (substitute* "src/engine/client/sound.cpp"- (("#include <engine/external/wavpack/wavpack.h>")- "#include <wavpack/wavpack.h>"))+ (("engine/external/wavpack/wavpack\\.h")+ "wavpack/wavpack.h"))+ (for-each use-latest-json-parser+ '("src/game/client/components/countryflags.cpp"+ "src/game/client/components/menus_settings.cpp"+ "src/game/client/components/skins.cpp"+ "src/game/client/localization.cpp"+ "src/game/editor/auto_map.h"+ "src/game/editor/editor.cpp")) #t)) (replace 'build (lambda _- (zero? (system* "bam" "-a" "-v" "release"))))+ (invoke "bam" "-a" "-v" "conf=release"))) (replace 'install (lambda* (#:key outputs #:allow-other-keys)- (let* ((out (assoc-ref outputs "out"))- (bin (string-append out "/bin"))- (data (string-append out "/share/teeworlds/data")))- (mkdir-p bin)- (mkdir-p data)- (for-each (lambda (file)- (install-file file bin))- '("teeworlds" "teeworlds_srv"))- (copy-recursively "data" data)+ (let* ((arch ,(system->linux-architecture+ (or (%current-target-system)+ (%current-system))))+ (build (string-append "build/" arch "/release/"))+ (data-built (string-append build "data/"))+ (out (assoc-ref outputs "out"))+ (bin (string-append out "/bin/"))+ (data (string-append out "/share/teeworlds/data/")))+ (for-each (cut install-file <> bin)+ (map (cut string-append build <>)+ '("teeworlds" "teeworlds_srv")))+ (copy-recursively data-built data) #t))))))- ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG- ;; library without a build system. (inputs `(("freetype" ,freetype) ("glu" ,glu)+ ("json-parser" ,json-parser) ("mesa" ,mesa)- ("sdl-union" ,(sdl-union (list sdl- sdl-mixer- sdl-image)))+ ("pnglite" ,pnglite)+ ("sdl2" ,sdl2)+ ("sdl2-image" ,sdl2-image)+ ("sdl2-mixer" ,sdl2-mixer) ("wavpack" ,wavpack) ("zlib" ,zlib))) (native-inputs `(("bam" ,bam)- ("python" ,python-2)+ ("python" ,python-wrapper) ("pkg-config" ,pkg-config))) (home-page "https://www.teeworlds.com") (synopsis "2D retro multiplayer shooter game")diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gnu/packages/patches/teeworlds-use-latest-wavpack.patchindex e9fd99108..3ad1340d2 100644--- a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch+++ b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch@@ -1,10 +1,20 @@-Downloaded from https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/plain/debian/patches/new-wavpack.patch.+Downloaded from https://salsa.debian.org/games-team/teeworlds/raw/master/debian/patches/new-wavpack.patch. -This patch lets us build teeworlds with wavpack 5.1.0.+From: Markus Koschany <apo@debian.org>+Date: Thu, 25 Oct 2018 20:52:27 +0200+Subject: new-wavpack +Make wavpack compatible with Debian's version.+---+ src/engine/client/sound.cpp | 33 +++++++++++++++------------------+ src/engine/client/sound.h | 4 ----+ 2 files changed, 15 insertions(+), 22 deletions(-)++diff --git a/src/engine/client/sound.cpp b/src/engine/client/sound.cpp+index 048ec24..80de3c5 100644 --- a/src/engine/client/sound.cpp +++ b/src/engine/client/sound.cpp-@@ -328,17 +328,14 @@ void CSound::RateConvert(int SampleID)+@@ -325,10 +325,6 @@ void CSound::RateConvert(int SampleID) pSample->m_NumFrames = NumFrames; } @@ -12,10 +22,10 @@ This patch lets us build teeworlds with wavpack 5.1.0. -{ - return io_read(ms_File, pBuffer, Size); -}
--- int CSound::LoadWV(const char *pFilename)+ + ISound::CSampleHandle CSound::LoadWV(const char *pFilename) {- CSample *pSample;+@@ -336,6 +332,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) int SampleID = -1; char aError[100]; WavpackContext *pContext;@@ -24,17 +34,18 @@ This patch lets us build teeworlds with wavpack 5.1.0. // don't waste memory on sound when we are stress testing if(g_Config.m_DbgStress)-@@ -351,19 +348,23 @@ int CSound::LoadWV(const char *pFilename- if(!m_pStorage)- return -1;+@@ -349,25 +347,29 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)+ return CSampleHandle(); + lock_wait(m_SoundLock); - ms_File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL); - if(!ms_File) + File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL, aWholePath, sizeof(aWholePath)); + if(!File) { dbg_msg("sound/wv", "failed to open file. filename='%s'", pFilename);- return -1;+ lock_unlock(m_SoundLock);+ return CSampleHandle(); } + else + {@@ -43,7 +54,14 @@ This patch lets us build teeworlds with wavpack 5.1.0. SampleID = AllocID(); if(SampleID < 0)- return -1;+ {+- io_close(ms_File);+- ms_File = 0;++ io_close(File);++ File = 0;+ lock_unlock(m_SoundLock);+ return CSampleHandle();+ } pSample = &m_aSamples[SampleID]; - pContext = WavpackOpenFileInput(ReadData, aError);@@ -51,7 +69,29 @@ This patch lets us build teeworlds with wavpack 5.1.0. if (pContext) { int m_aSamples = WavpackGetNumSamples(pContext);-@@ -419,9 +420,6 @@ int CSound::LoadWV(const char *pFilename+@@ -385,8 +387,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)+ if(pSample->m_Channels > 2)+ {+ dbg_msg("sound/wv", "file is not mono or stereo. filename='%s'", pFilename);+- io_close(ms_File);+- ms_File = 0;++ io_close(File);++ File = 0;+ lock_unlock(m_SoundLock);+ return CSampleHandle();+ }+@@ -401,8 +403,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)+ if(BitsPerSample != 16)+ {+ dbg_msg("sound/wv", "bps is %d, not 16, filname='%s'", BitsPerSample, pFilename);+- io_close(ms_File);+- ms_File = 0;++ io_close(File);++ File = 0;+ lock_unlock(m_SoundLock);+ return CSampleHandle();+ }+@@ -429,9 +431,6 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError); } @@ -61,14 +101,16 @@ This patch lets us build teeworlds with wavpack 5.1.0. if(g_Config.m_Debug) dbg_msg("sound/wv", "loaded %s", pFilename); -@@ -527,7 +525,5 @@ void CSound::StopAll()- lock_unlock(m_SoundLock);+@@ -560,7 +559,5 @@ bool CSound::IsPlaying(CSampleHandle SampleID)+ return Ret; } -IOHANDLE CSound::ms_File = 0; - IEngineSound *CreateEngineSound() { return new CSound; } +diff --git a/src/engine/client/sound.h b/src/engine/client/sound.h+index ff357c0..cec2cde 100644 --- a/src/engine/client/sound.h +++ b/src/engine/client/sound.h @@ -21,10 +21,6 @@ public:@@ -81,4 +123,4 @@ This patch lets us build teeworlds with wavpack 5.1.0. - virtual bool IsSoundEnabled() { return m_SoundEnabled != 0; } - virtual int LoadWV(const char *pFilename);+ virtual CSampleHandle LoadWV(const char *pFilename);-- 2.19.1
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW+yQSwAKCRBh71Au9gJS8rQJAQDUpO9wIJ3K1NFvTnjVJYmaSK/LQO6GMcTGLY7HHKQWawEAvwWG5AwMiTVzD6oXiHcMpCSH6CpCTdaGMoDE2+rrEQ4==RPHl-----END PGP SIGNATURE-----
A
A
Alex Vong wrote on 21 Nov 2018 15:41
(name . Leo Famulari)(address . leo@famulari.name)
87va4q7at7.fsf@gmail.com
Hello everyone,
I think Leo may be busy since he hasn't reply yet. Should I just pushgiven the CVE fix?
Cheers,Alex
Alex Vong <alexvong1995@gmail.com> writes:
Toggle quote (596 lines)> Leo Famulari <leo@famulari.name> writes:>>> On Wed, Nov 14, 2018 at 09:36:25PM +0800, Alex Vong wrote:>>> Well, I though we have a policy to remove bundle dependencies in order>>> to avoid building the same library many times. Do we make exceptions for>>> shared libraries w/o a build system? (an exception I can think of is>>> gnulib)>>>> In general, yes, our policy is to unbundle things when practical.>>>> But there are some commonly used software implementations of basic>> functions (like base64, sha1 (most hash functions actually), et cetera)>> that are specifically designed to be copied and pasted into the>> application that will be using them.>>>> You can usually tell this is the case because the thing will not have>> any build system at all, like you suggest. Also because you find the>> same copy-pasted code in almost every program you look at, like with>> base64 and the hash functions.>>>>> Besides, the FIXME comment seems to suggest future readers to help>>> remove the bundled pnglite. Debian also removes the bundled pnglite in>>> teeworlds[0].>>>> Well, at a certain point it becomes a matter of taste, and the choice>> should be made by the person doing the work — you! Either way is fine>> for Guix :) The important thing is to get this Teeworlds fix pushed>> without too much delay.>> Yes, we should get it fix fast :) I decide not to unbundle md5 because I> actually need to use a hack to make teeworlds build with libmd. But I> still have pnglite unbundle because it looks standalone enough for me> and no hacks are required to unbundle. Here are the new patches:>> From 5e7cb656306622e88352332c6ed9668d8afc60c4 Mon Sep 17 00:00:00 2001> From: Alex Vong <alexvong1995@gmail.com>> Date: Mon, 12 Nov 2018 01:55:05 +0800> Subject: [PATCH 1/4] gnu: Add pnglite.>> * gnu/packages/image.scm (pnglite): New variable.> ---> gnu/packages/image.scm | 56 ++++++++++++++++++++++++++++++++++++++++++> 1 file changed, 56 insertions(+)>> diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm> index 9bf9bd7e5..6c025e02f 100644> --- a/gnu/packages/image.scm> +++ b/gnu/packages/image.scm> @@ -21,6 +21,7 @@> ;;; Copyright © 2018 Pierre Neidhardt <mail@ambrevar.xyz>> ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>> ;;; Copyright © 2018 Pierre-Antoine Rouby <contact@parouby.fr>> +;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com>> ;;;> ;;; This file is part of GNU Guix.> ;;;> @@ -253,6 +254,61 @@ files. It can compress them as much as 40% losslessly.")> ;; This package used to be wrongfully name "pngcrunch".> (deprecated-package "pngcrunch" pngcrush))> > +(define-public pnglite> + (let ((commit "11695c56f7d7db806920bd9229b69f230e6ffb38")> + (revision "1"))> + (package> + (name "pnglite")> + ;; The project was moved from sourceforge to github.> + ;; The latest version in sourceforge was 0.1.17:> + ;; https://sourceforge.net/projects/pnglite/files/pnglite/> + ;; No releases are made in github.> + (version (git-version "0.1.17" revision commit))> + (source (origin> + (method git-fetch)> + (uri (git-reference> + (url "https://github.com/dankar/pnglite")> + (commit commit)))> + (sha256> + (base32> + "1lmmkdxby5b8z9kx3zrpgpk33njpcf2xx8z9bgqag855sjsqbbby"))> + (file-name (git-file-name name version))))> + (build-system gnu-build-system)> + (arguments> + `(#:tests? #f ; no tests> + #:phases> + (modify-phases %standard-phases> + (delete 'configure)> + (replace 'build> + (lambda _> + ;; common build flags for building shared libraries> + (let ((cflags '("-O2" "-g" "-fPIC"))> + (ldflags '("-shared")))> + (apply invoke> + `("gcc"> + "-o" "libpnglite.so"> + ,@cflags> + ,@ldflags> + "pnglite.c"))> + #t)))> + (replace 'install> + (lambda* (#:key outputs #:allow-other-keys)> + (let* ((out (assoc-ref outputs "out"))> + (lib (string-append out "/lib/"))> + (include (string-append out "/include/"))> + (doc (string-append out "/share/doc/"> + ,name "-" ,version "/")))> + (install-file "libpnglite.so" lib)> + (install-file "pnglite.h" include)> + (install-file "README.md" doc)> + #t))))))> + (inputs `(("zlib" ,zlib)))> + (home-page "https://github.com/dankar/pnglite")> + (synopsis "Pretty small png library")> + (description "A pretty small png library.> +Currently all documentation resides in @file{pnglite.h}.")> + (license license:zlib))))> +> (define-public libjpeg> (package> (name "libjpeg")> -- > 2.19.1>> From e786c6e470a6930af9107e9722bea95a03c5d1c9 Mon Sep 17 00:00:00 2001> From: Alex Vong <alexvong1995@gmail.com>> Date: Mon, 12 Nov 2018 02:23:27 +0800> Subject: [PATCH 2/4] gnu: Add json-parser.>> * gnu/packages/web.scm (json-parser): New variable.> ---> gnu/packages/web.scm | 32 ++++++++++++++++++++++++++++++++> 1 file changed, 32 insertions(+)>> diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm> index 03deab422..cde3d00c1 100644> --- a/gnu/packages/web.scm> +++ b/gnu/packages/web.scm> @@ -28,6 +28,7 @@> ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>> ;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>> ;;; Copyright © 2018 Mădălin Ionel Patrașcu <madalinionel.patrascu@mdc-berlin.de>> +;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com>> ;;;> ;;; This file is part of GNU Guix.> ;;;> @@ -582,6 +583,37 @@ It aims to conform to RFC 7159.")> (("-Werror") ""))> #t))))))> > +(define-public json-parser> + (package> + (name "json-parser")> + (version "1.1.0")> + (source (origin> + ;; do not use auto-generated tarballs> + (method git-fetch)> + (uri (git-reference> + (url "https://github.com/udp/json-parser.git")> + (commit (string-append "v" version))))> + (file-name (git-file-name name version))> + (sha256> + (base32> + "1ls7z4fx0sq633s5bc0j1gh36sv087gmrgr7rza22wjq2d4606yf"))))> + ;; FIXME: we should build the python bindings in a separate package> + (build-system gnu-build-system)> + ;; the tests are written for the python bindings which are not built here> + (arguments '(#:tests? #f))> + (home-page "https://github.com/udp/json-parser")> + (synopsis "JSON parser written in ANSI C")> + (description "This package provides a very low footprint JSON parser> +written in portable ANSI C.> +> +@itemize> +@item BSD licensed with no dependencies (i.e. just drop the C file into your> +project)> +@item Never recurses or allocates more memory than it needs> +@item Very simple API with operator sugar for C++> +@end itemize")> + (license l:bsd-2)))> +> (define-public qjson> (package> (name "qjson")> -- > 2.19.1>> From b1cdc9568f8d82ed7096328d0b3845fc32b4efe8 Mon Sep 17 00:00:00 2001> From: Alex Vong <alexvong1995@gmail.com>> Date: Thu, 8 Nov 2018 10:53:43 +0800> Subject: [PATCH 3/4] gnu: bam: Update to 0.5.1.>> * gnu/packages/build-tools.scm (bam): Update to 0.5.1.> [source]: Switch to git-fetch.> [arguments]: Use newly provided Makefile.> [inputs]: Add lua.> ---> gnu/packages/build-tools.scm | 37 ++++++++++++++++++------------------> 1 file changed, 18 insertions(+), 19 deletions(-)>> diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm> index 42de56f8c..a52ee480a 100644> --- a/gnu/packages/build-tools.scm> +++ b/gnu/packages/build-tools.scm> @@ -5,6 +5,7 @@> ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>> ;;; Copyright © 2018 Tomáš Čech <sleep_walker@gnu.org>> ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>> +;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com>> ;;;> ;;; This file is part of GNU Guix.> ;;;> @@ -30,6 +31,7 @@> #:use-module (guix build-system cmake)> #:use-module (gnu packages)> #:use-module (gnu packages compression)> + #:use-module (gnu packages lua)> #:use-module (gnu packages python)> #:use-module (gnu packages python-crypto)> #:use-module (gnu packages python-web)> @@ -40,33 +42,30 @@> (define-public bam> (package> (name "bam")> - (version "0.4.0")> + (version "0.5.1")> (source (origin> - (method url-fetch)> - (uri (string-append "http://github.com/downloads/matricks/"> - "bam/bam-" version ".tar.bz2"))> + ;; do not use auto-generated tarballs> + (method git-fetch)> + (uri (git-reference> + (url "https://github.com/matricks/bam.git")> + (commit (string-append "v" version))))> + (file-name (git-file-name name version))> (sha256> (base32> - "0z90wvyd4nfl7mybdrv9dsd4caaikc6fxw801b72gqi1m9q0c0sn"))))> + "13br735ig7lygvzyfd15fc2rdygrqm503j6xj5xkrl1r7w2wipq6"))))> (build-system gnu-build-system)> (arguments> - `(#:phases> + `(#:make-flags `("CC=gcc"> + ,(string-append "INSTALL_PREFIX="> + (assoc-ref %outputs "out")))> + #:test-target "test"> + #:phases> (modify-phases %standard-phases> - (delete 'configure)> - (replace 'build> - (lambda _> - (zero? (system* "bash" "make_unix.sh"))))> - (replace 'check> - (lambda _> - (zero? (system* "python" "scripts/test.py"))))> - (replace 'install> - (lambda* (#:key outputs #:allow-other-keys)> - (let ((bin (string-append (assoc-ref outputs "out") "/bin")))> - (mkdir-p bin)> - (install-file "bam" bin)> - #t))))))> + (delete 'configure))))> (native-inputs> `(("python" ,python-2)))> + (inputs> + `(("lua" ,lua)))> (home-page "https://matricks.github.io/bam/")> (synopsis "Fast and flexible build system")> (description "Bam is a fast and flexible build system. Bam uses Lua to> -- > 2.19.1>> From 3aa13808d20fcf2eea585c85b96e8f6b1f5fe292 Mon Sep 17 00:00:00 2001> From: Alex Vong <alexvong1995@gmail.com>> Date: Mon, 12 Nov 2018 02:42:25 +0800> Subject: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].>> * gnu/packages/games.scm (teeworlds): Update to 0.7.0.> [source]: Switch to git-fetch. Remove all bundled libraries except md5.> [arguments]: Adjust accordingly.> [inputs]: Use sdl2 instead of sdl and python-wrapper instead of python-2.> Add json-parser and pnglite.> * gnu/packages/patches/teeworlds-use-latest-wavpack.patch: Update it.> ---> gnu/packages/games.scm | 116 ++++++++++++------> .../teeworlds-use-latest-wavpack.patch | 72 ++++++++---> 2 files changed, 136 insertions(+), 52 deletions(-)>> diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm> index 3679aa09c..a1a571c51 100644> --- a/gnu/packages/games.scm> +++ b/gnu/packages/games.scm> @@ -35,6 +35,7 @@> ;;; Copyright © 2018 Tim Gesthuizen <tim.gesthuizen@yahoo.de>> ;;; Copyright © 2018 Madalin Ionel-Patrascu <madalinionel.patrascu@mdc-berlin.de>> ;;; Copyright © 2018 Benjamin Slade <slade@jnanam.net>> +;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com>> ;;;> ;;; This file is part of GNU Guix.> ;;;> @@ -4139,31 +4140,54 @@ small robot living in the nano world, repair its maker.")> (define-public teeworlds> (package> (name "teeworlds")> - (version "0.6.4")> + (version "0.7.0")> (source (origin> - (method url-fetch)> - (uri (string-append "https://github.com/teeworlds/teeworlds/"> - "archive/" version "-release.tar.gz"))> - (file-name (string-append name "-" version ".tar.gz"))> + ;; do not use auto-generated tarballs> + (method git-fetch)> + (uri (git-reference> + (url "https://github.com/teeworlds/teeworlds.git")> + (commit version)))> + (file-name (git-file-name name version))> (sha256> (base32> - "1mqhp6xjl75l49050cid36wxyjn1qr0vjx1c709dfg1lkvmgs6l3"))> - (modules '((guix build utils)))> - (snippet> - '(begin> - (for-each delete-file-recursively> - '("src/engine/external/wavpack/"> - "src/engine/external/zlib/"))> + "0jigg2yikihbivzs7hpljr0mghx1l9v4f1cdr8fbmqv2wb51ah8q"))> + (modules '((guix build utils)> + (ice-9 ftw)> + (ice-9 regex)> + (srfi srfi-1)> + (srfi srfi-26)))> + (snippet ; remove bundled libraries except md5> + '(let ((base-dir "src/engine/external/"))> + (for-each (compose (cut delete-file-recursively <>)> + (cut string-append base-dir <>))> + (remove (cut string-match "(^.)|(^md5$)" <>)> + (scandir base-dir)))> #t))> (patches> (search-patches "teeworlds-use-latest-wavpack.patch"))))> (build-system gnu-build-system)> (arguments> `(#:tests? #f ; no tests included> + #:modules ((guix build gnu-build-system)> + (guix build utils)> + (srfi srfi-26))> #:phases> (modify-phases %standard-phases> (replace 'configure> (lambda* (#:key outputs #:allow-other-keys)> + ;; The bundled json-parser uses an old API.> + ;; To use the latest non-bundled version, we need to pass the> + ;; length of the data in all 'json_parse_ex' calls.> + (define (use-latest-json-parser file)> + (substitute* file> + (("engine/external/json-parser/json\\.h")> + "json-parser/json.h")> + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);")> + "json_parse_ex(&JsonSettings,> + pFileData,> + strlen(pFileData),> + aError);")))> +> ;; Embed path to assets.> (substitute* "src/engine/shared/storage.cpp"> (("#define DATA_DIR.*")> @@ -4173,50 +4197,68 @@ small robot living in the nano world, repair its maker.")> "\"")))> > ;; Bam expects all files to have a recent time stamp.> - (for-each (lambda (file)> - (utime file 1 1))> + (for-each (cut utime <> 1 1)> (find-files "."))> > ;; Do not use bundled libraries.> (substitute* "bam.lua"> - (("if config.zlib.value == 1 then")> - "if true then")> - (("wavpack = .*")> - "wavpack = {}> -settings.link.libs:Add(\"wavpack\")\n"))> + (("local json = Compile.+$")> + "local json = nil> +settings.link.libs:Add(\"jsonparser\")")> + (("local png = Compile.+$")> + "local png = nil> +settings.link.libs:Add(\"pnglite\")")> + (("local wavpack = Compile.+$")> + "local wavpack = nil> +settings.link.libs:Add(\"wavpack\")")> + (("if config\\.zlib\\.value == 1")> + "if config.zlib.value"))> + (substitute* "src/engine/client/graphics_threaded.cpp"> + (("engine/external/pnglite/pnglite\\.h")> + "pnglite.h"))> (substitute* "src/engine/client/sound.cpp"> - (("#include <engine/external/wavpack/wavpack.h>")> - "#include <wavpack/wavpack.h>"))> + (("engine/external/wavpack/wavpack\\.h")> + "wavpack/wavpack.h"))> + (for-each use-latest-json-parser> + '("src/game/client/components/countryflags.cpp"> + "src/game/client/components/menus_settings.cpp"> + "src/game/client/components/skins.cpp"> + "src/game/client/localization.cpp"> + "src/game/editor/auto_map.h"> + "src/game/editor/editor.cpp"))> #t))> (replace 'build> (lambda _> - (zero? (system* "bam" "-a" "-v" "release"))))> + (invoke "bam" "-a" "-v" "conf=release")))> (replace 'install> (lambda* (#:key outputs #:allow-other-keys)> - (let* ((out (assoc-ref outputs "out"))> - (bin (string-append out "/bin"))> - (data (string-append out "/share/teeworlds/data")))> - (mkdir-p bin)> - (mkdir-p data)> - (for-each (lambda (file)> - (install-file file bin))> - '("teeworlds" "teeworlds_srv"))> - (copy-recursively "data" data)> + (let* ((arch ,(system->linux-architecture> + (or (%current-target-system)> + (%current-system))))> + (build (string-append "build/" arch "/release/"))> + (data-built (string-append build "data/"))> + (out (assoc-ref outputs "out"))> + (bin (string-append out "/bin/"))> + (data (string-append out "/share/teeworlds/data/")))> + (for-each (cut install-file <> bin)> + (map (cut string-append build <>)> + '("teeworlds" "teeworlds_srv")))> + (copy-recursively data-built data)> #t))))))> - ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG> - ;; library without a build system.> (inputs> `(("freetype" ,freetype)> ("glu" ,glu)> + ("json-parser" ,json-parser)> ("mesa" ,mesa)> - ("sdl-union" ,(sdl-union (list sdl> - sdl-mixer> - sdl-image)))> + ("pnglite" ,pnglite)> + ("sdl2" ,sdl2)> + ("sdl2-image" ,sdl2-image)> + ("sdl2-mixer" ,sdl2-mixer)> ("wavpack" ,wavpack)> ("zlib" ,zlib)))> (native-inputs> `(("bam" ,bam)> - ("python" ,python-2)> + ("python" ,python-wrapper)> ("pkg-config" ,pkg-config)))> (home-page "https://www.teeworlds.com")> (synopsis "2D retro multiplayer shooter game")> diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch> index e9fd99108..3ad1340d2 100644> --- a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch> +++ b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch> @@ -1,10 +1,20 @@> -Downloaded from https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/plain/debian/patches/new-wavpack.patch.> +Downloaded from https://salsa.debian.org/games-team/teeworlds/raw/master/debian/patches/new-wavpack.patch.> > -This patch lets us build teeworlds with wavpack 5.1.0.> +From: Markus Koschany <apo@debian.org>> +Date: Thu, 25 Oct 2018 20:52:27 +0200> +Subject: new-wavpack> > +Make wavpack compatible with Debian's version.> +---> + src/engine/client/sound.cpp | 33 +++++++++++++++------------------> + src/engine/client/sound.h | 4 ----> + 2 files changed, 15 insertions(+), 22 deletions(-)> +> +diff --git a/src/engine/client/sound.cpp b/src/engine/client/sound.cpp> +index 048ec24..80de3c5 100644> --- a/src/engine/client/sound.cpp> +++ b/src/engine/client/sound.cpp> -@@ -328,17 +328,14 @@ void CSound::RateConvert(int SampleID)> +@@ -325,10 +325,6 @@ void CSound::RateConvert(int SampleID)> pSample->m_NumFrames = NumFrames;> }> > @@ -12,10 +22,10 @@ This patch lets us build teeworlds with wavpack 5.1.0.> -{> - return io_read(ms_File, pBuffer, Size);> -}> --> - int CSound::LoadWV(const char *pFilename)> + > + ISound::CSampleHandle CSound::LoadWV(const char *pFilename)> {> - CSample *pSample;> +@@ -336,6 +332,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)> int SampleID = -1;> char aError[100];> WavpackContext *pContext;> @@ -24,17 +34,18 @@ This patch lets us build teeworlds with wavpack 5.1.0.> > // don't waste memory on sound when we are stress testing> if(g_Config.m_DbgStress)> -@@ -351,19 +348,23 @@ int CSound::LoadWV(const char *pFilename> - if(!m_pStorage)> - return -1;> +@@ -349,25 +347,29 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)> + return CSampleHandle();> > + lock_wait(m_SoundLock);> - ms_File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL);> - if(!ms_File)> + File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL, aWholePath, sizeof(aWholePath));> + if(!File)> {> dbg_msg("sound/wv", "failed to open file. filename='%s'", pFilename);> - return -1;> + lock_unlock(m_SoundLock);> + return CSampleHandle();> }> + else> + {> @@ -43,7 +54,14 @@ This patch lets us build teeworlds with wavpack 5.1.0.> > SampleID = AllocID();> if(SampleID < 0)> - return -1;> + {> +- io_close(ms_File);> +- ms_File = 0;> ++ io_close(File);> ++ File = 0;> + lock_unlock(m_SoundLock);> + return CSampleHandle();> + }> pSample = &m_aSamples[SampleID];> > - pContext = WavpackOpenFileInput(ReadData, aError);> @@ -51,7 +69,29 @@ This patch lets us build teeworlds with wavpack 5.1.0.> if (pContext)> {> int m_aSamples = WavpackGetNumSamples(pContext);> -@@ -419,9 +420,6 @@ int CSound::LoadWV(const char *pFilename> +@@ -385,8 +387,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)> + if(pSample->m_Channels > 2)> + {> + dbg_msg("sound/wv", "file is not mono or stereo. filename='%s'", pFilename);> +- io_close(ms_File);> +- ms_File = 0;> ++ io_close(File);> ++ File = 0;> + lock_unlock(m_SoundLock);> + return CSampleHandle();> + }> +@@ -401,8 +403,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)> + if(BitsPerSample != 16)> + {> + dbg_msg("sound/wv", "bps is %d, not 16, filname='%s'", BitsPerSample, pFilename);> +- io_close(ms_File);> +- ms_File = 0;> ++ io_close(File);> ++ File = 0;> + lock_unlock(m_SoundLock);> + return CSampleHandle();> + }> +@@ -429,9 +431,6 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename)> dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError);> }> > @@ -61,14 +101,16 @@ This patch lets us build teeworlds with wavpack 5.1.0.> if(g_Config.m_Debug)> dbg_msg("sound/wv", "loaded %s", pFilename);> > -@@ -527,7 +525,5 @@ void CSound::StopAll()> - lock_unlock(m_SoundLock);> +@@ -560,7 +559,5 @@ bool CSound::IsPlaying(CSampleHandle SampleID)> + return Ret;> }> > -IOHANDLE CSound::ms_File = 0;> -> IEngineSound *CreateEngineSound() { return new CSound; }> > +diff --git a/src/engine/client/sound.h b/src/engine/client/sound.h> +index ff357c0..cec2cde 100644> --- a/src/engine/client/sound.h> +++ b/src/engine/client/sound.h> @@ -21,10 +21,6 @@ public:> @@ -81,4 +123,4 @@ This patch lets us build teeworlds with wavpack 5.1.0.> -> virtual bool IsSoundEnabled() { return m_SoundEnabled != 0; }> > - virtual int LoadWV(const char *pFilename);> + virtual CSampleHandle LoadWV(const char *pFilename);
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW/VuhAAKCRBh71Au9gJS8i8EAQDF5p9V/DxO5YEJE5L14IEyyFNgDJGfCLPyCXeWR884YwEAlgf7NIM8OxTzR4a3lMGFNjmkQ5ok0uE6GJHQhPvsyA8==qMoM-----END PGP SIGNATURE-----
L
L
Leo Famulari wrote on 21 Nov 2018 17:14
(name . Alex Vong)(address . alexvong1995@gmail.com)
20181121161436.GA18964@jasmine.lan
On Wed, Nov 21, 2018 at 10:41:08PM +0800, Alex Vong wrote:
Toggle quote (3 lines)> I think Leo may be busy since he hasn't reply yet. Should I just push> given the CVE fix?
Yes, please push :)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlv1hGkACgkQJkb6MLrKfwhAKRAAlaGmq/vO95osnKT+SmVPiipJugODrxTSlTYNmPOmOwsXUPWu3Vmo0O7gKPpQzyLiBaQbTideWIpYRHEuHk0x6cI64qLVaBbY4ixDwafVQ3e6/boT3/ayE6CKxtHpoHlB76xs29G72OqUlETAkNUXg60oIfSFggOXRwImLx+PxydC99qZn3OLj/5LMNcysHkRIlZxTF9j0TL9DQ5VWNSreb+/+UKQkwMyNSv+LiYtR1kjSBhcnVjXG6WsFjsuVMQNf+uXs2sVXpWKT1SFUGf+JnESLwnuLMXFPnmDd2ziEFvzL8qnuS4o9IjKENuFiYcMl7mLuD617i26pJLC5MF8Q3mlfRzv6i9a5m1vPS45S2bApHm+2rPWmV299VbXPVUdFTkdxv57k3TWa8rPQWWkeo8mwpPqpsg+Y8fbWskCoVsnRhd7Pbpk0yRyHKUY5SHzEMj/UYZqvnoKpM5G/R83hNOxdaNfOZlqcPrdee+SCAYrZTGMUxRIrCuvkRWjlxdc7EBCJ8JLCC1afalRe84C7mEhdx+SnjQOgQ3J1U0UmQDQdRIF1DppjWKzg5whVEa9G3/INpyV8rrUh7D7GD3judzz3xi3nrX70biQn9AqHVDXjF6buGK7j8YygcQmwPnRNeUPHVcXeE71RT79NGyv6woPepRVaDKuIa6wTDd1PDI==wQ6V-----END PGP SIGNATURE-----

A
A
Alex Vong wrote on 21 Nov 2018 20:51
(address . 33347-done@debbugs.gnu.org)
87k1l66wg8.fsf@gmail.com
Leo Famulari <leo@famulari.name> writes:
Toggle quote (6 lines)> On Wed, Nov 21, 2018 at 10:41:08PM +0800, Alex Vong wrote:>> I think Leo may be busy since he hasn't reply yet. Should I just push>> given the CVE fix?>> Yes, please push :)
Pushed as6e35bad0a9d00f1eb94bb427ad856c219655e95d..f9e5caf9bae93fdafbaa6732b3b4eb45f0126656
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCW/W3NwAKCRBh71Au9gJS8hBuAP98sRGADgxaI2FZLgjuduGg1wzO/l/pWc3ILG8uFtgUfQD/XdrVCyQV6RSiks+PNjFGMlvF2XXOkAOV8YXrLzI8XQQ==HAma-----END PGP SIGNATURE-----
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 33347@debbugs.gnu.org