[PATCH 0/4] [security] Remove allegro-4.

Open

Details

One participant

Nicolas Graves

Owner: unassigned

Submitted by: Nicolas Graves

Severity: normal

Nicolas Graves wrote 2 days ago

Recipients:(address . guix-patches@gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)

Message-ID:20241113084948.19059-1-ngraves@ngraves.fr

This package has a CVE, and its development is not supported upstream

anymore.

Nicolas Graves (4):

gnu: libresprite: Update to 1.1.

gnu: Remove aseprite.

gnu: Remove dumb-allegro4.

gnu: Remove allegro-4.

gnu/packages/game-development.scm | 146 ++++++------------------------

gnu/packages/music.scm | 12 ---

2 files changed, 27 insertions(+), 131 deletions(-)

2.46.0

Nicolas Graves wrote 2 days ago

[PATCH v1 1/4] gnu: libresprite: Update to 1.1.

Recipients:(address . 74335@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)

Message-ID:20241113090506.21471-1-ngraves@ngraves.fr

* gnu/packages/game-development.scm (libresprite): Update to 1.1.
[arguments]: Improve style: use gexps.
[native-inputs]: Improve style: use list.
[inputs]: Improve style: use list.  Add libarchive.  Delete zlib.
Replace tinyxml by tinyxml2.
---
 gnu/packages/game-development.scm | 53 ++++++++++++++++---------------
 1 file changed, 27 insertions(+), 26 deletions(-)

Toggle diff (83 lines)diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 89c6c0b75e..4d3f73c44c 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -66,6 +66,7 @@ (define-module (gnu packages game-development)
   #:use-module (gnu packages assembly)
   #:use-module (gnu packages audio)
   #:use-module (gnu packages autotools)
+  #:use-module (gnu packages backup)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
@@ -1194,7 +1195,7 @@ (define-public aseprite
 (define-public libresprite
   (package
     (name "libresprite")
-    (version "1.0")
+    (version "1.1")
     ;; TODO: Unbundle third party software.
     ;; - duktape is bundled inside the project but it's hard to unbundle:
     ;;   there are many differences from a version to the next and it is not
@@ -1208,34 +1209,34 @@ (define-public libresprite
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "0djbjjh21ahlxzh0b0jp4mpfycam8h9157i4wbxkd618fraadhbp"))))
+                "0i1g730khnb8xj56c07x0b0ni6sx4n8vp3w13yazqx9anj23y856"))))
     (build-system cmake-build-system)
     (arguments
-     '(#:configure-flags
-       (list "-DWITH_WEBP_SUPPORT=1"
-             "-DWITH_DESKTOP_INTEGRATION=1")
-       ;; Tests are unmaintained
-       #:tests? #f))
-    (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     (list #:configure-flags
+           #~(list "-DWITH_WEBP_SUPPORT=1"
+                   "-DWITH_DESKTOP_INTEGRATION=1")
+           ;; Tests are unmaintained
+           #:tests? #f))
+    (native-inputs (list pkg-config))
     (inputs
-     `(("curl" ,curl)
-       ("freetype" ,freetype)
-       ("giflib" ,giflib)
-       ("googletest" ,googletest)
-       ("libjpeg" ,libjpeg-turbo)
-       ("libpng" ,libpng)
-       ("libwebp" ,libwebp)
-       ("libx11" ,libx11)
-       ("libxext" ,libxext)
-       ("libxxf86dga" ,libxxf86dga)
-       ("libxxf86vm" ,libxxf86vm)
-       ("lua" ,lua)                     ; Optional
-       ("pixman" ,pixman)
-       ("sdl2" ,sdl2)
-       ("sdl2-image" ,sdl2-image)
-       ("tinyxml" ,tinyxml)
-       ("zlib" ,zlib)))
+     (list curl
+           freetype
+           giflib
+           googletest
+           libarchive
+           libjpeg-turbo
+           libpng
+           libwebp
+           libx11
+           libxext
+           libxxf86dga
+           libxxf86vm
+           lua  ;optional
+           pixman
+           sdl2
+           sdl2-image
+           tinyxml2
+           zlib))
     (synopsis "Animated sprite editor and pixel art tool")
     (description "LibreSprite is a tool for creating 2D pixel art for video
 games.  In addition to basic pixel editing features, it can assist in the
-- 
2.46.0

Nicolas Graves wrote 2 days ago

[PATCH v1 2/4] gnu: Remove aseprite.

Recipients:(address . 74335@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)

Message-ID:20241113090506.21471-2-ngraves@ngraves.fr

This package is a last GPL2 revision of a package that is now

distributed in a nonfree license. We already have its libre fork in

Guix, and it depends on allegro-4, which has a CVE and which

development is not supported upstream.

* gnu/packages/game-development.scm (aseprite): Delete variable.

---

gnu/packages/game-development.scm | 59 -------------------------------

1 file changed, 59 deletions(-)

Toggle diff (72 lines)diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 4d3f73c44c..0ca08d5149 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -1133,65 +1133,6 @@ (define-public allegro
     (home-page "https://liballeg.org")
     (license license:bsd-3)))
 
-(define-public aseprite
-  (package
-    (name "aseprite")
-    (version "1.1.7") ; After 1.1.7 the source is no longer distributed under the GPL.
-    ;; TODO: Unbundle third party software.
-    (source (origin
-              (method url-fetch/zipbomb)
-              (uri (string-append "https://github.com/aseprite/aseprite"
-                                  "/releases/download/v" version
-                                  "/Aseprite-v" version "-Source.zip"))
-              (sha256
-               (base32
-                "1plss4i1lfxcznv9p0pip1bkhj7ipw7jlhsh5avd6dzw079l4nvv"))))
-    (build-system cmake-build-system)
-    (arguments
-     '(#:configure-flags
-       ;; Use shared libraries instead of building bundled source.
-       (list "-DWITH_WEBP_SUPPORT=1"
-             "-DUSE_SHARED_CURL=1"
-             "-DUSE_SHARED_GIFLIB=1"
-             "-DUSE_SHARED_JPEGLIB=1"
-             "-DUSE_SHARED_ZLIB=1"
-             "-DUSE_SHARED_LIBPNG=1"
-             "-DUSE_SHARED_LIBLOADPNG=1"
-             "-DUSE_SHARED_LIBWEBP=1"
-             "-DUSE_SHARED_TINYXML=1"
-             "-DUSE_SHARED_PIXMAN=1"
-             "-DUSE_SHARED_FREETYPE=1"
-             "-DUSE_SHARED_ALLEGRO4=1"
-             "-DENABLE_UPDATER=0" ; no auto-updates
-             (string-append "-DFREETYPE_INCLUDE_DIR="
-                            (assoc-ref %build-inputs "freetype")
-                            "/include/freetype2"))))
-    (native-inputs
-     (list pkg-config))
-    ;; TODO: Use a patched Allegro 4 that supports window resizing.  This
-    ;; patched version is bundled with Aseprite, but the patches should be
-    ;; extracted and applied on top of a standalone Allegro 4 package.
-    (inputs
-     `(("allegro" ,allegro-4)
-       ("curl" ,curl)
-       ("freetype" ,freetype)
-       ("giflib" ,giflib)
-       ("libjpeg" ,libjpeg-turbo)
-       ("libpng" ,libpng)
-       ("libwebp" ,libwebp)
-       ("libx11" ,libx11)
-       ("libxext" ,libxext)
-       ("libxxf86vm" ,libxxf86vm)
-       ("pixman" ,pixman)
-       ("tinyxml" ,tinyxml)
-       ("zlib" ,zlib)))
-    (synopsis "Animated sprite editor and pixel art tool")
-    (description "Aseprite is a tool for creating 2D pixel art for video
-games.  In addition to basic pixel editing features, Aseprite can assist in
-the creation of animations, tiled graphics, texture atlases, and more.")
-    (home-page "https://www.aseprite.org/")
-    (license license:gpl2+)))
-
 (define-public libresprite
   (package
     (name "libresprite")
-- 
2.46.0

Nicolas Graves wrote 2 days ago

[PATCH v1 3/4] gnu: Remove dumb-allegro4.

Recipients:(address . 74335@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)

Message-ID:20241113090506.21471-3-ngraves@ngraves.fr

This package is leaf package that depends on allegro4, which has a CVE

and which development is not supported upstream anymore.

* gnu/packages/music.scm (dumb-allegro4): Delete variable.

---

gnu/packages/music.scm | 12 ------------

1 file changed, 12 deletions(-)

Toggle diff (32 lines)diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 980bce6b30..aec13b25a4 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -130,7 +130,6 @@ (define-module (gnu packages music)
   #:use-module (gnu packages fonts)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
-  #:use-module (gnu packages game-development)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages ghostscript)
@@ -985,17 +984,6 @@ (define-public dumb
     ;; Therefore, the DUMB license may be considered a free software license.
     (license (license:fsf-free "file://LICENSE"))))
 
-(define-public dumb-allegro4
-  (package
-    (inherit dumb)
-    (name "dumb-allegro4")
-    (arguments
-     (substitute-keyword-arguments (package-arguments dumb)
-       ((#:configure-flags flags)
-        `(cons "-DBUILD_ALLEGRO4=ON" ,(delete "-DBUILD_ALLEGRO4=OFF" flags)))))
-    (inputs
-     (list allegro-4))))
-
 (define-public hydrogen
   (package
     (name "hydrogen")
-- 
2.46.0

Nicolas Graves wrote 2 days ago

[PATCH v1 4/4] gnu: Remove allegro-4.

Recipients:(address . 74335@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)

Message-ID:20241113090506.21471-4-ngraves@ngraves.fr

This package has a CVE and its development is not supported by

upstream anymore.

* gnu/packages/game-development.scm (allegro-4): Delete variable.

---

gnu/packages/game-development.scm | 34 -------------------------------

1 file changed, 34 deletions(-)

Toggle diff (47 lines)diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 0ca08d5149..c854e533f9 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -1058,40 +1058,6 @@ (define-public love-nuklear
     (home-page "https://github.com/keharriso/love-nuklear/")
     (license license:expat)))
 
-(define-public allegro-4
-  (package
-    (name "allegro")
-    (version "4.4.3.1")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/liballeg/allegro5/"
-                                  "releases/download/" version "/allegro-"
-                                  version ".tar.gz"))
-              (sha256
-               (base32
-                "1m6lz35nk07dli26kkwz3wa50jsrxs1kb6w1nj14a911l34xn6gc"))))
-    (build-system cmake-build-system)
-    (arguments
-     '(#:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'patch-build-system
-           (lambda _
-             ;; Build addons as shared libraries.  Trying to set ADDON_LINKAGE
-             ;; via a command line option doesn't work because it is
-             ;; unconditionally clobbered in the build script.
-             (substitute* '("CMakeLists.txt")
-               (("ADDON_LINKAGE STATIC")
-                "ADDON_LINKAGE SHARED")))))))
-    (inputs
-     (list glu libpng libvorbis mesa zlib))
-    (synopsis "Game programming library")
-    (description "Allegro is a library mainly aimed at video game and
-multimedia programming.  It handles common, low-level tasks such as creating
-windows, accepting user input, loading data, drawing images, playing sounds,
-etc.")
-    (home-page "https://liballeg.org")
-    (license license:giftware)))
-
 (define-public allegro
   (package
     (name "allegro")
-- 
2.46.0

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 74335@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 74335

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date