[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-

From: Alex Vong
Subject: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
Date: Wed, 14 Nov 2018 21:36:25 +0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Leo Famulari <address@hidden> writes:

> On Mon, Nov 12, 2018 at 03:09:39AM +0800, Alex Vong wrote:
>>           (replace 'configure
>>             (lambda* (#:key outputs #:allow-other-keys)
>> +             (define (use-latest-json-parser file)
>> +               (substitute* file
>> +                 (("engine/external/json-parser/json\\.h")
>> +                  "json-parser/json.h")
>> +                 (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);")
>> +                  "json_parse_ex(&JsonSettings,
>> +                                 pFileData,
>> +                                 strlen(pFileData),
>> +                                 aError);")))
>> +
> Please add a code comment explaining this.

>> -    ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG
>> -    ;; library without a build system.
> These sorts of mini-libraries are designed to be copied and pasted into
> host projects rather than packaged on their own. That's why they don't
> include a build system. For example, many cryptographic primitive
> implementations are distributed this way — that's why you never see a
> package for 'SHA256'. Is there a particular reason we should unbundle
> pnglite?

Well, I though we have a policy to remove bundle dependencies in order
to avoid building the same library many times. Do we make exceptions for
shared libraries w/o a build system? (an exception I can think of is

Besides, the FIXME comment seems to suggest future readers to help
remove the bundled pnglite. Debian also removes the bundled pnglite in

Thanks for all the feedback!


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]