[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-
From: |
Alex Vong |
Subject: |
[bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. |
Date: |
Wed, 14 Nov 2018 21:36:25 +0800 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Leo Famulari <address@hidden> writes:
> On Mon, Nov 12, 2018 at 03:09:39AM +0800, Alex Vong wrote:
>> (replace 'configure
>> (lambda* (#:key outputs #:allow-other-keys)
>> + (define (use-latest-json-parser file)
>> + (substitute* file
>> + (("engine/external/json-parser/json\\.h")
>> + "json-parser/json.h")
>> + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);")
>> + "json_parse_ex(&JsonSettings,
>> + pFileData,
>> + strlen(pFileData),
>> + aError);")))
>> +
>
> Please add a code comment explaining this.
>
OK
>> - ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG
>> - ;; library without a build system.
>
> These sorts of mini-libraries are designed to be copied and pasted into
> host projects rather than packaged on their own. That's why they don't
> include a build system. For example, many cryptographic primitive
> implementations are distributed this way — that's why you never see a
> package for 'SHA256'. Is there a particular reason we should unbundle
> pnglite?
Well, I though we have a policy to remove bundle dependencies in order
to avoid building the same library many times. Do we make exceptions for
shared libraries w/o a build system? (an exception I can think of is
gnulib)
Besides, the FIXME comment seems to suggest future readers to help
remove the bundled pnglite. Debian also removes the bundled pnglite in
teeworlds[0].
Thanks for all the feedback!
[0]: https://packages.debian.org/sid/teeworlds
signature.asc
Description: PGP signature
- [bug#33347] [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Alex Vong, 2018/11/11
- [bug#33347] [PATCH 1/4] gnu: Add pnglite., Alex Vong, 2018/11/11
- [bug#33347] [PATCH 2/4] gnu: Add json-parser., Alex Vong, 2018/11/11
- [bug#33347] [PATCH 3/4] gnu: Add json-parser., Alex Vong, 2018/11/11
- [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Alex Vong, 2018/11/11
- [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Leo Famulari, 2018/11/13
- [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].,
Alex Vong <=
- [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Leo Famulari, 2018/11/14
- [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Alex Vong, 2018/11/14
- [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Alex Vong, 2018/11/21
- [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Leo Famulari, 2018/11/21
- bug#33347: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Alex Vong, 2018/11/21
[bug#33347] [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Alex Vong, 2018/11/11
[bug#33347] [PATCH 0/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]., Leo Famulari, 2018/11/13