From patchwork Sun Nov 11 19:09:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alex Vong X-Patchwork-Id: 174 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 65CD716779; Sun, 11 Nov 2018 19:10:21 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI,T_DKIM_INVALID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) by mira.cbaines.net (Postfix) with ESMTPS id 9985516292 for ; Sun, 11 Nov 2018 19:10:20 +0000 (GMT) Received: from localhost ([::1]:43360 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gLv7j-0007EM-V1 for patchwork@mira.cbaines.net; Sun, 11 Nov 2018 14:10:19 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58944) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gLv7a-0007CW-9T for guix-patches@gnu.org; Sun, 11 Nov 2018 14:10:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gLv7W-0003Wg-3w for guix-patches@gnu.org; Sun, 11 Nov 2018 14:10:10 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:42483) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gLv7U-0003Uj-4d for guix-patches@gnu.org; Sun, 11 Nov 2018 14:10:05 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gLv7S-0003tq-7g for guix-patches@gnu.org; Sun, 11 Nov 2018 14:10:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. References: <871s7r3095.fsf@gmail.com> In-Reply-To: <871s7r3095.fsf@gmail.com> Resent-From: Alex Vong Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 11 Nov 2018 19:10:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33347 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch security To: 33347@debbugs.gnu.org Received: via spool by 33347-submit@debbugs.gnu.org id=B33347.154196339214963 (code B ref 33347); Sun, 11 Nov 2018 19:10:02 +0000 Received: (at 33347) by debbugs.gnu.org; 11 Nov 2018 19:09:52 +0000 Received: from localhost ([127.0.0.1]:46740 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv7H-0003tG-0s for submit@debbugs.gnu.org; Sun, 11 Nov 2018 14:09:51 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:46442) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLv7F-0003t2-0E for 33347@debbugs.gnu.org; Sun, 11 Nov 2018 14:09:49 -0500 Received: by mail-pl1-f196.google.com with SMTP id t13so255279ply.13 for <33347@debbugs.gnu.org>; Sun, 11 Nov 2018 11:09:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:user-agent:mime-version; bh=qbvTr7kUOgXgSBFh417RDJtPihCIsde+LVRDEtxc/u8=; b=tqi67m8bKvhlI1oZ75+OASfAgfQRxM3nIVbo62YrjftIv70oA9eG8qbWZ3OVd0ts0R 7JJfNCV8Q7ZI5tvLCuBW5xxkXUxLt3f15gysj/VzYNmOV3rpwo7ZNpyAsEYaLUP8rSs9 VgRNAnlUCpeix+dNl4kvXRj2LmcD1pgHUcopcEO9MkzlBgZMDMn0xH1Muirlor36jt9A Ps/s4ndCAWR2bX47z3L+/KT0vJj5qw6kQV32Z2vdOTNehFAMuEdoDGpy+bcH0k+2QbpI out/3XDmp/lxmqi/ZGZqc3YIS2aIKKFhj6hJcGKYkKRWH52kcZ0KqmjgTw77muWy8lnH fcEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:user-agent :mime-version; bh=qbvTr7kUOgXgSBFh417RDJtPihCIsde+LVRDEtxc/u8=; b=LOeZ4TRlWU3Rwm3Ctb/0nl5lnnDkFt85U+towltm2kBrbwxdvC8mCAINUEIgP8modP ZjNU5arxnn1wK/3cIyCutWC6Wd/vvQXw+0+ysUV9WCX6a5+q70e3+JDnPhB8PnNrQmeg prPWogmktU/tYalmaZ9VWFVZnGu2clI6FdlwZzanWGXao6JmqhEIn8xDtVMGXcffskGz RMyRR+EjQ1m6Uie7CNDAw6cLIu/hJAomsAuNmdGvM8LkVL8niL5wGyYmab0QlJgmUBGF oFruBDckYDXgJ4OIoZ8d3WbA3Z30CMK12zYZ5iwIAHAcQa9aVzoSoHkq/Fw6MJhUHycF 8eOw== X-Gm-Message-State: AGRZ1gIAoXzF/k8kHyMDUz3WMxPw3uq59kfX3YHIm/21mvdQDTPTMKUg KAhcUjBF+ifu+urkQ3DUbt4= X-Google-Smtp-Source: AJdET5d4fVSyuWqSZqf0EujcH4m/DVEXTQKSmDDO4cTgUJzWFfpwSa2vR6zPDNSwROg2nyOmzu4Myg== X-Received: by 2002:a17:902:e201:: with SMTP id ce1-v6mr17337881plb.138.1541963383513; Sun, 11 Nov 2018 11:09:43 -0800 (PST) Received: from debian (1-36-201-233.static.netvigator.com. [1.36.201.233]) by smtp.gmail.com with ESMTPSA id 137-v6sm15118520pfz.103.2018.11.11.11.09.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Nov 2018 11:09:42 -0800 (PST) From: Alex Vong Date: Mon, 12 Nov 2018 03:09:39 +0800 Message-ID: <87k1lj1le4.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: alexvong1995@gmail.com Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches From 340a24167fe00a3ea62804bb97760b8ba3b2f6f8 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Mon, 12 Nov 2018 02:42:25 +0800 Subject: [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541]. * gnu/packages/games.scm (teeworlds): Update to 0.7.0. [source]: Remove all bundled libraries. [arguments]: Adjust accordingly. [inputs]: Use sdl2 instead of sdl and python-wrapper instead of python-2. Add json-parser, libmd and pnglite. * gnu/packages/patches/teeworlds-use-latest-wavpack.patch: Update it. --- gnu/packages/games.scm | 107 ++++++++++++------ .../teeworlds-use-latest-wavpack.patch | 72 +++++++++--- 2 files changed, 129 insertions(+), 50 deletions(-) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index 3679aa09c..8817e4db8 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -35,6 +35,7 @@ ;;; Copyright © 2018 Tim Gesthuizen ;;; Copyright © 2018 Madalin Ionel-Patrascu ;;; Copyright © 2018 Benjamin Slade +;;; Copyright © 2018 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -4139,31 +4140,41 @@ small robot living in the nano world, repair its maker.") (define-public teeworlds (package (name "teeworlds") - (version "0.6.4") + (version "0.7.0") (source (origin (method url-fetch) - (uri (string-append "https://github.com/teeworlds/teeworlds/" - "archive/" version "-release.tar.gz")) + (uri (string-append "https://github.com/teeworlds/teeworlds" + "/archive/" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1mqhp6xjl75l49050cid36wxyjn1qr0vjx1c709dfg1lkvmgs6l3")) + "1ih79qcfc44biiwyhc51gwvkyab4cy5hya9yc2bq8phf899fpz2q")) (modules '((guix build utils))) - (snippet - '(begin - (for-each delete-file-recursively - '("src/engine/external/wavpack/" - "src/engine/external/zlib/")) - #t)) + (snippet ; remove bundled libraries + '(begin (delete-file-recursively "src/engine/external/") + #t)) (patches (search-patches "teeworlds-use-latest-wavpack.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests included + #:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-26)) #:phases (modify-phases %standard-phases (replace 'configure (lambda* (#:key outputs #:allow-other-keys) + (define (use-latest-json-parser file) + (substitute* file + (("engine/external/json-parser/json\\.h") + "json-parser/json.h") + (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);") + "json_parse_ex(&JsonSettings, + pFileData, + strlen(pFileData), + aError);"))) + ;; Embed path to assets. (substitute* "src/engine/shared/storage.cpp" (("#define DATA_DIR.*") @@ -4173,50 +4184,76 @@ small robot living in the nano world, repair its maker.") "\""))) ;; Bam expects all files to have a recent time stamp. - (for-each (lambda (file) - (utime file 1 1)) + (for-each (cut utime <> 1 1) (find-files ".")) ;; Do not use bundled libraries. (substitute* "bam.lua" - (("if config.zlib.value == 1 then") - "if true then") - (("wavpack = .*") - "wavpack = {} -settings.link.libs:Add(\"wavpack\")\n")) + (("local json = Compile.+$") + "local json = nil +settings.link.libs:Add(\"jsonparser\")") + (("local md5 = Compile.+$") + "local md5 = nil +settings.link.libs:Add(\"md\")") + (("local png = Compile.+$") + "local png = nil +settings.link.libs:Add(\"pnglite\")") + (("local wavpack = Compile.+$") + "local wavpack = nil +settings.link.libs:Add(\"wavpack\")") + (("if config\\.zlib\\.value == 1") + "settings.cc.flags:Add(\"-DLIBMD_MD5_ALADDIN\") +if config.zlib.value")) + (substitute* "src/engine/shared/network_token.cpp" + (("engine/external/md5/md5\\.h") + "md5.h")) + (substitute* "src/engine/client/graphics_threaded.cpp" + (("engine/external/pnglite/pnglite\\.h") + "pnglite.h")) (substitute* "src/engine/client/sound.cpp" - (("#include ") - "#include ")) + (("engine/external/wavpack/wavpack\\.h") + "wavpack/wavpack.h")) + (for-each use-latest-json-parser + '("src/game/client/components/countryflags.cpp" + "src/game/client/components/menus_settings.cpp" + "src/game/client/components/skins.cpp" + "src/game/client/localization.cpp" + "src/game/editor/auto_map.h" + "src/game/editor/editor.cpp")) #t)) (replace 'build (lambda _ - (zero? (system* "bam" "-a" "-v" "release")))) + (invoke "bam" "-a" "-v" "conf=release"))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin")) - (data (string-append out "/share/teeworlds/data"))) - (mkdir-p bin) - (mkdir-p data) - (for-each (lambda (file) - (install-file file bin)) - '("teeworlds" "teeworlds_srv")) - (copy-recursively "data" data) + (let* ((arch ,(system->linux-architecture + (or (%current-target-system) + (%current-system)))) + (build (string-append "build/" arch "/release/")) + (data-built (string-append build "data/")) + (out (assoc-ref outputs "out")) + (bin (string-append out "/bin/")) + (data (string-append out "/share/teeworlds/data/"))) + (for-each (cut install-file <> bin) + (map (cut string-append build <>) + '("teeworlds" "teeworlds_srv"))) + (copy-recursively data-built data) #t)))))) - ;; FIXME: teeworlds bundles the sources of "pnglite", a two-file PNG - ;; library without a build system. (inputs `(("freetype" ,freetype) ("glu" ,glu) + ("json-parser" ,json-parser) + ("libmd" ,libmd) ("mesa" ,mesa) - ("sdl-union" ,(sdl-union (list sdl - sdl-mixer - sdl-image))) + ("pnglite" ,pnglite) + ("sdl2" ,sdl2) + ("sdl2-image" ,sdl2-image) + ("sdl2-mixer" ,sdl2-mixer) ("wavpack" ,wavpack) ("zlib" ,zlib))) (native-inputs `(("bam" ,bam) - ("python" ,python-2) + ("python" ,python-wrapper) ("pkg-config" ,pkg-config))) (home-page "https://www.teeworlds.com") (synopsis "2D retro multiplayer shooter game") diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch index e9fd99108..3ad1340d2 100644 --- a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch +++ b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch @@ -1,10 +1,20 @@ -Downloaded from https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/plain/debian/patches/new-wavpack.patch. +Downloaded from https://salsa.debian.org/games-team/teeworlds/raw/master/debian/patches/new-wavpack.patch. -This patch lets us build teeworlds with wavpack 5.1.0. +From: Markus Koschany +Date: Thu, 25 Oct 2018 20:52:27 +0200 +Subject: new-wavpack +Make wavpack compatible with Debian's version. +--- + src/engine/client/sound.cpp | 33 +++++++++++++++------------------ + src/engine/client/sound.h | 4 ---- + 2 files changed, 15 insertions(+), 22 deletions(-) + +diff --git a/src/engine/client/sound.cpp b/src/engine/client/sound.cpp +index 048ec24..80de3c5 100644 --- a/src/engine/client/sound.cpp +++ b/src/engine/client/sound.cpp -@@ -328,17 +328,14 @@ void CSound::RateConvert(int SampleID) +@@ -325,10 +325,6 @@ void CSound::RateConvert(int SampleID) pSample->m_NumFrames = NumFrames; } @@ -12,10 +22,10 @@ This patch lets us build teeworlds with wavpack 5.1.0. -{ - return io_read(ms_File, pBuffer, Size); -} -- - int CSound::LoadWV(const char *pFilename) + + ISound::CSampleHandle CSound::LoadWV(const char *pFilename) { - CSample *pSample; +@@ -336,6 +332,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) int SampleID = -1; char aError[100]; WavpackContext *pContext; @@ -24,17 +34,18 @@ This patch lets us build teeworlds with wavpack 5.1.0. // don't waste memory on sound when we are stress testing if(g_Config.m_DbgStress) -@@ -351,19 +348,23 @@ int CSound::LoadWV(const char *pFilename - if(!m_pStorage) - return -1; +@@ -349,25 +347,29 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) + return CSampleHandle(); + lock_wait(m_SoundLock); - ms_File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL); - if(!ms_File) + File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL, aWholePath, sizeof(aWholePath)); + if(!File) { dbg_msg("sound/wv", "failed to open file. filename='%s'", pFilename); - return -1; + lock_unlock(m_SoundLock); + return CSampleHandle(); } + else + { @@ -43,7 +54,14 @@ This patch lets us build teeworlds with wavpack 5.1.0. SampleID = AllocID(); if(SampleID < 0) - return -1; + { +- io_close(ms_File); +- ms_File = 0; ++ io_close(File); ++ File = 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } pSample = &m_aSamples[SampleID]; - pContext = WavpackOpenFileInput(ReadData, aError); @@ -51,7 +69,29 @@ This patch lets us build teeworlds with wavpack 5.1.0. if (pContext) { int m_aSamples = WavpackGetNumSamples(pContext); -@@ -419,9 +420,6 @@ int CSound::LoadWV(const char *pFilename +@@ -385,8 +387,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) + if(pSample->m_Channels > 2) + { + dbg_msg("sound/wv", "file is not mono or stereo. filename='%s'", pFilename); +- io_close(ms_File); +- ms_File = 0; ++ io_close(File); ++ File = 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } +@@ -401,8 +403,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) + if(BitsPerSample != 16) + { + dbg_msg("sound/wv", "bps is %d, not 16, filname='%s'", BitsPerSample, pFilename); +- io_close(ms_File); +- ms_File = 0; ++ io_close(File); ++ File = 0; + lock_unlock(m_SoundLock); + return CSampleHandle(); + } +@@ -429,9 +431,6 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError); } @@ -61,14 +101,16 @@ This patch lets us build teeworlds with wavpack 5.1.0. if(g_Config.m_Debug) dbg_msg("sound/wv", "loaded %s", pFilename); -@@ -527,7 +525,5 @@ void CSound::StopAll() - lock_unlock(m_SoundLock); +@@ -560,7 +559,5 @@ bool CSound::IsPlaying(CSampleHandle SampleID) + return Ret; } -IOHANDLE CSound::ms_File = 0; - IEngineSound *CreateEngineSound() { return new CSound; } +diff --git a/src/engine/client/sound.h b/src/engine/client/sound.h +index ff357c0..cec2cde 100644 --- a/src/engine/client/sound.h +++ b/src/engine/client/sound.h @@ -21,10 +21,6 @@ public: @@ -81,4 +123,4 @@ This patch lets us build teeworlds with wavpack 5.1.0. - virtual bool IsSoundEnabled() { return m_SoundEnabled != 0; } - virtual int LoadWV(const char *pFilename); + virtual CSampleHandle LoadWV(const char *pFilename); -- 2.19.1