From b74f7f06aceae986878966b92cbada6f91c9617c Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 19 Jan 2020 15:41:32 +0100 Subject: gnu: teeworlds: Update to 0.7.4 [security fixes] This fixes CVE-2019-10877, CVE-2019-10878, and CVE-2019-10879. * gnu/packages/games.scm (teeworlds): Update to 0.7.4. [source]: Remove patch. [arguments]: Remove use-latest-json-parser substitution. * gnu/packages/patches/teeworlds-use-latest-wavpack.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/games.scm | 28 +---- .../patches/teeworlds-use-latest-wavpack.patch | 126 --------------------- 3 files changed, 3 insertions(+), 152 deletions(-) delete mode 100644 gnu/packages/patches/teeworlds-use-latest-wavpack.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 286bcb67dd..0af500f029 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1408,7 +1408,6 @@ dist_patch_DATA = \ %D%/packages/patches/tcsh-fix-autotest.patch \ %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ - %D%/packages/patches/teeworlds-use-latest-wavpack.patch \ %D%/packages/patches/texinfo-5-perl-compat.patch \ %D%/packages/patches/texlive-bin-CVE-2018-17407.patch \ %D%/packages/patches/texlive-bin-luatex-poppler-compat.patch \ diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index db3380118e..58d0846404 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -4530,7 +4530,7 @@ small robot living in the nano world, repair its maker.") (define-public teeworlds (package (name "teeworlds") - (version "0.7.2") + (version "0.7.4") (source (origin (method git-fetch) (uri (git-reference @@ -4539,7 +4539,7 @@ small robot living in the nano world, repair its maker.") (file-name (git-file-name name version)) (sha256 (base32 - "15l988qcsqgb6rjais0qd5sd2rjanm2708jmzvkariqzz0d6pb93")) + "1lxdb1k2cdj2421vyz1z0ximzfnpkh2y4y84zpn2gqsa1nzwbryb")) (modules '((guix build utils) (ice-9 ftw) (ice-9 regex) @@ -4551,9 +4551,7 @@ small robot living in the nano world, repair its maker.") (cut string-append base-dir <>)) (remove (cut string-match "(^.)|(^md5$)" <>) (scandir base-dir))) - #t)) - (patches - (search-patches "teeworlds-use-latest-wavpack.patch")))) + #t)))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests included @@ -4564,19 +4562,6 @@ small robot living in the nano world, repair its maker.") (modify-phases %standard-phases (replace 'configure (lambda* (#:key outputs #:allow-other-keys) - ;; The bundled json-parser uses an old API. - ;; To use the latest non-bundled version, we need to pass the - ;; length of the data in all 'json_parse_ex' calls. - (define (use-latest-json-parser file) - (substitute* file - (("engine/external/json-parser/json\\.h") - "json-parser/json.h") - (("json_parse_ex\\(&JsonSettings, pFileData, aError\\);") - "json_parse_ex(&JsonSettings, - pFileData, - strlen(pFileData), - aError);"))) - ;; Embed path to assets. (substitute* "src/engine/shared/storage.cpp" (("#define DATA_DIR.*") @@ -4608,13 +4593,6 @@ settings.link.libs:Add(\"wavpack\")") (substitute* "src/engine/client/sound.cpp" (("engine/external/wavpack/wavpack\\.h") "wavpack/wavpack.h")) - (for-each use-latest-json-parser - '("src/game/client/components/countryflags.cpp" - "src/game/client/components/menus_settings.cpp" - "src/game/client/components/skins.cpp" - "src/game/client/localization.cpp" - "src/game/editor/auto_map.h" - "src/game/editor/editor.cpp")) #t)) (replace 'build (lambda _ diff --git a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch b/gnu/packages/patches/teeworlds-use-latest-wavpack.patch deleted file mode 100644 index 3ad1340d2e..0000000000 --- a/gnu/packages/patches/teeworlds-use-latest-wavpack.patch +++ /dev/null @@ -1,126 +0,0 @@ -Downloaded from https://salsa.debian.org/games-team/teeworlds/raw/master/debian/patches/new-wavpack.patch. - -From: Markus Koschany -Date: Thu, 25 Oct 2018 20:52:27 +0200 -Subject: new-wavpack - -Make wavpack compatible with Debian's version. ---- - src/engine/client/sound.cpp | 33 +++++++++++++++------------------ - src/engine/client/sound.h | 4 ---- - 2 files changed, 15 insertions(+), 22 deletions(-) - -diff --git a/src/engine/client/sound.cpp b/src/engine/client/sound.cpp -index 048ec24..80de3c5 100644 ---- a/src/engine/client/sound.cpp -+++ b/src/engine/client/sound.cpp -@@ -325,10 +325,6 @@ void CSound::RateConvert(int SampleID) - pSample->m_NumFrames = NumFrames; - } - --int CSound::ReadData(void *pBuffer, int Size) --{ -- return io_read(ms_File, pBuffer, Size); --} - - ISound::CSampleHandle CSound::LoadWV(const char *pFilename) - { -@@ -336,6 +332,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) - int SampleID = -1; - char aError[100]; - WavpackContext *pContext; -+ char aWholePath[1024]; -+ IOHANDLE File; - - // don't waste memory on sound when we are stress testing - if(g_Config.m_DbgStress) -@@ -349,25 +347,29 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) - return CSampleHandle(); - - lock_wait(m_SoundLock); -- ms_File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL); -- if(!ms_File) -+ File = m_pStorage->OpenFile(pFilename, IOFLAG_READ, IStorage::TYPE_ALL, aWholePath, sizeof(aWholePath)); -+ if(!File) - { - dbg_msg("sound/wv", "failed to open file. filename='%s'", pFilename); - lock_unlock(m_SoundLock); - return CSampleHandle(); - } -+ else -+ { -+ io_close(File); -+ } - - SampleID = AllocID(); - if(SampleID < 0) - { -- io_close(ms_File); -- ms_File = 0; -+ io_close(File); -+ File = 0; - lock_unlock(m_SoundLock); - return CSampleHandle(); - } - pSample = &m_aSamples[SampleID]; - -- pContext = WavpackOpenFileInput(ReadData, aError); -+ pContext = WavpackOpenFileInput(aWholePath, aError, OPEN_2CH_MAX, 0); - if (pContext) - { - int m_aSamples = WavpackGetNumSamples(pContext); -@@ -385,8 +387,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) - if(pSample->m_Channels > 2) - { - dbg_msg("sound/wv", "file is not mono or stereo. filename='%s'", pFilename); -- io_close(ms_File); -- ms_File = 0; -+ io_close(File); -+ File = 0; - lock_unlock(m_SoundLock); - return CSampleHandle(); - } -@@ -401,8 +403,8 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) - if(BitsPerSample != 16) - { - dbg_msg("sound/wv", "bps is %d, not 16, filname='%s'", BitsPerSample, pFilename); -- io_close(ms_File); -- ms_File = 0; -+ io_close(File); -+ File = 0; - lock_unlock(m_SoundLock); - return CSampleHandle(); - } -@@ -429,9 +431,6 @@ ISound::CSampleHandle CSound::LoadWV(const char *pFilename) - dbg_msg("sound/wv", "failed to open %s: %s", pFilename, aError); - } - -- io_close(ms_File); -- ms_File = NULL; -- - if(g_Config.m_Debug) - dbg_msg("sound/wv", "loaded %s", pFilename); - -@@ -560,7 +559,5 @@ bool CSound::IsPlaying(CSampleHandle SampleID) - return Ret; - } - --IOHANDLE CSound::ms_File = 0; -- - IEngineSound *CreateEngineSound() { return new CSound; } - -diff --git a/src/engine/client/sound.h b/src/engine/client/sound.h -index ff357c0..cec2cde 100644 ---- a/src/engine/client/sound.h -+++ b/src/engine/client/sound.h -@@ -21,10 +21,6 @@ public: - - static void RateConvert(int SampleID); - -- // TODO: Refactor: clean this mess up -- static IOHANDLE ms_File; -- static int ReadData(void *pBuffer, int Size); -- - virtual bool IsSoundEnabled() { return m_SoundEnabled != 0; } - - virtual CSampleHandle LoadWV(const char *pFilename); -- cgit v1.2.3