From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:470:142:3::10]:43144)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iznb9-0003bH-1M
 for guix-patches@gnu.org; Thu, 06 Feb 2020 15:18:04 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iznb8-0005L5-1H
 for guix-patches@gnu.org; Thu, 06 Feb 2020 15:18:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:42561)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1iznb7-0005KB-Th
 for guix-patches@gnu.org; Thu, 06 Feb 2020 15:18:01 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iznb7-0003JP-Nz
 for guix-patches@gnu.org; Thu, 06 Feb 2020 15:18:01 -0500
Subject: [bug#38687] [PATCH] gnu: Add libtcod.
Resent-Message-ID: <handler.38687.B38687.158102022412630@debbugs.gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 06 Feb 2020 20:16:57 +0000
From: goodoldpaul@autistici.org
In-Reply-To: <87muaftj2u.fsf@devup.no>
References: <20191220123739.18081-1-goodoldpaul@autistici.org>
 <875zi6j3c1.fsf@gnu.org> <891e12c54b84a6f4caad6b4c72f1ecba@autistici.org>
 <87muaftj2u.fsf@devup.no>
Message-ID: <cf1f8eea411d55cdb34b52820175022d@autistici.org>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, 38687@debbugs.gnu.org

Hi Marius and Ludo,
I managed to remove all vendored libraries except for glad.h which seems 
to be some kind of generated glue code for loading OpenGL 
(https://github.com/Dav1dde/glad). In the next two patches I'm adding 
libtcod and it's dependency lodepng.

Guix lint is warning me that lodepng could be affected by 
CVE-2019-17178, but taking a look at 
https://nvd.nist.gov/vuln/detail/CVE-2019-17178 and 
https://nvd.nist.gov/vuln/search/results?adv_search=true&cpe_version=cpe%3a%2fa%3alodev%3alodepng%3a2019-09-28 
seems to indicate that lodepng should  be *not* vulnerable since 
28/09/2019, did I understand correctly?

Please don't hesitate and tell me if anything should done w.r.t. the 
CVE.

Thanks for your patience reviewing this,

Giacomo