On Sat, Aug 01, 2020 at 10:32:53AM -0700, Ryan Freeman wrote: > On Sat, Aug 01, 2020 at 03:47:19AM +0000, Brian Callahan wrote: > > Hi ports and Ryan -- > > > > I noticed via Repology that our version of chocolate-doom is > > vulnerable to CVE-2020-14983 [0]. > > > > The simple solution is to update to version 3.0.1, which contains the > > fix [1]. > > > > Doom works here for me. > > Thanks for this, I will look at this in a bit, perfect opportunity > for me to get my changes[1] for DESCR and README in :P > > So please hold tight on this before committing
Well, it is taking me longer to update my laptop than anticipated, and now I need to step away. Apologies, I am good with just getting the CVE taken care of. Thanks! > > [1] https://marc.info/?l=openbsd-ports&m=156418849704190&w=2 > > > > > OK? > > > > ~Brian > > > > [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983 > > [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293 > > > Index: Makefile > > =================================================================== > > RCS file: /cvs/ports/games/chocolate-doom/Makefile,v > > retrieving revision 1.27 > > diff -u -p -r1.27 Makefile > > --- Makefile 12 Jul 2019 20:46:15 -0000 1.27 > > +++ Makefile 1 Aug 2020 03:43:21 -0000 > > @@ -1,10 +1,9 @@ > > # $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $ > > > > COMMENT = portable release of Doom, Heretic, Hexen, and Strife > > -V = 3.0.0 > > +V = 3.0.1 > > DISTNAME = chocolate-doom-${V} > > CATEGORIES = games x11 > > -REVISION = 0 > > > > HOMEPAGE = https://www.chocolate-doom.org/ > > > > Index: distinfo > > =================================================================== > > RCS file: /cvs/ports/games/chocolate-doom/distinfo,v > > retrieving revision 1.9 > > diff -u -p -r1.9 distinfo > > --- distinfo 18 Jan 2018 09:30:58 -0000 1.9 > > +++ distinfo 1 Aug 2020 03:43:21 -0000 > > @@ -1,2 +1,2 @@ > > -SHA256 (chocolate-doom-3.0.0.tar.gz) = > > c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg= > > -SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591 > > +SHA256 (chocolate-doom-3.0.1.tar.gz) = > > 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc= > > +SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985 >