Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nethack for openSUSE:Factory checked in at 2025-01-09 15:09:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nethack (Old) and /work/SRC/openSUSE:Factory/.nethack.new.1881 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nethack" Thu Jan 9 15:09:33 2025 rev:4 rq:1235878 version:3.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/nethack/nethack.changes 2025-01-07 20:54:23.763336227 +0100 +++ /work/SRC/openSUSE:Factory/.nethack.new.1881/nethack.changes 2025-01-09 15:11:21.958079049 +0100 @@ -1,0 +2,56 @@ +Wed Jan 8 09:47:32 UTC 2025 - Thomas Zimmermann <tzimmerm...@suse.com> + +- Add nethack-escape-char.patch: Split off from nethack-misc.patch, + this patch contains a fix for input handling. + +- Add nethack-secure.patch: Improve support for SECURE in recover + utility. Does not affect the game binary. Taken from nethack-misc.patch. + +- Modify nethack-config.patch: When patching Makefiles, also fix the + paths in the documentation to match openSUSE systems. + +- Drop nethack-misc.patch: The patch has been split and its content + moved to other patch files. + +------------------------------------------------------------------- +Wed Jan 8 09:31:10 UTC 2025 - Thomas Zimmermann <tzimmerm...@suse.com> + +- Modify nethack-gzip.patch: Point COMPRESS to /usr/bin/gzip and avoid + the symlink /bin. The top-level /bin directory is supposed to go away. + +------------------------------------------------------------------- +Wed Jan 8 09:18:19 UTC 2025 - Thomas Zimmermann <tzimmerm...@suse.com> + +- Modify nethack-config.patch: The patch enabled building a number of + files for X11, which we don't support. Remove them from the build. + +------------------------------------------------------------------- +Wed Jan 8 09:14:27 UTC 2025 - Thomas Zimmermann <tzimmerm...@suse.com> + +- Drop nethack-syscall.patch: The patch only affects builds with GNOME + support, which we don't do. + +------------------------------------------------------------------- +Wed Jan 8 08:52:02 UTC 2025 - Thomas Zimmermann <tzimmerm...@suse.com> + +- Add nethack-reproducible.patch: Same as reproducible.patch, but + follows patch-nameing conventions. There's now also a short patch + description in the spec file. + +- Drop reproducible.patch: Renamed to nethack-reproducible.patch. + +------------------------------------------------------------------- +Wed Jan 8 08:17:03 UTC 2025 - Thomas Zimmermann <tzimmerm...@suse.com> + +- Modify nethack-syscall.patch: Refresh to account for offset changes. + +- Modify nethack-gzip.patch: Refresh to account for offset changes. + +------------------------------------------------------------------- +Tue Jan 7 17:04:31 UTC 2025 - Thomas Zimmermann <tzimmerm...@suse.com> + +- Modify nethack-config: Enable panic logging. This records serious + errors in the file panic log in the game's state directory. Helps + with debugging. + +------------------------------------------------------------------- Old: ---- nethack-misc.patch nethack-syscall.patch reproducible.patch New: ---- nethack-escape-char.patch nethack-reproducible.patch nethack-secure.patch BETA DEBUG BEGIN: Old: - Add nethack-escape-char.patch: Split off from nethack-misc.patch, this patch contains a fix for input handling. Old: - Drop nethack-syscall.patch: The patch only affects builds with GNOME support, which we don't do. Old: - Add nethack-reproducible.patch: Same as reproducible.patch, but follows patch-nameing conventions. There's now also a short patch BETA DEBUG END: BETA DEBUG BEGIN: New: - Add nethack-escape-char.patch: Split off from nethack-misc.patch, this patch contains a fix for input handling. New: - Add nethack-reproducible.patch: Same as reproducible.patch, but follows patch-nameing conventions. There's now also a short patch New: - Add nethack-secure.patch: Improve support for SECURE in recover utility. Does not affect the game binary. Taken from nethack-misc.patch. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nethack.spec ++++++ --- /var/tmp/diff_new_pack.ZzjZzW/_old 2025-01-09 15:11:23.866158088 +0100 +++ /var/tmp/diff_new_pack.ZzjZzW/_new 2025-01-09 15:11:23.890159082 +0100 @@ -24,17 +24,18 @@ Group: Amusements/Games/RPG URL: http://www.nethack.org/ Source0: nethack-343-src.tar.bz2 -# PATCH-FIX-UPSTREAM nethack-config.patch +# PATCH-FIX-OPENSUSE nethack-config.patch Adapt build to openSUSE systems Patch0: nethack-config.patch -# PATCH-FIX-UPSTREAM nethack-decl.patch +# PATCH-FIX-OPENSUSE nethack-decl.patch Do not redeclare system interfaces Patch1: nethack-decl.patch -# PATCH-FIX-UPSTREAM nethack-misc.patch -Patch2: nethack-misc.patch -# PATCH-FIX-UPSTREAM nethack-syscall.patch -Patch3: nethack-syscall.patch -# PATCH-FIX-UPSTREAM nethack-gzip.patch -Patch5: nethack-gzip.patch -Patch6: reproducible.patch +# PATCH-FIX-OPENSUSE nethack-escape-char.patch +Patch2: nethack-escape-char.patch +# PATCH-FIX-OPENSUSE nethack-secure.patch Handle SECURE in recover utility +Patch3: nethack-secure.patch +# PATCH-FIX-OPENSUSE nethack-gzip.patch Use gzip compression +Patch4: nethack-gzip.patch +# PATCH-FIX-OPENSUSE nethack-reproducible.patch boo#1047218 +Patch5: nethack-reproducible.patch BuildRequires: bison BuildRequires: fdupes BuildRequires: flex @@ -57,8 +58,8 @@ %patch -P1 %patch -P2 %patch -P3 -%patch -P5 -%patch -P6 -p1 +%patch -P4 +%patch -P5 -p1 %build # copy Makefiles and add optimization flags @@ -94,7 +95,7 @@ # game directory install -m 775 -d %{buildroot}%{_localstatedir}/games/nethack/ install -m 775 -d %{buildroot}%{_localstatedir}/games/nethack/save/ -for file in logfile perm record ; do +for file in logfile paniclog perm record ; do touch %{buildroot}%{_localstatedir}/games/nethack/$file chmod 0664 %{buildroot}%{_localstatedir}/games/nethack/$file done @@ -146,6 +147,7 @@ %dir %attr(0770,games,games) %{_localstatedir}/games/nethack %dir %attr(0770,games,games) %{_localstatedir}/games/nethack/save %config(noreplace) %attr(0660,games,games) %{_localstatedir}/games/nethack/logfile +%config(noreplace) %attr(0660,games,games) %{_localstatedir}/games/nethack/paniclog %config(noreplace) %attr(0660,games,games) %{_localstatedir}/games/nethack/record %attr(0660,games,games) %{_localstatedir}/games/nethack/perm %{_bindir}/nethack ++++++ nethack-config.patch ++++++ --- /var/tmp/diff_new_pack.ZzjZzW/_old 2025-01-09 15:11:24.166170515 +0100 +++ /var/tmp/diff_new_pack.ZzjZzW/_new 2025-01-09 15:11:24.202172006 +0100 @@ -69,20 +69,11 @@ SHELLDIR = $(PREFIX)/games # per discussion in Install.X11 and Install.Qt -@@ -48,7 +48,7 @@ VARDATND = - # for BeOS - # VARDATND = beostiles - # for Gnome --# VARDATND = x11tiles pet_mark.xbm rip.xpm mapbg.xpm -+VARDATND = x11tiles pet_mark.xbm rip.xpm mapbg.xpm - - VARDATD = data oracles options quest.dat rumors - VARDAT = $(VARDATD) $(VARDATND) Index: include/config.h =================================================================== --- include/config.h.orig +++ include/config.h -@@ -143,16 +143,16 @@ +@@ -143,10 +143,10 @@ #ifndef WIZARD /* allow for compile-time or Makefile changes */ # ifndef KR1ED @@ -95,13 +86,6 @@ # endif #endif - #define LOGFILE "logfile" /* larger file for debugging purposes */ - #define NEWS "news" /* the file containing the latest hack news */ --#define PANICLOG "paniclog" /* log of panic and impossible events */ -+/* #define PANICLOG "paniclog" */ /* log of panic and impossible events */ - - /* - * If COMPRESS is defined, it should contain the full path name of your @@ -185,7 +185,7 @@ * a tar-like file, thus making a neater installation. See *conf.h * for detailed configuration. @@ -197,4 +181,26 @@ MAXNROFPLAYERS=4 # Since Nethack.ad is installed in HACKDIR, add it to XUSERFILESEARCHPATH +Index: doc/nethack.6 +=================================================================== +--- doc/nethack.6.orig ++++ doc/nethack.6 +@@ -197,7 +197,7 @@ option, which must be the first argument + supplies a directory which is to serve as the playground. + It overrides the value from NETHACKDIR, HACKDIR, + or the directory specified by the game administrator during compilation +-(usually /usr/games/lib/nethackdir). ++(usually /usr/share/games/nethack). + This option is usually only useful to the game administrator. + The playground must contain several auxiliary files such as help files, + the list of top scorers, and a subdirectory +@@ -283,7 +283,7 @@ MAIL Mailbox file. + .br + MAILREADER Replacement for default reader + .br +- (probably /bin/mail or /usr/ucb/mail). ++ (probably /usr/bin/mail). + .br + NETHACKDIR Playground. + .br ++++++ nethack-escape-char.patch ++++++ Index: src/cmd.c =================================================================== --- src/cmd.c.orig +++ src/cmd.c @@ -2443,6 +2443,16 @@ readchar() readchar_queue = click_to_cmd(x, y, mod); sym = *readchar_queue++; } + + if(sym == 27) { /* ESC (generated by Alt-key) */ +#ifdef REDO + sym = in_doagain ? Getchar() : nh_poskey(&x, &y, &mod); +#else + sym = Getchar(); +#endif + sym |= 0x80; + } + return((char) sym); } ++++++ nethack-gzip.patch ++++++ --- /var/tmp/diff_new_pack.ZzjZzW/_old 2025-01-09 15:11:24.546186257 +0100 +++ /var/tmp/diff_new_pack.ZzjZzW/_new 2025-01-09 15:11:24.574187416 +0100 @@ -1,7 +1,8 @@ -diff -ru nethack-3.4.0.orig/include/config.h nethack-3.4.0/include/config.h ---- include/config.h 2002-03-21 00:42:43.000000000 +0100 -+++ include/config.h 2003-02-27 15:38:23.000000000 +0100 -@@ -163,11 +163,11 @@ +Index: include/config.h +=================================================================== +--- include/config.h.orig ++++ include/config.h +@@ -169,11 +169,11 @@ #ifdef UNIX /* path and file name extension for compression program */ @@ -12,7 +13,7 @@ /* An example of one alternative you might want to use: */ -/* #define COMPRESS "/usr/local/bin/gzip" */ /* FSF gzip compression */ -/* #define COMPRESS_EXTENSION ".gz" */ /* normal gzip extension */ -+#define COMPRESS "/bin/gzip" /* FSF gzip compression */ ++#define COMPRESS "/usr/bin/gzip" /* FSF gzip compression */ +#define COMPRESS_EXTENSION ".gz" /* normal gzip extension */ #endif ++++++ nethack-reproducible.patch ++++++ Author: Bernhard M. Wiedemann <bwiedemann suse de> Date; 2019-08-08 Do not add build date into binary to make package build reproducible https://bugzilla.opensuse.org/show_bug.cgi?id=1047218 It might be possible to upstream a variant of this patch. Without this patch, we got such a diff: /usr/lib/nethack/nethack.tty differs in ELF section .rodata 178a20 556e6978 204e6574 4861636b 20566572 Unix NetHack Ver 178a30 73696f6e 20332e34 2e33202d 206c6173 sion 3.4.3 - las - 178a40 74206275 696c6420 54687520 41756720 t build Thu Aug - 178a50 20382030 373a3133 3a323520 32303139 8 07:13:25 2019 + 178a40 74206275 696c6420 53617420 53657020 t build Sat Sep + 178a50 20392032 303a3239 3a343120 32303334 9 20:29:41 2034 178a60 1b293000 1b285500 1b284200 243c3530 .)0..(U..(B.$<50 Index: nethack-3.4.3/util/makedefs.c =================================================================== --- nethack-3.4.3.orig/util/makedefs.c +++ nethack-3.4.3/util/makedefs.c @@ -563,7 +563,7 @@ do_date() (void) time(&clocktim); Strcpy(cbuf, ctime(&clocktim)); #else - (void) time((time_t *)&clocktim); + //(void) time((time_t *)&clocktim); Strcpy(cbuf, ctime((time_t *)&clocktim)); #endif for (c = cbuf; *c; c++) if (*c == '\n') break; ++++++ nethack-secure.patch ++++++ Index: util/recover.c =================================================================== --- util/recover.c.orig +++ util/recover.c @@ -16,6 +16,12 @@ #include "win32api.h" #endif +#ifdef SECURE +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#endif + #ifdef VMS extern int FDECL(vms_creat, (const char *,unsigned)); extern int FDECL(vms_open, (const char *,int,unsigned)); @@ -107,15 +113,23 @@ char *argv[]; } #if defined(SECURE) && !defined(VMS) if (dir -# ifdef HACKDIR +# ifdef VAR_PLAYGROUND + && strcmp(dir, VAR_PLAYGROUND) +# else +# ifdef HACKDIR && strcmp(dir, HACKDIR) -# endif +# endif +# endif /* VAR_PLAYGROUND */ ) { (void) setgid(getgid()); (void) setuid(getuid()); } #endif /* SECURE && !VMS */ +#ifdef VAR_PLAYGROUND + if (!dir) dir = VAR_PLAYGROUND; +#endif + #ifdef HACKDIR if (!dir) dir = HACKDIR; #endif @@ -158,11 +172,19 @@ int lev; #endif } +#ifdef SECURE +static uid_t save_uid = -1; +#endif + int open_levelfile(lev) int lev; { int fd; +#ifdef SECURE + struct stat level_stat; + uid_t uid; +#endif set_levelfile_name(lev); #if defined(MICRO) || defined(WIN32) || defined(MSDOS) @@ -170,6 +192,21 @@ int lev; #else fd = open(lock, O_RDONLY, 0); #endif + /* Security check: does the user calling recover own the file? */ +#ifdef SECURE + if (fd != -1) { + uid = getuid(); + if (fstat(fd, &level_stat) == -1) { + Fprintf(stderr, "No permission to stat level file %s.\n", lock); + return -1; + } + if (uid != 0 && level_stat.st_uid != uid) { + Fprintf(stderr, "You are not the owner of level file %s.\n", lock); + return -1; + } + save_uid = level_stat.st_uid; + } +#endif return fd; } @@ -183,6 +220,13 @@ create_savefile() #else fd = creat(savename, FCMASK); #endif + +#ifdef SECURE + if (fchown(fd, save_uid, -1) == -1) { + Fprintf(stderr, "could not chown %s to %i!\n", savename, + save_uid); + } +#endif return fd; }
