Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock packages ioquake3 (main) and iortcw (contrib). These
versions add backported security fixes from upstream; debdiffs attached.
Please also consider unblocking game-data-packager (contrib). This fixes a
regression in the quake3{,-server} wrapper scripts in v46, which meant
that the ioquake3 engine running in Quake III Arena mode could not see
the native-code game and UI logic built from src:ioquake3; and configures
ioquake3 to prefer the native-code game and UI logic over the older
bytecode versions of the same code found in the proprietary
Quake III Arena data. This lets us fix bugs in that code, and in
particular activates the patch in today's ioquake3 upload that protects
the "allow auto-downloading" option behind an "are you sure?" prompt.
openarena (main) already has a patch matching the one in ioquake3.
(We can't fix bugs in the UI without switching to native-code, because
we have access to the necessary bytecode compiler but it's non-Free,
and the license is sufficiently vague that I don't know whether it's
suitable for Debian non-free.)
Hints are:
unblock ioquake3/1.36+u20161101+dfsg1-2
unblock iortcw/1.50a+dfsg1-3
unblock game-data-packager/49
Thanks,
S
diffstat for iortcw-1.50a+dfsg1 iortcw-1.50a+dfsg1
.gitignore | 14
changelog | 19 +
gbp.conf | 2
patches/debian/Disable-client-side-auto-download-by-default.patch | 4
patches/debian/File-access-methods-prevent-overwriting-DLLs-CVE-201.patch | 8
patches/debian/Remove-support-for-downloading-executable-updates.patch | 2
patches/security/All-Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-.patch | 142 ++++++++++
patches/security/All-Don-t-open-.pk3-files-as-OpenAL-drivers.patch | 57 ++++
patches/security/All-Merge-some-file-writing-extension-checks.patch | 81 +++++
patches/series | 3
10 files changed, 324 insertions(+), 8 deletions(-)
diff -Nru iortcw-1.50a+dfsg1/debian/changelog iortcw-1.50a+dfsg1/debian/changelog
--- iortcw-1.50a+dfsg1/debian/changelog 2017-01-21 20:25:48.000000000 +0000
+++ iortcw-1.50a+dfsg1/debian/changelog 2017-03-14 09:37:19.000000000 +0000
@@ -1,3 +1,22 @@
+iortcw (1.50a+dfsg1-3) unstable; urgency=high
+
+ * d/gbp.conf: switch branch to debian/stretch for updates during freeze
+ * d/patches: Add patches from upstream fixing security vulnerabilities
+ - refuse to load potentially auto-downloadable .pk3 files as
+ iortcw renderers, iortcw game code, libcurl, or OpenAL drivers
+ (mitigation: auto-downloading is off by default, and in Debian
+ we do not dlopen libcurl anyway)
+ - refuse to load default configuration file names from a .pk3 file
+ - protect cl_renderer, cl_curllib, s_aldriver configuration variables so
+ game code cannot set them
+ - refuse to overwrite files other than *.txt with the dump console
+ command
+ - refuse to overwrite files other than *.cfg with the writeconfig
+ console command
+ (Closes: #857714)
+
+ -- Simon McVittie <s...@debian.org> Tue, 14 Mar 2017 09:37:19 +0000
+
iortcw (1.50a+dfsg1-2) unstable; urgency=medium
* Drop unused libspeexdsp-dev build-dependency
diff -Nru iortcw-1.50a+dfsg1/debian/gbp.conf iortcw-1.50a+dfsg1/debian/gbp.conf
--- iortcw-1.50a+dfsg1/debian/gbp.conf 2017-01-21 20:25:48.000000000 +0000
+++ iortcw-1.50a+dfsg1/debian/gbp.conf 2017-03-14 09:37:19.000000000 +0000
@@ -1,5 +1,5 @@
[DEFAULT]
-debian-branch = debian/master
+debian-branch = debian/stretch
upstream-branch = upstream/latest
pristine-tar = True
patch-numbers = False
diff -Nru iortcw-1.50a+dfsg1/debian/.gitignore iortcw-1.50a+dfsg1/debian/.gitignore
--- iortcw-1.50a+dfsg1/debian/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ iortcw-1.50a+dfsg1/debian/.gitignore 2017-03-14 09:37:19.000000000 +0000
@@ -0,0 +1,14 @@
+*.debhelper.log
+*.substvars
+/*.debhelper
+/build/
+/files
+/rtcw/
+/rtcw-common/
+/rtcw-dbg/
+/rtcw-server/
+/scripts/wolfded
+/scripts/wolfmp
+/scripts/wolfsp
+/wolfmp.xpm
+/wolfsp.xpm
diff -Nru iortcw-1.50a+dfsg1/debian/patches/debian/Disable-client-side-auto-download-by-default.patch iortcw-1.50a+dfsg1/debian/patches/debian/Disable-client-side-auto-download-by-default.patch
--- iortcw-1.50a+dfsg1/debian/patches/debian/Disable-client-side-auto-download-by-default.patch 2017-01-21 20:25:48.000000000 +0000
+++ iortcw-1.50a+dfsg1/debian/patches/debian/Disable-client-side-auto-download-by-default.patch 2017-03-14 09:37:19.000000000 +0000
@@ -13,7 +13,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MP/code/client/cl_main.c b/MP/code/client/cl_main.c
-index bbdd4f4..582d905 100644
+index 5023874..28a2f5a 100644
--- a/MP/code/client/cl_main.c
+++ b/MP/code/client/cl_main.c
@@ -4046,7 +4046,7 @@ void CL_Init( void ) {
@@ -23,5 +23,5 @@
- cl_allowDownload = Cvar_Get( "cl_allowDownload", "1", CVAR_ARCHIVE );
+ cl_allowDownload = Cvar_Get( "cl_allowDownload", "0", CVAR_ARCHIVE );
#ifdef USE_CURL_DLOPEN
- cl_cURLLib = Cvar_Get("cl_cURLLib", DEFAULT_CURL_LIB, CVAR_ARCHIVE);
+ cl_cURLLib = Cvar_Get("cl_cURLLib", DEFAULT_CURL_LIB, CVAR_ARCHIVE | CVAR_PROTECTED);
#endif
diff -Nru iortcw-1.50a+dfsg1/debian/patches/debian/File-access-methods-prevent-overwriting-DLLs-CVE-201.patch iortcw-1.50a+dfsg1/debian/patches/debian/File-access-methods-prevent-overwriting-DLLs-CVE-201.patch
--- iortcw-1.50a+dfsg1/debian/patches/debian/File-access-methods-prevent-overwriting-DLLs-CVE-201.patch 2017-01-21 20:25:48.000000000 +0000
+++ iortcw-1.50a+dfsg1/debian/patches/debian/File-access-methods-prevent-overwriting-DLLs-CVE-201.patch 2017-03-14 09:37:19.000000000 +0000
@@ -33,7 +33,7 @@
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/MP/code/qcommon/files.c b/MP/code/qcommon/files.c
-index 603550e..0d71189 100644
+index 3ade653..e303a58 100644
--- a/MP/code/qcommon/files.c
+++ b/MP/code/qcommon/files.c
@@ -687,7 +687,9 @@ fileHandle_t FS_SV_FOpenFileWrite( const char *filename ) {
@@ -58,7 +58,7 @@
if ( FS_CreatePath( ospath ) ) {
return 0;
-@@ -1548,7 +1552,7 @@ int FS_FindVM(void **startSearch, char *found, int foundlen, const char *name, q
+@@ -1554,7 +1558,7 @@ int FS_FindVM(void **startSearch, char *found, int foundlen, const char *name, q
}
}
@@ -67,7 +67,7 @@
// extract the dlls from the mp_bin.pk3 so
// that they can be referenced
if (Q_stricmp(name, "qagame"))
-@@ -1583,7 +1587,7 @@ int FS_FindVM(void **startSearch, char *found, int foundlen, const char *name, q
+@@ -1589,7 +1593,7 @@ int FS_FindVM(void **startSearch, char *found, int foundlen, const char *name, q
// TTimo
// relevant to client only
@@ -77,7 +77,7 @@
==================
FS_CL_ExtractFromPakFile
diff --git a/SP/code/qcommon/files.c b/SP/code/qcommon/files.c
-index 340b105..2f42bff 100644
+index 1215cfe..6d584ef 100644
--- a/SP/code/qcommon/files.c
+++ b/SP/code/qcommon/files.c
@@ -175,6 +175,8 @@ or configs will never get loaded from disk!
diff -Nru iortcw-1.50a+dfsg1/debian/patches/debian/Remove-support-for-downloading-executable-updates.patch iortcw-1.50a+dfsg1/debian/patches/debian/Remove-support-for-downloading-executable-updates.patch
--- iortcw-1.50a+dfsg1/debian/patches/debian/Remove-support-for-downloading-executable-updates.patch 2017-01-21 20:25:48.000000000 +0000
+++ iortcw-1.50a+dfsg1/debian/patches/debian/Remove-support-for-downloading-executable-updates.patch 2017-03-14 09:37:19.000000000 +0000
@@ -14,7 +14,7 @@
3 files changed, 2 insertions(+), 189 deletions(-)
diff --git a/MP/code/client/cl_main.c b/MP/code/client/cl_main.c
-index 582d905..610a673 100644
+index 28a2f5a..e5298b6 100644
--- a/MP/code/client/cl_main.c
+++ b/MP/code/client/cl_main.c
@@ -2199,24 +2199,7 @@ void CL_DownloadsComplete( void ) {
diff -Nru iortcw-1.50a+dfsg1/debian/patches/security/All-Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-.patch iortcw-1.50a+dfsg1/debian/patches/security/All-Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-.patch
--- iortcw-1.50a+dfsg1/debian/patches/security/All-Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-.patch 1970-01-01 01:00:00.000000000 +0100
+++ iortcw-1.50a+dfsg1/debian/patches/security/All-Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-.patch 2017-03-14 09:37:19.000000000 +0000
@@ -0,0 +1,142 @@
+From: MAN-AT-ARMS <m4n4t4...@gmail.com>
+Date: Mon, 13 Mar 2017 19:37:39 -0400
+Subject: All: Don't load .pk3s as .dlls,
+ and don't load user config files from .pk3s
+
+Origin: upstream, 1.51, commit:b6ff2bcb1e4e6976d61e316175c6d7c99860fe20
+Bug-Debian: https://bugs.debian.org/857714
+---
+ MP/code/client/cl_main.c | 4 ++--
+ MP/code/qcommon/files.c | 6 ++++++
+ MP/code/sys/sys_main.c | 7 +++++++
+ SP/code/client/cl_main.c | 4 ++--
+ SP/code/qcommon/files.c | 6 ++++++
+ SP/code/sys/sys_main.c | 7 +++++++
+ 6 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/MP/code/client/cl_main.c b/MP/code/client/cl_main.c
+index bbdd4f4..5023874 100644
+--- a/MP/code/client/cl_main.c
++++ b/MP/code/client/cl_main.c
+@@ -3688,7 +3688,7 @@ void CL_InitRef( void ) {
+ Com_Printf( "----- Initializing Renderer ----\n" );
+
+ #ifdef USE_RENDERER_DLOPEN
+- cl_renderer = Cvar_Get("cl_renderer", "opengl1", CVAR_ARCHIVE | CVAR_LATCH);
++ cl_renderer = Cvar_Get("cl_renderer", "opengl1", CVAR_ARCHIVE | CVAR_LATCH | CVAR_PROTECTED);
+
+ Com_sprintf(dllName, sizeof(dllName), "renderer_mp_%s_" ARCH_STRING DLL_EXT, cl_renderer->string);
+
+@@ -4048,7 +4048,7 @@ void CL_Init( void ) {
+
+ cl_allowDownload = Cvar_Get( "cl_allowDownload", "1", CVAR_ARCHIVE );
+ #ifdef USE_CURL_DLOPEN
+- cl_cURLLib = Cvar_Get("cl_cURLLib", DEFAULT_CURL_LIB, CVAR_ARCHIVE);
++ cl_cURLLib = Cvar_Get("cl_cURLLib", DEFAULT_CURL_LIB, CVAR_ARCHIVE | CVAR_PROTECTED);
+ #endif
+
+ // init autoswitch so the ui will have it correctly even
+diff --git a/MP/code/qcommon/files.c b/MP/code/qcommon/files.c
+index 603550e..3ade653 100644
+--- a/MP/code/qcommon/files.c
++++ b/MP/code/qcommon/files.c
+@@ -1424,12 +1424,18 @@ long FS_FOpenFileRead(const char *filename, fileHandle_t *file, qboolean uniqueF
+ {
+ searchpath_t *search;
+ long len;
++ qboolean isLocalConfig;
+
+ if(!fs_searchpaths)
+ Com_Error(ERR_FATAL, "Filesystem call made without initialization");
+
++ isLocalConfig = !strcmp(filename, "autoexec.cfg") || !strcmp(filename, Q3CONFIG_CFG);
+ for(search = fs_searchpaths; search; search = search->next)
+ {
++ // autoexec.cfg and wolfconfig_mp.cfg can only be loaded outside of pk3 files.
++ if (isLocalConfig && search->pack)
++ continue;
++
+ len = FS_FOpenFileReadDir(filename, search, file, uniqueFILE, qfalse);
+
+ if(file == NULL)
+diff --git a/MP/code/sys/sys_main.c b/MP/code/sys/sys_main.c
+index b4181da..f3dc2e9 100644
+--- a/MP/code/sys/sys_main.c
++++ b/MP/code/sys/sys_main.c
+@@ -499,6 +499,13 @@ from executable path, then fs_basepath.
+ void *Sys_LoadDll(const char *name, qboolean useSystemLib)
+ {
+ void *dllhandle;
++
++ // Don't load any DLLs that end with the pk3 extension
++ if (COM_CompareExtension(name, ".pk3"))
++ {
++ Com_Printf("Rejecting DLL named \"%s\"", name);
++ return NULL;
++ }
+
+ if(useSystemLib)
+ Com_Printf("Trying to load \"%s\"...\n", name);
+diff --git a/SP/code/client/cl_main.c b/SP/code/client/cl_main.c
+index d5f4a44..6306235 100644
+--- a/SP/code/client/cl_main.c
++++ b/SP/code/client/cl_main.c
+@@ -3367,7 +3367,7 @@ void CL_InitRef( void ) {
+ Com_Printf( "----- Initializing Renderer ----\n" );
+
+ #ifdef USE_RENDERER_DLOPEN
+- cl_renderer = Cvar_Get("cl_renderer", "opengl1", CVAR_ARCHIVE | CVAR_LATCH);
++ cl_renderer = Cvar_Get("cl_renderer", "opengl1", CVAR_ARCHIVE | CVAR_LATCH | CVAR_PROTECTED);
+
+ Com_sprintf(dllName, sizeof(dllName), "renderer_sp_%s_" ARCH_STRING DLL_EXT, cl_renderer->string);
+
+@@ -3712,7 +3712,7 @@ void CL_Init( void ) {
+
+ cl_allowDownload = Cvar_Get( "cl_allowDownload", "0", CVAR_ARCHIVE );
+ #ifdef USE_CURL_DLOPEN
+- cl_cURLLib = Cvar_Get("cl_cURLLib", DEFAULT_CURL_LIB, CVAR_ARCHIVE);
++ cl_cURLLib = Cvar_Get("cl_cURLLib", DEFAULT_CURL_LIB, CVAR_ARCHIVE | CVAR_PROTECTED);
+ #endif
+
+ // init autoswitch so the ui will have it correctly even
+diff --git a/SP/code/qcommon/files.c b/SP/code/qcommon/files.c
+index 340b105..1215cfe 100644
+--- a/SP/code/qcommon/files.c
++++ b/SP/code/qcommon/files.c
+@@ -1591,12 +1591,18 @@ long FS_FOpenFileRead(const char *filename, fileHandle_t *file, qboolean uniqueF
+ {
+ searchpath_t *search;
+ long len;
++ qboolean isLocalConfig;
+
+ if(!fs_searchpaths)
+ Com_Error(ERR_FATAL, "Filesystem call made without initialization");
+
++ isLocalConfig = !strcmp(filename, "autoexec.cfg") || !strcmp(filename, Q3CONFIG_CFG);
+ for(search = fs_searchpaths; search; search = search->next)
+ {
++ // autoexec.cfg and wolfconfig.cfg can only be loaded outside of pk3 files.
++ if (isLocalConfig && search->pack)
++ continue;
++
+ len = FS_FOpenFileReadDir(filename, search, file, uniqueFILE, qfalse);
+
+ if(file == NULL)
+diff --git a/SP/code/sys/sys_main.c b/SP/code/sys/sys_main.c
+index d24f402..e591d98 100644
+--- a/SP/code/sys/sys_main.c
++++ b/SP/code/sys/sys_main.c
+@@ -499,6 +499,13 @@ from executable path, then fs_basepath.
+ void *Sys_LoadDll(const char *name, qboolean useSystemLib)
+ {
+ void *dllhandle;
++
++ // Don't load any DLLs that end with the pk3 extension
++ if (COM_CompareExtension(name, ".pk3"))
++ {
++ Com_Printf("Rejecting DLL named \"%s\"", name);
++ return NULL;
++ }
+
+ if(useSystemLib)
+ Com_Printf("Trying to load \"%s\"...\n", name);
diff -Nru iortcw-1.50a+dfsg1/debian/patches/security/All-Don-t-open-.pk3-files-as-OpenAL-drivers.patch iortcw-1.50a+dfsg1/debian/patches/security/All-Don-t-open-.pk3-files-as-OpenAL-drivers.patch
--- iortcw-1.50a+dfsg1/debian/patches/security/All-Don-t-open-.pk3-files-as-OpenAL-drivers.patch 1970-01-01 01:00:00.000000000 +0100
+++ iortcw-1.50a+dfsg1/debian/patches/security/All-Don-t-open-.pk3-files-as-OpenAL-drivers.patch 2017-03-14 09:37:19.000000000 +0000
@@ -0,0 +1,57 @@
+From: MAN-AT-ARMS <m4n4t4...@gmail.com>
+Date: Tue, 14 Mar 2017 03:25:17 -0400
+Subject: All: Don't open .pk3 files as OpenAL drivers
+
+Origin: upstream, 1.51, commit:b248763e4878ef12d5835ece6600be8334f67da1
+Bug-Debian: https://bugs.debian.org/857714
+---
+ MP/code/client/snd_openal.c | 8 +++++++-
+ SP/code/client/snd_openal.c | 8 +++++++-
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/MP/code/client/snd_openal.c b/MP/code/client/snd_openal.c
+index 900dc5e..91a61bc 100644
+--- a/MP/code/client/snd_openal.c
++++ b/MP/code/client/snd_openal.c
+@@ -2618,11 +2618,17 @@ qboolean S_AL_Init( soundInterface_t *si )
+ s_alRolloff = Cvar_Get( "s_alRolloff", "2", CVAR_CHEAT);
+ s_alGraceDistance = Cvar_Get("s_alGraceDistance", "512", CVAR_CHEAT);
+
+- s_alDriver = Cvar_Get( "s_alDriver", ALDRIVER_DEFAULT, CVAR_ARCHIVE | CVAR_LATCH );
++ s_alDriver = Cvar_Get( "s_alDriver", ALDRIVER_DEFAULT, CVAR_ARCHIVE | CVAR_LATCH | CVAR_PROTECTED );
+
+ s_alInputDevice = Cvar_Get( "s_alInputDevice", "", CVAR_ARCHIVE | CVAR_LATCH );
+ s_alDevice = Cvar_Get("s_alDevice", "", CVAR_ARCHIVE | CVAR_LATCH);
+
++ if ( COM_CompareExtension( s_alDriver->string, ".pk3" ) )
++ {
++ Com_Printf( "Rejecting DLL named \"%s\"", s_alDriver->string );
++ return qfalse;
++ }
++
+ // Load QAL
+ if( !QAL_Init( s_alDriver->string ) )
+ {
+diff --git a/SP/code/client/snd_openal.c b/SP/code/client/snd_openal.c
+index 27ea5ed..6e1b34f 100644
+--- a/SP/code/client/snd_openal.c
++++ b/SP/code/client/snd_openal.c
+@@ -2677,11 +2677,17 @@ qboolean S_AL_Init( soundInterface_t *si )
+ s_alGraceDistance = Cvar_Get("s_alGraceDistance", "512", CVAR_ARCHIVE);
+ s_alTalkAnims = Cvar_Get("s_alTalkAnims", "160", CVAR_ARCHIVE);
+
+- s_alDriver = Cvar_Get( "s_alDriver", ALDRIVER_DEFAULT, CVAR_ARCHIVE | CVAR_LATCH );
++ s_alDriver = Cvar_Get( "s_alDriver", ALDRIVER_DEFAULT, CVAR_ARCHIVE | CVAR_LATCH | CVAR_PROTECTED );
+
+ s_alInputDevice = Cvar_Get( "s_alInputDevice", "", CVAR_ARCHIVE | CVAR_LATCH );
+ s_alDevice = Cvar_Get("s_alDevice", "", CVAR_ARCHIVE | CVAR_LATCH);
+
++ if ( COM_CompareExtension( s_alDriver->string, ".pk3" ) )
++ {
++ Com_Printf( "Rejecting DLL named \"%s\"", s_alDriver->string );
++ return qfalse;
++ }
++
+ // Load QAL
+ if( !QAL_Init( s_alDriver->string ) )
+ {
diff -Nru iortcw-1.50a+dfsg1/debian/patches/security/All-Merge-some-file-writing-extension-checks.patch iortcw-1.50a+dfsg1/debian/patches/security/All-Merge-some-file-writing-extension-checks.patch
--- iortcw-1.50a+dfsg1/debian/patches/security/All-Merge-some-file-writing-extension-checks.patch 1970-01-01 01:00:00.000000000 +0100
+++ iortcw-1.50a+dfsg1/debian/patches/security/All-Merge-some-file-writing-extension-checks.patch 2017-03-14 09:37:19.000000000 +0000
@@ -0,0 +1,81 @@
+From: MAN-AT-ARMS <m4n4t4...@gmail.com>
+Date: Tue, 14 Mar 2017 03:26:09 -0400
+Subject: All: Merge some file writing extension checks
+
+Origin: upstream, 1.51, commit:11a83410153756ae350a82ed41b08d128ff7f998
+Bug-Debian: https://bugs.debian.org/857714
+---
+ MP/code/client/cl_console.c | 6 ++++++
+ MP/code/qcommon/common.c | 6 ++++++
+ SP/code/client/cl_console.c | 6 ++++++
+ SP/code/qcommon/common.c | 6 ++++++
+ 4 files changed, 24 insertions(+)
+
+diff --git a/MP/code/client/cl_console.c b/MP/code/client/cl_console.c
+index 795fb11..f4eecda 100644
+--- a/MP/code/client/cl_console.c
++++ b/MP/code/client/cl_console.c
+@@ -227,6 +227,12 @@ void Con_Dump_f( void ) {
+ Q_strncpyz( filename, Cmd_Argv( 1 ), sizeof( filename ) );
+ COM_DefaultExtension( filename, sizeof( filename ), ".txt" );
+
++ if (!COM_CompareExtension(filename, ".txt"))
++ {
++ Com_Printf("Con_Dump_f: Only the \".txt\" extension is supported by this command!\n");
++ return;
++ }
++
+ f = FS_FOpenFileWrite( filename );
+ if ( !f ) {
+ Com_Printf ("ERROR: couldn't open %s.\n", filename);
+diff --git a/MP/code/qcommon/common.c b/MP/code/qcommon/common.c
+index 76547f2..649890e 100644
+--- a/MP/code/qcommon/common.c
++++ b/MP/code/qcommon/common.c
+@@ -3058,6 +3058,12 @@ void Com_WriteConfig_f( void ) {
+ return;
+ }
+
++ if (!COM_CompareExtension(filename, ".cfg"))
++ {
++ Com_Printf("Com_WriteConfig_f: Only the \".cfg\" extension is supported by this command!\n");
++ return;
++ }
++
+ Q_strncpyz( filename, Cmd_Argv( 1 ), sizeof( filename ) );
+ COM_DefaultExtension( filename, sizeof( filename ), ".cfg" );
+ Com_Printf( "Writing %s.\n", filename );
+diff --git a/SP/code/client/cl_console.c b/SP/code/client/cl_console.c
+index ebcb9d7..16739cf 100644
+--- a/SP/code/client/cl_console.c
++++ b/SP/code/client/cl_console.c
+@@ -237,6 +237,12 @@ void Con_Dump_f( void ) {
+ Q_strncpyz( filename, Cmd_Argv( 1 ), sizeof( filename ) );
+ COM_DefaultExtension( filename, sizeof( filename ), ".txt" );
+
++ if (!COM_CompareExtension(filename, ".txt"))
++ {
++ Com_Printf("Con_Dump_f: Only the \".txt\" extension is supported by this command!\n");
++ return;
++ }
++
+ f = FS_FOpenFileWrite( filename );
+ if ( !f ) {
+ Com_Printf ("ERROR: couldn't open %s.\n", filename);
+diff --git a/SP/code/qcommon/common.c b/SP/code/qcommon/common.c
+index 20f871d..5a8a4f7 100644
+--- a/SP/code/qcommon/common.c
++++ b/SP/code/qcommon/common.c
+@@ -2601,6 +2601,12 @@ void Com_WriteConfig_f( void ) {
+ return;
+ }
+
++ if (!COM_CompareExtension(filename, ".cfg"))
++ {
++ Com_Printf("Com_WriteConfig_f: Only the \".cfg\" extension is supported by this command!\n");
++ return;
++ }
++
+ Q_strncpyz( filename, Cmd_Argv( 1 ), sizeof( filename ) );
+ COM_DefaultExtension( filename, sizeof( filename ), ".cfg" );
+ Com_Printf( "Writing %s.\n", filename );
diff -Nru iortcw-1.50a+dfsg1/debian/patches/series iortcw-1.50a+dfsg1/debian/patches/series
--- iortcw-1.50a+dfsg1/debian/patches/series 2017-01-21 20:25:48.000000000 +0000
+++ iortcw-1.50a+dfsg1/debian/patches/series 2017-03-14 09:37:19.000000000 +0000
@@ -1,3 +1,6 @@
+security/All-Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-.patch
+security/All-Don-t-open-.pk3-files-as-OpenAL-drivers.patch
+security/All-Merge-some-file-writing-extension-checks.patch
Don-t-require-.git-index-to-exist.patch
debian/Disable-client-side-auto-download-by-default.patch
debian/File-access-methods-prevent-overwriting-DLLs-CVE-201.patch
diffstat for ioquake3-1.36+u20161101+dfsg1 ioquake3-1.36+u20161101+dfsg1
changelog | 24 +++
gbp.conf | 2
patches/debian/Request-confirmation-if-a-user-enables-auto-downloading.patch | 72 +++++++++
patches/security/Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-file.patch | 76 ++++++++++
patches/security/Don-t-open-.pk3-files-as-OpenAL-drivers.patch | 33 ++++
patches/security/Merge-some-file-writing-extension-checks-from-OpenJK.patch | 50 ++++++
patches/series | 4
7 files changed, 260 insertions(+), 1 deletion(-)
diff -Nru ioquake3-1.36+u20161101+dfsg1/debian/changelog ioquake3-1.36+u20161101+dfsg1/debian/changelog
--- ioquake3-1.36+u20161101+dfsg1/debian/changelog 2016-11-05 19:03:47.000000000 +0000
+++ ioquake3-1.36+u20161101+dfsg1/debian/changelog 2017-03-14 10:14:37.000000000 +0000
@@ -1,3 +1,27 @@
+ioquake3 (1.36+u20161101+dfsg1-2) unstable; urgency=high
+
+ * d/gbp.conf: switch branch to debian/stretch for updates during freeze
+ * d/patches: Add patches from upstream fixing security vulnerabilities
+ - refuse to load potentially auto-downloadable .pk3 files as
+ ioquake3 renderers, ioquake3 game code, libcurl, or OpenAL drivers
+ (mitigation: auto-downloading is off by default, and in Debian
+ we do not dlopen libcurl anyway)
+ - refuse to load default configuration file names from a .pk3 file
+ - protect cl_renderer, cl_curllib, s_aldriver configuration variables so
+ game code cannot set them
+ - refuse to overwrite files other than *.txt with the dump console
+ command
+ - refuse to overwrite files other than *.cfg with the writeconfig
+ console command
+ (Closes: #857699)
+ * Add patch adapted from openarena to request confirmation before
+ enabling auto-downloading if the native-code Quake III Arena UI is
+ in use. Unfortunately this is not the case with quake3_46, but
+ I'm adding this patch in the hope that the wrapper script can
+ be fixed before the stretch release.
+
+ -- Simon McVittie <s...@debian.org> Tue, 14 Mar 2017 10:14:37 +0000
+
ioquake3 (1.36+u20161101+dfsg1-1) unstable; urgency=medium
* New upstream snapshot
diff -Nru ioquake3-1.36+u20161101+dfsg1/debian/gbp.conf ioquake3-1.36+u20161101+dfsg1/debian/gbp.conf
--- ioquake3-1.36+u20161101+dfsg1/debian/gbp.conf 2016-11-05 19:03:47.000000000 +0000
+++ ioquake3-1.36+u20161101+dfsg1/debian/gbp.conf 2017-03-14 10:14:37.000000000 +0000
@@ -1,5 +1,5 @@
[DEFAULT]
-debian-branch = debian/master
+debian-branch = debian/stretch
upstream-branch = upstream/latest
pristine-tar = True
patch-numbers = False
diff -Nru ioquake3-1.36+u20161101+dfsg1/debian/patches/debian/Request-confirmation-if-a-user-enables-auto-downloading.patch ioquake3-1.36+u20161101+dfsg1/debian/patches/debian/Request-confirmation-if-a-user-enables-auto-downloading.patch
--- ioquake3-1.36+u20161101+dfsg1/debian/patches/debian/Request-confirmation-if-a-user-enables-auto-downloading.patch 1970-01-01 01:00:00.000000000 +0100
+++ ioquake3-1.36+u20161101+dfsg1/debian/patches/debian/Request-confirmation-if-a-user-enables-auto-downloading.patch 2017-03-14 10:14:37.000000000 +0000
@@ -0,0 +1,72 @@
+From: Simon McVittie <s...@debian.org>
+Date: Fri, 14 Sep 2012 10:23:06 +0100
+Subject: Request confirmation if a user enables auto-downloading
+
+The Q3 UI toolkit isn't great at large amounts of text, so just point
+to a deb.li link into the Debian wiki.
+
+[Adapted from src:openarena for src:ioquake3]
+
+Origin: vendor, Debian
+Bug-Debian: http://bugs.debian.org/686648
+---
+ code/q3_ui/ui_preferences.c | 38 +++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 37 insertions(+), 1 deletion(-)
+
+diff --git a/code/q3_ui/ui_preferences.c b/code/q3_ui/ui_preferences.c
+index b65728a..58e4c6c 100644
+--- a/code/q3_ui/ui_preferences.c
++++ b/code/q3_ui/ui_preferences.c
+@@ -103,6 +103,39 @@ static void Preferences_SetMenuItems( void ) {
+ s_preferences.allowdownload.curvalue = trap_Cvar_VariableValue( "cl_allowDownload" ) != 0;
+ }
+
++static void AutoDownloadAction( qboolean result )
++{
++ if (result) {
++ trap_Cvar_SetValue( "cl_allowDownload", 1 );
++ } else {
++ trap_Cvar_SetValue( "cl_allowDownload", 0 );
++ }
++ s_preferences.allowdownload.curvalue = result;
++}
++
++static void UI_ConfirmAutoDownload_Draw ( void )
++{
++ UI_DrawProportionalString( SCREEN_WIDTH/2, 356 + PROP_HEIGHT * 0,
++ "WARNING: This is a security risk.",
++ UI_CENTER|UI_SMALLFONT, color_yellow );
++ UI_DrawProportionalString( SCREEN_WIDTH/2, 356 + PROP_HEIGHT * 1,
++ "More information: <http://deb.li/Q3DL>",
++ UI_CENTER|UI_SMALLFONT, color_yellow );
++}
++
++static void UI_ConfirmAutoDownload( void (*action) (qboolean) )
++{
++ if (trap_Cvar_VariableValue( "cl_allowDownload" ) != 0) {
++ /* already set */
++ return;
++ }
++
++ UI_ConfirmMenu_Style(
++ "Auto-download?",
++ UI_CENTER|UI_SMALLFONT,
++ UI_ConfirmAutoDownload_Draw,
++ action);
++}
+
+ static void Preferences_Event( void* ptr, int notification ) {
+ if( notification != QM_ACTIVATED ) {
+@@ -154,8 +187,11 @@ static void Preferences_Event( void* ptr, int notification ) {
+ break;
+
+ case ID_ALLOWDOWNLOAD:
+- trap_Cvar_SetValue( "cl_allowDownload", s_preferences.allowdownload.curvalue );
+ trap_Cvar_SetValue( "sv_allowDownload", s_preferences.allowdownload.curvalue );
++ if ( s_preferences.allowdownload.curvalue )
++ UI_ConfirmAutoDownload( AutoDownloadAction );
++ else
++ trap_Cvar_SetValue( "cl_allowDownload", 0 );
+ break;
+
+ case ID_BACK:
diff -Nru ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-file.patch ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-file.patch
--- ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-file.patch 1970-01-01 01:00:00.000000000 +0100
+++ ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-file.patch 2017-03-14 10:14:37.000000000 +0000
@@ -0,0 +1,76 @@
+From: SmileTheory <smilethe...@gmail.com>
+Date: Mon, 13 Mar 2017 14:14:00 -0700
+Subject: Don't load .pk3s as .dlls,
+ and don't load user config files from .pk3s.
+
+Origin: upstream, 1.37, commit:376267d534476a875d8b9228149c4ee18b74a4fd
+Bug-Debian: https://bugs.debian.org/857699
+---
+ code/client/cl_main.c | 4 ++--
+ code/qcommon/files.c | 6 ++++++
+ code/sys/sys_main.c | 7 +++++++
+ 3 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/code/client/cl_main.c b/code/client/cl_main.c
+index b68d4f9..31dd9ab 100644
+--- a/code/client/cl_main.c
++++ b/code/client/cl_main.c
+@@ -3200,7 +3200,7 @@ void CL_InitRef( void ) {
+ Com_Printf( "----- Initializing Renderer ----\n" );
+
+ #ifdef USE_RENDERER_DLOPEN
+- cl_renderer = Cvar_Get("cl_renderer", "opengl2", CVAR_ARCHIVE | CVAR_LATCH);
++ cl_renderer = Cvar_Get("cl_renderer", "opengl2", CVAR_ARCHIVE | CVAR_LATCH | CVAR_PROTECTED);
+
+ Com_sprintf(dllName, sizeof(dllName), "renderer_%s_" ARCH_STRING DLL_EXT, cl_renderer->string);
+
+@@ -3551,7 +3551,7 @@ void CL_Init( void ) {
+
+ cl_allowDownload = Cvar_Get ("cl_allowDownload", "0", CVAR_ARCHIVE);
+ #ifdef USE_CURL_DLOPEN
+- cl_cURLLib = Cvar_Get("cl_cURLLib", DEFAULT_CURL_LIB, CVAR_ARCHIVE);
++ cl_cURLLib = Cvar_Get("cl_cURLLib", DEFAULT_CURL_LIB, CVAR_ARCHIVE | CVAR_PROTECTED);
+ #endif
+
+ cl_conXOffset = Cvar_Get ("cl_conXOffset", "0", 0);
+diff --git a/code/qcommon/files.c b/code/qcommon/files.c
+index 92a9e40..27f5713 100644
+--- a/code/qcommon/files.c
++++ b/code/qcommon/files.c
+@@ -1364,12 +1364,18 @@ long FS_FOpenFileRead(const char *filename, fileHandle_t *file, qboolean uniqueF
+ {
+ searchpath_t *search;
+ long len;
++ qboolean isLocalConfig;
+
+ if(!fs_searchpaths)
+ Com_Error(ERR_FATAL, "Filesystem call made without initialization");
+
++ isLocalConfig = !strcmp(filename, "autoexec.cfg") || !strcmp(filename, Q3CONFIG_CFG);
+ for(search = fs_searchpaths; search; search = search->next)
+ {
++ // autoexec.cfg and q3config.cfg can only be loaded outside of pk3 files.
++ if (isLocalConfig && search->pack)
++ continue;
++
+ len = FS_FOpenFileReadDir(filename, search, file, uniqueFILE, qfalse);
+
+ if(file == NULL)
+diff --git a/code/sys/sys_main.c b/code/sys/sys_main.c
+index 2ccf302..6d7fe7b 100644
+--- a/code/sys/sys_main.c
++++ b/code/sys/sys_main.c
+@@ -500,6 +500,13 @@ void *Sys_LoadDll(const char *name, qboolean useSystemLib)
+ {
+ void *dllhandle;
+
++ // Don't load any DLLs that end with the pk3 extension
++ if (COM_CompareExtension(name, ".pk3"))
++ {
++ Com_Printf("Rejecting DLL named \"%s\"", name);
++ return NULL;
++ }
++
+ if(useSystemLib)
+ Com_Printf("Trying to load \"%s\"...\n", name);
+
diff -Nru ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Don-t-open-.pk3-files-as-OpenAL-drivers.patch ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Don-t-open-.pk3-files-as-OpenAL-drivers.patch
--- ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Don-t-open-.pk3-files-as-OpenAL-drivers.patch 1970-01-01 01:00:00.000000000 +0100
+++ ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Don-t-open-.pk3-files-as-OpenAL-drivers.patch 2017-03-14 10:14:37.000000000 +0000
@@ -0,0 +1,33 @@
+From: SmileTheory <smilethe...@gmail.com>
+Date: Mon, 13 Mar 2017 20:28:37 -0700
+Subject: Don't open .pk3 files as OpenAL drivers.
+
+Origin: upstream, 1.37, commit:f61fe5f6a0419ef4a88d46a128052f2e8352e85d
+Bug-Debian: https://bugs.debian.org/857699
+---
+ code/client/snd_openal.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/code/client/snd_openal.c b/code/client/snd_openal.c
+index 2a4fb0a..319ea37 100644
+--- a/code/client/snd_openal.c
++++ b/code/client/snd_openal.c
+@@ -2512,11 +2512,17 @@ qboolean S_AL_Init( soundInterface_t *si )
+ s_alRolloff = Cvar_Get( "s_alRolloff", "2", CVAR_CHEAT);
+ s_alGraceDistance = Cvar_Get("s_alGraceDistance", "512", CVAR_CHEAT);
+
+- s_alDriver = Cvar_Get( "s_alDriver", ALDRIVER_DEFAULT, CVAR_ARCHIVE | CVAR_LATCH );
++ s_alDriver = Cvar_Get( "s_alDriver", ALDRIVER_DEFAULT, CVAR_ARCHIVE | CVAR_LATCH | CVAR_PROTECTED );
+
+ s_alInputDevice = Cvar_Get( "s_alInputDevice", "", CVAR_ARCHIVE | CVAR_LATCH );
+ s_alDevice = Cvar_Get("s_alDevice", "", CVAR_ARCHIVE | CVAR_LATCH);
+
++ if ( COM_CompareExtension( s_alDriver->string, ".pk3" ) )
++ {
++ Com_Printf( "Rejecting DLL named \"%s\"", s_alDriver->string );
++ return qfalse;
++ }
++
+ // Load QAL
+ if( !QAL_Init( s_alDriver->string ) )
+ {
diff -Nru ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Merge-some-file-writing-extension-checks-from-OpenJK.patch ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Merge-some-file-writing-extension-checks-from-OpenJK.patch
--- ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Merge-some-file-writing-extension-checks-from-OpenJK.patch 1970-01-01 01:00:00.000000000 +0100
+++ ioquake3-1.36+u20161101+dfsg1/debian/patches/security/Merge-some-file-writing-extension-checks-from-OpenJK.patch 2017-03-14 10:14:37.000000000 +0000
@@ -0,0 +1,50 @@
+From: SmileTheory <smilethe...@gmail.com>
+Date: Mon, 13 Mar 2017 20:44:47 -0700
+Subject: Merge some file writing extension checks from OpenJK.
+
+Thanks Ensiform.
+https://github.com/JACoders/OpenJK/commit/05928a57f9e4aae15a3bd0
+https://github.com/JACoders/OpenJK/commit/ef124fd0fc48af164581176
+
+Origin: upstream, 1.37, commit:b173ac05993f634a42be3d3535e1b158de0c3372
+Bug-Debian: https://bugs.debian.org/857699
+---
+ code/client/cl_console.c | 6 ++++++
+ code/qcommon/common.c | 7 +++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/code/client/cl_console.c b/code/client/cl_console.c
+index 7d806e9..32ab87e 100644
+--- a/code/client/cl_console.c
++++ b/code/client/cl_console.c
+@@ -191,6 +191,12 @@ void Con_Dump_f (void)
+ Q_strncpyz( filename, Cmd_Argv( 1 ), sizeof( filename ) );
+ COM_DefaultExtension( filename, sizeof( filename ), ".txt" );
+
++ if (!COM_CompareExtension(filename, ".txt"))
++ {
++ Com_Printf("Con_Dump_f: Only the \".txt\" extension is supported by this command!\n");
++ return;
++ }
++
+ f = FS_FOpenFileWrite( filename );
+ if (!f)
+ {
+diff --git a/code/qcommon/common.c b/code/qcommon/common.c
+index 02ada76..1bec2dc 100644
+--- a/code/qcommon/common.c
++++ b/code/qcommon/common.c
+@@ -2975,6 +2975,13 @@ void Com_WriteConfig_f( void ) {
+ return;
+ }
+
++
++ if (!COM_CompareExtension(filename, ".cfg"))
++ {
++ Com_Printf("Com_WriteConfig_f: Only the \".cfg\" extension is supported by this command!\n");
++ return;
++ }
++
+ Q_strncpyz( filename, Cmd_Argv(1), sizeof( filename ) );
+ COM_DefaultExtension( filename, sizeof( filename ), ".cfg" );
+ Com_Printf( "Writing %s.\n", filename );
diff -Nru ioquake3-1.36+u20161101+dfsg1/debian/patches/series ioquake3-1.36+u20161101+dfsg1/debian/patches/series
--- ioquake3-1.36+u20161101+dfsg1/debian/patches/series 2016-11-05 19:03:47.000000000 +0000
+++ ioquake3-1.36+u20161101+dfsg1/debian/patches/series 2017-03-14 10:14:37.000000000 +0000
@@ -1,5 +1,9 @@
+security/Don-t-load-.pk3s-as-.dlls-and-don-t-load-user-config-file.patch
+security/Don-t-open-.pk3-files-as-OpenAL-drivers.patch
+security/Merge-some-file-writing-extension-checks-from-OpenJK.patch
debian/Add-sv_dorestart-which-can-be-set-by-game-code-to-re.patch
debian/Let-servers-set-sv_fps-too.patch
debian/Add-a-special-vmMagic-that-causes-equivalent-native-.patch
debian/Run-in-a-window-by-default-on-new-installations.patch
debian/ui-reinstate-minimal-code-to-determine-whether-this-.patch
+debian/Request-confirmation-if-a-user-enables-auto-downloading.patch
diffstat for game-data-packager-48 game-data-packager-49
.gitignore | 9 +++++++++
debian/.gitignore | 20 ++++++++++++++++++++
debian/changelog | 15 +++++++++++++++
debian/gbp.conf | 2 ++
runtime/launch-quake3-server.yaml.in | 4 ++++
runtime/launch-quake3.yaml.in | 6 ++++++
6 files changed, 56 insertions(+)
diff -Nru game-data-packager-48/debian/changelog game-data-packager-49/debian/changelog
--- game-data-packager-48/debian/changelog 2016-12-06 10:57:24.000000000 +0000
+++ game-data-packager-49/debian/changelog 2017-03-14 11:12:53.000000000 +0000
@@ -1,3 +1,18 @@
+game-data-packager (49) unstable; urgency=medium
+
+ * d/gbp.conf: Switch git branch to debian/stretch for updates
+ during freeze
+ * quake3: Symlink ioquake3 native game and UI code into ~/.q3a,
+ and run with vm_cgame, vm_game, vm_ui set to 0 by default.
+ This resolves bugs in the proprietary Quake III Arena releases by
+ swapping in ioquake3's updated (and Free Software) versions, and
+ mitigates security issues in ioquake3 by letting
+ ioquake3_1.36+u20161101+dfsg1-2 put a confirmation prompt in
+ front of the option to enable auto-downloading.
+ This regressed in v46.
+
+ -- Simon McVittie <s...@debian.org> Tue, 14 Mar 2017 11:12:53 +0000
+
game-data-packager (48) unstable; urgency=medium
* Enhancements and bug fixes:
diff -Nru game-data-packager-48/debian/gbp.conf game-data-packager-49/debian/gbp.conf
--- game-data-packager-48/debian/gbp.conf 1970-01-01 01:00:00.000000000 +0100
+++ game-data-packager-49/debian/gbp.conf 2017-03-14 11:12:53.000000000 +0000
@@ -0,0 +1,2 @@
+[DEFAULT]
+debian-branch = debian/stretch
diff -Nru game-data-packager-48/debian/.gitignore game-data-packager-49/debian/.gitignore
--- game-data-packager-48/debian/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ game-data-packager-49/debian/.gitignore 2017-03-14 11:12:53.000000000 +0000
@@ -0,0 +1,20 @@
+/*.debhelper
+/*.debhelper.log
+/*.substvars
+/changelog.dch
+/debhelper-build-stamp
+/doom2-masterlevels/
+/etqw/
+/etqw-server/
+/game-data-packager/
+/files
+/quake/
+/quake-server/
+/quake2/
+/quake2-server/
+/quake3/
+/quake3-server/
+/quake4/
+/quake4-server/
+/temp-home/
+/tmp/
diff -Nru game-data-packager-48/.gitignore game-data-packager-49/.gitignore
--- game-data-packager-48/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ game-data-packager-49/.gitignore 2017-03-14 11:12:53.000000000 +0000
@@ -0,0 +1,9 @@
+/build/
+/build-stamp
+/config.status
+/configure.mk
+/configure-stamp
+/out/
+__pycache__/
+*.deb
+ref.zip
diff -Nru game-data-packager-48/runtime/launch-quake3-server.yaml.in game-data-packager-49/runtime/launch-quake3-server.yaml.in
--- game-data-packager-48/runtime/launch-quake3-server.yaml.in 2016-12-06 10:57:24.000000000 +0000
+++ game-data-packager-49/runtime/launch-quake3-server.yaml.in 2017-03-14 11:12:53.000000000 +0000
@@ -5,8 +5,12 @@
- ioq3ded
argv: >
+set fs_basepath $assets/quake3
+ +set vm_game 0
base_directories:
- $assets/quake3-data
+ - $prefix/lib/ioquake3
+symlink_into_dot_directory:
+ - baseq3
required_files:
- baseq3/pak0.pk3
- baseq3/pak1.pk3
diff -Nru game-data-packager-48/runtime/launch-quake3.yaml.in game-data-packager-49/runtime/launch-quake3.yaml.in
--- game-data-packager-48/runtime/launch-quake3.yaml.in 2016-12-06 10:57:24.000000000 +0000
+++ game-data-packager-49/runtime/launch-quake3.yaml.in 2017-03-14 11:12:53.000000000 +0000
@@ -5,8 +5,14 @@
- ioquake3
argv: >
+set fs_basepath $assets/quake3
+ +set vm_cgame 0
+ +set vm_game 0
+ +set vm_ui 0
base_directories:
- $assets/quake3-data
+ - $prefix/lib/ioquake3
+symlink_into_dot_directory:
+ - baseq3
required_files:
- baseq3/pak0.pk3
- baseq3/pak1.pk3
