Hello community, here is the log from the commit of package crawl.12356 for openSUSE:Leap:15.1:Update checked in at 2020-04-24 20:11:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/crawl.12356 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.crawl.12356.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "crawl.12356" Fri Apr 24 20:11:15 2020 rev:1 rq:796093 version:0.24.0 Changes: -------- New Changes file: --- /dev/null 2020-04-14 14:47:33.391806949 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.crawl.12356.new.2738/crawl.changes 2020-04-24 20:11:16.278568847 +0200 @@ -0,0 +1,377 @@ +------------------------------------------------------------------- +Tue Apr 14 11:22:21 UTC 2020 - Ferdinand Thiessen <r...@fthiessen.de> + +- Added CVE-2020-11722.patch to fix CVE-2020-11722, boo#1169381 + * Fixes a remote code evaluation issue with lua loadstring + +------------------------------------------------------------------- +Wed Mar 18 12:54:41 UTC 2020 - Jon Brightwell <j...@moozaad.co.uk> + +- Update to version 0.24.0 + * Vampire species simplified + * Thrown weapons streamlined + * Fedhas reimagined + * Sif Muna reworked +- removed crawl-0.17.1-datetime.patch as fixed upstream + +------------------------------------------------------------------- +Sun Jul 21 16:44:16 UTC 2019 - Simon Puchert <simonpuch...@alice.de> + +- Update to version 0.23.2 + * Trap system overhaul + * New Gauntlet portal to replace Labyrinths + * Nemelex Xobeh rework + * Nine unrandarts reworked and the new "Rift" unrandart added + * Support for seeded dungeon play + * build requires python and python-pyYAML + +------------------------------------------------------------------- +Sat Aug 25 17:45:20 UTC 2018 - r...@fthiessen.de + +- Spec cleanup + * Dropped defattr as more recent rpms add a default %defattr line + if none is present in the rpm %files section +- Fixed source (used corret one from upstream) + +------------------------------------------------------------------- +Fri Aug 10 15:14:29 UTC 2018 - j...@moozaad.co.uk + +- Update to 0.22.0 + * Player ghosts now only appear in sealed ghost vaults + * New spell library interface + * User interface revamp for Tiles and WebTiles + +------------------------------------------------------------------- +Sat Jul 14 16:05:43 UTC 2018 - j...@moozaad.co.uk + +- Update to 0.21.1 + +------------------------------------------------------------------- +Thu Jul 6 11:57:42 UTC 2017 - r...@fthiessen.de + +- Update to 0.20.1 + +------------------------------------------------------------------- +Tue May 16 20:36:28 UTC 2017 - dims...@opensuse.org + +- On platforms > Leap 42.x/SLE12, require user(games) and + group(games) instead of creating the user/group in pre. + +------------------------------------------------------------------- +Sat Feb 18 12:13:17 UTC 2017 - mailaen...@opensuse.org + +- Update to version 0.19.4 +- Add desktop.patch for a menu starter +- Add appdata.patch for https://en.opensuse.org/openSUSE:AppStore +- Add icon.patch for installing a SVG icon + +------------------------------------------------------------------- +Mon May 9 08:49:44 UTC 2016 - steevste...@gmail.com + +- Update to 0.18.1 + +------------------------------------------------------------------- +Sat Jan 2 21:04:03 UTC 2016 - opens...@dstoecker.de + +- do not compile date and time into the binary + (crawl-0.17.1-datetime.patch) + +------------------------------------------------------------------- +Mon Dec 14 18:01:21 UTC 2015 - r...@fthiessen.de + +- Added fdupes and fixed usage of __DATE__ and __TIME__ + +------------------------------------------------------------------- +Mon Dec 14 08:17:43 UTC 2015 - bem...@gmail.com + +- Updated to 0.17.1 + +------------------------------------------------------------------- +Mon Nov 9 07:05:08 UTC 2015 - bem...@gmail.com + +- Updated to 0.17.0 + +------------------------------------------------------------------- +Thu Aug 27 09:09:02 UTC 2015 - norm...@linux.vnet.ibm.com + +- for ppc64le architecture disable __ALTIVEC__ to avoid build error + to avoid contention between SDL vector and gcc defines + +------------------------------------------------------------------- +Mon Aug 24 07:29:42 UTC 2015 - bem...@gmail.com + +- Updated to 0.16.2 (bugfix release) + +------------------------------------------------------------------- +Sun Apr 12 14:37:57 UTC 2015 - bem...@gmail.com + +- Removed _service, source archive is now attached directly + +------------------------------------------------------------------- +Sat Apr 11 16:50:46 UTC 2015 - bem...@gmail.com + +- Updated crawl to 0.16.1 +- Source archive is now downloaded directly from crawl's website + +------------------------------------------------------------------- +Wed Apr 8 13:11:55 UTC 2015 - dims...@opensuse.org + +- Add a comment to the .desktop file (minimal requirement to show + up in AppStream based software centers). + +------------------------------------------------------------------- +Mon Mar 16 05:09:22 UTC 2015 - bem...@gmail.com + +- Source URL corrected + +------------------------------------------------------------------- +Sat Mar 14 19:49:00 MSK 2015 - bem...@gmail.com + +- Updated crawl to 0.16.0 + +------------------------------------------------------------------- +Thu Nov 6 15:54:44 MSK 2014 - bem...@gmail.com + +- Updated crawl to 0.15.2 (bugfix) +- Removed openSUSE 12.10, 11.* workarounds +- Removed crawl-ncurses-with-tinfo.patch, + because tinfo included in ncurses by default + +------------------------------------------------------------------- +Sun Sep 28 17:12:31 UTC 2014 - mailaen...@opensuse.org + +- Updated to version 0.15.1 +- avoid redundancy in %description + +------------------------------------------------------------------- +Thu Aug 28 08:58:11 MSK 2014 - bem...@gmail.com + +- Updated crawl to 0.15 + +------------------------------------------------------------------- +Fri Jun 20 05:02:09 UTC 2014 - devel.opensuse....@gmail.com + +- Added crawl_24_gbdbe590.patch: +- Update to git master 0.14.1-24-gbdbe590: + * Make drakes breathe, not throw (hangedman, Grunt) + This was broken when the dragon genus was split. I didn't restore + the "roars" message, though. + Also incorporates "Restrict drake breathe message to targeted spells." + * Don't crash on t-r at the map edge (bh) + * Fix an #ifdef (MarvinPA). + * Include tileweb-text.cc in MSVC builds. + * Add hash.cc to, remove obsolete files from, MSVC project. + * Allow using Luajit on 64-bit systems (#8641) + 64-bit luajit doesn't support lua_newstate or custom allocators, so don't + try to use one there. However, give a warning if this happens with a + webtiles or dgamelaunch build, because servers probably do want the + memory throttling. + * Don't crash on time step while siren-mesmerised (#8546) + * Use the correct skill in variable-range rod spells (#8307) + For the purposes of the hostile-in-range check and darken_beyond_range, + we were computing power using the spell schools rather than Evocations. + * More carefully chase item links in the pickup menu (#8603) + Moving the item to the player destroyed it; normally that would have set + the non-item's link to NON_ITEM, exiting the loop, but level excursions as + part of pickup could overwrite the link. + * Allow more than just the fallback hell entry in old late D. + * Generate abyss/hell entries in old games with D:27. + This includes generating hell entries on every level as we currently do in + Depths. + * Fix a bad array subscript (#8594) + This has incorrectly been 9 rather than 0 since the function was added + in 0.13-a0-927-g55b8bbf. + * Replace a few uses of a <= b <= c (#8594) + One of them was incorrect, and the other correct but confusing. + * Fix a potential teleport closet (#8604) + * Fix some Asterion speech. (MarvinPA, #8602) + * Distinguish artefact from non- when swapping rings (#8062) + If the left ring was a artefact and the right ring a non-artefact of the + same base time, we failed to ask which to swap out. + * Time-out unintentional Vp bat form normally (#8392) + * Remove mention of ! from tutorial/hints skills screen (#5346). + According to b702f4e, this menu is supposed to be disabled because it + explains advanced commands which aren't available in the simple menu, + * Allow toggling skill practicing in tutorial/hints mode again. + Broken by ecaf8b2. + It's a sad state of affairs that nobody thought this was a bug for ++++ 180 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.crawl.12356.new.2738/crawl.changes New: ---- CVE-2020-11722.patch appdata.patch crawl.changes crawl.spec desktop.patch icon.patch stone_soup-0.24.0-nodeps.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ crawl.spec ++++++ # # spec file for package crawl # # Copyright (c) 2020 SUSE LLC # Copyright (c) 2011 Sascha Peilicke <sasch...@gmx.de> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define major_ver 0.24 %define about Crawl is a fun game in the grand tradition of games like Rogue, Hack, and Moria.\ Your objective is to travel deep into a subterranean cave complex and retrieve the Orb of Zot, \ which is guarded by many horrible and hideous creatures. Name: crawl Version: %{major_ver}.0 Release: 0 Summary: Roguelike dungeon exploration game License: GPL-2.0-or-later Group: Amusements/Games/RPG URL: https://crawl.develz.org/ Source: https://crawl.develz.org/release/%{major_ver}/stone_soup-%{version}-nodeps.tar.xz # PATCH-FIX-UPSTREAM https://github.com/crawl/crawl/pull/464 Patch0: desktop.patch Patch1: icon.patch Patch2: appdata.patch # PATCH-FIX-UPSTREAM CVE-2020-11722, boo#1169381, disable LUA loadstring Patch3: CVE-2020-11722.patch BuildRequires: dejavu-fonts BuildRequires: desktop-file-utils BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: hicolor-icon-theme BuildRequires: libpng-devel BuildRequires: lua51-devel BuildRequires: ncurses-devel BuildRequires: pkgconfig BuildRequires: pngcrush BuildRequires: python BuildRequires: python-PyYAML BuildRequires: update-desktop-files BuildRequires: pkgconfig(SDL2_image) BuildRequires: pkgconfig(freetype2) BuildRequires: pkgconfig(glu) BuildRequires: pkgconfig(sdl2) BuildRequires: pkgconfig(sqlite3) Requires: %{name}-data = %{version} %if 0%{?suse_version} >= 1330 Requires: group(games) Requires: user(games) %else Requires(pre): pwdutils %endif %description %{about} This is the Stone Soup version of Dungeon Crawl. Note: You need to be in the 'games' group in order to play the game. %package sdl Summary: Roguelike dungeon exploration game (SDL version) Group: Amusements/Games/RPG Requires: %{name} = %{version} %description sdl %{about} This is the (SDL-based) tiled Stone Soup version of Dungeon Crawl. Note: You need to be in the 'games' group in order to play the game. %package data Summary: Roguelike dungeon exploration game (Data files) Group: Amusements/Games/RPG Requires: %{name} = %{version} BuildArch: noarch %description data %{about} These are the data files for Dungeon Crawl Stone Soup. %prep %setup -q -n stone_soup-%{version} %patch0 -p2 %patch1 -p2 %patch2 -p2 %patch3 -p1 %build cd source tmpflags="%{optflags}" %ifarch ppc64le # avoid contentions between SDL vector and gcc defines # disable the include of altivec.h in /usr/include/SDL2/SDL_cpuinfo.h # note that --disable-altivec not supported by gcc 4.8 tmpflags="$tmpflags -U__ALTIVEC__" %endif %make_build clean %make_build prefix=%{_prefix} bin_prefix=bin DATADIR="%{_datadir}/%{name}/" BINDIR=%{_bindir} EXTRA_FLAGS="${tmpflags}" mv crawl crawl.tty # avoid name clashes temporarily %make_build clean %make_build prefix=%{_prefix} bin_prefix=bin DATADIR="%{_datadir}/%{name}/" BINDIR=%{_bindir} EXTRA_FLAGS="${tmpflags}" TILES="1" mv crawl crawl-sdl mv crawl.tty crawl %pre %if 0%{?suse_version} < 1330 # Anything after Leap 42.x / SLE12 base uses user/group package dependencies getent group games >/dev/null || groupadd -r games getent passwd games >/dev/null || useradd -r -g games -d %{_localstatedir}/games -s /sbin/nologin %endif # move old saves if [ -d %{_localstatedir}/games/crawl ]; then if [ -d /root/.crawl ]; then mv /root/.crawl /root/.crawl_old fi mv %{_localstatedir}/games/crawl /root/.crawl fi %install %make_install -C source prefix=%{_prefix} bin_prefix=bin DATADIR=%{_datadir}/%{name} BINDIR=%{_bindir} TILES=y install -D -m0644 docs/%{name}.6 %{buildroot}%{_mandir}/man6/%{name}.6 install -D -m0755 source/crawl-sdl %{buildroot}%{_bindir}/crawl-sdl make DESTDIR=%{buildroot} prefix=%{_prefix} install-linux-desktop install-linux-appdata -C source %fdupes %{buildroot}%{_datadir}/%{name} %post %desktop_database_post %icon_theme_cache_post %postun %desktop_database_postun %icon_theme_cache_postun %files sdl %attr(0755,root,root) %{_bindir}/%{name}-sdl %{_datadir}/applications/%{name}.desktop %{_datadir}/icons/hicolor/scalable/apps/%{name}.svg %dir %{_datadir}/appdata/ %{_datadir}/appdata/%{name}.appdata.xml %files data %{_datadir}/%{name} %files %license LICENSE %attr(0755,root,root) %{_bindir}/%{name} %{_mandir}/man6/* %changelog ++++++ CVE-2020-11722.patch ++++++ Fix CVE CVE-2020-11722 before version 0.25 Contains upstream commits 768f60da87a3fa0b5561da5ade9309577c176d04 and fc522ff6eb1bbb85e3de60c60a45762571e48c28 diff -Nur stone_soup-0.24.0/source/clua.cc new/source/clua.cc --- stone_soup-0.24.0/source/clua.cc 2019-04-21 07:54:24.000000000 +0200 +++ new/source/clua.cc 2020-04-14 13:38:19.579713046 +0200 @@ -315,6 +315,9 @@ while (!f.eof()) script += f.get_line() + "\n"; + if (script[0] == 0x1b) + abort(); + // prefixing with @ stops lua from adding [string "%s"] return luaL_loadbuffer(ls, &script[0], script.length(), ("@" + file).c_str()); @@ -729,6 +732,20 @@ return !err; } +static int lua_loadstring(lua_State *ls) +{ + const auto lua = luaL_checkstring(ls, 1); + if (lua[0] == 0x1b) + abort(); + lua_settop(ls, 0); + if (luaL_loadstring(ls, lua)) + { + lua_pushnil(ls); + lua_insert(ls, 1); + } + return lua_gettop(ls); +} + void CLua::init_lua() { if (_state) @@ -751,6 +768,11 @@ lua_stack_cleaner clean(_state); + lua_pushcfunction(_state, lua_loadstring); + lua_setglobal(_state, "loadstring"); + lua_pushnil(_state); + lua_setglobal(_state, "load"); + lua_atpanic(_state, _clua_panic); #ifdef CLUA_UNRESTRICTED_LIBS ++++++ appdata.patch ++++++ >From 9380778b8c89a9280d541730eb3bced827605bba Mon Sep 17 00:00:00 2001 Message-Id: <9380778b8c89a9280d541730eb3bced827605bba.1487494889.git.matth...@mailaender.name> In-Reply-To: <a870232c936c5a813ebef44758127b20ee07933e.1487494889.git.matth...@mailaender.name> References: <a870232c936c5a813ebef44758127b20ee07933e.1487494889.git.matth...@mailaender.name> From: =?UTF-8?q?Matthias=20Mail=C3=A4nder?= <matth...@mailaender.name> Date: Sat, 18 Feb 2017 13:09:07 +0100 Subject: [PATCH 3/3] Add an appdata.xml file for Linux software galleries --- crawl-ref/source/Makefile | 4 ++++ crawl-ref/source/linux/crawl.appdata.xml | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/crawl-ref/source/Makefile b/crawl-ref/source/Makefile index d325e67b8d..e5345eb3f2 100644 --- a/crawl-ref/source/Makefile +++ b/crawl-ref/source/Makefile @@ -1445,6 +1445,10 @@ install-linux-desktop: [ -d $(prefix_fp)/share/icons/hicolor/scalable/apps ] || mkdir -p $(prefix_fp)/share/icons/hicolor/scalable/apps $(COPY) linux/crawl.svg $(prefix_fp)/share/icons/hicolor/scalable/apps +install-linux-appdata: + [ -d $(prefix_fp)/share/appdata ] || mkdir -p $(prefix_fp)/share/appdata + $(COPY) linux/crawl.appdata.xml $(prefix_fp)/share/appdata + clean: clean-rltiles clean-webserver clean-android clean-monster +$(MAKE) -C $(UTIL) clean $(RM) $(GAME) $(GAME).exe $(GENERATED_FILES) $(EXTRA_OBJECTS) libw32c.o\ diff --git a/crawl-ref/source/linux/crawl.appdata.xml b/crawl-ref/source/linux/crawl.appdata.xml new file mode 100644 index 0000000000..d19914f3f6 --- /dev/null +++ b/crawl-ref/source/linux/crawl.appdata.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8"?> +<component type="desktop"> + <id>crawl.desktop</id> + <metadata_license>CC0-1.0</metadata_license> + <project_license>GPL-2.0</project_license> + <name>Dungeon Crawl Stone Soup </name> + <summary>Roguelike dungeon exploration game</summary> + <description> + <p> + Dungeon Crawl Stone Soup is a free roguelike game of exploration and treasure-hunting in dungeons filled with dangerous and unfriendly monsters in a quest for the mystifyingly fabulous Orb of Zot. + </p> + <p> + Dungeon Crawl Stone Soup has diverse species and many different character backgrounds to choose from, deep tactical game-play, sophisticated magic, religion and skill systems, and a grand variety of monsters to fight and run from, making each game unique and challenging. + </p> + <p> + Dungeon Crawl Stone Soup can be played offline, or online on a public telnet/ssh server. These public servers allow you to meet other players’ ghosts, watch other people playing, and, in general, have a blast! + </p> + </description> + <screenshots> + <screenshot type="default"> + <image>http://crawl.develz.org/wordpress/wp-content/uploads/2014/05/sonja.png</image> + </screenshot> + <screenshot> + <image>http://crawl.develz.org/wordpress/wp-content/uploads/2014/05/roxanne.png</image> + </screenshot> + <screenshot> + <image>http://crawl.develz.org/wordpress/wp-content/uploads/2014/05/ashenzari.png</image> + </screenshot> + </screenshots> + <url type="homepage">http://crawl.develz.org/</url> + <update_contact>crawl-ref-disc...@lists.sourceforge.net</update_contact> +</component> -- 2.11.0 ++++++ desktop.patch ++++++ >From a870232c936c5a813ebef44758127b20ee07933e Mon Sep 17 00:00:00 2001 Message-Id: <a870232c936c5a813ebef44758127b20ee07933e.1487494889.git.matth...@mailaender.name> From: =?UTF-8?q?Matthias=20Mail=C3=A4nder?= <matth...@mailaender.name> Date: Sat, 18 Feb 2017 13:07:36 +0100 Subject: [PATCH 1/3] Add a FreeDesktop compliant start menu launcher --- crawl-ref/source/Makefile | 4 ++++ crawl-ref/source/linux/crawl.desktop | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/crawl-ref/source/Makefile b/crawl-ref/source/Makefile index d4b4dc4a85..4ecf1ca069 100644 --- a/crawl-ref/source/Makefile +++ b/crawl-ref/source/Makefile @@ -1439,6 +1439,10 @@ ifeq ($(USE_DGAMELAUNCH),) $(CHMOD) $(MCHMOD) $(prefix_fp)/$(bin_prefix)/$(GAME) || true endif +install-linux-desktop: + [ -d $(prefix_fp)/share/applications ] || mkdir -p $(prefix_fp)/share/applications + $(COPY) linux/crawl.desktop $(prefix_fp)/share/applications + clean: clean-rltiles clean-webserver clean-android clean-monster +$(MAKE) -C $(UTIL) clean $(RM) $(GAME) $(GAME).exe $(GENERATED_FILES) $(EXTRA_OBJECTS) libw32c.o\ diff --git a/crawl-ref/source/linux/crawl.desktop b/crawl-ref/source/linux/crawl.desktop new file mode 100644 index 0000000000..4287381277 --- /dev/null +++ b/crawl-ref/source/linux/crawl.desktop @@ -0,0 +1,9 @@ +[Desktop Entry] +Name=Dungeon Crawl Stone Soup +GenericName=Roguelike dungeon exploration game +Comment=A fun game in the grand tradition of games like Rogue, Hack, and Moria +Type=Application +Icon=crawl +Exec=crawl-sdl +Terminal=false +Categories=Game;RolePlaying; -- 2.11.0 ++++++ icon.patch ++++++ ++++ 2187 lines (skipped)