Re: UPDATE: games/chocolate-doom 3.0.0 => 3.0.1 (fix CVE-2020-14983)
On Sun, Aug 02, 2020 at 01:09:18PM -0700, Ryan Freeman wrote:
> On Sat, Aug 01, 2020 at 03:47:19AM +, Brian Callahan wrote:
> > Hi ports and Ryan --
> >
> > I noticed via Repology that our version of chocolate-doom is
> > vulnerable to CVE-2020-14983 [0].
> >
> > The simple solution is to update to version 3.0.1, which contains the
> > fix [1].
> >
> > Doom works here for me.
> >
> > OK?
> >
> > ~Brian
> >
> > [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
> > [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
>
> Hey Brian,
>
> Thanks again for pointing this out! I managed to roll my old DESCR and
> pkg README enhancements into your diff to upgrade to 3.0.1. Please
> consider this one for commit, builds and runs fine on amd64 here.
>
> This is based on a diff I had from last year that never made it in seen
> here, but with a bit more word-smoothing:
> https://marc.info/?l=openbsd-ports=156485054232532=2
>
> Thanks!
>
Ping
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
> retrieving revision 1.27
> diff -u -p -r1.27 Makefile
> --- Makefile 12 Jul 2019 20:46:15 - 1.27
> +++ Makefile 2 Aug 2020 20:03:43 -
> @@ -1,10 +1,9 @@
> # $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
>
> COMMENT =portable release of Doom, Heretic, Hexen, and Strife
> -V = 3.0.0
> +V = 3.0.1
> DISTNAME = chocolate-doom-${V}
> CATEGORIES = games x11
> -REVISION = 0
>
> HOMEPAGE = https://www.chocolate-doom.org/
>
> Index: distinfo
> ===
> RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
> retrieving revision 1.9
> diff -u -p -r1.9 distinfo
> --- distinfo 18 Jan 2018 09:30:58 - 1.9
> +++ distinfo 2 Aug 2020 20:03:43 -
> @@ -1,2 +1,2 @@
> -SHA256 (chocolate-doom-3.0.0.tar.gz) =
> c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
> -SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
> +SHA256 (chocolate-doom-3.0.1.tar.gz) =
> 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
> +SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
> Index: pkg/DESCR
> ===
> RCS file: /cvs/ports/games/chocolate-doom/pkg/DESCR,v
> retrieving revision 1.4
> diff -u -p -r1.4 DESCR
> --- pkg/DESCR 11 Dec 2014 08:10:51 - 1.4
> +++ pkg/DESCR 2 Aug 2020 20:03:43 -
> @@ -1,28 +1,7 @@
> -Chocolate Doom is a portable branch of the classic doom.exe experience
> -from the days of DOS. The author, Simon Howard, has worked to ensure
> -Chocolate Doom, which is nothing more than a directly modified version
> -of the released iD Software source code, has zero changes that affect
> -gameplay, look, or feel, and also re-created a DOS-like setup program to
> -configure the game much like the original setup.exe. The project also
> -maintains versions of the engine for Heretic, Hexen, and Strife.
> +Chocolate Doom is an SDL-based port of the classic DOOM.EXE experience from
> +the days of DOS. The project aims to provide an experience identical to that
> +of the original games on original hardware. A game configuration program is
> +included, and emulates the classic DOS-style SETUP.EXE of the originals.
>
> -Chocolate Doom provides:
> - chocolate-doom - the Doom executable
> - chocolate-doom-setup- the Doom setup executable
> - chocolate-heretic - the Heretic executable
> - chocolate-heretic-setup - the Heretic setup executable
> - chocolate-hexen - the Hexen executable
> - chocolate-hexen-setup - the Hexen setup executable
> - chocolate-strife- the Strife executable
> - chocolate-strife-setup - the Strife setup executable
> - chocolate-server- server for up to 4-player net games
> -
> -
> -Due to the port re-implementing the original games as closely as
> -possible, all original game PWADs and demos work flawlessly. Other
> -original features include a PC-speaker driver, just like the DOS
> -PC-speaker driver, and a working -left and -right network command
> -parameter system for the 'surround display' setup that was
> -obtainable with the original DOS executables over an IPX network.
> -
> -Check the chocolate-*(6) manpages for additional information.
> +The project also maintains versions of the engine for Heretic, Hexen, and
> +Strife. All original game PWADs and demos should work flawlessly.
> Index: pkg/MESSAGE
> ===
> RCS file: pkg/MESSAGE
> diff -N pkg/MESSAGE
> --- pkg/MESSAGE 27 May 2014 06:35:01 - 1.5
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1,16 +0,0 @@
> -To play the game you will need an original Doom, Ultimate Doom,
> -Doom II, Final Doom, Heretic, Hexen, or Strife IWAD. Place the
> -doom.wad, doom2.wad, plutonia.wad, tnt.wad, heretic.wad, hexen.wad,
> -strife1.wad + voices.wad or all
Re: UPDATE: games/chocolate-doom 3.0.0 => 3.0.1 (fix CVE-2020-14983)
On Sat, Aug 01, 2020 at 03:47:19AM +, Brian Callahan wrote:
> Hi ports and Ryan --
>
> I noticed via Repology that our version of chocolate-doom is
> vulnerable to CVE-2020-14983 [0].
>
> The simple solution is to update to version 3.0.1, which contains the
> fix [1].
>
> Doom works here for me.
>
> OK?
>
> ~Brian
>
> [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
> [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
Hey Brian,
Thanks again for pointing this out! I managed to roll my old DESCR and
pkg README enhancements into your diff to upgrade to 3.0.1. Please
consider this one for commit, builds and runs fine on amd64 here.
This is based on a diff I had from last year that never made it in seen
here, but with a bit more word-smoothing:
https://marc.info/?l=openbsd-ports=156485054232532=2
Thanks!
Index: Makefile
===
RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
retrieving revision 1.27
diff -u -p -r1.27 Makefile
--- Makefile12 Jul 2019 20:46:15 - 1.27
+++ Makefile2 Aug 2020 20:03:43 -
@@ -1,10 +1,9 @@
# $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
COMMENT = portable release of Doom, Heretic, Hexen, and Strife
-V =3.0.0
+V =3.0.1
DISTNAME = chocolate-doom-${V}
CATEGORIES = games x11
-REVISION = 0
HOMEPAGE = https://www.chocolate-doom.org/
Index: distinfo
===
RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
retrieving revision 1.9
diff -u -p -r1.9 distinfo
--- distinfo18 Jan 2018 09:30:58 - 1.9
+++ distinfo2 Aug 2020 20:03:43 -
@@ -1,2 +1,2 @@
-SHA256 (chocolate-doom-3.0.0.tar.gz) =
c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
-SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
+SHA256 (chocolate-doom-3.0.1.tar.gz) =
1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
+SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
Index: pkg/DESCR
===
RCS file: /cvs/ports/games/chocolate-doom/pkg/DESCR,v
retrieving revision 1.4
diff -u -p -r1.4 DESCR
--- pkg/DESCR 11 Dec 2014 08:10:51 - 1.4
+++ pkg/DESCR 2 Aug 2020 20:03:43 -
@@ -1,28 +1,7 @@
-Chocolate Doom is a portable branch of the classic doom.exe experience
-from the days of DOS. The author, Simon Howard, has worked to ensure
-Chocolate Doom, which is nothing more than a directly modified version
-of the released iD Software source code, has zero changes that affect
-gameplay, look, or feel, and also re-created a DOS-like setup program to
-configure the game much like the original setup.exe. The project also
-maintains versions of the engine for Heretic, Hexen, and Strife.
+Chocolate Doom is an SDL-based port of the classic DOOM.EXE experience from
+the days of DOS. The project aims to provide an experience identical to that
+of the original games on original hardware. A game configuration program is
+included, and emulates the classic DOS-style SETUP.EXE of the originals.
-Chocolate Doom provides:
- chocolate-doom - the Doom executable
- chocolate-doom-setup- the Doom setup executable
- chocolate-heretic - the Heretic executable
- chocolate-heretic-setup - the Heretic setup executable
- chocolate-hexen - the Hexen executable
- chocolate-hexen-setup - the Hexen setup executable
- chocolate-strife- the Strife executable
- chocolate-strife-setup - the Strife setup executable
- chocolate-server- server for up to 4-player net games
-
-
-Due to the port re-implementing the original games as closely as
-possible, all original game PWADs and demos work flawlessly. Other
-original features include a PC-speaker driver, just like the DOS
-PC-speaker driver, and a working -left and -right network command
-parameter system for the 'surround display' setup that was
-obtainable with the original DOS executables over an IPX network.
-
-Check the chocolate-*(6) manpages for additional information.
+The project also maintains versions of the engine for Heretic, Hexen, and
+Strife. All original game PWADs and demos should work flawlessly.
Index: pkg/MESSAGE
===
RCS file: pkg/MESSAGE
diff -N pkg/MESSAGE
--- pkg/MESSAGE 27 May 2014 06:35:01 - 1.5
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,16 +0,0 @@
-To play the game you will need an original Doom, Ultimate Doom,
-Doom II, Final Doom, Heretic, Hexen, or Strife IWAD. Place the
-doom.wad, doom2.wad, plutonia.wad, tnt.wad, heretic.wad, hexen.wad,
-strife1.wad + voices.wad or all of the above in
-${PREFIX}/share/doom/ to play. The shareware will also work.
-
-If multiple IWADs are installed, you may specify the one you want to
-play via the -iwad command-line parameter e.g.
-
- $ chocolate-doom -iwad doom.wad
- $ chocolate-heretic -iwad heretic1.wad
Re: UPDATE: games/chocolate-doom 3.0.0 => 3.0.1 (fix CVE-2020-14983)
On Sat, Aug 01, 2020 at 10:32:53AM -0700, Ryan Freeman wrote:
> On Sat, Aug 01, 2020 at 03:47:19AM +, Brian Callahan wrote:
> > Hi ports and Ryan --
> >
> > I noticed via Repology that our version of chocolate-doom is
> > vulnerable to CVE-2020-14983 [0].
> >
> > The simple solution is to update to version 3.0.1, which contains the
> > fix [1].
> >
> > Doom works here for me.
>
> Thanks for this, I will look at this in a bit, perfect opportunity
> for me to get my changes[1] for DESCR and README in :P
>
> So please hold tight on this before committing
Well, it is taking me longer to update my laptop than anticipated,
and now I need to step away. Apologies, I am good with just getting
the CVE taken care of. Thanks!
>
> [1] https://marc.info/?l=openbsd-ports=156418849704190=2
>
> >
> > OK?
> >
> > ~Brian
> >
> > [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
> > [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
>
> > Index: Makefile
> > ===
> > RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
> > retrieving revision 1.27
> > diff -u -p -r1.27 Makefile
> > --- Makefile12 Jul 2019 20:46:15 - 1.27
> > +++ Makefile1 Aug 2020 03:43:21 -
> > @@ -1,10 +1,9 @@
> > # $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
> >
> > COMMENT = portable release of Doom, Heretic, Hexen, and Strife
> > -V =3.0.0
> > +V =3.0.1
> > DISTNAME = chocolate-doom-${V}
> > CATEGORIES = games x11
> > -REVISION = 0
> >
> > HOMEPAGE = https://www.chocolate-doom.org/
> >
> > Index: distinfo
> > ===
> > RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
> > retrieving revision 1.9
> > diff -u -p -r1.9 distinfo
> > --- distinfo18 Jan 2018 09:30:58 - 1.9
> > +++ distinfo1 Aug 2020 03:43:21 -
> > @@ -1,2 +1,2 @@
> > -SHA256 (chocolate-doom-3.0.0.tar.gz) =
> > c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
> > -SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
> > +SHA256 (chocolate-doom-3.0.1.tar.gz) =
> > 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
> > +SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
>
Re: UPDATE: games/chocolate-doom 3.0.0 => 3.0.1 (fix CVE-2020-14983)
On Sat, Aug 01, 2020 at 03:47:19AM +, Brian Callahan wrote:
> Hi ports and Ryan --
>
> I noticed via Repology that our version of chocolate-doom is
> vulnerable to CVE-2020-14983 [0].
>
> The simple solution is to update to version 3.0.1, which contains the
> fix [1].
>
> Doom works here for me.
Thanks for this, I will look at this in a bit, perfect opportunity
for me to get my changes[1] for DESCR and README in :P
So please hold tight on this before committing
[1] https://marc.info/?l=openbsd-ports=156418849704190=2
>
> OK?
>
> ~Brian
>
> [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
> [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
> Index: Makefile
> ===
> RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
> retrieving revision 1.27
> diff -u -p -r1.27 Makefile
> --- Makefile 12 Jul 2019 20:46:15 - 1.27
> +++ Makefile 1 Aug 2020 03:43:21 -
> @@ -1,10 +1,9 @@
> # $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
>
> COMMENT =portable release of Doom, Heretic, Hexen, and Strife
> -V = 3.0.0
> +V = 3.0.1
> DISTNAME = chocolate-doom-${V}
> CATEGORIES = games x11
> -REVISION = 0
>
> HOMEPAGE = https://www.chocolate-doom.org/
>
> Index: distinfo
> ===
> RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
> retrieving revision 1.9
> diff -u -p -r1.9 distinfo
> --- distinfo 18 Jan 2018 09:30:58 - 1.9
> +++ distinfo 1 Aug 2020 03:43:21 -
> @@ -1,2 +1,2 @@
> -SHA256 (chocolate-doom-3.0.0.tar.gz) =
> c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
> -SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
> +SHA256 (chocolate-doom-3.0.1.tar.gz) =
> 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
> +SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
UPDATE: games/chocolate-doom 3.0.0 => 3.0.1 (fix CVE-2020-14983)
Hi ports and Ryan --
I noticed via Repology that our version of chocolate-doom is
vulnerable to CVE-2020-14983 [0].
The simple solution is to update to version 3.0.1, which contains the
fix [1].
Doom works here for me.
OK?
~Brian
[0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
[1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
Index: Makefile
===
RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
retrieving revision 1.27
diff -u -p -r1.27 Makefile
--- Makefile 12 Jul 2019 20:46:15 - 1.27
+++ Makefile 1 Aug 2020 03:43:21 -
@@ -1,10 +1,9 @@
# $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
COMMENT = portable release of Doom, Heretic, Hexen, and Strife
-V = 3.0.0
+V = 3.0.1
DISTNAME = chocolate-doom-${V}
CATEGORIES = games x11
-REVISION = 0
HOMEPAGE = https://www.chocolate-doom.org/
Index: distinfo
===
RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
retrieving revision 1.9
diff -u -p -r1.9 distinfo
--- distinfo 18 Jan 2018 09:30:58 - 1.9
+++ distinfo 1 Aug 2020 03:43:21 -
@@ -1,2 +1,2 @@
-SHA256 (chocolate-doom-3.0.0.tar.gz) = c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
-SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
+SHA256 (chocolate-doom-3.0.1.tar.gz) = 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
+SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
Re: UPDATE: games/chocolate-doom 3.0.0 => 3.0.1 (fix CVE-2020-14983)
Brian Callahan writes:
> Hi ports and Ryan --
>
> I noticed via Repology that our version of chocolate-doom is
> vulnerable to CVE-2020-14983 [0].
>
> The simple solution is to update to version 3.0.1, which contains the
> fix [1].
>
> Doom works here for me.
In my testing singleplayer and multiplayer continue to work.
I tested singleplayer by completing the first maps in Doom and Doom 2.
I tested multiplayer by creating a server and having two players join.
$ chocolate-server -privateserver
$ chocolate-doom -iwad doom2.wad -connect 127.0.0.1 -deathmatch -nomonsters
$ chocolate-doom -iwad doom2.wad -connect 127.0.0.1
>
> OK?
>
> ~Brian
>
> [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
> [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
> retrieving revision 1.27
> diff -u -p -r1.27 Makefile
> --- Makefile 12 Jul 2019 20:46:15 - 1.27
> +++ Makefile 1 Aug 2020 03:43:21 -
> @@ -1,10 +1,9 @@
> # $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
>
> COMMENT =portable release of Doom, Heretic, Hexen, and Strife
> -V = 3.0.0
> +V = 3.0.1
> DISTNAME = chocolate-doom-${V}
> CATEGORIES = games x11
> -REVISION = 0
>
> HOMEPAGE = https://www.chocolate-doom.org/
>
> Index: distinfo
> ===
> RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
> retrieving revision 1.9
> diff -u -p -r1.9 distinfo
> --- distinfo 18 Jan 2018 09:30:58 - 1.9
> +++ distinfo 1 Aug 2020 03:43:21 -
> @@ -1,2 +1,2 @@
> -SHA256 (chocolate-doom-3.0.0.tar.gz) =
> c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
> -SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
> +SHA256 (chocolate-doom-3.0.1.tar.gz) =
> 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
> +SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
