Hi, Here's a new release of DFArc, a frontend to run the GNU FreeDink game and manage its numerous add-on adventures or D-Mods :) https://ftp.gnu.org/pub/gnu/freedink/dfarc-3.14.tar.gz
This release fixes CVE-2018-0496: Sylvain Beucler and Dan Walma discovered several directory traversal issues in DFArc (as well as in the RTsoft's Dink Smallwood HD / ProtonSDK version), allowing an attacker to overwrite arbitrary files on the user's system. Also in this release: - New Swedish and Friulian translations. - Updated Catalan, Brazilian Portuguese and Spanish translations. - Fix crash when clicking on 'Package' when there is no D-Mod present. - Compilation fixes for OS X. - Reproducible build process for Windows (as well as GNU/Linux depending on your distro) - see https://reproducible-builds.org/ A note about distros security support: - Debian Security team graciously issued a CVE ID under 72h but declined both a security upload and a rationale on their choice; fix diverted to the next ~quarterly point release - Fedora/RedHat security did not answer after 6 days; fortunately Fedora is flexible enough to allow package maintainers to upgrade DFArc in previous releases on their own - Gentoo Security did not answer after 7 days - FreeBSD ports and Mageia packagers were contacted but did not answer - In Arch, package still stuck between orphaned and deleted state due to a 2017 bug It seems security support for packages without large user base and/or games is delayed significantly at best. About GNU FreeDink: Dink Smallwood is an adventure/role-playing game, similar to Zelda, made by RTsoft. Besides twisted humor, it includes the actual game editor, allowing players to create hundreds of new adventures called Dink Modules or D-Mods for short. GNU FreeDink is a new and portable version of the game engine, which runs the original game as well as its D-Mods, with close compatibility, under multiple platforms. DFArc is an integrated frontend, .dmod installer and .dmod archiver for the Dink Smallwood game engine. -- If you have a working or partly working program that you'd like to offer to the GNU project as a GNU package, see https://www.gnu.org/help/evaluation.html.
