On Sun, Aug 02, 2020 at 01:09:18PM -0700, Ryan Freeman wrote:
> On Sat, Aug 01, 2020 at 03:47:19AM +0000, Brian Callahan wrote:
> > Hi ports and Ryan --
> >
> > I noticed via Repology that our version of chocolate-doom is
> > vulnerable to CVE-2020-14983 [0].
> >
> > The simple solution is to update to version 3.0.1, which contains the
> > fix [1].
> >
> > Doom works here for me.
> >
> > OK?
> >
> > ~Brian
> >
> > [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
> > [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
>
> Hey Brian,
>
> Thanks again for pointing this out! I managed to roll my old DESCR and
> pkg README enhancements into your diff to upgrade to 3.0.1. Please
> consider this one for commit, builds and runs fine on amd64 here.
>
> This is based on a diff I had from last year that never made it in seen
> here, but with a bit more word-smoothing:
> https://marc.info/?l=openbsd-ports&m=156485054232532&w=2
>
> Thanks!
>
Ping
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
> retrieving revision 1.27
> diff -u -p -r1.27 Makefile
> --- Makefile 12 Jul 2019 20:46:15 -0000 1.27
> +++ Makefile 2 Aug 2020 20:03:43 -0000
> @@ -1,10 +1,9 @@
> # $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
>
> COMMENT = portable release of Doom, Heretic, Hexen, and Strife
> -V = 3.0.0
> +V = 3.0.1
> DISTNAME = chocolate-doom-${V}
> CATEGORIES = games x11
> -REVISION = 0
>
> HOMEPAGE = https://www.chocolate-doom.org/
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
> retrieving revision 1.9
> diff -u -p -r1.9 distinfo
> --- distinfo 18 Jan 2018 09:30:58 -0000 1.9
> +++ distinfo 2 Aug 2020 20:03:43 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (chocolate-doom-3.0.0.tar.gz) =
> c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
> -SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
> +SHA256 (chocolate-doom-3.0.1.tar.gz) =
> 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
> +SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
> Index: pkg/DESCR
> ===================================================================
> RCS file: /cvs/ports/games/chocolate-doom/pkg/DESCR,v
> retrieving revision 1.4
> diff -u -p -r1.4 DESCR
> --- pkg/DESCR 11 Dec 2014 08:10:51 -0000 1.4
> +++ pkg/DESCR 2 Aug 2020 20:03:43 -0000
> @@ -1,28 +1,7 @@
> -Chocolate Doom is a portable branch of the classic doom.exe experience
> -from the days of DOS. The author, Simon Howard, has worked to ensure
> -Chocolate Doom, which is nothing more than a directly modified version
> -of the released iD Software source code, has zero changes that affect
> -gameplay, look, or feel, and also re-created a DOS-like setup program to
> -configure the game much like the original setup.exe. The project also
> -maintains versions of the engine for Heretic, Hexen, and Strife.
> +Chocolate Doom is an SDL-based port of the classic DOOM.EXE experience from
> +the days of DOS. The project aims to provide an experience identical to that
> +of the original games on original hardware. A game configuration program is
> +included, and emulates the classic DOS-style SETUP.EXE of the originals.
>
> -Chocolate Doom provides:
> - chocolate-doom - the Doom executable
> - chocolate-doom-setup - the Doom setup executable
> - chocolate-heretic - the Heretic executable
> - chocolate-heretic-setup - the Heretic setup executable
> - chocolate-hexen - the Hexen executable
> - chocolate-hexen-setup - the Hexen setup executable
> - chocolate-strife - the Strife executable
> - chocolate-strife-setup - the Strife setup executable
> - chocolate-server - server for up to 4-player net games
> -
> -
> -Due to the port re-implementing the original games as closely as
> -possible, all original game PWADs and demos work flawlessly. Other
> -original features include a PC-speaker driver, just like the DOS
> -PC-speaker driver, and a working -left and -right network command
> -parameter system for the 'surround display' setup that was
> -obtainable with the original DOS executables over an IPX network.
> -
> -Check the chocolate-*(6) manpages for additional information.
> +The project also maintains versions of the engine for Heretic, Hexen, and
> +Strife. All original game PWADs and demos should work flawlessly.
> Index: pkg/MESSAGE
> ===================================================================
> RCS file: pkg/MESSAGE
> diff -N pkg/MESSAGE
> --- pkg/MESSAGE 27 May 2014 06:35:01 -0000 1.5
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,16 +0,0 @@
> -To play the game you will need an original Doom, Ultimate Doom,
> -Doom II, Final Doom, Heretic, Hexen, or Strife IWAD. Place the
> -doom.wad, doom2.wad, plutonia.wad, tnt.wad, heretic.wad, hexen.wad,
> -strife1.wad + voices.wad or all of the above in
> -${PREFIX}/share/doom/ to play. The shareware will also work.
> -
> -If multiple IWADs are installed, you may specify the one you want to
> -play via the -iwad command-line parameter e.g.
> -
> - $ chocolate-doom -iwad doom.wad
> - $ chocolate-heretic -iwad heretic1.wad (heretic shareware)
> -
> -The Doom Shareware IWAD is available in the doomdata package.
> -
> -Run `chocolate-gamename-setup' to generate a configuration file to your
> -liking.
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/games/chocolate-doom/pkg/PLIST,v
> retrieving revision 1.9
> diff -u -p -r1.9 PLIST
> --- pkg/PLIST 27 Jun 2018 21:03:44 -0000 1.9
> +++ pkg/PLIST 2 Aug 2020 20:03:43 -0000
> @@ -76,6 +76,7 @@ share/doc/chocolate-strife/PHILOSOPHY.md
> share/doc/chocolate-strife/README.Music.md
> share/doc/chocolate-strife/README.Strife.md
> share/doc/chocolate-strife/README.md
> +share/doc/pkg-readmes/${PKGSTEM}
> share/doom/
> share/icons/
> share/icons/chocolate-doom.png
> Index: pkg/README
> ===================================================================
> RCS file: pkg/README
> diff -N pkg/README
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ pkg/README 2 Aug 2020 20:03:43 -0000
> @@ -0,0 +1,67 @@
> +$OpenBSD$
> +
> ++------------------------------------------------------------------------------
> +| Running ${PKGSTEM} on OpenBSD
> ++------------------------------------------------------------------------------
> +
> +Game Data
> +=========
> +
> +To play the game you will need an original Doom, Ultimate Doom, Doom II,
> +Final Doom, Heretic, Hexen, or Strife IWAD. The games data files will
> +be named as follows:
> +
> + o DOOM1.WAD .................. Doom Shareware
> + o DOOM.WAD ................... Doom Registered or Ultimate Doom
> + o DOOM2.WAD .................. Doom II: Hell on Earth
> + o PLUTONIA.WAD ............... Final Doom: The Plutonia Experiment
> + o TNT.WAD .................... Final Doom: TNT Evilution
> + o HERETIC1.WAD ............... Heretic Shareware
> + o HERETIC.WAD ................ Heretic: Shadow of the Serpent Riders
> + o HEXEN.WAD .................. Hexen: Beyond Heretic
> + o STRIFE0.WAD ................ Strife Shareware
> + o STRIFE1.WAD + VOICES.WAD ... Strife: Quest for the Sigil
> +
> +Place one or more of the above-listed files in ${PREFIX}/share/doom/
> +to play.
> +
> +NOTE: Chocolate-doom is case-insensitive when loading files, just as the
> +original for DOS was. This means you do not have to reference the files
> +in CAPS to load via `-iwad' or `-file' parameters.
> +
> +
> +Launching a Game
> +================
> +
> +Depending on which game you want to play, launch with the executable
> +matching the game data installed. There are four options:
> +
> + o chocolate-doom
> + o chocolate-heretic
> + o chocolate-hexen
> + o chocolate-strife
> +
> +Run `chocolate-<game>-setup' to generate a configuration file to your
> +liking.
> +
> +If multiple IWADs are installed, you may specify the one you want to
> +play via the `-iwad' command-line parameter:
> +
> + $ chocolate-doom -iwad doom.wad
> + $ chocolate-heretic -iwad heretic1.wad
> +
> +Multiplayer Games
> +=================
> +
> +See the chocolate-<game>(6) manpages for additional information. If a
> +dedicated server is desired, see the chocolate-server(6) manpage.
> +
> +Shareware Data
> +==============
> +
> +The Doom Shareware IWAD is available in the `doomdata' package. Other
> +shareware is available from the Doomworld idgames archive website:
> +
> + Heretic: https://www.doomworld.com/idgames/idstuff/heretic/htic_v12
> + Hexen: https://www.doomworld.com/idgames/idstuff/hexen/hexndemo
> + Strife: https://www.doomworld.com/idgames/roguestuff/strife11
>
