Brian Callahan writes:
> Hi ports and Ryan --
>
> I noticed via Repology that our version of chocolate-doom is
> vulnerable to CVE-2020-14983 [0].
>
> The simple solution is to update to version 3.0.1, which contains the
> fix [1].
>
> Doom works here for me.
In my testing singleplayer and multiplayer continue to work.
I tested singleplayer by completing the first maps in Doom and Doom 2.
I tested multiplayer by creating a server and having two players join.
$ chocolate-server -privateserver
$ chocolate-doom -iwad doom2.wad -connect 127.0.0.1 -deathmatch -nomonsters
$ chocolate-doom -iwad doom2.wad -connect 127.0.0.1
>
> OK?
>
> ~Brian
>
> [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
> [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
> retrieving revision 1.27
> diff -u -p -r1.27 Makefile
> --- Makefile 12 Jul 2019 20:46:15 -0000 1.27
> +++ Makefile 1 Aug 2020 03:43:21 -0000
> @@ -1,10 +1,9 @@
> # $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
>
> COMMENT = portable release of Doom, Heretic, Hexen, and Strife
> -V = 3.0.0
> +V = 3.0.1
> DISTNAME = chocolate-doom-${V}
> CATEGORIES = games x11
> -REVISION = 0
>
> HOMEPAGE = https://www.chocolate-doom.org/
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
> retrieving revision 1.9
> diff -u -p -r1.9 distinfo
> --- distinfo 18 Jan 2018 09:30:58 -0000 1.9
> +++ distinfo 1 Aug 2020 03:43:21 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (chocolate-doom-3.0.0.tar.gz) = c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
> -SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
> +SHA256 (chocolate-doom-3.0.1.tar.gz) = 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
> +SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
No comments:
Post a Comment