Saturday, August 01, 2020

Re: UPDATE: games/chocolate-doom 3.0.0 => 3.0.1 (fix CVE-2020-14983)

On Sat, Aug 01, 2020 at 10:32:53AM -0700, Ryan Freeman wrote:
> On Sat, Aug 01, 2020 at 03:47:19AM +0000, Brian Callahan wrote:
> > Hi ports and Ryan --
> >
> > I noticed via Repology that our version of chocolate-doom is
> > vulnerable to CVE-2020-14983 [0].
> >
> > The simple solution is to update to version 3.0.1, which contains the
> > fix [1].
> >
> > Doom works here for me.
>
> Thanks for this, I will look at this in a bit, perfect opportunity
> for me to get my changes[1] for DESCR and README in :P
>
> So please hold tight on this before committing

Well, it is taking me longer to update my laptop than anticipated,
and now I need to step away. Apologies, I am good with just getting
the CVE taken care of. Thanks!

>
> [1] https://marc.info/?l=openbsd-ports&m=156418849704190&w=2
>
> >
> > OK?
> >
> > ~Brian
> >
> > [0] https://nvd.nist.gov/vuln/detail/CVE-2020-14983
> > [1] https://github.com/chocolate-doom/chocolate-doom/issues/1293
>
> > Index: Makefile
> > ===================================================================
> > RCS file: /cvs/ports/games/chocolate-doom/Makefile,v
> > retrieving revision 1.27
> > diff -u -p -r1.27 Makefile
> > --- Makefile 12 Jul 2019 20:46:15 -0000 1.27
> > +++ Makefile 1 Aug 2020 03:43:21 -0000
> > @@ -1,10 +1,9 @@
> > # $OpenBSD: Makefile,v 1.27 2019/07/12 20:46:15 sthen Exp $
> >
> > COMMENT = portable release of Doom, Heretic, Hexen, and Strife
> > -V = 3.0.0
> > +V = 3.0.1
> > DISTNAME = chocolate-doom-${V}
> > CATEGORIES = games x11
> > -REVISION = 0
> >
> > HOMEPAGE = https://www.chocolate-doom.org/
> >
> > Index: distinfo
> > ===================================================================
> > RCS file: /cvs/ports/games/chocolate-doom/distinfo,v
> > retrieving revision 1.9
> > diff -u -p -r1.9 distinfo
> > --- distinfo 18 Jan 2018 09:30:58 -0000 1.9
> > +++ distinfo 1 Aug 2020 03:43:21 -0000
> > @@ -1,2 +1,2 @@
> > -SHA256 (chocolate-doom-3.0.0.tar.gz) = c66mI5MMfRinp3juo5Hh3fvpCtGsQKkbOAr8pLDh2rg=
> > -SIZE (chocolate-doom-3.0.0.tar.gz) = 2495591
> > +SHA256 (chocolate-doom-3.0.1.tar.gz) = 1DXWF3QjSR1gvnBtqfB9OrT6vz4HfsKj/CFuOU/PyMc=
> > +SIZE (chocolate-doom-3.0.1.tar.gz) = 2514985
>

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)