Created attachment 395074 [details, diff] Patch for games-roguelike/nethack fixing CVE-2006-1390 As announced on gentoo-dev, the QA team is planning to last-rite games-roguelike/nethack due to CVE-2006-1390. The games team doesn't seem to be interested in preventing this, so I'd like to overtake (proxy-)maintenance of that ebuild. The attached ebuild patch fixes the security issue by not using games.eclass and installing nethack with a custom group and SGID set; just as it is done on other distros and was intended by the nethack devteam. So, please update the ebuild, adjust metadata.xml and remove the p.mask. I'm aware that there are other outstanding bugs; in particular, I'm planning to handle #97557 .
Ping.
The update is pushed (revbumped, also moved to EAPI=5) and maintenance is moved to you. I did not change the p.mask yet as I'll ask bug #125902 to confirm that it has been resolved.
Can the same fix be applied to games-roguelike/slashem?
(In reply to Andrius Štikonas from comment #3) > Can the same fix be applied to games-roguelike/slashem? It could. But I don't play SLASH'EM, so I only provided a patch for Nethack. However, I probably could maintain that one, too; I'll have a look at it in the next days.