Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 538092 - Proxy-maintenance of games-roguelike/nethack
Summary: Proxy-maintenance of games-roguelike/nethack
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Games (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 125902
  Show dependency tree
 
Reported: 2015-01-28 19:45 UTC by Mira Ressel
Modified: 2015-02-19 15:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Patch for games-roguelike/nethack fixing CVE-2006-1390 (file_538092.txt,3.72 KB, patch)
2015-01-28 19:45 UTC, Mira Ressel 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mira Ressel 2015-01-28 19:45:58 UTC 
Created attachment 395074 [details, diff]
Patch for games-roguelike/nethack fixing CVE-2006-1390

As announced on gentoo-dev, the QA team is planning to last-rite games-roguelike/nethack due to CVE-2006-1390. The games team doesn't seem to be interested in preventing this, so I'd like to overtake (proxy-)maintenance of that ebuild.

The attached ebuild patch fixes the security issue by not using games.eclass and installing nethack with a custom group and SGID set; just as it is done on other distros and was intended by the nethack devteam.

So, please update the ebuild, adjust metadata.xml and remove the p.mask.

I'm aware that there are other outstanding bugs; in particular, I'm planning to handle #97557 .
Comment 1 Mira Ressel 2015-02-17 13:32:50 UTC 
Ping.
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2015-02-19 14:18:42 UTC 
The update is pushed (revbumped, also moved to EAPI=5) and maintenance is moved to you.

I did not change the p.mask yet as I'll ask bug #125902 to confirm that it has been resolved.
Comment 3 Andrius Štikonas 2015-02-19 14:46:19 UTC 
Can the same fix be applied to games-roguelike/slashem?
Comment 4 Mira Ressel 2015-02-19 15:23:23 UTC 
(In reply to Andrius Štikonas from comment #3)
> Can the same fix be applied to games-roguelike/slashem?

It could. But I don't play SLASH'EM, so I only provided a patch for Nethack. However, I probably could maintain that one, too; I'll have a look at it in the next days.