[pkgsrc/trunk]: pkgsrc/games/nethack-lib games/nethack: security update to 3....

[rhialto <rhialto%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/bf1957268e62
branches:  trunk
changeset: 345828:bf1957268e62
user:      rhialto <rhialto%pkgsrc.org@localhost>
date:      Thu Dec 19 14:41:59 2019 +0000

description:
games/nethack: security update to 3.6.4.

https://www.nethack.org/security/index.html:

NetHack: Privilege escalation/remote code execution/crash in
configuration parsing

Severity: High
Affected versions: 3.6.0, 3.6.1, 3.6.2, 3.6.3
First Patched Version: 3.6.4

Basic Information:
A buffer overflow issue exists when reading very long lines from a
NetHack configuration file (usually named .nethackrc).

This vulnerability affects systems that have NetHack installed suid/sgid
and shared systems that allow users to upload their own configuration
files.

All users are urged to upgrade to NetHack 3.6.4 as soon as possible.

Additional information related to this advisory, if any, will be made
available at https://nethack.org/security.

diffstat:

 games/nethack-lib/Makefile.common |   4 ++--
 games/nethack-lib/distinfo        |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (36 lines):

diff -r 5f4bd1e56c68 -r bf1957268e62 games/nethack-lib/Makefile.common
--- a/games/nethack-lib/Makefile.common Thu Dec 19 13:40:53 2019 +0000
+++ b/games/nethack-lib/Makefile.common Thu Dec 19 14:41:59 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.39 2019/12/07 13:27:08 rhialto Exp $
+# $NetBSD: Makefile.common,v 1.40 2019/12/19 14:41:59 rhialto Exp $
 #
 # used by games/nethack/Makefile
 # used by games/nethack-lib/Makefile
@@ -11,7 +11,7 @@
 #      The desired owner and the file mode of game executables.
 #
 
-NETHACK_BASEVER=       3.6.3
+NETHACK_BASEVER=       3.6.4
 NETHACK_VERSION=       ${NETHACK_BASEVER}
 NETHACK_DISTVER=       ${NETHACK_BASEVER:S/.//g}
 NETHACK_DIR=           nethackdir${NETHACK_SAVEVER:S/.//g}
diff -r 5f4bd1e56c68 -r bf1957268e62 games/nethack-lib/distinfo
--- a/games/nethack-lib/distinfo        Thu Dec 19 13:40:53 2019 +0000
+++ b/games/nethack-lib/distinfo        Thu Dec 19 14:41:59 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.23 2019/12/07 13:27:08 rhialto Exp $
+$NetBSD: distinfo,v 1.24 2019/12/19 14:41:59 rhialto Exp $
 
-SHA1 (nethack-363-src.tgz) = 75af7872011852577f95597b4797a127db58604c
-RMD160 (nethack-363-src.tgz) = d860a8974a86d36a05e5472a4d1be6d3487919bc
-SHA512 (nethack-363-src.tgz) = 38bc6140b12188397539f28528dd8e34364fb7efeb42dbe36d86fea6cc473e292b7f47fba01db19cf7641414dee86092e33deb3b074afa0e8b811e71be71e1d1
-Size (nethack-363-src.tgz) = 5568657 bytes
+SHA1 (nethack-364-src.tgz) = e8166806a65893d7b843718c37b8aa9e87cfcef1
+RMD160 (nethack-364-src.tgz) = 0af138fd481e6359f265d85423a36a160692dc92
+SHA512 (nethack-364-src.tgz) = c951f939d50027b4468ebd2e32f79771e696035df0918b814bf02899f5c1e89d462ebc3f63155c23f5c627e66ca74244512d666b102c380242df1500a2c0afa9
+Size (nethack-364-src.tgz) = 5573777 bytes
 SHA1 (patch-ai) = 73c5b2ea1227531089474705f2f18bc411366365
 SHA1 (patch-include_config.h) = d3e054a8b30d628513dcb445b10ce586685c7ea6
 SHA1 (patch-include_system.h) = b1b53f513c3f6983e0e56eace74c71875b5df3f2