diff options
Diffstat (limited to 'gnu/packages/patches')
| -rw-r--r-- | gnu/packages/patches/meandmyshadow-define-paths-earlier.patch | 50 | ||||
| -rw-r--r-- | gnu/packages/patches/myrepos-CVE-2018-7032.patch | 69 |
2 files changed, 50 insertions, 69 deletions
diff --git a/gnu/packages/patches/meandmyshadow-define-paths-earlier.patch b/gnu/packages/patches/meandmyshadow-define-paths-earlier.patch new file mode 100644 index 0000000000..505cbd23fe --- /dev/null +++ b/gnu/packages/patches/meandmyshadow-define-paths-earlier.patch @@ -0,0 +1,50 @@ +From: Tobias Geerinckx-Rice <me@tobias.gr> +Date: Wed, 31 Oct 2018 02:24:26 +0100 +Subject: [PATCH] gnu: meandmyshadow: Define paths earlier. + +The following patch was taken verbatim from the upstream repository[0] +and will be included in the next release. + +[0]: https://github.com/acmepjz/meandmyshadow/pull/29 +--- +From 4847e6b5755258a1e0534f2d4b91dce2ce3b459e Mon Sep 17 00:00:00 2001 +From: Dmitry Marakasov <amdmi3@amdmi3.ru> +Date: Wed, 24 Oct 2018 23:31:19 +0300 +Subject: [PATCH] Define paths earlier in CMakeLists.txt + +At the very least, paths should be defined before Configure_File(), otherwise empty DATAROOTDIR is substituted in config.h +--- + CMakeLists.txt | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index e79639a..6321d9d 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -2,6 +2,13 @@ Project (meandmyshadow) + CMake_Minimum_Required (VERSION 3.1)
+ Set (CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/")
+
++#Path options
++Set (BINDIR "bin" CACHE STRING "Where to install binaries")
++Set (DATAROOTDIR "${CMAKE_INSTALL_PREFIX}/share" CACHE STRING "Sets the root of data directories to a non-default location")
++Set (ICONDIR "${DATAROOTDIR}/icons" CACHE STRING "Sets the icon directory for desktop entry to a non-default location.")
++Set (DESKTOPDIR "${DATAROOTDIR}/applications" CACHE STRING "Sets the desktop file directory for desktop entry to a non-default location.")
++
++#Options
+ Option (DEBUG_MODE "Compile the game with debug mode enabled" OFF)
+ Option (DISABLED_DEBUG_STUFF "Enable this you'll see a lot of annoying script debug messages which will lag the game." OFF)
+
+@@ -164,12 +171,6 @@ Target_Link_Libraries ( + ${LUA_LIBRARIES}
+ )
+
+-#Path options
+-Set (BINDIR "bin" CACHE STRING "Where to install binaries")
+-Set (DATAROOTDIR "${CMAKE_INSTALL_PREFIX}/share" CACHE STRING "Sets the root of data directories to a non-default location")
+-Set (ICONDIR "${DATAROOTDIR}/icons" CACHE STRING "Sets the icon directory for desktop entry to a non-default location.")
+-Set (DESKTOPDIR "${DATAROOTDIR}/applications" CACHE STRING "Sets the desktop file directory for desktop entry to a non-default location.")
+-
+ #Install locations
+ Install (DIRECTORY ${PROJECT_SOURCE_DIR}/data DESTINATION ${DATAROOTDIR}/meandmyshadow/)
+ Install (FILES AUTHORS DESTINATION ${DATAROOTDIR}/meandmyshadow/)
diff --git a/gnu/packages/patches/myrepos-CVE-2018-7032.patch b/gnu/packages/patches/myrepos-CVE-2018-7032.patch deleted file mode 100644 index ce9493e5f9..0000000000 --- a/gnu/packages/patches/myrepos-CVE-2018-7032.patch +++ /dev/null @@ -1,69 +0,0 @@ -http://source.myrepos.branchable.com/?p=source.git;a=patch;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8 -This can be removed with the next release. It was modified slightly to apply - -From 40a3df21c73f1bb1b6915cc6fa503f50814664c8 Mon Sep 17 00:00:00 2001 -From: Paul Wise <pabs3@bonedaddy.net> -Date: Sun, 11 Feb 2018 21:57:49 +0800 -Subject: [PATCH] Mitigate vulnerabilities caused by some git remotes being - able to execute code - -Set GIT_PROTOCOL_FROM_USER=0 with git versions newer than 2.12. - -Prevent remote websites from causing cloning of local repositories. - -Manually whitelist known-safe protocols (http, https, git, ssh) -when using git versions older than 2.12. - -Fixes: CVE-2018-7032 -Fixes: https://bugs.debian.org/840014 -Suggestions-by: Jakub Wilk <jwilk@jwilk.net> -Reported-by: Jakub Wilk <jwilk@jwilk.net> ---- - webcheckout | 22 +++++++++++++++++++++- - 1 file changed, 21 insertions(+), 1 deletion(-) - -diff --git a/webcheckout b/webcheckout -index e98da5c..de497ba 100755 ---- a/webcheckout -+++ b/webcheckout -@@ -71,6 +71,16 @@ use Getopt::Long; - use warnings; - use strict; - -+# Mitigate some git remote types being dangerous -+my $git_unsafe = 1; -+my $git_version = `git --version`; -+$git_version =~ s{^git version }{}; -+my ($major, $minor) = split(/\./, $git_version); -+if (int($major) >= 2 && int($minor) >= 12) { -+ $ENV{GIT_PROTOCOL_FROM_USER} = 0; -+ $git_unsafe = 0; -+} -+ - # What to download. - my $url; - -@@ -89,7 +99,17 @@ my $destdir; - - # how to perform checkouts - my %handlers=( -- git => sub { doit("git", "clone", shift, $destdir) }, -- svn => sub { doit("svn", "checkout", shift, $destdir) }, -- bzr => sub { doit("bzr", "branch", shift, $destdir) }, -+ git => sub { -+ my $git_url = shift; -+ # Reject unsafe URLs with older versions of git -+ # that do not already check the URL safety. -+ if ($git_unsafe && $git_url !~ m{^(?:(?:https?|git|ssh):[^:]|(?:[-_.A-Za-z0-9]+@)?[-_.A-Za-z0-9]+:(?!:|//))}) { -+ print STDERR "potentially unsafe git URL, may fail, touch local files or execute arbitrary code\n"; -+ return 1; -+ } -+ # Reject cloning local directories too, webcheckout is for remote repos -+ doit(qw(git -c protocol.file.allow=user clone --), $git_url, $destdir) -+ }, -+ svn => sub { doit(qw(svn checkout --), shift, $destdir) }, -+ bzr => sub { doit(qw(bzr branch --), shift, $destdir) }, - ); --- -2.11.0 - |