[SCM] Packaging for Gargoyle - graphical player for Interactive Fiction games branch, master, updated. upstream/2009-08-25-22-gcc62bb4
Sylvain Beucler
beuc at beuc.net
Thu May 27 19:40:00 UTC 2010
The following commit has been merged in the master branch:
commit cc62bb4f63f621bb30b96c3b31ee3d48e38dad6e
Author: Sylvain Beucler <beuc at beuc.net>
Date: Thu May 27 21:17:56 2010 +0200
Several small fixes
* Fix security issue in the shell wrapper, where LD_LIBRARY_PATH may be
modified to include an empty directory (which means "current
directory")
* Fix missing 'not' in the package description: "it does not provide a
way to display the cover art"
* Fix download URL in debian/copyright
* Fix a couple typos
* Fix FTBFS with binutils-gold: specify -lm explicitly in the build
system (patch sent upstream) (Closes: #554390)
* Provide: zcode-interpreter, tads2-interpreter, tads3-interpreter as
other packaged interpreters do (Closes: #579618)
* Remove comments from the watch file because taste differs among DDs
* Bump Standards-Version
diff --git a/debian/changelog b/debian/changelog
index ebe2e23..21ae111 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,20 @@
-gargoyle-free (2009-08-25-2) UNRELEASED; urgency=low
+gargoyle-free (2009-08-25-2) unstable; urgency=high
+ * Fix security issue in the shell wrapper, where LD_LIBRARY_PATH may be
+ modified to include an empty directory (which means "current
+ directory")
* Fix missing 'not' in the package description: "it does not provide a
- way to display the cover art"
+ way to display the cover art"
+ * Fix download URL in debian/copyright
+ * Fix a couple typos
+ * Fix FTBFS with binutils-gold: specify -lm explicitly in the build
+ system (patch sent upstream) (Closes: #554390)
+ * Provide: zcode-interpreter, tads2-interpreter, tads3-interpreter as
+ other packaged interpreters do (Closes: #579618)
+ * Remove comments from the watch file because taste differs among DDs
+ * Bump Standards-Version
- -- Sylvain Beucler <beuc at beuc.net> Wed, 07 Oct 2009 21:53:38 +0200
+ -- Sylvain Beucler <beuc at beuc.net> Thu, 27 May 2010 21:31:47 +0200
gargoyle-free (2009-08-25-1) unstable; urgency=low
diff --git a/debian/control b/debian/control
index a61e505..73156bf 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: extra
Maintainer: Debian Games Team <pkg-games-devel at lists.alioth.debian.org>
Uploaders: Sylvain Beucler <beuc at beuc.net>
Build-Depends: quilt, debhelper (>= 7), jam, libgtk2.0-dev, libpng12-dev, libjpeg62-dev, libsdl1.2-dev, libsdl-sound1.2-dev, libsdl-mixer1.2-dev, libfreetype6-dev, libfontconfig1-dev
-Standards-Version: 3.8.3
+Standards-Version: 3.8.4
Homepage: http://ccxvii.net/gargoyle/
Vcs-Git: git://git.debian.org/git/pkg-games/gargoyle-free.git
Vcs-Browser: http://git.debian.org/?p=pkg-games/gargoyle-free.git
@@ -12,6 +12,7 @@ Vcs-Browser: http://git.debian.org/?p=pkg-games/gargoyle-free.git
Package: gargoyle-free
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, ttf-dejavu-core, ttf-dejavu-extra
+Provides: zcode-interpreter, tads2-interpreter, tads3-interpreter
Description: graphical player for Interactive Fiction games
Gargoyle is an Interactive Fiction (text adventure) player that
supports all the major interactive fiction formats.
diff --git a/debian/copyright b/debian/copyright
index 7c0ccc8..2060035 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -4,10 +4,10 @@ This package was debianized by:
It was downloaded from:
- http://ccxvii.net/gargoyle/
+ http://code.google.com/p/garglk/
-To comply with the DSFG, the following directories and files were
-removed to create the -dsfg tarball:
+To comply with the DFSG, the following directories and files were
+removed to create the -free tarball:
- terps/alan2/: non-free license (need to register and cannot modify
without author's permission), check
@@ -34,7 +34,7 @@ removed to create the -dsfg tarball:
- support/: for the sake of convenience (e.g. no need to declare it
in this file), these external libraries are excluded from the
- tarball, since they are only used for some developper builds, and
+ tarball, since they are only used for some developer builds, and
are otherwise available in Debian already
- terps/nitfol/z_io.c.orig: this source file is removed by 'jam
diff --git a/debian/patches/fhs_locate_private_library.patch b/debian/patches/fhs_locate_private_library.patch
index 79a9770..4af22de 100644
--- a/debian/patches/fhs_locate_private_library.patch
+++ b/debian/patches/fhs_locate_private_library.patch
@@ -2,8 +2,9 @@ Description: install sub-binaries and libraries in /usr/lib/gargoyle/
It would be better to link the binaries with
rpath=/usr/lib/gargoyle, since the binaries may be used
independently; however this may conflict with existing packages,
- such as frotz, so I'm not sure
-Forwarded: not yet
+ such as 'frotz', which would need to be divert'd.
+ Upstream plans to write a new launcher either in C or zenity.
+Forwarded: http://groups.google.com/group/garglk-dev/browse_thread/thread/5a1aff855da9d9d8
Author: Sylvain Beucler <beuc at beuc.net>
Index: gargoyle-free/garglk/launcher.sh
@@ -16,7 +17,7 @@ Index: gargoyle-free/garglk/launcher.sh
then
- abspath=`readlink -f $0` # get the full path of this script
- dirpath=`dirname $abspath` # get directory part
-+ # Modified in Debian to use /usr/lib/gargorle instead of the
++ # Modified in Debian to use /usr/lib/gargoyle instead of the
+ # current directory:
+ dirpath=/usr/lib/gargoyle # get directory part
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$dirpath
diff --git a/debian/patches/ftbfs_binutils-gold.patch b/debian/patches/ftbfs_binutils-gold.patch
new file mode 100644
index 0000000..fe7edbb
--- /dev/null
+++ b/debian/patches/ftbfs_binutils-gold.patch
@@ -0,0 +1,20 @@
+Description: fix compilation with binutils-gold
+ Cf. #554390
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554390
+Forwarded: http://groups.google.com/group/garglk-dev/browse_thread/thread/693c4f32a655da56
+Author: Sylvain Beucler <beuc at beuc.net>
+Last-Update: 2010-10-27
+
+Index: gargoyle-free/Jamrules
+===================================================================
+--- gargoyle-free.orig/Jamrules 2010-05-27 20:25:25.000000000 +0200
++++ gargoyle-free/Jamrules 2010-05-27 20:25:34.000000000 +0200
+@@ -49,7 +49,7 @@
+ SHELLHEADER = "#!/bin/bash" ;
+ GARGLKCCFLAGS = "`$(PKGCONFIG) --cflags`" -fPIC ;
+ SHRLINKLIBS = "`$(PKGCONFIG) --libs`" -ljpeg -lpng -lz ;
+- LINKLIBS = -lz ;
++ LINKLIBS = -lz -lm ;
+
+ if $(USESDL)
+ {
diff --git a/debian/patches/security_ld_preload.patch b/debian/patches/security_ld_preload.patch
new file mode 100644
index 0000000..4aae26b
--- /dev/null
+++ b/debian/patches/security_ld_preload.patch
@@ -0,0 +1,25 @@
+Description: don't look for libgarglk.so in the current directory
+Forwarded: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6
+Author: Sylvain Beucler <beuc at beuc.net>
+
+Index: gargoyle-free/garglk/launcher.sh
+===================================================================
+--- gargoyle-free.orig/garglk/launcher.sh 2010-05-27 20:54:36.000000000 +0200
++++ gargoyle-free/garglk/launcher.sh 2010-05-27 20:58:15.000000000 +0200
+@@ -10,7 +10,15 @@
+ # Modified in Debian to use /usr/lib/gargoyle instead of the
+ # current directory:
+ dirpath=/usr/lib/gargoyle # get directory part
+- export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$dirpath
++ if [ -z "$LD_LIBRARY_PATH" ]; then
++ # Don't add an empty path (== current directory) to
++ # LD_LIBRARY_PATH, this would allow a user to trick another
++ # user into running gargoyle in a directory with a cracked
++ # libgarglk.so, and gain access to his/her account.
++ export LD_LIBRARY_PATH=$dirpath
++ else
++ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$dirpath
++ fi
+ else
+ dirpath=`dirname $0`
+ fi
diff --git a/debian/patches/series b/debian/patches/series
index b66ce69..9eb794e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,5 @@ dfsg_disable_alan.patch
dfsg_disable_hugo.patch
dfsg_replace_luximono_font.patch
fhs_locate_private_library.patch
+ftbfs_binutils-gold.patch
+security_ld_preload.patch
diff --git a/debian/watch b/debian/watch
index 781a95d..fecceb1 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,23 +1,4 @@
-# You can run the "uscan" command
-# to check for upstream updates and more.
-# See uscan(1) for format
-
-# Compulsory line, this is a version 3 file
version=3
-# Uncomment to examine a Webpage
-# <Webpage URL> <string match>
http://code.google.com/p/garglk/downloads/list \
http://garglk.googlecode.com/files/gargoyle-(.*)-sources\.zip
-
-# Uncomment to examine a Webserver directory
-#http://www.example.com/pub/gargoyle-(.*)\.tar\.gz
-
-# Uncommment to examine a FTP server
-#ftp://ftp.example.com/pub/gargoyle-(.*)\.tar\.gz debian uupdate
-
-# Uncomment to find new files on sourceforge, for devscripts >= 2.9
-# http://sf.net/gargoyle/gargoyle-(.*)\.tar\.gz
-
-# Uncomment to find new files on GooglePages
-# http://example.googlepages.com/foo.html gargoyle-(.*)\.tar\.gz
--
Packaging for Gargoyle - graphical player for Interactive Fiction games
More information about the Pkg-games-commits
mailing list