[SCM] Packaging for Gargoyle - graphical player for Interactive Fiction games branch, master, updated. upstream/2009-08-25-22-gcc62bb4

Thu May 27 19:40:00 UTC 2010

The following commit has been merged in the master branch:
commit cc62bb4f63f621bb30b96c3b31ee3d48e38dad6e
Author: Sylvain Beucler <beuc at beuc.net>
Date:   Thu May 27 21:17:56 2010 +0200

    Several small fixes
    
      * Fix security issue in the shell wrapper, where LD_LIBRARY_PATH may be
        modified to include an empty directory (which means "current
        directory")
      * Fix missing 'not' in the package description: "it does not provide a
        way to display the cover art"
      * Fix download URL in debian/copyright
      * Fix a couple typos
      * Fix FTBFS with binutils-gold: specify -lm explicitly in the build
        system (patch sent upstream) (Closes: #554390)
      * Provide: zcode-interpreter, tads2-interpreter, tads3-interpreter as
        other packaged interpreters do (Closes: #579618)
      * Remove comments from the watch file because taste differs among DDs
      * Bump Standards-Version

diff --git a/debian/changelog b/debian/changelog
index ebe2e23..21ae111 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,20 @@
-gargoyle-free (2009-08-25-2) UNRELEASED; urgency=low
+gargoyle-free (2009-08-25-2) unstable; urgency=high
 
+  * Fix security issue in the shell wrapper, where LD_LIBRARY_PATH may be
+    modified to include an empty directory (which means "current
+    directory")
   * Fix missing 'not' in the package description: "it does not provide a
-  way to display the cover art"
+    way to display the cover art"
+  * Fix download URL in debian/copyright
+  * Fix a couple typos
+  * Fix FTBFS with binutils-gold: specify -lm explicitly in the build
+    system (patch sent upstream) (Closes: #554390)
+  * Provide: zcode-interpreter, tads2-interpreter, tads3-interpreter as
+    other packaged interpreters do (Closes: #579618)
+  * Remove comments from the watch file because taste differs among DDs
+  * Bump Standards-Version
 
- -- Sylvain Beucler <beuc at beuc.net>  Wed, 07 Oct 2009 21:53:38 +0200
+ -- Sylvain Beucler <beuc at beuc.net>  Thu, 27 May 2010 21:31:47 +0200
 
 gargoyle-free (2009-08-25-1) unstable; urgency=low
 
diff --git a/debian/control b/debian/control
index a61e505..73156bf 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: extra
 Maintainer: Debian Games Team <pkg-games-devel at lists.alioth.debian.org>
 Uploaders: Sylvain Beucler <beuc at beuc.net>
 Build-Depends: quilt, debhelper (>= 7), jam, libgtk2.0-dev, libpng12-dev, libjpeg62-dev, libsdl1.2-dev, libsdl-sound1.2-dev, libsdl-mixer1.2-dev, libfreetype6-dev, libfontconfig1-dev
-Standards-Version: 3.8.3
+Standards-Version: 3.8.4
 Homepage: http://ccxvii.net/gargoyle/
 Vcs-Git: git://git.debian.org/git/pkg-games/gargoyle-free.git
 Vcs-Browser: http://git.debian.org/?p=pkg-games/gargoyle-free.git
@@ -12,6 +12,7 @@ Vcs-Browser: http://git.debian.org/?p=pkg-games/gargoyle-free.git
 Package: gargoyle-free
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, ttf-dejavu-core, ttf-dejavu-extra
+Provides: zcode-interpreter, tads2-interpreter, tads3-interpreter
 Description: graphical player for Interactive Fiction games
  Gargoyle is an Interactive Fiction (text adventure) player that
  supports all the major interactive fiction formats.
diff --git a/debian/copyright b/debian/copyright
index 7c0ccc8..2060035 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -4,10 +4,10 @@ This package was debianized by:
 
 It was downloaded from:
 
-    http://ccxvii.net/gargoyle/
+    http://code.google.com/p/garglk/
 
-To comply with the DSFG, the following directories and files were
-removed to create the -dsfg tarball:
+To comply with the DFSG, the following directories and files were
+removed to create the -free tarball:
 
   - terps/alan2/: non-free license (need to register and cannot modify
     without author's permission), check
@@ -34,7 +34,7 @@ removed to create the -dsfg tarball:
 
   - support/: for the sake of convenience (e.g. no need to declare it
     in this file), these external libraries are excluded from the
-    tarball, since they are only used for some developper builds, and
+    tarball, since they are only used for some developer builds, and
     are otherwise available in Debian already
 
   - terps/nitfol/z_io.c.orig: this source file is removed by 'jam
diff --git a/debian/patches/fhs_locate_private_library.patch b/debian/patches/fhs_locate_private_library.patch
index 79a9770..4af22de 100644
--- a/debian/patches/fhs_locate_private_library.patch
+++ b/debian/patches/fhs_locate_private_library.patch
@@ -2,8 +2,9 @@ Description: install sub-binaries and libraries in /usr/lib/gargoyle/
   It would be better to link the binaries with
   rpath=/usr/lib/gargoyle, since the binaries may be used
   independently; however this may conflict with existing packages,
-  such as frotz, so I'm not sure
-Forwarded: not yet
+  such as 'frotz', which would need to be divert'd.
+  Upstream plans to write a new launcher either in C or zenity.
+Forwarded: http://groups.google.com/group/garglk-dev/browse_thread/thread/5a1aff855da9d9d8
 Author: Sylvain Beucler <beuc at beuc.net>
 
 Index: gargoyle-free/garglk/launcher.sh
@@ -16,7 +17,7 @@ Index: gargoyle-free/garglk/launcher.sh
  then
 -    abspath=`readlink -f $0`	# get the full path of this script
 -    dirpath=`dirname $abspath`	# get directory part
-+    # Modified in Debian to use /usr/lib/gargorle instead of the
++    # Modified in Debian to use /usr/lib/gargoyle instead of the
 +    # current directory:
 +    dirpath=/usr/lib/gargoyle	# get directory part
      export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$dirpath
diff --git a/debian/patches/ftbfs_binutils-gold.patch b/debian/patches/ftbfs_binutils-gold.patch
new file mode 100644
index 0000000..fe7edbb
--- /dev/null
+++ b/debian/patches/ftbfs_binutils-gold.patch
@@ -0,0 +1,20 @@
+Description: fix compilation with binutils-gold
+ Cf. #554390
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554390
+Forwarded: http://groups.google.com/group/garglk-dev/browse_thread/thread/693c4f32a655da56
+Author: Sylvain Beucler <beuc at beuc.net>
+Last-Update: 2010-10-27
+
+Index: gargoyle-free/Jamrules
+===================================================================
+--- gargoyle-free.orig/Jamrules	2010-05-27 20:25:25.000000000 +0200
++++ gargoyle-free/Jamrules	2010-05-27 20:25:34.000000000 +0200
+@@ -49,7 +49,7 @@
+         SHELLHEADER = "#!/bin/bash" ;		
+         GARGLKCCFLAGS = "`$(PKGCONFIG) --cflags`" -fPIC ;
+         SHRLINKLIBS = "`$(PKGCONFIG) --libs`" -ljpeg -lpng -lz ;
+-        LINKLIBS = -lz ;
++        LINKLIBS = -lz -lm ;
+ 
+ 	if $(USESDL)
+ 	{
diff --git a/debian/patches/security_ld_preload.patch b/debian/patches/security_ld_preload.patch
new file mode 100644
index 0000000..4aae26b
--- /dev/null
+++ b/debian/patches/security_ld_preload.patch
@@ -0,0 +1,25 @@
+Description: don't look for libgarglk.so in the current directory
+Forwarded: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6
+Author: Sylvain Beucler <beuc at beuc.net>
+
+Index: gargoyle-free/garglk/launcher.sh
+===================================================================
+--- gargoyle-free.orig/garglk/launcher.sh	2010-05-27 20:54:36.000000000 +0200
++++ gargoyle-free/garglk/launcher.sh	2010-05-27 20:58:15.000000000 +0200
+@@ -10,7 +10,15 @@
+     # Modified in Debian to use /usr/lib/gargoyle instead of the
+     # current directory:
+     dirpath=/usr/lib/gargoyle	# get directory part
+-    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$dirpath
++    if [ -z "$LD_LIBRARY_PATH" ]; then
++	# Don't add an empty path (== current directory) to
++	# LD_LIBRARY_PATH, this would allow a user to trick another
++	# user into running gargoyle in a directory with a cracked
++	# libgarglk.so, and gain access to his/her account.
++	export LD_LIBRARY_PATH=$dirpath
++    else
++	export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$dirpath
++    fi
+ else
+     dirpath=`dirname $0`
+ fi
diff --git a/debian/patches/series b/debian/patches/series
index b66ce69..9eb794e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,5 @@ dfsg_disable_alan.patch
 dfsg_disable_hugo.patch
 dfsg_replace_luximono_font.patch
 fhs_locate_private_library.patch
+ftbfs_binutils-gold.patch
+security_ld_preload.patch
diff --git a/debian/watch b/debian/watch
index 781a95d..fecceb1 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,23 +1,4 @@
-# You can run the "uscan" command
-# to check for upstream updates and more.
-# See uscan(1) for format
-
-# Compulsory line, this is a version 3 file
 version=3
 
-# Uncomment to examine a Webpage
-# <Webpage URL> <string match>
 http://code.google.com/p/garglk/downloads/list \
   http://garglk.googlecode.com/files/gargoyle-(.*)-sources\.zip
-
-# Uncomment to examine a Webserver directory
-#http://www.example.com/pub/gargoyle-(.*)\.tar\.gz
-
-# Uncommment to examine a FTP server
-#ftp://ftp.example.com/pub/gargoyle-(.*)\.tar\.gz debian uupdate
-
-# Uncomment to find new files on sourceforge, for devscripts >= 2.9
-# http://sf.net/gargoyle/gargoyle-(.*)\.tar\.gz
-
-# Uncomment to find new files on GooglePages
-# http://example.googlepages.com/foo.html gargoyle-(.*)\.tar\.gz

-- 
Packaging for Gargoyle - graphical player for Interactive Fiction games

