Bug#687617: unblock: openarena/0.8.8-5+deb7u2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#687617: unblock: openarena/0.8.8-5+deb7u2
From: Simon McVittie <smcv@debian.org>
Date: Fri, 7 Dec 2012 10:11:40 +0000
Message-id: <[🔎] 20121207101140.GA7053@reptile.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 687617@bugs.debian.org
In-reply-to: <20120914100159.GA2573@reptile.pseudorandom.co.uk>

retitle 687617 unblock: openarena/0.8.8-5+deb7u2
thanks

On Sun, 02 Dec 2012 at 11:56:55 +0100, Julien Cristau wrote:
> In that case no objection.  Let us know when this has spent a while in
> sid.

I noticed a more significant bug (serious due to Policy §12.5, IMO) while
testing the new version, so I fixed that too, and am following up to this
unblock bug sooner than I'd intended.

Let me know if you want me to back out either of these changes to get the
other one in sooner; the new changes are pretty simple.

(There's no explicit diff to make openarena-dbg not depend on
openarena-server, because it previously picked it up via ${misc:Depends}.)

Source debdiff attached.

Regards,
    smcv

openarena (0.8.8-5+deb7u2) unstable; urgency=low

  * Request confirmation before enabling auto-downloading, which is
    a security risk (Closes: #686648)
  * Switch /usr/share/doc/openarena-dbg from a symlink to openarena-server
    to a real directory. Using the symlink requires it to depend on
    openarena-server, which is undesirable, because since 0.8.8-1 that
    package has contained an init script which is enabled by default.
  * As a result, openarena-dbg no longer depends on openarena-server
    (Closes: #695334)

 -- Simon McVittie <smcv@debian.org>  Fri, 07 Dec 2012 09:40:17 +0000

diffstat for openarena-0.8.8 openarena-0.8.8

 changelog                                                               |   13 +
 openarena-dbg.preinst                                                   |   12 
 patches/0003-Request-confirmation-if-a-user-enables-auto-download.patch |  126 ++++++++++
 patches/series                                                          |    1 
 rules                                                                   |    4 
 5 files changed, 152 insertions(+), 4 deletions(-)

diff -Nru openarena-0.8.8/debian/changelog openarena-0.8.8/debian/changelog
--- openarena-0.8.8/debian/changelog	2012-09-14 08:02:50.000000000 +0100
+++ openarena-0.8.8/debian/changelog	2012-12-07 09:40:25.000000000 +0000
@@ -1,3 +1,16 @@
+openarena (0.8.8-5+deb7u2) unstable; urgency=low
+
+  * Request confirmation before enabling auto-downloading, which is
+    a security risk (Closes: #686648)
+  * Switch /usr/share/doc/openarena-dbg from a symlink to openarena-server
+    to a real directory. Using the symlink requires it to depend on
+    openarena-server, which is undesirable, because since 0.8.8-1 that
+    package has contained an init script which is enabled by default.
+  * As a result, openarena-dbg no longer depends on openarena-server
+    (Closes: #695334)
+
+ -- Simon McVittie <smcv@debian.org>  Fri, 07 Dec 2012 09:40:17 +0000
+
 openarena (0.8.8-5+deb7u1) unstable; urgency=low
 
   * Add patch from upstream to fix a client-triggerable server crash.
diff -Nru openarena-0.8.8/debian/openarena-dbg.preinst openarena-0.8.8/debian/openarena-dbg.preinst
--- openarena-0.8.8/debian/openarena-dbg.preinst	1970-01-01 01:00:00.000000000 +0100
+++ openarena-0.8.8/debian/openarena-dbg.preinst	2012-12-07 09:40:25.000000000 +0000
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+# In older openarena-dbg this was a symlink to openarena-server; dpkg won't
+# replace existing symlinks with directories
+if [ -h /usr/share/doc/openarena-dbg ]
+then
+  rm -f /usr/share/doc/openarena-dbg
+fi
+
+#DEBHELPER#
diff -Nru openarena-0.8.8/debian/patches/0003-Request-confirmation-if-a-user-enables-auto-download.patch openarena-0.8.8/debian/patches/0003-Request-confirmation-if-a-user-enables-auto-download.patch
--- openarena-0.8.8/debian/patches/0003-Request-confirmation-if-a-user-enables-auto-download.patch	1970-01-01 01:00:00.000000000 +0100
+++ openarena-0.8.8/debian/patches/0003-Request-confirmation-if-a-user-enables-auto-download.patch	2012-12-07 09:40:25.000000000 +0000
@@ -0,0 +1,126 @@
+From b2bc13d7043d8a02df081a54e19a999e82f74f2e Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 14 Sep 2012 10:23:06 +0100
+Subject: [PATCH] Request confirmation if a user enables auto-downloading
+
+The Q3 UI toolkit isn't great at large amounts of text, so just point
+to a deb.li link into the Debian wiki.
+
+Origin: vendor, Debian
+Bug-Debian: http://bugs.debian.org/686648
+---
+ code/q3_ui/ui_firstconnect.c |   17 +++++++++++++++--
+ code/q3_ui/ui_local.h        |    1 +
+ code/q3_ui/ui_preferences.c  |   40 +++++++++++++++++++++++++++++++++++++++-
+ 3 files changed, 55 insertions(+), 3 deletions(-)
+
+diff --git a/code/q3_ui/ui_firstconnect.c b/code/q3_ui/ui_firstconnect.c
+index 5291aea..7fac4b8 100644
+--- a/code/q3_ui/ui_firstconnect.c
++++ b/code/q3_ui/ui_firstconnect.c
+@@ -194,7 +194,17 @@ FirstConnect_StatusBar_Download
+ =================
+ */
+ static void FirstConnect_StatusBar_Download( void* ptr ) {
+-		UI_DrawString( 320, 440, "Auto download missing maps and mods", UI_CENTER|UI_SMALLFONT, colorWhite );
++		UI_DrawString( 320, 440, "Security risk, see <http://deb.li/Q3DL>", UI_CENTER|UI_SMALLFONT, colorWhite );
++}
++
++static void AutoDownloadAction( qboolean result )
++{
++	if (result) {
++		trap_Cvar_SetValue( "cl_allowDownload", 1 );
++	} else {
++		trap_Cvar_SetValue( "cl_allowDownload", 0 );
++	}
++	s_firstconnect.allowdownload.curvalue = result;
+ }
+ 
+ /*
+@@ -251,8 +261,11 @@ static void FirstConnect_Event( void* ptr, int event )
+                         break;
+ 
+                 case ID_ALLOWDOWNLOAD:
+-                        trap_Cvar_SetValue( "cl_allowDownload", s_firstconnect.allowdownload.curvalue );
+                         trap_Cvar_SetValue( "sv_allowDownload", s_firstconnect.allowdownload.curvalue );
++                        if ( s_firstconnect.allowdownload.curvalue )
++				UI_ConfirmAutoDownload( AutoDownloadAction );
++			else
++				trap_Cvar_SetValue( "cl_allowDownload", 0 );
+                         break;
+ 
+                 case ID_DELAGHITSCAN:
+diff --git a/code/q3_ui/ui_local.h b/code/q3_ui/ui_local.h
+index 0ba5512..1e5b1f6 100644
+--- a/code/q3_ui/ui_local.h
++++ b/code/q3_ui/ui_local.h
+@@ -458,6 +458,7 @@ extern void PlayerSettings_Cache( void );
+ // ui_preferences.c
+ //
+ extern void UI_PreferencesMenu( void );
++extern void UI_ConfirmAutoDownload( void (*action) (qboolean) );
+ extern void Preferences_Cache( void );
+ 
+ //
+diff --git a/code/q3_ui/ui_preferences.c b/code/q3_ui/ui_preferences.c
+index 32b693f..94d80a0 100644
+--- a/code/q3_ui/ui_preferences.c
++++ b/code/q3_ui/ui_preferences.c
+@@ -131,6 +131,41 @@ static void Preferences_SetMenuItems( void ) {
+         s_preferences.teamchatbeep.curvalue     = trap_Cvar_VariableValue( "cg_teamChatBeep" ) != 0;
+ }
+ 
++
++static void AutoDownloadAction( qboolean result )
++{
++	if (result) {
++		trap_Cvar_SetValue( "cl_allowDownload", 1 );
++	} else {
++		trap_Cvar_SetValue( "cl_allowDownload", 0 );
++	}
++	s_preferences.allowdownload.curvalue = result;
++}
++
++static void UI_ConfirmAutoDownload_Draw ( void )
++{
++	UI_DrawProportionalString( SCREEN_WIDTH/2, 356 + PROP_HEIGHT * 0,
++		"WARNING: This is a security risk.",
++		UI_CENTER|UI_SMALLFONT, color_yellow );
++	UI_DrawProportionalString( SCREEN_WIDTH/2, 356 + PROP_HEIGHT * 1,
++		"More information: <http://deb.li/Q3DL>",
++		UI_CENTER|UI_SMALLFONT, color_yellow );
++}
++
++void UI_ConfirmAutoDownload( void (*action) (qboolean) )
++{
++	if (trap_Cvar_VariableValue( "cl_allowDownload" ) != 0) {
++		/* already set */
++		return;
++	}
++
++	UI_ConfirmMenu_Style(
++		"Auto-download?",
++		UI_CENTER|UI_SMALLFONT,
++		UI_ConfirmAutoDownload_Draw,
++		action);
++}
++
+ static void Preferences_Event( void* ptr, int notification ) {
+ 	if( notification != QM_ACTIVATED ) {
+ 		return;
+@@ -216,8 +251,11 @@ static void Preferences_Event( void* ptr, int notification ) {
+ 		break;
+ 
+ 	case ID_ALLOWDOWNLOAD:
+-		trap_Cvar_SetValue( "cl_allowDownload", s_preferences.allowdownload.curvalue );
+ 		trap_Cvar_SetValue( "sv_allowDownload", s_preferences.allowdownload.curvalue );
++		if ( s_preferences.allowdownload.curvalue )
++			UI_ConfirmAutoDownload( AutoDownloadAction );
++		else
++			trap_Cvar_SetValue( "cl_allowDownload", 0 );
+ 		break;
+                
+         case ID_DELAGHITSCAN:
+-- 
+1.7.10.4
+
diff -Nru openarena-0.8.8/debian/patches/series openarena-0.8.8/debian/patches/series
--- openarena-0.8.8/debian/patches/series	2012-09-14 08:02:50.000000000 +0100
+++ openarena-0.8.8/debian/patches/series	2012-12-07 09:40:25.000000000 +0000
@@ -1,4 +1,5 @@
 0001-Use-a-cpp-macro-for-the-game-code-version-so-package.patch
 0002-Fix-callvote-kick-player-does-not-exist-crash.patch
+0003-Request-confirmation-if-a-user-enables-auto-download.patch
 0031-Fix-FTBFS-on-kFreeBSD.patch
 0040-Add-OPENARENA_081_COMPATIBLE-define-for-network-comp.patch
diff -Nru openarena-0.8.8/debian/rules openarena-0.8.8/debian/rules
--- openarena-0.8.8/debian/rules	2012-09-14 08:02:50.000000000 +0100
+++ openarena-0.8.8/debian/rules	2012-12-07 09:40:25.000000000 +0000
@@ -106,10 +106,6 @@
 override_dh_strip:
 	dh_strip --dbg-package=openarena-dbg
 
-override_dh_installdocs:
-	dh_installdocs -popenarena-dbg --link-doc=openarena-server
-	dh_installdocs --remaining-packages
-
 .PHONY: get-orig-source
 get-orig-source:
 	test ! -e get-orig-source

Reply to:

Follow-Ups:
- Processed: Re: Bug#687617: unblock: openarena/0.8.8-5+deb7u2
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#695104: marked as done (unblock: xen/4.1.3-6)
Next by Date: Processed: Re: Bug#687617: unblock: openarena/0.8.8-5+deb7u2
Previous by thread: Bug#695335: marked as done (unblock: geoip-database/20121207-1)
Next by thread: Processed: Re: Bug#687617: unblock: openarena/0.8.8-5+deb7u2
Index(es):
- Date
- Thread