Hi, Just a quick ping to the list. Is this diff OK with the patch that removes the localcommand from the source? I had submitted a pull request upstream but was told it is only enabled if a specific command-line flag is turned on. That was the answer from upstream. I guess I should omit the patch the just leave as is? I'm trying to make it a bit safer, but I don't think the upstream project developers agree with my stance.
Are there any guidelines on this or should I re-submit this diff without the patch that removes that function? Thanks, Tom Index: Makefile =================================================================== RCS file: /cvs/ports/games/mvdsv/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- Makefile 22 Dec 2020 20:53:25 -0000 1.3 +++ Makefile 25 Sep 2021 16:52:17 -0000 @@ -4,7 +4,7 @@ COMMENT = QuakeWorld server GH_ACCOUNT = deurk GH_PROJECT = mvdsv -GH_TAGNAME = 0.33 +GH_TAGNAME = 0.34 CATEGORIES = games Index: distinfo =================================================================== RCS file: /cvs/ports/games/mvdsv/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- distinfo 22 Dec 2020 20:53:25 -0000 1.2 +++ distinfo 25 Sep 2021 16:52:17 -0000 @@ -1,4 +1,4 @@ -SHA256 (mvdsv-0.33.tar.gz) = 3Jq9u+B2Wdbtx/8LyIA08eWSihZPe6mq+Shpkw4uQYQ= +SHA256 (mvdsv-0.34.tar.gz) = gZBxjf4QiPTxKmYXfusBwaUn9fRl5w3sT7uP7tSZTGo= SHA256 (qwprogs-20120131.dat) = /1HLXnc2DXK5NIfYkZjc+UYpuS+LrhAPxupIpsEqeDA= -SIZE (mvdsv-0.33.tar.gz) = 576306 +SIZE (mvdsv-0.34.tar.gz) = 597476 SIZE (qwprogs-20120131.dat) = 197684 Index: patches/patch-src_server_h =================================================================== RCS file: patches/patch-src_server_h diff -N patches/patch-src_server_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_server_h 25 Sep 2021 16:52:17 -0000 @@ -0,0 +1,26 @@ +$OpenBSD$ + +Remove dangerous localcommand function even if it it not turned on +by default and needs a command-line option. There is a pull request +at: https://github.com/deurk/mvdsv/pull/69 + + +Index: src/server.h +--- src/server.h.orig ++++ src/server.h +@@ -1087,7 +1087,6 @@ void SV_SetClientConnectionTime(client_t* client); + #ifdef SERVERONLY + // mvdsv not changed over to enums yet, which was more about documentation + #define SV_CommandLineEnableCheats() (COM_CheckParm("-cheats")) +-#define SV_CommandLineEnableLocalCommand() (COM_CheckParm("-enablelocalcommand")) + #define SV_CommandLineDemoCacheArgument() (COM_CheckParm("-democache")) + #define SV_CommandLineProgTypeArgument() (COM_CheckParm("-progtype")) + #define SV_CommandLineUseMinimumMemory() (COM_CheckParm("-minmemory")) +@@ -1095,7 +1094,6 @@ void SV_SetClientConnectionTime(client_t* client); + #define SV_CommandLineHeapSizeMemoryMB() (COM_CheckParm("-mem")) + #else + #define SV_CommandLineEnableCheats() (COM_CheckParm(cmdline_param_server_enablecheats)) +-#define SV_CommandLineEnableLocalCommand() (COM_CheckParm(cmdline_param_server_enablelocalcommand)) + #define SV_CommandLineDemoCacheArgument() (COM_CheckParm(cmdline_param_server_democache_kb)) + #define SV_CommandLineProgTypeArgument() (COM_CheckParm(cmdline_param_server_progtype)) + #define SV_CommandLineUseMinimumMemory() (COM_CheckParm(cmdline_param_host_memory_minimum)) Index: patches/patch-src_sv_ccmds_c =================================================================== RCS file: patches/patch-src_sv_ccmds_c diff -N patches/patch-src_sv_ccmds_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_sv_ccmds_c 25 Sep 2021 16:52:17 -0000 @@ -0,0 +1,73 @@ +$OpenBSD$ + +Remove dangerous localcommand function even if it it not turned on +by default and needs a command-line option. There is a pull request +at: https://github.com/deurk/mvdsv/pull/69 + +Index: src/sv_ccmds.c +--- src/sv_ccmds.c.orig ++++ src/sv_ccmds.c +@@ -738,54 +738,6 @@ void SV_ChmodFile_f (void) + } + #endif //_WIN32 + +-/*================== +-SV_LocalCommand_f +-Execute system command +-==================*/ +-//bliP: REMOVE ME REMOVE ME REMOVE ME REMOVE ME REMOVE ME -> +-void SV_LocalCommand_f (void) +-{ +- int i, c; +- char str[1024], *temp_file = "__output_temp_file__"; +- +- if ((c = Cmd_Argc()) < 2) +- { +- Con_Printf("localcommand [command]\n"); +- return; +- } +- +- str[0] = 0; +- for (i = 1; i < c; i++) +- { +- strlcat (str, Cmd_Argv(i), sizeof(str)); +- strlcat (str, " ", sizeof(str)); +- } +- strlcat (str, va("> %s 2>&1\n", temp_file), sizeof(str)); +- +- if (system(str) == -1) +- Con_Printf("command failed\n"); +- else +- { +- char buf[512]; +- FILE *f; +- if ((f = fopen(temp_file, "rt")) == NULL) +- Con_Printf("(empty)\n"); +- else +- { +- while (!feof(f)) +- { +- buf[fread (buf, 1, sizeof(buf) - 1, f)] = 0; +- Con_Printf("%s", buf); +- } +- fclose(f); +- if (Sys_remove(temp_file)) +- Con_Printf("Unable to remove file %s\n", temp_file); +- } +- } +- +-} +-//REMOVE ME REMOVE ME REMOVE ME REMOVE ME REMOVE ME +- + /* + ================== + SV_Kick_f +@@ -1844,8 +1796,6 @@ void SV_InitOperatorCommands (void) + Cmd_AddCommand ("chmod", SV_ChmodFile_f); + #endif //_WIN32 + //<- +- if (SV_CommandLineEnableLocalCommand()) +- Cmd_AddCommand ("localcommand", SV_LocalCommand_f); + + Cmd_AddCommand ("map", SV_Map_f); + #ifdef SERVERONLY
