While browsing through the notes for nethack 5.0.0, found out a
security update for nethack.
Also took the opportunity to beef up the fork handler into using
setres[gu]id
And nethack 3.6 will need the updated conflict marker for 5.0.0.
Index: Makefile
===================================================================
RCS file: /build/data/openbsd/cvs/ports/games/nethack/3.6/Makefile,v
diff -u -p -r1.13 Makefile
--- Makefile 28 Jan 2025 10:17:37 -0000 1.13
+++ Makefile 27 Jun 2026 10:06:02 -0000
@@ -1,5 +1,5 @@
COMMENT = dungeon explorin', hackin', game. Piece of cake
-V = 3.6.6
+V = 3.6.7
# what we have compatible with
BASEV = 3.6.0
DISTNAME = nethack-$V
@@ -7,7 +7,6 @@ PKGNAME = ${DISTNAME}
CATEGORIES = games
SITES = https://www.nethack.org/download/$V/
DISTFILES = nethack-${V:S/.//g}-src.tgz
-REVISION = 1
HOMEPAGE = http://nethack.org/
@@ -24,7 +23,7 @@ CONFIG = x-config
WANTLIB += X11 Xaw Xext Xmu Xt
.endif
RUN_DEPENDS = games/hackdata
-WRKDIST = ${WRKDIR}/NetHack-NetHack-$V_Released
+WRKDIST = ${WRKDIR}/NetHack-$V
# GPL
PERMIT_PACKAGE = Yes
Index: distinfo
===================================================================
RCS file: /build/data/openbsd/cvs/ports/games/nethack/3.6/distinfo,v
diff -u -p -r1.3 distinfo
--- distinfo 16 Feb 2021 08:40:06 -0000 1.3
+++ distinfo 27 Jun 2026 10:05:13 -0000
@@ -1,2 +1,2 @@
-SHA256 (nethack-366-src.tgz) = z94MOrbdfCKuguHlpZq4AVIwTrI/sG4xKUOSceVkPtI=
-SIZE (nethack-366-src.tgz) = 5577633
+SHA256 (nethack-367-src.tgz) = mM9n323r+WaKYXRaqEwJvKs2Ll0z9blE7FFV1E0qrLI=
+SIZE (nethack-367-src.tgz) = 5577415
Index: patches/patch-src_files_c
===================================================================
RCS file:
/build/data/openbsd/cvs/ports/games/nethack/3.6/patches/patch-src_files_c,v
diff -u -p -r1.4 patch-src_files_c
--- patches/patch-src_files_c 11 Mar 2022 19:04:43 -0000 1.4
+++ patches/patch-src_files_c 27 Jun 2026 10:09:16 -0000
@@ -1,13 +1,24 @@
Index: src/files.c
--- src/files.c.orig
+++ src/files.c
-@@ -1397,7 +1397,9 @@ boolean uncomp;
+@@ -1373,6 +1373,7 @@ boolean uncomp;
+ #endif
+ f = fork();
+ if (f == 0) { /* child */
++ int uid, gid;
+ #ifdef TTY_GRAPHICS
+ /* any error messages from the compression must come out after
+ * the first line, because the more() to let the user read
+@@ -1397,8 +1398,10 @@ boolean uncomp;
redirect(filename, RDBMODE, stdin, uncomp);
redirect(cfn, WRBMODE, stdout, uncomp);
}
-+ (void) setegid(getgid());
- (void) setgid(getgid());
-+ (void) seteuid(getuid());
- (void) setuid(getuid());
+- (void) setgid(getgid());
+- (void) setuid(getuid());
++ gid = getgid();
++ uid = getuid();
++ (void) setresgid(gid, gid, gid);
++ (void) setresuid(gid, gid, gid);
(void) execv(args[0], (char *const *) args);
perror((char *) 0);
+ (void) fprintf(stderr, "Exec to %scompress %s failed.\n",
Index: pkg/PLIST
===================================================================
RCS file: /build/data/openbsd/cvs/ports/games/nethack/3.6/pkg/PLIST,v
diff -u -p -r1.5 PLIST
--- pkg/PLIST 11 Mar 2022 19:04:43 -0000 1.5
+++ pkg/PLIST 25 Jun 2026 14:49:54 -0000
@@ -1,6 +1,6 @@
@option no-default-conflict
@option is-branch
-@conflict nethack->=${BASEV}
+@conflict nethack->=${BASEV},<5.0
@newgroup ${GAMEGRP}:806
@comment bin/license
@comment bin/nethack
