pkg/50015: Update games/openttd to 1.5.1 (and audit notes)

[Leonardo Taccari <iamleot%gmail.com@localhost>]

>Number:         50015
>Category:       pkg
>Synopsis:       Update games/openttd to 1.5.1 (and audit notes)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Jun 29 21:45:01 +0000 2015
>Originator:     Leonardo Taccari
>Release:        NetBSD 7.99.19
>Organization:
Università Politecnica delle Marche
>Environment:
	
	
System: NetBSD boh 7.99.19 NetBSD 7.99.19 (GENERIC) #35: Sun Jun 28 13:29:09 CEST 2015 leot@boh:/usr/obj/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
	games/openttd in pkgsrc (1.4.4) is not the latest stable version
	(1.5.1). At the same time the audit notes regarding this and previous
	version seems incorrect (according to
	[SA47396](https://dl.packetstormsecurity.net/1201-advisories/sa47396.txt)
	and
	[SA50042](https://dl.packetstormsecurity.net/1207-advisories/sa50042.txt)
	they were respectively fixed in 1.1.5 release and 1.2.2 version).
	The latter vulnerability was also reported as CVE-2012-3436. Some notes
	regarding it are available here:
	http://security.openttd.org/en/CVE-2012-3436
>How-To-Repeat:
	$ cd pkgsrc/games/openttd
	$ make show-var VARNAME=PKGNAME_NOREV
	[... regarding the audit notes ...]
	$ pkg_admin audit openttd
	Package openttd-1.5.1 has a denial-of-service vulnerability, see http://secunia.com/advisories/47396/
	Package openttd-1.5.1 has a denial-of-service vulnerability, see http://secunia.com/advisories/50042/
>Fix:
	Regarding the "audit" inspection please give a look to the links
	provided in the Descripton: section of this PR.
	Regarding the update to the 1.5.1 version please apply the attached
	patches. Please also note that patches/patch-src_fontcache.cpp is no
	longer needed and "../../graphics/hicolor-icon-theme/buildlink3.mk" was
	included because the package installs various icons in
	share/icons/hicolor/ (noted by a pkglint warning).
	I have tested openttd-1.5.1 with openttd-data-0.5.2 (patches needed to
	update openttd-data are attached in pkg/50014).
	While here I will also attach a possible commit message.


------------------8<------------------8<------------------8<------------------
Update games/openttd to openttd-1.5.1.

Changes:
1.5.1 (2015-06-01)
------------------------------------------------------------------------
(None)

1.5.1-RC1 (2015-05-08)
------------------------------------------------------------------------
- Fix: Do not consider road junctions with trivial dead ends as branch points during town growth [FS#6245] (r27260, r27259, r27244)
- Fix: ScriptList::RemoveList failed to remove a list from itself [FS#6287] (r27258)
- Fix: Combined button+dropdown widgets in order and autoreplace GUI had incorrect hitbox when using GUI zoom [FS#6270] (r27255)
- Fix: When building a lock on DC_AUTO-removable water-based objects, the water class was always set to canal [FS#6264] (r27254)
- Fix: When crossing tram tracks with railroads, cost of extra roads was not being counted [FS#6282] (r27253)
- Fix: Invalid infrastructure counting when crossing tram tracks with railroads [FS#6281] (r27252)
- Fix: Broken error message in configure [FS#6286] (r27250)
- Fix: In some cases town growth failure was considered as success [FS#6240] (r27249, r27247)
- Fix: Town labels on smallmap and zoomed-out viewports were not centered [FS#6257] (r27248)
- Fix: Removing a rail waypoint used the remove-rail-station cost [FS#6251] (r27245)
- Fix: Duplicate frees due to pool item classes not having copy constructors [FS#6285] (r27243)
- Fix: Crash when no AIs were installed due to improper handling of non-ASCII characters by the string pointer lexer [FS#6272] (r27233)
- Fix: Compilation on DragonflyBSD [FS#6274] (r27224, r27223)
- Fix: Use the current maximum speed as limited by bridges, orders etc. for all vehicle types alike when considering increased smoke emissions of vehicles [FS#6278] (r27222)
- Fix: Multi-value keys in the desktop entry shall end with a trailing separator (r27221)
- Fix: Draw path reservation on the whole bridge, not only on the bridge heads (r27209)
- Fix: Draw correct overlay sprites for path reservations on bridges and tunnels (r27208)

1.5.0 (2015-04-01)
------------------------------------------------------------------------
- Fix: [NewGRF] Add Misc. GRF Feature Flag 6 to enable the second rocky tile set [FS#6260] (r27200)

1.5.0-RC1 (2015-03-18)
------------------------------------------------------------------------
- Feature: [NewGRF] Display relative offset changes in the sprite aligner [FS#6236] (r27174)
- Fix: Original road vehicle acceleration crashed for vehicles taking over [FS#6255] (r27190)
- Fix: GCC 5 compilation (r27185, r27183)
- Fix: Data race due to lazy initialisation of objects [FS#5969] (r27178)
- Fix: Compilation with MinGW64 (r27176)
- Fix: Use the regular clipping functions in the sprite aligner instead of some magic [FS#6237] (r27173)
- Fix: Windows randomly drops SetCursorPos calls, breaking the RMB-scrolling [FS#6238] (r27172)

1.5.0-beta2 (2015-02-24)
------------------------------------------------------------------------
- Feature: [NoGo] Game scripts can point to a location, station, industry, or town when publishing news (r27164)
- Feature: Allow changing max heightlevel in scenario editor (r27151)
- Feature: Make use of both rocky tile sets from the base graphics (r27117)
- Change: Scale (non-custom) default window sizes according to GUI zoom (r27147)
- Change: Make statusbar and chat-entry window use the same width as the toolbar (r27146)
- Change: The chatbox-width setting now uses percent of screen width instead of pixels (r27144)
- Change: [NewGRF] Interpret negative positions in industry layouts depending on GRF version (r27138)
- Fix: [SDL, Windows] Right-mouse-button scrolling scrolled/jumped too far, when OpenTTD lagged during mouse event processing (r27167)
- Fix: Toolbars were not invalidated when changing max-vehicles settings [FS#6204] (r27163)
- Fix: Tile selection was drawn outside of map in some cases [FS#6208] (r27162)
- Fix: Reimplement the viewport drawing algorithm [FS#6156] [FS#6206] (r27161)
- Fix: Issues with smallmap and viewport coordinates and transformations (r27160, r27159, r27158)
- Fix: Mark bridge middle tiles dirty when building/removing/changing bridges (r27157)
- Fix: Rounding and unit-conversion inconsistencies in calls to MarkAllViewportsDirty (r27148)
- Fix: Oilrig empty-tile checks were incorrect due to wrong TileIndexDiff->TileIndexDiffC conversion (r27137)
- Fix: Misalignment in generate world window in case of small fonts (r27135)
- Fix: Dragging of free wagons in depot failed with GUI zoom (r27133)
- Fix: Reduce memory footprint of map array by shuffling its members [FS#6218] (r27132, r27126)
- Fix: Dropdown- and tooltip-windows should not steal the focus (r27131)
- Fix: [NewGRF] Action 7/9 condition 0A failed for present, but disabled, NewGRF (r27119)
- Fix: Road vehicles could not reverse to be sent to depots when the following tile has the right type to run on, but could not be entered [FS#6183] (r27107)
- Fix: Use the actual max speed of the vehicle in front when determining if a RV can overtake [FS#6176] (r27106)
- Fix: grow_counter was not properly bounded by growth_rate, but by some other value used to calculate growth_rate [FS#6195] (r27105)
- Fix: [Script] Support 64 bits integers in ScriptLists [FS#6194] (r27104)
- Fix: [Script] Money values would end up wrong in strings when outside the bounds of a 32 bits integer [FS#6194] (r27102)

1.5.0-beta1 (2014-12-24)
------------------------------------------------------------------------
- Feature: Support .txt.gz and -txt.xz changelog, readme and license files in basesets, NewGRFs, etc (r27035, r27034)
- Feature: More height levels [FS#4126] (r27010)
- Feature: Latin translation (r26993)
- Feature: Add option to choose normal, double or quad-size interface (r26990)
- Feature: [Script] Swap method for script lists (r26894)
- Feature: [Script] ScriptStationList_Cargo for sorting cargo by from and via (r26893)
- Feature: [Script] API for retrieving planned flow (r26892)
- Feature: [CargoDist] Predict links for station-autorefitting vehicles (r26889)
- Feature: Setting for limiting the height of bridges (r26882)
- Feature: Make aircraft ascend/descend when they are too close to the ground or too far away (r26866)
- Feature: Allow hiding of non-interesting engines in the GUI (r26805, r26804)
- Feature: Vehicle sorting in autoreplace GUI [FS#1640] (r26800)
- Feature: [NewGRF] Advanced visual effects with multiple effect sprites independent of spawning model (r26988, r26747)
- Feature: Warn about missing industries after generating a map (r26729)
- Feature: Upgrade currently active NewGRFs to newest installed version (r26613)
- Feature: Save and load grfid and md5sum of NewGRFs in config file (r26611)
- Feature: Select an editable preset name for saving (r26610)
- Feature: Cancel cargo delivery from industries/houses to stations after about 21 months of not having picked up any of the cargo (r26582)
- Feature: Give a warning when a plane's orders tell it to use a runway which is too short for it [FS#6009] (r26566)
- Feature: [Script] Extended API for CargoDist (r26557)
- Feature: Show measured order times in timetable GUI also when not timetabled (r26550)
- Feature: Prompt for confirmation when deleting a vehicle group (r26455)
- Feature: Hierarchical vehicle subgroups (r26450)
- Feature: Allow more sound sleep for dedicated servers when there's nothing to do and nobody paying attention (r26449)
- Feature: [NewGRF] Add vehicle modflag 1 (unloading in progress) (r26430)
- Change: Improvements to the man page (r27091, r27012)
- Change: Allow to set the granularity of the tooltip hover time in milliseconds instead of seconds. New default value is 250ms (r26815)
- Change: Follow SI recommendation about spaces between numbers and units [FS#6086] (r26733)
- Change: [CargoDist] Save locations instead of distances in link graphs to reduce size (r26646)
- Change: [Squirrel] Make the internal integer for scripts always 64 bits, so scripts behave the same on 32 and 64 bit architectures and money can be represented properly (r26585, r26584)
- Change: Reshuffle advanced settings tree (r26614, r26536)
- Change: Add backend-independent config-file setting to disable 8bpp video modes, and disable 8bpp by default (r26522)
- Fix: [OS/2] Compile again [FS#6186] (r27092)
- Fix: Compilation with freetype2 version 2.5.4 and newer [FS#6185] (r27079)
- Fix: Variable 47 used the carge translation table of the wrong GRF in case of callback 1D [FS#6182] (r27075)
- Fix: Some lists did not use natural string sorting [FS#6172] (r27063)
- Fix: Mercurial version detection failed if personal presets were configured (r27059)
- Fix: [OSX] Don't require double-press from non-dead console hotkeys [FS#5812] (r27046)
- Fix: Crash when having the vehicle list opened from a buoy or oil rig when the buoy/oil rig is removed (r27030)
- Fix: Unit number was not always fully shown in depots [FS#6102] (r27014)
- Fix: [CargoDist] Reserve cargo only after unloading finished or if the vehicle has the desired cargo already [FS#6110] (r26918)
- Fix: [Squirrel] Loading a value saved as boolean caused it to be of type integer instead of boolean (r26785)
- Fix: [Squirrel] Harden string handling (r26777)
- Fix: [OSX] Implement more of the text editing API to prevent crashes and improve IME support [FS#5972] (r26758)
- Fix: Incorrect saving of order backups [FS#6066] (r26700)
- Fix: Ordering a vehicle to a competitor's rail waypoint displayed an error message. Ignore the click as is done for the other order types to competitor's stuff [FS#6059] (r26692)
- Fix: [Script] Loading/parsing of info .nuts was done in the same VM, causing e.g. constants to break the loading of info of other scripts [FS#5973] (r26617)
- Fix: [CargoDist] Improve estimation of link capacitites (r26549)
- Remove: A bunch of archaic settings from the GUI (r26528, r26526, r26525)
------------------8<------------------8<------------------8<------------------


------------------8<------------------8<------------------8<------------------
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/games/openttd/Makefile,v
retrieving revision 1.57
diff -u -r1.57 Makefile
--- Makefile	25 Apr 2015 14:23:01 -0000	1.57
+++ Makefile	29 Jun 2015 20:12:14 -0000
@@ -1,8 +1,7 @@
 # $NetBSD: Makefile,v 1.57 2015/04/25 14:23:01 tnn Exp $
 
-DISTNAME=	openttd-1.4.4-source
+DISTNAME=	openttd-1.5.1-source
 PKGNAME=	${DISTNAME:S/-source//}
-PKGREVISION=	2
 CATEGORIES=	games x11
 MASTER_SITES=	http://binaries.openttd.org/releases/${PKGVERSION_NOREV}/
 EXTRACT_SUFX=	.tar.xz
@@ -54,6 +53,7 @@
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../fonts/fontconfig/buildlink3.mk"
 .include "../../graphics/freetype2/buildlink3.mk"
+.include "../../graphics/hicolor-icon-theme/buildlink3.mk"
 .include "../../graphics/png/buildlink3.mk"
 .include "../../sysutils/desktop-file-utils/desktopdb.mk"
 .include "../../textproc/icu/buildlink3.mk"
Index: PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/games/openttd/PLIST,v
retrieving revision 1.19
diff -u -r1.19 PLIST
--- PLIST	20 Dec 2014 21:52:38 -0000	1.19
+++ PLIST	29 Jun 2015 20:12:14 -0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.19 2014/12/20 21:52:38 ryoon Exp $
+@comment $NetBSD$
 bin/openttd
 man/man6/openttd.6
 share/applications/openttd.desktop
@@ -19,6 +19,7 @@
 share/openttd/ai/compat_1.2.nut
 share/openttd/ai/compat_1.3.nut
 share/openttd/ai/compat_1.4.nut
+share/openttd/ai/compat_1.5.nut
 share/openttd/baseset/no_music.obm
 share/openttd/baseset/no_sound.obs
 share/openttd/baseset/openttd.grf
@@ -60,6 +61,7 @@
 share/openttd/lang/italian.lng
 share/openttd/lang/japanese.lng
 share/openttd/lang/korean.lng
+share/openttd/lang/latin.lng
 share/openttd/lang/latvian.lng
 share/openttd/lang/lithuanian.lng
 share/openttd/lang/luxembourgish.lng
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/games/openttd/distinfo,v
retrieving revision 1.22
diff -u -r1.22 distinfo
--- distinfo	19 Jun 2015 00:49:14 -0000	1.22
+++ distinfo	29 Jun 2015 20:12:14 -0000
@@ -1,7 +1,6 @@
 $NetBSD: distinfo,v 1.22 2015/06/19 00:49:14 dholland Exp $
 
-SHA1 (openttd-1.4.4-source.tar.xz) = c3aa122cda75162b76cd12dc4586371e841102b3
-RMD160 (openttd-1.4.4-source.tar.xz) = 591ffe69e26e4820af29f8e04ec181d4c5119170
-Size (openttd-1.4.4-source.tar.xz) = 6342508 bytes
-SHA1 (patch-aa) = b34cc7e0adf8a91657f1426ff2d888eb7c31bcb2
-SHA1 (patch-src_fontcache.cpp) = 88fb873e3e487bbf5a63afd9490a83981ec8b306
+SHA1 (openttd-1.5.1-source.tar.xz) = 95b9b16fd3dc9edd8d893d7adacc32a8fcb09c47
+RMD160 (openttd-1.5.1-source.tar.xz) = fea88dbaf7f852e2d9967a8060a2db3d89897f56
+Size (openttd-1.5.1-source.tar.xz) = 6557704 bytes
+SHA1 (patch-aa) = f9c9291ec5414e239d53e110e54aac83b926af8a
Index: patches/patch-aa
===================================================================
RCS file: /cvsroot/pkgsrc/games/openttd/patches/patch-aa,v
retrieving revision 1.11
diff -u -r1.11 patch-aa
--- patches/patch-aa	5 Aug 2013 19:24:35 -0000	1.11
+++ patches/patch-aa	29 Jun 2015 20:12:14 -0000
@@ -3,9 +3,9 @@
 Compile 'strip' test with CFLAGS, so -isysroot can be passed on OSX.
 Correct library detection on NetBSD.
 
---- config.lib.orig	2012-04-15 11:55:05.000000000 +0000
+--- config.lib.orig	2015-06-01 18:43:32.000000000 +0000
 +++ config.lib
-@@ -2001,7 +2001,7 @@ check_strip() {
+@@ -2070,7 +2070,7 @@ check_strip() {
  	elif [ "$os" = "OSX" ]; then
  		# Most targets have -V in strip, to see if they exists... OSX doesn't.. so execute something
  		echo "int main(int argc, char *argv[]) { }" > strip.test.c
@@ -14,7 +14,7 @@
  		check_compiler "host strip" "strip" "$host" "$strip" "$STRIP" "strip" "strip" "3" "strip.test"
  		rm -f strip.test.c strip.test
  	else
-@@ -2533,7 +2533,7 @@ detect_library() {
+@@ -2628,7 +2628,7 @@ detect_library() {
  		if [ -z "$res" ]; then
  			log 2 "  trying /opt/local/include/$4$5... no"
  		fi
Index: patches/patch-src_fontcache.cpp
===================================================================
RCS file: patches/patch-src_fontcache.cpp
diff -N patches/patch-src_fontcache.cpp
--- patches/patch-src_fontcache.cpp	19 Jun 2015 00:49:14 -0000	1.2
+++ /dev/null	1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$NetBSD: patch-src_fontcache.cpp,v 1.2 2015/06/19 00:49:14 dholland Exp $
-
-bitmap.width and bitmap.rows are unsigned in some versions of freetype
-(but not others) -- because C++ requires max() to be homogeneous with
-respect to sign, if it's unsigned the constant needs to be 1U, and if
-it's not, it needs not to be. Which becomes a problem. So, since none
-of this should ever be negative, force it all to unsigned.
-
---- src/fontcache.cpp.orig	2014-12-11 21:17:16.000000000 +0000
-+++ src/fontcache.cpp
-@@ -481,8 +481,8 @@ const Sprite *FreeTypeFontCache::GetGlyp
- 	aa = (slot->bitmap.pixel_mode == FT_PIXEL_MODE_GRAY);
- 
- 	/* Add 1 pixel for the shadow on the medium font. Our sprite must be at least 1x1 pixel */
--	int width  = max(1, slot->bitmap.width + (this->fs == FS_NORMAL));
--	int height = max(1, slot->bitmap.rows  + (this->fs == FS_NORMAL));
-+	int width  = max(1U, (unsigned)(slot->bitmap.width + (this->fs == FS_NORMAL)));
-+	int height = max(1U, (unsigned)(slot->bitmap.rows  + (this->fs == FS_NORMAL)));
- 
- 	/* Limit glyph size to prevent overflows later on. */
- 	if (width > 256 || height > 256) usererror("Font glyph is too large");

>Unformatted: