We won't be fixing this for Mageia 5.

Whiteboard: MGA6TOO, MGA5TOO => MGA6TOO

Updated package uploaded for cauldron and Mageia 6.

Advisory:
========================

Updated ioquake3 package fixes security vulnerability:

It was discovered that ioquake3 contained a read buffer overflow that allows remote attackers to cause a denial of service (CVE-2017-11721).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721
https://www.debian.org/security/2017/dsa-3948
========================

Updated packages in core/updates_testing:
========================
ioquake3-1.36-12.20170428.1.1.mga6
ioquake3-demo-1.36-12.20170428.1.1.mga6.noarch.rpm

from ioquake3-1.36-12.20170428.1.1.mga6.src.rpm

Version: Cauldron => 6
Assignee: rverschelde => qa-bugs
Whiteboard: MGA6TOO => (none)
CC: (none) => mrambo

Testing M6/64

What is it?
"Quake 3 Arena engine (ioquake3 version)
This package contains the enhanced opensource ioquake3 version of the Quake 3
Arena engine. This engine can be used to play a number of games based on this
engine..."
This looks useful: ioquake3-demo
"This package installs an application menu entry for playing the Quake3 Arena
demo. The first time you click this menu entry, it will offer to download and
install the Quake 3 demo datafiles for you."

BEFORE update: installed:
- ioquake3-1.36-12.20170428.1.mga6.x86_64
- ioquake3-demo-1.36-12.20170428.1.mga6.noarch
and tried from the Games menu ioquake3; not successful (same from terminal, as both normal user and root): popped up a window saying:

"pak0.pk3" is missing. Please copy it from your legitimate Q3 CDROM. Point Release files are missing. Please re-install the 1.32 point release. Also check that your ioq3 executable is in the correct place and that every file in the "baseq3" directory is present and readable. See "/home/lewis/.q3a/baseq3/crashlog.txt" for details."

The log file says:
"ioq3 1.36 (git 20170428) [Mageia 12.20170428.1.mga6] linux-x86_64 May  9 2017
SSE instruction set enabled
----- FS_Startup -----
We are looking in the current search path:
/home/lewis/.q3a/baseq3
/usr/libexec/ioquake3/baseq3
----------------------
0 files in pk3 files
"pak0.pk3" is missing. Please copy it from your legitimate Q3 CDROM. Point Release files are missing. Please re-install the 1.32 point release. Also check that your ioq3 executable is in the correct place and that every file in the "baseq3" directory is present and readable

The first path cited above contains just the log file.
 $ ls -lR /home/lewis/.q3a/baseq3
 /home/lewis/.q3a/baseq3:
 -rw-r----- 1 lewis lewis 545 Ion  14 19:08 crashlog.txt

For the second path:
 $ ls -l /usr/libexec/ioquake3/baseq3
 -rwxr-xr-x 1 root root 296984 Mai   9  2017 cgamex86_64.so*
 -rwxr-xr-x 1 root root 488528 Mai   9  2017 qagamex86_64.so*
 -rwxr-xr-x 1 root root 283720 Mai   9  2017 uix86_64.so*

Not a good basis for testing the update, which has nothing to do with all this.
Asking for feedback.

Keywords: (none) => feedback
CC: (none) => lewyssmith

First off, I don't really know the answer to this with any certainty as I've never played the game before. That said, it appears the specified file is not bundled with ioquake3 (AFAICS, it does not exist anywhere in the ioquake3 package source) and must be obtained from some other official source.

http://wiki.ioquake3.org/Players_Guide

For mageia, urpmf says that might include the openarena and/or openarena-data packages. If you don't have the CDROM it is asking for I'd suggest installing one of those packages and then copy or synlink the file from the package you choose to one of the locations in the 'current search path' mentioned in the error message (I used /usr/libexec/ioquake3/baseq3) and then see what happens.

But, having tried this, you will then probably see a message that point release files are missing. You can get these from https://ioquake3.org/extras/patch-data/ and the unzip and copy the files in baseq3 and missionpack to the search path locations like the previous pak0 file.

When I did this I was asked for a CD key which I do not possess. But at least the program started without error.

This is the all I can think of to suggest. If this does not work we may have to wait until Remi (ioquake3 maintainer) or someone else more familiar with quake3 comes along with the real answer.

I will add that running ioquake3-demo from CLI after all of the above does yield more fruitful results for me.

Ask if I didn't make something clear. If I can still remember what I did I'll try again. :)

@Mike
All the research you have done on this is truly impressive. I think in summary:

1) pak0.pk3. Install openarena and/or openarena-data pkgs and find in those the file; copy it to
 /usr/libexec/ioquake3/baseq3/

2) Point Release files. You can get these from
 https://ioquake3.org/extras/patch-data/
and then unzip and copy the files in baseq3 and missionpack to
 /usr/libexec/ioquake3/baseq3/

3) When launching the program you are asked for a CD key which you do not possess. But at least the program starts without error.

4) Running ioquake3-demo from CLI after all of the above does yield more fruitful results.

Before launching QA into all this, I cannot but remark "How can Mageia (or any distribution) offer packages requiring so much external fiddling for them to work?"

I think this needs feedback from probably Rémi before we bash on. If these extra-Mageia manipulations are expected and normal, they must be included in /usr/share/doc/ioquake3/
 README.md is a long very technical document.
 md4-readme.txt is also technical.
 opengl2-readme.md is a long very technical document.
 vvoip-readme.txt is also technical.
None of these (I think) cover the points you have clarified.

But thank you again Mike for beating such a tortuous path.

Keywords: (none) => feedback

See Bug 6997.

Rpmdrake or one of its priority dependencies needs to be updated first. Rpmdrake will then restart.

The following 15 packages are going to be installed:

- autodownloader-0.3.0-10.mga6.noarch
- ioquake3-1.36-12.20170428.1.1.mga6.x86_64
- ioquake3-demo-1.36-12.20170428.1.1.mga6.noarch
- lib64opusfile0-0.7-2.mga6.x86_64
- lib64pyglib2.0_0-2.28.6-18.mga6.x86_64
- meta-task-6-1.1.mga6.noarch
- opengl-games-utils-0.1-9.mga6.noarch
- pygtk2.0-2.24.0-11.mga6.x86_64
- pygtk2.0-libglade-2.24.0-11.mga6.x86_64
- python-cairo-1.13.2-1.mga6.x86_64
- python-gobject-2.28.6-18.mga6.x86_64
- python-numpy-1.11.2-1.mga6.x86_64
- worldofpadman-1.6-9.mga6.nonfree.x86_64
- worldofpadman-data-1.6-6.mga6.nonfree.noarch
- zenity-3.24.0-2.mga6.x86_64

1GB of additional disk space will be used.

978MB of packages will be retrieved.

Is it ok to continue?


Installed fine (64-bit – mga6)

$ uname -a 
Linux localhost 4.14.16-desktop-1.mga6 #1 SMP Wed Jan 31 20:50:08 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


Sound and game play is good with World of Padman.

From what I can tell, working as designed.


Ioquake requires a license I don’t have, so that won’t work.

Whiteboard: (none) => mga6-64-ok
CC: (none) => brtians1

(In reply to David Walser from comment #7)
> See Bug 6997.
2012 - and never sorted.
We have no choice but to push this as it is - especially in the light of Brian's relative success.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0148.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

*** Bug 27966 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu

*** Bug 28132 has been marked as a duplicate of this bug. ***