Date: Mon, 01 Apr 2024 21:09:20 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 278117] games/openttd: Patch adds insecure functionality Message-ID: <bug-278117-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278117 Bug ID: 278117 Summary: games/openttd: Patch adds insecure functionality Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: danfe@FreeBSD.org Reporter: charlespigott@googlemail.com Flags: maintainer-feedback?(danfe@FreeBSD.org) Assignee: danfe@FreeBSD.org There is a patch in the OpenTTD port that adds functionality to save passwo= rds from network games out to a file (presumably so they can be reloaded again = on restart). This was added quite some time ago, in 2014, for no reason that I can tell = just from the commit. https://gitlab.com/FreeBSD/freebsd-ports/-/blob/main/games/openttd/files/ex= tra-patch-save-passwords Even though this patch is guarded by a WITH_SAVE_PASSWORDS define, it feels very wrong that the official port should make any changes to the functional= ity of the program, and certainly not one that saves passwords out in plain tex= t to an arbitrary file. (Incidentally, OTTD will likely have some actual password saving feature for the next major release with actual cryptographically secure storage, but th= at work is still ongoing) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-278117-7788>