games/openarena: Fix CVE-2017-6903

- Backport fix based on patchset for urbanterror [1]

[1] https://github.com/Barbatos/ioq3-for-UrbanTerror-4/pull/73

PR:		217911
Submitted by:	miwi
Approved by:	miwi (mentor)
MFH:		2017Q2
Security:	CVE-2017-6903
Security:	e48355d7-1548-11e7-8611-0090f5f2f347
Differential Revision:	https://reviews.freebsd.org/D10176

12 files changed, 519 insertions, 11 deletions

diff --git a/games/openarena/Makefile b/games/openarena/Makefile
index f29953656e6d..3f9c0efed40c 100644
--- a/games/openarena/Makefile
+++ b/games/openarena/Makefile
@@ -2,14 +2,13 @@
 # $FreeBSD$
 
 PORTNAME=	openarena
-PORTVERSION=	${GAMEVERSION}.s${SVNREVISION}
-PORTREVISION=	2
+DISTVERSION=	${GAMEVERSION}.s${SVNREVISION}
+PORTREVISION=	3
 PORTEPOCH=	1
 MASTER_SITES=	SF/oarena/src \
 		http://files.poulsander.com/~poul19/public_files/oa/dev088/
 DISTNAME=	${PORTNAME}-engine-source-${GAMEVERSION}
-# Master port defines EXTRACT_SUFX unless already defined
-EXTRACT_SUFX=	.tar.bz2
+EXTRACT_SUFX=	.tar.bz2 # override master port
 
 MAINTAINER=	kami@FreeBSD.org
 COMMENT=	Quake3 total conversion based on the ioquake3 engine
@@ -18,6 +17,8 @@ LICENSE?=	GPLv2
 
 RUN_DEPENDS=	${LOCALBASE}/${DATADIR_REL}/${Q3BASE}/pak0.pk3:games/openarena-data
 
+USES=		tar:bzip2
+
 MASTERDIR=	${.CURDIR}/../ioquake3
 DESCR=		${.CURDIR}/../${PORTNAME}/pkg-descr
 DISTINFO_FILE=	${.CURDIR}/../${PORTNAME}/distinfo
@@ -26,6 +27,7 @@ PKGMESSAGE=	${.CURDIR}/../${PORTNAME}/pkg-message
 
 IOQ3?=		CLIENT
 IOQ3ARCH?=	${ARCH}
+IOQ3SDL=	sdl
 # OpenArena doc is too messy to bother
 OPTIONS_EXCLUDE=	DOCS
 
diff --git a/games/openarena/files/patch-code_botlib_be__aas__route.c b/games/openarena/files/patch-code_botlib_be__aas__route.c
new file mode 100644
index 000000000000..3d2ed32f4520
--- /dev/null
+++ b/games/openarena/files/patch-code_botlib_be__aas__route.c
@@ -0,0 +1,38 @@
+--- code/botlib/be_aas_route.c.orig	2011-12-24 12:29:34 UTC
++++ code/botlib/be_aas_route.c
+@@ -106,7 +106,7 @@ void AAS_RoutingInfo(void)
+ // Returns:				-
+ // Changes Globals:		-
+ //===========================================================================
+-ID_INLINE int AAS_ClusterAreaNum(int cluster, int areanum)
++static ID_INLINE int AAS_ClusterAreaNum(int cluster, int areanum)
+ {
+ 	int side, areacluster;
+ 
+@@ -166,7 +166,7 @@ void AAS_InitTravelFlagFromType(void)
+ // Returns:				-
+ // Changes Globals:		-
+ //===========================================================================
+-ID_INLINE int AAS_TravelFlagForType_inline(int traveltype)
++static ID_INLINE int AAS_TravelFlagForType_inline(int traveltype)
+ {
+ 	int tfl;
+ 
+@@ -339,7 +339,7 @@ int AAS_EnableRoutingArea(int areanum, i
+ // Returns:				-
+ // Changes Globals:		-
+ //===========================================================================
+-ID_INLINE float AAS_RoutingTime(void)
++static ID_INLINE float AAS_RoutingTime(void)
+ {
+ 	return AAS_Time();
+ } //end of the function AAS_RoutingTime
+@@ -379,7 +379,7 @@ int AAS_GetAreaContentsTravelFlags(int a
+ // Returns:				-
+ // Changes Globals:		-
+ //===========================================================================
+-ID_INLINE int AAS_AreaContentsTravelFlags_inline(int areanum)
++static ID_INLINE int AAS_AreaContentsTravelFlags_inline(int areanum)
+ {
+ 	return aasworld.areacontentstravelflags[areanum];
+ } //end of the function AAS_AreaContentsTravelFlags
diff --git a/games/openarena/files/patch-code_client_cl__console.c b/games/openarena/files/patch-code_client_cl__console.c
new file mode 100644
index 000000000000..965034341fdc
--- /dev/null
+++ b/games/openarena/files/patch-code_client_cl__console.c
@@ -0,0 +1,58 @@
+--- code/client/cl_console.c.orig	2011-12-24 12:29:31 UTC
++++ code/client/cl_console.c
+@@ -172,7 +172,9 @@ void Con_Dump_f (void)
+ 	int		l, x, i;
+ 	short	*line;
+ 	fileHandle_t	f;
+-	char	buffer[1024];
++	int		bufferlen;
++	char	*buffer;
++	char	filename[MAX_QPATH];
+ 
+ 	if (Cmd_Argc() != 2)
+ 	{
+@@ -180,15 +182,24 @@ void Con_Dump_f (void)
+ 		return;
+ 	}
+ 
+-	Com_Printf ("Dumped console text to %s.\n", Cmd_Argv(1) );
++	Q_strncpyz( filename, Cmd_Argv( 1 ), sizeof( filename ) );
++	COM_DefaultExtension( filename, sizeof( filename ), ".txt" );
+ 
+-	f = FS_FOpenFileWrite( Cmd_Argv( 1 ) );
++	if (!COM_CompareExtension(filename, ".txt"))
++	{
++		Com_Printf("Con_Dump_f: Only the \".txt\" extension is supported by this command!\n");
++		return;
++	}
++
++	f = FS_FOpenFileWrite( filename );
+ 	if (!f)
+ 	{
+-		Com_Printf ("ERROR: couldn't open.\n");
++		Com_Printf ("ERROR: couldn't open %s.\n", filename);
+ 		return;
+ 	}
+ 
++	Com_Printf ("Dumped console text to %s.\n", filename );
++
+ 	// skip empty lines
+ 	for (l = con.current - con.totallines + 1 ; l <= con.current ; l++)
+ 	{
+@@ -214,10 +225,15 @@ void Con_Dump_f (void)
+ 			else
+ 				break;
+ 		}
+-		strcat( buffer, "\n" );
++#ifdef _WIN32
++		Q_strcat(buffer, bufferlen, "\r\n");
++#else
++		Q_strcat(buffer, bufferlen, "\n");
++#endif
+ 		FS_Write(buffer, strlen(buffer), f);
+ 	}
+ 
++	Hunk_FreeTempMemory( buffer );
+ 	FS_FCloseFile( f );
+ }
+ 
diff --git a/games/openarena/files/patch-code_client_cl__curl.c b/games/openarena/files/patch-code_client_cl__curl.c
new file mode 100644
index 000000000000..f5601284ec72
--- /dev/null
+++ b/games/openarena/files/patch-code_client_cl__curl.c
@@ -0,0 +1,25 @@
+--- code/client/cl_curl.c.orig	2011-12-24 12:29:31 UTC
++++ code/client/cl_curl.c
+@@ -94,6 +94,13 @@ qboolean CL_cURL_Init()
+ 
+ 
+ 	Com_Printf("Loading \"%s\"...", cl_cURLLib->string);
++
++	if ( COM_CompareExtension( cl_cURLLib->string, ".pk3" ) )
++	{
++		Com_Printf( S_COLOR_RED "Rejecting cl_cURLLib named \"%s\"\n", cl_cURLLib->string );
++		return qfalse;
++	}
++
+ 	if( (cURLLib = Sys_LoadLibrary(cl_cURLLib->string)) == 0 )
+ 	{
+ #ifdef _WIN32
+@@ -320,7 +327,7 @@ void CL_cURL_PerformDownload(void)
+ 	}
+ 	FS_FCloseFile(clc.download);
+ 	if(msg->msg == CURLMSG_DONE && msg->data.result == CURLE_OK) {
+-		FS_SV_Rename(clc.downloadTempName, clc.downloadName);
++		FS_SV_Rename(clc.downloadTempName, clc.downloadName, qfalse);
+ 		clc.downloadRestart = qtrue;
+ 	}
+ 	else {
diff --git a/games/openarena/files/patch-code_client_cl__parse.c b/games/openarena/files/patch-code_client_cl__parse.c
new file mode 100644
index 000000000000..8363168d1064
--- /dev/null
+++ b/games/openarena/files/patch-code_client_cl__parse.c
@@ -0,0 +1,38 @@
+--- code/client/cl_parse.c.orig	2011-12-24 12:29:30 UTC
++++ code/client/cl_parse.c
+@@ -534,6 +534,26 @@ void CL_ParseGamestate( msg_t *msg ) {
+ 	// reinitialize the filesystem if the game directory has changed
+ 	FS_ConditionalRestart( clc.checksumFeed );
+ 
++	if (dangerousPaksFound) {
++		char PakList[MAX_STRING_CHARS];
++		for (i = 0; i < dangerousPaksFound; i++) {
++			Q_strcat(PakList, sizeof(PakList), va("%s.pk3, ", dangerousPakNames[i]));
++		}
++
++		PakList[strlen(PakList) - 2] = 0;
++
++		Cvar_Set("com_errorMessage", va(
++			"^1WARNING! ^7Dangerous file(s) found in downloaded pk3%s:\n\n%s\n\n"
++			"You should go delete %s immediately. %s could lead to malicious code execution.",
++			dangerousPaksFound == 1 ? "" : "s",
++			PakList,
++			dangerousPaksFound == 1 ? "that file" : "those files",
++			dangerousPaksFound == 1 ? "It" : "They"));
++
++		VM_Call(uivm, UI_SET_ACTIVE_MENU, UIMENU_MAIN);
++		return;
++	}
++
+ 	// This used to call CL_StartHunkUsers, but now we enter the download state before loading the
+ 	// cgame
+ 	CL_InitDownloads();
+@@ -624,7 +644,7 @@ void CL_ParseDownload ( msg_t *msg ) {
+ 			clc.download = 0;
+ 
+ 			// rename the file
+-			FS_SV_Rename ( clc.downloadTempName, clc.downloadName );
++			FS_SV_Rename ( clc.downloadTempName, clc.downloadName, qfalse );
+ 		}
+ 
+ 		// send intentions now
diff --git a/games/openarena/files/patch-code_client_snd__openal.c b/games/openarena/files/patch-code_client_snd__openal.c
new file mode 100644
index 000000000000..136e269b1de7
--- /dev/null
+++ b/games/openarena/files/patch-code_client_snd__openal.c
@@ -0,0 +1,24 @@
+--- code/client/snd_openal.c.orig	2011-12-24 12:29:31 UTC
++++ code/client/snd_openal.c
+@@ -2072,7 +2072,7 @@ static cvar_t *s_alCapture;
+ #elif defined(MACOS_X)
+ #define ALDRIVER_DEFAULT "/System/Library/Frameworks/OpenAL.framework/OpenAL"
+ #else
+-#define ALDRIVER_DEFAULT "libopenal.so.1"
++#define ALDRIVER_DEFAULT "libopenal.so"
+ #endif
+ 
+ /*
+@@ -2358,6 +2358,12 @@ qboolean S_AL_Init( soundInterface_t *si
+ 
+ 	s_alDevice = Cvar_Get("s_alDevice", "", CVAR_ARCHIVE | CVAR_LATCH);
+ 
++	if ( COM_CompareExtension( s_alDriver->string, ".pk3" ) )
++	{
++		Com_Printf( S_COLOR_RED "Rejecting s_alDriver named \"%s\"\n", s_alDriver->string );
++		return qfalse;
++	}
++
+ 	// Load QAL
+ 	if( !QAL_Init( s_alDriver->string ) )
+ 	{
diff --git a/games/openarena/files/patch-code_qcommon_common.c b/games/openarena/files/patch-code_qcommon_common.c
new file mode 100644
index 000000000000..bcf0e019e938
--- /dev/null
+++ b/games/openarena/files/patch-code_qcommon_common.c
@@ -0,0 +1,16 @@
+--- code/qcommon/common.c.orig	2011-12-24 12:29:32 UTC
++++ code/qcommon/common.c
+@@ -2845,6 +2845,13 @@ void Com_WriteConfig_f( void ) {
+ 
+ 	Q_strncpyz( filename, Cmd_Argv(1), sizeof( filename ) );
+ 	COM_DefaultExtension( filename, sizeof( filename ), ".cfg" );
++
++	if (!COM_CompareExtension(filename, ".cfg"))
++	{
++		Com_Printf("Com_WriteConfig_f: Only the \".cfg\" extension is supported by this command!\n");
++		return;
++	}
++
+ 	Com_Printf( "Writing %s.\n", filename );
+ 	Com_WriteConfigToFile( filename );
+ }
diff --git a/games/openarena/files/patch-code_qcommon_files.c b/games/openarena/files/patch-code_qcommon_files.c
index 2f7ef4de173f..b35962d7c3e1 100644
--- a/games/openarena/files/patch-code_qcommon_files.c
+++ b/games/openarena/files/patch-code_qcommon_files.c
@@ -1,6 +1,16 @@
 --- code/qcommon/files.c.orig	2011-12-24 12:29:32 UTC
 +++ code/qcommon/files.c
-@@ -250,6 +250,7 @@ static  cvar_t          *fs_apppath;
+@@ -195,6 +195,9 @@ static const unsigned int missionpak_che
+ 	1438664554u
+ };
+ 
++int dangerousPaksFound;
++char dangerousPakNames[MAX_ZPATH][MAX_SEARCH_PATHS];
++
+ // if this is defined, the executable positively won't work with any paks other
+ // than the demo pak, even if productid is present.  This is only used for our
+ // last demo release to prevent the mac and linux users from using the demo
+@@ -250,6 +253,7 @@ static  cvar_t          *fs_apppath;
  #endif
  
  static	cvar_t		*fs_basepath;
@@ -8,7 +18,251 @@
  static	cvar_t		*fs_basegame;
  static	cvar_t		*fs_gamedirvar;
  static	searchpath_t	*fs_searchpaths;
-@@ -2859,6 +2860,7 @@ static void FS_Startup( const char *game
+@@ -529,30 +533,32 @@ qboolean FS_CreatePath (char *OSPath) {
+ 
+ /*
+ =================
+-FS_CheckFilenameIsNotExecutable
++FS_CheckFilenameIsMutable
+ 
+-ERR_FATAL if trying to maniuplate a file with the platform library extension
++ERR_FATAL if trying to maniuplate a file with the platform library, QVM, or pk3 extension
+ =================
+  */
+-static void FS_CheckFilenameIsNotExecutable( const char *filename,
++static void FS_CheckFilenameIsMutable( const char *filename,
+ 		const char *function )
+ {
+-	// Check if the filename ends with the library extension
+-	if( !Q_stricmp( COM_GetExtension( filename ), DLL_EXT ) )
++	// Check if the filename ends with the library, QVM, or pk3 extension
++	if( COM_CompareExtension( filename, DLL_EXT )
++		|| COM_CompareExtension( filename, ".qvm" )
++		|| COM_CompareExtension( filename, ".pk3" ) )
+ 	{
+ 		Com_Error( ERR_FATAL, "%s: Not allowed to manipulate '%s' due "
+-			"to %s extension\n", function, filename, DLL_EXT );
++			"to %s extension", function, filename, COM_GetExtension( filename ) );
+ 	}
+ }
+ 
+ /*
+-===========
++=================
+ FS_Remove
+ 
+ ===========
+ */
+ void FS_Remove( const char *osPath ) {
+-	FS_CheckFilenameIsNotExecutable( osPath, __func__ );
++	FS_CheckFilenameIsMutable( osPath, __func__ );
+ 
+ 	remove( osPath );
+ }
+@@ -564,7 +570,7 @@ FS_HomeRemove
+ ===========
+ */
+ void FS_HomeRemove( const char *homePath ) {
+-	FS_CheckFilenameIsNotExecutable( homePath, __func__ );
++	FS_CheckFilenameIsMutable( homePath, __func__ );
+ 
+ 	remove( FS_BuildOSPath( fs_homepath->string,
+ 			fs_gamedir, homePath ) );
+@@ -643,7 +649,7 @@ fileHandle_t FS_SV_FOpenFileWrite( const
+ 		Com_Printf( "FS_SV_FOpenFileWrite: %s\n", ospath );
+ 	}
+ 
+-	FS_CheckFilenameIsNotExecutable( ospath, __func__ );
++	FS_CheckFilenameIsMutable( ospath, __func__ );
+ 
+ 	if( FS_CreatePath( ospath ) ) {
+ 		return 0;
+@@ -735,7 +741,7 @@ FS_SV_Rename
+ 
+ ===========
+ */
+-void FS_SV_Rename( const char *from, const char *to ) {
++void FS_SV_Rename( const char *from, const char *to, qboolean safe ) {
+ 	char			*from_ospath, *to_ospath;
+ 
+ 	if ( !fs_searchpaths ) {
+@@ -754,7 +760,11 @@ void FS_SV_Rename( const char *from, con
+ 		Com_Printf( "FS_SV_Rename: %s --> %s\n", from_ospath, to_ospath );
+ 	}
+ 
+-	FS_CheckFilenameIsNotExecutable( to_ospath, __func__ );
++	FS_CheckFilenameIsMutable( to_ospath, __func__ );
++
++	if ( safe ) {
++		FS_CheckFilenameIsMutable( to_ospath, __func__ );
++	}
+ 
+ 	rename(from_ospath, to_ospath);
+ }
+@@ -784,7 +794,7 @@ void FS_Rename( const char *from, const 
+ 		Com_Printf( "FS_Rename: %s --> %s\n", from_ospath, to_ospath );
+ 	}
+ 
+-	FS_CheckFilenameIsNotExecutable( to_ospath, __func__ );
++	FS_CheckFilenameIsMutable( to_ospath, __func__ );
+ 
+ 	rename(from_ospath, to_ospath);
+ }
+@@ -843,7 +853,7 @@ fileHandle_t FS_FOpenFileWrite( const ch
+ 		Com_Printf( "FS_FOpenFileWrite: %s\n", ospath );
+ 	}
+ 
+-	FS_CheckFilenameIsNotExecutable( ospath, __func__ );
++	FS_CheckFilenameIsMutable( ospath, __func__ );
+ 
+ 	if( FS_CreatePath( ospath ) ) {
+ 		return 0;
+@@ -891,7 +901,7 @@ fileHandle_t FS_FOpenFileAppend( const c
+ 		Com_Printf( "FS_FOpenFileAppend: %s\n", ospath );
+ 	}
+ 
+-	FS_CheckFilenameIsNotExecutable( ospath, __func__ );
++	FS_CheckFilenameIsMutable( ospath, __func__ );
+ 
+ 	if( FS_CreatePath( ospath ) ) {
+ 		return 0;
+@@ -963,6 +973,7 @@ int FS_FOpenFileRead( const char *filena
+ 	FILE			*temp;
+ 	int				l;
+ 	char demoExt[16];
++	qboolean isLocalConfig, isQVM;
+ 
+ 	hash = 0;
+ 
+@@ -970,11 +981,22 @@ int FS_FOpenFileRead( const char *filena
+ 		Com_Error( ERR_FATAL, "Filesystem call made without initialization\n" );
+ 	}
+ 
++	isLocalConfig = !Q_stricmp(filename, "autoexec.cfg") || !Q_stricmp(filename, "q3config.cfg");
++	isQVM = COM_CompareExtension(filename, ".qvm");
++
+ 	if ( file == NULL ) {
+ 		// just wants to see if file is there
+ 		for ( search = fs_searchpaths ; search ; search = search->next ) {
+ 			//
+ 			if ( search->pack ) {
++				// autoexec.cfg and q3config.cfg can only be loaded outside of pk3 files.
++				if (isLocalConfig)
++					continue;
++
++				// QVMs can't be loaded from pk3 in the "download" directory
++				if (isQVM && !Q_stricmp(search->pack->pakGamename, "download"))
++					continue;
++
+ 				hash = FS_HashFileName(filename, search->pack->hashSize);
+ 			}
+ 			// is the element a pak file?
+@@ -1040,6 +1062,14 @@ int FS_FOpenFileRead( const char *filena
+ 	for ( search = fs_searchpaths ; search ; search = search->next ) {
+ 		//
+ 		if ( search->pack ) {
++			// autoexec.cfg and q3config.cfg can only be loaded outside of pk3 files.
++			if (isLocalConfig)
++				continue;
++
++			// QVMs can't be loaded from pk3 in the "download" directory
++			if (isQVM && !Q_stricmp(search->pack->pakGamename, "download"))
++				continue;
++
+ 			hash = FS_HashFileName(filename, search->pack->hashSize);
+ 		}
+ 		// is the element a pak file?
+@@ -1657,7 +1687,7 @@ Creates a new pak_t in the search chain 
+ of a zip file.
+ =================
+ */
+-static pack_t *FS_LoadZipFile(const char *zipfile, const char *basename)
++static pack_t *FS_LoadZipFile(const char *zipfile, const char *basename, const char *gamename )
+ {
+ 	fileInPack_t	*buildBuffer;
+ 	pack_t			*pack;
+@@ -1666,11 +1696,12 @@ static pack_t *FS_LoadZipFile(const char
+ 	unz_global_info gi;
+ 	char			filename_inzip[MAX_ZPATH];
+ 	unz_file_info	file_info;
+-	int				i, len;
++	int				i, j, len;
+ 	long			hash;
+ 	int				fs_numHeaderLongs;
+ 	int				*fs_headerLongs;
+ 	char			*namePtr;
++	qboolean		alreadydangerous = qfalse;
+ 
+ 	fs_numHeaderLongs = 0;
+ 
+@@ -1714,6 +1745,7 @@ static pack_t *FS_LoadZipFile(const char
+ 
+ 	Q_strncpyz( pack->pakFilename, zipfile, sizeof( pack->pakFilename ) );
+ 	Q_strncpyz( pack->pakBasename, basename, sizeof( pack->pakBasename ) );
++	Q_strncpyz( pack->pakGamename, gamename, sizeof( pack->pakGamename ) );
+ 
+ 	// strip .pk3 if needed
+ 	if ( strlen( pack->pakBasename ) > 4 && !Q_stricmp( pack->pakBasename + strlen( pack->pakBasename ) - 4, ".pk3" ) ) {
+@@ -1730,6 +1762,30 @@ static pack_t *FS_LoadZipFile(const char
+ 		if (err != UNZ_OK) {
+ 			break;
+ 		}
++
++		if (!Q_stricmp(pack->pakGamename, "download") && (
++				COM_CompareExtension(filename_inzip, ".qvm") ||
++				!Q_stricmp(filename_inzip, "autoexec.cfg") ||
++				!Q_stricmp(filename_inzip, "q3config.cfg")))
++		{
++
++			for (j = 0; j < dangerousPaksFound; j++) {
++				if (!strcmp(dangerousPakNames[j], pack->pakBasename)) {
++					alreadydangerous = qtrue;
++					break;
++				}
++			}
++
++			if (!alreadydangerous) {
++				Q_strncpyz(dangerousPakNames[dangerousPaksFound], pack->pakBasename, MAX_ZPATH);
++				dangerousPaksFound++;
++			}
++
++			Com_Printf(S_COLOR_RED "Dangerous file %s found in %s\n",
++					filename_inzip,
++					pack->pakFilename);
++		}
++
+ 		if (file_info.uncompressed_size > 0) {
+ 			fs_headerLongs[fs_numHeaderLongs++] = LittleLong(file_info.crc);
+ 		}
+@@ -1784,7 +1840,7 @@ qboolean FS_CompareZipChecksum(const cha
+ 	pack_t *thepak;
+ 	int index, checksum;
+ 	
+-	thepak = FS_LoadZipFile(zipfile, "");
++	thepak = FS_LoadZipFile(zipfile, "", "");
+ 	
+ 	if(!thepak)
+ 		return qfalse;
+@@ -2569,10 +2625,8 @@ void FS_AddGameDirectory( const char *pa
+ 
+ 	for ( i = 0 ; i < numfiles ; i++ ) {
+ 		pakfile = FS_BuildOSPath( path, dir, pakfiles[i] );
+-		if ( ( pak = FS_LoadZipFile( pakfile, pakfiles[i] ) ) == 0 )
++		if ( ( pak = FS_LoadZipFile( pakfile, pakfiles[i], dir ) ) == 0 )
+ 			continue;
+-		// store the game name for downloading
+-		strcpy(pak->pakGamename, dir);
+ 		
+ 		fs_packFiles += pak->numfiles;
+ 
+@@ -2854,11 +2908,14 @@ static void FS_Startup( const char *game
+ 
+ 	Com_Printf( "----- FS_Startup -----\n" );
+ 
++	dangerousPaksFound = 0;
++
+ 	fs_packFiles = 0;
+ 
  	fs_debug = Cvar_Get( "fs_debug", "0", 0 );
  	fs_basepath = Cvar_Get ("fs_basepath", Sys_DefaultInstallPath(), CVAR_INIT );
  	fs_basegame = Cvar_Get ("fs_basegame", "", CVAR_INIT );
@@ -16,7 +270,7 @@
  	homePath = Sys_DefaultHomePath();
  	if (!homePath || !homePath[0]) {
  		homePath = fs_basepath->string;
-@@ -2878,6 +2880,11 @@ static void FS_Startup( const char *game
+@@ -2878,6 +2935,11 @@ static void FS_Startup( const char *game
  	if (fs_apppath->string[0])
  		FS_AddGameDirectory(fs_apppath->string, gameName);
  	#endif
diff --git a/games/openarena/files/patch-code_qcommon_q__shared.c b/games/openarena/files/patch-code_qcommon_q__shared.c
new file mode 100644
index 000000000000..1d12ba5b46a4
--- /dev/null
+++ b/games/openarena/files/patch-code_qcommon_q__shared.c
@@ -0,0 +1,33 @@
+--- code/qcommon/q_shared.c.orig	2011-12-24 12:29:31 UTC
++++ code/qcommon/q_shared.c
+@@ -96,6 +96,30 @@ void COM_StripExtension( const char *in,
+ 		out[length] = 0;
+ }
+ 
++/*
++============
++COM_CompareExtension
++
++string compare the end of the strings and return qtrue if strings match
++============
++*/
++qboolean COM_CompareExtension(const char *in, const char *ext)
++{
++	int inlen, extlen;
++
++	inlen = strlen(in);
++	extlen = strlen(ext);
++
++	if(extlen <= inlen)
++	{
++		in += inlen - extlen;
++
++		if(!Q_stricmp(in, ext))
++			return qtrue;
++	}
++
++	return qfalse;
++}
+ 
+ /*
+ ==================
diff --git a/games/openarena/files/patch-code_qcommon_qcommon.h b/games/openarena/files/patch-code_qcommon_qcommon.h
index 7f94b9e1ee2d..80bca4095d6a 100644
--- a/games/openarena/files/patch-code_qcommon_qcommon.h
+++ b/games/openarena/files/patch-code_qcommon_qcommon.h
@@ -1,6 +1,28 @@
 --- code/qcommon/qcommon.h.orig	2011-12-24 12:29:32 UTC
 +++ code/qcommon/qcommon.h
-@@ -1099,6 +1099,9 @@ char	*Sys_DefaultInstallPath(void);
+@@ -571,6 +571,12 @@ issues.
+ ==============================================================
+ */
+ 
++#define MAX_ZPATH			256
++#define	MAX_SEARCH_PATHS	4096
++
++extern int dangerousPaksFound;
++extern char dangerousPakNames[MAX_ZPATH][MAX_SEARCH_PATHS];
++
+ // referenced flags
+ // these are in loop specific order so don't change the order
+ #define FS_GENERAL_REF	0x01
+@@ -627,7 +633,7 @@ fileHandle_t	FS_FOpenFileAppend( const c
+ 
+ fileHandle_t FS_SV_FOpenFileWrite( const char *filename );
+ int		FS_SV_FOpenFileRead( const char *filename, fileHandle_t *fp );
+-void	FS_SV_Rename( const char *from, const char *to );
++void	FS_SV_Rename( const char *from, const char *to, qboolean safe );
+ int		FS_FOpenFileRead( const char *qpath, fileHandle_t *file, qboolean uniqueFILE );
+ // if uniqueFILE is true, then a new FILE will be fopened even if the file
+ // is found in an already open pak file.  If uniqueFILE is false, you must call
+@@ -1099,6 +1105,9 @@ char	*Sys_DefaultInstallPath(void);
  char    *Sys_DefaultAppPath(void);
  #endif
  
diff --git a/games/openarena/files/patch-code_qcommon_vm__x86.c b/games/openarena/files/patch-code_qcommon_vm__x86.c
index 7bc5b30118f5..01b412a4e3ed 100644
--- a/games/openarena/files/patch-code_qcommon_vm__x86.c
+++ b/games/openarena/files/patch-code_qcommon_vm__x86.c
@@ -1,4 +1,4 @@
---- code/qcommon/vm_x86.c.orig	2016-04-01 10:07:17 UTC
+--- code/qcommon/vm_x86.c.orig	2011-12-24 12:29:32 UTC
 +++ code/qcommon/vm_x86.c
 @@ -90,8 +90,11 @@ static	int		ftolPtr = (int)qftol0F7F;
  void AsmCall(void);
diff --git a/games/openarena/pkg-message b/games/openarena/pkg-message
deleted file mode 100644
index 50e32c4d2dd4..000000000000
--- a/games/openarena/pkg-message
+++ /dev/null
@@ -1,2 +0,0 @@
-Should the game have trouble meeting com_maxfps, which would result in less
-effective strafe jumping, set com_busywait 1 to restore the old behaviour.