r10971 - in packages/trunk/alien-arena/debian: . patches
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat May 8 15:17:23 UTC 2010
Author: gilbert-guest
Date: 2010-05-08 15:17:21 +0000 (Sat, 08 May 2010)
New Revision: 10971
Added:
packages/trunk/alien-arena/debian/patches/fix-client-buffer-overflow.patch
packages/trunk/alien-arena/debian/patches/fix-server-dos.patch
Modified:
packages/trunk/alien-arena/debian/NEWS.Debian
packages/trunk/alien-arena/debian/changelog
packages/trunk/alien-arena/debian/control
packages/trunk/alien-arena/debian/patches/kill-runaway-crded_tool_debianization.patch
packages/trunk/alien-arena/debian/patches/launch-server_tool_debianization.patch
packages/trunk/alien-arena/debian/patches/makefile_modifications.patch
packages/trunk/alien-arena/debian/patches/series
packages/trunk/alien-arena/debian/rules
Log:
alien-arena updates
Modified: packages/trunk/alien-arena/debian/NEWS.Debian
===================================================================
--- packages/trunk/alien-arena/debian/NEWS.Debian 2010-05-08 15:01:20 UTC (rev 10970)
+++ packages/trunk/alien-arena/debian/NEWS.Debian 2010-05-08 15:17:21 UTC (rev 10971)
@@ -5,3 +5,4 @@
configuration files located in ~/.alien-arena to retain your current settings.
-- Michael Gilbert <michael.s.gilbert at gmail.com> Sun, 17 Jan 2010 16:56:23 -0500
+
Modified: packages/trunk/alien-arena/debian/changelog
===================================================================
--- packages/trunk/alien-arena/debian/changelog 2010-05-08 15:01:20 UTC (rev 10970)
+++ packages/trunk/alien-arena/debian/changelog 2010-05-08 15:17:21 UTC (rev 10971)
@@ -1,3 +1,32 @@
+alien-arena (7.33-6) unstable; urgency=high
+
+ * Fix a client buffer overflow vulnerability.
+
+ -- Michael Gilbert <michael.s.gilbert at gmail.com> Sun, 18 Apr 2010 17:44:27 -0400
+
+alien-arena (7.33-5) unstable; urgency=high
+
+ * Fix a server denial-of-service issue: clients were able crash the server
+ with a malformed "download" command (closes: #575621).
+
+ -- Michael Gilbert <michael.s.gilbert at gmail.com> Fri, 02 Apr 2010 18:39:50 -0400
+
+alien-arena (7.33-4) unstable; urgency=low
+
+ * Apply patch to support kfreebsd architectures (closes: #573790).
+ - Thanks to Cyril Brulebois for the patch!
+
+ -- Michael Gilbert <michael.s.gilbert at gmail.com> Sat, 13 Mar 2010 20:33:43 -0500
+
+alien-arena (7.33-3) unstable; urgency=low
+
+ * Use dos2unix instead of tofrodos since it has been removed.
+ * Bump standards version to 3.8.4 (no changes required).
+ * Update launch-server and kill-runaway-crded scripts to use new config
+ file location.
+
+ -- Michael Gilbert <michael.s.gilbert at gmail.com> Sat, 13 Mar 2010 11:58:37 -0500
+
alien-arena (7.33-2) unstable; urgency=low
* Fix help text wrapping in launcher scripts (closes: #566633).
Modified: packages/trunk/alien-arena/debian/control
===================================================================
--- packages/trunk/alien-arena/debian/control 2010-05-08 15:01:20 UTC (rev 10970)
+++ packages/trunk/alien-arena/debian/control 2010-05-08 15:17:21 UTC (rev 10971)
@@ -3,8 +3,8 @@
Priority: extra
Maintainer: Debian Games Team <pkg-games-devel at lists.alioth.debian.org>
Uploaders: Michael Gilbert <michael.s.gilbert at gmail.com>, Barry deFreese <bddebian at comcast.net>
-Build-Depends: debhelper (>= 5), sharutils, tofrodos, libglu1-mesa-dev | libglu-dev, libgl1-mesa-dev | libgl-dev, libjpeg62-dev | libjpeg-dev, libpng12-dev | libpng-dev, libxxf86vm-dev, libxxf86dga-dev, libxext-dev, libx11-dev, libcurl4-gnutls-dev | libcurl3-gnutls-dev, libopenal-dev, libvorbis-dev
-Standards-Version: 3.8.3
+Build-Depends: debhelper (>= 5), sharutils, dos2unix, libglu1-mesa-dev | libglu-dev, libgl1-mesa-dev | libgl-dev, libjpeg62-dev | libjpeg-dev, libpng12-dev | libpng-dev, libxxf86vm-dev, libxxf86dga-dev, libxext-dev, libx11-dev, libcurl4-gnutls-dev | libcurl3-gnutls-dev, libopenal-dev, libvorbis-dev
+Standards-Version: 3.8.4
Homepage: http://red.planetarena.org
Vcs-Svn: svn://svn.debian.org/svn/pkg-games/packages/trunk/alien-arena/
Vcs-Browser: http://svn.debian.org/wsvn/pkg-games/packages/trunk/alien-arena/?op=log
Added: packages/trunk/alien-arena/debian/patches/fix-client-buffer-overflow.patch
===================================================================
--- packages/trunk/alien-arena/debian/patches/fix-client-buffer-overflow.patch (rev 0)
+++ packages/trunk/alien-arena/debian/patches/fix-client-buffer-overflow.patch 2010-05-08 15:17:21 UTC (rev 10971)
@@ -0,0 +1,15 @@
+Description: fix a client buffer overflow
+diff -up alienarena-7.33/source/client/menu.c.BAD alienarena-7.33/source/client/menu.c
+--- alienarena-7.33/source/client/menu.c.BAD 2010-04-06 11:12:38.098874822 -0400
++++ alienarena-7.33/source/client/menu.c 2010-04-06 11:15:46.511873232 -0400
+@@ -6119,7 +6119,9 @@ qboolean PlayerConfig_MenuInit( void )
+ if ( hand->value < 0 || hand->value > 2 )
+ Cvar_SetValue( "hand", 0 );
+
+- strcpy( currentdirectory, skin->string );
++ Q_strncpyz( currentdirectory, Cvar_VariableString ("skin"), sizeof(currentdirectory)-1);
++ // Richard Stanway's Q1 code says there is a buffer overflow here.
++ // strcpy( currentdirectory, skin->string );
+
+ if ( strchr( currentdirectory, '/' ) )
+ {
Added: packages/trunk/alien-arena/debian/patches/fix-server-dos.patch
===================================================================
--- packages/trunk/alien-arena/debian/patches/fix-server-dos.patch (rev 0)
+++ packages/trunk/alien-arena/debian/patches/fix-server-dos.patch 2010-05-08 15:17:21 UTC (rev 10971)
@@ -0,0 +1,35 @@
+Index: source/server/sv_user.c
+Description: the server can be crashed from clients executing malformed download commands. this patch fixes that.
+===================================================================
+--- a/source/server/sv_user.c (revision 1684)
++++ b/source/server/sv_user.c (revision 1685)
+@@ -323,6 +323,7 @@
+ extern cvar_t *allow_download_sounds;
+ extern cvar_t *allow_download_maps;
+ extern int file_from_pak; // ZOID did file come from pak?
++ int name_length; // For getting the final character.
+ int offset = 0;
+
+ name = Cmd_Argv(1);
+@@ -333,6 +334,10 @@
+ // hacked by zoid to allow more conrol over download
+ // first off, no .. or global allow check
+ if (strstr (name, "..") || !allow_download->value
++ // prevent config downloading on Win32 systems
++ || name[0] == '\\'
++ // negative offset causes crashing
++ || offset < 0
+ // leading dot is no good
+ || *name == '.'
+ // leading slash bad as well, must be in subdir
+@@ -354,6 +359,10 @@
+ return;
+ }
+
++ // If the name ends in a slash or dot, hack it off. Continue to do so just
++ // in case some tricky fellow puts multiple slashes or dots.
++ while (name[(name_length = strlen(name))] == '.' || name[name_length] == '/' )
++ name[name_length] = '\0';
+
+ if (sv_client->download)
+ FS_FreeFile (sv_client->download);
Modified: packages/trunk/alien-arena/debian/patches/kill-runaway-crded_tool_debianization.patch
===================================================================
--- packages/trunk/alien-arena/debian/patches/kill-runaway-crded_tool_debianization.patch 2010-05-08 15:01:20 UTC (rev 10970)
+++ packages/trunk/alien-arena/debian/patches/kill-runaway-crded_tool_debianization.patch 2010-05-08 15:17:21 UTC (rev 10971)
@@ -1,7 +1,8 @@
+Index: alien-arena-7.33/Tools/LinuxScripts/kill-runaway-crded
Description: Patch to modify Tools/LinuxScripts/kill-runaway-crded script for use in a Debian based distro.
===================================================================
---- ./Tools/LinuxScripts/kill-runaway-crded~ 2007-05-13 01:23:35.000000000 -0400
-+++ ./Tools/LinuxScripts/kill-runaway-crded 2007-05-13 01:23:35.000000000 -0400
+--- alien-arena-7.33.orig/Tools/LinuxScripts/kill-runaway-crded 2010-03-13 13:51:34.000000000 -0500
++++ alien-arena-7.33/Tools/LinuxScripts/kill-runaway-crded 2010-03-13 13:52:54.000000000 -0500
@@ -1,9 +1,9 @@
#!/bin/sh
@@ -13,6 +14,6 @@
+for TPPID in `ps -eo pid,comm | grep crded | cut -d' ' -f1`
do
/bin/kill -9 $TPPID
-+rm -f `ls $HOME/.alien-arena/alien-arena-server.*.pid`
++rm -f `ls $HOME/.config/alien-arena/alien-arena-server.*.pid`
done
-
Modified: packages/trunk/alien-arena/debian/patches/launch-server_tool_debianization.patch
===================================================================
--- packages/trunk/alien-arena/debian/patches/launch-server_tool_debianization.patch 2010-05-08 15:01:20 UTC (rev 10970)
+++ packages/trunk/alien-arena/debian/patches/launch-server_tool_debianization.patch 2010-05-08 15:17:21 UTC (rev 10971)
@@ -1,8 +1,8 @@
-Index: Patch to modify Tools/LinuxScripts/launch-server script for use in a Debian based distro.
-Patch also allows for server config files to be placed under any directory.
+Index: alien-arena-7.33/Tools/LinuxScripts/launch-server
+Description: Patch to modify Tools/LinuxScripts/launch-server script for use in a Debian based distro.
===================================================================
---- ./Tools/LinuxScripts/launch-server~ 2007-05-17 00:38:52.000000000 -0400
-+++ ./Tools/LinuxScripts/launch-server 2007-05-17 01:40:07.000000000 -0400
+--- alien-arena-7.33.orig/Tools/LinuxScripts/launch-server 2010-03-13 13:51:34.000000000 -0500
++++ alien-arena-7.33/Tools/LinuxScripts/launch-server 2010-03-13 13:52:35.000000000 -0500
@@ -1,14 +1,20 @@
#! /bin/sh
#
@@ -50,9 +50,9 @@
-else
-echo "Unable to find server config $aadir/arena/$1."
-exit 0
-+ if test -r $HOME/.alien-arena/$1
++ if test -r $HOME/.config/alien-arena/$1
+ then
-+ echo "Found server config $HOME/.alien-arena/$1..."
++ echo "Found server config $HOME/.config/alien-arena/$1..."
+ elif test -r $1
+ then
+ echo "Found server config $1..."
@@ -64,18 +64,18 @@
-echo "Usage: launch-server <configfile>"
+echo "Usage: alien-arena-server -s <configfile>\n\
+<configfile> must be specified.\n\
-+<configfile> can be placed inside $HOME/.alien-arena and\n\
++<configfile> can be placed inside $HOME/.config/alien-arena and\n\
+specified by its basename, or it can be specified by its full path.\n\n"
exit 0
fi
-aapid="$1.pid"
-+if test -d $HOME/.alien-arena
++if test -d $HOME/.config/alien-arena
+then
-+aapid="$HOME/.alien-arena/alien-arena-server.`basename $1`.pid"
++aapid="$HOME/.config/alien-arena/alien-arena-server.`basename $1`.pid"
+else
-+mkdir $HOME/.alien-arena
-+aapid="$HOME/.alien-arena/alien-arena-server.`basename $1`.pid"
++mkdir $HOME/.config/alien-arena
++aapid="$HOME/.config/alien-arena/alien-arena-server.`basename $1`.pid"
+fi
cd $aadir
Modified: packages/trunk/alien-arena/debian/patches/makefile_modifications.patch
===================================================================
--- packages/trunk/alien-arena/debian/patches/makefile_modifications.patch 2010-05-08 15:01:20 UTC (rev 10970)
+++ packages/trunk/alien-arena/debian/patches/makefile_modifications.patch 2010-05-08 15:17:21 UTC (rev 10971)
@@ -1,7 +1,8 @@
+Index: alien-arena-7.33/source/Makefile
Description: Debian-compliance fixes to Makefile.
===================================================================
---- a/source/Makefile 2009-12-27 02:00:28.000000000 -0500
-+++ b/source/Makefile 2010-01-07 21:03:40.000000000 -0500
+--- alien-arena-7.33.orig/source/Makefile 2010-03-13 20:36:03.000000000 -0500
++++ alien-arena-7.33/source/Makefile 2010-03-13 20:36:47.000000000 -0500
@@ -14,7 +14,7 @@
OPTIM_LVL?=2
@@ -11,7 +12,13 @@
# Path to X libraries (e.g. GL).
X11BASE?=/usr/X11R6
-@@ -36,7 +36,7 @@
+@@ -31,12 +31,12 @@
+ VERSION= 1.40
+
+ ARCH:= $(shell uname -m)
+-OSTYPE:= $(shell uname -s | tr A-Z a-z)
++OSTYPE:= $(shell uname -s | sed 's,GNU/kFreeBSD,Linux,' | tr A-Z a-z)
+
MOUNT_DIR= ./
BUILD_RELEASE_DIR= release
Modified: packages/trunk/alien-arena/debian/patches/series
===================================================================
--- packages/trunk/alien-arena/debian/patches/series 2010-05-08 15:01:20 UTC (rev 10970)
+++ packages/trunk/alien-arena/debian/patches/series 2010-05-08 15:17:21 UTC (rev 10971)
@@ -3,4 +3,6 @@
rcon_tool_debianization.patch
home_as_game_dir.patch
fix-CVE-2007-4754-CVE-2007-4755.patch
+fix-server-dos.patch
+fix-client-buffer-overflow.patch
makefile_modifications.patch
Modified: packages/trunk/alien-arena/debian/rules
===================================================================
--- packages/trunk/alien-arena/debian/rules 2010-05-08 15:01:20 UTC (rev 10970)
+++ packages/trunk/alien-arena/debian/rules 2010-05-08 15:17:21 UTC (rev 10971)
@@ -19,7 +19,7 @@
fromdos: fromdos-stamp
fromdos-stamp:
dh_testdir
- fromdos source/server/sv_main.c
+ dos2unix source/server/sv_main.c
touch fromdos-stamp
build: fromdos build-stamp
@@ -40,7 +40,7 @@
todos:
dh_testdir
- todos source/server/sv_main.c
+ unix2dos source/server/sv_main.c
[ ! -f fromdos-stamp ] || rm fromdos-stamp
install: build
More information about the Pkg-games-commits
mailing list