Bug#357645: debian patch

To: 357645@bugs.debian.org
Subject: Bug#357645: debian patch
From: Justin Pryzby <justinpryzby@users.sourceforge.net>
Date: Sat, 18 Mar 2006 14:45:27 -0500
Message-id: <[🔎] 20060318194527.GA15329@andromeda>
Reply-to: Justin Pryzby <justinpryzby@users.sourceforge.net>, 357645@bugs.debian.org
In-reply-to: <[🔎] 20060318185429.GA12424@andromeda>
References: <[🔎] 20060318185429.GA12424@andromeda>

On Sat, Mar 18, 2006 at 01:54:29PM -0500, pryzbyj wrote:
> tag 357645 security
> thanks
> 
> Interdiff patch now attached; somebody please help yourselves to the
> upload.
A revised patch with some enhancements

diff -u teg-0.11.1/debian/changelog teg-0.11.1/debian/changelog
--- teg-0.11.1/debian/changelog
+++ teg-0.11.1/debian/changelog
@@ -1,3 +1,16 @@
+teg (0.11.1-2.1) unstable; urgency=high
+
+  * QA upload.
+  * High urgency for security fix.
+  * Manually apply the changes made upstream to address remote DoS
+    [CAN-2006-1150]; Closes: #357645.
+  * Patch in the copyright holders.
+  * Remove build-stamp before other actions in the clean target.
+  * Drop the README, which mostly duplicated the description; add a homepage
+    pseudofield.
+
+ -- Justin Pryzby <justinpryzby@users.sf.net>  Sat, 18 Mar 2006 14:34:43 -0500
+
 teg (0.11.1-2) unstable; urgency=low
 
   * QA upload.
diff -u teg-0.11.1/debian/control teg-0.11.1/debian/control
--- teg-0.11.1/debian/control
+++ teg-0.11.1/debian/control
@@ -17,0 +18,2 @@
+ .
+  Homepage: http://teg.sourceforge.net
diff -u teg-0.11.1/debian/rules teg-0.11.1/debian/rules
--- teg-0.11.1/debian/rules
+++ teg-0.11.1/debian/rules
@@ -20,8 +20,9 @@
 clean:
 	dh_testdir
 	dh_testroot
+	rm -f ./build-stamp
 	[ ! -f Makefile ] || $(MAKE) distclean
-	rm -f po/*.gmo build-stamp
+	rm -f po/*.gmo
 	dh_clean
 
 binary-indep:
@@ -31,7 +32,7 @@
 	dh_testroot
 	GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL=yes \
 	$(MAKE) install DESTDIR=$(CURDIR)/debian/teg
-	dh_installdocs README AUTHORS HACKING PEOPLE README.GGZ TODO
+	dh_installdocs AUTHORS HACKING PEOPLE README.GGZ TODO
 	dh_installmenu
 	dh_installman debian/tegserver.6 debian/tegclient.6 debian/tegrobot.6
 	dh_installchangelogs ChangeLog
diff -u teg-0.11.1/debian/copyright teg-0.11.1/debian/copyright
--- teg-0.11.1/debian/copyright
+++ teg-0.11.1/debian/copyright
@@ -4,8 +4,47 @@
 It was downloaded from http://teg.sourceforge.net
 
 Upstream Author: Ricardo Quesada <riq@core-sdi.com>
+Artwork by Wolfgang Morawetz (wfx) <wfx@users.sourceforge.net>
+Realist theme by Raymond Ostertag <raymond.linux@free.fr>
 
-Copyright: GPL
+See /usr/share/doc/teg/PEOPLE for a more complete list of
+contributors.
+
+Copyright (C) 2000-2002 Ricardo Quesada
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; only version 2 of the License
+
+./macros/ggz.m4
+dnl Copyright (C) 2001, 2002 Josef Spillner, dr_maux@users.sourceforge.net
+dnl This file has heavily been inspired by KDE's acinclude :)
+dnl It is published under the conditions of the GNU General Public License.
+
+./common/share.c
+./common/fcintl.h
+./common/support.c
+./common/support.h
+./client/gui-gnome/chatline.c
+./client/gui-gnome/chatline.h
+ Freeciv - Copyright (C) 1996 - A Kjeldberg, L Gregersen, P Unold
+         This program is free software; you can redistribute it and/or modify
+         it under the terms of the GNU General Public License as published by
+         the Free Software Foundation; either version 2, or (at your option)
+         any later version.
+
+./common/my_inet_ntop.c
+Copyright (c) 1996-1999 by Internet Software Consortium.
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+./client/gui-gnome/stock.c
+./client/gui-gnome/stock.h
+Author: Federico Mena-Quintero <federico@gimp.org>
+Copyright (C) 1999 The Free Software Foundation
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; only version 2 of the License
 
 On Debian GNU/Linux systems, the text of the GPL can be found in
 /usr/share/common-licenses/GPL.
only in patch2:
unchanged:
--- teg-0.11.1.orig/server/player.c
+++ teg-0.11.1/server/player.c
@@ -599,10 +599,10 @@
 			new_name[n] = '_';
 			player_fillname( pJ, new_name );
 		} else {
-			if( new_name[n] < '0' || new_name[n] > '9' )
-				new_name[n]='0';
+			if( new_name[n-1] < '0' || new_name[n-1] > '9' )
+				new_name[n-1]='0';
 			else
-				new_name[n]++;
+				new_name[n-1]++;
 			player_fillname( pJ, new_name );
 		}
 	}

Reply to:

References:
- Bug#357645: debian patch
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>

Prev by Date: Processed: debian patch
Next by Date: Processed: retitle 357645 to teg: [CAN-2006-1150] Remote DOS vulnerability
Previous by thread: Processed: debian patch
Next by thread: Processed: retitle 357645 to teg: [CAN-2006-1150] Remote DOS vulnerability
Index(es):
- Date
- Thread