Bug#357645: debian patch
On Sat, Mar 18, 2006 at 01:54:29PM -0500, pryzbyj wrote:
> tag 357645 security
> thanks
>
> Interdiff patch now attached; somebody please help yourselves to the
> upload.
A revised patch with some enhancements
diff -u teg-0.11.1/debian/changelog teg-0.11.1/debian/changelog
--- teg-0.11.1/debian/changelog
+++ teg-0.11.1/debian/changelog
@@ -1,3 +1,16 @@
+teg (0.11.1-2.1) unstable; urgency=high
+
+ * QA upload.
+ * High urgency for security fix.
+ * Manually apply the changes made upstream to address remote DoS
+ [CAN-2006-1150]; Closes: #357645.
+ * Patch in the copyright holders.
+ * Remove build-stamp before other actions in the clean target.
+ * Drop the README, which mostly duplicated the description; add a homepage
+ pseudofield.
+
+ -- Justin Pryzby <justinpryzby@users.sf.net> Sat, 18 Mar 2006 14:34:43 -0500
+
teg (0.11.1-2) unstable; urgency=low
* QA upload.
diff -u teg-0.11.1/debian/control teg-0.11.1/debian/control
--- teg-0.11.1/debian/control
+++ teg-0.11.1/debian/control
@@ -17,0 +18,2 @@
+ .
+ Homepage: http://teg.sourceforge.net
diff -u teg-0.11.1/debian/rules teg-0.11.1/debian/rules
--- teg-0.11.1/debian/rules
+++ teg-0.11.1/debian/rules
@@ -20,8 +20,9 @@
clean:
dh_testdir
dh_testroot
+ rm -f ./build-stamp
[ ! -f Makefile ] || $(MAKE) distclean
- rm -f po/*.gmo build-stamp
+ rm -f po/*.gmo
dh_clean
binary-indep:
@@ -31,7 +32,7 @@
dh_testroot
GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL=yes \
$(MAKE) install DESTDIR=$(CURDIR)/debian/teg
- dh_installdocs README AUTHORS HACKING PEOPLE README.GGZ TODO
+ dh_installdocs AUTHORS HACKING PEOPLE README.GGZ TODO
dh_installmenu
dh_installman debian/tegserver.6 debian/tegclient.6 debian/tegrobot.6
dh_installchangelogs ChangeLog
diff -u teg-0.11.1/debian/copyright teg-0.11.1/debian/copyright
--- teg-0.11.1/debian/copyright
+++ teg-0.11.1/debian/copyright
@@ -4,8 +4,47 @@
It was downloaded from http://teg.sourceforge.net
Upstream Author: Ricardo Quesada <riq@core-sdi.com>
+Artwork by Wolfgang Morawetz (wfx) <wfx@users.sourceforge.net>
+Realist theme by Raymond Ostertag <raymond.linux@free.fr>
-Copyright: GPL
+See /usr/share/doc/teg/PEOPLE for a more complete list of
+contributors.
+
+Copyright (C) 2000-2002 Ricardo Quesada
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; only version 2 of the License
+
+./macros/ggz.m4
+dnl Copyright (C) 2001, 2002 Josef Spillner, dr_maux@users.sourceforge.net
+dnl This file has heavily been inspired by KDE's acinclude :)
+dnl It is published under the conditions of the GNU General Public License.
+
+./common/share.c
+./common/fcintl.h
+./common/support.c
+./common/support.h
+./client/gui-gnome/chatline.c
+./client/gui-gnome/chatline.h
+ Freeciv - Copyright (C) 1996 - A Kjeldberg, L Gregersen, P Unold
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+./common/my_inet_ntop.c
+Copyright (c) 1996-1999 by Internet Software Consortium.
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+./client/gui-gnome/stock.c
+./client/gui-gnome/stock.h
+Author: Federico Mena-Quintero <federico@gimp.org>
+Copyright (C) 1999 The Free Software Foundation
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; only version 2 of the License
On Debian GNU/Linux systems, the text of the GPL can be found in
/usr/share/common-licenses/GPL.
only in patch2:
unchanged:
--- teg-0.11.1.orig/server/player.c
+++ teg-0.11.1/server/player.c
@@ -599,10 +599,10 @@
new_name[n] = '_';
player_fillname( pJ, new_name );
} else {
- if( new_name[n] < '0' || new_name[n] > '9' )
- new_name[n]='0';
+ if( new_name[n-1] < '0' || new_name[n-1] > '9' )
+ new_name[n-1]='0';
else
- new_name[n]++;
+ new_name[n-1]++;
player_fillname( pJ, new_name );
}
}
Reply to: