Bug#562096: pu: package openttd/0.6.2-1+lenny1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
The openttd package contains a remote crash vulnerability that is easily
exploited. Upstream will fix the bug in its upcoming release. Since that
will be released in a few days, I will not provide complete details on
the exploit, just the patch.
Since openttd is in contrib, this fix is not going through the
stable-security repository.
The debdiff is below, most of the diff is putting the dpatch stuff
(back) into place. Only the last chunk is the actual bugfix.
Okay to upload this fixed package?
Gr.
Matthijs
diff -u openttd-0.6.2/debian/control openttd-0.6.2/debian/control
--- openttd-0.6.2/debian/control
+++ openttd-0.6.2/debian/control
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Matthijs Kooijman <matthijs@stdin.nl>
Uploaders: Jordi Mallach <jordi@debian.org>
-Build-Depends: debhelper (>= 4.0.0), libsdl-dev, zlib1g-dev, libpng-dev, libfreetype6-dev, libfontconfig-dev
+Build-Depends: debhelper (>= 4.0.0), dpatch, libsdl-dev, zlib1g-dev, libpng-dev, libfreetype6-dev, libfontconfig-dev
Standards-Version: 3.7.3
Vcs-Browser: http://svn.debian.org/wsvn/collab-maint/deb-maint/openttd/trunk/
Vcs-Svn: svn://svn.debian.org/svn/collab-maint/deb-maint/openttd/trunk
diff -u openttd-0.6.2/debian/rules openttd-0.6.2/debian/rules
--- openttd-0.6.2/debian/rules
+++ openttd-0.6.2/debian/rules
@@ -6,7 +6,9 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
-configure: configure-stamp
+include /usr/share/dpatch/dpatch.make
+
+configure: patch configure-stamp
configure-stamp:
dh_testdir
# Add here commands to configure the package.
@@ -27,7 +29,7 @@
touch build-stamp
-clean:
+clean: unpatch
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp
@@ -89 +91 @@
-.PHONY: build clean binary-indep binary-arch binary install configure
+.PHONY: build clean binary-indep binary-arch binary install configure patch
diff -u openttd-0.6.2/debian/changelog openttd-0.6.2/debian/changelog
--- openttd-0.6.2/debian/changelog
+++ openttd-0.6.2/debian/changelog
@@ -1,3 +1,11 @@
+openttd (0.6.2-1+lenny1) stable-security; urgency=high
+
+ * [2e78e5e] Add dpatch machinery again.
+ * [32e6e00] Backport upstream r18462 to fix remote crash vulnerability
+ CVE-2009-4007.
+
+ -- Matthijs Kooijman <matthijs@stdin.nl> Tue, 22 Dec 2009 14:50:56 +0100
+
openttd (0.6.2-1) unstable; urgency=low
* New upstream release.
only in patch2:
unchanged:
--- openttd-0.6.2.orig/debian/patches/00list
+++ openttd-0.6.2/debian/patches/00list
@@ -0,0 +1 @@
+01-fix-remote-crash
only in patch2:
unchanged:
--- openttd-0.6.2.orig/debian/patches/01-fix-remote-crash.dpatch
+++ openttd-0.6.2/debian/patches/01-fix-remote-crash.dpatch
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix-remote-crash.dpatch by <matthijs@stdin.nl>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix remote crash vulnerability. Upstream r18462.
+
+@DPATCH@
+diff -urNad openttd-git~/src/train_cmd.cpp openttd-git/src/train_cmd.cpp
+--- openttd-git~/src/train_cmd.cpp 2009-12-16 12:36:00.000000000 +0100
++++ openttd-git/src/train_cmd.cpp 2009-12-16 13:49:58.000000000 +0100
+@@ -996,10 +996,6 @@
+ */
+ static void NormaliseTrainConsist(Vehicle *v)
+ {
+- if (IsFreeWagon(v)) return;
+-
+- assert(IsFrontEngine(v));
+-
+ for (; v != NULL; v = GetNextVehicle(v)) {
+ if (!IsMultiheaded(v) || !IsTrainEngine(v)) continue;
+
Reply to: