Hi Adam,
> The fix itself is fine. However, introducing new dependencies or patch
> systems is not an appropriate change to make in a stable update.
>
> If you were to upload an update which included the bugfix without the
> packaging changes then I'd be happy to accept that.
Ah right. I totally forgot that you can put changes to upstream sources
directly in the .diff.gz. I've just uploaded a version with just the upstream
patch, debdiff is below.
Gr.
Matthijs
diff -u openttd-0.6.2/debian/changelog openttd-0.6.2/debian/changelog
--- openttd-0.6.2/debian/changelog
+++ openttd-0.6.2/debian/changelog
@@ -1,3 +1,10 @@
+openttd (0.6.2-1+lenny1) stable; urgency=low
+
+ * Backport upstream r18462 to fix remote crash vulnerability
+ CVE-2009-4007.
+
+ -- Matthijs Kooijman <matthijs@stdin.nl> Wed, 23 Dec 2009 23:08:48 +0100
+
openttd (0.6.2-1) unstable; urgency=low
* New upstream release.
only in patch2:
unchanged:
--- openttd-0.6.2.orig/src/train_cmd.cpp
+++ openttd-0.6.2/src/train_cmd.cpp
@@ -996,10 +996,6 @@
*/
static void NormaliseTrainConsist(Vehicle *v)
{
- if (IsFreeWagon(v)) return;
-
- assert(IsFrontEngine(v));
-
for (; v != NULL; v = GetNextVehicle(v)) {
if (!IsMultiheaded(v) || !IsTrainEngine(v)) continue;
Attachment:
signature.asc
Description: Digital signature