[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#687600: unblock: openarena/0.8.8-5+deb7u1

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package openarena:

    unblock openarena/0.8.8-5+deb7u1

which fixes a remotely triggerable crash (NULL dereference) on servers.

diffstat for openarena-0.8.8 openarena-0.8.8

 changelog                                                        |    7 +++
 patches/0002-Fix-callvote-kick-player-does-not-exist-crash.patch |   20 ++++++++++
 patches/series                                                   |    1 
 3 files changed, 28 insertions(+)

diff -Nru openarena-0.8.8/debian/changelog openarena-0.8.8/debian/changelog
--- openarena-0.8.8/debian/changelog	2012-06-23 00:38:36.000000000 +0100
+++ openarena-0.8.8/debian/changelog	2012-09-14 08:02:50.000000000 +0100
@@ -1,3 +1,10 @@
+openarena (0.8.8-5+deb7u1) unstable; urgency=low
+
+  * Add patch from upstream to fix a client-triggerable server crash.
+    Thanks to Poul Sander and Markus Koschany (Closes: #681812)
+
+ -- Simon McVittie <smcv@debian.org>  Fri, 14 Sep 2012 07:52:53 +0100
+
 openarena (0.8.8-5) unstable; urgency=low
 
   * Don't refuse to start a new openarena-server if there's a stale
diff -Nru openarena-0.8.8/debian/patches/0002-Fix-callvote-kick-player-does-not-exist-crash.patch openarena-0.8.8/debian/patches/0002-Fix-callvote-kick-player-does-not-exist-crash.patch
--- openarena-0.8.8/debian/patches/0002-Fix-callvote-kick-player-does-not-exist-crash.patch	1970-01-01 01:00:00.000000000 +0100
+++ openarena-0.8.8/debian/patches/0002-Fix-callvote-kick-player-does-not-exist-crash.patch	2012-09-14 08:02:50.000000000 +0100
@@ -0,0 +1,20 @@
+Description: Fix for crashing the server by making a callvote to kick a player which does not exist
+Author: Poul Sander <sago007@gmail.com>
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681812
+Applied-Upstream: http://code.google.com/p/oax/source/detail?r=304
+Last-Update: 2012-09-13
+Tested-by: Markus Koschany <apo@gambaru.de>
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/code/game/g_cmds.c
++++ b/code/game/g_cmds.c
+@@ -1812,7 +1812,7 @@ void Cmd_CallVote_f( gentity_t *ent ) {
+ 		Com_sprintf( level.voteDisplayString, sizeof( level.voteDisplayString ), "Shuffle teams?" );
+         } else if ( !Q_stricmp( arg1, "kick" ) ) {
+                 i = 0;
+-                while(Q_stricmp(arg2,(g_entities+i)->client->pers.netname)) {
++ 		while( !(g_entities+i) || !((g_entities+i)->client) || Q_stricmp(arg2,(g_entities+i)->client->pers.netname)) {
+                     //Not client i, try next
+                     i++;
+                     if(i>=MAX_CLIENTS){ //Only numbers <128 is clients
diff -Nru openarena-0.8.8/debian/patches/series openarena-0.8.8/debian/patches/series
--- openarena-0.8.8/debian/patches/series	2012-06-23 00:38:36.000000000 +0100
+++ openarena-0.8.8/debian/patches/series	2012-09-14 08:02:50.000000000 +0100
@@ -1,3 +1,4 @@
 0001-Use-a-cpp-macro-for-the-game-code-version-so-package.patch
+0002-Fix-callvote-kick-player-does-not-exist-crash.patch
 0031-Fix-FTBFS-on-kFreeBSD.patch
 0040-Add-OPENARENA_081_COMPATIBLE-define-for-network-comp.patch
Reply to: