[redeclipse/f17: 3/4] add security-text-command-fix.patch

Tue Aug 7 20:02:54 UTC 2012

commit 9c76c1c79d9a70017df87be3dea6c430312451b0
Author: Martin Erik Werner <martinerikwerner at gmail.com>
Date:   Fri Jul 27 19:24:30 2012 +0200

    add security-text-command-fix.patch
    
    File access security fix.

 redeclipse.spec                 |    8 +++++++-
 security-text-command-fix.patch |   33 +++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletions(-)
---

diff --git a/redeclipse.spec b/redeclipse.spec
index 16f151e..66bb8e5 100644
--- a/redeclipse.spec
+++ b/redeclipse.spec
@@ -2,7 +2,7 @@ Summary:        Multiplayer FPS game based on Cube2
 Name:           redeclipse
 Group:          Amusements/Games
 Version:        1.2
-Release:        11%{?dist}
+Release:        12%{?dist}
 
 # Game engine is zlib
 # Icon and trademark info is CC-BY-SA
@@ -29,6 +29,7 @@ Patch1:         %{name}-%{version}-backported-fix-icon-sizes.patch
 # Build using external Enet library from Fedora
 # Not wanted upstream
 Patch2:         %{name}-%{version}-build-with-system-enet.patch
+Patch3:         %{name}-%{version}-security-text-command-fix.patch
 
 BuildRequires:  SDL-devel
 BuildRequires:  SDL_mixer-devel
@@ -106,6 +107,7 @@ cp %{SOURCE2} .
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 
 %build
@@ -168,6 +170,10 @@ fi
 
 
 %changelog
+* Fri Jul 27 2012 Martin Erik Werner <martinerikwerner at gmail.com>
+- 1.2-12
+- Add security-text-command-fix.patch
+
 * Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 
diff --git a/security-text-command-fix.patch b/security-text-command-fix.patch
new file mode 100644
index 0000000..2838f51
--- /dev/null
+++ b/security-text-command-fix.patch
@@ -0,0 +1,33 @@
+From 52fdd35c3ffc1ce2e568180eac2da93e179fef2a Mon Sep 17 00:00:00 2001
+From: eihrul <eihrul at 2cd6abe5-5779-42d9-9038-cec04ae5ff40>
+Date: Sun, 22 Jul 2012 21:22:55 +0000
+Subject: [PATCH] text command fix
+Comment:
+ Game maps can in cube2-engine games be transmitted either from server
+ to client or from client to client, which includes a config file
+ (mapname.cfg) which is in "cubescript" format, this makes it possible
+ for an attacker to send a malign script via a new map (which must be
+ chosen by admin on a server, or created in cooperative editing mode). A
+ script like this could trivially read/write to any files which the user
+ running the client has access to (it is executed when the client loads
+ the map).
+ .
+ This patch stops "textedit" commands being able to be run in map-run
+ scripts, thus disabling the ability to read/write to user files.
+
+git-svn-id: https://redeclipse.svn.sourceforge.net/svnroot/redeclipse@3764 2cd6abe5-5779-42d9-9038-cec04ae5ff40
+---
+ src/engine/textedit.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/engine/textedit.h
++++ b/src/engine/textedit.h
+@@ -690,7 +690,7 @@
+ 
+ #define TEXTCOMMAND(f, s, d, body) ICOMMAND(0, f, s, d,\
+     editor *top = currentfocus();\
+-    if(!top) return;\
++    if(!top || identflags&IDF_WORLD) return;\
+     body\
+ )
+ 
