rpms/freeciv/FC-4 freeciv-security.patch, NONE, 1.1 freeciv.spec, 1.16, 1.17

Brian Pepple (bpepple) fedora-extras-commits at redhat.com
Tue Aug 1 16:52:17 UTC 2006


Author: bpepple

Update of /cvs/extras/rpms/freeciv/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13763

Modified Files:
	freeciv.spec 
Added Files:
	freeciv-security.patch 
Log Message:
* Tue Aug  1 2006 Brian Pepple <bpepple at fedoraproject.org> - 2.0.8-3
- Add patch to fix CVE-2006-3913 vulnerability. (#200545)
- Replace desktop file category 'Strategy' with 'StrategyGame'. (#198086)


freeciv-security.patch:

--- NEW FILE freeciv-security.patch ---
diff -ur freeciv-2.0.8.OLD/common/packets.c freeciv-2.0.8/common/packets.c
--- freeciv-2.0.8.OLD/common/packets.c	2006-03-05 22:35:23.000000000 -0500
+++ freeciv-2.0.8/common/packets.c	2006-08-01 10:47:33.000000000 -0400
@@ -577,6 +577,7 @@
 	  chunk->total_length, chunk->chunk_length);
 
   if (chunk->total_length < 0
+      || chunk->chunk_length < 0
       || chunk->total_length >= MAX_ATTRIBUTE_BLOCK
       || chunk->offset < 0
       || chunk->offset + chunk->chunk_length > chunk->total_length
diff -ur freeciv-2.0.8.OLD/server/unithand.c freeciv-2.0.8/server/unithand.c
--- freeciv-2.0.8.OLD/server/unithand.c	2005-12-26 16:37:53.000000000 -0500
+++ freeciv-2.0.8/server/unithand.c	2006-08-01 11:03:44.000000000 -0400
@@ -1593,7 +1593,8 @@
   struct unit *punit = player_find_unit_by_id(pplayer, packet->unit_id);
   int i;
 
-  if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE) {
+  if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE
+      || packet->length > MAX_LEN_ROUTE) {
     return;
   }
 


Index: freeciv.spec
===================================================================
RCS file: /cvs/extras/rpms/freeciv/FC-4/freeciv.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- freeciv.spec	9 Mar 2006 15:09:53 -0000	1.16
+++ freeciv.spec	1 Aug 2006 16:52:17 -0000	1.17
@@ -1,6 +1,6 @@
 Name:           freeciv
 Version:        2.0.8
-Release:        1%{?dist}
+Release:        3%{?dist}
 Summary:        The Freeciv multi-player strategy game
 
 Group:          Amusements/Games
@@ -12,6 +12,7 @@
 Source3:	%{name}.xpm
 Patch1:		%{name}-desktop.patch
 Patch2:		%{name}-aifill.patch
+Patch3:		%{name}-security.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  gtk2-devel
@@ -35,6 +36,7 @@
 %setup -q -n %{name}-%{version}
 %patch1 -p1 -b .desktop
 %patch2 -p0 -b .aifill
+%patch3 -p1 -b .security
 
 %build
 %configure --enable-client=gtk2
@@ -47,11 +49,15 @@
 
 desktop-file-install --vendor fedora --delete-original	\
 	--dir $RPM_BUILD_ROOT%{_datadir}/applications	\
+	--remove-category=Strategy			\
+	--add-category=StrategyGame			\
 	--add-category X-Fedora				\
 	$RPM_BUILD_ROOT%{_datadir}/applications/%{name}.desktop
 
 desktop-file-install --vendor fedora			\
 	--dir $RPM_BUILD_ROOT%{_datadir}/applications  	\
+	--remove-category=Strategy			\
+	--add-category=StrategyGame			\
 	--add-category X-Fedora			        \
 	%{SOURCE2}
 
@@ -88,6 +94,10 @@
 %{_mandir}/man6/civclient.6.gz
 
 %changelog
+* Tue Aug  1 2006 Brian Pepple <bpepple at fedoraproject.org> - 2.0.8-3
+- Add patch to fix CVE-2006-3913 vulnerability. (#200545)
+- Replace desktop file category 'Strategy' with 'StrategyGame'. (#198086)
+
 * Thu Mar  9 2006 Brian Pepple <bdpepple at ameritech.net> - 2.0.8-1
 - Update to 2.0.8 (fixes #184507).
 - Remove unnecessary BR (alsa-lib-devel & SDL-devel).




More information about the scm-commits mailing list