Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hi, The openttd package contains a remote crash vulnerability that is easily exploited. Upstream will fix the bug in its upcoming release. Since that will be released in a few days, I will not provide complete details on the exploit, just the patch. Since openttd is in contrib, this fix is not going through the stable-security repository. The debdiff is below, most of the diff is putting the dpatch stuff (back) into place. Only the last chunk is the actual bugfix. Okay to upload this fixed package? Gr. Matthijs diff -u openttd-0.6.2/debian/control openttd-0.6.2/debian/control --- openttd-0.6.2/debian/control +++ openttd-0.6.2/debian/control @@ -3,7 +3,7 @@ Priority: optional Maintainer: Matthijs Kooijman <matth...@stdin.nl> Uploaders: Jordi Mallach <jo...@debian.org> -Build-Depends: debhelper (>= 4.0.0), libsdl-dev, zlib1g-dev, libpng-dev, libfreetype6-dev, libfontconfig-dev +Build-Depends: debhelper (>= 4.0.0), dpatch, libsdl-dev, zlib1g-dev, libpng-dev, libfreetype6-dev, libfontconfig-dev Standards-Version: 3.7.3 Vcs-Browser: http://svn.debian.org/wsvn/collab-maint/deb-maint/openttd/trunk/ Vcs-Svn: svn://svn.debian.org/svn/collab-maint/deb-maint/openttd/trunk diff -u openttd-0.6.2/debian/rules openttd-0.6.2/debian/rules --- openttd-0.6.2/debian/rules +++ openttd-0.6.2/debian/rules @@ -6,7 +6,9 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -configure: configure-stamp +include /usr/share/dpatch/dpatch.make + +configure: patch configure-stamp configure-stamp: dh_testdir # Add here commands to configure the package. @@ -27,7 +29,7 @@ touch build-stamp -clean: +clean: unpatch dh_testdir dh_testroot rm -f build-stamp configure-stamp @@ -89 +91 @@ -.PHONY: build clean binary-indep binary-arch binary install configure +.PHONY: build clean binary-indep binary-arch binary install configure patch diff -u openttd-0.6.2/debian/changelog openttd-0.6.2/debian/changelog --- openttd-0.6.2/debian/changelog +++ openttd-0.6.2/debian/changelog @@ -1,3 +1,11 @@ +openttd (0.6.2-1+lenny1) stable-security; urgency=high + + * [2e78e5e] Add dpatch machinery again. + * [32e6e00] Backport upstream r18462 to fix remote crash vulnerability + CVE-2009-4007. + + -- Matthijs Kooijman <matth...@stdin.nl> Tue, 22 Dec 2009 14:50:56 +0100 + openttd (0.6.2-1) unstable; urgency=low * New upstream release. only in patch2: unchanged: --- openttd-0.6.2.orig/debian/patches/00list +++ openttd-0.6.2/debian/patches/00list @@ -0,0 +1 @@ +01-fix-remote-crash only in patch2: unchanged: --- openttd-0.6.2.orig/debian/patches/01-fix-remote-crash.dpatch +++ openttd-0.6.2/debian/patches/01-fix-remote-crash.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## fix-remote-crash.dpatch by <matth...@stdin.nl> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix remote crash vulnerability. Upstream r18462. + +...@dpatch@ +diff -urNad openttd-git~/src/train_cmd.cpp openttd-git/src/train_cmd.cpp +--- openttd-git~/src/train_cmd.cpp 2009-12-16 12:36:00.000000000 +0100 ++++ openttd-git/src/train_cmd.cpp 2009-12-16 13:49:58.000000000 +0100 +@@ -996,10 +996,6 @@ + */ + static void NormaliseTrainConsist(Vehicle *v) + { +- if (IsFreeWagon(v)) return; +- +- assert(IsFrontEngine(v)); +- + for (; v != NULL; v = GetNextVehicle(v)) { + if (!IsMultiheaded(v) || !IsTrainEngine(v)) continue; + -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
