Author: alfie
Date: 2009-02-24 17:51:10 +0000 (Tue, 24 Feb 2009)
New Revision: 8939
Added:
packages/trunk/wesnoth/debian/patches/03fix-server-dos
packages/trunk/wesnoth/debian/patches/04wesnoth-did-ai-fix
packages/trunk/wesnoth/debian/patches/05limit-mapsize
Modified:
packages/trunk/wesnoth/debian/changelog
packages/trunk/wesnoth/debian/control
packages/trunk/wesnoth/debian/patches/02wesnoth-nolog-desktop-file
packages/trunk/wesnoth/debian/patches/series
packages/trunk/wesnoth/debian/rules
packages/trunk/wesnoth/debian/wesnoth-data.install
Log:
unstable 1.4.7 update:
* Upload to fix several severe problems:
- Compile with --disable-python because the python AI support allowed to
break out of sandbox and allowed execution of abitrary code
(CVE-2009-0367, Upstream Bug #13048). Don't install data/ais into
wesnoth-data package anymore, and remove python-dev from
Build-Dependencies.
- Pull wesnoth-did-ai-fix patch from upstream svn r33013 to make it still
work after above changes.
- Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of
wesnoth/exhausting system memory (Upstream Bug #13031)
* Pulled patch fix-server-dos from upstream svn r33069 which fixes a DoS
pattern in the server, which came in a bit too late for the release
(CVE-2009-0366, Upstream Bug #13037)
Modified: packages/trunk/wesnoth/debian/changelog
===================================================================
--- packages/trunk/wesnoth/debian/changelog 2009-02-24 17:49:46 UTC (rev
8938)
+++ packages/trunk/wesnoth/debian/changelog 2009-02-24 17:51:10 UTC (rev
8939)
@@ -1,8 +1,21 @@
-wesnoth (1:1.4.7-4) unstable; urgency=low
+wesnoth (1:1.4.7-4) unstable; urgency=high
+ * Upload to fix several severe problems:
+ - Compile with --disable-python because the python AI support allowed to
+ break out of sandbox and allowed execution of abitrary code
+ (CVE-2009-0367, Upstream Bug #13048). Don't install data/ais into
+ wesnoth-data package anymore, and remove python-dev from
+ Build-Dependencies.
+ - Pull wesnoth-did-ai-fix patch from upstream svn r33013 to make it still
+ work after above changes.
+ - Pull limit-mapsize patch from upstream svn r32987 to avoid hanging of
+ wesnoth/exhausting system memory (Upstream Bug #13031)
+ * Pulled patch fix-server-dos from upstream svn r33069 which fixes a DoS
+ pattern in the server, which came in a bit too late for the release
+ (CVE-2009-0366, Upstream Bug #13037)
* Fix typo in wesnoth-tools package description noticed by Soliton, thanks.
- -- Gerfried Fuchs <[email protected]> Wed, 14 Jan 2009 18:58:54 +0100
+ -- Gerfried Fuchs <[email protected]> Tue, 24 Feb 2009 16:04:59 +0100
wesnoth (1:1.4.7-3) unstable; urgency=low
Modified: packages/trunk/wesnoth/debian/control
===================================================================
--- packages/trunk/wesnoth/debian/control 2009-02-24 17:49:46 UTC (rev
8938)
+++ packages/trunk/wesnoth/debian/control 2009-02-24 17:51:10 UTC (rev
8939)
@@ -4,7 +4,7 @@
Maintainer: Debian Games Team <[email protected]>
Build-Depends: debhelper (>= 5), quilt, libsdl-image1.2-dev, libfreetype6-dev,
libsdl-mixer1.2-dev, libsdl-net1.2-dev, libfribidi-dev, libsdl1.2-dev,
- python-dev (>= 2.3), python-support,
+ python-support,
libboost-iostreams-dev, libboost-test-dev
Standards-Version: 3.8.0
Uploaders: Isaac Clerencia <[email protected]>, Cyril Bouthors
<[email protected]>, Gerfried Fuchs <[email protected]>
Modified: packages/trunk/wesnoth/debian/patches/02wesnoth-nolog-desktop-file
===================================================================
--- packages/trunk/wesnoth/debian/patches/02wesnoth-nolog-desktop-file
2009-02-24 17:49:46 UTC (rev 8938)
+++ packages/trunk/wesnoth/debian/patches/02wesnoth-nolog-desktop-file
2009-02-24 17:51:10 UTC (rev 8939)
@@ -1,10 +1,10 @@
Author: Gerfried Fuchs <[email protected]> vim:ft=diff:
Description: call wesnoth-nolog from desktop file, too
-Index: wesnoth-1.4.2/icons/wesnoth.desktop
+Index: wesnoth-1.4.7/icons/wesnoth.desktop
===================================================================
---- wesnoth-1.4.2.orig/icons/wesnoth.desktop
-+++ wesnoth-1.4.2/icons/wesnoth.desktop
+--- wesnoth-1.4.7.orig/icons/wesnoth.desktop
++++ wesnoth-1.4.7/icons/wesnoth.desktop
@@ -44,6 +44,6 @@ Comment[sk]=Ťahová strategická hra z
Comment[sr]=Фантазијска стратешка игра на потезе
comment...@latin]=fantazijska strateška igra na poteze
Added: packages/trunk/wesnoth/debian/patches/03fix-server-dos
===================================================================
--- packages/trunk/wesnoth/debian/patches/03fix-server-dos
(rev 0)
+++ packages/trunk/wesnoth/debian/patches/03fix-server-dos 2009-02-24
17:51:10 UTC (rev 8939)
@@ -0,0 +1,19 @@
+Author: dave vim:ft=diff:
+Description: fixed DoS attack using z compressed WML on server
+ (upstream svn r33069)
+
+Index: wesnoth-1.4.7/src/server/simple_wml.cpp
+===================================================================
+--- wesnoth-1.4.7.orig/src/server/simple_wml.cpp
++++ wesnoth-1.4.7/src/server/simple_wml.cpp
+@@ -27,6 +27,10 @@ char* uncompress_buffer(const string_spa
+ int len = 0;
+ int pos = 0;
+ while(filter.good() && (len = filter.read(&buf[pos],
chunk_size).gcount()) == chunk_size) {
++ if(pos + chunk_size > 40000000) {
++ throw error("WML document exceeds 40MB limit");
++ }
++
+ pos += len;
+ buf.resize(pos + chunk_size);
+ len = 0;
Added: packages/trunk/wesnoth/debian/patches/04wesnoth-did-ai-fix
===================================================================
--- packages/trunk/wesnoth/debian/patches/04wesnoth-did-ai-fix
(rev 0)
+++ packages/trunk/wesnoth/debian/patches/04wesnoth-did-ai-fix 2009-02-24
17:51:10 UTC (rev 8939)
@@ -0,0 +1,28 @@
+Author: zookeeper vim:ft=diff:
+Description: Removed kamikaze.py and replaced it with a crude WML workaround
+ for now. (upstream svn r33013)
+
+Index:
wesnoth-1.4.7/data/campaigns/Descent_Into_Darkness/scenarios/03_A_Haunting_in_Winter.cfg
+===================================================================
+---
wesnoth-1.4.7.orig/data/campaigns/Descent_Into_Darkness/scenarios/03_A_Haunting_in_Winter.cfg
++++
wesnoth-1.4.7/data/campaigns/Descent_Into_Darkness/scenarios/03_A_Haunting_in_Winter.cfg
+@@ -77,10 +77,16 @@
+ no_leader=yes
+ fog=no
+ shroud=no
+- # kamikaze.py heads straight for the leader of side 1 and attacks
+ [ai]
+- ai_algorithm=python_ai
+- python_script="../campaigns/Descent_Into_Darkness/ais/kamikaze.py"
++ aggression=4.0
++ caution=0.0
++ grouping=no
++ simple_targetting=yes
++ village_value=0
++ [target]
++ id=Malin Keshar
++ value=100
++ [/target]
+ [/ai]
+ [/side]
+
Added: packages/trunk/wesnoth/debian/patches/05limit-mapsize
===================================================================
--- packages/trunk/wesnoth/debian/patches/05limit-mapsize
(rev 0)
+++ packages/trunk/wesnoth/debian/patches/05limit-mapsize 2009-02-24
17:51:10 UTC (rev 8939)
@@ -0,0 +1,59 @@
+Author: ilor vim:ft=diff:
+Description: fix bug #13031 by implementing a hard limit on map size. The cap
+ is set to 200 tiles (so 200*200 is the max map area), and as of now is
+ a hardcoded constant in terrain_translation.cpp. (upstream svn r32987)
+
+Index: wesnoth-1.4.7/src/terrain_translation.cpp
+===================================================================
+--- wesnoth-1.4.7.orig/src/terrain_translation.cpp
++++ wesnoth-1.4.7/src/terrain_translation.cpp
+@@ -29,6 +29,10 @@
+
+ namespace t_translation {
+
++ size_t max_map_size() {
++ return 200; //TODO make this overridable by the user without having
to rebuild
++ }
++
+
/***************************************************************************************/
+ // forward declaration of internal functions
+
+@@ -312,6 +316,10 @@ t_map read_game_map(const std::string& s
+ ERR_G << "Map not a rectangle error
occured at line offset " << y << " position offset " << x << "\n";
+ throw error("Map not a rectangle.");
+ }
++ if (y > max_map_size()) {
++ ERR_G << "Map size exceeds limit (y > "
<< max_map_size() << ")\n";
++ throw error("Map height limit
exceeded.");
++ }
+ }
+
+ // Prepare next iteration
+@@ -334,6 +342,10 @@ t_map read_game_map(const std::string& s
+ } else {
+ ++x;
+ offset = pos_separator + 1;
++ if (x > max_map_size()) {
++ ERR_G << "Map size exceeds limit (x > " <<
max_map_size() << ")\n";
++ throw error("Map width limit exceeded.");
++ }
+ }
+
+ }
+Index: wesnoth-1.4.7/src/terrain_translation.hpp
+===================================================================
+--- wesnoth-1.4.7.orig/src/terrain_translation.hpp
++++ wesnoth-1.4.7/src/terrain_translation.hpp
+@@ -25,6 +25,12 @@
+
+ namespace t_translation {
+
++ /**
++ * Return the maximum allowed map size (in either dimension),
++ * the maximum map area is, therefore, this value squared.
++ */
++ size_t max_map_size();
++
+ typedef Uint32 t_layer;
+ const t_layer WILDCARD = 0x2A000000;
+ const t_layer NO_LAYER = 0xFFFFFFFF;
Property changes on: packages/trunk/wesnoth/debian/patches/05limit-mapsize
___________________________________________________________________
Name: svn:mergeinfo
+
Modified: packages/trunk/wesnoth/debian/patches/series
===================================================================
--- packages/trunk/wesnoth/debian/patches/series 2009-02-24 17:49:46 UTC
(rev 8938)
+++ packages/trunk/wesnoth/debian/patches/series 2009-02-24 17:51:10 UTC
(rev 8939)
@@ -1 +1,4 @@
02wesnoth-nolog-desktop-file
+03fix-server-dos
+04wesnoth-did-ai-fix
+05limit-mapsize
Modified: packages/trunk/wesnoth/debian/rules
===================================================================
--- packages/trunk/wesnoth/debian/rules 2009-02-24 17:49:46 UTC (rev 8938)
+++ packages/trunk/wesnoth/debian/rules 2009-02-24 17:51:10 UTC (rev 8939)
@@ -21,7 +21,7 @@
CFLAGS += -O2
endif
-CONFIGURE_SWITCHES = --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE)
--disable-rpath --prefix=/usr --mandir=\$${prefix}/share/man
--bindir=\$${prefix}/games --with-datadir-name=wesnoth
--with-localedir=\$${prefix}/share/locale --with-fifodir=/var/run/wesnothd
--datadir=\$${prefix}/share/games --enable-editor --enable-server
--enable-python --with-fribidi --enable-python-install CFLAGS="$(CFLAGS)"
LDFLAGS="-Wl,-z,defs"
+CONFIGURE_SWITCHES = --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE)
--disable-rpath --prefix=/usr --mandir=\$${prefix}/share/man
--bindir=\$${prefix}/games --with-datadir-name=wesnoth
--with-localedir=\$${prefix}/share/locale --with-fifodir=/var/run/wesnothd
--datadir=\$${prefix}/share/games --enable-editor --enable-server
--disable-python --with-fribidi --disable-python-install CFLAGS="$(CFLAGS)"
LDFLAGS="-Wl,-z,defs"
# calculate the version strings
Modified: packages/trunk/wesnoth/debian/wesnoth-data.install
===================================================================
--- packages/trunk/wesnoth/debian/wesnoth-data.install 2009-02-24 17:49:46 UTC
(rev 8938)
+++ packages/trunk/wesnoth/debian/wesnoth-data.install 2009-02-24 17:51:10 UTC
(rev 8939)
@@ -1,7 +1,6 @@
debian/overrides/wesnoth-data /usr/share/lintian/overrides
debian/tmp/usr/share/games/wesnoth/data/*.cfg
debian/tmp/usr/share/games/wesnoth/data/COPYING.txt
-debian/tmp/usr/share/games/wesnoth/data/ais
debian/tmp/usr/share/games/wesnoth/data/campaigns/tutorial
debian/tmp/usr/share/games/wesnoth/data/core/*.cfg
debian/tmp/usr/share/games/wesnoth/data/core/README
_______________________________________________
Pkg-games-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-games-commits
