From 6f0398fdd5b2f06c09ac3cb0b3aabc2a29a78d82 Mon Sep 17 00:00:00 2001 From: Michael Sterrett Date: Fri, 9 Oct 2009 20:53:47 +0000 Subject: rev bump to get patch to fix Server DoS (bug #288295) Package-Manager: portage-2.1.6.13/cvs/Linux i686 --- games-strategy/dopewars/ChangeLog | 10 +++- games-strategy/dopewars/Manifest | 4 +- games-strategy/dopewars/dopewars-1.5.12-r2.ebuild | 69 ++++++++++++++++++++++ .../files/dopewars-1.5.12-CVE-2009-3591.patch | 20 +++++++ 4 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 games-strategy/dopewars/dopewars-1.5.12-r2.ebuild create mode 100644 games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch diff --git a/games-strategy/dopewars/ChangeLog b/games-strategy/dopewars/ChangeLog index 6d2cfa203cd0..abb22f971c15 100644 --- a/games-strategy/dopewars/ChangeLog +++ b/games-strategy/dopewars/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for games-strategy/dopewars -# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/games-strategy/dopewars/ChangeLog,v 1.21 2009/06/02 17:17:10 mr_bones_ Exp $ +# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/games-strategy/dopewars/ChangeLog,v 1.22 2009/10/09 20:53:46 mr_bones_ Exp $ + +*dopewars-1.5.12-r2 (09 Oct 2009) + + 09 Oct 2009; Michael Sterrett + +dopewars-1.5.12-r2.ebuild, +files/dopewars-1.5.12-CVE-2009-3591.patch: + rev bump to get patch to fix Server DoS (bug #288295) 02 Jun 2009; Michael Sterrett dopewars-1.5.12-r1.ebuild: diff --git a/games-strategy/dopewars/Manifest b/games-strategy/dopewars/Manifest index 11f0863e1b3f..24dd15d39a89 100644 --- a/games-strategy/dopewars/Manifest +++ b/games-strategy/dopewars/Manifest @@ -1,4 +1,6 @@ +AUX dopewars-1.5.12-CVE-2009-3591.patch 714 RMD160 5ed58ecbf762bbaa543299f708165aa2cb678501 SHA1 16316842973cd3d4e36db76ca01a00e52fa84807 SHA256 3de0776643b449d908dda43bb7e246a06da5ab8e81396974cb03a81bc8d9fca5 DIST dopewars-1.5.12.tar.gz 1419725 RMD160 66c86bceb67657a9fb2ef7944b1a069dafab8ae0 SHA1 ad46a38e225680e591b078eeec563d47b96684bc SHA256 23059dcdea96c6072b148ee21d76237ef3535e5be90b3b2d8239d150feee0c19 EBUILD dopewars-1.5.12-r1.ebuild 1660 RMD160 e022a2ea31298a329bf3bca70d22bc4919b03e82 SHA1 8fd0bd7efbdd9b3213ae5ebcaad3687c26f22c9e SHA256 95d0c9aecc77135b6c2b4906386f873622468e76c7caa78bffb384443946ab56 -MISC ChangeLog 5251 RMD160 d991948c678c894dedbfb0702ae568d73e1f7e53 SHA1 aa29ea2726e2b838690db55fb9b03c5ed468fae1 SHA256 dbfb80b551c3b0e2b850e75bff78e1fc7f203fec7ef15b0061ae13686eba94c4 +EBUILD dopewars-1.5.12-r2.ebuild 1652 RMD160 dc241f7d8997806db46beee0a88840627d8ba897 SHA1 6c49740b8771be2bd2e52504e1a2a16a1cd210de SHA256 48c4ecedc27da07ef7ac5fd6371436e44ae2561b7d0560df04bec3bb691652bd +MISC ChangeLog 5472 RMD160 6852ced16ab2afee0f1e0df5478f131980f3989a SHA1 7c3fa0c5b591d120221164231e97e8b464957522 SHA256 15a50cacec5fce5b425b0d41a9e7dac100c2467f1e2cae55c8f9acea1aeac2e5 MISC metadata.xml 158 RMD160 cbd9984bb6b426c8c9cee5022fe0a26261612fea SHA1 be5251fa1dacef5c41b74761bb1c8c54fb633b9e SHA256 1423a4fdd4a79b1728a2056d9e300f7e1074253095d82726218d9e9b953888a3 diff --git a/games-strategy/dopewars/dopewars-1.5.12-r2.ebuild b/games-strategy/dopewars/dopewars-1.5.12-r2.ebuild new file mode 100644 index 000000000000..2a9d7369719b --- /dev/null +++ b/games-strategy/dopewars/dopewars-1.5.12-r2.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/games-strategy/dopewars/dopewars-1.5.12-r2.ebuild,v 1.1 2009/10/09 20:53:46 mr_bones_ Exp $ + +EAPI=2 +inherit games + +DESCRIPTION="Re-Write of the game Drug Wars" +HOMEPAGE="http://dopewars.sourceforge.net/" +SRC_URI="mirror://sourceforge/dopewars/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="nls ncurses gtk gnome sdl" + +RDEPEND="ncurses? ( >=sys-libs/ncurses-5.2 ) + gtk? ( x11-libs/gtk+:2 ) + dev-libs/glib + nls? ( virtual/libintl ) + sdl? ( + media-libs/libsdl + media-libs/sdl-mixer + )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + nls? ( sys-devel/gettext )" + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2009-3591.patch + sed -i \ + -e "/priv_hiscore/ s:DPDATADIR:\"${GAMES_STATEDIR}\":" \ + -e "/\/doc\// s:DPDATADIR:\"/usr/share\":" \ + -e 's:index.html:html/index.html:' \ + src/dopewars.c \ + || die "sed failed" +} + +src_configure() { + local myservconf + + if ! use gtk ; then + myservconf="--disable-gui-client --disable-gui-server --disable-glibtest --disable-gtktest" + fi + + egamesconf \ + --disable-dependency-tracking \ + $(use_enable ncurses curses-client) \ + $(use_enable nls) \ + $(use_with sdl) \ + --without-esd \ + --enable-networking \ + --enable-plugins \ + ${myservconf} +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + dodoc AUTHORS ChangeLog NEWS README TODO + + dodir /usr/share + cd "${D}/${GAMES_DATADIR}" + use gnome && mv gnome "${D}/usr/share" || rm -rf gnome + mv pixmaps "${D}/usr/share" + dohtml -r doc/*/* + rm -rf doc + + prepgamesdirs +} diff --git a/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch b/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch new file mode 100644 index 000000000000..d657bf8744f1 --- /dev/null +++ b/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch @@ -0,0 +1,20 @@ +Patch for CVE-2009-3591 -- bug 288295. + +Fetched from upstream SVN: +http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1033&r2=1032&pathrev=1033 + +--- dopewars/trunk/src/serverside.c 2009/03/10 07:18:49 1032 ++++ dopewars/trunk/src/serverside.c 2009/10/05 04:11:32 1033 +@@ -504,6 +504,12 @@ + break; + case C_REQUESTJET: + i = atoi(Data); ++ /* Make sure value is within range */ ++ if (i < 0 || i >= NumLocation) { ++ dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"), ++ GetPlayerName(Play), Data); ++ break; ++ } + if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) { + if (CanRunHere(Play)) { + break; -- cgit v1.2.3-65-gdbad