rpms/vavoom/FC-6 vavoom-1.24-CVE-2007-4533-5.patch, NONE, 1.1 vavoom.spec, 1.1, 1.2
Hans de Goede (jwrdegoede)
fedora-extras-commits at redhat.com
Fri Aug 31 18:50:18 UTC 2007
- Previous message (by thread): rpms/vavoom/F-7 vavoom-1.24-CVE-2007-4533-5.patch,NONE,1.1
- Next message (by thread): rpms/metapixel/devel .cvsignore, 1.2, 1.3 metapixel-makefile.patch, 1.2, 1.3 metapixel.spec, 1.5, 1.6 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jwrdegoede
Update of /cvs/extras/rpms/vavoom/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2409
Modified Files:
vavoom.spec
Added Files:
vavoom-1.24-CVE-2007-4533-5.patch
Log Message:
* Fri Aug 31 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.24-3
- Fix some security issues in the server: CVE-2007-4533, CVE-2007-4534,
CVE-2007-4535 (bz 256621)
vavoom-1.24-CVE-2007-4533-5.patch:
--- NEW FILE vavoom-1.24-CVE-2007-4533-5.patch ---
--- trunk/vavoom/source/p_acs.cpp 2007/08/29 22:11:13 2684
+++ trunk/vavoom/source/p_acs.cpp 2007/08/31 16:30:40 2685
@@ -2486,7 +2486,7 @@
}
else
{
- BroadcastCentrePrintf(*PrintStr);
+ BroadcastCentrePrint(*PrintStr);
}
ACSVM_BREAK;
@@ -2649,7 +2649,7 @@
ACSVM_CASE(PCD_EndPrintBold)
//FIXME yellow message
PrintStr = PrintStr.EvalEscapeSequences();
- BroadcastCentrePrintf(*PrintStr);
+ BroadcastCentrePrint(*PrintStr);
ACSVM_BREAK;
// Extended P-Code commands.
@@ -2974,7 +2974,7 @@
}
else
{
- BroadcastCentrePrintf(*PrintStr);
+ BroadcastCentrePrint(*PrintStr);
}
sp = optstart - 6;
ACSVM_BREAK;
--- trunk/vavoom/source/p_thinker.cpp 2007/08/29 22:11:13 2684
+++ trunk/vavoom/source/p_thinker.cpp 2007/08/31 16:30:40 2685
@@ -294,6 +294,21 @@
//==========================================================================
//
+// VThinker::BroadcastPrint
+//
+//==========================================================================
+
+void VThinker::BroadcastPrint(const char *s)
+{
+ guard(VThinker::BroadcastPrint);
+ for (int i = 0; i < svs.max_clients; i++)
+ if (Level->Game->Players[i])
+ Level->Game->Players[i]->eventClientPrint(s);
+ unguard;
+}
+
+//==========================================================================
+//
// VThinker::BroadcastPrintf
//
//==========================================================================
@@ -308,9 +323,22 @@
vsprintf(buf, s, v);
va_end(v);
+ BroadcastPrint(buf);
+ unguard;
+}
+
+//==========================================================================
+//
+// VThinker::BroadcastCentrePrint
+//
+//==========================================================================
+
+void VThinker::BroadcastCentrePrint(const char *s)
+{
+ guard(VThinker::BroadcastCentrePrint);
for (int i = 0; i < svs.max_clients; i++)
if (Level->Game->Players[i])
- Level->Game->Players[i]->eventClientPrint(buf);
+ Level->Game->Players[i]->eventClientCentrePrint(s);
unguard;
}
@@ -330,9 +358,7 @@
vsprintf(buf, s, v);
va_end(v);
- for (int i = 0; i < svs.max_clients; i++)
- if (Level->Game->Players[i])
- Level->Game->Players[i]->eventClientCentrePrint(buf);
+ BroadcastCentrePrint(buf);
unguard;
}
@@ -444,7 +470,7 @@
{
VStr Msg = PF_FormatString();
P_GET_SELF;
- Self->BroadcastPrintf(*Msg);
+ Self->BroadcastPrint(*Msg);
}
IMPLEMENT_FUNCTION(VThinker, AllocDlight)
--- trunk/vavoom/source/sv_main.cpp 2007/08/29 22:11:13 2684
+++ trunk/vavoom/source/sv_main.cpp 2007/08/31 16:30:40 2685
@@ -1624,7 +1624,7 @@
Text += " ";
Text += Args[i];
}
- GLevelInfo->BroadcastPrintf(*Text);
+ GLevelInfo->BroadcastPrint(*Text);
GLevelInfo->StartSound(TVec(0, 0, 0), 0,
GSoundManager->GetSoundID("misc/chat"), 0, 1.0, 0);
unguard;
--- trunk/vavoom/source/p_thinker.h 2007/08/29 22:11:13 2684
+++ trunk/vavoom/source/p_thinker.h 2007/08/31 16:30:40 2685
@@ -76,7 +76,9 @@
void AddSoundSequenceChoice(vint32, VName);
void StopSoundSequence(vint32);
+ void BroadcastPrint(const char*);
void BroadcastPrintf(const char*, ...);
+ void BroadcastCentrePrint(const char*);
void BroadcastCentrePrintf(const char*, ...);
DECLARE_FUNCTION(Spawn)
--- trunk/vavoom/source/str.h 2007/08/31 16:30:40 2685
+++ trunk/vavoom/source/str.h 2007/08/31 17:25:55 2686
@@ -345,6 +345,8 @@
{
vint32 Len;
Strm << STRM_INDEX(Len);
+ if (Len < 0)
+ Len = 0;
S.Resize(Len);
if (Len)
Strm.Serialise(S.Str, Len + 1);
Index: vavoom.spec
===================================================================
RCS file: /cvs/extras/rpms/vavoom/FC-6/vavoom.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- vavoom.spec 21 May 2007 22:04:58 -0000 1.1
+++ vavoom.spec 31 Aug 2007 18:49:46 -0000 1.2
@@ -1,6 +1,6 @@
Name: vavoom
-Version: 1.23
-Release: 2%{?dist}
+Version: 1.24
+Release: 3%{?dist}
Summary: Enhanced Doom, Heretic, Hexen and Strife source port
Source0: http://downloads.sourceforge.net/vavoom/%{name}-%{version}.tar.bz2
Source1: doom.autodlrc
@@ -19,10 +19,10 @@
Source14: tux-b2f.png
Patch0: vavoom-1.21-datadir.patch
Patch1: vavoom-1.23-fixes.patch
-Patch2: vavoom-1.23-64bit.patch
+Patch2: vavoom-1.24-CVE-2007-4533-5.patch
URL: http://vavoom-engine.com/
Group: Amusements/Games
-License: GPL
+License: GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: SDL_mixer-devel SDL_net-devel libpng-devel libjpeg-devel
BuildRequires: libvorbis-devel mikmod-devel flac-devel openal-devel
@@ -41,7 +41,7 @@
%setup -q
%patch0 -p1 -b .datadir
%patch1 -p1 -b .fix
-%patch2 -p1 -b .64bit
+%patch2 -p2 -b .CVE
%build
@@ -51,8 +51,8 @@
# This one line sed command is easier than trying to muck with the Makefile
# to add the proper -D definition.
-%{__sed} -i "s|#define FL_BASEDIR.*|#define FL_BASEDIR \"%{_datadir}/%{name}\"|" source/files.h
-%{__sed} -i "s|#define CONFIG_FILE.*|#define CONFIG_FILE \"%{_sysconfdir}/timidity.cfg\"|" source/timidity/config.h
+sed -i "s|#define FL_BASEDIR.*|#define FL_BASEDIR \"%{_datadir}/%{name}\"|" source/files.h
+sed -i "s|#define CONFIG_FILE.*|#define CONFIG_FILE \"%{_sysconfdir}/timidity.cfg\"|" source/timidity/config.h
# The Makefile doesn't do parallel builds correctly. Don't add smp_mflags.
make
@@ -105,11 +105,15 @@
%post
touch --no-create %{_datadir}/icons/hicolor || :
-%{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || :
+if [ -x %{_bindir}/gtk-update-icon-cache ]; then
+ %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || :
+fi
%postun
touch --no-create %{_datadir}/icons/hicolor || :
-%{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || :
+if [ -x %{_bindir}/gtk-update-icon-cache ]; then
+ %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || :
+fi
%files
@@ -122,6 +126,17 @@
%changelog
+* Fri Aug 31 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.24-3
+- Fix some security issues in the server: CVE-2007-4533, CVE-2007-4534,
+ CVE-2007-4535 (bz 256621)
+
+* Wed Aug 15 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.24-2
+- Update License tag for new Licensing Guidelines compliance
+
+* Thu Jun 14 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.24-1
+- New upstream release 1.24
+- This also fixes bug 241611
+
* Sat May 19 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.23-2
- Add missing libjpeg-devel BuildRequires
- Previous message (by thread): rpms/vavoom/F-7 vavoom-1.24-CVE-2007-4533-5.patch,NONE,1.1
- Next message (by thread): rpms/metapixel/devel .cvsignore, 1.2, 1.3 metapixel-makefile.patch, 1.2, 1.3 metapixel.spec, 1.5, 1.6 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list