diff --git a/freeciv-security.patch b/freeciv-security.patch new file mode 100644 index 0000000..2b7122d --- /dev/null +++ b/freeciv-security.patch @@ -0,0 +1,24 @@ +diff -ur freeciv-2.0.8.OLD/common/packets.c freeciv-2.0.8/common/packets.c +--- freeciv-2.0.8.OLD/common/packets.c 2006-03-05 22:35:23.000000000 -0500 ++++ freeciv-2.0.8/common/packets.c 2006-08-01 10:47:33.000000000 -0400 +@@ -577,6 +577,7 @@ + chunk->total_length, chunk->chunk_length); + + if (chunk->total_length < 0 ++ || chunk->chunk_length < 0 + || chunk->total_length >= MAX_ATTRIBUTE_BLOCK + || chunk->offset < 0 + || chunk->offset + chunk->chunk_length > chunk->total_length +diff -ur freeciv-2.0.8.OLD/server/unithand.c freeciv-2.0.8/server/unithand.c +--- freeciv-2.0.8.OLD/server/unithand.c 2005-12-26 16:37:53.000000000 -0500 ++++ freeciv-2.0.8/server/unithand.c 2006-08-01 11:03:44.000000000 -0400 +@@ -1593,7 +1593,8 @@ + struct unit *punit = player_find_unit_by_id(pplayer, packet->unit_id); + int i; + +- if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE) { ++ if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE ++ || packet->length > MAX_LEN_ROUTE) { + return; + } + diff --git a/freeciv.spec b/freeciv.spec index 86c7920..dd38296 100644 --- a/freeciv.spec +++ b/freeciv.spec @@ -1,6 +1,6 @@ Name: freeciv Version: 2.0.8 -Release: 2%{?dist} +Release: 5%{?dist} Summary: The Freeciv multi-player strategy game Group: Amusements/Games @@ -12,6 +12,7 @@ Source2: %{name}-server.desktop Source3: %{name}.xpm Patch1: %{name}-desktop.patch Patch2: %{name}-aifill.patch +Patch3: %{name}-security.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gtk2-devel @@ -35,22 +36,29 @@ in order to become the leader of the greatest civilization. %setup -q -n %{name}-%{version} %patch1 -p1 -b .desktop %patch2 -p0 -b .aifill +%patch3 -p1 -b .security + %build %configure --enable-client=gtk2 make %{?_smp_mflags} + %install rm -rf $RPM_BUILD_ROOT %makeinstall desktop-file-install --vendor fedora --delete-original \ --dir $RPM_BUILD_ROOT%{_datadir}/applications \ + --remove-category=Strategy \ + --add-category=StrategyGame \ --add-category X-Fedora \ $RPM_BUILD_ROOT%{_datadir}/applications/%{name}.desktop desktop-file-install --vendor fedora \ --dir $RPM_BUILD_ROOT%{_datadir}/applications \ + --remove-category=Strategy \ + --add-category=StrategyGame \ --add-category X-Fedora \ %{SOURCE2} @@ -87,6 +95,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man6/civclient.6.gz %changelog +* Tue Aug 1 2006 Brian Pepple - 2.0.8-5 +- Add patch to fix CVE-2006-3913 vulnerability. (#200545) +- Replace desktop file category 'Strategy' with 'StrategyGame'. (#198086) + * Mon Mar 6 2006 Brian Pepple - 2.0.8-2 - Update to 2.0.8.