[SCM] Packaging for the OpenArena engine branch, debian-squeeze, updated. debian/0.8.5-5+squeeze2-3-g1b76f3e

Simon McVittie smcv at debian.org
Tue Mar 27 09:59:33 UTC 2012 

The following commit has been merged in the debian-squeeze branch:
commit 3ae20e9d1d019b87c170b0388cac140e553acc6e
Author: Simon McVittie <smcv at debian.org>
Date:   Tue Mar 27 10:48:40 2012 +0100

    Incorporate ioquake3 r1763 into the patch for rate-limiting, to fix potential use of uninitialized variables if the network address family is unexpected

diff --git a/debian/changelog b/debian/changelog
index 17eb49d..fefd398 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ openarena (0.8.5-5+squeeze3) UNRELEASED; urgency=low
 
   * Add CVE reference to changelog and patch for previous version, now that
     one has been allocated
+  * Incorporate ioquake3 r1763 into the patch for rate-limiting, to fix
+    potential use of uninitialized variables if the network address family
+    is unexpected
 
  -- Simon McVittie <smcv at debian.org>  Tue, 27 Mar 2012 10:02:30 +0100
 
diff --git a/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch b/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
index 53580d5..628f85c 100644
--- a/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
+++ b/debian/patches/0043-Rate-limit-getstatus-and-rcon-connectionless-request.patch
@@ -1,8 +1,12 @@
 From: Tim Angus <tma>
 Date: Sun, 3 Jan 2010 22:12:20 +0000
-Subject: [PATCH] * Rate limit getstatus and rcon connectionless requests
+Subject: Rate limit getstatus and rcon connectionless requests
 
-Origin: upstream (ioquake3), commit:1762
+[This patch also includes r1763, fixing potential dereference of an
+uninitialized pointer if the network address family is neither IPv4 nor
+IPv6. -smcv]
+
+Origin: upstream (ioquake3), commit:1762, commit:1763
 Bug-Debian: http://bugs.debian.org/665656
 CVE: CVE-2010-5077
 ---
@@ -47,8 +51,8 @@ index 6215791..b88cc11 100644
 +================
 +*/
 +static long SVC_HashForAddress( netadr_t address ) {
-+	byte 		*ip;
-+	size_t	size;
++	byte 		*ip = NULL;
++	size_t	size = 0;
 +	int			i;
 +	long		hash = 0;
 +

-- 
Packaging for the OpenArena engine

More information about the Pkg-games-commits mailing list