[redeclipse] 381/494: add security-text-command-fix.patch

Martin Werner arand-guest at moszumanska.debian.org
Sun Jun 21 20:52:54 UTC 2015 

This is an automated email from the git hooks/post-receive script.

arand-guest pushed a commit to branch debdir
in repository redeclipse.

commit 609f3d64f075c25f2c66d706ce734fd40b453066
Author: Martin Erik Werner <martinerikwerner at gmail.com>
Date:   Mon Jul 23 23:44:16 2012 +0200

    add security-text-command-fix.patch
    
    File access security fix.
---
 changelog                               |  4 +++-
 patches/security-text-command-fix.patch | 24 ++++++++++++++++++++++++
 patches/series                          |  1 +
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/changelog b/changelog
index 9c6b1cd..bef6d69 100644
--- a/changelog
+++ b/changelog
@@ -1,6 +1,6 @@
 redeclipse (1.2-3) UNRELEASED; urgency=low
 
-  * Add unversion lib dependency alternatives
+  * Add unversioned lib dependency alternatives
     - libgl1-mesa-dev | libgl-dev
     - libsdl1.2-dev | libsdl-dev
     - lib1g-dev | libz-dev
@@ -11,6 +11,8 @@ redeclipse (1.2-3) UNRELEASED; urgency=low
     - Removed build-with-debug-symbols.patch:
       Now handled in d/rules instead
   * Enable parallel build
+  * Add debian/patches/security-text-command-fix.patch
+    - File access security fix
 
  -- Martin Erik Werner <martinerikwerner at gmail.com>  Mon, 27 Feb 2012 13:53:19 +0100
 
diff --git a/patches/security-text-command-fix.patch b/patches/security-text-command-fix.patch
new file mode 100644
index 0000000..9121d8f
--- /dev/null
+++ b/patches/security-text-command-fix.patch
@@ -0,0 +1,24 @@
+From 52fdd35c3ffc1ce2e568180eac2da93e179fef2a Mon Sep 17 00:00:00 2001
+From: eihrul <eihrul at 2cd6abe5-5779-42d9-9038-cec04ae5ff40>
+Date: Sun, 22 Jul 2012 21:22:55 +0000
+Subject: [PATCH] text command fix
+Comment:
+ This patch fixes a file access security issue which could allow a remote
+ attacker access local files by transmitting map script files.
+
+git-svn-id: https://redeclipse.svn.sourceforge.net/svnroot/redeclipse@3764 2cd6abe5-5779-42d9-9038-cec04ae5ff40
+---
+ src/engine/textedit.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/engine/textedit.h
++++ b/src/engine/textedit.h
+@@ -690,7 +690,7 @@
+ 
+ #define TEXTCOMMAND(f, s, d, body) ICOMMAND(0, f, s, d,\
+     editor *top = currentfocus();\
+-    if(!top) return;\
++    if(!top || identflags&IDF_WORLD) return;\
+     body\
+ )
+ 
diff --git a/patches/series b/patches/series
index 15b0306..df1a5cf 100644
--- a/patches/series
+++ b/patches/series
@@ -2,3 +2,4 @@ windowed-by-default.patch
 build-with-system-enet.patch
 backported-fix-icon-sizes.patch
 build-with-ldflags.patch
+security-text-command-fix.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/redeclipse.git

More information about the Pkg-games-commits mailing list