Date: Tue, 23 Nov 2010 21:42:12 GMT From: Koop Mast <kwm@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/152529: [Patch] Update games/openttd to 1.0.5 Message-ID: <201011232142.oANLgCuw048900@freefall.freebsd.org> Resent-Message-ID: <201011232150.oANLo8Mv049190@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 152529 >Category: ports >Synopsis: [Patch] Update games/openttd to 1.0.5 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Nov 23 21:50:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Koop Mast >Release: FreeBSD 8.1-STABLE i386 >Organization: >Environment: System: FreeBSD freefall.freebsd.org 8.1-STABLE FreeBSD 8.1-STABLE #2 r215627: Sun Nov 21 13:36:51 UTC 2010 simon@freefall.freebsd.org:/usr/obj/usr/src/sys/FREEFALL i386 >Description: Update OpenTTD to 1.0.5. And add vuxml entry for CVE-2010-4168. http://security.openttd.org/en/CVE-2010-4168 The patch is to silence some build warnings spam. >How-To-Repeat: >Fix: --- openttd-1.0.5.diff begins here --- Index: games/openttd/Makefile =================================================================== RCS file: /home/pcvs/ports/games/openttd/Makefile,v retrieving revision 1.31 diff -a -u -r1.31 Makefile --- games/openttd/Makefile 22 Aug 2010 12:30:53 -0000 1.31 +++ games/openttd/Makefile 23 Nov 2010 21:36:21 -0000 @@ -6,10 +6,9 @@ # PORTNAME= openttd -PORTVERSION= 1.0.3 +PORTVERSION= 1.0.5 CATEGORIES= games -MASTER_SITES= http://gb.binaries.openttd.org/binaries/releases/${PORTVERSION}/ \ - #SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION} +MASTER_SITES= http://gb.binaries.openttd.org/binaries/releases/${PORTVERSION}/ MAINTAINER= danfe@FreeBSD.org COMMENT= An open source clone of Microprose Transport Tycoon Deluxe @@ -21,7 +20,8 @@ CONFIGURE_ARGS= --prefix-dir="${PREFIX}" --data-dir="${DATADIR_REL}" USE_BZIP2= yes USE_GMAKE= yes -INSTALLS_ICONS= yes +# We don't use installs_icons because it depends on a program shipped with gtk20 +#INSTALLS_ICONS= yes MAKE_JOBS_SAFE= yes DISTVERSIONSUFFIX= -source Index: games/openttd/distinfo =================================================================== RCS file: /home/pcvs/ports/games/openttd/distinfo,v retrieving revision 1.21 diff -a -u -r1.21 distinfo --- games/openttd/distinfo 22 Aug 2010 12:30:53 -0000 1.21 +++ games/openttd/distinfo 23 Nov 2010 21:36:21 -0000 @@ -1,3 +1,2 @@ -MD5 (openttd-1.0.3-source.tar.bz2) = cff60c624913a491ed3c91474e845722 -SHA256 (openttd-1.0.3-source.tar.bz2) = f52f2381c678de024d26ee465c8203323eb3484300c4dc182c0d68c439ee8c57 -SIZE (openttd-1.0.3-source.tar.bz2) = 5395672 +SHA256 (openttd-1.0.5-source.tar.bz2) = c353626b16b4b781db3c3c61f0ad651f5701e50f87439c4005b4456b63db09f8 +SIZE (openttd-1.0.5-source.tar.bz2) = 5684796 Index: games/openttd/pkg-plist =================================================================== RCS file: /home/pcvs/ports/games/openttd/pkg-plist,v retrieving revision 1.13 diff -a -u -r1.13 pkg-plist --- games/openttd/pkg-plist 22 Aug 2010 12:30:53 -0000 1.13 +++ games/openttd/pkg-plist 23 Nov 2010 21:36:21 -0000 @@ -18,6 +18,7 @@ @dirrm %%DATADIR%%/data %%DATADIR%%/lang/afrikaans.lng %%DATADIR%%/lang/arabic_egypt.lng +%%DATADIR%%/lang/belarusian.lng %%DATADIR%%/lang/brazilian_portuguese.lng %%DATADIR%%/lang/bulgarian.lng %%DATADIR%%/lang/catalan.lng Index: games/openttd/files/patch-src_string-func.h =================================================================== RCS file: games/openttd/files/patch-src_string-func.h diff -N games/openttd/files/patch-src_string-func.h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ games/openttd/files/patch-src_string-func.h 23 Nov 2010 21:36:21 -0000 @@ -0,0 +1,12 @@ +--- src/string_func.h.orig 2010-10-10 09:15:22.000000000 +0200 ++++ src/string_func.h 2010-10-10 09:19:08.000000000 +0200 +@@ -252,7 +252,8 @@ + #endif + + /* strndup is a GNU extension */ +-#if defined(_GNU_SOURCE) || (defined(__NetBSD_Version__) && 400000000 <= __NetBSD_Version__) ++#if defined(_GNU_SOURCE) || (defined(__NetBSD_Version__) && 400000000 <= __NetBSD_Version__) || \ ++ defined(__FreeBSD__) + # undef DEFINE_STRNDUP + #else + # define DEFINE_STRNDUP Index: security/vuxml/vuln.xml =================================================================== RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2253 diff -a -u -r1.2253 vuln.xml --- security/vuxml/vuln.xml 23 Nov 2010 19:02:12 -0000 1.2253 +++ security/vuxml/vuln.xml 23 Nov 2010 21:36:28 -0000 @@ -34,6 +34,34 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="373e412e-f748-11df-96cd-0015f2db7bde"> + <topic>OpenTTD -- Denial of service (server/client) via invalid read</topic> + <affects> + <package> + <name>openttd</name> + <range><ge>1.0.0</ge><lt>1.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The OpenTTD Team reports:</p> + <blockquote cite="http://security.openttd.org/en/CVE-2010-4168"> + <p>When a client disconnects, without sending the "quit" or "client + error" message, the server has a chance of reading and writing a + just freed piece of memory. </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2010-4168</cvename> + <url>http://security.openttd.org/en/CVE-2010-4168</url> + </references> + <dates> + <discovery>2010-11-20</discovery> + <entry>2010-11-23</entry> + </dates> + </vuln> + <vuln vid="a3314314-f731-11df-a757-0011098ad87f"> <topic>horde-base -- XSS: VCARD attachments vulnerability</topic> <affects> --- openttd-1.0.5.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011232142.oANLgCuw048900>