Date: Tue, 3 Dec 2013 06:28:04 +0000 (UTC) From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r335546 - in head: games/openttd security/vuxml Message-ID: <201312030628.rB36S4n6087952@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: danfe Date: Tue Dec 3 06:28:03 2013 New Revision: 335546 URL: http://svnweb.freebsd.org/changeset/ports/335546 Log: Update to version 1.3.3, which fixes an important crashy bug: denial of service (server) using forcefully crashed aircrafts. While here, reduce the diffs between other OpenTTD's VuXML entries; and limit build logs verbosity to bulk package builders (or batch builds). PR: ports/184434, ports/184435 Submitted by: Ilya A. Arkhipov Security: CVE-2013-6411 Modified: head/games/openttd/Makefile head/games/openttd/distinfo head/security/vuxml/vuln.xml Modified: head/games/openttd/Makefile ============================================================================== --- head/games/openttd/Makefile Tue Dec 3 02:37:51 2013 (r335545) +++ head/games/openttd/Makefile Tue Dec 3 06:28:03 2013 (r335546) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openttd -PORTVERSION= 1.3.2 +PORTVERSION= 1.3.3 CATEGORIES= games MASTER_SITES= http://ftp.snt.utwente.nl/pub/games/openttd/binaries/releases/${PORTVERSION}/ \ http://us.binaries.openttd.org/binaries/releases/${PORTVERSION}/ @@ -21,7 +21,10 @@ USE_XZ= yes HAS_CONFIGURE= yes CONFIGURE_ENV= STRIP="${STRIP_CMD} ${STRIP}" CONFIGURE_ARGS= --prefix-dir="${PREFIX}" --data-dir="${DATADIR_REL}" -MAKE_ARGS= VERBOSE=1 # We want to see what's going on + +.if defined(BATCH) || defined(PACKAGE_BUILDING) +MAKE_ARGS= VERBOSE=1 +.endif WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} CXXFLAGS= # Set to empty as OpenTTD treats it as an addition to CFLAGS Modified: head/games/openttd/distinfo ============================================================================== --- head/games/openttd/distinfo Tue Dec 3 02:37:51 2013 (r335545) +++ head/games/openttd/distinfo Tue Dec 3 06:28:03 2013 (r335546) @@ -1,2 +1,2 @@ -SHA256 (openttd-1.3.2-source.tar.xz) = f6efc0cd0c4f4315a98844c331acc2e02322d5671ec376b9f0a11795b0eb270b -SIZE (openttd-1.3.2-source.tar.xz) = 6347104 +SHA256 (openttd-1.3.3-source.tar.xz) = 6991ed2c0170481800c3a92a1b43546821a658de91d3ac7efe868588387eca5d +SIZE (openttd-1.3.3-source.tar.xz) = 6370128 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Dec 3 02:37:51 2013 (r335545) +++ head/security/vuxml/vuln.xml Tue Dec 3 06:28:03 2013 (r335546) @@ -51,6 +51,39 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="d2073237-5b52-11e3-80f7-c86000cbc6ec"> + <topic>OpenTTD -- Denial of service using forcefully crashed aircrafts</topic> + <affects> + <package> + <name>openttd</name> + <range><ge>0.3.6</ge><lt>1.3.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The OpenTTD Team reports:</p> + <blockquote cite="https://security.openttd.org/en/CVE-2013-6411">; + <p>The problem is caused by incorrectly handling the fact that + the aircraft circling the corner airport will be outside of the + bounds of the map. In the 'out of fuel' crash code the height + of the tile under the aircraft is determined. In this case + that means a tile outside of the allocated map array, which + could occasionally trigger invalid reads.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-6411</cvename> + <url>https://security.openttd.org/en/CVE-2013-6411</url>; + <url>http://bugs.openttd.org/task/5820</url>; + <url>http://vcs.openttd.org/svn/changeset/26134</url>; + </references> + <dates> + <discovery>2013-11-28</discovery> + <entry>2013-11-28</entry> + </dates> + </vuln> + <vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d"> <topic>monitorix -- serious bug in the built-in HTTP server</topic> <affects> @@ -12132,7 +12165,7 @@ executed in your Internet Explorer while </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>OpenTTD reports:</p> + <p>The OpenTTD Team reports:</p> <blockquote cite="http://security.openttd.org/en/CVE-2012-3436">; <p>Denial of service (server) using ships on half tiles and landscaping.</p> @@ -28394,7 +28427,7 @@ executed in your Internet Explorer while </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; - <p>OpenTTD project reports:</p> + <p>The OpenTTD Team reports:</p> <blockquote cite="http://security.openttd.org/en/CVE-2010-2534">; <p>When multiple commands are queued (at the server) for execution in the next game tick and an client joins the server can get into
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312030628.rB36S4n6087952>