From owner-svn-ports-head@FreeBSD.ORG Tue Dec 3 06:28:05 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 264ABB91; Tue, 3 Dec 2013 06:28:05 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1045F1872; Tue, 3 Dec 2013 06:28:05 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rB36S4LD087956; Tue, 3 Dec 2013 06:28:04 GMT (envelope-from danfe@svn.freebsd.org) Received: (from danfe@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id rB36S4n6087952; Tue, 3 Dec 2013 06:28:04 GMT (envelope-from danfe@svn.freebsd.org) Message-Id: <201312030628.rB36S4n6087952@svn.freebsd.org> From: Alexey Dokuchaev Date: Tue, 3 Dec 2013 06:28:04 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r335546 - in head: games/openttd security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Dec 2013 06:28:05 -0000 Author: danfe Date: Tue Dec 3 06:28:03 2013 New Revision: 335546 URL: http://svnweb.freebsd.org/changeset/ports/335546 Log: Update to version 1.3.3, which fixes an important crashy bug: denial of service (server) using forcefully crashed aircrafts. While here, reduce the diffs between other OpenTTD's VuXML entries; and limit build logs verbosity to bulk package builders (or batch builds). PR: ports/184434, ports/184435 Submitted by: Ilya A. Arkhipov Security: CVE-2013-6411 Modified: head/games/openttd/Makefile head/games/openttd/distinfo head/security/vuxml/vuln.xml Modified: head/games/openttd/Makefile ============================================================================== --- head/games/openttd/Makefile Tue Dec 3 02:37:51 2013 (r335545) +++ head/games/openttd/Makefile Tue Dec 3 06:28:03 2013 (r335546) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openttd -PORTVERSION= 1.3.2 +PORTVERSION= 1.3.3 CATEGORIES= games MASTER_SITES= http://ftp.snt.utwente.nl/pub/games/openttd/binaries/releases/${PORTVERSION}/ \ http://us.binaries.openttd.org/binaries/releases/${PORTVERSION}/ @@ -21,7 +21,10 @@ USE_XZ= yes HAS_CONFIGURE= yes CONFIGURE_ENV= STRIP="${STRIP_CMD} ${STRIP}" CONFIGURE_ARGS= --prefix-dir="${PREFIX}" --data-dir="${DATADIR_REL}" -MAKE_ARGS= VERBOSE=1 # We want to see what's going on + +.if defined(BATCH) || defined(PACKAGE_BUILDING) +MAKE_ARGS= VERBOSE=1 +.endif WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} CXXFLAGS= # Set to empty as OpenTTD treats it as an addition to CFLAGS Modified: head/games/openttd/distinfo ============================================================================== --- head/games/openttd/distinfo Tue Dec 3 02:37:51 2013 (r335545) +++ head/games/openttd/distinfo Tue Dec 3 06:28:03 2013 (r335546) @@ -1,2 +1,2 @@ -SHA256 (openttd-1.3.2-source.tar.xz) = f6efc0cd0c4f4315a98844c331acc2e02322d5671ec376b9f0a11795b0eb270b -SIZE (openttd-1.3.2-source.tar.xz) = 6347104 +SHA256 (openttd-1.3.3-source.tar.xz) = 6991ed2c0170481800c3a92a1b43546821a658de91d3ac7efe868588387eca5d +SIZE (openttd-1.3.3-source.tar.xz) = 6370128 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Dec 3 02:37:51 2013 (r335545) +++ head/security/vuxml/vuln.xml Tue Dec 3 06:28:03 2013 (r335546) @@ -51,6 +51,39 @@ Note: Please add new entries to the beg --> + + OpenTTD -- Denial of service using forcefully crashed aircrafts + + + openttd + 0.3.61.3.3 + + + + +

The OpenTTD Team reports:

+
+

The problem is caused by incorrectly handling the fact that + the aircraft circling the corner airport will be outside of the + bounds of the map. In the 'out of fuel' crash code the height + of the tile under the aircraft is determined. In this case + that means a tile outside of the allocated map array, which + could occasionally trigger invalid reads.

+
+ +
+ + CVE-2013-6411 + https://security.openttd.org/en/CVE-2013-6411 + http://bugs.openttd.org/task/5820 + http://vcs.openttd.org/svn/changeset/26134 + + + 2013-11-28 + 2013-11-28 + +
+ monitorix -- serious bug in the built-in HTTP server @@ -12132,7 +12165,7 @@ executed in your Internet Explorer while -

OpenTTD reports:

+

The OpenTTD Team reports:

Denial of service (server) using ships on half tiles and landscaping.

@@ -28394,7 +28427,7 @@ executed in your Internet Explorer while -

OpenTTD project reports:

+

The OpenTTD Team reports:

When multiple commands are queued (at the server) for execution in the next game tick and an client joins the server can get into