rev bump to get patch to fix Server DoS (bug #288295)

(Portage version: 2.1.6.13/cvs/Linux i686)
author: Michael Sterrett <mr_bones_@gentoo.org> 2009-10-09 20:53:47 +0000
committer: Michael Sterrett <mr_bones_@gentoo.org> 2009-10-09 20:53:47 +0000
commit: 6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76 (patch)
tree: 40852f5449f0bf345406ac91ecbad019266c4081 /games-strategy
parent: arm stable, bug #282290 (diff)
download: gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.tar.gz
gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.tar.bz2
gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.zip
3 files changed, 97 insertions, 2 deletions
diff --git a/games-strategy/dopewars/ChangeLog b/games-strategy/dopewars/ChangeLog
index 6d2cfa203cd0..abb22f971c15 100644
--- a/games-strategy/dopewars/ChangeLog
+++ b/games-strategy/dopewars/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for games-strategy/dopewars
-# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/games-strategy/dopewars/ChangeLog,v 1.21 2009/06/02 17:17:10 mr_bones_ Exp $
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/games-strategy/dopewars/ChangeLog,v 1.22 2009/10/09 20:53:46 mr_bones_ Exp $
+
+*dopewars-1.5.12-r2 (09 Oct 2009)
+
+  09 Oct 2009; Michael Sterrett <mr_bones_@gentoo.org>
+  +dopewars-1.5.12-r2.ebuild, +files/dopewars-1.5.12-CVE-2009-3591.patch:
+  rev bump to get patch to fix Server DoS (bug #288295)
 
   02 Jun 2009; Michael Sterrett <mr_bones_@gentoo.org>
   dopewars-1.5.12-r1.ebuild:
diff --git a/games-strategy/dopewars/dopewars-1.5.12-r2.ebuild b/games-strategy/dopewars/dopewars-1.5.12-r2.ebuild
new file mode 100644
index 000000000000..2a9d7369719b
--- /dev/null
+++ b/games-strategy/dopewars/dopewars-1.5.12-r2.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/games-strategy/dopewars/dopewars-1.5.12-r2.ebuild,v 1.1 2009/10/09 20:53:46 mr_bones_ Exp $
+
+EAPI=2
+inherit games
+
+DESCRIPTION="Re-Write of the game Drug Wars"
+HOMEPAGE="http://dopewars.sourceforge.net/"
+SRC_URI="mirror://sourceforge/dopewars/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="nls ncurses gtk gnome sdl"
+
+RDEPEND="ncurses? ( >=sys-libs/ncurses-5.2 )
+	gtk? ( x11-libs/gtk+:2 )
+	dev-libs/glib
+	nls? ( virtual/libintl )
+	sdl? (
+		media-libs/libsdl
+		media-libs/sdl-mixer
+	)"
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig
+	nls? ( sys-devel/gettext )"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2009-3591.patch
+	sed -i \
+		-e "/priv_hiscore/ s:DPDATADIR:\"${GAMES_STATEDIR}\":" \
+		-e "/\/doc\// s:DPDATADIR:\"/usr/share\":" \
+		-e 's:index.html:html/index.html:' \
+		src/dopewars.c \
+		|| die "sed failed"
+}
+
+src_configure() {
+	local myservconf
+
+	if ! use gtk ; then
+		myservconf="--disable-gui-client --disable-gui-server --disable-glibtest --disable-gtktest"
+	fi
+
+	egamesconf \
+		--disable-dependency-tracking \
+		$(use_enable ncurses curses-client) \
+		$(use_enable nls) \
+		$(use_with sdl) \
+		--without-esd \
+		--enable-networking \
+		--enable-plugins \
+		${myservconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+	dodoc AUTHORS ChangeLog NEWS README TODO
+
+	dodir /usr/share
+	cd "${D}/${GAMES_DATADIR}"
+	use gnome && mv gnome "${D}/usr/share" || rm -rf gnome
+	mv pixmaps "${D}/usr/share"
+	dohtml -r doc/*/*
+	rm -rf doc
+
+	prepgamesdirs
+}
diff --git a/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch b/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch
new file mode 100644
index 000000000000..d657bf8744f1
--- /dev/null
+++ b/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch
@@ -0,0 +1,20 @@
+Patch for CVE-2009-3591 -- bug 288295.
+
+Fetched from upstream SVN:
+http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1033&r2=1032&pathrev=1033
+
+--- dopewars/trunk/src/serverside.c	2009/03/10 07:18:49	1032
++++ dopewars/trunk/src/serverside.c	2009/10/05 04:11:32	1033
+@@ -504,6 +504,12 @@
+     break;
+   case C_REQUESTJET:
+     i = atoi(Data);
++    /* Make sure value is within range */
++    if (i < 0 || i >= NumLocation) {
++      dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"),
++              GetPlayerName(Play), Data);
++      break;
++    }
+     if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) {
+       if (CanRunHere(Play)) {
+         break;
author	Michael Sterrett <mr_bones_@gentoo.org>	2009-10-09 20:53:47 +0000
committer	Michael Sterrett <mr_bones_@gentoo.org>	2009-10-09 20:53:47 +0000
commit	6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76 (patch)
tree	40852f5449f0bf345406ac91ecbad019266c4081 /games-strategy
parent	arm stable, bug #282290 (diff)
download	gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.tar.gz gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.tar.bz2 gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.zip