![](https://seccdn.libravatar.org/avatar/af22e20b6884acbc89be6d7736c43e92.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package gtetrinet checked in at Thu Sep 14 18:43:08 CEST 2006. -------- --- GNOME/gtetrinet/gtetrinet.changes 2006-01-25 21:32:05.000000000 +0100 +++ gtetrinet/gtetrinet.changes 2006-08-16 16:17:24.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Aug 16 16:15:05 CEST 2006 - lmichnovic@suse.cz + +- fixed possible remote code execution [#199665] (sec_check.patch) + +------------------------------------------------------------------- New: ---- gtetrinet-0.7.9-sec_check.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gtetrinet.spec ++++++ --- /var/tmp/diff_new_pack.y7hC9a/_old 2006-09-14 18:41:38.000000000 +0200 +++ /var/tmp/diff_new_pack.y7hC9a/_new 2006-09-14 18:41:38.000000000 +0200 @@ -5,7 +5,7 @@ # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # -# Please submit bugfixes or comments via http://bugs.opensuse.org +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild @@ -19,18 +19,19 @@ Autoreqprov: on PreReq: filesystem gconf2 Version: 0.7.9 -Release: 1 -Summary: A client for the TetriNET game +Release: 19 +Summary: A Client for the TetriNET Game URL: http://gtetrinet.sourceforge.net/ Source: %{name}-%{version}.tar.bz2 Source1: tetrinet.txt Patch0: %{name}-%{version}.patch Patch1: gtetrinet-desktop.patch +Patch2: %{name}-%{version}-sec_check.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description GTetrinet is a client program for the popular Tetrinet game, a -multiplayer tetris game that is played over the internet. +multiplayer tetris game that is played over the Internet. @@ -46,6 +47,7 @@ cp %{S:1} . %patch0 %patch1 +%patch2 %build %{suse_update_config -f} @@ -91,6 +93,8 @@ %{sysconfdir}/gconf/schemas/gtetrinet.schemas %changelog -n gtetrinet +* Wed Aug 16 2006 - lmichnovic@suse.cz +- fixed possible remote code execution [#199665] (sec_check.patch) * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Tue Jan 03 2006 - lmichnovic@suse.cz ++++++ gtetrinet-0.7.9-sec_check.patch ++++++ --- src/tetrinet.c +++ src/tetrinet.c @@ -242,7 +242,7 @@ case IN_PLAYERNUM: pnumrec = 1; tmp_pnum = atoi (data); - if (tmp_pnum >= MAX_PLAYERS) + if (tmp_pnum >= MAX_PLAYERS || tmp_pnum <= 0) break; bigfieldnum = playernum = tmp_pnum; if (!connected) @@ -300,7 +300,7 @@ token = strtok (data, " "); if (token == NULL) break; pnum = atoi (token); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; token = strtok (NULL, ""); if (token == NULL) break; @@ -328,7 +328,7 @@ token = strtok (data, " "); if (token == NULL) break; pnum = atoi (token); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; if (!playercount) break; @@ -357,7 +357,7 @@ token = strtok (data, " "); if (token == NULL) break; pnum = atoi (token); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; if ((pnum == playernum) && !spectating) g_snprintf (buf, sizeof(buf), @@ -386,7 +386,7 @@ token = strtok (data, " "); if (token == NULL) break; pnum = atoi (token); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; token = strtok (NULL, ""); if (token == NULL) token = ""; @@ -405,7 +405,7 @@ token = strtok (data, " "); if (token == NULL) break; pnum = atoi (token); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; token = strtok (NULL, ""); if (token == NULL) token = ""; @@ -514,7 +514,7 @@ token = strtok (data, " "); if (token == NULL) break; pnum = atoi (token); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; token = strtok (NULL, ""); if (token == NULL) token = ""; @@ -526,7 +526,7 @@ { int pnum; pnum = atoi (data); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; /* player is out */ playerplaying[pnum] = 0; @@ -536,7 +536,7 @@ { int pnum; pnum = atoi (data); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; if (teamnames[pnum][0]) g_snprintf (buf, sizeof(buf), @@ -681,7 +681,7 @@ s = strtok (data, " "); if (s == NULL) break; pnum = atoi (s); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; s = strtok (NULL, ""); if (s == NULL) break; @@ -737,7 +737,7 @@ token = strtok (data, " "); if (token == NULL) break; pnum = atoi (token); - if (pnum >= MAX_PLAYERS) + if (pnum >= MAX_PLAYERS || pnum <= 0) break; token = strtok (NULL, ""); if (token == NULL) break; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@suse.de