add patch for a file access security fix

4082be4a · Martin Erik Werner · d93bd9f3 · 4082be4a · 4082be4a
Commit 4082be4a authored Aug 11, 2012 by Martin Erik Werner
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 4 deletions

redeclipse/PKGBUILD redeclipse/PKGBUILD +7 -4

redeclipse/security-text-command-fix.patch redeclipse/security-text-command-fix.patch +32 -0

No files found.
--- a/redeclipse/PKGBUILD
+++ b/redeclipse/PKGBUILD
@@ -5,7 +5,7 @@

 pkgname=redeclipse
 pkgver=1.2
-pkgrel=2
+pkgrel=3
 pkgdesc='A first-person shooter, built as a total conversion of Cube Engine 2.'
 arch=(i686 x86_64)
 url=http://redeclipse.net
@@ -14,11 +14,13 @@ depends=(enet libgl mesa sdl sdl_image sdl_mixer zlib hicolor-icon-theme)
 makedepends=('mesa' 'gzip' 'imagemagick')
 categories=('games')
 source=(http://downloads.sourceforge.net/$pkgname/${pkgname}_${pkgver}_linux_bsd.tar.bz2
-	system-libs.diff
-        no-x128-icon-since-old-imagemagick.diff)
+        system-libs.diff
+        no-x128-icon-since-old-imagemagick.diff
+        security-text-command-fix.patch)
 md5sums=('e133361f79be01782bf0bbc4c5a01236'
         'f34900e6c8247754800d8fba0600dfb7'
-         'd6c0c52a0e217e21f8951426fe40db18')
+         'd6c0c52a0e217e21f8951426fe40db18'
+         '89253e190972021c9e89b75d91ee408b')

 build() {
  cd "$srcdir/$pkgname/src"
@@ -26,6 +28,7 @@ build() {
  # Patches.
  patch -uN Makefile $srcdir/system-libs.diff
  patch -uN system-install.mk $srcdir/no-x128-icon-since-old-imagemagick.diff
+  patch -uN engine/textedit.h $srcdir/security-text-command-fix.patch

  # Compilation.
  make

--- a/redeclipse/security-text-command-fix.patch
+++ b/redeclipse/security-text-command-fix.patch
+Author: Lee "Eihrul" Salzman <lsalzman@gmail.com>
+Date: Sun, 22 Jul 2012 21:22:55 +0000
+Subject: text command fix
+Description: File access security fix
+ Game maps can in cube2-engine games be transmitted either from server
+ to client or from client to client, which includes a config file
+ (mapname.cfg) which is in "cubescript" format, this makes it possible
+ for an attacker to send a malign script via a new map (which must be
+ chosen by admin on a server, or created in cooperative editing mode). A
+ script like this could trivially read/write to any files which the user
+ running the client has access to (it is executed when the client loads
+ the map).
+ .
+ This patch stops "textedit" commands being able to be run in map-run
+ scripts, thus disabling the ability to read/write to user files.
+
+Origin: upstream, https://sourceforge.net/apps/trac/redeclipse/changeset/3764
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684143
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=846368
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/redeclipse/+bug/1034148
+
+--- a/src/engine/textedit.h
+++ b/src/engine/textedit.h
+@@ -690,7 +690,7 @@
+ 
+ #define TEXTCOMMAND(f, s, d, body) ICOMMAND(0, f, s, d,\
+     editor *top = currentfocus();\
+-    if(!top) return;\
+    if(!top || identflags&IDF_WORLD) return;\
+     body\
+ )
+