Package: tremulous / 1.1.0-8~squeeze1
Metadata
Package | Version | Patches format |
---|---|---|
tremulous | 1.1.0-8~squeeze1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
0001 add upstream Makefile.patch | (download) |
Makefile |
1537 1537 + 0 - 0 ! |
[patch] add upstream makefile |
0002 Avoid building game logic as QVMs.patch | (download) |
Makefile |
2 1 + 1 - 0 ! |
[patch] avoid building game logic as qvms |
0003 Don t build q3lcc.patch | (download) |
Makefile |
4 2 + 2 - 0 ! |
[patch] don't build q3lcc |
0004 Use USER as default player name.patch | (download) |
src/client/cl_main.c |
8 7 + 1 - 0 ! |
[patch] use $user as default player name |
0005 Fix unaligned access issue.patch | (download) |
src/qcommon/vm_interpreted.c |
14 4 + 10 - 0 ! |
[patch] fix unaligned access issue Bug: http://bugzilla.icculus.org/show_bug.cgi?id=3756 Bug-Debian: http://bugs.debian.org/382121 |
0006 fix abuse of strcpy overlapping source and dest.patch | (download) |
src/botlib/l_precomp.c |
2 1 + 1 - 0 ! |
[patch] fix abuse of strcpy (overlapping source and dest) |
0007 Fix to disappearing cursor on map load Com_Error bug.patch | (download) |
src/ui/ui_main.c |
1 1 + 0 - 0 ! |
[patch] fix to disappearing cursor on map load com_error bug |
0008 Fixed sort by ping.patch | (download) |
ui/joinserver.menu |
2 1 + 1 - 0 ! |
[patch] fixed sort by ping |
0009 Disable JIT QVM interpreter on x86 64.patch | (download) |
Makefile |
2 1 + 1 - 0 ! |
[patch] disable jit qvm compiler on x86-64 It seems to crash on startup, and probably needs merging from ioquake3. I don't speak assembler, so let's use the tried-and-tested interpreter instead... |
0010 CVE 2006 2082 do not allow download of arbitrary fil.patch | (download) |
src/server/sv_client.c |
51 43 + 8 - 0 ! |
cve-2006-2082 - do not allow download of arbitrary files from a server Any file readable by the server user could be read, via ../ sequences. Original patches by Thilo Schulz, ioquake3 r777 (which fixed the vulnerability) and r781 (which fixed a regression in r777 where uninitialized variables led to some allowed downloads being rejected too). |
0011 CVE 2006 2236 add bounds checking to COM_StripExtens.patch | (download) |
src/cgame/cg_weapons.c |
6 3 + 3 - 0 ! |
cve-2006-2236 - add bounds-checking to com_stripextension This fixes the "remapShader" exploit by backporting ioquake3 r765, with a further change to avoid strncpy'ing a string into itself. Original patch by Thilo Schulz. |
0012 CVE 2006 2875 fix stack buffer overflow in CL_ParseD.patch | (download) |
src/client/cl_parse.c |
28 20 + 8 - 0 ! |
cve-2006-2875 - fix stack buffer overflow in cl_parsedownload This is exploitable by a modified server. Original patch by Thilo Schulz, ioquake3 r796. |
0013 CVE 2006 3324 fix arbitrary file overwrite on client.patch | (download) |
src/qcommon/files.c |
51 39 + 12 - 0 ! |
cve-2006-3324 - fix arbitrary file overwrite on client by malicious server Original patches by Thilo Schulz, ioquake3 r790, r794, r804. This commit also includes "a few sanity checks for checksum/pakname storage to fix a crash that can occur under certain circumstances", from r804 and r805. Bug-Debian: http://bugs.debian.org/660832 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2006-3324 |
0014 CVE 2006 3325 fix arbitrary cvar overwriting.patch | (download) |
src/client/cl_parse.c |
23 21 + 2 - 0 ! |
cve-2006-3325: fix arbitrary cvar overwriting Original patch by Thilo Schulz, ioquake3 r811. Bug-Debian: http://bugs.debian.org/660834 Bug-CVE: http://security-tracker.debian.org/tracker/CVE-2006-3325 |
0015 CVE 2011 3012 CVE 2011 2764 backport from ioquake3 t.patch | (download) |
src/qcommon/files.c |
34 34 + 0 - 0 ! |
cve-2011-3012, cve-2011-2764 - backport from ioquake3 to prevent dll overwriting This is a backport of several patches: * part of ioquake3 r1405, from TsT (attempt to prevent DLL overwriting, CVE-2011-3012) * part of ioquake3 r1456, from Patrick Baggett (using __func__) * ioquake3 r1499, from Tim Angus (fix potential buffer underrun) * ioquake3 r2098, from Thilo Schulz (fix incomplete DLL overwrite prevention in previous commits, CVE-2011-2764) |
0016 Always behave as if cl_allowDownload was false.patch | (download) |
src/client/cl_main.c |
7 5 + 2 - 0 ! |
always behave as if cl_allowdownload was false Even in current versions of ioquake3, it is not at all obvious whether running untrusted bytecode is safe. In this older version, it's certainly not safe, so let's knock out auto-downloading functionality. |
0017 Sys_Error do not overflow if an error message exceed.patch | (download) |
src/unix/unix_main.c |
2 1 + 1 - 0 ! |
sys_error: do not overflow if an error message exceeds 1024 characters Backport of ioquake3 r1141 by Thilo Schulz. Not known to be exploitable, but it can't hurt. If this turns out to be exploitable, please mention ioquake3 r1141 prominently in any advisory. |
0018 Avoid non literal format strings.patch | (download) |
src/botlib/be_aas_main.c |
2 1 + 1 - 0 ! |
avoid non-literal format strings This is a precautionary measure against potential exploits; none of these instances is known to be exploitable. |
0019 Annotate printf and scanf like functions with gcc at.patch | (download) |
src/botlib/be_aas_main.h |
2 1 + 1 - 0 ! |
annotate printf- and scanf-like functions with gcc attributes This isn't necessarily suitable for upstream (non-portable) but it makes -Werror=format-security work better. |
0020 Rate limit getstatus and rcon connectionless request.patch | (download) |
src/server/sv_main.c |
202 196 + 6 - 0 ! |
rate limit getstatus and rcon connectionless requests Backport of ioquake3 r1762, r1763, r1898, all by Tim Angus <tma>. This also incorporates a fix for a regression in r1762 in which the server would stop responding to getstatus after 2**32 ms (about 50 days). Changes to adapt to Tremulous: * Remove IPv6 support, Tremulous 1.1.0 does not do IPv6 * Do not assume that NA_BAD == 0 (in this older version it's 1), look for literal 0 as the indication that a hash bucket has only been zero-filled and not properly initialized * Remove cosmetic (whitespace/comment) changes |