Bug 184434 - [patch] security/vuxml openttd: Denial of service (server) using forcefully crashed aircrafts.
Summary: [patch] security/vuxml openttd: Denial of service (server) using forcefully c...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Ports Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-02 13:50 UTC by ru_M1cRO
Modified: 2013-12-03 06:31 UTC (History)
0 users

See Also:


Attachments
file.diff (1.57 KB, patch)
2013-12-02 13:50 UTC, ru_M1cRO
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description ru_M1cRO 2013-12-02 13:50:00 UTC
[patch] security/vuxml openttd: Denial of service (server) using forcefully crashed aircrafts.

Fix: Patch was attached or there: http://m1cro.tk/ports/security/vuxml/vuxml_openttd-1.3.3.patch

Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-12-02 13:50:25 UTC
Responsible Changed
From-To: freebsd-ports-bugs->ports-secteam

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2013-12-03 06:28:11 UTC
Author: danfe
Date: Tue Dec  3 06:28:03 2013
New Revision: 335546
URL: http://svnweb.freebsd.org/changeset/ports/335546

Log:
  Update to version 1.3.3, which fixes an important crashy bug: denial of
  service (server) using forcefully crashed aircrafts.
  
  While here, reduce the diffs between other OpenTTD's VuXML entries; and
  limit build logs verbosity to bulk package builders (or batch builds).
  
  PR:		ports/184434, ports/184435
  Submitted by:	Ilya A. Arkhipov
  Security:	CVE-2013-6411

Modified:
  head/games/openttd/Makefile
  head/games/openttd/distinfo
  head/security/vuxml/vuln.xml

Modified: head/games/openttd/Makefile
==============================================================================
--- head/games/openttd/Makefile	Tue Dec  3 02:37:51 2013	(r335545)
+++ head/games/openttd/Makefile	Tue Dec  3 06:28:03 2013	(r335546)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	openttd
-PORTVERSION=	1.3.2
+PORTVERSION=	1.3.3
 CATEGORIES=	games
 MASTER_SITES=	http://ftp.snt.utwente.nl/pub/games/openttd/binaries/releases/${PORTVERSION}/ \
 		http://us.binaries.openttd.org/binaries/releases/${PORTVERSION}/
@@ -21,7 +21,10 @@ USE_XZ=		yes
 HAS_CONFIGURE=	yes
 CONFIGURE_ENV=	STRIP="${STRIP_CMD} ${STRIP}"
 CONFIGURE_ARGS=	--prefix-dir="${PREFIX}" --data-dir="${DATADIR_REL}"
-MAKE_ARGS=	VERBOSE=1		# We want to see what's going on
+
+.if defined(BATCH) || defined(PACKAGE_BUILDING)
+MAKE_ARGS=	VERBOSE=1
+.endif
 
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
 CXXFLAGS=	# Set to empty as OpenTTD treats it as an addition to CFLAGS

Modified: head/games/openttd/distinfo
==============================================================================
--- head/games/openttd/distinfo	Tue Dec  3 02:37:51 2013	(r335545)
+++ head/games/openttd/distinfo	Tue Dec  3 06:28:03 2013	(r335546)
@@ -1,2 +1,2 @@
-SHA256 (openttd-1.3.2-source.tar.xz) = f6efc0cd0c4f4315a98844c331acc2e02322d5671ec376b9f0a11795b0eb270b
-SIZE (openttd-1.3.2-source.tar.xz) = 6347104
+SHA256 (openttd-1.3.3-source.tar.xz) = 6991ed2c0170481800c3a92a1b43546821a658de91d3ac7efe868588387eca5d
+SIZE (openttd-1.3.3-source.tar.xz) = 6370128

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Dec  3 02:37:51 2013	(r335545)
+++ head/security/vuxml/vuln.xml	Tue Dec  3 06:28:03 2013	(r335546)
@@ -51,6 +51,39 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="d2073237-5b52-11e3-80f7-c86000cbc6ec">
+    <topic>OpenTTD -- Denial of service using forcefully crashed aircrafts</topic>
+    <affects>
+      <package>
+	<name>openttd</name>
+	<range><ge>0.3.6</ge><lt>1.3.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The OpenTTD Team reports:</p>
+	<blockquote cite="https://security.openttd.org/en/CVE-2013-6411">
+	  <p>The problem is caused by incorrectly handling the fact that
+	    the aircraft circling the corner airport will be outside of the
+	    bounds of the map.  In the 'out of fuel' crash code the height
+	    of the tile under the aircraft is determined.  In this case
+	    that means a tile outside of the allocated map array, which
+	    could occasionally trigger invalid reads.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-6411</cvename>
+      <url>https://security.openttd.org/en/CVE-2013-6411</url>
+      <url>http://bugs.openttd.org/task/5820</url>
+      <url>http://vcs.openttd.org/svn/changeset/26134</url>
+    </references>
+    <dates>
+      <discovery>2013-11-28</discovery>
+      <entry>2013-11-28</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="620cf713-5a99-11e3-878d-20cf30e32f6d">
     <topic>monitorix -- serious bug in the built-in HTTP server</topic>
     <affects>
@@ -12132,7 +12165,7 @@ executed in your Internet Explorer while
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>OpenTTD reports:</p>
+	<p>The OpenTTD Team reports:</p>
 	<blockquote cite="http://security.openttd.org/en/CVE-2012-3436">
 	  <p>Denial of service (server) using ships on half tiles and
 	    landscaping.</p>
@@ -28394,7 +28427,7 @@ executed in your Internet Explorer while
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>OpenTTD project reports:</p>
+	<p>The OpenTTD Team reports:</p>
 	<blockquote cite="http://security.openttd.org/en/CVE-2010-2534">
 	  <p>When multiple commands are queued (at the server) for execution
 	    in the next game tick and an client joins the server can get into
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Alexey Dokuchaev freebsd_committer freebsd_triage 2013-12-03 06:30:05 UTC
State Changed
From-To: open->closed

Committed as part of r335546, thanks for your submission!