diff -u wesnoth-1.1.8/debian/changelog wesnoth-1.1.8/debian/changelog --- wesnoth-1.1.8/debian/changelog +++ wesnoth-1.1.8/debian/changelog @@ -1,3 +1,15 @@ +wesnoth (1.1.8-1.1) edgy-security; urgency=low + + * SECURITY UPDATE: Fix insecure truncate of a multibyte chat message that + can lead to invalid utf-8 and throw an uncaught exception. Both wesnoth + client and server are affected. + * debian/patches/CVE-2007-3917: added, taken from Debian. + * debian/control: update Maintainer field as per spec. + * References: CVE-2007-3917. + LP: #158414. + + -- Emilio Pozuelo Monfort Mon, 29 Oct 2007 22:07:21 +0100 + wesnoth (1.1.8-1) unstable; urgency=low * New upstream release, diff -u wesnoth-1.1.8/debian/control wesnoth-1.1.8/debian/control --- wesnoth-1.1.8/debian/control +++ wesnoth-1.1.8/debian/control @@ -1,7 +1,8 @@ Source: wesnoth Section: games Priority: optional -Maintainer: Isaac Clerencia +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Isaac Clerencia Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.2.21), libsdl-image1.2-dev, libfreetype6-dev, libsdl-mixer1.2-dev, libsdl-net1.2-dev, libfribidi-dev, python-dev (>= 2.3) Standards-Version: 3.7.2 Uploaders: Cyril Bouthors only in patch2: unchanged: --- wesnoth-1.1.8.orig/debian/patches/CVE-2007-3917.patch +++ wesnoth-1.1.8/debian/patches/CVE-2007-3917.patch @@ -0,0 +1,59 @@ +diff -Nur wesnoth-1.2/src/display.cpp wesnoth-1.2.new/src/display.cpp +--- wesnoth-1.2/src/display.cpp 2006-11-05 18:20:46.000000000 +0100 ++++ wesnoth-1.2.new/src/display.cpp 2007-10-03 12:28:11.000000000 +0200 +@@ -2367,7 +2367,15 @@ + msg = message; + action = false; + } +- msg = font::word_wrap_text(msg,font::SIZE_SMALL,mapx()*3/4); ++ ++ try { ++ // We've had a joker who send an invalid utf-8 message to crash clients ++ // so now catch the exception and ignore the message. ++ msg = font::word_wrap_text(msg,font::SIZE_SMALL,mapx()*3/4); ++ } catch (utils::invalid_utf8_exception&) { ++ LOG_STREAM(err, engine) << "Invalid utf-8 found, chat message is ignored.\n"; ++ return; ++ } + + int ypos = chat_message_x; + for(std::vector::const_iterator m = chat_messages_.begin(); m != chat_messages_.end(); ++m) { +diff -Nur wesnoth-1.2/src/map_label.cpp wesnoth-1.2.new/src/map_label.cpp +--- wesnoth-1.2/src/map_label.cpp 2006-09-09 14:10:31.000000000 +0200 ++++ wesnoth-1.2.new/src/map_label.cpp 2007-10-03 12:28:11.000000000 +0200 +@@ -88,10 +88,14 @@ + + void map_labels::set_label(const gamemap::location& loc, const std::string& str, const SDL_Color colour) + { +- std::string text = str; +- if(text.size() > max_label_size) { +- text.resize(max_label_size); ++ // The actual data is wide_strings so test in wide_string mode ++ // also cutting a wide_string at an arbritary place gives odd ++ // problems. ++ wide_string tmp = utils::string_to_wstring(str); ++ if(tmp.size() > max_label_size) { ++ tmp.resize(max_label_size); + } ++ std::string text = utils::wstring_to_string(tmp); + + const label_map::iterator current_label = labels_.find(loc); + if(current_label != labels_.end()) { +diff -Nur wesnoth-1.2/src/server/server.cpp wesnoth-1.2.new/src/server/server.cpp +--- wesnoth-1.2/src/server/server.cpp 2006-10-26 17:07:17.000000000 +0200 ++++ wesnoth-1.2.new/src/server/server.cpp 2007-10-03 12:38:39.000000000 +0200 +@@ -78,9 +78,11 @@ + void truncate_message(t_string& str) + { + const size_t max_message_length = 240; +- std::string newstr = str.str(); +- newstr.resize(minimum(str.size(),max_message_length)); +- str = newstr; ++ // The string send can contain utf-8 so truncate as wide_string otherwise ++ // an corrupted utf-8 string can be returned. ++ wide_string newstr = utils::string_to_wstring(str.str()); ++ newstr.resize(minimum(newstr.size(),max_message_length)); ++ str = utils::wstring_to_string(newstr); + } + + }