Bug#1034164: unblock: teeworlds/0.7.5-2

Mon Apr 10 14:59:35 BST 2023

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
X-Debbugs-Cc: teeworlds at packages.debian.org, Moritz Muehlenhoff <jmm at debian.org>, carnil at debian.org
Control: affects -1 + src:teeworlds

Dear release team,

Please unblock package teeworlds

Moritz Muehlenhoff addressed with a targetted fix CVE-2021-43518,
#1009070 for teeworlds. It has been in unstable for 24 days, but needs
an explicit unblock. The issue would be classified no-dsa for bookworm
similar to bullseye, but as the fix is quite isolated might be worth
having it fixed in bookworm.

Attached is the full debdiff for the changes. I cannot say about
specific done tests on the package.

unblock teeworlds/0.7.5-2

Regards,
Salvatore
-------------- next part --------------
diff -Nru teeworlds-0.7.5/debian/changelog teeworlds-0.7.5/debian/changelog

--- teeworlds-0.7.5/debian/changelog	2020-08-30 15:38:14.000000000 +0200
+++ teeworlds-0.7.5/debian/changelog	2023-03-17 11:46:31.000000000 +0100
@@ -1,3 +1,10 @@
+teeworlds (0.7.5-2) unstable; urgency=medium
+
+  * Backport 91e5492d4c210f82f1ca6b43a73417fef5463368 as the hotfix
+    for CVE-2021-43518 (Closes: #1009070)
+
+ -- Moritz Muehlenhoff <jmm at debian.org>  Fri, 17 Mar 2023 11:46:31 +0100
+
 teeworlds (0.7.5-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru teeworlds-0.7.5/debian/patches/CVE-2021-43518.patch teeworlds-0.7.5/debian/patches/CVE-2021-43518.patch
--- teeworlds-0.7.5/debian/patches/CVE-2021-43518.patch	1970-01-01 01:00:00.000000000 +0100
+++ teeworlds-0.7.5/debian/patches/CVE-2021-43518.patch	2023-03-17 11:46:31.000000000 +0100
@@ -0,0 +1,34 @@
+Backport 91e5492d4c210f82f1ca6b43a73417fef5463368 as the hotfix for CVE-2021-43518
+
+--- teeworlds-0.7.5.orig/src/game/client/components/maplayers.cpp
++++ teeworlds-0.7.5/src/game/client/components/maplayers.cpp
+@@ -254,7 +254,7 @@ void CMapLayers::LoadEnvPoints(const CLa
+ 				p.m_Time = pEnvPoint_v1->m_Time;
+ 				p.m_Curvetype = pEnvPoint_v1->m_Curvetype;
+ 
+-				for(int c = 0; c < pItem->m_Channels; c++)
++				for(int c = 0; c < min(pItem->m_Channels, 4); c++)
+ 				{
+ 					p.m_aValues[c] = pEnvPoint_v1->m_aValues[c];
+ 					p.m_aInTangentdx[c] = 0;
+--- teeworlds-0.7.5.orig/src/game/editor/io.cpp
++++ teeworlds-0.7.5/src/game/editor/io.cpp
+@@ -478,7 +478,8 @@ int CEditorMap::Load(class IStorage *pSt
+ 			for(int e = 0; e < Num; e++)
+ 			{
+ 				CMapItemEnvelope *pItem = (CMapItemEnvelope *)DataFile.GetItem(Start+e, 0, 0);
+-				CEnvelope *pEnv = new CEnvelope(pItem->m_Channels);
++				const int Channels = min(pItem->m_Channels, 4);
++				CEnvelope *pEnv = new CEnvelope(Channels);
+ 				pEnv->m_lPoints.set_size(pItem->m_NumPoints);
+ 				for(int n = 0; n < pItem->m_NumPoints; n++)
+ 				{
+@@ -495,7 +496,7 @@ int CEditorMap::Load(class IStorage *pSt
+ 						pEnv->m_lPoints[n].m_Time = pEnvPoint_v1->m_Time;
+ 						pEnv->m_lPoints[n].m_Curvetype = pEnvPoint_v1->m_Curvetype;
+ 
+-						for(int c = 0; c < pItem->m_Channels; c++)
++						for(int c = 0; c < Channels; c++)
+ 						{
+ 							pEnv->m_lPoints[n].m_aValues[c] = pEnvPoint_v1->m_aValues[c];
+ 						}
diff -Nru teeworlds-0.7.5/debian/patches/series teeworlds-0.7.5/debian/patches/series
--- teeworlds-0.7.5/debian/patches/series	2020-08-30 15:38:14.000000000 +0200
+++ teeworlds-0.7.5/debian/patches/series	2023-03-17 11:46:31.000000000 +0100
@@ -5,3 +5,4 @@
 no-cmake.patch
 python3.patch
 new-wavpack.patch
+CVE-2021-43518.patch
