Version in base suite: 3.1.4+ds-2

Base version: freeciv_3.1.4+ds-2
Target version: freeciv_3.1.4+ds-2+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/freeciv/freeciv_3.1.4+ds-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/f/freeciv/freeciv_3.1.4+ds-2+deb13u1.dsc

 changelog                    |    6 +
 patches/CVE-2026-33250.patch |  136 +++++++++++++++++++++++++++++++++++++++++++
 patches/series               |    1 
 3 files changed, 143 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmptkec2_3y/freeciv_3.1.4+ds-2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmptkec2_3y/freeciv_3.1.4+ds-2+deb13u1.dsc: no acceptable signature found
diff -Nru freeciv-3.1.4+ds/debian/changelog freeciv-3.1.4+ds/debian/changelog
--- freeciv-3.1.4+ds/debian/changelog	2025-03-07 13:17:12.000000000 +0000
+++ freeciv-3.1.4+ds/debian/changelog	2026-03-19 21:34:20.000000000 +0000
@@ -1,3 +1,9 @@
+freeciv (3.1.4+ds-2+deb13u1) trixie-security; urgency=medium
+
+  * CVE-2026-33250
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Thu, 19 Mar 2026 22:34:20 +0100
+
 freeciv (3.1.4+ds-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru freeciv-3.1.4+ds/debian/patches/CVE-2026-33250.patch freeciv-3.1.4+ds/debian/patches/CVE-2026-33250.patch
--- freeciv-3.1.4+ds/debian/patches/CVE-2026-33250.patch	1970-01-01 00:00:00.000000000 +0000
+++ freeciv-3.1.4+ds/debian/patches/CVE-2026-33250.patch	2026-03-19 21:34:16.000000000 +0000
@@ -0,0 +1,136 @@
+Patch by Marko Lindqvist <cazfi74@gmail.com>
+
+--- freeciv-3.1.4+ds.orig/client/clinet.c
++++ freeciv-3.1.4+ds/client/clinet.c
+@@ -414,7 +414,7 @@ void input_from_server(int fd)
+     agents_freeze_hint();
+     while (client.conn.used) {
+       enum packet_type type;
+-      void *packet = get_packet_from_connection(&client.conn, &type);
++      void *packet = get_packet_from_connection(&client.conn, &type, FALSE);
+ 
+       if (NULL != packet) {
+ 	client_packet_input(packet, type);
+@@ -455,7 +455,7 @@ void input_from_server_till_request_got_
+       enum packet_type type;
+ 
+       while (TRUE) {
+-	void *packet = get_packet_from_connection(&client.conn, &type);
++	void *packet = get_packet_from_connection(&client.conn, &type, FALSE);
+ 	if (NULL == packet) {
+ 	  break;
+ 	}
+--- freeciv-3.1.4+ds.orig/common/networking/packets.c
++++ freeciv-3.1.4+ds/common/networking/packets.c
+@@ -371,7 +371,8 @@ int send_packet_data(struct connection *
+   the function returns NULL.
+ **************************************************************************/
+ void *get_packet_from_connection_raw(struct connection *pc,
+-                                     enum packet_type *ptype)
++                                     enum packet_type *ptype,
++                                     bool recursed)
+ {
+   int len_read;
+   int whole_packet_len;
+@@ -407,6 +408,12 @@ void *get_packet_from_connection_raw(str
+    * changes, the protocol should probably be changed */
+   fc_assert(data_type_size(pc->packet_header.length) == 2);
+   if (len_read == JUMBO_SIZE) {
++    if (recursed) {
++      log_verbose("Got recursive jumbo packet. That's not acceptable. "
++                  "The connection will be closed now.");
++      connection_close(pc, "recursive jumbo packet");
++      return NULL;
++    }
+     compressed_packet = TRUE;
+     header_size = 6;
+     if (dio_input_remaining(&din) >= 4) {
+@@ -500,7 +507,7 @@ void *get_packet_from_connection_raw(str
+     log_compress("COMPRESS: decompressed %ld into %ld",
+                  compressed_size, decompressed_size);
+ 
+-    return get_packet_from_connection(pc, ptype);
++    return get_packet_from_connection(pc, ptype, TRUE);
+   }
+ #endif /* USE_COMPRESSION */
+ 
+--- freeciv-3.1.4+ds.orig/common/networking/packets.h
++++ freeciv-3.1.4+ds/common/networking/packets.h
+@@ -21,14 +21,14 @@ struct connection;
+ struct data_in;
+ 
+ /* utility */
+-#include "shared.h"		/* MAX_LEN_ADDR */
++#include "shared.h"             /* MAX_LEN_ADDR */
+ 
+ /* common */
+ #include "connection.h"		/* struct connection, MAX_LEN_* */
+ #include "diptreaty.h"
+ #include "effects.h"
+ #include "events.h"
+-#include "improvement.h"	/* bv_imprs */
++#include "improvement.h"        /* bv_imprs */
+ #include "player.h"
+ #include "requirements.h"
+ #include "spaceship.h"
+@@ -105,22 +105,25 @@ struct packet_handlers {
+ };
+ 
+ void *get_packet_from_connection_raw(struct connection *pc,
+-                                     enum packet_type *ptype);
++                                     enum packet_type *ptype,
++                                     bool recursed);
+ 
+ #ifdef FREECIV_JSON_CONNECTION
+-#define get_packet_from_connection(pc, ptype) get_packet_from_connection_json(pc, ptype)
++#define get_packet_from_connection(pc, ptype, recuirsed) \
++  get_packet_from_connection_json(pc, ptype)
+ #else
+-#define get_packet_from_connection(pc, ptype) get_packet_from_connection_raw(pc, ptype)
++#define get_packet_from_connection(pc, ptype, recursed) \
++  get_packet_from_connection_raw(pc, ptype, recursed)
+ #endif
+ 
+ void remove_packet_from_buffer(struct socket_packet_buffer *buffer);
+ 
+ void send_attribute_block(const struct player *pplayer,
+-			  struct connection *pconn);
++                          struct connection *pconn);
+ void generic_handle_player_attribute_chunk(struct player *pplayer,
+-					   const struct
+-					   packet_player_attribute_chunk
+-					   *chunk);
++                                           const struct
++                                           packet_player_attribute_chunk
++                                           *chunk);
+ void packet_handlers_fill_initial(struct packet_handlers *phandlers);
+ void packet_handlers_fill_capability(struct packet_handlers *phandlers,
+                                      const char *capability);
+@@ -136,8 +139,8 @@ void post_receive_packet_server_join_rep
+                                            packet_server_join_reply *packet);
+ 
+ void pre_send_packet_player_attribute_chunk(struct connection *pc,
+-					    struct packet_player_attribute_chunk
+-					    *packet);
++                                            struct packet_player_attribute_chunk
++                                            *packet);
+ 
+ const struct packet_handlers *packet_handlers_initial(void);
+ const struct packet_handlers *packet_handlers_get(const char *capability);
+--- freeciv-3.1.4+ds.orig/server/sernet.c
++++ freeciv-3.1.4+ds/server/sernet.c
+@@ -449,12 +449,12 @@ struct packet_to_handle {
+ };
+ 
+ /*************************************************************************//**
+-  Simplify a loop by wrapping get_packet_from_connection.
++  Simplify a loop by wrapping get_packet_from_connection().
+ *****************************************************************************/
+ static bool get_packet(struct connection *pconn, 
+                        struct packet_to_handle *ppacket)
+ {
+-  ppacket->data = get_packet_from_connection(pconn, &ppacket->type);
++  ppacket->data = get_packet_from_connection(pconn, &ppacket->type, FALSE);
+ 
+   return NULL != ppacket->data;
+ }
diff -Nru freeciv-3.1.4+ds/debian/patches/series freeciv-3.1.4+ds/debian/patches/series
--- freeciv-3.1.4+ds/debian/patches/series	2025-03-07 11:51:03.000000000 +0000
+++ freeciv-3.1.4+ds/debian/patches/series	2026-03-19 21:33:54.000000000 +0000
@@ -1,2 +1,3 @@
 themes_sdl_use_system_fonts.patch
 use-system-lua.patch
+CVE-2026-33250.patch