From 44b8132cea96f82444c631d4835ebb548486a921 Mon Sep 17 00:00:00 2001 From: agc Date: Mon, 8 Mar 2004 17:44:16 +0000 Subject: Pull up security fixes to the pkgsrc-2003Q4 branch, requested by Soren Jacobsen. Module Name: pkgsrc Committed By: snj Date: Sat Feb 28 18:36:38 UTC 2004 Modified Files: pkgsrc/games/xboing: Makefile distinfo pkgsrc/games/xboing/patches: patch-ad Added Files: pkgsrc/games/xboing/patches: patch-ae patch-af patch-ag patch-ah patch-ai Log Message: strcpy and sprintf are evil, don't use them. Inspired by similar changes in Debian. This fixes several locally exploitable vulnerabilities. --- games/xboing/Makefile | 4 ++-- games/xboing/distinfo | 7 ++++++- games/xboing/patches/patch-ae | 13 ++++++++++++ games/xboing/patches/patch-af | 31 +++++++++++++++++++++++++++ games/xboing/patches/patch-ag | 49 +++++++++++++++++++++++++++++++++++++++++++ games/xboing/patches/patch-ah | 13 ++++++++++++ games/xboing/patches/patch-ai | 13 ++++++++++++ 7 files changed, 127 insertions(+), 3 deletions(-) create mode 100644 games/xboing/patches/patch-ae create mode 100644 games/xboing/patches/patch-af create mode 100644 games/xboing/patches/patch-ag create mode 100644 games/xboing/patches/patch-ah create mode 100644 games/xboing/patches/patch-ai diff --git a/games/xboing/Makefile b/games/xboing/Makefile index 02197a5dd6b..a89821a5c71 100644 --- a/games/xboing/Makefile +++ b/games/xboing/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.11 2003/03/29 12:41:10 jmmv Exp $ +# $NetBSD: Makefile,v 1.11.2.1 2004/03/08 17:44:16 agc Exp $ # DISTNAME= xboing2.4 PKGNAME= xboing-2.4 -PKGREVISION= 1 +PKGREVISION= 2 WRKSRC= ${WRKDIR}/xboing CATEGORIES= games x11 MASTER_SITES= ${MASTER_SITE_XCONTRIB:=games/} diff --git a/games/xboing/distinfo b/games/xboing/distinfo index b6d568f9ad7..d29311d51bd 100644 --- a/games/xboing/distinfo +++ b/games/xboing/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2002/09/23 10:21:19 jlam Exp $ +$NetBSD: distinfo,v 1.5.4.1 2004/03/08 17:44:16 agc Exp $ SHA1 (xboing2.4.tar.gz) = 57fad37ab99e6a3ff87ff814d0de1baad3b93b91 Size (xboing2.4.tar.gz) = 588811 bytes @@ -6,3 +6,8 @@ SHA1 (patch-aa) = 7236098cd0f15f38e6d20947ecb5efe8c8e6c1b0 SHA1 (patch-ab) = 94b232e173ad7bb39e37d4287669bd0842ef5610 SHA1 (patch-ac) = c8b7d1b323be04c2456768eabf24da43707c4b98 SHA1 (patch-ad) = 1bb064fda1baebd314e0d65703e7775e9072f43b +SHA1 (patch-ae) = 99ce1073635a0d9c34e8d53882a5c9d0c9e89a92 +SHA1 (patch-af) = 3abd5e5eabbaac9eeb6496529038f67aac176b76 +SHA1 (patch-ag) = 0488a63bdac3074c0305b05456468c266232f81c +SHA1 (patch-ah) = ba161ff2b28359e9406b7f104fd58bad4c234a6f +SHA1 (patch-ai) = 1a87732ac9cf06fa107060bd07488a22108da193 diff --git a/games/xboing/patches/patch-ae b/games/xboing/patches/patch-ae new file mode 100644 index 00000000000..587ecf38da6 --- /dev/null +++ b/games/xboing/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.1.2.2 2004/03/08 17:44:16 agc Exp $ + +--- demo.c.orig 2004-02-28 10:06:20.000000000 -0800 ++++ demo.c 2004-02-28 10:06:41.000000000 -0800 +@@ -154,7 +154,7 @@ static void DoBlocks(display, window) + + /* Construct the demo level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/demo.data", str); ++ snprintf(levelPath, sizeof(levelPath), "%s/demo.data", str); + else + sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR); + diff --git a/games/xboing/patches/patch-af b/games/xboing/patches/patch-af new file mode 100644 index 00000000000..d69bf8a040d --- /dev/null +++ b/games/xboing/patches/patch-af @@ -0,0 +1,31 @@ +$NetBSD: patch-af,v 1.1.2.2 2004/03/08 17:44:16 agc Exp $ + +--- editor.c.orig 2004-02-28 10:06:52.000000000 -0800 ++++ editor.c 2004-02-28 10:10:24.000000000 -0800 +@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Edit level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/editor.data", str); ++ snprintf(levelPath, sizeof(levelPath), "%s/editor.data", str); + else + sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR); + +@@ -959,7 +959,7 @@ static void LoadALevel(display) + { + /* Construct the Edit level filename */ + if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); +@@ -1019,7 +1019,7 @@ static void SaveALevel(display) + { + /* Construct the Edit level filename */ + if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); diff --git a/games/xboing/patches/patch-ag b/games/xboing/patches/patch-ag new file mode 100644 index 00000000000..af2d9468db0 --- /dev/null +++ b/games/xboing/patches/patch-ag @@ -0,0 +1,49 @@ +$NetBSD: patch-ag,v 1.1.2.2 2004/03/08 17:44:16 agc Exp $ + +--- file.c.orig 2004-02-28 10:10:55.000000000 -0800 ++++ file.c 2004-02-28 10:12:50.000000000 -0800 +@@ -139,7 +139,7 @@ void SetupStage(display, window) + + /* Construct the level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str, newLevel); ++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str, newLevel); + else + sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel); + +@@ -177,7 +177,7 @@ int LoadSavedGame(display, window) + static int bgrnd = 1; + + /* Save the file in home directory - construct path */ +- sprintf(levelPath, "%s/.xboing-saveinfo", GetHomeDir()); ++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-saveinfo", GetHomeDir()); + + /* Open the save file info for reading */ + if ((saveFile = fopen(levelPath, "r+")) == NULL) +@@ -239,7 +239,7 @@ int LoadSavedGame(display, window) + DisplayLevelInfo(display, levelWindow, level); + + /* Load the saved file in home directory - construct path */ +- sprintf(levelPath, "%s/.xboing-savelevel", GetHomeDir()); ++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-savelevel", GetHomeDir()); + + /* Read in the saved level data */ + if (ReadNextLevel(display, window, levelPath, True) == False) +@@ -283,7 +283,7 @@ int SaveCurrentGame(display, window) + saveGame.numBullets = GetNumberBullets(); + + /* Save the file in home directory - construct path */ +- sprintf(levelPath, "%s/.xboing-saveinfo", GetHomeDir()); ++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-saveinfo", GetHomeDir()); + + /* Open the save file info for writing */ + if ((saveFile = fopen(levelPath, "w+")) == NULL) +@@ -309,7 +309,7 @@ int SaveCurrentGame(display, window) + WarningMessage("Cannot close save game info file."); + + /* Save the file in home directory - construct path */ +- sprintf(levelPath, "%s/.xboing-savelevel", GetHomeDir()); ++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-savelevel", GetHomeDir()); + + if (SaveLevelDataFile(display, levelPath) == True) + { diff --git a/games/xboing/patches/patch-ah b/games/xboing/patches/patch-ah new file mode 100644 index 00000000000..261d5b9057f --- /dev/null +++ b/games/xboing/patches/patch-ah @@ -0,0 +1,13 @@ +$NetBSD: patch-ah,v 1.1.2.2 2004/03/08 17:44:16 agc Exp $ + +--- init.c.orig 2004-02-28 10:13:29.000000000 -0800 ++++ init.c 2004-02-28 10:14:17.000000000 -0800 +@@ -438,7 +438,7 @@ static void HandleDisplayErrors(displayN + WarningMessage("Your X Window system display variable is not set."); + else + { +- sprintf(string, "Cannot connect to display called <%s>.", displayName); ++ snprintf(string, sizeof(string), "Cannot connect to display called <%s>.", displayName); + WarningMessage(string); + } + } diff --git a/games/xboing/patches/patch-ai b/games/xboing/patches/patch-ai new file mode 100644 index 00000000000..c02c08b7565 --- /dev/null +++ b/games/xboing/patches/patch-ai @@ -0,0 +1,13 @@ +$NetBSD: patch-ai,v 1.1.2.2 2004/03/08 17:44:17 agc Exp $ + +--- preview.c.orig 2004-02-28 10:19:15.000000000 -0800 ++++ preview.c 2004-02-28 10:19:31.000000000 -0800 +@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Preview level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02d.data", str, lnum); ++ snprintf(levelPath, sizeof(levelPath), "%s/level%02d.data", str, lnum); + else + sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum); + -- cgit v1.2.3