pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2003Q4]: pkgsrc/games/xboing Pull up security fixes to the pkg...
details: https://anonhg.NetBSD.org/pkgsrc/rev/9fbfd5d4fc97
branches: pkgsrc-2003Q4
changeset: 463743:9fbfd5d4fc97
user: agc <agc%pkgsrc.org@localhost>
date: Mon Mar 08 17:44:16 2004 +0000
description:
Pull up security fixes to the pkgsrc-2003Q4 branch, requested by Soren
Jacobsen.
Module Name: pkgsrc
Committed By: snj
Date: Sat Feb 28 18:36:38 UTC 2004
Modified Files:
pkgsrc/games/xboing: Makefile distinfo
pkgsrc/games/xboing/patches: patch-ad
Added Files:
pkgsrc/games/xboing/patches: patch-ae patch-af patch-ag patch-ah
patch-ai
Log Message:
strcpy and sprintf are evil, don't use them. Inspired by similar changes
in Debian. This fixes several locally exploitable vulnerabilities.
diffstat:
games/xboing/Makefile | 4 +-
games/xboing/distinfo | 7 +++++-
games/xboing/patches/patch-ae | 13 +++++++++++
games/xboing/patches/patch-af | 31 +++++++++++++++++++++++++++
games/xboing/patches/patch-ag | 49 +++++++++++++++++++++++++++++++++++++++++++
games/xboing/patches/patch-ah | 13 +++++++++++
games/xboing/patches/patch-ai | 13 +++++++++++
7 files changed, 127 insertions(+), 3 deletions(-)
diffs (172 lines):
diff -r 425acdbae963 -r 9fbfd5d4fc97 games/xboing/Makefile
--- a/games/xboing/Makefile Fri Mar 05 16:25:45 2004 +0000
+++ b/games/xboing/Makefile Mon Mar 08 17:44:16 2004 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.11 2003/03/29 12:41:10 jmmv Exp $
+# $NetBSD: Makefile,v 1.11.2.1 2004/03/08 17:44:16 agc Exp $
#
DISTNAME= xboing2.4
PKGNAME= xboing-2.4
-PKGREVISION= 1
+PKGREVISION= 2
WRKSRC= ${WRKDIR}/xboing
CATEGORIES= games x11
MASTER_SITES= ${MASTER_SITE_XCONTRIB:=games/}
diff -r 425acdbae963 -r 9fbfd5d4fc97 games/xboing/distinfo
--- a/games/xboing/distinfo Fri Mar 05 16:25:45 2004 +0000
+++ b/games/xboing/distinfo Mon Mar 08 17:44:16 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2002/09/23 10:21:19 jlam Exp $
+$NetBSD: distinfo,v 1.5.4.1 2004/03/08 17:44:16 agc Exp $
SHA1 (xboing2.4.tar.gz) = 57fad37ab99e6a3ff87ff814d0de1baad3b93b91
Size (xboing2.4.tar.gz) = 588811 bytes
@@ -6,3 +6,8 @@
SHA1 (patch-ab) = 94b232e173ad7bb39e37d4287669bd0842ef5610
SHA1 (patch-ac) = c8b7d1b323be04c2456768eabf24da43707c4b98
SHA1 (patch-ad) = 1bb064fda1baebd314e0d65703e7775e9072f43b
+SHA1 (patch-ae) = 99ce1073635a0d9c34e8d53882a5c9d0c9e89a92
+SHA1 (patch-af) = 3abd5e5eabbaac9eeb6496529038f67aac176b76
+SHA1 (patch-ag) = 0488a63bdac3074c0305b05456468c266232f81c
+SHA1 (patch-ah) = ba161ff2b28359e9406b7f104fd58bad4c234a6f
+SHA1 (patch-ai) = 1a87732ac9cf06fa107060bd07488a22108da193
diff -r 425acdbae963 -r 9fbfd5d4fc97 games/xboing/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/games/xboing/patches/patch-ae Mon Mar 08 17:44:16 2004 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.1.2.2 2004/03/08 17:44:16 agc Exp $
+
+--- demo.c.orig 2004-02-28 10:06:20.000000000 -0800
++++ demo.c 2004-02-28 10:06:41.000000000 -0800
+@@ -154,7 +154,7 @@ static void DoBlocks(display, window)
+
+ /* Construct the demo level filename */
+ if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/demo.data", str);
++ snprintf(levelPath, sizeof(levelPath), "%s/demo.data", str);
+ else
+ sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR);
+
diff -r 425acdbae963 -r 9fbfd5d4fc97 games/xboing/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/games/xboing/patches/patch-af Mon Mar 08 17:44:16 2004 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-af,v 1.1.2.2 2004/03/08 17:44:16 agc Exp $
+
+--- editor.c.orig 2004-02-28 10:06:52.000000000 -0800
++++ editor.c 2004-02-28 10:10:24.000000000 -0800
+@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window)
+
+ /* Construct the Edit level filename */
+ if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/editor.data", str);
++ snprintf(levelPath, sizeof(levelPath), "%s/editor.data", str);
+ else
+ sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR);
+
+@@ -959,7 +959,7 @@ static void LoadALevel(display)
+ {
+ /* Construct the Edit level filename */
+ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str2, (u_long) num);
+ else
+ sprintf(levelPath, "%s/level%02ld.data",
+ LEVEL_INSTALL_DIR, (u_long) num);
+@@ -1019,7 +1019,7 @@ static void SaveALevel(display)
+ {
+ /* Construct the Edit level filename */
+ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str2, (u_long) num);
+ else
+ sprintf(levelPath, "%s/level%02ld.data",
+ LEVEL_INSTALL_DIR, (u_long) num);
diff -r 425acdbae963 -r 9fbfd5d4fc97 games/xboing/patches/patch-ag
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/games/xboing/patches/patch-ag Mon Mar 08 17:44:16 2004 +0000
@@ -0,0 +1,49 @@
+$NetBSD: patch-ag,v 1.1.2.2 2004/03/08 17:44:16 agc Exp $
+
+--- file.c.orig 2004-02-28 10:10:55.000000000 -0800
++++ file.c 2004-02-28 10:12:50.000000000 -0800
+@@ -139,7 +139,7 @@ void SetupStage(display, window)
+
+ /* Construct the level filename */
+ if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/level%02ld.data", str, newLevel);
++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str, newLevel);
+ else
+ sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel);
+
+@@ -177,7 +177,7 @@ int LoadSavedGame(display, window)
+ static int bgrnd = 1;
+
+ /* Save the file in home directory - construct path */
+- sprintf(levelPath, "%s/.xboing-saveinfo", GetHomeDir());
++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-saveinfo", GetHomeDir());
+
+ /* Open the save file info for reading */
+ if ((saveFile = fopen(levelPath, "r+")) == NULL)
+@@ -239,7 +239,7 @@ int LoadSavedGame(display, window)
+ DisplayLevelInfo(display, levelWindow, level);
+
+ /* Load the saved file in home directory - construct path */
+- sprintf(levelPath, "%s/.xboing-savelevel", GetHomeDir());
++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-savelevel", GetHomeDir());
+
+ /* Read in the saved level data */
+ if (ReadNextLevel(display, window, levelPath, True) == False)
+@@ -283,7 +283,7 @@ int SaveCurrentGame(display, window)
+ saveGame.numBullets = GetNumberBullets();
+
+ /* Save the file in home directory - construct path */
+- sprintf(levelPath, "%s/.xboing-saveinfo", GetHomeDir());
++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-saveinfo", GetHomeDir());
+
+ /* Open the save file info for writing */
+ if ((saveFile = fopen(levelPath, "w+")) == NULL)
+@@ -309,7 +309,7 @@ int SaveCurrentGame(display, window)
+ WarningMessage("Cannot close save game info file.");
+
+ /* Save the file in home directory - construct path */
+- sprintf(levelPath, "%s/.xboing-savelevel", GetHomeDir());
++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-savelevel", GetHomeDir());
+
+ if (SaveLevelDataFile(display, levelPath) == True)
+ {
diff -r 425acdbae963 -r 9fbfd5d4fc97 games/xboing/patches/patch-ah
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/games/xboing/patches/patch-ah Mon Mar 08 17:44:16 2004 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ah,v 1.1.2.2 2004/03/08 17:44:16 agc Exp $
+
+--- init.c.orig 2004-02-28 10:13:29.000000000 -0800
++++ init.c 2004-02-28 10:14:17.000000000 -0800
+@@ -438,7 +438,7 @@ static void HandleDisplayErrors(displayN
+ WarningMessage("Your X Window system display variable is not set.");
+ else
+ {
+- sprintf(string, "Cannot connect to display called <%s>.", displayName);
++ snprintf(string, sizeof(string), "Cannot connect to display called <%s>.", displayName);
+ WarningMessage(string);
+ }
+ }
diff -r 425acdbae963 -r 9fbfd5d4fc97 games/xboing/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/games/xboing/patches/patch-ai Mon Mar 08 17:44:16 2004 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ai,v 1.1.2.2 2004/03/08 17:44:17 agc Exp $
+
+--- preview.c.orig 2004-02-28 10:19:15.000000000 -0800
++++ preview.c 2004-02-28 10:19:31.000000000 -0800
+@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window)
+
+ /* Construct the Preview level filename */
+ if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+- sprintf(levelPath, "%s/level%02d.data", str, lnum);
++ snprintf(levelPath, sizeof(levelPath), "%s/level%02d.data", str, lnum);
+ else
+ sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum);
+
Home |
Main Index |
Thread Index |
Old Index