From 417f3d494f6b7febd086ae064e67646b7faee9ff Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 21 Dec 2017 09:02:46 +0200 Subject: gnu: xboing: Fix CVE-2004-0149. * gnu/packages/patches/xboing-CVE-2004-0149: New file. * gnu/packages/games.scm (xboing)[source]: Add patch. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/games.scm | 3 +- gnu/packages/patches/xboing-CVE-2004-0149.patch | 134 ++++++++++++++++++++++++ 3 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/xboing-CVE-2004-0149.patch diff --git a/gnu/local.mk b/gnu/local.mk index 8ffcc58005..88e3c770aa 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1141,6 +1141,7 @@ dist_patch_DATA = \ %D%/packages/patches/wpa-supplicant-fix-zeroed-keys.patch \ %D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch \ %D%/packages/patches/wpa-supplicant-krack-followups.patch \ + %D%/packages/patches/xboing-CVE-2004-0149.patch \ %D%/packages/patches/xcb-proto-python3-print.patch \ %D%/packages/patches/xcb-proto-python3-whitespace.patch \ %D%/packages/patches/xdotool-fix-makefile.patch \ diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index cc21a63f53..c494d0beba 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -1071,7 +1071,8 @@ Portable Game Notation.") (uri (string-append "http://www.techrescue.org/xboing/xboing" version ".tar.gz")) (sha256 - (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7")))) + (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7")) + (patches (search-patches "xboing-CVE-2004-0149.patch")))) (arguments `(#:tests? #f #:phases diff --git a/gnu/packages/patches/xboing-CVE-2004-0149.patch b/gnu/packages/patches/xboing-CVE-2004-0149.patch new file mode 100644 index 0000000000..b40146b434 --- /dev/null +++ b/gnu/packages/patches/xboing-CVE-2004-0149.patch @@ -0,0 +1,134 @@ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0149 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174924 +--- + demo.c | 2 +- + editor.c | 12 ++++++------ + file.c | 2 +- + highscore.c | 6 +++--- + misc.c | 2 +- + preview.c | 2 +- + 6 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/demo.c b/demo.c +index 9084e70..f4fc2cd 100644 +--- a/demo.c ++++ b/demo.c +@@ -154,7 +154,7 @@ static void DoBlocks(display, window) + + /* Construct the demo level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/demo.data", str); ++ snprintf(levelPath, sizeof(levelPath),"%s/demo.data", str); + else + sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR); + +diff --git a/editor.c b/editor.c +index f2bb9ed..66d0679 100644 +--- a/editor.c ++++ b/editor.c +@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Edit level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/editor.data", str); ++ snprintf(levelPath,sizeof(levelPath)-1, "%s/editor.data", str); + else + sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR); + +@@ -958,8 +958,8 @@ static void LoadALevel(display) + if ((num > 0) && (num <= MAX_NUM_LEVELS)) + { + /* Construct the Edit level filename */ +- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) ++ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); +@@ -1017,9 +1017,9 @@ static void SaveALevel(display) + num = atoi(str); + if ((num > 0) && (num <= MAX_NUM_LEVELS)) + { +- /* Construct the Edit level filename */ +- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ /* Construct the Edit level filename */ ++ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) ++ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); +diff --git a/file.c b/file.c +index 4c043cd..99a0854 100644 +--- a/file.c ++++ b/file.c +@@ -139,7 +139,7 @@ void SetupStage(display, window) + + /* Construct the level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str, newLevel); ++ snprintf(levelPath,sizeof(levelPath), "%s/level%02ld.data", str, newLevel); + else + sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel); + +diff --git a/highscore.c b/highscore.c +index f0db3e9..792273e 100644 +--- a/highscore.c ++++ b/highscore.c +@@ -1023,7 +1023,7 @@ int ReadHighScoreTable(type) + { + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + } +@@ -1095,7 +1095,7 @@ int WriteHighScoreTable(type) + { + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + } +@@ -1218,7 +1218,7 @@ static int LockUnlock(cmd) + + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + +diff --git a/misc.c b/misc.c +index f3ab37e..7f3ddce 100644 +--- a/misc.c ++++ b/misc.c +@@ -427,7 +427,7 @@ char *GetHomeDir() + */ + + if ((ptr = getenv("HOME")) != NULL) +- (void) strcpy(dest, ptr); ++ (void) strncpy(dest, ptr,sizeof(dest)-1); + else + { + /* HOME variable is not present so get USER var */ +diff --git a/preview.c b/preview.c +index 41c1187..687f566 100644 +--- a/preview.c ++++ b/preview.c +@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Preview level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02d.data", str, lnum); ++ snprintf(levelPath, sizeof(levelPath)-1, "%s/level%02d.data", str, lnum); + else + sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum); + +-- +2.15.1 + -- cgit v1.2.3