security patch to fix possible local exploit from users in the games group (bug #73060); patch from Ulf Harnhammar

5 files changed, 36 insertions, 6 deletions

diff --git a/games-arcade/rockdodger/ChangeLog b/games-arcade/rockdodger/ChangeLog
index 1b8449eee0de..a72881938134 100644
--- a/games-arcade/rockdodger/ChangeLog
+++ b/games-arcade/rockdodger/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for games-arcade/rockdodger
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/games-arcade/rockdodger/ChangeLog,v 1.4 2004/11/11 00:32:14 josejx Exp $
+# $Header: /var/cvsroot/gentoo-x86/games-arcade/rockdodger/ChangeLog,v 1.5 2004/12/02 01:07:43 mr_bones_ Exp $
+
+*rockdodger-0.6.0a-r1 (01 Dec 2004)
+
+  01 Dec 2004; Michael Sterrett <mr_bones_@gentoo.org>
+  +files/0.6.0a-sec.patch, +rockdodger-0.6.0a-r1.ebuild,
+  -rockdodger-0.6.0a.ebuild:
+  security patch to fix possible local exploit from users in the games group
+  (bug #73060); patch from Ulf Harnhammar
 
   11 Nov 2004; Joseph Jezak <josejx@gentoo.org> rockdodger-0.6.0a.ebuild:
   Marked ppc stable.
diff --git a/games-arcade/rockdodger/Manifest b/games-arcade/rockdodger/Manifest
index adbe3e82eb95..f746ccc9dacb 100644
--- a/games-arcade/rockdodger/Manifest
+++ b/games-arcade/rockdodger/Manifest
@@ -1,4 +1,5 @@
-MD5 47efa8dfa73caa6c247d50b11ed4078b ChangeLog 595
+MD5 c0a9689327ab2673f7b7e204830893c9 ChangeLog 896
 MD5 f17b9b8fa07a38914fe1c03268f51678 metadata.xml 158
-MD5 8766e1a899c10a1d8c59ae94cf6a9b2c rockdodger-0.6.0a.ebuild 1505
-MD5 050672dcfe88d3c6f8d27c3e7ce26025 files/digest-rockdodger-0.6.0a 69
+MD5 3d5c30e8a3aa52967ff17b6c20f996ee rockdodger-0.6.0a-r1.ebuild 1551
+MD5 1606327f50449423e375330cdd1b8be9 files/0.6.0a-sec.patch 660
+MD5 050672dcfe88d3c6f8d27c3e7ce26025 files/digest-rockdodger-0.6.0a-r1 69
diff --git a/games-arcade/rockdodger/files/0.6.0a-sec.patch b/games-arcade/rockdodger/files/0.6.0a-sec.patch
new file mode 100644
index 000000000000..e870cf2d2974
--- /dev/null
+++ b/games-arcade/rockdodger/files/0.6.0a-sec.patch
@@ -0,0 +1,20 @@
+--- main.c.old	2002-11-17 23:56:12.000000000 +0100
++++ main.c	2004-10-29 22:32:00.000000000 +0200
+@@ -459,7 +459,7 @@ FILE *hs_fopen(char *mode) {/*{{{*/
+     else {
+ 	char s[1024];
+ 	umask(0177);
+-	sprintf(s,"%s/.rockdodger_high",getenv("HOME"));
++	snprintf(s,1024,"%s/.rockdodger_high",getenv("HOME"));
+ 	if (f=fopen(s,mode)) {
+ 	    umask(mask);
+ 	    return f;
+@@ -478,7 +478,7 @@ void read_high_score_table() {/*{{{*/
+ 	for (i=0; i<8; i++) {
+ 	    char s[1024];
+ 	    int highscore;
+-	    if (fscanf (f, "%d %[^\n]", &highscore, s)!=2)
++	    if (fscanf (f, "%d %1023[^\n]", &highscore, s)!=2)
+ 		break;
+ 	    if (high[i].allocated)
+ 		free(high[i].name);
diff --git a/games-arcade/rockdodger/files/digest-rockdodger-0.6.0a b/games-arcade/rockdodger/files/digest-rockdodger-0.6.0a-r1
index 188c9fc3fe7d..188c9fc3fe7d 100644
--- a/games-arcade/rockdodger/files/digest-rockdodger-0.6.0a
+++ b/games-arcade/rockdodger/files/digest-rockdodger-0.6.0a-r1
diff --git a/games-arcade/rockdodger/rockdodger-0.6.0a.ebuild b/games-arcade/rockdodger/rockdodger-0.6.0a-r1.ebuild
index 8ac5712434bf..7d0eaa5d4419 100644
--- a/games-arcade/rockdodger/rockdodger-0.6.0a.ebuild
+++ b/games-arcade/rockdodger/rockdodger-0.6.0a-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/games-arcade/rockdodger/rockdodger-0.6.0a.ebuild,v 1.5 2004/11/11 00:32:14 josejx Exp $
+# $Header: /var/cvsroot/gentoo-x86/games-arcade/rockdodger/rockdodger-0.6.0a-r1.ebuild,v 1.1 2004/12/02 01:07:43 mr_bones_ Exp $
 
 inherit games
 
@@ -23,7 +23,7 @@ DEPEND="${RDEPEND}
 src_unpack() {
 	GAME_DEST_DIR="${GAMES_DATADIR}/${PN}"
 	unpack ${A}
-	cd ${S}
+	cd "${S}"
 
 	# Modify highscores & data directory and add our CFLAGS to the Makefile
 	sed -i \
@@ -39,6 +39,7 @@ src_unpack() {
 	sed -i \
 		-e "s:512:1024:" sound.c \
 			|| die "sed sound.c failed"
+	epatch "${FILESDIR}/${PV}-sec.patch"
 }
 
 src_install() {