rpms/rogue/devel rogue-5.4-setgid.patch,1.1,1.2 rogue.spec,1.4,1.5
Michael Thomas (wart)
fedora-extras-commits at redhat.com
Mon May 15 22:31:10 UTC 2006
Author: wart
Update of /cvs/extras/rpms/rogue/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26285
Modified Files:
rogue-5.4-setgid.patch rogue.spec
Log Message:
More improved setgid handling.
rogue-5.4-setgid.patch:
Index: rogue-5.4-setgid.patch
===================================================================
RCS file: /cvs/extras/rpms/rogue/devel/rogue-5.4-setgid.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- rogue-5.4-setgid.patch 11 Apr 2006 01:50:23 -0000 1.1
+++ rogue-5.4-setgid.patch 15 May 2006 22:31:10 -0000 1.2
@@ -1,4 +1,4 @@
-diff -Naur --exclude '*.swp' rogue/extern.c rogue.new/extern.c
+diff -Naur rogue/extern.c rogue.new/extern.c
--- rogue/extern.c 2006-01-03 16:17:29.000000000 -0800
+++ rogue.new/extern.c 2006-03-30 13:24:12.000000000 -0800
@@ -111,7 +111,7 @@
@@ -10,7 +10,7 @@
int food_left; /* Amount of food in hero's stomach */
int lastscore = -1; /* Score before this turn */
int no_command = 0; /* Number of turns asleep */
-diff -Naur --exclude '*.swp' rogue/extern.h rogue.new/extern.h
+diff -Naur rogue/extern.h rogue.new/extern.h
--- rogue/extern.h 2006-03-19 11:22:14.000000000 -0800
+++ rogue.new/extern.h 2006-03-30 13:24:22.000000000 -0800
@@ -50,7 +50,7 @@
@@ -22,7 +22,7 @@
#ifdef TIOCGLTC
extern struct ltchars ltc;
-diff -Naur --exclude '*.swp' rogue/mach_dep.c rogue.new/mach_dep.c
+diff -Naur rogue/mach_dep.c rogue.new/mach_dep.c
--- rogue/mach_dep.c 2006-01-30 08:36:21.000000000 -0800
+++ rogue.new/mach_dep.c 2006-04-01 19:26:15.000000000 -0800
@@ -45,7 +45,9 @@
@@ -87,7 +87,7 @@
md_normaluser();
}
-diff -Naur --exclude '*.swp' rogue/main.c rogue.new/main.c
+diff -Naur rogue/main.c rogue.new/main.c
--- rogue/main.c 2006-01-29 16:11:32.000000000 -0800
+++ rogue.new/main.c 2006-03-30 13:40:16.000000000 -0800
@@ -24,6 +24,13 @@
@@ -112,9 +112,9 @@
if (argc == 2)
if (strcmp(argv[1], "-s") == 0)
{
-diff -Naur --exclude '*.swp' rogue/mdport.c rogue.new/mdport.c
+diff -Naur rogue/mdport.c rogue.new/mdport.c
--- rogue/mdport.c 2006-01-29 18:24:39.000000000 -0800
-+++ rogue.new/mdport.c 2006-04-01 19:26:16.000000000 -0800
++++ rogue.new/mdport.c 2006-04-11 19:26:43.000000000 -0700
@@ -193,8 +193,17 @@
md_normaluser()
{
@@ -135,49 +135,54 @@
#endif
}
-@@ -397,22 +406,31 @@
- char *
- md_getroguedir()
- {
-- static char path[1024];
-+ static char path[PATH_MAX];
- char *end,*home;
-
- if ( (home = getenv("ROGUEHOME")) != NULL)
- {
- if (*home)
- {
-- strncpy(path, home, PATH_MAX - 20);
--
-- end = &path[strlen(path)-1];
--
-- while( (end >= path) && ((*end == '/') || (*end == '\\')))
-- *end-- = '\0';
--
-- if (directory_exists(path))
-- return(path);
-+ if (strlen(home) > PATH_MAX-20) {
+@@ -397,22 +406,35 @@
+ char *
+ md_getroguedir()
+ {
+- static char path[1024];
++ static char path[PATH_MAX];
+ char *end,*home;
+
+- if ( (home = getenv("ROGUEHOME")) != NULL)
++ /* Disable the use of ROGUEHOME to prevent users from
++ * maliciously overwriting save files from other setgid games.
++ */
++ if ( (home = getenv("ROGUEHOME")) != NULL && 0)
+ {
+ if (*home)
+ {
+- strncpy(path, home, PATH_MAX - 20);
+-
+- end = &path[strlen(path)-1];
+-
+- while( (end >= path) && ((*end == '/') || (*end == '\\')))
+- *end-- = '\0';
+-
+- if (directory_exists(path))
+- return(path);
++ /* The magic number 20 is used to guarantee that the save/lock
++ * filenames (which are much shorter than 20 characters) can
++ * be appended to this buffer.
++ */
++ if (strlen(home) >= PATH_MAX-20) {
+ fprintf(stderr, "ROGUEHOME path is too long. Ignoring.\n");
+ } else {
-+ strncpy(path, home, PATH_MAX-20);
-+ /* Ensure that we have a terminating NULL character.
-+ */
-+ path[PATH_MAX-1] = (char)NULL;
-+
-+ end = &path[strlen(path)-1];
-+
++ strcpy(path, home);
++
++ end = &path[strlen(path)-1];
++
+ /* Strip off any trailing path separators from the path.
+ */
-+ while( (end >= path) && ((*end == '/') || (*end == '\\')))
-+ *end-- = '\0';
-+
-+ if (directory_exists(path))
-+ return(path);
++ while( (end >= path) && ((*end == '/') || (*end == '\\')))
++ *end-- = '\0';
++
++ if (directory_exists(path))
++ return(path);
+ }
- }
- }
-
-diff -Naur --exclude '*.swp' rogue/rip.c rogue.new/rip.c
+ }
+ }
+
+diff -Naur rogue/rip.c rogue.new/rip.c
--- rogue/rip.c 2006-01-03 16:17:29.000000000 -0800
+++ rogue.new/rip.c 2006-03-30 13:32:17.000000000 -0800
@@ -60,7 +60,6 @@
@@ -239,7 +244,7 @@
}
/*
-diff -Naur --exclude '*.swp' rogue/save.c rogue.new/save.c
+diff -Naur rogue/save.c rogue.new/save.c
--- rogue/save.c 2006-01-30 08:05:35.000000000 -0800
+++ rogue.new/save.c 2006-03-30 13:33:45.000000000 -0800
@@ -335,7 +335,40 @@
@@ -302,7 +307,7 @@
sscanf(scoreline, " %u %hu %u %hu %hu %lx \n",
&top_ten[i].sc_uid, &top_ten[i].sc_score,
&top_ten[i].sc_flags, &top_ten[i].sc_monster,
-diff -Naur --exclude '*.swp' rogue/state.c rogue.new/state.c
+diff -Naur rogue/state.c rogue.new/state.c
--- rogue/state.c 2006-01-03 16:17:29.000000000 -0800
+++ rogue.new/state.c 2006-03-30 13:09:46.000000000 -0800
@@ -2138,7 +2138,8 @@
Index: rogue.spec
===================================================================
RCS file: /cvs/extras/rpms/rogue/devel/rogue.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- rogue.spec 11 Apr 2006 01:50:23 -0000 1.4
+++ rogue.spec 15 May 2006 22:31:10 -0000 1.5
@@ -1,6 +1,6 @@
Name: rogue
Version: 5.4.2
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: The original graphical adventure game
Group: Amusements/Games
@@ -78,6 +78,9 @@
%changelog
+* Mon May 15 2006 Wart <wart at kobold.org> 5.4.2-5
+- Better setuid/setgid handling (again) (BZ #187392)
+
* Thu Mar 30 2006 Wart <wart at kobold.org> 5.4.2-4
- Better setuid/setgid handling (BZ #187392)
- Resize desktop icon to match directory name
More information about the fedora-extras-commits
mailing list