rpms/rogue/FC-4 rogue-5.4-setgid.patch,1.1,1.2 rogue.spec,1.4,1.5

Michael Thomas (wart) fedora-extras-commits at redhat.com
Fri May 19 16:12:41 UTC 2006 

Author: wart

Update of /cvs/extras/rpms/rogue/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7976/FC-4

Modified Files:
	rogue-5.4-setgid.patch rogue.spec 
Log Message:
- Added empty initial scoreboard file.
- Better setuid/setgid handling (BZ #187392)



rogue-5.4-setgid.patch:

Index: rogue-5.4-setgid.patch
===================================================================
RCS file: /cvs/extras/rpms/rogue/FC-4/rogue-5.4-setgid.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- rogue-5.4-setgid.patch	11 Apr 2006 02:05:19 -0000	1.1
+++ rogue-5.4-setgid.patch	19 May 2006 16:12:41 -0000	1.2
@@ -1,6 +1,6 @@
-diff -Naur --exclude '*.swp' rogue/extern.c rogue.new/extern.c
+diff -Naur rogue/extern.c rogue.new/extern.c
 --- rogue/extern.c	2006-01-03 16:17:29.000000000 -0800
-+++ rogue.new/extern.c	2006-03-30 13:24:12.000000000 -0800
++++ rogue.new/extern.c	2006-05-15 15:43:43.000000000 -0700
 @@ -111,7 +111,7 @@
  };
  
@@ -10,9 +10,9 @@
  int food_left;				/* Amount of food in hero's stomach */
  int lastscore = -1;			/* Score before this turn */
  int no_command = 0;			/* Number of turns asleep */
-diff -Naur --exclude '*.swp' rogue/extern.h rogue.new/extern.h
---- rogue/extern.h	2006-03-19 11:22:14.000000000 -0800
-+++ rogue.new/extern.h	2006-03-30 13:24:22.000000000 -0800
+diff -Naur rogue/extern.h rogue.new/extern.h
+--- rogue/extern.h	2006-05-15 15:43:15.000000000 -0700
++++ rogue.new/extern.h	2006-05-15 15:43:43.000000000 -0700
 @@ -50,7 +50,7 @@
  
  extern char	fruit[], orig_dsusp, prbuf[], whoami[];
@@ -22,9 +22,9 @@
  
  #ifdef TIOCGLTC
  extern struct ltchars	ltc;
-diff -Naur --exclude '*.swp' rogue/mach_dep.c rogue.new/mach_dep.c
+diff -Naur rogue/mach_dep.c rogue.new/mach_dep.c
 --- rogue/mach_dep.c	2006-01-30 08:36:21.000000000 -0800
-+++ rogue.new/mach_dep.c	2006-04-01 19:26:15.000000000 -0800
++++ rogue.new/mach_dep.c	2006-05-15 15:43:43.000000000 -0700
 @@ -45,7 +45,9 @@
  #include <sys/stat.h>
  #include <limits.h>
@@ -87,9 +87,9 @@
      md_normaluser();
  }
  
-diff -Naur --exclude '*.swp' rogue/main.c rogue.new/main.c
+diff -Naur rogue/main.c rogue.new/main.c
 --- rogue/main.c	2006-01-29 16:11:32.000000000 -0800
-+++ rogue.new/main.c	2006-03-30 13:40:16.000000000 -0800
++++ rogue.new/main.c	2006-05-15 15:43:43.000000000 -0700
 @@ -24,6 +24,13 @@
      char *env;
      int lowtime;
@@ -112,9 +112,9 @@
      if (argc == 2)
  	if (strcmp(argv[1], "-s") == 0)
  	{
-diff -Naur --exclude '*.swp' rogue/mdport.c rogue.new/mdport.c
+diff -Naur rogue/mdport.c rogue.new/mdport.c
 --- rogue/mdport.c	2006-01-29 18:24:39.000000000 -0800
-+++ rogue.new/mdport.c	2006-04-01 19:26:16.000000000 -0800
++++ rogue.new/mdport.c	2006-05-15 15:45:21.000000000 -0700
 @@ -193,8 +193,17 @@
  md_normaluser()
  {
@@ -135,7 +135,7 @@
  #endif
  }
  
-@@ -397,22 +406,31 @@
+@@ -397,22 +406,35 @@
  char *
  md_getroguedir()
  {
@@ -143,7 +143,11 @@
 +    static char path[PATH_MAX];
      char *end,*home;
  
-     if ( (home = getenv("ROGUEHOME")) != NULL)
+-    if ( (home = getenv("ROGUEHOME")) != NULL)
++    /* Disable the use of ROGUEHOME to prevent users from
++     * maliciously overwriting save files from other setgid games.
++     */
++    if ( (home = getenv("ROGUEHOME")) != NULL && 0)
      {
          if (*home)
          {
@@ -156,30 +160,31 @@
 -
 -            if (directory_exists(path))
 -                return(path);
-+            if (strlen(home) > PATH_MAX-20) {
++            /* The magic number 20 is used to guarantee that the save/lock
++             * filenames (which are much shorter than 20 characters) can
++             * be appended to this buffer.
++             */
++            if (strlen(home) >= PATH_MAX-20) {
 +                fprintf(stderr, "ROGUEHOME path is too long.  Ignoring.\n");
 +            } else {
-+                strncpy(path, home, PATH_MAX-20);
-+                /* Ensure that we have a terminating NULL character.
-+                 */
-+                path[PATH_MAX-1] = (char)NULL;
-+    
-+                end = &path[strlen(path)-1];
-+    
++                strcpy(path, home);
++    
++                end = &path[strlen(path)-1];
++    
 +                /* Strip off any trailing path separators from the path.
 +                 */
-+                while( (end >= path) && ((*end == '/') || (*end == '\\')))
-+                    *end-- = '\0';
-+    
-+                if (directory_exists(path))
-+                    return(path);
++                while( (end >= path) && ((*end == '/') || (*end == '\\')))
++                    *end-- = '\0';
++    
++                if (directory_exists(path))
++                    return(path);
 +            }
          }
      }
  
-diff -Naur --exclude '*.swp' rogue/rip.c rogue.new/rip.c
+diff -Naur rogue/rip.c rogue.new/rip.c
 --- rogue/rip.c	2006-01-03 16:17:29.000000000 -0800
-+++ rogue.new/rip.c	2006-03-30 13:32:17.000000000 -0800
++++ rogue.new/rip.c	2006-05-15 15:43:43.000000000 -0700
 @@ -60,7 +60,6 @@
      int i;
      SCORE *sc2;
@@ -239,9 +244,9 @@
  }
  
  /*
-diff -Naur --exclude '*.swp' rogue/save.c rogue.new/save.c
+diff -Naur rogue/save.c rogue.new/save.c
 --- rogue/save.c	2006-01-30 08:05:35.000000000 -0800
-+++ rogue.new/save.c	2006-03-30 13:33:45.000000000 -0800
++++ rogue.new/save.c	2006-05-15 15:43:43.000000000 -0700
 @@ -335,7 +335,40 @@
  
  /*
@@ -302,9 +307,9 @@
          sscanf(scoreline, " %u %hu %u %hu %hu %lx \n",
              &top_ten[i].sc_uid, &top_ten[i].sc_score,
              &top_ten[i].sc_flags, &top_ten[i].sc_monster,
-diff -Naur --exclude '*.swp' rogue/state.c rogue.new/state.c
+diff -Naur rogue/state.c rogue.new/state.c
 --- rogue/state.c	2006-01-03 16:17:29.000000000 -0800
-+++ rogue.new/state.c	2006-03-30 13:09:46.000000000 -0800
++++ rogue.new/state.c	2006-05-15 15:43:43.000000000 -0700
 @@ -2138,7 +2138,8 @@
      rs_write_int(savef, no_food);
      rs_write_ints(savef,a_class,MAXARMORS);


Index: rogue.spec
===================================================================
RCS file: /cvs/extras/rpms/rogue/FC-4/rogue.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- rogue.spec	11 Apr 2006 02:05:19 -0000	1.4
+++ rogue.spec	19 May 2006 16:12:41 -0000	1.5
@@ -1,6 +1,6 @@
 Name:           rogue
 Version:        5.4.2
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        The original graphical adventure game
 
 Group:          Amusements/Games
@@ -49,6 +49,8 @@
 mkdir -p $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/32x32/apps/
 install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT/%{_datadir}/icons/hicolor/32x32/apps/
 
+touch $RPM_BUILD_ROOT%{_var}/games/roguelike/rogue54.scr
+
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -73,11 +75,16 @@
 %{_datadir}/applications/fedora-%{name}.desktop
 %{_datadir}/icons/hicolor/32x32/apps/rogue.png
 %dir %attr(0775,games,games) %{_var}/games/roguelike
+%config(noreplace) %attr(0664,games,games) %{_var}/games/roguelike/rogue54.scr
 %doc LICENSE.TXT rogue54.doc rogue54.html readme54.html
 
 
 
 %changelog
+* Fri May 19 2006 Wart <wart at kobold.org> 5.4.2-5
+- Added empty initial scoreboard file.
+- Better setuid/setgid handling (again) (BZ #187392)
+
 * Thu Mar 30 2006 Wart <wart at kobold.org> 5.4.2-4
 - Better setuid/setgid handling (BZ #187392)
 - Resize desktop icon to match directory name

More information about the fedora-extras-commits mailing list