From ec03d9af91715a5e9501c0806f8a880269732419 Mon Sep 17 00:00:00 2001
From: naddy <naddy@openbsd.org>
Date: Tue, 2 Mar 2004 22:18:53 +0000
Subject: [PATCH] SECURITY: (GID games) Prevent buffer overflow from
 environment variable; from Debian.

---
 games/lbreakout2/Makefile                    | 10 ++--
 games/lbreakout2/patches/patch-src_config_c  | 12 +++++
 games/lbreakout2/patches/patch-src_editor_c  | 12 +++++
 games/lbreakout2/patches/patch-src_game_c    | 12 +++++
 games/lbreakout2/patches/patch-src_levels_c  | 12 +++++
 games/lbreakout2/patches/patch-src_main_c    | 12 +++++
 games/lbreakout2/patches/patch-src_manager_c | 12 +++++
 games/lbreakout2/patches/patch-src_theme_c   | 57 ++++++++++++++++++++
 8 files changed, 132 insertions(+), 7 deletions(-)
 create mode 100644 games/lbreakout2/patches/patch-src_config_c
 create mode 100644 games/lbreakout2/patches/patch-src_editor_c
 create mode 100644 games/lbreakout2/patches/patch-src_game_c
 create mode 100644 games/lbreakout2/patches/patch-src_levels_c
 create mode 100644 games/lbreakout2/patches/patch-src_main_c
 create mode 100644 games/lbreakout2/patches/patch-src_manager_c
 create mode 100644 games/lbreakout2/patches/patch-src_theme_c

diff --git a/games/lbreakout2/Makefile b/games/lbreakout2/Makefile
index 4dacdca356a..db0abd754f4 100755
--- a/games/lbreakout2/Makefile
+++ b/games/lbreakout2/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.5 2003/12/18 03:56:19 naddy Exp $
+# $OpenBSD: Makefile,v 1.6 2004/03/02 22:18:53 naddy Exp $
 
 COMMENT=	"breakout game with many levels, powerups, good graphics" 
 
-VERSION=	2.2.2
-DISTNAME=	lbreakout2-${VERSION}
+DISTNAME=	lbreakout2-2.2.2
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	games x11
 
 HOMEPAGE=	http://lgames.sourceforge.net/index.php?action=show_project&project=LBreakout2
@@ -28,8 +28,4 @@ CONFIGURE_ENV=	CPPFLAGS="-I${LOCALBASE}/include/libpng" \
 USE_X11=	Yes
 USE_GMAKE=	Yes
 
-# avoid triggering aclocal/automake
-post-patch:
-	@touch -r ${WRKSRC}/aclocal.m4 ${WRKSRC}/configure.in
-
 .include <bsd.port.mk>
diff --git a/games/lbreakout2/patches/patch-src_config_c b/games/lbreakout2/patches/patch-src_config_c
new file mode 100644
index 00000000000..0da1c52ea33
--- /dev/null
+++ b/games/lbreakout2/patches/patch-src_config_c
@@ -0,0 +1,12 @@
+$OpenBSD: patch-src_config_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
+--- src/config.c.orig	2002-02-22 12:58:37.000000000 +0100
++++ src/config.c	2004-03-02 21:55:07.000000000 +0100
+@@ -40,7 +40,7 @@ Config config;
+ void config_check_dir()
+ {
+     char level_dir[512];
+-    sprintf( config.dir_name, "%s/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
++    snprintf( config.dir_name, sizeof(config.dir_name), "%s/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+     /* test and create .lgames */
+     if ( opendir( config.dir_name ) == 0 ) {
+         fprintf( stderr, "couldn't find/open config directory '%s'\n", config.dir_name );
diff --git a/games/lbreakout2/patches/patch-src_editor_c b/games/lbreakout2/patches/patch-src_editor_c
new file mode 100644
index 00000000000..728fa397cb2
--- /dev/null
+++ b/games/lbreakout2/patches/patch-src_editor_c
@@ -0,0 +1,12 @@
+$OpenBSD: patch-src_editor_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
+--- src/editor.c.orig	2002-02-22 12:59:28.000000000 +0100
++++ src/editor.c	2004-03-02 21:55:07.000000000 +0100
+@@ -725,7 +725,7 @@ int editor_init( char *file_name )
+ {
+     FILE *file = 0;
+     /* set full file name */
+-    sprintf( edit_file_name, "%s/%s/lbreakout2-levels/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME, file_name );
++    snprintf( edit_file_name, sizeof(edit_file_name), "%s/%s/lbreakout2-levels/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME, file_name );
+     /* test this file for write access. use append to keep contents */
+     if ( ( file = fopen( edit_file_name, "a" ) ) == 0 ) {
+         fprintf( stderr, "Permission to write to file '%s' denied.\n", edit_file_name );
diff --git a/games/lbreakout2/patches/patch-src_game_c b/games/lbreakout2/patches/patch-src_game_c
new file mode 100644
index 00000000000..2fcaf1e6c69
--- /dev/null
+++ b/games/lbreakout2/patches/patch-src_game_c
@@ -0,0 +1,12 @@
+$OpenBSD: patch-src_game_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
+--- src/game.c.orig	2002-02-22 13:00:24.000000000 +0100
++++ src/game.c	2004-03-02 21:55:07.000000000 +0100
+@@ -561,7 +561,7 @@ int game_init()
+     /* load level */
+     setname = levelset_names[config.levelset_id];
+     if ( levelset_names[config.levelset_id][0] == '~' ) {
+-        sprintf( path, "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
++        snprintf( path, sizeof(path), "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+         setname++;
+     }
+     else
diff --git a/games/lbreakout2/patches/patch-src_levels_c b/games/lbreakout2/patches/patch-src_levels_c
new file mode 100644
index 00000000000..2274e64e9a2
--- /dev/null
+++ b/games/lbreakout2/patches/patch-src_levels_c
@@ -0,0 +1,12 @@
+$OpenBSD: patch-src_levels_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
+--- src/levels.c.orig	2002-02-22 13:00:43.000000000 +0100
++++ src/levels.c	2004-03-02 21:55:07.000000000 +0100
+@@ -220,7 +220,7 @@ void levelsets_load_names()
+     /* create dynamic list */
+     names = list_create( LIST_NO_AUTO_DELETE, NO_CALLBACK );
+     /* parse home directory */
+-    sprintf( level_dir, "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
++    snprintf( level_dir, sizeof(level_dir), "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+     text = get_file_list( level_dir, 0, level_dir );
+     for ( i = 0; i < text->count; i++ ) {
+         /* filter stuff */
diff --git a/games/lbreakout2/patches/patch-src_main_c b/games/lbreakout2/patches/patch-src_main_c
new file mode 100644
index 00000000000..cced15ce592
--- /dev/null
+++ b/games/lbreakout2/patches/patch-src_main_c
@@ -0,0 +1,12 @@
+$OpenBSD: patch-src_main_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
+--- src/main.c.orig	2002-02-22 13:02:01.000000000 +0100
++++ src/main.c	2004-03-02 21:55:07.000000000 +0100
+@@ -106,7 +106,7 @@ int main(int argc, char *argv[])
+                 /* new set? */
+                 if ( strequal( "<CREATE SET>", levelset_home_names[config.levelset_home_id] ) ) {
+                     editor_file = calloc( 16, sizeof( char ) );
+-                    sprintf( path, "%s/%s/lbreakout2-levels", getenv( "HOME" ), CONFIG_DIR_NAME );
++                    snprintf( path, sizeof(path), "%s/%s/lbreakout2-levels", getenv( "HOME" ), CONFIG_DIR_NAME );
+                     if ( !enter_string( font, "Set Name:", editor_file, 12 ) || !file_check( path, editor_file, "w" ) ) {
+                         free( editor_file );
+                         break;
diff --git a/games/lbreakout2/patches/patch-src_manager_c b/games/lbreakout2/patches/patch-src_manager_c
new file mode 100644
index 00000000000..8a13ef0a8e8
--- /dev/null
+++ b/games/lbreakout2/patches/patch-src_manager_c
@@ -0,0 +1,12 @@
+$OpenBSD: patch-src_manager_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
+--- src/manager.c.orig	2002-02-16 15:06:24.000000000 +0100
++++ src/manager.c	2004-03-02 21:55:07.000000000 +0100
+@@ -126,7 +126,7 @@ void cb_delete_set()
+         return;
+     }
+     /* get file name + path */
+-    sprintf( fname, "%s/%s/lbreakout2-levels/%s", getenv( "HOME" ), CONFIG_DIR_NAME, levelset_home_names[config.levelset_home_id] );
++    snprintf( fname, sizeof(fname), "%s/%s/lbreakout2-levels/%s", getenv( "HOME" ), CONFIG_DIR_NAME, levelset_home_names[config.levelset_home_id] );
+     remove( fname );
+     levelsets_load_names(); /* reinit name lists and configs indices */
+     /* reassign these name lists as position in memory has changed */
diff --git a/games/lbreakout2/patches/patch-src_theme_c b/games/lbreakout2/patches/patch-src_theme_c
new file mode 100644
index 00000000000..b725f9df528
--- /dev/null
+++ b/games/lbreakout2/patches/patch-src_theme_c
@@ -0,0 +1,57 @@
+$OpenBSD: patch-src_theme_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
+--- src/theme.c.orig	2002-02-19 15:12:22.000000000 +0100
++++ src/theme.c	2004-03-02 21:55:07.000000000 +0100
+@@ -115,7 +115,7 @@ SDL_Surface* theme_load_surf( char *name
+ {
+     SDL_Surface *surf = 0;
+     char path[512];
+-    sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
++    snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+     if ( strequal( theme_name, "Default" ) || ( surf = load_surf( path, SDL_SWSURFACE | SDL_NONFATAL ) ) == 0 )
+         surf = load_surf( name, SDL_SWSURFACE );
+     return surf;
+@@ -125,7 +125,7 @@ Sound_Chunk* theme_load_sound( char *nam
+ {
+     Sound_Chunk *sound = 0;
+     char path[512];
+-    sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
++    snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+     if ( strequal( theme_name, "Default" ) ||  ( sound = sound_chunk_load( path ) ) == 0 )
+         sound = sound_chunk_load( name );
+     return sound;
+@@ -135,7 +135,7 @@ Font* theme_load_font_fixed( char *name,
+ {
+     Font *font = 0;
+     char path[512];
+-    sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
++    snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+     if ( strequal( theme_name, "Default" ) ||  ( font = load_fixed_font( path, start, len, width, SDL_SWSURFACE | SDL_NONFATAL ) ) == 0 )
+         font = load_fixed_font( name, start, len, width, SDL_SWSURFACE );
+     return font;
+@@ -201,7 +201,7 @@ void theme_load_bkgnds()
+     struct stat filestat;
+     char path[512];
+     char fname[512];
+-    sprintf( fname, "%s/.lgames/lbreakout2-themes/%s/back0.png", getenv( "HOME" ), theme_name );
++    snprintf( fname, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/back0.png", getenv( "HOME" ), theme_name );
+     if ( strequal( theme_name, "Default" ) || stat( fname, &filestat ) == -1 ) {
+         /* use original backs */
+         bkgnd_count = BACK_COUNT;
+@@ -209,7 +209,7 @@ void theme_load_bkgnds()
+     }
+     else {
+         /* use new backs */
+-        sprintf( path, "%s/.lgames/lbreakout2-themes/%s", getenv( "HOME" ), theme_name );
++        snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s", getenv( "HOME" ), theme_name );
+         bkgnd_count = -1;
+         do {
+             bkgnd_count++;
+@@ -248,7 +248,7 @@ void theme_get_list()
+     /* auxilary list */
+     list = list_create( LIST_NO_AUTO_DELETE, NO_CALLBACK );
+     /* theme directory */
+-    sprintf( dir, "%s/.lgames/lbreakout2-themes", getenv( "HOME" ) );
++    snprintf( dir, sizeof(dir), "%s/.lgames/lbreakout2-themes", getenv( "HOME" ) );
+     if ( ( hdir = opendir( dir ) ) != 0 ) {
+         while ( ( entry = readdir( hdir ) ) ) {
+             if ( entry->d_name[0] == '.' )