Hello community, here is the log from the commit of package bsd-games checked in at Thu Apr 13 15:06:03 CEST 2006. -------- --- bsd-games/bsd-games.changes 2006-01-25 21:34:45.000000000 +0100 +++ STABLE/bsd-games/bsd-games.changes 2006-04-12 11:57:27.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Apr 12 12:05:26 CEST 2006 - mmarek@suse.cz + +- fix two buffer overflows in scanf() calls, one in sail which is + setgid games + [#165465] (overflow.diff) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bsd-games.spec ++++++ --- /var/tmp/diff_new_pack.ocNhyt/_old 2006-04-13 15:05:47.000000000 +0200 +++ /var/tmp/diff_new_pack.ocNhyt/_new 2006-04-13 15:05:47.000000000 +0200 @@ -1,11 +1,11 @@ # # spec file for package bsd-games (Version 2.13) # -# Copyright (c) 2005 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # -# Please submit bugfixes or comments via http://www.suse.de/feedback/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild @@ -19,7 +19,7 @@ PreReq: permissions Autoreqprov: on Version: 2.13 -Release: 351 +Release: 359 Summary: Several Text-Mode Games Source: %{name}-%{version}.tar.bz2 Patch0: %{name}-%{version}.diff @@ -104,6 +104,10 @@ %attr(-,games,games) /usr/share/misc/* %changelog -n bsd-games +* Wed Apr 12 2006 - mmarek@suse.cz +- fix two buffer overflows in scanf() calls, one in sail which is + setgid games + [#165465] (overflow.diff) * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Tue Oct 11 2005 - mmarek@suse.cz ++++++ bsd-games-2.13-overflow.diff ++++++ --- /var/tmp/diff_new_pack.ocNhyt/_old 2006-04-13 15:05:47.000000000 +0200 +++ /var/tmp/diff_new_pack.ocNhyt/_new 2006-04-13 15:05:47.000000000 +0200 @@ -1,5 +1,5 @@ ---- bsd-games-2.13/hunt/huntd/get_names.c.xx 2005-05-12 16:49:48.914648057 +0200 -+++ bsd-games-2.13/hunt/huntd/get_names.c 2005-05-12 16:50:43.974305574 +0200 +--- hunt/huntd/get_names.c ++++ hunt/huntd/get_names.c @@ -128,7 +128,7 @@ if (memcmp((char *) &his_machine_name, (char *) &my_machine_name, sizeof(his_machine_name)) == 0) @@ -9,3 +9,25 @@ else { /* look up the address of the recipient's machine */ hp = gethostbyname(his_machine_name); +--- sail/pl_main.c ++++ sail/pl_main.c +@@ -223,7 +223,7 @@ + printf("\nInitial broadside %s (grape, chain, round, double): ", + n ? "right" : "left"); + fflush(stdout); +- scanf("%s", buf); ++ scanf("%9s", buf); + switch (*buf) { + case 'g': + load = L_GRAPE; +--- trek/getpar.c ++++ trek/getpar.c +@@ -145,7 +145,7 @@ + if (f) + cgetc(0); /* throw out the newline */ + scanf("%*[ \t;]"); +- if ((c = scanf("%[^ \t;\n]", input)) < 0) ++ if ((c = scanf("%99[^ \t;\n]", input)) < 0) + exit(1); + if (c == 0) + continue; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...