r13256 - packages/trunk/rott/debian/patches
Fabian Greffrath
fabian-guest at alioth.debian.org
Wed Feb 15 12:25:43 UTC 2012
Author: fabian-guest
Date: 2012-02-15 12:25:43 +0000 (Wed, 15 Feb 2012)
New Revision: 13256
Added:
packages/trunk/rott/debian/patches/format-security.patch
Modified:
packages/trunk/rott/debian/patches/series
Log:
Fix format string vulnerabilities.
Added: packages/trunk/rott/debian/patches/format-security.patch
===================================================================
--- packages/trunk/rott/debian/patches/format-security.patch (rev 0)
+++ packages/trunk/rott/debian/patches/format-security.patch 2012-02-15 12:25:43 UTC (rev 13256)
@@ -0,0 +1,238 @@
+--- rott.orig/rott/rt_build.c
++++ rott/rott/rt_build.c
+@@ -543,7 +543,7 @@ void PositionMenuBuf( int angle, int dis
+ DrawPlanePosts();
+ oldfont=CurrentFont;
+ CurrentFont = (font_t *)W_CacheLumpName ("newfnt1", PU_CACHE, Cvt_font_t, 1);
+- US_MeasureStr (&width, &height, titlestring);
++ US_MeasureStr (&width, &height, "%s", titlestring);
+ US_ClippedPrint ((320-width)>>1, MENUTITLEY-titleyoffset, titlestring);
+ CurrentFont=oldfont;
+ FlipPage();
+--- rott.orig/rott/rt_draw.c
++++ rott/rott/rt_draw.c
+@@ -4464,7 +4464,7 @@ fadeworld:
+ if (i>3)
+ I_Delay(50);
+
+- US_MeasureStr (&width, &height, &(EndCinematicText[i][0]));
++ US_MeasureStr (&width, &height, "%s", &(EndCinematicText[i][0]));
+ if (LastScan !=0)
+ break;
+
+@@ -4555,11 +4555,11 @@ finalfade:
+
+ if (LastScan == 0)
+ {
+- US_MeasureStr (&width, &height, NextGameString1);
++ US_MeasureStr (&width, &height, "%s", NextGameString1);
+ x=(320-width)>>1;
+ y=(200-height)>>1;
+ US_ClippedPrint (x,y-6, NextGameString1);
+- US_MeasureStr (&width, &height, NextGameString2);
++ US_MeasureStr (&width, &height, "%s", NextGameString2);
+ x=(320-width)>>1;
+ y=(200-height)>>1;
+ US_ClippedPrint (x,y+6, NextGameString2);
+@@ -4912,7 +4912,7 @@ void ScrollString ( int cy, char * strin
+ int time1,time2;
+
+ LastScan=0;
+- US_MeasureStr (&width, &height, string);
++ US_MeasureStr (&width, &height, "%s", string);
+
+ x=(320-width)>>1;
+ y=cy-(height>>1);
+@@ -5578,7 +5578,7 @@ void DoInBetweenCinematic (int yoffset,
+ DrawNormalSprite(0,yoffset,lump);
+
+ CurrentFont=smallfont;
+- US_MeasureStr (&width, &height, string);
++ US_MeasureStr (&width, &height, "%s", string);
+ x=(320-width)>>1;
+ y=190-height;
+ US_ClippedPrint (x, y, string);
+@@ -5674,7 +5674,7 @@ void DrawPreviousCredits ( int num, Cred
+ CurrentFont=smallfont;
+ else
+ CurrentFont=tinyfont;
+- US_MeasureStr (&width, &height, &(Credits[i].text[0]));
++ US_MeasureStr (&width, &height, "%s", &(Credits[i].text[0]));
+ x=(320-width)>>1;
+ y=Credits[i].endy;
+ US_ClippedPrint (x, y+4, &Credits[i].text[0]);
+@@ -5706,7 +5706,7 @@ void WarpCreditString ( int time, byte *
+ CurrentFont=smallfont;
+ else
+ CurrentFont=tinyfont;
+- US_MeasureStr (&width, &height, &(Credits[num].text[0]));
++ US_MeasureStr (&width, &height, "%s", &(Credits[num].text[0]));
+
+ x=(320-width)>>1;
+ y=Credits[num].endy;
+--- rott.orig/rott/rt_game.c
++++ rott/rott/rt_game.c
+@@ -1033,12 +1033,12 @@ void DrawPlayers
+
+ // Shorten name to fit into point count
+ length = strlen( codename );
+- US_MeasureStr( &width, &height, codename );
++ US_MeasureStr( &width, &height, "%s", codename );
+ while( width > KILLS_WIDTH )
+ {
+ codename[ length ] = 0;
+ length--;
+- US_MeasureStr( &width, &height, codename );
++ US_MeasureStr( &width, &height, "%s", codename );
+ }
+
+ // Draw name
+--- rott.orig/rott/rt_main.c
++++ rott/rott/rt_main.c
+@@ -876,13 +876,13 @@ void SetupWads( void )
+ if (access (tempstr, 0) != 0) { //try open again
+ //stil no useful filename
+ strcat (tempstr," not found, skipping RTL file ");
+- printf(tempstr);
++ printf("%s", tempstr);
+ goto NoRTL;
+ }
+ }
+ if((f = fopen( tempstr, "r" )) == NULL ){ //try opnong file
+ strcat (tempstr," not could not be opened, skipping RTL file ");
+- printf(tempstr);
++ printf("%s", tempstr);
+ goto NoRTL;
+ }else{
+ fread(buf,3,3,f);//is the 3 first letters RTL (RTC)
+@@ -891,7 +891,7 @@ void SetupWads( void )
+ GameLevels.avail++;
+ strcpy (buf,"Adding ");
+ strcat (buf,tempstr);
+- printf(buf);
++ printf("%s", buf);
+ }
+ fclose(f);
+ }
+@@ -912,13 +912,13 @@ NoRTL:;
+ if (access (tempstr, 0) != 0) { //try open again
+ //stil no useful filename
+ strcat (tempstr," not found, skipping RTC file ");
+- printf(tempstr);
++ printf("%s", tempstr);
+ goto NoRTL;
+ }
+ }
+ if((f = fopen( tempstr, "r" )) == NULL ){ //try opening file
+ strcat (tempstr," not could not be opened, skipping RTC file ");
+- printf(tempstr);
++ printf("%s", tempstr);
+ goto NoRTL;
+ }else{
+ fread(buf,3,3,f);//is the 3 first letters RTL (RTC)
+@@ -927,7 +927,7 @@ NoRTL:;
+ BattleLevels.avail++;
+ strcpy (buf,"Adding ");
+ strcat (buf,tempstr);
+- printf(buf);
++ printf("%s", buf);
+ }
+ fclose(f);
+ }
+@@ -1500,7 +1500,7 @@ void GameLoop (void)
+ // break;
+ }
+ CurrentFont=smallfont;
+- US_MeasureStr (&width, &height, str);
++ US_MeasureStr (&width, &height, "%s", str);
+ US_ClippedPrint ((320-width)>>1, 180, str);
+ VW_UpdateScreen();
+ MenuFadeIn();
+--- rott.orig/rott/rt_map.c
++++ rott/rott/rt_map.c
+@@ -782,14 +782,14 @@ void DrawMapInfo ( void )
+ PrintX = 2;
+ PrintY = 2;
+ strcpy (&temp[0], &(LevelName[0]));
+- US_MeasureStr (&width, &height, &temp[0]);
++ US_MeasureStr (&width, &height, "%s", &temp[0]);
+
+ VWB_TBar (0, 0, 320, height+4);
+
+ US_BufPrint (&temp[0]);
+
+ strcpy (&temp[0], "TAB=EXIT");
+- US_MeasureStr (&width, &height, &temp[0]);
++ US_MeasureStr (&width, &height, "%s", &temp[0]);
+
+ PrintX = 316-width;
+ PrintY = 2;
+@@ -797,7 +797,7 @@ void DrawMapInfo ( void )
+ US_BufPrint (&temp[0]);
+
+ strcpy (&temp[0], "< > CHANGE BACKGROUND COLOR");
+- US_MeasureStr (&width, &height, &temp[0]);
++ US_MeasureStr (&width, &height, "%s", &temp[0]);
+
+ PrintX = (320-width)>>1;
+ PrintY = 2;
+--- rott.orig/rott/rt_str.c
++++ rott/rott/rt_str.c
+@@ -2002,7 +2002,7 @@ int myprintf
+ char *ptr;
+ if (MONOPRESENT==false)
+ {
+- Debug(fmt);
++ Debug("%s", fmt);
+ return 0;
+ }
+ va_start( argptr, fmt );
+--- rott.orig/rott/rt_ted.c
++++ rott/rott/rt_ted.c
+@@ -1073,7 +1073,7 @@ void DrawPreCache( void )
+ else
+ memcpy (&buf[0], "COMM-BAT", 8);
+
+- US_MeasureStr (&width, &height, &buf[0]);
++ US_MeasureStr (&width, &height, "%s", &buf[0]);
+ VWB_TBar (PrintX-2, PrintY-2, width+4, height+4);
+ US_BufPrint (&buf[0]);
+
+@@ -1092,7 +1092,7 @@ void DrawPreCache( void )
+ {
+ itoa( gamestate.mapon + 1, &buf[ 5 ], 10 );
+ }
+- US_MeasureStr (&width, &height, &buf[0]);
++ US_MeasureStr (&width, &height, "%s", &buf[0]);
+ PrintX = (300-width);
+ VWB_TBar (PrintX-2, PrintY-2, width+4, height+4);
+ US_BufPrint (&buf[0]);
+@@ -1107,7 +1107,7 @@ void DrawPreCache( void )
+ else
+ strcpy (temp, &(LevelName[0]));
+
+- US_MeasureStr (&width, &height, &temp[0]);
++ US_MeasureStr (&width, &height, "%s", &temp[0]);
+
+ PrintX = (320-width) >> 1;
+ PrintY = PRECACHESTRINGY;
+@@ -1270,7 +1270,7 @@ DisableScreenStretch();
+ CurrentFont = newfont1;//smallfont;
+
+ strcpy( buf, "Press Any Key" );
+- US_MeasureStr (&width, &height, &buf[ 0 ] );
++ US_MeasureStr (&width, &height, "%s", &buf[ 0 ] );
+ PrintX = (iGLOBAL_SCREENWIDTH-(width)) / 2;
+ PrintY = WHratio*iGLOBAL_SCREENHEIGHT;//162;
+ //VWB_TBar (PrintX-2, PrintY-2, width+4, height+4);
+--- rott.orig/rott/w_wad.c
++++ rott/rott/w_wad.c
+@@ -100,7 +100,7 @@ void W_AddFile (char *_filename)
+ strcpy (buf,"Error, Could not find User file '");
+ strcat (buf,filename);
+ strcat (buf,"', ignoring file");
+- printf(buf);
++ printf("%s", buf);
+ }
+ //bna section end
+
Modified: packages/trunk/rott/debian/patches/series
===================================================================
--- packages/trunk/rott/debian/patches/series 2012-02-15 12:02:33 UTC (rev 13255)
+++ packages/trunk/rott/debian/patches/series 2012-02-15 12:25:43 UTC (rev 13256)
@@ -5,3 +5,4 @@
03-parameter-typo.patch
04-objs-depend-on-develop_h.patch
10-all-variants.patch
+format-security.patch
More information about the Pkg-games-commits
mailing list