Package: xsok | Debian Sources

Package: xsok / 1.02-17.1

Metadata

Package	Version	Patches format
xsok	1.02-17.1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
build_tweaks.patch \| (download)	Makefile \| 2 1 + 1 - 0 ! src/Imakefile \| 22 11 + 11 - 0 ! src/X-gfx.c \| 2 1 + 1 - 0 ! src/Xaw-help.c \| 2 1 + 1 - 0 ! src/move.c \| 11 5 + 6 - 0 ! src/score.c \| 3 2 + 1 - 0 ! 6 files changed, 21 insertions(+), 21 deletions(-)	random hacks to build + install xsok.
config.patch \| (download)	src/Tableau.h \| 4 2 + 2 - 0 ! src/XSok.ad \| 1 1 + 0 - 0 ! 2 files changed, 3 insertions(+), 2 deletions(-)	configuration changes / fixes.
overflow.patch \| (download)	src/loadsave.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	prevent buffer overflow from the environment.
wm_delete.patch \| (download)	src/X-sok.h \| 5 4 + 1 - 0 ! src/Xaw-help.c \| 14 11 + 3 - 0 ! src/Xaw-main.c \| 48 39 + 9 - 0 ! src/xsok.h \| 2 1 + 1 - 0 ! 4 files changed, 55 insertions(+), 14 deletions(-)	support icccm ... or at least wm_delete_window.
undo_nowrap.patch \| (download)	src/commands.c \| 3 0 + 3 - 0 ! 1 file changed, 3 deletions(-)	do not let undo wrap around to the original end of the game. This behavior was not a bug, but it is unintuitive and undocumented.
drag_segfault.patch \| (download)	src/mousemove.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	avoid segfault when trying to drag the player with the middle button. Dragging the player does nothing, you're supposed to drag a box, but at least it shouldn't crash.
manpage.patch \| (download)	src/xsok.man \| 24 12 + 12 - 0 ! 1 file changed, 12 insertions(+), 12 deletions(-)	small manpage fixes.
no_gunzip.patch \| (download)	lib/Makefile \| 26 8 + 18 - 0 ! src/Imakefile \| 4 2 + 2 - 0 ! src/parse.c \| 26 6 + 20 - 0 ! src/xfopen.c \| 1 1 + 0 - 0 ! 4 files changed, 17 insertions(+), 40 deletions(-)	remove all traces of gzipped data files, and opening thereof. This is a setgid program; no need to be calling external binaries. Also rip out artificial 7-char limit on game types, which is related.
security_paranoia.patch \| (download)	src/X-gfx.c \| 4 2 + 2 - 0 ! src/X-sound_SUN.c \| 3 2 + 1 - 0 ! src/Xaw-help.c \| 8 4 + 4 - 0 ! src/Xaw-main.c \| 9 5 + 4 - 0 ! src/commands.c \| 3 2 + 1 - 0 ! src/loadsave.c \| 13 8 + 5 - 0 ! src/messages.c \| 4 2 + 2 - 0 ! src/parse.c \| 6 3 + 3 - 0 ! src/showscore.c \| 7 4 + 3 - 0 ! src/tools.c \| 5 3 + 2 - 0 ! src/username.c \| 20 10 + 10 - 0 ! 11 files changed, 45 insertions(+), 37 deletions(-)	replace some sprintf with snprintf, and strcpy with strncpy. I haven't attempted to prove that any of these are exploitable, but it looks as though some may well be. . Note also that I haven't done any kind of formal audit.
do not use global variable as counter.patch \| (download)	src/commands.c \| 7 4 + 3 - 0 ! 1 file changed, 4 insertions(+), 3 deletions(-)	do not use global variable as counter Debian-Bug: https://bugs.debian.org/382550

1