gnu: xboing: Fix CVE-2004-0149.

* gnu/packages/patches/xboing-CVE-2004-0149: New file.
* gnu/packages/games.scm (xboing)[source]: Add patch.
* gnu/local.mk (dist_patch_DATA): Register it.

gnu/local.mk

@@ -1141,6 +1141,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/wpa-supplicant-fix-zeroed-keys.patch	\
   %D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch	\
   %D%/packages/patches/wpa-supplicant-krack-followups.patch	\
+  %D%/packages/patches/xboing-CVE-2004-0149.patch		\
   %D%/packages/patches/xcb-proto-python3-print.patch		\
   %D%/packages/patches/xcb-proto-python3-whitespace.patch	\
   %D%/packages/patches/xdotool-fix-makefile.patch               \

gnu/packages/games.scm

@@ -1071,7 +1071,8 @@ (define-public xboing
        (uri (string-append "http://www.techrescue.org/xboing/xboing"
                            version ".tar.gz"))
        (sha256
-        (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7"))))
+        (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7"))
+       (patches (search-patches "xboing-CVE-2004-0149.patch"))))
     (arguments
      `(#:tests? #f
        #:phases

gnu/packages/patches/xboing-CVE-2004-0149.patch

@@ -0,0 +1,134 @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0149
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174924
+---
+ demo.c      |  2 +-
+ editor.c    | 12 ++++++------
+ file.c      |  2 +-
+ highscore.c |  6 +++---
+ misc.c      |  2 +-
+ preview.c   |  2 +-
+ 6 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/demo.c b/demo.c
+index 9084e70..f4fc2cd 100644
+--- a/demo.c
++++ b/demo.c
+@@ -154,7 +154,7 @@ static void DoBlocks(display, window)
+ 
+     /* Construct the demo level filename */
+     if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+-        sprintf(levelPath, "%s/demo.data", str);
++        snprintf(levelPath, sizeof(levelPath),"%s/demo.data", str);
+     else
+         sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR);
+ 
+diff --git a/editor.c b/editor.c
+index f2bb9ed..66d0679 100644
+--- a/editor.c
++++ b/editor.c
+@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window)
+ 
+     /* Construct the Edit level filename */
+     if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+-        sprintf(levelPath, "%s/editor.data", str);
++        snprintf(levelPath,sizeof(levelPath)-1, "%s/editor.data", str);
+     else
+         sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR);
+ 
+@@ -958,8 +958,8 @@ static void LoadALevel(display)
+     if ((num > 0) && (num <= MAX_NUM_LEVELS))
+     {
+ 	    /* Construct the Edit level filename */
+-   	 	if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+-        	sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
++        if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
++            snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
+     	else
+         	sprintf(levelPath, "%s/level%02ld.data", 
+ 				LEVEL_INSTALL_DIR, (u_long) num);
+@@ -1017,9 +1017,9 @@ static void SaveALevel(display)
+     num = atoi(str);
+     if ((num > 0) && (num <= MAX_NUM_LEVELS))
+     {
+-	    /* Construct the Edit level filename */
+-   	 	if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+-        	sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
++        /* Construct the Edit level filename */
++        if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
++            snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
+     	else
+         	sprintf(levelPath, "%s/level%02ld.data", 
+ 				LEVEL_INSTALL_DIR, (u_long) num);
+diff --git a/file.c b/file.c
+index 4c043cd..99a0854 100644
+--- a/file.c
++++ b/file.c
+@@ -139,7 +139,7 @@ void SetupStage(display, window)
+ 
+     /* Construct the level filename */
+     if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+-        sprintf(levelPath, "%s/level%02ld.data", str, newLevel);
++        snprintf(levelPath,sizeof(levelPath), "%s/level%02ld.data", str, newLevel);
+     else
+         sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel);
+ 
+diff --git a/highscore.c b/highscore.c
+index f0db3e9..792273e 100644
+--- a/highscore.c
++++ b/highscore.c
+@@ -1023,7 +1023,7 @@ int ReadHighScoreTable(type)
+ 	{
+ 		/* Use the environment variable if it exists */
+ 		if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
+-			strcpy(filename, str);
++            strncpy(filename, str, sizeof(filename)-1);
+ 		else
+ 			strcpy(filename, HIGH_SCORE_FILE);
+ 	}
+@@ -1095,7 +1095,7 @@ int WriteHighScoreTable(type)
+ 	{
+ 		/* Use the environment variable if it exists */
+ 		if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
+-			strcpy(filename, str);
++            strncpy(filename, str, sizeof(filename)-1);
+ 		else
+ 			strcpy(filename, HIGH_SCORE_FILE);
+ 	}	
+@@ -1218,7 +1218,7 @@ static int LockUnlock(cmd)
+ 
+ 	/* Use the environment variable if it exists */
+ 	if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
+-		strcpy(filename, str);
++        strncpy(filename, str, sizeof(filename)-1);
+ 	else
+ 		strcpy(filename, HIGH_SCORE_FILE);
+ 
+diff --git a/misc.c b/misc.c
+index f3ab37e..7f3ddce 100644
+--- a/misc.c
++++ b/misc.c
+@@ -427,7 +427,7 @@ char *GetHomeDir()
+      */
+ 
+     if ((ptr = getenv("HOME")) != NULL)
+-        (void) strcpy(dest, ptr);
++        (void) strncpy(dest, ptr,sizeof(dest)-1);
+     else
+     {
+         /* HOME variable is not present so get USER var */
+diff --git a/preview.c b/preview.c
+index 41c1187..687f566 100644
+--- a/preview.c
++++ b/preview.c
+@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window)
+ 
+     /* Construct the Preview level filename */
+     if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
+-        sprintf(levelPath, "%s/level%02d.data", str, lnum);
++        snprintf(levelPath, sizeof(levelPath)-1, "%s/level%02d.data", str, lnum);
+     else
+         sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum);
+ 
+-- 
+2.15.1
+