--- xsok-1.02.orig/debian/copyright +++ xsok-1.02/debian/copyright @@ -0,0 +1,28 @@ +This is Debian GNU/Linux's prepackaged version of xsok. +xsok was written by Michael Bischoff . + +The upstream source was downloaded from +ftp://ftp.io.com/pub/mirror/FreeBSD/ports/distfiles/xsok-1.02-src.tar.gz + +The current Debian maintainer is Peter Samuelson . +Much of the packaging work was done by previous Debian maintainers +Sven Rudolph and Joel Rosdahl. + + Copyright (c) 1994 by Michael Bischoff (mbi@mo.math.nat.tu-bs.de) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. (The file COPYRIGHT.GNU) + + You should have received a copy of the GNU General Public License + along with this program; if not, write to Free Software Foundation, + Inc., 51 Franklin St., Fifth Floor, Boston, MA 02110-1301, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General Public +License version 2 can be found in '/usr/share/common-licenses/GPL-2'. --- xsok-1.02.orig/debian/changelog +++ xsok-1.02/debian/changelog @@ -0,0 +1,271 @@ +xsok (1.02-17) unstable; urgency=low + + * Policy 3.8.0: move /usr/X11R6/lib to /usr/lib. + * Build-Depends: xutils-dev. (Closes: #485726) + * Fix 'debian/rules clean' lintian warning. + * Update 'debian/copyright' a bit, thanks again to lintian. + + -- Peter Samuelson Sun, 03 May 2009 11:48:58 -0500 + +xsok (1.02-16) unstable; urgency=medium + + * patch 10_lots_of_stuff: break into logical patches. + - build_tweaks, config, manpage, overflow + * new patch no_gunzip: rip out the gunzip support. + This had a fragile security patch in it - there were two code paths + selected by a define in the Imakefile, and only one was fixed. + - patch 20_gunzip_exploit_fix deleted, as it is obsolete + * new patch wm_delete: support ICCCM, or at least WM_DELETE_WINDOW. + Thanks to Peter de Wachter for the patch. + (Closes: #288143) + * new patch security_paranoia: fix/remove various uses of strcpy/sprintf. + Most of these aren't exploitable, but some might be. + * new patch undo_nowrap: prevent "undo" command from wrapping around + to the end of the game. This behavior was clearly intentional, but + it's counterintuitive and undocumented. (Closes: #288142) + * new patch drag_segfault: prevent segfault when trying to drag the + player with button 2. (Closes: #318617) + * patch build_tweaks: + - disable ifdef for HPArchitecture. Obviously they mean HP-UX; we + don't want that stuff for Debian hppa. + - remove -O2 from CCOPTIONS, to enable DEB_BUILD_OPTIONS=noopt. + - fix 3 gcc warnings. All harmless, except one on 64-bit BE, + which Debian doesn't have for this package. + * debian/rules: support DEB_BUILD_OPTIONS=nostrip,noopt. + * debian/rules: + - Remove kludge around Bug #319121, it's fixed now. + - In the same vein, override $(LOCAL_LIBRARIES) to avoid linking + extraneous X libraries. + - debian/control: Trim Build-Depends accordingly. + * debian/docs: don't ship README, it's not really relevant to Debian. + + -- Peter Samuelson Tue, 7 Feb 2006 06:13:55 -0600 + +xsok (1.02-15) unstable; urgency=low + + * New maintainer. (Closes: #242100) + * Bump standards version to 3.6.2 (no changes). + * debian/rules: use debhelper 4, remove random dh_* cruft. + * debian/rules: small cleanups; use DESTDIR for readability. + * Do not install COPYRIGHT.* in /usr/share/doc. These are all covered + by 'copyright'. + * debian/rules: hacks to "fix" what imake spits out: + - do not link to libselinux (see #319121) + - do not link to libXp + * debian/control: kill xlibs-dev in favor of the real dev packages. + * debian/patches/11_manpage: .TH section 6x, not 6. + * debian/copyright: FSF moved again. + + -- Peter Samuelson Tue, 2 Aug 2005 21:04:34 -0500 + +xsok (1.02-14) unstable; urgency=low + + * QA upload. + * Decompress .gz files in /usr/share/games/xsok/ (Closes: #291513) + * usr/share/games/xsok added to debian/dirs + + -- Emanuele Rocca Fri, 21 Jan 2005 12:41:03 +0100 + +xsok (1.02-13) unstable; urgency=low + + * QA upload. + * chown user.group replaced with user:group in debian/rules and + debian/postinst (Closes: #287994) + * Updated Standards Version. + * Fixed synopsis. + * debian/conffiles removed. + * dh_installmanpages is deprecated; replaced with dh_installman. + + -- Emanuele Rocca Sun, 9 Jan 2005 12:22:27 +0100 + +xsok (1.02-12) unstable; urgency=low + + * Orphaned. + + -- Joel Rosdahl Sun, 4 Apr 2004 21:03:36 +0200 + +xsok (1.02-11) unstable; urgency=high + + * Use dpatch for patch management. + * Standards-Version 3.6.0. + * Fixed CAN-2003-0949: Privilege escalation to group games. Bug fix by + Steve Kemp. + * Build-depend on libxaw7-dev instead of libxaw-dev. + + -- Joel Rosdahl Thu, 20 Nov 2003 12:19:02 +0100 + +xsok (1.02-10) unstable; urgency=low + + * Changed build dependency on xlib6g-dev to xlibs-dev. Closes: + bug#170160. + * Standards-Version 3.5.8. + + -- Joel Rosdahl Sat, 25 Jan 2003 22:51:09 +0100 + +xsok (1.02-9) unstable; urgency=low + + * Added menu hint "Sokoban". Closes: bug#128756. + + -- Joel Rosdahl Fri, 11 Jan 2002 17:18:56 +0100 + +xsok (1.02-8) unstable; urgency=low + + * Fixed buffer overflow when reading environment variable LANG. + * Fixed spelling error in copyright file. + * Use DH_COMPAT 3. + + -- Joel Rosdahl Wed, 12 Dec 2001 20:46:35 +0100 + +xsok (1.02-7) unstable; urgency=low + + * Move whole /var/lib/games/xsok to /var/games/xsok. Fixes: bug#94968. + + -- Joel Rosdahl Mon, 23 Apr 2001 14:30:31 +0200 + +xsok (1.02-6) unstable; urgency=low + + * Moved files in /var/lib/games to /var/games. + * Moved files in /usr/lib/games to /usr/share/games. + + -- Joel Rosdahl Mon, 9 Apr 2001 22:38:19 +0200 + +xsok (1.02-5) unstable; urgency=low + + * Standards-Version 3.5.2. + * Put app-defaults in /etc/X11/app-defaults. Closes: bug#86332. + * Added app-defaults file as conffile. + * Don't use suidmanager anymore. + + -- Joel Rosdahl Thu, 22 Feb 2001 22:39:45 +0100 + +xsok (1.02-4) unstable; urgency=low + + * Added build dependency on xutils (for xmkmf). Closes: bug#84890. + + -- Joel Rosdahl Mon, 5 Feb 2001 00:20:47 +0100 + +xsok (1.02-3) unstable; urgency=low + + * Removed outdated build dependency. Closes: bug#84652. + * Standards-Version: 3.2.1. + * Added Lintian override. + + -- Joel Rosdahl Sat, 3 Feb 2001 11:18:57 +0100 + +xsok (1.02-2) unstable; urgency=low + + * Improved build target in debian/rules. + * Added Build-Depends field to debian/control. + + -- Joel Rosdahl Sat, 13 May 2000 00:51:16 +0200 + +xsok (1.02-1) unstable; urgency=low + + * Found version 1.02... + * Standards-Version 3.1.1 + + -- Joel Rosdahl Sun, 12 Mar 2000 00:58:38 +0100 + +xsok (1.01-11) unstable; urgency=low + + * Converted to debhelper. + * Standards-Version 2.4.1 + + -- Joel Rosdahl Sun, 26 Jul 1998 16:57:46 +0200 + +xsok (1.01-10) unstable; urgency=low + + * Rebuilt to fix some warnings from Lintian about wrong file permissions + * Moved back man-page. :P + + -- Joel Rosdahl Sun, 8 Mar 1998 22:58:28 +0100 + +xsok (1.01-9) unstable; urgency=low + + * Standards-Version 2.4.0.0 + * Moved man-page to /usr/X11R6/man + * Fixed some problems reported by Lintian + + -- Joel Rosdahl Sun, 8 Mar 1998 14:27:06 +0100 + +xsok (1.01-8) unstable; urgency=low + + * Fixed debian/rules (bug #15539) + + -- Joel Rosdahl Wed, 3 Dec 1997 21:43:01 +0100 + +xsok (1.01-7) unstable; urgency=low + + * Changed priority from Extra to Optional. + + -- Joel Rosdahl Wed, 26 Nov 1997 01:06:05 +0100 + +xsok (1.01-6) unstable; urgency=low + + * Recompiled (fixes bug #15260) + + -- Joel Rosdahl Tue, 25 Nov 1997 23:40:03 +0100 + +xsok (1.01-5) unstable; urgency=low + + * Recompiled against the the new xlib6 and xpm4 libraries (fixes + bugs #12709 and #12916) + + -- Joel Rosdahl Wed, 24 Sep 1997 20:43:10 +0200 + +xsok (1.01-4) unstable; urgency=low + + * Changed maintainer + * Updated to Standards-Version 2.1.2.2 + * Added entry in Debian's menu system + * Added default username in AppDefaults + * Fixed a path in the manpage + * Fixed savedir resource name (fixing bug #8966) + * Added a prerm script that cleans up the global highscore directory + * Updated debian/rules to use debstd + + -- Joel Rosdahl Thu, 14 Aug 1997 20:33:35 +0200 + +xsok (1.01-3) unstable; urgency=low + + * Updated to Standards-Version 2.1.0.0. + + -- Sven Rudolph Thu, 24 Oct 1996 15:14:57 +0200 + +Wed Jul 24 22:12:38 1996 Sven Rudolph + + * corrected extended description (Bug#3669) + + * added multi-architecture support + +Tue Feb 20 00:03:35 1996 Sven Rudolph + + * upgraded to xsok 1.01 + + * converted to ELF + + * runs setgid games again + +Mon Aug 28 17:06:32 1995 Sven Rudolph + + * releasing xsok-1.00-2 + + * src/Xaw-main.c: added temporary change of euid for + XtAppInitialize + +Thu Aug 17 22:42:29 1995 Sven Rudolph + + * releasing xsok-1.00-1 + +Tue Aug 15 21:31:57 1995 Sven Rudolph + + * src/X-widget.c: dont use getenv("LANG") + + * src/Imakefile: added: install -d $(XSOKMANDIR) + do not install copyright files into doc + + * Makefile (all): commented out 'make testname' + + * changed file locations according to FSSTND + + * added Debian GNU/Linux package maintenance system files --- xsok-1.02.orig/debian/rules +++ xsok-1.02/debian/rules @@ -0,0 +1,78 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE=1 + +DESTDIR := $(shell pwd)/debian/xsok + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + OPTIMIZE := CDEBUGFLAGS='-g -fno-strict-aliasing' +else + OPTIMIZE := +endif + +include /usr/share/dpatch/dpatch.make + +build: build-stamp +build-stamp: patch-stamp + dh_testdir + $(MAKE) $(OPTIMIZE) \ + LOCAL_LIBRARIES='-lXpm -lXaw -lXt -lX11' \ + XSOKLIBDIR=/usr/share/games/xsok \ + XSOKSAVEDIR=/var/games/xsok + touch build-stamp + +clean: clean1 unpatch + +clean1: + dh_testdir + dh_testroot + $(RM) build-stamp + [ ! -f Makefile ] || $(MAKE) clean + dh_clean + +# Build architecture-independent files here. +binary-indep: build +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install $(OPTIMIZE) \ + BINDIR=$(DESTDIR)/usr/games \ + LIBDIR=$(DESTDIR)/usr/lib/X11 \ + XSOKLIBDIR=$(DESTDIR)/usr/share/games/xsok \ + XSOKMANDIR=$(DESTDIR)/usr/share/man/man6 \ + XSOKSAVEDIR=$(DESTDIR)/var/games/xsok \ + XSOKDOCDIR=$(DESTDIR)/usr/share/doc/xsok \ + XAPPLOADDIR=$(DESTDIR)/etc/X11/app-defaults + + $(RM) $(DESTDIR)/usr/share/doc/xsok/COPYRIGHT* + cp debian/override.Lintian $(DESTDIR)/usr/share/lintian/overrides/xsok + dh_installdocs + dh_installmenu + dh_installman + dh_installchangelogs + dh_strip + dh_compress + dh_fixperms + + chown -R root:games $(DESTDIR)/var/games/xsok + chown root:games $(DESTDIR)/usr/games/xsok + chmod 2775 $(DESTDIR)/var/games/xsok + chmod 2755 $(DESTDIR)/usr/games/xsok + + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary patch unpatch clean1 --- xsok-1.02.orig/debian/prerm +++ xsok-1.02/debian/prerm @@ -0,0 +1,16 @@ +#!/bin/bash -e + +case "$1" in + remove) + rm -f /var/games/xsok/* + ;; + + upgrade|deconfigure|failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + ;; +esac + +#DEBHELPER# --- xsok-1.02.orig/debian/postinst +++ xsok-1.02/debian/postinst @@ -0,0 +1,22 @@ +#!/bin/sh + +set -e + +# In older versions, /var/lib/games/xsok/* were -rw-r--r-- games.root + +if [ -d /var/lib/games/xsok ] ; then + chown root:games /var/lib/games/xsok /var/lib/games/xsok/* + chmod 2775 /var/lib/games/xsok + chmod 664 /var/lib/games/xsok/* +fi + +# /var/lib/games/xsok changed location to /var/games/xsok. + +if [ -d /var/lib/games/xsok ]; then + rm -rf /var/games/xsok + cp -a /var/lib/games/xsok /var/games + rm -rf /var/lib/games/xsok +fi + + +#DEBHELPER# --- xsok-1.02.orig/debian/docs +++ xsok-1.02/debian/docs @@ -0,0 +1 @@ +doc/xsok.tex --- xsok-1.02.orig/debian/compat +++ xsok-1.02/debian/compat @@ -0,0 +1 @@ +4 --- xsok-1.02.orig/debian/dirs +++ xsok-1.02/debian/dirs @@ -0,0 +1,2 @@ +usr/share/lintian/overrides +usr/share/games/xsok --- xsok-1.02.orig/debian/override.Lintian +++ xsok-1.02/debian/override.Lintian @@ -0,0 +1,2 @@ +xsok: non-standard-executable-perm usr/games/xsok 0755 != 2755 +xsok: non-standard-dir-perm var/games/xsok/ 2775 != 0755 --- xsok-1.02.orig/debian/control +++ xsok-1.02/debian/control @@ -0,0 +1,19 @@ +Source: xsok +Priority: optional +Section: games +Maintainer: Peter Samuelson +Standards-Version: 3.8.0 +Build-Depends: dpatch, debhelper, xutils-dev, + libx11-dev, libxt-dev, libxaw7-dev, libxpm-dev + +Package: xsok +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: generic Sokoban game for X11 + xsok is a single player strategic game, a superset of the + well-known Sokoban game. + . + The target of Sokoban is to push all the objects into the + score area of each level using the mouse or the arrow + keys. For the other level subsets, there are different + kinds of objects, and special effect squares. --- xsok-1.02.orig/debian/menu +++ xsok-1.02/debian/menu @@ -0,0 +1 @@ +?package(xsok):needs="x11" section="Games/Puzzles" title="Xsokoban" command="xsok" hints="Sokoban" --- xsok-1.02.orig/debian/patches/build_tweaks.dpatch +++ xsok-1.02/debian/patches/build_tweaks.dpatch @@ -0,0 +1,160 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## build_tweaks.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Random hacks to build + install xsok. + +@DPATCH@ +diff -urNad xsok-1.02/Makefile xsok-1.02/Makefile +--- xsok-1.02/Makefile ++++ xsok-1.02/Makefile +@@ -7,7 +7,7 @@ + # But then, you're on your own... + + all: +- (cd src && xmkmf && $(MAKE) && strip xsok) ++ (cd src && xmkmf && $(MAKE)) + (cd lib && $(MAKE)) + (cd src && $(MAKE) testname) + +diff -urNad xsok-1.02/src/Imakefile xsok-1.02/src/Imakefile +--- xsok-1.02/src/Imakefile ++++ xsok-1.02/src/Imakefile +@@ -70,18 +70,18 @@ + # ***************************************************************************** + # I hope you don't need to change anything below this point + # ***************************************************************************** +-#if defined(HPArchitecture) || defined(AIXArchitecture) ++#if 0 /* defined(HPArchitecture) || defined(AIXArchitecture) */ + CC = c89 + CCOPTIONS = + #else + CC = gcc + #ifdef EXTRA_WARNINGS +-CCOPTIONS = -O2 -pipe -ansi -fno-common -Wall -Wshadow -Wpointer-arith \ ++CCOPTIONS = -pipe -ansi -fno-common -Wall -Wshadow -Wpointer-arith \ + -Wcast-qual -Wcast-align -Waggregate-return \ + -Wstrict-prototypes -Wmissing-prototypes \ + -Wnested-externs -Wwrite-strings + #else +-CCOPTIONS = -O2 -pipe -ansi -Wall -fno-common ++CCOPTIONS = -pipe -ansi -Wall -fno-common + #endif + #endif + +@@ -103,7 +103,7 @@ + ALLTARGETS = username combine showscore mergescores $(MYPROG) + DEFINES = $(HELP_OPTION) $(SOUND_OPTION) $(XPMINCLUDE) $(NET_DEFINE) \ + $(PIPE_DEFINE) -DXSOKDIR=\"$(XSOKLIBDIR)\" -DXSOKSAVE=\"$(XSOKSAVEDIR)\" \ +- $(SLEEP_DEFINE) ++ $(SLEEP_DEFINE) -DDEBIAN + + # Dependencies: + # *.c require version.h xsok.h +@@ -133,15 +133,15 @@ + # the install targets require that make has been run in the lib directory + install:: $(MYPROGS) + (umask 022 && mkdirhier $(XSOKLIBDIR)) +- # chmod 755 $(XSOKLIBDIR) ++# chmod 755 $(XSOKLIBDIR) + (umask 022 && mkdirhier $(XSOKSAVEDIR)) + chmod 777 $(XSOKSAVEDIR) + (cd ../lib; tar cf - $(LIBCONTS) | (cd $(XSOKLIBDIR); tar xf -)) + chown -R root $(XSOKLIBDIR) $(XSOKSAVEDIR) + chmod -R a+r $(XSOKLIBDIR) +- (cd ../lib && ../src/mergescores $(XSOKSAVEDIR)/Xsok.score \ +- $(XSOKSAVEDIR)/Sokoban.score $(XSOKSAVEDIR)/Cyberbox.score) +- chmod 666 $(XSOKSAVEDIR)/[A-z]*.score ++# (cd ../lib && ../src/mergescores $(XSOKSAVEDIR)/Xsok.score \ ++# $(XSOKSAVEDIR)/Sokoban.score $(XSOKSAVEDIR)/Cyberbox.score) ++# chmod 666 $(XSOKSAVEDIR)/[A-z]*.score + (umask 022 && mkdirhier $(XSOKDOCDIR)) + if [ -r ../doc/xsok.dvi ]; then cp ../doc/xsok.dvi $(XSOKDOCDIR); fi + cp ../doc/cyberbox.doc $(XSOKDOCDIR) +@@ -173,6 +173,6 @@ + chmod 755 $(LXSOKBINDIR)/xsok + cp xsok.man $(LXSOKMANDIR)/xsok.6x + chmod 644 $(LXSOKMANDIR)/xsok.6x +- (cd ../lib && ../src/mergescores $(XSOKSAVEDIR)/Xsok.score \ +- $(XSOKSAVEDIR)/Sokoban.score $(XSOKSAVEDIR)/Cyberbox.score) +- chmod 666 $(XSOKSAVEDIR)/[A-z]*.score ++# (cd ../lib && ../src/mergescores $(XSOKSAVEDIR)/Xsok.score \ ++# $(XSOKSAVEDIR)/Sokoban.score $(XSOKSAVEDIR)/Cyberbox.score) ++# chmod 666 $(XSOKSAVEDIR)/[A-z]*.score +diff -urNad xsok-1.02/src/X-gfx.c xsok-1.02/src/X-gfx.c +--- xsok-1.02/src/X-gfx.c ++++ xsok-1.02/src/X-gfx.c +@@ -13,7 +13,7 @@ + #include "X-sok.h" + + /*#include */ +-#include ++#include + + #ifndef DELAY + #define DELAY 50 /* time to sleep (in ms) between auto-moves & replay */ +diff -urNad xsok-1.02/src/Xaw-help.c xsok-1.02/src/Xaw-help.c +--- xsok-1.02/src/Xaw-help.c ++++ xsok-1.02/src/Xaw-help.c +@@ -59,7 +59,7 @@ + { const char **rp; + for (rp = rulepool; *rp; ++rp) { + char n[8], s[40]; +- sprintf(n, "Help%d", rp-rulepool+1); ++ sprintf(n, "Help%u", (unsigned int)(rp-rulepool+1)); + XtSetArg(Args[0], XtNlabel, s); + sprintf(s, TXT_HELP_RULES, *rp); + w = XtCreateManagedWidget(n, smeBSBObjectClass, topicsmenu, Args, 1); +diff -urNad xsok-1.02/src/move.c xsok-1.02/src/move.c +--- xsok-1.02/src/move.c ++++ xsok-1.02/src/move.c +@@ -116,9 +116,9 @@ + int dirbits, power; + #ifdef SELECTOR_HACK + static struct objects *sel_ip = NULL; +- struct objects *new_sel_ip; ++ struct objects *sel_enter_ip = NULL; + int forbidden = 0; +- int sel_enter = 0, sel_leave = 0; ++ int sel_leave = 0; + + if (obj[y][x]->pic == 7) + sel_leave = 1; +@@ -154,8 +154,7 @@ + case 0: /* man: */ + case 7: /* man in selector */ + if (ip->mask == 0x30010) { /* walkable selector */ +- sel_enter = 1; +- new_sel_ip = ip; ++ sel_enter_ip = ip; + goto move_ok; + } + } +@@ -194,8 +193,8 @@ + } else { + obj[ty][tx] = NULL; + } +- if (sel_enter) { +- sel_ip = new_sel_ip; ++ if (sel_enter_ip) { ++ sel_ip = sel_enter_ip; + obj[ty+n*dy][tx+n*dx]->pic = 7; /* man in a box */ + } + DOPAINT(x, y, x+n*dx, y+n*dy); +diff -urNad xsok-1.02/src/score.c xsok-1.02/src/score.c +--- xsok-1.02/src/score.c ++++ xsok-1.02/src/score.c +@@ -35,11 +35,12 @@ + else + game.score += obj[y][x]->score; + } +- if (c == E_DEST) ++ if (c == E_DEST) { + if (!obj[y][x] || !(obj[y][x]->mask & ~1)) + retval = 0; /* player doesn't score! */ + else + game.score += obj[y][x]->score; ++ } + } + if (retval && !objects->score) + game.score += 10000; /* finished-score if no special EXIT square */ --- xsok-1.02.orig/debian/patches/drag_segfault.dpatch +++ xsok-1.02/debian/patches/drag_segfault.dpatch @@ -0,0 +1,22 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## drag_segfault.dpatch by +## +## DP: Avoid segfault when trying to drag the player with the middle button. +## DP: Dragging the player does nothing, you're supposed to drag a box, +## DP: but at least it shouldn't crash. + +@DPATCH@ +diff -urNad xsok-1.02/src/mousemove.c xsok-1.02/src/mousemove.c +--- xsok-1.02/src/mousemove.c ++++ xsok-1.02/src/mousemove.c +@@ -192,8 +192,8 @@ + num = 1; + for (xx = 0; xx < game.numcols; ++xx) + for (yy = 0; yy < game.numrows; ++yy) +- if ((map[yy][xx]->mask & obj[mouse_y0][mouse_x0]->mask) +- && !obj[yy][xx]) ++ if (obj[mouse_y0][mouse_x0] && !obj[yy][xx] && ++ (map[yy][xx]->mask & obj[mouse_y0][mouse_x0]->mask)) + number[yy][xx] = num++; + else + number[yy][xx] = -1; --- xsok-1.02.orig/debian/patches/overflow.dpatch +++ xsok-1.02/debian/patches/overflow.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## overflow.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Prevent buffer overflow from the environment. + +@DPATCH@ +diff -urNad xsok-1.02/src/loadsave.c xsok-1.02/src/loadsave.c +--- xsok-1.02/src/loadsave.c 1995-11-03 12:38:14.000000000 -0600 ++++ xsok-1.02/src/loadsave.c 2005-08-05 08:08:43.000000000 -0500 +@@ -42,7 +42,7 @@ + const char *s; + char p[100]; + if ((s = getenv("LANG"))) { +- sprintf(p, "%s/%s", xsokdir, s); ++ snprintf(p, 100, "%s/%s", xsokdir, s); + if (!access(p, F_OK)) { /* langdir does exist */ + langdir = s; + return; --- xsok-1.02.orig/debian/patches/no_gunzip.dpatch +++ xsok-1.02/debian/patches/no_gunzip.dpatch @@ -0,0 +1,147 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## no_gunzip.dpatch by +## +## DP: Remove all traces of gzipped data files, and opening thereof. +## DP: This is a setgid program; no need to be calling external binaries. +## DP: Also rip out artificial 7-char limit on game types, which is related. + +@DPATCH@ +diff -urNad xsok-1.02/lib/Makefile xsok-1.02/lib/Makefile +--- xsok-1.02/lib/Makefile ++++ xsok-1.02/lib/Makefile +@@ -1,28 +1,18 @@ + # Makefile for xsok-1.00 ++# Hacked to remove gzip support + +-XSOKZIP = gzip -f -9 +- +-TARGETS = Sokoban.def.gz Xsok.def.gz Cyberbo.def.gz \ +- floor.xpm.gz objects.xpm.gz ++TARGETS = Sokoban.def Xsok.def Cyberbox.def + + all: $(TARGETS) + +-Sokoban.def.gz: Sokoban +- ../src/combine -s Sokoban && $(XSOKZIP) Sokoban.def +- +-# truncate filename to 14 chars +-Cyberbo.def.gz: Cyberbox +- ../src/combine -s Cyberbox && mv Cyberbox.def Cyberbo.def \ +- && $(XSOKZIP) Cyberbo.def +- +-Xsok.def.gz: Xsok +- ../src/combine -s Xsok && $(XSOKZIP) Xsok.def ++Sokoban.def: Sokoban ++ ../src/combine -s Sokoban + +-floor.xpm.gz: floor.xpm +- $(XSOKZIP) -c floor.xpm > floor.xpm.gz ++Cyberbox.def: Cyberbox ++ ../src/combine -s Cyberbox + +-objects.xpm.gz: objects.xpm +- $(XSOKZIP) -c objects.xpm > objects.xpm.gz ++Xsok.def: Xsok ++ ../src/combine -s Xsok + + # clean target: + clean: +diff -urNad xsok-1.02/src/Imakefile xsok-1.02/src/Imakefile +--- xsok-1.02/src/Imakefile ++++ xsok-1.02/src/Imakefile +@@ -96,7 +96,7 @@ + + XOBJS = X-events.o X-gfx.o X-widget.o $(SOUNDOBJ) + STDOBJS = messages.o commands.o score.o parse.o tools.o move.o \ +- loadsave.o username.o xfopen.o mousemove.o ++ loadsave.o username.o mousemove.o + + OBJS = $(STDOBJS) $(XOBJS) $(KIT_OBJS) + MYPROG = xsok +@@ -109,7 +109,7 @@ + # *.c require version.h xsok.h + # X*.c additionally require X-sok.h and Tableau.h + # X-widget.c additionally requires TableauP.h +-LIBCONTS = *.gz *.help keys ++LIBCONTS = *.def *.xpm *.help keys + + all:: $(ALLTARGETS) + +diff -urNad xsok-1.02/src/parse.c xsok-1.02/src/parse.c +--- xsok-1.02/src/parse.c ++++ xsok-1.02/src/parse.c +@@ -54,22 +54,16 @@ + int maxlevel; + char levelcomment[100]; + char levelauthor[100]; +-static int piped; + + /* open the level database and read, starting at a given line */ + static FILE *def_open(const char *firstline) { + FILE *fp; + char s[MAXXSOKDIRLEN+14]; +- char shorttype[8]; +- strcpy(shorttype, game.type); +- shorttype[7] = '\0'; + +- sprintf(s, "%s/%s.def", xsokdir, shorttype); +- if (!(fp = fopen(s, "r"))) { +- if (!(fp = zreadopen(s))) /* uncompress on-the-fly */ +- fatal("Cannot open definition file for %s\n", game.type); +- piped = 1; +- } ++ sprintf(s, "%s/%s.def", xsokdir, game.type); ++ if (!(fp = fopen(s, "r"))) ++ fatal("Cannot open definition file for %s\n", game.type); ++ + while (fgets(s, sizeof(s), fp)) + if (!strcmp(s, firstline)) + return fp; +@@ -83,7 +77,6 @@ + int mode = 0; + char s[MAXXSOKDIRLEN+22]; + +- piped = 0; + maxlevel = 99; + pushcost = 10; + movecost = 1; +@@ -146,10 +139,7 @@ + ; + } + } +- if (piped) +- zreadclose(fp); +- else +- fclose(fp); ++ fclose(fp); + if (!nwalls || !nobjects) + fatal("Definition file is empty\n"); + } +@@ -175,7 +165,6 @@ + struct objects *ip; + char s[MAXXSOKDIRLEN+20]; + +- piped = 0; + sprintf(s, "%s/%s/screen.%02d", xsokdir, game.type, game.level); + if (!(fp = fopen(s, "r"))) { + sprintf(s, ";LEVEL %d\n", game.level); +@@ -256,10 +245,7 @@ + fatal("No wall type found for character '%c'\n", c); + } + } +- if (piped) +- zreadclose(fp); +- else +- fclose(fp); ++ fclose(fp); + game.numrows = y+1; + game.numcols += 2; + /* change floor to void */ +diff -urNad xsok-1.02/src/xfopen.c xsok-1.02/src/xfopen.c +--- xsok-1.02/src/xfopen.c ++++ xsok-1.02/src/xfopen.c +@@ -1,3 +1,4 @@ ++#error Known security hole, please do not use with setuid/setgid binaries. + /*****************************************************************************/ + /* */ + /* */ --- xsok-1.02.orig/debian/patches/config.dpatch +++ xsok-1.02/debian/patches/config.dpatch @@ -0,0 +1,32 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## config.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Configuration changes / fixes. + +@DPATCH@ +diff -urNad xsok-1.02/src/Tableau.h xsok-1.02/src/Tableau.h +--- xsok-1.02/src/Tableau.h 1994-11-24 05:00:00.000000000 -0600 ++++ xsok-1.02/src/Tableau.h 2005-08-05 08:08:28.000000000 -0500 +@@ -12,8 +12,8 @@ + #define XtCXsokdir "Xsokdir" + #define XtNxpmdir "xpmdir" + #define XtCXpmdir "Xpmdir" +-#define XtNsavedir "xsokdir" +-#define XtCSavedir "Xsokdir" ++#define XtNsavedir "xsavedir" ++#define XtCSavedir "Xsavedir" + #define XtNmessageFile "messageFile" + #define XtCMessageFile "MessageFile" + #define XtNkeyboardFile "keyboardFile" +diff -urNad xsok-1.02/src/XSok.ad xsok-1.02/src/XSok.ad +--- xsok-1.02/src/XSok.ad 1994-11-24 05:00:00.000000000 -0600 ++++ xsok-1.02/src/XSok.ad 2005-08-05 08:08:28.000000000 -0500 +@@ -16,6 +16,7 @@ + XSok*Tableau.messageFile: messages + XSok*Tableau.background: black + XSok*Tableau.rules: Sokoban ++XSok*Tableau.username: A lucky Debian user + XSok*Viewport.allowHoriz: False + XSok*Viewport.allowVert: False + XSok*Viewport.useBottom: True --- xsok-1.02.orig/debian/patches/manpage.dpatch +++ xsok-1.02/debian/patches/manpage.dpatch @@ -0,0 +1,54 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## manpage.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Small manpage fixes. + +@DPATCH@ +diff -urNad xsok-1.02/src/xsok.man xsok-1.02/src/xsok.man +--- xsok-1.02/src/xsok.man 1996-05-23 13:07:13.000000000 -0500 ++++ xsok-1.02/src/xsok.man 2005-08-05 08:08:33.000000000 -0500 +@@ -1,4 +1,4 @@ +-.TH XSOK 6 "May 1996" "Handmade" ++.TH XSOK 6x "May 1996" "Handmade" + .SH NAME + xsok \- generic Sokoban game for X11, Version 1.02 + .SH SYNOPSIS +@@ -53,7 +53,7 @@ + .TP 4 + .B \-xsokdir \fIxsokdir\fP + This option sets the root of the \fBxsok\fP data file tree. The default is +-\fB/usr/games/lib/xsok\fP. ++\fB/usr/share/games/xsok\fP. + + .TP 4 + .B \-xpmdir \fIxpmdir\fP +@@ -180,18 +180,18 @@ + .SH FILES + (Directories may differ on your system.) + +- \fB/usr/games/bin/xsok\fP ++ \fB/usr/games/xsok\fP + \fB/var/games/xsok/\fP\fItype\fP\fB.score\fP + \fB/var/games/xsok/\fP\fItype\fP\fB.\fP\fInn\fP\fB.{sv,bs,mp,mm}\fP +- \fB/usr/doc/xsok/COPYRIGHT.{GNU,xsok,xpm}\fP +- \fB/usr/doc/xsok/xsok.dvi\fP +- \fB/usr/doc/xsok/cyberbox.doc\fP +- \fB/usr/games/lib/xsok/floor.xpm.gz\fP +- \fB/usr/games/lib/xsok/objects.xpm.gz\fP +- \fB/usr/games/lib/xsok/keys\fP +- \fB/usr/games/lib/xsok/keys.help\fP +- \fB/usr/games/lib/xsok/\fP\fItype\fP\fB.def.gz\fP +- \fB/usr/games/lib/xsok/\fP\fItype\fP\fB.help\fP ++ \fB/usr/share/doc/xsok/copyright\fP ++ \fB/usr/share/doc/xsok/xsok.tex.gz\fP ++ \fB/usr/share/doc/xsok/cyberbox.doc\fP ++ \fB/usr/share/games/xsok/floor.xpm.gz\fP ++ \fB/usr/share/games/xsok/objects.xpm.gz\fP ++ \fB/usr/share/games/xsok/keys\fP ++ \fB/usr/share/games/xsok/keys.help\fP ++ \fB/usr/share/games/xsok/\fP\fItype\fP\fB.def.gz\fP ++ \fB/usr/share/games/xsok/\fP\fItype\fP\fB.help\fP + + Where \fItype\fP is one of \fBSokoban\fP, \fBXsok\fP, \fBCyberbox\fP, and + possibly others. --- xsok-1.02.orig/debian/patches/00list +++ xsok-1.02/debian/patches/00list @@ -0,0 +1,9 @@ +build_tweaks +config +overflow +wm_delete +undo_nowrap +drag_segfault +manpage +no_gunzip +security_paranoia --- xsok-1.02.orig/debian/patches/undo_nowrap.dpatch +++ xsok-1.02/debian/patches/undo_nowrap.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## undo_nowrap.dpatch by +## +## DP: Do not let undo wrap around to the original end of the game. This +## DP: behavior was not a bug, but it is unintuitive and undocumented. + +@DPATCH@ +diff -urNad xsok-1.02/src/commands.c xsok-1.02/src/commands.c +--- xsok-1.02/src/commands.c ++++ xsok-1.02/src/commands.c +@@ -239,9 +239,6 @@ + show_message(TXT_UNDO); + if (game.n_moves < game.macroStart || game.n_moves < game.macroEnd) + game.macroStart = -1; +- } else if (game.stored_moves) { +- jumpto_movenr(game.stored_moves); +- show_message(TXT_UNDO); + } else + show_message(TXT_NOUNDO); + } --- xsok-1.02.orig/debian/patches/wm_delete.dpatch +++ xsok-1.02/debian/patches/wm_delete.dpatch @@ -0,0 +1,180 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## wm_delete.dpatch by Peter De Wachter +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Support ICCCM ... or at least WM_DELETE_WINDOW. + +@DPATCH@ +diff -urNad xsok-1.02/src/X-sok.h xsok-1.02/src/X-sok.h +--- xsok-1.02/src/X-sok.h 1996-03-16 10:58:58.000000000 -0600 ++++ xsok-1.02/src/X-sok.h 2005-08-05 08:08:48.000000000 -0500 +@@ -45,6 +45,9 @@ + extern Display *dpy; + extern Window table; + extern Widget toplevel; ++#ifdef ONLINE_HELP ++extern Widget help; ++#endif + + #define DX 32 /* size of one square. we could even read this from the xpm file */ + #define DY 32 +@@ -56,7 +59,7 @@ + #ifdef ONLINE_HELP + void create_help(void); + void popup_help(void); +-void popdown_help(Widget, XtPointer, XtPointer); ++void popdown_help(void); + #endif + + /* Xaw-main.c */ +diff -urNad xsok-1.02/src/Xaw-help.c xsok-1.02/src/Xaw-help.c +--- xsok-1.02/src/Xaw-help.c 1994-11-24 05:00:00.000000000 -0600 ++++ xsok-1.02/src/Xaw-help.c 2005-08-05 08:08:48.000000000 -0500 +@@ -24,9 +24,12 @@ + #include + + static int help_active = 0; +-static Widget help, helppaned, helppanel, helptext, helpclose; ++Widget help; ++static Widget helppaned, helppanel, helptext, helpclose; + extern const char *keyfilename; /* from X-widget.c */ + ++static void popdown_help_cb(Widget w, XtPointer a, XtPointer b); ++ + static void selecttopic(Widget w, XtPointer number, XtPointer garbage) { + char filename[200]; + const char *s = XtName(w); +@@ -51,7 +54,7 @@ + topicsbutton = XtCreateManagedWidget("Topic", menuButtonWidgetClass, helppanel, Args, 1); + topicsmenu = XtCreatePopupShell("topicsmenu", simpleMenuWidgetClass, topicsbutton, NULL, ZERO); + helpclose = XtCreateManagedWidget("Close Help", commandWidgetClass, helppanel, NULL, ZERO); +- XtAddCallback(helpclose, XtNcallback, popdown_help, NULL); ++ XtAddCallback(helpclose, XtNcallback, popdown_help_cb, NULL); + + XtSetArg(Args[0], XtNlabel, TXT_HELP_KEYS); + w = XtCreateManagedWidget("Help0", smeBSBObjectClass, topicsmenu, Args, 1); +@@ -67,6 +70,7 @@ + } + } + ++ XtRealizeWidget(help); + } + + void popup_help(void) { +@@ -76,11 +80,15 @@ + XtPopup(help, XtGrabNone); + } + +-void popdown_help(Widget w, XtPointer a, XtPointer b) { ++void popdown_help(void) { + if (!help_active) + return; /* request pending => deny another one */ + help_active = 0; + XtPopdown(help); + } + ++static void popdown_help_cb(Widget w, XtPointer a, XtPointer b) { ++ popdown_help(); ++} ++ + #endif +diff -urNad xsok-1.02/src/Xaw-main.c xsok-1.02/src/Xaw-main.c +--- xsok-1.02/src/Xaw-main.c 1995-10-14 12:22:28.000000000 -0500 ++++ xsok-1.02/src/Xaw-main.c 2005-08-05 08:08:48.000000000 -0500 +@@ -21,6 +21,8 @@ + static Widget messagebox, container, desktop; + static Widget dialog, popup, paned; + static Window mainwindow; ++static Atom atom_wm_protocols; ++static Atom atom_wm_delete_window; + + + void show_message(const char *str, ...) { +@@ -112,6 +114,21 @@ + popup_confirm(prompt); + } + ++static void handle_wm_messages(Widget w, XtPointer client_data, XEvent *event, Boolean *cont) { ++ if (event->type == ClientMessage ++ && event->xclient.message_type == atom_wm_protocols ++ && event->xclient.data.l[0] == atom_wm_delete_window) { ++ if (w == toplevel) ++ rq_LeaveSok(); ++ else if (w == popup) ++ cmd_Cancel(); ++#ifdef ONLINE_HELP ++ else if (w == help) ++ popdown_help(); ++#endif ++ } ++} ++ + static String fallback_resources[] = { + "*beNiceToColormap: false", + "*shapeStyle: Rectangle", +@@ -325,23 +342,37 @@ + sound = XtCreateManagedWidget("Sound", toggleWidgetClass, buttonpanel, NULL, 0); + #endif + ++ graphic.width = graphic.height = 0; ++ graphic.autolayout = 1; ++ XtRealizeWidget(toplevel); ++ XSync(dpy, 0); ++ mainwindow = XtWindow(toplevel); ++ XSetIconName(dpy, mainwindow, "xsok"); ++ SetTitle(); ++ table = XtWindow(desktop); ++ + /* OK. Now do the pop-up shells */ + popup = XtCreatePopupShell("prompt", transientShellWidgetClass, toplevel, NULL, 0); + dialog = XtCreateManagedWidget("dialog", dialogWidgetClass, popup, NULL, 0); + XawDialogAddButton(dialog, "ok", Ok, (XtPointer)dialog); + XawDialogAddButton(dialog, "cancel", Cancel, (XtPointer)dialog); ++ XtRealizeWidget(popup); + + #ifdef ONLINE_HELP + create_help(); + #endif +- graphic.width = graphic.height = 0; +- graphic.autolayout = 1; +- XtRealizeWidget(toplevel); +- XSync(dpy, 0); +- mainwindow = XtWindow(toplevel); +- XSetIconName(dpy, mainwindow, "xsok"); +- SetTitle(); +- table = XtWindow(desktop); ++ ++ /* WM_DELETE_WINDOW protocol */ ++ atom_wm_protocols = XInternAtom(XtDisplay(toplevel), "WM_PROTOCOLS", False); ++ atom_wm_delete_window = XInternAtom(XtDisplay(toplevel), "WM_DELETE_WINDOW", False); ++ XtAddEventHandler(toplevel, NoEventMask, True, handle_wm_messages, NULL); ++ XSetWMProtocols(XtDisplay(toplevel), XtWindow(toplevel), &atom_wm_delete_window, 1); ++ XtAddEventHandler(popup, NoEventMask, True, handle_wm_messages, NULL); ++ XSetWMProtocols(XtDisplay(popup), XtWindow(popup), &atom_wm_delete_window, 1); ++#ifdef ONLINE_HELP ++ XtAddEventHandler(help, NoEventMask, True, handle_wm_messages, NULL); ++ XSetWMProtocols(XtDisplay(help), XtWindow(help), &atom_wm_delete_window, 1); ++#endif + + read_gametypes(); + { const char **rp; +@@ -353,7 +384,6 @@ + } + + graphics_control(Enable); +- XtRealizeWidget(popup); + XtAppMainLoop(app_con); /* does not return */ + return 0; /* keep compiler happy */ + } +diff -urNad xsok-1.02/src/xsok.h xsok-1.02/src/xsok.h +--- xsok-1.02/src/xsok.h 1996-03-16 12:04:36.000000000 -0600 ++++ xsok-1.02/src/xsok.h 2005-08-05 08:08:48.000000000 -0500 +@@ -282,7 +282,7 @@ + /* + void create_help(Widget); + void popup_help(void); +-void popdown_help(Widget, XtPointer, XtPointer); ++void popdown_help(void); + */ + + /* Xaw-main.c */ --- xsok-1.02.orig/debian/patches/security_paranoia.dpatch +++ xsok-1.02/debian/patches/security_paranoia.dpatch @@ -0,0 +1,281 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## security_paranoia.dpatch by +## +## DP: Replace some sprintf with snprintf, and strcpy with strncpy. +## DP: I haven't attempted to prove that any of these are exploitable, +## DP: but it looks as though some may well be. +## DP: +## DP: Note also that I haven't done any kind of formal audit. + +@DPATCH@ +diff -urNad xsok-1.02/src/X-gfx.c xsok-1.02/src/X-gfx.c +--- xsok-1.02/src/X-gfx.c ++++ xsok-1.02/src/X-gfx.c +@@ -86,10 +86,10 @@ + char s[MAXXSOKDIRLEN+14]; + screen = DefaultScreen(dpy); + gc = XDefaultGC(dpy, screen); +- sprintf(s, "%s/floor.xpm", xpmdir); ++ snprintf(s, sizeof(s), "%s/floor.xpm", xpmdir); + if ((retcode = XpmReadFileToPixmap(dpy, RootWindow(dpy, screen), + s, &floor, 0, NULL)) == XpmSuccess) { +- sprintf(s, "%s/objects.xpm", xpmdir); ++ snprintf(s, sizeof(s), "%s/objects.xpm", xpmdir); + retcode = XpmReadFileToPixmap(dpy, RootWindow(dpy, screen), s, &objd, + &objclip, NULL); + } +diff -urNad xsok-1.02/src/X-sound_SUN.c xsok-1.02/src/X-sound_SUN.c +--- xsok-1.02/src/X-sound_SUN.c ++++ xsok-1.02/src/X-sound_SUN.c +@@ -28,7 +28,8 @@ + return; /* cannot open /dev/audio */ + } + XSync(dpy, 0); /* text first! */ +- sprintf(fullname, "%s/audio/%s.au", xsokdir, filename); ++ snprintf(fullname, sizeof(fullname), "%s/audio/%s.au", ++ xsokdir, filename); + if (!(fp = fopen(fullname, "rb"))) { + fclose(fsnd); + return; +diff -urNad xsok-1.02/src/Xaw-help.c xsok-1.02/src/Xaw-help.c +--- xsok-1.02/src/Xaw-help.c ++++ xsok-1.02/src/Xaw-help.c +@@ -36,8 +36,8 @@ + Arg Args[2]; + int i = atoi(s+4); + +- sprintf(filename, "%s/%s/%s.help", xsokdir, langdir, +- i ? rulepool[i-1] : keyfilename); ++ snprintf(filename, sizeof(filename), "%s/%s/%s.help", xsokdir, langdir, ++ i ? rulepool[i-1] : keyfilename); + XtSetArg(Args[0], XtNstring, filename); + XtSetArg(Args[1], XtNtype, XawAsciiFile); + XtSetValues(helptext, Args, 2); +@@ -62,9 +62,9 @@ + { const char **rp; + for (rp = rulepool; *rp; ++rp) { + char n[8], s[40]; +- sprintf(n, "Help%u", (unsigned int)(rp-rulepool+1)); ++ snprintf(n, sizeof(n), "Help%u", (unsigned int)(rp-rulepool+1)); + XtSetArg(Args[0], XtNlabel, s); +- sprintf(s, TXT_HELP_RULES, *rp); ++ snprintf(s, sizeof(s), TXT_HELP_RULES, *rp); + w = XtCreateManagedWidget(n, smeBSBObjectClass, topicsmenu, Args, 1); + XtAddCallback(w, XtNcallback, selecttopic, NULL); + } +diff -urNad xsok-1.02/src/Xaw-main.c xsok-1.02/src/Xaw-main.c +--- xsok-1.02/src/Xaw-main.c ++++ xsok-1.02/src/Xaw-main.c +@@ -36,8 +36,8 @@ + memset(last_message, ' ', sizeof(last_message)-1); + last_message[sizeof(last_message)-1] = '\0'; + } else +- vsprintf(last_message, str, args); +- ++ vsnprintf(last_message, sizeof(last_message), str, args); ++ + XtSetArg(Args, XtNlabel, last_message); + XtSetValues(messagebox, &Args, 1); + } +@@ -46,7 +46,8 @@ + void SetTitle(void) { + if (XtWindow(toplevel)) { + static char windowname[48]; +- sprintf(windowname, "%s - Level %d", game.type, game.level); ++ snprintf(windowname, sizeof(windowname), "%s - Level %d", ++ game.type, game.level); + /* printf("SetTitle(): toplevel = %p, window = %x\n", + toplev, XtWindow(toplevel)); */ + XStoreName(dpy, XtWindow(toplevel), windowname); +@@ -248,7 +249,7 @@ + static void read_gametypes(void) { + char filename[256], s[80]; + FILE *fp; +- sprintf(filename, "%s/gametypes", xsokdir); ++ snprintf(filename, sizeof(filename), "%s/gametypes", xsokdir); + if ((fp = fopen(filename, "r"))) { + int i; + for (i = 3; i < 15; ++i) { +diff -urNad xsok-1.02/src/commands.c xsok-1.02/src/commands.c +--- xsok-1.02/src/commands.c ++++ xsok-1.02/src/commands.c +@@ -186,7 +186,8 @@ + char filename[MAXSAVEFILELEN]; + static const char **p, *extensions[] = { "sv", "bs", "mp", "mm", "sav", "sol", NULL }; + for (p = extensions; *p; ++p) { +- sprintf(filename, "%s/%s.%02d.%s", savedir, game.type, game.level, *p); ++ snprintf(filename, sizeof(filename), "%s/%s.%02d.%s", ++ savedir, game.type, game.level, *p); + if (!access(filename, R_OK)) { + load_game(filename); + return; +diff -urNad xsok-1.02/src/loadsave.c xsok-1.02/src/loadsave.c +--- xsok-1.02/src/loadsave.c ++++ xsok-1.02/src/loadsave.c +@@ -103,7 +103,7 @@ + for (i = 100; i < 300; ++i) + highscore[i] = 0x7fffffff; + +- sprintf(filename, "%s/%s.score", savedir, game.type); ++ snprintf(filename, sizeof(filename), "%s/%s.score", savedir, game.type); + if ((fp = fopen(filename, "rb"))) { + long p[300]; + unsigned char s[1200]; +@@ -119,7 +119,7 @@ + void WriteHighscores(void) { + FILE *fp; + char filename[MAXSAVEFILELEN]; +- sprintf(filename, "%s/%s.score", savedir, game.type); ++ snprintf(filename, sizeof(filename), "%s/%s.score", savedir, game.type); + if ((fp = fopen(filename, "wb"))) { + int i; + long p[300]; +@@ -212,7 +212,8 @@ + unsigned char p[4 * NARGS]; + + compute_score(); +- sprintf(filename, "%s/%s.%02d.%s", savedir, game.type, game.level, ext); ++ snprintf(filename, sizeof(filename), "%s/%s.%02d.%s", ++ savedir, game.type, game.level, ext); + remove(filename); /* kill any old one first! */ + if (!(fp = fopen(filename, "wb"))) { + show_message("%s %s", TXT_SAVE_ERR_BASIC, TXT_SAVE_ERR_OPEN); +@@ -264,8 +265,10 @@ + void link_game(const char *old, const char *ext) { + char file1[MAXSAVEFILELEN], file2[MAXSAVEFILELEN]; + +- sprintf(file1, "%s/%s.%02d.%s", savedir, game.type, game.level, old); +- sprintf(file2, "%s/%s.%02d.%s", savedir, game.type, game.level, ext); ++ snprintf(file1, sizeof(file1), "%s/%s.%02d.%s", ++ savedir, game.type, game.level, old); ++ snprintf(file2, sizeof(file2), "%s/%s.%02d.%s", ++ savedir, game.type, game.level, ext); + remove(file2); /* kill any old one first! */ + if (link(file1, file2)) + show_message(TXT_SAVE_ERR_LINK); +diff -urNad xsok-1.02/src/messages.c xsok-1.02/src/messages.c +--- xsok-1.02/src/messages.c ++++ xsok-1.02/src/messages.c +@@ -73,7 +73,7 @@ + int i; + char line[256]; + if (*filename != '/') { +- sprintf(line, "%s/%s/%s", xsokdir, langdir, filename); ++ snprintf(line, sizeof(line), "%s/%s/%s", xsokdir, langdir, filename); + filename = line; + } + if (!(fp = fopen(filename, "r"))) +@@ -189,7 +189,7 @@ + + cmd[1] = '\0'; /* 1-char commands currently */ + if (*filename != '/') { +- sprintf(line, "%s/%s/%s", xsokdir, langdir, filename); ++ snprintf(line, sizeof(line), "%s/%s/%s", xsokdir, langdir, filename); + filename = line; + } + /* printf("reading keyboard file \"%s\"\n", filename); */ +diff -urNad xsok-1.02/src/parse.c xsok-1.02/src/parse.c +--- xsok-1.02/src/parse.c ++++ xsok-1.02/src/parse.c +@@ -60,7 +60,7 @@ + FILE *fp; + char s[MAXXSOKDIRLEN+14]; + +- sprintf(s, "%s/%s.def", xsokdir, game.type); ++ snprintf(s, sizeof(s), "%s/%s.def", xsokdir, game.type); + if (!(fp = fopen(s, "r"))) + fatal("Cannot open definition file for %s\n", game.type); + +@@ -80,7 +80,7 @@ + maxlevel = 99; + pushcost = 10; + movecost = 1; +- sprintf(s, "%s/%s/definitions", xsokdir, game.type); ++ snprintf(s, sizeof(s), "%s/%s/definitions", xsokdir, game.type); + if (!(fp = fopen(s, "r"))) + fp = def_open(";WALLS\n"); + numabbrevs = nwalls = nobjects = 0; +@@ -165,7 +165,7 @@ + struct objects *ip; + char s[MAXXSOKDIRLEN+20]; + +- sprintf(s, "%s/%s/screen.%02d", xsokdir, game.type, game.level); ++ snprintf(s, sizeof(s), "%s/%s/screen.%02d", xsokdir, game.type, game.level); + if (!(fp = fopen(s, "r"))) { + sprintf(s, ";LEVEL %d\n", game.level); + fp = def_open(s); +diff -urNad xsok-1.02/src/showscore.c xsok-1.02/src/showscore.c +--- xsok-1.02/src/showscore.c ++++ xsok-1.02/src/showscore.c +@@ -26,11 +26,12 @@ + for (i = 100; i < 300; ++i) + highscore[i] = 0x7fffffff; + +- strcpy(base_name, levelfile); ++ strncpy(base_name, levelfile, sizeof(base_name)); ++ base_name[sizeof(base_name)-1] = '\0'; + if (!(s = strchr(base_name, '.'))) + return; +- strcpy(s+1, "score"); +- sprintf(filename, "%s/%s", XSOKSAVE, base_name); ++ *s = '\0'; ++ snprintf(filename, sizeof(filename), "%s/%s.score", XSOKSAVE, base_name); + if ((fp = fopen(filename, "rb"))) { + long p[300]; + unsigned char ss[1200]; +diff -urNad xsok-1.02/src/tools.c xsok-1.02/src/tools.c +--- xsok-1.02/src/tools.c ++++ xsok-1.02/src/tools.c +@@ -61,7 +61,8 @@ + } + + char *strsav(const char *txt) { +- char *p = malloc_(1 + strlen(txt)); +- strcpy(p, txt); ++ size_t s = strlen(txt) + 1; ++ char *p = malloc_(s); ++ memcpy(p, txt, s); + return p; + } +diff -urNad xsok-1.02/src/username.c xsok-1.02/src/username.c +--- xsok-1.02/src/username.c ++++ xsok-1.02/src/username.c +@@ -28,11 +28,8 @@ + + void buildusername(const char *name) { + if (name) { +- if (strlen(name) > 255) { +- strncpy(username, name, 255); +- username[256] = '\0'; +- } else +- strcpy(username, name); ++ strncpy(username, name, 255); ++ username[255] = '\0'; + } else { + struct passwd *pp; + const char *realname, *loginname; +@@ -57,16 +54,19 @@ + if (uname(&buf)) + strcpy(buf.nodename, "unknown"); + #ifdef BSD_NETKIT +- if ((hp = gethostbyname(buf.nodename))) +- strcpy(fqdn, hp->h_name); ++ if ((hp = gethostbyname(buf.nodename))) { ++ strncpy(fqdn, hp->h_name, sizeof(fqdn)-1); ++ fqdn[sizeof(fqdn)-1] = '\0'; ++ } + else + #endif +- sprintf(fqdn, "%s.(unknown)", buf.nodename); ++ snprintf(fqdn, sizeof(fqdn), "%s.(unknown)", buf.nodename); + + if (realname) +- sprintf(username, "%s (%s@%s)", realname, loginname, fqdn); ++ snprintf(username, sizeof(username), ++ "%s (%s@%s)", realname, loginname, fqdn); + else +- sprintf(username, "%s@%s", loginname, fqdn); ++ snprintf(username, sizeof(username), "%s@%s", loginname, fqdn); + } + } +