battlestar was missing some {} in its insane printf()+puts() usage.
this is a literal code sequence i found:
printf("The blast catches ");
printf("the goddess in the ");
printf("stomach, knocking ");
puts("her to the ground.");
printf("She writhes in the ");
printf("dirt as the agony of ");
puts("death taunts her.");
puts("She has stopped moving.");
no lines inserted or removed.
tetris' checkscores() had wrong and missing {} usage.
This was writing time_t to disk. Worse, the time_t member was at an
unaligned offset in the structure in question, so after the time_t
change the structure layout depended on compiler-inserted structure
padding. This gives three legacy formats: one with 32-bit time, one
with 64-bit time, and one with 64-bit time and 4 bytes of structure
padding.
And of course the file didn't have a header or version coding or
anything.
The new code writes a structure of well-defined size that should not
receive unexpected padding, and gives the file a header and version
number. It reads that format and any of the three legacy formats,
figuring out which one it's dealing with by inspecting the file
contents. For good measure, it also now handles opposite-endian files,
doesn't bail out unceremoniously unless necessary, and won't croak if
the file is corrupt and e.g. contains unterminated strings.
(Was it worth going to this length? Maybe not. But it didn't seem
right to just leave it, and it's not clear where to stop halfway.)
Some object file diffs, but they are harmless. (Mostly they seem to
come from internal counters in gcc... and in one case the order of two
instructions was harmlessly swapped, which is odd and annoying.)
This is CVE-2006-1539, files against Gentoo Linux, the patch is from
Gentoo.
A standard NetBSD installation is not as much risk because tetris is
sgid "games", and users shouldn't be in that group.
Games which run setgid from dm, but don't need to, should drop their
privileges at startup.
Games which have a scorefile should open it at startup, then drop all
privileges leaving just the open writable file descriptor. If the
game can invoke subprocesses, this should be made close-on-exec.
Games with scorefiles should make sure they do not get a file
descriptor < 3. (Otherwise, they could get confused and corrupt the
scorefile when using stdin, stdout or stderr.)
Some old setuid revokes from the days of setuid games change into gid
revokes.
This merges in all such remaining changes from the Linux port of the
NetBSD games, except in hunt (where substantial changes from OpenBSD
need to be looked at).
Some such changes were previously covered in PRs bin/6041, bin/6146,
bin/6148, bin/6150, bin/6151, bin/6580, bin/6660, bin/7993, bin/7994,
bin/8039, bin/8057 and bin/8093.
rillig