diff --git a/nethack-3.4.3-format-security.patch b/nethack-3.4.3-format-security.patch new file mode 100644 index 0000000..de33c5d --- /dev/null +++ b/nethack-3.4.3-format-security.patch @@ -0,0 +1,1231 @@ +diff --git a/src/apply.c b/src/apply.c +index f45e196..5b73d7c 100644 +--- a/src/apply.c ++++ b/src/apply.c +@@ -62,7 +62,7 @@ use_camera(obj) + if(!getdir((char *)0)) return(0); + + if (obj->spe <= 0) { +- pline(nothing_happens); ++ pline("%s", nothing_happens); + return (1); + } + consume_obj_charge(obj, TRUE); +@@ -802,7 +802,7 @@ struct obj **optr; + if (!obj->cursed) + (void) openit(); + else +- pline(nothing_happens); ++ pline("%s", nothing_happens); + + } else if (obj->cursed) { + coord mm; +@@ -834,7 +834,7 @@ struct obj **optr; + } + res += openit(); + switch (res) { +- case 0: pline(nothing_happens); break; ++ case 0: pline("%s", nothing_happens); break; + case 1: pline("%s opens...", Something); + learno = TRUE; break; + default: pline("Things open around you..."); +@@ -846,7 +846,7 @@ struct obj **optr; + amii_speaker( obj, "AeFeaeFeAefegw", AMII_OKAY_VOLUME ); + #endif + if (findit() != 0) learno = TRUE; +- else pline(nothing_happens); ++ else pline("%s", nothing_happens); + } + + } /* charged BofO */ +@@ -1191,13 +1191,13 @@ dorub() + if (uwep->lamplit) begin_burn(uwep, TRUE); + update_inventory(); + } else if (rn2(2) && !Blind) +- You("see a puff of smoke."); +- else pline(nothing_happens); ++ You("%s", "see a puff of smoke."); ++ else pline("%s", nothing_happens); + } else if (obj->otyp == BRASS_LANTERN) { + /* message from Adventure */ + pline("Rubbing the electric lamp is not particularly rewarding."); + pline("Anyway, nothing exciting happens."); +- } else pline(nothing_happens); ++ } else pline("%s", nothing_happens); + return 1; + } + +@@ -1510,7 +1510,7 @@ struct obj *obj; + } + + if (trouble_count == 0) { +- pline(nothing_happens); ++ pline("%s", nothing_happens); + return; + } else if (trouble_count > 1) { /* shuffle */ + int i, j, k; +@@ -2172,7 +2172,7 @@ struct obj *obj; + You("wrap your bullwhip around %s on the %s.", + an(singular(otmp, xname)), surface(u.ux, u.uy)); + if (rnl(6) || pickup_object(otmp, 1L, TRUE) < 1) +- pline(msg_slipsfree); ++ pline("%s", msg_slipsfree); + return 1; + } + } +@@ -2213,7 +2213,7 @@ struct obj *obj; + wrapped_what = strcpy(buf, mon_nam(mtmp)); + } else if (proficient) { + if (attack(mtmp)) return 1; +- else pline(msg_snap); ++ else pline("%s", msg_snap); + } + } + if (!wrapped_what) { +@@ -2235,10 +2235,10 @@ struct obj *obj; + vision_full_recalc = 1; + } + } else { +- pline(msg_slipsfree); ++ pline("%s", msg_slipsfree); + } + if (mtmp) wakeup(mtmp); +- } else pline(msg_snap); ++ } else pline("%s", msg_snap); + + } else if (mtmp) { + if (!canspotmon(mtmp) && +@@ -2330,7 +2330,7 @@ struct obj *obj; + break; + } + } else { +- pline(msg_slipsfree); ++ pline("%s", msg_slipsfree); + } + wakeup(mtmp); + } else { +@@ -2340,7 +2340,7 @@ struct obj *obj; + else You("flick your bullwhip towards %s.", mon_nam(mtmp)); + if (proficient) { + if (attack(mtmp)) return 1; +- else pline(msg_snap); ++ else pline("%s", msg_snap); + } + } + +@@ -2349,7 +2349,7 @@ struct obj *obj; + You("snap your whip through thin air."); + + } else { +- pline(msg_snap); ++ pline("%s", msg_snap); + + } + return 1; +@@ -2426,7 +2426,7 @@ use_pole (obj) + u.uconduct.weaphit++; + } else + /* Now you know that nothing is there... */ +- pline(nothing_happens); ++ pline("%s", nothing_happens); + return (1); + } + +@@ -2588,7 +2588,7 @@ use_grapple (obj) + } + break; + } +- pline(nothing_happens); ++ pline("%s", nothing_happens); + return (1); + } + +@@ -2989,7 +2989,7 @@ doapply() + (const char *)0); + makeknown(HORN_OF_PLENTY); + } else +- pline(nothing_happens); ++ pline("%s", nothing_happens); + break; + case LAND_MINE: + case BEARTRAP: +diff --git a/src/artifact.c b/src/artifact.c +index ef27bd5..86bba3d 100644 +--- a/src/artifact.c ++++ b/src/artifact.c +@@ -1191,7 +1191,7 @@ arti_invoke(obj) + if(obj->otyp == CRYSTAL_BALL) + use_crystal_ball(obj); + else +- pline(nothing_happens); ++ pline("%s", nothing_happens); + return 1; + } + +diff --git a/src/botl.c b/src/botl.c +index 6534ad7..beb4b3b 100644 +--- a/src/botl.c ++++ b/src/botl.c +@@ -188,9 +188,9 @@ bot1() + mbot[k] += 'A' - 'a'; + k++; + } +- Sprintf(nb = eos(nb), mbot); ++ Sprintf(nb = eos(nb), "%s", mbot); + } else +- Sprintf(nb = eos(nb), rank()); ++ Sprintf(nb = eos(nb), "%s", rank()); + + Sprintf(nb = eos(nb)," "); + i = mrank_sz + 15; +diff --git a/src/cmd.c b/src/cmd.c +index b12c0e5..78d27f6 100644 +--- a/src/cmd.c ++++ b/src/cmd.c +@@ -602,7 +602,7 @@ wiz_level_change() + else ret = sscanf(buf, "%d", &newlevel); + + if (ret != 1) { +- pline(Never_mind); ++ pline("%s", Never_mind); + return 0; + } + if (newlevel == u.ulevel) { +@@ -2060,7 +2060,7 @@ coord *cc; + { + xchar new_x, new_y; + if (!getdir(prompt)) { +- pline(Never_mind); ++ pline("%s", Never_mind); + return 0; + } + new_x = x + u.dx; +@@ -2069,7 +2069,7 @@ coord *cc; + cc->x = new_x; + cc->y = new_y; + } else { +- if (emsg) pline(emsg); ++ if (emsg) pline("%s", emsg); + return 0; + } + return 1; +@@ -2340,7 +2340,7 @@ parse() + if (multi > 9) { + clear_nhwindow(WIN_MESSAGE); + Sprintf(in_line, "Count: %d", multi); +- pline(in_line); ++ pline("%s", in_line); + mark_synch(); + } + last_multi = multi; +diff --git a/src/detect.c b/src/detect.c +index 5da025f..d549f11 100644 +--- a/src/detect.c ++++ b/src/detect.c +@@ -808,7 +808,7 @@ struct obj *obj; + case 3 : if (!resists_blnd(&youmonst)) { + pline("%s your vision!", Tobjnam(obj, "damage")); + make_blinded(Blinded + rnd(100),FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } else { + pline("%s your vision.", Tobjnam(obj, "assault")); + You("are unaffected!"); +@@ -857,7 +857,7 @@ struct obj *obj; + ch = yn_function("What do you look for?", (char *)0, '\0'); + /* Don't filter out ' ' here; it has a use */ + if ((ch != def_monsyms[S_GHOST]) && index(quitchars,ch)) { +- if (flags.verbose) pline(Never_mind); ++ if (flags.verbose) pline("%s", Never_mind); + return; + } + You("peer into %s...", the(xname(obj))); +diff --git a/src/dig.c b/src/dig.c +index 4c40a59..5297ac5 100644 +--- a/src/dig.c ++++ b/src/dig.c +@@ -379,7 +379,7 @@ dig() + feel_location(dpx, dpy); + else + newsym(dpx, dpy); +- if(digtxt && !digging.quiet) pline(digtxt); /* after newsym */ ++ if(digtxt && !digging.quiet) pline("%s", digtxt); /* after newsym */ + if(dmgtxt) + pay_for_damage(dmgtxt, FALSE); + +diff --git a/src/do.c b/src/do.c +index 858777f..a381fb4 100644 +--- a/src/do.c ++++ b/src/do.c +@@ -1310,7 +1310,7 @@ boolean at_stairs, falling, portal; + Sprintf(buf, mesg, !Blind ? "looks" : "seems"); + mesg = buf; + } +- if (mesg) pline(mesg); ++ if (mesg) pline("%s", mesg); + } + + #ifdef REINCARNATION +@@ -1459,7 +1459,7 @@ deferred_goto() + int typmask = u.utotype; /* save it; goto_level zeroes u.utotype */ + + assign_level(&dest, &u.utolev); +- if (dfr_pre_msg) pline(dfr_pre_msg); ++ if (dfr_pre_msg) pline("%s", dfr_pre_msg); + goto_level(&dest, !!(typmask&1), !!(typmask&2), !!(typmask&4)); + if (typmask & 0200) { /* remove portal */ + struct trap *t = t_at(u.ux, u.uy); +@@ -1469,7 +1469,7 @@ deferred_goto() + newsym(u.ux, u.uy); + } + } +- if (dfr_post_msg) pline(dfr_post_msg); ++ if (dfr_post_msg) pline("%s", dfr_post_msg); + } + u.utotype = 0; /* our caller keys off of this */ + if (dfr_pre_msg) +diff --git a/src/dothrow.c b/src/dothrow.c +index 2c4389a..325ea88 100644 +--- a/src/dothrow.c ++++ b/src/dothrow.c +@@ -770,7 +770,7 @@ boolean hitsroof; + pline("It blinds you!"); + u.ucreamed += blindinc; + make_blinded(Blinded + (long)blindinc, FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } + break; + default: +diff --git a/src/dungeon.c b/src/dungeon.c +index b87b8bb..ff5c394 100644 +--- a/src/dungeon.c ++++ b/src/dungeon.c +@@ -674,7 +674,7 @@ init_dungeons() /* initialize the "dungeon" structs */ + interject_assistance(1, INTERJECT_PANIC, (genericptr_t)tbuf, + (genericptr_t)fqn_prefix[DATAPREFIX]); + #endif +- panic(tbuf); ++ panic("%s", tbuf); + } + + /* validate the data's version against the program's version */ +diff --git a/src/eat.c b/src/eat.c +index 12e8d9b..4045d80 100644 +--- a/src/eat.c ++++ b/src/eat.c +@@ -422,7 +422,7 @@ boolean message; + occupation = 0; /* do this early, so newuhs() knows we're done */ + newuhs(FALSE); + if (nomovemsg) { +- if (message) pline(nomovemsg); ++ if (message) pline("%s", nomovemsg); + nomovemsg = 0; + } else if (message) + You("finish eating %s.", food_xname(victual.piece, TRUE)); +@@ -1208,7 +1208,7 @@ struct obj *obj; + } else if(!rn2(4) && !Blind) { + pline("Everything suddenly goes dark."); + make_blinded((long)d(2,10),FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } else if(!rn2(3)) { + const char *what, *where; + if (!Blind) +diff --git a/src/engrave.c b/src/engrave.c +index fe09b4f..27be5a4 100644 +--- a/src/engrave.c ++++ b/src/engrave.c +@@ -890,7 +890,7 @@ doengrave() + c = yn_function("Do you want to add to the current engraving?", + ynqchars, 'y'); + if (c == 'q') { +- pline(Never_mind); ++ pline("%s", Never_mind); + return(0); + } + } +@@ -983,7 +983,7 @@ doengrave() + Tobjnam(otmp, "glow"), otense(otmp, "fade")); + return(1); + } else { +- pline(Never_mind); ++ pline("%s", Never_mind); + return(0); + } + } +@@ -1100,12 +1100,12 @@ doengrave() + + make_engr_at(u.ux, u.uy, buf, (moves - multi), type); + +- if (post_engr_text[0]) pline(post_engr_text); ++ if (post_engr_text[0]) pline("%s", post_engr_text); + + if (doblind && !resists_blnd(&youmonst)) { + You("are blinded by the flash!"); + make_blinded((long)rnd(50),FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } + + return(1); +diff --git a/src/hack.c b/src/hack.c +index 0e89c3b..5d19514 100644 +--- a/src/hack.c ++++ b/src/hack.c +@@ -423,7 +423,7 @@ still_chewing(x,y) + + unblock_point(x, y); /* vision */ + newsym(x, y); +- if (digtxt) You(digtxt); /* after newsym */ ++ if (digtxt) You("%s", digtxt); /* after newsym */ + if (dmgtxt) pay_for_damage(dmgtxt, FALSE); + (void) memset((genericptr_t)&digging, 0, sizeof digging); + return 0; +@@ -2082,7 +2082,7 @@ const char *msg_override; + multi = 0; /* caller will usually have done this already */ + if (msg_override) nomovemsg = msg_override; + else if (!nomovemsg) nomovemsg = You_can_move_again; +- if (*nomovemsg) pline(nomovemsg); ++ if (*nomovemsg) pline("%s", nomovemsg); + nomovemsg = 0; + u.usleep = 0; + if (afternmv) (*afternmv)(); +@@ -2257,7 +2257,7 @@ const char *str; + { + if(near_capacity() >= EXT_ENCUMBER) { + if(str) +- pline(str); ++ pline("%s", str); + else + You_cant("do that while carrying so much stuff."); + return 1; +diff --git a/src/invent.c b/src/invent.c +index b9a3683..167eb1e 100644 +--- a/src/invent.c ++++ b/src/invent.c +@@ -971,7 +971,7 @@ register const char *let,*word; + } + if(index(quitchars,ilet)) { + if(flags.verbose) +- pline(Never_mind); ++ pline("%s", Never_mind); + return((struct obj *)0); + } + if(ilet == '-') { +@@ -1026,7 +1026,7 @@ register const char *let,*word; + } + if(ilet == '\033') { + if(flags.verbose) +- pline(Never_mind); ++ pline("%s", Never_mind); + return((struct obj *)0); + } + /* they typed a letter (not a space) at the prompt */ +@@ -2214,7 +2214,7 @@ boolean picked_some; + Sprintf(fbuf, "There is %s here.", an(dfeature)); + + if (!otmp || is_lava(u.ux,u.uy) || (is_pool(u.ux,u.uy) && !Underwater)) { +- if (dfeature) pline(fbuf); ++ if (dfeature) pline("%s", fbuf); + read_engr_at(u.ux, u.uy); /* Eric Backus */ + if (!skip_objects && (Blind || !dfeature)) + You("%s no objects here.", verb); +@@ -2223,14 +2223,14 @@ boolean picked_some; + /* we know there is something here */ + + if (skip_objects) { +- if (dfeature) pline(fbuf); ++ if (dfeature) pline("%s", fbuf); + read_engr_at(u.ux, u.uy); /* Eric Backus */ + There("are %s%s objects here.", + (obj_cnt <= 10) ? "several" : "many", + picked_some ? " more" : ""); + } else if (!otmp->nexthere) { + /* only one object */ +- if (dfeature) pline(fbuf); ++ if (dfeature) pline("%s", fbuf); + read_engr_at(u.ux, u.uy); /* Eric Backus */ + #ifdef INVISIBLE_OBJECTS + if (otmp->oinvis && !See_invisible) verb = "feel"; +@@ -2684,7 +2684,7 @@ doorganize() /* inventory organizer by Del Lamb */ + Sprintf(qbuf, "Adjust letter to what [%s]?",buf); + let = yn_function(qbuf, (char *)0, '\0'); + if(index(quitchars,let)) { +- pline(Never_mind); ++ pline("%s", Never_mind); + return(0); + } + if (let == '@' || !letter(let)) +diff --git a/src/lock.c b/src/lock.c +index 4d5d333..35b1441 100644 +--- a/src/lock.c ++++ b/src/lock.c +@@ -862,7 +862,7 @@ int x, y; + default: impossible("magic (%d) attempted on door.", otmp->otyp); + break; + } +- if (msg && cansee(x,y)) pline(msg); ++ if (msg && cansee(x,y)) pline("%s", msg); + if (loudness > 0) { + /* door was destroyed */ + wake_nearto(x, y, loudness); +diff --git a/src/mail.c b/src/mail.c +index 99d7637..a34f760 100644 +--- a/src/mail.c ++++ b/src/mail.c +@@ -317,7 +317,7 @@ md_rush(md,tx,ty) + if (fx == tx && fy == ty) break; + + if ((mon = m_at(fx,fy)) != 0) /* save monster at this position */ +- verbalize(md_exclamations()); ++ verbalize("%s", md_exclamations()); + else if (fx == u.ux && fy == u.uy) + verbalize("Excuse me."); + +diff --git a/src/makemon.c b/src/makemon.c +index 89098dd..9e99cb8 100644 +--- a/src/makemon.c ++++ b/src/makemon.c +@@ -1779,7 +1779,7 @@ struct obj *bag; + if (!bag || bag->otyp != BAG_OF_TRICKS) { + impossible("bad bag o' tricks"); + } else if (bag->spe < 1) { +- pline(nothing_happens); ++ pline("%s", nothing_happens); + } else { + boolean gotone = FALSE; + int cnt = 1; +diff --git a/src/mcastu.c b/src/mcastu.c +index 93d3b8d..549caf4 100644 +--- a/src/mcastu.c ++++ b/src/mcastu.c +@@ -590,7 +590,7 @@ int spellnum; + (num_eyes == 1) ? + body_part(EYE) : makeplural(body_part(EYE))); + make_blinded(Half_spell_damage ? 100L : 200L, FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + dmg = 0; + } else + impossible("no reason for monster to cast blindness spell?"); +diff --git a/src/mhitu.c b/src/mhitu.c +index c0711fc..7df5b5e 100644 +--- a/src/mhitu.c ++++ b/src/mhitu.c +@@ -1036,7 +1036,7 @@ hitmu(mtmp, mattk) + if (can_blnd(mtmp, &youmonst, mattk->aatyp, (struct obj*)0)) { + if (!Blind) pline("%s blinds you!", Monnam(mtmp)); + make_blinded(Blinded+(long)dmg,FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } + dmg = 0; + break; +@@ -1742,7 +1742,7 @@ gulpmu(mtmp, mattk) /* monster swallows you, or damage if u.uswallow */ + if(!Blind) { + You_cant("see in here!"); + make_blinded((long)tmp,FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } else + /* keep him blind until disgorged */ + make_blinded(Blinded+1,FALSE); +@@ -1858,7 +1858,7 @@ common: + if (mon_visible(mtmp) || (rnd(tmp /= 2) > u.ulevel)) { + You("are blinded by a blast of light!"); + make_blinded((long)tmp, FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } else if (flags.verbose) + You("get the impression it was not terribly bright."); + } +@@ -1985,7 +1985,7 @@ gazemu(mtmp, mattk) /* monster gazes at you */ + /* not blind at this point implies you're wearing + the Eyes of the Overworld; make them block this + particular stun attack too */ +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + else make_stunned((long)d(1,3),TRUE); + } + break; +diff --git a/src/mon.c b/src/mon.c +index c769953..297a7b2 100644 +--- a/src/mon.c ++++ b/src/mon.c +@@ -2370,7 +2370,7 @@ struct monst *mon; + You("cannot polymorph %s into that.", mon_nam(mon)); + else break; + } while(++tries < 5); +- if (tries==5) pline(thats_enough_tries); ++ if (tries==5) pline("%s", thats_enough_tries); + } + #endif /*WIZARD*/ + if (mndx == NON_PM) mndx = rn1(SPECIAL_PM - LOW_PM, LOW_PM); +diff --git a/src/mthrowu.c b/src/mthrowu.c +index 3038ced..0ce7832 100644 +--- a/src/mthrowu.c ++++ b/src/mthrowu.c +@@ -450,7 +450,7 @@ m_throw(mon, x, y, dx, dy, range, obj) + if (blindinc) { + u.ucreamed += blindinc; + make_blinded(Blinded + (long)blindinc, FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } + } + +diff --git a/src/muse.c b/src/muse.c +index 86044e5..3c038eb 100644 +--- a/src/muse.c ++++ b/src/muse.c +@@ -79,7 +79,7 @@ struct obj *obj; + m_useup(mon, obj); + mtmp = makemon(&mons[PM_GHOST], cc.x, cc.y, NO_MM_FLAGS); + if (!mtmp) { +- if (vis) pline(empty); ++ if (vis) pline("%s", empty); + } else { + if (vis) { + pline("As %s opens the bottle, an enormous %s emerges!", +@@ -102,7 +102,7 @@ struct obj *obj; + m_useup(mon, obj); + mtmp = makemon(&mons[PM_DJINNI], cc.x, cc.y, NO_MM_FLAGS); + if (!mtmp) { +- if (vis) pline(empty); ++ if (vis) pline("%s", empty); + } else { + if (vis) + pline("In a cloud of smoke, %s emerges!", +diff --git a/src/polyself.c b/src/polyself.c +index b051acb..8a5bf8f 100644 +--- a/src/polyself.c ++++ b/src/polyself.c +@@ -234,7 +234,7 @@ boolean forcecontrol; + + if(!Polymorph_control && !forcecontrol && !draconian && !iswere && !isvamp) { + if (rn2(20) > ACURR(A_CON)) { +- You(shudder_for_moment); ++ You("%s", shudder_for_moment); + losehp(rnd(30), "system shock", KILLED_BY_AN); + exercise(A_CON, FALSE); + return; +@@ -256,7 +256,7 @@ boolean forcecontrol; + You("cannot polymorph into that."); + else break; + } while(++tries < 5); +- if (tries==5) pline(thats_enough_tries); ++ if (tries==5) pline("%s", thats_enough_tries); + /* allow skin merging, even when polymorph is controlled */ + if (draconian && + (mntmp == armor_to_dragon(uarm->otyp) || tries == 5)) +diff --git a/src/potion.c b/src/potion.c +index 04abd41..9ed0768 100644 +--- a/src/potion.c ++++ b/src/potion.c +@@ -932,7 +932,7 @@ register const char *txt; + You("have a %s feeling for a moment, then it passes.", + Hallucination ? "normal" : "strange"); + else +- pline(txt); ++ pline("%s", txt); + + if(!obj) /* e.g., crystal ball finds no traps */ + return; +@@ -1280,7 +1280,7 @@ register struct obj *obj; + pline("It suddenly gets dark."); + } + make_blinded(itimeout_incr(Blinded, rnd(5)), FALSE); +- if (!Blind && !u.usleep) Your(vision_clears); ++ if (!Blind && !u.usleep) Your("%s", vision_clears); + break; + case POT_WATER: + if(u.umonnum == PM_GREMLIN) { +@@ -1633,7 +1633,7 @@ dodip() + obj == uball || obj == uskin || + obj_resists(obj->otyp == POT_POLYMORPH ? + potion : obj, 5, 95)) { +- pline(nothing_happens); ++ pline("%s", nothing_happens); + } else { + boolean was_wep = FALSE, was_swapwep = FALSE, was_quiver = FALSE; + short save_otyp = obj->otyp; +diff --git a/src/pray.c b/src/pray.c +index 0df2855..16c9f9c 100644 +--- a/src/pray.c ++++ b/src/pray.c +@@ -1317,7 +1317,7 @@ verbalize("In return for thy service, I grant thee the gift of Immortality!"); + } /* fake Amulet */ + + if (value == 0) { +- pline(nothing_happens); ++ pline("%s", nothing_happens); + return (1); + } + +diff --git a/src/priest.c b/src/priest.c +index 5681930..effd0db 100644 +--- a/src/priest.c ++++ b/src/priest.c +@@ -363,8 +363,8 @@ register int roomno; + msg1 = buf; + } + if (can_speak) { +- verbalize(msg1); +- if (msg2) verbalize(msg2); ++ verbalize("%s", msg1); ++ if (msg2) verbalize("%s", msg2); + } + if(!sanctum) { + /* !tended -> !shrined */ +@@ -433,7 +433,7 @@ register struct monst *priest; + priest->mcanmove = 1; + } + priest->mpeaceful = 0; +- verbalize(cranky_msg[rn2(3)]); ++ verbalize("%s", cranky_msg[rn2(3)]); + return; + } + +diff --git a/src/questpgr.c b/src/questpgr.c +index b4b80af..4bb6929 100644 +--- a/src/questpgr.c ++++ b/src/questpgr.c +@@ -364,7 +364,7 @@ struct qtmsg *qt_msg; + for (size = 0; size < qt_msg->size; size += (long)strlen(in_line)) { + (void) dlb_fgets(in_line, 80, msg_file); + convert_line(); +- pline(out_line); ++ pline("%s", out_line); + } + + } +diff --git a/src/read.c b/src/read.c +index ab530f0..bc7dcb0 100644 +--- a/src/read.c ++++ b/src/read.c +@@ -156,14 +156,14 @@ static void + stripspe(obj) + register struct obj *obj; + { +- if (obj->blessed) pline(nothing_happens); ++ if (obj->blessed) pline("%s", nothing_happens); + else { + if (obj->spe > 0) { + obj->spe = 0; + if (obj->otyp == OIL_LAMP || obj->otyp == BRASS_LANTERN) + obj->age = 0; + Your("%s %s briefly.",xname(obj), otense(obj, "vibrate")); +- } else pline(nothing_happens); ++ } else pline("%s", nothing_happens); + } + } + +@@ -320,7 +320,7 @@ int curse_bless; + if (obj->spe < 3) + Your("marker seems permanently dried out."); + else +- pline(nothing_happens); ++ pline("%s", nothing_happens); + } else if (is_blessed) { + n = rn1(16,15); /* 15..30 */ + if (obj->spe + n <= 50) +@@ -378,7 +378,7 @@ int curse_bless; + if (obj->spe < 5) { + obj->spe++; + p_glow1(obj); +- } else pline(nothing_happens); ++ } else pline("%s", nothing_happens); + } + break; + case HORN_OF_PLENTY: +@@ -1284,7 +1284,7 @@ register struct obj *sobj; + cc.x = u.ux; + cc.y = u.uy; + if (getpos(&cc, TRUE, "the desired position") < 0) { +- pline(Never_mind); ++ pline("%s", Never_mind); + return 0; + } + if (!cansee(cc.x, cc.y) || distu(cc.x, cc.y) >= 32) { +@@ -1433,7 +1433,7 @@ do_class_genocide() + + for(j=0; ; j++) { + if (j >= 5) { +- pline(thats_enough_tries); ++ pline("%s", thats_enough_tries); + return; + } + do { +@@ -1602,7 +1602,7 @@ int how; + } else { + for(i = 0; ; i++) { + if(i >= 5) { +- pline(thats_enough_tries); ++ pline("%s", thats_enough_tries); + return; + } + getlin("What monster do you want to genocide? [type the name]", +@@ -1725,7 +1725,7 @@ int how; + if (cnt) + pline("Sent in some %s.", makeplural(buf)); + else +- pline(nothing_happens); ++ pline("%s", nothing_happens); + } + } + +@@ -1845,7 +1845,7 @@ create_particular() + } while (++tries < 5); + + if (tries == 5) { +- pline(thats_enough_tries); ++ pline("%s", thats_enough_tries); + } else { + (void) cant_create(&which, FALSE); + whichpm = &mons[which]; +diff --git a/src/region.c b/src/region.c +index e4d12af..3c405ec 100644 +--- a/src/region.c ++++ b/src/region.c +@@ -445,7 +445,7 @@ xchar + !regions[i]->attach_2_u && !inside_region(regions[i], x, y)) { + clear_hero_inside(regions[i]); + if (regions[i]->leave_msg != NULL) +- pline(regions[i]->leave_msg); ++ pline("%s", regions[i]->leave_msg); + if ((f_indx = regions[i]->leave_f) != NO_CALLBACK) + (void) (*callbacks[f_indx])(regions[i], (genericptr_t) 0); + } +@@ -456,7 +456,7 @@ xchar + !regions[i]->attach_2_u && inside_region(regions[i], x, y)) { + set_hero_inside(regions[i]); + if (regions[i]->enter_msg != NULL) +- pline(regions[i]->enter_msg); ++ pline("%s", regions[i]->enter_msg); + if ((f_indx = regions[i]->enter_f) != NO_CALLBACK) + (void) (*callbacks[f_indx])(regions[i], (genericptr_t) 0); + } +diff --git a/src/restore.c b/src/restore.c +index aaabbed..c6a4a3f 100644 +--- a/src/restore.c ++++ b/src/restore.c +@@ -737,7 +737,7 @@ boolean ghostly; + else + Sprintf(trickbuf, "This is level %d, not %d!", dlvl, lev); + #ifdef WIZARD +- if (wizard) pline(trickbuf); ++ if (wizard) pline("%s", trickbuf); + #endif + trickery(trickbuf); + } +diff --git a/src/shk.c b/src/shk.c +index 53c868b..67285d4 100644 +--- a/src/shk.c ++++ b/src/shk.c +@@ -1345,7 +1345,7 @@ proceed: + else Strcat(sbuf, + "for gold picked up and the use of merchandise."); + } else Strcat(sbuf, "for the use of merchandise."); +- pline(sbuf); ++ pline("%s", sbuf); + #ifndef GOLDOBJ + if (u.ugold + eshkp->credit < dtmp) { + #else +diff --git a/src/sounds.c b/src/sounds.c +index ebd51aa..0740ab4 100644 +--- a/src/sounds.c ++++ b/src/sounds.c +@@ -53,7 +53,7 @@ dosounds() + "the splashing of a naiad.", + "a soda fountain!", + }; +- You_hear(fountain_msg[rn2(3)+hallu]); ++ You_hear("%s", fountain_msg[rn2(3)+hallu]); + } + #ifdef SINK + if (level.flags.nsinks && !rn2(300)) { +@@ -62,7 +62,7 @@ dosounds() + "a gurgling noise.", + "dishes being washed!", + }; +- You_hear(sink_msg[rn2(2)+hallu]); ++ You_hear("%s", sink_msg[rn2(2)+hallu]); + } + #endif + if (level.flags.has_court && !rn2(200)) { +@@ -81,7 +81,7 @@ dosounds() + /* finding one is enough, at least for now */ + int which = rn2(3)+hallu; + +- if (which != 2) You_hear(throne_msg[which]); ++ if (which != 2) You_hear("%s", throne_msg[which]); + else pline(throne_msg[2], uhis()); + return; + } +@@ -93,7 +93,7 @@ dosounds() + "smell marsh gas!", /* so it's a smell...*/ + "hear Donald Duck!", + }; +- You(swamp_msg[rn2(2)+hallu]); ++ You("%s", swamp_msg[rn2(2)+hallu]); + return; + } + if (level.flags.has_vault && !rn2(200)) { +@@ -201,7 +201,7 @@ dosounds() + mon_in_room(mtmp, BARRACKS) && + /* sleeping implies not-yet-disturbed (usually) */ + (mtmp->msleeping || ++count > 5)) { +- You_hear(barracks_msg[rn2(3)+hallu]); ++ You_hear("%s", barracks_msg[rn2(3)+hallu]); + return; + } + } +@@ -216,7 +216,7 @@ dosounds() + if (DEADMONSTER(mtmp)) continue; + if ((mtmp->msleeping || is_animal(mtmp->data)) && + mon_in_room(mtmp, ZOO)) { +- You_hear(zoo_msg[rn2(2)+hallu]); ++ You_hear("%s", zoo_msg[rn2(2)+hallu]); + return; + } + } +@@ -234,7 +234,7 @@ dosounds() + "the chime of a cash register.", + "Neiman and Marcus arguing!", + }; +- You_hear(shop_msg[rn2(2)+hallu]); ++ You_hear("%s", shop_msg[rn2(2)+hallu]); + } + return; + } +@@ -252,7 +252,7 @@ dosounds() + "someone say \"No more woodchucks!\"", + "a loud ZOT!" /* both rec.humor.oracle */ + }; +- You_hear(ora_msg[rn2(3)+hallu*2]); ++ You_hear("%s", ora_msg[rn2(3)+hallu*2]); + } + return; + } +@@ -816,7 +816,7 @@ register struct monst *mtmp; + } + + if (pline_msg) pline("%s %s", Monnam(mtmp), pline_msg); +- else if (verbl_msg) verbalize(verbl_msg); ++ else if (verbl_msg) verbalize("%s", verbl_msg); + return(1); + } + +diff --git a/src/spell.c b/src/spell.c +index 4659cfa..10657de 100644 +--- a/src/spell.c ++++ b/src/spell.c +@@ -948,7 +948,7 @@ boolean atme; + break; + case SPE_JUMPING: + if (!jump(max(role_skill,1))) +- pline(nothing_happens); ++ pline("%s", nothing_happens); + break; + default: + impossible("Unknown spell %d attempted.", spell); +diff --git a/src/steed.c b/src/steed.c +index 52e97dc..8c46537 100644 +--- a/src/steed.c ++++ b/src/steed.c +@@ -58,7 +58,7 @@ use_saddle(otmp) + + /* Select an animal */ + if (u.uswallow || Underwater || !getdir((char *)0)) { +- pline(Never_mind); ++ pline("%s", Never_mind); + return 0; + } + if (!u.dx && !u.dy) { +diff --git a/src/teleport.c b/src/teleport.c +index c913e3c..e7c1e9f 100644 +--- a/src/teleport.c ++++ b/src/teleport.c +@@ -552,7 +552,7 @@ dotele() + else tele(); + (void) next_to_u(); + } else { +- You(shudder_for_moment); ++ You("%s", shudder_for_moment); + return(0); + } + if (!trap) morehungry(100); +@@ -663,7 +663,7 @@ level_tele() + * we let negative values requests fall into the "heaven" loop. + */ + if (Is_knox(&u.uz) && newlev > 0) { +- You(shudder_for_moment); ++ You("%s", shudder_for_moment); + return; + } + /* if in Quest, the player sees "Home 1", etc., on the status +@@ -680,13 +680,13 @@ level_tele() + random_levtport: + newlev = random_teleport_level(); + if (newlev == depth(&u.uz)) { +- You(shudder_for_moment); ++ You("%s", shudder_for_moment); + return; + } + } + + if (!next_to_u()) { +- You(shudder_for_moment); ++ You("%s", shudder_for_moment); + return; + } + #ifdef WIZARD +@@ -812,7 +812,7 @@ register struct trap *ttmp; + struct d_level target_level; + + if (!next_to_u()) { +- You(shudder_for_moment); ++ You("%s", shudder_for_moment); + return; + } + +@@ -846,7 +846,7 @@ struct trap *trap; + shieldeff(u.ux, u.uy); + You_feel("a wrenching sensation."); + } else if (!next_to_u()) { +- You(shudder_for_moment); ++ You("%s", shudder_for_moment); + } else if (trap->once) { + deltrap(trap); + newsym(u.ux,u.uy); /* get rid of trap symbol */ +diff --git a/src/timeout.c b/src/timeout.c +index 6a336d6..3b19ecc 100644 +--- a/src/timeout.c ++++ b/src/timeout.c +@@ -31,7 +31,7 @@ stoned_dialogue() + register long i = (Stoned & TIMEOUT); + + if (i > 0L && i <= SIZE(stoned_texts)) +- pline(stoned_texts[SIZE(stoned_texts) - i]); ++ pline("%s", stoned_texts[SIZE(stoned_texts) - i]); + if (i == 5L) + HFast = 0L; + if (i == 3L) +@@ -55,7 +55,7 @@ vomiting_dialogue() + + if ((((Vomiting & TIMEOUT) % 3L) == 2) && (i >= 0) + && (i < SIZE(vomiting_texts))) +- You(vomiting_texts[SIZE(vomiting_texts) - i - 1]); ++ You("%s", vomiting_texts[SIZE(vomiting_texts) - i - 1]); + + switch ((int) i) { + case 0: +@@ -102,7 +102,7 @@ choke_dialogue() + if (index(str, '%')) + pline(str, hcolor(NH_BLUE)); + else +- pline(str); ++ pline("%s", str); + } + } + exercise(A_STR, FALSE); +@@ -132,7 +132,7 @@ slime_dialogue() + } else + pline(str, an(Hallucination ? rndmonnam() : "green slime")); + } else +- pline(str); ++ pline("%s", str); + } + if (i == 3L) { /* limbs becoming oozy */ + HFast = 0L; /* lose intrinsic speed */ +diff --git a/src/trap.c b/src/trap.c +index d336276..1724267 100644 +--- a/src/trap.c ++++ b/src/trap.c +@@ -359,7 +359,7 @@ boolean td; /* td == TRUE : trap door or hole */ + dont_fall = "are jerked back by your pet!"; + } + if (dont_fall) { +- You(dont_fall); ++ You("%s", dont_fall); + /* hero didn't fall through, but any objects here might */ + impact_drop((struct obj *)0, u.ux, u.uy, 0); + if (!td) { +@@ -2498,7 +2498,7 @@ domagictrap() + if (!resists_blnd(&youmonst)) { + You("are momentarily blinded by a flash of light!"); + make_blinded((long)rn1(5,10),FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } else if (!Blind) { + You("see a flash of light!"); + } else +diff --git a/src/zap.c b/src/zap.c +index 991c429..d37b30d 100644 +--- a/src/zap.c ++++ b/src/zap.c +@@ -1835,7 +1835,7 @@ dozap() + check_unpaid(obj); + + /* zappable addition done by GAN 11/03/86 */ +- if(!zappable(obj)) pline(nothing_happens); ++ if(!zappable(obj)) pline("%s", nothing_happens); + else if(obj->cursed && !rn2(100)) { + backfire(obj); /* the wand blows up in your face! */ + exercise(A_STR, FALSE); +@@ -1912,7 +1912,7 @@ boolean ordinary; + if (!resists_blnd(&youmonst)) { + You(are_blinded_by_the_flash); + make_blinded((long)rnd(100),FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } + break; + +@@ -2093,7 +2093,7 @@ boolean ordinary; + You(are_blinded_by_the_flash); + make_blinded((long)damage, FALSE); + makeknown(obj->otyp); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } + damage = 0; /* reset */ + break; +@@ -2373,7 +2373,7 @@ struct obj *obj; /* wand or spell */ + case SPE_STONE_TO_FLESH: + if (Is_airlevel(&u.uz) || Is_waterlevel(&u.uz) || + Underwater || (Is_qstart(&u.uz) && u.dz < 0)) { +- pline(nothing_happens); ++ pline("%s", nothing_happens); + } else if (u.dz < 0) { /* we should do more... */ + pline("Blood drips on your %s.", body_part(FACE)); + } else if (u.dz > 0 && !OBJ_AT(u.ux, u.uy)) { +@@ -2384,7 +2384,7 @@ struct obj *obj; /* wand or spell */ + e = engr_at(u.ux, u.uy); + if (!(e && e->engr_type == ENGRAVE)) { + if (is_pool(u.ux, u.uy) || is_ice(u.ux, u.uy)) +- pline(nothing_happens); ++ pline("%s", nothing_happens); + else + pline("Blood %ss %s your %s.", + is_lava(u.ux, u.uy) ? "boil" : "pool", +@@ -3463,7 +3463,7 @@ register int dx,dy; + if (abstype == ZT_LIGHTNING && !resists_blnd(&youmonst)) { + You(are_blinded_by_the_flash); + make_blinded((long)d(nd,50),FALSE); +- if (!Blind) Your(vision_clears); ++ if (!Blind) Your("%s", vision_clears); + } + stop_occupation(); + nomul(0); +@@ -3597,7 +3597,7 @@ boolean *shopdamage; + if (ttmp) ttmp->tseen = 1; + if (cansee(x,y)) msgtxt = "The water evaporates."; + } +- Norep(msgtxt); ++ Norep("%s", msgtxt); + if (lev->typ == ROOM) newsym(x,y); + } else if(IS_FOUNTAIN(lev->typ)) { + if (cansee(x,y)) +@@ -3721,12 +3721,12 @@ boolean *shopdamage; + lev->doormask = new_doormask; + unblock_point(x, y); /* vision */ + if (cansee(x, y)) { +- pline(see_txt); ++ pline("%s", see_txt); + newsym(x, y); + } else if (sense_txt) { +- You(sense_txt); ++ You("%s", sense_txt); + } else if (hear_txt) { +- if (flags.soundok) You_hear(hear_txt); ++ if (flags.soundok) You_hear("%s", hear_txt); + } + if (picking_at(x, y)) { + stop_occupation(); +@@ -4111,7 +4111,7 @@ retry: + if (!otmp) { + pline("Nothing fitting that description exists in the game."); + if (++tries < 5) goto retry; +- pline(thats_enough_tries); ++ pline("%s", thats_enough_tries); + otmp = readobjnam((char *)0, (struct obj *)0, TRUE); + if (!otmp) return; /* for safety; should never happen */ + } else if (otmp == ¬hing) { +diff --git a/util/makedefs.c b/util/makedefs.c +index 23dace2..de7319b 100644 +--- a/util/makedefs.c ++++ b/util/makedefs.c +@@ -358,7 +358,7 @@ do_rumors() + perror(filename); + exit(EXIT_FAILURE); + } +- Fprintf(ofp,Dont_Edit_Data); ++ Fprintf(ofp,"%s",Dont_Edit_Data); + + Sprintf(infile, DATA_IN_TEMPLATE, RUMOR_FILE); + Strcat(infile, ".tru"); +@@ -557,7 +557,7 @@ do_date() + exit(EXIT_FAILURE); + } + Fprintf(ofp,"/*\tSCCS Id: @(#)date.h\t3.4\t2002/02/03 */\n\n"); +- Fprintf(ofp,Dont_Edit_Code); ++ Fprintf(ofp,"%s",Dont_Edit_Code); + + #ifdef KR1ED + (void) time(&clocktim); +@@ -1229,7 +1229,7 @@ do_dungeon() + perror(filename); + exit(EXIT_FAILURE); + } +- Fprintf(ofp,Dont_Edit_Data); ++ Fprintf(ofp,"%s",Dont_Edit_Data); + + while (fgets(in_line, sizeof in_line, ifp) != 0) { + SpinCursor(3); +@@ -1351,7 +1351,7 @@ do_monstr() + perror(filename); + exit(EXIT_FAILURE); + } +- Fprintf(ofp,Dont_Edit_Code); ++ Fprintf(ofp,"%s",Dont_Edit_Code); + Fprintf(ofp,"#include \"config.h\"\n"); + Fprintf(ofp,"\nconst int monstr[] = {\n"); + for (ptr = &mons[0], j = 0; ptr->mlet; ptr++) { +@@ -1392,7 +1392,7 @@ do_permonst() + exit(EXIT_FAILURE); + } + Fprintf(ofp,"/*\tSCCS Id: @(#)pm.h\t3.4\t2002/02/03 */\n\n"); +- Fprintf(ofp,Dont_Edit_Code); ++ Fprintf(ofp,"%s",Dont_Edit_Code); + Fprintf(ofp,"#ifndef PM_H\n#define PM_H\n"); + + if (strcmp(mons[0].mname, "playermon") != 0) +@@ -1708,7 +1708,7 @@ do_objs() + exit(EXIT_FAILURE); + } + Fprintf(ofp,"/*\tSCCS Id: @(#)onames.h\t3.4\t2002/02/03 */\n\n"); +- Fprintf(ofp,Dont_Edit_Code); ++ Fprintf(ofp,"%s",Dont_Edit_Code); + Fprintf(ofp,"#ifndef ONAMES_H\n#define ONAMES_H\n\n"); + + for(i = 0; !i || objects[i].oc_class != ILLOBJ_CLASS; i++) { +@@ -1863,7 +1863,7 @@ do_vision() + perror(filename); + exit(EXIT_FAILURE); + } +- Fprintf(ofp,Dont_Edit_Code); ++ Fprintf(ofp,"%s",Dont_Edit_Code); + Fprintf(ofp,"#ifdef VISION_TABLES\n"); + #ifdef VISION_TABLES + H_close_gen(); +@@ -1888,7 +1888,7 @@ do_vision() + Unlink(filename); + exit(EXIT_FAILURE); + } +- Fprintf(ofp,Dont_Edit_Code); ++ Fprintf(ofp,"%s",Dont_Edit_Code); + Fprintf(ofp,"#include \"config.h\"\n"); + Fprintf(ofp,"#ifdef VISION_TABLES\n"); + Fprintf(ofp,"#include \"vis_tab.h\"\n"); diff --git a/nethack.spec b/nethack.spec index 3225364..84a07de 100644 --- a/nethack.spec +++ b/nethack.spec @@ -5,7 +5,7 @@ Name: nethack Version: 3.4.3 -Release: 30%{?dist} +Release: 31%{?dist} Summary: A rogue-like single player dungeon exploration game Group: Amusements/Games @@ -17,6 +17,7 @@ Patch0: %{name}-%{version}-makefile.patch Patch1: %{name}-%{version}-config.patch Patch2: %{name}-%{version}-x11.patch Patch3: %{name}-%{version}-guidebook.patch +Patch4: %{name}-%{version}-format-security.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: %{fontname}-fonts-core @@ -72,6 +73,7 @@ X11 core fonts configuration for %{fontname}. %patch1 -b .config %patch2 -b .x11 %patch3 -b .guidebook +%patch4 -p1 -b .format-security (source sys/unix/setup.sh) # Set our paths @@ -167,6 +169,9 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root,-) %changelog +* Wed Jun 18 2014 Luke Macken - 3.4.3-31 +- Apply a patch to fix the build with -Werror=format-security (#1037215, #1106286) + * Sat Jun 07 2014 Fedora Release Engineering - 3.4.3-30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild