- NetHack 3.6.5 -- General information January 27, 2020
+ NetHack 3.6.6 -- General information March 2020
NetHack 3.6 is an enhancement to the dungeon exploration game NetHack,
which is a distant descendent of Rogue and Hack, and a direct descendent of
NetHack 3.4 as there was no NetHack 3.5 release.
-NetHack 3.6.5 is the official release of NetHack that follows NetHack 3.6.4
-and contains bug fixes since 3.6.4, including some fixes for exploitable
-security-related vulnerabilities that affected NetHack versions between 3.6.0
-and 3.6.4.
+NetHack 3.6.6 is the official release of NetHack that follows NetHack 3.6.5
+and contains bug fixes since 3.6.5, including a security fix that affected
+versions 3.6.1, 3.6.2, 3.6.3, 3.6.4 and 3.6.5.
-The file doc/fixes36.5 in the source distribution has a full list of fixes.
+The file doc/fixes36.6 in the source distribution has a full list of fixes.
The text in there was written for the development team's own use and is
provided "as is", so please do not ask us to further explain the entries in
that file. Some entries might be considered "spoilers", particularly in the
Below you will find some other general notes that were not considered
spoilers:
- * fix accessing mons[-1] when trying to gate in a non-valid demon
- * fix accessing mons[-1] when monster figures out if a tin cures stoning
- * have string_for_opt() return empty_optstr on failure
- * ensure existing callers of string_for_opt() check return value
- * fix potential buffer overflow in add_menu_coloring()
- * fix potential buffer overflow in sym_val()
- * fix potential buffer overflow in pline(), raw_printf(), config_error_add()
- * fix potential buffer overflow in choose_windows()
- * use vsnprintf instead of vsprintf in pline.c where possible
- * Windows: includes a fix from a 3.6.4 post-release update where
- * OPTIONS=map_mode:fit_to_screen could cause a game start failure
- * Windows: users with C-locale unmappable names could get game start failure
-
+ * invalid status highlight color could be maliciously used to corrupt memory
+ * formatting corpse names used internal buffers differently from formatting
+ * other objects and could potentially clobber memory
+
- - - - - - - - - - -
Please read items (1), (2) and (3) BEFORE doing anything with your new code.
NetHack 3.6.5 was released on January 27, 2020 containing some security fixes
and a small number of bug fixes.
+NetHack 3.6.6 was released in March 2020 containing a security fix.
+
The official NetHack web site is maintained by Ken Lorber at
http://www.nethack.org/.
.ds vr "NetHack 3.6
.ds f0 "\*(vr
.ds f1
-.ds f2 "January 27, 2020
+.ds f2 "March 4, 2020
.
.\" A note on some special characters:
.\" \(lq = left double quote
NetHack 3.6.5 was released on January 27, 2020 containing some security fixes
and a small number of bug fixes.
.pg
+NetHack 3.6.6 was released in March 2020 containing a security fix.
+.pg
The official NetHack web site is maintained by \fBKen Lorber\fP
at
.UR https://www.nethack.org/ .
%.au
\author{Original version - Eric S. Raymond\\
(Edited and expanded for 3.6 by Mike Stephenson and others)}
-\date{January 27, 2020}
+\date{March 4, 2020}
\maketitle
NetHack 3.6.5 was released on January 27, 2020 containing some security fixes
and a small number of bug fixes.
+%.pg
+\medskip
+NetHack 3.6.6 was released in March 2020 containing a security fix.
+
%.pg
\medskip
\nd The official {\it NetHack\/} web site is maintained by {\it Ken Lorber} at
--- /dev/null
+$NHDT-Branch: NetHack-3.6 $:$NHDT-Revision: 1.0 $ $NHDT-Date: 1583332314 2020/03/04 14:31:54 $
+
+fixes36.6 contains a terse summary of changes made to 3.6.5 in order to
+produce 3.6.6 as well as any post-release fixes in binaries.
+
+
+General Fixes and Modified Features
+-----------------------------------
+invalid status highlight color could be maliciously used to corrupt memory
+formatting corpse names used internal buffers differently from formatting
+ other objects and could potentially clobber memory
+
+
+Platform- and/or Interface-Specific Fixes or Features
+-----------------------------------------------------
+
+
+General New Features
+--------------------
+none
+
/*
* Development status of this NetHack version.
*/
-#define NH_DEVEL_STATUS NH_STATUS_POSTRELEASE
+#define NH_DEVEL_STATUS NH_STATUS_RELEASED
#ifndef DEBUG /* allow tool chains to define without causing warnings */
#define DEBUG
-/* NetHack 3.6 patchlevel.h $NHDT-Date: 1557510467 2019/05/10 17:47:47 $ $NHDT-Branch: NetHack-3.6 $:$NHDT-Revision: 1.127 $ */
+/* NetHack 3.6 patchlevel.h $NHDT-Date: 1583297273 2020/03/04 04:47:53 $ $NHDT-Branch: NetHack-3.6 $:$NHDT-Revision: 1.138 $ */
/* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
/*-Copyright (c) Michael Allison, 2012. */
/* NetHack may be freely redistributed. See license for details. */
/*
* PATCHLEVEL is updated for each release.
*/
-#define PATCHLEVEL 5
+#define PATCHLEVEL 6
/*
* Incrementing EDITLEVEL can be used to force invalidation of old bones
* and save files.
/****************************************************************************/
/* Version 3.6.x */
+/* Patch 6, March ??, 2020
+ * invalid status highlight color could be maliciously used to corrupt memory
+ *
+ * invalid status highlight color could be maliciously used to corrupt memory
+ * formatting corpse names used internal buffers differently from formatting
+ * other objects and could potentially clobber memory
+ */
+
/* Patch 5, January 27, 2020
*
* fix accessing mons[-1] when trying to gate in a non-valid demon
-/* NetHack 3.6 objnam.c $NHDT-Date: 1576638500 2019/12/18 03:08:20 $ $NHDT-Branch: NetHack-3.6 $:$NHDT-Revision: 1.257 $ */
+/* NetHack 3.6 objnam.c $NHDT-Date: 1583315888 2020/03/04 09:58:08 $ $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.293 $ */
/* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
/*-Copyright (c) Robert Patrick Rankin, 2011. */
/* NetHack may be freely redistributed. See license for details. */
const char *adjective;
unsigned cxn_flags; /* bitmask of CXN_xxx values */
{
- char *nambuf = nextobuf();
+ /* some callers [aobjnam()] rely on prefix area that xname() sets aside */
+ char *nambuf = nextobuf() + PREFIX;
int omndx = otmp->corpsenm;
boolean ignore_quan = (cxn_flags & CXN_SINGULAR) != 0,
/* suppress "the" from "the unique monster corpse" */
/* format the object */
if (obj->otyp == CORPSE) {
- buf = nextobuf();
- Strcpy(buf, corpse_xname(obj, (const char *) 0, CXN_NORMAL));
+ buf = corpse_xname(obj, (const char *) 0, CXN_NORMAL);
} else if (obj->otyp == SLIME_MOLD) {
/* concession to "most unique deaths competition" in the annual
devnull tournament, suppress player supplied fruit names because
c = colornames[i].color;
break;
}
- if (i == SIZE(colornames) && (*str >= '0' && *str <= '9'))
+ if (i == SIZE(colornames) && digit(*str))
c = atoi(str);
- if (c == CLR_MAX)
- config_error_add("Unknown color '%s'", str);
+ if (c < 0 || c >= CLR_MAX) {
+ config_error_add("Unknown color '%.60s'", str);
+ c = CLR_MAX; /* "none of the above" */
+ }
return c;
}
}
if (a == -1 && complain)
- config_error_add("Unknown text attribute '%s'", str);
+ config_error_add("Unknown text attribute '%.50s'", str);
return a;
}
*.p NHSUBST
-* NH_filestag=(file%s_for_Amiga_versions_-_untested_for_3.6.5)
+* NH_filestag=(file%s_for_Amiga_versions_-_untested_for_3.6.6)
-* NH_filestag=(file%s_for_Atari_version_-_untested_for_3.6.5)
+* NH_filestag=(file%s_for_Atari_version_-_untested_for_3.6.6)
-* NH_filestag=(file%s_for_BeOS_version_-_untested_for_3.6.5)
+* NH_filestag=(file%s_for_BeOS_version_-_untested_for_3.6.6)
Makefile.* NHSUBST
-* NH_filestag=(file%s_for_OS/2_version_-_untested_for_3.6.5)
+* NH_filestag=(file%s_for_OS/2_version_-_untested_for_3.6.6)
lev_comp.h NH_header=no
Makefile.lib NH_header=no
-Makefile.lib NH_filestag=(file%s_for_MSDOS_and_OS/2_versions_-_untested_for_3.6.5)
-#termcap.uu NH_filestag=(file%s_for_MSDOS_and_OS/2_versions_-_untested_for_3.6.5)
+Makefile.lib NH_filestag=(file%s_for_MSDOS_and_OS/2_versions_-_untested_for_3.6.6)
+#termcap.uu NH_filestag=(file%s_for_MSDOS_and_OS/2_versions_-_untested_for_3.6.6)
termcap.uu NH_filestag=>Makefile.lib
-pcmain.c NH_filestag=(file_for_MSDOS,_OS/2,_Amiga,_and_Atari_versions_-_untested_for_3.6.5)
+pcmain.c NH_filestag=(file_for_MSDOS,_OS/2,_Amiga,_and_Atari_versions_-_untested_for_3.6.6)
-pcsys.c NH_filestag=(file%s_for_MSDOS,_OS/2_and_Atari_versions_-_tested_on_MSDOS_for_3.6.5_via_partial_cross-compile_only)
+pcsys.c NH_filestag=(file%s_for_MSDOS,_OS/2_and_Atari_versions_-_tested_on_MSDOS_for_3.6.6_via_partial_cross-compile_only)
pcunix.c NH_filestag=>pcsys.c
-NetHack.cnf NH_filestag=(file_for_MSDOS,_OS/2,_and_Atari_versions_-_untested_for_3.6.5)
+NetHack.cnf NH_filestag=(file_for_MSDOS,_OS/2,_and_Atari_versions_-_untested_for_3.6.6)
pctty.c NH_filestag=>NetHack.cnf
ioctl.c NH_filestag=(file%s_for_UNIX_and_Be_versions)
If you have old record and logfile entries from a previous NetHack version,
you might want to save copies before they get overwritten by the new empty
-files; old saved games and bones files from 3.6.0 through to 3.6.4 should
-work with 3.6.5 but even older saved games and bones files from 3.4.3 will
+files; old saved games and bones files from 3.6.0 through to 3.6.5 should
+work with 3.6.6 but even older saved games and bones files from 3.4.3 will
not. If you are installing from the RPM, there is no need to save the old
record and logfile; they are automatically preserved.
# Only available if NetHack was compiled with DUMPLOG
# Allows following placeholders:
# %% literal '%'
-# %v version (eg. "3.6.5-0")
+# %v version (eg. "3.6.6-0")
# %u game UID
# %t game start time, UNIX timestamp format
# %T current time, UNIX timestamp format
- Instructions for Building and Installing NetHack 3.6.5
+ Instructions for Building and Installing NetHack 3.6
on a VMS (aka OpenVMS) system
=========================================
0. Version 3.5.x was never publicly released.
1. Save files and bones files from 3.4.x and earlier versions
- will not work with 3.6.5, but save files and bones file from 3.6.0,
- through 3.6.4 should work. The scoreboard file (RECORD) from 3.6.x
+ will not work with 3.6.6, but save files and bones file from 3.6.0,
+ through 3.6.5 should work. The scoreboard file (RECORD) from 3.6.x
or 3.4.x or 3.3.x will work.
2. If pline.c fails to compile, edit vmsconf.h and uncomment
# Other things that have to be reconfigured are in vmsconf.h,
# and config.h
-VERSION = 3.6.5
+VERSION = 3.6.6
MAKEDEFS = $(UTL)makedefs.exe;
$ ! vms/vmsbuild.com -- compile and link NetHack 3.6.* [pr]
-$ version_number = "3.6.5"
+$ version_number = "3.6.6"
$ ! $NHDT-Date: 1557701518 2019/05/12 22:51:58 $ $NHDT-Branch: NetHack-3.6 $:$NHDT-Revision: 1.23 $
$ ! Copyright (c) 2018 by Robert Patrick Rankin
$ ! NetHack may be freely redistributed. See license for details.
*.ce NHSUBST
*.mak NHSUBST
*.bat NHSUBST
-* NH_filestag=(file%s_for_Windows_CE_and_PocketPC_-_untested_for_3.6.5)
+* NH_filestag=(file%s_for_Windows_CE_and_PocketPC_-_untested_for_3.6.6)
-* NH_filestag=(header_file%s_for_Windows_CE_and_PocketPC_-_untested_for_3.6.5)
+* NH_filestag=(header_file%s_for_Windows_CE_and_PocketPC_-_untested_for_3.6.6)
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,6,5,0
- PRODUCTVERSION 3,6,5,0
+ FILEVERSION 3,6,6,0
+ PRODUCTVERSION 3,6,6,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x9L
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "Comments", "NetHack 3.6.5 for Windows CE\0"
+ VALUE "Comments", "NetHack 3.6.6 for Windows CE\0"
VALUE "CompanyName", " \0"
VALUE "FileDescription", "nethackm\0"
- VALUE "FileVersion", "3, 6, 5, 0\0"
+ VALUE "FileVersion", "3, 6, 6, 0\0"
VALUE "InternalName", "nethackm\0"
VALUE "LegalCopyright", "Copyright © 1985-2020\0"
VALUE "LegalTrademarks", "\0"
VALUE "OriginalFilename", "nethackm.exe\0"
VALUE "PrivateBuild", "090914\0"
VALUE "ProductName", "NetHack\0"
- VALUE "ProductVersion", "3, 6, 5, 0\0"
+ VALUE "ProductVersion", "3, 6, 6, 0\0"
VALUE "SpecialBuild", "\0"
END
END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,6,5,0
- PRODUCTVERSION 3,6,5,0
+ FILEVERSION 3,6,6,0
+ PRODUCTVERSION 3,6,6,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x9L
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "Comments", "NetHack 3.6.5 for Smartphone 2002\0"
+ VALUE "Comments", "NetHack 3.6.6 for Smartphone 2002\0"
VALUE "CompanyName", " \0"
VALUE "FileDescription", "nethackm\0"
- VALUE "FileVersion", "3, 6, 5, 0\0"
+ VALUE "FileVersion", "3, 6, 6, 0\0"
VALUE "InternalName", "nethackm\0"
VALUE "LegalCopyright", "Copyright © 1985-2020\0"
VALUE "LegalTrademarks", "\0"
VALUE "OriginalFilename", "nethackm.exe\0"
VALUE "PrivateBuild", "090914\0"
VALUE "ProductName", "NetHack For Smartphone\0"
- VALUE "ProductVersion", "3, 6, 5, 0\0"
+ VALUE "ProductVersion", "3, 6, 6, 0\0"
VALUE "SpecialBuild", "\0"
END
END
- Copyright (c) NetHack Development Team 1990-2020
+ Copyright (c) NetHack Development Team 1990-2019
NetHack may be freely redistributed. See license for details.
==============================================================
Instructions for compiling and installing
Alex Kompel, Dion Nicolaas, Yitzhak Sapir, Derek S. Ray, Michael Allison,
Pasi Kallinen, Bart House, and Janet Walz contributed to the maintainance
-of the tty and graphical windows versions of NetHack 3.6.5.
+of the tty and graphical windows versions of NetHack 3.6.6.
You can build a TTY version of NetHack and a Windows Graphical
version. You can use one of the following build environments:
is set up for a 32-bit x86 version, but that's only because it will
run on the most number of existing Windows environments.
-NetHack's save files and bones files in the 3.6.5 release have not yet
+NetHack's save files and bones files in the 3.6.6 release have not yet
evolved enough to allow them to interchange between the 32-bit version
and the 64-bit version (or between different platforms). Hopefully
that will change in an upcoming release.
#==============================================================================
# The version of the game this Makefile was designed for
-NETHACK_VERSION="3.6.5"
+NETHACK_VERSION="3.6.6"
# A brief version for use in macros
NHV1=$(subst .,,$(NETHACK_VERSION))
#==============================================================================
#
# The version of the game this Makefile was designed for
-NETHACK_VERSION="3.6.5"
+NETHACK_VERSION="3.6.6"
# A brief version for use in macros
NHV=$(NETHACK_VERSION:.=)
NAME NETHACK
-DESCRIPTION 'NetHack 3.6.5 for Windows'
+DESCRIPTION 'NetHack 3.6.6 for Windows'
EXETYPE WINDOWS
STUB 'WINSTUB.EXE'
CODE PRELOAD MOVEABLE DISCARDABLE
# Only available if NetHack was compiled with DUMPLOG
# Allows following placeholders:
# %% literal '%'
-# %v version (eg. "3.6.5-0")
+# %v version (eg. "3.6.6-0")
# %u game UID
# %t game start time, UNIX timestamp format
# %T current time, UNIX timestamp format
#endif
#if defined(UNIX) && !defined(LINT) && !defined(GCC_WARN)
-static const char SCCS_Id[] UNUSED = "@(#)makedefs.c\t3.6\t2020/01/18";
+static const char SCCS_Id[] UNUSED = "@(#)makedefs.c\t3.6\t2020/03/04";
#endif
/* names of files to be generated */
-* NH_filestag=(file%s_for_GEM_versions_-_untested_for_3.6.5)
+* NH_filestag=(file%s_for_GEM_versions_-_untested_for_3.6.6)
-* NH_filestag=(file%s_for_GNOME_versions_-_untested_for_3.6.5)
+* NH_filestag=(file%s_for_GNOME_versions_-_untested_for_3.6.6)
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,6,5,0
- PRODUCTVERSION 3,6,5,0
+ FILEVERSION 3,6,6,0
+ PRODUCTVERSION 3,6,6,0
FILEFLAGSMASK 0x1fL
#ifdef _DEBUG
FILEFLAGS 0x9L
BLOCK "040904b0"
BEGIN
VALUE "FileDescription", "NetHack for Windows - Graphical Interface"
- VALUE "FileVersion", "3.6.5"
+ VALUE "FileVersion", "3.6.6"
VALUE "InternalName", "NetHackW"
VALUE "LegalCopyright", "Copyright (C) 1985 - 2020. By Stichting Mathematisch Centrum and M. Stephenson. See license for details."
VALUE "OriginalFilename", "NetHackW.exe"
VALUE "PrivateBuild", "140606"
VALUE "ProductName", "NetHack"
- VALUE "ProductVersion", "3.6.5"
+ VALUE "ProductVersion", "3.6.6"
END
END
BLOCK "VarFileInfo"
/* Reading and writing settings from the registry. */
#define CATEGORYKEY "Software"
#define COMPANYKEY "NetHack"
-#define PRODUCTKEY "NetHack 3.6.5"
+#define PRODUCTKEY "NetHack 3.6.6"
#define SETTINGSKEY "Settings"
#define MAINSHOWSTATEKEY "MainShowState"
#define MAINMINXKEY "MainMinX"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,6,5,0
- PRODUCTVERSION 3,6,5,0
+ FILEVERSION 3,6,6,0
+ PRODUCTVERSION 3,6,6,0
FILEFLAGSMASK 0x1fL
#ifdef _DEBUG
FILEFLAGS 0x9L
BLOCK "040904b0"
BEGIN
VALUE "FileDescription", "NetHack for Windows - TTY Interface"
- VALUE "FileVersion", "3.6.5"
+ VALUE "FileVersion", "3.6.6"
VALUE "InternalName", "NetHack"
VALUE "LegalCopyright", "Copyright (C) 1985 - 2020. By Stichting Mathematisch Centrum and M. Stephenson. See license for details."
VALUE "OriginalFilename", "NetHack.exe"
VALUE "ProductName", "NetHack"
- VALUE "ProductVersion", "3.6.5"
+ VALUE "ProductVersion", "3.6.6"
END
END
BLOCK "VarFileInfo"
projects / nethack / commitdiff