Add a patch that fixes this particular misuse of strcat().

Remove the FORBIDDEN keyword with some apprehension: there might well
be other holes left :(
Bump PORTREVISION for the applied bug (and security-) fix.

2 files changed, 21 insertions, 2 deletions

diff --git a/games/nethack34/Makefile b/games/nethack34/Makefile
index ec39bc926874..7e64da7e2cda 100644
--- a/games/nethack34/Makefile
+++ b/games/nethack34/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	nethack
 PORTVERSION=	3.4.0
+PORTREVISION=	1
 CATEGORIES?=	games
 MASTER_SITES=	ftp://ftp.nethack.org/pub/nethack/nh${PORTVERSION:S/.//g}/src/
 DISTNAME=	${PORTNAME}-${PORTVERSION:S/.//g}
@@ -14,8 +15,6 @@ EXTRACT_SUFX=	.tgz
 
 MAINTAINER?=	ports@freebsd.org
 
-FORBIDDEN=	"Possibly exploitable local buffer overflow, see http://online.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0 for more information"
-
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
 
 USE_REINPLACE=	yes
diff --git a/games/nethack34/files/patch-ah b/games/nethack34/files/patch-ah
new file mode 100644
index 000000000000..a21918f7a656
--- /dev/null
+++ b/games/nethack34/files/patch-ah
@@ -0,0 +1,20 @@
+--- src/topten.c	Thu Mar 21 01:43:19 2002
++++ src/topten.c	Tue Feb 11 15:36:23 2003
+@@ -855,8 +855,15 @@
+ 	    if (playerct < 1) Strcat(pbuf, "you.");
+ 	    else {
+ 		if (playerct > 1) Strcat(pbuf, "any of ");
+-		for (i = 0; i < playerct; i++) {
+-		    Strcat(pbuf, players[i]);
++		for (i = 0; i < playerct && strlen(pbuf) < sizeof(pbuf) - 2;
++		    i++) {
++		    size_t len = strlen(pbuf), rest;
++		    if (strlen(players[i]) > sizeof(pbuf) - len - 2) {
++			rest = sizeof(pbuf) - strlen(pbuf) - 2;
++			memcpy(pbuf + len, players[i], rest);
++			pbuf[len + rest] = '\0';
++		    } else
++			Strcat(pbuf, players[i]);
+ 		    if (i < playerct-1) {
+ 			if (players[i][0] == '-' &&
+ 			    index("pr", players[i][1]) && players[i][2] == 0)