Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
format string
Closes: #481186 (CVE-2008-2149)
Please note: The WordNet code contains several other occurences of potentially
exploitable functions like strcpy()/strcat()/...  and so even if there are no
known exploits the code needs a full security audit.

--- a/src/wn.c
+++ b/src/wn.c
@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
 		    outsenses += do_search(av[1], optptr->pos, optptr->search,
 					    whichsense, optptr->label);
 	    } else {
-		sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
+		/* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
+		sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
 		display_message(tmpbuf);
 		errcount++;
 	    }
/option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=a570cea4c6ac82ca39c18b6fd647b008bc8b6147'>refs</a><a class='active' href='/guix/log/gnu/home'>log</a><a href='/guix/tree/gnu/home?id=a570cea4c6ac82ca39c18b6fd647b008bc8b6147'>tree</a><a href='/guix/commit/gnu/home?id=a570cea4c6ac82ca39c18b6fd647b008bc8b6147'>commit</a><a href='/guix/diff/gnu/home?id=a570cea4c6ac82ca39c18b6fd647b008bc8b6147'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/home'>
<input type='hidden' name='id' value='a570cea4c6ac82ca39c18b6fd647b008bc8b6147'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=a570cea4c6ac82ca39c18b6fd647b008bc8b6147'>root</a>/<a href='/guix/log/gnu?id=a570cea4c6ac82ca39c18b6fd647b008bc8b6147'>gnu</a>/<a href='/guix/log/gnu/home?id=a570cea4c6ac82ca39c18b6fd647b008bc8b6147'>home</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/home?id=a570cea4c6ac82ca39c18b6fd647b008bc8b6147&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-11-07 23:10:41 +0100'>2021-11-07</span></td><td><a href='/guix/commit/gnu/home?id=2f665d4309053d5a9fe25bc93ee78d55dbc30cb7'>doc: Improve documentation of the Bash home service</a><span class='msg-avail'>...<span class='msg-tooltip'>* doc/guix.texi (Shells Home Services): Document ‘home-bash-extension’
  configuration record.
* gnu/home/services/shells.scm (generate-home-bash-documentation): Extract
  docstrings from ‘home-bash-extension’.
  (home-bash-configuration): Expound on docstrings.
  (home-bash-extension): Likewise.

Fixes: &lt;https://issues.guix.gnu.org/50991&gt;
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Xinglu Chen</td></tr>
<tr><td><span title='2021-11-07 23:10:41 +0100'>2021-11-07</span></td><td><a href='/guix/commit/gnu/home?id=4b96998292442ec03024481c911d88f86c7c36b5'>home: services: bash: Add ‘aliases’ field.</a><span class='msg-avail'>...<span class='msg-tooltip'>* doc/guix.texi (Shells Home Services): Document it.
* gnu/home/services/shells.scm (bash-serialize-aliases): New procedure.
(home-bash-configuration, home-bash-extension): Add ‘aliases’ field.
(home-bash-extensions): Adjust accordingly.
* guix/scripts/home/import.scm (generate-bash-configuration+modules): Populate
the ‘alias’ field.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Xinglu Chen</td></tr>