--- /dev/null
+# Fix remote buffer overflow vulnerability if an excessive remote error is sent
+# and processed due to the text buffer overflowing.
+
+# Discovery: Stefan Cornelius <dercorny@gentoo.org> of Gentoo Security
+# Patch: Tim Yamin <plasmaroo@gentoo.org> of Gentoo Auditing
+
+diff -ur bomberclone-0.11.6.2/src/menu.c bomberclone-0.11.6.2.plasmaroo/src/menu.c
+--- bomberclone-0.11.6.2/src/menu.c 2005-03-27 02:31:50.000000000 +0100
++++ bomberclone-0.11.6.2.plasmaroo/src/menu.c 2006-02-04 23:51:04.000000000 +0000
+@@ -629,7 +629,7 @@
+ memset (text, 0, sizeof (text));
+ memset (out, 0, sizeof (out));
+ va_start (args, fmt);
+- vsprintf (text, fmt, args);
++ vsnprintf (text, 512, fmt, args);
+ va_end (args);
+
+ menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
+@@ -722,7 +724,7 @@
+ memset (text, 0, sizeof (text));
+ memset (out, 0, sizeof (out));
+ va_start (args, fmt);
+- vsprintf (text, fmt, args);
++ vsnprintf (text, 512, fmt, args);
+ va_end (args);
+
+ menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
+diff -ur bomberclone-0.11.6.2/src/menulabels.c bomberclone-0.11.6.2.plasmaroo/src/menulabels.c
+--- bomberclone-0.11.6.2/src/menulabels.c 2004-09-12 17:49:48.000000000 +0100
++++ bomberclone-0.11.6.2.plasmaroo/src/menulabels.c 2006-02-04 23:47:24.000000000 +0000
+@@ -72,7 +72,7 @@
+ memset (text, 0, sizeof (text));
+ memset (out, 0, sizeof (out));
+ va_start (args, fmt);
+- vsprintf (text, fmt, args);
++ vsnprintf (text, 1024, fmt, args);
+ va_end (args);
+
+ menu_formattext (text, out, lineptr, &linecnt, &maxchar, maxlen, maxlines);
Summary(pl): Klon gry AtomicBomberMan
Name: bomberclone
Version: 0.11.6
-Release: 1
+Release: 2
License: GPL v2
Group: X11/Applications/Games
Source0: http://dl.sourceforge.net/bomberclone/%{name}-%{version}.tar.bz2
Source1: http://dl.sourceforge.net/bomberclone/%{_mserv}.tgz
# Source1-md5: 40bbe14055010e7fcf11c6bfd4e4c006
Source2: %{name}.desktop
-Patch0: %{name}mserv-include.patch
+Patch0: %{name}-fix-kaboom.patch
+Patch1: %{name}mserv-include.patch
URL: http://www.bomberclone.de/
BuildRequires: SDL_image-devel >= 1.2
BuildRequires: SDL_mixer-devel >= 1.2
%prep
%setup -q -a1
-cd %{_mserv}
%patch0 -p1
+cd %{_mserv}
+%patch1 -p1
%build
cp -f /usr/share/automake/config.sub .