From 088e1ff981ac90861011546b6329b76b06643622 Mon Sep 17 00:00:00 2001
From: psz <psz@pld-linux.org>
Date: Fri, 17 Feb 2006 21:40:44 +0000
Subject: [PATCH] - security fix: GLSA 200602-09 - STBR

Changed files:
    bomberclone-fix-kaboom.patch -> 1.1
    bomberclone.spec -> 1.10
---
 bomberclone-fix-kaboom.patch | 39 ++++++++++++++++++++++++++++++++++++
 bomberclone.spec             |  8 +++++---
 2 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 bomberclone-fix-kaboom.patch

diff --git a/bomberclone-fix-kaboom.patch b/bomberclone-fix-kaboom.patch
new file mode 100644
index 0000000..db7c897
--- /dev/null
+++ b/bomberclone-fix-kaboom.patch
@@ -0,0 +1,39 @@
+# Fix remote buffer overflow vulnerability if an excessive remote error is sent
+# and processed due to the text buffer overflowing.
+
+# Discovery: Stefan Cornelius <dercorny@gentoo.org> of Gentoo Security
+# Patch: Tim Yamin <plasmaroo@gentoo.org> of Gentoo Auditing
+
+diff -ur bomberclone-0.11.6.2/src/menu.c bomberclone-0.11.6.2.plasmaroo/src/menu.c
+--- bomberclone-0.11.6.2/src/menu.c	2005-03-27 02:31:50.000000000 +0100
++++ bomberclone-0.11.6.2.plasmaroo/src/menu.c	2006-02-04 23:51:04.000000000 +0000
+@@ -629,7 +629,7 @@
+     memset (text, 0, sizeof (text));
+     memset (out, 0, sizeof (out));
+     va_start (args, fmt);
+-    vsprintf (text, fmt, args);
++    vsnprintf (text, 512, fmt, args);
+     va_end (args);
+ 
+     menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
+@@ -722,7 +724,7 @@
+     memset (text, 0, sizeof (text));
+     memset (out, 0, sizeof (out));
+     va_start (args, fmt);
+-    vsprintf (text, fmt, args);
++    vsnprintf (text, 512, fmt, args);
+     va_end (args);
+ 
+     menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
+diff -ur bomberclone-0.11.6.2/src/menulabels.c bomberclone-0.11.6.2.plasmaroo/src/menulabels.c
+--- bomberclone-0.11.6.2/src/menulabels.c	2004-09-12 17:49:48.000000000 +0100
++++ bomberclone-0.11.6.2.plasmaroo/src/menulabels.c	2006-02-04 23:47:24.000000000 +0000
+@@ -72,7 +72,7 @@
+ 	memset (text, 0, sizeof (text));
+ 	memset (out, 0, sizeof (out));
+ 	va_start (args, fmt);
+-	vsprintf (text, fmt, args);
++	vsnprintf (text, 1024, fmt, args);
+ 	va_end (args);
+ 
+ 	menu_formattext (text, out, lineptr, &linecnt, &maxchar, maxlen, maxlines);
diff --git a/bomberclone.spec b/bomberclone.spec
index baf4dd7..b861c15 100644
--- a/bomberclone.spec
+++ b/bomberclone.spec
@@ -4,7 +4,7 @@ Summary:	Clone of the game AtomicBomberMan
 Summary(pl):	Klon gry AtomicBomberMan
 Name:		bomberclone
 Version:	0.11.6
-Release:	1
+Release:	2
 License:	GPL v2
 Group:		X11/Applications/Games
 Source0:	http://dl.sourceforge.net/bomberclone/%{name}-%{version}.tar.bz2
@@ -12,7 +12,8 @@ Source0:	http://dl.sourceforge.net/bomberclone/%{name}-%{version}.tar.bz2
 Source1:	http://dl.sourceforge.net/bomberclone/%{_mserv}.tgz
 # Source1-md5:	40bbe14055010e7fcf11c6bfd4e4c006
 Source2:	%{name}.desktop
-Patch0:		%{name}mserv-include.patch
+Patch0:		%{name}-fix-kaboom.patch
+Patch1:		%{name}mserv-include.patch
 URL:		http://www.bomberclone.de/
 BuildRequires:	SDL_image-devel >= 1.2
 BuildRequires:	SDL_mixer-devel >= 1.2
@@ -45,8 +46,9 @@ do tocz
 
 %prep
 %setup -q -a1
-cd %{_mserv}
 %patch0 -p1
+cd %{_mserv}
+%patch1 -p1
 
 %build
 cp -f /usr/share/automake/config.sub .
-- 
2.43.0