- security patch (from bugtraq)

- rel 4
Bug:
Full of sprintf() calls and relying on BIG_BUFFER_SIZE being large enough.
There's multiple ways to exploit it by giving near-BIG_BUFFER_SIZE strings
in various places.

Changed files:
    BitchX.spec -> 1.63

diff --git a/BitchX.spec b/BitchX.spec
index 92399d26d5ffa7a5a7374495a6cfdd95f1d45c23..6dbfa93c370f30eb4e6030e7ae598c88eb064991 100644 (file)
--- a/BitchX.spec
+++ b/BitchX.spec
@@ -4,7 +4,7 @@ Summary(pl):    Ulepszony, kolorowy klient IRC z wbudowanymi skryptami
 Summary(pt_BR):        Cliente IRC para o console do Linux
 Name:          BitchX
 Version:       1.0c19
-Release:       3
+Release:       4
 License:       GPL
 Group:         Applications/Networking
 Source0:       ftp://ftp.bitchx.com/pub/BitchX/source/ircii-pana-%{version}.tar.gz
@@ -19,6 +19,7 @@ Patch3:               %{name}-doc.patch
 Patch4:                %{name}-emacs.patch
 Patch5:                %{name}-versioned-tcl.patch
 Patch6:                %{name}-353fix.patch
+Patch7:                %{name}-secuirty.patch
 Icon:          BitchX.xpm
 URL:           http://www.bitchx.com/
 BuildRequires: mysql-devel
@@ -70,6 +71,7 @@ powtarzaj
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 CFLAGS="%{rpmcflags} -I%{_includedir}/ncurses"