Accepting request 883905 from home:mcepl:branches:games

- Add txtJ07eHdR0m6.patch to fix CVE-2021-30184 (reported upstream on https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html ) OBS-URL: https://build.opensuse.org/request/show/883905 OBS-URL: https://build.opensuse.org/package/show/games/gnuchess?expand=0&rev=33
2021-04-08 21:10:58 +00:00 · 2021-04-08 21:10:58 +00:00 · 2aa167a4ee
commit 2aa167a4ee
parent 74cfd5d422
3 changed files with 52 additions and 3 deletions
--- a/gnuchess.changes
+++ b/gnuchess.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Apr  8 20:46:21 UTC 2021 - Matej Cepl <mcepl@suse.com>
+
+- Add txtJ07eHdR0m6.patch to fix CVE-2021-30184 (reported upstream on 
+  https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html )
+
 -------------------------------------------------------------------
 Sun May 31 14:58:50 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/gnuchess.spec
+++ b/gnuchess.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gnuchess
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -32,12 +32,17 @@ Source3:        genbook.sh
 Source5:        xgnuchess
 Source6:        http://ftp.gnu.org/gnu/chess/%{name}-%{version}.tar.gz.sig
 Source7:        http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=chess&download=1#/gnuchess.keyring
+# PATCH-FIX-UPSTREAM txtJ07eHdR0m6.patch CVE-2021-30184 mcepl@suse.com
+# https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
+# Patch from https://src.fedoraproject.org/rpms/gnuchess/c/bb2dd55d0daf.patch
+Patch0:         txtJ07eHdR0m6.patch
 BuildRequires:  expect
 BuildRequires:  gcc-c++
 BuildRequires:  gettext-devel
+BuildRequires:  help2man
 BuildRequires:  readline-devel
 Requires(post): info
-Requires(preun): info
+Requires(preun):info
 Suggests:       xboard
 Provides:       chess_backend
 Provides:       gchess
@ -47,7 +52,7 @@ A worthy chess opponent that runs in text mode. Find an X11 interface
 in the xboard package.

 %prep
-%setup -q
+%autosetup -p1

 %build
 %configure
--- a/txtJ07eHdR0m6.patch
+++ b/txtJ07eHdR0m6.patch
@ -0,0 +1,38 @@
+---
+ src/frontend/cmd.cc |   18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+--- a/src/frontend/cmd.cc
+++ b/src/frontend/cmd.cc
+@@ -480,8 +480,13 @@ void cmd_pgnload(void)
+   strcpy( data, "setboard " );
+   int i=0;
+   while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
+    if ((i + 9) < MAXSTR - 1) {
+        data[i+9] = epdline[i];
+        ++i;
+    } else {
+        printf(_("Error reading contents of file '%s'.\n"), token[1]);
+        break;
+    }
+   }
+   data[i+9] = '\0';
+   SetDataToEngine( data );
+@@ -504,8 +509,13 @@ void cmd_pgnreplay(void)
+   strcpy( data, "setboard " );
+   int i=0;
+   while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
+    if ((i + 9) < MAXSTR - 1) {
+        data[i+9] = epdline[i];
+        ++i;
+    } else {
+        printf(_("Error reading contents of file '%s'.\n"), token[1]);
+        break;
+    }
+   }
+   data[i+9] = '\0';
+