pool/gnuchess
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 883905 from home:mcepl:branches:games

Browse Source 
- Add txtJ07eHdR0m6.patch to fix CVE-2021-30184 (reported upstream on 
  https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html )

OBS-URL: https://build.opensuse.org/request/show/883905
OBS-URL: https://build.opensuse.org/package/show/games/gnuchess?expand=0&rev=33
This commit is contained in:
Matej Cepl 2021-04-08 21:10:58 +00:00 committed by Git OBS Bridge
parent 74cfd5d422
commit 2aa167a4ee
3 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gnuchess.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Apr 8 20:46:21 UTC 2021 - Matej Cepl <mcepl@suse.com>
- Add txtJ07eHdR0m6.patch to fix CVE-2021-30184 (reported upstream on
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html )
------------------------------------------------------------------- -------------------------------------------------------------------
Sun May 31 14:58:50 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de> Sun May 31 14:58:50 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>

11
gnuchess.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package gnuchess # spec file for package gnuchess
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -32,12 +32,17 @@ Source3: genbook.sh
Source5: xgnuchess Source5: xgnuchess
Source6: http://ftp.gnu.org/gnu/chess/%{name}-%{version}.tar.gz.sig Source6: http://ftp.gnu.org/gnu/chess/%{name}-%{version}.tar.gz.sig
Source7: http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=chess&download=1#/gnuchess.keyring Source7: http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=chess&download=1#/gnuchess.keyring
# PATCH-FIX-UPSTREAM txtJ07eHdR0m6.patch CVE-2021-30184 mcepl@suse.com
# https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
# Patch from https://src.fedoraproject.org/rpms/gnuchess/c/bb2dd55d0daf.patch
Patch0: txtJ07eHdR0m6.patch
BuildRequires: expect BuildRequires: expect
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gettext-devel BuildRequires: gettext-devel
BuildRequires: help2man
BuildRequires: readline-devel BuildRequires: readline-devel
Requires(post): info Requires(post): info
Requires(preun): info Requires(preun):info
Suggests: xboard Suggests: xboard
Provides: chess_backend Provides: chess_backend
Provides: gchess Provides: gchess
@ -47,7 +52,7 @@ A worthy chess opponent that runs in text mode. Find an X11 interface
in the xboard package. in the xboard package.
%prep %prep
%setup -q %autosetup -p1
%build %build
%configure %configure

38
txtJ07eHdR0m6.patch Normal file
View File

@ -0,0 +1,38 @@
---
src/frontend/cmd.cc | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/src/frontend/cmd.cc
+++ b/src/frontend/cmd.cc
@@ -480,8 +480,13 @@ void cmd_pgnload(void)
strcpy( data, "setboard " );
int i=0;
while ( epdline[i] != '\n' ) {
- data[i+9] = epdline[i];
- ++i;
+ if ((i + 9) < MAXSTR - 1) {
+ data[i+9] = epdline[i];
+ ++i;
+ } else {
+ printf(_("Error reading contents of file '%s'.\n"), token[1]);
+ break;
+ }
}
data[i+9] = '\0';
SetDataToEngine( data );
@@ -504,8 +509,13 @@ void cmd_pgnreplay(void)
strcpy( data, "setboard " );
int i=0;
while ( epdline[i] != '\n' ) {
- data[i+9] = epdline[i];
- ++i;
+ if ((i + 9) < MAXSTR - 1) {
+ data[i+9] = epdline[i];
+ ++i;
+ } else {
+ printf(_("Error reading contents of file '%s'.\n"), token[1]);
+ break;
+ }
}
data[i+9] = '\0';