Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gnuchess for openSUSE:Factory checked in at 2021-04-10 15:27:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnuchess (Old) and /work/SRC/openSUSE:Factory/.gnuchess.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnuchess" Sat Apr 10 15:27:40 2021 rev:25 rq:883906 version:6.2.7 Changes: -------- --- /work/SRC/openSUSE:Factory/gnuchess/gnuchess.changes 2020-06-11 14:37:47.924106415 +0200 +++ /work/SRC/openSUSE:Factory/.gnuchess.new.2401/gnuchess.changes 2021-04-10 15:28:43.546473631 +0200 @@ -1,0 +2,6 @@ +Thu Apr 8 20:46:21 UTC 2021 - Matej Cepl <[email protected]> + +- Add txtJ07eHdR0m6.patch to fix CVE-2021-30184 (reported upstream on + https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html ) + +------------------------------------------------------------------- New: ---- txtJ07eHdR0m6.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnuchess.spec ++++++ --- /var/tmp/diff_new_pack.SeKckk/_old 2021-04-10 15:28:44.202474402 +0200 +++ /var/tmp/diff_new_pack.SeKckk/_new 2021-04-10 15:28:44.206474407 +0200 @@ -1,7 +1,7 @@ # # spec file for package gnuchess # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,12 +32,17 @@ Source5: xgnuchess Source6: http://ftp.gnu.org/gnu/chess/%{name}-%{version}.tar.gz.sig Source7: http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=chess&download=1#/gnuchess.keyring +# PATCH-FIX-UPSTREAM txtJ07eHdR0m6.patch CVE-2021-30184 [email protected] +# https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html +# Patch from https://src.fedoraproject.org/rpms/gnuchess/c/bb2dd55d0daf.patch +Patch0: txtJ07eHdR0m6.patch BuildRequires: expect BuildRequires: gcc-c++ BuildRequires: gettext-devel +BuildRequires: help2man BuildRequires: readline-devel Requires(post): info -Requires(preun): info +Requires(preun):info Suggests: xboard Provides: chess_backend Provides: gchess @@ -47,7 +52,7 @@ in the xboard package. %prep -%setup -q +%autosetup -p1 %build %configure ++++++ txtJ07eHdR0m6.patch ++++++ --- src/frontend/cmd.cc | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) --- a/src/frontend/cmd.cc +++ b/src/frontend/cmd.cc @@ -480,8 +480,13 @@ void cmd_pgnload(void) strcpy( data, "setboard " ); int i=0; while ( epdline[i] != '\n' ) { - data[i+9] = epdline[i]; - ++i; + if ((i + 9) < MAXSTR - 1) { + data[i+9] = epdline[i]; + ++i; + } else { + printf(_("Error reading contents of file '%s'.\n"), token[1]); + break; + } } data[i+9] = '\0'; SetDataToEngine( data ); @@ -504,8 +509,13 @@ void cmd_pgnreplay(void) strcpy( data, "setboard " ); int i=0; while ( epdline[i] != '\n' ) { - data[i+9] = epdline[i]; - ++i; + if ((i + 9) < MAXSTR - 1) { + data[i+9] = epdline[i]; + ++i; + } else { + printf(_("Error reading contents of file '%s'.\n"), token[1]); + break; + } } data[i+9] = '\0';
