diff options
| author |   Marek Szuba <marecki@gentoo.org> | 2022-01-16 08:56:16 +0000 |
|---|---|---|
| committer | Marek Szuba <marecki@gentoo.org> | 2022-01-16 08:57:12 +0000 |
| commit | 69c2ae786d9151a8358198a73a8bcd0583ac9a1f (patch) | |
| tree | 3e7e18dab876177153deabaea37b645e21264b4c /sci-mathematics/spin | |
| parent | dev-python/installer: Keyword 0.4.0 hppa, #831270 (diff) | |
| download | gentoo-69c2ae786d9151a8358198a73a8bcd0583ac9a1f.tar.gz gentoo-69c2ae786d9151a8358198a73a8bcd0583ac9a1f.tar.bz2 gentoo-69c2ae786d9151a8358198a73a8bcd0583ac9a1f.zip | |
sci-mathematics/spin: backport upstream fix for CVE-2021-46168
Closes: https://bugs.gentoo.org/831220
Signed-off-by: Marek Szuba <marecki@gentoo.org>
Diffstat (limited to 'sci-mathematics/spin')
| -rw-r--r-- | sci-mathematics/spin/files/spin-6.5.2-nesting_limit.patch | 55 | ||||
| -rw-r--r-- | sci-mathematics/spin/spin-6.5.2-r1.ebuild (renamed from sci-mathematics/spin/spin-6.5.2.ebuild) | 3 |
2 files changed, 57 insertions, 1 deletions
diff --git a/sci-mathematics/spin/files/spin-6.5.2-nesting_limit.patch b/sci-mathematics/spin/files/spin-6.5.2-nesting_limit.patch new file mode 100644 index 000000000000..c73152e8485c --- /dev/null +++ b/sci-mathematics/spin/files/spin-6.5.2-nesting_limit.patch @@ -0,0 +1,55 @@ +Backported upstream changes to address CVE-2021-46168. + +From 62cf91c944ea457c218528e9021443a0cbe05758 Mon Sep 17 00:00:00 2001 +From: nimble-code <gerard.holzmann@gmail.com> +Date: Sun, 2 Jan 2022 11:26:40 -0800 +Subject: [PATCH] fix + +--- a/sched.c ++++ b/sched.c +@@ -18,7 +18,7 @@ extern int lineno, nr_errs, dumptab, xspin, jumpsteps, columns; + extern int u_sync, Elcnt, interactive, TstOnly, cutoff; + extern short has_enabled, has_priority, has_code, replay; + extern int limited_vis, product, nclaims, old_priority_rules; +-extern int old_scope_rules, scope_seq[128], scope_level, has_stdin; ++extern int old_scope_rules, scope_seq[256], scope_level, has_stdin; + + extern int pc_highest(Lextok *n); + extern void putpostlude(void); +--- a/spinlex.c ++++ b/spinlex.c +@@ -51,7 +51,7 @@ extern int implied_semis, ltl_mode, in_seq, par_cnt; + + short has_stack = 0; + int lineno = 1; +-int scope_seq[128], scope_level = 0; ++int scope_seq[256], scope_level = 0; + char CurScope[MAXSCOPESZ]; + char yytext[2048]; + FILE *yyin, *yyout; +From 9ecb1af6d174532f3a77acae3a1d424fe7345a3e Mon Sep 17 00:00:00 2001 +From: nimble-code <gerard.holzmann@gmail.com> +Date: Sat, 15 Jan 2022 10:39:38 -0800 +Subject: [PATCH] nesting limit + +--- a/spinlex.c ++++ b/spinlex.c +@@ -1704,8 +1704,16 @@ lex(void) + case '|': c = follow('|', OR, '|'); break; + case ';': c = SEMI; break; + case '.': c = follow('.', DOTDOT, '.'); break; +- case '{': scope_seq[scope_level++]++; set_cur_scope(); break; +- case '}': scope_level--; set_cur_scope(); break; ++ case '{': ++ assert(scope_level < sizeof(scope_seq)-1); ++ scope_seq[scope_level++]++; ++ set_cur_scope(); ++ break; ++ case '}': ++ assert(scope_level > 0); ++ scope_level--; ++ set_cur_scope(); ++ break; + default : break; + } + ValToken(0, c) diff --git a/sci-mathematics/spin/spin-6.5.2.ebuild b/sci-mathematics/spin/spin-6.5.2-r1.ebuild index 5e4110e9abeb..0e1f17681a7c 100644 --- a/sci-mathematics/spin/spin-6.5.2.ebuild +++ b/sci-mathematics/spin/spin-6.5.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -27,6 +27,7 @@ BDEPEND="virtual/yacc" PATCHES=( "${FILESDIR}"/${PN}-6.5.2-makefile.patch + "${FILESDIR}"/${PN}-6.5.2-nesting_limit.patch ) S="${WORKDIR}"/${MY_P}/Src |