commit: 69c2ae786d9151a8358198a73a8bcd0583ac9a1f Author: Marek Szuba <marecki <AT> gentoo <DOT> org> AuthorDate: Sun Jan 16 08:56:16 2022 +0000 Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> CommitDate: Sun Jan 16 08:57:12 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69c2ae78
sci-mathematics/spin: backport upstream fix for CVE-2021-46168 Closes: https://bugs.gentoo.org/831220 Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> .../spin/files/spin-6.5.2-nesting_limit.patch | 55 ++++++++++++++++++++++ .../{spin-6.5.2.ebuild => spin-6.5.2-r1.ebuild} | 3 +- 2 files changed, 57 insertions(+), 1 deletion(-) diff --git a/sci-mathematics/spin/files/spin-6.5.2-nesting_limit.patch b/sci-mathematics/spin/files/spin-6.5.2-nesting_limit.patch new file mode 100644 index 000000000000..c73152e8485c --- /dev/null +++ b/sci-mathematics/spin/files/spin-6.5.2-nesting_limit.patch @@ -0,0 +1,55 @@ +Backported upstream changes to address CVE-2021-46168. + +From 62cf91c944ea457c218528e9021443a0cbe05758 Mon Sep 17 00:00:00 2001 +From: nimble-code <[email protected]> +Date: Sun, 2 Jan 2022 11:26:40 -0800 +Subject: [PATCH] fix + +--- a/sched.c ++++ b/sched.c +@@ -18,7 +18,7 @@ extern int lineno, nr_errs, dumptab, xspin, jumpsteps, columns; + extern int u_sync, Elcnt, interactive, TstOnly, cutoff; + extern short has_enabled, has_priority, has_code, replay; + extern int limited_vis, product, nclaims, old_priority_rules; +-extern int old_scope_rules, scope_seq[128], scope_level, has_stdin; ++extern int old_scope_rules, scope_seq[256], scope_level, has_stdin; + + extern int pc_highest(Lextok *n); + extern void putpostlude(void); +--- a/spinlex.c ++++ b/spinlex.c +@@ -51,7 +51,7 @@ extern int implied_semis, ltl_mode, in_seq, par_cnt; + + short has_stack = 0; + int lineno = 1; +-int scope_seq[128], scope_level = 0; ++int scope_seq[256], scope_level = 0; + char CurScope[MAXSCOPESZ]; + char yytext[2048]; + FILE *yyin, *yyout; +From 9ecb1af6d174532f3a77acae3a1d424fe7345a3e Mon Sep 17 00:00:00 2001 +From: nimble-code <[email protected]> +Date: Sat, 15 Jan 2022 10:39:38 -0800 +Subject: [PATCH] nesting limit + +--- a/spinlex.c ++++ b/spinlex.c +@@ -1704,8 +1704,16 @@ lex(void) + case '|': c = follow('|', OR, '|'); break; + case ';': c = SEMI; break; + case '.': c = follow('.', DOTDOT, '.'); break; +- case '{': scope_seq[scope_level++]++; set_cur_scope(); break; +- case '}': scope_level--; set_cur_scope(); break; ++ case '{': ++ assert(scope_level < sizeof(scope_seq)-1); ++ scope_seq[scope_level++]++; ++ set_cur_scope(); ++ break; ++ case '}': ++ assert(scope_level > 0); ++ scope_level--; ++ set_cur_scope(); ++ break; + default : break; + } + ValToken(0, c) diff --git a/sci-mathematics/spin/spin-6.5.2.ebuild b/sci-mathematics/spin/spin-6.5.2-r1.ebuild similarity index 92% rename from sci-mathematics/spin/spin-6.5.2.ebuild rename to sci-mathematics/spin/spin-6.5.2-r1.ebuild index 5e4110e9abeb..0e1f17681a7c 100644 --- a/sci-mathematics/spin/spin-6.5.2.ebuild +++ b/sci-mathematics/spin/spin-6.5.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -27,6 +27,7 @@ BDEPEND="virtual/yacc" PATCHES=( "${FILESDIR}"/${PN}-6.5.2-makefile.patch + "${FILESDIR}"/${PN}-6.5.2-nesting_limit.patch ) S="${WORKDIR}"/${MY_P}/Src
