commit: 866ce00a7cae59ca2c77650addabc3128127ecb8 Author: Pacho Ramos <pacho <AT> gentoo <DOT> org> AuthorDate: Sun Dec 4 14:47:55 2022 +0000 Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org> CommitDate: Sun Dec 4 14:49:22 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=866ce00a
games-arcade/supertux: Fix CVE-2022-30292 For 0.6.3 we need to patch the bundled squirrel copy, in next upstream versions it should be possible to finally build it against system copy. Bug: https://bugs.gentoo.org/843008 Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org> .../supertux-0.6.3-squirrel-CVE-2022-30292.patch | 21 ++++++++ games-arcade/supertux/supertux-0.6.3-r1.ebuild | 63 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) diff --git a/games-arcade/supertux/files/supertux-0.6.3-squirrel-CVE-2022-30292.patch b/games-arcade/supertux/files/supertux-0.6.3-squirrel-CVE-2022-30292.patch new file mode 100644 index 000000000000..0a605616d606 --- /dev/null +++ b/games-arcade/supertux/files/supertux-0.6.3-squirrel-CVE-2022-30292.patch @@ -0,0 +1,21 @@ +From a6413aa690e0bdfef648c68693349a7b878fe60d Mon Sep 17 00:00:00 2001 +From: Alberto Demichelis <albertodemiche...@hotmail.com> +Date: Mon, 2 May 2022 12:04:58 +0200 +Subject: [PATCH] fix in thread.call + +--- + squirrel/sqbaselib.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/external/squirrel/squirrel/sqbaselib.cpp b/external/squirrel/squirrel/sqbaselib.cpp +index 8eff97c..5055f18 100644 +--- a/external/squirrel/squirrel/sqbaselib.cpp ++++ b/external/squirrel/squirrel/sqbaselib.cpp +@@ -1149,6 +1149,7 @@ static SQInteger thread_call(HSQUIRRELVM v) + SQObjectPtr o = stack_get(v,1); + if(sq_type(o) == OT_THREAD) { + SQInteger nparams = sq_gettop(v); ++ sq_reservestack(_thread(o), nparams + 3); + _thread(o)->Push(_thread(o)->_roottable); + for(SQInteger i = 2; i<(nparams+1); i++) + sq_move(_thread(o),v,i); diff --git a/games-arcade/supertux/supertux-0.6.3-r1.ebuild b/games-arcade/supertux/supertux-0.6.3-r1.ebuild new file mode 100644 index 000000000000..e670bfd6f25a --- /dev/null +++ b/games-arcade/supertux/supertux-0.6.3-r1.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +#: ${CMAKE_MAKEFILE_GENERATOR:=emake} +inherit cmake + +MY_PV="${PV/_rc/-rc.}" +MY_P="SuperTux-v${MY_PV}-Source" + +DESCRIPTION="A game similar to Super Mario Bros" +HOMEPAGE="https://www.supertux.org" +SRC_URI="https://github.com/SuperTux/${PN}/releases/download/v${MY_PV}/${MY_P}.tar.gz" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-2+ GPL-3+ ZLIB MIT CC-BY-SA-2.0 CC-BY-SA-3.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86" +IUSE="debug" + +# =media-libs/libsdl2-2.0.14-r0 can cause supertux binary to move entire +# content of ${HOME} to ${HOME}/.local/share/supertux2/ +# DO NOT REMOVE THIS BLOCKER!!! See bug #764959 +RDEPEND=" + !=media-libs/libsdl2-2.0.14-r0 + >=dev-games/physfs-3.0 + dev-libs/boost:=[nls] + media-libs/freetype + media-libs/glew:= + media-libs/libpng:0= + >=media-libs/libsdl2-2.0.1[joystick,video] + media-libs/libvorbis + media-libs/openal + >=media-libs/sdl2-image-2.0.0[png,jpeg] + >=net-misc/curl-7.21.7 + virtual/opengl +" +DEPEND="${RDEPEND} + media-libs/glm" +BDEPEND=" + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-0.5.0-tinygettext.patch + "${FILESDIR}"/${PN}-0.6.0-{license,icon,obstack}.patch + "${FILESDIR}"/${PN}-0.6.3-missing-include.patch + "${FILESDIR}"/${PN}-0.6.3-squirrel-CVE-2022-30292.patch +) + +src_configure() { + local mycmakeargs=( + -DWERROR=OFF + -DINSTALL_SUBDIR_BIN=bin + -DINSTALL_SUBDIR_DOC=share/doc/${PF} + -DINSTALL_SUBDIR_SHARE=share/${PN}2 + -DENABLE_SQDBG="$(usex debug)" + -DUSE_SYSTEM_PHYSFS=ON + -DIS_SUPERTUX_RELEASE=ON + ) + cmake_src_configure +}