1 |
commit: c2d8827505a9f03a77a066cb21976932cf7eada7 |
2 |
Author: Sebastian Pipping <sping <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jun 2 11:32:16 2021 +0000 |
4 |
Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jun 2 11:34:59 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2d88275 |
7 |
|
8 |
games-board/gnuchess: CVE-2021-30184 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/780855 |
11 |
Signed-off-by: Sebastian Pipping <sping <AT> gentoo.org> |
12 |
Package-Manager: Portage-3.0.19, Repoman-3.0.3 |
13 |
|
14 |
.../files/gnuchess-6.2.8-cve-2021-30184.patch | 72 ++++++++++++++++++++++ |
15 |
games-board/gnuchess/gnuchess-6.2.8-r1.ebuild | 21 +++++++ |
16 |
2 files changed, 93 insertions(+) |
17 |
|
18 |
diff --git a/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..dfa89a0e17c |
21 |
--- /dev/null |
22 |
+++ b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch |
23 |
@@ -0,0 +1,72 @@ |
24 |
+From 7059e40c7a487b17886e1d345b52fc0cfca8df72 Mon Sep 17 00:00:00 2001 |
25 |
+From: Sebastian Pipping <sebastian@×××××××.org> |
26 |
+Date: Wed, 2 Jun 2021 13:15:29 +0200 |
27 |
+Subject: [PATCH] frontend/cmd.cc: Fix buffer overflow CVE-2021-30184 |
28 |
+ |
29 |
+Based on prior work by Michael Vaughan, |
30 |
+with "break;" replaced by "return;" and |
31 |
+magic number 9 resolved by strlen("setboard "). |
32 |
+ |
33 |
+Mimics close-to-identical existing code from |
34 |
+elsewhere in the the same file. |
35 |
+--- |
36 |
+ src/frontend/cmd.cc | 30 ++++++++++++++++++++++-------- |
37 |
+ 1 file changed, 22 insertions(+), 8 deletions(-) |
38 |
+ |
39 |
+diff --git a/src/frontend/cmd.cc b/src/frontend/cmd.cc |
40 |
+index a321fc2..394d03f 100644 |
41 |
+--- a/src/frontend/cmd.cc |
42 |
++++ b/src/frontend/cmd.cc |
43 |
+@@ -477,13 +477,20 @@ void cmd_pgnload(void) |
44 |
+ return; |
45 |
+ } |
46 |
+ |
47 |
+- strcpy( data, "setboard " ); |
48 |
++ const char setboardCmd[] = "setboard "; |
49 |
++ unsigned int setboardLen = strlen(setboardCmd); |
50 |
++ strcpy( data, setboardCmd ); |
51 |
+ int i=0; |
52 |
+ while ( epdline[i] != '\n' ) { |
53 |
+- data[i+9] = epdline[i]; |
54 |
+- ++i; |
55 |
++ if (i + setboardLen < MAXSTR - 1) { |
56 |
++ data[i+setboardLen] = epdline[i]; |
57 |
++ ++i; |
58 |
++ } else { |
59 |
++ printf( _("Error reading contents of file '%s'.\n"), token[1] ); |
60 |
++ return; |
61 |
++ } |
62 |
+ } |
63 |
+- data[i+9] = '\0'; |
64 |
++ data[i+setboardLen] = '\0'; |
65 |
+ SetDataToEngine( data ); |
66 |
+ SetAutoGo( true ); |
67 |
+ pgnloaded = 0; |
68 |
+@@ -501,13 +508,20 @@ void cmd_pgnreplay(void) |
69 |
+ return; |
70 |
+ } |
71 |
+ |
72 |
+- strcpy( data, "setboard " ); |
73 |
++ const char setboardCmd[] = "setboard "; |
74 |
++ unsigned int setboardLen = strlen(setboardCmd); |
75 |
++ strcpy( data, setboardCmd ); |
76 |
+ int i=0; |
77 |
+ while ( epdline[i] != '\n' ) { |
78 |
+- data[i+9] = epdline[i]; |
79 |
+- ++i; |
80 |
++ if (i + setboardLen < MAXSTR - 1) { |
81 |
++ data[i+setboardLen] = epdline[i]; |
82 |
++ ++i; |
83 |
++ } else { |
84 |
++ printf( _("Error reading contents of file '%s'.\n"), token[1] ); |
85 |
++ return; |
86 |
++ } |
87 |
+ } |
88 |
+- data[i+9] = '\0'; |
89 |
++ data[i+setboardLen] = '\0'; |
90 |
+ |
91 |
+ SetDataToEngine( data ); |
92 |
+ SetAutoGo( true ); |
93 |
+-- |
94 |
+2.31.1 |
95 |
+ |
96 |
|
97 |
diff --git a/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild |
98 |
new file mode 100644 |
99 |
index 00000000000..af4c32879a8 |
100 |
--- /dev/null |
101 |
+++ b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild |
102 |
@@ -0,0 +1,21 @@ |
103 |
+# Copyright 1999-2021 Gentoo Authors |
104 |
+# Distributed under the terms of the GNU General Public License v2 |
105 |
+ |
106 |
+EAPI=7 |
107 |
+ |
108 |
+DESCRIPTION="Console based chess interface" |
109 |
+HOMEPAGE="https://www.gnu.org/software/chess/chess.html" |
110 |
+SRC_URI="mirror://gnu/chess/${P}.tar.gz" |
111 |
+ |
112 |
+LICENSE="GPL-3" |
113 |
+SLOT="0" |
114 |
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" |
115 |
+ |
116 |
+PATCHES=( |
117 |
+ "${FILESDIR}"/${P}-cve-2021-30184.patch # bug 780855 |
118 |
+) |
119 |
+ |
120 |
+src_configure() { |
121 |
+ # bug #491088 |
122 |
+ econf --without-readline |
123 |
+} |