commit: c2d8827505a9f03a77a066cb21976932cf7eada7 Author: Sebastian Pipping <sping <AT> gentoo <DOT> org> AuthorDate: Wed Jun 2 11:32:16 2021 +0000 Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org> CommitDate: Wed Jun 2 11:34:59 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2d88275
games-board/gnuchess: CVE-2021-30184 Bug: https://bugs.gentoo.org/780855 Signed-off-by: Sebastian Pipping <sping <AT> gentoo.org> Package-Manager: Portage-3.0.19, Repoman-3.0.3 .../files/gnuchess-6.2.8-cve-2021-30184.patch | 72 ++++++++++++++++++++++ games-board/gnuchess/gnuchess-6.2.8-r1.ebuild | 21 +++++++ 2 files changed, 93 insertions(+) diff --git a/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch new file mode 100644 index 00000000000..dfa89a0e17c --- /dev/null +++ b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch @@ -0,0 +1,72 @@ +From 7059e40c7a487b17886e1d345b52fc0cfca8df72 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <[email protected]> +Date: Wed, 2 Jun 2021 13:15:29 +0200 +Subject: [PATCH] frontend/cmd.cc: Fix buffer overflow CVE-2021-30184 + +Based on prior work by Michael Vaughan, +with "break;" replaced by "return;" and +magic number 9 resolved by strlen("setboard "). + +Mimics close-to-identical existing code from +elsewhere in the the same file. +--- + src/frontend/cmd.cc | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/src/frontend/cmd.cc b/src/frontend/cmd.cc +index a321fc2..394d03f 100644 +--- a/src/frontend/cmd.cc ++++ b/src/frontend/cmd.cc +@@ -477,13 +477,20 @@ void cmd_pgnload(void) + return; + } + +- strcpy( data, "setboard " ); ++ const char setboardCmd[] = "setboard "; ++ unsigned int setboardLen = strlen(setboardCmd); ++ strcpy( data, setboardCmd ); + int i=0; + while ( epdline[i] != '\n' ) { +- data[i+9] = epdline[i]; +- ++i; ++ if (i + setboardLen < MAXSTR - 1) { ++ data[i+setboardLen] = epdline[i]; ++ ++i; ++ } else { ++ printf( _("Error reading contents of file '%s'.\n"), token[1] ); ++ return; ++ } + } +- data[i+9] = '\0'; ++ data[i+setboardLen] = '\0'; + SetDataToEngine( data ); + SetAutoGo( true ); + pgnloaded = 0; +@@ -501,13 +508,20 @@ void cmd_pgnreplay(void) + return; + } + +- strcpy( data, "setboard " ); ++ const char setboardCmd[] = "setboard "; ++ unsigned int setboardLen = strlen(setboardCmd); ++ strcpy( data, setboardCmd ); + int i=0; + while ( epdline[i] != '\n' ) { +- data[i+9] = epdline[i]; +- ++i; ++ if (i + setboardLen < MAXSTR - 1) { ++ data[i+setboardLen] = epdline[i]; ++ ++i; ++ } else { ++ printf( _("Error reading contents of file '%s'.\n"), token[1] ); ++ return; ++ } + } +- data[i+9] = '\0'; ++ data[i+setboardLen] = '\0'; + + SetDataToEngine( data ); + SetAutoGo( true ); +-- +2.31.1 + diff --git a/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild new file mode 100644 index 00000000000..af4c32879a8 --- /dev/null +++ b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild @@ -0,0 +1,21 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DESCRIPTION="Console based chess interface" +HOMEPAGE="https://www.gnu.org/software/chess/chess.html"; +SRC_URI="mirror://gnu/chess/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" + +PATCHES=( + "${FILESDIR}"/${P}-cve-2021-30184.patch # bug 780855 +) + +src_configure() { + # bug #491088 + econf --without-readline +}
