diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2021-06-15 14:57:03 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2021-06-15 14:57:03 +0100 |
commit | d18bf1e01b65ee4bf0c804e2843b282d3d4e5d7c (patch) | |
tree | 4a95cbc6ffdf13bad6ecbc7f8d5af99631984123 /games-board/gnuchess | |
parent | e748ba9741f6540f4675c23e3e37b73e822c13a4 (diff) |
gentoo resync : 15.06.2021
Diffstat (limited to 'games-board/gnuchess')
-rw-r--r-- | games-board/gnuchess/Manifest | 2 | ||||
-rw-r--r-- | games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch | 72 | ||||
-rw-r--r-- | games-board/gnuchess/gnuchess-6.2.8-r1.ebuild | 21 |
3 files changed, 95 insertions, 0 deletions
diff --git a/games-board/gnuchess/Manifest b/games-board/gnuchess/Manifest index b1595a80210d..2f3724443551 100644 --- a/games-board/gnuchess/Manifest +++ b/games-board/gnuchess/Manifest @@ -1,5 +1,7 @@ +AUX gnuchess-6.2.8-cve-2021-30184.patch 1949 BLAKE2B e40c05ab4e2d459685ffdd6ad0d22382489bc26154c234da058e78f9fd3cbe9babfebab22e8b1525abf5dc50283db0b1868c82587cb9f04da0f4d14b113561ce SHA512 e44f53f8e25e86f20399e57d79d1d6835eabd69c34d89ba165e78d357471e2b82da5a48b184c8820c8340ddc55e3bd4097fdee737d62cbb73ffbc3870f94dc40 DIST gnuchess-6.2.7.tar.gz 802863 BLAKE2B 2fea825cdf0e629b3c2e9965d16f432edff81ceac8e7fbfd99b7be93f7281f813b10b91a62b3823acbf8967af538b04d2d87f93abde4a580e659e1fbdc5966e9 SHA512 1ed9e9344fbfc8e78504290a44e2710acab53f211c4349cafb7b64cc9a1fa923fbef4b4cbe3dd96438049b1da21415db3eb81fe663a94551c30105207086e343 DIST gnuchess-6.2.8.tar.gz 804080 BLAKE2B 7079c07ae7cd2f225c428a7bf14d53eec394382508544994918b87db35d5cbdeb9cf42a11f5bc2f9c0c7b778384d6cdb9aad4490bc9cfd40a513fc2e36cbdd67 SHA512 9146ee727c1eb8002eb3b1e762d71876b512eff0799eafec7019d5312766fe2bd6655c622e66f86e92f80d2f3666e48158a1245b42c30bd3221a8b379689ecdd EBUILD gnuchess-6.2.7.ebuild 379 BLAKE2B 40744e6f5027920c0b3b9689f8eef8343fa152ff3af013772389aa7bcb04563364a00579b71e345da527ae3f6393a5520d543f7da7d870ab02b558a0afa7b3c0 SHA512 ad55b40e15bce4b2d77f29d64582b76412a99f82e1224e58efa805285889de13abf545196ed6c88342db943a1a5bef9d339bd2449c007d2be2562a341e46b1fb +EBUILD gnuchess-6.2.8-r1.ebuild 450 BLAKE2B 519362e18f8a442f7ba7026f134a0830e09a0c1179b2129bd9ec4670a8a500ec5c4a78327466640f3a992e258633494695b66ba29c9416aaaff200f4bb1c3959 SHA512 f0e27e2caa92c0e6e3c81dc61630bc149885d9d9c919eb77a35bbb57e0bf0476202423c9c2326635ecf7c52688ec8103212b4710576307123274e39f6991e491 EBUILD gnuchess-6.2.8.ebuild 385 BLAKE2B e1afa7629659877190c8a0b1e06abe8b79eb85a9f9c510128298258bf65ed92e9f37010cc06934a4716a5fff24e977defdaf1385012f7a38a570cf07f1fac1bd SHA512 97639646920219246b1e733ea9930af989054267a3ef15c81ff2237419701bc1845e7ac118b479c8c38a80261b434a3a0b40bab6037a68df18cdba3da115727f MISC metadata.xml 249 BLAKE2B 7113a758d7abc93accec998a8843d8ef51ca8b72d72e659e224d5cec2a1a6a63e6c0605958091532ac6e51fa0d501ca4fd9f3f4a9e55baeb31519a02971b465f SHA512 895577c3a805c40581da03057b94e3f28f05f23012bf350c1e3575847d1a0fe40bb044a46f909012a200d991a400f6389358a60e9c2b5bef0da01fb26f846118 diff --git a/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch new file mode 100644 index 000000000000..dfa89a0e17c3 --- /dev/null +++ b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch @@ -0,0 +1,72 @@ +From 7059e40c7a487b17886e1d345b52fc0cfca8df72 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Wed, 2 Jun 2021 13:15:29 +0200 +Subject: [PATCH] frontend/cmd.cc: Fix buffer overflow CVE-2021-30184 + +Based on prior work by Michael Vaughan, +with "break;" replaced by "return;" and +magic number 9 resolved by strlen("setboard "). + +Mimics close-to-identical existing code from +elsewhere in the the same file. +--- + src/frontend/cmd.cc | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/src/frontend/cmd.cc b/src/frontend/cmd.cc +index a321fc2..394d03f 100644 +--- a/src/frontend/cmd.cc ++++ b/src/frontend/cmd.cc +@@ -477,13 +477,20 @@ void cmd_pgnload(void) + return; + } + +- strcpy( data, "setboard " ); ++ const char setboardCmd[] = "setboard "; ++ unsigned int setboardLen = strlen(setboardCmd); ++ strcpy( data, setboardCmd ); + int i=0; + while ( epdline[i] != '\n' ) { +- data[i+9] = epdline[i]; +- ++i; ++ if (i + setboardLen < MAXSTR - 1) { ++ data[i+setboardLen] = epdline[i]; ++ ++i; ++ } else { ++ printf( _("Error reading contents of file '%s'.\n"), token[1] ); ++ return; ++ } + } +- data[i+9] = '\0'; ++ data[i+setboardLen] = '\0'; + SetDataToEngine( data ); + SetAutoGo( true ); + pgnloaded = 0; +@@ -501,13 +508,20 @@ void cmd_pgnreplay(void) + return; + } + +- strcpy( data, "setboard " ); ++ const char setboardCmd[] = "setboard "; ++ unsigned int setboardLen = strlen(setboardCmd); ++ strcpy( data, setboardCmd ); + int i=0; + while ( epdline[i] != '\n' ) { +- data[i+9] = epdline[i]; +- ++i; ++ if (i + setboardLen < MAXSTR - 1) { ++ data[i+setboardLen] = epdline[i]; ++ ++i; ++ } else { ++ printf( _("Error reading contents of file '%s'.\n"), token[1] ); ++ return; ++ } + } +- data[i+9] = '\0'; ++ data[i+setboardLen] = '\0'; + + SetDataToEngine( data ); + SetAutoGo( true ); +-- +2.31.1 + diff --git a/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild new file mode 100644 index 000000000000..1c78b6b397c9 --- /dev/null +++ b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild @@ -0,0 +1,21 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DESCRIPTION="Console based chess interface" +HOMEPAGE="https://www.gnu.org/software/chess/chess.html" +SRC_URI="mirror://gnu/chess/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ~arm ~arm64 ppc64 x86" + +PATCHES=( + "${FILESDIR}"/${P}-cve-2021-30184.patch # bug 780855 +) + +src_configure() { + # bug #491088 + econf --without-readline +} |