gentoo resync : 15.06.2021

3 files changed, 95 insertions, 0 deletions

diff --git a/games-board/gnuchess/Manifest b/games-board/gnuchess/Manifest
index b1595a80210d..2f3724443551 100644
--- a/games-board/gnuchess/Manifest
+++ b/games-board/gnuchess/Manifest
@@ -1,5 +1,7 @@
+AUX gnuchess-6.2.8-cve-2021-30184.patch 1949 BLAKE2B e40c05ab4e2d459685ffdd6ad0d22382489bc26154c234da058e78f9fd3cbe9babfebab22e8b1525abf5dc50283db0b1868c82587cb9f04da0f4d14b113561ce SHA512 e44f53f8e25e86f20399e57d79d1d6835eabd69c34d89ba165e78d357471e2b82da5a48b184c8820c8340ddc55e3bd4097fdee737d62cbb73ffbc3870f94dc40
 DIST gnuchess-6.2.7.tar.gz 802863 BLAKE2B 2fea825cdf0e629b3c2e9965d16f432edff81ceac8e7fbfd99b7be93f7281f813b10b91a62b3823acbf8967af538b04d2d87f93abde4a580e659e1fbdc5966e9 SHA512 1ed9e9344fbfc8e78504290a44e2710acab53f211c4349cafb7b64cc9a1fa923fbef4b4cbe3dd96438049b1da21415db3eb81fe663a94551c30105207086e343
 DIST gnuchess-6.2.8.tar.gz 804080 BLAKE2B 7079c07ae7cd2f225c428a7bf14d53eec394382508544994918b87db35d5cbdeb9cf42a11f5bc2f9c0c7b778384d6cdb9aad4490bc9cfd40a513fc2e36cbdd67 SHA512 9146ee727c1eb8002eb3b1e762d71876b512eff0799eafec7019d5312766fe2bd6655c622e66f86e92f80d2f3666e48158a1245b42c30bd3221a8b379689ecdd
 EBUILD gnuchess-6.2.7.ebuild 379 BLAKE2B 40744e6f5027920c0b3b9689f8eef8343fa152ff3af013772389aa7bcb04563364a00579b71e345da527ae3f6393a5520d543f7da7d870ab02b558a0afa7b3c0 SHA512 ad55b40e15bce4b2d77f29d64582b76412a99f82e1224e58efa805285889de13abf545196ed6c88342db943a1a5bef9d339bd2449c007d2be2562a341e46b1fb
+EBUILD gnuchess-6.2.8-r1.ebuild 450 BLAKE2B 519362e18f8a442f7ba7026f134a0830e09a0c1179b2129bd9ec4670a8a500ec5c4a78327466640f3a992e258633494695b66ba29c9416aaaff200f4bb1c3959 SHA512 f0e27e2caa92c0e6e3c81dc61630bc149885d9d9c919eb77a35bbb57e0bf0476202423c9c2326635ecf7c52688ec8103212b4710576307123274e39f6991e491
 EBUILD gnuchess-6.2.8.ebuild 385 BLAKE2B e1afa7629659877190c8a0b1e06abe8b79eb85a9f9c510128298258bf65ed92e9f37010cc06934a4716a5fff24e977defdaf1385012f7a38a570cf07f1fac1bd SHA512 97639646920219246b1e733ea9930af989054267a3ef15c81ff2237419701bc1845e7ac118b479c8c38a80261b434a3a0b40bab6037a68df18cdba3da115727f
 MISC metadata.xml 249 BLAKE2B 7113a758d7abc93accec998a8843d8ef51ca8b72d72e659e224d5cec2a1a6a63e6c0605958091532ac6e51fa0d501ca4fd9f3f4a9e55baeb31519a02971b465f SHA512 895577c3a805c40581da03057b94e3f28f05f23012bf350c1e3575847d1a0fe40bb044a46f909012a200d991a400f6389358a60e9c2b5bef0da01fb26f846118
diff --git a/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch
new file mode 100644
index 000000000000..dfa89a0e17c3
--- /dev/null
+++ b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch
@@ -0,0 +1,72 @@
+From 7059e40c7a487b17886e1d345b52fc0cfca8df72 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Wed, 2 Jun 2021 13:15:29 +0200
+Subject: [PATCH] frontend/cmd.cc: Fix buffer overflow CVE-2021-30184
+
+Based on prior work by Michael Vaughan,
+with "break;" replaced by "return;" and
+magic number 9 resolved by strlen("setboard ").
+
+Mimics close-to-identical existing code from
+elsewhere in the the same file.
+---
+ src/frontend/cmd.cc | 30 ++++++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 8 deletions(-)
+
+diff --git a/src/frontend/cmd.cc b/src/frontend/cmd.cc
+index a321fc2..394d03f 100644
+--- a/src/frontend/cmd.cc
++++ b/src/frontend/cmd.cc
+@@ -477,13 +477,20 @@ void cmd_pgnload(void)
+     return;
+   }
+ 
+-  strcpy( data, "setboard " );
++  const char setboardCmd[] = "setboard ";
++  unsigned int setboardLen = strlen(setboardCmd);
++  strcpy( data, setboardCmd );
+   int i=0;
+   while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
++    if (i + setboardLen < MAXSTR - 1) {
++      data[i+setboardLen] = epdline[i];
++      ++i;
++    } else {
++      printf( _("Error reading contents of file '%s'.\n"), token[1] );
++      return;
++    }
+   }
+-  data[i+9] = '\0';
++  data[i+setboardLen] = '\0';
+   SetDataToEngine( data );
+   SetAutoGo( true );
+   pgnloaded = 0;
+@@ -501,13 +508,20 @@ void cmd_pgnreplay(void)
+     return;
+   }
+ 
+-  strcpy( data, "setboard " );
++  const char setboardCmd[] = "setboard ";
++  unsigned int setboardLen = strlen(setboardCmd);
++  strcpy( data, setboardCmd );
+   int i=0;
+   while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
++    if (i + setboardLen < MAXSTR - 1) {
++      data[i+setboardLen] = epdline[i];
++      ++i;
++    } else {
++      printf( _("Error reading contents of file '%s'.\n"), token[1] );
++      return;
++    }
+   }
+-  data[i+9] = '\0';
++  data[i+setboardLen] = '\0';
+ 
+   SetDataToEngine( data );
+   SetAutoGo( true );
+-- 
+2.31.1
+
diff --git a/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild
new file mode 100644
index 000000000000..1c78b6b397c9
--- /dev/null
+++ b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild
@@ -0,0 +1,21 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="Console based chess interface"
+HOMEPAGE="https://www.gnu.org/software/chess/chess.html"
+SRC_URI="mirror://gnu/chess/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 ~arm ~arm64 ppc64 x86"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-cve-2021-30184.patch  # bug 780855
+)
+
+src_configure() {
+	# bug #491088
+	econf --without-readline
+}