Moritz Muehlenhoff
2025-01-01 16:20:01 UTC
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ***@packages.debian.org
Control: affects -1 + src:gnuchess
User: ***@packages.debian.org
Usertags: pu
Fix for low severity issue which doesn't warrant a DSA,
debdiff below.
Cheers,
Moritz
diff -Nru gnuchess-6.2.7/debian/changelog gnuchess-6.2.7/debian/changelog
--- gnuchess-6.2.7/debian/changelog 2020-10-24 09:16:35.000000000 +0200
+++ gnuchess-6.2.7/debian/changelog 2025-01-01 16:58:08.000000000 +0100
@@ -1,3 +1,10 @@
+gnuchess (6.2.7-1+deb12u1) bookworm; urgency=medium
+
+ * CVE-2021-30184 (Closes: #1070372)
+ * Add missing build dep on help2man
+
+ -- Moritz Mühlenhoff <***@debian.org> Wed, 01 Jan 2025 16:58:08 +0100
+
gnuchess (6.2.7-1) unstable; urgency=medium
* New upstream release (Closes: #936023)
diff -Nru gnuchess-6.2.7/debian/control gnuchess-6.2.7/debian/control
--- gnuchess-6.2.7/debian/control 2020-10-24 09:16:35.000000000 +0200
+++ gnuchess-6.2.7/debian/control 2025-01-01 16:58:08.000000000 +0100
@@ -2,7 +2,7 @@
Section: games
Priority: optional
Maintainer: Vincent Legout <***@debian.org>
-Build-Depends: debhelper-compat (= 12)
+Build-Depends: debhelper-compat (= 12), help2man
Standards-Version: 4.5.0
Homepage: https://www.gnu.org/software/chess/
Vcs-Git: https://salsa.debian.org/debian/gnuchess.git
diff -Nru gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch
--- gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch 2025-01-01 16:57:57.000000000 +0100
@@ -0,0 +1,195 @@
+From f6a65783ebb41bb87811e57754e65933550a44c0 Mon Sep 17 00:00:00 2001
+From: Antonio Ceballos <***@gmail.com>
+Date: Sun, 27 Jun 2021 01:39:06 +0200
+Subject: Fixed CVE-2021-30184: buffer overflow on pgnload and pgnreplay
+
+--- gnuchess-6.2.7.orig/src/frontend/cmd.cc
++++ gnuchess-6.2.7/src/frontend/cmd.cc
+@@ -59,6 +59,7 @@ char *endptr;
+ static int hardFlag=0;
+ static int postFlag=0;
+
++static const char setboard_cmd[] = "setboard ";
+
+ static void split_input(void)
+ {
+@@ -93,6 +94,20 @@ static int tokeneq(const char *s, const
+ }
+
+ /*
++ * Remove a trailing \n and return error if last character is not \n.
++ */
++char *trim_newline(char *line)
++{
++ char *result = NULL;
++ unsigned int last_char_index = strlen(line) - 1;
++ if (line[last_char_index] == '\n') {
++ line[last_char_index] = '\0';
++ result = line;
++ }
++ return result;
++}
++
++/*
+ * Reads a PGN file and returns the equivalent EPD content
+ *
+ * The conversion relies on a temporary file in EPD format,
+@@ -109,10 +124,53 @@ static char *load_pgn_as_epd( const char
+ char *s = fgets( epdline, MAXSTR, epdfile );
+ fclose( epdfile );
+ remove( tmp_epd );
++ if (s != NULL) {
++ s = trim_newline(epdline);
++ }
+
+ return s;
+ }
+
++/*
++ * Takes an EPD filename as input and returns the contents as a
++ * 'setboard <epd-position>' command.
++ */
++char *build_setboard_cmd_from_epd_file(char *data, const char *epd_filename)
++{
++ char *result = NULL;
++ char epdline[MAXSTR]="";
++
++ FILE *epdfile = fopen(epd_filename, "r");
++ if (epdfile != NULL) {
++ if (fgets(epdline, MAXSTR, epdfile) && trim_newline(epdline) && strlen(setboard_cmd) + strlen(epdline) < MAXSTR) {
++ strcpy(data, setboard_cmd);
++ strcat(data, epdline);
++ result = data;
++ }
++ fclose(epdfile);
++ }
++
++ return result;
++}
++
++/*
++ * Takes a PGN filename as input and returns the contents as a
++ * 'setboard <epd-position>' command.
++ */
++char *build_setboard_cmd_from_pgn_file(char *data, const char *pgn_filename)
++{
++ char *result = NULL;
++ char epdline[MAXSTR]="";
++
++ if (load_pgn_as_epd(pgn_filename, epdline, 0) && strlen(setboard_cmd) + strlen(epdline) < MAXSTR) {
++ strcpy(data, setboard_cmd);
++ strcat(data, epdline);
++ result = data;
++ }
++
++ return result;
++}
++
+ void cmd_accepted(void)
+ {
+ SetDataToEngine( token[0] );
+@@ -317,8 +375,9 @@ void cmd_list(void)
+
+ void cmd_load(void)
+ {
++ char *epd_filename = token[1];
+ char data[MAXSTR]="";
+- LoadEPD (token[1]);
++ LoadEPD (epd_filename);
+ pgnloaded = 0;
+ check_board();
+ if (!ValidateBoard()) {
+@@ -326,31 +385,11 @@ void cmd_load(void)
+ printf (_("Board is wrong!\n"));
+ } else {
+ /* Read EPD file and send contents to engine */
+- FILE *epdfile = fopen( token[1], "r" );
+- char epdline[MAXSTR]="";
+- if ( epdfile == NULL ) {
+- printf(_("Error reading file '%s'.\n"), token[1] );
++ if (build_setboard_cmd_from_epd_file(data, epd_filename)) {
++ SetDataToEngine( data );
++ SetAutoGo( true );
+ } else {
+- if ( fgets( epdline, MAXSTR, epdfile ) == NULL ) {
+- printf(_("Error reading file '%s'.\n"), token[1] );
+- } else {
+- const char setboardCmd[] = "setboard ";
+- unsigned int setboardLen = strlen(setboardCmd);
+- strcpy( data, setboardCmd );
+- int i=0;
+- while ( epdline[i] != '\n' ) {
+- if (i + setboardLen < MAXSTR - 1) {
+- data[i+setboardLen] = epdline[i];
+- ++i;
+- } else {
+- printf(_("Error reading contents of file '%s'.\n"), token[1] );
+- break;
+- }
+- }
+- data[i+setboardLen] = '\0';
+- SetDataToEngine( data );
+- SetAutoGo( true );
+- }
++ printf(_("Error reading EPD file '%s'.\n"), epd_filename );
+ }
+ }
+ }
+@@ -468,49 +507,22 @@ void cmd_otim(void)
+ */
+ void cmd_pgnload(void)
+ {
++ const char *pgn_filename = token[1];
+ char data[MAXSTR]="";
+- char epdline[MAXSTR]="";
+
+- char *s = load_pgn_as_epd( token[1], epdline, 0 );
+- if ( s == NULL ) {
+- printf( _("Incorrect epd file.\n") );
+- return;
+- }
+-
+- strcpy( data, "setboard " );
+- int i=0;
+- while ( epdline[i] != '\n' ) {
+- data[i+9] = epdline[i];
+- ++i;
+- }
+- data[i+9] = '\0';
+- SetDataToEngine( data );
+- SetAutoGo( true );
+ pgnloaded = 0;
++ if (build_setboard_cmd_from_pgn_file(data, pgn_filename)) {
++ SetDataToEngine( data );
++ SetAutoGo( true );
++ } else {
++ printf( _("Error loading PGN file '%s'.\n"), pgn_filename );
++ }
+ }
+
+ /* See comment above in cmd_pgnload about PGN -> EPD conversion. */
+ void cmd_pgnreplay(void)
+ {
+- char data[MAXSTR]="";
+- char epdline[MAXSTR]="";
+-
+- char *s = load_pgn_as_epd( token[1], epdline, 1 );
+- if ( s == NULL ) {
+- printf( _("Incorrect epd file.\n") );
+- return;
+- }
+-
+- strcpy( data, "setboard " );
+- int i=0;
+- while ( epdline[i] != '\n' ) {
+- data[i+9] = epdline[i];
+- ++i;
+- }
+- data[i+9] = '\0';
+-
+- SetDataToEngine( data );
+- SetAutoGo( true );
++ cmd_pgnload();
+
+ pgnloaded = 1;
+ pgncnt = GameCnt;
diff -Nru gnuchess-6.2.7/debian/patches/series gnuchess-6.2.7/debian/patches/series
--- gnuchess-6.2.7/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ gnuchess-6.2.7/debian/patches/series 2025-01-01 16:57:41.000000000 +0100
@@ -0,0 +1 @@
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ***@packages.debian.org
Control: affects -1 + src:gnuchess
User: ***@packages.debian.org
Usertags: pu
Fix for low severity issue which doesn't warrant a DSA,
debdiff below.
Cheers,
Moritz
diff -Nru gnuchess-6.2.7/debian/changelog gnuchess-6.2.7/debian/changelog
--- gnuchess-6.2.7/debian/changelog 2020-10-24 09:16:35.000000000 +0200
+++ gnuchess-6.2.7/debian/changelog 2025-01-01 16:58:08.000000000 +0100
@@ -1,3 +1,10 @@
+gnuchess (6.2.7-1+deb12u1) bookworm; urgency=medium
+
+ * CVE-2021-30184 (Closes: #1070372)
+ * Add missing build dep on help2man
+
+ -- Moritz Mühlenhoff <***@debian.org> Wed, 01 Jan 2025 16:58:08 +0100
+
gnuchess (6.2.7-1) unstable; urgency=medium
* New upstream release (Closes: #936023)
diff -Nru gnuchess-6.2.7/debian/control gnuchess-6.2.7/debian/control
--- gnuchess-6.2.7/debian/control 2020-10-24 09:16:35.000000000 +0200
+++ gnuchess-6.2.7/debian/control 2025-01-01 16:58:08.000000000 +0100
@@ -2,7 +2,7 @@
Section: games
Priority: optional
Maintainer: Vincent Legout <***@debian.org>
-Build-Depends: debhelper-compat (= 12)
+Build-Depends: debhelper-compat (= 12), help2man
Standards-Version: 4.5.0
Homepage: https://www.gnu.org/software/chess/
Vcs-Git: https://salsa.debian.org/debian/gnuchess.git
diff -Nru gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch
--- gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch 2025-01-01 16:57:57.000000000 +0100
@@ -0,0 +1,195 @@
+From f6a65783ebb41bb87811e57754e65933550a44c0 Mon Sep 17 00:00:00 2001
+From: Antonio Ceballos <***@gmail.com>
+Date: Sun, 27 Jun 2021 01:39:06 +0200
+Subject: Fixed CVE-2021-30184: buffer overflow on pgnload and pgnreplay
+
+--- gnuchess-6.2.7.orig/src/frontend/cmd.cc
++++ gnuchess-6.2.7/src/frontend/cmd.cc
+@@ -59,6 +59,7 @@ char *endptr;
+ static int hardFlag=0;
+ static int postFlag=0;
+
++static const char setboard_cmd[] = "setboard ";
+
+ static void split_input(void)
+ {
+@@ -93,6 +94,20 @@ static int tokeneq(const char *s, const
+ }
+
+ /*
++ * Remove a trailing \n and return error if last character is not \n.
++ */
++char *trim_newline(char *line)
++{
++ char *result = NULL;
++ unsigned int last_char_index = strlen(line) - 1;
++ if (line[last_char_index] == '\n') {
++ line[last_char_index] = '\0';
++ result = line;
++ }
++ return result;
++}
++
++/*
+ * Reads a PGN file and returns the equivalent EPD content
+ *
+ * The conversion relies on a temporary file in EPD format,
+@@ -109,10 +124,53 @@ static char *load_pgn_as_epd( const char
+ char *s = fgets( epdline, MAXSTR, epdfile );
+ fclose( epdfile );
+ remove( tmp_epd );
++ if (s != NULL) {
++ s = trim_newline(epdline);
++ }
+
+ return s;
+ }
+
++/*
++ * Takes an EPD filename as input and returns the contents as a
++ * 'setboard <epd-position>' command.
++ */
++char *build_setboard_cmd_from_epd_file(char *data, const char *epd_filename)
++{
++ char *result = NULL;
++ char epdline[MAXSTR]="";
++
++ FILE *epdfile = fopen(epd_filename, "r");
++ if (epdfile != NULL) {
++ if (fgets(epdline, MAXSTR, epdfile) && trim_newline(epdline) && strlen(setboard_cmd) + strlen(epdline) < MAXSTR) {
++ strcpy(data, setboard_cmd);
++ strcat(data, epdline);
++ result = data;
++ }
++ fclose(epdfile);
++ }
++
++ return result;
++}
++
++/*
++ * Takes a PGN filename as input and returns the contents as a
++ * 'setboard <epd-position>' command.
++ */
++char *build_setboard_cmd_from_pgn_file(char *data, const char *pgn_filename)
++{
++ char *result = NULL;
++ char epdline[MAXSTR]="";
++
++ if (load_pgn_as_epd(pgn_filename, epdline, 0) && strlen(setboard_cmd) + strlen(epdline) < MAXSTR) {
++ strcpy(data, setboard_cmd);
++ strcat(data, epdline);
++ result = data;
++ }
++
++ return result;
++}
++
+ void cmd_accepted(void)
+ {
+ SetDataToEngine( token[0] );
+@@ -317,8 +375,9 @@ void cmd_list(void)
+
+ void cmd_load(void)
+ {
++ char *epd_filename = token[1];
+ char data[MAXSTR]="";
+- LoadEPD (token[1]);
++ LoadEPD (epd_filename);
+ pgnloaded = 0;
+ check_board();
+ if (!ValidateBoard()) {
+@@ -326,31 +385,11 @@ void cmd_load(void)
+ printf (_("Board is wrong!\n"));
+ } else {
+ /* Read EPD file and send contents to engine */
+- FILE *epdfile = fopen( token[1], "r" );
+- char epdline[MAXSTR]="";
+- if ( epdfile == NULL ) {
+- printf(_("Error reading file '%s'.\n"), token[1] );
++ if (build_setboard_cmd_from_epd_file(data, epd_filename)) {
++ SetDataToEngine( data );
++ SetAutoGo( true );
+ } else {
+- if ( fgets( epdline, MAXSTR, epdfile ) == NULL ) {
+- printf(_("Error reading file '%s'.\n"), token[1] );
+- } else {
+- const char setboardCmd[] = "setboard ";
+- unsigned int setboardLen = strlen(setboardCmd);
+- strcpy( data, setboardCmd );
+- int i=0;
+- while ( epdline[i] != '\n' ) {
+- if (i + setboardLen < MAXSTR - 1) {
+- data[i+setboardLen] = epdline[i];
+- ++i;
+- } else {
+- printf(_("Error reading contents of file '%s'.\n"), token[1] );
+- break;
+- }
+- }
+- data[i+setboardLen] = '\0';
+- SetDataToEngine( data );
+- SetAutoGo( true );
+- }
++ printf(_("Error reading EPD file '%s'.\n"), epd_filename );
+ }
+ }
+ }
+@@ -468,49 +507,22 @@ void cmd_otim(void)
+ */
+ void cmd_pgnload(void)
+ {
++ const char *pgn_filename = token[1];
+ char data[MAXSTR]="";
+- char epdline[MAXSTR]="";
+
+- char *s = load_pgn_as_epd( token[1], epdline, 0 );
+- if ( s == NULL ) {
+- printf( _("Incorrect epd file.\n") );
+- return;
+- }
+-
+- strcpy( data, "setboard " );
+- int i=0;
+- while ( epdline[i] != '\n' ) {
+- data[i+9] = epdline[i];
+- ++i;
+- }
+- data[i+9] = '\0';
+- SetDataToEngine( data );
+- SetAutoGo( true );
+ pgnloaded = 0;
++ if (build_setboard_cmd_from_pgn_file(data, pgn_filename)) {
++ SetDataToEngine( data );
++ SetAutoGo( true );
++ } else {
++ printf( _("Error loading PGN file '%s'.\n"), pgn_filename );
++ }
+ }
+
+ /* See comment above in cmd_pgnload about PGN -> EPD conversion. */
+ void cmd_pgnreplay(void)
+ {
+- char data[MAXSTR]="";
+- char epdline[MAXSTR]="";
+-
+- char *s = load_pgn_as_epd( token[1], epdline, 1 );
+- if ( s == NULL ) {
+- printf( _("Incorrect epd file.\n") );
+- return;
+- }
+-
+- strcpy( data, "setboard " );
+- int i=0;
+- while ( epdline[i] != '\n' ) {
+- data[i+9] = epdline[i];
+- ++i;
+- }
+- data[i+9] = '\0';
+-
+- SetDataToEngine( data );
+- SetAutoGo( true );
++ cmd_pgnload();
+
+ pgnloaded = 1;
+ pgncnt = GameCnt;
diff -Nru gnuchess-6.2.7/debian/patches/series gnuchess-6.2.7/debian/patches/series
--- gnuchess-6.2.7/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ gnuchess-6.2.7/debian/patches/series 2025-01-01 16:57:41.000000000 +0100
@@ -0,0 +1 @@