Bug#1091857: marked as done (bookworm-pu: package gnuchess/6.2.7-1+deb12u1)

To: jmw@debian.org
Subject: Bug#1091857: marked as done (bookworm-pu: package gnuchess/6.2.7-1+deb12u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 11 Jan 2025 11:06:44 +0000
Message-id: <[🔎] handler.1091857.D1091857.17365933942449131.ackdone@bugs.debian.org>
Reply-to: 1091857@bugs.debian.org
References: <E1tWZGm-009jYK-U4@coccia.debian.org> <[🔎] 173574802637.7827.15237725317216156891.reportbug@hullmann.westfalen.local>

Your message dated Sat, 11 Jan 2025 11:03:08 +0000
with message-id <E1tWZGm-009jYK-U4@coccia.debian.org>
and subject line Close 1091857
has caused the Debian Bug report #1091857,
regarding bookworm-pu: package gnuchess/6.2.7-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1091857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091857
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bookworm-pu: package gnuchess/6.2.7-1+deb12u1
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 01 Jan 2025 17:13:46 +0100
Message-id: <[🔎] 173574802637.7827.15237725317216156891.reportbug@hullmann.westfalen.local>

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: gnuchess@packages.debian.org
Control: affects -1 + src:gnuchess
User: release.debian.org@packages.debian.org
Usertags: pu

Fix for low severity issue which doesn't warrant a DSA,
debdiff below.

Cheers,
        Moritz

diff -Nru gnuchess-6.2.7/debian/changelog gnuchess-6.2.7/debian/changelog
--- gnuchess-6.2.7/debian/changelog	2020-10-24 09:16:35.000000000 +0200
+++ gnuchess-6.2.7/debian/changelog	2025-01-01 16:58:08.000000000 +0100
@@ -1,3 +1,10 @@
+gnuchess (6.2.7-1+deb12u1) bookworm; urgency=medium
+
+  * CVE-2021-30184 (Closes: #1070372)
+  * Add missing build dep on help2man
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Wed, 01 Jan 2025 16:58:08 +0100
+
 gnuchess (6.2.7-1) unstable; urgency=medium
 
   * New upstream release (Closes: #936023)
diff -Nru gnuchess-6.2.7/debian/control gnuchess-6.2.7/debian/control
--- gnuchess-6.2.7/debian/control	2020-10-24 09:16:35.000000000 +0200
+++ gnuchess-6.2.7/debian/control	2025-01-01 16:58:08.000000000 +0100
@@ -2,7 +2,7 @@
 Section: games
 Priority: optional
 Maintainer: Vincent Legout <vlegout@debian.org>
-Build-Depends: debhelper-compat (= 12)
+Build-Depends: debhelper-compat (= 12), help2man
 Standards-Version: 4.5.0
 Homepage: https://www.gnu.org/software/chess/
 Vcs-Git: https://salsa.debian.org/debian/gnuchess.git
diff -Nru gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch
--- gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnuchess-6.2.7/debian/patches/CVE-2021-30184.patch	2025-01-01 16:57:57.000000000 +0100
@@ -0,0 +1,195 @@
+From f6a65783ebb41bb87811e57754e65933550a44c0 Mon Sep 17 00:00:00 2001
+From: Antonio Ceballos <aceballos@gmail.com>
+Date: Sun, 27 Jun 2021 01:39:06 +0200
+Subject: Fixed CVE-2021-30184: buffer overflow on pgnload and pgnreplay
+
+--- gnuchess-6.2.7.orig/src/frontend/cmd.cc
++++ gnuchess-6.2.7/src/frontend/cmd.cc
+@@ -59,6 +59,7 @@ char *endptr;
+ static int hardFlag=0;
+ static int postFlag=0;
+ 
++static const char setboard_cmd[] = "setboard ";
+ 
+ static void split_input(void)
+ {
+@@ -93,6 +94,20 @@ static int tokeneq(const char *s, const
+ }
+ 
+ /*
++ * Remove a trailing \n and return error if last character is not \n.
++ */
++char *trim_newline(char *line)
++{
++  char *result = NULL;
++  unsigned int last_char_index = strlen(line) - 1;
++  if (line[last_char_index] == '\n') {
++    line[last_char_index] = '\0';
++    result = line;
++  }
++  return result;
++}
++
++/*
+  * Reads a PGN file and returns the equivalent EPD content
+  *
+  * The conversion relies on a temporary file in EPD format,
+@@ -109,10 +124,53 @@ static char *load_pgn_as_epd( const char
+   char *s = fgets( epdline, MAXSTR, epdfile );
+   fclose( epdfile );
+   remove( tmp_epd );
++  if (s != NULL) {
++    s = trim_newline(epdline);
++  }
+ 
+   return s;
+ }
+ 
++/*
++ * Takes an EPD filename as input and returns the contents as a
++ * 'setboard <epd-position>' command.
++ */
++char *build_setboard_cmd_from_epd_file(char *data, const char *epd_filename)
++{
++  char *result = NULL;
++  char epdline[MAXSTR]="";
++
++  FILE *epdfile = fopen(epd_filename, "r");
++  if (epdfile != NULL) {
++    if (fgets(epdline, MAXSTR, epdfile) && trim_newline(epdline) && strlen(setboard_cmd) + strlen(epdline) < MAXSTR) {
++      strcpy(data, setboard_cmd);
++      strcat(data, epdline);
++      result = data;
++    }
++    fclose(epdfile);
++  }
++
++  return result;
++}
++
++/*
++ * Takes a PGN filename as input and returns the contents as a
++ * 'setboard <epd-position>' command.
++ */
++char *build_setboard_cmd_from_pgn_file(char *data, const char *pgn_filename)
++{
++  char *result = NULL;
++  char epdline[MAXSTR]="";
++
++  if (load_pgn_as_epd(pgn_filename, epdline, 0) && strlen(setboard_cmd) + strlen(epdline) < MAXSTR) {
++    strcpy(data, setboard_cmd);
++    strcat(data, epdline);
++    result = data;
++  }
++
++  return result;
++}
++
+ void cmd_accepted(void)
+ {
+   SetDataToEngine( token[0] );
+@@ -317,8 +375,9 @@ void cmd_list(void)
+ 
+ void cmd_load(void)
+ {
++  char *epd_filename = token[1];
+   char data[MAXSTR]="";
+-  LoadEPD (token[1]);
++  LoadEPD (epd_filename);
+   pgnloaded = 0;
+   check_board();
+   if (!ValidateBoard()) {
+@@ -326,31 +385,11 @@ void cmd_load(void)
+     printf (_("Board is wrong!\n"));
+   } else {
+     /* Read EPD file and send contents to engine */
+-    FILE *epdfile = fopen( token[1], "r" );
+-    char epdline[MAXSTR]="";
+-    if ( epdfile == NULL ) {
+-      printf(_("Error reading file '%s'.\n"), token[1] );
++    if (build_setboard_cmd_from_epd_file(data, epd_filename)) {
++      SetDataToEngine( data );
++      SetAutoGo( true );
+     } else {
+-      if ( fgets( epdline, MAXSTR, epdfile ) == NULL ) {
+-        printf(_("Error reading file '%s'.\n"), token[1] );
+-      } else {
+-        const char setboardCmd[] = "setboard ";
+-        unsigned int setboardLen = strlen(setboardCmd);
+-        strcpy( data, setboardCmd );
+-        int i=0;
+-        while ( epdline[i] != '\n' ) {
+-          if (i + setboardLen < MAXSTR - 1) {
+-              data[i+setboardLen] = epdline[i];
+-              ++i;
+-          } else {
+-              printf(_("Error reading contents of file '%s'.\n"), token[1] );
+-              break;
+-          }
+-        }
+-        data[i+setboardLen] = '\0';
+-        SetDataToEngine( data );
+-        SetAutoGo( true );
+-      }
++      printf(_("Error reading EPD file '%s'.\n"), epd_filename );
+     }
+   }
+ }
+@@ -468,49 +507,22 @@ void cmd_otim(void)
+  */
+ void cmd_pgnload(void)
+ {
++  const char *pgn_filename = token[1];
+   char data[MAXSTR]="";
+-  char epdline[MAXSTR]="";
+ 
+-  char *s = load_pgn_as_epd( token[1], epdline, 0 );
+-  if ( s == NULL ) {
+-    printf( _("Incorrect epd file.\n") );
+-    return;
+-  }
+-
+-  strcpy( data, "setboard " );
+-  int i=0;
+-  while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
+-  }
+-  data[i+9] = '\0';
+-  SetDataToEngine( data );
+-  SetAutoGo( true );
+   pgnloaded = 0;
++  if (build_setboard_cmd_from_pgn_file(data, pgn_filename)) {
++    SetDataToEngine( data );
++    SetAutoGo( true );
++  } else {
++    printf( _("Error loading PGN file '%s'.\n"), pgn_filename );
++  }
+ }
+ 
+ /* See comment above in cmd_pgnload about PGN -> EPD conversion. */
+ void cmd_pgnreplay(void)
+ {
+-  char data[MAXSTR]="";
+-  char epdline[MAXSTR]="";
+-
+-  char *s = load_pgn_as_epd( token[1], epdline, 1 );
+-  if ( s == NULL ) {
+-    printf( _("Incorrect epd file.\n") );
+-    return;
+-  }
+-
+-  strcpy( data, "setboard " );
+-  int i=0;
+-  while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
+-  }
+-  data[i+9] = '\0';
+-
+-  SetDataToEngine( data );
+-  SetAutoGo( true );
++  cmd_pgnload();
+ 
+   pgnloaded = 1;
+   pgncnt = GameCnt;
diff -Nru gnuchess-6.2.7/debian/patches/series gnuchess-6.2.7/debian/patches/series
--- gnuchess-6.2.7/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ gnuchess-6.2.7/debian/patches/series	2025-01-01 16:57:41.000000000 +0100
@@ -0,0 +1 @@
+CVE-2021-30184.patch

--- End Message ---

--- Begin Message ---

To: 1091857-done@bugs.debian.org

Subject: Close 1091857

From: jmw@debian.org

Date: Sat, 11 Jan 2025 11:03:08 +0000

Message-id: <E1tWZGm-009jYK-U4@coccia.debian.org>
Version: 12.9
This update has been released as part of 12.9. Thank you for your contribution.
--- End Message ---

Reply to:

References:
- Bug#1091857: bookworm-pu: package gnuchess/6.2.7-1+deb12u1
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Bug#1091784: marked as done (bookworm-pu: package cpuinfo/0.0~git20220617.082deff-1+deb12u1)
Next by Date: Bug#1091765: marked as done (bookworm-pu: package python-tornado/6.2.0-3+deb12u1)
Previous by thread: Processed: gnuchess 6.2.7-1+deb12u1 flagged for acceptance
Next by thread: Bug#1086845: transition: gdal
Index(es):
- Date
- Thread