Debian Patches

Status for cgoban/1.9.14-22

Patch Description Author Forwarded Bugs Origin Last update
bug_113342.diff no
init-image-data.diff Zero newly created XImages to avoid sending uninitialised pixels butEnv_imageCreate() allocated the XImage backing store with wms_malloc()
and returned it uninitialised. Callers such as drawStone_newPics() only
paint the pixels that fall inside a shape (e.g. the circular stone) and
rely on the remaining pixels being blank. On a modern allocator the
untouched pixels contain heap garbage, which XPutImage() then transfers to
the X server, showing up as random coloured noise ("garbage") in the UI.
.
The bug was masked on the systems the code was originally written for,
where freshly malloc'd memory happened to be zero. Clear the image data on
creation (and include <string.h> for memset).
Martin A. Godisch <godisch@debian.org> no
bug_179280.diff no
bug_257229.diff no
bug_387209.diff =================================================================== no
bug_827684.diff diff --git a/grab_cgoban.in b/grab_cgoban.in
index e7937d0..26d01ae 100755
no
autoconf.diff no
compiler.diff no
devices.diff no
manpage.diff no
gcc-15.patch Fix FTBFS with GCC 15 Adrian Bunk <bunk@debian.org> no debian
unused-result.diff Fix -Wunused-result warnings in wmslib sound code With _FORTIFY_SOURCE the C library marks pipe() and write() with the
"warn_unused_result" attribute. wmslib/src/wms/snd.c ignored their return
values, producing three -Wunused-result warnings during the build:
.
* snd.c:142 pipe(pipes) (snd_init)
* snd.c:207 write(sound_dev, ...) (snd_play)
* snd.c:275 write(out, buf, size_in) (audio_child)
.
A failed pipe() now disables sound cleanly (mirroring the existing
"device is broken" path); the two best-effort device writes consume their
result explicitly, since a "(void)" cast does not silence the attribute.
Martin A. Godisch <godisch@debian.org> no
igs-client-input.diff Harden IGS client parser against malicious server input The IGS go-server protocol is plain text and the chosen server (or a
man-in-the-middle on the connection) is untrusted. Several sscanf()
calls copied server-controlled fields into fixed-size stack buffers
with an unbounded "%s"/"%[" conversion, allowing a remote stack buffer
overflow:
.
* client/game.c "Removing @ %s" -> char deadStone[5]
* client/game.c "[%d]..[%[^]]..%[^)]" -> wRank/bRank[10], flags[5]
(gotGameInfo: the game-list rank and flag fields)
* client/player.c "%s %s %s %s %s" -> char[40] x5 (updatePlayer)
* client/player.c "{%s " -> char name[50] (disconnected)
* client/player.c "{%s [ %[^]]" -> char name/rank[50] (connected)
* client/match.c "%s" -> char name[30] (declineCommand)
* client/look.c "%d: %s" -> char data[GOBOARD_MAXSIZE+1]
.
Each conversion now carries an explicit field width matching the
destination buffer. In addition, three assert()s that aborted the whole
program on a malformed server line are turned into graceful returns, so
a hostile server can no longer crash the client (denial of service).
Martin A. Godisch <godisch@debian.org> no
igs-gamelist-graceful.diff Do not abort the IGS session on an unparsable server line When a line from the IGS server did not match cgoban's hard-coded sscanf
format, the client popped up a "Cgoban Error" dialog referring to an old
Linux ELF sscanf bug and stopped interpreting that class of message. On a
present-day server this misfires on otherwise harmless lines and makes the
connection look broken.
.
Replace the five misleading pop-ups (game list, kibitz, result, say-detect
and the player "connected" notice) with a single diagnostic line on stderr
that prints the exact offending text, then skip just that line and carry on.
Martin A. Godisch <godisch@debian.org> no
igs-read-buffer.diff Fix the IGS read loop to accumulate multi-read server responses newNetData() reads server data into cc->inBuf in a loop, but each read()
used a fixed offset (cc->inBuf + cc->inLen) and expandBuf() preserved only
cc->inLen bytes. When a single server burst did not fit in one read (the
8 KB input buffer), subsequent reads overwrote earlier data and the bytes
read in that cycle were lost on buffer growth, leaving stale/uninitialised
bytes that telnetMunge() then processed. This produced random "garbage" in
the IGS terminal and uninitialised-value reads (seen under valgrind) once
the games/who listing grew past 8 KB on a busy modern server.
.
Read at the running offset (cc->inLen + totalAmtRead) and grow the buffer
preserving everything read so far.
Debian QA <packages@qa.debian.org> no
games-list-compact.diff Show the observable-games list without blank rows The game list was indexed positionally by game number: display line N held
game number N+1, and game numbers with no current game (state noGame) were
rendered as empty lines. On a busy modern server, game numbers are sparse
(e.g. up to ~410 for ~380 live games), so roughly half the window was blank
and the empty rows were not clickable.
.
Build the list compactly instead: one row per existing game, in game-number
order, skipping empty slots. A line2game[] map translates a clicked display
line back to its game number. A single rebuildList() helper is used when the
window is created, when game info arrives, and on reload.
Martin A. Godisch <godisch@debian.org> no
sgf-input-bounds.diff Bound SGF coordinate handling against malformed input Opening a hand-crafted .sgf file is an untrusted-input path. Two issues
are addressed:
.
* sgf.c: sgf_addCLElem()/sgf_addCLSElem() copied the location string
into the 5-byte lVal[] field with strcpy(), relying solely on an
assert() for the length. The copy is now length-bounded so it cannot
overflow even if assertions are disabled (-DNDEBUG).
* goBoard.c: goBoard_str2Loc() abort()ed via assert() when a
coordinate failed to parse. It now returns the function's existing
"invalid location" sentinel (-1) instead of crashing.
Martin A. Godisch <godisch@debian.org> no
configure-respect-cflags.diff Respect externally supplied CFLAGS (restore Debian hardening) The WMS_GET_CFLAGS macro unconditionally overwrote $CFLAGS with
'-O2 -fomit-frame-pointer', discarding the flags injected by
dpkg-buildflags. As a result -g (and thus the -dbgsym package),
-fstack-clash-protection, -fcf-protection, -ffile-prefix-map and
-Werror=format-security were silently dropped at build time.
.
The default is now only applied when CFLAGS is unset, so the Debian
build flags take precedence. Both configure.in and the shipped,
pre-generated configure are patched because the package is not
autoreconf'd at build time.
Martin A. Godisch <godisch@debian.org> no
grab-cgoban-tmpfile.diff Drop unused predictable /tmp temporary file in grab_cgoban The helper set TMP=/tmp/grab_cgoban.$$ and installed a cleanup trap, but
the variable was never read or written anywhere in the script. The dead
code only created a predictable path reference; it is removed.
Martin A. Godisch <godisch@debian.org> no
format-overflow.diff Use snprintf and adequately sized buffers for fixed-size formats Several call sites formatted integers and doubles into stack buffers that
were too small for the worst-case output, which GCC reports as both
-Wformat-overflow (with sprintf) and -Wformat-truncation (with snprintf).
The runtime values are always bounded, but the compiler cannot prove it.
.
Convert the affected sprintf calls to snprintf and enlarge each destination
buffer to hold the maximum possible formatted output, silencing the
warnings without changing behaviour.
Martin A. Godisch <godisch@debian.org> no
nngs-shutdown-notice.diff Inform the user that NNGS has shut down instead of hanging The "NNGS" server entry points at nngs.cosmic.org, the No Name Go Server,
which was permanently shut down in May 2005. Selecting it merely produced
a silent, hanging connection attempt. Intercept the NNGS selection in the
connect path and pop up an informational notice (with a pointer to the IGS
button) instead of trying to connect.
Martin A. Godisch <godisch@debian.org> no
crashes-in-awesome.diff no

All known versions for source package 'cgoban'

Links