-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 30 Apr 2023 17:35:04 +0200
Source: sgt-puzzles
Binary: sgt-puzzles sgt-puzzles-dbgsym
Architecture: ppc64el
Version: 20191231.79a5378-3+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Description:
 sgt-puzzles - Simon Tatham's Portable Puzzle Collection - 1-player puzzle games
Closes: 905852 1028986 1034190
Changes:
 sgt-puzzles (20191231.79a5378-3+deb11u1) bullseye; urgency=medium
 .
   * Fix various security issues in game loading (Closes: #1028986, #1034190):
     - Mines: add validation for negative mine count.
     - Galaxies: fix assertion failure when adding out-of-bounds association.
     - Filling: fix assertion failure in 3x1 game generation.
     - Map: add missing sresize in new_game_desc().
     - Add more validation to midend deserialisation routine
     - Correct and enable the range check on statepos when loading
     - Add an assertion to check the format of encoded parameters
     - Add assertions that game descriptions consist only of printable ASCII.
     - Hex-encode non-ASCII random seeds in save files
     - Assert that everything written to a save file is printable ASCII
     - Build fix: take declarations out of for loops.
     - galaxies: Use the same code for handling all dropped arrows
     - magnets: Area constraints; fix message.
     - lightup: Ban 2x2 with either 4-way type
     - Remove _() introduced from Android port.
     - Solo: Set max difficulty for small jigsaw puzzles
     - Add a macro of an upper bound on the formatted length of an integer
     - Guess: Don't allow any moves once the game is solved (CVE-2023-24283)
     - Guess: validate peg colours in decode_ui() (CVE-2023-24284)
     - Netslide: Reject moves wider than the grid (CVE-2023-24285)
     - Sixteen: limit length of moves
     - Undead: check for valid commands in execute_move()
     - Undead: fix buffer overrun in "M" command (CVE-2023-24287)
     - Correct RANGECHECK macro in Black Box
     - Range-check normal moves in Undead
     - Range-check record lengths when deserialising games (CVE-2023-24291)
     - Don't load too many states just because there's no STATEPOS
       (CVE-2023-24288)
     - Palisade: forbid moves that remove grid edges
     - Last-ditch maximum size limit for Bridges
     - Last-ditch grid-size limit for Dominosa
     - Last-ditch grid-size limit for Galaxies
     - Last-ditch grid-size limit for Fifteen
     - Last-ditch maximum size limit for Flip
     - Last-ditch grid-size limit for Flood
     - Insist that Flood grids must have non-zero size
     - Last-ditch grid-size limit for Inertia
     - Last-ditch maximum size limit for Light Up
     - Limit maximum grid size in Loopy
     - Last-ditch maximum size limit for Magnets
     - Last-ditch maximum size limit for Map
     - Last-ditch maximum size limit for Mines
     - Also check for tiny grids in Mines
     - Last-ditch maximum size limit for Net
     - Last-ditch maximum size limit for Netslide
     - Integer overflow protection in Pattern
     - Last-ditch maximum size limit for Palisade
     - Last-ditch maximum size limit for Pearl
     - Last-ditch maximum size limit for Pegs
     - Also limit Pegs to at least 1x1 even when not doing full validation
     - Last-ditch maximum size limit for Same Game
     - Last-ditch maximum size limit for Signpost
     - Last-ditch maximum size limit for Sixteen
     - Limit size of puzzle in Tents to avoid integer overflow
     - Last-ditch maximum size limit for Tracks
     - Last-ditch maximum size limit for Twiddle
     - Adjust Undead upper grid-size limit to avoid overflow
     - Last-ditch point-count limit for Untangle
     - Black Box: correct order of validation checks for "F" commands
     - Palisade: don't leak memory on a bad move
     - Don't allow negative clues in Pattern
     - When loading, don't decode_ui unless we have a UI
     - Palisade: remove assertion from decode_ui()
     - Same Game: reject moves with unexpected characters in
     - Filling: validate length of auto-solve move strings
     - Tighten Bridges' validate_desc()
     - Untangle: forbid descriptions that connect a node to itself
     - Mines: No moving once you're dead!
     - Towers: reject descriptions with odd characters at the end
     - Tracks: make sure moves are valid in execute_move()
     - Tracks: let solve make illegal moves
     - Tracks: tighten up the 'illegal solve submoves' fix.
     - Allow repeated "solve" operations in Guess
     - Black Box: reject negative ball counts in game_params.
     - Add validate_params bounds checks in a few more games.
     - Don't allow Bridges games with < 2 islands
     - Forbid moves that fill with the current colour in Flood
     - Cleanly reject ill-formed solve moves in Flood
     - Don't segfault on premature solve moves in Mines
     - Limit number of mines in Mines game description
     - Validate the number of pegs and holes in a Pegs game ID
     - Mines: forbid moves that flag or unflag an exposed square
     - Mines: Don't check if the player has won if they've already lost
     - Avoid invalid moves when solving Tracks
     - Fix move validation in Netslide
     - Tighten validation of Tents game descriptions
     - Dominosa: require the two halves of a domino to be adjacent
     - Forbid lines off the grid in Pearl
     - Tolerate incorrect solutions in Inertia
     - Palisade: replace dfs_dsf() with a simple iteration.
     - latin_solver_alloc: handle clashing numbers in input grid.
     - Pearl: fix assertion failure on bad puzzle.
     - Pearl: fix bounds check in previous commit.
     - Unequal: Don't insist that solve moves must actually solve
     - Range: Don't fail an assertion on an all-black board
     - Limit width and height to SHRT_MAX in Mines
     - Mines: Add assertions to range-check conversions to short
     - Unequal: fix sense error in latin_solver_alloc fix.
     - Forbid impossible moves in Bridges
     - Forbid game descriptions with joined islands in Bridges
     - Check state is valid at the end of a move in Pearl
     - Cleanly reject more ill-formed solve moves in Flood
     - Don't allow moves that change the constraints in Unequal
     - Fix memory leaks in Keen's validate_desc()
     - Don't leak grids in Loopy's validate_desc()
     - Remember to free the to_draw member from Net's drawstate
     - Undead: check the return value of sscanf() in execute_move()
     - Don't leak duplicate edges in Untangle
     - Remember to free the numcolours array from Pattern's drawstate
     - Twiddle: don't read off the end of parameter strings ending 'm'
     - Loopy: free the grid description string if it's invalid
     - Avoid division by zero in Cube grid-size checks
     - Validate that save file values are ASCII (mostly)
     - More validation of solve moves in Flood
     - Make sure that moves in Flood use only valid colours
     - Tighten grid-size limit in Mines
     - Tracks: set drag_s{x,y} even if starting off-grid
     - Undead: be a bit more careful about sprintf buffer sizes
     - Fix memory leak in midend_game_id_int()
     - Flood: don't read off the end of some parameter strings
     - Be more careful with type of left operand of <<
     - Map: reduce maximum size
     - Correctly handle some short save files
     - Inertia: insist that solutions must be non-empty
     - Galaxies: fix recursion depth limit in solver.
     - Correct a range check in Magnets' layout verification
     - Magnets: add a check that magnets don't wrap between lines
     - Net: assert that cx and cy are in range in compute_active()
     - Don't allow zero clues in Pattern
   * Solo: cope with pencil marks when tilesize == 1 (Closes: #905852)
Checksums-Sha1:
 360002890bd4343145e96195bbb7f5bbb1a8e311 6989332 sgt-puzzles-dbgsym_20191231.79a5378-3+deb11u1_ppc64el.deb
 5c3008f7e17125a965bec3d6b06747de35b616b8 15166 sgt-puzzles_20191231.79a5378-3+deb11u1_ppc64el-buildd.buildinfo
 3f64d8fb318c693fe758b0a11f41b5d77c740a07 1907008 sgt-puzzles_20191231.79a5378-3+deb11u1_ppc64el.deb
Checksums-Sha256:
 89bf715186ec2a565baa3a5b53c09150f19e46062154475cef6aea380af5b427 6989332 sgt-puzzles-dbgsym_20191231.79a5378-3+deb11u1_ppc64el.deb
 97c98c81eb62f3bc4218b1addf83948c257eca6d6cb79aeaac6b3f53bdb3da4f 15166 sgt-puzzles_20191231.79a5378-3+deb11u1_ppc64el-buildd.buildinfo
 10de2d9e73057472867ac6d7367e28d98da964fb64a08e7bd7ff7dc5d33d49d0 1907008 sgt-puzzles_20191231.79a5378-3+deb11u1_ppc64el.deb
Files:
 aea4bb83ccb4eaad24c9f12d59b4e8cf 6989332 debug optional sgt-puzzles-dbgsym_20191231.79a5378-3+deb11u1_ppc64el.deb
 be2b1e260ccbd8269a0a407195cb3418 15166 games optional sgt-puzzles_20191231.79a5378-3+deb11u1_ppc64el-buildd.buildinfo
 1e0077e473532879e1c3a2313d310c22 1907008 games optional sgt-puzzles_20191231.79a5378-3+deb11u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEG6HwUrz8cgTg6xaPZnETzaamDSwFAmRi738ACgkQZnETzaam
DSy4FRAAnfjTnD1PEJEOVNJy7QBBFMrRy/B2Eg2FvcMVysK4AYKQ9AzkaXoEv8m9
F4eOYI3CmVhyMNWE1nwxPFedLCeCt0z5Gp3DhdGKpAmj+jnjOe+Udp5pH9hfV7AX
GBa8rdr0Ot4B6JtEW2azzzBR5jPHdB6/X/A+l3zzGqRR/a4WlgY/sgXSzIhdpXvD
+i41YjzuEGf4DhRprCq5bsjPxHNVMauojC1XXHnsfstxp1n0QZmtdePr/GE7Hyjk
FLYrFTHOkcITOF3MeqYeGUfgCMRlgt5OT2QDDIm4MzS/jGjBq4oFnKZjtYzpIgy/
JhnzXmv67X+pmY9XnME7jWCCp3/S+Z4wLdeFYoJAga5RvBjqWirFV+t8bqLDIQXW
MX3E4uXLyvYRiHdJ9655ISC1HO/ALwlBu2Npc6QKWGnJEFvdxfULboRi9JGVH1SP
fI4pxKcXQylWnGjjO5NzgS8lIbcSSmQJ5XwizPLUmOQL0qrd3XHH4pnaebBM0QB9
dzbUVJYhZSYvMKqCtskH+vZ6wMHvrQtBuRb3tWCAwoEpyyGtKRp+YVbPYkQdi6FP
Ks45MNUKs62nQa4tdn1BmSKc4YLWnetuIl3heZ4CsnFc3IVk64hySLshieQWtXuX
ynLazUtp5ann1+a3UuHPogHL5GaoZYiYmmyBw8Y5Y5KvYrjsAWI=
=rQar
-----END PGP SIGNATURE-----