[ubuntu/lunar-proposed] sgt-puzzles 20230122.806ae71-2 (Accepted)

[Unit 193]

sgt-puzzles (20230122.806ae71-2) unstable; urgency=medium

  * Fix various security issues in game loading (Closes: #1034190):
    - Black Box: reject negative ball counts in game_params.
    - Add validate_params bounds checks in a few more games.
    - Don't allow Bridges games with < 2 islands
    - Forbid moves that fill with the current colour in Flood
    - Cleanly reject ill-formed solve moves in Flood
    - Don't segfault on premature solve moves in Mines
    - Limit number of mines in Mines game description
    - Validate the number of pegs and holes in a Pegs game ID
    - Mines: forbid moves that flag or unflag an exposed square
    - Mines: Don't check if the player has won if they've already lost
    - Avoid invalid moves when solving Tracks
    - Fix move validation in Netslide
    - Tighten validation of Tents game descriptions
    - Dominosa: require the two halves of a domino to be adjacent
    - Forbid lines off the grid in Pearl
    - Tolerate incorrect solutions in Inertia
    - Palisade: replace dfs_dsf() with a simple iteration.
    - latin_solver_alloc: handle clashing numbers in input grid.
    - Pearl: fix assertion failure on bad puzzle.
    - Pearl: fix bounds check in previous commit.
    - Unequal: Don't insist that solve moves must actually solve
    - Range: Don't fail an assertion on an all-black board
    - Limit width and height to SHRT_MAX in Mines
    - Mines: Add assertions to range-check conversions to short
    - Unequal: fix sense error in latin_solver_alloc fix.
    - Forbid impossible moves in Bridges
    - Forbid game descriptions with joined islands in Bridges
    - Check state is valid at the end of a move in Pearl
    - Cleanly reject more ill-formed solve moves in Flood
    - Don't allow moves that change the constraints in Unequal
    - Fix memory leaks in Keen's validate_desc()
    - Remember to free the actual_board array in Mosaic
    - Don't leak grids in Loopy's validate_desc()
    - Remember to free the to_draw member from Net's drawstate
    - Undead: check the return value of sscanf() in execute_move()
    - Don't leak duplicate edges in Untangle
    - Remember to free the numcolours array from Pattern's drawstate
    - Free new game_state properly in Mosaic's execute_move()
    - Twiddle: don't read off the end of parameter strings ending 'm'
    - Loopy: free the grid description string if it's invalid
    - Mosaic: don't duplicate the description being validated
    - Avoid division by zero in Cube grid-size checks
    - Validate that save file values are ASCII (mostly)
    - More validation of solve moves in Flood
    - Make sure that moves in Flood use only valid colours
    - Tighten grid-size limit in Mines
    - Tracks: set drag_s{x,y} even if starting off-grid
    - Undead: be a bit more careful about sprintf buffer sizes
    - Fix memory leak in midend_game_id_int()
    - Flood: don't read off the end of some parameter strings
    - Be more careful with type of left operand of <<
    - Map: reduce maximum size
    - Correctly handle some short save files
    - Inertia: insist that solutions must be non-empty
    - Galaxies: fix recursion depth limit in solver.
    - Correct a range check in Magnets' layout verification
    - Magnets: add a check that magnets don't wrap between lines
    - Net: assert that cx and cy are in range in compute_active()
    - Don't allow zero clues in Pattern
  * Solo: cope with pencil marks when tilesize == 1 (Closes: #905852)

Date: 2023-04-17 04:35:51.081652+00:00
Changed-By: Ben Hutchings <ben at decadent.org.uk>
Signed-By: Unit 193 <unit193 at gmail.com>
https://launchpad.net/ubuntu/+source/sgt-puzzles/20230122.806ae71-2
-------------- next part --------------
Sorry, changesfile not available.