diff --git a/gnuchess.changes b/gnuchess.changes
index 0fc4784..95ab74d 100644
--- a/gnuchess.changes
+++ b/gnuchess.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Apr  8 20:46:21 UTC 2021 - Matej Cepl <mcepl@suse.com>
+
+- Add txtJ07eHdR0m6.patch to fix CVE-2021-30184 (reported upstream on 
+  https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html )
+
 -------------------------------------------------------------------
 Sun May 31 14:58:50 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/gnuchess.spec b/gnuchess.spec
index d63ccda..36f7fd0 100644
--- a/gnuchess.spec
+++ b/gnuchess.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package gnuchess
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -32,12 +32,17 @@ Source3:        genbook.sh
 Source5:        xgnuchess
 Source6:        http://ftp.gnu.org/gnu/chess/%{name}-%{version}.tar.gz.sig
 Source7:        http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=chess&download=1#/gnuchess.keyring
+# PATCH-FIX-UPSTREAM txtJ07eHdR0m6.patch CVE-2021-30184 mcepl@suse.com
+# https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
+# Patch from https://src.fedoraproject.org/rpms/gnuchess/c/bb2dd55d0daf.patch
+Patch0:         txtJ07eHdR0m6.patch
 BuildRequires:  expect
 BuildRequires:  gcc-c++
 BuildRequires:  gettext-devel
+BuildRequires:  help2man
 BuildRequires:  readline-devel
 Requires(post): info
-Requires(preun): info
+Requires(preun):info
 Suggests:       xboard
 Provides:       chess_backend
 Provides:       gchess
@@ -47,7 +52,7 @@ A worthy chess opponent that runs in text mode. Find an X11 interface
 in the xboard package.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure
diff --git a/txtJ07eHdR0m6.patch b/txtJ07eHdR0m6.patch
new file mode 100644
index 0000000..409e757
--- /dev/null
+++ b/txtJ07eHdR0m6.patch
@@ -0,0 +1,38 @@
+---
+ src/frontend/cmd.cc |   18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+--- a/src/frontend/cmd.cc
++++ b/src/frontend/cmd.cc
+@@ -480,8 +480,13 @@ void cmd_pgnload(void)
+   strcpy( data, "setboard " );
+   int i=0;
+   while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
++    if ((i + 9) < MAXSTR - 1) {
++        data[i+9] = epdline[i];
++        ++i;
++    } else {
++        printf(_("Error reading contents of file '%s'.\n"), token[1]);
++        break;
++    }
+   }
+   data[i+9] = '\0';
+   SetDataToEngine( data );
+@@ -504,8 +509,13 @@ void cmd_pgnreplay(void)
+   strcpy( data, "setboard " );
+   int i=0;
+   while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
++    if ((i + 9) < MAXSTR - 1) {
++        data[i+9] = epdline[i];
++        ++i;
++    } else {
++        printf(_("Error reading contents of file '%s'.\n"), token[1]);
++        break;
++    }
+   }
+   data[i+9] = '\0';
+