Bug#957379: debdiff with the fix for Unstable
Please test it. diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog --- isc-dhcp-4.4.1/debian/changelog 2020-01-22 18:35:14.0 -0300 +++ isc-dhcp-4.4.1/debian/changelog 2020-08-05 23:08:47.0 -0300 @@ -1,3 +1,12 @@ +isc-dhcp (4.4.1-2.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS due gcc 10 compilation issues in client/dhclient.c, +common/discover.c, relay/dhcrelay.c, server/mdb.c, server/mdb6.c +(closes: 957379). + + -- Leonidas S. Barbosa Wed, 05 Aug 2020 23:08:47 -0300 + isc-dhcp (4.4.1-2.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru isc-dhcp-4.4.1/debian/patches/Fixed_gcc_10_compilation_issues.patch isc-dhcp-4.4.1/debian/patches/Fixed_gcc_10_compilation_issues.patch --- isc-dhcp-4.4.1/debian/patches/Fixed_gcc_10_compilation_issues.patch 1969-12-31 21:00:00.0 -0300 +++ isc-dhcp-4.4.1/debian/patches/Fixed_gcc_10_compilation_issues.patch 2020-08-05 23:08:34.0 -0300 @@ -0,0 +1,99 @@ +From 129b7e402bd6e7278854e5a8935fce460552b5f4 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder +Date: Thu, 30 Jul 2020 10:01:36 -0400 +Subject: [PATCH] [#117] Fixed gcc 10 compilation issues + +client/dhclient.c +relay/dhcrelay.c +extern'ed local_port,remote_port + +common/discover.c +init local_port,remote_port to 0 + +server/mdb.c +extern'ed dhcp_type_host + +server/mdb6.c +create_prefix6() - eliminated memcpy string overflow error +--- + RELNOTES | 5 + + client/dhclient.c | 5 +++-- + common/discover.c | 4 ++-- + relay/dhcrelay.c | 4 ++-- + server/mdb.c | 2 +- + server/mdb6.c | 2 +- + 6 files changed, 14 insertions(+), 8 deletions(-) + +#diff --git a/RELNOTES b/RELNOTES +#index 9d0a0414..6919dba7 100644 +#--- a/RELNOTES +#+++ b/RELNOTES +#@@ -103,6 +103,11 @@ ISC DHCP is open source software maintained by Internet Systems +# Consortium. This product includes cryptographic software written +# by Eric Young (e...@cryptsoft.com). +# +#+ Changes since 4.4.2 (Bug Fixes) +#+ +#+- Minor corrections to allow compilation under gcc 10. +#+ [Gitlab #117] +#+ +# Changes since 4.4.2b1 (Bug Fixes) +# +# - Added a clarification on DHCPINFORMs and server authority to +Index: isc-dhcp-4.4.1/client/dhclient.c +=== +--- isc-dhcp-4.4.1.orig/client/dhclient.c isc-dhcp-4.4.1/client/dhclient.c +@@ -81,8 +81,9 @@ static const char message [] = "Internet + static const char url [] = "For info, please visit https://www.isc.org/software/dhcp/;; + #endif /* UNIT_TEST */ + +-u_int16_t local_port = 0; +-u_int16_t remote_port = 0; ++extern u_int16_t local_port; ++extern u_int16_t remote_port; ++ + #if defined(DHCPv6) && defined(DHCP4o6) + int dhcp4o6_state = -1; /* -1 = stopped, 0 = polling, 1 = started */ + #endif +Index: isc-dhcp-4.4.1/relay/dhcrelay.c +=== +--- isc-dhcp-4.4.1.orig/relay/dhcrelay.c isc-dhcp-4.4.1/relay/dhcrelay.c +@@ -95,8 +95,8 @@ enum { forward_and_append, /* Forward an +forward_untouched, /* Forward without changes. */ +discard } agent_relay_mode = forward_and_replace; + +-u_int16_t local_port; +-u_int16_t remote_port; ++extern u_int16_t local_port; ++extern u_int16_t remote_port; + + /* Relay agent server list. */ + struct server_list { +Index: isc-dhcp-4.4.1/server/mdb.c +=== +--- isc-dhcp-4.4.1.orig/server/mdb.c isc-dhcp-4.4.1/server/mdb.c +@@ -67,7 +67,7 @@ static host_id_info_t *host_id_info = NU + + int numclasseswritten; + +-omapi_object_type_t *dhcp_type_host; ++extern omapi_object_type_t *dhcp_type_host; + + isc_result_t enter_class(cd, dynamicp, commit) + struct class *cd; +Index: isc-dhcp-4.4.1/server/mdb6.c +=== +--- isc-dhcp-4.4.1.orig/server/mdb6.c isc-dhcp-4.4.1/server/mdb6.c +@@ -1943,7 +1943,7 @@ create_prefix6(struct ipv6_pool *pool, s + } + new_ds.data = new_ds.buffer->data; + memcpy(new_ds.buffer->data, ds.data, ds.len); +- memcpy(new_ds.buffer->data + ds.len, , sizeof(tmp)); ++ memcpy(_ds.buffer->data[0] + ds.len, , sizeof(tmp)); + data_string_forget(, MDL); + data_string_copy(, _ds, MDL); + data_string_forget(_ds, MDL); diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series --- isc-dhcp-4.4.1/debian/patches/series 2020-01-22 18:35:14.0 -0300 +++ isc-dhcp-4.4.1/debian/patches/series 2020-08-05 23:08:47.0 -0300 @@ -16,3 +16,4 @@ bind-includes.patch configure.patch +Fixed_gcc_10_compilation_issues.patch signature.asc Description: This is a digitally signed message part
Bug#957379: Commit that fix this issue is 129b7e402bd6e7278854e5a8935fce460552b5f4
Issue link: https://gitlab.isc.org/isc-projects/dhcp/-/issues/117 commit/merge request link: https://gitlab.isc.org/isc-projects/dhcp/-/commit/129b7e402bd6e7278854e5a8935fce460552b5f4?merge_request_iid=60 signature.asc Description: This is a digitally signed message part
Bug#920321: lua5.3: CVE-2019-6706
Hi, Yep, my bad not had added any info on the patch...said that The patch can be find here [1] It was tested against the POC and it fixed the issue. Any other question, please let me know :) [1] http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lu a-upvaluejoin-function-tc7685575.html Cheers! On Seg, 2019-04-08 at 20:29 +0200, Moritz Mühlenhoff wrote: > On Thu, Jan 24, 2019 at 07:02:59AM +0100, Salvatore Bonaccorso wrote: > > > > Source: lua5.3 > > Version: 5.3.3-1.1 > > Severity: important > > Tags: security upstream > > Control: found -1 5.3.3-1 > > > > Hi, > > > > The following vulnerability was published for lua5.3. > > > > CVE-2019-6706[0]: > > > > > > Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For > > > example, a crash outcome might be achieved by an attacker who is > > > able > > > to trigger a debug.upvaluejoin call in which the arguments have > > > certain > > > relationships. > Ubuntu fixed this via https://launchpad.net/ubuntu/+source/lua5.3/5.3 > .3-1ubuntu0.18.10.1 : > http://launchpadlibrarian.net/417853567/lua5.3_5.3.3-1_5.3.3-1ubuntu0 > .18.10.1.diff.gz > > Leonidas, what's the provenance of that patch (given that upstream > doesn't > have a public code repo), has it been reviewed/blessed by the Lua > upstream > developers? > > Cheers, > Moritz signature.asc Description: This is a digitally signed message part
Bug#874302: liblouis: Debdiff for liblouis CVEs 38, 39, 40 , 42 and 44 with prefix (CVE-2017-1137*)
On Ter, 2017-09-05 at 20:44 +0200, Paul Gevers wrote: > Hi Leonidas, > > On 05-09-17 20:02, Leonidas S. Barbosa wrote: > > > > In Ubuntu, the attached patch was applied to achieve the following: > Just so I understand it right, why didn't you package the new > upstream > as suggested by the Debian security team? > > Paul > Ok, sorry it was probaly a mine mistake. I'm using submitodebian tool and didn't saw those suggestions. []'s
Bug#874302: liblouis: Debdiff for liblouis CVEs 38, 39, 40 , 42 and 44 with prefix (CVE-2017-1137*)
Package: liblouis Version: 3.0.0-3 Followup-For: Bug #874302 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu artful ubuntu-patch Dear Maintainer, In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: Illegal address access in getALine - debian/patches/CVE-2017-13738-and-2017-13744.patch: fix possible out-of-bounds write in liblouis/compileTranslationTable.c. - CVE-2017-13738 - CVE-2017-13744 * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch: fix buffer overflow parsing malformed table in liblouis/compilerTranslationTable.c. - CVE-2017-13739 - CVE-2017-13740 - CVE-2017-13742 See that for us 41 and 43 were considered as ignored since it seems to catched just with ASAN. Thanks for considering the patch. -- System Information: Debian Release: stretch/sid APT prefers xenial-updates APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.10.0-32-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru liblouis-3.0.0/debian/files liblouis-3.0.0/debian/files --- liblouis-3.0.0/debian/files 1969-12-31 21:00:00.0 -0300 +++ liblouis-3.0.0/debian/files 2017-09-04 10:28:23.0 -0300 @@ -0,0 +1 @@ +liblouis_3.0.0-3ubuntu1_source.buildinfo libs extra diff -Nru liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch --- liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch 1969-12-31 21:00:00.0 -0300 +++ liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch 2017-08-31 10:59:03.0 -0300 @@ -0,0 +1,19 @@ +From edf8ee00197e5a9b062554bdca00fe1617d257a4 Mon Sep 17 00:00:00 2001 +From: Mike Gorse+Date: Tue, 29 Aug 2017 16:55:29 -0500 +Subject: [PATCH] Fix possible out-of-bounds write from a \ followed by + multiple newlines + +Fixes CVE-2017-13738 and CVE-2017-13744. +Index: liblouis-3.0.0/liblouis/compileTranslationTable.c +=== +--- liblouis-3.0.0.orig/liblouis/compileTranslationTable.c liblouis-3.0.0/liblouis/compileTranslationTable.c +@@ -573,6 +573,7 @@ getALine (FileInfo * nested) + if (pch == '\\' && ch == 10) + { + nested->linelen--; ++ pch = ch; + continue; + } + if (ch == 10 || nested->linelen >= MAXSTRING) diff -Nru liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch --- liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch 1969-12-31 21:00:00.0 -0300 +++ liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch 2017-08-31 11:15:15.0 -0300 @@ -0,0 +1,28 @@ +From d8cfdf1ab64a4c9c6685efe45bc735f68dac618c Mon Sep 17 00:00:00 2001 +From: Mike Gorse +Date: Wed, 30 Aug 2017 12:53:02 -0500 +Subject: [PATCH] resolveSubtable: Fix buffer overflow parsing a malformed + table + +The subtable's name can theoretically be up to MAXSTRING characters long. +The base name is then copied into a buffer, and the subtable's name is +appended, so we should allocate more than MAXSTRING bytes for the buffer. + +Fixes CVE-2017-13739, CVE-2017-13740, and CVE-2017-13742. +--- + liblouis/compileTranslationTable.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: liblouis-3.0.0/liblouis/compileTranslationTable.c +=== +--- liblouis-3.0.0.orig/liblouis/compileTranslationTable.c liblouis-3.0.0/liblouis/compileTranslationTable.c +@@ -4899,7 +4899,7 @@ resolveSubtable (const char *table, cons + + if (table == NULL || table[0] == '\0') + return NULL; +- tableFile = (char *) malloc (MAXSTRING * sizeof(char)); ++ tableFile = (char *) malloc (MAXSTRING * sizeof(char) * 2); + + // + // First try to resolve against base diff -Nru liblouis-3.0.0/debian/patches/series liblouis-3.0.0/debian/patches/series --- liblouis-3.0.0/debian/patches/series 1969-12-31 21:00:00.0 -0300 +++ liblouis-3.0.0/debian/patches/series 2017-08-31 11:13:38.0 -0300 @@ -0,0 +1,2 @@ +CVE-2017-13738-and-2017-13744.patch +CVE-2017-13739-and-2017-13740-and-2017-13742.patch
Bug#873815: pyjwt: PyJWT vulneratibility for some keys
Package: pyjwt Version: 1.4.2-1 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu artful ubuntu-patch Dear Maintainer, Upstream already fixed that issue, here is the debdiff that was applied in order to fix this. * SECURITY UPDATE: symmetric/asymmetric key confusion attacks - debian/patches/CVE-2017-11424.patch: Throw if key is an PKCS1 PEM-encoded public key in jwt/algorithms.py, jwt/api_jws.py, jwt/api_jwt.py, tests/keys/testkey_pkcs1.pub.pem, tests/test_algorithms.py, tests/test_api_jws.py, tests/test_api_jwt.py. - CVE-2017-11424 Thanks for considering the patch. -- System Information: Debian Release: stretch/sid APT prefers xenial-updates APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.10.0-32-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru pyjwt-1.4.2/debian/files pyjwt-1.4.2/debian/files --- pyjwt-1.4.2/debian/files 1969-12-31 21:00:00.0 -0300 +++ pyjwt-1.4.2/debian/files 2017-08-30 11:51:30.0 -0300 @@ -0,0 +1 @@ +pyjwt_1.4.2-1ubuntu1_source.buildinfo python optional diff -Nru pyjwt-1.4.2/debian/patches/CVE-2017-11424.patch pyjwt-1.4.2/debian/patches/CVE-2017-11424.patch --- pyjwt-1.4.2/debian/patches/CVE-2017-11424.patch 1969-12-31 21:00:00.0 -0300 +++ pyjwt-1.4.2/debian/patches/CVE-2017-11424.patch 2017-08-29 11:40:17.0 -0300 @@ -0,0 +1,139 @@ +From 1922f0972b065077404c0dafa0946f2132400a2b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Padilla?=+Date: Wed, 21 Jun 2017 15:49:41 -0400 +Subject: [PATCH 1/3] Throw if key is an PKCS1 PEM-encoded public key + +--- + jwt/algorithms.py| 1 + + jwt/api_jws.py | 9 + + jwt/api_jwt.py | 9 + + tests/keys/testkey_pkcs1.pub.pem | 5 + + tests/test_algorithms.py | 7 +++ + tests/test_api_jws.py| 10 ++ + tests/test_api_jwt.py| 10 ++ + 7 files changed, 51 insertions(+) + create mode 100644 tests/keys/testkey_pkcs1.pub.pem + +diff --git a/jwt/algorithms.py b/jwt/algorithms.py +index 51e8f16..fd9c3ac 100644 +--- a/jwt/algorithms.py b/jwt/algorithms.py +@@ -121,6 +121,7 @@ class HMACAlgorithm(Algorithm): + invalid_strings = [ + b'-BEGIN PUBLIC KEY-', + b'-BEGIN CERTIFICATE-', ++b'-BEGIN RSA PUBLIC KEY-', + b'ssh-rsa' + ] + +diff --git a/jwt/api_jws.py b/jwt/api_jws.py +index 177f5ff..a91137c 100644 +--- a/jwt/api_jws.py b/jwt/api_jws.py +@@ -107,6 +107,15 @@ class PyJWS(object): + + def decode(self, jws, key='', verify=True, algorithms=None, options=None, +**kwargs): ++ ++if not algorithms: ++warnings.warn( ++'It is strongly recommended that you pass in a ' + ++'value for the "algorithms" argument when calling decode(). ' + ++'This argument will be mandatory in a future version.', ++DeprecationWarning ++) ++ + payload, signing_input, header, signature = self._load(jws) + + if verify: +diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py +index 9703b8d..e0e6c25 100644 +--- a/jwt/api_jwt.py b/jwt/api_jwt.py +@@ -58,6 +58,15 @@ class PyJWT(PyJWS): + + def decode(self, jwt, key='', verify=True, algorithms=None, options=None, +**kwargs): ++ ++if not algorithms: ++warnings.warn( ++'It is strongly recommended that you pass in a ' + ++'value for the "algorithms" argument when calling decode(). ' + ++'This argument will be mandatory in a future version.', ++DeprecationWarning ++) ++ + payload, signing_input, header, signature = self._load(jwt) + + decoded = super(PyJWT, self).decode(jwt, key, verify, algorithms, +diff --git a/tests/keys/testkey_pkcs1.pub.pem b/tests/keys/testkey_pkcs1.pub.pem +new file mode 100644 +index 000..f690179 +--- /dev/null b/tests/keys/testkey_pkcs1.pub.pem +@@ -0,0 +1,5 @@ ++-BEGIN RSA PUBLIC KEY- ++MIGHAoGBAOV/0Vl/5VdHcYpnILYzBGWo5JQVzo9wBkbxzjAStcAnTwvv1ZJTMXs6 ++fjz91f9hiMM4Z/5qNTE/EHlDWxVdj1pyRaQulZPUs0r9qJ02ogRRGLG3jjrzzbzF ++yj/pdNBwym0UJYC/Jmn/kMLwGiWI2nfa9vM5SovqZiAy2FD7eOtVAgED ++-END RSA PUBLIC KEY- +diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py +index e3cf1d0..fea654c 100644 +--- a/tests/test_algorithms.py b/tests/test_algorithms.py +@@ -84,6 +84,13 @@ class TestAlgorithms: + with open(key_path('testkey2_rsa.pub.pem'), 'r') as keyfile: + algo.prepare_key(keyfile.read()) + ++