Bug#957379: debdiff with the fix for Unstable

2020-08-06 Thread Leonidas S. Barbosa 
Please test it.
diff -Nru isc-dhcp-4.4.1/debian/changelog isc-dhcp-4.4.1/debian/changelog
--- isc-dhcp-4.4.1/debian/changelog	2020-01-22 18:35:14.0 -0300
+++ isc-dhcp-4.4.1/debian/changelog	2020-08-05 23:08:47.0 -0300
@@ -1,3 +1,12 @@
+isc-dhcp (4.4.1-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS due gcc 10 compilation issues in client/dhclient.c,
+common/discover.c, relay/dhcrelay.c, server/mdb.c, server/mdb6.c
+(closes: 957379).
+
+ -- Leonidas S. Barbosa   Wed, 05 Aug 2020 23:08:47 -0300
+
 isc-dhcp (4.4.1-2.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru isc-dhcp-4.4.1/debian/patches/Fixed_gcc_10_compilation_issues.patch isc-dhcp-4.4.1/debian/patches/Fixed_gcc_10_compilation_issues.patch
--- isc-dhcp-4.4.1/debian/patches/Fixed_gcc_10_compilation_issues.patch	1969-12-31 21:00:00.0 -0300
+++ isc-dhcp-4.4.1/debian/patches/Fixed_gcc_10_compilation_issues.patch	2020-08-05 23:08:34.0 -0300
@@ -0,0 +1,99 @@
+From 129b7e402bd6e7278854e5a8935fce460552b5f4 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder 
+Date: Thu, 30 Jul 2020 10:01:36 -0400
+Subject: [PATCH] [#117] Fixed gcc 10 compilation issues
+
+client/dhclient.c
+relay/dhcrelay.c
+extern'ed local_port,remote_port
+
+common/discover.c
+init local_port,remote_port to 0
+
+server/mdb.c
+extern'ed dhcp_type_host
+
+server/mdb6.c
+create_prefix6() - eliminated memcpy string overflow error
+---
+ RELNOTES  | 5 +
+ client/dhclient.c | 5 +++--
+ common/discover.c | 4 ++--
+ relay/dhcrelay.c  | 4 ++--
+ server/mdb.c  | 2 +-
+ server/mdb6.c | 2 +-
+ 6 files changed, 14 insertions(+), 8 deletions(-)
+
+#diff --git a/RELNOTES b/RELNOTES
+#index 9d0a0414..6919dba7 100644
+#--- a/RELNOTES
+#+++ b/RELNOTES
+#@@ -103,6 +103,11 @@ ISC DHCP is open source software maintained by Internet Systems
+# Consortium.  This product includes cryptographic software written
+# by Eric Young (e...@cryptsoft.com).
+# 
+#+		Changes since 4.4.2 (Bug Fixes)
+#+
+#+- Minor corrections to allow compilation under gcc 10.
+#+  [Gitlab #117]
+#+
+# 		Changes since 4.4.2b1 (Bug Fixes)
+# 
+# - Added a clarification on DHCPINFORMs and server authority to
+Index: isc-dhcp-4.4.1/client/dhclient.c
+===
+--- isc-dhcp-4.4.1.orig/client/dhclient.c
 isc-dhcp-4.4.1/client/dhclient.c
+@@ -81,8 +81,9 @@ static const char message [] = "Internet
+ static const char url [] = "For info, please visit https://www.isc.org/software/dhcp/;;
+ #endif /* UNIT_TEST */
+ 
+-u_int16_t local_port = 0;
+-u_int16_t remote_port = 0;
++extern u_int16_t local_port;
++extern u_int16_t remote_port;
++
+ #if defined(DHCPv6) && defined(DHCP4o6)
+ int dhcp4o6_state = -1; /* -1 = stopped, 0 = polling, 1 = started */
+ #endif
+Index: isc-dhcp-4.4.1/relay/dhcrelay.c
+===
+--- isc-dhcp-4.4.1.orig/relay/dhcrelay.c
 isc-dhcp-4.4.1/relay/dhcrelay.c
+@@ -95,8 +95,8 @@ enum { forward_and_append,	/* Forward an
+forward_untouched,	/* Forward without changes. */
+discard } agent_relay_mode = forward_and_replace;
+ 
+-u_int16_t local_port;
+-u_int16_t remote_port;
++extern u_int16_t local_port;
++extern u_int16_t remote_port;
+ 
+ /* Relay agent server list. */
+ struct server_list {
+Index: isc-dhcp-4.4.1/server/mdb.c
+===
+--- isc-dhcp-4.4.1.orig/server/mdb.c
 isc-dhcp-4.4.1/server/mdb.c
+@@ -67,7 +67,7 @@ static host_id_info_t *host_id_info = NU
+ 
+ int numclasseswritten;
+ 
+-omapi_object_type_t *dhcp_type_host;
++extern omapi_object_type_t *dhcp_type_host;
+ 
+ isc_result_t enter_class(cd, dynamicp, commit)
+ 	struct class *cd;
+Index: isc-dhcp-4.4.1/server/mdb6.c
+===
+--- isc-dhcp-4.4.1.orig/server/mdb6.c
 isc-dhcp-4.4.1/server/mdb6.c
+@@ -1943,7 +1943,7 @@ create_prefix6(struct ipv6_pool *pool, s
+ 		}
+ 		new_ds.data = new_ds.buffer->data;
+ 		memcpy(new_ds.buffer->data, ds.data, ds.len);
+-		memcpy(new_ds.buffer->data + ds.len, , sizeof(tmp));
++		memcpy(_ds.buffer->data[0] + ds.len, , sizeof(tmp));
+ 		data_string_forget(, MDL);
+ 		data_string_copy(, _ds, MDL);
+ 		data_string_forget(_ds, MDL);
diff -Nru isc-dhcp-4.4.1/debian/patches/series isc-dhcp-4.4.1/debian/patches/series
--- isc-dhcp-4.4.1/debian/patches/series	2020-01-22 18:35:14.0 -0300
+++ isc-dhcp-4.4.1/debian/patches/series	2020-08-05 23:08:47.0 -0300
@@ -16,3 +16,4 @@
 bind-includes.patch
 
 configure.patch
+Fixed_gcc_10_compilation_issues.patch


signature.asc
Description: This is a digitally signed message part

Bug#957379: Commit that fix this issue is 129b7e402bd6e7278854e5a8935fce460552b5f4

2020-08-05 Thread Leonidas S. Barbosa 
Issue link: https://gitlab.isc.org/isc-projects/dhcp/-/issues/117
commit/merge request link:  
https://gitlab.isc.org/isc-projects/dhcp/-/commit/129b7e402bd6e7278854e5a8935fce460552b5f4?merge_request_iid=60



signature.asc
Description: This is a digitally signed message part

Bug#920321: lua5.3: CVE-2019-6706

2019-04-08 Thread Leonidas S. Barbosa 
Hi, 

Yep, my bad not had added any info on the patch...said that

The patch can be find here [1]
It was tested against the POC and it fixed the issue.
Any other question, please let me know :)


[1] http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lu
a-upvaluejoin-function-tc7685575.html


Cheers!


On Seg, 2019-04-08 at 20:29 +0200, Moritz Mühlenhoff wrote:
> On Thu, Jan 24, 2019 at 07:02:59AM +0100, Salvatore Bonaccorso wrote:
> > 
> > Source: lua5.3
> > Version: 5.3.3-1.1
> > Severity: important
> > Tags: security upstream
> > Control: found -1 5.3.3-1
> > 
> > Hi,
> > 
> > The following vulnerability was published for lua5.3.
> > 
> > CVE-2019-6706[0]:
> > > 
> > > Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For
> > > example, a crash outcome might be achieved by an attacker who is
> > > able
> > > to trigger a debug.upvaluejoin call in which the arguments have
> > > certain
> > > relationships.
> Ubuntu fixed this via https://launchpad.net/ubuntu/+source/lua5.3/5.3
> .3-1ubuntu0.18.10.1 :
> http://launchpadlibrarian.net/417853567/lua5.3_5.3.3-1_5.3.3-1ubuntu0
> .18.10.1.diff.gz
> 
> Leonidas, what's the provenance of that patch (given that upstream
> doesn't
> have a public code repo), has it been reviewed/blessed by the Lua
> upstream
> developers?
> 
> Cheers,
> Moritz

signature.asc
Description: This is a digitally signed message part

Bug#874302: liblouis: Debdiff for liblouis CVEs 38, 39, 40 , 42 and 44 with prefix (CVE-2017-1137*)

2017-09-05 Thread Leonidas S. Barbosa 
On Ter, 2017-09-05 at 20:44 +0200, Paul Gevers wrote:
> Hi Leonidas,
> 
> On 05-09-17 20:02, Leonidas S. Barbosa wrote:
> > 
> > In Ubuntu, the attached patch was applied to achieve the following:
> Just so I understand it right, why didn't you package the new
> upstream
> as suggested by the Debian security team?
> 
> Paul
> 
Ok, sorry it was probaly a mine mistake. I'm using submitodebian tool
and didn't saw those suggestions. 

[]'s

Bug#874302: liblouis: Debdiff for liblouis CVEs 38, 39, 40 , 42 and 44 with prefix (CVE-2017-1137*)

2017-09-05 Thread Leonidas S. Barbosa 
Package: liblouis
Version: 3.0.0-3
Followup-For: Bug #874302
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu artful ubuntu-patch

Dear Maintainer,

In Ubuntu, the attached patch was applied to achieve the following:


  * SECURITY UPDATE: Illegal address access in getALine
- debian/patches/CVE-2017-13738-and-2017-13744.patch: fix
  possible out-of-bounds write in liblouis/compileTranslationTable.c.
- CVE-2017-13738
- CVE-2017-13744
  * SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch:
  fix buffer overflow parsing malformed table in
  liblouis/compilerTranslationTable.c.
- CVE-2017-13739
- CVE-2017-13740
- CVE-2017-13742


See that for us 41 and 43 were considered as ignored since it seems to catched
just with ASAN.

Thanks for considering the patch.



-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 
'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru liblouis-3.0.0/debian/files liblouis-3.0.0/debian/files
--- liblouis-3.0.0/debian/files	1969-12-31 21:00:00.0 -0300
+++ liblouis-3.0.0/debian/files	2017-09-04 10:28:23.0 -0300
@@ -0,0 +1 @@
+liblouis_3.0.0-3ubuntu1_source.buildinfo libs extra
diff -Nru liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch
--- liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch	1969-12-31 21:00:00.0 -0300
+++ liblouis-3.0.0/debian/patches/CVE-2017-13738-and-2017-13744.patch	2017-08-31 10:59:03.0 -0300
@@ -0,0 +1,19 @@
+From edf8ee00197e5a9b062554bdca00fe1617d257a4 Mon Sep 17 00:00:00 2001
+From: Mike Gorse 
+Date: Tue, 29 Aug 2017 16:55:29 -0500
+Subject: [PATCH] Fix possible out-of-bounds write from a \ followed by
+ multiple newlines
+
+Fixes CVE-2017-13738 and CVE-2017-13744.
+Index: liblouis-3.0.0/liblouis/compileTranslationTable.c
+===
+--- liblouis-3.0.0.orig/liblouis/compileTranslationTable.c
 liblouis-3.0.0/liblouis/compileTranslationTable.c
+@@ -573,6 +573,7 @@ getALine (FileInfo * nested)
+   if (pch == '\\' && ch == 10)
+ 	{
+ 	  nested->linelen--;
++	  pch = ch;
+ 	  continue;
+ 	}
+   if (ch == 10 || nested->linelen >= MAXSTRING)
diff -Nru liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch
--- liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch	1969-12-31 21:00:00.0 -0300
+++ liblouis-3.0.0/debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch	2017-08-31 11:15:15.0 -0300
@@ -0,0 +1,28 @@
+From d8cfdf1ab64a4c9c6685efe45bc735f68dac618c Mon Sep 17 00:00:00 2001
+From: Mike Gorse 
+Date: Wed, 30 Aug 2017 12:53:02 -0500
+Subject: [PATCH] resolveSubtable: Fix buffer overflow parsing a malformed
+ table
+
+The subtable's name can theoretically be up to MAXSTRING characters long.
+The base name is then copied into a buffer, and the subtable's name is
+appended, so we should allocate more than MAXSTRING bytes for the buffer.
+
+Fixes CVE-2017-13739, CVE-2017-13740, and CVE-2017-13742.
+---
+ liblouis/compileTranslationTable.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: liblouis-3.0.0/liblouis/compileTranslationTable.c
+===
+--- liblouis-3.0.0.orig/liblouis/compileTranslationTable.c
 liblouis-3.0.0/liblouis/compileTranslationTable.c
+@@ -4899,7 +4899,7 @@ resolveSubtable (const char *table, cons
+ 
+   if (table == NULL || table[0] == '\0')
+ return NULL;
+-  tableFile = (char *) malloc (MAXSTRING * sizeof(char));
++  tableFile = (char *) malloc (MAXSTRING * sizeof(char) * 2);
+   
+   //
+   // First try to resolve against base
diff -Nru liblouis-3.0.0/debian/patches/series liblouis-3.0.0/debian/patches/series
--- liblouis-3.0.0/debian/patches/series	1969-12-31 21:00:00.0 -0300
+++ liblouis-3.0.0/debian/patches/series	2017-08-31 11:13:38.0 -0300
@@ -0,0 +1,2 @@
+CVE-2017-13738-and-2017-13744.patch
+CVE-2017-13739-and-2017-13740-and-2017-13742.patch

Bug#873815: pyjwt: PyJWT vulneratibility for some keys

2017-08-31 Thread Leonidas S. Barbosa 
Package: pyjwt
Version: 1.4.2-1
Severity: important
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu artful ubuntu-patch

Dear Maintainer,

Upstream already fixed that issue, here is the debdiff that was applied in
order to fix this.


  * SECURITY UPDATE: symmetric/asymmetric key confusion attacks
- debian/patches/CVE-2017-11424.patch: Throw if key is an PKCS1
  PEM-encoded public key in jwt/algorithms.py, jwt/api_jws.py,
  jwt/api_jwt.py, tests/keys/testkey_pkcs1.pub.pem,
  tests/test_algorithms.py, tests/test_api_jws.py, tests/test_api_jwt.py.
- CVE-2017-11424


Thanks for considering the patch.



-- System Information:
Debian Release: stretch/sid
  APT prefers xenial-updates
  APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 
'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.10.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru pyjwt-1.4.2/debian/files pyjwt-1.4.2/debian/files
--- pyjwt-1.4.2/debian/files	1969-12-31 21:00:00.0 -0300
+++ pyjwt-1.4.2/debian/files	2017-08-30 11:51:30.0 -0300
@@ -0,0 +1 @@
+pyjwt_1.4.2-1ubuntu1_source.buildinfo python optional
diff -Nru pyjwt-1.4.2/debian/patches/CVE-2017-11424.patch pyjwt-1.4.2/debian/patches/CVE-2017-11424.patch
--- pyjwt-1.4.2/debian/patches/CVE-2017-11424.patch	1969-12-31 21:00:00.0 -0300
+++ pyjwt-1.4.2/debian/patches/CVE-2017-11424.patch	2017-08-29 11:40:17.0 -0300
@@ -0,0 +1,139 @@
+From 1922f0972b065077404c0dafa0946f2132400a2b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Padilla?= 
+Date: Wed, 21 Jun 2017 15:49:41 -0400
+Subject: [PATCH 1/3] Throw if key is an PKCS1 PEM-encoded public key
+
+---
+ jwt/algorithms.py|  1 +
+ jwt/api_jws.py   |  9 +
+ jwt/api_jwt.py   |  9 +
+ tests/keys/testkey_pkcs1.pub.pem |  5 +
+ tests/test_algorithms.py |  7 +++
+ tests/test_api_jws.py| 10 ++
+ tests/test_api_jwt.py| 10 ++
+ 7 files changed, 51 insertions(+)
+ create mode 100644 tests/keys/testkey_pkcs1.pub.pem
+
+diff --git a/jwt/algorithms.py b/jwt/algorithms.py
+index 51e8f16..fd9c3ac 100644
+--- a/jwt/algorithms.py
 b/jwt/algorithms.py
+@@ -121,6 +121,7 @@ class HMACAlgorithm(Algorithm):
+ invalid_strings = [
+ b'-BEGIN PUBLIC KEY-',
+ b'-BEGIN CERTIFICATE-',
++b'-BEGIN RSA PUBLIC KEY-',
+ b'ssh-rsa'
+ ]
+ 
+diff --git a/jwt/api_jws.py b/jwt/api_jws.py
+index 177f5ff..a91137c 100644
+--- a/jwt/api_jws.py
 b/jwt/api_jws.py
+@@ -107,6 +107,15 @@ class PyJWS(object):
+ 
+ def decode(self, jws, key='', verify=True, algorithms=None, options=None,
+**kwargs):
++
++if not algorithms:
++warnings.warn(
++'It is strongly recommended that you pass in a ' +
++'value for the "algorithms" argument when calling decode(). ' +
++'This argument will be mandatory in a future version.',
++DeprecationWarning
++)
++
+ payload, signing_input, header, signature = self._load(jws)
+ 
+ if verify:
+diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
+index 9703b8d..e0e6c25 100644
+--- a/jwt/api_jwt.py
 b/jwt/api_jwt.py
+@@ -58,6 +58,15 @@ class PyJWT(PyJWS):
+ 
+ def decode(self, jwt, key='', verify=True, algorithms=None, options=None,
+**kwargs):
++
++if not algorithms:
++warnings.warn(
++'It is strongly recommended that you pass in a ' +
++'value for the "algorithms" argument when calling decode(). ' +
++'This argument will be mandatory in a future version.',
++DeprecationWarning
++)
++
+ payload, signing_input, header, signature = self._load(jwt)
+ 
+ decoded = super(PyJWT, self).decode(jwt, key, verify, algorithms,
+diff --git a/tests/keys/testkey_pkcs1.pub.pem b/tests/keys/testkey_pkcs1.pub.pem
+new file mode 100644
+index 000..f690179
+--- /dev/null
 b/tests/keys/testkey_pkcs1.pub.pem
+@@ -0,0 +1,5 @@
++-BEGIN RSA PUBLIC KEY-
++MIGHAoGBAOV/0Vl/5VdHcYpnILYzBGWo5JQVzo9wBkbxzjAStcAnTwvv1ZJTMXs6
++fjz91f9hiMM4Z/5qNTE/EHlDWxVdj1pyRaQulZPUs0r9qJ02ogRRGLG3jjrzzbzF
++yj/pdNBwym0UJYC/Jmn/kMLwGiWI2nfa9vM5SovqZiAy2FD7eOtVAgED
++-END RSA PUBLIC KEY-
+diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py
+index e3cf1d0..fea654c 100644
+--- a/tests/test_algorithms.py
 b/tests/test_algorithms.py
+@@ -84,6 +84,13 @@ class TestAlgorithms:
+ with open(key_path('testkey2_rsa.pub.pem'), 'r') as keyfile:
+ algo.prepare_key(keyfile.read())
+ 
++