Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: ldns

ldns (1.7.0-3ubuntu8) disco; urgency=medium * No-change rebuild to build for python3.7 as the default. -- Matthias Klose <doko@ubuntu.com> Wed, 31 Oct 2018 12:35:14 +0000 ldns (1.7.0-3ubuntu7) cosmic; urgency=high * No change rebuild against openssl 1.1.1 with TLS 1.3 support. -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 29 Sep 2018 01:36:46 +0100 ldns (1.7.0-3ubuntu6) cosmic; urgency=medium * Don't build-depend on python3-all-dev, the build rules don't handle multiple versions of python3 correctly. -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 18 Jul 2018 11:45:50 -0400 ldns (1.7.0-3ubuntu5) cosmic; urgency=medium * No-change rebuild to build for python3.7. -- Matthias Klose <doko@ubuntu.com> Thu, 28 Jun 2018 06:53:42 +0000 ldns (1.7.0-3ubuntu4) bionic; urgency=medium * Re-enable openssl1.1 & DANE TA usage. -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 12:33:10 +0000 ldns (1.7.0-3ubuntu3) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 05 Feb 2018 16:50:19 +0000 ldns (1.7.0-3ubuntu2) bionic; urgency=medium * SECURITY UPDATE: double-free in ldns_fget_token_l - debian/patches/CVE-2017-1000231.patch: check parse limit before t increment in parse.c. - CVE-2017-1000231 * SECURITY UPDATE: double-free in ldns_str2rdf_long_str - debian/patches/CVE-2017-1000232.patch: free after reallocing to 0 size in str2host.c. - CVE-2017-1000232 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 22 Nov 2017 11:46:21 -0500 ldns (1.7.0-3ubuntu1) bionic; urgency=low * Merge from Debian unstable (LP: #1731949). Remaining changes: - Disable DANE TA usage to build with OpenSSL << 1.1.0 * Build depend on OpenSSL << 1.1.0 to not forget about dropping the delta when Ubuntu moves to OpenSSL >= 1.1.0 -- Balint Reczey <rbalint@ubuntu.com> Mon, 13 Nov 2017 16:11:30 +0100

Modifications :
  1. Download patch debian/patches/CVE-2017-1000232.patch

    --- 1.7.0-3/debian/patches/CVE-2017-1000232.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.7.0-3ubuntu8/debian/patches/CVE-2017-1000232.patch 2017-11-22 16:46:14.000000000 +0000 @@ -0,0 +1,39 @@ +From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001 +From: Willem Toorop <willem@nlnetlabs.nl> +Date: Thu, 27 Apr 2017 00:25:20 +0200 +Subject: bugfix #1257: Free after reallocing to 0 size + +Thanks Stephan Zeisberg +--- + Changelog | 2 ++ + str2host.c | 6 ++++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + +#diff --git a/Changelog b/Changelog +#index 7786148..d7aa711 100644 +#--- a/Changelog +#+++ b/Changelog +#@@ -1,4 +1,6 @@ +# 1.7.1 ????-??-?? +#+ * bugfix #1257: Free after reallocing to 0 size +#+ Thanks Stephan Zeisberg +# * bugfix #1256: Check parse limit before t increment +# Thanks Stephan Zeisberg +# * bugfix #1245: Only one signature per RRset needs to be valid with +Index: ldns-1.7.0/str2host.c +=================================================================== +--- ldns-1.7.0.orig/str2host.c 2017-11-21 13:06:46.830309135 -0500 ++++ ldns-1.7.0/str2host.c 2017-11-21 13:06:46.826309092 -0500 +@@ -1496,8 +1496,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, con + if (! str) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } +- length = (size_t)(dp - data); +- ++ if (!(length = (size_t)(dp - data))) { ++ LDNS_FREE(data); ++ return LDNS_STATUS_SYNTAX_EMPTY; ++ } + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length); + if (! data) {
  2. Download patch debian/control

    --- 1.7.0-3/debian/control 2017-06-23 08:12:00.000000000 +0000 +++ 1.7.0-3ubuntu8/debian/control 2018-07-18 15:45:50.000000000 +0000 @@ -1,6 +1,7 @@ Source: ldns Priority: extra -Maintainer: Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org> Uploaders: Ondřej Surý <ondrej@debian.org> Build-Depends: autotools-dev, chrpath, @@ -11,8 +12,8 @@ Build-Depends: autotools-dev, libpcap-dev, libssl-dev (>= 1.1.0), pkg-config, - python-all-dev, - python3-all-dev, + python-dev, + python3-dev, swig Standards-Version: 3.9.8 Section: net
  3. Download patch debian/patches/series

    --- 1.7.0-3/debian/patches/series 2017-06-23 08:12:00.000000000 +0000 +++ 1.7.0-3ubuntu8/debian/patches/series 2017-11-22 16:46:14.000000000 +0000 @@ -1 +1,3 @@ 0001-Don-t-require-libldns.la-for-pyldns.patch +CVE-2017-1000231.patch +CVE-2017-1000232.patch
  4. Download patch debian/patches/CVE-2017-1000231.patch

    --- 1.7.0-3/debian/patches/CVE-2017-1000231.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.7.0-3ubuntu8/debian/patches/CVE-2017-1000231.patch 2017-11-22 16:46:11.000000000 +0000 @@ -0,0 +1,40 @@ +From c8391790c96d4c8a2c10f9ab1460fda83b509fc2 Mon Sep 17 00:00:00 2001 +From: Willem Toorop <willem@nlnetlabs.nl> +Date: Thu, 27 Apr 2017 00:14:58 +0200 +Subject: Check parse limit before t increment + +Thanks Stephan Zeisberg +--- + Changelog | 2 ++ + parse.c | 4 ++++ + 2 files changed, 6 insertions(+) + +#diff --git a/Changelog b/Changelog +#index d746ccb..7786148 100644 +#--- a/Changelog +#+++ b/Changelog +#@@ -1,4 +1,6 @@ +# 1.7.1 ????-??-?? +#+ * bugfix #1256: Check parse limit before t increment +#+ Thanks Stephan Zeisberg +# * bugfix #1245: Only one signature per RRset needs to be valid with +# ldns-verify-zone. Thanks Emil Natan. +# * ldns-notify can use all supported hash algorithms with -y. +diff --git a/parse.c b/parse.c +index e68627c..947dbb8 100644 +--- a/parse.c ++++ b/parse.c +@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li + if (line_nr) { + *line_nr = *line_nr + 1; + } ++ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { ++ *t = '\0'; ++ return -1; ++ } + *t++ = ' '; + prev_c = c; + continue; +-- +cgit v0.11.2 +
  1. ldns