Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package radsecproxy
Version 1.8.2-4 fixes a minor CVE in some of the provided example helper
scripts.
There is no change to any other active code in radsecproxy itself. A
full debdiff is attached.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
unblock radsecproxy/1.8.2-4
diff -Nru radsecproxy-1.8.2/debian/changelog radsecproxy-1.8.2/debian/changelog
--- radsecproxy-1.8.2/debian/changelog 2020-11-23 12:09:13.000000000 +0100
+++ radsecproxy-1.8.2/debian/changelog 2021-05-27 07:58:57.000000000 +0200
@@ -1,3 +1,9 @@
+radsecproxy (1.8.2-4) unstable; urgency=high
+
+ * Fix CVE-2021-32642
+
+ -- Sven Hartge <s...@svenhartge.de> Thu, 27 May 2021 07:58:57 +0200
+
radsecproxy (1.8.2-3) unstable; urgency=medium
* Remove override for no longer existing lintian tag.
diff -Nru radsecproxy-1.8.2/debian/gbp.conf radsecproxy-1.8.2/debian/gbp.conf
--- radsecproxy-1.8.2/debian/gbp.conf 1970-01-01 01:00:00.000000000 +0100
+++ radsecproxy-1.8.2/debian/gbp.conf 2021-05-27 07:58:57.000000000 +0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch = bullseye
+
diff -Nru radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642
radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642
--- radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642 1970-01-01
01:00:00.000000000 +0100
+++ radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642 2021-05-27
07:58:57.000000000 +0200
@@ -0,0 +1,124 @@
+Author: Fabian Mauchle <fabian.mauc...@switch.ch>
+Last-Update: 2021-05-04
+Description: add result validation to dyndisc example scripts
+
+Original Commit ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af Mon Sep 17 00:00:00
2001
+reported by Philipp Jeitner and Haya Shulman, Fraunhofer SIT
+
+---
+ tools/naptr-eduroam.sh | 40 ++++++++++++++++++++++++++--------------
+ tools/radsec-dynsrv.sh | 20 ++++++++++++++++----
+ 2 files changed, 42 insertions(+), 18 deletions(-)
+
+diff --git a/tools/naptr-eduroam.sh b/tools/naptr-eduroam.sh
+index e310812..5402d18 100755
+--- a/tools/naptr-eduroam.sh
++++ b/tools/naptr-eduroam.sh
+@@ -19,41 +19,53 @@ DIGCMD=$(command -v dig)
+ HOSTCMD=$(command -v host)
+ PRINTCMD=$(command -v printf)
+
++validate_host() {
++ echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
++}
++
++validate_port() {
++ echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
++}
++
+ dig_it_srv() {
+ ${DIGCMD} +short srv $SRV_HOST | sort -n -k1 |
+ while read line; do
+- set $line ; PORT=$3 ; HOST=$4
+- $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++ set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
++ if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++ $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++ fi
+ done
+ }
+
+ dig_it_naptr() {
+ ${DIGCMD} +short naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k1
|
+ while read line; do
+- set $line ; TYPE=$3 ; HOST=$6
+- if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
+- SRV_HOST=${HOST%.}
+- dig_it_srv
+- fi
++ set $line ; TYPE=$3 ; HOST=$(validate_host $6)
++ if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n
"${HOST}" ]; then
++ SRV_HOST=${HOST%.}
++ dig_it_srv
++ fi
+ done
+ }
+
+ host_it_srv() {
+ ${HOSTCMD} -t srv $SRV_HOST | sort -n -k5 |
+ while read line; do
+- set $line ; PORT=$7 ; HOST=$8
+- $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++ set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8)
++ if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++ $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++ fi
+ done
+ }
+
+ host_it_naptr() {
+ ${HOSTCMD} -t naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k5 |
+ while read line; do
+- set $line ; TYPE=$7 ; HOST=${10}
+- if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
+- SRV_HOST=${HOST%.}
+- host_it_srv
+- fi
++ set $line ; TYPE=$7 ; HOST=$(validate_host ${10})
++ if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n
"${HOST}" ]; then
++ SRV_HOST=${HOST%.}
++ host_it_srv
++ fi
+ done
+ }
+
+diff --git a/tools/radsec-dynsrv.sh b/tools/radsec-dynsrv.sh
+index 2eff080..68bb5ba 100755
+--- a/tools/radsec-dynsrv.sh
++++ b/tools/radsec-dynsrv.sh
+@@ -19,19 +19,31 @@ DIGCMD=$(command -v digaaa)
+ HOSTCMD=$(command -v host)
+ PRINTCMD=$(command -v printf)
+
++validate_host() {
++ echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
++}
++
++validate_port() {
++ echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
++}
++
+ dig_it() {
+ ${DIGCMD} +short srv _radsec._tcp.${REALM} | sort -n -k1 |
+ while read line ; do
+- set $line ; PORT=$3 ; HOST=$4
+- $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++ set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
++ if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++ $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++ fi
+ done
+ }
+
+ host_it() {
+ ${HOSTCMD} -t srv _radsec._tcp.${REALM} | sort -n -k5 |
+ while read line ; do
+- set $line ; PORT=$7 ; HOST=$8
+- $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++ set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8)
++ if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++ $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++ fi
+ done
+ }
+
diff -Nru radsecproxy-1.8.2/debian/patches/series
radsecproxy-1.8.2/debian/patches/series
--- radsecproxy-1.8.2/debian/patches/series 2020-11-23 12:09:13.000000000
+0100
+++ radsecproxy-1.8.2/debian/patches/series 2021-05-27 07:58:57.000000000
+0200
@@ -1,2 +1,3 @@
fix-spelling-errors
move-manpages-to-8
+fix-cve-2021-32642
diff -Nru radsecproxy-1.8.2/debian/salsa-ci.yml
radsecproxy-1.8.2/debian/salsa-ci.yml
--- radsecproxy-1.8.2/debian/salsa-ci.yml 2020-11-23 12:09:13.000000000
+0100
+++ radsecproxy-1.8.2/debian/salsa-ci.yml 2021-05-27 07:58:57.000000000
+0200
@@ -4,5 +4,5 @@
-
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
variables:
- RELEASE: 'unstable'
+ RELEASE: 'bullseye'
SALSA_CI_DISABLE_AUTOPKGTEST: 1
