Bug#989177: marked as done (unblock: radsecproxy/1.8.2-4 (CVE-2021-32642))

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Fri, 28 May 2021 20:50:53 +0000
with message-id <E1lmjRV-0002Fv-4H@respighi.debian.org>
and subject line unblock radsecproxy
has caused the Debian Bug report #989177,
regarding unblock: radsecproxy/1.8.2-4 (CVE-2021-32642)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
989177: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989177
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: radsecproxy/1.8.2-4
• From: Sven Hartge <sven@svenhartge.de>
• Date: Thu, 27 May 2021 18:44:24 +0200
• Message-id: <[🔎] 162213386404.3645.5041068525184257353.reportbug@skuld.feds.ath.cx>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package radsecproxy

Version 1.8.2-4 fixes a minor CVE in some of the provided example helper
scripts.

There is no change to any other active code in radsecproxy itself. A
full debdiff is attached.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

unblock radsecproxy/1.8.2-4

diff -Nru radsecproxy-1.8.2/debian/changelog radsecproxy-1.8.2/debian/changelog
--- radsecproxy-1.8.2/debian/changelog	2020-11-23 12:09:13.000000000 +0100
+++ radsecproxy-1.8.2/debian/changelog	2021-05-27 07:58:57.000000000 +0200
@@ -1,3 +1,9 @@
+radsecproxy (1.8.2-4) unstable; urgency=high
+
+  * Fix CVE-2021-32642
+
+ -- Sven Hartge <sven@svenhartge.de>  Thu, 27 May 2021 07:58:57 +0200
+
 radsecproxy (1.8.2-3) unstable; urgency=medium
 
   * Remove override for no longer existing lintian tag.
diff -Nru radsecproxy-1.8.2/debian/gbp.conf radsecproxy-1.8.2/debian/gbp.conf
--- radsecproxy-1.8.2/debian/gbp.conf	1970-01-01 01:00:00.000000000 +0100
+++ radsecproxy-1.8.2/debian/gbp.conf	2021-05-27 07:58:57.000000000 +0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch = bullseye
+
diff -Nru radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642 radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642
--- radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642	1970-01-01 01:00:00.000000000 +0100
+++ radsecproxy-1.8.2/debian/patches/fix-cve-2021-32642	2021-05-27 07:58:57.000000000 +0200
@@ -0,0 +1,124 @@
+Author: Fabian Mauchle <fabian.mauchle@switch.ch>
+Last-Update: 2021-05-04
+Description: add result validation to dyndisc example scripts
+
+Original Commit ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af Mon Sep 17 00:00:00 2001
+reported by Philipp Jeitner and Haya Shulman, Fraunhofer SIT
+
+---
+ tools/naptr-eduroam.sh | 40 ++++++++++++++++++++++++++--------------
+ tools/radsec-dynsrv.sh | 20 ++++++++++++++++----
+ 2 files changed, 42 insertions(+), 18 deletions(-)
+
+diff --git a/tools/naptr-eduroam.sh b/tools/naptr-eduroam.sh
+index e310812..5402d18 100755
+--- a/tools/naptr-eduroam.sh
++++ b/tools/naptr-eduroam.sh
+@@ -19,41 +19,53 @@ DIGCMD=$(command -v dig)
+ HOSTCMD=$(command -v host)
+ PRINTCMD=$(command -v printf)
+ 
++validate_host() {
++         echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
++}
++
++validate_port() {
++         echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
++}
++
+ dig_it_srv() {
+     ${DIGCMD} +short srv $SRV_HOST | sort -n -k1 |
+     while read line; do
+-	set $line ; PORT=$3 ; HOST=$4
+-	$PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++        set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
++        if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++            $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++        fi
+     done
+ }
+ 
+ dig_it_naptr() {
+     ${DIGCMD} +short naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k1 |
+     while read line; do
+-	set $line ; TYPE=$3 ; HOST=$6
+-	if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
+-	    SRV_HOST=${HOST%.}
+-	    dig_it_srv
+-	fi
++        set $line ; TYPE=$3 ; HOST=$(validate_host $6)
++        if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n "${HOST}" ]; then
++            SRV_HOST=${HOST%.}
++            dig_it_srv
++        fi
+     done
+ }
+ 
+ host_it_srv() {
+     ${HOSTCMD} -t srv $SRV_HOST | sort -n -k5 |
+     while read line; do
+-	set $line ; PORT=$7 ; HOST=$8 
+-	$PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++        set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8) 
++        if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++            $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++        fi
+     done
+ }
+ 
+ host_it_naptr() {
+     ${HOSTCMD} -t naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k5 |
+     while read line; do
+-	set $line ; TYPE=$7 ; HOST=${10}
+-	if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
+-	    SRV_HOST=${HOST%.}
+-	    host_it_srv
+-	fi
++        set $line ; TYPE=$7 ; HOST=$(validate_host ${10})
++        if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n "${HOST}" ]; then
++            SRV_HOST=${HOST%.}
++            host_it_srv
++        fi
+     done
+ }
+ 
+diff --git a/tools/radsec-dynsrv.sh b/tools/radsec-dynsrv.sh
+index 2eff080..68bb5ba 100755
+--- a/tools/radsec-dynsrv.sh
++++ b/tools/radsec-dynsrv.sh
+@@ -19,19 +19,31 @@ DIGCMD=$(command -v digaaa)
+ HOSTCMD=$(command -v host)
+ PRINTCMD=$(command -v printf)
+ 
++validate_host() {
++         echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
++}
++
++validate_port() {
++         echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
++}
++
+ dig_it() {
+    ${DIGCMD} +short srv _radsec._tcp.${REALM} | sort -n -k1 |
+    while read line ; do
+-      set $line ; PORT=$3 ; HOST=$4 
+-      $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++      set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
++      if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then 
++         $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++      fi
+    done
+ }
+ 
+ host_it() {
+    ${HOSTCMD} -t srv _radsec._tcp.${REALM} | sort -n -k5 |
+    while read line ; do
+-      set $line ; PORT=$7 ; HOST=$8 
+-      $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++      set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8) 
++      if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
++         $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
++      fi
+    done
+ }
+ 
diff -Nru radsecproxy-1.8.2/debian/patches/series radsecproxy-1.8.2/debian/patches/series
--- radsecproxy-1.8.2/debian/patches/series	2020-11-23 12:09:13.000000000 +0100
+++ radsecproxy-1.8.2/debian/patches/series	2021-05-27 07:58:57.000000000 +0200
@@ -1,2 +1,3 @@
 fix-spelling-errors
 move-manpages-to-8
+fix-cve-2021-32642
diff -Nru radsecproxy-1.8.2/debian/salsa-ci.yml radsecproxy-1.8.2/debian/salsa-ci.yml
--- radsecproxy-1.8.2/debian/salsa-ci.yml	2020-11-23 12:09:13.000000000 +0100
+++ radsecproxy-1.8.2/debian/salsa-ci.yml	2021-05-27 07:58:57.000000000 +0200
@@ -4,5 +4,5 @@
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
 
 variables:
-  RELEASE: 'unstable'
+  RELEASE: 'bullseye'
   SALSA_CI_DISABLE_AUTOPKGTEST: 1

--- End Message ---

--- Begin Message ---

• To: 989177-done@bugs.debian.org
• Subject: unblock radsecproxy
• From: Sebastian Ramacher <sramacher@respighi.debian.org>
• Date: Fri, 28 May 2021 20:50:53 +0000
• Message-id: <E1lmjRV-0002Fv-4H@respighi.debian.org>

Unblocked.

--- End Message ---