Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, there are two low-priority CVEs affecting libyang and the security team suggested updating this via SRM, so I am doing that. (I was asked by David Lamparter to help with libyang and frr packaging.) The updated package basically pulls the three extra patches that have been added to version in unstable. Changes: libyang (0.16.105-1+deb10u1) buster; urgency=medium . * Fix CVE-2019-19333 & CVE-2019-19334 (Closes: #946217) * Fix cache corruption crash (upstream bug 752) Thanks, Ondrej - -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_IE:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAl66TUNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJgBA//UDW+bFmaPs1+i2C7IC/KpCNfxTduocVoXYyJaKzNVEvFANkTntBspuZ7 1h1qpYu1VxqF3K/9UaRAtZg4mqFy957a+537Z3ChlR61Z7NmzpjiSkWPuxM7XKJH 7+3C5T1PQPypVcBhXmQaGJRkO3/NJ+ZpGkxnIPEdcO4pxsfwuojOXvbJxRRX26Ho yz9cu0r27hrF3RGRemqW3v4TCCmdCLnH5xm1LhI3px1+bt3qOAWHE/f07F8bfyGP 0Cv0UKY8kuimaQOGdNxCL/zJ1ijw1jFJld2TN3fm2DU37WRao0dnmirrjTRxRI+W I1+FXBMpXLgFaye4zR6zgatRh4jEHRcCvLlI70P1gSeD5jY9VHMmSDvNo1lIBGlw JTvO8hg/rSKkm8PKUQ3GJYc0qmbC88xTkP2AsS7QFIsXwelQzqaxodHA3ncIdmES W82NRfycMyxnhp20JgerHsx0rxzpb/5ax7MYC6vmNHAE4Rc8OXx3qxrcC7ZI3Xxl CM5XumQSJUt1NmnwXGgjJsm8dX+1eaZTmdYT8pU7Sz9wfsyesTPZvi5m2QSEguL0 Z33WFBHgrOqaA+jhr8PlhY4t/BARpe0TBWmuKRMA7nVxo3vbJVrddmuImOSpveWn SNghIUeFTkCz05cqBVS1Urho1mTEGp7u+XSJcdoZlEr/QwxT1nQ= =ivkD -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: libyang Binary: libyang0.16, libyang-dev, yang-tools, libyang-cpp0.16, libyang-cpp-dev, python3-yang, python3-yang-dbg Architecture: any Version: 0.16.105-1+deb10u1 Maintainer: David Lamparter <equinox-deb...@diac24.net> Uploaders: CESNET <rkre...@cesnet.cz> Homepage: https://netopeer.liberouter.org/ Standards-Version: 4.2.1 Vcs-Browser: https://github.com/CESNET/libyang/tree/debian Vcs-Git: https://github.com/CESNET/libyang.git -b debian Testsuite: autopkgtest Testsuite-Triggers: gzip, python3-all Build-Depends: bison, cmake, debhelper (>= 11~), libcmocka-dev <!nocheck>, libpcre3-dev, swig (>= 3.0.12), python3-all-dev, python3-all-dbg, pkg-config Package-List: libyang-cpp-dev deb libdevel optional arch=any libyang-cpp0.16 deb libs optional arch=any libyang-dev deb libdevel optional arch=any libyang0.16 deb libs optional arch=any python3-yang deb python optional arch=any python3-yang-dbg deb debug optional arch=any yang-tools deb devel optional arch=any Checksums-Sha1: 68601741bf42c124a63ca0579ceea1d8e6faf4dd 2999818 libyang_0.16.105.orig.tar.gz e62f67aef08e6d134c931e8da7bb1ba960ea0a1e 19660 libyang_0.16.105-1+deb10u1.debian.tar.xz Checksums-Sha256: 4745460dedc4ba17d8bcfc39ad9ba0d1b91bbe82b55b9417a090390909ba8ca5 2999818 libyang_0.16.105.orig.tar.gz a79468c764550221244017ea6b81f4ab463b429c15c2daa9492c4e9aa6cf50de 19660 libyang_0.16.105-1+deb10u1.debian.tar.xz Files: a7cc2cc10de2ec92a51eee69c98566fa 2999818 libyang_0.16.105.orig.tar.gz 517b25fcb3aca7e8bd238f28ed634b60 19660 libyang_0.16.105-1+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAl66TPBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJbeA//SWBLjEYqHNCMvONCYIrwflShNGYBT6FDdGeUkxuDlN5dsSfm0lG77W5h MaVFQ8qtPVYtBt8m3ZGlqxuMtwlrmkuJIObAtxs0eiFeJ2U2Zec073iz2s5OYBwt UrVpBCEcfAOf0zMXTDglSZTqLJQ3qAfCzjgAKKrC/4rvTYMQqZ2PdcrGovjOTqEJ weNCABr0qI3lClHdIXsWYMejp0CZsOH3vaSfLSrwAnQHL1H+qxHpLjIAkcgWOiTz B159wZ86xFiiipaTc1cba+4DESoBJyiSU7NdPa3Lxrta/EVAsozXK2F0gLGoTgeY DdDVvRKItU6iDD4GEEx8s7xwG1lq6IWl23l8D3wBn4wDXvrjz4KcdjB9ujo99AxX vc6F1PKz0C7B/NA7lT0e2d8EtSEp98Gy98059Z52k+2Krh3LV/qrbcS19v9Y+Gh6 tlK0w5mYlg8TiSOpEA8BecM9qq9iWO/AGzDm2qaJvih7A6NKqZrpBH9r4CvifNdd d0WmSeGTxFX2ogBc1pu1li6bdTzLuxPNAfF7I+qBMLdzJAP7pIfzlqihJ/+rJSQJ IT0CdRlyVzDxD9M13SBNAdWNeIGpKSJrau4L4B8L5/CcCNTa/lP+4vm3meLxiw4g Con9zDiFZOnSd5T3hOv8hYsLtu1kIUv0P7EvWYhSRzxlKyKUjMg= =97Ie -----END PGP SIGNATURE-----
diff -Nru libyang-0.16.105/debian/changelog libyang-0.16.105/debian/changelog
--- libyang-0.16.105/debian/changelog 2019-01-23 01:32:43.000000000 +0100
+++ libyang-0.16.105/debian/changelog 2020-05-12 09:02:56.000000000 +0200
@@ -1,3 +1,10 @@
+libyang (0.16.105-1+deb10u1) buster; urgency=medium
+
+ * Fix CVE-2019-19333 & CVE-2019-19334 (Closes: #946217)
+ * Fix cache corruption crash (upstream bug 752)
+
+ -- Ondřej Surý <ond...@debian.org> Tue, 12 May 2020 09:02:56 +0200
+
libyang (0.16.105-1) unstable; urgency=medium
* upstream 0.16.105 (0.16-r3) release
diff -Nru libyang-0.16.105/debian/gbp.conf libyang-0.16.105/debian/gbp.conf
--- libyang-0.16.105/debian/gbp.conf 1970-01-01 01:00:00.000000000 +0100
+++ libyang-0.16.105/debian/gbp.conf 2020-05-12 09:02:56.000000000 +0200
@@ -0,0 +1,7 @@
+[DEFAULT]
+debian-branch = debian/buster
+upstream-branch = upstream/buster
+pristine-tar = True
+
+[dch]
+meta = 1
diff -Nru
libyang-0.16.105/debian/patches/0001-parser-BUGFIX-long-identity-name-buffer-overflow.patch
libyang-0.16.105/debian/patches/0001-parser-BUGFIX-long-identity-name-buffer-overflow.patch
---
libyang-0.16.105/debian/patches/0001-parser-BUGFIX-long-identity-name-buffer-overflow.patch
1970-01-01 01:00:00.000000000 +0100
+++
libyang-0.16.105/debian/patches/0001-parser-BUGFIX-long-identity-name-buffer-overflow.patch
2020-05-12 09:02:56.000000000 +0200
@@ -0,0 +1,253 @@
+Applied-Upstream: f6d684ade99dd37b21babaa8a856f64faa1e2e0d
+Author: Michal Vasko <mva...@cesnet.cz>
+Last-Update: 2019-12-22
+Description: parser BUGFIX long identity name buffer overflow
+ STRING_OVERFLOW (CWE-120)
+
+diff --git a/src/parser.c b/src/parser.c
+index 3303041d15e7..281a97aac6d6 100644
+--- a/src/parser.c
++++ b/src/parser.c
+@@ -979,7 +979,7 @@ lyp_precompile_pattern(struct ly_ctx *ctx, const char
*pattern, pcre** pcre_cmp,
+ * @param[in] data2 If \p type is #LY_TYPE_BITS: (int *) type bit field
length,
+ * #LY_TYPE_DEC64: (uint8_t *) number of
fraction digits (position of the floating point),
+ * otherwise ignored.
+- * @return 1 if a conversion took place, 0 if the value was kept the same.
++ * @return 1 if a conversion took place, 0 if the value was kept the same, -1
on error.
+ */
+ static int
+ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1,
void *data2)
+@@ -994,6 +994,8 @@ make_canonical(struct ly_ctx *ctx, int type, const char
**value, void *data1, vo
+ uint64_t unum;
+ uint8_t c;
+
++#define LOGBUF(str) LOGERR(ctx, LY_EINVAL, "Value \"%s\" is too long.", str)
++
+ switch (type) {
+ case LY_TYPE_BITS:
+ bits = (struct lys_type_bit **)data1;
+@@ -1006,8 +1008,10 @@ make_canonical(struct ly_ctx *ctx, int type, const char
**value, void *data1, vo
+ continue;
+ }
+ if (buf[0]) {
++ LY_CHECK_ERR_RETURN(strlen(buf) + 1 + strlen(bits[i]->name) >
buf_len, LOGBUF(bits[i]->name), -1);
+ sprintf(buf + strlen(buf), " %s", bits[i]->name);
+ } else {
++ LY_CHECK_ERR_RETURN(strlen(bits[i]->name) > buf_len,
LOGBUF(bits[i]->name), -1);
+ strcpy(buf, bits[i]->name);
+ }
+ }
+@@ -1025,7 +1029,7 @@ make_canonical(struct ly_ctx *ctx, int type, const char
**value, void *data1, vo
+
+ case LY_TYPE_INST:
+ exp = lyxp_parse_expr(ctx, *value);
+- LY_CHECK_ERR_RETURN(!exp, LOGINT(ctx), 0);
++ LY_CHECK_ERR_RETURN(!exp, LOGINT(ctx), -1);
+
+ module_name = NULL;
+ count = 0;
+@@ -1035,9 +1039,9 @@ make_canonical(struct ly_ctx *ctx, int type, const char
**value, void *data1, vo
+ /* copy WS */
+ if (i && ((end = exp->expr + exp->expr_pos[i - 1] +
exp->tok_len[i - 1]) != cur_expr)) {
+ if (count + (cur_expr - end) > buf_len) {
+- LOGINT(ctx);
+ lyxp_expr_free(exp);
+- return 0;
++ LOGBUF(end);
++ return -1;
+ }
+ strncpy(&buf[count], end, cur_expr - end);
+ count += cur_expr - end;
+@@ -1051,9 +1055,9 @@ make_canonical(struct ly_ctx *ctx, int type, const char
**value, void *data1, vo
+ if (!module_name || strncmp(cur_expr, module_name, j)) {
+ /* print module name with colon, it does not equal to the
parent one */
+ if (count + j > buf_len) {
+- LOGINT(ctx);
+ lyxp_expr_free(exp);
+- return 0;
++ LOGBUF(cur_expr);
++ return -1;
+ }
+ strncpy(&buf[count], cur_expr, j);
+ count += j;
+@@ -1062,17 +1066,17 @@ make_canonical(struct ly_ctx *ctx, int type, const
char **value, void *data1, vo
+
+ /* copy the rest */
+ if (count + (exp->tok_len[i] - j) > buf_len) {
+- LOGINT(ctx);
+ lyxp_expr_free(exp);
+- return 0;
++ LOGBUF(end);
++ return -1;
+ }
+ strncpy(&buf[count], end, exp->tok_len[i] - j);
+ count += exp->tok_len[i] - j;
+ } else {
+ if (count + exp->tok_len[i] > buf_len) {
+- LOGINT(ctx);
+ lyxp_expr_free(exp);
+- return 0;
++ LOGBUF(&exp->expr[exp->expr_pos[i]]);
++ return -1;
+ }
+ strncpy(&buf[count], &exp->expr[exp->expr_pos[i]],
exp->tok_len[i]);
+ count += exp->tok_len[i];
+@@ -1081,7 +1085,7 @@ make_canonical(struct ly_ctx *ctx, int type, const char
**value, void *data1, vo
+ if (count > buf_len) {
+ LOGINT(ctx);
+ lyxp_expr_free(exp);
+- return 0;
++ return -1;
+ }
+ buf[count] = '\0';
+
+@@ -1146,6 +1150,8 @@ make_canonical(struct ly_ctx *ctx, int type, const char
**value, void *data1, vo
+ }
+
+ return 0;
++
++#undef LOGBUF
+ }
+
+ static const char *
+@@ -1411,7 +1417,10 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ c = c + len;
+ }
+
+- make_canonical(ctx, LY_TYPE_BITS, value_, bits,
&type->info.bits.count);
++ if (make_canonical(ctx, LY_TYPE_BITS, value_, bits,
&type->info.bits.count) == -1) {
++ free(bits);
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1469,7 +1478,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_DEC64, value_, &num,
&type->info.dec64.dig);
++ if (make_canonical(ctx, LY_TYPE_DEC64, value_, &num,
&type->info.dec64.dig) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1597,7 +1608,10 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ type->parent->flags |= LYS_DFLTJSON;
+ }
+
+- make_canonical(ctx, LY_TYPE_IDENT, &value,
(void*)lys_main_module(local_mod)->name, NULL);
++ if (make_canonical(ctx, LY_TYPE_IDENT, &value,
(void*)lys_main_module(local_mod)->name, NULL) == -1) {
++ lydict_remove(ctx, value);
++ goto error;
++ }
+
+ /* replace the old value with the new one (even if they may be the
same) */
+ lydict_remove(ctx, *value_);
+@@ -1650,8 +1664,12 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ /* turn logging back on */
+ ly_ilo_restore(NULL, prev_ilo, NULL, 0);
+ } else {
+- if (make_canonical(ctx, LY_TYPE_INST, &value, NULL, NULL)) {
+- /* if a change occured, value was removed from the dicionary
so fix the pointers */
++ if ((c = make_canonical(ctx, LY_TYPE_INST, &value, NULL, NULL))) {
++ if (c == -1) {
++ goto error;
++ }
++
++ /* if a change occurred, value was removed from the
dictionary so fix the pointers */
+ *value_ = value;
+ }
+ }
+@@ -1752,7 +1770,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_INT8, value_, &num, NULL);
++ if (make_canonical(ctx, LY_TYPE_INT8, value_, &num, NULL) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1767,7 +1787,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_INT16, value_, &num, NULL);
++ if (make_canonical(ctx, LY_TYPE_INT16, value_, &num, NULL) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1782,7 +1804,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_INT32, value_, &num, NULL);
++ if (make_canonical(ctx, LY_TYPE_INT32, value_, &num, NULL) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1798,7 +1822,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_INT64, value_, &num, NULL);
++ if (make_canonical(ctx, LY_TYPE_INT64, value_, &num, NULL) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1813,7 +1839,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_UINT8, value_, &unum, NULL);
++ if (make_canonical(ctx, LY_TYPE_UINT8, value_, &unum, NULL) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1828,7 +1856,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_UINT16, value_, &unum, NULL);
++ if (make_canonical(ctx, LY_TYPE_UINT16, value_, &unum, NULL) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1843,7 +1873,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_UINT32, value_, &unum, NULL);
++ if (make_canonical(ctx, LY_TYPE_UINT32, value_, &unum, NULL) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+@@ -1858,7 +1890,9 @@ lyp_parse_value(struct lys_type *type, const char
**value_, struct lyxml_elem *x
+ goto error;
+ }
+
+- make_canonical(ctx, LY_TYPE_UINT64, value_, &unum, NULL);
++ if (make_canonical(ctx, LY_TYPE_UINT64, value_, &unum, NULL) == -1) {
++ goto error;
++ }
+
+ if (store) {
+ /* store the result */
+--
+2.24.1
+
diff -Nru
libyang-0.16.105/debian/patches/0002-parser-BUGFIX-long-identityref-default-value-buffer-.patch
libyang-0.16.105/debian/patches/0002-parser-BUGFIX-long-identityref-default-value-buffer-.patch
---
libyang-0.16.105/debian/patches/0002-parser-BUGFIX-long-identityref-default-value-buffer-.patch
1970-01-01 01:00:00.000000000 +0100
+++
libyang-0.16.105/debian/patches/0002-parser-BUGFIX-long-identityref-default-value-buffer-.patch
2020-05-12 09:02:56.000000000 +0200
@@ -0,0 +1,24 @@
+Applied-Upstream: 6980afae2ff9fcd6d67508b0a3f694d75fd059d6
+Author: Michal Vasko <mva...@cesnet.cz>
+Last-Updated: 2019-12-22
+Description: parser BUGFIX long identityref default value buffer overflow
+ STRING_OVERFLOW (CWE-120)
+
+diff --git a/src/parser.c b/src/parser.c
+index 281a97aac6d6..6979b9c17df3 100644
+--- a/src/parser.c
++++ b/src/parser.c
+@@ -1021,8 +1021,10 @@ make_canonical(struct ly_ctx *ctx, int type, const char
**value, void *data1, vo
+ module_name = (const char *)data1;
+ /* identity must always have a prefix */
+ if (!strchr(*value, ':')) {
++ LY_CHECK_ERR_RETURN(strlen(module_name) + 1 + strlen(*value) >
buf_len, LOGBUF(*value), -1);
+ sprintf(buf, "%s:%s", module_name, *value);
+ } else {
++ LY_CHECK_ERR_RETURN(strlen(*value) > buf_len, LOGBUF(*value), -1);
+ strcpy(buf, *value);
+ }
+ break;
+--
+2.24.1
+
diff -Nru
libyang-0.16.105/debian/patches/0003-data-tree-BUGFIX-handle-hashes-for-lyd_dup_withsibli.patch
libyang-0.16.105/debian/patches/0003-data-tree-BUGFIX-handle-hashes-for-lyd_dup_withsibli.patch
---
libyang-0.16.105/debian/patches/0003-data-tree-BUGFIX-handle-hashes-for-lyd_dup_withsibli.patch
1970-01-01 01:00:00.000000000 +0100
+++
libyang-0.16.105/debian/patches/0003-data-tree-BUGFIX-handle-hashes-for-lyd_dup_withsibli.patch
2020-05-12 09:02:56.000000000 +0200
@@ -0,0 +1,55 @@
+Applied-Upstream: 4eae42b0d36f07ae91672d648ecd4ce37701b356
+Author: Michal Vasko <mva...@cesnet.cz>
+Last-Updated: 2019-12-22
+Description: data tree BUGFIX handle hashes for lyd_dup_withsiblings
+
+diff --git a/src/tree_data.c b/src/tree_data.c
+index f0fb27b7d165..8bad9c9ea58b 100644
+--- a/src/tree_data.c
++++ b/src/tree_data.c
+@@ -5747,14 +5747,28 @@ lyd_dup_withsiblings_r(const struct lyd_node *first,
struct lyd_node *parent_dup
+ last_dup->when_status = next->when_status;
+
+ last_dup->parent = parent_dup;
++ /* connect to the parent or the siblings */
+ if (!first_dup) {
+ first_dup = last_dup;
++ if (parent_dup) {
++ parent_dup->child = first_dup;
++ }
+ } else {
+ assert(prev_dup);
+ prev_dup->next = last_dup;
+ last_dup->prev = prev_dup;
+ }
+
++#ifdef LY_ENABLED_CACHE
++ /* copy hash */
++ if ((last_dup->schema->nodetype != LYS_LIST) ||
lyd_list_has_keys(last_dup)) {
++ last_dup->hash = next->hash;
++ }
++
++ /* insert into parent */
++ lyd_insert_hash(last_dup);
++#endif
++
+ if ((next->schema->nodetype & (LYS_LIST | LYS_CONTAINER | LYS_RPC |
LYS_ACTION | LYS_NOTIF)) && next->child) {
+ /* recursively duplicate all children */
+ if (!lyd_dup_withsiblings_r(next->child, last_dup, options)) {
+@@ -5765,12 +5779,9 @@ lyd_dup_withsiblings_r(const struct lyd_node *first,
struct lyd_node *parent_dup
+ prev_dup = last_dup;
+ }
+
+- /* correctly set last sibling and parent child pointer */
++ /* correctly set last sibling */
+ assert(!prev_dup->next);
+ first_dup->prev = prev_dup;
+- if (parent_dup) {
+- parent_dup->child = first_dup;
+- }
+
+ return first_dup;
+
+--
+2.24.1
+
diff -Nru libyang-0.16.105/debian/patches/pybuild
libyang-0.16.105/debian/patches/pybuild
--- libyang-0.16.105/debian/patches/pybuild 2018-11-09 18:14:24.000000000
+0100
+++ libyang-0.16.105/debian/patches/pybuild 2020-05-12 09:02:56.000000000
+0200
@@ -3,7 +3,7 @@
version, and on top of that there was no way to get things built for a debug
version of python.
Author: David Lamparter <equinox-deb...@diac24.net>
-Last-Update: 2018-11-08
+Last-Update: 2019-12-22
diff --git a/swig/CMakeLists.txt b/swig/CMakeLists.txt
index a2b2616256da..d10b495f6297 100644
@@ -89,7 +89,7 @@
set(CMAKE_SWIG_FLAGS "-c++")
-set(CMAKE_SWIG_FLAGS "-I${PROJECT_SOURCE_DIR}")
-+set(CMAKE_SWIG_FLAGS "-I${PROJECT_SOURCE_DIR}"
"-I${PROJECT_SOURCE_DIR}/cpp/src")
++set(CMAKE_SWIG_FLAGS "-I${PROJECT_SOURCE_DIR}"
"-I${PROJECT_SOURCE_DIR}/cpp/src" "-interface" "_${PYTHON_SWIG_BINDING}")
set(CMAKE_SWIG_OUTDIR ${CMAKE_CURRENT_BINARY_DIR})
-set_source_files_properties(${PYTHON_SWIG_BINDING}.i PROPERTIES CPLUSPLUS ON
PREFIX "")
diff -Nru libyang-0.16.105/debian/patches/series
libyang-0.16.105/debian/patches/series
--- libyang-0.16.105/debian/patches/series 2019-01-23 01:14:14.000000000
+0100
+++ libyang-0.16.105/debian/patches/series 2020-05-12 09:02:56.000000000
+0200
@@ -1,2 +1,5 @@
pybuild
swigpy37
+0001-parser-BUGFIX-long-identity-name-buffer-overflow.patch
+0002-parser-BUGFIX-long-identityref-default-value-buffer-.patch
+0003-data-tree-BUGFIX-handle-hashes-for-lyd_dup_withsibli.patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 12 May 2020 09:02:56 +0200 Source: libyang Architecture: source Version: 0.16.105-1+deb10u1 Distribution: buster-updates Urgency: medium Maintainer: David Lamparter <equinox-deb...@diac24.net> Changed-By: Ondřej Surý <ond...@debian.org> Closes: 946217 Changes: libyang (0.16.105-1+deb10u1) buster; urgency=medium . * Fix CVE-2019-19333 & CVE-2019-19334 (Closes: #946217) * Fix cache corruption crash (upstream bug 752) Checksums-Sha1: bf53eda0662705a33995d79082827488c8fd325a 2593 libyang_0.16.105-1+deb10u1.dsc e62f67aef08e6d134c931e8da7bb1ba960ea0a1e 19660 libyang_0.16.105-1+deb10u1.debian.tar.xz 1d828cd2aa7bafd6818b92403144139b696aab7d 10658 libyang_0.16.105-1+deb10u1_amd64.buildinfo Checksums-Sha256: a96584d1832a282119329180f647c0292811ab0fcc6d80ded26f9770f89a945d 2593 libyang_0.16.105-1+deb10u1.dsc a79468c764550221244017ea6b81f4ab463b429c15c2daa9492c4e9aa6cf50de 19660 libyang_0.16.105-1+deb10u1.debian.tar.xz 7c3f5e7ec044632c2acb3b8873466bb5afa6124ccd46cc1e84121972a28d40e1 10658 libyang_0.16.105-1+deb10u1_amd64.buildinfo Files: 4a9d77f7214616b4daf0f24b993dc3a8 2593 libs optional libyang_0.16.105-1+deb10u1.dsc 517b25fcb3aca7e8bd238f28ed634b60 19660 libs optional libyang_0.16.105-1+deb10u1.debian.tar.xz f223c36998b0bf297fdd88b7f078b5b8 10658 libs optional libyang_0.16.105-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAl66TPBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcIDPRAApUgCle6BaNeA5UI1WboZy8cEFeUhXOUkAG7iWa1rrSoFr0BGbCvHPY1L C0WEkxJTL/xRxZOJUMhOvPgAzyNYET5Xyd4/dKqR++MA7qVmrm5+asi+jO/7I6E3 RWrN/fRokyomlY9fqxbgWMMzZumoNrqFpBPQngF3FLYoPMk/tjB4azL5wuIM5vVF L6JC7CaVBEmgEhHo2wPVCloYyoXrnaKhy5JZlWWUz6zUD18+5jUA8ArDOE3VhNAh HUkvLfrzoYPbR0Sk4YGQ8lrmdtsAgTgnyv9s3ops9nRKkWq6ZZrmNGAiPGDarqK4 J30DmQodTk6+If1Xm3AyQik7UFaXbT9mU889Wwf2e3EbElR/eX4vTjNf8Q3Y1gNy V9kVYtLn3awA8mC8ObCEw+QkriiSui5KhheqnwQDdD28DrAEEX3G0rKGnBR03upU YZG/7ych93xcfGsyqIXTUN5O2I3go155oNmcqmhWnv8MBhmdFgtn8wfNqSQ99fGo Zv1q6VJwnt/af3FI3jZTPsiTbasbEzVX07rAL+N5p8auJBqttI4X9dncpNHR4ZdQ Vm85Bn+7v2OWqh87+xj8xeIC8M5nxiNX0BANKRHz9iPcyBvsZUiBZnYk+7O/mHFe g/UE8h7MOGIvsAktXZscfKSez9cD8Zk+tAhkkHgcN6CGYyNJSQY= =q52B -----END PGP SIGNATURE-----
libyang_0.16.105-1+deb10u1.debian.tar.xz
Description: application/xz
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.0 Source: libyang Binary: libyang0.16 libyang-dev yang-tools libyang-cpp0.16 libyang-cpp-dev python3-yang python3-yang-dbg Architecture: amd64 source Version: 0.16.105-1+deb10u1 Checksums-Md5: 4a9d77f7214616b4daf0f24b993dc3a8 2593 libyang_0.16.105-1+deb10u1.dsc 7aba4858ffaa5684e57af1974a703895 18944 libyang-cpp-dev_0.16.105-1+deb10u1_amd64.deb 56b0d84cfbc8abcf56595a34a3f206ea 1419060 libyang-cpp0.16-dbgsym_0.16.105-1+deb10u1_amd64.deb 3bc4f514726ccb4b8fc9427b484035ab 66220 libyang-cpp0.16_0.16.105-1+deb10u1_amd64.deb f9b2f0d612b1076a8a6a4f813f9dd115 86688 libyang-dev_0.16.105-1+deb10u1_amd64.deb 429149109e3f782fc4062f26e42421c0 1166800 libyang0.16-dbgsym_0.16.105-1+deb10u1_amd64.deb d2731834327d15c9b11da12bd64c676c 393208 libyang0.16_0.16.105-1+deb10u1_amd64.deb 2712d1b3841c1116519593f6b9e6485e 11964228 python3-yang-dbg_0.16.105-1+deb10u1_amd64.deb fdec25401f7717749e9fd193235e4ae4 424104 python3-yang_0.16.105-1+deb10u1_amd64.deb fefb0f30f97eb1d6c6bbefc8f535fbd3 96564 yang-tools-dbgsym_0.16.105-1+deb10u1_amd64.deb c0f51f33be0a7f50ced62b83651ea27c 79384 yang-tools_0.16.105-1+deb10u1_amd64.deb Checksums-Sha1: bf53eda0662705a33995d79082827488c8fd325a 2593 libyang_0.16.105-1+deb10u1.dsc 97a26692a6f4246f19a63c780808a6ec5479965f 18944 libyang-cpp-dev_0.16.105-1+deb10u1_amd64.deb 03ba25a6f7762ec70db159c552aa8ee6391bf98c 1419060 libyang-cpp0.16-dbgsym_0.16.105-1+deb10u1_amd64.deb 536cf89d943602ed2bf48afd1dede0d12fffc77c 66220 libyang-cpp0.16_0.16.105-1+deb10u1_amd64.deb 0784bc2b3e646e5743389d90b5e3f4a4747ef574 86688 libyang-dev_0.16.105-1+deb10u1_amd64.deb 5eff26190f73894a25566ec848af187beb198b80 1166800 libyang0.16-dbgsym_0.16.105-1+deb10u1_amd64.deb 29cf60594b545c4d8aa574b6dd4341d6bf2d2056 393208 libyang0.16_0.16.105-1+deb10u1_amd64.deb 16231b3f40f76be8255a65839f9644967f7e83f9 11964228 python3-yang-dbg_0.16.105-1+deb10u1_amd64.deb f3123f967cc1c8a1f47f6b8588641d3e73087946 424104 python3-yang_0.16.105-1+deb10u1_amd64.deb 5288b55734632bd4b76b1b41226190b250b65ae8 96564 yang-tools-dbgsym_0.16.105-1+deb10u1_amd64.deb a8603ba98e3228ba1e7677d646a452c129c66ce5 79384 yang-tools_0.16.105-1+deb10u1_amd64.deb Checksums-Sha256: a96584d1832a282119329180f647c0292811ab0fcc6d80ded26f9770f89a945d 2593 libyang_0.16.105-1+deb10u1.dsc 8f59535fcaa8393bdcb1717271284020b90c78730bc3d8dc5c2bba980b613615 18944 libyang-cpp-dev_0.16.105-1+deb10u1_amd64.deb 67de02e5d460a90a7aa2d01d14deeca5d2625dc324f2d8af9118c07a935ae130 1419060 libyang-cpp0.16-dbgsym_0.16.105-1+deb10u1_amd64.deb a2ed30c78de56eae48969fbef845c15a2e4d38eb9937791dd3c585d90e0b6fa7 66220 libyang-cpp0.16_0.16.105-1+deb10u1_amd64.deb 9f441777f18117bedfac0d25d064025f044967cdccaf08ac4e4e1fc1d7d0dd60 86688 libyang-dev_0.16.105-1+deb10u1_amd64.deb 4bc88de6772ccefde1915ed045c5b226f71670272b7d711c6a9f74255083a05b 1166800 libyang0.16-dbgsym_0.16.105-1+deb10u1_amd64.deb 4c30ac06f0eb13e805b32962d090fa10d23aa80661038acfe2a8eabd1290d744 393208 libyang0.16_0.16.105-1+deb10u1_amd64.deb e8e2e57e1bd03240474587a261a7a8ce0eeed1d47e89916a35a837937161f8c3 11964228 python3-yang-dbg_0.16.105-1+deb10u1_amd64.deb 5b833995bcd9b957041385402eb3a51cf55dddb68deec63e54aba28c47794aef 424104 python3-yang_0.16.105-1+deb10u1_amd64.deb 29d7329112ba7379c60b1305494368cb2da1a9fd2f0ec65a3ad70235ad44c5ce 96564 yang-tools-dbgsym_0.16.105-1+deb10u1_amd64.deb 4040309b292bace49b5f09ec0fdb1cc580b2b08fd9ce2204f0e7ebaef2c5dec4 79384 yang-tools_0.16.105-1+deb10u1_amd64.deb Build-Origin: Debian Build-Architecture: amd64 Build-Date: Tue, 12 May 2020 09:08:28 +0200 Build-Path: /build/libyang-umzENo/libyang-0.16.105 Installed-Build-Depends: autoconf (= 2.69-11), automake (= 1:1.16.1-4), autopoint (= 0.19.8.1-9), autotools-dev (= 20180224.1), base-files (= 10.3+deb10u4), base-passwd (= 3.5.46), bash (= 5.0-4), binutils (= 2.31.1-16), binutils-common (= 2.31.1-16), binutils-x86-64-linux-gnu (= 2.31.1-16), bison (= 2:3.3.2.dfsg-1), bsdmainutils (= 11.1.2+b1), bsdutils (= 1:2.33.1-0.1), build-essential (= 12.6), bzip2 (= 1.0.6-9.2~deb10u1), cmake (= 3.13.4-1), cmake-data (= 3.13.4-1), coreutils (= 8.30-3), cpp (= 4:8.3.0-1), cpp-8 (= 8.3.0-6), dash (= 0.5.10.2-5), debconf (= 1.5.71), debhelper (= 12.1.1), debianutils (= 4.8.6.1), dh-autoreconf (= 19), dh-python (= 3.20190308), dh-strip-nondeterminism (= 1.1.2-1), diffutils (= 1:3.7-3), dpkg (= 1.19.7), dpkg-dev (= 1.19.7), dwz (= 0.12-3), fdisk (= 2.33.1-0.1), file (= 1:5.35-4+deb10u1), findutils (= 4.6.0+git+20190209-2), g++ (= 4:8.3.0-1), g++-8 (= 8.3.0-6), gcc (= 4:8.3.0-1), gcc-8 (= 8.3.0-6), gcc-8-base (= 8.3.0-6), gettext (= 0.19.8.1-9), gettext-base (= 0.19.8.1-9), grep (= 3.3-1), groff-base (= 1.22.4-3), gzip (= 1.9-3), hostname (= 3.21), init-system-helpers (= 1.56+nmu1), install-info (= 6.5.0.dfsg.1-4+b1), intltool-debian (= 0.35.0+20060710.5), libacl1 (= 2.2.53-4), libarchive-zip-perl (= 1.64-1), libarchive13 (= 3.3.3-4+deb10u1), libasan5 (= 8.3.0-6), libatomic1 (= 8.3.0-6), libattr1 (= 1:2.4.48-4), libaudit-common (= 1:2.8.4-3), libaudit1 (= 1:2.8.4-3), libbinutils (= 2.31.1-16), libbison-dev (= 2:3.3.2.dfsg-1), libblkid1 (= 2.33.1-0.1), libbsd0 (= 0.9.1-2), libbz2-1.0 (= 1.0.6-9.2~deb10u1), libc-bin (= 2.28-10), libc-dev-bin (= 2.28-10), libc6 (= 2.28-10), libc6-dev (= 2.28-10), libcap-ng0 (= 0.7.9-2), libcc1-0 (= 8.3.0-6), libcmocka-dev (= 1.1.3-1), libcmocka0 (= 1.1.3-1), libcom-err2 (= 1.44.5-1+deb10u3), libcroco3 (= 0.6.12-3), libcurl4 (= 7.64.0-4+deb10u1), libdb5.3 (= 5.3.28+dfsg1-0.5), libdebconfclient0 (= 0.249), libdpkg-perl (= 1.19.7), libelf1 (= 0.176-1.1), libexpat1 (= 2.2.6-2+deb10u1), libexpat1-dev (= 2.2.6-2+deb10u1), libfdisk1 (= 2.33.1-0.1), libffi6 (= 3.2.1-9), libfile-stripnondeterminism-perl (= 1.1.2-1), libgcc-8-dev (= 8.3.0-6), libgcc1 (= 1:8.3.0-6), libgcrypt20 (= 1.8.4-5), libgdbm-compat4 (= 1.18.1-4), libgdbm6 (= 1.18.1-4), libglib2.0-0 (= 2.58.3-2+deb10u2), libgmp10 (= 2:6.1.2+dfsg-4), libgnutls30 (= 3.6.7-4+deb10u3), libgomp1 (= 8.3.0-6), libgpg-error0 (= 1.35-1), libgssapi-krb5-2 (= 1.17-3), libhogweed4 (= 3.4.1-1), libicu63 (= 63.1-6+deb10u1), libidn2-0 (= 2.0.5-1+deb10u1), libisl19 (= 0.20-2), libitm1 (= 8.3.0-6), libjsoncpp1 (= 1.7.4-3), libk5crypto3 (= 1.17-3), libkeyutils1 (= 1.6-6), libkrb5-3 (= 1.17-3), libkrb5support0 (= 1.17-3), libldap-2.4-2 (= 2.4.47+dfsg-3+deb10u2), libldap-common (= 2.4.47+dfsg-3+deb10u2), liblsan0 (= 8.3.0-6), liblz4-1 (= 1.8.3-1), liblzma5 (= 5.2.4-1), libmagic-mgc (= 1:5.35-4+deb10u1), libmagic1 (= 1:5.35-4+deb10u1), libmount1 (= 2.33.1-0.1), libmpc3 (= 1.1.0-1), libmpdec2 (= 2.4.2-2), libmpfr6 (= 4.0.2-1), libmpx2 (= 8.3.0-6), libncurses6 (= 6.1+20181013-2+deb10u2), libncursesw6 (= 6.1+20181013-2+deb10u2), libnettle6 (= 3.4.1-1), libnghttp2-14 (= 1.36.0-2+deb10u1), libp11-kit0 (= 0.23.15-2), libpam-modules (= 1.3.1-5), libpam-modules-bin (= 1.3.1-5), libpam-runtime (= 1.3.1-5), libpam0g (= 1.3.1-5), libpcre16-3 (= 2:8.39-12), libpcre3 (= 2:8.39-12), libpcre3-dev (= 2:8.39-12), libpcre32-3 (= 2:8.39-12), libpcrecpp0v5 (= 2:8.39-12), libperl5.28 (= 5.28.1-6), libpipeline1 (= 1.5.1-2), libprocps7 (= 2:3.3.15-2), libpsl5 (= 0.20.2-2), libpython3-all-dbg (= 3.7.3-1), libpython3-all-dev (= 3.7.3-1), libpython3-dbg (= 3.7.3-1), libpython3-dev (= 3.7.3-1), libpython3-stdlib (= 3.7.3-1), libpython3.7 (= 3.7.3-2+deb10u1), libpython3.7-dbg (= 3.7.3-2+deb10u1), libpython3.7-dev (= 3.7.3-2+deb10u1), libpython3.7-minimal (= 3.7.3-2+deb10u1), libpython3.7-stdlib (= 3.7.3-2+deb10u1), libquadmath0 (= 8.3.0-6), libreadline7 (= 7.0-5), librhash0 (= 1.3.8-1), librtmp1 (= 2.4+20151223.gitfa8646d.1-2), libsasl2-2 (= 2.1.27+dfsg-1+deb10u1), libsasl2-modules-db (= 2.1.27+dfsg-1+deb10u1), libseccomp2 (= 2.3.3-4), libselinux1 (= 2.8-1+b1), libsigsegv2 (= 2.12-2), libsmartcols1 (= 2.33.1-0.1), libsqlite3-0 (= 3.27.2-3), libssh2-1 (= 1.8.0-2.1), libssl1.1 (= 1.1.1d-0+deb10u3), libstdc++-8-dev (= 8.3.0-6), libstdc++6 (= 8.3.0-6), libsystemd0 (= 241-7~deb10u4), libtasn1-6 (= 4.13-3), libtinfo6 (= 6.1+20181013-2+deb10u2), libtool (= 2.4.6-9), libtsan0 (= 8.3.0-6), libubsan1 (= 8.3.0-6), libuchardet0 (= 0.0.6-3), libudev1 (= 241-7~deb10u4), libunistring2 (= 0.9.10-1), libuuid1 (= 2.33.1-0.1), libuv1 (= 1.24.1-1), libxml2 (= 2.9.4+dfsg1-7+b3), libzstd1 (= 1.3.8+dfsg-3), linux-libc-dev (= 4.19.118-2), login (= 1:4.5-1.1), lsb-base (= 10.2019051400), m4 (= 1.4.18-2), make (= 4.2.1-1.2), man-db (= 2.8.5-2), mawk (= 1.3.3-17+b3), mime-support (= 3.62), ncurses-base (= 6.1+20181013-2+deb10u2), ncurses-bin (= 6.1+20181013-2+deb10u2), patch (= 2.7.6-3+deb10u1), perl (= 5.28.1-6), perl-base (= 5.28.1-6), perl-modules-5.28 (= 5.28.1-6), pkg-config (= 0.29-6), po-debconf (= 1.0.21), procps (= 2:3.3.15-2), python3 (= 3.7.3-1), python3-all (= 3.7.3-1), python3-all-dbg (= 3.7.3-1), python3-all-dev (= 3.7.3-1), python3-dbg (= 3.7.3-1), python3-dev (= 3.7.3-1), python3-distutils (= 3.7.3-1), python3-lib2to3 (= 3.7.3-1), python3-minimal (= 3.7.3-1), python3.7 (= 3.7.3-2+deb10u1), python3.7-dbg (= 3.7.3-2+deb10u1), python3.7-dev (= 3.7.3-2+deb10u1), python3.7-minimal (= 3.7.3-2+deb10u1), readline-common (= 7.0-5), sed (= 4.7-1), sensible-utils (= 0.0.12), swig (= 3.0.12-2), swig3.0 (= 3.0.12-2), sysvinit-utils (= 2.93-8), tar (= 1.30+dfsg-6), util-linux (= 2.33.1-0.1), xz-utils (= 5.2.4-1), zlib1g (= 1:1.2.11.dfsg-1) Environment: DEB_BUILD_OPTIONS="parallel=8" LANG="en_IE.UTF-8" LC_ALL="C.UTF-8" LD_LIBRARY_PATH="/usr/lib/libeatmydata" SOURCE_DATE_EPOCH="1589266976" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAl66TPBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcKXxA//czNMWBqv18gMU8gtjA/d0dNq/0Ext6OSx3eEwdF8b41eZYdD77rE5C5+ zMM/gakwEKqW3Bo/x9lcnFM/r/WMLeUUxI9v8vZf3JygZO2bo5Q5il2AJeQ7ns7E e2Mz5qI9GWO23R2uEm0eHa1EENYlzZzL9t6a6tfq9ThS9w804nXnW1Z1NpXRZEGl Q5TXAX0e6MHkvZ1N38B78A80wyS79UrCnywDkHbsTAnEqP8KLmQqjG/UhhQ5o/2f nW4rxLhQEHxYpOzU9KCXKDTYtzmapQ/lV1WbQC/UqT8LAgYVxa3dVqvz0pvlNPIK uvrqvLdFYMQLP9DNdGGoztINURpI3Gq7zCjTlzMfxiQfJwvK5w3D/1L3m1jTNgbt ACP773WRucxYfObsX7S9tUw9PWWQkKzFwh496s0VDevkZCqM+bxZBLTfzicTSPoP VqBwn8mHw6bB0lmga/1TAOmomW3hQrm1ne8WjIcaRCwkrTPuZzL9krMvth+OLW2p KwNtwxJXvL9U3xx7HX9ipiXsxo0/nUPQ515DAWw8t4uuJCdyI0ltJq40iSYUhWey fSyalIiX7+8m/4XL+KLzeivnGXl/7sn1oPxsntDmmgD9IKacLpQaJxFw/BEIdLRM pdMMJ5y/6vqmKT6+PykwplHqdeh46auCEuJbjG7cFpNyzLRAO5Q= =Z5YE -----END PGP SIGNATURE-----
