Version in base suite: 0.6.0-2

Base version: sniproxy_0.6.0-2
Target version: sniproxy_0.6.0-2+deb11u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/sniproxy/sniproxy_0.6.0-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/s/sniproxy/sniproxy_0.6.0-2+deb11u1.dsc

 changelog                    |    8 ++++
 patches/CVE-2023-25076.patch |   71 +++++++++++++++++++++++++++++++++++++++++++
 patches/series               |    2 +
 3 files changed, 81 insertions(+)

diff -Nru sniproxy-0.6.0/debian/changelog sniproxy-0.6.0/debian/changelog
--- sniproxy-0.6.0/debian/changelog	2020-07-23 20:27:57.000000000 +0000
+++ sniproxy-0.6.0/debian/changelog	2023-04-29 17:03:02.000000000 +0000
@@ -1,3 +1,11 @@
+sniproxy (0.6.0-2+deb11u1) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2023-25076 (Closes: #1033752)
+    fix buffer overflow while handling wildcard backend hosts
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Sat, 29 Apr 2023 19:03:02 +0200
+
 sniproxy (0.6.0-2) unstable; urgency=medium
 
   * Fix "ftbfs with GCC-10" by applying patch
diff -Nru sniproxy-0.6.0/debian/patches/CVE-2023-25076.patch sniproxy-0.6.0/debian/patches/CVE-2023-25076.patch
--- sniproxy-0.6.0/debian/patches/CVE-2023-25076.patch	1970-01-01 00:00:00.000000000 +0000
+++ sniproxy-0.6.0/debian/patches/CVE-2023-25076.patch	2023-04-29 17:03:02.000000000 +0000
@@ -0,0 +1,71 @@
+commit f8d9a433fe22ab2fa15c00179048ab02ae23d583
+Author: Dustin Lundquist <dustin@null-ptr.net>
+Date:   Thu Mar 16 20:42:20 2023 -0700
+
+    address: fix buffer overflow
+    
+    Update tests to work on Debian 11.
+
+Index: sniproxy-0.6.0/src/address.c
+===================================================================
+--- sniproxy-0.6.0.orig/src/address.c	2023-04-29 19:26:00.397699547 +0200
++++ sniproxy-0.6.0/src/address.c	2023-04-29 19:26:00.397699547 +0200
+@@ -143,6 +143,8 @@
+     if (hostname_or_ip[0] == '[' &&
+             (port = strchr(hostname_or_ip, ']')) != NULL) {
+         len = (size_t)(port - hostname_or_ip - 1);
++        if (len >= INET6_ADDRSTRLEN)
++            return NULL;
+ 
+         /* inet_pton() will not parse the IP correctly unless it is in a
+          * separate string.
+Index: sniproxy-0.6.0/tests/Makefile.am
+===================================================================
+--- sniproxy-0.6.0.orig/tests/Makefile.am	2023-04-29 19:26:00.397699547 +0200
++++ sniproxy-0.6.0/tests/Makefile.am	2023-04-29 19:26:25.017710380 +0200
+@@ -1,5 +1,7 @@
+ AM_CPPFLAGS = -I$(top_srcdir)/src -g $(LIBEV_CFLAGS) $(LIBPCRE_CFLAGS) $(LIBUDNS_CFLAGS)
+ 
++.NOTPARALLEL:
++
+ TESTS = address_test \
+         buffer_test \
+         cfg_tokenizer_test \
+Index: sniproxy-0.6.0/tests/bad_dns_request_test
+===================================================================
+--- sniproxy-0.6.0.orig/tests/bad_dns_request_test	2023-04-29 19:26:00.397699547 +0200
++++ sniproxy-0.6.0/tests/bad_dns_request_test	2023-04-29 19:26:00.397699547 +0200
+@@ -36,6 +36,11 @@
+         client => \&http_client,
+     },
+     {
++        # Exceed hostname buffer size
++        request => "GET / HTTP/1.1\r\nHost: [" . 'long.' x 60 . "example.com]\r\n\r\n",
++        client => \&http_client,
++    },
++    {
+         # Test client aborting connection before DNS response received
+         request => "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n",
+         client => \&http_client_abort,
+Index: sniproxy-0.6.0/tests/slow_client_test
+===================================================================
+--- sniproxy-0.6.0.orig/tests/slow_client_test	2023-04-29 19:26:00.397699547 +0200
++++ sniproxy-0.6.0/tests/slow_client_test	2023-04-29 19:26:00.397699547 +0200
+@@ -31,11 +31,16 @@
+     my $socket = IO::Socket::INET->new(PeerAddr => '127.0.0.1',
+             PeerPort => $port,
+             Proto => "tcp",
+-            Type => SOCK_STREAM)
++            Type => SOCK_STREAM,
++            Timeout => 5)
+         or die "couldn't connect $!";
+ 
+     $socket->send($request);
+     foreach (split("\r\n", $request)) {
++        unless ($socket->connected()) {
++            print "Disconnected\n";
++            exit(0);
++        }
+         $socket->send("$_\r\n");
+         sleep(1);
+     }
diff -Nru sniproxy-0.6.0/debian/patches/series sniproxy-0.6.0/debian/patches/series
--- sniproxy-0.6.0/debian/patches/series	2020-07-23 20:27:57.000000000 +0000
+++ sniproxy-0.6.0/debian/patches/series	2023-04-29 17:03:02.000000000 +0000
@@ -1 +1,3 @@
 01_fix_gcc-10-build.patch
+
+CVE-2023-25076.patch