Version in base suite: 1.0-162-g27f917f-2

Base version: booth_1.0-162-g27f917f-2
Target version: booth_1.0-162-g27f917f-2+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/b/booth/booth_1.0-162-g27f917f-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/b/booth/booth_1.0-162-g27f917f-2+deb10u1.dsc

 changelog                   |    6 ++++++
 patches/CVE-2022-2553.patch |   25 +++++++++++++++++++++++++
 patches/series              |    1 +
 3 files changed, 32 insertions(+)

diff -Nru booth-1.0-162-g27f917f/debian/changelog booth-1.0-162-g27f917f/debian/changelog
--- booth-1.0-162-g27f917f/debian/changelog	2019-01-20 10:43:08.000000000 +0000
+++ booth-1.0-162-g27f917f/debian/changelog	2022-07-28 20:47:48.000000000 +0000
@@ -1,3 +1,9 @@
+booth (1.0-162-g27f917f-2+deb10u1) buster-security; urgency=high
+
+  * d/patches: add patch for CVE-2022-2553
+
+ -- Valentin Vidic <vvidic@debian.org>  Thu, 28 Jul 2022 22:47:48 +0200
+
 booth (1.0-162-g27f917f-2) unstable; urgency=medium
 
   * d/tests: ignore Blind faith warning from pacemaker
diff -Nru booth-1.0-162-g27f917f/debian/patches/CVE-2022-2553.patch booth-1.0-162-g27f917f/debian/patches/CVE-2022-2553.patch
--- booth-1.0-162-g27f917f/debian/patches/CVE-2022-2553.patch	1970-01-01 00:00:00.000000000 +0000
+++ booth-1.0-162-g27f917f/debian/patches/CVE-2022-2553.patch	2022-07-28 20:47:00.000000000 +0000
@@ -0,0 +1,25 @@
+From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Mon, 4 Jul 2022 09:39:47 +0200
+Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro"
+
+This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c.
+
+authfile != authkey
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ src/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/main.c
++++ b/src/main.c
+@@ -355,7 +355,7 @@
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (is_auth_req()) {
++	if (booth_conf->authfile[0] != '\0') {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
diff -Nru booth-1.0-162-g27f917f/debian/patches/series booth-1.0-162-g27f917f/debian/patches/series
--- booth-1.0-162-g27f917f/debian/patches/series	2018-10-11 08:28:41.000000000 +0000
+++ booth-1.0-162-g27f917f/debian/patches/series	2022-07-28 20:46:34.000000000 +0000
@@ -1,3 +1,4 @@
 spelling.patch
 wrong-local-ip-assumption-in-tests.patch
 fix-conf-clean.patch
+CVE-2022-2553.patch