Version in base suite: 1.14.3+ds1-5

Base version: ros-ros-comm_1.14.3+ds1-5
Target version: ros-ros-comm_1.14.3+ds1-5+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/r/ros-ros-comm/ros-ros-comm_1.14.3+ds1-5.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/r/ros-ros-comm/ros-ros-comm_1.14.3+ds1-5+deb10u1.dsc

 changelog                              |    7 +++
 patches/0008-fixing-string-check.patch |   65 +++++++++++++++++++++++++++++++++
 patches/1741.patch                     |   21 ++++++++++
 patches/series                         |    2 +
 4 files changed, 95 insertions(+)

diff -Nru ros-ros-comm-1.14.3+ds1/debian/changelog ros-ros-comm-1.14.3+ds1/debian/changelog
--- ros-ros-comm-1.14.3+ds1/debian/changelog	2019-02-18 18:45:15.000000000 +0000
+++ ros-ros-comm-1.14.3+ds1/debian/changelog	2020-01-05 14:33:55.000000000 +0000
@@ -1,3 +1,10 @@
+ros-ros-comm (1.14.3+ds1-5+deb10u1) stable; urgency=high
+
+  * Add https://github.com/ros/ros_comm/pull/1771 (Fix CVE-2019-13566, CVE-2019-13465)
+  * Add https://github.com/ros/ros_comm/pull/1741 (Fix CVE-2019-13445)
+
+ -- Jochen Sprickerhof <jspricke@debian.org>  Sun, 05 Jan 2020 15:33:55 +0100
+
 ros-ros-comm (1.14.3+ds1-5) unstable; urgency=medium
 
   * install ros/transport headers (LP: #1815896)
diff -Nru ros-ros-comm-1.14.3+ds1/debian/patches/0008-fixing-string-check.patch ros-ros-comm-1.14.3+ds1/debian/patches/0008-fixing-string-check.patch
--- ros-ros-comm-1.14.3+ds1/debian/patches/0008-fixing-string-check.patch	1970-01-01 00:00:00.000000000 +0000
+++ ros-ros-comm-1.14.3+ds1/debian/patches/0008-fixing-string-check.patch	2020-01-05 14:33:55.000000000 +0000
@@ -0,0 +1,65 @@
+From: Daniel Wang <daniel.wang@canonical.com>
+Date: Mon, 22 Jul 2019 15:47:21 -0700
+Subject: fixing string check
+
+Signed-off-by: Daniel Wang <daniel.wang@canonical.com>
+---
+ clients/roscpp/src/libros/transport/transport_tcp.cpp | 8 ++++----
+ clients/roscpp/src/libros/transport/transport_udp.cpp | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/clients/roscpp/src/libros/transport/transport_tcp.cpp b/clients/roscpp/src/libros/transport/transport_tcp.cpp
+index f33a355..ddc47f5 100644
+--- a/clients/roscpp/src/libros/transport/transport_tcp.cpp
++++ b/clients/roscpp/src/libros/transport/transport_tcp.cpp
+@@ -276,7 +276,7 @@ bool TransportTCP::connect(const std::string& host, int port)
+ 
+     bool found = false;
+     struct addrinfo* it = addr;
+-    char namebuf[128];
++    char namebuf[128] = {};
+     for (; it; it = it->ai_next)
+     {
+       if (!s_use_ipv6_ && it->ai_family == AF_INET)
+@@ -288,7 +288,7 @@ bool TransportTCP::connect(const std::string& host, int port)
+         address->sin_family = it->ai_family;
+         address->sin_port = htons(port);
+ 	
+-        strcpy(namebuf, inet_ntoa(address->sin_addr));
++        strncpy(namebuf, inet_ntoa(address->sin_addr), sizeof(namebuf)-1);
+         found = true;
+         break;
+       }
+@@ -734,14 +734,14 @@ std::string TransportTCP::getClientURI()
+   sockaddr_in *sin = (sockaddr_in *)&sas;
+   sockaddr_in6 *sin6 = (sockaddr_in6 *)&sas;
+ 
+-  char namebuf[128];
++  char namebuf[128] = {};
+   int port;
+ 
+   switch (sas.ss_family)
+   {
+     case AF_INET:
+       port = ntohs(sin->sin_port);
+-      strcpy(namebuf, inet_ntoa(sin->sin_addr));
++      strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1);
+       break;
+     case AF_INET6:
+       port = ntohs(sin6->sin6_port);
+diff --git a/clients/roscpp/src/libros/transport/transport_udp.cpp b/clients/roscpp/src/libros/transport/transport_udp.cpp
+index 47d969e..45f817e 100644
+--- a/clients/roscpp/src/libros/transport/transport_udp.cpp
++++ b/clients/roscpp/src/libros/transport/transport_udp.cpp
+@@ -710,9 +710,9 @@ std::string TransportUDP::getClientURI()
+ 
+   sockaddr_in *sin = (sockaddr_in *)&sas;
+ 
+-  char namebuf[128];
++  char namebuf[128] = {};
+   int port = ntohs(sin->sin_port);
+-  strcpy(namebuf, inet_ntoa(sin->sin_addr));
++  strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1);
+ 
+   std::string ip = namebuf;
+   std::stringstream uri;
diff -Nru ros-ros-comm-1.14.3+ds1/debian/patches/1741.patch ros-ros-comm-1.14.3+ds1/debian/patches/1741.patch
--- ros-ros-comm-1.14.3+ds1/debian/patches/1741.patch	1970-01-01 00:00:00.000000000 +0000
+++ ros-ros-comm-1.14.3+ds1/debian/patches/1741.patch	2020-01-05 14:33:55.000000000 +0000
@@ -0,0 +1,21 @@
+From: Christopher Wecht <christopher.wechtstudent.kit.edu>
+Date: Thu, 4 Jul 2019 21:19:14 +0200
+Subject: [PATCH] rosbag/record: fix signed int overflow
+
+---
+ tools/rosbag/src/record.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/rosbag/src/record.cpp b/tools/rosbag/src/record.cpp
+index f6cbb20..d8739bc 100644
+--- a/tools/rosbag/src/record.cpp
++++ b/tools/rosbag/src/record.cpp
+@@ -123,7 +123,7 @@ rosbag::RecorderOptions parseOptions(int argc, char** argv) {
+         ROS_WARN("Use of \"--split <MAX_SIZE>\" has been deprecated.  Please use --split --size <MAX_SIZE> or --split --duration <MAX_DURATION>");
+         if (S < 0)
+           throw ros::Exception("Split size must be 0 or positive");
+-        opts.max_size = 1048576 * S;
++        opts.max_size = 1048576 * static_cast<uint64_t>(S);
+       }
+     }
+     if(vm.count("max-splits"))
diff -Nru ros-ros-comm-1.14.3+ds1/debian/patches/series ros-ros-comm-1.14.3+ds1/debian/patches/series
--- ros-ros-comm-1.14.3+ds1/debian/patches/series	2018-10-29 20:01:46.000000000 +0000
+++ ros-ros-comm-1.14.3+ds1/debian/patches/series	2020-01-05 14:33:55.000000000 +0000
@@ -5,3 +5,5 @@
 0005-Add-defaults-to-roswtf.patch
 0006-Use-system-libb64.patch
 0007-Build-Python-3-version-of-roslz4.patch
+0008-fixing-string-check.patch
+1741.patch