diff -Nru zfs-linux-0.8.3/debian/changelog zfs-linux-0.8.3/debian/changelog
--- zfs-linux-0.8.3/debian/changelog	2022-11-30 15:46:58.000000000 +0000
+++ zfs-linux-0.8.3/debian/changelog	2023-11-02 14:49:36.000000000 +0000
@@ -1,3 +1,16 @@
+zfs-linux (0.8.3-1ubuntu12.16) focal-security; urgency=medium
+
+  * SECURITY UPDATE: silent failure when parsing IPv6 restrictions
+    - debian/patches/CVE-2013-20001.patch: pass through ipv6 addresses in
+      bracket notation in lib/libshare/os/linux/nfs.c, man/man8/zfs.8,
+      tests/runfiles/linux.run,
+      tests/zfs-tests/tests/functional/cli_root/zfs_share/Makefile.am,
+      tests/zfs-tests/tests/functional/cli_root/zfs_share/zfs_share_007_neg.ksh,
+      tests/zfs-tests/tests/functional/cli_root/zfs_share/zfs_share_013_pos.ksh.
+    - CVE-2013-20001
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 02 Nov 2023 10:49:36 -0400
+
 zfs-linux (0.8.3-1ubuntu12.15) focal; urgency=medium
 
   * Fix zfs_arc_max getting ignored when value below allmem/32 (LP: #1964992)
diff -Nru zfs-linux-0.8.3/debian/patches/CVE-2013-20001.patch zfs-linux-0.8.3/debian/patches/CVE-2013-20001.patch
--- zfs-linux-0.8.3/debian/patches/CVE-2013-20001.patch	1970-01-01 00:00:00.000000000 +0000
+++ zfs-linux-0.8.3/debian/patches/CVE-2013-20001.patch	2023-11-02 14:49:23.000000000 +0000
@@ -0,0 +1,221 @@
+Backport of:
+
+From 6cb5e1e7591da20af3a15793e022345a73e40fb7 Mon Sep 17 00:00:00 2001
+From: felixdoerre <felixdoerre@users.noreply.github.com>
+Date: Wed, 20 Oct 2021 19:40:00 +0200
+Subject: [PATCH] libshare: nfs: pass through ipv6 addresses in bracket
+ notation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Recognize when the host part of a sharenfs attribute is an ipv6
+Literal and pass that through without modification.
+
+Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
+Signed-off-by: Felix Dörre <felix@dogcraft.de>
+Closes: #11171
+Closes #11939
+Closes: #1894
+---
+ lib/libshare/os/linux/nfs.c                   | 47 +++++++++--
+ man/man8/zfs.8                                |  2 +-
+ tests/runfiles/linux.run                      |  2 +-
+ .../functional/cli_root/zfs_share/Makefile.am |  1 +
+ .../cli_root/zfs_share/zfs_share_007_neg.ksh  |  2 +-
+ .../cli_root/zfs_share/zfs_share_013_pos.ksh  | 80 +++++++++++++++++++
+ 6 files changed, 126 insertions(+), 8 deletions(-)
+ create mode 100755 tests/zfs-tests/tests/functional/cli_root/zfs_share/zfs_share_013_pos.ksh
+
+--- a/lib/libshare/nfs.c
++++ b/lib/libshare/nfs.c
+@@ -129,8 +129,9 @@ foreach_nfs_host_cb(const char *opt, con
+ {
+ 	int rc;
+ 	const char *access;
+-	char *host_dup, *host, *next;
++	char *host_dup, *host, *next, *v6Literal;
+ 	nfs_host_cookie_t *udata = (nfs_host_cookie_t *)pcookie;
++	int cidr_len;
+ 
+ #ifdef DEBUG
+ 	fprintf(stderr, "foreach_nfs_host_cb: key=%s, value=%s\n", opt, value);
+@@ -153,10 +154,46 @@ foreach_nfs_host_cb(const char *opt, con
+ 		host = host_dup;
+ 
+ 		do {
+-			next = strchr(host, ':');
+-			if (next != NULL) {
+-				*next = '\0';
+-				next++;
++			if (*host == '[') {
++				host++;
++				v6Literal = strchr(host, ']');
++				if (v6Literal == NULL) {
++					free(host_dup);
++					return (SA_SYNTAX_ERR);
++				}
++				if (v6Literal[1] == '\0') {
++					*v6Literal = '\0';
++					next = NULL;
++				} else if (v6Literal[1] == '/') {
++					next = strchr(v6Literal + 2, ':');
++					if (next == NULL) {
++						cidr_len =
++						    strlen(v6Literal + 1);
++						memmove(v6Literal,
++						    v6Literal + 1,
++						    cidr_len);
++						v6Literal[cidr_len] = '\0';
++					} else {
++						cidr_len = next - v6Literal - 1;
++						memmove(v6Literal,
++						    v6Literal + 1,
++						    cidr_len);
++						v6Literal[cidr_len] = '\0';
++						next++;
++					}
++				} else if (v6Literal[1] == ':') {
++					*v6Literal = '\0';
++					next = v6Literal + 2;
++				} else {
++					free(host_dup);
++					return (SA_SYNTAX_ERR);
++				}
++			} else {
++				next = strchr(host, ':');
++				if (next != NULL) {
++					*next = '\0';
++					next++;
++				}
+ 			}
+ 
+ 			rc = udata->callback(udata->sharepath, host,
+--- a/man/man8/zfs.8
++++ b/man/man8/zfs.8
+@@ -4912,7 +4912,7 @@ on the
+ .Em tank/home
+ file system.
+ .Bd -literal
+-# zfs set sharenfs='rw=@123.123.0.0/16,root=neo' tank/home
++# zfs set sharenfs='rw=@123.123.0.0/16:[::1],root=neo' tank/home
+ .Ed
+ .Pp
+ If you are using
+--- a/tests/runfiles/linux.run
++++ b/tests/runfiles/linux.run
+@@ -257,7 +257,7 @@ tags = ['functional', 'cli_root', 'zfs_s
+ tests = ['zfs_share_001_pos', 'zfs_share_002_pos', 'zfs_share_003_pos',
+     'zfs_share_004_pos', 'zfs_share_005_pos', 'zfs_share_006_pos',
+     'zfs_share_007_neg', 'zfs_share_008_neg', 'zfs_share_009_neg',
+-    'zfs_share_010_neg', 'zfs_share_011_pos']
++    'zfs_share_010_neg', 'zfs_share_011_pos', 'zfs_share_013_pos']
+ tags = ['functional', 'cli_root', 'zfs_share']
+ 
+ [tests/functional/cli_root/zfs_snapshot]
+--- a/tests/zfs-tests/tests/functional/cli_root/zfs_share/Makefile.am
++++ b/tests/zfs-tests/tests/functional/cli_root/zfs_share/Makefile.am
+@@ -12,7 +12,8 @@ dist_pkgdata_SCRIPTS = \
+ 	zfs_share_008_neg.ksh \
+ 	zfs_share_009_neg.ksh \
+ 	zfs_share_010_neg.ksh \
+-	zfs_share_011_pos.ksh
++	zfs_share_011_pos.ksh \
++	zfs_share_013_pos.ksh
+ 
+ dist_pkgdata_DATA = \
+ 	zfs_share.cfg
+--- a/tests/zfs-tests/tests/functional/cli_root/zfs_share/zfs_share_007_neg.ksh
++++ b/tests/zfs-tests/tests/functional/cli_root/zfs_share/zfs_share_007_neg.ksh
+@@ -51,7 +51,7 @@ function cleanup {
+ 
+ set -A badopts \
+     "r0" "r0=machine1" "r0=machine1:machine2" \
+-    "-g" "-b" "-c" "-d" "--invalid" \
++    "-g" "-b" "-c" "-d" "--invalid" "rw=[::1]a:[::2]" "rw=[::1" \
+     "$TESTPOOL" "$TESTPOOL/$TESTFS" "$TESTPOOL\$TESTCTR\$TESTFS1"
+ 
+ log_assert "Verify that invalid share parameters and options are caught."
+--- /dev/null
++++ b/tests/zfs-tests/tests/functional/cli_root/zfs_share/zfs_share_013_pos.ksh
+@@ -0,0 +1,80 @@
++#!/bin/ksh -p
++#
++# CDDL HEADER START
++#
++# The contents of this file are subject to the terms of the
++# Common Development and Distribution License (the "License").
++# You may not use this file except in compliance with the License.
++#
++# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
++# or http://www.opensolaris.org/os/licensing.
++# See the License for the specific language governing permissions
++# and limitations under the License.
++#
++# When distributing Covered Code, include this CDDL HEADER in each
++# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
++# If applicable, add the following below this CDDL HEADER, with the
++# fields enclosed by brackets "[]" replaced with your own identifying
++# information: Portions Copyright [yyyy] [name of copyright owner]
++#
++# CDDL HEADER END
++#
++
++#
++# Copyright (c) 2020, Felix Dörre
++#
++
++. $STF_SUITE/include/libtest.shlib
++
++#
++# DESCRIPTION:
++# Verify that NFS share options including ipv6 literals are parsed and propagated correctly.
++#
++
++verify_runnable "global"
++
++function cleanup
++{
++	log_must zfs set sharenfs=off $TESTPOOL/$TESTFS
++	is_shared $TESTPOOL/$TESTFS && \
++		log_must unshare_fs $TESTPOOL/$TESTFS
++}
++
++log_onexit cleanup
++
++cleanup
++
++log_must zfs set sharenfs="rw=[::1]" $TESTPOOL/$TESTFS
++output=$(showshares_nfs 2>&1)
++log_must grep "::1(" <<< "$output" > /dev/null
++
++log_must zfs set sharenfs="rw=[2::3]" $TESTPOOL/$TESTFS
++output=$(showshares_nfs 2>&1)
++log_must grep "2::3(" <<< "$output" > /dev/null
++
++log_must zfs set sharenfs="rw=[::1]:[2::3]" $TESTPOOL/$TESTFS
++output=$(showshares_nfs 2>&1)
++log_must grep "::1(" <<< "$output" > /dev/null
++log_must grep "2::3(" <<< "$output" > /dev/null
++
++log_must zfs set sharenfs="rw=[::1]/64" $TESTPOOL/$TESTFS
++output=$(showshares_nfs 2>&1)
++log_must grep "::1/64(" <<< "$output" > /dev/null
++
++log_must zfs set sharenfs="rw=[2::3]/128" $TESTPOOL/$TESTFS
++output=$(showshares_nfs 2>&1)
++log_must grep "2::3/128(" <<< "$output" > /dev/null
++
++log_must zfs set sharenfs="rw=[::1]/32:[2::3]/128" $TESTPOOL/$TESTFS
++output=$(showshares_nfs 2>&1)
++log_must grep "::1/32(" <<< "$output" > /dev/null
++log_must grep "2::3/128(" <<< "$output" > /dev/null
++
++log_must zfs set sharenfs="rw=[::1]:[2::3]/64:[2a01:1234:1234:1234:aa34:234:1234:1234]:1.2.3.4/24" $TESTPOOL/$TESTFS
++output=$(showshares_nfs 2>&1)
++log_must grep "::1(" <<< "$output" > /dev/null
++log_must grep "2::3/64(" <<< "$output" > /dev/null
++log_must grep "2a01:1234:1234:1234:aa34:234:1234:1234(" <<< "$output" > /dev/null
++log_must grep "1\\.2\\.3\\.4/24(" <<< "$output" > /dev/null
++
++log_pass "NFS share ip address propagated correctly."
diff -Nru zfs-linux-0.8.3/debian/patches/series zfs-linux-0.8.3/debian/patches/series
--- zfs-linux-0.8.3/debian/patches/series	2022-11-30 15:46:58.000000000 +0000
+++ zfs-linux-0.8.3/debian/patches/series	2023-11-02 14:45:19.000000000 +0000
@@ -32,3 +32,4 @@
 4920-Fix-zfs_get_data-access-to-files-with-wrong-generati.patch
 4930-Dont-ignore-zfs_arc_max-below-allmem-32.patch
 4931-Restore-processing-for-arc-min-and-arc-max.patch
+CVE-2013-20001.patch