Hello community,
here is the log from the commit of package ppp for openSUSE:Factory checked in
at 2020-02-15 22:23:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ppp (Old)
and /work/SRC/openSUSE:Factory/.ppp.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ppp"
Sat Feb 15 22:23:36 2020 rev:39 rq:772130 version:2.4.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/ppp/ppp.changes 2018-10-12 13:09:17.419419666
+0200
+++ /work/SRC/openSUSE:Factory/.ppp.new.26092/ppp.changes 2020-02-15
22:23:40.567253142 +0100
@@ -1,0 +2,6 @@
+Fri Feb 7 14:30:35 UTC 2020 - Reinhard Max <m...@suse.com>
+
+- CVE-2020-8597, bsc#1162610, ppp-CVE-2020-8597.patch: rhostname
+ buffer overflow in the eap_request and eap_response functions.
+
+-------------------------------------------------------------------
New:
----
ppp-CVE-2020-8597.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ppp.spec ++++++
--- /var/tmp/diff_new_pack.BE6pyL/_old 2020-02-15 22:23:41.323253551 +0100
+++ /var/tmp/diff_new_pack.BE6pyL/_new 2020-02-15 22:23:41.327253553 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ppp
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -75,6 +75,7 @@
Patch24: ppp-CVE-2015-3310.patch
Patch25: fix-header-conflict.patch
Patch26: ppp-2.4.7-DES-openssl.patch
+Patch27: ppp-CVE-2020-8597.patch
BuildRequires: libpcap-devel
BuildRequires: linux-atm-devel
BuildRequires: openssl-devel
@@ -146,6 +147,7 @@
%patch24
%patch25 -p1
%patch26 -p1
+%patch27
sed -i -e '1s/local\///' scripts/secure-card
find scripts -type f | xargs chmod a-x
find -type f -name '*.orig' | xargs rm -f
++++++ ppp-CVE-2020-8597.patch ++++++
>From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <pau...@ozlabs.org>
Date: Mon, 3 Feb 2020 15:53:28 +1100
Subject: [PATCH] pppd: Fix bounds check in EAP code
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com>
Signed-off-by: Paul Mackerras <pau...@ozlabs.org>
---
pppd/eap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- pppd/eap.c.orig
+++ pppd/eap.c
@@ -1421,7 +1421,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1847,7 +1847,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
