diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2021-01-25 20:42:50 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2021-01-26 08:59:51 +0100 |
commit | 3e99129ce30e9474c935b340011d77bf3e72842b (patch) | |
tree | 7c5c0e6cdbac8e8897143693a777135ecc175cc0 /source/n/ppp/ppp.CVE-2020-8597.patch | |
parent | 6197acd604d6d8e70b3523d1a5abfa101270ddf3 (diff) | |
download | current-3e99129ce30e9474c935b340011d77bf3e72842b.tar.gz current-3e99129ce30e9474c935b340011d77bf3e72842b.tar.xz |
Mon Jan 25 20:42:50 UTC 202120210125204250
a/openssl10-solibs-1.0.2u-x86_64-2.txz: Removed.
d/make-4.3-x86_64-2.txz: Rebuilt.
We'll upgrade to make-4.3 again (with a few patches from Fedora) since this
is now working with all the sources that we ship.
l/gst-plugins-base0-0.10.36-x86_64-4.txz: Removed.
l/gst-plugins-good0-0.10.31-x86_64-4.txz: Removed.
l/gstreamer0-0.10.36-x86_64-3.txz: Removed.
l/libcap-2.47-x86_64-1.txz: Upgraded.
l/libsamplerate-0.2.1-x86_64-1.txz: Upgraded.
l/libvisual-plugins-0.4.0-x86_64-6.txz: Rebuilt.
Drop actor_gstreamer.so (requires gstreamer0).
l/mozjs78-78.7.0esr-x86_64-1.txz: Upgraded.
l/talloc-2.3.2-x86_64-1.txz: Upgraded.
n/NetworkManager-1.28.0-x86_64-4.txz: Rebuilt.
Rebuilt for ppp-2.4.9.
n/openssl10-1.0.2u-x86_64-2.txz: Removed.
n/ppp-2.4.9-x86_64-1.txz: Upgraded.
n/rp-pppoe-3.14-x86_64-3.txz: Rebuilt.
Rebuilt for ppp-2.4.9.
x/ibus-libpinyin-1.12.0-x86_64-1.txz: Upgraded.
x/ibus-table-1.12.4-x86_64-1.txz: Upgraded.
x/libpinyin-2.6.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-78.7.0esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/78.7.0/releasenotes/
(* Security fix *)
xfce/xfce4-whiskermenu-plugin-2.5.3-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/ppp/ppp.CVE-2020-8597.patch')
-rw-r--r-- | source/n/ppp/ppp.CVE-2020-8597.patch | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/source/n/ppp/ppp.CVE-2020-8597.patch b/source/n/ppp/ppp.CVE-2020-8597.patch deleted file mode 100644 index 5d7c51bca..000000000 --- a/source/n/ppp/ppp.CVE-2020-8597.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 -From: Paul Mackerras <paulus@ozlabs.org> -Date: Mon, 3 Feb 2020 15:53:28 +1100 -Subject: [PATCH] pppd: Fix bounds check in EAP code - -Given that we have just checked vallen < len, it can never be the case -that vallen >= len + sizeof(rhostname). This fixes the check so we -actually avoid overflowing the rhostname array. - -Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> -Signed-off-by: Paul Mackerras <paulus@ozlabs.org> ---- - pppd/eap.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/eap.c b/pppd/eap.c -index 94407f56..1b93db01 100644 ---- a/pppd/eap.c -+++ b/pppd/eap.c -@@ -1420,7 +1420,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; -@@ -1846,7 +1846,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; |