summaryrefslogtreecommitdiffstats
path: root/source/n/ppp/ppp.CVE-2020-8597.patch
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2021-01-25 20:42:50 +0000
committer Eric Hameleers <alien@slackware.com>2021-01-26 08:59:51 +0100
commit3e99129ce30e9474c935b340011d77bf3e72842b (patch)
tree7c5c0e6cdbac8e8897143693a777135ecc175cc0 /source/n/ppp/ppp.CVE-2020-8597.patch
parent6197acd604d6d8e70b3523d1a5abfa101270ddf3 (diff)
downloadcurrent-3e99129ce30e9474c935b340011d77bf3e72842b.tar.gz
current-3e99129ce30e9474c935b340011d77bf3e72842b.tar.xz
Mon Jan 25 20:42:50 UTC 202120210125204250
a/openssl10-solibs-1.0.2u-x86_64-2.txz: Removed. d/make-4.3-x86_64-2.txz: Rebuilt. We'll upgrade to make-4.3 again (with a few patches from Fedora) since this is now working with all the sources that we ship. l/gst-plugins-base0-0.10.36-x86_64-4.txz: Removed. l/gst-plugins-good0-0.10.31-x86_64-4.txz: Removed. l/gstreamer0-0.10.36-x86_64-3.txz: Removed. l/libcap-2.47-x86_64-1.txz: Upgraded. l/libsamplerate-0.2.1-x86_64-1.txz: Upgraded. l/libvisual-plugins-0.4.0-x86_64-6.txz: Rebuilt. Drop actor_gstreamer.so (requires gstreamer0). l/mozjs78-78.7.0esr-x86_64-1.txz: Upgraded. l/talloc-2.3.2-x86_64-1.txz: Upgraded. n/NetworkManager-1.28.0-x86_64-4.txz: Rebuilt. Rebuilt for ppp-2.4.9. n/openssl10-1.0.2u-x86_64-2.txz: Removed. n/ppp-2.4.9-x86_64-1.txz: Upgraded. n/rp-pppoe-3.14-x86_64-3.txz: Rebuilt. Rebuilt for ppp-2.4.9. x/ibus-libpinyin-1.12.0-x86_64-1.txz: Upgraded. x/ibus-table-1.12.4-x86_64-1.txz: Upgraded. x/libpinyin-2.6.0-x86_64-1.txz: Upgraded. xap/mozilla-firefox-78.7.0esr-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/78.7.0/releasenotes/ (* Security fix *) xfce/xfce4-whiskermenu-plugin-2.5.3-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/ppp/ppp.CVE-2020-8597.patch')
-rw-r--r--source/n/ppp/ppp.CVE-2020-8597.patch37
1 files changed, 0 insertions, 37 deletions
diff --git a/source/n/ppp/ppp.CVE-2020-8597.patch b/source/n/ppp/ppp.CVE-2020-8597.patch
deleted file mode 100644
index 5d7c51bca..000000000
--- a/source/n/ppp/ppp.CVE-2020-8597.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
-From: Paul Mackerras <paulus@ozlabs.org>
-Date: Mon, 3 Feb 2020 15:53:28 +1100
-Subject: [PATCH] pppd: Fix bounds check in EAP code
-
-Given that we have just checked vallen < len, it can never be the case
-that vallen >= len + sizeof(rhostname). This fixes the check so we
-actually avoid overflowing the rhostname array.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
----
- pppd/eap.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/pppd/eap.c b/pppd/eap.c
-index 94407f56..1b93db01 100644
---- a/pppd/eap.c
-+++ b/pppd/eap.c
-@@ -1420,7 +1420,7 @@ int len;
- }
-
- /* Not so likely to happen. */
-- if (vallen >= len + sizeof (rhostname)) {
-+ if (len - vallen >= sizeof (rhostname)) {
- dbglog("EAP: trimming really long peer name down");
- BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
- rhostname[sizeof (rhostname) - 1] = '\0';
-@@ -1846,7 +1846,7 @@ int len;
- }
-
- /* Not so likely to happen. */
-- if (vallen >= len + sizeof (rhostname)) {
-+ if (len - vallen >= sizeof (rhostname)) {
- dbglog("EAP: trimming really long peer name down");
- BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
- rhostname[sizeof (rhostname) - 1] = '\0';
generated by cgit v1.2.3-65-gdbad (git 2.45.1) at 2024-06-25 10:42:33 +0000