summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2020-03-04 22:03:30 +0000
committer Eric Hameleers <alien@slackware.com>2020-03-05 08:59:48 +0100
commitcb1ee501cabf242b70244f6035a07307b0bb2f35 (patch)
treec9c588426367377ac52e7012c100c090bc19c00d /source
parent05aafc282ba7bbef7d888d761c2d42341745bf50 (diff)
downloadcurrent-cb1ee501cabf242b70244f6035a07307b0bb2f35.tar.gz
current-cb1ee501cabf242b70244f6035a07307b0bb2f35.tar.xz
Wed Mar 4 22:03:30 UTC 202020200304220330
a/sdparm-1.10-x86_64-3.txz: Rebuilt. Recompiled against sg3_utils-1.45. a/udisks-1.0.5-x86_64-5.txz: Rebuilt. Recompiled against sg3_utils-1.45. d/cmake-3.16.5-x86_64-1.txz: Upgraded. l/libgpod-0.8.3-x86_64-6.txz: Rebuilt. Recompiled against sg3_utils-1.45. n/curl-7.69.0-x86_64-1.txz: Upgraded. n/cyrus-sasl-2.1.27-x86_64-3.txz: Rebuilt. Added SQL support via MariaDB. Thanks to niksoggia. n/ntp-4.2.8p14-x86_64-1.txz: Upgraded. n/ppp-2.4.8-x86_64-1.txz: Upgraded. This update fixes a security issue: By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597 (* Security fix *) testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-3_pam.txz: Rebuilt. Added SQL support via MariaDB. Thanks to niksoggia. testing/packages/PAM/ppp-2.4.8-x86_64-1_pam.txz: Upgraded. This update fixes a security issue: By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597 (* Security fix *)
Diffstat (limited to '')
-rwxr-xr-xsource/a/sdparm/sdparm.SlackBuild2
-rwxr-xr-xsource/a/udisks/udisks.SlackBuild2
-rwxr-xr-xsource/d/cmake/cmake.SlackBuild2
-rwxr-xr-xsource/l/libgpod/libgpod.SlackBuild2
-rwxr-xr-xsource/n/curl/curl.SlackBuild2
-rwxr-xr-xsource/n/cyrus-sasl/cyrus-sasl.SlackBuild14
-rwxr-xr-xsource/n/ntp/ntp.SlackBuild2
-rw-r--r--source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch35
-rw-r--r--source/n/ppp/ppp.CVE-2020-8597.patch37
-rwxr-xr-xsource/n/ppp/ppp.SlackBuild17
-rw-r--r--source/n/ppp/ppp.glibc228.diff74
-rw-r--r--source/n/ppp/ppp.url3
-rw-r--r--source/n/ppp/slack-desc2
13 files changed, 63 insertions, 131 deletions
diff --git a/source/a/sdparm/sdparm.SlackBuild b/source/a/sdparm/sdparm.SlackBuild
index bc63243d0..6bd5e3c2e 100755
--- a/source/a/sdparm/sdparm.SlackBuild
+++ b/source/a/sdparm/sdparm.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=sdparm
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/a/udisks/udisks.SlackBuild b/source/a/udisks/udisks.SlackBuild
index 5031630a3..b2f756472 100755
--- a/source/a/udisks/udisks.SlackBuild
+++ b/source/a/udisks/udisks.SlackBuild
@@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=udisks
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-4}
+BUILD=${BUILD:-5}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/d/cmake/cmake.SlackBuild b/source/d/cmake/cmake.SlackBuild
index a7dbeb6a6..7b8c62ab9 100755
--- a/source/d/cmake/cmake.SlackBuild
+++ b/source/d/cmake/cmake.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cmake
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/l/libgpod/libgpod.SlackBuild b/source/l/libgpod/libgpod.SlackBuild
index 9a4dfe21c..9232ff256 100755
--- a/source/l/libgpod/libgpod.SlackBuild
+++ b/source/l/libgpod/libgpod.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libgpod
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-5}
+BUILD=${BUILD:-6}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/curl/curl.SlackBuild b/source/n/curl/curl.SlackBuild
index a286ac6de..35708dc70 100755
--- a/source/n/curl/curl.SlackBuild
+++ b/source/n/curl/curl.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=curl
VERSION=${VERSION:-$(echo curl-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
index fbdb54b4b..0be565e26 100755
--- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
+++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2008, 2009, 2010, 2013, 2015, 2017, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2008, 2009, 2010, 2013, 2015, 2017, 2018, 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cyrus-sasl
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | cut -f 3- -d - | rev | cut -f 3- -d . | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -44,6 +44,8 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
exit 0
fi
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
TMP=${TMP:-/tmp}
PKG=$TMP/package-cyrus-sasl
@@ -82,9 +84,13 @@ CFLAGS="$SLKCFLAGS" \
--mandir=/usr/man \
--disable-static \
--enable-login \
+ --enable-sql \
--disable-anon \
--without-ldap \
+ --without-pgsql \
--with-saslauthd \
+ --with-mysql=/usr \
+ --with-sqlite3=/usr \
--with-gdbm \
--with-devrandom=/dev/urandom \
--with-dblib=gdbm || exit 1
@@ -92,8 +98,8 @@ CFLAGS="$SLKCFLAGS" \
# How stupid that I need to specify 'sasldir' again for 'make' or else you get
# the warning "Plugins are being installed into /usr/lib/sasl2, but the library
# will look for them in /usr/lib64/sasl2" and advised to create a symlink...
-make sasldir=/usr/lib${LIBDIRSUFFIX}/sasl2 || exit 1
-make sasldir=/usr/lib${LIBDIRSUFFIX}/sasl2 install DESTDIR=$PKG || exit 1
+make $NUMJOBS sasldir=/usr/lib${LIBDIRSUFFIX}/sasl2 || exit 1
+make $NUMJOBS sasldir=/usr/lib${LIBDIRSUFFIX}/sasl2 install DESTDIR=$PKG || exit 1
# Don't ship .la files:
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
diff --git a/source/n/ntp/ntp.SlackBuild b/source/n/ntp/ntp.SlackBuild
index cbf7c3db5..7d2955388 100755
--- a/source/n/ntp/ntp.SlackBuild
+++ b/source/n/ntp/ntp.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=ntp
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch b/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
deleted file mode 100644
index 9b0920d3b..000000000
--- a/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001
-From: Lubomir Rintel <lkundrak@v3.sk>
-Date: Sat, 10 Dec 2016 19:53:56 +0100
-Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
-
-To fix build breakage.
----
- pppd/plugins/rp-pppoe/pppoe.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
-index 9ab2eee..f77f5b7 100644
---- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
-@@ -15,6 +15,8 @@
-
- #include "config.h"
-
-+#include <netinet/in.h>
-+
- #if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H)
- #define _POSIX_SOURCE 1 /* For sigaction defines */
- #endif
-@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
- #include <linux/if_ether.h>
- #endif
-
--#include <netinet/in.h>
--
- #ifdef HAVE_NETINET_IF_ETHER_H
- #include <sys/types.h>
-
---
-2.9.3
-
diff --git a/source/n/ppp/ppp.CVE-2020-8597.patch b/source/n/ppp/ppp.CVE-2020-8597.patch
new file mode 100644
index 000000000..5d7c51bca
--- /dev/null
+++ b/source/n/ppp/ppp.CVE-2020-8597.patch
@@ -0,0 +1,37 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname). This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f56..1b93db01 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
diff --git a/source/n/ppp/ppp.SlackBuild b/source/n/ppp/ppp.SlackBuild
index 13b21fb36..7253998e0 100755
--- a/source/n/ppp/ppp.SlackBuild
+++ b/source/n/ppp/ppp.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2008, 2009, 2010, 2013, 2015, 2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2013, 2015, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -23,10 +23,10 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=ppp
-VERSION=2.4.7
-RADVER=1.1.6
+VERSION=2.4.8
+RADVER=1.1.7
PPPVER=1.98
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
@@ -64,9 +64,9 @@ echo "+============+"
echo "| ppp-$VERSION |"
echo "+============+"
cd $TMP
-rm -rf ppp-$VERSION
+rm -rf ppp-$VERSION ppp-ppp-$VERSION
tar xvf $CWD/ppp-$VERSION.tar.xz || exit 1
-cd ppp-$VERSION || exit 1
+cd ppp-ppp-$VERSION || ppp-$VERSION || exit 1
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
@@ -81,10 +81,7 @@ sed -i -e "s#lib/pppd#lib${LIBDIRSUFFIX}/pppd#g" $(grep -lr 'lib/pppd' *)
rm -f include/linux/if_pppol2tp.h
zcat $CWD/ppp.CVE-2015-3310.diff.gz | patch -p1 --verbose || exit 1
-
-zcat $CWD/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch.gz | patch -p1 --verbose || exit 1
-
-zcat $CWD/ppp.glibc228.diff.gz | patch -p1 --verbose || exit 1
+zcat $CWD/ppp.CVE-2020-8597.patch.gz | patch -p1 --verbose || exit 1
# Choose correct options depending on whether PAM is installed:
if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
diff --git a/source/n/ppp/ppp.glibc228.diff b/source/n/ppp/ppp.glibc228.diff
deleted file mode 100644
index 6faed287e..000000000
--- a/source/n/ppp/ppp.glibc228.diff
+++ /dev/null
@@ -1,74 +0,0 @@
---- ./pppd/pppcrypt.c.orig 2014-08-09 07:31:39.000000000 -0500
-+++ ./pppd/pppcrypt.c 2018-09-18 18:59:26.393068817 -0500
-@@ -110,7 +110,7 @@
- }
-
- bool
--DesSetkey(key)
-+setkey(key)
- u_char *key;
- {
- u_char des_key[8];
-@@ -126,7 +126,7 @@
- }
-
- bool
--DesEncrypt(clear, cipher)
-+encrypt(clear, cipher)
- u_char *clear; /* IN 8 octets */
- u_char *cipher; /* OUT 8 octets */
- {
-@@ -161,7 +161,7 @@
- static des_key_schedule key_schedule;
-
- bool
--DesSetkey(key)
-+setkey(key)
- u_char *key;
- {
- des_cblock des_key;
-@@ -171,7 +171,7 @@
- }
-
- bool
--DesEncrypt(clear, key, cipher)
-+encrypt(clear, key, cipher)
- u_char *clear; /* IN 8 octets */
- u_char *cipher; /* OUT 8 octets */
- {
---- ./pppd/chap_ms.c.orig 2014-08-09 07:31:39.000000000 -0500
-+++ ./pppd/chap_ms.c 2018-09-18 18:59:26.391068817 -0500
-@@ -518,12 +518,12 @@
- sizeof(ZPasswordHash), ZPasswordHash);
- #endif
-
-- (void) DesSetkey(ZPasswordHash + 0);
-- DesEncrypt(challenge, response + 0);
-- (void) DesSetkey(ZPasswordHash + 7);
-- DesEncrypt(challenge, response + 8);
-- (void) DesSetkey(ZPasswordHash + 14);
-- DesEncrypt(challenge, response + 16);
-+ (void) setkey(ZPasswordHash + 0);
-+ encrypt(challenge, response + 0);
-+ (void) setkey(ZPasswordHash + 7);
-+ encrypt(challenge, response + 8);
-+ (void) setkey(ZPasswordHash + 14);
-+ encrypt(challenge, response + 16);
-
- #if 0
- dbglog("ChallengeResponse - response %.24B", response);
-@@ -640,10 +640,10 @@
- BZERO(UcasePassword, sizeof(UcasePassword));
- for (i = 0; i < secret_len; i++)
- UcasePassword[i] = (u_char)toupper(secret[i]);
-- (void) DesSetkey(UcasePassword + 0);
-- DesEncrypt( StdText, PasswordHash + 0 );
-- (void) DesSetkey(UcasePassword + 7);
-- DesEncrypt( StdText, PasswordHash + 8 );
-+ (void) setkey(UcasePassword + 0);
-+ encrypt( StdText, PasswordHash + 0 );
-+ (void) setkey(UcasePassword + 7);
-+ encrypt( StdText, PasswordHash + 8 );
- ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
- }
- #endif
diff --git a/source/n/ppp/ppp.url b/source/n/ppp/ppp.url
index 069a867e6..f388f8a38 100644
--- a/source/n/ppp/ppp.url
+++ b/source/n/ppp/ppp.url
@@ -1 +1,2 @@
-https://download.samba.org/pub/ppp/
+#https://download.samba.org/pub/ppp/
+https://github.com/paulusmack/ppp
diff --git a/source/n/ppp/slack-desc b/source/n/ppp/slack-desc
index 5fa9cd133..a7f72ef42 100644
--- a/source/n/ppp/slack-desc
+++ b/source/n/ppp/slack-desc
@@ -15,5 +15,5 @@ ppp: which negotiates with the peer to establish the link and sets up the
ppp: ppp network interface, and pppsetup, an easy-to-use utility for
ppp: setting up your PPP daemon.
ppp:
-ppp:
+ppp: Homepage: https://github.com/paulusmack/ppp
ppp: