From cb1ee501cabf242b70244f6035a07307b0bb2f35 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Wed, 4 Mar 2020 22:03:30 +0000
Subject: Wed Mar  4 22:03:30 UTC 2020

a/sdparm-1.10-x86_64-3.txz:  Rebuilt.
  Recompiled against sg3_utils-1.45.
a/udisks-1.0.5-x86_64-5.txz:  Rebuilt.
  Recompiled against sg3_utils-1.45.
d/cmake-3.16.5-x86_64-1.txz:  Upgraded.
l/libgpod-0.8.3-x86_64-6.txz:  Rebuilt.
  Recompiled against sg3_utils-1.45.
n/curl-7.69.0-x86_64-1.txz:  Upgraded.
n/cyrus-sasl-2.1.27-x86_64-3.txz:  Rebuilt.
  Added SQL support via MariaDB. Thanks to niksoggia.
n/ntp-4.2.8p14-x86_64-1.txz:  Upgraded.
n/ppp-2.4.8-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  By sending an unsolicited EAP packet to a vulnerable ppp client or server,
  an unauthenticated remote attacker could cause memory corruption in the
  pppd process, which may allow for arbitrary code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
  (* Security fix *)
testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-3_pam.txz:  Rebuilt.
  Added SQL support via MariaDB. Thanks to niksoggia.
testing/packages/PAM/ppp-2.4.8-x86_64-1_pam.txz:  Upgraded.
  This update fixes a security issue:
  By sending an unsolicited EAP packet to a vulnerable ppp client or server,
  an unauthenticated remote attacker could cause memory corruption in the
  pppd process, which may allow for arbitrary code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
  (* Security fix *)
---
 ...oe-include-netinet-in.h-before-linux-in.h.patch | 35 ----------
 source/n/ppp/ppp.CVE-2020-8597.patch               | 37 +++++++++++
 source/n/ppp/ppp.SlackBuild                        | 17 ++---
 source/n/ppp/ppp.glibc228.diff                     | 74 ----------------------
 source/n/ppp/ppp.url                               |  3 +-
 source/n/ppp/slack-desc                            |  2 +-
 6 files changed, 47 insertions(+), 121 deletions(-)
 delete mode 100644 source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
 create mode 100644 source/n/ppp/ppp.CVE-2020-8597.patch
 delete mode 100644 source/n/ppp/ppp.glibc228.diff

(limited to 'source/n/ppp')

diff --git a/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch b/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
deleted file mode 100644
index 9b0920d3..00000000
--- a/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001
-From: Lubomir Rintel <lkundrak@v3.sk>
-Date: Sat, 10 Dec 2016 19:53:56 +0100
-Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
-
-To fix build breakage.
----
- pppd/plugins/rp-pppoe/pppoe.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
-index 9ab2eee..f77f5b7 100644
---- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
-@@ -15,6 +15,8 @@
- 
- #include "config.h"
- 
-+#include <netinet/in.h>
-+
- #if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H)
- #define _POSIX_SOURCE 1 /* For sigaction defines */
- #endif
-@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
- #include <linux/if_ether.h>
- #endif
- 
--#include <netinet/in.h>
--
- #ifdef HAVE_NETINET_IF_ETHER_H
- #include <sys/types.h>
- 
--- 
-2.9.3
-
diff --git a/source/n/ppp/ppp.CVE-2020-8597.patch b/source/n/ppp/ppp.CVE-2020-8597.patch
new file mode 100644
index 00000000..5d7c51bc
--- /dev/null
+++ b/source/n/ppp/ppp.CVE-2020-8597.patch
@@ -0,0 +1,37 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname).  This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f56..1b93db01 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
diff --git a/source/n/ppp/ppp.SlackBuild b/source/n/ppp/ppp.SlackBuild
index 13b21fb3..7253998e 100755
--- a/source/n/ppp/ppp.SlackBuild
+++ b/source/n/ppp/ppp.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2008, 2009, 2010, 2013, 2015, 2018  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2013, 2015, 2018, 2020  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -23,10 +23,10 @@
 cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=ppp
-VERSION=2.4.7
-RADVER=1.1.6
+VERSION=2.4.8
+RADVER=1.1.7
 PPPVER=1.98
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
 
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 
@@ -64,9 +64,9 @@ echo "+============+"
 echo "| ppp-$VERSION |"
 echo "+============+"
 cd $TMP
-rm -rf ppp-$VERSION
+rm -rf ppp-$VERSION ppp-ppp-$VERSION
 tar xvf $CWD/ppp-$VERSION.tar.xz || exit 1
-cd ppp-$VERSION || exit 1
+cd ppp-ppp-$VERSION || ppp-$VERSION || exit 1
 chown -R root:root .
 find . \
   \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
@@ -81,10 +81,7 @@ sed -i -e "s#lib/pppd#lib${LIBDIRSUFFIX}/pppd#g" $(grep -lr 'lib/pppd' *)
 rm -f include/linux/if_pppol2tp.h
 
 zcat $CWD/ppp.CVE-2015-3310.diff.gz | patch -p1 --verbose || exit 1
-
-zcat $CWD/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch.gz | patch -p1 --verbose || exit 1
-
-zcat $CWD/ppp.glibc228.diff.gz | patch -p1 --verbose || exit 1
+zcat $CWD/ppp.CVE-2020-8597.patch.gz | patch -p1 --verbose || exit 1
 
 # Choose correct options depending on whether PAM is installed:
 if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
diff --git a/source/n/ppp/ppp.glibc228.diff b/source/n/ppp/ppp.glibc228.diff
deleted file mode 100644
index 6faed287..00000000
--- a/source/n/ppp/ppp.glibc228.diff
+++ /dev/null
@@ -1,74 +0,0 @@
---- ./pppd/pppcrypt.c.orig	2014-08-09 07:31:39.000000000 -0500
-+++ ./pppd/pppcrypt.c	2018-09-18 18:59:26.393068817 -0500
-@@ -110,7 +110,7 @@
- }
- 
- bool
--DesSetkey(key)
-+setkey(key)
- u_char *key;
- {
- 	u_char des_key[8];
-@@ -126,7 +126,7 @@
- }
- 
- bool
--DesEncrypt(clear, cipher)
-+encrypt(clear, cipher)
- u_char *clear;	/* IN  8 octets */
- u_char *cipher;	/* OUT 8 octets */
- {
-@@ -161,7 +161,7 @@
- static des_key_schedule	key_schedule;
- 
- bool
--DesSetkey(key)
-+setkey(key)
- u_char *key;
- {
- 	des_cblock des_key;
-@@ -171,7 +171,7 @@
- }
- 
- bool
--DesEncrypt(clear, key, cipher)
-+encrypt(clear, key, cipher)
- u_char *clear;	/* IN  8 octets */
- u_char *cipher;	/* OUT 8 octets */
- {
---- ./pppd/chap_ms.c.orig	2014-08-09 07:31:39.000000000 -0500
-+++ ./pppd/chap_ms.c	2018-09-18 18:59:26.391068817 -0500
-@@ -518,12 +518,12 @@
- 	   sizeof(ZPasswordHash), ZPasswordHash);
- #endif
- 
--    (void) DesSetkey(ZPasswordHash + 0);
--    DesEncrypt(challenge, response + 0);
--    (void) DesSetkey(ZPasswordHash + 7);
--    DesEncrypt(challenge, response + 8);
--    (void) DesSetkey(ZPasswordHash + 14);
--    DesEncrypt(challenge, response + 16);
-+    (void) setkey(ZPasswordHash + 0);
-+    encrypt(challenge, response + 0);
-+    (void) setkey(ZPasswordHash + 7);
-+    encrypt(challenge, response + 8);
-+    (void) setkey(ZPasswordHash + 14);
-+    encrypt(challenge, response + 16);
- 
- #if 0
-     dbglog("ChallengeResponse - response %.24B", response);
-@@ -640,10 +640,10 @@
-     BZERO(UcasePassword, sizeof(UcasePassword));
-     for (i = 0; i < secret_len; i++)
-        UcasePassword[i] = (u_char)toupper(secret[i]);
--    (void) DesSetkey(UcasePassword + 0);
--    DesEncrypt( StdText, PasswordHash + 0 );
--    (void) DesSetkey(UcasePassword + 7);
--    DesEncrypt( StdText, PasswordHash + 8 );
-+    (void) setkey(UcasePassword + 0);
-+    encrypt( StdText, PasswordHash + 0 );
-+    (void) setkey(UcasePassword + 7);
-+    encrypt( StdText, PasswordHash + 8 );
-     ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
- }
- #endif
diff --git a/source/n/ppp/ppp.url b/source/n/ppp/ppp.url
index 069a867e..f388f8a3 100644
--- a/source/n/ppp/ppp.url
+++ b/source/n/ppp/ppp.url
@@ -1 +1,2 @@
-https://download.samba.org/pub/ppp/
+#https://download.samba.org/pub/ppp/
+https://github.com/paulusmack/ppp
diff --git a/source/n/ppp/slack-desc b/source/n/ppp/slack-desc
index 5fa9cd13..a7f72ef4 100644
--- a/source/n/ppp/slack-desc
+++ b/source/n/ppp/slack-desc
@@ -15,5 +15,5 @@ ppp: which negotiates with the peer to establish the link and sets up the
 ppp: ppp network interface, and pppsetup, an easy-to-use utility for
 ppp: setting up your PPP daemon.
 ppp:
-ppp:
+ppp: Homepage: https://github.com/paulusmack/ppp
 ppp:
-- 
cgit v1.2.3