diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2020-03-04 22:03:30 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-03-05 08:59:48 +0100 |
commit | cb1ee501cabf242b70244f6035a07307b0bb2f35 (patch) | |
tree | c9c588426367377ac52e7012c100c090bc19c00d /source | |
parent | 05aafc282ba7bbef7d888d761c2d42341745bf50 (diff) | |
download | current-cb1ee501cabf242b70244f6035a07307b0bb2f35.tar.gz |
Wed Mar 4 22:03:30 UTC 202020200304220330
a/sdparm-1.10-x86_64-3.txz: Rebuilt.
Recompiled against sg3_utils-1.45.
a/udisks-1.0.5-x86_64-5.txz: Rebuilt.
Recompiled against sg3_utils-1.45.
d/cmake-3.16.5-x86_64-1.txz: Upgraded.
l/libgpod-0.8.3-x86_64-6.txz: Rebuilt.
Recompiled against sg3_utils-1.45.
n/curl-7.69.0-x86_64-1.txz: Upgraded.
n/cyrus-sasl-2.1.27-x86_64-3.txz: Rebuilt.
Added SQL support via MariaDB. Thanks to niksoggia.
n/ntp-4.2.8p14-x86_64-1.txz: Upgraded.
n/ppp-2.4.8-x86_64-1.txz: Upgraded.
This update fixes a security issue:
By sending an unsolicited EAP packet to a vulnerable ppp client or server,
an unauthenticated remote attacker could cause memory corruption in the
pppd process, which may allow for arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
(* Security fix *)
testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-3_pam.txz: Rebuilt.
Added SQL support via MariaDB. Thanks to niksoggia.
testing/packages/PAM/ppp-2.4.8-x86_64-1_pam.txz: Upgraded.
This update fixes a security issue:
By sending an unsolicited EAP packet to a vulnerable ppp client or server,
an unauthenticated remote attacker could cause memory corruption in the
pppd process, which may allow for arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
(* Security fix *)
Diffstat (limited to 'source')
-rwxr-xr-x | source/a/sdparm/sdparm.SlackBuild | 2 | ||||
-rwxr-xr-x | source/a/udisks/udisks.SlackBuild | 2 | ||||
-rwxr-xr-x | source/d/cmake/cmake.SlackBuild | 2 | ||||
-rwxr-xr-x | source/l/libgpod/libgpod.SlackBuild | 2 | ||||
-rwxr-xr-x | source/n/curl/curl.SlackBuild | 2 | ||||
-rwxr-xr-x | source/n/cyrus-sasl/cyrus-sasl.SlackBuild | 14 | ||||
-rwxr-xr-x | source/n/ntp/ntp.SlackBuild | 2 | ||||
-rw-r--r-- | source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch | 35 | ||||
-rw-r--r-- | source/n/ppp/ppp.CVE-2020-8597.patch | 37 | ||||
-rwxr-xr-x | source/n/ppp/ppp.SlackBuild | 17 | ||||
-rw-r--r-- | source/n/ppp/ppp.glibc228.diff | 74 | ||||
-rw-r--r-- | source/n/ppp/ppp.url | 3 | ||||
-rw-r--r-- | source/n/ppp/slack-desc | 2 |
13 files changed, 63 insertions, 131 deletions
diff --git a/source/a/sdparm/sdparm.SlackBuild b/source/a/sdparm/sdparm.SlackBuild index bc63243d..6bd5e3c2 100755 --- a/source/a/sdparm/sdparm.SlackBuild +++ b/source/a/sdparm/sdparm.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=sdparm VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/a/udisks/udisks.SlackBuild b/source/a/udisks/udisks.SlackBuild index 5031630a..b2f75647 100755 --- a/source/a/udisks/udisks.SlackBuild +++ b/source/a/udisks/udisks.SlackBuild @@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=udisks VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-4} +BUILD=${BUILD:-5} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/d/cmake/cmake.SlackBuild b/source/d/cmake/cmake.SlackBuild index a7dbeb6a..7b8c62ab 100755 --- a/source/d/cmake/cmake.SlackBuild +++ b/source/d/cmake/cmake.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=cmake VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/l/libgpod/libgpod.SlackBuild b/source/l/libgpod/libgpod.SlackBuild index 9a4dfe21..9232ff25 100755 --- a/source/l/libgpod/libgpod.SlackBuild +++ b/source/l/libgpod/libgpod.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libgpod VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-5} +BUILD=${BUILD:-6} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/curl/curl.SlackBuild b/source/n/curl/curl.SlackBuild index a286ac6d..35708dc7 100755 --- a/source/n/curl/curl.SlackBuild +++ b/source/n/curl/curl.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=curl VERSION=${VERSION:-$(echo curl-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild index fbdb54b4..0be565e2 100755 --- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild +++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2013, 2015, 2017, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2008, 2009, 2010, 2013, 2015, 2017, 2018, 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=cyrus-sasl VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | cut -f 3- -d - | rev | cut -f 3- -d . | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -44,6 +44,8 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then exit 0 fi +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + TMP=${TMP:-/tmp} PKG=$TMP/package-cyrus-sasl @@ -82,9 +84,13 @@ CFLAGS="$SLKCFLAGS" \ --mandir=/usr/man \ --disable-static \ --enable-login \ + --enable-sql \ --disable-anon \ --without-ldap \ + --without-pgsql \ --with-saslauthd \ + --with-mysql=/usr \ + --with-sqlite3=/usr \ --with-gdbm \ --with-devrandom=/dev/urandom \ --with-dblib=gdbm || exit 1 @@ -92,8 +98,8 @@ CFLAGS="$SLKCFLAGS" \ # How stupid that I need to specify 'sasldir' again for 'make' or else you get # the warning "Plugins are being installed into /usr/lib/sasl2, but the library # will look for them in /usr/lib64/sasl2" and advised to create a symlink... -make sasldir=/usr/lib${LIBDIRSUFFIX}/sasl2 || exit 1 -make sasldir=/usr/lib${LIBDIRSUFFIX}/sasl2 install DESTDIR=$PKG || exit 1 +make $NUMJOBS sasldir=/usr/lib${LIBDIRSUFFIX}/sasl2 || exit 1 +make $NUMJOBS sasldir=/usr/lib${LIBDIRSUFFIX}/sasl2 install DESTDIR=$PKG || exit 1 # Don't ship .la files: rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la diff --git a/source/n/ntp/ntp.SlackBuild b/source/n/ntp/ntp.SlackBuild index cbf7c3db..7d295538 100755 --- a/source/n/ntp/ntp.SlackBuild +++ b/source/n/ntp/ntp.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=ntp VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch b/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch deleted file mode 100644 index 9b0920d3..00000000 --- a/source/n/ppp/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel <lkundrak@v3.sk> -Date: Sat, 10 Dec 2016 19:53:56 +0100 -Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h - -To fix build breakage. ---- - pppd/plugins/rp-pppoe/pppoe.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index 9ab2eee..f77f5b7 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -15,6 +15,8 @@ - - #include "config.h" - -+#include <netinet/in.h> -+ - #if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H) - #define _POSIX_SOURCE 1 /* For sigaction defines */ - #endif -@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t; - #include <linux/if_ether.h> - #endif - --#include <netinet/in.h> -- - #ifdef HAVE_NETINET_IF_ETHER_H - #include <sys/types.h> - --- -2.9.3 - diff --git a/source/n/ppp/ppp.CVE-2020-8597.patch b/source/n/ppp/ppp.CVE-2020-8597.patch new file mode 100644 index 00000000..5d7c51bc --- /dev/null +++ b/source/n/ppp/ppp.CVE-2020-8597.patch @@ -0,0 +1,37 @@ +From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras <paulus@ozlabs.org> +Date: Mon, 3 Feb 2020 15:53:28 +1100 +Subject: [PATCH] pppd: Fix bounds check in EAP code + +Given that we have just checked vallen < len, it can never be the case +that vallen >= len + sizeof(rhostname). This fixes the check so we +actually avoid overflowing the rhostname array. + +Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> +--- + pppd/eap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f56..1b93db01 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/source/n/ppp/ppp.SlackBuild b/source/n/ppp/ppp.SlackBuild index 13b21fb3..7253998e 100755 --- a/source/n/ppp/ppp.SlackBuild +++ b/source/n/ppp/ppp.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2013, 2015, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2013, 2015, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -23,10 +23,10 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=ppp -VERSION=2.4.7 -RADVER=1.1.6 +VERSION=2.4.8 +RADVER=1.1.7 PPPVER=1.98 -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} @@ -64,9 +64,9 @@ echo "+============+" echo "| ppp-$VERSION |" echo "+============+" cd $TMP -rm -rf ppp-$VERSION +rm -rf ppp-$VERSION ppp-ppp-$VERSION tar xvf $CWD/ppp-$VERSION.tar.xz || exit 1 -cd ppp-$VERSION || exit 1 +cd ppp-ppp-$VERSION || ppp-$VERSION || exit 1 chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ @@ -81,10 +81,7 @@ sed -i -e "s#lib/pppd#lib${LIBDIRSUFFIX}/pppd#g" $(grep -lr 'lib/pppd' *) rm -f include/linux/if_pppol2tp.h zcat $CWD/ppp.CVE-2015-3310.diff.gz | patch -p1 --verbose || exit 1 - -zcat $CWD/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch.gz | patch -p1 --verbose || exit 1 - -zcat $CWD/ppp.glibc228.diff.gz | patch -p1 --verbose || exit 1 +zcat $CWD/ppp.CVE-2020-8597.patch.gz | patch -p1 --verbose || exit 1 # Choose correct options depending on whether PAM is installed: if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then diff --git a/source/n/ppp/ppp.glibc228.diff b/source/n/ppp/ppp.glibc228.diff deleted file mode 100644 index 6faed287..00000000 --- a/source/n/ppp/ppp.glibc228.diff +++ /dev/null @@ -1,74 +0,0 @@ ---- ./pppd/pppcrypt.c.orig 2014-08-09 07:31:39.000000000 -0500 -+++ ./pppd/pppcrypt.c 2018-09-18 18:59:26.393068817 -0500 -@@ -110,7 +110,7 @@ - } - - bool --DesSetkey(key) -+setkey(key) - u_char *key; - { - u_char des_key[8]; -@@ -126,7 +126,7 @@ - } - - bool --DesEncrypt(clear, cipher) -+encrypt(clear, cipher) - u_char *clear; /* IN 8 octets */ - u_char *cipher; /* OUT 8 octets */ - { -@@ -161,7 +161,7 @@ - static des_key_schedule key_schedule; - - bool --DesSetkey(key) -+setkey(key) - u_char *key; - { - des_cblock des_key; -@@ -171,7 +171,7 @@ - } - - bool --DesEncrypt(clear, key, cipher) -+encrypt(clear, key, cipher) - u_char *clear; /* IN 8 octets */ - u_char *cipher; /* OUT 8 octets */ - { ---- ./pppd/chap_ms.c.orig 2014-08-09 07:31:39.000000000 -0500 -+++ ./pppd/chap_ms.c 2018-09-18 18:59:26.391068817 -0500 -@@ -518,12 +518,12 @@ - sizeof(ZPasswordHash), ZPasswordHash); - #endif - -- (void) DesSetkey(ZPasswordHash + 0); -- DesEncrypt(challenge, response + 0); -- (void) DesSetkey(ZPasswordHash + 7); -- DesEncrypt(challenge, response + 8); -- (void) DesSetkey(ZPasswordHash + 14); -- DesEncrypt(challenge, response + 16); -+ (void) setkey(ZPasswordHash + 0); -+ encrypt(challenge, response + 0); -+ (void) setkey(ZPasswordHash + 7); -+ encrypt(challenge, response + 8); -+ (void) setkey(ZPasswordHash + 14); -+ encrypt(challenge, response + 16); - - #if 0 - dbglog("ChallengeResponse - response %.24B", response); -@@ -640,10 +640,10 @@ - BZERO(UcasePassword, sizeof(UcasePassword)); - for (i = 0; i < secret_len; i++) - UcasePassword[i] = (u_char)toupper(secret[i]); -- (void) DesSetkey(UcasePassword + 0); -- DesEncrypt( StdText, PasswordHash + 0 ); -- (void) DesSetkey(UcasePassword + 7); -- DesEncrypt( StdText, PasswordHash + 8 ); -+ (void) setkey(UcasePassword + 0); -+ encrypt( StdText, PasswordHash + 0 ); -+ (void) setkey(UcasePassword + 7); -+ encrypt( StdText, PasswordHash + 8 ); - ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]); - } - #endif diff --git a/source/n/ppp/ppp.url b/source/n/ppp/ppp.url index 069a867e..f388f8a3 100644 --- a/source/n/ppp/ppp.url +++ b/source/n/ppp/ppp.url @@ -1 +1,2 @@ -https://download.samba.org/pub/ppp/ +#https://download.samba.org/pub/ppp/ +https://github.com/paulusmack/ppp diff --git a/source/n/ppp/slack-desc b/source/n/ppp/slack-desc index 5fa9cd13..a7f72ef4 100644 --- a/source/n/ppp/slack-desc +++ b/source/n/ppp/slack-desc @@ -15,5 +15,5 @@ ppp: which negotiates with the peer to establish the link and sets up the ppp: ppp network interface, and pppsetup, an easy-to-use utility for ppp: setting up your PPP daemon. ppp: -ppp: +ppp: Homepage: https://github.com/paulusmack/ppp ppp: |