commit ppp for openSUSE:Factory

Wed, 18 Nov 2015 13:31:32 -0800 

Hello community,

here is the log from the commit of package ppp for openSUSE:Factory checked in 
at 2015-11-18 22:31:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ppp (Old)
 and      /work/SRC/openSUSE:Factory/.ppp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ppp"

Changes:
--------
--- /work/SRC/openSUSE:Factory/ppp/ppp.changes  2014-11-26 10:35:32.000000000 
+0100
+++ /work/SRC/openSUSE:Factory/.ppp.new/ppp.changes     2015-11-18 
22:31:19.000000000 +0100
@@ -1,0 +2,7 @@
+Fri Nov 13 15:26:03 UTC 2015 - [email protected]
+
+- Added ppp-CVE-2015-3310.patch:
+  Fix for bnc#927841, CVE-2015-3310: Fix buffer overflow in radius
+  plug-in's rc_mksid().
+
+-------------------------------------------------------------------

New:
----
  ppp-CVE-2015-3310.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ppp.spec ++++++
--- /var/tmp/diff_new_pack.9p4v1a/_old  2015-11-18 22:31:21.000000000 +0100
+++ /var/tmp/diff_new_pack.9p4v1a/_new  2015-11-18 22:31:21.000000000 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package ppp
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -69,6 +69,8 @@
 Patch21:        ppp-2.4.6-lib64.patch
 Patch22:        ppp-2.4.4-var_run_resolv_conf.patch
 Patch23:        ppp-send-padt.patch
+# PATCH-FIX-UPSTREAM -- Patch for CVE-2015-3310
+Patch24:        ppp-CVE-2015-3310.patch
 
 %description
 The ppp package contains the PPP (Point-to-Point Protocol) daemon,
@@ -109,6 +111,7 @@
 %endif
 %patch22
 %patch23 -p1
+%patch24
 sed -i -e '1s/local\///' scripts/secure-card
 find scripts -type f | xargs chmod a-x
 find -type f -name '*.orig' | xargs rm -f

++++++ ppp-CVE-2015-3310.patch ++++++
--- pppd/plugins/radius/util.c
+++ pppd/plugins/radius/util.c
@@ -77,7 +77,7 @@ rc_mksid (void)
   static unsigned short int cnt = 0;
   sprintf (buf, "%08lX%04X%02hX",
           (unsigned long int) time (NULL),
-          (unsigned int) getpid (),
+          (unsigned int) getpid () % 65535,
           cnt & 0xFF);
   cnt++;
   return buf;

Reply via email to