commit ppp for openSUSE:Leap:15.2

[root]

Hello community,

here is the log from the commit of package ppp for openSUSE:Leap:15.2 checked 
in at 2020-03-02 17:21:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/ppp (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.ppp.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ppp"

Mon Mar  2 17:21:27 2020 rev:19 rq:779859 version:2.4.7

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/ppp/ppp.changes        2020-01-15 
15:44:53.667304658 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.ppp.new.26092/ppp.changes     2020-03-02 
17:21:28.906078914 +0100
@@ -1,0 +2,6 @@
+Fri Feb  7 13:51:17 UTC 2020 - Reinhard Max <m...@suse.com>
+
+- CVE-2020-8597, bsc#1162610, ppp-CVE-2020-8597.patch: rhostname
+  buffer overflow in the eap_request and eap_response functions.
+
+-------------------------------------------------------------------

New:
----
  ppp-CVE-2020-8597.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ppp.spec ++++++
--- /var/tmp/diff_new_pack.ht3MMz/_old  2020-03-02 17:21:29.946080918 +0100
+++ /var/tmp/diff_new_pack.ht3MMz/_new  2020-03-02 17:21:29.954080934 +0100
@@ -73,6 +73,7 @@
 # PATCH-FIX-UPSTREAM -- Patch for CVE-2015-3310
 Patch24:        ppp-CVE-2015-3310.patch
 Patch25:        fix-header-conflict.patch
+Patch26:        ppp-CVE-2020-8597.patch
 BuildRequires:  libpcap-devel
 BuildRequires:  linux-atm-devel
 BuildRequires:  pam-devel
@@ -142,6 +143,7 @@
 %patch23 -p1
 %patch24
 %patch25 -p1
+%patch26
 sed -i -e '1s/local\///' scripts/secure-card
 find scripts -type f | xargs chmod a-x
 find -type f -name '*.orig' | xargs rm -f

++++++ ppp-CVE-2020-8597.patch ++++++
>From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <pau...@ozlabs.org>
Date: Mon, 3 Feb 2020 15:53:28 +1100
Subject: [PATCH] pppd: Fix bounds check in EAP code

Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname).  This fixes the check so we
actually avoid overflowing the rhostname array.

Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com>
Signed-off-by: Paul Mackerras <pau...@ozlabs.org>
---
 pppd/eap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- pppd/eap.c.orig
+++ pppd/eap.c
@@ -1421,7 +1421,7 @@ int len;
                }
 
                /* Not so likely to happen. */
-               if (vallen >= len + sizeof (rhostname)) {
+               if (len - vallen >= sizeof (rhostname)) {
                        dbglog("EAP: trimming really long peer name down");
                        BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
                        rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1847,7 +1847,7 @@ int len;
                }
 
                /* Not so likely to happen. */
-               if (vallen >= len + sizeof (rhostname)) {
+               if (len - vallen >= sizeof (rhostname)) {
                        dbglog("EAP: trimming really long peer name down");
                        BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
                        rhostname[sizeof (rhostname) - 1] = '\0';