commit freeradius-server for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package freeradius-server for 
openSUSE:Factory checked in at 2014-03-04 13:22:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/freeradius-server (Old)
 and      /work/SRC/openSUSE:Factory/.freeradius-server.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "freeradius-server"

Changes:
--------
--- /work/SRC/openSUSE:Factory/freeradius-server/freeradius-server.changes      
2014-02-11 10:55:09.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.freeradius-server.new/freeradius-server.changes 
2014-03-04 13:22:43.000000000 +0100
@@ -1,0 +2,12 @@
+Fri Feb 28 09:04:08 UTC 2014 - vci...@suse.com
+
+- fix for CVE-2014-2015 (bnc#864576)
+  * denial of service in rlm_pap hash processing
+  * added freeradius-server-CVE-2014-2015.patch
+
+-------------------------------------------------------------------
+Wed Jan 29 13:53:30 UTC 2014 - vci...@suse.com
+
+- remove the old 3.0.0 sources
+
+-------------------------------------------------------------------

New:
----
  freeradius-server-CVE-2014-2015.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ freeradius-server.spec ++++++
--- /var/tmp/diff_new_pack.Jcxvdz/_old  2014-03-04 13:22:44.000000000 +0100
+++ /var/tmp/diff_new_pack.Jcxvdz/_new  2014-03-04 13:22:44.000000000 +0100
@@ -40,6 +40,7 @@
 Patch9:         freeradius-server-radius-reload-logrotate.patch
 # PATCH-FIX-SUSE use 'su' logrotate option (bnc#677335)
 Patch12:        freeradius-server-2.1.1-logrotate_su.patch
+Patch13:        freeradius-server-CVE-2014-2015.patch
 BuildRequires:  apache2-devel
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  db-devel
@@ -224,6 +225,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch12 -p1
+%patch13 -p1
 
 %build
 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"


++++++ freeradius-server-CVE-2014-2015.patch ++++++
>From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001
From: Arran Cudbard-Bell <a.cudba...@freeradius.org>
Date: Thu, 13 Feb 2014 13:49:54 +0000
Subject: [PATCH] Fix potential crash with SSHA and salts > 44bytes

---
 src/modules/rlm_pap/rlm_pap.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 689acf0..1bf6d4e 100644
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void 
*instance)
 static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
 {
 
-       uint8_t buffer[64];
+       uint8_t buffer[256];
 
        if (min_length >= sizeof(buffer)) return; /* paranoia */
 
@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, 
size_t min_length)
         */
        if (vp->length >= (2 * min_length)) {
                size_t decoded;
-               decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1);
+               decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer));
                if (decoded == (vp->length >> 1)) {
-                       RDEBUG2("Normalizing %s from hex encoding", 
vp->da->name);
+                       RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> 
%zu bytes",
+                               vp->da->name, vp->length, decoded);
                        pairmemcpy(vp, buffer, decoded);
                        return;
                }
@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, 
size_t min_length)
                                           sizeof(buffer));
                if (decoded < 0) return;
                if (decoded >= (ssize_t) min_length) {
-                       RDEBUG2("Normalizing %s from base64 encoding", 
vp->da->name);
+                       RDEBUG2("Normalizing %s from base64 encoding, %zu bytes 
-> %zu bytes",
+                               vp->da->name, vp->length, decoded);
                        pairmemcpy(vp, buffer, decoded);
                        return;
                }
-- 
1.8.5.5


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org