Hello community, here is the log from the commit of package freeradius-server for openSUSE:Factory checked in at 2014-03-04 13:22:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/freeradius-server (Old) and /work/SRC/openSUSE:Factory/.freeradius-server.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "freeradius-server" Changes: -------- --- /work/SRC/openSUSE:Factory/freeradius-server/freeradius-server.changes 2014-02-11 10:55:09.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.freeradius-server.new/freeradius-server.changes 2014-03-04 13:22:43.000000000 +0100 @@ -1,0 +2,12 @@ +Fri Feb 28 09:04:08 UTC 2014 - vcizek@suse.com + +- fix for CVE-2014-2015 (bnc#864576) + * denial of service in rlm_pap hash processing + * added freeradius-server-CVE-2014-2015.patch + +------------------------------------------------------------------- +Wed Jan 29 13:53:30 UTC 2014 - vcizek@suse.com + +- remove the old 3.0.0 sources + +------------------------------------------------------------------- New: ---- freeradius-server-CVE-2014-2015.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freeradius-server.spec ++++++ --- /var/tmp/diff_new_pack.Jcxvdz/_old 2014-03-04 13:22:44.000000000 +0100 +++ /var/tmp/diff_new_pack.Jcxvdz/_new 2014-03-04 13:22:44.000000000 +0100 @@ -40,6 +40,7 @@ Patch9: freeradius-server-radius-reload-logrotate.patch # PATCH-FIX-SUSE use 'su' logrotate option (bnc#677335) Patch12: freeradius-server-2.1.1-logrotate_su.patch +Patch13: freeradius-server-CVE-2014-2015.patch BuildRequires: apache2-devel BuildRequires: cyrus-sasl-devel BuildRequires: db-devel @@ -224,6 +225,7 @@ %patch8 -p1 %patch9 -p1 %patch12 -p1 +%patch13 -p1 %build modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")" ++++++ freeradius-server-CVE-2014-2015.patch ++++++
From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001 From: Arran Cudbard-Bell
Date: Thu, 13 Feb 2014 13:49:54 +0000 Subject: [PATCH] Fix potential crash with SSHA and salts > 44bytes
--- src/modules/rlm_pap/rlm_pap.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index 689acf0..1bf6d4e 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) { - uint8_t buffer[64]; + uint8_t buffer[256]; if (min_length >= sizeof(buffer)) return; /* paranoia */ @@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) */ if (vp->length >= (2 * min_length)) { size_t decoded; - decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1); + decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer)); if (decoded == (vp->length >> 1)) { - RDEBUG2("Normalizing %s from hex encoding", vp->da->name); + RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes", + vp->da->name, vp->length, decoded); pairmemcpy(vp, buffer, decoded); return; } @@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) sizeof(buffer)); if (decoded < 0) return; if (decoded >= (ssize_t) min_length) { - RDEBUG2("Normalizing %s from base64 encoding", vp->da->name); + RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes", + vp->da->name, vp->length, decoded); pairmemcpy(vp, buffer, decoded); return; } -- 1.8.5.5 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org