diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-03-04 12:19:33 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-03-04 12:19:33 +0000 |
commit | 8928dd366d7e9f0474451cd6a98473fac42a3c45 (patch) | |
tree | 63a178c1e48bece81dbaf53c1bb58657b6e39045 | |
parent | 1143d93aa87508538af8394de6ea2d7448da76a7 (diff) | |
download | aports-8928dd366d7e9f0474451cd6a98473fac42a3c45.tar.bz2 aports-8928dd366d7e9f0474451cd6a98473fac42a3c45.tar.xz |
main/freeradius: security fix CVE-2014-2015. Fixes #2721
-rw-r--r-- | main/freeradius/APKBUILD | 18 | ||||
-rw-r--r-- | main/freeradius/CVE-2014-2015.patch | 35 |
2 files changed, 50 insertions, 3 deletions
diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD index c3c74d6dc3..f2558d2c95 100644 --- a/main/freeradius/APKBUILD +++ b/main/freeradius/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=freeradius pkgver=2.1.12 -pkgrel=6 +pkgrel=7 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" url="http://freeradius.org/" arch="all" @@ -16,10 +16,11 @@ install="freeradius.pre-install" subpackages="$pkgname-doc $pkgname-dev $pkgname-ldap $pkgname-lib $pkgname-mssql $pkgname-mysql $pkgname-oracle $pkgname-perl $pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-unixodbc" -source="ftp://ftp.freeradius.org/pub/freeradius/$pkgname-server-$pkgver.tar.gz +source="ftp://ftp.freeradius.org/pub/radius/old/$pkgname-server-$pkgver.tar.gz CVE-2012-3547.patch freeradius.confd freeradius.initd + CVE-2014-2015.patch " _builddir="$srcdir"/$pkgname-server-$pkgver @@ -170,4 +171,15 @@ unixodbc() { md5sums="dcbaed16df8ccff672ba132a08bf8510 freeradius-server-2.1.12.tar.gz 8473b8eeb4107c2e6181829553e4c7b3 CVE-2012-3547.patch fc6693f3df5a0694610110287a28568a freeradius.confd -c46f34d7ddf695dfe53e5fb7f60afa59 freeradius.initd" +c46f34d7ddf695dfe53e5fb7f60afa59 freeradius.initd +7dd09b1b0631f6bf126517e737c5e576 CVE-2014-2015.patch" +sha256sums="e597567c81ddbee385df8f076162c868ee6db5bf446c45ace94078c0c7d53805 freeradius-server-2.1.12.tar.gz +c1c8a07dc26cfda31d3ad3e2f152e210f620907235121947e7df5bb8e9b4adae CVE-2012-3547.patch +2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 freeradius.confd +4fe8aa719730298dc66fe6b168101cb5df90955ca14e20090836305ffca530e1 freeradius.initd +d70b898811cbbb9d77d9863a7ba9b243b9782bdc767b586e4e9b8787558f1072 CVE-2014-2015.patch" +sha512sums="543ca20faa5ab2c45d7e0c9627c2860ac6eb2d1e3e920beffad612bb4a50a3ae65fe8f20a385541bca75ba05575091168de22c9c245f6869ecd5c862e6686189 freeradius-server-2.1.12.tar.gz +117a5c688cdb9080f00a34e581fe447441366f2142120f3d4bdd38bcefb4b20d09e8afe9439fc5ce2aef37996a34377a4f7b6dcef308e694987e9bd73d16caf8 CVE-2012-3547.patch +e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b freeradius.confd +b041e2d3135bdd7a2a31402cba5ac97002b931d4ef05f7d006e5d0a73e5ec5bad31f14e481c7147ea7b9bc7ed15cb8bfb8a4a64ed73c9d86539a67ca47c2756a freeradius.initd +62d98d8316e147d57de9ac05c05c9703c08bd23e294b95827c58fe976cb3bc5ce040d9e310ada552cb2350dde9e9e2c97e2160210cc1ab5d1ce35889000d7951 CVE-2014-2015.patch" diff --git a/main/freeradius/CVE-2014-2015.patch b/main/freeradius/CVE-2014-2015.patch new file mode 100644 index 0000000000..fbd5ff0833 --- /dev/null +++ b/main/freeradius/CVE-2014-2015.patch @@ -0,0 +1,35 @@ +From 0d606cfc29ab2e91764854e733d4525e6c667eb9 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" <aland@freeradius.org> +Date: Thu, 13 Feb 2014 09:29:35 -0500 +Subject: [PATCH] Increase buffer size. Use output buffer size as limit for + hex2bin + +--- + src/modules/rlm_pap/rlm_pap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c +index 8ef2152..1492a44 100644 +--- a/src/modules/rlm_pap/rlm_pap.c ++++ b/src/modules/rlm_pap/rlm_pap.c +@@ -247,7 +247,7 @@ static int base64_decode (const char *src, uint8_t *dst) + static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + { + size_t decoded; +- uint8_t buffer[64]; ++ uint8_t buffer[256]; + + if (min_length >= sizeof(buffer)) return; /* paranoia */ + +@@ -255,7 +255,7 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + * Hex encoding. + */ + if (vp->length >= (2 * min_length)) { +- decoded = fr_hex2bin(vp->vp_strvalue, buffer, vp->length >> 1); ++ decoded = fr_hex2bin(vp->vp_strvalue, buffer, sizeof(buffer)); + if (decoded == (vp->length >> 1)) { + RDEBUG2("Normalizing %s from hex encoding", vp->name); + memcpy(vp->vp_octets, buffer, decoded); +-- +1.8.5.5 + |