diff options
| author | Yi Zhao <yi.zhao@windriver.com> | 2020-02-13 16:55:01 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-02-14 13:07:23 +0000 |
| commit | dbfc4e69488f68ebe45cfb8f953d7d7742a0325c (patch) | |
| tree | 5349770228767297eb2e45593b2babe8bd1f80e6 /meta/recipes-connectivity/ppp/ppp_2.4.7.bb | |
| parent | 16c9a82c6ce255f18837ee31fdf587f8c58320f0 (diff) | |
| download | poky-dbfc4e69488f68ebe45cfb8f953d7d7742a0325c.tar.gz | |
ppp: Security fix CVE-2020-8597
CVE-2020-8597: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname
buffer overflow in the eap_request and eap_response functions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-8597
Patch from:
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
(From OE-Core rev: b01505e018ff46f1af34f98219d55f4ca700cd5a)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/ppp/ppp_2.4.7.bb')
| -rw-r--r-- | meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 644cde4562..60c56dd0bd 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb | |||
| @@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ | |||
| 33 | file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ | 33 | file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ |
| 34 | file://0001-ppp-Remove-unneeded-include.patch \ | 34 | file://0001-ppp-Remove-unneeded-include.patch \ |
| 35 | file://ppp-2.4.7-DES-openssl.patch \ | 35 | file://ppp-2.4.7-DES-openssl.patch \ |
| 36 | file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ | ||
| 36 | " | 37 | " |
| 37 | 38 | ||
| 38 | SRC_URI_append_libc-musl = "\ | 39 | SRC_URI_append_libc-musl = "\ |