Version in base suite: 2.4.7-2+4.1

Base version: ppp_2.4.7-2+4.1
Target version: ppp_2.4.7-2+4.1+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/ppp/ppp_2.4.7-2+4.1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/ppp/ppp_2.4.7-2+4.1+deb10u1.dsc

 changelog                                            |    7 +++
 patches/0017-pppd-Fix-bounds-check-in-EAP-code.patch |   42 +++++++++++++++++++
 patches/series                                       |    1 
 3 files changed, 50 insertions(+)

diff -Nru ppp-2.4.7/debian/changelog ppp-2.4.7/debian/changelog
--- ppp-2.4.7/debian/changelog	2019-03-09 14:48:25.000000000 +0000
+++ ppp-2.4.7/debian/changelog	2020-02-20 21:47:29.000000000 +0000
@@ -1,3 +1,10 @@
+ppp (2.4.7-2+4.1+deb10u1) buster-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * pppd: Fix bounds check in EAP code (CVE-2020-8597) (Closes: #950618)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 20 Feb 2020 22:47:29 +0100
+
 ppp (2.4.7-2+4.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ppp-2.4.7/debian/patches/0017-pppd-Fix-bounds-check-in-EAP-code.patch ppp-2.4.7/debian/patches/0017-pppd-Fix-bounds-check-in-EAP-code.patch
--- ppp-2.4.7/debian/patches/0017-pppd-Fix-bounds-check-in-EAP-code.patch	1970-01-01 00:00:00.000000000 +0000
+++ ppp-2.4.7/debian/patches/0017-pppd-Fix-bounds-check-in-EAP-code.patch	2020-02-20 21:47:29.000000000 +0000
@@ -0,0 +1,42 @@
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: pppd: Fix bounds check in EAP code
+Origin: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-8597
+Bug-Debian: https://bugs.debian.org/950618
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname).  This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f56a336..1b93db01aebd 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+-- 
+2.20.1
+
diff -Nru ppp-2.4.7/debian/patches/series ppp-2.4.7/debian/patches/series
--- ppp-2.4.7/debian/patches/series	2019-03-09 14:48:25.000000000 +0000
+++ ppp-2.4.7/debian/patches/series	2020-02-20 21:47:29.000000000 +0000
@@ -15,6 +15,7 @@
 0014-pppd-Remove-unused-declaration-of-ttyname.patch
 0015-pppd-Provide-error-implementation-in-pppoe-discovery.patch
 0016-pppoe-include-netinet-in.h-before-linux-in.h.patch
+0017-pppd-Fix-bounds-check-in-EAP-code.patch
 
 # to be merged upstream
 adaptive_echos