From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] ppp: Update to version 2.5.0 Date: Sun, 17 Sep 2023 15:42:04 +0200 Message-ID: <20230917134204.89885-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3813830246386244435==" List-Id: --===============3813830246386244435== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - IPFire3.x - Update from version 2.4.9 to 2.5.0 - Update based on the changes from ipfire2.x - More work still needed once networking has been put in place. define location of secrets and the IPFire3.x replacements for the dialer, ip-up and ip_down helper scripts that were used in IPFire2.x Signed-off-by: Adolf Belka --- ...don-t-want-to-accidentally-leak-fds.patch0 | 162 ++++++++++++++ ...2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 | 208 ++++++++++++++++++ ...e-SOCK_CLOEXEC-when-creating-socket.patch0 | 135 ++++++++++++ ...-2.5.0-4-increase-max-padi-attempts.patch0 | 12 + ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 | 12 + ...-configure-to-handle-cflags-properly.patch | 18 ++ ...to-see-if-we-have-struct-sockaddr_ll.patch | 37 ++++ ppp/ppp.nm | 40 ++-- 8 files changed, 597 insertions(+), 27 deletions(-) create mode 100644 ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-lea= k-fds.patch0 create mode 100644 ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 create mode 100644 ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-= creating-socket.patch0 create mode 100644 ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 create mode 100644 ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 create mode 100644 ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-= properly.patch create mode 100644 ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-= have-struct-sockaddr_ll.patch diff --git a/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.p= atch0 b/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 new file mode 100644 index 000000000..98ab03119 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 @@ -0,0 +1,162 @@ +diff -Naur pppd.orig/auth.c pppd/auth.c +--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200 +@@ -518,7 +518,7 @@ + free(fname); + return 0; + } +- ufile =3D fopen(fname, "r"); ++ ufile =3D fopen(fname, "re"); + if (seteuid(euid) =3D=3D -1) + fatal("unable to regain privileges: %m"); + if (ufile =3D=3D NULL) { +@@ -1535,7 +1535,7 @@ + filename =3D PPP_PATH_UPAPFILE; + addrs =3D opts =3D NULL; + ret =3D UPAP_AUTHNAK; +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) { + error("Can't open PAP password file %s: %m", filename); +=20 +@@ -1635,7 +1635,7 @@ + if (ret <=3D 0) { + filename =3D PPP_PATH_UPAPFILE; + addrs =3D NULL; +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) + return 0; + check_access(f, filename); +@@ -1681,7 +1681,7 @@ + } +=20 + filename =3D PPP_PATH_UPAPFILE; +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) + return 0; + check_access(f, filename); +@@ -1718,7 +1718,7 @@ + } +=20 + filename =3D PPP_PATH_UPAPFILE; +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) + return 0; +=20 +@@ -1760,7 +1760,7 @@ + } +=20 + filename =3D PPP_PATH_CHAPFILE; +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) + return 0; +=20 +@@ -1798,7 +1798,7 @@ + struct wordlist *addrs; +=20 + filename =3D PPP_PATH_SRPFILE; +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) + return 0; +=20 +@@ -1849,7 +1849,7 @@ + addrs =3D NULL; + secbuf[0] =3D 0; +=20 +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) { + error("Can't open chap secret file %s: %m", filename); + return 0; +@@ -1902,7 +1902,7 @@ + filename =3D PPP_PATH_SRPFILE; + addrs =3D NULL; +=20 +- fp =3D fopen(filename, "r"); ++ fp =3D fopen(filename, "re"); + if (fp =3D=3D NULL) { + error("Can't open srp secret file %s: %m", filename); + return 0; +@@ -2291,7 +2291,7 @@ + */ + if (word[0] =3D=3D '@' && word[1] =3D=3D '/') { + strlcpy(atfile, word+1, sizeof(atfile)); +- if ((sf =3D fopen(atfile, "r")) =3D=3D NULL) { ++ if ((sf =3D fopen(atfile, "re")) =3D=3D NULL) { + warn("can't open indirect secret file %s", atfile); + continue; + } +@@ -2461,7 +2461,7 @@ + char pkfile[MAXWORDLEN]; +=20 + filename =3D PPP_PATH_EAPTLSSERVFILE; +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) + return 0; +=20 +@@ -2518,7 +2518,7 @@ + return 1; +=20 + filename =3D PPP_PATH_EAPTLSCLIFILE; +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + if (f =3D=3D NULL) + return 0; +=20 +@@ -2738,7 +2738,7 @@ + filename =3D (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFIL= E); + addrs =3D NULL; +=20 +- fp =3D fopen(filename, "r"); ++ fp =3D fopen(filename, "re"); + if (fp =3D=3D NULL) + { + error("Can't open eap-tls secret file %s: %m", filename); +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200 +@@ -555,7 +555,7 @@ + ppp_option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } +- f =3D fopen(filename, "r"); ++ f =3D fopen(filename, "re"); + err =3D errno; + if (check_prot && seteuid(euid) =3D=3D -1) + fatal("unable to regain privileges"); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 +@@ -1978,7 +1978,7 @@ + /* Default the mount location of /proc */ + strlcpy (proc_path, "/proc", sizeof(proc_path)); + proc_path_len =3D 5; +- fp =3D fopen(MOUNTED, "r"); ++ fp =3D fopen(MOUNTED, "re"); + if (fp !=3D NULL) { + while ((mntent =3D getmntent(fp)) !=3D NULL) { + if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) =3D=3D 0) +@@ -2038,7 +2038,7 @@ + close_route_table(); +=20 + path =3D path_to_procfs("/net/route"); +- route_fd =3D fopen (path, "r"); ++ route_fd =3D fopen (path, "re"); + if (route_fd =3D=3D NULL) { + error("can't open routing table %s: %m", path); + return 0; +@@ -2322,7 +2322,7 @@ + close_route_table(); +=20 + path =3D path_to_procfs("/net/ipv6_route"); +- route_fd =3D fopen (path, "r"); ++ route_fd =3D fopen (path, "re"); + if (route_fd =3D=3D NULL) { + error("can't open routing table %s: %m", path); + return 0; diff --git a/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 b/ppp= /patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 new file mode 100644 index 000000000..c205c0e08 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 @@ -0,0 +1,208 @@ +diff -Naur pppd.orig/eap.c pppd/eap.c +--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200 +@@ -1542,7 +1542,7 @@ +=20 + if ((path =3D name_of_pn_file()) =3D=3D NULL) + return (-1); +- fd =3D open(path, modebits, S_IRUSR | S_IWUSR); ++ fd =3D open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC); + err =3D errno; + free(path); + errno =3D err; +diff -Naur pppd.orig/main.c pppd/main.c +--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200 +@@ -479,7 +479,7 @@ + die(0); +=20 + /* Make sure fds 0, 1, 2 are open to somewhere. */ +- fd_devnull =3D open(PPP_DEVNULL, O_RDWR); ++ fd_devnull =3D open(PPP_DEVNULL, O_RDWR | O_CLOEXEC); + if (fd_devnull < 0) + fatal("Couldn't open %s: %m", PPP_DEVNULL); + while (fd_devnull <=3D 2) { +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200 ++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200 +@@ -1718,9 +1718,9 @@ + ppp_option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } +- fd =3D open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); ++ fd =3D open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, = 0644); + if (fd < 0 && errno =3D=3D EEXIST) +- fd =3D open(*argv, O_WRONLY | O_APPEND); ++ fd =3D open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC); + err =3D errno; + if (!privileged_option && seteuid(euid) =3D=3D -1) + fatal("unable to regain privileges: %m"); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 +@@ -666,7 +666,7 @@ + goto err; + } + dbglog("using channel %d", chindex); +- fd =3D open("/dev/ppp", O_RDWR); ++ fd =3D open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd < 0) { + error("Couldn't reopen /dev/ppp: %m"); + goto err; +@@ -904,7 +904,7 @@ + dbglog("in make_ppp_unit, already had /dev/ppp open?"); + close(ppp_dev_fd); + } +- ppp_dev_fd =3D open("/dev/ppp", O_RDWR); ++ ppp_dev_fd =3D open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (ppp_dev_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + flags =3D fcntl(ppp_dev_fd, F_GETFL); +@@ -1025,7 +1025,7 @@ + if (!new_style_driver) + return -1; +=20 +- master_fd =3D open("/dev/ppp", O_RDWR); ++ master_fd =3D open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (master_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { +@@ -2533,7 +2533,7 @@ + if (tune_kernel) { + forw_path =3D path_to_procfs("/sys/net/ipv4/ip_forward"); + if (forw_path !=3D 0) { +- int fd =3D open(forw_path, O_WRONLY); ++ int fd =3D open(forw_path, O_WRONLY | O_CLOEXEC); + if (fd >=3D 0) { + if (write(fd, "1", 1) !=3D 1) + error("Couldn't enable IP forwarding: %m"); +@@ -2878,7 +2878,7 @@ + sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); + kernel_version =3D KVERSION(osmaj, osmin, ospatch); +=20 +- fd =3D open("/dev/ppp", O_RDWR); ++ fd =3D open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd >=3D 0) { + new_style_driver =3D 1; +=20 +@@ -3056,7 +3056,7 @@ + #if __GLIBC__ >=3D 2 + updwtmp(_PATH_WTMP, &ut); + #else +- wtmp =3D open(_PATH_WTMP, O_APPEND|O_WRONLY); ++ wtmp =3D open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC); + if (wtmp >=3D 0) { + flock(wtmp, LOCK_EX); +=20 +@@ -3280,7 +3280,7 @@ + int fd; +=20 + path =3D path_to_procfs("/sys/net/ipv4/ip_dynaddr"); +- if (path !=3D 0 && (fd =3D open(path, O_WRONLY)) >=3D 0) { ++ if (path !=3D 0 && (fd =3D open(path, O_WRONLY | O_CLOEXEC)) >=3D 0) { + if (write(fd, "1", 1) !=3D 1) + error("Couldn't enable dynamic IP addressing: %m"); + close(fd); +@@ -3534,7 +3534,7 @@ + /* + * Try the unix98 way first. + */ +- mfd =3D open("/dev/ptmx", O_RDWR); ++ mfd =3D open("/dev/ptmx", O_RDWR | O_CLOEXEC); + if (mfd >=3D 0) { + int ptn; + if (ioctl(mfd, TIOCGPTN, &ptn) >=3D 0) { +@@ -3545,7 +3545,8 @@ + if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) + warn("Couldn't unlock pty slave %s: %m", pty_name); + #endif +- if ((sfd =3D open(pty_name, O_RDWR | O_NOCTTY)) < 0) ++ ++ if ((sfd =3D open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { + warn("Couldn't open pty slave %s: %m", pty_name); + close(mfd); +@@ -3559,10 +3560,10 @@ + for (i =3D 0; i < 64; ++i) { + slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", + 'p' + i / 16, i % 16); +- mfd =3D open(pty_name, O_RDWR, 0); ++ mfd =3D open(pty_name, O_RDWR | O_CLOEXEC, 0); + if (mfd >=3D 0) { + pty_name[5] =3D 't'; +- sfd =3D open(pty_name, O_RDWR | O_NOCTTY, 0); ++ sfd =3D open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); + if (sfd >=3D 0) { + ret =3D fchown(sfd, uid, -1); + if (ret !=3D 0) { +diff -Naur pppd.orig/tdb.c pppd/tdb.c +--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200 ++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200 +@@ -1728,7 +1728,7 @@ + goto internal; + } +=20 +- if ((tdb->fd =3D open(name, open_flags, mode)) =3D=3D -1) { ++ if ((tdb->fd =3D open(name, open_flags | O_CLOEXEC, mode)) =3D=3D -1) { + TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", + name, strerror(errno))); + goto fail; /* errno set by open(2) */ +@@ -1971,7 +1971,7 @@ + } + if (close(tdb->fd) !=3D 0) + TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); +- tdb->fd =3D open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); ++ tdb->fd =3D open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLO= EXEC, 0); + if (tdb->fd =3D=3D -1) { + TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); + goto fail; +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200 +@@ -621,7 +621,7 @@ + ppp_set_status(EXIT_OPEN_FAILED); + goto errret; + } +- real_ttyfd =3D open(devnam, O_NONBLOCK | O_RDWR, 0); ++ real_ttyfd =3D open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0); + err =3D errno; + if (prio < OPRIO_ROOT && seteuid(0) =3D=3D -1) + fatal("Unable to regain privileges"); +@@ -775,7 +775,7 @@ + if (connector =3D=3D NULL && modem && devnam[0] !=3D 0) { + int i; + for (;;) { +- if ((i =3D open(devnam, O_RDWR)) >=3D 0) ++ if ((i =3D open(devnam, O_RDWR | O_CLOEXEC)) >=3D 0) + break; + if (errno !=3D EINTR) { + error("Failed to reopen %s: %m", devnam); +diff -Naur pppd.orig/utils.c pppd/utils.c +--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200 +@@ -843,14 +843,14 @@ + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, = dev); + #endif +=20 +- while ((fd =3D open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { ++ while ((fd =3D open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0= 644)) < 0) { + if (errno !=3D EEXIST) { + error("Can't create lock file %s: %m", lock_file); + break; + } +=20 + /* Read the lock file to find out who has the device locked. */ +- fd =3D open(lock_file, O_RDONLY, 0); ++ fd =3D open(lock_file, O_RDONLY | O_CLOEXEC, 0); + if (fd < 0) { + if (errno =3D=3D ENOENT) /* This is just a timing problem. */ + continue; +@@ -933,7 +933,7 @@ +=20 + if (lock_file[0] =3D=3D 0) + return -1; +- fd =3D open(lock_file, O_WRONLY, 0); ++ fd =3D open(lock_file, O_WRONLY | O_CLOEXEC, 0); + if (fd < 0) { + error("Couldn't reopen lock file %s: %m", lock_file); + lock_file[0] =3D 0; diff --git a/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creatin= g-socket.patch0 b/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-cr= eating-socket.patch0 new file mode 100644 index 000000000..cfd72e468 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socke= t.patch0 @@ -0,0 +1,135 @@ +diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c +--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200 +@@ -146,7 +146,7 @@ +=20 + if (!device_got_set) + no_device_given_pppoatm(); +- fd =3D socket(AF_ATMPVC, SOCK_DGRAM, 0); ++ fd =3D socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd < 0) + fatal("failed to create socket: %m"); + memset(&qos, 0, sizeof qos); +diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c +--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200 +@@ -116,7 +116,7 @@ + stype =3D SOCK_PACKET; + #endif +=20 +- if ((fd =3D socket(domain, stype, htons(type))) < 0) { ++ if ((fd =3D socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno =3D=3D EPERM) { + fatal("Cannot create raw socket -- pppoe must be run as root."); +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 +@@ -155,7 +155,7 @@ + /* server equipment). = */ + /* Opening this socket just before waitForPADS in the discovery() = */ + /* function would be more appropriate, but it would mess-up the code = */ +- conn->sessionSocket =3D socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); ++ conn->sessionSocket =3D socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX= _PROTO_OE); + if (conn->sessionSocket < 0) { + error("Failed to create PPPoE socket: %m"); + return -1; +@@ -166,7 +166,7 @@ + lcp_wantoptions[0].mru =3D conn->mru =3D conn->storedmru; +=20 + /* Update maximum MRU */ +- s =3D socket(AF_INET, SOCK_DGRAM, 0); ++ s =3D socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) { + error("Can't get MTU for %s: %m", conn->ifName); + goto errout; +@@ -364,7 +364,7 @@ + } +=20 + /* Open a socket */ +- if ((fd =3D socket(PF_PACKET, SOCK_RAW, 0)) < 0) { ++ if ((fd =3D socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { + r =3D 0; + } +=20 +diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl= 2tp.c +--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200 +@@ -93,7 +93,7 @@ + int result; +=20 + if (openl2tp_fd < 0) { +- openl2tp_fd =3D socket(PF_UNIX, SOCK_DGRAM, 0); ++ openl2tp_fd =3D socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (openl2tp_fd < 0) { + error("openl2tp connection create: %m"); + return -ENOTCONN; +diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol= 2tp.c +--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200 +@@ -220,7 +220,7 @@ + struct ifreq ifr; + int fd; +=20 +- fd =3D socket(AF_INET, SOCK_DGRAM, 0); ++ fd =3D socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd >=3D 0) { + memset (&ifr, '\0', sizeof (ifr)); + ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name)); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200 +@@ -499,12 +499,12 @@ + void sys_init(void) + { + /* Get an internet socket for doing socket ioctls. */ +- sock_fd =3D socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd =3D socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + fatal("Couldn't create IP socket: %m(%d)", errno); +=20 + #ifdef PPP_WITH_IPV6CP +- sock6_fd =3D socket(AF_INET6, SOCK_DGRAM, 0); ++ sock6_fd =3D socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock6_fd < 0) + sock6_fd =3D -errno; /* save errno for later */ + #endif +@@ -2675,7 +2675,7 @@ + struct ifreq ifreq; + int ret, sock_fd; +=20 +- sock_fd =3D socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd =3D socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); +@@ -2698,7 +2698,7 @@ + struct ifreq ifreq; + int ret, sock_fd; +=20 +- sock_fd =3D socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd =3D socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; +=20 +@@ -2915,7 +2915,7 @@ + /* + * Open a socket for doing the ioctl operations. + */ +- s =3D socket(AF_INET, SOCK_DGRAM, 0); ++ s =3D socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) + return 0; +=20 +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200 ++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200 +@@ -942,7 +942,7 @@ + *sep =3D ':'; +=20 + /* get a socket and connect it to the other end */ +- sock =3D socket(PF_INET, SOCK_STREAM, 0); ++ sock =3D socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (sock < 0) { + error("Can't create socket: %m"); + return -1; diff --git a/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 b/ppp/= patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 new file mode 100644 index 000000000..002b6066d --- /dev/null +++ b/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h +--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200 +@@ -143,7 +143,7 @@ + #define STATE_TERMINATED 4 +=20 + /* How many PADI/PADS attempts? */ +-#define MAX_PADI_ATTEMPTS 3 ++#define MAX_PADI_ATTEMPTS 4 +=20 + /* Initial timeout for PADO/PADS */ + #define PADI_TIMEOUT 5 diff --git a/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 b/ppp/patches/ppp-2.5= .0-5-headers_4.9.patch0 new file mode 100644 index 000000000..dc6c22852 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200 +@@ -46,6 +46,8 @@ + #include + #include + #include ++#define _LINUX_IN_H ++#define _LINUX_IN6_H + #include +=20 + #include diff --git a/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properl= y.patch b/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.p= atch new file mode 100644 index 000000000..0e9eab6ed --- /dev/null +++ b/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch @@ -0,0 +1,18 @@ +diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure +--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100 ++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200 +@@ -17774,10 +17774,10 @@ + rm -f $2 + if [ -f $1 ]; then + echo " $2 <=3D $1" +- sed -e "s,@DESTDIR@,$prefix,g" \ +- -e "s,@SYSCONF@,$sysconfdir,g" \ +- -e "s,@CC@,$CC,g" \ +- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2 ++ sed -e "s#@DESTDIR@#$prefix#g" \ ++ -e "s#@SYSCONF@#$sysconfdir#g" \ ++ -e "s#@CC@#$CC#g" \ ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2 + fi + } +=20 diff --git a/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-st= ruct-sockaddr_ll.patch b/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-i= f-we-have-struct-sockaddr_ll.patch new file mode 100644 index 000000000..a7823d424 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-so= ckaddr_ll.patch @@ -0,0 +1,37 @@ +From 9d6d326b2530cffb1414e4c401675117c42d43ce Mon Sep 17 00:00:00 2001 +From: Eivind Naess +Date: Sun, 23 Apr 2023 11:30:43 -0700 +Subject: [PATCH] Add configure check to see if we have struct sockaddr_ll + +Fixes issue #411. + +Signed-off-by: Eivind Naess +--- + configure.ac | 3 ++- + pppd/plugins/pppoe/config.h.in | 2 ++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 1180f64ec..38b24af92 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -75,7 +75,8 @@ AM_COND_IF([LINUX], [ + linux/if_ether.h \ + linux/if_packet.h \ + netinet/if_ether.h \ +- netpacket/packet.h])]) ++ netpacket/packet.h]) ++ AC_CHECK_TYPES([struct sockaddr_ll], [], [], [#include ])]) +=20 + AC_CHECK_SIZEOF(unsigned int) + AC_CHECK_SIZEOF(unsigned long) +diff --git a/pppd/plugins/pppoe/config.h.in b/pppd/plugins/pppoe/config.h.in +index d447f5e89..d7d61c01c 100644 +--- a/pppd/plugins/pppoe/config.h.in ++++ b/pppd/plugins/pppoe/config.h.in +@@ -69,3 +69,5 @@ + /* The size of `unsigned short', as computed by sizeof. */ + #undef SIZEOF_UNSIGNED_SHORT +=20 ++/* Define to 1 if the system has the type `struct sockaddr_ll'. */ ++#undef HAVE_STRUCT_SOCKADDR_LL diff --git a/ppp/ppp.nm b/ppp/ppp.nm index 8013c4818..a1f15ab3e 100644 --- a/ppp/ppp.nm +++ b/ppp/ppp.nm @@ -4,8 +4,8 @@ ############################################################################= ### =20 name =3D ppp -version =3D 2.4.9 -release =3D 4 +version =3D 2.5.0 +release =3D 1 =20 groups =3D System/Daemons url =3D https://ppp.samba.org/ @@ -24,6 +24,8 @@ source_dl =3D https://download.samba.org/pub/ppp/ =20 build requires + autoconf + automake libpcap-devel libudev-devel libxcrypt-devel @@ -32,43 +34,27 @@ build systemd-devel end =20 - prepare_cmds - sed -e "s@^RUNDIR .*@RUNDIR =3D /run/ppp@" \ - -e "s@^LOGDIR .*@LOGDIR =3D /var/log/ppp@" \ - -i linux/Makefile.top - - sed -e "s@^DESTDIR.*@DESTDIR=3D\$%{INSTROOT}/usr@" \ - -i pppd/plugins/pppol2tp/Makefile.linux - - # Remove broken header file that crashed the build. - rm -f include/linux/if_pppol2tp.h - end - - make_build_targets +=3D \ - CC=3D"gcc %{CFLAGS} %{LDFLAGS}" + configure_options +=3D --with-logfile-dir=3D/var/log =20 install make install INSTROOT=3D%{BUILDROOT} =20 - rm -rfv %{BUILDROOT}/etc/ppp/plugins - + touch /var/log/connect-errors mkdir -pv %{BUILDROOT}/etc/ppp + + # Reminder note + # code used to be here to copy across IPFire2.x dialler etc scripts + # something to replace those for IPFire3.x is likely nedeed somewhere + touch %{BUILDROOT}/etc/ppp/secrets chmod -v 600 %{BUILDROOT}/etc/ppp/secrets - ln -svf secrets %{BUILDROOT}/etc/ppp/pap-secrets - ln -svf secrets %{BUILDROOT}/etc/ppp/chap-secrets - - # Fix binary permissions. - find %{BUILDROOT}%{sbindir} -type f -executable \ - -exec chmod 755 {} \; + ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/pap-secrets + ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/chap-secrets end end =20 packages package %{name} - #requires - # /usr/lib/network/helpers/pppd-angel - #end =20 script postin systemctl daemon-reload >/dev/null 2>&1 || : --=20 2.42.0 --===============3813830246386244435==--