From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] ppp: update to 2.4.9
Date: Fri, 02 Apr 2021 15:52:06 +0100 [thread overview]
Message-ID: <5CC8EF26-EF15-4DCB-A804-CF76B6EBC861@ipfire.org> (raw)
In-Reply-To: <76051fd7-f502-e36f-172e-1d8858278213@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 22778 bytes --]
Do you have any details about this?
> On 2 Apr 2021, at 15:49, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Hello development folks,
>
> I am currently observing some strange memory allocation behaviour with ppp 2.4.9, especially
> after multiple (> 1k) reconnects using CHAP. Since I am not sure whether I messed up a patch
> or this is caused by upstream code, I currently advise against merging this patch.
>
> Further information will be added here as soon as available.
>
> Thanks, and best regards,
> Peter Müller
>
>
>> This is the first ppp release for years, and the project appears to have
>> a different maintainer (team?) by now. As a result, some of our patches
>> are no longer necessary as they made it into upstream, while others need
>> to be adjusted slightly.
>>
>> In addition, their configure script does not handle commas in CFLAGS
>> properly, which is why the delimiter for the 'sed' call in it has to be
>> changed to something neither appearing in a path nor in our CLFAGS set.
>>
>> The full changelog of this release can be retrieved from
>> https://ppp.samba.org/README.html and says:
>>
>> * Support for new EAP (Extensible Authentication Protocol) methods:
>> - Support for EAP-TLS, from Jan Just Keijser and others
>> - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
>> Van Buggenhout and others
>>
>> * New pppd options:
>> - chap-timeout
>> - chapms-strip-domain
>> - replacedefaultroute
>> - noreplacedefaultroute
>> - ipv6cp-accept-remote
>> - lcp-echo-adaptive
>> - ip-up-script
>> - ip-down-script
>> - ca
>> - capath
>> - cert
>> - key
>> - crl-dir
>> - crl
>> - max-tls-version
>> - need-peer-eap
>>
>> * Fixes for CVE-2020-8597 and CVE-2015-3310.
>>
>> * libpcap is now required when compiling on Linux (previously, if
>> libpcap was not present, pppd would be compiled without packet
>> filtering support).
>>
>> * The rp-pppoe plugin has been renamed to pppoe, to distinguish it
>> from the upstream rp-pppoe code. Its options have changed names,
>> but the old names are kept as aliases.
>>
>> * The configure script now supports cross-compilation.
>>
>> * Many bug fixes and cleanups.
>>
>> Thanks to Michael for his hint on the ./configure CFLAGS issue.
>>
>> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
>> ---
>> config/rootfiles/common/ppp | 29 +++--
>> lfs/ppp | 15 +--
>> ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------
>> .../0013-everywhere-O_CLOEXEC-harder.patch | 8 +-
>> ...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 ++---
>> ...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +-
>> src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +-
>> ....8-pppd-fix-bounds-check-in-eap-code.patch | 35 -----
>> ...-configure-to-handle-cflags-properly.patch | 15 +++
>> 9 files changed, 61 insertions(+), 207 deletions(-)
>> delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
>> delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
>> create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>>
>> diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
>> index f1f4f88f2..8d0af69c4 100644
>> --- a/config/rootfiles/common/ppp
>> +++ b/config/rootfiles/common/ppp
>> @@ -2,6 +2,8 @@
>> etc/ppp/chap-secrets
>> etc/ppp/demonloginscript
>> etc/ppp/dialer
>> +#etc/ppp/eaptls-client
>> +#etc/ppp/eaptls-server
>> etc/ppp/ioptions
>> etc/ppp/ip-down
>> etc/ppp/ip-up
>> @@ -12,6 +14,7 @@ etc/ppp/standardloginscript
>> #usr/include/pppd/ccp.h
>> #usr/include/pppd/chap-new.h
>> #usr/include/pppd/chap_ms.h
>> +#usr/include/pppd/eap-tls.h
>> #usr/include/pppd/eap.h
>> #usr/include/pppd/ecp.h
>> #usr/include/pppd/eui64.h
>> @@ -23,6 +26,7 @@ etc/ppp/standardloginscript
>> #usr/include/pppd/magic.h
>> #usr/include/pppd/md4.h
>> #usr/include/pppd/md5.h
>> +#usr/include/pppd/mppe.h
>> #usr/include/pppd/patchlevel.h
>> #usr/include/pppd/pathnames.h
>> #usr/include/pppd/pppcrypt.h
>> @@ -33,18 +37,19 @@ etc/ppp/standardloginscript
>> #usr/include/pppd/tdb.h
>> #usr/include/pppd/upap.h
>> usr/lib/pppd
>> -usr/lib/pppd/2.4.8
>> -#usr/lib/pppd/2.4.8/minconn.so
>> -#usr/lib/pppd/2.4.8/openl2tp.so
>> -#usr/lib/pppd/2.4.8/passprompt.so
>> -#usr/lib/pppd/2.4.8/passwordfd.so
>> -#usr/lib/pppd/2.4.8/pppoatm.so
>> -#usr/lib/pppd/2.4.8/pppol2tp.so
>> -#usr/lib/pppd/2.4.8/radattr.so
>> -#usr/lib/pppd/2.4.8/radius.so
>> -#usr/lib/pppd/2.4.8/radrealms.so
>> -#usr/lib/pppd/2.4.8/rp-pppoe.so
>> -#usr/lib/pppd/2.4.8/winbind.so
>> +usr/lib/pppd/2.4.9
>> +#usr/lib/pppd/2.4.9/minconn.so
>> +#usr/lib/pppd/2.4.9/openl2tp.so
>> +#usr/lib/pppd/2.4.9/passprompt.so
>> +#usr/lib/pppd/2.4.9/passwordfd.so
>> +#usr/lib/pppd/2.4.9/pppoatm.so
>> +#usr/lib/pppd/2.4.9/pppoe.so
>> +#usr/lib/pppd/2.4.9/pppol2tp.so
>> +#usr/lib/pppd/2.4.9/radattr.so
>> +#usr/lib/pppd/2.4.9/radius.so
>> +#usr/lib/pppd/2.4.9/radrealms.so
>> +#usr/lib/pppd/2.4.9/rp-pppoe.so
>> +#usr/lib/pppd/2.4.9/winbind.so
>> usr/sbin/chat
>> usr/sbin/pppd
>> usr/sbin/pppdump
>> diff --git a/lfs/ppp b/lfs/ppp
>> index cbac95067..73356b8c4 100644
>> --- a/lfs/ppp
>> +++ b/lfs/ppp
>> @@ -1,7 +1,7 @@
>> ###############################################################################
>> # #
>> # IPFire.org - A linux based firewall #
>> -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
>> +# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
>> # #
>> # This program is free software: you can redistribute it and/or modify #
>> # it under the terms of the GNU General Public License as published by #
>> @@ -24,12 +24,12 @@
>>
>> include Config
>>
>> -VER = 2.4.8
>> +VER = 2.4.9
>>
>> THISAPP = ppp-$(VER)
>> DL_FILE = $(THISAPP).tar.gz
>> DL_FROM = $(URL_IPFIRE)
>> -DIR_APP = $(DIR_SRC)/ppp-$(THISAPP)
>> +DIR_APP = $(DIR_SRC)/$(THISAPP)
>> TARGET = $(DIR_INFO)/$(THISAPP)
>>
>> CFLAGS += -fno-strict-aliasing
>> @@ -42,7 +42,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123
>> +$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f
>>
>> install : $(TARGET)
>>
>> @@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>> @$(PREBUILD)
>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>> cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
>> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
>> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
>> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>> cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
>> - cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
>> - cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
>> + cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls
>> + cd $(DIR_APP) && make $(MAKETUNING)
>> cd $(DIR_APP) && make install
>> cd $(DIR_APP) && make install-etcppp
>> touch /var/log/connect-errors
>> diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
>> deleted file mode 100644
>> index 4a43d444a..000000000
>> --- a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
>> +++ /dev/null
>> @@ -1,121 +0,0 @@
>> -From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
>> -From: Michal Sekletar <msekleta(a)redhat.com>
>> -Date: Fri, 4 Apr 2014 11:29:39 +0200
>> -Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
>> - rpmbuild
>> -
>> ----
>> - chat/Makefile.linux | 2 +-
>> - pppd/Makefile.linux | 3 +--
>> - pppd/plugins/Makefile.linux | 2 +-
>> - pppd/plugins/pppoatm/Makefile.linux | 2 +-
>> - pppd/plugins/radius/Makefile.linux | 2 +-
>> - pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
>> - pppdump/Makefile.linux | 2 +-
>> - pppstats/Makefile.linux | 2 +-
>> - 8 files changed, 8 insertions(+), 9 deletions(-)
>> -
>> -diff --git a/chat/Makefile.linux b/chat/Makefile.linux
>> -index 1065ac5..848cd8d 100644
>> ---- a/chat/Makefile.linux
>> -+++ b/chat/Makefile.linux
>> -@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
>> - CDEF4= -DFNDELAY=O_NDELAY # Old name value
>> - CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
>> -
>> --COPTS= -O2 -g -pipe
>> -+COPTS= $(RPM_OPT_FLAGS)
>> - CFLAGS= $(COPTS) $(CDEFS)
>> -
>> - INSTALL= install
>> -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
>> -index 5a44d30..63872eb 100644
>> ---- a/pppd/Makefile.linux
>> -+++ b/pppd/Makefile.linux
>> -@@ -32,8 +32,7 @@ endif
>> -
>> - CC = gcc
>> - #
>> --COPTS = -O2 -pipe -Wall -g
>> --LIBS =
>> -+COPTS = -Wall $(RPM_OPT_FLAGS)
>> -
>> - # Uncomment the next 2 lines to include support for Microsoft's
>> - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
>> -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
>> -index 0a7ec7b..e09a369 100644
>> ---- a/pppd/plugins/Makefile.linux
>> -+++ b/pppd/plugins/Makefile.linux
>> -@@ -1,5 +1,5 @@
>> - #CC = gcc
>> --COPTS = -O2 -g
>> -+COPTS = $(RPM_OPT_FLAGS)
>> - CFLAGS = $(COPTS) -I.. -I../../include -fPIC
>> - LDFLAGS = -shared
>> - INSTALL = install
>> -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
>> -index 20f62e6..5a81447 100644
>> ---- a/pppd/plugins/pppoatm/Makefile.linux
>> -+++ b/pppd/plugins/pppoatm/Makefile.linux
>> -@@ -1,5 +1,5 @@
>> - #CC = gcc
>> --COPTS = -O2 -g
>> -+COPTS = $(RPM_OPT_FLAGS)
>> - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
>> - LDFLAGS = -shared
>> - INSTALL = install
>> -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
>> -index 24ed3e5..45b3b8d 100644
>> ---- a/pppd/plugins/radius/Makefile.linux
>> -+++ b/pppd/plugins/radius/Makefile.linux
>> -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
>> - INSTALL = install
>> -
>> - PLUGIN=radius.so radattr.so radrealms.so
>> --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
>> -+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
>> -
>> - # Uncomment the next line to include support for Microsoft's
>> - # MS-CHAP authentication protocol.
>> -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
>> -index 5d7a271..352991a 100644
>> ---- a/pppd/plugins/rp-pppoe/Makefile.linux
>> -+++ b/pppd/plugins/rp-pppoe/Makefile.linux
>> -@@ -25,7 +25,7 @@ INSTALL = install
>> - # Version is set ONLY IN THE MAKEFILE! Don't delete this!
>> - RP_VERSION=3.8p
>> -
>> --COPTS=-O2 -g
>> -+COPTS=$(RPM_OPT_FLAGS)
>> - CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
>> - all: rp-pppoe.so pppoe-discovery
>> -
>> -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
>> -index ac028f6..d0a5032 100644
>> ---- a/pppdump/Makefile.linux
>> -+++ b/pppdump/Makefile.linux
>> -@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
>> - BINDIR = $(DESTDIR)/sbin
>> - MANDIR = $(DESTDIR)/share/man/man8
>> -
>> --CFLAGS= -O -I../include/net
>> -+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
>> - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
>> -
>> - INSTALL= install
>> -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
>> -index cca6f0f..42aba73 100644
>> ---- a/pppstats/Makefile.linux
>> -+++ b/pppstats/Makefile.linux
>> -@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
>> - PPPSTATOBJS = pppstats.o
>> -
>> - #CC = gcc
>> --COPTS = -O
>> -+COPTS = $(RPM_OPT_FLAGS)
>> - COMPILE_FLAGS = -I../include
>> - LIBS =
>> -
>> ---
>> -1.8.3.1
>> -
>> diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
>> index 2513021b2..792d1c42f 100644
>> --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
>> +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
>> @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644
>> free(path);
>> errno = err;
>> diff --git a/pppd/main.c b/pppd/main.c
>> -index 6d50d1b..4880377 100644
>> +index 87a5d29..152e4a2 100644
>> --- a/pppd/main.c
>> +++ b/pppd/main.c
>> -@@ -420,7 +420,7 @@ main(argc, argv)
>> +@@ -400,7 +400,7 @@ main(int argc, char *argv[])
>> die(0);
>>
>> /* Make sure fds 0, 1, 2 are open to somewhere. */
>> @@ -39,11 +39,11 @@ index 6d50d1b..4880377 100644
>> if (fd_devnull < 0)
>> fatal("Couldn't open %s: %m", _PATH_DEVNULL);
>> while (fd_devnull <= 2) {
>> -@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
>> +@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait)
>> if (log_to_fd >= 0)
>> errfd = log_to_fd;
>> else
>> -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
>> +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
>> + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
>>
>> ++conn_running;
>> diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
>> index 3475f09a8..fffda981d 100644
>> --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
>> +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
>> @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
>> pppd/plugins/pppoatm/pppoatm.c | 2 +-
>> pppd/plugins/pppol2tp/openl2tp.c | 2 +-
>> pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
>> - pppd/plugins/rp-pppoe/if.c | 2 +-
>> - pppd/plugins/rp-pppoe/plugin.c | 6 +++---
>> - pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
>> + pppd/plugins/pppoe/if.c | 2 +-
>> + pppd/plugins/pppoe/plugin.c | 6 +++---
>> + pppd/plugins/pppoe/pppoe-discovery.c | 2 +-
>> pppd/sys-linux.c | 10 +++++-----
>> pppd/tty.c | 2 +-
>> 8 files changed, 14 insertions(+), 14 deletions(-)
>> @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644
>> if (fd >= 0) {
>> memset (&ifr, '\0', sizeof (ifr));
>> strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
>> -diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
>> +diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
>> index 91e9a57..72aba41 100644
>> ---- a/pppd/plugins/rp-pppoe/if.c
>> -+++ b/pppd/plugins/rp-pppoe/if.c
>> +--- a/pppd/plugins/pppoe/if.c
>> ++++ b/pppd/plugins/pppoe/if.c
>> @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
>> stype = SOCK_PACKET;
>> #endif
>> @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644
>> /* Give a more helpful message for the common error case */
>> if (errno == EPERM) {
>> fatal("Cannot create raw socket -- pppoe must be run as root.");
>> -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
>> +diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
>> index a8c2bb4..24bdf8f 100644
>> ---- a/pppd/plugins/rp-pppoe/plugin.c
>> -+++ b/pppd/plugins/rp-pppoe/plugin.c
>> +--- a/pppd/plugins/pppoe/plugin.c
>> ++++ b/pppd/plugins/pppoe/plugin.c
>> @@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
>> /* server equipment). */
>> /* Opening this socket just before waitForPADS in the discovery() */
>> @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644
>> r = 0;
>> }
>>
>> -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
>> +diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
>> index 3d3bf4e..c0d927d 100644
>> ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
>> -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
>> +--- a/pppd/plugins/pppoe/pppoe-discovery.c
>> ++++ b/pppd/plugins/pppoe/pppoe-discovery.c
>> @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
>> stype = SOCK_PACKET;
>> #endif
>> @@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644
>> if (s < 0)
>> return 0;
>>
>> -@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
>> - int skfd;
>> - const unsigned char *ptr;
>> -
>> -- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
>> -+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
>> - if(skfd == -1)
>> - {
>> - warn("could not open IPv6 socket");
>> diff --git a/pppd/tty.c b/pppd/tty.c
>> index bc96695..8e76a5d 100644
>> --- a/pppd/tty.c
>> diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
>> index 5127c1f10..1b36e8369 100644
>> --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
>> +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
>> @@ -1,7 +1,7 @@
>> -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
>> +diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h
>> index 9ab2eee..86762bd 100644
>> ---- a/pppd/plugins/rp-pppoe/pppoe.h
>> -+++ b/pppd/plugins/rp-pppoe/pppoe.h
>> +--- a/pppd/plugins/pppoe/pppoe.h
>> ++++ b/pppd/plugins/pppoe/pppoe.h
>> @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
>> #define STATE_TERMINATED 4
>>
>> diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
>> index 633eb045a..686db9204 100644
>> --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
>> +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
>> @@ -1,6 +1,6 @@
>> -diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c
>> ---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
>> -+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
>> +diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c
>> +--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
>> ++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
>> @@ -49,6 +49,8 @@
>> #include <net/ethernet.h>
>> #include <net/if_arp.h>
>> diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
>> deleted file mode 100644
>> index 858769f48..000000000
>> --- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
>> +++ /dev/null
>> @@ -1,35 +0,0 @@
>> -commit 8d7970b8f3db727fe798b65f3377fe6787575426
>> -Author: Paul Mackerras <paulus(a)ozlabs.org>
>> -Date: Mon Feb 3 15:53:28 2020 +1100
>> -
>> - pppd: Fix bounds check in EAP code
>> -
>> - Given that we have just checked vallen < len, it can never be the case
>> - that vallen >= len + sizeof(rhostname). This fixes the check so we
>> - actually avoid overflowing the rhostname array.
>> -
>> - Reported-by: Ilja Van Sprundel <ivansprundel(a)ioactive.com>
>> - Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org>
>> -
>> -diff --git a/pppd/eap.c b/pppd/eap.c
>> -index 94407f5..1b93db0 100644
>> ---- a/pppd/eap.c
>> -+++ b/pppd/eap.c
>> -@@ -1420,7 +1420,7 @@ int len;
>> - }
>> -
>> - /* Not so likely to happen. */
>> -- if (vallen >= len + sizeof (rhostname)) {
>> -+ if (len - vallen >= sizeof (rhostname)) {
>> - dbglog("EAP: trimming really long peer name down");
>> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
>> - rhostname[sizeof (rhostname) - 1] = '\0';
>> -@@ -1846,7 +1846,7 @@ int len;
>> - }
>> -
>> - /* Not so likely to happen. */
>> -- if (vallen >= len + sizeof (rhostname)) {
>> -+ if (len - vallen >= sizeof (rhostname)) {
>> - dbglog("EAP: trimming really long peer name down");
>> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
>> - rhostname[sizeof (rhostname) - 1] = '\0';
>> diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>> new file mode 100644
>> index 000000000..b36ace192
>> --- /dev/null
>> +++ b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>> @@ -0,0 +1,15 @@
>> +--- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200
>> ++++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200
>> +@@ -121,9 +121,9 @@
>> + rm -f $2
>> + if [ -f $1 ]; then
>> + echo " $2 <= $1"
>> +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
>> +- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
>> +- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
>> ++ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \
>> ++ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \
>> ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2
>> + fi
>> + }
>> +
>>
prev parent reply other threads:[~2021-04-02 14:52 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-01 17:58 Peter Müller
2021-04-02 14:49 ` Peter Müller
2021-04-02 14:52 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5CC8EF26-EF15-4DCB-A804-CF76B6EBC861@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox