Do you have any details about this? > On 2 Apr 2021, at 15:49, Peter Müller wrote: > > Hello development folks, > > I am currently observing some strange memory allocation behaviour with ppp 2.4.9, especially > after multiple (> 1k) reconnects using CHAP. Since I am not sure whether I messed up a patch > or this is caused by upstream code, I currently advise against merging this patch. > > Further information will be added here as soon as available. > > Thanks, and best regards, > Peter Müller > > >> This is the first ppp release for years, and the project appears to have >> a different maintainer (team?) by now. As a result, some of our patches >> are no longer necessary as they made it into upstream, while others need >> to be adjusted slightly. >> >> In addition, their configure script does not handle commas in CFLAGS >> properly, which is why the delimiter for the 'sed' call in it has to be >> changed to something neither appearing in a path nor in our CLFAGS set. >> >> The full changelog of this release can be retrieved from >> https://ppp.samba.org/README.html and says: >> >> * Support for new EAP (Extensible Authentication Protocol) methods: >> - Support for EAP-TLS, from Jan Just Keijser and others >> - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs >> Van Buggenhout and others >> >> * New pppd options: >> - chap-timeout >> - chapms-strip-domain >> - replacedefaultroute >> - noreplacedefaultroute >> - ipv6cp-accept-remote >> - lcp-echo-adaptive >> - ip-up-script >> - ip-down-script >> - ca >> - capath >> - cert >> - key >> - crl-dir >> - crl >> - max-tls-version >> - need-peer-eap >> >> * Fixes for CVE-2020-8597 and CVE-2015-3310. >> >> * libpcap is now required when compiling on Linux (previously, if >> libpcap was not present, pppd would be compiled without packet >> filtering support). >> >> * The rp-pppoe plugin has been renamed to pppoe, to distinguish it >> from the upstream rp-pppoe code. Its options have changed names, >> but the old names are kept as aliases. >> >> * The configure script now supports cross-compilation. >> >> * Many bug fixes and cleanups. >> >> Thanks to Michael for his hint on the ./configure CFLAGS issue. >> >> Signed-off-by: Peter Müller >> --- >> config/rootfiles/common/ppp | 29 +++-- >> lfs/ppp | 15 +-- >> ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------ >> .../0013-everywhere-O_CLOEXEC-harder.patch | 8 +- >> ...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 ++--- >> ...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +- >> src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +- >> ....8-pppd-fix-bounds-check-in-eap-code.patch | 35 ----- >> ...-configure-to-handle-cflags-properly.patch | 15 +++ >> 9 files changed, 61 insertions(+), 207 deletions(-) >> delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch >> delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch >> create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch >> >> diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp >> index f1f4f88f2..8d0af69c4 100644 >> --- a/config/rootfiles/common/ppp >> +++ b/config/rootfiles/common/ppp >> @@ -2,6 +2,8 @@ >> etc/ppp/chap-secrets >> etc/ppp/demonloginscript >> etc/ppp/dialer >> +#etc/ppp/eaptls-client >> +#etc/ppp/eaptls-server >> etc/ppp/ioptions >> etc/ppp/ip-down >> etc/ppp/ip-up >> @@ -12,6 +14,7 @@ etc/ppp/standardloginscript >> #usr/include/pppd/ccp.h >> #usr/include/pppd/chap-new.h >> #usr/include/pppd/chap_ms.h >> +#usr/include/pppd/eap-tls.h >> #usr/include/pppd/eap.h >> #usr/include/pppd/ecp.h >> #usr/include/pppd/eui64.h >> @@ -23,6 +26,7 @@ etc/ppp/standardloginscript >> #usr/include/pppd/magic.h >> #usr/include/pppd/md4.h >> #usr/include/pppd/md5.h >> +#usr/include/pppd/mppe.h >> #usr/include/pppd/patchlevel.h >> #usr/include/pppd/pathnames.h >> #usr/include/pppd/pppcrypt.h >> @@ -33,18 +37,19 @@ etc/ppp/standardloginscript >> #usr/include/pppd/tdb.h >> #usr/include/pppd/upap.h >> usr/lib/pppd >> -usr/lib/pppd/2.4.8 >> -#usr/lib/pppd/2.4.8/minconn.so >> -#usr/lib/pppd/2.4.8/openl2tp.so >> -#usr/lib/pppd/2.4.8/passprompt.so >> -#usr/lib/pppd/2.4.8/passwordfd.so >> -#usr/lib/pppd/2.4.8/pppoatm.so >> -#usr/lib/pppd/2.4.8/pppol2tp.so >> -#usr/lib/pppd/2.4.8/radattr.so >> -#usr/lib/pppd/2.4.8/radius.so >> -#usr/lib/pppd/2.4.8/radrealms.so >> -#usr/lib/pppd/2.4.8/rp-pppoe.so >> -#usr/lib/pppd/2.4.8/winbind.so >> +usr/lib/pppd/2.4.9 >> +#usr/lib/pppd/2.4.9/minconn.so >> +#usr/lib/pppd/2.4.9/openl2tp.so >> +#usr/lib/pppd/2.4.9/passprompt.so >> +#usr/lib/pppd/2.4.9/passwordfd.so >> +#usr/lib/pppd/2.4.9/pppoatm.so >> +#usr/lib/pppd/2.4.9/pppoe.so >> +#usr/lib/pppd/2.4.9/pppol2tp.so >> +#usr/lib/pppd/2.4.9/radattr.so >> +#usr/lib/pppd/2.4.9/radius.so >> +#usr/lib/pppd/2.4.9/radrealms.so >> +#usr/lib/pppd/2.4.9/rp-pppoe.so >> +#usr/lib/pppd/2.4.9/winbind.so >> usr/sbin/chat >> usr/sbin/pppd >> usr/sbin/pppdump >> diff --git a/lfs/ppp b/lfs/ppp >> index cbac95067..73356b8c4 100644 >> --- a/lfs/ppp >> +++ b/lfs/ppp >> @@ -1,7 +1,7 @@ >> ############################################################################### >> # # >> # IPFire.org - A linux based firewall # >> -# Copyright (C) 2007-2018 IPFire Team # >> +# Copyright (C) 2007-2021 IPFire Team # >> # # >> # This program is free software: you can redistribute it and/or modify # >> # it under the terms of the GNU General Public License as published by # >> @@ -24,12 +24,12 @@ >> >> include Config >> >> -VER = 2.4.8 >> +VER = 2.4.9 >> >> THISAPP = ppp-$(VER) >> DL_FILE = $(THISAPP).tar.gz >> DL_FROM = $(URL_IPFIRE) >> -DIR_APP = $(DIR_SRC)/ppp-$(THISAPP) >> +DIR_APP = $(DIR_SRC)/$(THISAPP) >> TARGET = $(DIR_INFO)/$(THISAPP) >> >> CFLAGS += -fno-strict-aliasing >> @@ -42,7 +42,7 @@ objects = $(DL_FILE) >> >> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >> >> -$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123 >> +$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f >> >> install : $(TARGET) >> >> @@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> @$(PREBUILD) >> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) >> cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h >> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch >> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch >> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch >> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch >> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch >> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch >> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch >> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch >> cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h >> - cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls >> - cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)" >> + cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls >> + cd $(DIR_APP) && make $(MAKETUNING) >> cd $(DIR_APP) && make install >> cd $(DIR_APP) && make install-etcppp >> touch /var/log/connect-errors >> diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch >> deleted file mode 100644 >> index 4a43d444a..000000000 >> --- a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch >> +++ /dev/null >> @@ -1,121 +0,0 @@ >> -From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001 >> -From: Michal Sekletar >> -Date: Fri, 4 Apr 2014 11:29:39 +0200 >> -Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by >> - rpmbuild >> - >> ---- >> - chat/Makefile.linux | 2 +- >> - pppd/Makefile.linux | 3 +-- >> - pppd/plugins/Makefile.linux | 2 +- >> - pppd/plugins/pppoatm/Makefile.linux | 2 +- >> - pppd/plugins/radius/Makefile.linux | 2 +- >> - pppd/plugins/rp-pppoe/Makefile.linux | 2 +- >> - pppdump/Makefile.linux | 2 +- >> - pppstats/Makefile.linux | 2 +- >> - 8 files changed, 8 insertions(+), 9 deletions(-) >> - >> -diff --git a/chat/Makefile.linux b/chat/Makefile.linux >> -index 1065ac5..848cd8d 100644 >> ---- a/chat/Makefile.linux >> -+++ b/chat/Makefile.linux >> -@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function >> - CDEF4= -DFNDELAY=O_NDELAY # Old name value >> - CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) >> - >> --COPTS= -O2 -g -pipe >> -+COPTS= $(RPM_OPT_FLAGS) >> - CFLAGS= $(COPTS) $(CDEFS) >> - >> - INSTALL= install >> -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux >> -index 5a44d30..63872eb 100644 >> ---- a/pppd/Makefile.linux >> -+++ b/pppd/Makefile.linux >> -@@ -32,8 +32,7 @@ endif >> - >> - CC = gcc >> - # >> --COPTS = -O2 -pipe -Wall -g >> --LIBS = >> -+COPTS = -Wall $(RPM_OPT_FLAGS) >> - >> - # Uncomment the next 2 lines to include support for Microsoft's >> - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. >> -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux >> -index 0a7ec7b..e09a369 100644 >> ---- a/pppd/plugins/Makefile.linux >> -+++ b/pppd/plugins/Makefile.linux >> -@@ -1,5 +1,5 @@ >> - #CC = gcc >> --COPTS = -O2 -g >> -+COPTS = $(RPM_OPT_FLAGS) >> - CFLAGS = $(COPTS) -I.. -I../../include -fPIC >> - LDFLAGS = -shared >> - INSTALL = install >> -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux >> -index 20f62e6..5a81447 100644 >> ---- a/pppd/plugins/pppoatm/Makefile.linux >> -+++ b/pppd/plugins/pppoatm/Makefile.linux >> -@@ -1,5 +1,5 @@ >> - #CC = gcc >> --COPTS = -O2 -g >> -+COPTS = $(RPM_OPT_FLAGS) >> - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC >> - LDFLAGS = -shared >> - INSTALL = install >> -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux >> -index 24ed3e5..45b3b8d 100644 >> ---- a/pppd/plugins/radius/Makefile.linux >> -+++ b/pppd/plugins/radius/Makefile.linux >> -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) >> - INSTALL = install >> - >> - PLUGIN=radius.so radattr.so radrealms.so >> --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON >> -+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON >> - >> - # Uncomment the next line to include support for Microsoft's >> - # MS-CHAP authentication protocol. >> -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux >> -index 5d7a271..352991a 100644 >> ---- a/pppd/plugins/rp-pppoe/Makefile.linux >> -+++ b/pppd/plugins/rp-pppoe/Makefile.linux >> -@@ -25,7 +25,7 @@ INSTALL = install >> - # Version is set ONLY IN THE MAKEFILE! Don't delete this! >> - RP_VERSION=3.8p >> - >> --COPTS=-O2 -g >> -+COPTS=$(RPM_OPT_FLAGS) >> - CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' >> - all: rp-pppoe.so pppoe-discovery >> - >> -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux >> -index ac028f6..d0a5032 100644 >> ---- a/pppdump/Makefile.linux >> -+++ b/pppdump/Makefile.linux >> -@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ >> - BINDIR = $(DESTDIR)/sbin >> - MANDIR = $(DESTDIR)/share/man/man8 >> - >> --CFLAGS= -O -I../include/net >> -+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net >> - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o >> - >> - INSTALL= install >> -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux >> -index cca6f0f..42aba73 100644 >> ---- a/pppstats/Makefile.linux >> -+++ b/pppstats/Makefile.linux >> -@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c >> - PPPSTATOBJS = pppstats.o >> - >> - #CC = gcc >> --COPTS = -O >> -+COPTS = $(RPM_OPT_FLAGS) >> - COMPILE_FLAGS = -I../include >> - LIBS = >> - >> --- >> -1.8.3.1 >> - >> diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch >> index 2513021b2..792d1c42f 100644 >> --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch >> +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch >> @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644 >> free(path); >> errno = err; >> diff --git a/pppd/main.c b/pppd/main.c >> -index 6d50d1b..4880377 100644 >> +index 87a5d29..152e4a2 100644 >> --- a/pppd/main.c >> +++ b/pppd/main.c >> -@@ -420,7 +420,7 @@ main(argc, argv) >> +@@ -400,7 +400,7 @@ main(int argc, char *argv[]) >> die(0); >> >> /* Make sure fds 0, 1, 2 are open to somewhere. */ >> @@ -39,11 +39,11 @@ index 6d50d1b..4880377 100644 >> if (fd_devnull < 0) >> fatal("Couldn't open %s: %m", _PATH_DEVNULL); >> while (fd_devnull <= 2) { >> -@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait) >> +@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait) >> if (log_to_fd >= 0) >> errfd = log_to_fd; >> else >> -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); >> +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); >> + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600); >> >> ++conn_running; >> diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch >> index 3475f09a8..fffda981d 100644 >> --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch >> +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch >> @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket >> pppd/plugins/pppoatm/pppoatm.c | 2 +- >> pppd/plugins/pppol2tp/openl2tp.c | 2 +- >> pppd/plugins/pppol2tp/pppol2tp.c | 2 +- >> - pppd/plugins/rp-pppoe/if.c | 2 +- >> - pppd/plugins/rp-pppoe/plugin.c | 6 +++--- >> - pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +- >> + pppd/plugins/pppoe/if.c | 2 +- >> + pppd/plugins/pppoe/plugin.c | 6 +++--- >> + pppd/plugins/pppoe/pppoe-discovery.c | 2 +- >> pppd/sys-linux.c | 10 +++++----- >> pppd/tty.c | 2 +- >> 8 files changed, 14 insertions(+), 14 deletions(-) >> @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644 >> if (fd >= 0) { >> memset (&ifr, '\0', sizeof (ifr)); >> strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); >> -diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c >> +diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c >> index 91e9a57..72aba41 100644 >> ---- a/pppd/plugins/rp-pppoe/if.c >> -+++ b/pppd/plugins/rp-pppoe/if.c >> +--- a/pppd/plugins/pppoe/if.c >> ++++ b/pppd/plugins/pppoe/if.c >> @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) >> stype = SOCK_PACKET; >> #endif >> @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644 >> /* Give a more helpful message for the common error case */ >> if (errno == EPERM) { >> fatal("Cannot create raw socket -- pppoe must be run as root."); >> -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c >> +diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c >> index a8c2bb4..24bdf8f 100644 >> ---- a/pppd/plugins/rp-pppoe/plugin.c >> -+++ b/pppd/plugins/rp-pppoe/plugin.c >> +--- a/pppd/plugins/pppoe/plugin.c >> ++++ b/pppd/plugins/pppoe/plugin.c >> @@ -137,7 +137,7 @@ PPPOEConnectDevice(void) >> /* server equipment). */ >> /* Opening this socket just before waitForPADS in the discovery() */ >> @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644 >> r = 0; >> } >> >> -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c >> +diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c >> index 3d3bf4e..c0d927d 100644 >> ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c >> -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c >> +--- a/pppd/plugins/pppoe/pppoe-discovery.c >> ++++ b/pppd/plugins/pppoe/pppoe-discovery.c >> @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) >> stype = SOCK_PACKET; >> #endif >> @@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644 >> if (s < 0) >> return 0; >> >> -@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64) >> - int skfd; >> - const unsigned char *ptr; >> - >> -- skfd = socket(PF_INET6, SOCK_DGRAM, 0); >> -+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); >> - if(skfd == -1) >> - { >> - warn("could not open IPv6 socket"); >> diff --git a/pppd/tty.c b/pppd/tty.c >> index bc96695..8e76a5d 100644 >> --- a/pppd/tty.c >> diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch >> index 5127c1f10..1b36e8369 100644 >> --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch >> +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch >> @@ -1,7 +1,7 @@ >> -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h >> +diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h >> index 9ab2eee..86762bd 100644 >> ---- a/pppd/plugins/rp-pppoe/pppoe.h >> -+++ b/pppd/plugins/rp-pppoe/pppoe.h >> +--- a/pppd/plugins/pppoe/pppoe.h >> ++++ b/pppd/plugins/pppoe/pppoe.h >> @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session; >> #define STATE_TERMINATED 4 >> >> diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch >> index 633eb045a..686db9204 100644 >> --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch >> +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch >> @@ -1,6 +1,6 @@ >> -diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c >> ---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 >> -+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 >> +diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c >> +--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 >> ++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 >> @@ -49,6 +49,8 @@ >> #include >> #include >> diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch >> deleted file mode 100644 >> index 858769f48..000000000 >> --- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch >> +++ /dev/null >> @@ -1,35 +0,0 @@ >> -commit 8d7970b8f3db727fe798b65f3377fe6787575426 >> -Author: Paul Mackerras >> -Date: Mon Feb 3 15:53:28 2020 +1100 >> - >> - pppd: Fix bounds check in EAP code >> - >> - Given that we have just checked vallen < len, it can never be the case >> - that vallen >= len + sizeof(rhostname). This fixes the check so we >> - actually avoid overflowing the rhostname array. >> - >> - Reported-by: Ilja Van Sprundel >> - Signed-off-by: Paul Mackerras >> - >> -diff --git a/pppd/eap.c b/pppd/eap.c >> -index 94407f5..1b93db0 100644 >> ---- a/pppd/eap.c >> -+++ b/pppd/eap.c >> -@@ -1420,7 +1420,7 @@ int len; >> - } >> - >> - /* Not so likely to happen. */ >> -- if (vallen >= len + sizeof (rhostname)) { >> -+ if (len - vallen >= sizeof (rhostname)) { >> - dbglog("EAP: trimming really long peer name down"); >> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); >> - rhostname[sizeof (rhostname) - 1] = '\0'; >> -@@ -1846,7 +1846,7 @@ int len; >> - } >> - >> - /* Not so likely to happen. */ >> -- if (vallen >= len + sizeof (rhostname)) { >> -+ if (len - vallen >= sizeof (rhostname)) { >> - dbglog("EAP: trimming really long peer name down"); >> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); >> - rhostname[sizeof (rhostname) - 1] = '\0'; >> diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch >> new file mode 100644 >> index 000000000..b36ace192 >> --- /dev/null >> +++ b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch >> @@ -0,0 +1,15 @@ >> +--- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200 >> ++++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200 >> +@@ -121,9 +121,9 @@ >> + rm -f $2 >> + if [ -f $1 ]; then >> + echo " $2 <= $1" >> +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ >> +- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ >> +- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 >> ++ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \ >> ++ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \ >> ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2 >> + fi >> + } >> + >>