Re: work in progress: ppp 2.4.9

Re: work in progress: ppp 2.4.9

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 782 bytes --]

Hello,

It seems that a new maintainer has taken over pppd and started with merging many upstream patches that various distributions have been carrying around with them for a long time.

All patches currently in next are security stuff and no functionality. It might not be bad if this patch does not apply exactly if the new maintainer(s) found a different solution.

I believe some of the patches are rather hacky.

Best,
-Michael

> On 31 Mar 2021, at 18:01, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> Hello development folks,
> 
> for your information: I am currently working on ppp 2.4.9, which turns out to be rather
> tricky as many of our patches won't apply and/or are not necessary anymore.
> 
> Thanks, and best regards,
> Peter Müller

Re: work in progress: ppp 2.4.9

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 3551 bytes --]

Hello Michael,
hello *,

yes, and this is certainly a good sign in terms of security. :-)

Some of these patches are indeed not necessary anymore, but the majority still is.

However, compiling ppp 2.4.9 fails since it does not find its own libraries included:

> make[2]: Entering directory '/usr/src/ppp-2.4.9/pppd/plugins'
> make[2]: warning: -jN forced in submake: disabling jobserver mode.
> gcc -o minconn.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing minconn.c
> gcc -o passprompt.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing passprompt.c
> gcc -o passwordfd.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing passwordfd.c
> gcc -o winbind.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing winbind.c
> minconn.c:37:10: fatal error: pppd.h: No such file or directory
>    37 | #include "pppd.h"
>       |          ^~~~~~~~
> compilation terminated.
> make[2]: *** [Makefile:38: minconn.so] Error 1
> make[2]: *** Waiting for unfinished jobs....
> passprompt.c:15:10: fatal error: pppd.h: No such file or directory
>    15 | #include "pppd.h"
>       |          ^~~~~~~~
> compilation terminated.
> make[2]: *** [Makefile:38: passprompt.so] Error 1
> winbind.c:37:10: fatal error: pppd.h: No such file or directory
>    37 | #include "pppd.h"
>       |          ^~~~~~~~
> compilation terminated.
> passwordfd.c:15:10: fatal error: pppd.h: No such file or directory
>    15 | #include "pppd.h"
>       |          ^~~~~~~~
> compilation terminated.
> make[2]: *** [Makefile:38: winbind.so] Error 1
> make[2]: *** [Makefile:38: passwordfd.so] Error 1
> make[2]: Leaving directory '/usr/src/ppp-2.4.9/pppd/plugins'
> make[1]: *** [Makefile:14: all] Error 2
> make[1]: Leaving directory '/usr/src/ppp-2.4.9'
> make: *** [ppp:83: /usr/src/log/ppp-2.4.9] Error 2

Since I never experienced the need to fix something like this for IPFire, I am a bit
unsure what the projects' convention says in this case. Passing these directories via
the CFLAGS ("-I /usr/src/ppp-2.4.9/") seems ugly to me.

What do we do in this case? :-)

Thanks, and best regards,
Peter Müller

> Hello,
> 
> It seems that a new maintainer has taken over pppd and started with merging many upstream patches that various distributions have been carrying around with them for a long time.
> 
> All patches currently in next are security stuff and no functionality. It might not be bad if this patch does not apply exactly if the new maintainer(s) found a different solution.
> 
> I believe some of the patches are rather hacky.
> 
> Best,
> -Michael
> 
>> On 31 Mar 2021, at 18:01, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>
>> Hello development folks,
>>
>> for your information: I am currently working on ppp 2.4.9, which turns out to be rather
>> tricky as many of our patches won't apply and/or are not necessary anymore.
>>
>> Thanks, and best regards,
>> Peter Müller
> 

Re: work in progress: ppp 2.4.9

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 3854 bytes --]

It looks like you are shaving off their own CFLAGS.

Are you passing them to make? Maybe try their configure script.

-Michael

> On 1 Apr 2021, at 17:34, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> Hello Michael,
> hello *,
> 
> yes, and this is certainly a good sign in terms of security. :-)
> 
> Some of these patches are indeed not necessary anymore, but the majority still is.
> 
> However, compiling ppp 2.4.9 fails since it does not find its own libraries included:
> 
>> make[2]: Entering directory '/usr/src/ppp-2.4.9/pppd/plugins'
>> make[2]: warning: -jN forced in submake: disabling jobserver mode.
>> gcc -o minconn.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing minconn.c
>> gcc -o passprompt.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing passprompt.c
>> gcc -o passwordfd.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing passwordfd.c
>> gcc -o winbind.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing winbind.c
>> minconn.c:37:10: fatal error: pppd.h: No such file or directory
>>   37 | #include "pppd.h"
>>      |          ^~~~~~~~
>> compilation terminated.
>> make[2]: *** [Makefile:38: minconn.so] Error 1
>> make[2]: *** Waiting for unfinished jobs....
>> passprompt.c:15:10: fatal error: pppd.h: No such file or directory
>>   15 | #include "pppd.h"
>>      |          ^~~~~~~~
>> compilation terminated.
>> make[2]: *** [Makefile:38: passprompt.so] Error 1
>> winbind.c:37:10: fatal error: pppd.h: No such file or directory
>>   37 | #include "pppd.h"
>>      |          ^~~~~~~~
>> compilation terminated.
>> passwordfd.c:15:10: fatal error: pppd.h: No such file or directory
>>   15 | #include "pppd.h"
>>      |          ^~~~~~~~
>> compilation terminated.
>> make[2]: *** [Makefile:38: winbind.so] Error 1
>> make[2]: *** [Makefile:38: passwordfd.so] Error 1
>> make[2]: Leaving directory '/usr/src/ppp-2.4.9/pppd/plugins'
>> make[1]: *** [Makefile:14: all] Error 2
>> make[1]: Leaving directory '/usr/src/ppp-2.4.9'
>> make: *** [ppp:83: /usr/src/log/ppp-2.4.9] Error 2
> 
> Since I never experienced the need to fix something like this for IPFire, I am a bit
> unsure what the projects' convention says in this case. Passing these directories via
> the CFLAGS ("-I /usr/src/ppp-2.4.9/") seems ugly to me.
> 
> What do we do in this case? :-)
> 
> Thanks, and best regards,
> Peter Müller
> 
>> Hello,
>> 
>> It seems that a new maintainer has taken over pppd and started with merging many upstream patches that various distributions have been carrying around with them for a long time.
>> 
>> All patches currently in next are security stuff and no functionality. It might not be bad if this patch does not apply exactly if the new maintainer(s) found a different solution.
>> 
>> I believe some of the patches are rather hacky.
>> 
>> Best,
>> -Michael
>> 
>>> On 31 Mar 2021, at 18:01, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>> 
>>> Hello development folks,
>>> 
>>> for your information: I am currently working on ppp 2.4.9, which turns out to be rather
>>> tricky as many of our patches won't apply and/or are not necessary anymore.
>>> 
>>> Thanks, and best regards,
>>> Peter Müller
>> 

Re: work in progress: ppp 2.4.9

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 6075 bytes --]

Hello Michael,

thanks for your reply.

Yes, their configure script meanwhile is capable of handling CFLAGS. However, they fail to process commas
in them properly:

> cd /usr/src/ppp-2.4.9 && ./configure --prefix=/usr --cc="gcc" --cflags="-O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing" --disable-nls
> Configuring for Linux
> Creating Makefiles.
>   Makefile <= linux/Makefile.top
> sed: -e expression #5, char 112: unknown option to `s'
>   pppd/Makefile <= pppd/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
>   pppstats/Makefile <= pppstats/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
>   chat/Makefile <= chat/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
>   pppdump/Makefile <= pppdump/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
>   pppd/plugins/Makefile <= pppd/plugins/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
>   pppd/plugins/pppoe/Makefile <= pppd/plugins/pppoe/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
>   pppd/plugins/radius/Makefile <= pppd/plugins/radius/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
>   pppd/plugins/pppoatm/Makefile <= pppd/plugins/pppoatm/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
>   pppd/plugins/pppol2tp/Makefile <= pppd/plugins/pppol2tp/Makefile.linux
> sed: -e expression #5, char 112: unknown option to `s'
> cd /usr/src/ppp-2.4.9 && make -j5
> make[1]: Entering directory '/usr/src/ppp-2.4.9'
> make[1]: *** No targets.  Stop.
> make[1]: Leaving directory '/usr/src/ppp-2.4.9'
> make: *** [ppp:83: /usr/src/log/ppp-2.4.9] Error 2

I guess I will either have to escape "-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS" to
"-Wp\,-D_FORTIFY_SOURCE=2 -Wp\,-D_GLIBCXX_ASSERTIONS" (tested, works) and/or patch their configure script.

What do you think?

Thanks, and best regards,
Peter Müller


> It looks like you are shaving off their own CFLAGS.
> 
> Are you passing them to make? Maybe try their configure script.
> 
> -Michael
> 
>> On 1 Apr 2021, at 17:34, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>
>> Hello Michael,
>> hello *,
>>
>> yes, and this is certainly a good sign in terms of security. :-)
>>
>> Some of these patches are indeed not necessary anymore, but the majority still is.
>>
>> However, compiling ppp 2.4.9 fails since it does not find its own libraries included:
>>
>>> make[2]: Entering directory '/usr/src/ppp-2.4.9/pppd/plugins'
>>> make[2]: warning: -jN forced in submake: disabling jobserver mode.
>>> gcc -o minconn.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing minconn.c
>>> gcc -o passprompt.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing passprompt.c
>>> gcc -o passwordfd.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing passwordfd.c
>>> gcc -o winbind.so  -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing winbind.c
>>> minconn.c:37:10: fatal error: pppd.h: No such file or directory
>>>   37 | #include "pppd.h"
>>>      |          ^~~~~~~~
>>> compilation terminated.
>>> make[2]: *** [Makefile:38: minconn.so] Error 1
>>> make[2]: *** Waiting for unfinished jobs....
>>> passprompt.c:15:10: fatal error: pppd.h: No such file or directory
>>>   15 | #include "pppd.h"
>>>      |          ^~~~~~~~
>>> compilation terminated.
>>> make[2]: *** [Makefile:38: passprompt.so] Error 1
>>> winbind.c:37:10: fatal error: pppd.h: No such file or directory
>>>   37 | #include "pppd.h"
>>>      |          ^~~~~~~~
>>> compilation terminated.
>>> passwordfd.c:15:10: fatal error: pppd.h: No such file or directory
>>>   15 | #include "pppd.h"
>>>      |          ^~~~~~~~
>>> compilation terminated.
>>> make[2]: *** [Makefile:38: winbind.so] Error 1
>>> make[2]: *** [Makefile:38: passwordfd.so] Error 1
>>> make[2]: Leaving directory '/usr/src/ppp-2.4.9/pppd/plugins'
>>> make[1]: *** [Makefile:14: all] Error 2
>>> make[1]: Leaving directory '/usr/src/ppp-2.4.9'
>>> make: *** [ppp:83: /usr/src/log/ppp-2.4.9] Error 2
>>
>> Since I never experienced the need to fix something like this for IPFire, I am a bit
>> unsure what the projects' convention says in this case. Passing these directories via
>> the CFLAGS ("-I /usr/src/ppp-2.4.9/") seems ugly to me.
>>
>> What do we do in this case? :-)
>>
>> Thanks, and best regards,
>> Peter Müller
>>
>>> Hello,
>>>
>>> It seems that a new maintainer has taken over pppd and started with merging many upstream patches that various distributions have been carrying around with them for a long time.
>>>
>>> All patches currently in next are security stuff and no functionality. It might not be bad if this patch does not apply exactly if the new maintainer(s) found a different solution.
>>>
>>> I believe some of the patches are rather hacky.
>>>
>>> Best,
>>> -Michael
>>>
>>>> On 31 Mar 2021, at 18:01, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>>>
>>>> Hello development folks,
>>>>
>>>> for your information: I am currently working on ppp 2.4.9, which turns out to be rather
>>>> tricky as many of our patches won't apply and/or are not necessary anymore.
>>>>
>>>> Thanks, and best regards,
>>>> Peter Müller
>>>
>