Hello development folks, I am currently observing some strange memory allocation behaviour with ppp 2.4.9, especially after multiple (> 1k) reconnects using CHAP. Since I am not sure whether I messed up a patch or this is caused by upstream code, I currently advise against merging this patch. Further information will be added here as soon as available. Thanks, and best regards, Peter Müller > This is the first ppp release for years, and the project appears to have > a different maintainer (team?) by now. As a result, some of our patches > are no longer necessary as they made it into upstream, while others need > to be adjusted slightly. > > In addition, their configure script does not handle commas in CFLAGS > properly, which is why the delimiter for the 'sed' call in it has to be > changed to something neither appearing in a path nor in our CLFAGS set. > > The full changelog of this release can be retrieved from > https://ppp.samba.org/README.html and says: > > * Support for new EAP (Extensible Authentication Protocol) methods: > - Support for EAP-TLS, from Jan Just Keijser and others > - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs > Van Buggenhout and others > > * New pppd options: > - chap-timeout > - chapms-strip-domain > - replacedefaultroute > - noreplacedefaultroute > - ipv6cp-accept-remote > - lcp-echo-adaptive > - ip-up-script > - ip-down-script > - ca > - capath > - cert > - key > - crl-dir > - crl > - max-tls-version > - need-peer-eap > > * Fixes for CVE-2020-8597 and CVE-2015-3310. > > * libpcap is now required when compiling on Linux (previously, if > libpcap was not present, pppd would be compiled without packet > filtering support). > > * The rp-pppoe plugin has been renamed to pppoe, to distinguish it > from the upstream rp-pppoe code. Its options have changed names, > but the old names are kept as aliases. > > * The configure script now supports cross-compilation. > > * Many bug fixes and cleanups. > > Thanks to Michael for his hint on the ./configure CFLAGS issue. > > Signed-off-by: Peter Müller > --- > config/rootfiles/common/ppp | 29 +++-- > lfs/ppp | 15 +-- > ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------ > .../0013-everywhere-O_CLOEXEC-harder.patch | 8 +- > ...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 ++--- > ...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +- > src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +- > ....8-pppd-fix-bounds-check-in-eap-code.patch | 35 ----- > ...-configure-to-handle-cflags-properly.patch | 15 +++ > 9 files changed, 61 insertions(+), 207 deletions(-) > delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch > delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch > create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch > > diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp > index f1f4f88f2..8d0af69c4 100644 > --- a/config/rootfiles/common/ppp > +++ b/config/rootfiles/common/ppp > @@ -2,6 +2,8 @@ > etc/ppp/chap-secrets > etc/ppp/demonloginscript > etc/ppp/dialer > +#etc/ppp/eaptls-client > +#etc/ppp/eaptls-server > etc/ppp/ioptions > etc/ppp/ip-down > etc/ppp/ip-up > @@ -12,6 +14,7 @@ etc/ppp/standardloginscript > #usr/include/pppd/ccp.h > #usr/include/pppd/chap-new.h > #usr/include/pppd/chap_ms.h > +#usr/include/pppd/eap-tls.h > #usr/include/pppd/eap.h > #usr/include/pppd/ecp.h > #usr/include/pppd/eui64.h > @@ -23,6 +26,7 @@ etc/ppp/standardloginscript > #usr/include/pppd/magic.h > #usr/include/pppd/md4.h > #usr/include/pppd/md5.h > +#usr/include/pppd/mppe.h > #usr/include/pppd/patchlevel.h > #usr/include/pppd/pathnames.h > #usr/include/pppd/pppcrypt.h > @@ -33,18 +37,19 @@ etc/ppp/standardloginscript > #usr/include/pppd/tdb.h > #usr/include/pppd/upap.h > usr/lib/pppd > -usr/lib/pppd/2.4.8 > -#usr/lib/pppd/2.4.8/minconn.so > -#usr/lib/pppd/2.4.8/openl2tp.so > -#usr/lib/pppd/2.4.8/passprompt.so > -#usr/lib/pppd/2.4.8/passwordfd.so > -#usr/lib/pppd/2.4.8/pppoatm.so > -#usr/lib/pppd/2.4.8/pppol2tp.so > -#usr/lib/pppd/2.4.8/radattr.so > -#usr/lib/pppd/2.4.8/radius.so > -#usr/lib/pppd/2.4.8/radrealms.so > -#usr/lib/pppd/2.4.8/rp-pppoe.so > -#usr/lib/pppd/2.4.8/winbind.so > +usr/lib/pppd/2.4.9 > +#usr/lib/pppd/2.4.9/minconn.so > +#usr/lib/pppd/2.4.9/openl2tp.so > +#usr/lib/pppd/2.4.9/passprompt.so > +#usr/lib/pppd/2.4.9/passwordfd.so > +#usr/lib/pppd/2.4.9/pppoatm.so > +#usr/lib/pppd/2.4.9/pppoe.so > +#usr/lib/pppd/2.4.9/pppol2tp.so > +#usr/lib/pppd/2.4.9/radattr.so > +#usr/lib/pppd/2.4.9/radius.so > +#usr/lib/pppd/2.4.9/radrealms.so > +#usr/lib/pppd/2.4.9/rp-pppoe.so > +#usr/lib/pppd/2.4.9/winbind.so > usr/sbin/chat > usr/sbin/pppd > usr/sbin/pppdump > diff --git a/lfs/ppp b/lfs/ppp > index cbac95067..73356b8c4 100644 > --- a/lfs/ppp > +++ b/lfs/ppp > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2018 IPFire Team # > +# Copyright (C) 2007-2021 IPFire Team # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -24,12 +24,12 @@ > > include Config > > -VER = 2.4.8 > +VER = 2.4.9 > > THISAPP = ppp-$(VER) > DL_FILE = $(THISAPP).tar.gz > DL_FROM = $(URL_IPFIRE) > -DIR_APP = $(DIR_SRC)/ppp-$(THISAPP) > +DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > > CFLAGS += -fno-strict-aliasing > @@ -42,7 +42,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123 > +$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f > > install : $(TARGET) > > @@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @$(PREBUILD) > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) > cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h > - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch > cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch > cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch > cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch > cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch > cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch > - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch > + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch > cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h > - cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls > - cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)" > + cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls > + cd $(DIR_APP) && make $(MAKETUNING) > cd $(DIR_APP) && make install > cd $(DIR_APP) && make install-etcppp > touch /var/log/connect-errors > diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch > deleted file mode 100644 > index 4a43d444a..000000000 > --- a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch > +++ /dev/null > @@ -1,121 +0,0 @@ > -From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001 > -From: Michal Sekletar > -Date: Fri, 4 Apr 2014 11:29:39 +0200 > -Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by > - rpmbuild > - > ---- > - chat/Makefile.linux | 2 +- > - pppd/Makefile.linux | 3 +-- > - pppd/plugins/Makefile.linux | 2 +- > - pppd/plugins/pppoatm/Makefile.linux | 2 +- > - pppd/plugins/radius/Makefile.linux | 2 +- > - pppd/plugins/rp-pppoe/Makefile.linux | 2 +- > - pppdump/Makefile.linux | 2 +- > - pppstats/Makefile.linux | 2 +- > - 8 files changed, 8 insertions(+), 9 deletions(-) > - > -diff --git a/chat/Makefile.linux b/chat/Makefile.linux > -index 1065ac5..848cd8d 100644 > ---- a/chat/Makefile.linux > -+++ b/chat/Makefile.linux > -@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function > - CDEF4= -DFNDELAY=O_NDELAY # Old name value > - CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) > - > --COPTS= -O2 -g -pipe > -+COPTS= $(RPM_OPT_FLAGS) > - CFLAGS= $(COPTS) $(CDEFS) > - > - INSTALL= install > -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux > -index 5a44d30..63872eb 100644 > ---- a/pppd/Makefile.linux > -+++ b/pppd/Makefile.linux > -@@ -32,8 +32,7 @@ endif > - > - CC = gcc > - # > --COPTS = -O2 -pipe -Wall -g > --LIBS = > -+COPTS = -Wall $(RPM_OPT_FLAGS) > - > - # Uncomment the next 2 lines to include support for Microsoft's > - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. > -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux > -index 0a7ec7b..e09a369 100644 > ---- a/pppd/plugins/Makefile.linux > -+++ b/pppd/plugins/Makefile.linux > -@@ -1,5 +1,5 @@ > - #CC = gcc > --COPTS = -O2 -g > -+COPTS = $(RPM_OPT_FLAGS) > - CFLAGS = $(COPTS) -I.. -I../../include -fPIC > - LDFLAGS = -shared > - INSTALL = install > -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux > -index 20f62e6..5a81447 100644 > ---- a/pppd/plugins/pppoatm/Makefile.linux > -+++ b/pppd/plugins/pppoatm/Makefile.linux > -@@ -1,5 +1,5 @@ > - #CC = gcc > --COPTS = -O2 -g > -+COPTS = $(RPM_OPT_FLAGS) > - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC > - LDFLAGS = -shared > - INSTALL = install > -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux > -index 24ed3e5..45b3b8d 100644 > ---- a/pppd/plugins/radius/Makefile.linux > -+++ b/pppd/plugins/radius/Makefile.linux > -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) > - INSTALL = install > - > - PLUGIN=radius.so radattr.so radrealms.so > --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON > -+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON > - > - # Uncomment the next line to include support for Microsoft's > - # MS-CHAP authentication protocol. > -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux > -index 5d7a271..352991a 100644 > ---- a/pppd/plugins/rp-pppoe/Makefile.linux > -+++ b/pppd/plugins/rp-pppoe/Makefile.linux > -@@ -25,7 +25,7 @@ INSTALL = install > - # Version is set ONLY IN THE MAKEFILE! Don't delete this! > - RP_VERSION=3.8p > - > --COPTS=-O2 -g > -+COPTS=$(RPM_OPT_FLAGS) > - CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' > - all: rp-pppoe.so pppoe-discovery > - > -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux > -index ac028f6..d0a5032 100644 > ---- a/pppdump/Makefile.linux > -+++ b/pppdump/Makefile.linux > -@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ > - BINDIR = $(DESTDIR)/sbin > - MANDIR = $(DESTDIR)/share/man/man8 > - > --CFLAGS= -O -I../include/net > -+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net > - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o > - > - INSTALL= install > -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux > -index cca6f0f..42aba73 100644 > ---- a/pppstats/Makefile.linux > -+++ b/pppstats/Makefile.linux > -@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c > - PPPSTATOBJS = pppstats.o > - > - #CC = gcc > --COPTS = -O > -+COPTS = $(RPM_OPT_FLAGS) > - COMPILE_FLAGS = -I../include > - LIBS = > - > --- > -1.8.3.1 > - > diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch > index 2513021b2..792d1c42f 100644 > --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch > +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch > @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644 > free(path); > errno = err; > diff --git a/pppd/main.c b/pppd/main.c > -index 6d50d1b..4880377 100644 > +index 87a5d29..152e4a2 100644 > --- a/pppd/main.c > +++ b/pppd/main.c > -@@ -420,7 +420,7 @@ main(argc, argv) > +@@ -400,7 +400,7 @@ main(int argc, char *argv[]) > die(0); > > /* Make sure fds 0, 1, 2 are open to somewhere. */ > @@ -39,11 +39,11 @@ index 6d50d1b..4880377 100644 > if (fd_devnull < 0) > fatal("Couldn't open %s: %m", _PATH_DEVNULL); > while (fd_devnull <= 2) { > -@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait) > +@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait) > if (log_to_fd >= 0) > errfd = log_to_fd; > else > -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); > +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); > + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600); > > ++conn_running; > diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch > index 3475f09a8..fffda981d 100644 > --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch > +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch > @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket > pppd/plugins/pppoatm/pppoatm.c | 2 +- > pppd/plugins/pppol2tp/openl2tp.c | 2 +- > pppd/plugins/pppol2tp/pppol2tp.c | 2 +- > - pppd/plugins/rp-pppoe/if.c | 2 +- > - pppd/plugins/rp-pppoe/plugin.c | 6 +++--- > - pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +- > + pppd/plugins/pppoe/if.c | 2 +- > + pppd/plugins/pppoe/plugin.c | 6 +++--- > + pppd/plugins/pppoe/pppoe-discovery.c | 2 +- > pppd/sys-linux.c | 10 +++++----- > pppd/tty.c | 2 +- > 8 files changed, 14 insertions(+), 14 deletions(-) > @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644 > if (fd >= 0) { > memset (&ifr, '\0', sizeof (ifr)); > strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); > -diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c > +diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c > index 91e9a57..72aba41 100644 > ---- a/pppd/plugins/rp-pppoe/if.c > -+++ b/pppd/plugins/rp-pppoe/if.c > +--- a/pppd/plugins/pppoe/if.c > ++++ b/pppd/plugins/pppoe/if.c > @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) > stype = SOCK_PACKET; > #endif > @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644 > /* Give a more helpful message for the common error case */ > if (errno == EPERM) { > fatal("Cannot create raw socket -- pppoe must be run as root."); > -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c > +diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c > index a8c2bb4..24bdf8f 100644 > ---- a/pppd/plugins/rp-pppoe/plugin.c > -+++ b/pppd/plugins/rp-pppoe/plugin.c > +--- a/pppd/plugins/pppoe/plugin.c > ++++ b/pppd/plugins/pppoe/plugin.c > @@ -137,7 +137,7 @@ PPPOEConnectDevice(void) > /* server equipment). */ > /* Opening this socket just before waitForPADS in the discovery() */ > @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644 > r = 0; > } > > -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c > +diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c > index 3d3bf4e..c0d927d 100644 > ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c > -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c > +--- a/pppd/plugins/pppoe/pppoe-discovery.c > ++++ b/pppd/plugins/pppoe/pppoe-discovery.c > @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) > stype = SOCK_PACKET; > #endif > @@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644 > if (s < 0) > return 0; > > -@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64) > - int skfd; > - const unsigned char *ptr; > - > -- skfd = socket(PF_INET6, SOCK_DGRAM, 0); > -+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); > - if(skfd == -1) > - { > - warn("could not open IPv6 socket"); > diff --git a/pppd/tty.c b/pppd/tty.c > index bc96695..8e76a5d 100644 > --- a/pppd/tty.c > diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch > index 5127c1f10..1b36e8369 100644 > --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch > +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch > @@ -1,7 +1,7 @@ > -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h > +diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h > index 9ab2eee..86762bd 100644 > ---- a/pppd/plugins/rp-pppoe/pppoe.h > -+++ b/pppd/plugins/rp-pppoe/pppoe.h > +--- a/pppd/plugins/pppoe/pppoe.h > ++++ b/pppd/plugins/pppoe/pppoe.h > @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session; > #define STATE_TERMINATED 4 > > diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch > index 633eb045a..686db9204 100644 > --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch > +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch > @@ -1,6 +1,6 @@ > -diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c > ---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 > -+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 > +diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c > +--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 > ++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 > @@ -49,6 +49,8 @@ > #include > #include > diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch > deleted file mode 100644 > index 858769f48..000000000 > --- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch > +++ /dev/null > @@ -1,35 +0,0 @@ > -commit 8d7970b8f3db727fe798b65f3377fe6787575426 > -Author: Paul Mackerras > -Date: Mon Feb 3 15:53:28 2020 +1100 > - > - pppd: Fix bounds check in EAP code > - > - Given that we have just checked vallen < len, it can never be the case > - that vallen >= len + sizeof(rhostname). This fixes the check so we > - actually avoid overflowing the rhostname array. > - > - Reported-by: Ilja Van Sprundel > - Signed-off-by: Paul Mackerras > - > -diff --git a/pppd/eap.c b/pppd/eap.c > -index 94407f5..1b93db0 100644 > ---- a/pppd/eap.c > -+++ b/pppd/eap.c > -@@ -1420,7 +1420,7 @@ int len; > - } > - > - /* Not so likely to happen. */ > -- if (vallen >= len + sizeof (rhostname)) { > -+ if (len - vallen >= sizeof (rhostname)) { > - dbglog("EAP: trimming really long peer name down"); > - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); > - rhostname[sizeof (rhostname) - 1] = '\0'; > -@@ -1846,7 +1846,7 @@ int len; > - } > - > - /* Not so likely to happen. */ > -- if (vallen >= len + sizeof (rhostname)) { > -+ if (len - vallen >= sizeof (rhostname)) { > - dbglog("EAP: trimming really long peer name down"); > - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); > - rhostname[sizeof (rhostname) - 1] = '\0'; > diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch > new file mode 100644 > index 000000000..b36ace192 > --- /dev/null > +++ b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch > @@ -0,0 +1,15 @@ > +--- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200 > ++++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200 > +@@ -121,9 +121,9 @@ > + rm -f $2 > + if [ -f $1 ]; then > + echo " $2 <= $1" > +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ > +- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ > +- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 > ++ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \ > ++ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \ > ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2 > + fi > + } > + >