Hello Michael,
thanks for your reply.
Yes, their configure script meanwhile is capable of handling CFLAGS. However, they fail to process commas in them properly:
cd /usr/src/ppp-2.4.9 && ./configure --prefix=/usr --cc="gcc" --cflags="-O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing" --disable-nls Configuring for Linux Creating Makefiles. Makefile <= linux/Makefile.top sed: -e expression #5, char 112: unknown option to `s' pppd/Makefile <= pppd/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' pppstats/Makefile <= pppstats/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' chat/Makefile <= chat/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' pppdump/Makefile <= pppdump/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' pppd/plugins/Makefile <= pppd/plugins/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' pppd/plugins/pppoe/Makefile <= pppd/plugins/pppoe/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' pppd/plugins/radius/Makefile <= pppd/plugins/radius/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' pppd/plugins/pppoatm/Makefile <= pppd/plugins/pppoatm/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' pppd/plugins/pppol2tp/Makefile <= pppd/plugins/pppol2tp/Makefile.linux sed: -e expression #5, char 112: unknown option to `s' cd /usr/src/ppp-2.4.9 && make -j5 make[1]: Entering directory '/usr/src/ppp-2.4.9' make[1]: *** No targets. Stop. make[1]: Leaving directory '/usr/src/ppp-2.4.9' make: *** [ppp:83: /usr/src/log/ppp-2.4.9] Error 2
I guess I will either have to escape "-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS" to "-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS" (tested, works) and/or patch their configure script.
What do you think?
Thanks, and best regards, Peter Müller
It looks like you are shaving off their own CFLAGS.
Are you passing them to make? Maybe try their configure script.
-Michael
On 1 Apr 2021, at 17:34, Peter Müller peter.mueller@ipfire.org wrote:
Hello Michael, hello *,
yes, and this is certainly a good sign in terms of security. :-)
Some of these patches are indeed not necessary anymore, but the majority still is.
However, compiling ppp 2.4.9 fails since it does not find its own libraries included:
make[2]: Entering directory '/usr/src/ppp-2.4.9/pppd/plugins' make[2]: warning: -jN forced in submake: disabling jobserver mode. gcc -o minconn.so -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing minconn.c gcc -o passprompt.so -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing passprompt.c gcc -o passwordfd.so -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing passwordfd.c gcc -o winbind.so -shared -O2 -pipe -Wall -fexceptions -fPIC -m64 -mtune=generic -fstack-clash-protection -fcf-protection -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fno-strict-aliasing winbind.c minconn.c:37:10: fatal error: pppd.h: No such file or directory 37 | #include "pppd.h" | ^~~~~~~~ compilation terminated. make[2]: *** [Makefile:38: minconn.so] Error 1 make[2]: *** Waiting for unfinished jobs.... passprompt.c:15:10: fatal error: pppd.h: No such file or directory 15 | #include "pppd.h" | ^~~~~~~~ compilation terminated. make[2]: *** [Makefile:38: passprompt.so] Error 1 winbind.c:37:10: fatal error: pppd.h: No such file or directory 37 | #include "pppd.h" | ^~~~~~~~ compilation terminated. passwordfd.c:15:10: fatal error: pppd.h: No such file or directory 15 | #include "pppd.h" | ^~~~~~~~ compilation terminated. make[2]: *** [Makefile:38: winbind.so] Error 1 make[2]: *** [Makefile:38: passwordfd.so] Error 1 make[2]: Leaving directory '/usr/src/ppp-2.4.9/pppd/plugins' make[1]: *** [Makefile:14: all] Error 2 make[1]: Leaving directory '/usr/src/ppp-2.4.9' make: *** [ppp:83: /usr/src/log/ppp-2.4.9] Error 2
Since I never experienced the need to fix something like this for IPFire, I am a bit unsure what the projects' convention says in this case. Passing these directories via the CFLAGS ("-I /usr/src/ppp-2.4.9/") seems ugly to me.
What do we do in this case? :-)
Thanks, and best regards, Peter Müller
Hello,
It seems that a new maintainer has taken over pppd and started with merging many upstream patches that various distributions have been carrying around with them for a long time.
All patches currently in next are security stuff and no functionality. It might not be bad if this patch does not apply exactly if the new maintainer(s) found a different solution.
I believe some of the patches are rather hacky.
Best, -Michael
On 31 Mar 2021, at 18:01, Peter Müller peter.mueller@ipfire.org wrote:
Hello development folks,
for your information: I am currently working on ppp 2.4.9, which turns out to be rather tricky as many of our patches won't apply and/or are not necessary anymore.
Thanks, and best regards, Peter Müller