This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 2f847b3213156ea0ee5cd92be9812de089285c86 (commit) via 0803c50f76e0b43f91ee6b6b3863684ad4cfa073 (commit) via 1eac1190d8850a4013b0f8917a243685778de59f (commit) via 27a3ef9834eed9d17e89b7751823998bf309a1f5 (commit) from ff8ce0d7627e783429099a63f1cb8dbb01ff6ffb (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2f847b3213156ea0ee5cd92be9812de089285c86 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 7 14:13:30 2023 +0000
core178: Ship updated RED network init script
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0803c50f76e0b43f91ee6b6b3863684ad4cfa073 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Jul 4 11:04:46 2023 +0200
red: Fixes bug#13164 adjust pppoe plugin name in red initscript
- This patch goes together with the patch for the ppp update to 2.5.0 - The rp-pppoe.so option is no longer available. There is only the pppoe.so available now
Fixes: Bug#13164 Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1eac1190d8850a4013b0f8917a243685778de59f Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 7 14:12:31 2023 +0000
core178: Ship ppp
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 27a3ef9834eed9d17e89b7751823998bf309a1f5 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Jul 2 11:54:32 2023 +0200
ppp: Fixes bug#13164 - Update to version 2.5.0
- Update from version 2.4.9 to 2.5.0 This includes breaking changes for third-party plugins but as far as I can see IPFire is not using any third party plugins - Update of rootfile - Update of patches and sed commands - pcap-int.h and if_pppol2tp.h files have not been in source file since at least 2014 - Some of the patches required updates as additional lines needing to be patched are now present. nThis was related to the O_CLOEXEC & SOCK_CLOEXEC related patches - connect-errors file location is now defined by a configure command --with-logfile-dir - install-etcppp is no longer provided. However the install command in this version still has the same files available in /etc/ppp as previously. There is a new file, openssl.cnf, which I have commented out. If it is required in future it can always be uncommented in future releases. - Build went without any problems with the updated patches. - I cannot test this as I don't use ppp, however the original bug reporter has agreed to test this out when it is released into Testing unless anyone else is capable of testing it. - Changelog What's new in ppp-2.5.0. The 2.5.0 release is a major release of pppd which contains breaking changes for third-party plugins, a complete revamp of the build-system and that allows for flexibility of configuring features as needed. In Summary: * Support for PEAP authentication by Eivind Næss and Rustam Kovhaev * Support for loading PKCS12 certificate envelopes * Adoption of GNU Autoconf / Automake build environment, by Eivind Næss and others. * Support for pkgconfig tool has been added by Eivind Næss. * Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár. * Major revision to PPPD's Plugin API by Eivind Næss. - Defines in which describes what features was included in pppd - Functions now prefixed with explicit ppp_* to indicate that pppd functions being called. - Header files were renamed to better align with their features, and now use proper include guards - A pppdconf.h file is supplied to allow third-party modules to use the same feature defines pppd was compiled with. - No extern declarations of internal variable names of pppd, continued use of these extern variables are considered unstable. * Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon * Dropped IPX support, as Linux has dropped support in version 5.15 for this protocol. * Many more fixes and cleanups. * Pppd is no longer installed setuid-root. * New pppd options: - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber, ipv6-up-script, ipv6-down-script - -v, show-options - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip * On Linux, any baud rate can be set on a serial port provided the kernel serial driver supports that. Note that if you have built and installed previous versions of this package and you want to continue having configuration and TDB files in /etc/ppp, you will need to use the --sysconfdir option to ./configure. For a list of the changes made during the 2.4 series releases of this package, see the Changes-2.4 file. Compression methods. This package supports two packet compression methods: Deflate and BSD-Compress. Other compression methods which are in common use include Predictor, LZS, and MPPC. These methods are not supported for two reasons - they are patent-encumbered, and they cause some packets to expand slightly, which pppd doesn't currently allow for. BSD-Compress and Deflate (which uses the same algorithm as gzip) don't ever expand packets.
Fixes: bug#13164 Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/ppp | 58 +++++--- config/rootfiles/core/178/filelists/files | 1 + .../{oldcore/125 => core/178}/filelists/ppp | 0 config/rootfiles/core/178/update.sh | 2 + lfs/ppp | 28 ++-- src/initscripts/networking/red | 2 +- ...ere-use-SOCK_CLOEXEC-when-creating-socket.patch | 165 --------------------- .../ppp/ppp-2.4.6-increase-max-padi-attempts.patch | 13 -- src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 12 -- ...patch-configure-to-handle-cflags-properly.patch | 15 -- ...1-we-don-t-want-to-accidentally-leak-fds.patch} | 115 ++++++++------ ... ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch} | 136 +++++++---------- ...ere-use-SOCK_CLOEXEC-when-creating-socket.patch | 135 +++++++++++++++++ .../ppp-2.5.0-4-increase-max-padi-attempts.patch | 12 ++ src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch | 12 ++ ...patch-configure-to-handle-cflags-properly.patch | 18 +++ 16 files changed, 348 insertions(+), 376 deletions(-) copy config/rootfiles/{oldcore/125 => core/178}/filelists/ppp (100%) delete mode 100644 src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch delete mode 100644 src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch delete mode 100644 src/patches/ppp/ppp-2.4.7-headers_4.9.patch delete mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch rename src/patches/ppp/{0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch => ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch} (54%) rename src/patches/ppp/{0013-everywhere-O_CLOEXEC-harder.patch => ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch} (63%) create mode 100644 src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch create mode 100644 src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch create mode 100644 src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch create mode 100644 src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
Difference in files: diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index d61fdf811..6098fa7c3 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -7,49 +7,57 @@ etc/ppp/dialer etc/ppp/ioptions etc/ppp/ip-down etc/ppp/ip-up +#etc/ppp/openssl.cnf etc/ppp/options etc/ppp/pap-secrets etc/ppp/standardloginscript #usr/include/pppd +#usr/include/pppd/cbcp.h #usr/include/pppd/ccp.h -#usr/include/pppd/chap-new.h +#usr/include/pppd/chap.h #usr/include/pppd/chap_ms.h -#usr/include/pppd/eap-tls.h +#usr/include/pppd/crypto.h +#usr/include/pppd/crypto_ms.h #usr/include/pppd/eap.h #usr/include/pppd/ecp.h #usr/include/pppd/eui64.h #usr/include/pppd/fsm.h #usr/include/pppd/ipcp.h #usr/include/pppd/ipv6cp.h -#usr/include/pppd/ipxcp.h #usr/include/pppd/lcp.h #usr/include/pppd/magic.h -#usr/include/pppd/md4.h -#usr/include/pppd/md5.h #usr/include/pppd/mppe.h -#usr/include/pppd/patchlevel.h -#usr/include/pppd/pathnames.h -#usr/include/pppd/pppcrypt.h +#usr/include/pppd/multilink.h +#usr/include/pppd/options.h #usr/include/pppd/pppd.h +#usr/include/pppd/pppdconf.h #usr/include/pppd/session.h -#usr/include/pppd/sha1.h -#usr/include/pppd/spinlock.h -#usr/include/pppd/tdb.h #usr/include/pppd/upap.h +#usr/lib/pkgconfig/pppd.pc usr/lib/pppd -usr/lib/pppd/2.4.9 -usr/lib/pppd/2.4.9/minconn.so -usr/lib/pppd/2.4.9/openl2tp.so -usr/lib/pppd/2.4.9/passprompt.so -usr/lib/pppd/2.4.9/passwordfd.so -usr/lib/pppd/2.4.9/pppoatm.so -usr/lib/pppd/2.4.9/pppoe.so -usr/lib/pppd/2.4.9/pppol2tp.so -usr/lib/pppd/2.4.9/radattr.so -usr/lib/pppd/2.4.9/radius.so -usr/lib/pppd/2.4.9/radrealms.so -usr/lib/pppd/2.4.9/rp-pppoe.so -usr/lib/pppd/2.4.9/winbind.so +usr/lib/pppd/2.5.0 +#usr/lib/pppd/2.5.0/minconn.la +usr/lib/pppd/2.5.0/minconn.so +#usr/lib/pppd/2.5.0/openl2tp.la +usr/lib/pppd/2.5.0/openl2tp.so +#usr/lib/pppd/2.5.0/passprompt.la +usr/lib/pppd/2.5.0/passprompt.so +#usr/lib/pppd/2.5.0/passwordfd.la +usr/lib/pppd/2.5.0/passwordfd.so +#usr/lib/pppd/2.5.0/pppoatm.la +usr/lib/pppd/2.5.0/pppoatm.so +#usr/lib/pppd/2.5.0/pppoe.la +usr/lib/pppd/2.5.0/pppoe.so +#usr/lib/pppd/2.5.0/pppol2tp.la +usr/lib/pppd/2.5.0/pppol2tp.so +#usr/lib/pppd/2.5.0/radattr.la +usr/lib/pppd/2.5.0/radattr.so +#usr/lib/pppd/2.5.0/radius.la +usr/lib/pppd/2.5.0/radius.so +#usr/lib/pppd/2.5.0/radrealms.la +usr/lib/pppd/2.5.0/radrealms.so +#usr/lib/pppd/2.5.0/winbind.la +usr/lib/pppd/2.5.0/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump @@ -60,5 +68,7 @@ usr/sbin/pppstats #usr/share/man/man8/pppd-radius.8 #usr/share/man/man8/pppd.8 #usr/share/man/man8/pppdump.8 +#usr/share/man/man8/pppoe-discovery.8 #usr/share/man/man8/pppstats.8 var/log/connect-errors + diff --git a/config/rootfiles/core/178/filelists/files b/config/rootfiles/core/178/filelists/files index 7d07c77c6..c53ebb642 100644 --- a/config/rootfiles/core/178/filelists/files +++ b/config/rootfiles/core/178/filelists/files @@ -1,3 +1,4 @@ +etc/rc.d/init.d/networking/red srv/web/ipfire/cgi-bin/extrahd.cgi srv/web/ipfire/cgi-bin/fwhosts.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi diff --git a/config/rootfiles/core/178/filelists/ppp b/config/rootfiles/core/178/filelists/ppp new file mode 120000 index 000000000..4844a9b58 --- /dev/null +++ b/config/rootfiles/core/178/filelists/ppp @@ -0,0 +1 @@ +../../../common/ppp \ No newline at end of file diff --git a/config/rootfiles/core/178/update.sh b/config/rootfiles/core/178/update.sh index b3c2381aa..57f0d7eb8 100644 --- a/config/rootfiles/core/178/update.sh +++ b/config/rootfiles/core/178/update.sh @@ -37,6 +37,8 @@ done extract_files
# Remove files +rm -rvf \ + /usr/lib/pppd/2.4.9
# Remove dropped sox addon rm -vf \ diff --git a/lfs/ppp b/lfs/ppp index fb46d8aac..fc4528ece 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.4.9 +VER = 2.5.0
THISAPP = ppp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2cc885c32b7d33dc48766097f1f4c9cd0754924a8c0630ccaa58b2989e6b43a197ca0d41f5f16956c395278a12023d490e085f5635e23b53c5603ba61cfc40d5 +$(DL_FILE)_BLAKE2 = 6a0e9efcbff3cb499705071cc7d0e3411cf4871fd53b2bfedbb1f2cf3ad80728eb436050cf33b78e36d473be64f15907a21da17f283337455f0af379bc18272d
install : $(TARGET)
@@ -72,18 +72,20 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch - cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h - cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --with-logfile-dir=/var/log \ + cc="gcc" \ + cflags="$(CFLAGS)" cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - cd $(DIR_APP) && make install-etcppp touch /var/log/connect-errors -mkdir -p /etc/ppp for i in $(DIR_SRC)/src/ppp/* ; do \ diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red index 16d48f3ac..75a17bd5a 100644 --- a/src/initscripts/networking/red +++ b/src/initscripts/networking/red @@ -365,7 +365,7 @@ case "${1}" in # if [ "$TYPE" == "pppoe" ]; then [ "${METHOD}" == "PPPOE_PLUGIN" ] && \ - PLUGOPTS="plugin rp-pppoe.so" + PLUGOPTS="plugin pppoe.so" fi
### Synchronous Mode diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch deleted file mode 100644 index fffda981d..000000000 --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar msekleta@redhat.com -Date: Mon, 7 Apr 2014 14:21:41 +0200 -Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket - ---- - pppd/plugins/pppoatm/pppoatm.c | 2 +- - pppd/plugins/pppol2tp/openl2tp.c | 2 +- - pppd/plugins/pppol2tp/pppol2tp.c | 2 +- - pppd/plugins/pppoe/if.c | 2 +- - pppd/plugins/pppoe/plugin.c | 6 +++--- - pppd/plugins/pppoe/pppoe-discovery.c | 2 +- - pppd/sys-linux.c | 10 +++++----- - pppd/tty.c | 2 +- - 8 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c -index d693350..c31bb34 100644 ---- a/pppd/plugins/pppoatm/pppoatm.c -+++ b/pppd/plugins/pppoatm/pppoatm.c -@@ -135,7 +135,7 @@ static int connect_pppoatm(void) - - if (!device_got_set) - no_device_given_pppoatm(); -- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); -+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (fd < 0) - fatal("failed to create socket: %m"); - memset(&qos, 0, sizeof qos); -diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c -index 9643b96..1099575 100644 ---- a/pppd/plugins/pppol2tp/openl2tp.c -+++ b/pppd/plugins/pppol2tp/openl2tp.c -@@ -83,7 +83,7 @@ static int openl2tp_client_create(void) - int result; - - if (openl2tp_fd < 0) { -- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); -+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (openl2tp_fd < 0) { - error("openl2tp connection create: %m"); - return -ENOTCONN; -diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c -index a7e3400..e64a778 100644 ---- a/pppd/plugins/pppol2tp/pppol2tp.c -+++ b/pppd/plugins/pppol2tp/pppol2tp.c -@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu, - struct ifreq ifr; - int fd; - -- fd = socket(AF_INET, SOCK_DGRAM, 0); -+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (fd >= 0) { - memset (&ifr, '\0', sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c -index 91e9a57..72aba41 100644 ---- a/pppd/plugins/pppoe/if.c -+++ b/pppd/plugins/pppoe/if.c -@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - stype = SOCK_PACKET; - #endif - -- if ((fd = socket(domain, stype, htons(type))) < 0) { -+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { - /* Give a more helpful message for the common error case */ - if (errno == EPERM) { - fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c -index a8c2bb4..24bdf8f 100644 ---- a/pppd/plugins/pppoe/plugin.c -+++ b/pppd/plugins/pppoe/plugin.c -@@ -137,7 +137,7 @@ PPPOEConnectDevice(void) - /* server equipment). */ - /* Opening this socket just before waitForPADS in the discovery() */ - /* function would be more appropriate, but it would mess-up the code */ -- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); -+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); - if (conn->sessionSocket < 0) { - error("Failed to create PPPoE socket: %m"); - return -1; -@@ -148,7 +148,7 @@ PPPOEConnectDevice(void) - lcp_wantoptions[0].mru = conn->mru; - - /* Update maximum MRU */ -- s = socket(AF_INET, SOCK_DGRAM, 0); -+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (s < 0) { - error("Can't get MTU for %s: %m", conn->ifName); - goto errout; -@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) - } - - /* Open a socket */ -- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { -+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { - r = 0; - } - -diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c -index 3d3bf4e..c0d927d 100644 ---- a/pppd/plugins/pppoe/pppoe-discovery.c -+++ b/pppd/plugins/pppoe/pppoe-discovery.c -@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - stype = SOCK_PACKET; - #endif - -- if ((fd = socket(domain, stype, htons(type))) < 0) { -+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { - /* Give a more helpful message for the common error case */ - if (errno == EPERM) { - rp_fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 00a2cf5..0690019 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits) - void sys_init(void) - { - /* Get an internet socket for doing socket ioctls. */ -- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); -+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock_fd < 0) - fatal("Couldn't create IP socket: %m(%d)", errno); - - #ifdef INET6 -- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); -+ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock6_fd < 0) - sock6_fd = -errno; /* save errno for later */ - #endif -@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name) - struct ifreq ifreq; - int ret, sock_fd; - -- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); -+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock_fd < 0) - return 0; - memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); -@@ -2067,7 +2067,7 @@ int ppp_available(void) - /* - * Open a socket for doing the ioctl operations. - */ -- s = socket(AF_INET, SOCK_DGRAM, 0); -+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (s < 0) - return 0; - -diff --git a/pppd/tty.c b/pppd/tty.c -index bc96695..8e76a5d 100644 ---- a/pppd/tty.c -+++ b/pppd/tty.c -@@ -896,7 +896,7 @@ open_socket(dest) - *sep = ':'; - - /* get a socket and connect it to the other end */ -- sock = socket(PF_INET, SOCK_STREAM, 0); -+ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); - if (sock < 0) { - error("Can't create socket: %m"); - return -1; --- -1.8.3.1 - diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch deleted file mode 100644 index 1b36e8369..000000000 --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h -index 9ab2eee..86762bd 100644 ---- a/pppd/plugins/pppoe/pppoe.h -+++ b/pppd/plugins/pppoe/pppoe.h -@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session; - #define STATE_TERMINATED 4 - - /* How many PADI/PADS attempts? */ --#define MAX_PADI_ATTEMPTS 3 -+#define MAX_PADI_ATTEMPTS 4 - - /* Initial timeout for PADO/PADS */ - #define PADI_TIMEOUT 5 diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch deleted file mode 100644 index 686db9204..000000000 --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c ---- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 -@@ -49,6 +49,8 @@ - #include <net/ethernet.h> - #include <net/if_arp.h> - #include <linux/ppp_defs.h> -+#define _LINUX_IN_H -+#define _LINUX_IN6_H - #include <linux/if_pppox.h> - - #ifndef _ROOT_PATH diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch deleted file mode 100644 index b36ace192..000000000 --- a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200 -+++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200 -@@ -121,9 +121,9 @@ - rm -f $2 - if [ -f $1 ]; then - echo " $2 <= $1" -- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ -- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ -- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 -+ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \ -+ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \ -+ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2 - fi - } - diff --git a/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch similarity index 54% rename from src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch rename to src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch index 90bb2d161..98ab03119 100644 --- a/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch +++ b/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch @@ -1,20 +1,8 @@ -From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar msekleta@redhat.com -Date: Mon, 7 Apr 2014 12:23:36 +0200 -Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds - ---- - pppd/auth.c | 20 ++++++++++---------- - pppd/options.c | 2 +- - pppd/sys-linux.c | 4 ++-- - 3 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/pppd/auth.c b/pppd/auth.c -index 4271af6..9e957fa 100644 ---- a/pppd/auth.c -+++ b/pppd/auth.c -@@ -428,7 +428,7 @@ setupapfile(argv) - option_error("unable to reset uid before opening %s: %m", fname); +diff -Naur pppd.orig/auth.c pppd/auth.c +--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200 +@@ -518,7 +518,7 @@ + free(fname); return 0; } - ufile = fopen(fname, "r"); @@ -22,8 +10,8 @@ index 4271af6..9e957fa 100644 if (seteuid(euid) == -1) fatal("unable to regain privileges: %m"); if (ufile == NULL) { -@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) - filename = _PATH_UPAPFILE; +@@ -1535,7 +1535,7 @@ + filename = PPP_PATH_UPAPFILE; addrs = opts = NULL; ret = UPAP_AUTHNAK; - f = fopen(filename, "r"); @@ -31,52 +19,52 @@ index 4271af6..9e957fa 100644 if (f == NULL) { error("Can't open PAP password file %s: %m", filename);
-@@ -1512,7 +1512,7 @@ null_login(unit) +@@ -1635,7 +1635,7 @@ if (ret <= 0) { - filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; addrs = NULL; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0; check_access(f, filename); -@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd) +@@ -1681,7 +1681,7 @@ }
- filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0; check_access(f, filename); -@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp) +@@ -1718,7 +1718,7 @@ }
- filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0;
-@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp) +@@ -1760,7 +1760,7 @@ }
- filename = _PATH_CHAPFILE; + filename = PPP_PATH_CHAPFILE; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0;
-@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp) +@@ -1798,7 +1798,7 @@ struct wordlist *addrs;
- filename = _PATH_SRPFILE; + filename = PPP_PATH_SRPFILE; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0;
-@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server) +@@ -1849,7 +1849,7 @@ addrs = NULL; secbuf[0] = 0;
@@ -85,8 +73,8 @@ index 4271af6..9e957fa 100644 if (f == NULL) { error("Can't open chap secret file %s: %m", filename); return 0; -@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server) - filename = _PATH_SRPFILE; +@@ -1902,7 +1902,7 @@ + filename = PPP_PATH_SRPFILE; addrs = NULL;
- fp = fopen(filename, "r"); @@ -94,7 +82,7 @@ index 4271af6..9e957fa 100644 if (fp == NULL) { error("Can't open srp secret file %s: %m", filename); return 0; -@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags) +@@ -2291,7 +2291,7 @@ */ if (word[0] == '@' && word[1] == '/') { strlcpy(atfile, word+1, sizeof(atfile)); @@ -103,12 +91,38 @@ index 4271af6..9e957fa 100644 warn("can't open indirect secret file %s", atfile); continue; } -diff --git a/pppd/options.c b/pppd/options.c -index 45fa742..1d754ae 100644 ---- a/pppd/options.c -+++ b/pppd/options.c -@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv) - option_error("unable to drop privileges to open %s: %m", filename); +@@ -2461,7 +2461,7 @@ + char pkfile[MAXWORDLEN]; + + filename = PPP_PATH_EAPTLSSERVFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -2518,7 +2518,7 @@ + return 1; + + filename = PPP_PATH_EAPTLSCLIFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -2738,7 +2738,7 @@ + filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE); + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen(filename, "re"); + if (fp == NULL) + { + error("Can't open eap-tls secret file %s: %m", filename); +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200 +@@ -555,7 +555,7 @@ + ppp_option_error("unable to drop privileges to open %s: %m", filename); return 0; } - f = fopen(filename, "r"); @@ -116,11 +130,10 @@ index 45fa742..1d754ae 100644 err = errno; if (check_prot && seteuid(euid) == -1) fatal("unable to regain privileges"); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 72a7727..8a12fa0 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail) +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 +@@ -1978,7 +1978,7 @@ /* Default the mount location of /proc */ strlcpy (proc_path, "/proc", sizeof(proc_path)); proc_path_len = 5; @@ -129,7 +142,7 @@ index 72a7727..8a12fa0 100644 if (fp != NULL) { while ((mntent = getmntent(fp)) != NULL) { if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) -@@ -1472,7 +1472,7 @@ static int open_route_table (void) +@@ -2038,7 +2038,7 @@ close_route_table();
path = path_to_procfs("/net/route"); @@ -138,6 +151,12 @@ index 72a7727..8a12fa0 100644 if (route_fd == NULL) { error("can't open routing table %s: %m", path); return 0; --- -1.8.3.1 - +@@ -2322,7 +2322,7 @@ + close_route_table(); + + path = path_to_procfs("/net/ipv6_route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen (path, "re"); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch similarity index 63% rename from src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch rename to src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch index 0fb028779..c205c0e08 100644 --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch +++ b/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch @@ -1,23 +1,7 @@ -From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar msekleta@redhat.com -Date: Mon, 7 Apr 2014 13:56:34 +0200 -Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder - ---- - pppd/eap.c | 2 +- - pppd/main.c | 4 ++-- - pppd/options.c | 4 ++-- - pppd/sys-linux.c | 22 +++++++++++----------- - pppd/tdb.c | 4 ++-- - pppd/tty.c | 4 ++-- - pppd/utils.c | 6 +++--- - 7 files changed, 23 insertions(+), 23 deletions(-) - -diff --git a/pppd/eap.c b/pppd/eap.c -index 6ea6c1f..faced53 100644 ---- a/pppd/eap.c -+++ b/pppd/eap.c -@@ -1226,7 +1226,7 @@ mode_t modebits; +diff -Naur pppd.orig/eap.c pppd/eap.c +--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200 +@@ -1542,7 +1542,7 @@
if ((path = name_of_pn_file()) == NULL) return (-1); @@ -26,34 +10,23 @@ index 6ea6c1f..faced53 100644 err = errno; free(path); errno = err; -diff --git a/pppd/main.c b/pppd/main.c -index 87a5d29..152e4a2 100644 ---- a/pppd/main.c -+++ b/pppd/main.c -@@ -400,7 +400,7 @@ main(int argc, char *argv[]) +diff -Naur pppd.orig/main.c pppd/main.c +--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200 +@@ -479,7 +479,7 @@ die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */ -- fd_devnull = open(_PATH_DEVNULL, O_RDWR); -+ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC); +- fd_devnull = open(PPP_DEVNULL, O_RDWR); ++ fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC); if (fd_devnull < 0) - fatal("Couldn't open %s: %m", _PATH_DEVNULL); + fatal("Couldn't open %s: %m", PPP_DEVNULL); while (fd_devnull <= 2) { -@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait) - if (log_to_fd >= 0) - errfd = log_to_fd; - else -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); -+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644); - - ++conn_running; - pid = safe_fork(in, out, errfd); -diff --git a/pppd/options.c b/pppd/options.c -index 1d754ae..8e62635 100644 ---- a/pppd/options.c -+++ b/pppd/options.c -@@ -1544,9 +1544,9 @@ setlogfile(argv) - option_error("unable to drop permissions to open %s: %m", *argv); +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200 ++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200 +@@ -1718,9 +1718,9 @@ + ppp_option_error("unable to drop permissions to open %s: %m", *argv); return 0; } - fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); @@ -64,11 +37,10 @@ index 1d754ae..8e62635 100644 err = errno; if (!privileged_option && seteuid(euid) == -1) fatal("unable to regain privileges: %m"); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 8a12fa0..00a2cf5 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd) +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 +@@ -666,7 +666,7 @@ goto err; } dbglog("using channel %d", chindex); @@ -77,7 +49,7 @@ index 8a12fa0..00a2cf5 100644 if (fd < 0) { error("Couldn't reopen /dev/ppp: %m"); goto err; -@@ -619,7 +619,7 @@ static int make_ppp_unit() +@@ -904,7 +904,7 @@ dbglog("in make_ppp_unit, already had /dev/ppp open?"); close(ppp_dev_fd); } @@ -86,7 +58,7 @@ index 8a12fa0..00a2cf5 100644 if (ppp_dev_fd < 0) fatal("Couldn't open /dev/ppp: %m"); flags = fcntl(ppp_dev_fd, F_GETFL); -@@ -693,7 +693,7 @@ int bundle_attach(int ifnum) +@@ -1025,7 +1025,7 @@ if (!new_style_driver) return -1;
@@ -95,7 +67,7 @@ index 8a12fa0..00a2cf5 100644 if (master_fd < 0) fatal("Couldn't open /dev/ppp: %m"); if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { -@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr) +@@ -2533,7 +2533,7 @@ if (tune_kernel) { forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); if (forw_path != 0) { @@ -104,7 +76,7 @@ index 8a12fa0..00a2cf5 100644 if (fd >= 0) { if (write(fd, "1", 1) != 1) error("Couldn't enable IP forwarding: %m"); -@@ -2030,7 +2030,7 @@ int ppp_available(void) +@@ -2878,7 +2878,7 @@ sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); kernel_version = KVERSION(osmaj, osmin, ospatch);
@@ -113,7 +85,7 @@ index 8a12fa0..00a2cf5 100644 if (fd >= 0) { new_style_driver = 1;
-@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host) +@@ -3056,7 +3056,7 @@ #if __GLIBC__ >= 2 updwtmp(_PATH_WTMP, &ut); #else @@ -122,7 +94,7 @@ index 8a12fa0..00a2cf5 100644 if (wtmp >= 0) { flock(wtmp, LOCK_EX);
-@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr, +@@ -3280,7 +3280,7 @@ int fd;
path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); @@ -131,7 +103,7 @@ index 8a12fa0..00a2cf5 100644 if (write(fd, "1", 1) != 1) error("Couldn't enable dynamic IP addressing: %m"); close(fd); -@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) +@@ -3534,7 +3534,7 @@ /* * Try the unix98 way first. */ @@ -140,17 +112,17 @@ index 8a12fa0..00a2cf5 100644 if (mfd >= 0) { int ptn; if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { -@@ -2851,7 +2851,8 @@ +@@ -3545,7 +3545,8 @@ if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) warn("Couldn't unlock pty slave %s: %m", pty_name); #endif - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) + -+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) - { ++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { warn("Couldn't open pty slave %s: %m", pty_name); - close(mfd); -@@ -2865,10 +2866,10 @@ + close(mfd); +@@ -3559,10 +3560,10 @@ for (i = 0; i < 64; ++i) { slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", 'p' + i / 16, i % 16); @@ -161,13 +133,12 @@ index 8a12fa0..00a2cf5 100644 - sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); + sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); if (sfd >= 0) { - fchown(sfd, uid, -1); - fchmod(sfd, S_IRUSR | S_IWUSR); -diff --git a/pppd/tdb.c b/pppd/tdb.c -index bdc5828..c7ab71c 100644 ---- a/pppd/tdb.c -+++ b/pppd/tdb.c -@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, + ret = fchown(sfd, uid, -1); + if (ret != 0) { +diff -Naur pppd.orig/tdb.c pppd/tdb.c +--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200 ++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200 +@@ -1728,7 +1728,7 @@ goto internal; }
@@ -176,7 +147,7 @@ index bdc5828..c7ab71c 100644 TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", name, strerror(errno))); goto fail; /* errno set by open(2) */ -@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb) +@@ -1971,7 +1971,7 @@ } if (close(tdb->fd) != 0) TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); @@ -185,12 +156,11 @@ index bdc5828..c7ab71c 100644 if (tdb->fd == -1) { TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); goto fail; -diff --git a/pppd/tty.c b/pppd/tty.c -index d571b11..bc96695 100644 ---- a/pppd/tty.c -+++ b/pppd/tty.c -@@ -569,7 +569,7 @@ int connect_tty() - status = EXIT_OPEN_FAILED; +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200 +@@ -621,7 +621,7 @@ + ppp_set_status(EXIT_OPEN_FAILED); goto errret; } - real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); @@ -198,7 +168,7 @@ index d571b11..bc96695 100644 err = errno; if (prio < OPRIO_ROOT && seteuid(0) == -1) fatal("Unable to regain privileges"); -@@ -723,7 +723,7 @@ int connect_tty() +@@ -775,7 +775,7 @@ if (connector == NULL && modem && devnam[0] != 0) { int i; for (;;) { @@ -207,12 +177,11 @@ index d571b11..bc96695 100644 break; if (errno != EINTR) { error("Failed to reopen %s: %m", devnam); -diff --git a/pppd/utils.c b/pppd/utils.c -index 29bf970..6051b9a 100644 ---- a/pppd/utils.c -+++ b/pppd/utils.c -@@ -918,14 +918,14 @@ lock(dev) - slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); +diff -Naur pppd.orig/utils.c pppd/utils.c +--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200 +@@ -843,14 +843,14 @@ + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev); #endif
- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { @@ -228,7 +197,7 @@ index 29bf970..6051b9a 100644 if (fd < 0) { if (errno == ENOENT) /* This is just a timing problem. */ continue; -@@ -1004,7 +1004,7 @@ relock(pid) +@@ -933,7 +933,7 @@
if (lock_file[0] == 0) return -1; @@ -237,6 +206,3 @@ index 29bf970..6051b9a 100644 if (fd < 0) { error("Couldn't reopen lock file %s: %m", lock_file); lock_file[0] = 0; --- -1.8.3.1 - diff --git a/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch new file mode 100644 index 000000000..cfd72e468 --- /dev/null +++ b/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch @@ -0,0 +1,135 @@ +diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c +--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200 +@@ -146,7 +146,7 @@ + + if (!device_got_set) + no_device_given_pppoatm(); +- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); ++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd < 0) + fatal("failed to create socket: %m"); + memset(&qos, 0, sizeof qos); +diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c +--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200 +@@ -116,7 +116,7 @@ + stype = SOCK_PACKET; + #endif + +- if ((fd = socket(domain, stype, htons(type))) < 0) { ++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno == EPERM) { + fatal("Cannot create raw socket -- pppoe must be run as root."); +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 +@@ -155,7 +155,7 @@ + /* server equipment). */ + /* Opening this socket just before waitForPADS in the discovery() */ + /* function would be more appropriate, but it would mess-up the code */ +- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); ++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); + if (conn->sessionSocket < 0) { + error("Failed to create PPPoE socket: %m"); + return -1; +@@ -166,7 +166,7 @@ + lcp_wantoptions[0].mru = conn->mru = conn->storedmru; + + /* Update maximum MRU */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) { + error("Can't get MTU for %s: %m", conn->ifName); + goto errout; +@@ -364,7 +364,7 @@ + } + + /* Open a socket */ +- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { ++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { + r = 0; + } + +diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl2tp.c +--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200 +@@ -93,7 +93,7 @@ + int result; + + if (openl2tp_fd < 0) { +- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); ++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (openl2tp_fd < 0) { + error("openl2tp connection create: %m"); + return -ENOTCONN; +diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol2tp.c +--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200 +@@ -220,7 +220,7 @@ + struct ifreq ifr; + int fd; + +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd >= 0) { + memset (&ifr, '\0', sizeof (ifr)); + ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name)); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200 +@@ -499,12 +499,12 @@ + void sys_init(void) + { + /* Get an internet socket for doing socket ioctls. */ +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + fatal("Couldn't create IP socket: %m(%d)", errno); + + #ifdef PPP_WITH_IPV6CP +- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); ++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock6_fd < 0) + sock6_fd = -errno; /* save errno for later */ + #endif +@@ -2675,7 +2675,7 @@ + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); +@@ -2698,7 +2698,7 @@ + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + +@@ -2915,7 +2915,7 @@ + /* + * Open a socket for doing the ioctl operations. + */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) + return 0; + +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200 ++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200 +@@ -942,7 +942,7 @@ + *sep = ':'; + + /* get a socket and connect it to the other end */ +- sock = socket(PF_INET, SOCK_STREAM, 0); ++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (sock < 0) { + error("Can't create socket: %m"); + return -1; diff --git a/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch new file mode 100644 index 000000000..002b6066d --- /dev/null +++ b/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h +--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200 +@@ -143,7 +143,7 @@ + #define STATE_TERMINATED 4 + + /* How many PADI/PADS attempts? */ +-#define MAX_PADI_ATTEMPTS 3 ++#define MAX_PADI_ATTEMPTS 4 + + /* Initial timeout for PADO/PADS */ + #define PADI_TIMEOUT 5 diff --git a/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch b/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch new file mode 100644 index 000000000..dc6c22852 --- /dev/null +++ b/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200 +@@ -46,6 +46,8 @@ + #include <signal.h> + #include <net/if_arp.h> + #include <linux/ppp_defs.h> ++#define _LINUX_IN_H ++#define _LINUX_IN6_H + #include <linux/if_pppox.h> + + #include <pppd/pppd.h> diff --git a/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch new file mode 100644 index 000000000..0e9eab6ed --- /dev/null +++ b/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch @@ -0,0 +1,18 @@ +diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure +--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100 ++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200 +@@ -17774,10 +17774,10 @@ + rm -f $2 + if [ -f $1 ]; then + echo " $2 <= $1" +- sed -e "s,@DESTDIR@,$prefix,g" \ +- -e "s,@SYSCONF@,$sysconfdir,g" \ +- -e "s,@CC@,$CC,g" \ +- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2 ++ sed -e "s#@DESTDIR@#$prefix#g" \ ++ -e "s#@SYSCONF@#$sysconfdir#g" \ ++ -e "s#@CC@#$CC#g" \ ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2 + fi + } +
hooks/post-receive -- IPFire 2.x development tree