This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via f04116f60a337ec988e5f65a445be0da3e81ab78 (commit) via 2007e65b6f25c4ea35ab8fdb2b9dde5d3e665528 (commit) via c5d38996eb2b4b2e7b8c5db1fdc274de567b46f7 (commit) via afd03796cb9ef75e76733302b7520ba00102fdc7 (commit) from 98491fcccede87850cafe73db02e4d182dc8a187 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit f04116f60a337ec988e5f65a445be0da3e81ab78 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Sep 17 14:44:22 2023 +0000
iproute2: Update to 6.5
Fixes: #13284
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2007e65b6f25c4ea35ab8fdb2b9dde5d3e665528 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 17 20:18:20 2023 +0000
sudo: Fix incorrect location of libsudo_utils.so
Reported-by: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c5d38996eb2b4b2e7b8c5db1fdc274de567b46f7 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Sep 18 10:04:29 2023 +0000
OpenSSL: Add missing Perl dependency
Reported-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit afd03796cb9ef75e76733302b7520ba00102fdc7 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Sep 17 15:42:04 2023 +0200
ppp: Update to version 2.5.0
- IPFire3.x - Update from version 2.4.9 to 2.5.0 - Update based on the changes from ipfire2.x - More work still needed once networking has been put in place. define location of secrets and the IPFire3.x replacements for the dialer, ip-up and ip_down helper scripts that were used in IPFire2.x
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: iproute2/iproute2.nm | 4 +- openssl/openssl.nm | 6 +- ...1-we-don-t-want-to-accidentally-leak-fds.patch0 | 162 ++++++++++++++++ .../ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 | 208 +++++++++++++++++++++ ...re-use-SOCK_CLOEXEC-when-creating-socket.patch0 | 135 +++++++++++++ .../ppp-2.5.0-4-increase-max-padi-attempts.patch0 | 12 ++ ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 | 12 ++ ...patch-configure-to-handle-cflags-properly.patch | 18 ++ ...heck-to-see-if-we-have-struct-sockaddr_ll.patch | 37 ++++ ppp/ppp.nm | 40 ++-- sudo/sudo.nm | 5 +- 11 files changed, 606 insertions(+), 33 deletions(-) create mode 100644 ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 create mode 100644 ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 create mode 100644 ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 create mode 100644 ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 create mode 100644 ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 create mode 100644 ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch create mode 100644 ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch
Difference in files: diff --git a/iproute2/iproute2.nm b/iproute2/iproute2.nm index 20df759ae..72024ac57 100644 --- a/iproute2/iproute2.nm +++ b/iproute2/iproute2.nm @@ -4,8 +4,8 @@ ###############################################################################
name = iproute2 -version = 6.0.0 -release = 4 +version = 6.5.0 +release = 1
groups = Networking/Tools url = https://git.kernel.org/pub/scm/network/iproute2/iproute2.git diff --git a/openssl/openssl.nm b/openssl/openssl.nm index 5a422f814..6d5d21863 100644 --- a/openssl/openssl.nm +++ b/openssl/openssl.nm @@ -5,7 +5,7 @@
name = openssl version = 3.1.2 -release = 1 +release = 2
maintainer = Michael Tremer michael.tremer@ipfire.org groups = System/Libraries @@ -35,6 +35,7 @@ build perl(Pod::Html) perl(Test::Harness) perl(Test::More) + perl(Time::Local) sed zlib-devel end @@ -74,8 +75,7 @@ build ${LDFLAGS}
test - # The testsuite has been disabled as it does not run through - : # make test + make test end
install diff --git a/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 b/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 new file mode 100644 index 000000000..98ab03119 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 @@ -0,0 +1,162 @@ +diff -Naur pppd.orig/auth.c pppd/auth.c +--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200 +@@ -518,7 +518,7 @@ + free(fname); + return 0; + } +- ufile = fopen(fname, "r"); ++ ufile = fopen(fname, "re"); + if (seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); + if (ufile == NULL) { +@@ -1535,7 +1535,7 @@ + filename = PPP_PATH_UPAPFILE; + addrs = opts = NULL; + ret = UPAP_AUTHNAK; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) { + error("Can't open PAP password file %s: %m", filename); + +@@ -1635,7 +1635,7 @@ + if (ret <= 0) { + filename = PPP_PATH_UPAPFILE; + addrs = NULL; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1681,7 +1681,7 @@ + } + + filename = PPP_PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1718,7 +1718,7 @@ + } + + filename = PPP_PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1760,7 +1760,7 @@ + } + + filename = PPP_PATH_CHAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1798,7 +1798,7 @@ + struct wordlist *addrs; + + filename = PPP_PATH_SRPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1849,7 +1849,7 @@ + addrs = NULL; + secbuf[0] = 0; + +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) { + error("Can't open chap secret file %s: %m", filename); + return 0; +@@ -1902,7 +1902,7 @@ + filename = PPP_PATH_SRPFILE; + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen(filename, "re"); + if (fp == NULL) { + error("Can't open srp secret file %s: %m", filename); + return 0; +@@ -2291,7 +2291,7 @@ + */ + if (word[0] == '@' && word[1] == '/') { + strlcpy(atfile, word+1, sizeof(atfile)); +- if ((sf = fopen(atfile, "r")) == NULL) { ++ if ((sf = fopen(atfile, "re")) == NULL) { + warn("can't open indirect secret file %s", atfile); + continue; + } +@@ -2461,7 +2461,7 @@ + char pkfile[MAXWORDLEN]; + + filename = PPP_PATH_EAPTLSSERVFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -2518,7 +2518,7 @@ + return 1; + + filename = PPP_PATH_EAPTLSCLIFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -2738,7 +2738,7 @@ + filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE); + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen(filename, "re"); + if (fp == NULL) + { + error("Can't open eap-tls secret file %s: %m", filename); +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200 +@@ -555,7 +555,7 @@ + ppp_option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + err = errno; + if (check_prot && seteuid(euid) == -1) + fatal("unable to regain privileges"); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 +@@ -1978,7 +1978,7 @@ + /* Default the mount location of /proc */ + strlcpy (proc_path, "/proc", sizeof(proc_path)); + proc_path_len = 5; +- fp = fopen(MOUNTED, "r"); ++ fp = fopen(MOUNTED, "re"); + if (fp != NULL) { + while ((mntent = getmntent(fp)) != NULL) { + if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) +@@ -2038,7 +2038,7 @@ + close_route_table(); + + path = path_to_procfs("/net/route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen (path, "re"); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; +@@ -2322,7 +2322,7 @@ + close_route_table(); + + path = path_to_procfs("/net/ipv6_route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen (path, "re"); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; diff --git a/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 b/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 new file mode 100644 index 000000000..c205c0e08 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 @@ -0,0 +1,208 @@ +diff -Naur pppd.orig/eap.c pppd/eap.c +--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200 +@@ -1542,7 +1542,7 @@ + + if ((path = name_of_pn_file()) == NULL) + return (-1); +- fd = open(path, modebits, S_IRUSR | S_IWUSR); ++ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC); + err = errno; + free(path); + errno = err; +diff -Naur pppd.orig/main.c pppd/main.c +--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200 +@@ -479,7 +479,7 @@ + die(0); + + /* Make sure fds 0, 1, 2 are open to somewhere. */ +- fd_devnull = open(PPP_DEVNULL, O_RDWR); ++ fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC); + if (fd_devnull < 0) + fatal("Couldn't open %s: %m", PPP_DEVNULL); + while (fd_devnull <= 2) { +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200 ++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200 +@@ -1718,9 +1718,9 @@ + ppp_option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } +- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); ++ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644); + if (fd < 0 && errno == EEXIST) +- fd = open(*argv, O_WRONLY | O_APPEND); ++ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC); + err = errno; + if (!privileged_option && seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 +@@ -666,7 +666,7 @@ + goto err; + } + dbglog("using channel %d", chindex); +- fd = open("/dev/ppp", O_RDWR); ++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd < 0) { + error("Couldn't reopen /dev/ppp: %m"); + goto err; +@@ -904,7 +904,7 @@ + dbglog("in make_ppp_unit, already had /dev/ppp open?"); + close(ppp_dev_fd); + } +- ppp_dev_fd = open("/dev/ppp", O_RDWR); ++ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (ppp_dev_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + flags = fcntl(ppp_dev_fd, F_GETFL); +@@ -1025,7 +1025,7 @@ + if (!new_style_driver) + return -1; + +- master_fd = open("/dev/ppp", O_RDWR); ++ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (master_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { +@@ -2533,7 +2533,7 @@ + if (tune_kernel) { + forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); + if (forw_path != 0) { +- int fd = open(forw_path, O_WRONLY); ++ int fd = open(forw_path, O_WRONLY | O_CLOEXEC); + if (fd >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable IP forwarding: %m"); +@@ -2878,7 +2878,7 @@ + sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); + kernel_version = KVERSION(osmaj, osmin, ospatch); + +- fd = open("/dev/ppp", O_RDWR); ++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd >= 0) { + new_style_driver = 1; + +@@ -3056,7 +3056,7 @@ + #if __GLIBC__ >= 2 + updwtmp(_PATH_WTMP, &ut); + #else +- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY); ++ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC); + if (wtmp >= 0) { + flock(wtmp, LOCK_EX); + +@@ -3280,7 +3280,7 @@ + int fd; + + path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); +- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { ++ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable dynamic IP addressing: %m"); + close(fd); +@@ -3534,7 +3534,7 @@ + /* + * Try the unix98 way first. + */ +- mfd = open("/dev/ptmx", O_RDWR); ++ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC); + if (mfd >= 0) { + int ptn; + if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { +@@ -3545,7 +3545,8 @@ + if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) + warn("Couldn't unlock pty slave %s: %m", pty_name); + #endif +- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) ++ ++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { + warn("Couldn't open pty slave %s: %m", pty_name); + close(mfd); +@@ -3559,10 +3560,10 @@ + for (i = 0; i < 64; ++i) { + slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", + 'p' + i / 16, i % 16); +- mfd = open(pty_name, O_RDWR, 0); ++ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0); + if (mfd >= 0) { + pty_name[5] = 't'; +- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); ++ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); + if (sfd >= 0) { + ret = fchown(sfd, uid, -1); + if (ret != 0) { +diff -Naur pppd.orig/tdb.c pppd/tdb.c +--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200 ++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200 +@@ -1728,7 +1728,7 @@ + goto internal; + } + +- if ((tdb->fd = open(name, open_flags, mode)) == -1) { ++ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) { + TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", + name, strerror(errno))); + goto fail; /* errno set by open(2) */ +@@ -1971,7 +1971,7 @@ + } + if (close(tdb->fd) != 0) + TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); +- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); ++ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0); + if (tdb->fd == -1) { + TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); + goto fail; +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200 +@@ -621,7 +621,7 @@ + ppp_set_status(EXIT_OPEN_FAILED); + goto errret; + } +- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); ++ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0); + err = errno; + if (prio < OPRIO_ROOT && seteuid(0) == -1) + fatal("Unable to regain privileges"); +@@ -775,7 +775,7 @@ + if (connector == NULL && modem && devnam[0] != 0) { + int i; + for (;;) { +- if ((i = open(devnam, O_RDWR)) >= 0) ++ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0) + break; + if (errno != EINTR) { + error("Failed to reopen %s: %m", devnam); +diff -Naur pppd.orig/utils.c pppd/utils.c +--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200 +@@ -843,14 +843,14 @@ + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev); + #endif + +- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { ++ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) { + if (errno != EEXIST) { + error("Can't create lock file %s: %m", lock_file); + break; + } + + /* Read the lock file to find out who has the device locked. */ +- fd = open(lock_file, O_RDONLY, 0); ++ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0); + if (fd < 0) { + if (errno == ENOENT) /* This is just a timing problem. */ + continue; +@@ -933,7 +933,7 @@ + + if (lock_file[0] == 0) + return -1; +- fd = open(lock_file, O_WRONLY, 0); ++ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0); + if (fd < 0) { + error("Couldn't reopen lock file %s: %m", lock_file); + lock_file[0] = 0; diff --git a/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 b/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 new file mode 100644 index 000000000..cfd72e468 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 @@ -0,0 +1,135 @@ +diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c +--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200 +@@ -146,7 +146,7 @@ + + if (!device_got_set) + no_device_given_pppoatm(); +- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); ++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd < 0) + fatal("failed to create socket: %m"); + memset(&qos, 0, sizeof qos); +diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c +--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200 +@@ -116,7 +116,7 @@ + stype = SOCK_PACKET; + #endif + +- if ((fd = socket(domain, stype, htons(type))) < 0) { ++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno == EPERM) { + fatal("Cannot create raw socket -- pppoe must be run as root."); +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 +@@ -155,7 +155,7 @@ + /* server equipment). */ + /* Opening this socket just before waitForPADS in the discovery() */ + /* function would be more appropriate, but it would mess-up the code */ +- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); ++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); + if (conn->sessionSocket < 0) { + error("Failed to create PPPoE socket: %m"); + return -1; +@@ -166,7 +166,7 @@ + lcp_wantoptions[0].mru = conn->mru = conn->storedmru; + + /* Update maximum MRU */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) { + error("Can't get MTU for %s: %m", conn->ifName); + goto errout; +@@ -364,7 +364,7 @@ + } + + /* Open a socket */ +- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { ++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { + r = 0; + } + +diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl2tp.c +--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200 +@@ -93,7 +93,7 @@ + int result; + + if (openl2tp_fd < 0) { +- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); ++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (openl2tp_fd < 0) { + error("openl2tp connection create: %m"); + return -ENOTCONN; +diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol2tp.c +--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200 +@@ -220,7 +220,7 @@ + struct ifreq ifr; + int fd; + +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd >= 0) { + memset (&ifr, '\0', sizeof (ifr)); + ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name)); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200 +@@ -499,12 +499,12 @@ + void sys_init(void) + { + /* Get an internet socket for doing socket ioctls. */ +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + fatal("Couldn't create IP socket: %m(%d)", errno); + + #ifdef PPP_WITH_IPV6CP +- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); ++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock6_fd < 0) + sock6_fd = -errno; /* save errno for later */ + #endif +@@ -2675,7 +2675,7 @@ + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); +@@ -2698,7 +2698,7 @@ + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + +@@ -2915,7 +2915,7 @@ + /* + * Open a socket for doing the ioctl operations. + */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) + return 0; + +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200 ++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200 +@@ -942,7 +942,7 @@ + *sep = ':'; + + /* get a socket and connect it to the other end */ +- sock = socket(PF_INET, SOCK_STREAM, 0); ++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (sock < 0) { + error("Can't create socket: %m"); + return -1; diff --git a/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 b/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 new file mode 100644 index 000000000..002b6066d --- /dev/null +++ b/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h +--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200 +@@ -143,7 +143,7 @@ + #define STATE_TERMINATED 4 + + /* How many PADI/PADS attempts? */ +-#define MAX_PADI_ATTEMPTS 3 ++#define MAX_PADI_ATTEMPTS 4 + + /* Initial timeout for PADO/PADS */ + #define PADI_TIMEOUT 5 diff --git a/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 b/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 new file mode 100644 index 000000000..dc6c22852 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200 +@@ -46,6 +46,8 @@ + #include <signal.h> + #include <net/if_arp.h> + #include <linux/ppp_defs.h> ++#define _LINUX_IN_H ++#define _LINUX_IN6_H + #include <linux/if_pppox.h> + + #include <pppd/pppd.h> diff --git a/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch b/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch new file mode 100644 index 000000000..0e9eab6ed --- /dev/null +++ b/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch @@ -0,0 +1,18 @@ +diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure +--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100 ++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200 +@@ -17774,10 +17774,10 @@ + rm -f $2 + if [ -f $1 ]; then + echo " $2 <= $1" +- sed -e "s,@DESTDIR@,$prefix,g" \ +- -e "s,@SYSCONF@,$sysconfdir,g" \ +- -e "s,@CC@,$CC,g" \ +- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2 ++ sed -e "s#@DESTDIR@#$prefix#g" \ ++ -e "s#@SYSCONF@#$sysconfdir#g" \ ++ -e "s#@CC@#$CC#g" \ ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2 + fi + } + diff --git a/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch b/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch new file mode 100644 index 000000000..a7823d424 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch @@ -0,0 +1,37 @@ +From 9d6d326b2530cffb1414e4c401675117c42d43ce Mon Sep 17 00:00:00 2001 +From: Eivind Naess eivnaes@yahoo.com +Date: Sun, 23 Apr 2023 11:30:43 -0700 +Subject: [PATCH] Add configure check to see if we have struct sockaddr_ll + +Fixes issue #411. + +Signed-off-by: Eivind Naess eivnaes@yahoo.com +--- + configure.ac | 3 ++- + pppd/plugins/pppoe/config.h.in | 2 ++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 1180f64ec..38b24af92 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -75,7 +75,8 @@ AM_COND_IF([LINUX], [ + linux/if_ether.h \ + linux/if_packet.h \ + netinet/if_ether.h \ +- netpacket/packet.h])]) ++ netpacket/packet.h]) ++ AC_CHECK_TYPES([struct sockaddr_ll], [], [], [#include <linux/if_packet.h>])]) + + AC_CHECK_SIZEOF(unsigned int) + AC_CHECK_SIZEOF(unsigned long) +diff --git a/pppd/plugins/pppoe/config.h.in b/pppd/plugins/pppoe/config.h.in +index d447f5e89..d7d61c01c 100644 +--- a/pppd/plugins/pppoe/config.h.in ++++ b/pppd/plugins/pppoe/config.h.in +@@ -69,3 +69,5 @@ + /* The size of `unsigned short', as computed by sizeof. */ + #undef SIZEOF_UNSIGNED_SHORT + ++/* Define to 1 if the system has the type `struct sockaddr_ll'. */ ++#undef HAVE_STRUCT_SOCKADDR_LL diff --git a/ppp/ppp.nm b/ppp/ppp.nm index 8013c4818..a1f15ab3e 100644 --- a/ppp/ppp.nm +++ b/ppp/ppp.nm @@ -4,8 +4,8 @@ ###############################################################################
name = ppp -version = 2.4.9 -release = 4 +version = 2.5.0 +release = 1
groups = System/Daemons url = https://ppp.samba.org/ @@ -24,6 +24,8 @@ source_dl = https://download.samba.org/pub/ppp/
build requires + autoconf + automake libpcap-devel libudev-devel libxcrypt-devel @@ -32,43 +34,27 @@ build systemd-devel end
- prepare_cmds - sed -e "s@^RUNDIR .*@RUNDIR = /run/ppp@" \ - -e "s@^LOGDIR .*@LOGDIR = /var/log/ppp@" \ - -i linux/Makefile.top - - sed -e "s@^DESTDIR.*@DESTDIR=$%{INSTROOT}/usr@" \ - -i pppd/plugins/pppol2tp/Makefile.linux - - # Remove broken header file that crashed the build. - rm -f include/linux/if_pppol2tp.h - end - - make_build_targets += \ - CC="gcc %{CFLAGS} %{LDFLAGS}" + configure_options += --with-logfile-dir=/var/log
install make install INSTROOT=%{BUILDROOT}
- rm -rfv %{BUILDROOT}/etc/ppp/plugins - + touch /var/log/connect-errors mkdir -pv %{BUILDROOT}/etc/ppp + + # Reminder note + # code used to be here to copy across IPFire2.x dialler etc scripts + # something to replace those for IPFire3.x is likely nedeed somewhere + touch %{BUILDROOT}/etc/ppp/secrets chmod -v 600 %{BUILDROOT}/etc/ppp/secrets - ln -svf secrets %{BUILDROOT}/etc/ppp/pap-secrets - ln -svf secrets %{BUILDROOT}/etc/ppp/chap-secrets - - # Fix binary permissions. - find %{BUILDROOT}%{sbindir} -type f -executable \ - -exec chmod 755 {} ; + ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/pap-secrets + ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/chap-secrets end end
packages package %{name} - #requires - # /usr/lib/network/helpers/pppd-angel - #end
script postin systemctl daemon-reload >/dev/null 2>&1 || : diff --git a/sudo/sudo.nm b/sudo/sudo.nm index 50fc02f07..4757ecec3 100644 --- a/sudo/sudo.nm +++ b/sudo/sudo.nm @@ -5,7 +5,7 @@
name = sudo version = 1.9.14p3 -release = 1 +release = 2
groups = Applications/System url = https://www.sudo.ws/ @@ -70,6 +70,9 @@ build # Fix library permissions. find %{BUILDROOT}%{libdir}/%{name} -type f -iname "*.so" -exec chmod 755 {} ;
+ # ... and move the libraries to the correct place + mv -v %{BUILDROOT}%{libdir}/%{name}/libsudo_util.so* %{BUILDROOT}%{libdir}/ + end end
hooks/post-receive -- IPFire 3.x development tree