* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 2f847b3213156ea0ee5cd92be9812de089285c86
@ 2023-08-07 14:14 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2023-08-07 14:14 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 50947 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 2f847b3213156ea0ee5cd92be9812de089285c86 (commit)
via 0803c50f76e0b43f91ee6b6b3863684ad4cfa073 (commit)
via 1eac1190d8850a4013b0f8917a243685778de59f (commit)
via 27a3ef9834eed9d17e89b7751823998bf309a1f5 (commit)
from ff8ce0d7627e783429099a63f1cb8dbb01ff6ffb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2f847b3213156ea0ee5cd92be9812de089285c86
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Aug 7 14:13:30 2023 +0000
core178: Ship updated RED network init script
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0803c50f76e0b43f91ee6b6b3863684ad4cfa073
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Jul 4 11:04:46 2023 +0200
red: Fixes bug#13164 adjust pppoe plugin name in red initscript
- This patch goes together with the patch for the ppp update to 2.5.0
- The rp-pppoe.so option is no longer available. There is only the pppoe.so available now
Fixes: Bug#13164
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1eac1190d8850a4013b0f8917a243685778de59f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Aug 7 14:12:31 2023 +0000
core178: Ship ppp
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 27a3ef9834eed9d17e89b7751823998bf309a1f5
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Jul 2 11:54:32 2023 +0200
ppp: Fixes bug#13164 - Update to version 2.5.0
- Update from version 2.4.9 to 2.5.0
This includes breaking changes for third-party plugins but as far as I can see IPFire
is not using any third party plugins
- Update of rootfile
- Update of patches and sed commands
- pcap-int.h and if_pppol2tp.h files have not been in source file since at least 2014
- Some of the patches required updates as additional lines needing to be patched are
now present. nThis was related to the O_CLOEXEC & SOCK_CLOEXEC related patches
- connect-errors file location is now defined by a configure command --with-logfile-dir
- install-etcppp is no longer provided. However the install command in this version still
has the same files available in /etc/ppp as previously. There is a new file,
openssl.cnf, which I have commented out. If it is required in future it can always be
uncommented in future releases.
- Build went without any problems with the updated patches.
- I cannot test this as I don't use ppp, however the original bug reporter has agreed to
test this out when it is released into Testing unless anyone else is capable of testing
it.
- Changelog
What's new in ppp-2.5.0.
The 2.5.0 release is a major release of pppd which contains breaking
changes for third-party plugins, a complete revamp of the build-system
and that allows for flexibility of configuring features as needed.
In Summary:
* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev
* Support for loading PKCS12 certificate envelopes
* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss
and others.
* Support for pkgconfig tool has been added by Eivind Næss.
* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
* Major revision to PPPD's Plugin API by Eivind Næss.
- Defines in which describes what features was included in pppd
- Functions now prefixed with explicit ppp_* to indicate that
pppd functions being called.
- Header files were renamed to better align with their features,
and now use proper include guards
- A pppdconf.h file is supplied to allow third-party modules to use
the same feature defines pppd was compiled with.
- No extern declarations of internal variable names of pppd,
continued use of these extern variables are considered
unstable.
* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
* Dropped IPX support, as Linux has dropped support in version 5.15
for this protocol.
* Many more fixes and cleanups.
* Pppd is no longer installed setuid-root.
* New pppd options:
- ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
ipv6-up-script, ipv6-down-script
- -v, show-options
- usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
* On Linux, any baud rate can be set on a serial port provided the
kernel serial driver supports that.
Note that if you have built and installed previous versions of this
package and you want to continue having configuration and TDB files in
/etc/ppp, you will need to use the --sysconfdir option to ./configure.
For a list of the changes made during the 2.4 series releases of this
package, see the Changes-2.4 file.
Compression methods.
This package supports two packet compression methods: Deflate and
BSD-Compress. Other compression methods which are in common use
include Predictor, LZS, and MPPC. These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
ever expand packets.
Fixes: bug#13164
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/ppp | 58 +++++---
config/rootfiles/core/178/filelists/files | 1 +
.../{oldcore/125 => core/178}/filelists/ppp | 0
config/rootfiles/core/178/update.sh | 2 +
lfs/ppp | 28 ++--
src/initscripts/networking/red | 2 +-
...ere-use-SOCK_CLOEXEC-when-creating-socket.patch | 165 ---------------------
.../ppp/ppp-2.4.6-increase-max-padi-attempts.patch | 13 --
src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 12 --
...patch-configure-to-handle-cflags-properly.patch | 15 --
...1-we-don-t-want-to-accidentally-leak-fds.patch} | 115 ++++++++------
... ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch} | 136 +++++++----------
...ere-use-SOCK_CLOEXEC-when-creating-socket.patch | 135 +++++++++++++++++
.../ppp-2.5.0-4-increase-max-padi-attempts.patch | 12 ++
src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch | 12 ++
...patch-configure-to-handle-cflags-properly.patch | 18 +++
16 files changed, 348 insertions(+), 376 deletions(-)
copy config/rootfiles/{oldcore/125 => core/178}/filelists/ppp (100%)
delete mode 100644 src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
delete mode 100644 src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
delete mode 100644 src/patches/ppp/ppp-2.4.7-headers_4.9.patch
delete mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
rename src/patches/ppp/{0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch => ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch} (54%)
rename src/patches/ppp/{0013-everywhere-O_CLOEXEC-harder.patch => ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch} (63%)
create mode 100644 src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
create mode 100644 src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch
create mode 100644 src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch
create mode 100644 src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
Difference in files:
diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
index d61fdf811..6098fa7c3 100644
--- a/config/rootfiles/common/ppp
+++ b/config/rootfiles/common/ppp
@@ -7,49 +7,57 @@ etc/ppp/dialer
etc/ppp/ioptions
etc/ppp/ip-down
etc/ppp/ip-up
+#etc/ppp/openssl.cnf
etc/ppp/options
etc/ppp/pap-secrets
etc/ppp/standardloginscript
#usr/include/pppd
+#usr/include/pppd/cbcp.h
#usr/include/pppd/ccp.h
-#usr/include/pppd/chap-new.h
+#usr/include/pppd/chap.h
#usr/include/pppd/chap_ms.h
-#usr/include/pppd/eap-tls.h
+#usr/include/pppd/crypto.h
+#usr/include/pppd/crypto_ms.h
#usr/include/pppd/eap.h
#usr/include/pppd/ecp.h
#usr/include/pppd/eui64.h
#usr/include/pppd/fsm.h
#usr/include/pppd/ipcp.h
#usr/include/pppd/ipv6cp.h
-#usr/include/pppd/ipxcp.h
#usr/include/pppd/lcp.h
#usr/include/pppd/magic.h
-#usr/include/pppd/md4.h
-#usr/include/pppd/md5.h
#usr/include/pppd/mppe.h
-#usr/include/pppd/patchlevel.h
-#usr/include/pppd/pathnames.h
-#usr/include/pppd/pppcrypt.h
+#usr/include/pppd/multilink.h
+#usr/include/pppd/options.h
#usr/include/pppd/pppd.h
+#usr/include/pppd/pppdconf.h
#usr/include/pppd/session.h
-#usr/include/pppd/sha1.h
-#usr/include/pppd/spinlock.h
-#usr/include/pppd/tdb.h
#usr/include/pppd/upap.h
+#usr/lib/pkgconfig/pppd.pc
usr/lib/pppd
-usr/lib/pppd/2.4.9
-usr/lib/pppd/2.4.9/minconn.so
-usr/lib/pppd/2.4.9/openl2tp.so
-usr/lib/pppd/2.4.9/passprompt.so
-usr/lib/pppd/2.4.9/passwordfd.so
-usr/lib/pppd/2.4.9/pppoatm.so
-usr/lib/pppd/2.4.9/pppoe.so
-usr/lib/pppd/2.4.9/pppol2tp.so
-usr/lib/pppd/2.4.9/radattr.so
-usr/lib/pppd/2.4.9/radius.so
-usr/lib/pppd/2.4.9/radrealms.so
-usr/lib/pppd/2.4.9/rp-pppoe.so
-usr/lib/pppd/2.4.9/winbind.so
+usr/lib/pppd/2.5.0
+#usr/lib/pppd/2.5.0/minconn.la
+usr/lib/pppd/2.5.0/minconn.so
+#usr/lib/pppd/2.5.0/openl2tp.la
+usr/lib/pppd/2.5.0/openl2tp.so
+#usr/lib/pppd/2.5.0/passprompt.la
+usr/lib/pppd/2.5.0/passprompt.so
+#usr/lib/pppd/2.5.0/passwordfd.la
+usr/lib/pppd/2.5.0/passwordfd.so
+#usr/lib/pppd/2.5.0/pppoatm.la
+usr/lib/pppd/2.5.0/pppoatm.so
+#usr/lib/pppd/2.5.0/pppoe.la
+usr/lib/pppd/2.5.0/pppoe.so
+#usr/lib/pppd/2.5.0/pppol2tp.la
+usr/lib/pppd/2.5.0/pppol2tp.so
+#usr/lib/pppd/2.5.0/radattr.la
+usr/lib/pppd/2.5.0/radattr.so
+#usr/lib/pppd/2.5.0/radius.la
+usr/lib/pppd/2.5.0/radius.so
+#usr/lib/pppd/2.5.0/radrealms.la
+usr/lib/pppd/2.5.0/radrealms.so
+#usr/lib/pppd/2.5.0/winbind.la
+usr/lib/pppd/2.5.0/winbind.so
usr/sbin/chat
usr/sbin/pppd
usr/sbin/pppdump
@@ -60,5 +68,7 @@ usr/sbin/pppstats
#usr/share/man/man8/pppd-radius.8
#usr/share/man/man8/pppd.8
#usr/share/man/man8/pppdump.8
+#usr/share/man/man8/pppoe-discovery.8
#usr/share/man/man8/pppstats.8
var/log/connect-errors
+
diff --git a/config/rootfiles/core/178/filelists/files b/config/rootfiles/core/178/filelists/files
index 7d07c77c6..c53ebb642 100644
--- a/config/rootfiles/core/178/filelists/files
+++ b/config/rootfiles/core/178/filelists/files
@@ -1,3 +1,4 @@
+etc/rc.d/init.d/networking/red
srv/web/ipfire/cgi-bin/extrahd.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
diff --git a/config/rootfiles/core/178/filelists/ppp b/config/rootfiles/core/178/filelists/ppp
new file mode 120000
index 000000000..4844a9b58
--- /dev/null
+++ b/config/rootfiles/core/178/filelists/ppp
@@ -0,0 +1 @@
+../../../common/ppp
\ No newline at end of file
diff --git a/config/rootfiles/core/178/update.sh b/config/rootfiles/core/178/update.sh
index b3c2381aa..57f0d7eb8 100644
--- a/config/rootfiles/core/178/update.sh
+++ b/config/rootfiles/core/178/update.sh
@@ -37,6 +37,8 @@ done
extract_files
# Remove files
+rm -rvf \
+ /usr/lib/pppd/2.4.9
# Remove dropped sox addon
rm -vf \
diff --git a/lfs/ppp b/lfs/ppp
index fb46d8aac..fc4528ece 100644
--- a/lfs/ppp
+++ b/lfs/ppp
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.4.9
+VER = 2.5.0
THISAPP = ppp-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2cc885c32b7d33dc48766097f1f4c9cd0754924a8c0630ccaa58b2989e6b43a197ca0d41f5f16956c395278a12023d490e085f5635e23b53c5603ba61cfc40d5
+$(DL_FILE)_BLAKE2 = 6a0e9efcbff3cb499705071cc7d0e3411cf4871fd53b2bfedbb1f2cf3ad80728eb436050cf33b78e36d473be64f15907a21da17f283337455f0af379bc18272d
install : $(TARGET)
@@ -72,18 +72,20 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
- cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
- cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-logfile-dir=/var/log \
+ cc="gcc" \
+ cflags="$(CFLAGS)"
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- cd $(DIR_APP) && make install-etcppp
touch /var/log/connect-errors
-mkdir -p /etc/ppp
for i in $(DIR_SRC)/src/ppp/* ; do \
diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red
index 16d48f3ac..75a17bd5a 100644
--- a/src/initscripts/networking/red
+++ b/src/initscripts/networking/red
@@ -365,7 +365,7 @@ case "${1}" in
#
if [ "$TYPE" == "pppoe" ]; then
[ "${METHOD}" == "PPPOE_PLUGIN" ] && \
- PLUGOPTS="plugin rp-pppoe.so"
+ PLUGOPTS="plugin pppoe.so"
fi
### Synchronous Mode
diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
deleted file mode 100644
index fffda981d..000000000
--- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta(a)redhat.com>
-Date: Mon, 7 Apr 2014 14:21:41 +0200
-Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
-
----
- pppd/plugins/pppoatm/pppoatm.c | 2 +-
- pppd/plugins/pppol2tp/openl2tp.c | 2 +-
- pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
- pppd/plugins/pppoe/if.c | 2 +-
- pppd/plugins/pppoe/plugin.c | 6 +++---
- pppd/plugins/pppoe/pppoe-discovery.c | 2 +-
- pppd/sys-linux.c | 10 +++++-----
- pppd/tty.c | 2 +-
- 8 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
-index d693350..c31bb34 100644
---- a/pppd/plugins/pppoatm/pppoatm.c
-+++ b/pppd/plugins/pppoatm/pppoatm.c
-@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
-
- if (!device_got_set)
- no_device_given_pppoatm();
-- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
-+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (fd < 0)
- fatal("failed to create socket: %m");
- memset(&qos, 0, sizeof qos);
-diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
-index 9643b96..1099575 100644
---- a/pppd/plugins/pppol2tp/openl2tp.c
-+++ b/pppd/plugins/pppol2tp/openl2tp.c
-@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
- int result;
-
- if (openl2tp_fd < 0) {
-- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
-+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (openl2tp_fd < 0) {
- error("openl2tp connection create: %m");
- return -ENOTCONN;
-diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
-index a7e3400..e64a778 100644
---- a/pppd/plugins/pppol2tp/pppol2tp.c
-+++ b/pppd/plugins/pppol2tp/pppol2tp.c
-@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
- struct ifreq ifr;
- int fd;
-
-- fd = socket(AF_INET, SOCK_DGRAM, 0);
-+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (fd >= 0) {
- memset (&ifr, '\0', sizeof (ifr));
- strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
-diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
-index 91e9a57..72aba41 100644
---- a/pppd/plugins/pppoe/if.c
-+++ b/pppd/plugins/pppoe/if.c
-@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
- stype = SOCK_PACKET;
- #endif
-
-- if ((fd = socket(domain, stype, htons(type))) < 0) {
-+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
- /* Give a more helpful message for the common error case */
- if (errno == EPERM) {
- fatal("Cannot create raw socket -- pppoe must be run as root.");
-diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
-index a8c2bb4..24bdf8f 100644
---- a/pppd/plugins/pppoe/plugin.c
-+++ b/pppd/plugins/pppoe/plugin.c
-@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
- /* server equipment). */
- /* Opening this socket just before waitForPADS in the discovery() */
- /* function would be more appropriate, but it would mess-up the code */
-- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
-+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
- if (conn->sessionSocket < 0) {
- error("Failed to create PPPoE socket: %m");
- return -1;
-@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
- lcp_wantoptions[0].mru = conn->mru;
-
- /* Update maximum MRU */
-- s = socket(AF_INET, SOCK_DGRAM, 0);
-+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (s < 0) {
- error("Can't get MTU for %s: %m", conn->ifName);
- goto errout;
-@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
- }
-
- /* Open a socket */
-- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
-+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
- r = 0;
- }
-
-diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
-index 3d3bf4e..c0d927d 100644
---- a/pppd/plugins/pppoe/pppoe-discovery.c
-+++ b/pppd/plugins/pppoe/pppoe-discovery.c
-@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
- stype = SOCK_PACKET;
- #endif
-
-- if ((fd = socket(domain, stype, htons(type))) < 0) {
-+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
- /* Give a more helpful message for the common error case */
- if (errno == EPERM) {
- rp_fatal("Cannot create raw socket -- pppoe must be run as root.");
-diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
-index 00a2cf5..0690019 100644
---- a/pppd/sys-linux.c
-+++ b/pppd/sys-linux.c
-@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
- void sys_init(void)
- {
- /* Get an internet socket for doing socket ioctls. */
-- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
-+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (sock_fd < 0)
- fatal("Couldn't create IP socket: %m(%d)", errno);
-
- #ifdef INET6
-- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
-+ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (sock6_fd < 0)
- sock6_fd = -errno; /* save errno for later */
- #endif
-@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
- struct ifreq ifreq;
- int ret, sock_fd;
-
-- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
-+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (sock_fd < 0)
- return 0;
- memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
-@@ -2067,7 +2067,7 @@ int ppp_available(void)
- /*
- * Open a socket for doing the ioctl operations.
- */
-- s = socket(AF_INET, SOCK_DGRAM, 0);
-+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (s < 0)
- return 0;
-
-diff --git a/pppd/tty.c b/pppd/tty.c
-index bc96695..8e76a5d 100644
---- a/pppd/tty.c
-+++ b/pppd/tty.c
-@@ -896,7 +896,7 @@ open_socket(dest)
- *sep = ':';
-
- /* get a socket and connect it to the other end */
-- sock = socket(PF_INET, SOCK_STREAM, 0);
-+ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
- if (sock < 0) {
- error("Can't create socket: %m");
- return -1;
---
-1.8.3.1
-
diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
deleted file mode 100644
index 1b36e8369..000000000
--- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h
-index 9ab2eee..86762bd 100644
---- a/pppd/plugins/pppoe/pppoe.h
-+++ b/pppd/plugins/pppoe/pppoe.h
-@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
- #define STATE_TERMINATED 4
-
- /* How many PADI/PADS attempts? */
--#define MAX_PADI_ATTEMPTS 3
-+#define MAX_PADI_ATTEMPTS 4
-
- /* Initial timeout for PADO/PADS */
- #define PADI_TIMEOUT 5
diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
deleted file mode 100644
index 686db9204..000000000
--- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c
---- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
-@@ -49,6 +49,8 @@
- #include <net/ethernet.h>
- #include <net/if_arp.h>
- #include <linux/ppp_defs.h>
-+#define _LINUX_IN_H
-+#define _LINUX_IN6_H
- #include <linux/if_pppox.h>
-
- #ifndef _ROOT_PATH
diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
deleted file mode 100644
index b36ace192..000000000
--- a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200
-+++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200
-@@ -121,9 +121,9 @@
- rm -f $2
- if [ -f $1 ]; then
- echo " $2 <= $1"
-- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
-- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
-- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
-+ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \
-+ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \
-+ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2
- fi
- }
-
diff --git a/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch
similarity index 54%
rename from src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
rename to src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch
index 90bb2d161..98ab03119 100644
--- a/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
+++ b/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch
@@ -1,20 +1,8 @@
-From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta(a)redhat.com>
-Date: Mon, 7 Apr 2014 12:23:36 +0200
-Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds
-
----
- pppd/auth.c | 20 ++++++++++----------
- pppd/options.c | 2 +-
- pppd/sys-linux.c | 4 ++--
- 3 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/pppd/auth.c b/pppd/auth.c
-index 4271af6..9e957fa 100644
---- a/pppd/auth.c
-+++ b/pppd/auth.c
-@@ -428,7 +428,7 @@ setupapfile(argv)
- option_error("unable to reset uid before opening %s: %m", fname);
+diff -Naur pppd.orig/auth.c pppd/auth.c
+--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200
+@@ -518,7 +518,7 @@
+ free(fname);
return 0;
}
- ufile = fopen(fname, "r");
@@ -22,8 +10,8 @@ index 4271af6..9e957fa 100644
if (seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
-@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
- filename = _PATH_UPAPFILE;
+@@ -1535,7 +1535,7 @@
+ filename = PPP_PATH_UPAPFILE;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
- f = fopen(filename, "r");
@@ -31,52 +19,52 @@ index 4271af6..9e957fa 100644
if (f == NULL) {
error("Can't open PAP password file %s: %m", filename);
-@@ -1512,7 +1512,7 @@ null_login(unit)
+@@ -1635,7 +1635,7 @@
if (ret <= 0) {
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
addrs = NULL;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
-@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
+@@ -1681,7 +1681,7 @@
}
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
-@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
+@@ -1718,7 +1718,7 @@
}
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
-@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
+@@ -1760,7 +1760,7 @@
}
- filename = _PATH_CHAPFILE;
+ filename = PPP_PATH_CHAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
-@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
+@@ -1798,7 +1798,7 @@
struct wordlist *addrs;
- filename = _PATH_SRPFILE;
+ filename = PPP_PATH_SRPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
-@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
+@@ -1849,7 +1849,7 @@
addrs = NULL;
secbuf[0] = 0;
@@ -85,8 +73,8 @@ index 4271af6..9e957fa 100644
if (f == NULL) {
error("Can't open chap secret file %s: %m", filename);
return 0;
-@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
- filename = _PATH_SRPFILE;
+@@ -1902,7 +1902,7 @@
+ filename = PPP_PATH_SRPFILE;
addrs = NULL;
- fp = fopen(filename, "r");
@@ -94,7 +82,7 @@ index 4271af6..9e957fa 100644
if (fp == NULL) {
error("Can't open srp secret file %s: %m", filename);
return 0;
-@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
+@@ -2291,7 +2291,7 @@
*/
if (word[0] == '@' && word[1] == '/') {
strlcpy(atfile, word+1, sizeof(atfile));
@@ -103,12 +91,38 @@ index 4271af6..9e957fa 100644
warn("can't open indirect secret file %s", atfile);
continue;
}
-diff --git a/pppd/options.c b/pppd/options.c
-index 45fa742..1d754ae 100644
---- a/pppd/options.c
-+++ b/pppd/options.c
-@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
- option_error("unable to drop privileges to open %s: %m", filename);
+@@ -2461,7 +2461,7 @@
+ char pkfile[MAXWORDLEN];
+
+ filename = PPP_PATH_EAPTLSSERVFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -2518,7 +2518,7 @@
+ return 1;
+
+ filename = PPP_PATH_EAPTLSCLIFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -2738,7 +2738,7 @@
+ filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE);
+ addrs = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "re");
+ if (fp == NULL)
+ {
+ error("Can't open eap-tls secret file %s: %m", filename);
+diff -Naur pppd.orig/options.c pppd/options.c
+--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200
+@@ -555,7 +555,7 @@
+ ppp_option_error("unable to drop privileges to open %s: %m", filename);
return 0;
}
- f = fopen(filename, "r");
@@ -116,11 +130,10 @@ index 45fa742..1d754ae 100644
err = errno;
if (check_prot && seteuid(euid) == -1)
fatal("unable to regain privileges");
-diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
-index 72a7727..8a12fa0 100644
---- a/pppd/sys-linux.c
-+++ b/pppd/sys-linux.c
-@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100
++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
+@@ -1978,7 +1978,7 @@
/* Default the mount location of /proc */
strlcpy (proc_path, "/proc", sizeof(proc_path));
proc_path_len = 5;
@@ -129,7 +142,7 @@ index 72a7727..8a12fa0 100644
if (fp != NULL) {
while ((mntent = getmntent(fp)) != NULL) {
if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
-@@ -1472,7 +1472,7 @@ static int open_route_table (void)
+@@ -2038,7 +2038,7 @@
close_route_table();
path = path_to_procfs("/net/route");
@@ -138,6 +151,12 @@ index 72a7727..8a12fa0 100644
if (route_fd == NULL) {
error("can't open routing table %s: %m", path);
return 0;
---
-1.8.3.1
-
+@@ -2322,7 +2322,7 @@
+ close_route_table();
+
+ path = path_to_procfs("/net/ipv6_route");
+- route_fd = fopen (path, "r");
++ route_fd = fopen (path, "re");
+ if (route_fd == NULL) {
+ error("can't open routing table %s: %m", path);
+ return 0;
diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch
similarity index 63%
rename from src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
rename to src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch
index 0fb028779..c205c0e08 100644
--- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
+++ b/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch
@@ -1,23 +1,7 @@
-From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta(a)redhat.com>
-Date: Mon, 7 Apr 2014 13:56:34 +0200
-Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder
-
----
- pppd/eap.c | 2 +-
- pppd/main.c | 4 ++--
- pppd/options.c | 4 ++--
- pppd/sys-linux.c | 22 +++++++++++-----------
- pppd/tdb.c | 4 ++--
- pppd/tty.c | 4 ++--
- pppd/utils.c | 6 +++---
- 7 files changed, 23 insertions(+), 23 deletions(-)
-
-diff --git a/pppd/eap.c b/pppd/eap.c
-index 6ea6c1f..faced53 100644
---- a/pppd/eap.c
-+++ b/pppd/eap.c
-@@ -1226,7 +1226,7 @@ mode_t modebits;
+diff -Naur pppd.orig/eap.c pppd/eap.c
+--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200
+@@ -1542,7 +1542,7 @@
if ((path = name_of_pn_file()) == NULL)
return (-1);
@@ -26,34 +10,23 @@ index 6ea6c1f..faced53 100644
err = errno;
free(path);
errno = err;
-diff --git a/pppd/main.c b/pppd/main.c
-index 87a5d29..152e4a2 100644
---- a/pppd/main.c
-+++ b/pppd/main.c
-@@ -400,7 +400,7 @@ main(int argc, char *argv[])
+diff -Naur pppd.orig/main.c pppd/main.c
+--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200
+@@ -479,7 +479,7 @@
die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */
-- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
-+ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
+- fd_devnull = open(PPP_DEVNULL, O_RDWR);
++ fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC);
if (fd_devnull < 0)
- fatal("Couldn't open %s: %m", _PATH_DEVNULL);
+ fatal("Couldn't open %s: %m", PPP_DEVNULL);
while (fd_devnull <= 2) {
-@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait)
- if (log_to_fd >= 0)
- errfd = log_to_fd;
- else
-- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
-+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
-
- ++conn_running;
- pid = safe_fork(in, out, errfd);
-diff --git a/pppd/options.c b/pppd/options.c
-index 1d754ae..8e62635 100644
---- a/pppd/options.c
-+++ b/pppd/options.c
-@@ -1544,9 +1544,9 @@ setlogfile(argv)
- option_error("unable to drop permissions to open %s: %m", *argv);
+diff -Naur pppd.orig/options.c pppd/options.c
+--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200
++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200
+@@ -1718,9 +1718,9 @@
+ ppp_option_error("unable to drop permissions to open %s: %m", *argv);
return 0;
}
- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
@@ -64,11 +37,10 @@ index 1d754ae..8e62635 100644
err = errno;
if (!privileged_option && seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
-diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
-index 8a12fa0..00a2cf5 100644
---- a/pppd/sys-linux.c
-+++ b/pppd/sys-linux.c
-@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
+@@ -666,7 +666,7 @@
goto err;
}
dbglog("using channel %d", chindex);
@@ -77,7 +49,7 @@ index 8a12fa0..00a2cf5 100644
if (fd < 0) {
error("Couldn't reopen /dev/ppp: %m");
goto err;
-@@ -619,7 +619,7 @@ static int make_ppp_unit()
+@@ -904,7 +904,7 @@
dbglog("in make_ppp_unit, already had /dev/ppp open?");
close(ppp_dev_fd);
}
@@ -86,7 +58,7 @@ index 8a12fa0..00a2cf5 100644
if (ppp_dev_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
flags = fcntl(ppp_dev_fd, F_GETFL);
-@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
+@@ -1025,7 +1025,7 @@
if (!new_style_driver)
return -1;
@@ -95,7 +67,7 @@ index 8a12fa0..00a2cf5 100644
if (master_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
-@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
+@@ -2533,7 +2533,7 @@
if (tune_kernel) {
forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
if (forw_path != 0) {
@@ -104,7 +76,7 @@ index 8a12fa0..00a2cf5 100644
if (fd >= 0) {
if (write(fd, "1", 1) != 1)
error("Couldn't enable IP forwarding: %m");
-@@ -2030,7 +2030,7 @@ int ppp_available(void)
+@@ -2878,7 +2878,7 @@
sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
kernel_version = KVERSION(osmaj, osmin, ospatch);
@@ -113,7 +85,7 @@ index 8a12fa0..00a2cf5 100644
if (fd >= 0) {
new_style_driver = 1;
-@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
+@@ -3056,7 +3056,7 @@
#if __GLIBC__ >= 2
updwtmp(_PATH_WTMP, &ut);
#else
@@ -122,7 +94,7 @@ index 8a12fa0..00a2cf5 100644
if (wtmp >= 0) {
flock(wtmp, LOCK_EX);
-@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
+@@ -3280,7 +3280,7 @@
int fd;
path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
@@ -131,7 +103,7 @@ index 8a12fa0..00a2cf5 100644
if (write(fd, "1", 1) != 1)
error("Couldn't enable dynamic IP addressing: %m");
close(fd);
-@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+@@ -3534,7 +3534,7 @@
/*
* Try the unix98 way first.
*/
@@ -140,17 +112,17 @@ index 8a12fa0..00a2cf5 100644
if (mfd >= 0) {
int ptn;
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
-@@ -2851,7 +2851,8 @@
+@@ -3545,7 +3545,8 @@
if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
warn("Couldn't unlock pty slave %s: %m", pty_name);
#endif
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+
-+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
- {
++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ {
warn("Couldn't open pty slave %s: %m", pty_name);
- close(mfd);
-@@ -2865,10 +2866,10 @@
+ close(mfd);
+@@ -3559,10 +3560,10 @@
for (i = 0; i < 64; ++i) {
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
'p' + i / 16, i % 16);
@@ -161,13 +133,12 @@ index 8a12fa0..00a2cf5 100644
- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
+ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
if (sfd >= 0) {
- fchown(sfd, uid, -1);
- fchmod(sfd, S_IRUSR | S_IWUSR);
-diff --git a/pppd/tdb.c b/pppd/tdb.c
-index bdc5828..c7ab71c 100644
---- a/pppd/tdb.c
-+++ b/pppd/tdb.c
-@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+ ret = fchown(sfd, uid, -1);
+ if (ret != 0) {
+diff -Naur pppd.orig/tdb.c pppd/tdb.c
+--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200
++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200
+@@ -1728,7 +1728,7 @@
goto internal;
}
@@ -176,7 +147,7 @@ index bdc5828..c7ab71c 100644
TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
name, strerror(errno)));
goto fail; /* errno set by open(2) */
-@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
+@@ -1971,7 +1971,7 @@
}
if (close(tdb->fd) != 0)
TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
@@ -185,12 +156,11 @@ index bdc5828..c7ab71c 100644
if (tdb->fd == -1) {
TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
goto fail;
-diff --git a/pppd/tty.c b/pppd/tty.c
-index d571b11..bc96695 100644
---- a/pppd/tty.c
-+++ b/pppd/tty.c
-@@ -569,7 +569,7 @@ int connect_tty()
- status = EXIT_OPEN_FAILED;
+diff -Naur pppd.orig/tty.c pppd/tty.c
+--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200
+@@ -621,7 +621,7 @@
+ ppp_set_status(EXIT_OPEN_FAILED);
goto errret;
}
- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
@@ -198,7 +168,7 @@ index d571b11..bc96695 100644
err = errno;
if (prio < OPRIO_ROOT && seteuid(0) == -1)
fatal("Unable to regain privileges");
-@@ -723,7 +723,7 @@ int connect_tty()
+@@ -775,7 +775,7 @@
if (connector == NULL && modem && devnam[0] != 0) {
int i;
for (;;) {
@@ -207,12 +177,11 @@ index d571b11..bc96695 100644
break;
if (errno != EINTR) {
error("Failed to reopen %s: %m", devnam);
-diff --git a/pppd/utils.c b/pppd/utils.c
-index 29bf970..6051b9a 100644
---- a/pppd/utils.c
-+++ b/pppd/utils.c
-@@ -918,14 +918,14 @@ lock(dev)
- slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
+diff -Naur pppd.orig/utils.c pppd/utils.c
+--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200
+@@ -843,14 +843,14 @@
+ slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
#endif
- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
@@ -228,7 +197,7 @@ index 29bf970..6051b9a 100644
if (fd < 0) {
if (errno == ENOENT) /* This is just a timing problem. */
continue;
-@@ -1004,7 +1004,7 @@ relock(pid)
+@@ -933,7 +933,7 @@
if (lock_file[0] == 0)
return -1;
@@ -237,6 +206,3 @@ index 29bf970..6051b9a 100644
if (fd < 0) {
error("Couldn't reopen lock file %s: %m", lock_file);
lock_file[0] = 0;
---
-1.8.3.1
-
diff --git a/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
new file mode 100644
index 000000000..cfd72e468
--- /dev/null
+++ b/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
@@ -0,0 +1,135 @@
+diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c
+--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200
+@@ -146,7 +146,7 @@
+
+ if (!device_got_set)
+ no_device_given_pppoatm();
+- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd < 0)
+ fatal("failed to create socket: %m");
+ memset(&qos, 0, sizeof qos);
+diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c
+--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200
+@@ -116,7 +116,7 @@
+ stype = SOCK_PACKET;
+ #endif
+
+- if ((fd = socket(domain, stype, htons(type))) < 0) {
++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ /* Give a more helpful message for the common error case */
+ if (errno == EPERM) {
+ fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c
+--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200
+@@ -155,7 +155,7 @@
+ /* server equipment). */
+ /* Opening this socket just before waitForPADS in the discovery() */
+ /* function would be more appropriate, but it would mess-up the code */
+- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
+ if (conn->sessionSocket < 0) {
+ error("Failed to create PPPoE socket: %m");
+ return -1;
+@@ -166,7 +166,7 @@
+ lcp_wantoptions[0].mru = conn->mru = conn->storedmru;
+
+ /* Update maximum MRU */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0) {
+ error("Can't get MTU for %s: %m", conn->ifName);
+ goto errout;
+@@ -364,7 +364,7 @@
+ }
+
+ /* Open a socket */
+- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
+ r = 0;
+ }
+
+diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl2tp.c
+--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100
++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200
+@@ -93,7 +93,7 @@
+ int result;
+
+ if (openl2tp_fd < 0) {
+- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (openl2tp_fd < 0) {
+ error("openl2tp connection create: %m");
+ return -ENOTCONN;
+diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol2tp.c
+--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200
+@@ -220,7 +220,7 @@
+ struct ifreq ifr;
+ int fd;
+
+- fd = socket(AF_INET, SOCK_DGRAM, 0);
++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd >= 0) {
+ memset (&ifr, '\0', sizeof (ifr));
+ ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name));
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200
+@@ -499,12 +499,12 @@
+ void sys_init(void)
+ {
+ /* Get an internet socket for doing socket ioctls. */
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ fatal("Couldn't create IP socket: %m(%d)", errno);
+
+ #ifdef PPP_WITH_IPV6CP
+- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock6_fd < 0)
+ sock6_fd = -errno; /* save errno for later */
+ #endif
+@@ -2675,7 +2675,7 @@
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return -1;
+ memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
+@@ -2698,7 +2698,7 @@
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return -1;
+
+@@ -2915,7 +2915,7 @@
+ /*
+ * Open a socket for doing the ioctl operations.
+ */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0)
+ return 0;
+
+diff -Naur pppd.orig/tty.c pppd/tty.c
+--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200
++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200
+@@ -942,7 +942,7 @@
+ *sep = ':';
+
+ /* get a socket and connect it to the other end */
+- sock = socket(PF_INET, SOCK_STREAM, 0);
++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+ if (sock < 0) {
+ error("Can't create socket: %m");
+ return -1;
diff --git a/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch
new file mode 100644
index 000000000..002b6066d
--- /dev/null
+++ b/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch
@@ -0,0 +1,12 @@
+diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h
+--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200
+@@ -143,7 +143,7 @@
+ #define STATE_TERMINATED 4
+
+ /* How many PADI/PADS attempts? */
+-#define MAX_PADI_ATTEMPTS 3
++#define MAX_PADI_ATTEMPTS 4
+
+ /* Initial timeout for PADO/PADS */
+ #define PADI_TIMEOUT 5
diff --git a/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch b/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch
new file mode 100644
index 000000000..dc6c22852
--- /dev/null
+++ b/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch
@@ -0,0 +1,12 @@
+diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c
+--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200
++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200
+@@ -46,6 +46,8 @@
+ #include <signal.h>
+ #include <net/if_arp.h>
+ #include <linux/ppp_defs.h>
++#define _LINUX_IN_H
++#define _LINUX_IN6_H
+ #include <linux/if_pppox.h>
+
+ #include <pppd/pppd.h>
diff --git a/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
new file mode 100644
index 000000000..0e9eab6ed
--- /dev/null
+++ b/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
@@ -0,0 +1,18 @@
+diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure
+--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100
++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200
+@@ -17774,10 +17774,10 @@
+ rm -f $2
+ if [ -f $1 ]; then
+ echo " $2 <= $1"
+- sed -e "s,@DESTDIR@,$prefix,g" \
+- -e "s,@SYSCONF@,$sysconfdir,g" \
+- -e "s,@CC@,$CC,g" \
+- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2
++ sed -e "s#@DESTDIR@#$prefix#g" \
++ -e "s#@SYSCONF@#$sysconfdir#g" \
++ -e "s#@CC@#$CC#g" \
++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2
+ fi
+ }
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-08-07 14:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-07 14:14 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 2f847b3213156ea0ee5cd92be9812de089285c86 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox