* [git.ipfire.org] IPFire 3.x development tree branch, master, updated. f04116f60a337ec988e5f65a445be0da3e81ab78
@ 2023-09-18 10:19 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2023-09-18 10:19 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 30513 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".
The branch, master has been updated
via f04116f60a337ec988e5f65a445be0da3e81ab78 (commit)
via 2007e65b6f25c4ea35ab8fdb2b9dde5d3e665528 (commit)
via c5d38996eb2b4b2e7b8c5db1fdc274de567b46f7 (commit)
via afd03796cb9ef75e76733302b7520ba00102fdc7 (commit)
from 98491fcccede87850cafe73db02e4d182dc8a187 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f04116f60a337ec988e5f65a445be0da3e81ab78
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Sep 17 14:44:22 2023 +0000
iproute2: Update to 6.5
Fixes: #13284
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2007e65b6f25c4ea35ab8fdb2b9dde5d3e665528
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Sep 17 20:18:20 2023 +0000
sudo: Fix incorrect location of libsudo_utils.so
Reported-by: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c5d38996eb2b4b2e7b8c5db1fdc274de567b46f7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Sep 18 10:04:29 2023 +0000
OpenSSL: Add missing Perl dependency
Reported-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit afd03796cb9ef75e76733302b7520ba00102fdc7
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Sep 17 15:42:04 2023 +0200
ppp: Update to version 2.5.0
- IPFire3.x
- Update from version 2.4.9 to 2.5.0
- Update based on the changes from ipfire2.x
- More work still needed once networking has been put in place.
define location of secrets and the IPFire3.x replacements for
the dialer, ip-up and ip_down helper scripts that were used in
IPFire2.x
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
iproute2/iproute2.nm | 4 +-
openssl/openssl.nm | 6 +-
...1-we-don-t-want-to-accidentally-leak-fds.patch0 | 162 ++++++++++++++++
.../ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 | 208 +++++++++++++++++++++
...re-use-SOCK_CLOEXEC-when-creating-socket.patch0 | 135 +++++++++++++
.../ppp-2.5.0-4-increase-max-padi-attempts.patch0 | 12 ++
ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 | 12 ++
...patch-configure-to-handle-cflags-properly.patch | 18 ++
...heck-to-see-if-we-have-struct-sockaddr_ll.patch | 37 ++++
ppp/ppp.nm | 40 ++--
sudo/sudo.nm | 5 +-
11 files changed, 606 insertions(+), 33 deletions(-)
create mode 100644 ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0
create mode 100644 ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0
create mode 100644 ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0
create mode 100644 ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0
create mode 100644 ppp/patches/ppp-2.5.0-5-headers_4.9.patch0
create mode 100644 ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
create mode 100644 ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch
Difference in files:
diff --git a/iproute2/iproute2.nm b/iproute2/iproute2.nm
index 20df759ae..72024ac57 100644
--- a/iproute2/iproute2.nm
+++ b/iproute2/iproute2.nm
@@ -4,8 +4,8 @@
###############################################################################
name = iproute2
-version = 6.0.0
-release = 4
+version = 6.5.0
+release = 1
groups = Networking/Tools
url = https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
diff --git a/openssl/openssl.nm b/openssl/openssl.nm
index 5a422f814..6d5d21863 100644
--- a/openssl/openssl.nm
+++ b/openssl/openssl.nm
@@ -5,7 +5,7 @@
name = openssl
version = 3.1.2
-release = 1
+release = 2
maintainer = Michael Tremer <michael.tremer(a)ipfire.org>
groups = System/Libraries
@@ -35,6 +35,7 @@ build
perl(Pod::Html)
perl(Test::Harness)
perl(Test::More)
+ perl(Time::Local)
sed
zlib-devel
end
@@ -74,8 +75,7 @@ build
${LDFLAGS}
test
- # The testsuite has been disabled as it does not run through
- : # make test
+ make test
end
install
diff --git a/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 b/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0
new file mode 100644
index 000000000..98ab03119
--- /dev/null
+++ b/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0
@@ -0,0 +1,162 @@
+diff -Naur pppd.orig/auth.c pppd/auth.c
+--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200
+@@ -518,7 +518,7 @@
+ free(fname);
+ return 0;
+ }
+- ufile = fopen(fname, "r");
++ ufile = fopen(fname, "re");
+ if (seteuid(euid) == -1)
+ fatal("unable to regain privileges: %m");
+ if (ufile == NULL) {
+@@ -1535,7 +1535,7 @@
+ filename = PPP_PATH_UPAPFILE;
+ addrs = opts = NULL;
+ ret = UPAP_AUTHNAK;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL) {
+ error("Can't open PAP password file %s: %m", filename);
+
+@@ -1635,7 +1635,7 @@
+ if (ret <= 0) {
+ filename = PPP_PATH_UPAPFILE;
+ addrs = NULL;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+ check_access(f, filename);
+@@ -1681,7 +1681,7 @@
+ }
+
+ filename = PPP_PATH_UPAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+ check_access(f, filename);
+@@ -1718,7 +1718,7 @@
+ }
+
+ filename = PPP_PATH_UPAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1760,7 +1760,7 @@
+ }
+
+ filename = PPP_PATH_CHAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1798,7 +1798,7 @@
+ struct wordlist *addrs;
+
+ filename = PPP_PATH_SRPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1849,7 +1849,7 @@
+ addrs = NULL;
+ secbuf[0] = 0;
+
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL) {
+ error("Can't open chap secret file %s: %m", filename);
+ return 0;
+@@ -1902,7 +1902,7 @@
+ filename = PPP_PATH_SRPFILE;
+ addrs = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "re");
+ if (fp == NULL) {
+ error("Can't open srp secret file %s: %m", filename);
+ return 0;
+@@ -2291,7 +2291,7 @@
+ */
+ if (word[0] == '@' && word[1] == '/') {
+ strlcpy(atfile, word+1, sizeof(atfile));
+- if ((sf = fopen(atfile, "r")) == NULL) {
++ if ((sf = fopen(atfile, "re")) == NULL) {
+ warn("can't open indirect secret file %s", atfile);
+ continue;
+ }
+@@ -2461,7 +2461,7 @@
+ char pkfile[MAXWORDLEN];
+
+ filename = PPP_PATH_EAPTLSSERVFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -2518,7 +2518,7 @@
+ return 1;
+
+ filename = PPP_PATH_EAPTLSCLIFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -2738,7 +2738,7 @@
+ filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE);
+ addrs = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "re");
+ if (fp == NULL)
+ {
+ error("Can't open eap-tls secret file %s: %m", filename);
+diff -Naur pppd.orig/options.c pppd/options.c
+--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200
+@@ -555,7 +555,7 @@
+ ppp_option_error("unable to drop privileges to open %s: %m", filename);
+ return 0;
+ }
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ err = errno;
+ if (check_prot && seteuid(euid) == -1)
+ fatal("unable to regain privileges");
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100
++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
+@@ -1978,7 +1978,7 @@
+ /* Default the mount location of /proc */
+ strlcpy (proc_path, "/proc", sizeof(proc_path));
+ proc_path_len = 5;
+- fp = fopen(MOUNTED, "r");
++ fp = fopen(MOUNTED, "re");
+ if (fp != NULL) {
+ while ((mntent = getmntent(fp)) != NULL) {
+ if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
+@@ -2038,7 +2038,7 @@
+ close_route_table();
+
+ path = path_to_procfs("/net/route");
+- route_fd = fopen (path, "r");
++ route_fd = fopen (path, "re");
+ if (route_fd == NULL) {
+ error("can't open routing table %s: %m", path);
+ return 0;
+@@ -2322,7 +2322,7 @@
+ close_route_table();
+
+ path = path_to_procfs("/net/ipv6_route");
+- route_fd = fopen (path, "r");
++ route_fd = fopen (path, "re");
+ if (route_fd == NULL) {
+ error("can't open routing table %s: %m", path);
+ return 0;
diff --git a/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 b/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0
new file mode 100644
index 000000000..c205c0e08
--- /dev/null
+++ b/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0
@@ -0,0 +1,208 @@
+diff -Naur pppd.orig/eap.c pppd/eap.c
+--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200
+@@ -1542,7 +1542,7 @@
+
+ if ((path = name_of_pn_file()) == NULL)
+ return (-1);
+- fd = open(path, modebits, S_IRUSR | S_IWUSR);
++ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
+ err = errno;
+ free(path);
+ errno = err;
+diff -Naur pppd.orig/main.c pppd/main.c
+--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200
+@@ -479,7 +479,7 @@
+ die(0);
+
+ /* Make sure fds 0, 1, 2 are open to somewhere. */
+- fd_devnull = open(PPP_DEVNULL, O_RDWR);
++ fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC);
+ if (fd_devnull < 0)
+ fatal("Couldn't open %s: %m", PPP_DEVNULL);
+ while (fd_devnull <= 2) {
+diff -Naur pppd.orig/options.c pppd/options.c
+--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200
++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200
+@@ -1718,9 +1718,9 @@
+ ppp_option_error("unable to drop permissions to open %s: %m", *argv);
+ return 0;
+ }
+- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
++ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
+ if (fd < 0 && errno == EEXIST)
+- fd = open(*argv, O_WRONLY | O_APPEND);
++ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
+ err = errno;
+ if (!privileged_option && seteuid(euid) == -1)
+ fatal("unable to regain privileges: %m");
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
+@@ -666,7 +666,7 @@
+ goto err;
+ }
+ dbglog("using channel %d", chindex);
+- fd = open("/dev/ppp", O_RDWR);
++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (fd < 0) {
+ error("Couldn't reopen /dev/ppp: %m");
+ goto err;
+@@ -904,7 +904,7 @@
+ dbglog("in make_ppp_unit, already had /dev/ppp open?");
+ close(ppp_dev_fd);
+ }
+- ppp_dev_fd = open("/dev/ppp", O_RDWR);
++ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (ppp_dev_fd < 0)
+ fatal("Couldn't open /dev/ppp: %m");
+ flags = fcntl(ppp_dev_fd, F_GETFL);
+@@ -1025,7 +1025,7 @@
+ if (!new_style_driver)
+ return -1;
+
+- master_fd = open("/dev/ppp", O_RDWR);
++ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (master_fd < 0)
+ fatal("Couldn't open /dev/ppp: %m");
+ if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
+@@ -2533,7 +2533,7 @@
+ if (tune_kernel) {
+ forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
+ if (forw_path != 0) {
+- int fd = open(forw_path, O_WRONLY);
++ int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
+ if (fd >= 0) {
+ if (write(fd, "1", 1) != 1)
+ error("Couldn't enable IP forwarding: %m");
+@@ -2878,7 +2878,7 @@
+ sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
+ kernel_version = KVERSION(osmaj, osmin, ospatch);
+
+- fd = open("/dev/ppp", O_RDWR);
++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (fd >= 0) {
+ new_style_driver = 1;
+
+@@ -3056,7 +3056,7 @@
+ #if __GLIBC__ >= 2
+ updwtmp(_PATH_WTMP, &ut);
+ #else
+- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
++ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
+ if (wtmp >= 0) {
+ flock(wtmp, LOCK_EX);
+
+@@ -3280,7 +3280,7 @@
+ int fd;
+
+ path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
+- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
++ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
+ if (write(fd, "1", 1) != 1)
+ error("Couldn't enable dynamic IP addressing: %m");
+ close(fd);
+@@ -3534,7 +3534,7 @@
+ /*
+ * Try the unix98 way first.
+ */
+- mfd = open("/dev/ptmx", O_RDWR);
++ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
+ if (mfd >= 0) {
+ int ptn;
+ if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
+@@ -3545,7 +3545,8 @@
+ if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
+ warn("Couldn't unlock pty slave %s: %m", pty_name);
+ #endif
+- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
++
++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ {
+ warn("Couldn't open pty slave %s: %m", pty_name);
+ close(mfd);
+@@ -3559,10 +3560,10 @@
+ for (i = 0; i < 64; ++i) {
+ slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
+ 'p' + i / 16, i % 16);
+- mfd = open(pty_name, O_RDWR, 0);
++ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
+ if (mfd >= 0) {
+ pty_name[5] = 't';
+- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
++ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
+ if (sfd >= 0) {
+ ret = fchown(sfd, uid, -1);
+ if (ret != 0) {
+diff -Naur pppd.orig/tdb.c pppd/tdb.c
+--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200
++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200
+@@ -1728,7 +1728,7 @@
+ goto internal;
+ }
+
+- if ((tdb->fd = open(name, open_flags, mode)) == -1) {
++ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
+ TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
+ name, strerror(errno)));
+ goto fail; /* errno set by open(2) */
+@@ -1971,7 +1971,7 @@
+ }
+ if (close(tdb->fd) != 0)
+ TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
+- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
++ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
+ if (tdb->fd == -1) {
+ TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
+ goto fail;
+diff -Naur pppd.orig/tty.c pppd/tty.c
+--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200
+@@ -621,7 +621,7 @@
+ ppp_set_status(EXIT_OPEN_FAILED);
+ goto errret;
+ }
+- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
++ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
+ err = errno;
+ if (prio < OPRIO_ROOT && seteuid(0) == -1)
+ fatal("Unable to regain privileges");
+@@ -775,7 +775,7 @@
+ if (connector == NULL && modem && devnam[0] != 0) {
+ int i;
+ for (;;) {
+- if ((i = open(devnam, O_RDWR)) >= 0)
++ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
+ break;
+ if (errno != EINTR) {
+ error("Failed to reopen %s: %m", devnam);
+diff -Naur pppd.orig/utils.c pppd/utils.c
+--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200
+@@ -843,14 +843,14 @@
+ slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
+ #endif
+
+- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
++ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
+ if (errno != EEXIST) {
+ error("Can't create lock file %s: %m", lock_file);
+ break;
+ }
+
+ /* Read the lock file to find out who has the device locked. */
+- fd = open(lock_file, O_RDONLY, 0);
++ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
+ if (fd < 0) {
+ if (errno == ENOENT) /* This is just a timing problem. */
+ continue;
+@@ -933,7 +933,7 @@
+
+ if (lock_file[0] == 0)
+ return -1;
+- fd = open(lock_file, O_WRONLY, 0);
++ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
+ if (fd < 0) {
+ error("Couldn't reopen lock file %s: %m", lock_file);
+ lock_file[0] = 0;
diff --git a/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 b/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0
new file mode 100644
index 000000000..cfd72e468
--- /dev/null
+++ b/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0
@@ -0,0 +1,135 @@
+diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c
+--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200
+@@ -146,7 +146,7 @@
+
+ if (!device_got_set)
+ no_device_given_pppoatm();
+- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd < 0)
+ fatal("failed to create socket: %m");
+ memset(&qos, 0, sizeof qos);
+diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c
+--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200
+@@ -116,7 +116,7 @@
+ stype = SOCK_PACKET;
+ #endif
+
+- if ((fd = socket(domain, stype, htons(type))) < 0) {
++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ /* Give a more helpful message for the common error case */
+ if (errno == EPERM) {
+ fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c
+--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200
+@@ -155,7 +155,7 @@
+ /* server equipment). */
+ /* Opening this socket just before waitForPADS in the discovery() */
+ /* function would be more appropriate, but it would mess-up the code */
+- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
+ if (conn->sessionSocket < 0) {
+ error("Failed to create PPPoE socket: %m");
+ return -1;
+@@ -166,7 +166,7 @@
+ lcp_wantoptions[0].mru = conn->mru = conn->storedmru;
+
+ /* Update maximum MRU */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0) {
+ error("Can't get MTU for %s: %m", conn->ifName);
+ goto errout;
+@@ -364,7 +364,7 @@
+ }
+
+ /* Open a socket */
+- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
+ r = 0;
+ }
+
+diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl2tp.c
+--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100
++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200
+@@ -93,7 +93,7 @@
+ int result;
+
+ if (openl2tp_fd < 0) {
+- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (openl2tp_fd < 0) {
+ error("openl2tp connection create: %m");
+ return -ENOTCONN;
+diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol2tp.c
+--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200
+@@ -220,7 +220,7 @@
+ struct ifreq ifr;
+ int fd;
+
+- fd = socket(AF_INET, SOCK_DGRAM, 0);
++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd >= 0) {
+ memset (&ifr, '\0', sizeof (ifr));
+ ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name));
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200
+@@ -499,12 +499,12 @@
+ void sys_init(void)
+ {
+ /* Get an internet socket for doing socket ioctls. */
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ fatal("Couldn't create IP socket: %m(%d)", errno);
+
+ #ifdef PPP_WITH_IPV6CP
+- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock6_fd < 0)
+ sock6_fd = -errno; /* save errno for later */
+ #endif
+@@ -2675,7 +2675,7 @@
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return -1;
+ memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
+@@ -2698,7 +2698,7 @@
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return -1;
+
+@@ -2915,7 +2915,7 @@
+ /*
+ * Open a socket for doing the ioctl operations.
+ */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0)
+ return 0;
+
+diff -Naur pppd.orig/tty.c pppd/tty.c
+--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200
++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200
+@@ -942,7 +942,7 @@
+ *sep = ':';
+
+ /* get a socket and connect it to the other end */
+- sock = socket(PF_INET, SOCK_STREAM, 0);
++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+ if (sock < 0) {
+ error("Can't create socket: %m");
+ return -1;
diff --git a/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 b/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0
new file mode 100644
index 000000000..002b6066d
--- /dev/null
+++ b/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0
@@ -0,0 +1,12 @@
+diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h
+--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200
+@@ -143,7 +143,7 @@
+ #define STATE_TERMINATED 4
+
+ /* How many PADI/PADS attempts? */
+-#define MAX_PADI_ATTEMPTS 3
++#define MAX_PADI_ATTEMPTS 4
+
+ /* Initial timeout for PADO/PADS */
+ #define PADI_TIMEOUT 5
diff --git a/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 b/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0
new file mode 100644
index 000000000..dc6c22852
--- /dev/null
+++ b/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0
@@ -0,0 +1,12 @@
+diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c
+--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200
++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200
+@@ -46,6 +46,8 @@
+ #include <signal.h>
+ #include <net/if_arp.h>
+ #include <linux/ppp_defs.h>
++#define _LINUX_IN_H
++#define _LINUX_IN6_H
+ #include <linux/if_pppox.h>
+
+ #include <pppd/pppd.h>
diff --git a/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch b/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
new file mode 100644
index 000000000..0e9eab6ed
--- /dev/null
+++ b/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
@@ -0,0 +1,18 @@
+diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure
+--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100
++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200
+@@ -17774,10 +17774,10 @@
+ rm -f $2
+ if [ -f $1 ]; then
+ echo " $2 <= $1"
+- sed -e "s,@DESTDIR@,$prefix,g" \
+- -e "s,@SYSCONF@,$sysconfdir,g" \
+- -e "s,@CC@,$CC,g" \
+- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2
++ sed -e "s#@DESTDIR@#$prefix#g" \
++ -e "s#@SYSCONF@#$sysconfdir#g" \
++ -e "s#@CC@#$CC#g" \
++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2
+ fi
+ }
+
diff --git a/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch b/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch
new file mode 100644
index 000000000..a7823d424
--- /dev/null
+++ b/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch
@@ -0,0 +1,37 @@
+From 9d6d326b2530cffb1414e4c401675117c42d43ce Mon Sep 17 00:00:00 2001
+From: Eivind Naess <eivnaes(a)yahoo.com>
+Date: Sun, 23 Apr 2023 11:30:43 -0700
+Subject: [PATCH] Add configure check to see if we have struct sockaddr_ll
+
+Fixes issue #411.
+
+Signed-off-by: Eivind Naess <eivnaes(a)yahoo.com>
+---
+ configure.ac | 3 ++-
+ pppd/plugins/pppoe/config.h.in | 2 ++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1180f64ec..38b24af92 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -75,7 +75,8 @@ AM_COND_IF([LINUX], [
+ linux/if_ether.h \
+ linux/if_packet.h \
+ netinet/if_ether.h \
+- netpacket/packet.h])])
++ netpacket/packet.h])
++ AC_CHECK_TYPES([struct sockaddr_ll], [], [], [#include <linux/if_packet.h>])])
+
+ AC_CHECK_SIZEOF(unsigned int)
+ AC_CHECK_SIZEOF(unsigned long)
+diff --git a/pppd/plugins/pppoe/config.h.in b/pppd/plugins/pppoe/config.h.in
+index d447f5e89..d7d61c01c 100644
+--- a/pppd/plugins/pppoe/config.h.in
++++ b/pppd/plugins/pppoe/config.h.in
+@@ -69,3 +69,5 @@
+ /* The size of `unsigned short', as computed by sizeof. */
+ #undef SIZEOF_UNSIGNED_SHORT
+
++/* Define to 1 if the system has the type `struct sockaddr_ll'. */
++#undef HAVE_STRUCT_SOCKADDR_LL
diff --git a/ppp/ppp.nm b/ppp/ppp.nm
index 8013c4818..a1f15ab3e 100644
--- a/ppp/ppp.nm
+++ b/ppp/ppp.nm
@@ -4,8 +4,8 @@
###############################################################################
name = ppp
-version = 2.4.9
-release = 4
+version = 2.5.0
+release = 1
groups = System/Daemons
url = https://ppp.samba.org/
@@ -24,6 +24,8 @@ source_dl = https://download.samba.org/pub/ppp/
build
requires
+ autoconf
+ automake
libpcap-devel
libudev-devel
libxcrypt-devel
@@ -32,43 +34,27 @@ build
systemd-devel
end
- prepare_cmds
- sed -e "s@^RUNDIR .*@RUNDIR = /run/ppp@" \
- -e "s@^LOGDIR .*@LOGDIR = /var/log/ppp@" \
- -i linux/Makefile.top
-
- sed -e "s@^DESTDIR.*@DESTDIR=\$%{INSTROOT}/usr@" \
- -i pppd/plugins/pppol2tp/Makefile.linux
-
- # Remove broken header file that crashed the build.
- rm -f include/linux/if_pppol2tp.h
- end
-
- make_build_targets += \
- CC="gcc %{CFLAGS} %{LDFLAGS}"
+ configure_options += --with-logfile-dir=/var/log
install
make install INSTROOT=%{BUILDROOT}
- rm -rfv %{BUILDROOT}/etc/ppp/plugins
-
+ touch /var/log/connect-errors
mkdir -pv %{BUILDROOT}/etc/ppp
+
+ # Reminder note
+ # code used to be here to copy across IPFire2.x dialler etc scripts
+ # something to replace those for IPFire3.x is likely nedeed somewhere
+
touch %{BUILDROOT}/etc/ppp/secrets
chmod -v 600 %{BUILDROOT}/etc/ppp/secrets
- ln -svf secrets %{BUILDROOT}/etc/ppp/pap-secrets
- ln -svf secrets %{BUILDROOT}/etc/ppp/chap-secrets
-
- # Fix binary permissions.
- find %{BUILDROOT}%{sbindir} -type f -executable \
- -exec chmod 755 {} \;
+ ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/pap-secrets
+ ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/chap-secrets
end
end
packages
package %{name}
- #requires
- # /usr/lib/network/helpers/pppd-angel
- #end
script postin
systemctl daemon-reload >/dev/null 2>&1 || :
diff --git a/sudo/sudo.nm b/sudo/sudo.nm
index 50fc02f07..4757ecec3 100644
--- a/sudo/sudo.nm
+++ b/sudo/sudo.nm
@@ -5,7 +5,7 @@
name = sudo
version = 1.9.14p3
-release = 1
+release = 2
groups = Applications/System
url = https://www.sudo.ws/
@@ -70,6 +70,9 @@ build
# Fix library permissions.
find %{BUILDROOT}%{libdir}/%{name} -type f -iname "*.so" -exec chmod 755 {} \;
+ # ... and move the libraries to the correct place
+ mv -v %{BUILDROOT}%{libdir}/%{name}/libsudo_util.so* %{BUILDROOT}%{libdir}/
+
end
end
hooks/post-receive
--
IPFire 3.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-09-18 10:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-18 10:19 [git.ipfire.org] IPFire 3.x development tree branch, master, updated. f04116f60a337ec988e5f65a445be0da3e81ab78 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox