diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index d61fdf811..f1f4f88f2 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -2,8 +2,6 @@ etc/ppp/chap-secrets etc/ppp/demonloginscript etc/ppp/dialer -#etc/ppp/eaptls-client -#etc/ppp/eaptls-server etc/ppp/ioptions etc/ppp/ip-down etc/ppp/ip-up @@ -14,7 +12,6 @@ etc/ppp/standardloginscript #usr/include/pppd/ccp.h #usr/include/pppd/chap-new.h #usr/include/pppd/chap_ms.h -#usr/include/pppd/eap-tls.h #usr/include/pppd/eap.h #usr/include/pppd/ecp.h #usr/include/pppd/eui64.h @@ -26,7 +23,6 @@ etc/ppp/standardloginscript #usr/include/pppd/magic.h #usr/include/pppd/md4.h #usr/include/pppd/md5.h -#usr/include/pppd/mppe.h #usr/include/pppd/patchlevel.h #usr/include/pppd/pathnames.h #usr/include/pppd/pppcrypt.h @@ -37,19 +33,18 @@ etc/ppp/standardloginscript #usr/include/pppd/tdb.h #usr/include/pppd/upap.h usr/lib/pppd -usr/lib/pppd/2.4.9 -usr/lib/pppd/2.4.9/minconn.so -usr/lib/pppd/2.4.9/openl2tp.so -usr/lib/pppd/2.4.9/passprompt.so -usr/lib/pppd/2.4.9/passwordfd.so -usr/lib/pppd/2.4.9/pppoatm.so -usr/lib/pppd/2.4.9/pppoe.so -usr/lib/pppd/2.4.9/pppol2tp.so -usr/lib/pppd/2.4.9/radattr.so -usr/lib/pppd/2.4.9/radius.so -usr/lib/pppd/2.4.9/radrealms.so -usr/lib/pppd/2.4.9/rp-pppoe.so -usr/lib/pppd/2.4.9/winbind.so +usr/lib/pppd/2.4.8 +#usr/lib/pppd/2.4.8/minconn.so +#usr/lib/pppd/2.4.8/openl2tp.so +#usr/lib/pppd/2.4.8/passprompt.so +#usr/lib/pppd/2.4.8/passwordfd.so +#usr/lib/pppd/2.4.8/pppoatm.so +#usr/lib/pppd/2.4.8/pppol2tp.so +#usr/lib/pppd/2.4.8/radattr.so +#usr/lib/pppd/2.4.8/radius.so +#usr/lib/pppd/2.4.8/radrealms.so +#usr/lib/pppd/2.4.8/rp-pppoe.so +#usr/lib/pppd/2.4.8/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump diff --git a/config/rootfiles/core/158/filelists/ppp b/config/rootfiles/core/158/filelists/ppp new file mode 120000 index 000000000..4844a9b58 --- /dev/null +++ b/config/rootfiles/core/158/filelists/ppp @@ -0,0 +1 @@ +../../../common/ppp \ No newline at end of file diff --git a/config/rootfiles/core/158/update.sh b/config/rootfiles/core/158/update.sh index de0e0bbe9..42744e2a7 100644 --- a/config/rootfiles/core/158/update.sh +++ b/config/rootfiles/core/158/update.sh @@ -39,6 +39,7 @@ rm -vrf \ /usr/lib/conntrack-tools \ /usr/lib/libixml.so.* \ /usr/lib/libupnp.so.* \ + /usr/lib/pppd/2.4.9/ \ /var/ipfire/upnp \ /lib/firmware/cxgb4/t4fw-1.24.14.0.bin \ /lib/firmware/cxgb4/t5fw-1.24.14.0.bin \ @@ -74,10 +75,13 @@ ldconfig /usr/local/bin/filesystem-cleanup # Start services -/etc/init.d/apache restart -/etc/init.d/vnstatd restart +/etc/init.d/vnstat restart /etc/init.d/rngd restart +# Restart apache +/etc/init.d/apache stop +/etc/init.d/apache start + # This update needs a reboot... #touch /var/run/need_reboot diff --git a/config/rootfiles/packages/python3-six b/config/rootfiles/packages/python3-six new file mode 100644 index 000000000..0801d36da --- /dev/null +++ b/config/rootfiles/packages/python3-six @@ -0,0 +1,6 @@ +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info/PKG-INFO +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info/SOURCES.txt +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info/dependency_links.txt +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info/top_level.txt +usr/lib/python3.8/site-packages/six.py diff --git a/lfs/aws-cli b/lfs/aws-cli index 599469ee3..a098f9ad8 100644 --- a/lfs/aws-cli +++ b/lfs/aws-cli @@ -32,9 +32,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = aws-cli -PAK_VER = 3 +PAK_VER = 4 -DEPS = python3-botocore python3-colorama python3-docutils python3-pyasn1 python3-rsa python3-s3transfer python3-yaml +DEPS = python3-botocore python3-colorama python3-docutils python3-pyasn1 python3-rsa python3-s3transfer python3-six python3-yaml ############################################################################### # Top-level Rules diff --git a/lfs/ppp b/lfs/ppp index 73356b8c4..cbac95067 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2018 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,12 +24,12 @@ include Config -VER = 2.4.9 +VER = 2.4.8 THISAPP = ppp-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) +DIR_APP = $(DIR_SRC)/ppp-$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) CFLAGS += -fno-strict-aliasing @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f +$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123 install : $(TARGET) @@ -73,15 +73,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h - cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls - cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls + cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)" cd $(DIR_APP) && make install cd $(DIR_APP) && make install-etcppp touch /var/log/connect-errors diff --git a/lfs/python3-six b/lfs/python3-six new file mode 100644 index 000000000..9d467f273 --- /dev/null +++ b/lfs/python3-six @@ -0,0 +1,83 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2020 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.14.0 + +THISAPP = six-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = python3-six +PAK_VER = 3 + +DEPS = + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 21674588a57e649d1a6d977ec3122140 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 setup.py build + cd $(DIR_APP) && python3 setup.py install --root=/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index fc03ebcd5..83bd9faeb 100755 --- a/make.sh +++ b/make.sh @@ -1534,6 +1534,7 @@ buildipfire() { lfsmake2 libsolv lfsmake2 ddns lfsmake2 python3-setuptools-scm + lfsmake2 python3-six lfsmake2 python3-dateutil lfsmake2 python3-jmespath lfsmake2 python3-colorama diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch new file mode 100644 index 000000000..4a43d444a --- /dev/null +++ b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch @@ -0,0 +1,121 @@ +From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 4 Apr 2014 11:29:39 +0200 +Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by + rpmbuild + +--- + chat/Makefile.linux | 2 +- + pppd/Makefile.linux | 3 +-- + pppd/plugins/Makefile.linux | 2 +- + pppd/plugins/pppoatm/Makefile.linux | 2 +- + pppd/plugins/radius/Makefile.linux | 2 +- + pppd/plugins/rp-pppoe/Makefile.linux | 2 +- + pppdump/Makefile.linux | 2 +- + pppstats/Makefile.linux | 2 +- + 8 files changed, 8 insertions(+), 9 deletions(-) + +diff --git a/chat/Makefile.linux b/chat/Makefile.linux +index 1065ac5..848cd8d 100644 +--- a/chat/Makefile.linux ++++ b/chat/Makefile.linux +@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function + CDEF4= -DFNDELAY=O_NDELAY # Old name value + CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) + +-COPTS= -O2 -g -pipe ++COPTS= $(RPM_OPT_FLAGS) + CFLAGS= $(COPTS) $(CDEFS) + + INSTALL= install +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 5a44d30..63872eb 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -32,8 +32,7 @@ endif + + CC = gcc + # +-COPTS = -O2 -pipe -Wall -g +-LIBS = ++COPTS = -Wall $(RPM_OPT_FLAGS) + + # Uncomment the next 2 lines to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. +diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux +index 0a7ec7b..e09a369 100644 +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I.. -I../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux +index 20f62e6..5a81447 100644 +--- a/pppd/plugins/pppoatm/Makefile.linux ++++ b/pppd/plugins/pppoatm/Makefile.linux +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux +index 24ed3e5..45b3b8d 100644 +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + INSTALL = install + + PLUGIN=radius.so radattr.so radrealms.so +-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON + + # Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. +diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux +index 5d7a271..352991a 100644 +--- a/pppd/plugins/rp-pppoe/Makefile.linux ++++ b/pppd/plugins/rp-pppoe/Makefile.linux +@@ -25,7 +25,7 @@ INSTALL = install + # Version is set ONLY IN THE MAKEFILE! Don't delete this! + RP_VERSION=3.8p + +-COPTS=-O2 -g ++COPTS=$(RPM_OPT_FLAGS) + CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' + all: rp-pppoe.so pppoe-discovery + +diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux +index ac028f6..d0a5032 100644 +--- a/pppdump/Makefile.linux ++++ b/pppdump/Makefile.linux +@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + +-CFLAGS= -O -I../include/net ++CFLAGS= $(RPM_OPT_FLAGS) -I../include/net + OBJS = pppdump.o bsd-comp.o deflate.o zlib.o + + INSTALL= install +diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux +index cca6f0f..42aba73 100644 +--- a/pppstats/Makefile.linux ++++ b/pppstats/Makefile.linux +@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c + PPPSTATOBJS = pppstats.o + + #CC = gcc +-COPTS = -O ++COPTS = $(RPM_OPT_FLAGS) + COMPILE_FLAGS = -I../include + LIBS = + +-- +1.8.3.1 + diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch index 0fb028779..2513021b2 100644 --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644 free(path); errno = err; diff --git a/pppd/main.c b/pppd/main.c -index 87a5d29..152e4a2 100644 +index 6d50d1b..4880377 100644 --- a/pppd/main.c +++ b/pppd/main.c -@@ -400,7 +400,7 @@ main(int argc, char *argv[]) +@@ -420,7 +420,7 @@ main(argc, argv) die(0); /* Make sure fds 0, 1, 2 are open to somewhere. */ @@ -39,12 +39,12 @@ index 87a5d29..152e4a2 100644 if (fd_devnull < 0) fatal("Couldn't open %s: %m", _PATH_DEVNULL); while (fd_devnull <= 2) { -@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait) +@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait) if (log_to_fd >= 0) errfd = log_to_fd; else -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); -+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644); +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); ++ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600); ++conn_running; pid = safe_fork(in, out, errfd); diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch index fffda981d..3475f09a8 100644 --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket pppd/plugins/pppoatm/pppoatm.c | 2 +- pppd/plugins/pppol2tp/openl2tp.c | 2 +- pppd/plugins/pppol2tp/pppol2tp.c | 2 +- - pppd/plugins/pppoe/if.c | 2 +- - pppd/plugins/pppoe/plugin.c | 6 +++--- - pppd/plugins/pppoe/pppoe-discovery.c | 2 +- + pppd/plugins/rp-pppoe/if.c | 2 +- + pppd/plugins/rp-pppoe/plugin.c | 6 +++--- + pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +- pppd/sys-linux.c | 10 +++++----- pppd/tty.c | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644 if (fd >= 0) { memset (&ifr, '\0', sizeof (ifr)); strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c +diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c index 91e9a57..72aba41 100644 ---- a/pppd/plugins/pppoe/if.c -+++ b/pppd/plugins/pppoe/if.c +--- a/pppd/plugins/rp-pppoe/if.c ++++ b/pppd/plugins/rp-pppoe/if.c @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) stype = SOCK_PACKET; #endif @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644 /* Give a more helpful message for the common error case */ if (errno == EPERM) { fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c +diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c index a8c2bb4..24bdf8f 100644 ---- a/pppd/plugins/pppoe/plugin.c -+++ b/pppd/plugins/pppoe/plugin.c +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c @@ -137,7 +137,7 @@ PPPOEConnectDevice(void) /* server equipment). */ /* Opening this socket just before waitForPADS in the discovery() */ @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644 r = 0; } -diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c +diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c index 3d3bf4e..c0d927d 100644 ---- a/pppd/plugins/pppoe/pppoe-discovery.c -+++ b/pppd/plugins/pppoe/pppoe-discovery.c +--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c ++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) stype = SOCK_PACKET; #endif @@ -147,6 +147,15 @@ index 00a2cf5..0690019 100644 if (s < 0) return 0; +@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64) + int skfd; + const unsigned char *ptr; + +- skfd = socket(PF_INET6, SOCK_DGRAM, 0); ++ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if(skfd == -1) + { + warn("could not open IPv6 socket"); diff --git a/pppd/tty.c b/pppd/tty.c index bc96695..8e76a5d 100644 --- a/pppd/tty.c diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch index 1b36e8369..5127c1f10 100644 --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch @@ -1,7 +1,7 @@ -diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h +diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h index 9ab2eee..86762bd 100644 ---- a/pppd/plugins/pppoe/pppoe.h -+++ b/pppd/plugins/pppoe/pppoe.h +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session; #define STATE_TERMINATED 4 diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch index 686db9204..633eb045a 100644 --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch @@ -1,6 +1,6 @@ -diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c ---- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 +diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c +--- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 ++++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 @@ -49,6 +49,8 @@ #include #include diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch new file mode 100644 index 000000000..858769f48 --- /dev/null +++ b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch @@ -0,0 +1,35 @@ +commit 8d7970b8f3db727fe798b65f3377fe6787575426 +Author: Paul Mackerras +Date: Mon Feb 3 15:53:28 2020 +1100 + + pppd: Fix bounds check in EAP code + + Given that we have just checked vallen < len, it can never be the case + that vallen >= len + sizeof(rhostname). This fixes the check so we + actually avoid overflowing the rhostname array. + + Reported-by: Ilja Van Sprundel + Signed-off-by: Paul Mackerras + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f5..1b93db0 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch deleted file mode 100644 index b36ace192..000000000 --- a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200 -+++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200 -@@ -121,9 +121,9 @@ - rm -f $2 - if [ -f $1 ]; then - echo " $2 <= $1" -- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ -- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ -- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 -+ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \ -+ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \ -+ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2 - fi - } -