From 17f0494bf28d4d607b15fa5d562a14ead495e7ea Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Jul 2021 10:09:40 +0000 Subject: [PATCH 1/6] core158: Fix name of vnstat initscript Signed-off-by: Michael Tremer --- config/rootfiles/core/158/update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/rootfiles/core/158/update.sh b/config/rootfiles/core/158/update.sh index de0e0bbe9..2c6ef8655 100644 --- a/config/rootfiles/core/158/update.sh +++ b/config/rootfiles/core/158/update.sh @@ -75,7 +75,7 @@ ldconfig # Start services /etc/init.d/apache restart -/etc/init.d/vnstatd restart +/etc/init.d/vnstat restart /etc/init.d/rngd restart # This update needs a reboot... From 29e59d8c3ecbea5b1f4ebc2bd76384d40e903262 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Jul 2021 10:10:17 +0000 Subject: [PATCH 2/6] core158: Fully terminate apache before restarting it Asking apache to restart itself fails when the binary is changed and some symbols cannot be resolved. We therefore terminate all processes and start them again. Signed-off-by: Michael Tremer --- config/rootfiles/core/158/update.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/158/update.sh b/config/rootfiles/core/158/update.sh index 2c6ef8655..a34c01bcc 100644 --- a/config/rootfiles/core/158/update.sh +++ b/config/rootfiles/core/158/update.sh @@ -74,10 +74,13 @@ ldconfig /usr/local/bin/filesystem-cleanup # Start services -/etc/init.d/apache restart /etc/init.d/vnstat restart /etc/init.d/rngd restart +# Restart apache +/etc/init.d/apache stop +/etc/init.d/apache start + # This update needs a reboot... #touch /var/run/need_reboot From 5996c2815798e7bb8c069caad40ffb084ecf1cf7 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Jul 2021 17:16:09 +0000 Subject: [PATCH 3/6] Revert "python-six: Removal of python2 & 3 addon versions of six" This reverts commit 3a61ae73fa179adb24f9feeb8ee486c1900609bf. This module is required by awscli. Signed-off-by: Michael Tremer --- config/rootfiles/packages/python3-six | 6 ++ lfs/python3-six | 83 +++++++++++++++++++++++++++ make.sh | 1 + 3 files changed, 90 insertions(+) create mode 100644 config/rootfiles/packages/python3-six create mode 100644 lfs/python3-six diff --git a/config/rootfiles/packages/python3-six b/config/rootfiles/packages/python3-six new file mode 100644 index 000000000..0801d36da --- /dev/null +++ b/config/rootfiles/packages/python3-six @@ -0,0 +1,6 @@ +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info/PKG-INFO +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info/SOURCES.txt +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info/dependency_links.txt +#usr/lib/python3.8/site-packages/six-1.14.0-py3.8.egg-info/top_level.txt +usr/lib/python3.8/site-packages/six.py diff --git a/lfs/python3-six b/lfs/python3-six new file mode 100644 index 000000000..9d467f273 --- /dev/null +++ b/lfs/python3-six @@ -0,0 +1,83 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2020 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.14.0 + +THISAPP = six-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = python3-six +PAK_VER = 3 + +DEPS = + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 21674588a57e649d1a6d977ec3122140 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && python3 setup.py build + cd $(DIR_APP) && python3 setup.py install --root=/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index fc03ebcd5..83bd9faeb 100755 --- a/make.sh +++ b/make.sh @@ -1534,6 +1534,7 @@ buildipfire() { lfsmake2 libsolv lfsmake2 ddns lfsmake2 python3-setuptools-scm + lfsmake2 python3-six lfsmake2 python3-dateutil lfsmake2 python3-jmespath lfsmake2 python3-colorama From 33cfcae627a50d24683e3b365d4d65f54184d030 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 1 Jul 2021 17:16:36 +0000 Subject: [PATCH 4/6] aws-cli: Depend on python3-six Signed-off-by: Michael Tremer --- lfs/aws-cli | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/aws-cli b/lfs/aws-cli index 599469ee3..a098f9ad8 100644 --- a/lfs/aws-cli +++ b/lfs/aws-cli @@ -32,9 +32,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = aws-cli -PAK_VER = 3 +PAK_VER = 4 -DEPS = python3-botocore python3-colorama python3-docutils python3-pyasn1 python3-rsa python3-s3transfer python3-yaml +DEPS = python3-botocore python3-colorama python3-docutils python3-pyasn1 python3-rsa python3-s3transfer python3-six python3-yaml ############################################################################### # Top-level Rules From 2d6e633d7f20bd94cbc36880049d2599e93bdaf3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 2 Jul 2021 14:38:28 +0000 Subject: [PATCH 5/6] Revert "ppp: update to 2.4.9" This reverts commit 0cd9215b565e7c3ef34699b695aaab7eba1dc510. Signed-off-by: Michael Tremer --- config/rootfiles/common/ppp | 29 ++--- lfs/ppp | 15 ++- ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ++++++++++++++++++ .../0013-everywhere-O_CLOEXEC-harder.patch | 10 +- ...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 +++-- ...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +- src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +- ....8-pppd-fix-bounds-check-in-eap-code.patch | 35 +++++ ...-configure-to-handle-cflags-properly.patch | 15 --- 9 files changed, 208 insertions(+), 62 deletions(-) create mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch create mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch delete mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index d61fdf811..f1f4f88f2 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -2,8 +2,6 @@ etc/ppp/chap-secrets etc/ppp/demonloginscript etc/ppp/dialer -#etc/ppp/eaptls-client -#etc/ppp/eaptls-server etc/ppp/ioptions etc/ppp/ip-down etc/ppp/ip-up @@ -14,7 +12,6 @@ etc/ppp/standardloginscript #usr/include/pppd/ccp.h #usr/include/pppd/chap-new.h #usr/include/pppd/chap_ms.h -#usr/include/pppd/eap-tls.h #usr/include/pppd/eap.h #usr/include/pppd/ecp.h #usr/include/pppd/eui64.h @@ -26,7 +23,6 @@ etc/ppp/standardloginscript #usr/include/pppd/magic.h #usr/include/pppd/md4.h #usr/include/pppd/md5.h -#usr/include/pppd/mppe.h #usr/include/pppd/patchlevel.h #usr/include/pppd/pathnames.h #usr/include/pppd/pppcrypt.h @@ -37,19 +33,18 @@ etc/ppp/standardloginscript #usr/include/pppd/tdb.h #usr/include/pppd/upap.h usr/lib/pppd -usr/lib/pppd/2.4.9 -usr/lib/pppd/2.4.9/minconn.so -usr/lib/pppd/2.4.9/openl2tp.so -usr/lib/pppd/2.4.9/passprompt.so -usr/lib/pppd/2.4.9/passwordfd.so -usr/lib/pppd/2.4.9/pppoatm.so -usr/lib/pppd/2.4.9/pppoe.so -usr/lib/pppd/2.4.9/pppol2tp.so -usr/lib/pppd/2.4.9/radattr.so -usr/lib/pppd/2.4.9/radius.so -usr/lib/pppd/2.4.9/radrealms.so -usr/lib/pppd/2.4.9/rp-pppoe.so -usr/lib/pppd/2.4.9/winbind.so +usr/lib/pppd/2.4.8 +#usr/lib/pppd/2.4.8/minconn.so +#usr/lib/pppd/2.4.8/openl2tp.so +#usr/lib/pppd/2.4.8/passprompt.so +#usr/lib/pppd/2.4.8/passwordfd.so +#usr/lib/pppd/2.4.8/pppoatm.so +#usr/lib/pppd/2.4.8/pppol2tp.so +#usr/lib/pppd/2.4.8/radattr.so +#usr/lib/pppd/2.4.8/radius.so +#usr/lib/pppd/2.4.8/radrealms.so +#usr/lib/pppd/2.4.8/rp-pppoe.so +#usr/lib/pppd/2.4.8/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump diff --git a/lfs/ppp b/lfs/ppp index 73356b8c4..cbac95067 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2018 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,12 +24,12 @@ include Config -VER = 2.4.9 +VER = 2.4.8 THISAPP = ppp-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) +DIR_APP = $(DIR_SRC)/ppp-$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) CFLAGS += -fno-strict-aliasing @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f +$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123 install : $(TARGET) @@ -73,15 +73,16 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h - cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls - cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls + cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)" cd $(DIR_APP) && make install cd $(DIR_APP) && make install-etcppp touch /var/log/connect-errors diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch new file mode 100644 index 000000000..4a43d444a --- /dev/null +++ b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch @@ -0,0 +1,121 @@ +From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 4 Apr 2014 11:29:39 +0200 +Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by + rpmbuild + +--- + chat/Makefile.linux | 2 +- + pppd/Makefile.linux | 3 +-- + pppd/plugins/Makefile.linux | 2 +- + pppd/plugins/pppoatm/Makefile.linux | 2 +- + pppd/plugins/radius/Makefile.linux | 2 +- + pppd/plugins/rp-pppoe/Makefile.linux | 2 +- + pppdump/Makefile.linux | 2 +- + pppstats/Makefile.linux | 2 +- + 8 files changed, 8 insertions(+), 9 deletions(-) + +diff --git a/chat/Makefile.linux b/chat/Makefile.linux +index 1065ac5..848cd8d 100644 +--- a/chat/Makefile.linux ++++ b/chat/Makefile.linux +@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function + CDEF4= -DFNDELAY=O_NDELAY # Old name value + CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) + +-COPTS= -O2 -g -pipe ++COPTS= $(RPM_OPT_FLAGS) + CFLAGS= $(COPTS) $(CDEFS) + + INSTALL= install +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 5a44d30..63872eb 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -32,8 +32,7 @@ endif + + CC = gcc + # +-COPTS = -O2 -pipe -Wall -g +-LIBS = ++COPTS = -Wall $(RPM_OPT_FLAGS) + + # Uncomment the next 2 lines to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. +diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux +index 0a7ec7b..e09a369 100644 +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I.. -I../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux +index 20f62e6..5a81447 100644 +--- a/pppd/plugins/pppoatm/Makefile.linux ++++ b/pppd/plugins/pppoatm/Makefile.linux +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux +index 24ed3e5..45b3b8d 100644 +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + INSTALL = install + + PLUGIN=radius.so radattr.so radrealms.so +-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON + + # Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. +diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux +index 5d7a271..352991a 100644 +--- a/pppd/plugins/rp-pppoe/Makefile.linux ++++ b/pppd/plugins/rp-pppoe/Makefile.linux +@@ -25,7 +25,7 @@ INSTALL = install + # Version is set ONLY IN THE MAKEFILE! Don't delete this! + RP_VERSION=3.8p + +-COPTS=-O2 -g ++COPTS=$(RPM_OPT_FLAGS) + CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' + all: rp-pppoe.so pppoe-discovery + +diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux +index ac028f6..d0a5032 100644 +--- a/pppdump/Makefile.linux ++++ b/pppdump/Makefile.linux +@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + +-CFLAGS= -O -I../include/net ++CFLAGS= $(RPM_OPT_FLAGS) -I../include/net + OBJS = pppdump.o bsd-comp.o deflate.o zlib.o + + INSTALL= install +diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux +index cca6f0f..42aba73 100644 +--- a/pppstats/Makefile.linux ++++ b/pppstats/Makefile.linux +@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c + PPPSTATOBJS = pppstats.o + + #CC = gcc +-COPTS = -O ++COPTS = $(RPM_OPT_FLAGS) + COMPILE_FLAGS = -I../include + LIBS = + +-- +1.8.3.1 + diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch index 0fb028779..2513021b2 100644 --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644 free(path); errno = err; diff --git a/pppd/main.c b/pppd/main.c -index 87a5d29..152e4a2 100644 +index 6d50d1b..4880377 100644 --- a/pppd/main.c +++ b/pppd/main.c -@@ -400,7 +400,7 @@ main(int argc, char *argv[]) +@@ -420,7 +420,7 @@ main(argc, argv) die(0); /* Make sure fds 0, 1, 2 are open to somewhere. */ @@ -39,12 +39,12 @@ index 87a5d29..152e4a2 100644 if (fd_devnull < 0) fatal("Couldn't open %s: %m", _PATH_DEVNULL); while (fd_devnull <= 2) { -@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait) +@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait) if (log_to_fd >= 0) errfd = log_to_fd; else -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); -+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644); +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); ++ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600); ++conn_running; pid = safe_fork(in, out, errfd); diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch index fffda981d..3475f09a8 100644 --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket pppd/plugins/pppoatm/pppoatm.c | 2 +- pppd/plugins/pppol2tp/openl2tp.c | 2 +- pppd/plugins/pppol2tp/pppol2tp.c | 2 +- - pppd/plugins/pppoe/if.c | 2 +- - pppd/plugins/pppoe/plugin.c | 6 +++--- - pppd/plugins/pppoe/pppoe-discovery.c | 2 +- + pppd/plugins/rp-pppoe/if.c | 2 +- + pppd/plugins/rp-pppoe/plugin.c | 6 +++--- + pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +- pppd/sys-linux.c | 10 +++++----- pppd/tty.c | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644 if (fd >= 0) { memset (&ifr, '\0', sizeof (ifr)); strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c +diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c index 91e9a57..72aba41 100644 ---- a/pppd/plugins/pppoe/if.c -+++ b/pppd/plugins/pppoe/if.c +--- a/pppd/plugins/rp-pppoe/if.c ++++ b/pppd/plugins/rp-pppoe/if.c @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) stype = SOCK_PACKET; #endif @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644 /* Give a more helpful message for the common error case */ if (errno == EPERM) { fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c +diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c index a8c2bb4..24bdf8f 100644 ---- a/pppd/plugins/pppoe/plugin.c -+++ b/pppd/plugins/pppoe/plugin.c +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c @@ -137,7 +137,7 @@ PPPOEConnectDevice(void) /* server equipment). */ /* Opening this socket just before waitForPADS in the discovery() */ @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644 r = 0; } -diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c +diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c index 3d3bf4e..c0d927d 100644 ---- a/pppd/plugins/pppoe/pppoe-discovery.c -+++ b/pppd/plugins/pppoe/pppoe-discovery.c +--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c ++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) stype = SOCK_PACKET; #endif @@ -147,6 +147,15 @@ index 00a2cf5..0690019 100644 if (s < 0) return 0; +@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64) + int skfd; + const unsigned char *ptr; + +- skfd = socket(PF_INET6, SOCK_DGRAM, 0); ++ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if(skfd == -1) + { + warn("could not open IPv6 socket"); diff --git a/pppd/tty.c b/pppd/tty.c index bc96695..8e76a5d 100644 --- a/pppd/tty.c diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch index 1b36e8369..5127c1f10 100644 --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch @@ -1,7 +1,7 @@ -diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h +diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h index 9ab2eee..86762bd 100644 ---- a/pppd/plugins/pppoe/pppoe.h -+++ b/pppd/plugins/pppoe/pppoe.h +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session; #define STATE_TERMINATED 4 diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch index 686db9204..633eb045a 100644 --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch @@ -1,6 +1,6 @@ -diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c ---- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 +diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c +--- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 ++++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 @@ -49,6 +49,8 @@ #include #include diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch new file mode 100644 index 000000000..858769f48 --- /dev/null +++ b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch @@ -0,0 +1,35 @@ +commit 8d7970b8f3db727fe798b65f3377fe6787575426 +Author: Paul Mackerras +Date: Mon Feb 3 15:53:28 2020 +1100 + + pppd: Fix bounds check in EAP code + + Given that we have just checked vallen < len, it can never be the case + that vallen >= len + sizeof(rhostname). This fixes the check so we + actually avoid overflowing the rhostname array. + + Reported-by: Ilja Van Sprundel + Signed-off-by: Paul Mackerras + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f5..1b93db0 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch deleted file mode 100644 index b36ace192..000000000 --- a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200 -+++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200 -@@ -121,9 +121,9 @@ - rm -f $2 - if [ -f $1 ]; then - echo " $2 <= $1" -- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ -- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ -- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 -+ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \ -+ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \ -+ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2 - fi - } - From 92a5ad86e7012d1c1c2e7a3446c63c78e3d7abef Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 2 Jul 2021 14:39:33 +0000 Subject: [PATCH 6/6] core158: Ship ppp Signed-off-by: Michael Tremer --- config/rootfiles/core/158/filelists/ppp | 1 + config/rootfiles/core/158/update.sh | 1 + 2 files changed, 2 insertions(+) create mode 120000 config/rootfiles/core/158/filelists/ppp diff --git a/config/rootfiles/core/158/filelists/ppp b/config/rootfiles/core/158/filelists/ppp new file mode 120000 index 000000000..4844a9b58 --- /dev/null +++ b/config/rootfiles/core/158/filelists/ppp @@ -0,0 +1 @@ +../../../common/ppp \ No newline at end of file diff --git a/config/rootfiles/core/158/update.sh b/config/rootfiles/core/158/update.sh index a34c01bcc..42744e2a7 100644 --- a/config/rootfiles/core/158/update.sh +++ b/config/rootfiles/core/158/update.sh @@ -39,6 +39,7 @@ rm -vrf \ /usr/lib/conntrack-tools \ /usr/lib/libixml.so.* \ /usr/lib/libupnp.so.* \ + /usr/lib/pppd/2.4.9/ \ /var/ipfire/upnp \ /lib/firmware/cxgb4/t4fw-1.24.14.0.bin \ /lib/firmware/cxgb4/t5fw-1.24.14.0.bin \