diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index d61fdf811..6098fa7c3 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -7,49 +7,57 @@ etc/ppp/dialer etc/ppp/ioptions etc/ppp/ip-down etc/ppp/ip-up +#etc/ppp/openssl.cnf etc/ppp/options etc/ppp/pap-secrets etc/ppp/standardloginscript #usr/include/pppd +#usr/include/pppd/cbcp.h #usr/include/pppd/ccp.h -#usr/include/pppd/chap-new.h +#usr/include/pppd/chap.h #usr/include/pppd/chap_ms.h -#usr/include/pppd/eap-tls.h +#usr/include/pppd/crypto.h +#usr/include/pppd/crypto_ms.h #usr/include/pppd/eap.h #usr/include/pppd/ecp.h #usr/include/pppd/eui64.h #usr/include/pppd/fsm.h #usr/include/pppd/ipcp.h #usr/include/pppd/ipv6cp.h -#usr/include/pppd/ipxcp.h #usr/include/pppd/lcp.h #usr/include/pppd/magic.h -#usr/include/pppd/md4.h -#usr/include/pppd/md5.h #usr/include/pppd/mppe.h -#usr/include/pppd/patchlevel.h -#usr/include/pppd/pathnames.h -#usr/include/pppd/pppcrypt.h +#usr/include/pppd/multilink.h +#usr/include/pppd/options.h #usr/include/pppd/pppd.h +#usr/include/pppd/pppdconf.h #usr/include/pppd/session.h -#usr/include/pppd/sha1.h -#usr/include/pppd/spinlock.h -#usr/include/pppd/tdb.h #usr/include/pppd/upap.h +#usr/lib/pkgconfig/pppd.pc usr/lib/pppd -usr/lib/pppd/2.4.9 -usr/lib/pppd/2.4.9/minconn.so -usr/lib/pppd/2.4.9/openl2tp.so -usr/lib/pppd/2.4.9/passprompt.so -usr/lib/pppd/2.4.9/passwordfd.so -usr/lib/pppd/2.4.9/pppoatm.so -usr/lib/pppd/2.4.9/pppoe.so -usr/lib/pppd/2.4.9/pppol2tp.so -usr/lib/pppd/2.4.9/radattr.so -usr/lib/pppd/2.4.9/radius.so -usr/lib/pppd/2.4.9/radrealms.so -usr/lib/pppd/2.4.9/rp-pppoe.so -usr/lib/pppd/2.4.9/winbind.so +usr/lib/pppd/2.5.0 +#usr/lib/pppd/2.5.0/minconn.la +usr/lib/pppd/2.5.0/minconn.so +#usr/lib/pppd/2.5.0/openl2tp.la +usr/lib/pppd/2.5.0/openl2tp.so +#usr/lib/pppd/2.5.0/passprompt.la +usr/lib/pppd/2.5.0/passprompt.so +#usr/lib/pppd/2.5.0/passwordfd.la +usr/lib/pppd/2.5.0/passwordfd.so +#usr/lib/pppd/2.5.0/pppoatm.la +usr/lib/pppd/2.5.0/pppoatm.so +#usr/lib/pppd/2.5.0/pppoe.la +usr/lib/pppd/2.5.0/pppoe.so +#usr/lib/pppd/2.5.0/pppol2tp.la +usr/lib/pppd/2.5.0/pppol2tp.so +#usr/lib/pppd/2.5.0/radattr.la +usr/lib/pppd/2.5.0/radattr.so +#usr/lib/pppd/2.5.0/radius.la +usr/lib/pppd/2.5.0/radius.so +#usr/lib/pppd/2.5.0/radrealms.la +usr/lib/pppd/2.5.0/radrealms.so +#usr/lib/pppd/2.5.0/winbind.la +usr/lib/pppd/2.5.0/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump @@ -60,5 +68,7 @@ usr/sbin/pppstats #usr/share/man/man8/pppd-radius.8 #usr/share/man/man8/pppd.8 #usr/share/man/man8/pppdump.8 +#usr/share/man/man8/pppoe-discovery.8 #usr/share/man/man8/pppstats.8 var/log/connect-errors + diff --git a/lfs/ppp b/lfs/ppp index fb46d8aac..fc4528ece 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.4.9 +VER = 2.5.0 THISAPP = ppp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 2cc885c32b7d33dc48766097f1f4c9cd0754924a8c0630ccaa58b2989e6b43a197ca0d41f5f16956c395278a12023d490e085f5635e23b53c5603ba61cfc40d5 +$(DL_FILE)_BLAKE2 = 6a0e9efcbff3cb499705071cc7d0e3411cf4871fd53b2bfedbb1f2cf3ad80728eb436050cf33b78e36d473be64f15907a21da17f283337455f0af379bc18272d install : $(TARGET) @@ -72,18 +72,20 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch - cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h - cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --with-logfile-dir=/var/log \ + cc="gcc" \ + cflags="$(CFLAGS)" cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - cd $(DIR_APP) && make install-etcppp touch /var/log/connect-errors -mkdir -p /etc/ppp for i in $(DIR_SRC)/src/ppp/* ; do \ diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch deleted file mode 100644 index fffda981d..000000000 --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 7 Apr 2014 14:21:41 +0200 -Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket - ---- - pppd/plugins/pppoatm/pppoatm.c | 2 +- - pppd/plugins/pppol2tp/openl2tp.c | 2 +- - pppd/plugins/pppol2tp/pppol2tp.c | 2 +- - pppd/plugins/pppoe/if.c | 2 +- - pppd/plugins/pppoe/plugin.c | 6 +++--- - pppd/plugins/pppoe/pppoe-discovery.c | 2 +- - pppd/sys-linux.c | 10 +++++----- - pppd/tty.c | 2 +- - 8 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c -index d693350..c31bb34 100644 ---- a/pppd/plugins/pppoatm/pppoatm.c -+++ b/pppd/plugins/pppoatm/pppoatm.c -@@ -135,7 +135,7 @@ static int connect_pppoatm(void) - - if (!device_got_set) - no_device_given_pppoatm(); -- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); -+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (fd < 0) - fatal("failed to create socket: %m"); - memset(&qos, 0, sizeof qos); -diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c -index 9643b96..1099575 100644 ---- a/pppd/plugins/pppol2tp/openl2tp.c -+++ b/pppd/plugins/pppol2tp/openl2tp.c -@@ -83,7 +83,7 @@ static int openl2tp_client_create(void) - int result; - - if (openl2tp_fd < 0) { -- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); -+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (openl2tp_fd < 0) { - error("openl2tp connection create: %m"); - return -ENOTCONN; -diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c -index a7e3400..e64a778 100644 ---- a/pppd/plugins/pppol2tp/pppol2tp.c -+++ b/pppd/plugins/pppol2tp/pppol2tp.c -@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu, - struct ifreq ifr; - int fd; - -- fd = socket(AF_INET, SOCK_DGRAM, 0); -+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (fd >= 0) { - memset (&ifr, '\0', sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c -index 91e9a57..72aba41 100644 ---- a/pppd/plugins/pppoe/if.c -+++ b/pppd/plugins/pppoe/if.c -@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - stype = SOCK_PACKET; - #endif - -- if ((fd = socket(domain, stype, htons(type))) < 0) { -+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { - /* Give a more helpful message for the common error case */ - if (errno == EPERM) { - fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c -index a8c2bb4..24bdf8f 100644 ---- a/pppd/plugins/pppoe/plugin.c -+++ b/pppd/plugins/pppoe/plugin.c -@@ -137,7 +137,7 @@ PPPOEConnectDevice(void) - /* server equipment). */ - /* Opening this socket just before waitForPADS in the discovery() */ - /* function would be more appropriate, but it would mess-up the code */ -- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); -+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); - if (conn->sessionSocket < 0) { - error("Failed to create PPPoE socket: %m"); - return -1; -@@ -148,7 +148,7 @@ PPPOEConnectDevice(void) - lcp_wantoptions[0].mru = conn->mru; - - /* Update maximum MRU */ -- s = socket(AF_INET, SOCK_DGRAM, 0); -+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (s < 0) { - error("Can't get MTU for %s: %m", conn->ifName); - goto errout; -@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) - } - - /* Open a socket */ -- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { -+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { - r = 0; - } - -diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c -index 3d3bf4e..c0d927d 100644 ---- a/pppd/plugins/pppoe/pppoe-discovery.c -+++ b/pppd/plugins/pppoe/pppoe-discovery.c -@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - stype = SOCK_PACKET; - #endif - -- if ((fd = socket(domain, stype, htons(type))) < 0) { -+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { - /* Give a more helpful message for the common error case */ - if (errno == EPERM) { - rp_fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 00a2cf5..0690019 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits) - void sys_init(void) - { - /* Get an internet socket for doing socket ioctls. */ -- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); -+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock_fd < 0) - fatal("Couldn't create IP socket: %m(%d)", errno); - - #ifdef INET6 -- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); -+ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock6_fd < 0) - sock6_fd = -errno; /* save errno for later */ - #endif -@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name) - struct ifreq ifreq; - int ret, sock_fd; - -- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); -+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock_fd < 0) - return 0; - memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); -@@ -2067,7 +2067,7 @@ int ppp_available(void) - /* - * Open a socket for doing the ioctl operations. - */ -- s = socket(AF_INET, SOCK_DGRAM, 0); -+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (s < 0) - return 0; - -diff --git a/pppd/tty.c b/pppd/tty.c -index bc96695..8e76a5d 100644 ---- a/pppd/tty.c -+++ b/pppd/tty.c -@@ -896,7 +896,7 @@ open_socket(dest) - *sep = ':'; - - /* get a socket and connect it to the other end */ -- sock = socket(PF_INET, SOCK_STREAM, 0); -+ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); - if (sock < 0) { - error("Can't create socket: %m"); - return -1; --- -1.8.3.1 - diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch deleted file mode 100644 index 1b36e8369..000000000 --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h -index 9ab2eee..86762bd 100644 ---- a/pppd/plugins/pppoe/pppoe.h -+++ b/pppd/plugins/pppoe/pppoe.h -@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session; - #define STATE_TERMINATED 4 - - /* How many PADI/PADS attempts? */ --#define MAX_PADI_ATTEMPTS 3 -+#define MAX_PADI_ATTEMPTS 4 - - /* Initial timeout for PADO/PADS */ - #define PADI_TIMEOUT 5 diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch deleted file mode 100644 index 686db9204..000000000 --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c ---- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 -@@ -49,6 +49,8 @@ - #include - #include - #include -+#define _LINUX_IN_H -+#define _LINUX_IN6_H - #include - - #ifndef _ROOT_PATH diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch deleted file mode 100644 index b36ace192..000000000 --- a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200 -+++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200 -@@ -121,9 +121,9 @@ - rm -f $2 - if [ -f $1 ]; then - echo " $2 <= $1" -- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ -- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ -- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 -+ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \ -+ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \ -+ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2 - fi - } - diff --git a/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch similarity index 54% rename from src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch rename to src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch index 90bb2d161..98ab03119 100644 --- a/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch +++ b/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch @@ -1,20 +1,8 @@ -From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 7 Apr 2014 12:23:36 +0200 -Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds - ---- - pppd/auth.c | 20 ++++++++++---------- - pppd/options.c | 2 +- - pppd/sys-linux.c | 4 ++-- - 3 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/pppd/auth.c b/pppd/auth.c -index 4271af6..9e957fa 100644 ---- a/pppd/auth.c -+++ b/pppd/auth.c -@@ -428,7 +428,7 @@ setupapfile(argv) - option_error("unable to reset uid before opening %s: %m", fname); +diff -Naur pppd.orig/auth.c pppd/auth.c +--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200 +@@ -518,7 +518,7 @@ + free(fname); return 0; } - ufile = fopen(fname, "r"); @@ -22,8 +10,8 @@ index 4271af6..9e957fa 100644 if (seteuid(euid) == -1) fatal("unable to regain privileges: %m"); if (ufile == NULL) { -@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) - filename = _PATH_UPAPFILE; +@@ -1535,7 +1535,7 @@ + filename = PPP_PATH_UPAPFILE; addrs = opts = NULL; ret = UPAP_AUTHNAK; - f = fopen(filename, "r"); @@ -31,52 +19,52 @@ index 4271af6..9e957fa 100644 if (f == NULL) { error("Can't open PAP password file %s: %m", filename); -@@ -1512,7 +1512,7 @@ null_login(unit) +@@ -1635,7 +1635,7 @@ if (ret <= 0) { - filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; addrs = NULL; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0; check_access(f, filename); -@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd) +@@ -1681,7 +1681,7 @@ } - filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0; check_access(f, filename); -@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp) +@@ -1718,7 +1718,7 @@ } - filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0; -@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp) +@@ -1760,7 +1760,7 @@ } - filename = _PATH_CHAPFILE; + filename = PPP_PATH_CHAPFILE; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0; -@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp) +@@ -1798,7 +1798,7 @@ struct wordlist *addrs; - filename = _PATH_SRPFILE; + filename = PPP_PATH_SRPFILE; - f = fopen(filename, "r"); + f = fopen(filename, "re"); if (f == NULL) return 0; -@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server) +@@ -1849,7 +1849,7 @@ addrs = NULL; secbuf[0] = 0; @@ -85,8 +73,8 @@ index 4271af6..9e957fa 100644 if (f == NULL) { error("Can't open chap secret file %s: %m", filename); return 0; -@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server) - filename = _PATH_SRPFILE; +@@ -1902,7 +1902,7 @@ + filename = PPP_PATH_SRPFILE; addrs = NULL; - fp = fopen(filename, "r"); @@ -94,7 +82,7 @@ index 4271af6..9e957fa 100644 if (fp == NULL) { error("Can't open srp secret file %s: %m", filename); return 0; -@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags) +@@ -2291,7 +2291,7 @@ */ if (word[0] == '@' && word[1] == '/') { strlcpy(atfile, word+1, sizeof(atfile)); @@ -103,12 +91,38 @@ index 4271af6..9e957fa 100644 warn("can't open indirect secret file %s", atfile); continue; } -diff --git a/pppd/options.c b/pppd/options.c -index 45fa742..1d754ae 100644 ---- a/pppd/options.c -+++ b/pppd/options.c -@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv) - option_error("unable to drop privileges to open %s: %m", filename); +@@ -2461,7 +2461,7 @@ + char pkfile[MAXWORDLEN]; + + filename = PPP_PATH_EAPTLSSERVFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -2518,7 +2518,7 @@ + return 1; + + filename = PPP_PATH_EAPTLSCLIFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -2738,7 +2738,7 @@ + filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE); + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen(filename, "re"); + if (fp == NULL) + { + error("Can't open eap-tls secret file %s: %m", filename); +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200 +@@ -555,7 +555,7 @@ + ppp_option_error("unable to drop privileges to open %s: %m", filename); return 0; } - f = fopen(filename, "r"); @@ -116,11 +130,10 @@ index 45fa742..1d754ae 100644 err = errno; if (check_prot && seteuid(euid) == -1) fatal("unable to regain privileges"); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 72a7727..8a12fa0 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail) +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 +@@ -1978,7 +1978,7 @@ /* Default the mount location of /proc */ strlcpy (proc_path, "/proc", sizeof(proc_path)); proc_path_len = 5; @@ -129,7 +142,7 @@ index 72a7727..8a12fa0 100644 if (fp != NULL) { while ((mntent = getmntent(fp)) != NULL) { if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) -@@ -1472,7 +1472,7 @@ static int open_route_table (void) +@@ -2038,7 +2038,7 @@ close_route_table(); path = path_to_procfs("/net/route"); @@ -138,6 +151,12 @@ index 72a7727..8a12fa0 100644 if (route_fd == NULL) { error("can't open routing table %s: %m", path); return 0; --- -1.8.3.1 - +@@ -2322,7 +2322,7 @@ + close_route_table(); + + path = path_to_procfs("/net/ipv6_route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen (path, "re"); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch similarity index 63% rename from src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch rename to src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch index 0fb028779..c205c0e08 100644 --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch +++ b/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch @@ -1,23 +1,7 @@ -From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 7 Apr 2014 13:56:34 +0200 -Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder - ---- - pppd/eap.c | 2 +- - pppd/main.c | 4 ++-- - pppd/options.c | 4 ++-- - pppd/sys-linux.c | 22 +++++++++++----------- - pppd/tdb.c | 4 ++-- - pppd/tty.c | 4 ++-- - pppd/utils.c | 6 +++--- - 7 files changed, 23 insertions(+), 23 deletions(-) - -diff --git a/pppd/eap.c b/pppd/eap.c -index 6ea6c1f..faced53 100644 ---- a/pppd/eap.c -+++ b/pppd/eap.c -@@ -1226,7 +1226,7 @@ mode_t modebits; +diff -Naur pppd.orig/eap.c pppd/eap.c +--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200 +@@ -1542,7 +1542,7 @@ if ((path = name_of_pn_file()) == NULL) return (-1); @@ -26,34 +10,23 @@ index 6ea6c1f..faced53 100644 err = errno; free(path); errno = err; -diff --git a/pppd/main.c b/pppd/main.c -index 87a5d29..152e4a2 100644 ---- a/pppd/main.c -+++ b/pppd/main.c -@@ -400,7 +400,7 @@ main(int argc, char *argv[]) +diff -Naur pppd.orig/main.c pppd/main.c +--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200 +@@ -479,7 +479,7 @@ die(0); /* Make sure fds 0, 1, 2 are open to somewhere. */ -- fd_devnull = open(_PATH_DEVNULL, O_RDWR); -+ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC); +- fd_devnull = open(PPP_DEVNULL, O_RDWR); ++ fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC); if (fd_devnull < 0) - fatal("Couldn't open %s: %m", _PATH_DEVNULL); + fatal("Couldn't open %s: %m", PPP_DEVNULL); while (fd_devnull <= 2) { -@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait) - if (log_to_fd >= 0) - errfd = log_to_fd; - else -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); -+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644); - - ++conn_running; - pid = safe_fork(in, out, errfd); -diff --git a/pppd/options.c b/pppd/options.c -index 1d754ae..8e62635 100644 ---- a/pppd/options.c -+++ b/pppd/options.c -@@ -1544,9 +1544,9 @@ setlogfile(argv) - option_error("unable to drop permissions to open %s: %m", *argv); +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200 ++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200 +@@ -1718,9 +1718,9 @@ + ppp_option_error("unable to drop permissions to open %s: %m", *argv); return 0; } - fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); @@ -64,11 +37,10 @@ index 1d754ae..8e62635 100644 err = errno; if (!privileged_option && seteuid(euid) == -1) fatal("unable to regain privileges: %m"); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 8a12fa0..00a2cf5 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd) +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 +@@ -666,7 +666,7 @@ goto err; } dbglog("using channel %d", chindex); @@ -77,7 +49,7 @@ index 8a12fa0..00a2cf5 100644 if (fd < 0) { error("Couldn't reopen /dev/ppp: %m"); goto err; -@@ -619,7 +619,7 @@ static int make_ppp_unit() +@@ -904,7 +904,7 @@ dbglog("in make_ppp_unit, already had /dev/ppp open?"); close(ppp_dev_fd); } @@ -86,7 +58,7 @@ index 8a12fa0..00a2cf5 100644 if (ppp_dev_fd < 0) fatal("Couldn't open /dev/ppp: %m"); flags = fcntl(ppp_dev_fd, F_GETFL); -@@ -693,7 +693,7 @@ int bundle_attach(int ifnum) +@@ -1025,7 +1025,7 @@ if (!new_style_driver) return -1; @@ -95,7 +67,7 @@ index 8a12fa0..00a2cf5 100644 if (master_fd < 0) fatal("Couldn't open /dev/ppp: %m"); if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { -@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr) +@@ -2533,7 +2533,7 @@ if (tune_kernel) { forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); if (forw_path != 0) { @@ -104,7 +76,7 @@ index 8a12fa0..00a2cf5 100644 if (fd >= 0) { if (write(fd, "1", 1) != 1) error("Couldn't enable IP forwarding: %m"); -@@ -2030,7 +2030,7 @@ int ppp_available(void) +@@ -2878,7 +2878,7 @@ sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); kernel_version = KVERSION(osmaj, osmin, ospatch); @@ -113,7 +85,7 @@ index 8a12fa0..00a2cf5 100644 if (fd >= 0) { new_style_driver = 1; -@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host) +@@ -3056,7 +3056,7 @@ #if __GLIBC__ >= 2 updwtmp(_PATH_WTMP, &ut); #else @@ -122,7 +94,7 @@ index 8a12fa0..00a2cf5 100644 if (wtmp >= 0) { flock(wtmp, LOCK_EX); -@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr, +@@ -3280,7 +3280,7 @@ int fd; path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); @@ -131,7 +103,7 @@ index 8a12fa0..00a2cf5 100644 if (write(fd, "1", 1) != 1) error("Couldn't enable dynamic IP addressing: %m"); close(fd); -@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) +@@ -3534,7 +3534,7 @@ /* * Try the unix98 way first. */ @@ -140,17 +112,17 @@ index 8a12fa0..00a2cf5 100644 if (mfd >= 0) { int ptn; if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { -@@ -2851,7 +2851,8 @@ +@@ -3545,7 +3545,8 @@ if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) warn("Couldn't unlock pty slave %s: %m", pty_name); #endif - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) + -+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) - { ++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { warn("Couldn't open pty slave %s: %m", pty_name); - close(mfd); -@@ -2865,10 +2866,10 @@ + close(mfd); +@@ -3559,10 +3560,10 @@ for (i = 0; i < 64; ++i) { slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", 'p' + i / 16, i % 16); @@ -161,13 +133,12 @@ index 8a12fa0..00a2cf5 100644 - sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); + sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); if (sfd >= 0) { - fchown(sfd, uid, -1); - fchmod(sfd, S_IRUSR | S_IWUSR); -diff --git a/pppd/tdb.c b/pppd/tdb.c -index bdc5828..c7ab71c 100644 ---- a/pppd/tdb.c -+++ b/pppd/tdb.c -@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, + ret = fchown(sfd, uid, -1); + if (ret != 0) { +diff -Naur pppd.orig/tdb.c pppd/tdb.c +--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200 ++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200 +@@ -1728,7 +1728,7 @@ goto internal; } @@ -176,7 +147,7 @@ index bdc5828..c7ab71c 100644 TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", name, strerror(errno))); goto fail; /* errno set by open(2) */ -@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb) +@@ -1971,7 +1971,7 @@ } if (close(tdb->fd) != 0) TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); @@ -185,12 +156,11 @@ index bdc5828..c7ab71c 100644 if (tdb->fd == -1) { TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); goto fail; -diff --git a/pppd/tty.c b/pppd/tty.c -index d571b11..bc96695 100644 ---- a/pppd/tty.c -+++ b/pppd/tty.c -@@ -569,7 +569,7 @@ int connect_tty() - status = EXIT_OPEN_FAILED; +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200 +@@ -621,7 +621,7 @@ + ppp_set_status(EXIT_OPEN_FAILED); goto errret; } - real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); @@ -198,7 +168,7 @@ index d571b11..bc96695 100644 err = errno; if (prio < OPRIO_ROOT && seteuid(0) == -1) fatal("Unable to regain privileges"); -@@ -723,7 +723,7 @@ int connect_tty() +@@ -775,7 +775,7 @@ if (connector == NULL && modem && devnam[0] != 0) { int i; for (;;) { @@ -207,12 +177,11 @@ index d571b11..bc96695 100644 break; if (errno != EINTR) { error("Failed to reopen %s: %m", devnam); -diff --git a/pppd/utils.c b/pppd/utils.c -index 29bf970..6051b9a 100644 ---- a/pppd/utils.c -+++ b/pppd/utils.c -@@ -918,14 +918,14 @@ lock(dev) - slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); +diff -Naur pppd.orig/utils.c pppd/utils.c +--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200 +@@ -843,14 +843,14 @@ + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev); #endif - while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { @@ -228,7 +197,7 @@ index 29bf970..6051b9a 100644 if (fd < 0) { if (errno == ENOENT) /* This is just a timing problem. */ continue; -@@ -1004,7 +1004,7 @@ relock(pid) +@@ -933,7 +933,7 @@ if (lock_file[0] == 0) return -1; @@ -237,6 +206,3 @@ index 29bf970..6051b9a 100644 if (fd < 0) { error("Couldn't reopen lock file %s: %m", lock_file); lock_file[0] = 0; --- -1.8.3.1 - diff --git a/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch new file mode 100644 index 000000000..cfd72e468 --- /dev/null +++ b/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch @@ -0,0 +1,135 @@ +diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c +--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200 +@@ -146,7 +146,7 @@ + + if (!device_got_set) + no_device_given_pppoatm(); +- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); ++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd < 0) + fatal("failed to create socket: %m"); + memset(&qos, 0, sizeof qos); +diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c +--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200 +@@ -116,7 +116,7 @@ + stype = SOCK_PACKET; + #endif + +- if ((fd = socket(domain, stype, htons(type))) < 0) { ++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno == EPERM) { + fatal("Cannot create raw socket -- pppoe must be run as root."); +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 +@@ -155,7 +155,7 @@ + /* server equipment). */ + /* Opening this socket just before waitForPADS in the discovery() */ + /* function would be more appropriate, but it would mess-up the code */ +- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); ++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); + if (conn->sessionSocket < 0) { + error("Failed to create PPPoE socket: %m"); + return -1; +@@ -166,7 +166,7 @@ + lcp_wantoptions[0].mru = conn->mru = conn->storedmru; + + /* Update maximum MRU */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) { + error("Can't get MTU for %s: %m", conn->ifName); + goto errout; +@@ -364,7 +364,7 @@ + } + + /* Open a socket */ +- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { ++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { + r = 0; + } + +diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl2tp.c +--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200 +@@ -93,7 +93,7 @@ + int result; + + if (openl2tp_fd < 0) { +- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); ++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (openl2tp_fd < 0) { + error("openl2tp connection create: %m"); + return -ENOTCONN; +diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol2tp.c +--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200 +@@ -220,7 +220,7 @@ + struct ifreq ifr; + int fd; + +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd >= 0) { + memset (&ifr, '\0', sizeof (ifr)); + ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name)); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200 +@@ -499,12 +499,12 @@ + void sys_init(void) + { + /* Get an internet socket for doing socket ioctls. */ +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + fatal("Couldn't create IP socket: %m(%d)", errno); + + #ifdef PPP_WITH_IPV6CP +- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); ++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock6_fd < 0) + sock6_fd = -errno; /* save errno for later */ + #endif +@@ -2675,7 +2675,7 @@ + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); +@@ -2698,7 +2698,7 @@ + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + +@@ -2915,7 +2915,7 @@ + /* + * Open a socket for doing the ioctl operations. + */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) + return 0; + +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200 ++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200 +@@ -942,7 +942,7 @@ + *sep = ':'; + + /* get a socket and connect it to the other end */ +- sock = socket(PF_INET, SOCK_STREAM, 0); ++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (sock < 0) { + error("Can't create socket: %m"); + return -1; diff --git a/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch new file mode 100644 index 000000000..002b6066d --- /dev/null +++ b/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h +--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200 +@@ -143,7 +143,7 @@ + #define STATE_TERMINATED 4 + + /* How many PADI/PADS attempts? */ +-#define MAX_PADI_ATTEMPTS 3 ++#define MAX_PADI_ATTEMPTS 4 + + /* Initial timeout for PADO/PADS */ + #define PADI_TIMEOUT 5 diff --git a/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch b/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch new file mode 100644 index 000000000..dc6c22852 --- /dev/null +++ b/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200 +@@ -46,6 +46,8 @@ + #include + #include + #include ++#define _LINUX_IN_H ++#define _LINUX_IN6_H + #include + + #include diff --git a/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch new file mode 100644 index 000000000..0e9eab6ed --- /dev/null +++ b/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch @@ -0,0 +1,18 @@ +diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure +--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100 ++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200 +@@ -17774,10 +17774,10 @@ + rm -f $2 + if [ -f $1 ]; then + echo " $2 <= $1" +- sed -e "s,@DESTDIR@,$prefix,g" \ +- -e "s,@SYSCONF@,$sysconfdir,g" \ +- -e "s,@CC@,$CC,g" \ +- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2 ++ sed -e "s#@DESTDIR@#$prefix#g" \ ++ -e "s#@SYSCONF@#$sysconfdir#g" \ ++ -e "s#@CC@#$CC#g" \ ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2 + fi + } +