Commit Message
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
config/rootfiles/common/ppp | 24 ++--
lfs/ppp | 7 +-
src/patches/ppp-2.4.7-openssl.patch | 110 ------------------
.../0013-everywhere-O_CLOEXEC-harder.patch | 11 +-
4 files changed, 21 insertions(+), 131 deletions(-)
delete mode 100644 src/patches/ppp-2.4.7-openssl.patch
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
> On 18 Feb 2020, at 10:18, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
>
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
> config/rootfiles/common/ppp | 24 ++--
> lfs/ppp | 7 +-
> src/patches/ppp-2.4.7-openssl.patch | 110 ------------------
> .../0013-everywhere-O_CLOEXEC-harder.patch | 11 +-
> 4 files changed, 21 insertions(+), 131 deletions(-)
> delete mode 100644 src/patches/ppp-2.4.7-openssl.patch
>
> diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
> index 46c2f83b3..f1f4f88f2 100644
> --- a/config/rootfiles/common/ppp
> +++ b/config/rootfiles/common/ppp
> @@ -33,18 +33,18 @@ etc/ppp/standardloginscript
> #usr/include/pppd/tdb.h
> #usr/include/pppd/upap.h
> usr/lib/pppd
> -usr/lib/pppd/2.4.7
> -#usr/lib/pppd/2.4.7/minconn.so
> -#usr/lib/pppd/2.4.7/openl2tp.so
> -#usr/lib/pppd/2.4.7/passprompt.so
> -#usr/lib/pppd/2.4.7/passwordfd.so
> -#usr/lib/pppd/2.4.7/pppoatm.so
> -#usr/lib/pppd/2.4.7/pppol2tp.so
> -#usr/lib/pppd/2.4.7/radattr.so
> -#usr/lib/pppd/2.4.7/radius.so
> -#usr/lib/pppd/2.4.7/radrealms.so
> -#usr/lib/pppd/2.4.7/rp-pppoe.so
> -#usr/lib/pppd/2.4.7/winbind.so
> +usr/lib/pppd/2.4.8
> +#usr/lib/pppd/2.4.8/minconn.so
> +#usr/lib/pppd/2.4.8/openl2tp.so
> +#usr/lib/pppd/2.4.8/passprompt.so
> +#usr/lib/pppd/2.4.8/passwordfd.so
> +#usr/lib/pppd/2.4.8/pppoatm.so
> +#usr/lib/pppd/2.4.8/pppol2tp.so
> +#usr/lib/pppd/2.4.8/radattr.so
> +#usr/lib/pppd/2.4.8/radius.so
> +#usr/lib/pppd/2.4.8/radrealms.so
> +#usr/lib/pppd/2.4.8/rp-pppoe.so
> +#usr/lib/pppd/2.4.8/winbind.so
> usr/sbin/chat
> usr/sbin/pppd
> usr/sbin/pppdump
> diff --git a/lfs/ppp b/lfs/ppp
> index f02864cc0..607765bd0 100644
> --- a/lfs/ppp
> +++ b/lfs/ppp
> @@ -24,12 +24,12 @@
>
> include Config
>
> -VER = 2.4.7
> +VER = 2.4.8
>
> THISAPP = ppp-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> DL_FROM = $(URL_IPFIRE)
> -DIR_APP = $(DIR_SRC)/$(THISAPP)
> +DIR_APP = $(DIR_SRC)/ppp-$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
>
> CFLAGS += -fno-strict-aliasing
> @@ -42,7 +42,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = 78818f40e6d33a1d1de68a1551f6595a
> +$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123
>
> install : $(TARGET)
>
> @@ -79,7 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp-2.4.7-openssl.patch
> cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
> cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
> cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
> diff --git a/src/patches/ppp-2.4.7-openssl.patch b/src/patches/ppp-2.4.7-openssl.patch
> deleted file mode 100644
> index cbb5857a7..000000000
> --- a/src/patches/ppp-2.4.7-openssl.patch
> +++ /dev/null
> @@ -1,110 +0,0 @@
> -From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001
> -From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
> -Date: Fri, 6 Apr 2018 14:27:18 +0200
> -Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc
> -MIME-Version: 1.0
> -Content-Type: text/plain; charset=UTF-8
> -Content-Transfer-Encoding: 8bit
> -
> -It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
> -libcrypt. The libxcrypt standalone package can be used instead, but
> -it dropped the old setkey/encrypt API which ppp uses for DES. There
> -is support for using openssl in pppcrypt.c, but it contains typos
> -preventing it from compiling and seems to be written for an ancient
> -openssl version.
> -
> -This updates the code to use current openssl.
> -
> -[paulus@ozlabs.org - wrote the commit description, fixed comment in
> - Makefile.linux.]
> -
> -Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
> -Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
> ----
> - pppd/Makefile.linux | 7 ++++---
> - pppd/pppcrypt.c | 18 +++++++++---------
> - 2 files changed, 13 insertions(+), 12 deletions(-)
> -
> -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
> -index 36d2b036..8d5ce99d 100644
> ---- a/pppd/Makefile.linux
> -+++ b/pppd/Makefile.linux
> -@@ -35,10 +35,10 @@ endif
> - COPTS = -O2 -pipe -Wall -g
> - LIBS =
> -
> --# Uncomment the next 2 lines to include support for Microsoft's
> -+# Uncomment the next line to include support for Microsoft's
> - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
> - CHAPMS=y
> --USE_CRYPT=y
> -+#USE_CRYPT=y
> - # Don't use MSLANMAN unless you really know what you're doing.
> - #MSLANMAN=y
> - # Uncomment the next line to include support for MPPE. CHAPMS (above) must
> -@@ -137,7 +137,8 @@ endif
> -
> - ifdef NEEDDES
> - ifndef USE_CRYPT
> --LIBS += -ldes $(LIBS)
> -+CFLAGS += -I/usr/include/openssl
> -+LIBS += -lcrypto
> - else
> - CFLAGS += -DUSE_CRYPT=1
> - endif
> -diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
> -index 8b85b132..6b35375e 100644
> ---- a/pppd/pppcrypt.c
> -+++ b/pppd/pppcrypt.c
> -@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
> - des_key[7] = Get7Bits(key, 49);
> -
> - #ifndef USE_CRYPT
> -- des_set_odd_parity((des_cblock *)des_key);
> -+ DES_set_odd_parity((DES_cblock *)des_key);
> - #endif
> - }
> -
> -@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
> - }
> -
> - #else /* USE_CRYPT */
> --static des_key_schedule key_schedule;
> -+static DES_key_schedule key_schedule;
> -
> - bool
> - DesSetkey(key)
> - u_char *key;
> - {
> -- des_cblock des_key;
> -+ DES_cblock des_key;
> - MakeKey(key, des_key);
> -- des_set_key(&des_key, key_schedule);
> -+ DES_set_key(&des_key, &key_schedule);
> - return (1);
> - }
> -
> - bool
> --DesEncrypt(clear, key, cipher)
> -+DesEncrypt(clear, cipher)
> - u_char *clear; /* IN 8 octets */
> - u_char *cipher; /* OUT 8 octets */
> - {
> -- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
> -- key_schedule, 1);
> -+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
> -+ &key_schedule, 1);
> - return (1);
> - }
> -
> -@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
> - u_char *cipher; /* IN 8 octets */
> - u_char *clear; /* OUT 8 octets */
> - {
> -- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
> -- key_schedule, 0);
> -+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
> -+ &key_schedule, 0);
> - return (1);
> - }
> -
> diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> index e3608a0d6..2513021b2 100644
> --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> @@ -140,16 +140,17 @@ index 8a12fa0..00a2cf5 100644
> if (mfd >= 0) {
> int ptn;
> if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
> -@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
> +@@ -2851,7 +2851,8 @@
> if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
> warn("Couldn't unlock pty slave %s: %m", pty_name);
> #endif
> - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
> -+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
> ++
> ++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
> + {
> warn("Couldn't open pty slave %s: %m", pty_name);
> - }
> - }
> -@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
> + close(mfd);
> +@@ -2865,10 +2866,10 @@
> for (i = 0; i < 64; ++i) {
> slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
> 'p' + i / 16, i % 16);
> --
> 2.25.0
>
@@ -33,18 +33,18 @@ etc/ppp/standardloginscript
#usr/include/pppd/tdb.h
#usr/include/pppd/upap.h
usr/lib/pppd
-usr/lib/pppd/2.4.7
-#usr/lib/pppd/2.4.7/minconn.so
-#usr/lib/pppd/2.4.7/openl2tp.so
-#usr/lib/pppd/2.4.7/passprompt.so
-#usr/lib/pppd/2.4.7/passwordfd.so
-#usr/lib/pppd/2.4.7/pppoatm.so
-#usr/lib/pppd/2.4.7/pppol2tp.so
-#usr/lib/pppd/2.4.7/radattr.so
-#usr/lib/pppd/2.4.7/radius.so
-#usr/lib/pppd/2.4.7/radrealms.so
-#usr/lib/pppd/2.4.7/rp-pppoe.so
-#usr/lib/pppd/2.4.7/winbind.so
+usr/lib/pppd/2.4.8
+#usr/lib/pppd/2.4.8/minconn.so
+#usr/lib/pppd/2.4.8/openl2tp.so
+#usr/lib/pppd/2.4.8/passprompt.so
+#usr/lib/pppd/2.4.8/passwordfd.so
+#usr/lib/pppd/2.4.8/pppoatm.so
+#usr/lib/pppd/2.4.8/pppol2tp.so
+#usr/lib/pppd/2.4.8/radattr.so
+#usr/lib/pppd/2.4.8/radius.so
+#usr/lib/pppd/2.4.8/radrealms.so
+#usr/lib/pppd/2.4.8/rp-pppoe.so
+#usr/lib/pppd/2.4.8/winbind.so
usr/sbin/chat
usr/sbin/pppd
usr/sbin/pppdump
@@ -24,12 +24,12 @@
include Config
-VER = 2.4.7
+VER = 2.4.8
THISAPP = ppp-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
+DIR_APP = $(DIR_SRC)/ppp-$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
CFLAGS += -fno-strict-aliasing
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 78818f40e6d33a1d1de68a1551f6595a
+$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123
install : $(TARGET)
@@ -79,7 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp-2.4.7-openssl.patch
cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
deleted file mode 100644
@@ -1,110 +0,0 @@
-From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Fri, 6 Apr 2018 14:27:18 +0200
-Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
-libcrypt. The libxcrypt standalone package can be used instead, but
-it dropped the old setkey/encrypt API which ppp uses for DES. There
-is support for using openssl in pppcrypt.c, but it contains typos
-preventing it from compiling and seems to be written for an ancient
-openssl version.
-
-This updates the code to use current openssl.
-
-[paulus@ozlabs.org - wrote the commit description, fixed comment in
- Makefile.linux.]
-
-Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
----
- pppd/Makefile.linux | 7 ++++---
- pppd/pppcrypt.c | 18 +++++++++---------
- 2 files changed, 13 insertions(+), 12 deletions(-)
-
-diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index 36d2b036..8d5ce99d 100644
---- a/pppd/Makefile.linux
-+++ b/pppd/Makefile.linux
-@@ -35,10 +35,10 @@ endif
- COPTS = -O2 -pipe -Wall -g
- LIBS =
-
--# Uncomment the next 2 lines to include support for Microsoft's
-+# Uncomment the next line to include support for Microsoft's
- # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
- CHAPMS=y
--USE_CRYPT=y
-+#USE_CRYPT=y
- # Don't use MSLANMAN unless you really know what you're doing.
- #MSLANMAN=y
- # Uncomment the next line to include support for MPPE. CHAPMS (above) must
-@@ -137,7 +137,8 @@ endif
-
- ifdef NEEDDES
- ifndef USE_CRYPT
--LIBS += -ldes $(LIBS)
-+CFLAGS += -I/usr/include/openssl
-+LIBS += -lcrypto
- else
- CFLAGS += -DUSE_CRYPT=1
- endif
-diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
-index 8b85b132..6b35375e 100644
---- a/pppd/pppcrypt.c
-+++ b/pppd/pppcrypt.c
-@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
- des_key[7] = Get7Bits(key, 49);
-
- #ifndef USE_CRYPT
-- des_set_odd_parity((des_cblock *)des_key);
-+ DES_set_odd_parity((DES_cblock *)des_key);
- #endif
- }
-
-@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
- }
-
- #else /* USE_CRYPT */
--static des_key_schedule key_schedule;
-+static DES_key_schedule key_schedule;
-
- bool
- DesSetkey(key)
- u_char *key;
- {
-- des_cblock des_key;
-+ DES_cblock des_key;
- MakeKey(key, des_key);
-- des_set_key(&des_key, key_schedule);
-+ DES_set_key(&des_key, &key_schedule);
- return (1);
- }
-
- bool
--DesEncrypt(clear, key, cipher)
-+DesEncrypt(clear, cipher)
- u_char *clear; /* IN 8 octets */
- u_char *cipher; /* OUT 8 octets */
- {
-- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
-- key_schedule, 1);
-+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
-+ &key_schedule, 1);
- return (1);
- }
-
-@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
- u_char *cipher; /* IN 8 octets */
- u_char *clear; /* OUT 8 octets */
- {
-- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
-- key_schedule, 0);
-+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
-+ &key_schedule, 0);
- return (1);
- }
-
@@ -140,16 +140,17 @@ index 8a12fa0..00a2cf5 100644
if (mfd >= 0) {
int ptn;
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
-@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+@@ -2851,7 +2851,8 @@
if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
warn("Couldn't unlock pty slave %s: %m", pty_name);
#endif
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
-+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
++
++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ {
warn("Couldn't open pty slave %s: %m", pty_name);
- }
- }
-@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ close(mfd);
+@@ -2865,10 +2866,10 @@
for (i = 0; i < 64; ++i) {
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
'p' + i / 16, i % 16);