From patchwork Tue Feb 18 10:18:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 2796 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 48MGyl2TMPz3wcD for ; Tue, 18 Feb 2020 10:18:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 48MGyj5YlpzxQ; Tue, 18 Feb 2020 10:18:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1582021102; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=T/QT4sXzD6EXNHYuzXT3OfIJOtcIz4nH/oMQbh0wECs=; b=md670GQKWXN5vdPANhncylVoDzuaMmqO3gjM4IDwSSbmyJvJdyzj/8I59XCCY4L5mTA9gA l7NFYi5ZgrvfLQBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1582021102; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=T/QT4sXzD6EXNHYuzXT3OfIJOtcIz4nH/oMQbh0wECs=; b=mLveOoLEgh101fwLbLE3fACLRNkPGKT1C3UFl4vvrqOhe/4sIhSyad9f40KeyLAbT83Z8G 09HoOHmFJuWUwBwNSYki/V0w1TN/FAxF8OkPrVifPtqsNVSIxF0vUsN2DyG9+C7wPQyvC1 VF1MkgGsA7OOEPQpV052ZnXI9oi9sD4yllUtRDB5fhdgkksaBW+Fowo3RMXEofXdxxfqjb hUFqb5aH9/4GzNmZ3V+sOlw03q+pmXtfCMSRoHnajVRlesp2yEP3+YKMUly18Xct//zfq1 lmL21C0kxeO2FDRKBS4x6l1TDSaeWEX25pXTJ4YIPRdJmEbR75CmGh0AoDAneg== Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 48MGyj2N6qz2yRQ; Tue, 18 Feb 2020 10:18:21 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48MGyh288kz2xFP for ; Tue, 18 Feb 2020 10:18:20 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 48MGyg4WT3zcm; Tue, 18 Feb 2020 10:18:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1582021099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T/QT4sXzD6EXNHYuzXT3OfIJOtcIz4nH/oMQbh0wECs=; b=RSY/++Hzc3LSegqccaQ12gzN3tyqF3XynLFJON14ZM98MRRcNVR9yakR01YU1mafzEf3hx YgRDbgxnJo16XbaHCVc7g7Vc4aiU2Gh/P1pIBuJz0Fkk2JymdfnxHVD9FD+vDmipVFxses fGvbXHFFcGRM8Oe3+Bz92EQoVQ27459+a51vV4E3B22+LPvgqGB3rL00L3aIdcZ+vuc4JH NgIB4YIRzcyd4wDoaSpl4Z8AlDunoEaueRxwGRGHN8SOTiryWJvrqDpPLaE4kM51IvF9wA Y/Sfnfny7WnTVP7RuTvjXFch+h/BZ/jC3joZh/ROgfg9t25f2jxYm1kNXFjB8A== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1582021099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T/QT4sXzD6EXNHYuzXT3OfIJOtcIz4nH/oMQbh0wECs=; b=vdObMHCJbzwrex8mTUAJlqcYlJmkYjW1qWXZCW69Xx8h+TsqQjZ6i77uCjEmtQrgj+U+y9 eujf404SDNmLPRBQ== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] ppp: Update to 2.4.8 Date: Tue, 18 Feb 2020 11:18:13 +0100 Message-Id: <20200218101813.3159-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=stefan.schantl@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Stefan Schantl Reviewed-by: Michael Tremer --- config/rootfiles/common/ppp | 24 ++-- lfs/ppp | 7 +- src/patches/ppp-2.4.7-openssl.patch | 110 ------------------ .../0013-everywhere-O_CLOEXEC-harder.patch | 11 +- 4 files changed, 21 insertions(+), 131 deletions(-) delete mode 100644 src/patches/ppp-2.4.7-openssl.patch diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index 46c2f83b3..f1f4f88f2 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -33,18 +33,18 @@ etc/ppp/standardloginscript #usr/include/pppd/tdb.h #usr/include/pppd/upap.h usr/lib/pppd -usr/lib/pppd/2.4.7 -#usr/lib/pppd/2.4.7/minconn.so -#usr/lib/pppd/2.4.7/openl2tp.so -#usr/lib/pppd/2.4.7/passprompt.so -#usr/lib/pppd/2.4.7/passwordfd.so -#usr/lib/pppd/2.4.7/pppoatm.so -#usr/lib/pppd/2.4.7/pppol2tp.so -#usr/lib/pppd/2.4.7/radattr.so -#usr/lib/pppd/2.4.7/radius.so -#usr/lib/pppd/2.4.7/radrealms.so -#usr/lib/pppd/2.4.7/rp-pppoe.so -#usr/lib/pppd/2.4.7/winbind.so +usr/lib/pppd/2.4.8 +#usr/lib/pppd/2.4.8/minconn.so +#usr/lib/pppd/2.4.8/openl2tp.so +#usr/lib/pppd/2.4.8/passprompt.so +#usr/lib/pppd/2.4.8/passwordfd.so +#usr/lib/pppd/2.4.8/pppoatm.so +#usr/lib/pppd/2.4.8/pppol2tp.so +#usr/lib/pppd/2.4.8/radattr.so +#usr/lib/pppd/2.4.8/radius.so +#usr/lib/pppd/2.4.8/radrealms.so +#usr/lib/pppd/2.4.8/rp-pppoe.so +#usr/lib/pppd/2.4.8/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump diff --git a/lfs/ppp b/lfs/ppp index f02864cc0..607765bd0 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -24,12 +24,12 @@ include Config -VER = 2.4.7 +VER = 2.4.8 THISAPP = ppp-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) +DIR_APP = $(DIR_SRC)/ppp-$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) CFLAGS += -fno-strict-aliasing @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 78818f40e6d33a1d1de68a1551f6595a +$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123 install : $(TARGET) @@ -79,7 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp-2.4.7-openssl.patch cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)" diff --git a/src/patches/ppp-2.4.7-openssl.patch b/src/patches/ppp-2.4.7-openssl.patch deleted file mode 100644 index cbb5857a7..000000000 --- a/src/patches/ppp-2.4.7-openssl.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= -Date: Fri, 6 Apr 2018 14:27:18 +0200 -Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped -libcrypt. The libxcrypt standalone package can be used instead, but -it dropped the old setkey/encrypt API which ppp uses for DES. There -is support for using openssl in pppcrypt.c, but it contains typos -preventing it from compiling and seems to be written for an ancient -openssl version. - -This updates the code to use current openssl. - -[paulus@ozlabs.org - wrote the commit description, fixed comment in - Makefile.linux.] - -Signed-off-by: Jaroslav Škarvada -Signed-off-by: Paul Mackerras ---- - pppd/Makefile.linux | 7 ++++--- - pppd/pppcrypt.c | 18 +++++++++--------- - 2 files changed, 13 insertions(+), 12 deletions(-) - -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 36d2b036..8d5ce99d 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -35,10 +35,10 @@ endif - COPTS = -O2 -pipe -Wall -g - LIBS = - --# Uncomment the next 2 lines to include support for Microsoft's -+# Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. - CHAPMS=y --USE_CRYPT=y -+#USE_CRYPT=y - # Don't use MSLANMAN unless you really know what you're doing. - #MSLANMAN=y - # Uncomment the next line to include support for MPPE. CHAPMS (above) must -@@ -137,7 +137,8 @@ endif - - ifdef NEEDDES - ifndef USE_CRYPT --LIBS += -ldes $(LIBS) -+CFLAGS += -I/usr/include/openssl -+LIBS += -lcrypto - else - CFLAGS += -DUSE_CRYPT=1 - endif -diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c -index 8b85b132..6b35375e 100644 ---- a/pppd/pppcrypt.c -+++ b/pppd/pppcrypt.c -@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */ - des_key[7] = Get7Bits(key, 49); - - #ifndef USE_CRYPT -- des_set_odd_parity((des_cblock *)des_key); -+ DES_set_odd_parity((DES_cblock *)des_key); - #endif - } - -@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ - } - - #else /* USE_CRYPT */ --static des_key_schedule key_schedule; -+static DES_key_schedule key_schedule; - - bool - DesSetkey(key) - u_char *key; - { -- des_cblock des_key; -+ DES_cblock des_key; - MakeKey(key, des_key); -- des_set_key(&des_key, key_schedule); -+ DES_set_key(&des_key, &key_schedule); - return (1); - } - - bool --DesEncrypt(clear, key, cipher) -+DesEncrypt(clear, cipher) - u_char *clear; /* IN 8 octets */ - u_char *cipher; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, -- key_schedule, 1); -+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, -+ &key_schedule, 1); - return (1); - } - -@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) - u_char *cipher; /* IN 8 octets */ - u_char *clear; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, -- key_schedule, 0); -+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, -+ &key_schedule, 0); - return (1); - } - diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch index e3608a0d6..2513021b2 100644 --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch @@ -140,16 +140,17 @@ index 8a12fa0..00a2cf5 100644 if (mfd >= 0) { int ptn; if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { -@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) +@@ -2851,7 +2851,8 @@ if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) warn("Couldn't unlock pty slave %s: %m", pty_name); #endif - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) -+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) ++ ++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { warn("Couldn't open pty slave %s: %m", pty_name); - } - } -@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) + close(mfd); +@@ -2865,10 +2866,10 @@ for (i = 0; i < 64; ++i) { slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", 'p' + i / 16, i % 16);