From patchwork Sun Sep 17 13:42:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7194 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RpTcj62lcz3ws3 for ; Sun, 17 Sep 2023 13:42:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RpTch1ck2z1GJ; Sun, 17 Sep 2023 13:42:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RpTch0qxVz2yhQ; Sun, 17 Sep 2023 13:42:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RpTcf20FHz2xQp for ; Sun, 17 Sep 2023 13:42:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RpTcd0CHcz1D; Sun, 17 Sep 2023 13:42:08 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1694958129; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=3iQvtLlONuCjT+N2KNdgA0WDcivPdcCjSRA2941qE1A=; b=Hp368btFqwu/rNoaqHELjtzTTaI1/i2a4uDnfu2bajAK/oGGSe0+A1e/ESwu4g0Vs+rfqK rnDYkwXO8dV+YGAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1694958129; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=3iQvtLlONuCjT+N2KNdgA0WDcivPdcCjSRA2941qE1A=; b=JOuCYRvkClgllZl5+xUrHtvH7R9375xzdUP5wfAeIqdOD1qyNUDxsAkOPXtlCJmt2TAvGp fWxvhSUrDnqnCrj/Cez1LzD7WarNIciJFTHf/CY3F0BamF4K9ucohnUr3mB5HSVGKopHgT 1edy4HMsDrp8JKjpKqep7kQ/xdfV8wgsCHd24vOIiD5h1+KJig4nRevgSbz6rdmHQojehZ F4HW4LGA0uc8L8UinKj+OFvdsIXK4KhN6yj+kiSwxl3p6oyqO+3buh6LQcfbDg09x1nfx2 O5tlgWDjQOPwbBCiUuXL0qeGUbdSOyC9sf044kfSAkiIgdkoEmyQA7WEm9r+uA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] ppp: Update to version 2.5.0 Date: Sun, 17 Sep 2023 15:42:04 +0200 Message-ID: <20230917134204.89885-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - IPFire3.x - Update from version 2.4.9 to 2.5.0 - Update based on the changes from ipfire2.x - More work still needed once networking has been put in place. define location of secrets and the IPFire3.x replacements for the dialer, ip-up and ip_down helper scripts that were used in IPFire2.x Signed-off-by: Adolf Belka --- ...don-t-want-to-accidentally-leak-fds.patch0 | 162 ++++++++++++++ ...2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 | 208 ++++++++++++++++++ ...e-SOCK_CLOEXEC-when-creating-socket.patch0 | 135 ++++++++++++ ...-2.5.0-4-increase-max-padi-attempts.patch0 | 12 + ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 | 12 + ...-configure-to-handle-cflags-properly.patch | 18 ++ ...to-see-if-we-have-struct-sockaddr_ll.patch | 37 ++++ ppp/ppp.nm | 40 ++-- 8 files changed, 597 insertions(+), 27 deletions(-) create mode 100644 ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 create mode 100644 ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 create mode 100644 ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 create mode 100644 ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 create mode 100644 ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 create mode 100644 ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch create mode 100644 ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch diff --git a/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 b/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 new file mode 100644 index 000000000..98ab03119 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch0 @@ -0,0 +1,162 @@ +diff -Naur pppd.orig/auth.c pppd/auth.c +--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200 +@@ -518,7 +518,7 @@ + free(fname); + return 0; + } +- ufile = fopen(fname, "r"); ++ ufile = fopen(fname, "re"); + if (seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); + if (ufile == NULL) { +@@ -1535,7 +1535,7 @@ + filename = PPP_PATH_UPAPFILE; + addrs = opts = NULL; + ret = UPAP_AUTHNAK; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) { + error("Can't open PAP password file %s: %m", filename); + +@@ -1635,7 +1635,7 @@ + if (ret <= 0) { + filename = PPP_PATH_UPAPFILE; + addrs = NULL; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1681,7 +1681,7 @@ + } + + filename = PPP_PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1718,7 +1718,7 @@ + } + + filename = PPP_PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1760,7 +1760,7 @@ + } + + filename = PPP_PATH_CHAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1798,7 +1798,7 @@ + struct wordlist *addrs; + + filename = PPP_PATH_SRPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1849,7 +1849,7 @@ + addrs = NULL; + secbuf[0] = 0; + +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) { + error("Can't open chap secret file %s: %m", filename); + return 0; +@@ -1902,7 +1902,7 @@ + filename = PPP_PATH_SRPFILE; + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen(filename, "re"); + if (fp == NULL) { + error("Can't open srp secret file %s: %m", filename); + return 0; +@@ -2291,7 +2291,7 @@ + */ + if (word[0] == '@' && word[1] == '/') { + strlcpy(atfile, word+1, sizeof(atfile)); +- if ((sf = fopen(atfile, "r")) == NULL) { ++ if ((sf = fopen(atfile, "re")) == NULL) { + warn("can't open indirect secret file %s", atfile); + continue; + } +@@ -2461,7 +2461,7 @@ + char pkfile[MAXWORDLEN]; + + filename = PPP_PATH_EAPTLSSERVFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -2518,7 +2518,7 @@ + return 1; + + filename = PPP_PATH_EAPTLSCLIFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -2738,7 +2738,7 @@ + filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE); + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen(filename, "re"); + if (fp == NULL) + { + error("Can't open eap-tls secret file %s: %m", filename); +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200 +@@ -555,7 +555,7 @@ + ppp_option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + err = errno; + if (check_prot && seteuid(euid) == -1) + fatal("unable to regain privileges"); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 +@@ -1978,7 +1978,7 @@ + /* Default the mount location of /proc */ + strlcpy (proc_path, "/proc", sizeof(proc_path)); + proc_path_len = 5; +- fp = fopen(MOUNTED, "r"); ++ fp = fopen(MOUNTED, "re"); + if (fp != NULL) { + while ((mntent = getmntent(fp)) != NULL) { + if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) +@@ -2038,7 +2038,7 @@ + close_route_table(); + + path = path_to_procfs("/net/route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen (path, "re"); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; +@@ -2322,7 +2322,7 @@ + close_route_table(); + + path = path_to_procfs("/net/ipv6_route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen (path, "re"); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; diff --git a/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 b/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 new file mode 100644 index 000000000..c205c0e08 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch0 @@ -0,0 +1,208 @@ +diff -Naur pppd.orig/eap.c pppd/eap.c +--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200 +@@ -1542,7 +1542,7 @@ + + if ((path = name_of_pn_file()) == NULL) + return (-1); +- fd = open(path, modebits, S_IRUSR | S_IWUSR); ++ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC); + err = errno; + free(path); + errno = err; +diff -Naur pppd.orig/main.c pppd/main.c +--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200 +@@ -479,7 +479,7 @@ + die(0); + + /* Make sure fds 0, 1, 2 are open to somewhere. */ +- fd_devnull = open(PPP_DEVNULL, O_RDWR); ++ fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC); + if (fd_devnull < 0) + fatal("Couldn't open %s: %m", PPP_DEVNULL); + while (fd_devnull <= 2) { +diff -Naur pppd.orig/options.c pppd/options.c +--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200 ++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200 +@@ -1718,9 +1718,9 @@ + ppp_option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } +- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); ++ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644); + if (fd < 0 && errno == EEXIST) +- fd = open(*argv, O_WRONLY | O_APPEND); ++ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC); + err = errno; + if (!privileged_option && seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 +@@ -666,7 +666,7 @@ + goto err; + } + dbglog("using channel %d", chindex); +- fd = open("/dev/ppp", O_RDWR); ++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd < 0) { + error("Couldn't reopen /dev/ppp: %m"); + goto err; +@@ -904,7 +904,7 @@ + dbglog("in make_ppp_unit, already had /dev/ppp open?"); + close(ppp_dev_fd); + } +- ppp_dev_fd = open("/dev/ppp", O_RDWR); ++ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (ppp_dev_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + flags = fcntl(ppp_dev_fd, F_GETFL); +@@ -1025,7 +1025,7 @@ + if (!new_style_driver) + return -1; + +- master_fd = open("/dev/ppp", O_RDWR); ++ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (master_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { +@@ -2533,7 +2533,7 @@ + if (tune_kernel) { + forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); + if (forw_path != 0) { +- int fd = open(forw_path, O_WRONLY); ++ int fd = open(forw_path, O_WRONLY | O_CLOEXEC); + if (fd >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable IP forwarding: %m"); +@@ -2878,7 +2878,7 @@ + sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); + kernel_version = KVERSION(osmaj, osmin, ospatch); + +- fd = open("/dev/ppp", O_RDWR); ++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd >= 0) { + new_style_driver = 1; + +@@ -3056,7 +3056,7 @@ + #if __GLIBC__ >= 2 + updwtmp(_PATH_WTMP, &ut); + #else +- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY); ++ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC); + if (wtmp >= 0) { + flock(wtmp, LOCK_EX); + +@@ -3280,7 +3280,7 @@ + int fd; + + path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); +- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { ++ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable dynamic IP addressing: %m"); + close(fd); +@@ -3534,7 +3534,7 @@ + /* + * Try the unix98 way first. + */ +- mfd = open("/dev/ptmx", O_RDWR); ++ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC); + if (mfd >= 0) { + int ptn; + if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { +@@ -3545,7 +3545,8 @@ + if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) + warn("Couldn't unlock pty slave %s: %m", pty_name); + #endif +- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) ++ ++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { + warn("Couldn't open pty slave %s: %m", pty_name); + close(mfd); +@@ -3559,10 +3560,10 @@ + for (i = 0; i < 64; ++i) { + slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", + 'p' + i / 16, i % 16); +- mfd = open(pty_name, O_RDWR, 0); ++ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0); + if (mfd >= 0) { + pty_name[5] = 't'; +- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); ++ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); + if (sfd >= 0) { + ret = fchown(sfd, uid, -1); + if (ret != 0) { +diff -Naur pppd.orig/tdb.c pppd/tdb.c +--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200 ++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200 +@@ -1728,7 +1728,7 @@ + goto internal; + } + +- if ((tdb->fd = open(name, open_flags, mode)) == -1) { ++ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) { + TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", + name, strerror(errno))); + goto fail; /* errno set by open(2) */ +@@ -1971,7 +1971,7 @@ + } + if (close(tdb->fd) != 0) + TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); +- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); ++ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0); + if (tdb->fd == -1) { + TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); + goto fail; +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200 +@@ -621,7 +621,7 @@ + ppp_set_status(EXIT_OPEN_FAILED); + goto errret; + } +- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); ++ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0); + err = errno; + if (prio < OPRIO_ROOT && seteuid(0) == -1) + fatal("Unable to regain privileges"); +@@ -775,7 +775,7 @@ + if (connector == NULL && modem && devnam[0] != 0) { + int i; + for (;;) { +- if ((i = open(devnam, O_RDWR)) >= 0) ++ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0) + break; + if (errno != EINTR) { + error("Failed to reopen %s: %m", devnam); +diff -Naur pppd.orig/utils.c pppd/utils.c +--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200 +@@ -843,14 +843,14 @@ + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev); + #endif + +- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { ++ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) { + if (errno != EEXIST) { + error("Can't create lock file %s: %m", lock_file); + break; + } + + /* Read the lock file to find out who has the device locked. */ +- fd = open(lock_file, O_RDONLY, 0); ++ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0); + if (fd < 0) { + if (errno == ENOENT) /* This is just a timing problem. */ + continue; +@@ -933,7 +933,7 @@ + + if (lock_file[0] == 0) + return -1; +- fd = open(lock_file, O_WRONLY, 0); ++ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0); + if (fd < 0) { + error("Couldn't reopen lock file %s: %m", lock_file); + lock_file[0] = 0; diff --git a/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 b/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 new file mode 100644 index 000000000..cfd72e468 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch0 @@ -0,0 +1,135 @@ +diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c +--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200 +@@ -146,7 +146,7 @@ + + if (!device_got_set) + no_device_given_pppoatm(); +- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); ++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd < 0) + fatal("failed to create socket: %m"); + memset(&qos, 0, sizeof qos); +diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c +--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200 +@@ -116,7 +116,7 @@ + stype = SOCK_PACKET; + #endif + +- if ((fd = socket(domain, stype, htons(type))) < 0) { ++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno == EPERM) { + fatal("Cannot create raw socket -- pppoe must be run as root."); +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 +@@ -155,7 +155,7 @@ + /* server equipment). */ + /* Opening this socket just before waitForPADS in the discovery() */ + /* function would be more appropriate, but it would mess-up the code */ +- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); ++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); + if (conn->sessionSocket < 0) { + error("Failed to create PPPoE socket: %m"); + return -1; +@@ -166,7 +166,7 @@ + lcp_wantoptions[0].mru = conn->mru = conn->storedmru; + + /* Update maximum MRU */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) { + error("Can't get MTU for %s: %m", conn->ifName); + goto errout; +@@ -364,7 +364,7 @@ + } + + /* Open a socket */ +- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { ++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { + r = 0; + } + +diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl2tp.c +--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100 ++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200 +@@ -93,7 +93,7 @@ + int result; + + if (openl2tp_fd < 0) { +- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); ++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (openl2tp_fd < 0) { + error("openl2tp connection create: %m"); + return -ENOTCONN; +diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol2tp.c +--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200 +@@ -220,7 +220,7 @@ + struct ifreq ifr; + int fd; + +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd >= 0) { + memset (&ifr, '\0', sizeof (ifr)); + ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name)); +diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c +--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 ++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200 +@@ -499,12 +499,12 @@ + void sys_init(void) + { + /* Get an internet socket for doing socket ioctls. */ +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + fatal("Couldn't create IP socket: %m(%d)", errno); + + #ifdef PPP_WITH_IPV6CP +- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); ++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock6_fd < 0) + sock6_fd = -errno; /* save errno for later */ + #endif +@@ -2675,7 +2675,7 @@ + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); +@@ -2698,7 +2698,7 @@ + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + +@@ -2915,7 +2915,7 @@ + /* + * Open a socket for doing the ioctl operations. + */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) + return 0; + +diff -Naur pppd.orig/tty.c pppd/tty.c +--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200 ++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200 +@@ -942,7 +942,7 @@ + *sep = ':'; + + /* get a socket and connect it to the other end */ +- sock = socket(PF_INET, SOCK_STREAM, 0); ++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (sock < 0) { + error("Can't create socket: %m"); + return -1; diff --git a/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 b/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 new file mode 100644 index 000000000..002b6066d --- /dev/null +++ b/ppp/patches/ppp-2.5.0-4-increase-max-padi-attempts.patch0 @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h +--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100 ++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200 +@@ -143,7 +143,7 @@ + #define STATE_TERMINATED 4 + + /* How many PADI/PADS attempts? */ +-#define MAX_PADI_ATTEMPTS 3 ++#define MAX_PADI_ATTEMPTS 4 + + /* Initial timeout for PADO/PADS */ + #define PADI_TIMEOUT 5 diff --git a/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 b/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 new file mode 100644 index 000000000..dc6c22852 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-5-headers_4.9.patch0 @@ -0,0 +1,12 @@ +diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c +--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200 ++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200 +@@ -46,6 +46,8 @@ + #include + #include + #include ++#define _LINUX_IN_H ++#define _LINUX_IN6_H + #include + + #include diff --git a/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch b/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch new file mode 100644 index 000000000..0e9eab6ed --- /dev/null +++ b/ppp/patches/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch @@ -0,0 +1,18 @@ +diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure +--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100 ++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200 +@@ -17774,10 +17774,10 @@ + rm -f $2 + if [ -f $1 ]; then + echo " $2 <= $1" +- sed -e "s,@DESTDIR@,$prefix,g" \ +- -e "s,@SYSCONF@,$sysconfdir,g" \ +- -e "s,@CC@,$CC,g" \ +- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2 ++ sed -e "s#@DESTDIR@#$prefix#g" \ ++ -e "s#@SYSCONF@#$sysconfdir#g" \ ++ -e "s#@CC@#$CC#g" \ ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2 + fi + } + diff --git a/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch b/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch new file mode 100644 index 000000000..a7823d424 --- /dev/null +++ b/ppp/patches/ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch @@ -0,0 +1,37 @@ +From 9d6d326b2530cffb1414e4c401675117c42d43ce Mon Sep 17 00:00:00 2001 +From: Eivind Naess +Date: Sun, 23 Apr 2023 11:30:43 -0700 +Subject: [PATCH] Add configure check to see if we have struct sockaddr_ll + +Fixes issue #411. + +Signed-off-by: Eivind Naess +--- + configure.ac | 3 ++- + pppd/plugins/pppoe/config.h.in | 2 ++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 1180f64ec..38b24af92 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -75,7 +75,8 @@ AM_COND_IF([LINUX], [ + linux/if_ether.h \ + linux/if_packet.h \ + netinet/if_ether.h \ +- netpacket/packet.h])]) ++ netpacket/packet.h]) ++ AC_CHECK_TYPES([struct sockaddr_ll], [], [], [#include ])]) + + AC_CHECK_SIZEOF(unsigned int) + AC_CHECK_SIZEOF(unsigned long) +diff --git a/pppd/plugins/pppoe/config.h.in b/pppd/plugins/pppoe/config.h.in +index d447f5e89..d7d61c01c 100644 +--- a/pppd/plugins/pppoe/config.h.in ++++ b/pppd/plugins/pppoe/config.h.in +@@ -69,3 +69,5 @@ + /* The size of `unsigned short', as computed by sizeof. */ + #undef SIZEOF_UNSIGNED_SHORT + ++/* Define to 1 if the system has the type `struct sockaddr_ll'. */ ++#undef HAVE_STRUCT_SOCKADDR_LL diff --git a/ppp/ppp.nm b/ppp/ppp.nm index 8013c4818..a1f15ab3e 100644 --- a/ppp/ppp.nm +++ b/ppp/ppp.nm @@ -4,8 +4,8 @@ ############################################################################### name = ppp -version = 2.4.9 -release = 4 +version = 2.5.0 +release = 1 groups = System/Daemons url = https://ppp.samba.org/ @@ -24,6 +24,8 @@ source_dl = https://download.samba.org/pub/ppp/ build requires + autoconf + automake libpcap-devel libudev-devel libxcrypt-devel @@ -32,43 +34,27 @@ build systemd-devel end - prepare_cmds - sed -e "s@^RUNDIR .*@RUNDIR = /run/ppp@" \ - -e "s@^LOGDIR .*@LOGDIR = /var/log/ppp@" \ - -i linux/Makefile.top - - sed -e "s@^DESTDIR.*@DESTDIR=\$%{INSTROOT}/usr@" \ - -i pppd/plugins/pppol2tp/Makefile.linux - - # Remove broken header file that crashed the build. - rm -f include/linux/if_pppol2tp.h - end - - make_build_targets += \ - CC="gcc %{CFLAGS} %{LDFLAGS}" + configure_options += --with-logfile-dir=/var/log install make install INSTROOT=%{BUILDROOT} - rm -rfv %{BUILDROOT}/etc/ppp/plugins - + touch /var/log/connect-errors mkdir -pv %{BUILDROOT}/etc/ppp + + # Reminder note + # code used to be here to copy across IPFire2.x dialler etc scripts + # something to replace those for IPFire3.x is likely nedeed somewhere + touch %{BUILDROOT}/etc/ppp/secrets chmod -v 600 %{BUILDROOT}/etc/ppp/secrets - ln -svf secrets %{BUILDROOT}/etc/ppp/pap-secrets - ln -svf secrets %{BUILDROOT}/etc/ppp/chap-secrets - - # Fix binary permissions. - find %{BUILDROOT}%{sbindir} -type f -executable \ - -exec chmod 755 {} \; + ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/pap-secrets + ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/chap-secrets end end packages package %{name} - #requires - # /usr/lib/network/helpers/pppd-angel - #end script postin systemctl daemon-reload >/dev/null 2>&1 || :