Commit Message
This is the first ppp release for years, and the project appears to have
a different maintainer (team?) by now. As a result, some of our patches
are no longer necessary as they made it into upstream, while others need
to be adjusted slightly.
In addition, their configure script does not handle commas in CFLAGS
properly, which is why the delimiter for the 'sed' call in it has to be
changed to something neither appearing in a path nor in our CLFAGS set.
The full changelog of this release can be retrieved from
https://ppp.samba.org/README.html and says:
* Support for new EAP (Extensible Authentication Protocol) methods:
- Support for EAP-TLS, from Jan Just Keijser and others
- Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
Van Buggenhout and others
* New pppd options:
- chap-timeout
- chapms-strip-domain
- replacedefaultroute
- noreplacedefaultroute
- ipv6cp-accept-remote
- lcp-echo-adaptive
- ip-up-script
- ip-down-script
- ca
- capath
- cert
- key
- crl-dir
- crl
- max-tls-version
- need-peer-eap
* Fixes for CVE-2020-8597 and CVE-2015-3310.
* libpcap is now required when compiling on Linux (previously, if
libpcap was not present, pppd would be compiled without packet
filtering support).
* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
from the upstream rp-pppoe code. Its options have changed names,
but the old names are kept as aliases.
* The configure script now supports cross-compilation.
* Many bug fixes and cleanups.
Thanks to Michael for his hint on the ./configure CFLAGS issue.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
config/rootfiles/common/ppp | 29 +++--
lfs/ppp | 15 +--
...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------
.../0013-everywhere-O_CLOEXEC-harder.patch | 8 +-
...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 ++---
...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +-
src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +-
....8-pppd-fix-bounds-check-in-eap-code.patch | 35 -----
...-configure-to-handle-cflags-properly.patch | 15 +++
9 files changed, 61 insertions(+), 207 deletions(-)
delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
Comments
Hello development folks,
I am currently observing some strange memory allocation behaviour with ppp 2.4.9, especially
after multiple (> 1k) reconnects using CHAP. Since I am not sure whether I messed up a patch
or this is caused by upstream code, I currently advise against merging this patch.
Further information will be added here as soon as available.
Thanks, and best regards,
Peter Müller
> This is the first ppp release for years, and the project appears to have
> a different maintainer (team?) by now. As a result, some of our patches
> are no longer necessary as they made it into upstream, while others need
> to be adjusted slightly.
>
> In addition, their configure script does not handle commas in CFLAGS
> properly, which is why the delimiter for the 'sed' call in it has to be
> changed to something neither appearing in a path nor in our CLFAGS set.
>
> The full changelog of this release can be retrieved from
> https://ppp.samba.org/README.html and says:
>
> * Support for new EAP (Extensible Authentication Protocol) methods:
> - Support for EAP-TLS, from Jan Just Keijser and others
> - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
> Van Buggenhout and others
>
> * New pppd options:
> - chap-timeout
> - chapms-strip-domain
> - replacedefaultroute
> - noreplacedefaultroute
> - ipv6cp-accept-remote
> - lcp-echo-adaptive
> - ip-up-script
> - ip-down-script
> - ca
> - capath
> - cert
> - key
> - crl-dir
> - crl
> - max-tls-version
> - need-peer-eap
>
> * Fixes for CVE-2020-8597 and CVE-2015-3310.
>
> * libpcap is now required when compiling on Linux (previously, if
> libpcap was not present, pppd would be compiled without packet
> filtering support).
>
> * The rp-pppoe plugin has been renamed to pppoe, to distinguish it
> from the upstream rp-pppoe code. Its options have changed names,
> but the old names are kept as aliases.
>
> * The configure script now supports cross-compilation.
>
> * Many bug fixes and cleanups.
>
> Thanks to Michael for his hint on the ./configure CFLAGS issue.
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/rootfiles/common/ppp | 29 +++--
> lfs/ppp | 15 +--
> ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------
> .../0013-everywhere-O_CLOEXEC-harder.patch | 8 +-
> ...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 ++---
> ...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +-
> src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +-
> ....8-pppd-fix-bounds-check-in-eap-code.patch | 35 -----
> ...-configure-to-handle-cflags-properly.patch | 15 +++
> 9 files changed, 61 insertions(+), 207 deletions(-)
> delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
> delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
> create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>
> diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
> index f1f4f88f2..8d0af69c4 100644
> --- a/config/rootfiles/common/ppp
> +++ b/config/rootfiles/common/ppp
> @@ -2,6 +2,8 @@
> etc/ppp/chap-secrets
> etc/ppp/demonloginscript
> etc/ppp/dialer
> +#etc/ppp/eaptls-client
> +#etc/ppp/eaptls-server
> etc/ppp/ioptions
> etc/ppp/ip-down
> etc/ppp/ip-up
> @@ -12,6 +14,7 @@ etc/ppp/standardloginscript
> #usr/include/pppd/ccp.h
> #usr/include/pppd/chap-new.h
> #usr/include/pppd/chap_ms.h
> +#usr/include/pppd/eap-tls.h
> #usr/include/pppd/eap.h
> #usr/include/pppd/ecp.h
> #usr/include/pppd/eui64.h
> @@ -23,6 +26,7 @@ etc/ppp/standardloginscript
> #usr/include/pppd/magic.h
> #usr/include/pppd/md4.h
> #usr/include/pppd/md5.h
> +#usr/include/pppd/mppe.h
> #usr/include/pppd/patchlevel.h
> #usr/include/pppd/pathnames.h
> #usr/include/pppd/pppcrypt.h
> @@ -33,18 +37,19 @@ etc/ppp/standardloginscript
> #usr/include/pppd/tdb.h
> #usr/include/pppd/upap.h
> usr/lib/pppd
> -usr/lib/pppd/2.4.8
> -#usr/lib/pppd/2.4.8/minconn.so
> -#usr/lib/pppd/2.4.8/openl2tp.so
> -#usr/lib/pppd/2.4.8/passprompt.so
> -#usr/lib/pppd/2.4.8/passwordfd.so
> -#usr/lib/pppd/2.4.8/pppoatm.so
> -#usr/lib/pppd/2.4.8/pppol2tp.so
> -#usr/lib/pppd/2.4.8/radattr.so
> -#usr/lib/pppd/2.4.8/radius.so
> -#usr/lib/pppd/2.4.8/radrealms.so
> -#usr/lib/pppd/2.4.8/rp-pppoe.so
> -#usr/lib/pppd/2.4.8/winbind.so
> +usr/lib/pppd/2.4.9
> +#usr/lib/pppd/2.4.9/minconn.so
> +#usr/lib/pppd/2.4.9/openl2tp.so
> +#usr/lib/pppd/2.4.9/passprompt.so
> +#usr/lib/pppd/2.4.9/passwordfd.so
> +#usr/lib/pppd/2.4.9/pppoatm.so
> +#usr/lib/pppd/2.4.9/pppoe.so
> +#usr/lib/pppd/2.4.9/pppol2tp.so
> +#usr/lib/pppd/2.4.9/radattr.so
> +#usr/lib/pppd/2.4.9/radius.so
> +#usr/lib/pppd/2.4.9/radrealms.so
> +#usr/lib/pppd/2.4.9/rp-pppoe.so
> +#usr/lib/pppd/2.4.9/winbind.so
> usr/sbin/chat
> usr/sbin/pppd
> usr/sbin/pppdump
> diff --git a/lfs/ppp b/lfs/ppp
> index cbac95067..73356b8c4 100644
> --- a/lfs/ppp
> +++ b/lfs/ppp
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
> +# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,12 +24,12 @@
>
> include Config
>
> -VER = 2.4.8
> +VER = 2.4.9
>
> THISAPP = ppp-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> DL_FROM = $(URL_IPFIRE)
> -DIR_APP = $(DIR_SRC)/ppp-$(THISAPP)
> +DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
>
> CFLAGS += -fno-strict-aliasing
> @@ -42,7 +42,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123
> +$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f
>
> install : $(TARGET)
>
> @@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
> cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
> - cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
> - cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
> + cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls
> + cd $(DIR_APP) && make $(MAKETUNING)
> cd $(DIR_APP) && make install
> cd $(DIR_APP) && make install-etcppp
> touch /var/log/connect-errors
> diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
> deleted file mode 100644
> index 4a43d444a..000000000
> --- a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
> +++ /dev/null
> @@ -1,121 +0,0 @@
> -From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
> -From: Michal Sekletar <msekleta@redhat.com>
> -Date: Fri, 4 Apr 2014 11:29:39 +0200
> -Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
> - rpmbuild
> -
> ----
> - chat/Makefile.linux | 2 +-
> - pppd/Makefile.linux | 3 +--
> - pppd/plugins/Makefile.linux | 2 +-
> - pppd/plugins/pppoatm/Makefile.linux | 2 +-
> - pppd/plugins/radius/Makefile.linux | 2 +-
> - pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
> - pppdump/Makefile.linux | 2 +-
> - pppstats/Makefile.linux | 2 +-
> - 8 files changed, 8 insertions(+), 9 deletions(-)
> -
> -diff --git a/chat/Makefile.linux b/chat/Makefile.linux
> -index 1065ac5..848cd8d 100644
> ---- a/chat/Makefile.linux
> -+++ b/chat/Makefile.linux
> -@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
> - CDEF4= -DFNDELAY=O_NDELAY # Old name value
> - CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
> -
> --COPTS= -O2 -g -pipe
> -+COPTS= $(RPM_OPT_FLAGS)
> - CFLAGS= $(COPTS) $(CDEFS)
> -
> - INSTALL= install
> -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
> -index 5a44d30..63872eb 100644
> ---- a/pppd/Makefile.linux
> -+++ b/pppd/Makefile.linux
> -@@ -32,8 +32,7 @@ endif
> -
> - CC = gcc
> - #
> --COPTS = -O2 -pipe -Wall -g
> --LIBS =
> -+COPTS = -Wall $(RPM_OPT_FLAGS)
> -
> - # Uncomment the next 2 lines to include support for Microsoft's
> - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
> -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
> -index 0a7ec7b..e09a369 100644
> ---- a/pppd/plugins/Makefile.linux
> -+++ b/pppd/plugins/Makefile.linux
> -@@ -1,5 +1,5 @@
> - #CC = gcc
> --COPTS = -O2 -g
> -+COPTS = $(RPM_OPT_FLAGS)
> - CFLAGS = $(COPTS) -I.. -I../../include -fPIC
> - LDFLAGS = -shared
> - INSTALL = install
> -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
> -index 20f62e6..5a81447 100644
> ---- a/pppd/plugins/pppoatm/Makefile.linux
> -+++ b/pppd/plugins/pppoatm/Makefile.linux
> -@@ -1,5 +1,5 @@
> - #CC = gcc
> --COPTS = -O2 -g
> -+COPTS = $(RPM_OPT_FLAGS)
> - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
> - LDFLAGS = -shared
> - INSTALL = install
> -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
> -index 24ed3e5..45b3b8d 100644
> ---- a/pppd/plugins/radius/Makefile.linux
> -+++ b/pppd/plugins/radius/Makefile.linux
> -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
> - INSTALL = install
> -
> - PLUGIN=radius.so radattr.so radrealms.so
> --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
> -+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
> -
> - # Uncomment the next line to include support for Microsoft's
> - # MS-CHAP authentication protocol.
> -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
> -index 5d7a271..352991a 100644
> ---- a/pppd/plugins/rp-pppoe/Makefile.linux
> -+++ b/pppd/plugins/rp-pppoe/Makefile.linux
> -@@ -25,7 +25,7 @@ INSTALL = install
> - # Version is set ONLY IN THE MAKEFILE! Don't delete this!
> - RP_VERSION=3.8p
> -
> --COPTS=-O2 -g
> -+COPTS=$(RPM_OPT_FLAGS)
> - CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
> - all: rp-pppoe.so pppoe-discovery
> -
> -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
> -index ac028f6..d0a5032 100644
> ---- a/pppdump/Makefile.linux
> -+++ b/pppdump/Makefile.linux
> -@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
> - BINDIR = $(DESTDIR)/sbin
> - MANDIR = $(DESTDIR)/share/man/man8
> -
> --CFLAGS= -O -I../include/net
> -+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
> - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
> -
> - INSTALL= install
> -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
> -index cca6f0f..42aba73 100644
> ---- a/pppstats/Makefile.linux
> -+++ b/pppstats/Makefile.linux
> -@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
> - PPPSTATOBJS = pppstats.o
> -
> - #CC = gcc
> --COPTS = -O
> -+COPTS = $(RPM_OPT_FLAGS)
> - COMPILE_FLAGS = -I../include
> - LIBS =
> -
> ---
> -1.8.3.1
> -
> diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> index 2513021b2..792d1c42f 100644
> --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644
> free(path);
> errno = err;
> diff --git a/pppd/main.c b/pppd/main.c
> -index 6d50d1b..4880377 100644
> +index 87a5d29..152e4a2 100644
> --- a/pppd/main.c
> +++ b/pppd/main.c
> -@@ -420,7 +420,7 @@ main(argc, argv)
> +@@ -400,7 +400,7 @@ main(int argc, char *argv[])
> die(0);
>
> /* Make sure fds 0, 1, 2 are open to somewhere. */
> @@ -39,11 +39,11 @@ index 6d50d1b..4880377 100644
> if (fd_devnull < 0)
> fatal("Couldn't open %s: %m", _PATH_DEVNULL);
> while (fd_devnull <= 2) {
> -@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
> +@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait)
> if (log_to_fd >= 0)
> errfd = log_to_fd;
> else
> -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
> +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
> + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
>
> ++conn_running;
> diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> index 3475f09a8..fffda981d 100644
> --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
> pppd/plugins/pppoatm/pppoatm.c | 2 +-
> pppd/plugins/pppol2tp/openl2tp.c | 2 +-
> pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
> - pppd/plugins/rp-pppoe/if.c | 2 +-
> - pppd/plugins/rp-pppoe/plugin.c | 6 +++---
> - pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
> + pppd/plugins/pppoe/if.c | 2 +-
> + pppd/plugins/pppoe/plugin.c | 6 +++---
> + pppd/plugins/pppoe/pppoe-discovery.c | 2 +-
> pppd/sys-linux.c | 10 +++++-----
> pppd/tty.c | 2 +-
> 8 files changed, 14 insertions(+), 14 deletions(-)
> @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644
> if (fd >= 0) {
> memset (&ifr, '\0', sizeof (ifr));
> strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
> -diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
> +diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
> index 91e9a57..72aba41 100644
> ---- a/pppd/plugins/rp-pppoe/if.c
> -+++ b/pppd/plugins/rp-pppoe/if.c
> +--- a/pppd/plugins/pppoe/if.c
> ++++ b/pppd/plugins/pppoe/if.c
> @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
> stype = SOCK_PACKET;
> #endif
> @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644
> /* Give a more helpful message for the common error case */
> if (errno == EPERM) {
> fatal("Cannot create raw socket -- pppoe must be run as root.");
> -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
> +diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
> index a8c2bb4..24bdf8f 100644
> ---- a/pppd/plugins/rp-pppoe/plugin.c
> -+++ b/pppd/plugins/rp-pppoe/plugin.c
> +--- a/pppd/plugins/pppoe/plugin.c
> ++++ b/pppd/plugins/pppoe/plugin.c
> @@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
> /* server equipment). */
> /* Opening this socket just before waitForPADS in the discovery() */
> @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644
> r = 0;
> }
>
> -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
> +diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
> index 3d3bf4e..c0d927d 100644
> ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
> -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
> +--- a/pppd/plugins/pppoe/pppoe-discovery.c
> ++++ b/pppd/plugins/pppoe/pppoe-discovery.c
> @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
> stype = SOCK_PACKET;
> #endif
> @@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644
> if (s < 0)
> return 0;
>
> -@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
> - int skfd;
> - const unsigned char *ptr;
> -
> -- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
> -+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
> - if(skfd == -1)
> - {
> - warn("could not open IPv6 socket");
> diff --git a/pppd/tty.c b/pppd/tty.c
> index bc96695..8e76a5d 100644
> --- a/pppd/tty.c
> diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> index 5127c1f10..1b36e8369 100644
> --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> @@ -1,7 +1,7 @@
> -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
> +diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h
> index 9ab2eee..86762bd 100644
> ---- a/pppd/plugins/rp-pppoe/pppoe.h
> -+++ b/pppd/plugins/rp-pppoe/pppoe.h
> +--- a/pppd/plugins/pppoe/pppoe.h
> ++++ b/pppd/plugins/pppoe/pppoe.h
> @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
> #define STATE_TERMINATED 4
>
> diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> index 633eb045a..686db9204 100644
> --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> @@ -1,6 +1,6 @@
> -diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c
> ---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
> -+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
> +diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c
> +--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
> ++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
> @@ -49,6 +49,8 @@
> #include <net/ethernet.h>
> #include <net/if_arp.h>
> diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
> deleted file mode 100644
> index 858769f48..000000000
> --- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -commit 8d7970b8f3db727fe798b65f3377fe6787575426
> -Author: Paul Mackerras <paulus@ozlabs.org>
> -Date: Mon Feb 3 15:53:28 2020 +1100
> -
> - pppd: Fix bounds check in EAP code
> -
> - Given that we have just checked vallen < len, it can never be the case
> - that vallen >= len + sizeof(rhostname). This fixes the check so we
> - actually avoid overflowing the rhostname array.
> -
> - Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
> - Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
> -
> -diff --git a/pppd/eap.c b/pppd/eap.c
> -index 94407f5..1b93db0 100644
> ---- a/pppd/eap.c
> -+++ b/pppd/eap.c
> -@@ -1420,7 +1420,7 @@ int len;
> - }
> -
> - /* Not so likely to happen. */
> -- if (vallen >= len + sizeof (rhostname)) {
> -+ if (len - vallen >= sizeof (rhostname)) {
> - dbglog("EAP: trimming really long peer name down");
> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
> - rhostname[sizeof (rhostname) - 1] = '\0';
> -@@ -1846,7 +1846,7 @@ int len;
> - }
> -
> - /* Not so likely to happen. */
> -- if (vallen >= len + sizeof (rhostname)) {
> -+ if (len - vallen >= sizeof (rhostname)) {
> - dbglog("EAP: trimming really long peer name down");
> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
> - rhostname[sizeof (rhostname) - 1] = '\0';
> diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
> new file mode 100644
> index 000000000..b36ace192
> --- /dev/null
> +++ b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
> @@ -0,0 +1,15 @@
> +--- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200
> ++++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200
> +@@ -121,9 +121,9 @@
> + rm -f $2
> + if [ -f $1 ]; then
> + echo " $2 <= $1"
> +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
> +- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
> +- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
> ++ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \
> ++ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \
> ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2
> + fi
> + }
> +
>
Do you have any details about this?
> On 2 Apr 2021, at 15:49, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> Hello development folks,
>
> I am currently observing some strange memory allocation behaviour with ppp 2.4.9, especially
> after multiple (> 1k) reconnects using CHAP. Since I am not sure whether I messed up a patch
> or this is caused by upstream code, I currently advise against merging this patch.
>
> Further information will be added here as soon as available.
>
> Thanks, and best regards,
> Peter Müller
>
>
>> This is the first ppp release for years, and the project appears to have
>> a different maintainer (team?) by now. As a result, some of our patches
>> are no longer necessary as they made it into upstream, while others need
>> to be adjusted slightly.
>>
>> In addition, their configure script does not handle commas in CFLAGS
>> properly, which is why the delimiter for the 'sed' call in it has to be
>> changed to something neither appearing in a path nor in our CLFAGS set.
>>
>> The full changelog of this release can be retrieved from
>> https://ppp.samba.org/README.html and says:
>>
>> * Support for new EAP (Extensible Authentication Protocol) methods:
>> - Support for EAP-TLS, from Jan Just Keijser and others
>> - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
>> Van Buggenhout and others
>>
>> * New pppd options:
>> - chap-timeout
>> - chapms-strip-domain
>> - replacedefaultroute
>> - noreplacedefaultroute
>> - ipv6cp-accept-remote
>> - lcp-echo-adaptive
>> - ip-up-script
>> - ip-down-script
>> - ca
>> - capath
>> - cert
>> - key
>> - crl-dir
>> - crl
>> - max-tls-version
>> - need-peer-eap
>>
>> * Fixes for CVE-2020-8597 and CVE-2015-3310.
>>
>> * libpcap is now required when compiling on Linux (previously, if
>> libpcap was not present, pppd would be compiled without packet
>> filtering support).
>>
>> * The rp-pppoe plugin has been renamed to pppoe, to distinguish it
>> from the upstream rp-pppoe code. Its options have changed names,
>> but the old names are kept as aliases.
>>
>> * The configure script now supports cross-compilation.
>>
>> * Many bug fixes and cleanups.
>>
>> Thanks to Michael for his hint on the ./configure CFLAGS issue.
>>
>> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
>> ---
>> config/rootfiles/common/ppp | 29 +++--
>> lfs/ppp | 15 +--
>> ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------
>> .../0013-everywhere-O_CLOEXEC-harder.patch | 8 +-
>> ...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 ++---
>> ...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +-
>> src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +-
>> ....8-pppd-fix-bounds-check-in-eap-code.patch | 35 -----
>> ...-configure-to-handle-cflags-properly.patch | 15 +++
>> 9 files changed, 61 insertions(+), 207 deletions(-)
>> delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
>> delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
>> create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>>
>> diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
>> index f1f4f88f2..8d0af69c4 100644
>> --- a/config/rootfiles/common/ppp
>> +++ b/config/rootfiles/common/ppp
>> @@ -2,6 +2,8 @@
>> etc/ppp/chap-secrets
>> etc/ppp/demonloginscript
>> etc/ppp/dialer
>> +#etc/ppp/eaptls-client
>> +#etc/ppp/eaptls-server
>> etc/ppp/ioptions
>> etc/ppp/ip-down
>> etc/ppp/ip-up
>> @@ -12,6 +14,7 @@ etc/ppp/standardloginscript
>> #usr/include/pppd/ccp.h
>> #usr/include/pppd/chap-new.h
>> #usr/include/pppd/chap_ms.h
>> +#usr/include/pppd/eap-tls.h
>> #usr/include/pppd/eap.h
>> #usr/include/pppd/ecp.h
>> #usr/include/pppd/eui64.h
>> @@ -23,6 +26,7 @@ etc/ppp/standardloginscript
>> #usr/include/pppd/magic.h
>> #usr/include/pppd/md4.h
>> #usr/include/pppd/md5.h
>> +#usr/include/pppd/mppe.h
>> #usr/include/pppd/patchlevel.h
>> #usr/include/pppd/pathnames.h
>> #usr/include/pppd/pppcrypt.h
>> @@ -33,18 +37,19 @@ etc/ppp/standardloginscript
>> #usr/include/pppd/tdb.h
>> #usr/include/pppd/upap.h
>> usr/lib/pppd
>> -usr/lib/pppd/2.4.8
>> -#usr/lib/pppd/2.4.8/minconn.so
>> -#usr/lib/pppd/2.4.8/openl2tp.so
>> -#usr/lib/pppd/2.4.8/passprompt.so
>> -#usr/lib/pppd/2.4.8/passwordfd.so
>> -#usr/lib/pppd/2.4.8/pppoatm.so
>> -#usr/lib/pppd/2.4.8/pppol2tp.so
>> -#usr/lib/pppd/2.4.8/radattr.so
>> -#usr/lib/pppd/2.4.8/radius.so
>> -#usr/lib/pppd/2.4.8/radrealms.so
>> -#usr/lib/pppd/2.4.8/rp-pppoe.so
>> -#usr/lib/pppd/2.4.8/winbind.so
>> +usr/lib/pppd/2.4.9
>> +#usr/lib/pppd/2.4.9/minconn.so
>> +#usr/lib/pppd/2.4.9/openl2tp.so
>> +#usr/lib/pppd/2.4.9/passprompt.so
>> +#usr/lib/pppd/2.4.9/passwordfd.so
>> +#usr/lib/pppd/2.4.9/pppoatm.so
>> +#usr/lib/pppd/2.4.9/pppoe.so
>> +#usr/lib/pppd/2.4.9/pppol2tp.so
>> +#usr/lib/pppd/2.4.9/radattr.so
>> +#usr/lib/pppd/2.4.9/radius.so
>> +#usr/lib/pppd/2.4.9/radrealms.so
>> +#usr/lib/pppd/2.4.9/rp-pppoe.so
>> +#usr/lib/pppd/2.4.9/winbind.so
>> usr/sbin/chat
>> usr/sbin/pppd
>> usr/sbin/pppdump
>> diff --git a/lfs/ppp b/lfs/ppp
>> index cbac95067..73356b8c4 100644
>> --- a/lfs/ppp
>> +++ b/lfs/ppp
>> @@ -1,7 +1,7 @@
>> ###############################################################################
>> # #
>> # IPFire.org - A linux based firewall #
>> -# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
>> +# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
>> # #
>> # This program is free software: you can redistribute it and/or modify #
>> # it under the terms of the GNU General Public License as published by #
>> @@ -24,12 +24,12 @@
>>
>> include Config
>>
>> -VER = 2.4.8
>> +VER = 2.4.9
>>
>> THISAPP = ppp-$(VER)
>> DL_FILE = $(THISAPP).tar.gz
>> DL_FROM = $(URL_IPFIRE)
>> -DIR_APP = $(DIR_SRC)/ppp-$(THISAPP)
>> +DIR_APP = $(DIR_SRC)/$(THISAPP)
>> TARGET = $(DIR_INFO)/$(THISAPP)
>>
>> CFLAGS += -fno-strict-aliasing
>> @@ -42,7 +42,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123
>> +$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f
>>
>> install : $(TARGET)
>>
>> @@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>> @$(PREBUILD)
>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
>> cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
>> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
>> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
>> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
>> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>> cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
>> - cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
>> - cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
>> + cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls
>> + cd $(DIR_APP) && make $(MAKETUNING)
>> cd $(DIR_APP) && make install
>> cd $(DIR_APP) && make install-etcppp
>> touch /var/log/connect-errors
>> diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
>> deleted file mode 100644
>> index 4a43d444a..000000000
>> --- a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
>> +++ /dev/null
>> @@ -1,121 +0,0 @@
>> -From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
>> -From: Michal Sekletar <msekleta@redhat.com>
>> -Date: Fri, 4 Apr 2014 11:29:39 +0200
>> -Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
>> - rpmbuild
>> -
>> ----
>> - chat/Makefile.linux | 2 +-
>> - pppd/Makefile.linux | 3 +--
>> - pppd/plugins/Makefile.linux | 2 +-
>> - pppd/plugins/pppoatm/Makefile.linux | 2 +-
>> - pppd/plugins/radius/Makefile.linux | 2 +-
>> - pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
>> - pppdump/Makefile.linux | 2 +-
>> - pppstats/Makefile.linux | 2 +-
>> - 8 files changed, 8 insertions(+), 9 deletions(-)
>> -
>> -diff --git a/chat/Makefile.linux b/chat/Makefile.linux
>> -index 1065ac5..848cd8d 100644
>> ---- a/chat/Makefile.linux
>> -+++ b/chat/Makefile.linux
>> -@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
>> - CDEF4= -DFNDELAY=O_NDELAY # Old name value
>> - CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
>> -
>> --COPTS= -O2 -g -pipe
>> -+COPTS= $(RPM_OPT_FLAGS)
>> - CFLAGS= $(COPTS) $(CDEFS)
>> -
>> - INSTALL= install
>> -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
>> -index 5a44d30..63872eb 100644
>> ---- a/pppd/Makefile.linux
>> -+++ b/pppd/Makefile.linux
>> -@@ -32,8 +32,7 @@ endif
>> -
>> - CC = gcc
>> - #
>> --COPTS = -O2 -pipe -Wall -g
>> --LIBS =
>> -+COPTS = -Wall $(RPM_OPT_FLAGS)
>> -
>> - # Uncomment the next 2 lines to include support for Microsoft's
>> - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
>> -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
>> -index 0a7ec7b..e09a369 100644
>> ---- a/pppd/plugins/Makefile.linux
>> -+++ b/pppd/plugins/Makefile.linux
>> -@@ -1,5 +1,5 @@
>> - #CC = gcc
>> --COPTS = -O2 -g
>> -+COPTS = $(RPM_OPT_FLAGS)
>> - CFLAGS = $(COPTS) -I.. -I../../include -fPIC
>> - LDFLAGS = -shared
>> - INSTALL = install
>> -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
>> -index 20f62e6..5a81447 100644
>> ---- a/pppd/plugins/pppoatm/Makefile.linux
>> -+++ b/pppd/plugins/pppoatm/Makefile.linux
>> -@@ -1,5 +1,5 @@
>> - #CC = gcc
>> --COPTS = -O2 -g
>> -+COPTS = $(RPM_OPT_FLAGS)
>> - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
>> - LDFLAGS = -shared
>> - INSTALL = install
>> -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
>> -index 24ed3e5..45b3b8d 100644
>> ---- a/pppd/plugins/radius/Makefile.linux
>> -+++ b/pppd/plugins/radius/Makefile.linux
>> -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
>> - INSTALL = install
>> -
>> - PLUGIN=radius.so radattr.so radrealms.so
>> --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
>> -+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
>> -
>> - # Uncomment the next line to include support for Microsoft's
>> - # MS-CHAP authentication protocol.
>> -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
>> -index 5d7a271..352991a 100644
>> ---- a/pppd/plugins/rp-pppoe/Makefile.linux
>> -+++ b/pppd/plugins/rp-pppoe/Makefile.linux
>> -@@ -25,7 +25,7 @@ INSTALL = install
>> - # Version is set ONLY IN THE MAKEFILE! Don't delete this!
>> - RP_VERSION=3.8p
>> -
>> --COPTS=-O2 -g
>> -+COPTS=$(RPM_OPT_FLAGS)
>> - CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
>> - all: rp-pppoe.so pppoe-discovery
>> -
>> -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
>> -index ac028f6..d0a5032 100644
>> ---- a/pppdump/Makefile.linux
>> -+++ b/pppdump/Makefile.linux
>> -@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
>> - BINDIR = $(DESTDIR)/sbin
>> - MANDIR = $(DESTDIR)/share/man/man8
>> -
>> --CFLAGS= -O -I../include/net
>> -+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
>> - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
>> -
>> - INSTALL= install
>> -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
>> -index cca6f0f..42aba73 100644
>> ---- a/pppstats/Makefile.linux
>> -+++ b/pppstats/Makefile.linux
>> -@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
>> - PPPSTATOBJS = pppstats.o
>> -
>> - #CC = gcc
>> --COPTS = -O
>> -+COPTS = $(RPM_OPT_FLAGS)
>> - COMPILE_FLAGS = -I../include
>> - LIBS =
>> -
>> ---
>> -1.8.3.1
>> -
>> diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
>> index 2513021b2..792d1c42f 100644
>> --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
>> +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
>> @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644
>> free(path);
>> errno = err;
>> diff --git a/pppd/main.c b/pppd/main.c
>> -index 6d50d1b..4880377 100644
>> +index 87a5d29..152e4a2 100644
>> --- a/pppd/main.c
>> +++ b/pppd/main.c
>> -@@ -420,7 +420,7 @@ main(argc, argv)
>> +@@ -400,7 +400,7 @@ main(int argc, char *argv[])
>> die(0);
>>
>> /* Make sure fds 0, 1, 2 are open to somewhere. */
>> @@ -39,11 +39,11 @@ index 6d50d1b..4880377 100644
>> if (fd_devnull < 0)
>> fatal("Couldn't open %s: %m", _PATH_DEVNULL);
>> while (fd_devnull <= 2) {
>> -@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
>> +@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait)
>> if (log_to_fd >= 0)
>> errfd = log_to_fd;
>> else
>> -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
>> +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
>> + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
>>
>> ++conn_running;
>> diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
>> index 3475f09a8..fffda981d 100644
>> --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
>> +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
>> @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
>> pppd/plugins/pppoatm/pppoatm.c | 2 +-
>> pppd/plugins/pppol2tp/openl2tp.c | 2 +-
>> pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
>> - pppd/plugins/rp-pppoe/if.c | 2 +-
>> - pppd/plugins/rp-pppoe/plugin.c | 6 +++---
>> - pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
>> + pppd/plugins/pppoe/if.c | 2 +-
>> + pppd/plugins/pppoe/plugin.c | 6 +++---
>> + pppd/plugins/pppoe/pppoe-discovery.c | 2 +-
>> pppd/sys-linux.c | 10 +++++-----
>> pppd/tty.c | 2 +-
>> 8 files changed, 14 insertions(+), 14 deletions(-)
>> @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644
>> if (fd >= 0) {
>> memset (&ifr, '\0', sizeof (ifr));
>> strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
>> -diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
>> +diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
>> index 91e9a57..72aba41 100644
>> ---- a/pppd/plugins/rp-pppoe/if.c
>> -+++ b/pppd/plugins/rp-pppoe/if.c
>> +--- a/pppd/plugins/pppoe/if.c
>> ++++ b/pppd/plugins/pppoe/if.c
>> @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
>> stype = SOCK_PACKET;
>> #endif
>> @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644
>> /* Give a more helpful message for the common error case */
>> if (errno == EPERM) {
>> fatal("Cannot create raw socket -- pppoe must be run as root.");
>> -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
>> +diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
>> index a8c2bb4..24bdf8f 100644
>> ---- a/pppd/plugins/rp-pppoe/plugin.c
>> -+++ b/pppd/plugins/rp-pppoe/plugin.c
>> +--- a/pppd/plugins/pppoe/plugin.c
>> ++++ b/pppd/plugins/pppoe/plugin.c
>> @@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
>> /* server equipment). */
>> /* Opening this socket just before waitForPADS in the discovery() */
>> @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644
>> r = 0;
>> }
>>
>> -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
>> +diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
>> index 3d3bf4e..c0d927d 100644
>> ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
>> -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
>> +--- a/pppd/plugins/pppoe/pppoe-discovery.c
>> ++++ b/pppd/plugins/pppoe/pppoe-discovery.c
>> @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
>> stype = SOCK_PACKET;
>> #endif
>> @@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644
>> if (s < 0)
>> return 0;
>>
>> -@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
>> - int skfd;
>> - const unsigned char *ptr;
>> -
>> -- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
>> -+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
>> - if(skfd == -1)
>> - {
>> - warn("could not open IPv6 socket");
>> diff --git a/pppd/tty.c b/pppd/tty.c
>> index bc96695..8e76a5d 100644
>> --- a/pppd/tty.c
>> diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
>> index 5127c1f10..1b36e8369 100644
>> --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
>> +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
>> @@ -1,7 +1,7 @@
>> -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
>> +diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h
>> index 9ab2eee..86762bd 100644
>> ---- a/pppd/plugins/rp-pppoe/pppoe.h
>> -+++ b/pppd/plugins/rp-pppoe/pppoe.h
>> +--- a/pppd/plugins/pppoe/pppoe.h
>> ++++ b/pppd/plugins/pppoe/pppoe.h
>> @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
>> #define STATE_TERMINATED 4
>>
>> diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
>> index 633eb045a..686db9204 100644
>> --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
>> +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
>> @@ -1,6 +1,6 @@
>> -diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c
>> ---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
>> -+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
>> +diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c
>> +--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
>> ++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
>> @@ -49,6 +49,8 @@
>> #include <net/ethernet.h>
>> #include <net/if_arp.h>
>> diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
>> deleted file mode 100644
>> index 858769f48..000000000
>> --- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
>> +++ /dev/null
>> @@ -1,35 +0,0 @@
>> -commit 8d7970b8f3db727fe798b65f3377fe6787575426
>> -Author: Paul Mackerras <paulus@ozlabs.org>
>> -Date: Mon Feb 3 15:53:28 2020 +1100
>> -
>> - pppd: Fix bounds check in EAP code
>> -
>> - Given that we have just checked vallen < len, it can never be the case
>> - that vallen >= len + sizeof(rhostname). This fixes the check so we
>> - actually avoid overflowing the rhostname array.
>> -
>> - Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
>> - Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
>> -
>> -diff --git a/pppd/eap.c b/pppd/eap.c
>> -index 94407f5..1b93db0 100644
>> ---- a/pppd/eap.c
>> -+++ b/pppd/eap.c
>> -@@ -1420,7 +1420,7 @@ int len;
>> - }
>> -
>> - /* Not so likely to happen. */
>> -- if (vallen >= len + sizeof (rhostname)) {
>> -+ if (len - vallen >= sizeof (rhostname)) {
>> - dbglog("EAP: trimming really long peer name down");
>> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
>> - rhostname[sizeof (rhostname) - 1] = '\0';
>> -@@ -1846,7 +1846,7 @@ int len;
>> - }
>> -
>> - /* Not so likely to happen. */
>> -- if (vallen >= len + sizeof (rhostname)) {
>> -+ if (len - vallen >= sizeof (rhostname)) {
>> - dbglog("EAP: trimming really long peer name down");
>> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
>> - rhostname[sizeof (rhostname) - 1] = '\0';
>> diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>> new file mode 100644
>> index 000000000..b36ace192
>> --- /dev/null
>> +++ b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>> @@ -0,0 +1,15 @@
>> +--- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200
>> ++++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200
>> +@@ -121,9 +121,9 @@
>> + rm -f $2
>> + if [ -f $1 ]; then
>> + echo " $2 <= $1"
>> +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
>> +- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
>> +- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
>> ++ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \
>> ++ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \
>> ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2
>> + fi
>> + }
>> +
>>
@@ -2,6 +2,8 @@
etc/ppp/chap-secrets
etc/ppp/demonloginscript
etc/ppp/dialer
+#etc/ppp/eaptls-client
+#etc/ppp/eaptls-server
etc/ppp/ioptions
etc/ppp/ip-down
etc/ppp/ip-up
@@ -12,6 +14,7 @@ etc/ppp/standardloginscript
#usr/include/pppd/ccp.h
#usr/include/pppd/chap-new.h
#usr/include/pppd/chap_ms.h
+#usr/include/pppd/eap-tls.h
#usr/include/pppd/eap.h
#usr/include/pppd/ecp.h
#usr/include/pppd/eui64.h
@@ -23,6 +26,7 @@ etc/ppp/standardloginscript
#usr/include/pppd/magic.h
#usr/include/pppd/md4.h
#usr/include/pppd/md5.h
+#usr/include/pppd/mppe.h
#usr/include/pppd/patchlevel.h
#usr/include/pppd/pathnames.h
#usr/include/pppd/pppcrypt.h
@@ -33,18 +37,19 @@ etc/ppp/standardloginscript
#usr/include/pppd/tdb.h
#usr/include/pppd/upap.h
usr/lib/pppd
-usr/lib/pppd/2.4.8
-#usr/lib/pppd/2.4.8/minconn.so
-#usr/lib/pppd/2.4.8/openl2tp.so
-#usr/lib/pppd/2.4.8/passprompt.so
-#usr/lib/pppd/2.4.8/passwordfd.so
-#usr/lib/pppd/2.4.8/pppoatm.so
-#usr/lib/pppd/2.4.8/pppol2tp.so
-#usr/lib/pppd/2.4.8/radattr.so
-#usr/lib/pppd/2.4.8/radius.so
-#usr/lib/pppd/2.4.8/radrealms.so
-#usr/lib/pppd/2.4.8/rp-pppoe.so
-#usr/lib/pppd/2.4.8/winbind.so
+usr/lib/pppd/2.4.9
+#usr/lib/pppd/2.4.9/minconn.so
+#usr/lib/pppd/2.4.9/openl2tp.so
+#usr/lib/pppd/2.4.9/passprompt.so
+#usr/lib/pppd/2.4.9/passwordfd.so
+#usr/lib/pppd/2.4.9/pppoatm.so
+#usr/lib/pppd/2.4.9/pppoe.so
+#usr/lib/pppd/2.4.9/pppol2tp.so
+#usr/lib/pppd/2.4.9/radattr.so
+#usr/lib/pppd/2.4.9/radius.so
+#usr/lib/pppd/2.4.9/radrealms.so
+#usr/lib/pppd/2.4.9/rp-pppoe.so
+#usr/lib/pppd/2.4.9/winbind.so
usr/sbin/chat
usr/sbin/pppd
usr/sbin/pppdump
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,12 +24,12 @@
include Config
-VER = 2.4.8
+VER = 2.4.9
THISAPP = ppp-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/ppp-$(THISAPP)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
CFLAGS += -fno-strict-aliasing
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123
+$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f
install : $(TARGET)
@@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
- cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
- cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
+ cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls
+ cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
cd $(DIR_APP) && make install-etcppp
touch /var/log/connect-errors
deleted file mode 100644
@@ -1,121 +0,0 @@
-From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Fri, 4 Apr 2014 11:29:39 +0200
-Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
- rpmbuild
-
----
- chat/Makefile.linux | 2 +-
- pppd/Makefile.linux | 3 +--
- pppd/plugins/Makefile.linux | 2 +-
- pppd/plugins/pppoatm/Makefile.linux | 2 +-
- pppd/plugins/radius/Makefile.linux | 2 +-
- pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
- pppdump/Makefile.linux | 2 +-
- pppstats/Makefile.linux | 2 +-
- 8 files changed, 8 insertions(+), 9 deletions(-)
-
-diff --git a/chat/Makefile.linux b/chat/Makefile.linux
-index 1065ac5..848cd8d 100644
---- a/chat/Makefile.linux
-+++ b/chat/Makefile.linux
-@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
- CDEF4= -DFNDELAY=O_NDELAY # Old name value
- CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
-
--COPTS= -O2 -g -pipe
-+COPTS= $(RPM_OPT_FLAGS)
- CFLAGS= $(COPTS) $(CDEFS)
-
- INSTALL= install
-diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index 5a44d30..63872eb 100644
---- a/pppd/Makefile.linux
-+++ b/pppd/Makefile.linux
-@@ -32,8 +32,7 @@ endif
-
- CC = gcc
- #
--COPTS = -O2 -pipe -Wall -g
--LIBS =
-+COPTS = -Wall $(RPM_OPT_FLAGS)
-
- # Uncomment the next 2 lines to include support for Microsoft's
- # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
-diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
-index 0a7ec7b..e09a369 100644
---- a/pppd/plugins/Makefile.linux
-+++ b/pppd/plugins/Makefile.linux
-@@ -1,5 +1,5 @@
- #CC = gcc
--COPTS = -O2 -g
-+COPTS = $(RPM_OPT_FLAGS)
- CFLAGS = $(COPTS) -I.. -I../../include -fPIC
- LDFLAGS = -shared
- INSTALL = install
-diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
-index 20f62e6..5a81447 100644
---- a/pppd/plugins/pppoatm/Makefile.linux
-+++ b/pppd/plugins/pppoatm/Makefile.linux
-@@ -1,5 +1,5 @@
- #CC = gcc
--COPTS = -O2 -g
-+COPTS = $(RPM_OPT_FLAGS)
- CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
- LDFLAGS = -shared
- INSTALL = install
-diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
-index 24ed3e5..45b3b8d 100644
---- a/pppd/plugins/radius/Makefile.linux
-+++ b/pppd/plugins/radius/Makefile.linux
-@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
- INSTALL = install
-
- PLUGIN=radius.so radattr.so radrealms.so
--CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
-+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
-
- # Uncomment the next line to include support for Microsoft's
- # MS-CHAP authentication protocol.
-diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
-index 5d7a271..352991a 100644
---- a/pppd/plugins/rp-pppoe/Makefile.linux
-+++ b/pppd/plugins/rp-pppoe/Makefile.linux
-@@ -25,7 +25,7 @@ INSTALL = install
- # Version is set ONLY IN THE MAKEFILE! Don't delete this!
- RP_VERSION=3.8p
-
--COPTS=-O2 -g
-+COPTS=$(RPM_OPT_FLAGS)
- CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
- all: rp-pppoe.so pppoe-discovery
-
-diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
-index ac028f6..d0a5032 100644
---- a/pppdump/Makefile.linux
-+++ b/pppdump/Makefile.linux
-@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
- BINDIR = $(DESTDIR)/sbin
- MANDIR = $(DESTDIR)/share/man/man8
-
--CFLAGS= -O -I../include/net
-+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
- OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
-
- INSTALL= install
-diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
-index cca6f0f..42aba73 100644
---- a/pppstats/Makefile.linux
-+++ b/pppstats/Makefile.linux
-@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
- PPPSTATOBJS = pppstats.o
-
- #CC = gcc
--COPTS = -O
-+COPTS = $(RPM_OPT_FLAGS)
- COMPILE_FLAGS = -I../include
- LIBS =
-
-1.8.3.1
-
@@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644
free(path);
errno = err;
diff --git a/pppd/main.c b/pppd/main.c
-index 6d50d1b..4880377 100644
+index 87a5d29..152e4a2 100644
--- a/pppd/main.c
+++ b/pppd/main.c
-@@ -420,7 +420,7 @@ main(argc, argv)
+@@ -400,7 +400,7 @@ main(int argc, char *argv[])
die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */
@@ -39,11 +39,11 @@ index 6d50d1b..4880377 100644
if (fd_devnull < 0)
fatal("Couldn't open %s: %m", _PATH_DEVNULL);
while (fd_devnull <= 2) {
-@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
+@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait)
if (log_to_fd >= 0)
errfd = log_to_fd;
else
-- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
+- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
++conn_running;
@@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
pppd/plugins/pppoatm/pppoatm.c | 2 +-
pppd/plugins/pppol2tp/openl2tp.c | 2 +-
pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
- pppd/plugins/rp-pppoe/if.c | 2 +-
- pppd/plugins/rp-pppoe/plugin.c | 6 +++---
- pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
+ pppd/plugins/pppoe/if.c | 2 +-
+ pppd/plugins/pppoe/plugin.c | 6 +++---
+ pppd/plugins/pppoe/pppoe-discovery.c | 2 +-
pppd/sys-linux.c | 10 +++++-----
pppd/tty.c | 2 +-
8 files changed, 14 insertions(+), 14 deletions(-)
@@ -53,10 +53,10 @@ index a7e3400..e64a778 100644
if (fd >= 0) {
memset (&ifr, '\0', sizeof (ifr));
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
-diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
+diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
index 91e9a57..72aba41 100644
---- a/pppd/plugins/rp-pppoe/if.c
-+++ b/pppd/plugins/rp-pppoe/if.c
+--- a/pppd/plugins/pppoe/if.c
++++ b/pppd/plugins/pppoe/if.c
@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
@@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
fatal("Cannot create raw socket -- pppoe must be run as root.");
-diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
+diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
index a8c2bb4..24bdf8f 100644
---- a/pppd/plugins/rp-pppoe/plugin.c
-+++ b/pppd/plugins/rp-pppoe/plugin.c
+--- a/pppd/plugins/pppoe/plugin.c
++++ b/pppd/plugins/pppoe/plugin.c
@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
/* server equipment). */
/* Opening this socket just before waitForPADS in the discovery() */
@@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644
r = 0;
}
-diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
index 3d3bf4e..c0d927d 100644
---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
-+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+--- a/pppd/plugins/pppoe/pppoe-discovery.c
++++ b/pppd/plugins/pppoe/pppoe-discovery.c
@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
@@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644
if (s < 0)
return 0;
-@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
- int skfd;
- const unsigned char *ptr;
-
-- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
-+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if(skfd == -1)
- {
- warn("could not open IPv6 socket");
diff --git a/pppd/tty.c b/pppd/tty.c
index bc96695..8e76a5d 100644
--- a/pppd/tty.c
@@ -1,7 +1,7 @@
-diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h
index 9ab2eee..86762bd 100644
---- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
+--- a/pppd/plugins/pppoe/pppoe.h
++++ b/pppd/plugins/pppoe/pppoe.h
@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
#define STATE_TERMINATED 4
@@ -1,6 +1,6 @@
-diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c
---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
+diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c
+--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
@@ -49,6 +49,8 @@
#include <net/ethernet.h>
#include <net/if_arp.h>
deleted file mode 100644
@@ -1,35 +0,0 @@
-commit 8d7970b8f3db727fe798b65f3377fe6787575426
-Author: Paul Mackerras <paulus@ozlabs.org>
-Date: Mon Feb 3 15:53:28 2020 +1100
-
- pppd: Fix bounds check in EAP code
-
- Given that we have just checked vallen < len, it can never be the case
- that vallen >= len + sizeof(rhostname). This fixes the check so we
- actually avoid overflowing the rhostname array.
-
- Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
- Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
-
-diff --git a/pppd/eap.c b/pppd/eap.c
-index 94407f5..1b93db0 100644
---- a/pppd/eap.c
-+++ b/pppd/eap.c
-@@ -1420,7 +1420,7 @@ int len;
- }
-
- /* Not so likely to happen. */
-- if (vallen >= len + sizeof (rhostname)) {
-+ if (len - vallen >= sizeof (rhostname)) {
- dbglog("EAP: trimming really long peer name down");
- BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
- rhostname[sizeof (rhostname) - 1] = '\0';
-@@ -1846,7 +1846,7 @@ int len;
- }
-
- /* Not so likely to happen. */
-- if (vallen >= len + sizeof (rhostname)) {
-+ if (len - vallen >= sizeof (rhostname)) {
- dbglog("EAP: trimming really long peer name down");
- BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
- rhostname[sizeof (rhostname) - 1] = '\0';
new file mode 100644
@@ -0,0 +1,15 @@
+--- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200
++++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200
+@@ -121,9 +121,9 @@
+ rm -f $2
+ if [ -f $1 ]; then
+ echo " $2 <= $1"
+- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
+- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
+- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
++ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \
++ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \
++ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2
+ fi
+ }
+