From patchwork Wed Jul 7 19:49:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4491 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GKqkS6kM2z3xCm for ; Wed, 7 Jul 2021 19:49:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4GKqkQ6lQVz17N; Wed, 7 Jul 2021 19:49:18 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GKqkQ56nFz2y4C; Wed, 7 Jul 2021 19:49:18 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GKqkN6lx7z2xSb for ; Wed, 7 Jul 2021 19:49:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4GKqkM4LNYz177 for ; Wed, 7 Jul 2021 19:49:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1625687356; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gDvLbZEMMqrs0ooOkel+2z+thupUfYosK+P1UBUThZo=; b=YiFSKvE1u2YYmY5ogYS2pT3YbwzAtvhCPX6kO9HdG68/GWWr4WUZ4yOOgb4t+awi0gOtms 1Ts4HlVpzTEsasDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1625687356; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gDvLbZEMMqrs0ooOkel+2z+thupUfYosK+P1UBUThZo=; b=PskUBODu4tUpbcrcnZY3g2B/lw81d+mbNOnV+jxDVNl7ipIG1dRAHH4IbsPS4jl/UUWSwR BLAhr0uydKB23N5EgmsghWXvbUWU8UgqZHQCyyH2XgJUvlhPYqsQ5OiNmIqPgUJLnE6XTh Pcqqy9H08AEH7+Je27gFSq85Eu40ElswRTGIZlhLMKhu5ZC2ku2pueOErBdDvEz1LOQugs VCySDknwkhhs4LdgDq7pJqKPfs0fuvv7vqdm93TBP1wet4dw0KSRpXge4Eiid3JSwY0DEm b+w5aKj5W1dktwrjbckzdNmfwCkcp9kvVTQ+grInbl2wS75XmtiYE/kx5yYRhw== To: "IPFire: Development" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/2] Revert "Revert "ppp: update to 2.4.9"" Message-ID: <4d95ffef-feac-4505-7528-d45a247165fb@ipfire.org> Date: Wed, 7 Jul 2021 21:49:11 +0200 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This reverts commit 2d6e633d7f20bd94cbc36880049d2599e93bdaf3. --- config/rootfiles/common/ppp | 29 +++-- lfs/ppp | 15 +-- ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------ .../0013-everywhere-O_CLOEXEC-harder.patch | 10 +- ...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 ++--- ...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +- src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +- ....8-pppd-fix-bounds-check-in-eap-code.patch | 35 ----- ...-configure-to-handle-cflags-properly.patch | 15 +++ 9 files changed, 62 insertions(+), 208 deletions(-) delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index f1f4f88f2..d61fdf811 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -2,6 +2,8 @@ etc/ppp/chap-secrets etc/ppp/demonloginscript etc/ppp/dialer +#etc/ppp/eaptls-client +#etc/ppp/eaptls-server etc/ppp/ioptions etc/ppp/ip-down etc/ppp/ip-up @@ -12,6 +14,7 @@ etc/ppp/standardloginscript #usr/include/pppd/ccp.h #usr/include/pppd/chap-new.h #usr/include/pppd/chap_ms.h +#usr/include/pppd/eap-tls.h #usr/include/pppd/eap.h #usr/include/pppd/ecp.h #usr/include/pppd/eui64.h @@ -23,6 +26,7 @@ etc/ppp/standardloginscript #usr/include/pppd/magic.h #usr/include/pppd/md4.h #usr/include/pppd/md5.h +#usr/include/pppd/mppe.h #usr/include/pppd/patchlevel.h #usr/include/pppd/pathnames.h #usr/include/pppd/pppcrypt.h @@ -33,18 +37,19 @@ etc/ppp/standardloginscript #usr/include/pppd/tdb.h #usr/include/pppd/upap.h usr/lib/pppd -usr/lib/pppd/2.4.8 -#usr/lib/pppd/2.4.8/minconn.so -#usr/lib/pppd/2.4.8/openl2tp.so -#usr/lib/pppd/2.4.8/passprompt.so -#usr/lib/pppd/2.4.8/passwordfd.so -#usr/lib/pppd/2.4.8/pppoatm.so -#usr/lib/pppd/2.4.8/pppol2tp.so -#usr/lib/pppd/2.4.8/radattr.so -#usr/lib/pppd/2.4.8/radius.so -#usr/lib/pppd/2.4.8/radrealms.so -#usr/lib/pppd/2.4.8/rp-pppoe.so -#usr/lib/pppd/2.4.8/winbind.so +usr/lib/pppd/2.4.9 +usr/lib/pppd/2.4.9/minconn.so +usr/lib/pppd/2.4.9/openl2tp.so +usr/lib/pppd/2.4.9/passprompt.so +usr/lib/pppd/2.4.9/passwordfd.so +usr/lib/pppd/2.4.9/pppoatm.so +usr/lib/pppd/2.4.9/pppoe.so +usr/lib/pppd/2.4.9/pppol2tp.so +usr/lib/pppd/2.4.9/radattr.so +usr/lib/pppd/2.4.9/radius.so +usr/lib/pppd/2.4.9/radrealms.so +usr/lib/pppd/2.4.9/rp-pppoe.so +usr/lib/pppd/2.4.9/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump diff --git a/lfs/ppp b/lfs/ppp index cbac95067..73356b8c4 100644 --- a/lfs/ppp +++ b/lfs/ppp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,12 +24,12 @@ include Config -VER = 2.4.8 +VER = 2.4.9 THISAPP = ppp-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/ppp-$(THISAPP) +DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) CFLAGS += -fno-strict-aliasing @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123 +$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f install : $(TARGET) @@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h - cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls - cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)" + cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls + cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install cd $(DIR_APP) && make install-etcppp touch /var/log/connect-errors diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch deleted file mode 100644 index 4a43d444a..000000000 --- a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch +++ /dev/null @@ -1,121 +0,0 @@ -From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Fri, 4 Apr 2014 11:29:39 +0200 -Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by - rpmbuild - ---- - chat/Makefile.linux | 2 +- - pppd/Makefile.linux | 3 +-- - pppd/plugins/Makefile.linux | 2 +- - pppd/plugins/pppoatm/Makefile.linux | 2 +- - pppd/plugins/radius/Makefile.linux | 2 +- - pppd/plugins/rp-pppoe/Makefile.linux | 2 +- - pppdump/Makefile.linux | 2 +- - pppstats/Makefile.linux | 2 +- - 8 files changed, 8 insertions(+), 9 deletions(-) - -diff --git a/chat/Makefile.linux b/chat/Makefile.linux -index 1065ac5..848cd8d 100644 ---- a/chat/Makefile.linux -+++ b/chat/Makefile.linux -@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function - CDEF4= -DFNDELAY=O_NDELAY # Old name value - CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) - --COPTS= -O2 -g -pipe -+COPTS= $(RPM_OPT_FLAGS) - CFLAGS= $(COPTS) $(CDEFS) - - INSTALL= install -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 5a44d30..63872eb 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -32,8 +32,7 @@ endif - - CC = gcc - # --COPTS = -O2 -pipe -Wall -g --LIBS = -+COPTS = -Wall $(RPM_OPT_FLAGS) - - # Uncomment the next 2 lines to include support for Microsoft's - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux -index 0a7ec7b..e09a369 100644 ---- a/pppd/plugins/Makefile.linux -+++ b/pppd/plugins/Makefile.linux -@@ -1,5 +1,5 @@ - #CC = gcc --COPTS = -O2 -g -+COPTS = $(RPM_OPT_FLAGS) - CFLAGS = $(COPTS) -I.. -I../../include -fPIC - LDFLAGS = -shared - INSTALL = install -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux -index 20f62e6..5a81447 100644 ---- a/pppd/plugins/pppoatm/Makefile.linux -+++ b/pppd/plugins/pppoatm/Makefile.linux -@@ -1,5 +1,5 @@ - #CC = gcc --COPTS = -O2 -g -+COPTS = $(RPM_OPT_FLAGS) - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC - LDFLAGS = -shared - INSTALL = install -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux -index 24ed3e5..45b3b8d 100644 ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - INSTALL = install - - PLUGIN=radius.so radattr.so radrealms.so --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON - - # Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux -index 5d7a271..352991a 100644 ---- a/pppd/plugins/rp-pppoe/Makefile.linux -+++ b/pppd/plugins/rp-pppoe/Makefile.linux -@@ -25,7 +25,7 @@ INSTALL = install - # Version is set ONLY IN THE MAKEFILE! Don't delete this! - RP_VERSION=3.8p - --COPTS=-O2 -g -+COPTS=$(RPM_OPT_FLAGS) - CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' - all: rp-pppoe.so pppoe-discovery - -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux -index ac028f6..d0a5032 100644 ---- a/pppdump/Makefile.linux -+++ b/pppdump/Makefile.linux -@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin - MANDIR = $(DESTDIR)/share/man/man8 - --CFLAGS= -O -I../include/net -+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o - - INSTALL= install -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux -index cca6f0f..42aba73 100644 ---- a/pppstats/Makefile.linux -+++ b/pppstats/Makefile.linux -@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c - PPPSTATOBJS = pppstats.o - - #CC = gcc --COPTS = -O -+COPTS = $(RPM_OPT_FLAGS) - COMPILE_FLAGS = -I../include - LIBS = - --- -1.8.3.1 - diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch index 2513021b2..0fb028779 100644 --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644 free(path); errno = err; diff --git a/pppd/main.c b/pppd/main.c -index 6d50d1b..4880377 100644 +index 87a5d29..152e4a2 100644 --- a/pppd/main.c +++ b/pppd/main.c -@@ -420,7 +420,7 @@ main(argc, argv) +@@ -400,7 +400,7 @@ main(int argc, char *argv[]) die(0); /* Make sure fds 0, 1, 2 are open to somewhere. */ @@ -39,12 +39,12 @@ index 6d50d1b..4880377 100644 if (fd_devnull < 0) fatal("Couldn't open %s: %m", _PATH_DEVNULL); while (fd_devnull <= 2) { -@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait) +@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait) if (log_to_fd >= 0) errfd = log_to_fd; else -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); -+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600); +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); ++ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644); ++conn_running; pid = safe_fork(in, out, errfd); diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch index 3475f09a8..fffda981d 100644 --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket pppd/plugins/pppoatm/pppoatm.c | 2 +- pppd/plugins/pppol2tp/openl2tp.c | 2 +- pppd/plugins/pppol2tp/pppol2tp.c | 2 +- - pppd/plugins/rp-pppoe/if.c | 2 +- - pppd/plugins/rp-pppoe/plugin.c | 6 +++--- - pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +- + pppd/plugins/pppoe/if.c | 2 +- + pppd/plugins/pppoe/plugin.c | 6 +++--- + pppd/plugins/pppoe/pppoe-discovery.c | 2 +- pppd/sys-linux.c | 10 +++++----- pppd/tty.c | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644 if (fd >= 0) { memset (&ifr, '\0', sizeof (ifr)); strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c +diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c index 91e9a57..72aba41 100644 ---- a/pppd/plugins/rp-pppoe/if.c -+++ b/pppd/plugins/rp-pppoe/if.c +--- a/pppd/plugins/pppoe/if.c ++++ b/pppd/plugins/pppoe/if.c @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) stype = SOCK_PACKET; #endif @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644 /* Give a more helpful message for the common error case */ if (errno == EPERM) { fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c +diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c index a8c2bb4..24bdf8f 100644 ---- a/pppd/plugins/rp-pppoe/plugin.c -+++ b/pppd/plugins/rp-pppoe/plugin.c +--- a/pppd/plugins/pppoe/plugin.c ++++ b/pppd/plugins/pppoe/plugin.c @@ -137,7 +137,7 @@ PPPOEConnectDevice(void) /* server equipment). */ /* Opening this socket just before waitForPADS in the discovery() */ @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644 r = 0; } -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c +diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c index 3d3bf4e..c0d927d 100644 ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c +--- a/pppd/plugins/pppoe/pppoe-discovery.c ++++ b/pppd/plugins/pppoe/pppoe-discovery.c @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) stype = SOCK_PACKET; #endif @@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644 if (s < 0) return 0; -@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64) - int skfd; - const unsigned char *ptr; - -- skfd = socket(PF_INET6, SOCK_DGRAM, 0); -+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if(skfd == -1) - { - warn("could not open IPv6 socket"); diff --git a/pppd/tty.c b/pppd/tty.c index bc96695..8e76a5d 100644 --- a/pppd/tty.c diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch index 5127c1f10..1b36e8369 100644 --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch @@ -1,7 +1,7 @@ -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h +diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h index 9ab2eee..86762bd 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h +--- a/pppd/plugins/pppoe/pppoe.h ++++ b/pppd/plugins/pppoe/pppoe.h @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session; #define STATE_TERMINATED 4 diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch index 633eb045a..686db9204 100644 --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch @@ -1,6 +1,6 @@ -diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c ---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 +diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c +--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200 ++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100 @@ -49,6 +49,8 @@ #include #include diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch deleted file mode 100644 index 858769f48..000000000 --- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 8d7970b8f3db727fe798b65f3377fe6787575426 -Author: Paul Mackerras -Date: Mon Feb 3 15:53:28 2020 +1100 - - pppd: Fix bounds check in EAP code - - Given that we have just checked vallen < len, it can never be the case - that vallen >= len + sizeof(rhostname). This fixes the check so we - actually avoid overflowing the rhostname array. - - Reported-by: Ilja Van Sprundel - Signed-off-by: Paul Mackerras - -diff --git a/pppd/eap.c b/pppd/eap.c -index 94407f5..1b93db0 100644 ---- a/pppd/eap.c -+++ b/pppd/eap.c -@@ -1420,7 +1420,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; -@@ -1846,7 +1846,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch new file mode 100644 index 000000000..b36ace192 --- /dev/null +++ b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch @@ -0,0 +1,15 @@ +--- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200 ++++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200 +@@ -121,9 +121,9 @@ + rm -f $2 + if [ -f $1 ]; then + echo " $2 <= $1" +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ +- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ +- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 ++ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \ ++ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \ ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2 + fi + } + From patchwork Wed Jul 7 19:49:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4492 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GKqkp2CFfz3xCm for ; Wed, 7 Jul 2021 19:49:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4GKqkp048Hz1Yb; Wed, 7 Jul 2021 19:49:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GKqkn6G5Vz2xTN; Wed, 7 Jul 2021 19:49:37 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GKqkm62chz2xQs for ; Wed, 7 Jul 2021 19:49:36 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4GKqkm1kPfzZ6 for ; Wed, 7 Jul 2021 19:49:36 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1625687376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZUjxORIFKLSLdRfr2/glqhHL5irGAyzRDzswM52ME/Q=; b=y2Mq7nAMKjXMVIumZjLjx++AaE7aIyD1YWFqOFa9h9SPYANGr7d11Qr0CJ60nh3yd0s7YX Zm+8wVE8N6QNaqAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1625687376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZUjxORIFKLSLdRfr2/glqhHL5irGAyzRDzswM52ME/Q=; b=Mpevo4+LujA5yNqlnHQgYE6r9P1eS4sg4vWrv4n2SXcq2X+Xbj9xXfjUGnu2aeBsGoV4iB fC5J8h+fyPqrc4YwM1eyHldoTC2ymNbbTR7NBwNsBtRgHeLL6FkgJJRINnZaE25nd1/Pvu n/8poq8cqbnUaJaMFMNfGWXO8RtjxJJ5pyWujLgVP8uIHPTL+BgBkgdrhEyLEUgSWGnR/w D0+VHItTh0TbviR6CKHj0s+6oSWquBTrXIVGr2g9+h+1/FNMyo61e+7SB2dnfBSq5cpesX JhdFWX2PsKh2ZWYZhf49M1LgNFi48UIQ7tHUvQeOwitsOuzqFDDx7ZNRqMmpvw== Subject: [PATCH 2/2] Tell pppd not to ask for IPv6 addresses during dial-up To: development@lists.ipfire.org References: <4d95ffef-feac-4505-7528-d45a247165fb@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: <47f6b552-e533-2e20-3d0b-c7bad78c88ac@ipfire.org> Date: Wed, 7 Jul 2021 21:49:35 +0200 MIME-Version: 1.0 In-Reply-To: <4d95ffef-feac-4505-7528-d45a247165fb@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" pppd 2.4.9 supports IPv6 and asks for an IPv6 configuration by default. Setting the received prefix in the kernel will never work, however, as the rest of IPFire 2.x does not support IPv6. pppd notices the ISP about this, and at least Otenet (GR) and British Telecom (several countries) decide to close a dial-up connection then. German DTAG seems to ignore such errors silently. This patch adds an option to the pppd call to prevent asking for an IPv6 configuration, hence avoiding this errors. To apply this patch, it is necessary to ship ppp 2.4.9 again. Since I have no access to a testing machine behind an ISP supporting IPv6, this patch unfortunately is untested. Fixes: #12651 Signed-off-by: Peter Müller --- src/initscripts/networking/red | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red index ca0a8ae58..56f8ebb66 100644 --- a/src/initscripts/networking/red +++ b/src/initscripts/networking/red @@ -410,7 +410,7 @@ case "${1}" in ### Standard PPP options we always use # PPP_STD_OPTIONS="$PLUGOPTS usepeerdns defaultroute noipdefault noauth" - PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach" + PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach noipv6" PPP_STD_OPTIONS+=" noaccomp nodeflate nopcomp novj novjccomp" PPP_STD_OPTIONS+=" nobsdcomp user ${USERNAME} lcp-echo-interval 20" PPP_STD_OPTIONS+=" lcp-echo-failure 5 ${AUTH}"