From f9bd2f08fde32eb8958d14027a6cc12b5755f1cd Mon Sep 17 00:00:00 2001 From: Evgeny Ermakov Date: Tue, 9 Mar 2021 02:31:45 +1100 Subject: [PATCH] ppp: update to 2.4.9. --- srcpkgs/ppp/patches/CVE-2015-3310.patch | 18 --- srcpkgs/ppp/patches/CVE-2020-8597.patch | 39 ------- srcpkgs/ppp/patches/musl.patch | 123 --------------------- srcpkgs/ppp/patches/netinet_in_h_fix.patch | 38 ------- srcpkgs/ppp/patches/openssl_DES.patch | 110 ------------------ srcpkgs/ppp/template | 40 +------ srcpkgs/ppp/version | 1 + 7 files changed, 7 insertions(+), 362 deletions(-) delete mode 100644 srcpkgs/ppp/patches/CVE-2015-3310.patch delete mode 100644 srcpkgs/ppp/patches/CVE-2020-8597.patch delete mode 100644 srcpkgs/ppp/patches/netinet_in_h_fix.patch delete mode 100644 srcpkgs/ppp/patches/openssl_DES.patch create mode 100644 srcpkgs/ppp/version diff --git a/srcpkgs/ppp/patches/CVE-2015-3310.patch b/srcpkgs/ppp/patches/CVE-2015-3310.patch deleted file mode 100644 index e60751a032..0000000000 --- a/srcpkgs/ppp/patches/CVE-2015-3310.patch +++ /dev/null @@ -1,18 +0,0 @@ -Fix buffer overflow in rc_mksid() - -rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string. -If the process id is bigger than 65535 (FFFF), its hex representation will be -longer than 4 characters, resulting in a buffer overflow. - -The bug can be exploited to cause a remote DoS. ---- pppd/plugins/radius/util.c -+++ pppd/plugins/radius/util.c -@@ -77,7 +77,7 @@ rc_mksid (void) - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), -- (unsigned int) getpid (), -+ (unsigned int) getpid () & 0xFFFF, - cnt & 0xFF); - cnt++; - return buf; diff --git a/srcpkgs/ppp/patches/CVE-2020-8597.patch b/srcpkgs/ppp/patches/CVE-2020-8597.patch deleted file mode 100644 index e0988a886e..0000000000 --- a/srcpkgs/ppp/patches/CVE-2020-8597.patch +++ /dev/null @@ -1,39 +0,0 @@ -https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426.patch - -From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 -From: Paul Mackerras -Date: Mon, 3 Feb 2020 15:53:28 +1100 -Subject: [PATCH] pppd: Fix bounds check in EAP code - -Given that we have just checked vallen < len, it can never be the case -that vallen >= len + sizeof(rhostname). This fixes the check so we -actually avoid overflowing the rhostname array. - -Reported-by: Ilja Van Sprundel -Signed-off-by: Paul Mackerras ---- - pppd/eap.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/eap.c b/pppd/eap.c -index 94407f56..1b93db01 100644 ---- pppd/eap.c -+++ pppd/eap.c -@@ -1420,7 +1420,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; -@@ -1846,7 +1846,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/srcpkgs/ppp/patches/musl.patch b/srcpkgs/ppp/patches/musl.patch index 802409fc98..7ed236180a 100644 --- a/srcpkgs/ppp/patches/musl.patch +++ b/srcpkgs/ppp/patches/musl.patch @@ -1,128 +1,5 @@ ---- pppd/Makefile.linux -+++ pppd/Makefile.linux -@@ -126,7 +126,7 @@ LIBS += -lcrypt - endif - - ifdef USE_LIBUTIL --CFLAGS += -DHAVE_LOGWTMP=1 -+#CFLAGS += -DHAVE_LOGWTMP=1 - LIBS += -lutil - endif - ---- pppd/plugins/rp-pppoe/if.c -+++ pppd/plugins/rp-pppoe/if.c -@@ -30,10 +30,6 @@ static char const RCSID[] = - #include - #endif - --#ifdef HAVE_NET_ETHERNET_H --#include --#endif -- - #ifdef HAVE_ASM_TYPES_H - #include - #endif ---- pppd/plugins/rp-pppoe/plugin.c -+++ pppd/plugins/rp-pppoe/plugin.c -@@ -46,7 +46,6 @@ static char const RCSID[] = - #include - #include - #include --#include - #include - #include - #include ---- pppd/plugins/rp-pppoe/pppoe-discovery.c -+++ pppd/plugins/rp-pppoe/pppoe-discovery.c -@@ -27,10 +27,6 @@ - #include - #endif - --#ifdef HAVE_NET_ETHERNET_H --#include --#endif -- - #ifdef HAVE_ASM_TYPES_H - #include - #endif -@@ -55,6 +51,8 @@ void die(int status) - exit(status); - } - -+#define error(x...) fprintf(stderr, x) -+ - /* Initialize frame types to RFC 2516 values. Some broken peers apparently - use different frame types... sigh... */ - ---- pppd/plugins/rp-pppoe/pppoe.h -+++ pppd/plugins/rp-pppoe/pppoe.h -@@ -86,18 +86,6 @@ typedef unsigned long UINT32_t; - - #include - --#ifdef HAVE_NETINET_IF_ETHER_H --#include -- --#ifdef HAVE_SYS_SOCKET_H --#include --#endif --#ifndef HAVE_SYS_DLPI_H --#include --#endif --#endif -- -- - /* Ethernet frame types according to RFC 2516 */ #define ETH_PPPOE_DISCOVERY 0x8863 ---- pppd/sys-linux.c -+++ pppd/sys-linux.c -@@ -102,19 +102,11 @@ - #define MAX_ADDR_LEN 7 - #endif - --#if __GLIBC__ >= 2 - #include /* glibc 2 conflicts with linux/types.h */ - #include - #include - #include - #include --#else --#include --#include --#include --#include --#include --#endif - #include - #include - - ---- include/linux/ppp_defs.h.orig 2015-05-10 10:59:27.959155977 +0200 -+++ include/linux/ppp_defs.h 2015-05-10 10:59:50.190403246 +0200 -@@ -50,6 +50,9 @@ - #ifndef _PPP_DEFS_H_ - #define _PPP_DEFS_H_ - -+#ifndef __P -+# define __P(x) x -+#endif - /* - * The basic PPP frame. - */ ---- pppd/magic.h.orig 2015-05-10 11:00:16.687697962 +0200 -+++ pppd/magic.h 2015-05-10 11:00:34.030890864 +0200 -@@ -42,6 +42,10 @@ - * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $ - */ - -+#ifndef __P -+# define __P(x) x -+#endif -+ - void magic_init __P((void)); /* Initialize the magic number generator */ - u_int32_t magic __P((void)); /* Returns the next magic number */ - --- include/net/ppp_defs.h.orig 2015-05-10 11:09:54.505127657 +0200 +++ include/net/ppp_defs.h 2015-05-10 11:10:10.753309024 +0200 @@ -38,6 +38,8 @@ diff --git a/srcpkgs/ppp/patches/netinet_in_h_fix.patch b/srcpkgs/ppp/patches/netinet_in_h_fix.patch deleted file mode 100644 index ac69c98caa..0000000000 --- a/srcpkgs/ppp/patches/netinet_in_h_fix.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Mon, 9 Jan 2017 13:34:23 +0000 -Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h - -This fixes builds with newer kernels. Basically, needs to be -included before otherwise the earlier, unaware of the latter, -tries to redefine symbols and structures. Also, doesn't work -alone anymore, since it pulls the headers in the wrong order, so we better -include early. ---- - pppd/plugins/rp-pppoe/pppoe.h | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index 9ab2eee3..c4aaa6e6 100644 ---- pppd/plugins/rp-pppoe/pppoe.h -+++ pppd/plugins/rp-pppoe/pppoe.h -@@ -47,6 +47,10 @@ - #include - #endif - -+/* This has to be included before Linux 4.8's linux/in.h -+ * gets dragged in. */ -+#include -+ - /* Ugly header files on some Linux boxes... */ - #if defined(HAVE_LINUX_IF_H) - #include -@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t; - #include - #endif - --#include -- - - /* Ethernet frame types according to RFC 2516 */ - #define ETH_PPPOE_DISCOVERY 0x8863 diff --git a/srcpkgs/ppp/patches/openssl_DES.patch b/srcpkgs/ppp/patches/openssl_DES.patch deleted file mode 100644 index c631039446..0000000000 --- a/srcpkgs/ppp/patches/openssl_DES.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= -Date: Fri, 6 Apr 2018 14:27:18 +0200 -Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped -libcrypt. The libxcrypt standalone package can be used instead, but -it dropped the old setkey/encrypt API which ppp uses for DES. There -is support for using openssl in pppcrypt.c, but it contains typos -preventing it from compiling and seems to be written for an ancient -openssl version. - -This updates the code to use current openssl. - -[paulus@ozlabs.org - wrote the commit description, fixed comment in - Makefile.linux.] - -Signed-off-by: Jaroslav Škarvada -Signed-off-by: Paul Mackerras ---- - pppd/Makefile.linux | 7 ++++--- - pppd/pppcrypt.c | 18 +++++++++--------- - 2 files changed, 13 insertions(+), 12 deletions(-) - -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 36d2b036..8d5ce99d 100644 ---- pppd/Makefile.linux -+++ pppd/Makefile.linux -@@ -35,10 +35,10 @@ endif - COPTS = -O2 -pipe -Wall -g - LIBS = - --# Uncomment the next 2 lines to include support for Microsoft's -+# Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. - CHAPMS=y --USE_CRYPT=y -+#USE_CRYPT=y - # Don't use MSLANMAN unless you really know what you're doing. - #MSLANMAN=y - # Uncomment the next line to include support for MPPE. CHAPMS (above) must -@@ -137,7 +137,8 @@ endif - - ifdef NEEDDES - ifndef USE_CRYPT --LIBS += -ldes $(LIBS) -+#CFLAGS += -I/usr/include/openssl -+LIBS += -lcrypto - else - CFLAGS += -DUSE_CRYPT=1 - endif -diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c -index 8b85b132..6b35375e 100644 ---- pppd/pppcrypt.c -+++ pppd/pppcrypt.c -@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */ - des_key[7] = Get7Bits(key, 49); - - #ifndef USE_CRYPT -- des_set_odd_parity((des_cblock *)des_key); -+ DES_set_odd_parity((DES_cblock *)des_key); - #endif - } - -@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ - } - - #else /* USE_CRYPT */ --static des_key_schedule key_schedule; -+static DES_key_schedule key_schedule; - - bool - DesSetkey(key) - u_char *key; - { -- des_cblock des_key; -+ DES_cblock des_key; - MakeKey(key, des_key); -- des_set_key(&des_key, key_schedule); -+ DES_set_key(&des_key, &key_schedule); - return (1); - } - - bool --DesEncrypt(clear, key, cipher) -+DesEncrypt(clear, cipher) - u_char *clear; /* IN 8 octets */ - u_char *cipher; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, -- key_schedule, 1); -+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, -+ &key_schedule, 1); - return (1); - } - -@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) - u_char *cipher; /* IN 8 octets */ - u_char *clear; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, -- key_schedule, 0); -+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, -+ &key_schedule, 0); - return (1); - } - diff --git a/srcpkgs/ppp/template b/srcpkgs/ppp/template index 5986bd713f..265de99e07 100644 --- a/srcpkgs/ppp/template +++ b/srcpkgs/ppp/template @@ -5,15 +5,15 @@ # * NetworkManager-l2tp # When update this package pkgname=ppp -version=2.4.7 -revision=14 +version=2.4.9 +revision=1 makedepends="libpcap-devel openssl-devel" short_desc="PPP (Point-to-Point Protocol) daemon" maintainer="Orphaned " license="BSD-3-Clause, LGPL-2.0-or-later, GPL-2.0-or-later, Public Domain" homepage="https://ppp.samba.org/" distfiles="https://ftp.samba.org/pub/ppp/ppp-$version.tar.gz" -checksum=02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30 +checksum=f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d make_dirs=" /etc/ppp/ipv6-down.d 0755 root root /etc/ppp/peers 0755 root root" @@ -26,39 +26,16 @@ conf_files=" /etc/ppp/chap-secrets /etc/ppp/pap-secrets" -CFLAGS="-D_GNU_SOURCE" - -if [ "$XBPS_TARGET_LIBC" = "musl" ]; then - makedepends+=" musl-legacy-compat" -fi - do_configure() { - # Custom CFLAGS. - find -name "Makefile.linux" -exec sed -i "{}" \ - -e "s;CFLAGS\\s*=\(.*\);CFLAGS = ${CFLAGS} \1;" \; - # Custom LDFLAGS for chat, pppoe-discovery and pppdump - sed -i chat/Makefile.linux \ - -e "s;-o chat ;${LDFLAGS} -o chat ;" - sed -i pppd/plugins/rp-pppoe/Makefile.linux \ - -e "s;-o pppoe-discovery ;${LDFLAGS} -o pppoe-discovery ;" - sed -i pppdump/Makefile.linux \ - -e "s;-o pppdump ;${LDFLAGS} -o pppdump ;" - # Enable active filter - sed -i "s:^#FILTER=y:FILTER=y:" pppd/Makefile.linux - # Enable ipv6 support - sed -i "s:^#HAVE_INET6=y:HAVE_INET6=y:" pppd/Makefile.linux - # Enable Microsoft Proprietary Callback Control Protocol - sed -i "s:^#CBCP=y:CBCP=y:" pppd/Makefile.linux - - ./configure ${configure_args} + ./configure --cc="${CC}" --cflags="${CFLAGS}" } do_build() { - make COPTS="${CFLAGS} ${LDFLAGS}" ${makejobs} + make LDFLAGS="${LDFLAGS}" CBCP=y ${makejobs} } do_install() { - make DESTDIR=${DESTDIR}/usr install + make DESTDIR=${DESTDIR}/usr BINDIR=${DESTDIR}/usr/bin install case "$XBPS_TARGET_MACHINE" in *-musl) vinstall include/net/ppp_defs.h 644 usr/include/net;; @@ -66,11 +43,6 @@ do_install() { chmod 755 ${DESTDIR}/usr/lib/pppd/${version}/*.so - vmkdir usr/bin - mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin - vbin pppd/pppd - vbin chat/chat - vinstall ${FILESDIR}/options 644 etc/ppp vinstall ${FILESDIR}/ip-up 755 etc/ppp vinstall ${FILESDIR}/ip-down 755 etc/ppp diff --git a/srcpkgs/ppp/version b/srcpkgs/ppp/version new file mode 100644 index 0000000000..4aca89a87a --- /dev/null +++ b/srcpkgs/ppp/version @@ -0,0 +1 @@ +pattern="ppp \K[\d\.]+"