jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ppp: update to 2.4.9.

Browse source
This commit is contained in:
Evgeny Ermakov 2021-03-09 02:31:45 +11:00 committed by Érico Nogueira Rolim
parent 2b8ea84863
commit f9bd2f08fd
7 changed files with 7 additions and 362 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
srcpkgs/ppp/patches/CVE-2015-3310.patch
View file

@ -1,18 +0,0 @@
Fix buffer overflow in rc_mksid()
rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
If the process id is bigger than 65535 (FFFF), its hex representation will be
longer than 4 characters, resulting in a buffer overflow.
The bug can be exploited to cause a remote DoS.
--- pppd/plugins/radius/util.c
+++ pppd/plugins/radius/util.c
@@ -77,7 +77,7 @@ rc_mksid (void)
static unsigned short int cnt = 0;
sprintf (buf, "%08lX%04X%02hX",
(unsigned long int) time (NULL),
- (unsigned int) getpid (),
+ (unsigned int) getpid () & 0xFFFF,
cnt & 0xFF);
cnt++;
return buf;

39
srcpkgs/ppp/patches/CVE-2020-8597.patch
View file

@ -1,39 +0,0 @@
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426.patch
From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Mon, 3 Feb 2020 15:53:28 +1100
Subject: [PATCH] pppd: Fix bounds check in EAP code
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
pppd/eap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/eap.c b/pppd/eap.c
index 94407f56..1b93db01 100644
--- pppd/eap.c
+++ pppd/eap.c
@@ -1420,7 +1420,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1846,7 +1846,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';

123
srcpkgs/ppp/patches/musl.patch
View file

@ -1,128 +1,5 @@
--- pppd/Makefile.linux
+++ pppd/Makefile.linux
@@ -126,7 +126,7 @@ LIBS += -lcrypt
endif
ifdef USE_LIBUTIL
-CFLAGS += -DHAVE_LOGWTMP=1
+#CFLAGS += -DHAVE_LOGWTMP=1
LIBS += -lutil
endif
--- pppd/plugins/rp-pppoe/if.c
+++ pppd/plugins/rp-pppoe/if.c
@@ -30,10 +30,6 @@ static char const RCSID[] =
#include <linux/if_packet.h>
#endif
-#ifdef HAVE_NET_ETHERNET_H
-#include <net/ethernet.h>
-#endif
-
#ifdef HAVE_ASM_TYPES_H
#include <asm/types.h>
#endif
--- pppd/plugins/rp-pppoe/plugin.c
+++ pppd/plugins/rp-pppoe/plugin.c
@@ -46,7 +46,6 @@ static char const RCSID[] =
#include <unistd.h>
#include <fcntl.h>
#include <signal.h>
-#include <net/ethernet.h>
#include <net/if_arp.h>
#include <linux/ppp_defs.h>
#include <linux/if_pppox.h>
--- pppd/plugins/rp-pppoe/pppoe-discovery.c
+++ pppd/plugins/rp-pppoe/pppoe-discovery.c
@@ -27,10 +27,6 @@
#include <linux/if_packet.h>
#endif
-#ifdef HAVE_NET_ETHERNET_H
-#include <net/ethernet.h>
-#endif
-
#ifdef HAVE_ASM_TYPES_H
#include <asm/types.h>
#endif
@@ -55,6 +51,8 @@ void die(int status)
exit(status);
}
+#define error(x...) fprintf(stderr, x)
+
/* Initialize frame types to RFC 2516 values. Some broken peers apparently
use different frame types... sigh... */
--- pppd/plugins/rp-pppoe/pppoe.h
+++ pppd/plugins/rp-pppoe/pppoe.h
@@ -86,18 +86,6 @@ typedef unsigned long UINT32_t;
#include <netinet/in.h>
-#ifdef HAVE_NETINET_IF_ETHER_H
-#include <sys/types.h>
-
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifndef HAVE_SYS_DLPI_H
-#include <netinet/if_ether.h>
-#endif
-#endif
-
-
/* Ethernet frame types according to RFC 2516 */
#define ETH_PPPOE_DISCOVERY 0x8863
--- pppd/sys-linux.c
+++ pppd/sys-linux.c
@@ -102,19 +102,11 @@
#define MAX_ADDR_LEN 7
#endif
-#if __GLIBC__ >= 2
#include <asm/types.h> /* glibc 2 conflicts with linux/types.h */
#include <net/if.h>
#include <net/if_arp.h>
#include <net/route.h>
#include <netinet/if_ether.h>
-#else
-#include <linux/types.h>
-#include <linux/if.h>
-#include <linux/if_arp.h>
-#include <linux/route.h>
-#include <linux/if_ether.h>
-#endif
#include <netinet/in.h>
#include <arpa/inet.h>
--- include/linux/ppp_defs.h.orig 2015-05-10 10:59:27.959155977 +0200
+++ include/linux/ppp_defs.h 2015-05-10 10:59:50.190403246 +0200
@@ -50,6 +50,9 @@
#ifndef _PPP_DEFS_H_
#define _PPP_DEFS_H_
+#ifndef __P
+# define __P(x) x
+#endif
/*
* The basic PPP frame.
*/
--- pppd/magic.h.orig 2015-05-10 11:00:16.687697962 +0200
+++ pppd/magic.h 2015-05-10 11:00:34.030890864 +0200
@@ -42,6 +42,10 @@
* $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $
*/
+#ifndef __P
+# define __P(x) x
+#endif
+
void magic_init __P((void)); /* Initialize the magic number generator */
u_int32_t magic __P((void)); /* Returns the next magic number */
--- include/net/ppp_defs.h.orig 2015-05-10 11:09:54.505127657 +0200
+++ include/net/ppp_defs.h 2015-05-10 11:10:10.753309024 +0200
@@ -38,6 +38,8 @@

38
srcpkgs/ppp/patches/netinet_in_h_fix.patch
View file

@ -1,38 +0,0 @@
From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 9 Jan 2017 13:34:23 +0000
Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be
included before <linux/in.h> otherwise the earlier, unaware of the latter,
tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work
alone anymore, since it pulls the headers in the wrong order, so we better
include <netinet/in.h> early.
---
pppd/plugins/rp-pppoe/pppoe.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
index 9ab2eee3..c4aaa6e6 100644
--- pppd/plugins/rp-pppoe/pppoe.h
+++ pppd/plugins/rp-pppoe/pppoe.h
@@ -47,6 +47,10 @@
#include <sys/socket.h>
#endif
+/* This has to be included before Linux 4.8's linux/in.h
+ * gets dragged in. */
+#include <netinet/in.h>
+
/* Ugly header files on some Linux boxes... */
#if defined(HAVE_LINUX_IF_H)
#include <linux/if.h>
@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t;
#include <linux/if_ether.h>
#endif
-#include <netinet/in.h>
-
/* Ethernet frame types according to RFC 2516 */
#define ETH_PPPOE_DISCOVERY 0x8863

110
srcpkgs/ppp/patches/openssl_DES.patch
View file

@ -1,110 +0,0 @@
From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Fri, 6 Apr 2018 14:27:18 +0200
Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
libcrypt. The libxcrypt standalone package can be used instead, but
it dropped the old setkey/encrypt API which ppp uses for DES. There
is support for using openssl in pppcrypt.c, but it contains typos
preventing it from compiling and seems to be written for an ancient
openssl version.
This updates the code to use current openssl.
[paulus@ozlabs.org - wrote the commit description, fixed comment in
Makefile.linux.]
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
pppd/Makefile.linux | 7 ++++---
pppd/pppcrypt.c | 18 +++++++++---------
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 36d2b036..8d5ce99d 100644
--- pppd/Makefile.linux
+++ pppd/Makefile.linux
@@ -35,10 +35,10 @@ endif
COPTS = -O2 -pipe -Wall -g
LIBS =
-# Uncomment the next 2 lines to include support for Microsoft's
+# Uncomment the next line to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
CHAPMS=y
-USE_CRYPT=y
+#USE_CRYPT=y
# Don't use MSLANMAN unless you really know what you're doing.
#MSLANMAN=y
# Uncomment the next line to include support for MPPE. CHAPMS (above) must
@@ -137,7 +137,8 @@ endif
ifdef NEEDDES
ifndef USE_CRYPT
-LIBS += -ldes $(LIBS)
+#CFLAGS += -I/usr/include/openssl
+LIBS += -lcrypto
else
CFLAGS += -DUSE_CRYPT=1
endif
diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
index 8b85b132..6b35375e 100644
--- pppd/pppcrypt.c
+++ pppd/pppcrypt.c
@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
des_key[7] = Get7Bits(key, 49);
#ifndef USE_CRYPT
- des_set_odd_parity((des_cblock *)des_key);
+ DES_set_odd_parity((DES_cblock *)des_key);
#endif
}
@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
}
#else /* USE_CRYPT */
-static des_key_schedule key_schedule;
+static DES_key_schedule key_schedule;
bool
DesSetkey(key)
u_char *key;
{
- des_cblock des_key;
+ DES_cblock des_key;
MakeKey(key, des_key);
- des_set_key(&des_key, key_schedule);
+ DES_set_key(&des_key, &key_schedule);
return (1);
}
bool
-DesEncrypt(clear, key, cipher)
+DesEncrypt(clear, cipher)
u_char *clear; /* IN 8 octets */
u_char *cipher; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
- key_schedule, 1);
+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
+ &key_schedule, 1);
return (1);
}
@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
u_char *cipher; /* IN 8 octets */
u_char *clear; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
- key_schedule, 0);
+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
+ &key_schedule, 0);
return (1);
}

40
srcpkgs/ppp/template
View file

@ -5,15 +5,15 @@
# * NetworkManager-l2tp
# When update this package
pkgname=ppp
version=2.4.7
revision=14
version=2.4.9
revision=1
makedepends="libpcap-devel openssl-devel"
short_desc="PPP (Point-to-Point Protocol) daemon"
maintainer="Orphaned <orphan@voidlinux.org>"
license="BSD-3-Clause, LGPL-2.0-or-later, GPL-2.0-or-later, Public Domain"
homepage="https://ppp.samba.org/"
distfiles="https://ftp.samba.org/pub/ppp/ppp-$version.tar.gz"
checksum=02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30
checksum=f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d
make_dirs="
/etc/ppp/ipv6-down.d 0755 root root
/etc/ppp/peers 0755 root root"
@ -26,39 +26,16 @@ conf_files="
/etc/ppp/chap-secrets
/etc/ppp/pap-secrets"
CFLAGS="-D_GNU_SOURCE"
if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
makedepends+=" musl-legacy-compat"
fi
do_configure() {
# Custom CFLAGS.
find -name "Makefile.linux" -exec sed -i "{}" \
-e "s;CFLAGS\\s*=\(.*\);CFLAGS = ${CFLAGS} \1;" \;
# Custom LDFLAGS for chat, pppoe-discovery and pppdump
sed -i chat/Makefile.linux \
-e "s;-o chat ;${LDFLAGS} -o chat ;"
sed -i pppd/plugins/rp-pppoe/Makefile.linux \
-e "s;-o pppoe-discovery ;${LDFLAGS} -o pppoe-discovery ;"
sed -i pppdump/Makefile.linux \
-e "s;-o pppdump ;${LDFLAGS} -o pppdump ;"
# Enable active filter
sed -i "s:^#FILTER=y:FILTER=y:" pppd/Makefile.linux
# Enable ipv6 support
sed -i "s:^#HAVE_INET6=y:HAVE_INET6=y:" pppd/Makefile.linux
# Enable Microsoft Proprietary Callback Control Protocol
sed -i "s:^#CBCP=y:CBCP=y:" pppd/Makefile.linux
./configure ${configure_args}
./configure --cc="${CC}" --cflags="${CFLAGS}"
}
do_build() {
make COPTS="${CFLAGS} ${LDFLAGS}" ${makejobs}
make LDFLAGS="${LDFLAGS}" CBCP=y ${makejobs}
}
do_install() {
make DESTDIR=${DESTDIR}/usr install
make DESTDIR=${DESTDIR}/usr BINDIR=${DESTDIR}/usr/bin install
case "$XBPS_TARGET_MACHINE" in
*-musl) vinstall include/net/ppp_defs.h 644 usr/include/net;;
@ -66,11 +43,6 @@ do_install() {
chmod 755 ${DESTDIR}/usr/lib/pppd/${version}/*.so
vmkdir usr/bin
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
vbin pppd/pppd
vbin chat/chat
vinstall ${FILESDIR}/options 644 etc/ppp
vinstall ${FILESDIR}/ip-up 755 etc/ppp
vinstall ${FILESDIR}/ip-down 755 etc/ppp

1
srcpkgs/ppp/version Normal file
View file

@ -0,0 +1 @@
pattern="ppp \K[\d\.]+"