From 075b01f2f7b5a9241b4bfe76db8f14af0284060c Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 14 Nov 2021 17:29:04 +0100 Subject: [PATCH] package/pppd: bump to version 2.4.9 - Drop patch (already in version) - Update hash of bsd-comp.c, ccp.c and passprompt.c (no change in license) - rp-pppoe has been renamed to pppoe since https://github.com/paulusmack/ppp/commit/b2c36e6c0e1655aea9b1b0a03a8160f42a26c884 - Manage EAP-TLS which depends on openssl and has been added and is enabled by default since https://github.com/paulusmack/ppp/commit/e87fe1bbd37a1486c5223f110e9ce3ef75971f93 It should be noted that openssl is still mandatory with glibc because encrypt and setkey have been removed since version 2.28 (see commit b519bcafe75d1256d1fc42aa26393405b89629b3) - musl is now supported - Update indentation in hash file (two spaces) https://github.com/paulusmack/ppp/blob/2.4.9/README Fixes: - https://bugs.busybox.net/show_bug.cgi?id=13436 Signed-off-by: Fabrice Fontaine Signed-off-by: Arnout Vandecappelle (Essensium/Mind) --- package/network-manager/Config.in | 4 -- package/pppd/0001-pppd-Fix-bounds-check.patch | 37 ------------ ...n-with-older-glibc-or-kernel-headers.patch | 60 +++++++++++++++++++ package/pppd/Config.in | 5 +- package/pppd/pppd.hash | 12 ++-- package/pppd/pppd.mk | 19 +++--- package/rp-pppoe/Config.in | 5 +- 7 files changed, 80 insertions(+), 62 deletions(-) delete mode 100644 package/pppd/0001-pppd-Fix-bounds-check.patch create mode 100644 package/pppd/0001-pppd-Fix-compilation-with-older-glibc-or-kernel-headers.patch diff --git a/package/network-manager/Config.in b/package/network-manager/Config.in index 2534963918..a48cb37b15 100644 --- a/package/network-manager/Config.in +++ b/package/network-manager/Config.in @@ -45,14 +45,10 @@ config BR2_PACKAGE_NETWORK_MANAGER_MODEM_MANAGER config BR2_PACKAGE_NETWORK_MANAGER_PPPD bool "pppd support" - depends on !BR2_TOOLCHAIN_USES_MUSL # pppd select BR2_PACKAGE_PPPD help This option enables support for PPPD daemon -comment "pppd support needs a glibc or uClibc toolchain" - depends on BR2_TOOLCHAIN_USES_MUSL - config BR2_PACKAGE_NETWORK_MANAGER_OVS bool "OpenVSwitch support" select BR2_PACKAGE_JANSSON diff --git a/package/pppd/0001-pppd-Fix-bounds-check.patch b/package/pppd/0001-pppd-Fix-bounds-check.patch deleted file mode 100644 index 5d7c51bcac..0000000000 --- a/package/pppd/0001-pppd-Fix-bounds-check.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 -From: Paul Mackerras -Date: Mon, 3 Feb 2020 15:53:28 +1100 -Subject: [PATCH] pppd: Fix bounds check in EAP code - -Given that we have just checked vallen < len, it can never be the case -that vallen >= len + sizeof(rhostname). This fixes the check so we -actually avoid overflowing the rhostname array. - -Reported-by: Ilja Van Sprundel -Signed-off-by: Paul Mackerras ---- - pppd/eap.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/eap.c b/pppd/eap.c -index 94407f56..1b93db01 100644 ---- a/pppd/eap.c -+++ b/pppd/eap.c -@@ -1420,7 +1420,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; -@@ -1846,7 +1846,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/package/pppd/0001-pppd-Fix-compilation-with-older-glibc-or-kernel-headers.patch b/package/pppd/0001-pppd-Fix-compilation-with-older-glibc-or-kernel-headers.patch new file mode 100644 index 0000000000..86d8b8f4e3 --- /dev/null +++ b/package/pppd/0001-pppd-Fix-compilation-with-older-glibc-or-kernel-headers.patch @@ -0,0 +1,60 @@ +From 98ec18f098e5ef68e3a8cc6954fcaf5a7fb8b7be Mon Sep 17 00:00:00 2001 +From: pali <7141871+pali@users.noreply.github.com> +Date: Mon, 15 Feb 2021 07:54:01 +0100 +Subject: [PATCH] pppd: Fix compilation with older glibc or kernel headers + (#248) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +glibc versions prior to 2.24 do not define SOL_NETLINK and linux kernel +versions prior to 4.3 do not define NETLINK_CAP_ACK. So add fallback +definitions for these macros into pppd/sys-linux.c file. + +Also extend description why we call SOL_NETLINK/NETLINK_CAP_ACK option. + +Signed-off-by: Pali Rohár + +[Retrieved from: +https://github.com/ppp-project/ppp/commit/98ec18f098e5ef68e3a8cc6954fcaf5a7fb8b7be] +Signed-off-by: Fabrice Fontaine +--- + pppd/sys-linux.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index 85033d97..50c4f2da 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -125,6 +125,14 @@ + #include + #include + #include ++/* glibc versions prior to 2.24 do not define SOL_NETLINK */ ++#ifndef SOL_NETLINK ++#define SOL_NETLINK 270 ++#endif ++/* linux kernel versions prior to 4.3 do not define/support NETLINK_CAP_ACK */ ++#ifndef NETLINK_CAP_ACK ++#define NETLINK_CAP_ACK 10 ++#endif + #endif + + #include "pppd.h" +@@ -2843,7 +2851,15 @@ static int append_peer_ipv6_address(unsigned int iface, struct in6_addr *local_a + if (fd < 0) + return 0; + +- /* do not ask for error message content */ ++ /* ++ * Tell kernel to not send to us payload of acknowledgment error message. ++ * NETLINK_CAP_ACK option is supported since Linux kernel version 4.3 and ++ * older kernel versions always send full payload in acknowledgment netlink ++ * message. We ignore payload of this message as we need only error code, ++ * to check if our set remote peer address request succeeded or failed. ++ * So ignore return value from the following setsockopt() call as setting ++ * option NETLINK_CAP_ACK means for us just a kernel hint / optimization. ++ */ + one = 1; + setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &one, sizeof(one)); + diff --git a/package/pppd/Config.in b/package/pppd/Config.in index 66c935abb1..ca139a50e9 100644 --- a/package/pppd/Config.in +++ b/package/pppd/Config.in @@ -1,7 +1,6 @@ config BR2_PACKAGE_PPPD bool "pppd" depends on !BR2_STATIC_LIBS - depends on !BR2_TOOLCHAIN_USES_MUSL # Use __P() macro all over the tree depends on BR2_USE_MMU select BR2_PACKAGE_OPENSSL if BR2_TOOLCHAIN_USES_GLIBC select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL \ @@ -40,6 +39,6 @@ config BR2_PACKAGE_PPPD_OVERWRITE_RESOLV_CONF endif -comment "pppd needs a uClibc or glibc toolchain w/ dynamic library" - depends on BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_MUSL +comment "pppd needs a toolchain w/ dynamic library" + depends on BR2_STATIC_LIBS depends on BR2_USE_MMU diff --git a/package/pppd/pppd.hash b/package/pppd/pppd.hash index a923158576..3d471695bb 100644 --- a/package/pppd/pppd.hash +++ b/package/pppd/pppd.hash @@ -1,7 +1,7 @@ # Locally calculated -sha256 91fbff784ad16a1111a7f22df4675aeb161d958bb79f1cc4c1f0c81944e7cb40 pppd-2.4.8.tar.gz -sha256 3990c65c506885f7bb75455d1d6188743a14ad46f5b62e136ef3739aed52c532 pppd/tdb.c -sha256 1822ead9d2854adfbd282322b29730a3fec4cc67f6f6a2e487aad3476e3afd59 pppd/plugins/pppoatm/COPYING -sha256 91a5e9c173e0e001e081e15bf7850cfd782a0baa02f5921e327ae3b449beff3f pppdump/bsd-comp.c -sha256 ee1c28551c87cdcdaf80eb3922726f015201614cb560a5ed18a7a0c15f2b4aa4 pppd/ccp.c -sha256 6fa4c3dad059f6ef15c1c5e5219d9d0d40991dd3a162098a89967a1720de059e pppd/plugins/passprompt.c +sha256 675bff4f366174649f4a3c92fd32ac476e694164ff2b0b7710019b6ead9c561e pppd-2.4.9.tar.gz +sha256 3990c65c506885f7bb75455d1d6188743a14ad46f5b62e136ef3739aed52c532 pppd/tdb.c +sha256 1822ead9d2854adfbd282322b29730a3fec4cc67f6f6a2e487aad3476e3afd59 pppd/plugins/pppoatm/COPYING +sha256 d759ec16875a69c2d5529f8cb3c040fef8fe38d26f70457aadb73c91b72746c8 pppdump/bsd-comp.c +sha256 c0d0f14b6ec9948332f10ded741293ed1f3b96e0d266e4903b605a6e1f8af7cd pppd/ccp.c +sha256 367f334c509db2b293aea5ce9f54284d9a9f6e0a9e0c6e305d544079baf8ab63 pppd/plugins/passprompt.c diff --git a/package/pppd/pppd.mk b/package/pppd/pppd.mk index 098c6a8e6f..71bfceb607 100644 --- a/package/pppd/pppd.mk +++ b/package/pppd/pppd.mk @@ -4,7 +4,7 @@ # ################################################################################ -PPPD_VERSION = 2.4.8 +PPPD_VERSION = 2.4.9 PPPD_SITE = $(call github,paulusmack,ppp,ppp-$(PPPD_VERSION)) PPPD_LICENSE = LGPL-2.0+, LGPL, BSD-4-Clause, BSD-3-Clause, GPL-2.0+ PPPD_LICENSE_FILES = \ @@ -14,14 +14,15 @@ PPPD_CPE_ID_VENDOR = samba PPPD_CPE_ID_PRODUCT = ppp PPPD_SELINUX_MODULES = ppp -# 0001-pppd-Fix-bounds-check.patch -PPPD_IGNORE_CVES += CVE-2020-8597 - PPPD_MAKE_OPTS = HAVE_INET6=y -ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y) + +ifeq ($(BR2_PACKAGE_OPENSSL),y) PPPD_DEPENDENCIES += openssl +PPPD_MAKE_OPTS += USE_EAPTLS=y else -PPPD_MAKE_OPTS += USE_CRYPT=y +PPPD_MAKE_OPTS += \ + USE_CRYPT=y \ + USE_EAPTLS= endif PPPD_INSTALL_STAGING = YES @@ -101,9 +102,9 @@ define PPPD_INSTALL_TARGET_CMDS $(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/passwordfd.so $(INSTALL) -D $(PPPD_DIR)/pppd/plugins/pppoatm/pppoatm.so \ $(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/pppoatm.so - $(INSTALL) -D $(PPPD_DIR)/pppd/plugins/rp-pppoe/rp-pppoe.so \ - $(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/rp-pppoe.so - $(INSTALL) -D $(PPPD_DIR)/pppd/plugins/rp-pppoe/pppoe-discovery \ + $(INSTALL) -D $(PPPD_DIR)/pppd/plugins/pppoe/pppoe.so \ + $(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/pppoe.so + $(INSTALL) -D $(PPPD_DIR)/pppd/plugins/pppoe/pppoe-discovery \ $(TARGET_DIR)/usr/sbin/pppoe-discovery $(INSTALL) -D $(PPPD_DIR)/pppd/plugins/winbind.so \ $(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/winbind.so diff --git a/package/rp-pppoe/Config.in b/package/rp-pppoe/Config.in index 12f981d8c7..2ac81cbb2d 100644 --- a/package/rp-pppoe/Config.in +++ b/package/rp-pppoe/Config.in @@ -1,11 +1,10 @@ -comment "rp-pppoe needs a uClibc or glibc toolchain w/ dynamic library" - depends on BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_MUSL +comment "rp-pppoe needs a toolchain w/ dynamic library" + depends on BR2_STATIC_LIBS depends on BR2_USE_MMU config BR2_PACKAGE_RP_PPPOE bool "rp-pppoe" depends on !BR2_STATIC_LIBS - depends on !BR2_TOOLCHAIN_USES_MUSL # pppd depends on BR2_USE_MMU # fork() select BR2_PACKAGE_PPPD help