summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2020-02-26 04:04:05 +0000
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2020-02-26 04:04:05 +0000
commit74e1ebacbf29188a4d41381d83b2bb47e593b241 (patch)
tree508a04ffd433fb8c98a78b7c42aca7390835ef3b
parentce0afc1e48e10bf96d9de42a005669db6d41ed16 (diff)
downloadpackages-74e1ebacbf29188a4d41381d83b2bb47e593b241.tar.gz
packages-74e1ebacbf29188a4d41381d83b2bb47e593b241.tar.bz2
packages-74e1ebacbf29188a4d41381d83b2bb47e593b241.tar.xz
packages-74e1ebacbf29188a4d41381d83b2bb47e593b241.zip
user/ppp: [CVE!] Bump to 2.4.8
-rw-r--r--user/ppp/02_all_make-vars.patch185
-rw-r--r--user/ppp/04_all_mpls.patch2
-rw-r--r--user/ppp/10_all_defaultgateway.patch90
-rw-r--r--user/ppp/18_all_defaultmetric.patch104
-rw-r--r--user/ppp/21_all_custom_iface_names.patch144
-rw-r--r--user/ppp/30_all_Makefile.patch37
-rw-r--r--user/ppp/32_all_pado-timeout.patch34
-rw-r--r--user/ppp/50_all_linux-headers.patch28
-rw-r--r--user/ppp/51_all_glibc-2.28.patch110
-rw-r--r--user/ppp/APKBUILD37
-rw-r--r--user/ppp/CVE-2020-8597.patch37
-rw-r--r--user/ppp/adelie.patch9
-rw-r--r--user/ppp/dhcp.patch11
-rw-r--r--user/ppp/musl-fix-headers.patch60
14 files changed, 75 insertions, 813 deletions
diff --git a/user/ppp/02_all_make-vars.patch b/user/ppp/02_all_make-vars.patch
deleted file mode 100644
index 7937d666e..000000000
--- a/user/ppp/02_all_make-vars.patch
+++ /dev/null
@@ -1,185 +0,0 @@
---- ppp-2.4.5/chat/Makefile.linux
-+++ ppp-2.4.5/chat/Makefile.linux
-@@ -10,7 +10,6 @@
- CDEF4= -DFNDELAY=O_NDELAY # Old name value
- CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
-
--COPTS= -O2 -g -pipe
- CFLAGS= $(COPTS) $(CDEFS)
-
- INSTALL= install
-@@ -18,7 +17,7 @@
- all: chat
-
- chat: chat.o
-- $(CC) -o chat chat.o
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^
-
- chat.o: chat.c
- $(CC) -c $(CFLAGS) -o chat.o chat.c
---- ppp-2.4.5/pppd/Makefile.linux
-+++ ppp-2.4.5/pppd/Makefile.linux
-@@ -32,7 +32,7 @@
-
- # CC = gcc
- #
--COPTS = -O2 -pipe -Wall -g
-+COPTS+= -Wall
- LIBS =
-
- # Uncomment the next 2 lines to include support for Microsoft's
---- ppp-2.4.5/pppd/plugins/Makefile.linux
-+++ ppp-2.4.5/pppd/plugins/Makefile.linux
-@@ -1,7 +1,11 @@
- #CC = gcc
--COPTS = -O2 -g
- CFLAGS = $(COPTS) -I.. -I../../include -fPIC
--LDFLAGS = -shared
-+LDFLAGS_PROG := $(LDFLAGS)
-+export LDFLAGS LDFLAGS_PROG
-+LDFLAGS += -shared
-+# need the following option, otherwise linking plugins might fail with undef errors (Gentoo bug 210837)
-+LDFLAGS += -Wl,--allow-shlib-undefined
-+LIBS =
- INSTALL = install
-
- DESTDIR = $(INSTROOT)@DESTDIR@
-@@ -23,7 +27,7 @@
- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
-
- %.so: %.c
-- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^ $(LIBS)
-
- VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h)
-
---- ppp-2.4.5/pppd/plugins/pppoatm/Makefile.linux
-+++ ppp-2.4.5/pppd/plugins/pppoatm/Makefile.linux
-@@ -1,7 +1,5 @@
- #CC = gcc
--COPTS = -O2 -g
- CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
--LDFLAGS = -shared
- INSTALL = install
-
- #***********************************************************************
-@@ -33,7 +31,7 @@
- all: $(PLUGIN)
-
- $(PLUGIN): $(PLUGIN_OBJS)
-- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^ $(LIBS)
-
- install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
---- ppp-2.4.5/pppd/plugins/pppol2tp/Makefile.linux
-+++ ppp-2.4.5/pppd/plugins/pppol2tp/Makefile.linux
-@@ -1,7 +1,5 @@
- #CC = gcc
--COPTS = -O2 -g
- CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
--LDFLAGS = -shared
- INSTALL = install
-
- #***********************************************************************
-@@ -16,7 +14,7 @@
- all: $(PLUGINS)
-
- %.so: %.o
-- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^ $(LIBS)
-
- install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
---- ppp-2.4.5/pppd/plugins/radius/Makefile.linux
-+++ ppp-2.4.5/pppd/plugins/radius/Makefile.linux
-@@ -12,7 +12,7 @@
- INSTALL = install
-
- PLUGIN=radius.so radattr.so radrealms.so
--CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
-+CFLAGS=$(COPTS) -I. -I../.. -I../../../include -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
-
- # Uncomment the next line to include support for Microsoft's
- # MS-CHAP authentication protocol.
-@@ -43,13 +43,13 @@
- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
-
- radius.so: radius.o libradiusclient.a
-- $(CC) -o radius.so -shared radius.o libradiusclient.a
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^
-
- radattr.so: radattr.o
-- $(CC) -o radattr.so -shared radattr.o
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^
-
- radrealms.so: radrealms.o
-- $(CC) -o radrealms.so -shared radrealms.o
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^
-
- CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
- clientid.o sendserver.o lock.o util.o md5.o
---- ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux
-+++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux
-@@ -25,12 +25,11 @@
- # Version is set ONLY IN THE MAKEFILE! Don't delete this!
- RP_VERSION=3.8p
-
--COPTS=-O2 -g
- CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
- all: rp-pppoe.so pppoe-discovery
-
- pppoe-discovery: pppoe-discovery.o debug.o
-- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o
-+ $(CC) $(LDFLAGS_PROG) $(CFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o
-
- pppoe-discovery.o: pppoe-discovery.c
- $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
-@@ -39,7 +38,7 @@
- $(CC) $(CFLAGS) -c -o debug.o debug.c
-
- rp-pppoe.so: plugin.o discovery.o if.o common.o
-- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o rp-pppoe.so plugin.o discovery.o if.o common.o
-
- install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
---- ppp-2.4.5/pppdump/Makefile.linux
-+++ ppp-2.4.5/pppdump/Makefile.linux
-@@ -2,7 +2,7 @@
- BINDIR = $(DESTDIR)/sbin
- MANDIR = $(DESTDIR)/share/man/man8
-
--CFLAGS= -O -I../include/net
-+CFLAGS=$(COPTS) -I../include/net
- OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
-
- INSTALL= install
-@@ -10,7 +10,7 @@
- all: pppdump
-
- pppdump: $(OBJS)
-- $(CC) -o pppdump $(OBJS)
-+ $(CC) $(LDFLAGS) -o pppdump $(OBJS)
-
- clean:
- rm -f pppdump $(OBJS) *~
---- ppp-2.4.5/pppstats/Makefile.linux
-+++ ppp-2.4.5/pppstats/Makefile.linux
-@@ -10,7 +10,6 @@
- PPPSTATOBJS = pppstats.o
-
- #CC = gcc
--COPTS = -O
- COMPILE_FLAGS = -I../include
- LIBS =
-
-@@ -26,7 +25,7 @@
- $(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
-
- pppstats: $(PPPSTATSRCS)
-- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
-+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
-
- clean:
- rm -f pppstats *~ #* core
diff --git a/user/ppp/04_all_mpls.patch b/user/ppp/04_all_mpls.patch
index 54b79f7bd..dd316974e 100644
--- a/user/ppp/04_all_mpls.patch
+++ b/user/ppp/04_all_mpls.patch
@@ -1,6 +1,6 @@
--- ppp-2.4.5/pppd/main.c
+++ ppp-2.4.5/pppd/main.c
-@@ -96,6 +96,9 @@
+@@ -95,6 +95,9 @@
#include "fsm.h"
#include "lcp.h"
#include "ipcp.h"
diff --git a/user/ppp/10_all_defaultgateway.patch b/user/ppp/10_all_defaultgateway.patch
deleted file mode 100644
index 1b7ae6396..000000000
--- a/user/ppp/10_all_defaultgateway.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-This patch reverses revision 1.114 of the pppd/sys-linux.c file.
-The default gateway is needed by the openswan's %defaultroute.
-
---- ppp-2.4.7/pppd/sys-linux.c
-+++ ppp-2.4.7/pppd/sys-linux.c
-@@ -206,7 +206,7 @@
-
- static int if_is_up; /* Interface has been marked up */
- static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */
--static int have_default_route; /* Gateway for default route added */
-+static u_int32_t default_route_gateway; /* Gateway for default route added */
- static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */
- static char proxy_arp_dev[16]; /* Device for proxy arp entry */
- static u_int32_t our_old_addr; /* for detecting address changes */
-@@ -346,8 +346,8 @@
- /*
- * Delete any routes through the device.
- */
-- if (have_default_route)
-- cifdefaultroute(0, 0, 0);
-+ if (default_route_gateway != 0)
-+ cifdefaultroute(0, 0, default_route_gateway);
-
- if (has_proxy_arp)
- cifproxyarp(0, proxy_arp_addr);
-@@ -1621,17 +1621,17 @@
- struct rtentry rt;
-
- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) {
-- if (rt.rt_flags & RTF_GATEWAY)
-- error("not replacing existing default route via %I",
-- SIN_ADDR(rt.rt_gateway));
-- else
-- error("not replacing existing default route through %s",
-- rt.rt_dev);
-+ u_int32_t old_gateway = SIN_ADDR(rt.rt_gateway);
-+
-+ if (old_gateway != gateway)
-+ error("not replacing existing default route to %s [%I]",
-+ rt.rt_dev, old_gateway);
- return 0;
- }
-
-- memset (&rt, 0, sizeof (rt));
-- SET_SA_FAMILY (rt.rt_dst, AF_INET);
-+ memset (&rt, '\0', sizeof (rt));
-+ SET_SA_FAMILY (rt.rt_dst, AF_INET);
-+ SET_SA_FAMILY (rt.rt_gateway, AF_INET);
-
- rt.rt_dev = ifname;
-
-@@ -1640,14 +1640,16 @@
- SIN_ADDR(rt.rt_genmask) = 0L;
- }
-
-- rt.rt_flags = RTF_UP;
-+ SIN_ADDR(rt.rt_gateway) = gateway;
-+
-+ rt.rt_flags = RTF_UP | RTF_GATEWAY;
- if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) {
- if ( ! ok_error ( errno ))
- error("default route ioctl(SIOCADDRT): %m");
- return 0;
- }
-
-- have_default_route = 1;
-+ default_route_gateway = gateway;
- return 1;
- }
-
-@@ -1660,7 +1662,7 @@
- {
- struct rtentry rt;
-
-- have_default_route = 0;
-+ default_route_gateway = 0;
-
- memset (&rt, '\0', sizeof (rt));
- SET_SA_FAMILY (rt.rt_dst, AF_INET);
-@@ -1673,7 +1675,9 @@
- SIN_ADDR(rt.rt_genmask) = 0L;
- }
-
-- rt.rt_flags = RTF_UP;
-+ SIN_ADDR(rt.rt_gateway) = gateway;
-+
-+ rt.rt_flags = RTF_UP | RTF_GATEWAY;
- if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) {
- if (still_ppp()) {
- if ( ! ok_error ( errno ))
diff --git a/user/ppp/18_all_defaultmetric.patch b/user/ppp/18_all_defaultmetric.patch
deleted file mode 100644
index fba787005..000000000
--- a/user/ppp/18_all_defaultmetric.patch
+++ /dev/null
@@ -1,104 +0,0 @@
---- ppp-2.4.5/pppd/options.c
-+++ ppp-2.4.5/pppd/options.c
-@@ -94,6 +94,7 @@
- int kdebugflag = 0; /* Tell kernel to print debug messages */
- int default_device = 1; /* Using /dev/tty or equivalent */
- char devnam[MAXPATHLEN]; /* Device name */
-+int defaultmetric = 0; /* Metric of the default route */
- bool nodetach = 0; /* Don't detach from controlling tty */
- bool updetach = 0; /* Detach once link is up */
- int maxconnect = 0; /* Maximum connect time */
-@@ -289,6 +290,10 @@
- "Number of seconds to wait for child processes at exit",
- OPT_PRIO },
-
-+ { "defaultmetric", o_int, &defaultmetric,
-+ "The metric of the default route",
-+ OPT_LIMITS, 0, 32766 },
-+
- #ifdef HAVE_MULTILINK
- { "multilink", o_bool, &multilink,
- "Enable multilink operation", OPT_PRIO | 1 },
---- ppp-2.4.5/pppd/pppd.8
-+++ ppp-2.4.5/pppd/pppd.8
-@@ -121,6 +121,9 @@
- This entry is removed when the PPP connection is broken. This option
- is privileged if the \fInodefaultroute\fR option has been specified.
- .TP
-+.B defaultmetric \fIn
-+The metric of the default route configured by pppd; default is 0.
-+.TP
- .B disconnect \fIscript
- Execute the command specified by \fIscript\fR, by passing it to a
- shell, after
---- ppp-2.4.5/pppd/pppd.h
-+++ ppp-2.4.5/pppd/pppd.h
-@@ -276,6 +276,7 @@
- extern int kdebugflag; /* Tell kernel to print debug messages */
- extern int default_device; /* Using /dev/tty or equivalent */
- extern char devnam[MAXPATHLEN]; /* Device name */
-+extern int defaultmetric; /* Metric of the default route */
- extern int crtscts; /* Use hardware flow control */
- extern bool modem; /* Use modem control lines */
- extern int inspeed; /* Input/Output speed requested */
---- ppp-2.4.5/pppd/sys-linux.c
-+++ ppp-2.4.5/pppd/sys-linux.c
-@@ -1465,7 +1465,7 @@
- FILE *route_fd = (FILE *) 0;
- static char route_buffer[512];
- static int route_dev_col, route_dest_col, route_gw_col;
--static int route_flags_col, route_mask_col;
-+static int route_flags_col, route_mask_col, route_metric_col;
- static int route_num_cols;
-
- static int open_route_table (void);
-@@ -1508,6 +1508,7 @@
- route_dest_col = 1;
- route_gw_col = 2;
- route_flags_col = 3;
-+ route_metric_col = 6;
- route_mask_col = 7;
- route_num_cols = 8;
-
-@@ -1527,6 +1528,8 @@
- route_gw_col = col;
- else if (strcasecmp(q, "flags") == 0)
- route_flags_col = col;
-+ else if (strcasecmp(q, "metric") == 0)
-+ route_metric_col = col;
- else if (strcasecmp(q, "mask") == 0)
- route_mask_col = col;
- else
-@@ -1569,6 +1572,7 @@
-
- rt->rt_flags = (short) strtoul(cols[route_flags_col], NULL, 16);
- rt->rt_dev = cols[route_dev_col];
-+ rt->rt_metric = (short) strtoul(cols[route_metric_col], NULL, 16);
-
- return 1;
- }
-@@ -1591,6 +1595,8 @@
-
- if (kernel_version > KVERSION(2,1,0) && SIN_ADDR(rt->rt_genmask) != 0)
- continue;
-+ if (rt->rt_metric != defaultmetric) /* consider only routes with the same metric */
-+ continue;
- if (SIN_ADDR(rt->rt_dst) == 0L) {
- result = 1;
- break;
-@@ -1661,6 +1667,7 @@
- SIN_ADDR(rt.rt_gateway) = gateway;
-
- rt.rt_flags = RTF_UP | RTF_GATEWAY;
-+ rt.rt_metric = defaultmetric + 1; /* +1 for binary compatibility */
- if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) {
- if ( ! ok_error ( errno ))
- error("default route ioctl(SIOCADDRT): %m");
-@@ -1696,6 +1703,7 @@
- SIN_ADDR(rt.rt_gateway) = gateway;
-
- rt.rt_flags = RTF_UP | RTF_GATEWAY;
-+ rt.rt_metric = defaultmetric + 1; /* +1 for binary compatibility */
- if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) {
- if (still_ppp()) {
- if ( ! ok_error ( errno ))
diff --git a/user/ppp/21_all_custom_iface_names.patch b/user/ppp/21_all_custom_iface_names.patch
deleted file mode 100644
index 5d3f7b94b..000000000
--- a/user/ppp/21_all_custom_iface_names.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-pppd: Support arbitrary interface names
-
-This patch implements a new string option "ifname" which allows to specify
-fully custom PPP interface names on Linux. It does so by renaming the
-allocated pppX device immediately after it has been created to the requested
-interface name.
-
-Originally written by Suse. Used by openwrt, debian, ubuntu.
-
-Reference:
-
-https://dev.openwrt.org/browser/trunk/package/network/services/ppp/patches/320-custom_iface_names.patch
-
-diff -purN ppp-2.4.7.orig/pppd/main.c ppp-2.4.7/pppd/main.c
---- ppp-2.4.7.orig/pppd/main.c 2016-08-25 15:52:52.032202044 +0200
-+++ ppp-2.4.7/pppd/main.c 2016-08-25 16:22:25.740299940 +0200
-@@ -729,8 +729,11 @@ void
- set_ifunit(iskey)
- int iskey;
- {
-- info("Using interface %s%d", PPP_DRV_NAME, ifunit);
-- slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit);
-+ if (use_ifname[0] == 0)
-+ slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit);
-+ else
-+ slprintf(ifname, sizeof(ifname), "%s", use_ifname);
-+ info("Using interface %s", ifname);
- script_setenv("IFNAME", ifname, iskey);
- if (iskey) {
- create_pidfile(getpid()); /* write pid to file */
-diff -purN ppp-2.4.7.orig/pppd/options.c ppp-2.4.7/pppd/options.c
---- ppp-2.4.7.orig/pppd/options.c 2016-08-25 15:52:52.191194523 +0200
-+++ ppp-2.4.7/pppd/options.c 2016-08-25 16:04:23.335501924 +0200
-@@ -115,6 +115,7 @@ int log_to_fd = 1; /* send log messages
- bool log_default = 1; /* log_to_fd is default (stdout) */
- int maxfail = 10; /* max # of unsuccessful connection attempts */
- char linkname[MAXPATHLEN]; /* logical name for link */
-+char use_ifname[IFNAMSIZ]; /* physical name for PPP link */
- bool tune_kernel; /* may alter kernel settings */
- int connect_delay = 1000; /* wait this many ms after connect script */
- int req_unit = -1; /* requested interface unit */
-@@ -274,6 +275,9 @@ option_t general_options[] = {
- { "linkname", o_string, linkname,
- "Set logical name for link",
- OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXPATHLEN },
-+ { "ifname", o_string, use_ifname,
-+ "Set physical name for PPP interface",
-+ OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, IFNAMSIZ },
-
- { "maxfail", o_int, &maxfail,
- "Maximum number of unsuccessful connection attempts to allow",
-diff -purN ppp-2.4.7.orig/pppd/pppd.h ppp-2.4.7/pppd/pppd.h
---- ppp-2.4.7.orig/pppd/pppd.h 2016-08-25 15:52:52.829164346 +0200
-+++ ppp-2.4.7/pppd/pppd.h 2016-08-25 16:07:12.024522417 +0200
-@@ -71,6 +71,10 @@
- #include "eui64.h"
- #endif
-
-+#ifndef IFNAMSIZ
-+#define IFNAMSIZ 16
-+#endif
-+
- /*
- * Limits.
- */
-@@ -319,6 +323,7 @@ extern char *record_file; /* File to rec
- extern bool sync_serial; /* Device is synchronous serial device */
- extern int maxfail; /* Max # of unsuccessful connection attempts */
- extern char linkname[MAXPATHLEN]; /* logical name for link */
-+extern char use_ifname[IFNAMSIZ]; /* physical name for PPP interface */
- extern bool tune_kernel; /* May alter kernel settings as necessary */
- extern int connect_delay; /* Time to delay after connect script */
- extern int max_data_rate; /* max bytes/sec through charshunt */
-diff -purN ppp-2.4.7.orig/pppd/sys-linux.c ppp-2.4.7/pppd/sys-linux.c
---- ppp-2.4.7.orig/pppd/sys-linux.c 2016-08-25 15:52:52.268190881 +0200
-+++ ppp-2.4.7/pppd/sys-linux.c 2016-08-25 16:12:13.905242396 +0200
-@@ -172,6 +172,10 @@ struct in6_ifreq {
- /* We can get an EIO error on an ioctl if the modem has hung up */
- #define ok_error(num) ((num)==EIO)
-
-+#if !defined(PPP_DRV_NAME)
-+#define PPP_DRV_NAME "ppp"
-+#endif /* !defined(PPP_DRV_NAME) */
-+
- static int tty_disc = N_TTY; /* The TTY discipline */
- static int ppp_disc = N_PPP; /* The PPP discpline */
- static int initfdflags = -1; /* Initial file descriptor flags for fd */
-@@ -644,7 +648,8 @@ void generic_disestablish_ppp(int dev_fd
- */
- static int make_ppp_unit()
- {
-- int x, flags;
-+ struct ifreq ifr;
-+ int x, flags, s;
-
- if (ppp_dev_fd >= 0) {
- dbglog("in make_ppp_unit, already had /dev/ppp open?");
-@@ -667,6 +672,30 @@ static int make_ppp_unit()
- }
- if (x < 0)
- error("Couldn't create new ppp unit: %m");
-+
-+ if (use_ifname[0] != 0) {
-+ s = socket(PF_INET, SOCK_DGRAM, 0);
-+ if (s < 0)
-+ s = socket(PF_PACKET, SOCK_DGRAM, 0);
-+ if (s < 0)
-+ s = socket(PF_INET6, SOCK_DGRAM, 0);
-+ if (s < 0)
-+ s = socket(PF_UNIX, SOCK_DGRAM, 0);
-+ if (s >= 0) {
-+ slprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", PPP_DRV_NAME, ifunit);
-+ slprintf(ifr.ifr_newname, sizeof(ifr.ifr_newname), "%s", use_ifname);
-+ x = ioctl(s, SIOCSIFNAME, &ifr);
-+ close(s);
-+ } else {
-+ x = s;
-+ }
-+ if (x < 0) {
-+ error("Couldn't rename %s to %s", ifr.ifr_name, ifr.ifr_newname);
-+ close(ppp_dev_fd);
-+ ppp_dev_fd = -1;
-+ }
-+ }
-+
- return x;
- }
-
-diff -purN ppp-2.4.7.orig/pppstats/pppstats.c ppp-2.4.7/pppstats/pppstats.c
---- ppp-2.4.7.orig/pppstats/pppstats.c 2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7/pppstats/pppstats.c 2016-08-25 16:13:52.623572634 +0200
-@@ -506,10 +506,12 @@ main(argc, argv)
- if (argc > 0)
- interface = argv[0];
-
-+#if 0
- if (sscanf(interface, PPP_DRV_NAME "%d", &unit) != 1) {
- fprintf(stderr, "%s: invalid interface '%s' specified\n",
- progname, interface);
- }
-+#endif
-
- #ifndef STREAMS
- {
diff --git a/user/ppp/30_all_Makefile.patch b/user/ppp/30_all_Makefile.patch
deleted file mode 100644
index 165fc7b22..000000000
--- a/user/ppp/30_all_Makefile.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Ensure that the build process aborts if there is an error in one of
-the plugin subdirectories.
-
-2010-09-01 Martin von Gagern
-
-References:
-http://bugs.gentoo.org/334727
-
-Index: ppp-2.4.5/pppd/plugins/Makefile.linux
-===================================================================
---- ppp-2.4.5/pppd/plugins/Makefile.linux
-+++ ppp-2.4.5/pppd/plugins/Makefile.linux
-@@ -20,7 +20,7 @@ include .depend
- endif
-
- all: $(PLUGINS)
-- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
-+ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit $?; done
-
- %.so: %.c
- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
-@@ -30,12 +30,12 @@ VERSION = $(shell awk -F '"' '/VERSION/
- install: $(PLUGINS)
- $(INSTALL) -d $(LIBDIR)
- $(INSTALL) $? $(LIBDIR)
-- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d install; done
-+ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d install || exit $?; done
-
- clean:
- rm -f *.o *.so *.a
-- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d clean; done
-+ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d clean || exit $?; done
-
- depend:
- $(CPP) -M $(CFLAGS) *.c >.depend
-- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d depend; done
-+ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d depend || exit $?; done
diff --git a/user/ppp/32_all_pado-timeout.patch b/user/ppp/32_all_pado-timeout.patch
index 72f1adbb1..e17658456 100644
--- a/user/ppp/32_all_pado-timeout.patch
+++ b/user/ppp/32_all_pado-timeout.patch
@@ -218,37 +218,3 @@
/* Is it PADS? */
if (packet.code == CODE_PADS) {
/* Parse for goodies */
---- ppp-2.4.6/pppd/plugins/rp-pppoe/pppoe-discovery.c
-+++ ppp-2.4.6/pppd/plugins/rp-pppoe/pppoe-discovery.c
-@@ -14,6 +14,7 @@
- #include <unistd.h>
- #include <errno.h>
- #include <string.h>
-+#include <time.h>
-
- #include "pppoe.h"
-
-@@ -513,6 +514,8 @@
- struct timeval tv;
- PPPoEPacket packet;
- int len;
-+ time_t start, now;
-+ int time_remain;
-
- struct PacketCriteria pc;
- pc.conn = conn;
-@@ -522,9 +525,13 @@
- pc.seenServiceName = 0;
- conn->error = 0;
-
-+ time(&start);
- do {
-+ time(&now);
-+ time_remain = timeout - (int)difftime(now, start);
-+ if (time_remain <= 0) return; /* Timed out */
- if (BPF_BUFFER_IS_EMPTY) {
-- tv.tv_sec = timeout;
-+ tv.tv_sec = time_remain;
- tv.tv_usec = 0;
-
- FD_ZERO(&readable);
diff --git a/user/ppp/50_all_linux-headers.patch b/user/ppp/50_all_linux-headers.patch
deleted file mode 100644
index cd2adbead..000000000
--- a/user/ppp/50_all_linux-headers.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-the linux headers have started adding shims to not define types or structs
-when C lib headers are active, but in order to work, the C lib headers have
-to be included before the linux headers.
-
-move the netinet/in.h include up above the linux/ includes.
-
-Mike Frysinger <vapier@gentoo.org>
-
---- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
-@@ -47,6 +47,8 @@
- #include <sys/socket.h>
- #endif
-
-+#include <netinet/in.h>
-+
- /* Ugly header files on some Linux boxes... */
- #if defined(HAVE_LINUX_IF_H)
- #include <linux/if.h>
-@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
- #include <linux/if_ether.h>
- #endif
-
--#include <netinet/in.h>
--
- #ifdef HAVE_NETINET_IF_ETHER_H
- #include <sys/types.h>
-
diff --git a/user/ppp/51_all_glibc-2.28.patch b/user/ppp/51_all_glibc-2.28.patch
deleted file mode 100644
index cbb5857a7..000000000
--- a/user/ppp/51_all_glibc-2.28.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Fri, 6 Apr 2018 14:27:18 +0200
-Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
-libcrypt. The libxcrypt standalone package can be used instead, but
-it dropped the old setkey/encrypt API which ppp uses for DES. There
-is support for using openssl in pppcrypt.c, but it contains typos
-preventing it from compiling and seems to be written for an ancient
-openssl version.
-
-This updates the code to use current openssl.
-
-[paulus@ozlabs.org - wrote the commit description, fixed comment in
- Makefile.linux.]
-
-Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
----
- pppd/Makefile.linux | 7 ++++---
- pppd/pppcrypt.c | 18 +++++++++---------
- 2 files changed, 13 insertions(+), 12 deletions(-)
-
-diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index 36d2b036..8d5ce99d 100644
---- a/pppd/Makefile.linux
-+++ b/pppd/Makefile.linux
-@@ -35,10 +35,10 @@ endif
- COPTS = -O2 -pipe -Wall -g
- LIBS =
-
--# Uncomment the next 2 lines to include support for Microsoft's
-+# Uncomment the next line to include support for Microsoft's
- # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
- CHAPMS=y
--USE_CRYPT=y
-+#USE_CRYPT=y
- # Don't use MSLANMAN unless you really know what you're doing.
- #MSLANMAN=y
- # Uncomment the next line to include support for MPPE. CHAPMS (above) must
-@@ -137,7 +137,8 @@ endif
-
- ifdef NEEDDES
- ifndef USE_CRYPT
--LIBS += -ldes $(LIBS)
-+CFLAGS += -I/usr/include/openssl
-+LIBS += -lcrypto
- else
- CFLAGS += -DUSE_CRYPT=1
- endif
-diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
-index 8b85b132..6b35375e 100644
---- a/pppd/pppcrypt.c
-+++ b/pppd/pppcrypt.c
-@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
- des_key[7] = Get7Bits(key, 49);
-
- #ifndef USE_CRYPT
-- des_set_odd_parity((des_cblock *)des_key);
-+ DES_set_odd_parity((DES_cblock *)des_key);
- #endif
- }
-
-@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
- }
-
- #else /* USE_CRYPT */
--static des_key_schedule key_schedule;
-+static DES_key_schedule key_schedule;
-
- bool
- DesSetkey(key)
- u_char *key;
- {
-- des_cblock des_key;
-+ DES_cblock des_key;
- MakeKey(key, des_key);
-- des_set_key(&des_key, key_schedule);
-+ DES_set_key(&des_key, &key_schedule);
- return (1);
- }
-
- bool
--DesEncrypt(clear, key, cipher)
-+DesEncrypt(clear, cipher)
- u_char *clear; /* IN 8 octets */
- u_char *cipher; /* OUT 8 octets */
- {
-- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
-- key_schedule, 1);
-+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
-+ &key_schedule, 1);
- return (1);
- }
-
-@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
- u_char *cipher; /* IN 8 octets */
- u_char *clear; /* OUT 8 octets */
- {
-- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
-- key_schedule, 0);
-+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
-+ &key_schedule, 0);
- return (1);
- }
-
diff --git a/user/ppp/APKBUILD b/user/ppp/APKBUILD
index c99d82171..82545b0f7 100644
--- a/user/ppp/APKBUILD
+++ b/user/ppp/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: A. Wilcox <awilfox@adelielinux.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=ppp
-pkgver=2.4.7
+pkgver=2.4.8
pkgrel=0
pkgdesc="Point-to-Point Protocol (PPP) implementation for serial networking"
url="https://ppp.samba.org/"
@@ -11,32 +11,26 @@ license="BSD-4-Clause AND GPL-2.0-only AND GPL-2.0+ AND zlib AND LGPL-2.0+"
depends=""
makedepends="bsd-compat-headers linux-pam-dev libpcap-dev openssl-dev utmps-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-openrc"
-source="https://download.samba.org/pub/ppp/ppp-$pkgver.tar.gz
+source="https://github.com/paulusmack/ppp/archive/ppp-$pkgver.tar.gz
http://distfiles.gentoo.org/distfiles/ppp-dhcpc.tgz
- 02_all_make-vars.patch
03_all_use_internal_logwtmp.patch
04_all_mpls.patch
06_all_killaddr-smarter.patch
08_all_wait-children.patch
- 10_all_defaultgateway.patch
12_all_linkpidfile.patch
16_all_auth-fail.patch
- 18_all_defaultmetric.patch
19_all_radius_pid_overflow.patch
20_all_dev-ppp.patch
- 21_all_custom_iface_names.patch
24_all_passwordfd-read-early.patch
26_all_pppd-usepeerwins.patch
28_all_connect-errors.patch
- 30_all_Makefile.patch
32_all_pado-timeout.patch
34_all_lcp-echo-adaptive.patch
- 50_all_linux-headers.patch
- 51_all_glibc-2.28.patch
80_all_eaptls-mppe-1.101a.patch
85_all_dhcp-make-vars.patch
86_all_dhcp-sys_error_to_strerror.patch
adelie.patch
+ CVE-2020-8597.patch
dhcp.patch
install-path.patch
musl-fix-headers.patch
@@ -46,6 +40,11 @@ source="https://download.samba.org/pub/ppp/ppp-$pkgver.tar.gz
ppp.pamd
pppd.initd
"
+builddir="$srcdir"/ppp-ppp-$pkgver
+
+# secfixes:
+# 2.4.8-r0:
+# - CVE-2020-8597
prepare() {
mv "$srcdir"/dhcp "$builddir"/pppd/plugins
@@ -91,35 +90,29 @@ package() {
install -Dm 0755 "$srcdir"/pppd.initd "$pkgdir"/etc/init.d/pppd
}
-sha512sums="e34ce24020af6a73e7a26c83c4f73a9c83fa455b7b363794dba27bf01f70368be06bff779777843949bd77f4bc9385d6ad455ea48bf8fff4e0d73cc8fef16ae2 ppp-2.4.7.tar.gz
+sha512sums="a99b3b6c7bd80cd133bda4e29d33c793a76f3b67e1f8db774547e88932ce29564fad390a4f51d3fe30a75e006499b95000b042ae0f64cd360548426f8091a478 ppp-2.4.8.tar.gz
aeaf791b14f5a09c0e2079072a157e65132cbff46e608bc0724e6a5827a01da934f5006e2774eb7105f83e607a52cb4987238f4385cf6f5cc86cbe305a556738 ppp-dhcpc.tgz
-8444d7edfe902a83f6cce96d29b9b7fb45ac68bdbe44494797d2a98470b80017489d36feb50cf945cbe72486bac69f45b23790e15cfbd33e07913a857ee80ab7 02_all_make-vars.patch
4c4a5cc6fd8ce3203c41ff07fc0ce5f0468985c779fe05030898d36c404d2086ce7a49336ac58e6502fc2fd14c4de9006028fe19c500d2cac890a16a55c723e8 03_all_use_internal_logwtmp.patch
-1d63795949da00a19712aef39a54f338183b6917b246083e04a0b9ee43d346af5adeeb9357cb165587722790fa19b13375d55008646a4e9e2acdf8724bf3c7cc 04_all_mpls.patch
+df263b6a8395be1f3aa0a87aca8fe7bcda1395208df8df73de98decdb59a70a67242a4f7a7227db2c4b470fc1b44d771967d8c91c16cfaffaa3eb41110dc3b28 04_all_mpls.patch
b49086401c1b395ee6caba0418272b2d1b2ab9dcf6f1fc7e7f1280e94fcf17c8fdb884a19f4ef911bd7849a9cceb4cc07fc75438726340cd8c17265d4c2bd4d8 06_all_killaddr-smarter.patch
807707ee9795ef4300b92bacdeba6b9e7332b6ce5a355de3ce77ddcc6dafce069f024131fd3ef282e38be3499e4230ad50fdda2b96e00891f5df1696234b775b 08_all_wait-children.patch
-c084237458ceb8704541f6e8424855788dbc2883559c4bf1ff35060e277c2b2ddfadcdb6dedc0bf42a5e83e98cfe7241fae8f6dc59d1ed963ed50356c9fd83ed 10_all_defaultgateway.patch
122b9e3dbc3a9accacb31c653b3c0d368e8cdf3d954a6c93d04ac26ca8f3cb5bfcf8a01881d1cf08e855a1d2d0bd86e7fadba22bb5ada1a86f78e6b9820e6687 12_all_linkpidfile.patch
3a23ef3619b2840eb3f1f7e14bd4765526b09acdfa8ab4d659ad8525a6f96d0cfb7c9fef042cde99ba1de8cf5caa74faa32e2a988453b4b17a70d5cc9a4bcf41 16_all_auth-fail.patch
-24b2cf579844bb9e1c0360227a5d35c3510471c0de6f16031d5e192d0ae7b1913aba93c2d99ea5fd3724deb6754f9831c1adb30671a31617268c77c65fc8beaf 18_all_defaultmetric.patch
9fdb3346ef13b250f91f1af55c0efa0f836a60abe9e62fceed30df4e431a3bccdd33b083c2662c45e2091085438ba2221cdc4ae51fc1b05a666d77f74d461214 19_all_radius_pid_overflow.patch
82c80701095a2d9707afbf5fc29bdf2fc3f92252b7de5de1d639f8607096a9d34ce90ffd0a2f770512b590a27dec56f2b03e5e9f4c9e56e1f362a2387d9fb568 20_all_dev-ppp.patch
-314e0939b546af5229db34888284a06e07d7b4c94190bf95d4382d3ff39935f18ecc6172f62309e4f63a00fdfceca73d908da8d82c95fd0b926b1832968ee3cc 21_all_custom_iface_names.patch
2508cf1285a086c917ba5deffc96c1c29a511f1c1a0ef94c811b2bf139aed0218f34d7c1f1004890e105c47dffc5834a049dbe7686611d0fc8b8607ccdc86105 24_all_passwordfd-read-early.patch
3eb55fb681e7fecf4e09b53683f509d2db3779599dd60fb89f88cd644c92d779f4720114546ba458262e8239581061e4a450143338c4725ada18b7ca314e12b0 26_all_pppd-usepeerwins.patch
2e0bd81124bcd7c1234089f11e0b607b19047d279dc436ced3a4b8d793bcee4fcececd948b6a0755a02f68542c5c5e30b6f8541f90b998c09da8d50362827520 28_all_connect-errors.patch
-e495a489ee98258a3a4549127faca2c41feff27dff296065c2e41bfc696ced2ad1062ea0aa5bf3cc2425c85b4494ebbcbaaabacd8a3ea8ce8fab28acea028336 30_all_Makefile.patch
-77c0585b46f4fc090a67198d800d67dab2ce75eadcf2153c6e800e274b53ced6b512fd6eb4767c632f765bacd6c332f8d2a68233abb3781d6c62321d6bbb6052 32_all_pado-timeout.patch
+32c77c938cd607e44bd358cbc3f0eaf99178084d936bf8e6b8aeb20e881ac9d734008cfb93ff3b1fd2783dae0c46e963c3ee1d1b128712b4ba342db069e26636 32_all_pado-timeout.patch
0bd928f45708f10835250fd6a6162f6e148dca172c810511c1f4b1fe56602c4869e7f622e95a3f4a41e5502ddefd0cf6054cd57211bc83426d5da5b5f10dac26 34_all_lcp-echo-adaptive.patch
-cda8e347eef7f26589cf1a12243f4d77de34d5736e3cb04fda9063adc0d931ef7ec7dbb2f142f1dfabc6d3ee04a252d2dd67d2c99ad9c01f2bd343bec88abe97 50_all_linux-headers.patch
-fc012971a062456fa4e253f5b4a5e2ce56ae1852293d0245ecfd165ba162fa76ec2c28e1035dd89de3e9d43941d528e2d95a40552eb8037a5ba084c1717c20d1 51_all_glibc-2.28.patch
977b247e87557c4c57a871470c40670457e285ca59357dabab854ab16cc5578526ddf880410aa2efc7078e16d32d7afea4b69928af14ac4449523f6a591284f1 80_all_eaptls-mppe-1.101a.patch
2d294bfe455648949cedb47a12a07913f0395aadbe2566c1e90d70fc37baa8635a667ab45195a697567f8d52de88771c499adffee82cde2e9e318ed858b6007b 85_all_dhcp-make-vars.patch
44d5528c057d0abf2b45ba04943a52b6b94209434a06aa565f8a74acdd660efd86fe13280d540383168eaedad9f627673410bb8468860b64adb3145030e12889 86_all_dhcp-sys_error_to_strerror.patch
-2ba9ba8856e569c204a0e058a3e7a4a74f331118cb33bbca445a87b54bb0e4f0da2a968df5f394633911603359284831a80a4d9c793d795eef8477d00bab63f1 adelie.patch
-6d38f9779945bce2277f2d52d66dd79d2696f02c44186e1750d236f2d77d692746a8e8c164d925d5bb32dbfd02a723cabb59304f05954e0b5f7adada208ee220 dhcp.patch
+350ed598c9690aa2f357ead34eb17a67dc5e34a5bd7529809288c5e0151728882158f32734041f2005413ac701db84d76501edabdcc6c64750dfce2927e2aa2a adelie.patch
+e5638fd6e7b573552a7354fad3c91a8bde86760fb17d510e7e925ee8c1f60f7d39efe95134cb0a1c46b1e9fb14c987f224b4adbb1f3c75633b2bea0eccaff7c6 CVE-2020-8597.patch
+6d22e4b601dd3eabd55751408b03c4036815ca64184f9c9f07f2368d2f5a6a9081ce7a88e5c7d5ee60708c430c9cf55070e105ce00adb1325b60cddada4bf562 dhcp.patch
fb4ae2c2ba4ecdd1c85f6e5f730fd9659cf1fbc7a8a004b09042adafee7e4af6238df8deb3dbd3dc9c69407d9ebc4c82e1792a43b4aaf8ac18ebe18268b50597 install-path.patch
-2f071ea9db15e4abf1bed6cce8130dc81b710a31bfef5fa8f9370c353f845dbc47674b1551b8e040478e5156add6f98d480530206125e8bb308f0f4288d1eec6 musl-fix-headers.patch
+ba240d483ada6865bf52497ce00cb9ae8d750e8f650e501d0d068b132d364ae4d09ac2e290b903e246aa35d33cf984aa29a6be41906df355b1c1e2b7637dc8b0 musl-fix-headers.patch
723ff3dd0aee13f9878559aa433b314af6043523a2bafd5957258809a645942f7d34b5bd659869a1528cf7b1a462ad7cc2dbf18e7986220f5f685f2c1ea1d36b utmpx.patch
58bf5d6d286a08bd6dd595b39ee425efedd5745dddf33a9c90505891546eb46f4cf1306d83911bef61bc4611816aa0f6aef5d3e0f14c2f4ddd0a588780570041 ppp.mod
e30a397392d467ac3c78f6533f3adff5de7d38f0372d8d6f7b186db4ec69ddf12463d467d8a86eb5867effeb7dd6bd16942a98fb3a3ab59ff754a123e16d0938 ppp.pamd
diff --git a/user/ppp/CVE-2020-8597.patch b/user/ppp/CVE-2020-8597.patch
new file mode 100644
index 000000000..5d7c51bca
--- /dev/null
+++ b/user/ppp/CVE-2020-8597.patch
@@ -0,0 +1,37 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname). This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f56..1b93db01 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
diff --git a/user/ppp/adelie.patch b/user/ppp/adelie.patch
index 06bb6edf9..a89dd4063 100644
--- a/user/ppp/adelie.patch
+++ b/user/ppp/adelie.patch
@@ -1,14 +1,5 @@
--- ppp-2.4.7/pppd/Makefile.linux.old 2019-05-09 20:32:30.959257140 +0000
+++ ppp-2.4.7/pppd/Makefile.linux 2019-05-09 20:34:48.964184093 +0000
-@@ -32,7 +32,7 @@
-
- # CC = gcc
- #
--COPTS+= -Wall
-+COPTS+= -Wall -D_GNU_SOURCE
- LIBS =
-
- # Uncomment the next line to include support for Microsoft's
@@ -61,14 +61,14 @@
USE_TDB=y
diff --git a/user/ppp/dhcp.patch b/user/ppp/dhcp.patch
index 611882326..8ef76d2a0 100644
--- a/user/ppp/dhcp.patch
+++ b/user/ppp/dhcp.patch
@@ -322,3 +322,14 @@ diff -Naur ppp-2.4.7/pppd/plugins/dhcp.old/socket.h ppp-2.4.7/pppd/plugins/dhcp/
all: $(PLUGIN)
+--- ppp-ppp-2.4.8/pppd/plugins/dhcp/Makefile.linux.old 2020-02-26 04:02:43.528569753 +0000
++++ ppp-ppp-2.4.8/pppd/plugins/dhcp/Makefile.linux 2020-02-26 04:03:07.425957036 +0000
+@@ -14,7 +14,7 @@
+ $(INSTALL) -s -c -m 755 dhcpc.so $(LIBDIR)
+
+ dhcpc.so: dhcpc.o clientpacket.o packet.o socket.o options.o
+- $(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^
++ $(CC) $(LDFLAGS) -shared $(CFLAGS) -o $@ $^
+
+
+ clean:
diff --git a/user/ppp/musl-fix-headers.patch b/user/ppp/musl-fix-headers.patch
index d24f62896..5b26fc29c 100644
--- a/user/ppp/musl-fix-headers.patch
+++ b/user/ppp/musl-fix-headers.patch
@@ -28,14 +28,13 @@ diff --git a/pppd/magic.h b/pppd/magic.h
index c81213b..305aece 100644
--- a/pppd/magic.h
+++ b/pppd/magic.h
-@@ -42,6 +42,8 @@
- * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $
+@@ -43,5 +43,7 @@
*/
+#include <sys/cdefs.h>
+
- void magic_init __P((void)); /* Initialize the magic number generator */
- u_int32_t magic __P((void)); /* Returns the next magic number */
+ void magic_init (void); /* Initialize the magic number generator */
+ u_int32_t magic (void); /* Returns the next magic number */
diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
index 91e9a57..9c0fac3 100644
@@ -88,50 +87,13 @@ index 3d3bf4e..b5f82d3 100644
/* Initialize frame types to RFC 2516 values. Some broken peers apparently
use different frame types... sigh... */
-diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
-index 9ab2eee..4d68147 100644
---- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
-@@ -86,18 +86,6 @@ typedef unsigned long UINT32_t;
-
- #include <netinet/in.h>
-
--#ifdef HAVE_NETINET_IF_ETHER_H
--#include <sys/types.h>
--
--#ifdef HAVE_SYS_SOCKET_H
--#include <sys/socket.h>
--#endif
--#ifndef HAVE_SYS_DLPI_H
--#include <netinet/if_ether.h>
--#endif
--#endif
--
--
-
- /* Ethernet frame types according to RFC 2516 */
- #define ETH_PPPOE_DISCOVERY 0x8863
-diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
-index 6d71530..86d224e 100644
---- a/pppd/sys-linux.c
-+++ b/pppd/sys-linux.c
-@@ -102,19 +102,11 @@
- #define MAX_ADDR_LEN 7
- #endif
-
--#if __GLIBC__ >= 2
- #include <asm/types.h> /* glibc 2 conflicts with linux/types.h */
- #include <net/if.h>
- #include <net/if_arp.h>
- #include <net/route.h>
- #include <netinet/if_ether.h>
--#else
--#include <linux/types.h>
--#include <linux/if.h>
--#include <linux/if_arp.h>
--#include <linux/route.h>
--#include <linux/if_ether.h>
--#endif
+--- ppp-ppp-2.4.8/pppd/plugins/rp-pppoe/pppoe.h.old 2019-12-31 01:31:26.000000000 +0000
++++ ppp-ppp-2.4.8/pppd/plugins/rp-pppoe/pppoe.h 2020-02-26 04:01:48.414595401 +0000
+@@ -46,6 +46,7 @@
+ /* This has to be included before Linux 4.8's linux/in.h
+ * gets dragged in. */
#include <netinet/in.h>
- #include <arpa/inet.h>
++#include <netinet/if_ether.h>
+ /* Ugly header files on some Linux boxes... */
+ #if defined(HAVE_LINUX_IF_H)