packages/ppp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:2ee97dccd04bb6b8fbfc5db16f9ddcea45748bba
Branches Tags
packages:main
..
compare: packages:b2c7afcc82b993919a55ad811b47f3278a09a693
Branches Tags
packages:main

No commits in common. "2ee97dccd04bb6b8fbfc5db16f9ddcea45748bba" and "b2c7afcc82b993919a55ad811b47f3278a09a693" have entirely different histories.
2ee97dccd0 ... b2c7afcc82

5 changed files with 47 additions and 302 deletions
Show Stats Expand all files Collapse all files

95
backport-0027-Set-LIBDIR-for-RISCV.patch
View File

@ -10,101 +10,92 @@ an RISC-V host.
Signed-off-by: whoisxxx <zhangxuzhou4@huawei.com>
---
rebased-by: laokz <zhangkai@iscas.ac.cn>
pppd/Makefile.linux | 2 +-
pppd/plugins/Makefile.linux | 2 +-
pppd/plugins/pppoatm/Makefile.linux | 2 +-
pppd/plugins/pppol2tp/Makefile.linux | 2 +-
pppd/plugins/radius/Makefile.linux | 2 +-
pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 07df6a7..7dd3a1b 100644
index c1cf794..da8718d 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -12,7 +12,11 @@ DESTDIR = $(INSTROOT)@DESTDIR@
@@ -8,7 +8,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
INCDIR = $(DESTDIR)/include
+ifeq ($(filter riscv64%,$(MAKE_HOST)),)
LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)
+else
-LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)
+LIBDIR = $(DESTDIR)/lib64
+endif
TARGETS = pppd
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index f42d18c..958923f 100644
index cf73fa9..0ed5168 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -5,7 +5,11 @@ COPTS=@CFLAGS@
@@ -10,7 +10,7 @@ CFLAGS += -DUSE_EAPTLS=1
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
+ifeq ($(filter riscv64%,$(MAKE_HOST)),)
LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+else
-LIBDIR = $(DESTDIR)/lib/$(shell $(CC) -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
+endif
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS_SHARED = -shared
SUBDIRS := rp-pppoe pppoatm pppol2tp
# Uncomment the next line to include the radius authentication plugin
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 6387970..daaaa4e 100644
index 1961e0e..a538eef 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -4,7 +4,11 @@ CC=$(CROSS_COMPILE)@CC@
COPTS=@CFLAGS@
@@ -7,7 +7,7 @@ INSTALL = install
#***********************************************************************
DESTDIR = $(INSTROOT)@DESTDIR@
+ifeq ($(filter riscv64%,$(MAKE_HOST)),)
LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+else
-LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
+endif
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index 6cb8397..af5f9fb 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -19,7 +19,11 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
+ifeq ($(filter riscv64%,$(MAKE_HOST)),)
LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
+else
+LIBDIR = $(DESTDIR)/lib64/pppd/$(PPPDVERSION)
+endif
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index e4442f9..d9ae2ca 100644
index 7b23b25..225a4a9 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -4,7 +4,11 @@ CC=$(CROSS_COMPILE)@CC@
COPTS=@CFLAGS@
@@ -7,7 +7,7 @@ INSTALL = install
#***********************************************************************
DESTDIR = $(INSTROOT)/@DESTDIR@
+ifeq ($(filter riscv64%,$(MAKE_HOST)),)
LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+else
DESTDIR = $(INSTROOT)@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
+endif
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index d2ef044..1ccc171 100644
index 2150332..ff0e8f3 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -9,7 +9,11 @@ COPTS=@CFLAGS@
@@ -5,7 +5,7 @@
DESTDIR = $(INSTROOT)@DESTDIR@
MANDIR = $(DESTDIR)/share/man/man8
+ifeq ($(filter riscv64%,$(MAKE_HOST)),)
LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+else
-LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
+endif
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index 5f79284..bd95832 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -17,7 +17,7 @@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
+LIBDIR = $(DESTDIR)/lib64/pppd/$(PPPDVERSION)
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
--
2.23.0

45
backport-CVE-2022-4603.patch
View File

@ -1,45 +0,0 @@
From a75fb7b198eed50d769c80c36629f38346882cbf Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Thu, 4 Aug 2022 12:23:08 +1000
Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer
This fixes a potential vulnerability where data is written to spkt.buf
and rpkt.buf without a check on the array index. To fix this, we
check the array index (pkt->cnt) before storing the byte or
incrementing the count. This also means we no longer have a potential
signed integer overflow on the increment of pkt->cnt.
Fortunately, pppdump is not used in the normal process of setting up a
PPP connection, is not installed setuid-root, and is not invoked
automatically in any scenario that I am aware of.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
pppdump/pppdump.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
index 2b815fc9..b85a8627 100644
--- a/pppdump/pppdump.c
+++ b/pppdump/pppdump.c
@@ -297,6 +297,10 @@ dumpppp(f)
printf("%s aborted packet:\n ", dir);
q = " ";
}
+ if (pkt->cnt >= sizeof(pkt->buf)) {
+ printf("%s over-long packet truncated:\n ", dir);
+ q = " ";
+ }
nb = pkt->cnt;
p = pkt->buf;
pkt->cnt = 0;
@@ -400,7 +404,8 @@ dumpppp(f)
c ^= 0x20;
pkt->esc = 0;
}
- pkt->buf[pkt->cnt++] = c;
+ if (pkt->cnt < sizeof(pkt->buf))
+ pkt->buf[pkt->cnt++] = c;
break;
}
}

84
backport-add-fclose-operation-to-fix-file-pointer-not-closed.patch
View File

@ -1,84 +0,0 @@
From 883a65eee0ea9de6aa843614bc2a97bc1dd3ccd2 Mon Sep 17 00:00:00 2001
From: Bmo <35866749+XWwalker@users.noreply.github.com>
Date: Sat, 18 Mar 2023 06:20:43 +0800
Subject: [PATCH] radius plugin: add fclose operation to fix file pointer not
closed after use (#401)
Signed-off-by: Wei Xing <skyxwwalker@gmail.com>
Co-authored-by: Wei Xing <skyxwwalker@gmail.com>
Conflict: NA
Reference: https://github.com/ppp-project/ppp/commit/883a65eee0ea9de6aa843614bc2a97bc1dd3ccd2
---
pppd/plugins/radius/clientid.c | 2 ++
pppd/plugins/radius/config.c | 6 ++++++
2 files changed, 8 insertions(+)
diff --git a/pppd/plugins/radius/clientid.c b/pppd/plugins/radius/clientid.c
index b1bbc474..eea51650 100644
--- a/pppd/plugins/radius/clientid.c
+++ b/pppd/plugins/radius/clientid.c
@@ -68,6 +68,7 @@ int rc_read_mapfile(char *filename)
if ((p = (struct map2id_s *)malloc(sizeof(*p))) == NULL) {
novm("rc_read_mapfile");
+ fclose(mapfd);
return (-1);
}
@@ -79,6 +80,7 @@ int rc_read_mapfile(char *filename)
} else {
error("rc_read_mapfile: malformed line in %s, line %d", filename, lnr);
+ fclose(mapfd);
return (-1);
}
diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c
index 47c172cc..39744fca 100644
--- a/pppd/plugins/radius/config.c
+++ b/pppd/plugins/radius/config.c
@@ -212,6 +212,7 @@ int rc_read_config(char *filename)
if ((pos = strcspn(p, "\t ")) == 0) {
error("%s: line %d: bogus format: %s", filename, line, p);
+ fclose(configfd);
return (-1);
}
@@ -224,6 +225,7 @@ int rc_read_config(char *filename)
if (option->status != ST_UNDEF) {
error("%s: line %d: duplicate option line: %s", filename, line, p);
+ fclose(configfd);
return (-1);
}
@@ -234,18 +236,22 @@ int rc_read_config(char *filename)
switch (option->type) {
case OT_STR:
if (set_option_str(filename, line, option, p) < 0)
+ fclose(configfd);
return (-1);
break;
case OT_INT:
if (set_option_int(filename, line, option, p) < 0)
+ fclose(configfd);
return (-1);
break;
case OT_SRV:
if (set_option_srv(filename, line, option, p) < 0)
+ fclose(configfd);
return (-1);
break;
case OT_AUO:
if (set_option_auo(filename, line, option, p) < 0)
+ fclose(configfd);
return (-1);
break;
default:

86
backport-pppd-Negotiate-IP-address-when-only-peer-addresses-are-provided.patch
View File

@ -1,86 +0,0 @@
From a2094eba2406392a7bb69b436155e2d08ea555e8 Mon Sep 17 00:00:00 2001
From: pali <7141871+pali@users.noreply.github.com>
Date: Tue, 26 Jan 2021 03:55:25 +0100
Subject: [PATCH] pppd: Negotiate IP address when only peer addresses are
provided (#236)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes special case when both ppp ends are configured to send only IP
address of other side and do not send its own IP address. Such setup is
correct because both ends can exchange its IP addresses and therefore they
have full information, they known both local and remote address.
This issue can be triggered by calling pppd with arguments:
./pppd debug local noauth nolock nodetach asyncmap 0 default-asyncmap novj noaccomp nopcomp nodeflate nobsdcomp nomagic noipv6 noipdefault nosendip :10.0.0.1 pty "./pppd debug local noauth nolock nodetach asyncmap 0 default-asyncmap novj noaccomp nopcomp nodeflate nobsdcomp nomagic noipv6 nosendip nodefaultroute :10.0.0.2 notty"
Without this patch IP addresses are not exchanges at all and pppd fails:
rcvd [LCP ConfReq id=0x1]
sent [LCP ConfReq id=0x1]
sent [LCP ConfAck id=0x1]
rcvd [LCP ConfAck id=0x1]
sent [LCP EchoReq id=0x0 magic=0x0]
sent [IPCP ConfReq id=0x1]
rcvd [LCP EchoReq id=0x0 magic=0x0]
sent [LCP EchoRep id=0x0 magic=0x0]
rcvd [IPCP ConfReq id=0x1]
sent [IPCP ConfAck id=0x1]
rcvd [LCP EchoRep id=0x0 magic=0x0]
rcvd [IPCP ConfAck id=0x1]
Could not determine local IP address
After applying this patch exchanging of IP addresses is working fine:
rcvd [LCP ConfReq id=0x1]
sent [LCP ConfReq id=0x1]
sent [LCP ConfAck id=0x1]
rcvd [LCP ConfAck id=0x1]
sent [LCP EchoReq id=0x0 magic=0x0]
sent [IPCP ConfReq id=0x1]
rcvd [LCP EchoReq id=0x0 magic=0x0]
sent [LCP EchoRep id=0x0 magic=0x0]
rcvd [IPCP ConfReq id=0x1]
sent [IPCP ConfNak id=0x1 <addr 10.0.0.1>]
rcvd [LCP EchoRep id=0x0 magic=0x0]
rcvd [IPCP ConfNak id=0x1 <addr 10.0.0.2>]
sent [IPCP ConfReq id=0x2 <addr 10.0.0.2>]
rcvd [IPCP ConfReq id=0x2 <addr 10.0.0.1>]
sent [IPCP ConfAck id=0x2 <addr 10.0.0.1>]
rcvd [IPCP ConfAck id=0x2 <addr 10.0.0.2>]
local IP address 10.0.0.2
remote IP address 10.0.0.1
Signed-off-by: Pali Rohár <pali@kernel.org>
---
pppd/ipcp.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/pppd/ipcp.c b/pppd/ipcp.c
index fcf17b1e..d17dbd28 100644
--- a/pppd/ipcp.c
+++ b/pppd/ipcp.c
@@ -678,8 +678,9 @@ ipcp_resetci(fsm *f)
ipcp_options *go = &ipcp_gotoptions[f->unit];
ipcp_options *ao = &ipcp_allowoptions[f->unit];
- wo->req_addr = (wo->neg_addr || wo->old_addrs) &&
- (ao->neg_addr || ao->old_addrs);
+ wo->req_addr = ((wo->neg_addr || wo->old_addrs) &&
+ (ao->neg_addr || ao->old_addrs)) ||
+ (wo->hisaddr && !wo->accept_remote);
if (wo->ouraddr == 0)
wo->accept_local = 1;
if (wo->hisaddr == 0)
@@ -1648,7 +1649,8 @@ ipcp_reqci(fsm *f, u_char *inp, int *len, int reject_if_disagree)
* option safely.
*/
if (rc != CONFREJ && !ho->neg_addr && !ho->old_addrs &&
- wo->req_addr && !reject_if_disagree && !noremoteip) {
+ wo->req_addr && !reject_if_disagree &&
+ ((wo->hisaddr && !wo->accept_remote) || !noremoteip)) {
if (rc == CONFACK) {
rc = CONFNAK;
ucp = inp; /* reset pointer */

39
ppp.spec
View File

@ -1,6 +1,6 @@
Name: ppp
Version: 2.4.9
Release: 6
Release: 1
Summary: The Point-to-Point Protocol
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
@ -43,10 +43,9 @@ Patch0013: backport-0023-build-sys-install-rp-pppoe-plugin-files-with-stand
Patch0014: backport-0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
Patch0015: backport-ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
Patch0016: backport-ppp-2.4.9-configure-cflags-allow-commas.patch
Patch0017: backport-0027-Set-LIBDIR-for-RISCV.patch
Patch0018: backport-pppd-Negotiate-IP-address-when-only-peer-addresses-are-provided.patch
Patch0019: backport-CVE-2022-4603.patch
Patch0020: backport-add-fclose-operation-to-fix-file-pointer-not-closed.patch
%ifarch riscv64
Patch0017: 0027-Set-LIBDIR-for-RISCV.patch
%endif
%description
The Point-to-Point Protocol (PPP) provides a standard way to establish
@ -142,36 +141,6 @@ mkdir -p %{buildroot}%{_rundir}/lock/ppp
%{_mandir}/man8/*.8.gz
%changelog
* Mon Sep 11 2023 xingwei <xingwei14@h-partners.com> - 2.4.9-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:correct patch names and commit messages
* Fri Mar 10 2023 xingwei <xingwei14@h-partners.com> - 2.4.9-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:add fclose operation to fix file pointer not closed after use
* Tue Feb 28 2023 laokz <zhangkai@iscas.ac.cn> - 2.4.9-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix patch0017 for riscv64
* Thu Dec 29 2022 gaihuiying <eaglegai@163.com> - 2.4.9-3
- Type:cves
- ID:NA
- SUG:NA
- DESC:fix CVE-2022-4603
* Wed Oct 19 2022 gaihuiying <eaglegai@163.com> - 2.4.9-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:pppd: Negotiate IP address when only peer addresses are provided
* Tue Dec 07 2021 yanglu <yanglu72@huawei.com> - 2.4.9-1
- Type:requirement
- ID:NA