diff --git a/.gitignore b/.gitignore index aa03936..94b2a80 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ ppp-2.4.5.tar.gz /ppp-2.4.6.tar.gz /ppp-watch.tar.xz /ppp-2.4.7.tar.gz +/ppp-2.4.8.tar.gz diff --git a/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch b/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch deleted file mode 100644 index 9b0920d..0000000 --- a/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Sat, 10 Dec 2016 19:53:56 +0100 -Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h - -To fix build breakage. ---- - pppd/plugins/rp-pppoe/pppoe.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index 9ab2eee..f77f5b7 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -15,6 +15,8 @@ - - #include "config.h" - -+#include -+ - #if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H) - #define _POSIX_SOURCE 1 /* For sigaction defines */ - #endif -@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t; - #include - #endif - --#include -- - #ifdef HAVE_NETINET_IF_ETHER_H - #include - --- -2.9.3 - diff --git a/ppp-2.4.7-DES-openssl.patch b/ppp-2.4.7-DES-openssl.patch deleted file mode 100644 index ad3b268..0000000 --- a/ppp-2.4.7-DES-openssl.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 534ccc2..cf11b74 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -41,7 +41,7 @@ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\" - # Uncomment the next 2 lines to include support for Microsoft's - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. - CHAPMS=y --USE_CRYPT=y -+#USE_CRYPT=y - # Don't use MSLANMAN unless you really know what you're doing. - #MSLANMAN=y - # Uncomment the next line to include support for MPPE. CHAPMS (above) must -@@ -147,7 +147,8 @@ endif - - ifdef NEEDDES - ifndef USE_CRYPT --LIBS += -ldes $(LIBS) -+CFLAGS += -I/usr/include/openssl -+LIBS += -lcrypto - else - CFLAGS += -DUSE_CRYPT=1 - endif -diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c -index 8b85b13..6b35375 100644 ---- a/pppd/pppcrypt.c -+++ b/pppd/pppcrypt.c -@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */ - des_key[7] = Get7Bits(key, 49); - - #ifndef USE_CRYPT -- des_set_odd_parity((des_cblock *)des_key); -+ DES_set_odd_parity((DES_cblock *)des_key); - #endif - } - -@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ - } - - #else /* USE_CRYPT */ --static des_key_schedule key_schedule; -+static DES_key_schedule key_schedule; - - bool - DesSetkey(key) - u_char *key; - { -- des_cblock des_key; -+ DES_cblock des_key; - MakeKey(key, des_key); -- des_set_key(&des_key, key_schedule); -+ DES_set_key(&des_key, &key_schedule); - return (1); - } - - bool --DesEncrypt(clear, key, cipher) -+DesEncrypt(clear, cipher) - u_char *clear; /* IN 8 octets */ - u_char *cipher; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, -- key_schedule, 1); -+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, -+ &key_schedule, 1); - return (1); - } - -@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) - u_char *cipher; /* IN 8 octets */ - u_char *clear; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, -- key_schedule, 0); -+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, -+ &key_schedule, 0); - return (1); - } - diff --git a/ppp-2.4.7-coverity-scan-fixes.patch b/ppp-2.4.7-coverity-scan-fixes.patch deleted file mode 100644 index 4f61a27..0000000 --- a/ppp-2.4.7-coverity-scan-fixes.patch +++ /dev/null @@ -1,453 +0,0 @@ -diff --git a/chat/chat.c b/chat/chat.c -index 710dba9..bf10733 100644 ---- a/chat/chat.c -+++ b/chat/chat.c -@@ -512,6 +512,7 @@ void msgf __V((const char *fmt, ...)) - syslog(LOG_INFO, "%s", line); - if (to_stderr) - fprintf(stderr, "%s\n", line); -+ va_end(args); - } - - /* -@@ -537,6 +538,7 @@ void fatal __V((int code, const char *fmt, ...)) - syslog(LOG_ERR, "%s", line); - if (to_stderr) - fprintf(stderr, "%s\n", line); -+ va_end(args); - terminate(code); - } - -diff --git a/pppd/auth.c b/pppd/auth.c -index 656ffe9..9a7e32d 100644 ---- a/pppd/auth.c -+++ b/pppd/auth.c -@@ -464,6 +464,7 @@ setupapfile(argv) - euid = geteuid(); - if (seteuid(getuid()) == -1) { - option_error("unable to reset uid before opening %s: %m", fname); -+ free(fname); - return 0; - } - ufile = fopen(fname, "re"); -@@ -471,6 +472,7 @@ setupapfile(argv) - fatal("unable to regain privileges: %m"); - if (ufile == NULL) { - option_error("unable to open user login data file %s", fname); -+ free(fname); - return 0; - } - check_access(ufile, fname); -@@ -481,6 +483,7 @@ setupapfile(argv) - || fgets(p, MAXSECRETLEN - 1, ufile) == NULL) { - fclose(ufile); - option_error("unable to read user login data file %s", fname); -+ free(fname); - return 0; - } - fclose(ufile); -@@ -502,6 +505,7 @@ setupapfile(argv) - explicit_passwd = 1; - } - -+ free(fname); - return (1); - } - -diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c -index 1b79abf..f7f42fd 100644 ---- a/pppd/eap-tls.c -+++ b/pppd/eap-tls.c -@@ -693,6 +693,7 @@ int eaptls_init_ssl_server(eap_state * esp) - } - - strncpy(ets->peer, esp->es_server.ea_peer, MAXWORDLEN); -+ ets->peer[MAXWORDLEN - 1] = 0; - - dbglog( "getting eaptls secret" ); - if (!get_eaptls_secret(esp->es_unit, esp->es_server.ea_peer, -@@ -780,7 +781,10 @@ int eaptls_init_ssl_client(eap_state * esp) - * verify - */ - if (esp->es_client.ea_peer) -+ { - strncpy(ets->peer, esp->es_client.ea_peer, MAXWORDLEN); -+ ets->peer[MAXWORDLEN - 1] = 0; -+ } - else - ets->peer[0] = 0; - -@@ -835,7 +839,10 @@ int eaptls_init_ssl_client(eap_state * esp) - * ssl_verify_callback() - */ - if (servcertfile[0]) -+ { - strncpy(ets->peercertfile, servcertfile, MAXWORDLEN); -+ ets->peercertfile[MAXWORDLEN - 1] = 0; -+ } - else - ets->peercertfile[0] = 0; - -diff --git a/pppd/multilink.c b/pppd/multilink.c -index 2f0ed50..67200ba 100644 ---- a/pppd/multilink.c -+++ b/pppd/multilink.c -@@ -445,9 +445,13 @@ get_default_epdisc(ep) - if (p != 0 && get_if_hwaddr(ep->value, p) >= 0) { - ep->class = EPD_MAC; - ep->length = 6; -+ free(p); - return 1; - } - -+ if (p) -+ free(p); -+ - /* see if our hostname corresponds to a reasonable IP address */ - hp = gethostbyname(hostname); - if (hp != NULL) { -diff --git a/pppd/options.c b/pppd/options.c -index 1cef314..bc264d6 100644 ---- a/pppd/options.c -+++ b/pppd/options.c -@@ -1735,7 +1735,7 @@ user_unsetenv(argv) - option_error("unexpected = in name: %s", arg); - return 0; - } -- if (arg == '\0') { -+ if (*arg == '\0') { - option_error("missing variable name for unset"); - return 0; - } -diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c -index 1099575..7c4fe8b 100644 ---- a/pppd/plugins/pppol2tp/openl2tp.c -+++ b/pppd/plugins/pppol2tp/openl2tp.c -@@ -246,6 +246,9 @@ out: - (*old_pppol2tp_ip_updown_hook)(tunnel_id, session_id, up); - } - -+ if (user_name != NULL) -+ free(user_name); -+ - return; - } - -diff --git a/pppd/plugins/radius/avpair.c b/pppd/plugins/radius/avpair.c -index 716d23f..ec48eb8 100644 ---- a/pppd/plugins/radius/avpair.c -+++ b/pppd/plugins/radius/avpair.c -@@ -121,7 +121,8 @@ VALUE_PAIR *rc_avpair_new (int attrid, void *pval, int len, int vendorcode) - if ((vp = (VALUE_PAIR *) malloc (sizeof (VALUE_PAIR))) - != (VALUE_PAIR *) NULL) - { -- strncpy (vp->name, pda->name, sizeof (vp->name)); -+ strncpy (vp->name, pda->name, NAME_LENGTH); -+ vp->name[NAME_LENGTH] = 0; - vp->attribute = attrid; - vp->vendorcode = vendorcode; - vp->next = (VALUE_PAIR *) NULL; -diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c -index a29e5e8..6e36d89 100644 ---- a/pppd/plugins/radius/config.c -+++ b/pppd/plugins/radius/config.c -@@ -153,6 +153,7 @@ static int set_option_auo(char *filename, int line, OPTION *option, char *p) - *iptr = AUTH_RADIUS_FST; - else { - error("%s: auth_order: unknown keyword: %s", filename, p); -+ free(iptr); - return (-1); - } - -@@ -165,6 +166,7 @@ static int set_option_auo(char *filename, int line, OPTION *option, char *p) - *iptr = (*iptr) | AUTH_RADIUS_SND; - else { - error("%s: auth_order: unknown or unexpected keyword: %s", filename, p); -+ free(iptr); - return (-1); - } - } -@@ -272,7 +274,7 @@ char *rc_conf_str(char *optname) - - if (option == NULL) - fatal("rc_conf_str: unkown config option requested: %s", optname); -- return (char *)option->val; -+ return (char *)option->val; - } - - int rc_conf_int(char *optname) -diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c -index 4ba5f52..6f2a0bd 100644 ---- a/pppd/plugins/radius/radius.c -+++ b/pppd/plugins/radius/radius.c -@@ -898,7 +898,8 @@ radius_acct_start(void) - - rstate.start_time = time(NULL); - -- strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id)); -+ strncpy(rstate.session_id, rc_mksid(), MAXSESSIONID); -+ rstate.session_id[MAXSESSIONID] = 0; - - rc_avpair_add(&send, PW_ACCT_SESSION_ID, - rstate.session_id, 0, VENDOR_NONE); -diff --git a/pppd/plugins/radius/radiusclient.h b/pppd/plugins/radius/radiusclient.h -index 51b959a..cff0c26 100644 ---- a/pppd/plugins/radius/radiusclient.h -+++ b/pppd/plugins/radius/radiusclient.h -@@ -440,6 +440,7 @@ UINT4 rc_get_ipaddr __P((char *)); - int rc_good_ipaddr __P((char *)); - const char *rc_ip_hostname __P((UINT4)); - UINT4 rc_own_ipaddress __P((void)); -+UINT4 rc_own_bind_ipaddress __P((void)); - - - /* sendserver.c */ -diff --git a/pppd/plugins/radius/radrealms.c b/pppd/plugins/radius/radrealms.c -index 7a30370..cd006fd 100644 ---- a/pppd/plugins/radius/radrealms.c -+++ b/pppd/plugins/radius/radrealms.c -@@ -68,10 +68,12 @@ lookup_realm(char const *user, - - if ((fd = fopen(radrealms_config, "r")) == NULL) { - option_error("cannot open %s", radrealms_config); -+ free(auths); -+ free(accts); - return; -- } -+ } - info("Reading %s", radrealms_config); -- -+ - while ((fgets(buffer, sizeof(buffer), fd) != NULL)) { - line++; - -@@ -87,6 +89,8 @@ lookup_realm(char const *user, - fclose(fd); - option_error("%s: invalid line %d: %s", radrealms_config, - line, buffer); -+ free(auths); -+ free(accts); - return; - } - info("Parsing '%s' entry:", p); -@@ -101,6 +105,8 @@ lookup_realm(char const *user, - fclose(fd); - option_error("%s: realm name missing on line %d: %s", - radrealms_config, line, buffer); -+ free(auths); -+ free(accts); - return; - } - -@@ -111,6 +117,8 @@ lookup_realm(char const *user, - fclose(fd); - option_error("%s: server address missing on line %d: %s", - radrealms_config, line, buffer); -+ free(auths); -+ free(accts); - return; - } - s->name[s->max] = strdup(p); -@@ -119,6 +127,8 @@ lookup_realm(char const *user, - fclose(fd); - option_error("%s: server port missing on line %d: %s", - radrealms_config, line, buffer); -+ free(auths); -+ free(accts); - return; - } - s->port[s->max] = atoi(p); -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux -index 5e06b52..5f79284 100644 ---- a/pppd/plugins/rp-pppoe/Makefile.linux -+++ b/pppd/plugins/rp-pppoe/Makefile.linux -@@ -34,10 +34,10 @@ pppoe-discovery: pppoe-discovery.o debug.o common.o - $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev - - pppoe-discovery.o: pppoe-discovery.c -- $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c -+ $(CC) $(CFLAGS) -I../../.. -c -o pppoe-discovery.o pppoe-discovery.c - - debug.o: debug.c -- $(CC) $(CFLAGS) -c -o debug.o debug.c -+ $(CC) $(CFLAGS) -I../../.. -c -o debug.o debug.c - - rp-pppoe.so: plugin.o discovery.o if.o common.o - $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o -diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c -index 72aba41..50d5693 100644 ---- a/pppd/plugins/rp-pppoe/if.c -+++ b/pppd/plugins/rp-pppoe/if.c -@@ -133,7 +133,8 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - - /* Fill in hardware address */ - if (hwaddr) { -- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ); -+ ifr.ifr_name[IFNAMSIZ - 1] = 0; - if (ioctl(fd, SIOCGIFHWADDR, &ifr) < 0) { - error("Can't get hardware address for %s: %m", ifname); - close(fd); -@@ -152,7 +153,8 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - } - - /* Sanity check on MTU */ -- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ); -+ ifr.ifr_name[IFNAMSIZ - 1] = 0; - if (ioctl(fd, SIOCGIFMTU, &ifr) < 0) { - error("Can't get MTU for %s: %m", ifname); - } else if (ifr.ifr_mtu < ETH_DATA_LEN) { -@@ -166,7 +168,8 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - sa.sll_family = AF_PACKET; - sa.sll_protocol = htons(type); - -- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ); -+ ifr.ifr_name[IFNAMSIZ - 1] = 0; - if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) { - error("Could not get interface index for %s: %m", ifname); - close(fd); -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c -index 24bdf8f..1856c6b 100644 ---- a/pppd/plugins/rp-pppoe/plugin.c -+++ b/pppd/plugins/rp-pppoe/plugin.c -@@ -153,7 +153,7 @@ PPPOEConnectDevice(void) - error("Can't get MTU for %s: %m", conn->ifName); - goto errout; - } -- strncpy(ifr.ifr_name, conn->ifName, sizeof(ifr.ifr_name)); -+ strlcpy(ifr.ifr_name, conn->ifName, sizeof(ifr.ifr_name)); - if (ioctl(s, SIOCGIFMTU, &ifr) < 0) { - error("Can't get MTU for %s: %m", conn->ifName); - close(s); -@@ -326,7 +326,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) - - /* Try getting interface index */ - if (r) { -- strncpy(ifr.ifr_name, cmd, sizeof(ifr.ifr_name)); -+ strlcpy(ifr.ifr_name, cmd, sizeof(ifr.ifr_name)); - if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) { - r = 0; - } else { -@@ -345,7 +345,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) - /* Close socket */ - close(fd); - if (r && doit) { -- strncpy(devnam, cmd, sizeof(devnam)); -+ strlcpy(devnam, cmd, sizeof(devnam)); - if (the_channel != &pppoe_channel) { - - the_channel = &pppoe_channel; -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c -index 2bd910f..502e17f 100644 ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c -@@ -177,7 +177,8 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - sa.sll_family = AF_PACKET; - sa.sll_protocol = htons(type); - -- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ); -+ ifr.ifr_name[IFNAMSIZ - 1] = 0; - if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) { - fatalSys("ioctl(SIOCFIGINDEX): Could not get interface index"); - } -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index f77f5b7..6118e27 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -24,6 +24,8 @@ - #include /* For FILE */ - #include /* For pid_t */ - -+#include "pppd/pppd.h" /* For error */ -+ - /* How do we access raw Ethernet devices? */ - #undef USE_LINUX_PACKET - #undef USE_BPF -diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c -index bb05acd..4638f46 100644 ---- a/pppd/plugins/winbind.c -+++ b/pppd/plugins/winbind.c -@@ -432,6 +432,7 @@ unsigned int run_ntlm_auth(const char *username, - - /* parent */ - if (close(child_out[0]) == -1) { -+ close(child_in[1]); - notice("error closing pipe?!? for child OUT[0]"); - return NOT_AUTHENTICATED; - } -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 9a1d8a6..ef92486 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -2236,7 +2236,6 @@ int ppp_available(void) - } - } - -- close (s); - if (!ok) { - slprintf(route_buffer, sizeof(route_buffer), - "Sorry - PPP driver version %d.%d.%d is out of date\n", -@@ -2246,6 +2245,7 @@ int ppp_available(void) - } - } - } -+ close(s); - return ok; - } - -@@ -2722,7 +2722,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) - warn("Couldn't unlock pty slave %s: %m", pty_name); - #endif - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) -+ { - warn("Couldn't open pty slave %s: %m", pty_name); -+ close(mfd); -+ } - } - } - #endif /* TIOCGPTN */ -@@ -3011,6 +3014,7 @@ ether_to_eui64(eui64_t *p_eui64) - if (get_first_ethernet(ð_dev) < 0) - { - warn("no ethernet device present on the host"); -+ close(skfd); - return 0; - } - -diff --git a/pppstats/pppstats.c b/pppstats/pppstats.c -index 6367988..4aaa319 100644 ---- a/pppstats/pppstats.c -+++ b/pppstats/pppstats.c -@@ -150,7 +150,8 @@ get_ppp_stats(curp) - #define ifr_name ifr__name - #endif - -- strncpy(req.ifr_name, interface, sizeof(req.ifr_name)); -+ strncpy(req.ifr_name, interface, IFNAMSIZ); -+ req.ifr_name[IFNAMSIZ - 1] = 0; - if (ioctl(s, SIOCGPPPSTATS, &req) < 0) { - fprintf(stderr, "%s: ", progname); - if (errno == ENOTTY) -@@ -176,7 +177,8 @@ get_ppp_cstats(csp) - #define ifr_name ifr__name - #endif - -- strncpy(creq.ifr_name, interface, sizeof(creq.ifr_name)); -+ strncpy(creq.ifr_name, interface, IFNAMSIZ); -+ creq.ifr_name[IFNAMSIZ - 1] = 0; - if (ioctl(s, SIOCGPPPCSTATS, &creq) < 0) { - fprintf(stderr, "%s: ", progname); - if (errno == ENOTTY) { -@@ -526,7 +528,8 @@ main(argc, argv) - #undef ifr_name - #define ifr_name ifr_ifrn.ifrn_name - #endif -- strncpy(ifr.ifr_name, interface, sizeof(ifr.ifr_name)); -+ strncpy(ifr.ifr_name, interface, IFNAMSIZ); -+ ifr.ifr_name[IFNAMSIZ - 1] = 0; - if (ioctl(s, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) { - fprintf(stderr, "%s: nonexistent interface '%s' specified\n", - progname, interface); diff --git a/ppp-2.4.7-honor-ldflags.patch b/ppp-2.4.7-honor-ldflags.patch deleted file mode 100644 index 2c3e20d..0000000 --- a/ppp-2.4.7-honor-ldflags.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff --git a/chat/Makefile.linux b/chat/Makefile.linux -index 2445637..83114f1 100644 ---- a/chat/Makefile.linux -+++ b/chat/Makefile.linux -@@ -18,7 +18,7 @@ INSTALL= install - all: chat - - chat: chat.o -- $(CC) -o chat chat.o -+ $(CC) $(LDFLAGS) -o chat chat.o - - chat.o: chat.c - $(CC) -c $(CFLAGS) -o chat.o chat.c -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index cf11b74..089f164 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -188,7 +188,7 @@ endif - - ifdef PLUGIN - CFLAGS += -DPLUGIN --LDFLAGS += -Wl,-E -+LDFLAGS_PLUGIN += -Wl,-E - LIBS += -ldl - endif - -@@ -230,7 +230,7 @@ install: pppd - $(INSTALL) -c -m 644 pppd.8 $(MANDIR) - - pppd: $(PPPDOBJS) -- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) - - srp-entry: srp-entry.c - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS) -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux -index 303833a..04fe876 100644 ---- a/pppd/plugins/Makefile.linux -+++ b/pppd/plugins/Makefile.linux -@@ -1,7 +1,7 @@ - #CC = gcc - COPTS = $(RPM_OPT_FLAGS) - CFLAGS = $(COPTS) -I.. -I../../include -fPIC --LDFLAGS = -shared -+LDFLAGS_SHARED = -shared - INSTALL = install - - # EAP-TLS -@@ -33,7 +33,7 @@ all: $(PLUGINS) - for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done - - %.so: %.c -- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ -+ $(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^ - - VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h) - -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux -index 4c5826f..1961e0e 100644 ---- a/pppd/plugins/pppoatm/Makefile.linux -+++ b/pppd/plugins/pppoatm/Makefile.linux -@@ -1,7 +1,7 @@ - #CC = gcc - COPTS = $(RPM_OPT_FLAGS) - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC --LDFLAGS = -shared -+LDFLAGS_SHARED = -shared - INSTALL = install - - #*********************************************************************** -@@ -33,7 +33,7 @@ endif - all: $(PLUGIN) - - $(PLUGIN): $(PLUGIN_OBJS) -- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux -index 9cb316d..7b23b25 100644 ---- a/pppd/plugins/pppol2tp/Makefile.linux -+++ b/pppd/plugins/pppol2tp/Makefile.linux -@@ -1,7 +1,7 @@ - #CC = gcc - COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK - CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC --LDFLAGS = -shared -+LDFLAGS_SHARED = -shared - INSTALL = install - - #*********************************************************************** -@@ -16,7 +16,7 @@ PLUGINS := pppol2tp.so openl2tp.so - all: $(PLUGINS) - - %.so: %.o -- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux -index 707326b..2150332 100644 ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -43,13 +43,13 @@ install: all - $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) - - radius.so: radius.o libradiusclient.a -- $(CC) -o radius.so -shared radius.o libradiusclient.a -+ $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a - - radattr.so: radattr.o -- $(CC) -o radattr.so -shared radattr.o -+ $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o - - radrealms.so: radrealms.o -- $(CC) -o radrealms.so -shared radrealms.o -+ $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o - - CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ - clientid.o sendserver.o lock.o util.o md5.o -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux -index fa49efb..5e06b52 100644 ---- a/pppd/plugins/rp-pppoe/Makefile.linux -+++ b/pppd/plugins/rp-pppoe/Makefile.linux -@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' - all: rp-pppoe.so pppoe-discovery - - pppoe-discovery: pppoe-discovery.o debug.o common.o -- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev -+ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev - - pppoe-discovery.o: pppoe-discovery.c - $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c -@@ -40,7 +40,7 @@ debug.o: debug.c - $(CC) $(CFLAGS) -c -o debug.o debug.c - - rp-pppoe.so: plugin.o discovery.o if.o common.o -- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o -+ $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux -index 95c6805..33e5107 100644 ---- a/pppdump/Makefile.linux -+++ b/pppdump/Makefile.linux -@@ -10,7 +10,7 @@ INSTALL= install - all: pppdump - - pppdump: $(OBJS) -- $(CC) -o pppdump $(OBJS) -+ $(CC) $(LDFLAGS) -o pppdump $(OBJS) - - clean: - rm -f pppdump $(OBJS) *~ -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux -index c5ba3b1..eeccf83 100644 ---- a/pppstats/Makefile.linux -+++ b/pppstats/Makefile.linux -@@ -26,7 +26,7 @@ install: pppstats - $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) - - pppstats: $(PPPSTATSRCS) -- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS) - - clean: - rm -f pppstats *~ #* core diff --git a/ppp-2.4.8-CVE-2020-8597.patch b/ppp-2.4.8-CVE-2020-8597.patch new file mode 100644 index 0000000..5d7c51b --- /dev/null +++ b/ppp-2.4.8-CVE-2020-8597.patch @@ -0,0 +1,37 @@ +From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Mon, 3 Feb 2020 15:53:28 +1100 +Subject: [PATCH] pppd: Fix bounds check in EAP code + +Given that we have just checked vallen < len, it can never be the case +that vallen >= len + sizeof(rhostname). This fixes the check so we +actually avoid overflowing the rhostname array. + +Reported-by: Ilja Van Sprundel +Signed-off-by: Paul Mackerras +--- + pppd/eap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f56..1b93db01 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch b/ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch similarity index 96% rename from 0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch rename to ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch index 8340271..fd53ac7 100644 --- a/0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch +++ b/ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch @@ -16,7 +16,7 @@ index 4339566..9a635b8 100644 -COPTS = -O2 -g +COPTS = $(RPM_OPT_FLAGS) CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install -- 1.8.3.1 diff --git a/0022-build-sys-compile-pppol2tp-with-multilink-support.patch b/ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch similarity index 96% rename from 0022-build-sys-compile-pppol2tp-with-multilink-support.patch rename to ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch index 945933e..d801308 100644 --- a/0022-build-sys-compile-pppol2tp-with-multilink-support.patch +++ b/ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch @@ -17,7 +17,7 @@ index 9a635b8..9cb316d 100644 -COPTS = $(RPM_OPT_FLAGS) +COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install -- 1.8.3.1 diff --git a/0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch b/ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch similarity index 98% rename from 0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch rename to ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch index 48190ed..2d6bdd6 100644 --- a/0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch +++ b/ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch @@ -33,7 +33,7 @@ index 63872eb..8ed56c1 100644 -COPTS = -Wall $(RPM_OPT_FLAGS) +COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\" - # Uncomment the next 2 lines to include support for Microsoft's + # Uncomment the next line to include support for Microsoft's # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. diff --git a/pppd/pathnames.h b/pppd/pathnames.h index a33f046..a427cb8 100644 diff --git a/0002-build-sys-enable-PAM-support.patch b/ppp-2.4.8-build-sys-enable-PAM-support.patch similarity index 97% rename from 0002-build-sys-enable-PAM-support.patch rename to ppp-2.4.8-build-sys-enable-PAM-support.patch index 2f1c53b..355410c 100644 --- a/0002-build-sys-enable-PAM-support.patch +++ b/ppp-2.4.8-build-sys-enable-PAM-support.patch @@ -12,7 +12,7 @@ index 1d9ea78..5a44d30 100644 --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux @@ -61,7 +61,7 @@ HAVE_MULTILINK=y - USE_TDB=y + #SYSTEMD=y HAS_SHADOW=y -#USE_PAM=y diff --git a/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch similarity index 97% rename from 0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch rename to ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch index 87da38b..dc0c5df 100644 --- a/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch +++ b/ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch @@ -40,7 +40,7 @@ index 5a44d30..63872eb 100644 -LIBS = +COPTS = -Wall $(RPM_OPT_FLAGS) - # Uncomment the next 2 lines to include support for Microsoft's + # Uncomment the next line to include support for Microsoft's # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux index 0a7ec7b..e09a369 100644 @@ -51,7 +51,7 @@ index 0a7ec7b..e09a369 100644 -COPTS = -O2 -g +COPTS = $(RPM_OPT_FLAGS) CFLAGS = $(COPTS) -I.. -I../../include -fPIC - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux index 20f62e6..5a81447 100644 @@ -62,7 +62,7 @@ index 20f62e6..5a81447 100644 -COPTS = -O2 -g +COPTS = $(RPM_OPT_FLAGS) CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux index 24ed3e5..45b3b8d 100644 diff --git a/ppp-2.4.7-eaptls-mppe-1.102.patch b/ppp-2.4.8-eaptls-mppe-1.102.patch similarity index 99% rename from ppp-2.4.7-eaptls-mppe-1.102.patch rename to ppp-2.4.8-eaptls-mppe-1.102.patch index 598d1da..c594eba 100644 --- a/ppp-2.4.7-eaptls-mppe-1.102.patch +++ b/ppp-2.4.8-eaptls-mppe-1.102.patch @@ -3174,7 +3174,7 @@ diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.102/ppp --- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200 +++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/Makefile.linux 2018-10-30 16:47:59.539263095 +0100 @@ -4,6 +4,9 @@ - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install +# EAP-TLS diff --git a/0013-everywhere-O_CLOEXEC-harder.patch b/ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch similarity index 99% rename from 0013-everywhere-O_CLOEXEC-harder.patch rename to ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch index d720c36..87613af 100644 --- a/0013-everywhere-O_CLOEXEC-harder.patch +++ b/ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch @@ -146,9 +146,9 @@ index 8a12fa0..00a2cf5 100644 #endif - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) + if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { warn("Couldn't open pty slave %s: %m", pty_name); - } - } + close(mfd); @@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) for (i = 0; i < 64; ++i) { slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", diff --git a/0025-pppd-install-pppd-binary-using-standard-perms-755.patch b/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch similarity index 91% rename from 0025-pppd-install-pppd-binary-using-standard-perms-755.patch rename to ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch index 428d71a..bedb902 100644 --- a/0025-pppd-install-pppd-binary-using-standard-perms-755.patch +++ b/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch @@ -23,7 +23,7 @@ index 0e8107f..534ccc2 100644 + $(INSTALL) -c -m 644 pppd.8 $(MANDIR) pppd: $(PPPDOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) + $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) -- 1.8.3.1 diff --git a/0009-pppd-introduce-ipv6-accept-remote.patch b/ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch similarity index 89% rename from 0009-pppd-introduce-ipv6-accept-remote.patch rename to ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch index af0f015..eddef5b 100644 --- a/0009-pppd-introduce-ipv6-accept-remote.patch +++ b/ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch @@ -19,8 +19,8 @@ index caa2b26..5a56c95 100644 + { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote, + "Accept peer's interface identifier for itself", 1 }, - { "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip, - "Use (default) IPv4 address as interface identifier", 1 }, + { "defaultroute6", o_bool, &ipv6cp_wantoptions[0].default_route, + "Add default IPv6 route", OPT_ENABLE|1, &ipv6cp_allowoptions[0].default_route }, @@ -437,6 +439,7 @@ ipv6cp_init(unit) memset(ao, 0, sizeof(*ao)); @@ -43,9 +43,9 @@ index cc4568d..8c7552e 100644 --- a/pppd/ipv6cp.h +++ b/pppd/ipv6cp.h @@ -150,7 +150,8 @@ - typedef struct ipv6cp_options { int neg_ifaceid; /* Negotiate interface identifier? */ int req_ifaceid; /* Ask peer to send interface identifier? */ + int default_route; /* Assign default route through interface? */ - int accept_local; /* accept peer's value for iface id? */ + int accept_local; /* accept peer's value for our iface id? */ + int accept_remote; /* accept peer's value for his iface id? */ diff --git a/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch similarity index 98% rename from 0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch rename to ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch index cf25dba..1b4a9cd 100644 --- a/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch +++ b/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch @@ -14,7 +14,7 @@ index 4271af6..9e957fa 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -428,7 +428,7 @@ setupapfile(argv) - option_error("unable to reset uid before opening %s: %m", fname); + free(fname); return 0; } - ufile = fopen(fname, "r"); diff --git a/0019-sys-linux-rework-get_first_ethernet.patch b/ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch similarity index 97% rename from 0019-sys-linux-rework-get_first_ethernet.patch rename to ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch index 9a8c3dd..780e068 100644 --- a/0019-sys-linux-rework-get_first_ethernet.patch +++ b/ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch @@ -68,12 +68,12 @@ index 9918091..b949716 100644 all: rp-pppoe.so pppoe-discovery -pppoe-discovery: pppoe-discovery.o debug.o -- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o +- $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o +pppoe-discovery: pppoe-discovery.o debug.o common.o -+ $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev ++ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev pppoe-discovery.o: pppoe-discovery.c - $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c + $(CC) $(CFLAGS) -I../../.. -c -o pppoe-discovery.o pppoe-discovery.c diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c index c0d927d..2bd910f 100644 --- a/pppd/plugins/rp-pppoe/pppoe-discovery.c @@ -111,7 +111,7 @@ index c0d927d..2bd910f 100644 conn->discoverySocket = -1; conn->sessionSocket = -1; @@ -722,3 +734,104 @@ void usage(void) - fprintf(stderr, "Usage: pppoe-discovery [options]\n"); + " -h -- Print usage information.\n"); fprintf(stderr, "\nVersion " RP_VERSION "\n"); } + diff --git a/ppp.spec b/ppp.spec index 97715b7..23b6229 100644 --- a/ppp.spec +++ b/ppp.spec @@ -1,13 +1,13 @@ %global _hardened_build 1 Name: ppp -Version: 2.4.7 -Release: 33%{?dist} +Version: 2.4.8 +Release: 1%{?dist} Summary: The Point-to-Point Protocol daemon License: BSD and LGPLv2+ and GPLv2+ and Public Domain URL: http://www.samba.org/ppp -Source0: ftp://ftp.samba.org/pub/ppp/ppp-%{version}.tar.gz +Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz Source1: ppp-pam.conf Source2: ppp-logrotate.conf Source3: ppp-tmpfiles.conf @@ -23,37 +23,32 @@ Source12: ppp-watch.tar.xz # Fedora-specific Patch0001: 0001-build-sys-use-gcc-as-our-compiler-of-choice.patch -Patch0002: 0002-build-sys-enable-PAM-support.patch -Patch0003: 0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch +Patch0002: ppp-2.4.8-build-sys-enable-PAM-support.patch +Patch0003: ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch Patch0004: 0004-doc-add-configuration-samples.patch -Patch0005: 0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch +Patch0005: ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch Patch0006: 0006-scritps-use-change_resolv_conf-function.patch Patch0007: 0007-build-sys-don-t-strip-binaries-during-installation.patch Patch0008: 0008-build-sys-use-prefix-usr-instead-of-usr-local.patch -Patch0009: 0009-pppd-introduce-ipv6-accept-remote.patch +Patch0009: ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch Patch0010: 0010-build-sys-enable-CBCP.patch Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch -Patch0012: 0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch -Patch0013: 0013-everywhere-O_CLOEXEC-harder.patch +Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch +Patch0013: ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch Patch0018: 0018-scritps-fix-ip-up.local-sample.patch -Patch0019: 0019-sys-linux-rework-get_first_ethernet.patch +Patch0019: ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch -Patch0021: 0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch -Patch0022: 0022-build-sys-compile-pppol2tp-with-multilink-support.patch +Patch0021: ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch +Patch0022: ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch -Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch -Patch0026: ppp-2.4.7-eaptls-mppe-1.102.patch -Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch +Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch +Patch0026: ppp-2.4.8-eaptls-mppe-1.102.patch -# rhbz#1556132 -Patch0029: ppp-2.4.7-DES-openssl.patch -# https://github.com/paulusmack/ppp/pull/95 -Patch0030: ppp-2.4.7-honor-ldflags.patch -Patch0031: ppp-2.4.7-coverity-scan-fixes.patch +Patch0032: ppp-2.4.8-CVE-2020-8597.patch BuildRequires: gcc BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel @@ -87,7 +82,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release} This package contains the header files for building plugins for ppp. %prep -%setup -q +%setup -qn %{name}-%{name}-%{version} %autopatch -p1 tar -xJf %{SOURCE12} @@ -184,6 +179,15 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo %doc PLUGINS %changelog +* Fri Feb 21 2020 Jaroslav Škarvada - 2.4.8-1 +- New version +- Changed sources to github +- Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h, + ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags, + ppp-2.4.7-coverity-scan-fixes patches (all upstreamed) +- Fixed buffer overflow in the eap_request and eap_response functions + Resolves: CVE-2020-8597 + * Thu Jan 30 2020 Fedora Release Engineering - 2.4.7-33 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index 30dba5f..f30d28e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -78818f40e6d33a1d1de68a1551f6595a ppp-2.4.7.tar.gz -166cdfbce3391746fde60e86752c7bc7 ppp-watch.tar.xz +SHA512 (ppp-watch.tar.xz) = aee10735facf918b9a1e33408c9f19d8240c2cd265837da87ac9f58e097eece6bbe1abcaf426e2f10369d1368f6e9e68d2e07d005a19857f17d6318708ec438a +SHA512 (ppp-2.4.8.tar.gz) = a99b3b6c7bd80cd133bda4e29d33c793a76f3b67e1f8db774547e88932ce29564fad390a4f51d3fe30a75e006499b95000b042ae0f64cd360548426f8091a478