spec: add systemd-devel to build requires

Related: #1062419

0001-Fix-logical-expression-in-eap_client_active-macro.patch

@@ -0,0 +1,34 @@
+From 164daa56d2d52cf55f9a4ab2d0308bc9834d7dab Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 10 Dec 2014 10:38:11 +0100
+Subject: [PATCH] Fix logical expression in eap_client_active macro
+
+Currently the expression always evaluates to true and gcc gives following
+warning:
+
+> eap.c:236:2: warning: logical 'or' of collectively exhaustive tests is always
+true [-Wlogical-op]
+
+Resolves: #1023620
+---
+ pppd/eap.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.h b/pppd/eap.h
+index 3fa5391..087baad 100644
+--- a/pppd/eap.h
++++ b/pppd/eap.h
+@@ -110,8 +110,8 @@ enum eap_state_code {
+ 	"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
+ 
+ #ifdef USE_EAPTLS
+-#define	eap_client_active(esp)	((esp)->es_client.ea_state != eapInitial ||\
+-				 (esp)->es_client.ea_state != eapPending ||\
++#define	eap_client_active(esp)	((esp)->es_client.ea_state != eapInitial &&\
++				 (esp)->es_client.ea_state != eapPending &&\
+ 				 (esp)->es_client.ea_state != eapClosed)
+ #else
+ #define eap_client_active(esp)	((esp)->es_client.ea_state == eapListen)
+-- 
+1.8.3.1
+

0001-pppd-Eliminate-potential-integer-overflow-in-option-.patch

@@ -0,0 +1,58 @@
+From 7658e8257183f062dc01f87969c140707c7e52cb Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@samba.org>
+Date: Fri, 1 Aug 2014 16:05:42 +1000
+Subject: [PATCH] pppd: Eliminate potential integer overflow in option parsing
+
+When we are reading in a word from an options file, we maintain a count
+of the length we have seen so far in 'len', which is an int.  When len
+exceeds MAXWORDLEN - 1 (i.e. 1023) we cease storing characters in the
+buffer but we continue to increment len.  Since len is an int, it will
+wrap around to -2147483648 after it reaches 2147483647.  At that point
+our test of (len < MAXWORDLEN-1) will succeed and we will start writing
+characters to memory again.
+
+This may enable an attacker to overwrite the heap and thereby corrupt
+security-relevant variables.  For this reason it has been assigned a
+CVE identifier, CVE-2014-3158.
+
+This fixes the bug by ceasing to increment len once it reaches MAXWORDLEN.
+
+Reported-by: Lee Campbell <leecam@google.com>
+Signed-off-by: Paul Mackerras <paulus@samba.org>
+---
+ pppd/options.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/pppd/options.c b/pppd/options.c
+index 45fa742..e9042d1 100644
+--- a/pppd/options.c
++++ b/pppd/options.c
+@@ -1289,9 +1289,10 @@ getword(f, word, newlinep, filename)
+ 	    /*
+ 	     * Store the resulting character for the escape sequence.
+ 	     */
+-	    if (len < MAXWORDLEN-1)
++	    if (len < MAXWORDLEN) {
+ 		word[len] = value;
+-	    ++len;
++		++len;
++	    }
+ 
+ 	    if (!got)
+ 		c = getc(f);
+@@ -1329,9 +1330,10 @@ getword(f, word, newlinep, filename)
+ 	/*
+ 	 * An ordinary character: store it in the word and get another.
+ 	 */
+-	if (len < MAXWORDLEN-1)
++	if (len < MAXWORDLEN) {
+ 	    word[len] = c;
+-	++len;
++	    ++len;
++	}
+ 
+ 	c = getc(f);
+     }
+-- 
+1.8.3.1
+

0001-sys-linux-rework-get_first_ethernet.patch

@@ -0,0 +1,380 @@
+From 13bd7b8832720f404d7799bc58091a246b77d331 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 9 Apr 2014 09:18:24 +0200
+Subject: [PATCH] sys-linux: rework get_first_ethernet()
+
+We can't assume that host has ethernet NIC named "eth0". Rather than guessing we
+better ask udev. We iterate over symlinks symlinks in /sys/class/net and
+for each device we determine if it is ethernet device and additionally we query
+udev database for sub-type of the device. If we find PCI or USB device which has
+ethernet datalink type and appropriate sub-type we return its name. If we don't
+succeed in determining more information about device we will return "good
+enough" device which in turn is first device with ethernet datalink type.
+
+Note that we now have two copies of get_first_ethernet() in the source code. This
+is bad and should be fixed in the future.
+
+This commit replaces ppp-2.4.5-eth.patch.
+
+Resolves: #682381
+---
+ pppd/Makefile.linux                     |   2 +-
+ pppd/multilink.c                        |   4 +-
+ pppd/plugins/rp-pppoe/Makefile.linux    |   2 +-
+ pppd/plugins/rp-pppoe/pppoe-discovery.c | 117 +++++++++++++++++++++++++++++++-
+ pppd/pppd.h                             |   2 +-
+ pppd/sys-linux.c                        | 115 +++++++++++++++++++++++++++++--
+ 6 files changed, 229 insertions(+), 13 deletions(-)
+
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index ac782f8..de36b4d 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -34,7 +34,7 @@ endif
+ CC = gcc
+ #
+ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
+-LIBS = -lutil
++LIBS = -lutil -ludev
+ 
+ # Uncomment the next 2 lines to include support for Microsoft's
+ # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
+diff --git a/pppd/multilink.c b/pppd/multilink.c
+index 135cab0..2f0ed50 100644
+--- a/pppd/multilink.c
++++ b/pppd/multilink.c
+@@ -436,12 +436,12 @@ static int
+ get_default_epdisc(ep)
+      struct epdisc *ep;
+ {
+-	char *p;
++	char *p = NULL;
+ 	struct hostent *hp;
+ 	u_int32_t addr;
+ 
+ 	/* First try for an ethernet MAC address */
+-	p = get_first_ethernet();
++        get_first_ethernet(&p);
+ 	if (p != 0 && get_if_hwaddr(ep->value, p) >= 0) {
+ 		ep->class = EPD_MAC;
+ 		ep->length = 6;
+diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
+index f5ef9a1..8fc7289 100644
+--- a/pppd/plugins/rp-pppoe/Makefile.linux
++++ b/pppd/plugins/rp-pppoe/Makefile.linux
+@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' -fPIE
+ all: rp-pppoe.so pppoe-discovery
+ 
+ pppoe-discovery: pppoe-discovery.o debug.o
+-	$(CC) -z now -pie -o pppoe-discovery pppoe-discovery.o debug.o
++	$(CC) -z now -pie -o pppoe-discovery pppoe-discovery.o debug.o -ludev
+ 
+ pppoe-discovery.o: pppoe-discovery.c
+ 	$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
+diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+index 88805f6..21a7333 100644
+--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+@@ -47,8 +47,13 @@
+ #include <net/if_arp.h>
+ #endif
+ 
++#include <dirent.h>
++#include <sys/types.h>
++#include <libudev.h>
++
+ char *xstrdup(const char *s);
+ void usage(void);
++int get_first_ethernet(char **_r);
+ 
+ void die(int status)
+ {
+@@ -685,8 +690,15 @@ int main(int argc, char *argv[])
+     }
+ 
+     /* default interface name */
+-    if (!conn->ifName)
+-	conn->ifName = strdup("eth0");
++    if (!conn->ifName) {
++            char *eth_dev;
++            if (get_first_ethernet(&eth_dev) < 0) {
++                    fprintf(stderr, "No ethernet device on the host.\n");
++                    exit(1);
++            }
++            conn->ifName = eth_dev;
++    }
++
+ 
+     conn->discoverySocket = -1;
+     conn->sessionSocket = -1;
+@@ -726,3 +738,104 @@ void usage(void)
+     fprintf(stderr, "Usage: pppoe-discovery [options]\n");
+     fprintf(stderr, "\nVersion " RP_VERSION "\n");
+ }
++
++/*
++ * get_first_ethernet - return the name of the first ethernet-style
++ * interface on this system.
++ */
++int
++get_first_ethernet(char **_r)
++{
++        int r = 0;
++        DIR *d = NULL;
++        struct dirent *entry = NULL;
++        struct udev *udev = NULL;
++        struct udev_device *dev = NULL;
++        char *eth_dev = NULL;
++
++        d = opendir("/sys/class/net");
++        if (!d) {
++                fprintf(stderr, "Failed to open dir /sys/class/net : %m\n");
++                r = -errno;
++                goto fail;
++        }
++
++        udev = udev_new();
++        if (!udev) {
++                fprintf(stderr, "Failed to talk to systemd-udevd\n");
++                r = -EIO;
++                goto fail;
++        }
++
++        while ((entry = readdir(d)) != NULL) {
++                char syspath[PATH_MAX] = {};
++                const char *type = NULL;
++
++                if ((strcmp(entry->d_name, ".") == 0) || (strcmp(entry->d_name, "..") == 0))
++                        continue;
++
++                sprintf(syspath, "/sys/class/net/%s", entry->d_name);
++
++                dev = udev_device_new_from_syspath(udev, syspath);
++                if (!dev)
++                        continue;
++
++                type = udev_device_get_sysattr_value(dev, "type");
++                if (strcmp(type, "1") == 0) {
++                        const char *pci_dev_subclass = NULL, *usb_dev_subclass = NULL;
++
++                        pci_dev_subclass = udev_device_get_property_value(dev,
++                                                                          "ID_PCI_SUBCLASS_FROM_DATABASE");
++                        usb_dev_subclass = udev_device_get_property_value(dev,
++                                                                          "ID_USB_SUBCLASS_FROM_DATABASE");
++
++                        if ((pci_dev_subclass && strcmp(pci_dev_subclass, "Ethernet controller") == 0) ||
++                            (usb_dev_subclass && (strcmp(usb_dev_subclass, "Ethernet Networking") == 0 ||
++                                                  strcmp(usb_dev_subclass, "Ethernet Emulation") == 0))) {
++                                char *d = NULL;
++
++                                d = strdup(entry->d_name);
++                                if (!d) {
++                                        r = -ENOMEM;
++                                        goto fail;
++                                }
++
++                                free(eth_dev);
++                                eth_dev = d;
++                                break;
++                        } else if (!eth_dev) {
++                                eth_dev = strdup(entry->d_name);
++                                if (!eth_dev) {
++                                        r = -ENOMEM;
++                                        goto fail;
++                                }
++                        }
++                }
++
++                udev_device_unref(dev);
++                dev = NULL;
++        }
++
++        if (dev)
++                udev_device_unref(dev);
++        udev_unref(udev);
++        closedir(d);
++
++        *_r = eth_dev;
++
++        return 0;
++
++fail:
++        if (dev)
++                udev_device_unref(dev);
++
++        if (udev)
++                udev_unref(udev);
++
++        if (d)
++                closedir(d);
++
++        free(eth_dev);
++
++        return r;
++}
+diff --git a/pppd/pppd.h b/pppd/pppd.h
+index bbff4c0..7c2eb8f 100644
+--- a/pppd/pppd.h
++++ b/pppd/pppd.h
+@@ -676,7 +676,7 @@ int  sipxfaddr __P((int, unsigned long, unsigned char *));
+ int  cipxfaddr __P((int));
+ #endif
+ int  get_if_hwaddr __P((u_char *addr, char *name));
+-char *get_first_ethernet __P((void));
++int get_first_ethernet __P((char **_r));
+ 
+ /* Procedures exported from options.c */
+ int setipaddr __P((char *, char **, int)); /* Set local/remote ip addresses */
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 90ba900..15ec442 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -92,6 +92,9 @@
+ #include <ctype.h>
+ #include <termios.h>
+ #include <unistd.h>
++#include <dirent.h>
++
++#include <libudev.h>
+ 
+ /* This is in netdevice.h. However, this compile will fail miserably if
+    you attempt to include netdevice.h because it has so many references
+@@ -1873,10 +1876,101 @@ get_if_hwaddr(u_char *addr, char *name)
+  * get_first_ethernet - return the name of the first ethernet-style
+  * interface on this system.
+  */
+-char *
+-get_first_ethernet()
+-{
+-	return "eth0";
++int
++get_first_ethernet(char **_r)
++{
++        int r = 0;
++        DIR *d = NULL;
++        struct dirent *entry = NULL;
++        struct udev *udev = NULL;
++        struct udev_device *dev = NULL;
++        char *eth_dev = NULL;
++
++        d = opendir("/sys/class/net");
++        if (!d) {
++                fprintf(stderr, "Failed to open dir /sys/class/net : %m\n");
++                r = -errno;
++                goto fail;
++        }
++
++        udev = udev_new();
++        if (!udev) {
++                fprintf(stderr, "Failed to talk to systemd-udevd\n");
++                r = -EIO;
++                goto fail;
++        }
++
++        while ((entry = readdir(d)) != NULL) {
++                char syspath[PATH_MAX] = {};
++                const char *type = NULL;
++
++                if ((strcmp(entry->d_name, ".") == 0) || (strcmp(entry->d_name, "..") == 0))
++                        continue;
++
++                sprintf(syspath, "/sys/class/net/%s", entry->d_name);
++
++                dev = udev_device_new_from_syspath(udev, syspath);
++                if (!dev)
++                        continue;
++
++                type = udev_device_get_sysattr_value(dev, "type");
++                if (strcmp(type, "1") == 0) {
++                        const char *pci_dev_subclass = NULL, *usb_dev_subclass = NULL;
++
++                        pci_dev_subclass = udev_device_get_property_value(dev,
++                                                                          "ID_PCI_SUBCLASS_FROM_DATABASE");
++                        usb_dev_subclass = udev_device_get_property_value(dev,
++                                                                          "ID_USB_SUBCLASS_FROM_DATABASE");
++
++                        if ((pci_dev_subclass && strcmp(pci_dev_subclass, "Ethernet controller") == 0) ||
++                            (usb_dev_subclass && (strcmp(usb_dev_subclass, "Ethernet Networking") == 0 ||
++                                                  strcmp(usb_dev_subclass, "Ethernet Emulation") == 0))) {
++                                char *d = NULL;
++
++                                d = strdup(entry->d_name);
++                                if (!d) {
++                                        r = -ENOMEM;
++                                        goto fail;
++                                }
++
++                                free(eth_dev);
++                                eth_dev = d;
++                                break;
++                        } else if (!eth_dev) {
++                                eth_dev = strdup(entry->d_name);
++                                if (!eth_dev) {
++                                        r = -ENOMEM;
++                                        goto fail;
++                                }
++                        }
++                }
++
++                udev_device_unref(dev);
++                dev = NULL;
++        }
++
++        if (dev)
++                udev_device_unref(dev);
++        udev_unref(udev);
++        closedir(d);
++
++        *_r = eth_dev;
++
++        return 0;
++
++fail:
++        if (dev)
++                udev_device_unref(dev);
++
++        if (udev)
++                udev_unref(udev);
++
++        if (d)
++                closedir(d);
++
++        free(eth_dev);
++
++        return r;
+ }
+ 
+ /********************************************************************
+@@ -2783,6 +2877,7 @@ ether_to_eui64(eui64_t *p_eui64)
+     struct ifreq ifr;
+     int skfd;
+     const unsigned char *ptr;
++    char *eth_dev = NULL;
+ 
+     skfd = socket_fd(PF_INET6, SOCK_DGRAM, 0);
+     if(skfd == -1)
+@@ -2791,11 +2886,19 @@ ether_to_eui64(eui64_t *p_eui64)
+         return 0;
+     }
+ 
+-    strcpy(ifr.ifr_name, "eth0");
++    if (get_first_ethernet(&eth_dev) < 0)
++    {
++            warn("no ethernet device present on the host");
++            return 0;
++    }
++
++    strcpy(ifr.ifr_name, eth_dev);
++    free(eth_dev);
++
+     if(ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0)
+     {
+         close(skfd);
+-        warn("could not obtain hardware address for eth0");
++        warn("could not obtain hardware address for %s", ifr.ifr_name);
+         return 0;
+     }
+     close(skfd);
+-- 
+1.8.3.1
+

ppp-tmpfs.conf

@@ -1,2 +1,2 @@
-d	/var/run/ppp	0755 root root
-d	/var/lock/ppp	0755 root root
+d	/run/ppp	0755 root root
+d	/run/lock/ppp	0755 root root

ppp.spec

@@ -3,7 +3,7 @@
 Summary: The Point-to-Point Protocol daemon
 Name: ppp
 Version: 2.4.5
-Release: 33%{?dist}
+Release: 35%{?dist}
 License: BSD and LGPLv2+ and GPLv2+ and Public Domain
 Group: System Environment/Daemons
 URL: http://www.samba.org/ppp
@@ -32,14 +32,16 @@ Patch26: ppp-2.4.5-manpg.patch
 Patch27: ppp-2.4.5-eaptls-mppe-0.99.patch
 Patch28: ppp-2.4.5-ppp_resolv.patch
 Patch29: ppp-2.4.5-man.patch
-Patch30: ppp-2.4.5-eth.patch
 Patch31: ppp-2.4.5-lock.patch
 Patch32: ppp-2.4.5-l2tp-multilink.patch
 Patch33: ppp-2.4.5-radius-config.patch
 Patch34: ppp-2.4.5-crypt.patch
 Patch35: ppp-2.4.5-hardened.patch
+Patch36: 0001-pppd-Eliminate-potential-integer-overflow-in-option-.patch
+Patch37: 0001-sys-linux-rework-get_first_ethernet.patch
+Patch38: 0001-Fix-logical-expression-in-eap_client_active-macro.patch
 
-BuildRequires: pam-devel, libpcap-devel, openssl-devel, systemd
+BuildRequires: pam-devel, libpcap-devel, openssl-devel, systemd, systemd-devel
 Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
 Requires(pre): /usr/bin/getent
 Requires(pre): /usr/sbin/groupadd
@@ -83,14 +85,16 @@ This package contains the header files for building plugins for ppp.
 %patch27 -p1 -b .eaptls
 %patch28 -p1 -b .ppp_resolv
 %patch29 -p1 -b .man
-# fixes bz#682381 - hardcodes eth0
-%patch30 -p1 -b .eth
 # fixes bz#708260 - SELinux is preventing access on the file LCK..ttyUSB3
 %patch31 -p1 -b .lock
 %patch32 -p1 -b .l2tp-multilink
 %patch33 -p1 -b .radius
 %patch34 -p1 -b .crypt
 %patch35 -p1 -b .hardened
+%patch36 -p1 -b .cve-2014-3158
+# rewritten fix for bz#682381 - hardcodes eth0
+%patch37 -p1 -b .eth
+%patch38 -p1 -b .eap-client-active
 
 rm -f scripts/*.local
 rm -f scripts/*.change_resolv_conf
@@ -120,7 +124,7 @@ install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/ppp
 # Provide pointers for people who expect stuff in old places
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/ppp
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/ppp
-mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lock/ppp
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/lock/ppp
 
 install -d -m 755 $RPM_BUILD_ROOT%{_tmpfilesdir}
 install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_tmpfilesdir}/ppp.conf
@@ -132,9 +136,6 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/ppp
 %pre
 getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
 
-%post
-mkdir -p %{_localstatedir}/lock/ppp 2>&1 >/dev/null || :
-
 %files
 %defattr(-,root,root)
 %{_sbindir}/chat
@@ -151,8 +152,8 @@ mkdir -p %{_localstatedir}/lock/ppp 2>&1 >/dev/null || :
 %{_mandir}/man8/pppoe-discovery.8*
 %{_libdir}/pppd
 %dir %{_sysconfdir}/ppp
-%dir %{_localstatedir}/run/ppp
-%ghost %dir %{_localstatedir}/lock/ppp
+%ghost %dir %{_localstatedir}/run/ppp
+%ghost %dir %{_localstatedir}/run/lock/ppp
 %dir %{_sysconfdir}/logrotate.d
 %attr(700, root, root) %dir %{_localstatedir}/log/ppp
 %config(noreplace) %{_sysconfdir}/ppp/eaptls-client
@@ -171,6 +172,14 @@ mkdir -p %{_localstatedir}/lock/ppp 2>&1 >/dev/null || :
 %doc PLUGINS
 
 %changelog
+* Tue Dec 09 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.5-35
+- replace patch implementing get_first_ethernet with F21 version (#1062419)
+- don't ship /var/run/ppp (#1053135)
+- fix logical expression in eap_client_active macro (#1023620)
+
+* Tue Aug 12 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.5-34
+- Fix for CVE-2014-3158
+
 * Thu Aug 01 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-33
 - fix post installation scriptlet