Compare commits
5 Commits
Author | SHA1 | Date |
---|---|---|
Michal Sekletar | a926d42d19 | |
Michal Sekletar | 7f74920936 | |
Michal Sekletar | b63207b504 | |
Michal Sekletar | 5dd0ba57d4 | |
Michal Sekletar | b872351abe |
|
@ -0,0 +1,34 @@
|
||||||
|
From 164daa56d2d52cf55f9a4ab2d0308bc9834d7dab Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Wed, 10 Dec 2014 10:38:11 +0100
|
||||||
|
Subject: [PATCH] Fix logical expression in eap_client_active macro
|
||||||
|
|
||||||
|
Currently the expression always evaluates to true and gcc gives following
|
||||||
|
warning:
|
||||||
|
|
||||||
|
> eap.c:236:2: warning: logical 'or' of collectively exhaustive tests is always
|
||||||
|
true [-Wlogical-op]
|
||||||
|
|
||||||
|
Resolves: #1023620
|
||||||
|
---
|
||||||
|
pppd/eap.h | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pppd/eap.h b/pppd/eap.h
|
||||||
|
index 3fa5391..087baad 100644
|
||||||
|
--- a/pppd/eap.h
|
||||||
|
+++ b/pppd/eap.h
|
||||||
|
@@ -110,8 +110,8 @@ enum eap_state_code {
|
||||||
|
"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
|
||||||
|
|
||||||
|
#ifdef USE_EAPTLS
|
||||||
|
-#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial ||\
|
||||||
|
- (esp)->es_client.ea_state != eapPending ||\
|
||||||
|
+#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\
|
||||||
|
+ (esp)->es_client.ea_state != eapPending &&\
|
||||||
|
(esp)->es_client.ea_state != eapClosed)
|
||||||
|
#else
|
||||||
|
#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
From 7658e8257183f062dc01f87969c140707c7e52cb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paul Mackerras <paulus@samba.org>
|
||||||
|
Date: Fri, 1 Aug 2014 16:05:42 +1000
|
||||||
|
Subject: [PATCH] pppd: Eliminate potential integer overflow in option parsing
|
||||||
|
|
||||||
|
When we are reading in a word from an options file, we maintain a count
|
||||||
|
of the length we have seen so far in 'len', which is an int. When len
|
||||||
|
exceeds MAXWORDLEN - 1 (i.e. 1023) we cease storing characters in the
|
||||||
|
buffer but we continue to increment len. Since len is an int, it will
|
||||||
|
wrap around to -2147483648 after it reaches 2147483647. At that point
|
||||||
|
our test of (len < MAXWORDLEN-1) will succeed and we will start writing
|
||||||
|
characters to memory again.
|
||||||
|
|
||||||
|
This may enable an attacker to overwrite the heap and thereby corrupt
|
||||||
|
security-relevant variables. For this reason it has been assigned a
|
||||||
|
CVE identifier, CVE-2014-3158.
|
||||||
|
|
||||||
|
This fixes the bug by ceasing to increment len once it reaches MAXWORDLEN.
|
||||||
|
|
||||||
|
Reported-by: Lee Campbell <leecam@google.com>
|
||||||
|
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
||||||
|
---
|
||||||
|
pppd/options.c | 10 ++++++----
|
||||||
|
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pppd/options.c b/pppd/options.c
|
||||||
|
index 45fa742..e9042d1 100644
|
||||||
|
--- a/pppd/options.c
|
||||||
|
+++ b/pppd/options.c
|
||||||
|
@@ -1289,9 +1289,10 @@ getword(f, word, newlinep, filename)
|
||||||
|
/*
|
||||||
|
* Store the resulting character for the escape sequence.
|
||||||
|
*/
|
||||||
|
- if (len < MAXWORDLEN-1)
|
||||||
|
+ if (len < MAXWORDLEN) {
|
||||||
|
word[len] = value;
|
||||||
|
- ++len;
|
||||||
|
+ ++len;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!got)
|
||||||
|
c = getc(f);
|
||||||
|
@@ -1329,9 +1330,10 @@ getword(f, word, newlinep, filename)
|
||||||
|
/*
|
||||||
|
* An ordinary character: store it in the word and get another.
|
||||||
|
*/
|
||||||
|
- if (len < MAXWORDLEN-1)
|
||||||
|
+ if (len < MAXWORDLEN) {
|
||||||
|
word[len] = c;
|
||||||
|
- ++len;
|
||||||
|
+ ++len;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
c = getc(f);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
|
@ -0,0 +1,380 @@
|
||||||
|
From 13bd7b8832720f404d7799bc58091a246b77d331 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Wed, 9 Apr 2014 09:18:24 +0200
|
||||||
|
Subject: [PATCH] sys-linux: rework get_first_ethernet()
|
||||||
|
|
||||||
|
We can't assume that host has ethernet NIC named "eth0". Rather than guessing we
|
||||||
|
better ask udev. We iterate over symlinks symlinks in /sys/class/net and
|
||||||
|
for each device we determine if it is ethernet device and additionally we query
|
||||||
|
udev database for sub-type of the device. If we find PCI or USB device which has
|
||||||
|
ethernet datalink type and appropriate sub-type we return its name. If we don't
|
||||||
|
succeed in determining more information about device we will return "good
|
||||||
|
enough" device which in turn is first device with ethernet datalink type.
|
||||||
|
|
||||||
|
Note that we now have two copies of get_first_ethernet() in the source code. This
|
||||||
|
is bad and should be fixed in the future.
|
||||||
|
|
||||||
|
This commit replaces ppp-2.4.5-eth.patch.
|
||||||
|
|
||||||
|
Resolves: #682381
|
||||||
|
---
|
||||||
|
pppd/Makefile.linux | 2 +-
|
||||||
|
pppd/multilink.c | 4 +-
|
||||||
|
pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
|
||||||
|
pppd/plugins/rp-pppoe/pppoe-discovery.c | 117 +++++++++++++++++++++++++++++++-
|
||||||
|
pppd/pppd.h | 2 +-
|
||||||
|
pppd/sys-linux.c | 115 +++++++++++++++++++++++++++++--
|
||||||
|
6 files changed, 229 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||||
|
index ac782f8..de36b4d 100644
|
||||||
|
--- a/pppd/Makefile.linux
|
||||||
|
+++ b/pppd/Makefile.linux
|
||||||
|
@@ -34,7 +34,7 @@ endif
|
||||||
|
CC = gcc
|
||||||
|
#
|
||||||
|
COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
|
||||||
|
-LIBS = -lutil
|
||||||
|
+LIBS = -lutil -ludev
|
||||||
|
|
||||||
|
# Uncomment the next 2 lines to include support for Microsoft's
|
||||||
|
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
|
||||||
|
diff --git a/pppd/multilink.c b/pppd/multilink.c
|
||||||
|
index 135cab0..2f0ed50 100644
|
||||||
|
--- a/pppd/multilink.c
|
||||||
|
+++ b/pppd/multilink.c
|
||||||
|
@@ -436,12 +436,12 @@ static int
|
||||||
|
get_default_epdisc(ep)
|
||||||
|
struct epdisc *ep;
|
||||||
|
{
|
||||||
|
- char *p;
|
||||||
|
+ char *p = NULL;
|
||||||
|
struct hostent *hp;
|
||||||
|
u_int32_t addr;
|
||||||
|
|
||||||
|
/* First try for an ethernet MAC address */
|
||||||
|
- p = get_first_ethernet();
|
||||||
|
+ get_first_ethernet(&p);
|
||||||
|
if (p != 0 && get_if_hwaddr(ep->value, p) >= 0) {
|
||||||
|
ep->class = EPD_MAC;
|
||||||
|
ep->length = 6;
|
||||||
|
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||||
|
index f5ef9a1..8fc7289 100644
|
||||||
|
--- a/pppd/plugins/rp-pppoe/Makefile.linux
|
||||||
|
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||||
|
@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' -fPIE
|
||||||
|
all: rp-pppoe.so pppoe-discovery
|
||||||
|
|
||||||
|
pppoe-discovery: pppoe-discovery.o debug.o
|
||||||
|
- $(CC) -z now -pie -o pppoe-discovery pppoe-discovery.o debug.o
|
||||||
|
+ $(CC) -z now -pie -o pppoe-discovery pppoe-discovery.o debug.o -ludev
|
||||||
|
|
||||||
|
pppoe-discovery.o: pppoe-discovery.c
|
||||||
|
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
|
||||||
|
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||||
|
index 88805f6..21a7333 100644
|
||||||
|
--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||||
|
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||||
|
@@ -47,8 +47,13 @@
|
||||||
|
#include <net/if_arp.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#include <dirent.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+#include <libudev.h>
|
||||||
|
+
|
||||||
|
char *xstrdup(const char *s);
|
||||||
|
void usage(void);
|
||||||
|
+int get_first_ethernet(char **_r);
|
||||||
|
|
||||||
|
void die(int status)
|
||||||
|
{
|
||||||
|
@@ -685,8 +690,15 @@ int main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
|
||||||
|
/* default interface name */
|
||||||
|
- if (!conn->ifName)
|
||||||
|
- conn->ifName = strdup("eth0");
|
||||||
|
+ if (!conn->ifName) {
|
||||||
|
+ char *eth_dev;
|
||||||
|
+ if (get_first_ethernet(ð_dev) < 0) {
|
||||||
|
+ fprintf(stderr, "No ethernet device on the host.\n");
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ conn->ifName = eth_dev;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
|
||||||
|
conn->discoverySocket = -1;
|
||||||
|
conn->sessionSocket = -1;
|
||||||
|
@@ -726,3 +738,104 @@ void usage(void)
|
||||||
|
fprintf(stderr, "Usage: pppoe-discovery [options]\n");
|
||||||
|
fprintf(stderr, "\nVersion " RP_VERSION "\n");
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * get_first_ethernet - return the name of the first ethernet-style
|
||||||
|
+ * interface on this system.
|
||||||
|
+ */
|
||||||
|
+int
|
||||||
|
+get_first_ethernet(char **_r)
|
||||||
|
+{
|
||||||
|
+ int r = 0;
|
||||||
|
+ DIR *d = NULL;
|
||||||
|
+ struct dirent *entry = NULL;
|
||||||
|
+ struct udev *udev = NULL;
|
||||||
|
+ struct udev_device *dev = NULL;
|
||||||
|
+ char *eth_dev = NULL;
|
||||||
|
+
|
||||||
|
+ d = opendir("/sys/class/net");
|
||||||
|
+ if (!d) {
|
||||||
|
+ fprintf(stderr, "Failed to open dir /sys/class/net : %m\n");
|
||||||
|
+ r = -errno;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ udev = udev_new();
|
||||||
|
+ if (!udev) {
|
||||||
|
+ fprintf(stderr, "Failed to talk to systemd-udevd\n");
|
||||||
|
+ r = -EIO;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ while ((entry = readdir(d)) != NULL) {
|
||||||
|
+ char syspath[PATH_MAX] = {};
|
||||||
|
+ const char *type = NULL;
|
||||||
|
+
|
||||||
|
+ if ((strcmp(entry->d_name, ".") == 0) || (strcmp(entry->d_name, "..") == 0))
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ sprintf(syspath, "/sys/class/net/%s", entry->d_name);
|
||||||
|
+
|
||||||
|
+ dev = udev_device_new_from_syspath(udev, syspath);
|
||||||
|
+ if (!dev)
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ type = udev_device_get_sysattr_value(dev, "type");
|
||||||
|
+ if (strcmp(type, "1") == 0) {
|
||||||
|
+ const char *pci_dev_subclass = NULL, *usb_dev_subclass = NULL;
|
||||||
|
+
|
||||||
|
+ pci_dev_subclass = udev_device_get_property_value(dev,
|
||||||
|
+ "ID_PCI_SUBCLASS_FROM_DATABASE");
|
||||||
|
+ usb_dev_subclass = udev_device_get_property_value(dev,
|
||||||
|
+ "ID_USB_SUBCLASS_FROM_DATABASE");
|
||||||
|
+
|
||||||
|
+ if ((pci_dev_subclass && strcmp(pci_dev_subclass, "Ethernet controller") == 0) ||
|
||||||
|
+ (usb_dev_subclass && (strcmp(usb_dev_subclass, "Ethernet Networking") == 0 ||
|
||||||
|
+ strcmp(usb_dev_subclass, "Ethernet Emulation") == 0))) {
|
||||||
|
+ char *d = NULL;
|
||||||
|
+
|
||||||
|
+ d = strdup(entry->d_name);
|
||||||
|
+ if (!d) {
|
||||||
|
+ r = -ENOMEM;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ free(eth_dev);
|
||||||
|
+ eth_dev = d;
|
||||||
|
+ break;
|
||||||
|
+ } else if (!eth_dev) {
|
||||||
|
+ eth_dev = strdup(entry->d_name);
|
||||||
|
+ if (!eth_dev) {
|
||||||
|
+ r = -ENOMEM;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ udev_device_unref(dev);
|
||||||
|
+ dev = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (dev)
|
||||||
|
+ udev_device_unref(dev);
|
||||||
|
+ udev_unref(udev);
|
||||||
|
+ closedir(d);
|
||||||
|
+
|
||||||
|
+ *_r = eth_dev;
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+fail:
|
||||||
|
+ if (dev)
|
||||||
|
+ udev_device_unref(dev);
|
||||||
|
+
|
||||||
|
+ if (udev)
|
||||||
|
+ udev_unref(udev);
|
||||||
|
+
|
||||||
|
+ if (d)
|
||||||
|
+ closedir(d);
|
||||||
|
+
|
||||||
|
+ free(eth_dev);
|
||||||
|
+
|
||||||
|
+ return r;
|
||||||
|
+}
|
||||||
|
diff --git a/pppd/pppd.h b/pppd/pppd.h
|
||||||
|
index bbff4c0..7c2eb8f 100644
|
||||||
|
--- a/pppd/pppd.h
|
||||||
|
+++ b/pppd/pppd.h
|
||||||
|
@@ -676,7 +676,7 @@ int sipxfaddr __P((int, unsigned long, unsigned char *));
|
||||||
|
int cipxfaddr __P((int));
|
||||||
|
#endif
|
||||||
|
int get_if_hwaddr __P((u_char *addr, char *name));
|
||||||
|
-char *get_first_ethernet __P((void));
|
||||||
|
+int get_first_ethernet __P((char **_r));
|
||||||
|
|
||||||
|
/* Procedures exported from options.c */
|
||||||
|
int setipaddr __P((char *, char **, int)); /* Set local/remote ip addresses */
|
||||||
|
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
|
||||||
|
index 90ba900..15ec442 100644
|
||||||
|
--- a/pppd/sys-linux.c
|
||||||
|
+++ b/pppd/sys-linux.c
|
||||||
|
@@ -92,6 +92,9 @@
|
||||||
|
#include <ctype.h>
|
||||||
|
#include <termios.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
+#include <dirent.h>
|
||||||
|
+
|
||||||
|
+#include <libudev.h>
|
||||||
|
|
||||||
|
/* This is in netdevice.h. However, this compile will fail miserably if
|
||||||
|
you attempt to include netdevice.h because it has so many references
|
||||||
|
@@ -1873,10 +1876,101 @@ get_if_hwaddr(u_char *addr, char *name)
|
||||||
|
* get_first_ethernet - return the name of the first ethernet-style
|
||||||
|
* interface on this system.
|
||||||
|
*/
|
||||||
|
-char *
|
||||||
|
-get_first_ethernet()
|
||||||
|
-{
|
||||||
|
- return "eth0";
|
||||||
|
+int
|
||||||
|
+get_first_ethernet(char **_r)
|
||||||
|
+{
|
||||||
|
+ int r = 0;
|
||||||
|
+ DIR *d = NULL;
|
||||||
|
+ struct dirent *entry = NULL;
|
||||||
|
+ struct udev *udev = NULL;
|
||||||
|
+ struct udev_device *dev = NULL;
|
||||||
|
+ char *eth_dev = NULL;
|
||||||
|
+
|
||||||
|
+ d = opendir("/sys/class/net");
|
||||||
|
+ if (!d) {
|
||||||
|
+ fprintf(stderr, "Failed to open dir /sys/class/net : %m\n");
|
||||||
|
+ r = -errno;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ udev = udev_new();
|
||||||
|
+ if (!udev) {
|
||||||
|
+ fprintf(stderr, "Failed to talk to systemd-udevd\n");
|
||||||
|
+ r = -EIO;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ while ((entry = readdir(d)) != NULL) {
|
||||||
|
+ char syspath[PATH_MAX] = {};
|
||||||
|
+ const char *type = NULL;
|
||||||
|
+
|
||||||
|
+ if ((strcmp(entry->d_name, ".") == 0) || (strcmp(entry->d_name, "..") == 0))
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ sprintf(syspath, "/sys/class/net/%s", entry->d_name);
|
||||||
|
+
|
||||||
|
+ dev = udev_device_new_from_syspath(udev, syspath);
|
||||||
|
+ if (!dev)
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ type = udev_device_get_sysattr_value(dev, "type");
|
||||||
|
+ if (strcmp(type, "1") == 0) {
|
||||||
|
+ const char *pci_dev_subclass = NULL, *usb_dev_subclass = NULL;
|
||||||
|
+
|
||||||
|
+ pci_dev_subclass = udev_device_get_property_value(dev,
|
||||||
|
+ "ID_PCI_SUBCLASS_FROM_DATABASE");
|
||||||
|
+ usb_dev_subclass = udev_device_get_property_value(dev,
|
||||||
|
+ "ID_USB_SUBCLASS_FROM_DATABASE");
|
||||||
|
+
|
||||||
|
+ if ((pci_dev_subclass && strcmp(pci_dev_subclass, "Ethernet controller") == 0) ||
|
||||||
|
+ (usb_dev_subclass && (strcmp(usb_dev_subclass, "Ethernet Networking") == 0 ||
|
||||||
|
+ strcmp(usb_dev_subclass, "Ethernet Emulation") == 0))) {
|
||||||
|
+ char *d = NULL;
|
||||||
|
+
|
||||||
|
+ d = strdup(entry->d_name);
|
||||||
|
+ if (!d) {
|
||||||
|
+ r = -ENOMEM;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ free(eth_dev);
|
||||||
|
+ eth_dev = d;
|
||||||
|
+ break;
|
||||||
|
+ } else if (!eth_dev) {
|
||||||
|
+ eth_dev = strdup(entry->d_name);
|
||||||
|
+ if (!eth_dev) {
|
||||||
|
+ r = -ENOMEM;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ udev_device_unref(dev);
|
||||||
|
+ dev = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (dev)
|
||||||
|
+ udev_device_unref(dev);
|
||||||
|
+ udev_unref(udev);
|
||||||
|
+ closedir(d);
|
||||||
|
+
|
||||||
|
+ *_r = eth_dev;
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+fail:
|
||||||
|
+ if (dev)
|
||||||
|
+ udev_device_unref(dev);
|
||||||
|
+
|
||||||
|
+ if (udev)
|
||||||
|
+ udev_unref(udev);
|
||||||
|
+
|
||||||
|
+ if (d)
|
||||||
|
+ closedir(d);
|
||||||
|
+
|
||||||
|
+ free(eth_dev);
|
||||||
|
+
|
||||||
|
+ return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
/********************************************************************
|
||||||
|
@@ -2783,6 +2877,7 @@ ether_to_eui64(eui64_t *p_eui64)
|
||||||
|
struct ifreq ifr;
|
||||||
|
int skfd;
|
||||||
|
const unsigned char *ptr;
|
||||||
|
+ char *eth_dev = NULL;
|
||||||
|
|
||||||
|
skfd = socket_fd(PF_INET6, SOCK_DGRAM, 0);
|
||||||
|
if(skfd == -1)
|
||||||
|
@@ -2791,11 +2886,19 @@ ether_to_eui64(eui64_t *p_eui64)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
- strcpy(ifr.ifr_name, "eth0");
|
||||||
|
+ if (get_first_ethernet(ð_dev) < 0)
|
||||||
|
+ {
|
||||||
|
+ warn("no ethernet device present on the host");
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ strcpy(ifr.ifr_name, eth_dev);
|
||||||
|
+ free(eth_dev);
|
||||||
|
+
|
||||||
|
if(ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0)
|
||||||
|
{
|
||||||
|
close(skfd);
|
||||||
|
- warn("could not obtain hardware address for eth0");
|
||||||
|
+ warn("could not obtain hardware address for %s", ifr.ifr_name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
close(skfd);
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
d /var/run/ppp 0755 root root
|
d /run/ppp 0755 root root
|
||||||
d /var/lock/ppp 0755 root root
|
d /run/lock/ppp 0755 root root
|
||||||
|
|
31
ppp.spec
31
ppp.spec
|
@ -3,7 +3,7 @@
|
||||||
Summary: The Point-to-Point Protocol daemon
|
Summary: The Point-to-Point Protocol daemon
|
||||||
Name: ppp
|
Name: ppp
|
||||||
Version: 2.4.5
|
Version: 2.4.5
|
||||||
Release: 33%{?dist}
|
Release: 35%{?dist}
|
||||||
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
URL: http://www.samba.org/ppp
|
URL: http://www.samba.org/ppp
|
||||||
|
@ -32,14 +32,16 @@ Patch26: ppp-2.4.5-manpg.patch
|
||||||
Patch27: ppp-2.4.5-eaptls-mppe-0.99.patch
|
Patch27: ppp-2.4.5-eaptls-mppe-0.99.patch
|
||||||
Patch28: ppp-2.4.5-ppp_resolv.patch
|
Patch28: ppp-2.4.5-ppp_resolv.patch
|
||||||
Patch29: ppp-2.4.5-man.patch
|
Patch29: ppp-2.4.5-man.patch
|
||||||
Patch30: ppp-2.4.5-eth.patch
|
|
||||||
Patch31: ppp-2.4.5-lock.patch
|
Patch31: ppp-2.4.5-lock.patch
|
||||||
Patch32: ppp-2.4.5-l2tp-multilink.patch
|
Patch32: ppp-2.4.5-l2tp-multilink.patch
|
||||||
Patch33: ppp-2.4.5-radius-config.patch
|
Patch33: ppp-2.4.5-radius-config.patch
|
||||||
Patch34: ppp-2.4.5-crypt.patch
|
Patch34: ppp-2.4.5-crypt.patch
|
||||||
Patch35: ppp-2.4.5-hardened.patch
|
Patch35: ppp-2.4.5-hardened.patch
|
||||||
|
Patch36: 0001-pppd-Eliminate-potential-integer-overflow-in-option-.patch
|
||||||
|
Patch37: 0001-sys-linux-rework-get_first_ethernet.patch
|
||||||
|
Patch38: 0001-Fix-logical-expression-in-eap_client_active-macro.patch
|
||||||
|
|
||||||
BuildRequires: pam-devel, libpcap-devel, openssl-devel, systemd
|
BuildRequires: pam-devel, libpcap-devel, openssl-devel, systemd, systemd-devel
|
||||||
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
|
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
|
||||||
Requires(pre): /usr/bin/getent
|
Requires(pre): /usr/bin/getent
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
|
@ -83,14 +85,16 @@ This package contains the header files for building plugins for ppp.
|
||||||
%patch27 -p1 -b .eaptls
|
%patch27 -p1 -b .eaptls
|
||||||
%patch28 -p1 -b .ppp_resolv
|
%patch28 -p1 -b .ppp_resolv
|
||||||
%patch29 -p1 -b .man
|
%patch29 -p1 -b .man
|
||||||
# fixes bz#682381 - hardcodes eth0
|
|
||||||
%patch30 -p1 -b .eth
|
|
||||||
# fixes bz#708260 - SELinux is preventing access on the file LCK..ttyUSB3
|
# fixes bz#708260 - SELinux is preventing access on the file LCK..ttyUSB3
|
||||||
%patch31 -p1 -b .lock
|
%patch31 -p1 -b .lock
|
||||||
%patch32 -p1 -b .l2tp-multilink
|
%patch32 -p1 -b .l2tp-multilink
|
||||||
%patch33 -p1 -b .radius
|
%patch33 -p1 -b .radius
|
||||||
%patch34 -p1 -b .crypt
|
%patch34 -p1 -b .crypt
|
||||||
%patch35 -p1 -b .hardened
|
%patch35 -p1 -b .hardened
|
||||||
|
%patch36 -p1 -b .cve-2014-3158
|
||||||
|
# rewritten fix for bz#682381 - hardcodes eth0
|
||||||
|
%patch37 -p1 -b .eth
|
||||||
|
%patch38 -p1 -b .eap-client-active
|
||||||
|
|
||||||
rm -f scripts/*.local
|
rm -f scripts/*.local
|
||||||
rm -f scripts/*.change_resolv_conf
|
rm -f scripts/*.change_resolv_conf
|
||||||
|
@ -120,7 +124,7 @@ install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/ppp
|
||||||
# Provide pointers for people who expect stuff in old places
|
# Provide pointers for people who expect stuff in old places
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/ppp
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/ppp
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/ppp
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/ppp
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lock/ppp
|
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/lock/ppp
|
||||||
|
|
||||||
install -d -m 755 $RPM_BUILD_ROOT%{_tmpfilesdir}
|
install -d -m 755 $RPM_BUILD_ROOT%{_tmpfilesdir}
|
||||||
install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_tmpfilesdir}/ppp.conf
|
install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_tmpfilesdir}/ppp.conf
|
||||||
|
@ -132,9 +136,6 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/ppp
|
||||||
%pre
|
%pre
|
||||||
getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%post
|
|
||||||
mkdir -p %{_localstatedir}/lock/ppp 2>&1 >/dev/null || :
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_sbindir}/chat
|
%{_sbindir}/chat
|
||||||
|
@ -151,8 +152,8 @@ mkdir -p %{_localstatedir}/lock/ppp 2>&1 >/dev/null || :
|
||||||
%{_mandir}/man8/pppoe-discovery.8*
|
%{_mandir}/man8/pppoe-discovery.8*
|
||||||
%{_libdir}/pppd
|
%{_libdir}/pppd
|
||||||
%dir %{_sysconfdir}/ppp
|
%dir %{_sysconfdir}/ppp
|
||||||
%dir %{_localstatedir}/run/ppp
|
%ghost %dir %{_localstatedir}/run/ppp
|
||||||
%ghost %dir %{_localstatedir}/lock/ppp
|
%ghost %dir %{_localstatedir}/run/lock/ppp
|
||||||
%dir %{_sysconfdir}/logrotate.d
|
%dir %{_sysconfdir}/logrotate.d
|
||||||
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
|
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
|
||||||
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
|
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
|
||||||
|
@ -171,6 +172,14 @@ mkdir -p %{_localstatedir}/lock/ppp 2>&1 >/dev/null || :
|
||||||
%doc PLUGINS
|
%doc PLUGINS
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Dec 09 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.5-35
|
||||||
|
- replace patch implementing get_first_ethernet with F21 version (#1062419)
|
||||||
|
- don't ship /var/run/ppp (#1053135)
|
||||||
|
- fix logical expression in eap_client_active macro (#1023620)
|
||||||
|
|
||||||
|
* Tue Aug 12 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.5-34
|
||||||
|
- Fix for CVE-2014-3158
|
||||||
|
|
||||||
* Thu Aug 01 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-33
|
* Thu Aug 01 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-33
|
||||||
- fix post installation scriptlet
|
- fix post installation scriptlet
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue