rpms/ppp
6
0
Fork 0
Code Issues Pull Requests Releases Activity

New version

Browse Source 
Changed sources to github
Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h,
  ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags,
  ppp-2.4.7-coverity-scan-fixes  patches (all upstreamed)
Fixed buffer overflow in the eap_request and eap_response functions
  Resolves: CVE-2020-8597
This commit is contained in:
Jaroslav Škarvada 2020-02-21 17:34:33 +01:00
parent 0237a3fb30
commit 6d73752ab1
19 changed files with 84 additions and 779 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ ppp-2.4.5.tar.gz
/ppp-2.4.6.tar.gz /ppp-2.4.6.tar.gz
/ppp-watch.tar.xz /ppp-watch.tar.xz
/ppp-2.4.7.tar.gz /ppp-2.4.7.tar.gz
/ppp-2.4.8.tar.gz

35
0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
View File

@ -1,35 +0,0 @@
From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Sat, 10 Dec 2016 19:53:56 +0100
Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
To fix build breakage.
---
pppd/plugins/rp-pppoe/pppoe.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
index 9ab2eee..f77f5b7 100644
--- a/pppd/plugins/rp-pppoe/pppoe.h
+++ b/pppd/plugins/rp-pppoe/pppoe.h
@@ -15,6 +15,8 @@
#include "config.h"
+#include <netinet/in.h>
+
#if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H)
#define _POSIX_SOURCE 1 /* For sigaction defines */
#endif
@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
#include <linux/if_ether.h>
#endif
-#include <netinet/in.h>
-
#ifdef HAVE_NETINET_IF_ETHER_H
#include <sys/types.h>
--
2.9.3

79
ppp-2.4.7-DES-openssl.patch
View File

@ -1,79 +0,0 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 534ccc2..cf11b74 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -41,7 +41,7 @@ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
# Uncomment the next 2 lines to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
CHAPMS=y
-USE_CRYPT=y
+#USE_CRYPT=y
# Don't use MSLANMAN unless you really know what you're doing.
#MSLANMAN=y
# Uncomment the next line to include support for MPPE. CHAPMS (above) must
@@ -147,7 +147,8 @@ endif
ifdef NEEDDES
ifndef USE_CRYPT
-LIBS += -ldes $(LIBS)
+CFLAGS += -I/usr/include/openssl
+LIBS += -lcrypto
else
CFLAGS += -DUSE_CRYPT=1
endif
diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
index 8b85b13..6b35375 100644
--- a/pppd/pppcrypt.c
+++ b/pppd/pppcrypt.c
@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
des_key[7] = Get7Bits(key, 49);
#ifndef USE_CRYPT
- des_set_odd_parity((des_cblock *)des_key);
+ DES_set_odd_parity((DES_cblock *)des_key);
#endif
}
@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
}
#else /* USE_CRYPT */
-static des_key_schedule key_schedule;
+static DES_key_schedule key_schedule;
bool
DesSetkey(key)
u_char *key;
{
- des_cblock des_key;
+ DES_cblock des_key;
MakeKey(key, des_key);
- des_set_key(&des_key, key_schedule);
+ DES_set_key(&des_key, &key_schedule);
return (1);
}
bool
-DesEncrypt(clear, key, cipher)
+DesEncrypt(clear, cipher)
u_char *clear; /* IN 8 octets */
u_char *cipher; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
- key_schedule, 1);
+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
+ &key_schedule, 1);
return (1);
}
@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
u_char *cipher; /* IN 8 octets */
u_char *clear; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
- key_schedule, 0);
+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
+ &key_schedule, 0);
return (1);
}

453
ppp-2.4.7-coverity-scan-fixes.patch
View File

@ -1,453 +0,0 @@
diff --git a/chat/chat.c b/chat/chat.c
index 710dba9..bf10733 100644
--- a/chat/chat.c
+++ b/chat/chat.c
@@ -512,6 +512,7 @@ void msgf __V((const char *fmt, ...))
syslog(LOG_INFO, "%s", line);
if (to_stderr)
fprintf(stderr, "%s\n", line);
+ va_end(args);
}
/*
@@ -537,6 +538,7 @@ void fatal __V((int code, const char *fmt, ...))
syslog(LOG_ERR, "%s", line);
if (to_stderr)
fprintf(stderr, "%s\n", line);
+ va_end(args);
terminate(code);
}
diff --git a/pppd/auth.c b/pppd/auth.c
index 656ffe9..9a7e32d 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -464,6 +464,7 @@ setupapfile(argv)
euid = geteuid();
if (seteuid(getuid()) == -1) {
option_error("unable to reset uid before opening %s: %m", fname);
+ free(fname);
return 0;
}
ufile = fopen(fname, "re");
@@ -471,6 +472,7 @@ setupapfile(argv)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
option_error("unable to open user login data file %s", fname);
+ free(fname);
return 0;
}
check_access(ufile, fname);
@@ -481,6 +483,7 @@ setupapfile(argv)
|| fgets(p, MAXSECRETLEN - 1, ufile) == NULL) {
fclose(ufile);
option_error("unable to read user login data file %s", fname);
+ free(fname);
return 0;
}
fclose(ufile);
@@ -502,6 +505,7 @@ setupapfile(argv)
explicit_passwd = 1;
}
+ free(fname);
return (1);
}
diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c
index 1b79abf..f7f42fd 100644
--- a/pppd/eap-tls.c
+++ b/pppd/eap-tls.c
@@ -693,6 +693,7 @@ int eaptls_init_ssl_server(eap_state * esp)
}
strncpy(ets->peer, esp->es_server.ea_peer, MAXWORDLEN);
+ ets->peer[MAXWORDLEN - 1] = 0;
dbglog( "getting eaptls secret" );
if (!get_eaptls_secret(esp->es_unit, esp->es_server.ea_peer,
@@ -780,7 +781,10 @@ int eaptls_init_ssl_client(eap_state * esp)
* verify
*/
if (esp->es_client.ea_peer)
+ {
strncpy(ets->peer, esp->es_client.ea_peer, MAXWORDLEN);
+ ets->peer[MAXWORDLEN - 1] = 0;
+ }
else
ets->peer[0] = 0;
@@ -835,7 +839,10 @@ int eaptls_init_ssl_client(eap_state * esp)
* ssl_verify_callback()
*/
if (servcertfile[0])
+ {
strncpy(ets->peercertfile, servcertfile, MAXWORDLEN);
+ ets->peercertfile[MAXWORDLEN - 1] = 0;
+ }
else
ets->peercertfile[0] = 0;
diff --git a/pppd/multilink.c b/pppd/multilink.c
index 2f0ed50..67200ba 100644
--- a/pppd/multilink.c
+++ b/pppd/multilink.c
@@ -445,9 +445,13 @@ get_default_epdisc(ep)
if (p != 0 && get_if_hwaddr(ep->value, p) >= 0) {
ep->class = EPD_MAC;
ep->length = 6;
+ free(p);
return 1;
}
+ if (p)
+ free(p);
+
/* see if our hostname corresponds to a reasonable IP address */
hp = gethostbyname(hostname);
if (hp != NULL) {
diff --git a/pppd/options.c b/pppd/options.c
index 1cef314..bc264d6 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -1735,7 +1735,7 @@ user_unsetenv(argv)
option_error("unexpected = in name: %s", arg);
return 0;
}
- if (arg == '\0') {
+ if (*arg == '\0') {
option_error("missing variable name for unset");
return 0;
}
diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
index 1099575..7c4fe8b 100644
--- a/pppd/plugins/pppol2tp/openl2tp.c
+++ b/pppd/plugins/pppol2tp/openl2tp.c
@@ -246,6 +246,9 @@ out:
(*old_pppol2tp_ip_updown_hook)(tunnel_id, session_id, up);
}
+ if (user_name != NULL)
+ free(user_name);
+
return;
}
diff --git a/pppd/plugins/radius/avpair.c b/pppd/plugins/radius/avpair.c
index 716d23f..ec48eb8 100644
--- a/pppd/plugins/radius/avpair.c
+++ b/pppd/plugins/radius/avpair.c
@@ -121,7 +121,8 @@ VALUE_PAIR *rc_avpair_new (int attrid, void *pval, int len, int vendorcode)
if ((vp = (VALUE_PAIR *) malloc (sizeof (VALUE_PAIR)))
!= (VALUE_PAIR *) NULL)
{
- strncpy (vp->name, pda->name, sizeof (vp->name));
+ strncpy (vp->name, pda->name, NAME_LENGTH);
+ vp->name[NAME_LENGTH] = 0;
vp->attribute = attrid;
vp->vendorcode = vendorcode;
vp->next = (VALUE_PAIR *) NULL;
diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c
index a29e5e8..6e36d89 100644
--- a/pppd/plugins/radius/config.c
+++ b/pppd/plugins/radius/config.c
@@ -153,6 +153,7 @@ static int set_option_auo(char *filename, int line, OPTION *option, char *p)
*iptr = AUTH_RADIUS_FST;
else {
error("%s: auth_order: unknown keyword: %s", filename, p);
+ free(iptr);
return (-1);
}
@@ -165,6 +166,7 @@ static int set_option_auo(char *filename, int line, OPTION *option, char *p)
*iptr = (*iptr) | AUTH_RADIUS_SND;
else {
error("%s: auth_order: unknown or unexpected keyword: %s", filename, p);
+ free(iptr);
return (-1);
}
}
@@ -272,7 +274,7 @@ char *rc_conf_str(char *optname)
if (option == NULL)
fatal("rc_conf_str: unkown config option requested: %s", optname);
- return (char *)option->val;
+ return (char *)option->val;
}
int rc_conf_int(char *optname)
diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c
index 4ba5f52..6f2a0bd 100644
--- a/pppd/plugins/radius/radius.c
+++ b/pppd/plugins/radius/radius.c
@@ -898,7 +898,8 @@ radius_acct_start(void)
rstate.start_time = time(NULL);
- strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id));
+ strncpy(rstate.session_id, rc_mksid(), MAXSESSIONID);
+ rstate.session_id[MAXSESSIONID] = 0;
rc_avpair_add(&send, PW_ACCT_SESSION_ID,
rstate.session_id, 0, VENDOR_NONE);
diff --git a/pppd/plugins/radius/radiusclient.h b/pppd/plugins/radius/radiusclient.h
index 51b959a..cff0c26 100644
--- a/pppd/plugins/radius/radiusclient.h
+++ b/pppd/plugins/radius/radiusclient.h
@@ -440,6 +440,7 @@ UINT4 rc_get_ipaddr __P((char *));
int rc_good_ipaddr __P((char *));
const char *rc_ip_hostname __P((UINT4));
UINT4 rc_own_ipaddress __P((void));
+UINT4 rc_own_bind_ipaddress __P((void));
/* sendserver.c */
diff --git a/pppd/plugins/radius/radrealms.c b/pppd/plugins/radius/radrealms.c
index 7a30370..cd006fd 100644
--- a/pppd/plugins/radius/radrealms.c
+++ b/pppd/plugins/radius/radrealms.c
@@ -68,10 +68,12 @@ lookup_realm(char const *user,
if ((fd = fopen(radrealms_config, "r")) == NULL) {
option_error("cannot open %s", radrealms_config);
+ free(auths);
+ free(accts);
return;
- }
+ }
info("Reading %s", radrealms_config);
-
+
while ((fgets(buffer, sizeof(buffer), fd) != NULL)) {
line++;
@@ -87,6 +89,8 @@ lookup_realm(char const *user,
fclose(fd);
option_error("%s: invalid line %d: %s", radrealms_config,
line, buffer);
+ free(auths);
+ free(accts);
return;
}
info("Parsing '%s' entry:", p);
@@ -101,6 +105,8 @@ lookup_realm(char const *user,
fclose(fd);
option_error("%s: realm name missing on line %d: %s",
radrealms_config, line, buffer);
+ free(auths);
+ free(accts);
return;
}
@@ -111,6 +117,8 @@ lookup_realm(char const *user,
fclose(fd);
option_error("%s: server address missing on line %d: %s",
radrealms_config, line, buffer);
+ free(auths);
+ free(accts);
return;
}
s->name[s->max] = strdup(p);
@@ -119,6 +127,8 @@ lookup_realm(char const *user,
fclose(fd);
option_error("%s: server port missing on line %d: %s",
radrealms_config, line, buffer);
+ free(auths);
+ free(accts);
return;
}
s->port[s->max] = atoi(p);
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index 5e06b52..5f79284 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -34,10 +34,10 @@ pppoe-discovery: pppoe-discovery.o debug.o common.o
$(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
pppoe-discovery.o: pppoe-discovery.c
- $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
+ $(CC) $(CFLAGS) -I../../.. -c -o pppoe-discovery.o pppoe-discovery.c
debug.o: debug.c
- $(CC) $(CFLAGS) -c -o debug.o debug.c
+ $(CC) $(CFLAGS) -I../../.. -c -o debug.o debug.c
rp-pppoe.so: plugin.o discovery.o if.o common.o
$(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
index 72aba41..50d5693 100644
--- a/pppd/plugins/rp-pppoe/if.c
+++ b/pppd/plugins/rp-pppoe/if.c
@@ -133,7 +133,8 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
/* Fill in hardware address */
if (hwaddr) {
- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ ifr.ifr_name[IFNAMSIZ - 1] = 0;
if (ioctl(fd, SIOCGIFHWADDR, &ifr) < 0) {
error("Can't get hardware address for %s: %m", ifname);
close(fd);
@@ -152,7 +153,8 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
}
/* Sanity check on MTU */
- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ ifr.ifr_name[IFNAMSIZ - 1] = 0;
if (ioctl(fd, SIOCGIFMTU, &ifr) < 0) {
error("Can't get MTU for %s: %m", ifname);
} else if (ifr.ifr_mtu < ETH_DATA_LEN) {
@@ -166,7 +168,8 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
sa.sll_family = AF_PACKET;
sa.sll_protocol = htons(type);
- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ ifr.ifr_name[IFNAMSIZ - 1] = 0;
if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) {
error("Could not get interface index for %s: %m", ifname);
close(fd);
diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
index 24bdf8f..1856c6b 100644
--- a/pppd/plugins/rp-pppoe/plugin.c
+++ b/pppd/plugins/rp-pppoe/plugin.c
@@ -153,7 +153,7 @@ PPPOEConnectDevice(void)
error("Can't get MTU for %s: %m", conn->ifName);
goto errout;
}
- strncpy(ifr.ifr_name, conn->ifName, sizeof(ifr.ifr_name));
+ strlcpy(ifr.ifr_name, conn->ifName, sizeof(ifr.ifr_name));
if (ioctl(s, SIOCGIFMTU, &ifr) < 0) {
error("Can't get MTU for %s: %m", conn->ifName);
close(s);
@@ -326,7 +326,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
/* Try getting interface index */
if (r) {
- strncpy(ifr.ifr_name, cmd, sizeof(ifr.ifr_name));
+ strlcpy(ifr.ifr_name, cmd, sizeof(ifr.ifr_name));
if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) {
r = 0;
} else {
@@ -345,7 +345,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
/* Close socket */
close(fd);
if (r && doit) {
- strncpy(devnam, cmd, sizeof(devnam));
+ strlcpy(devnam, cmd, sizeof(devnam));
if (the_channel != &pppoe_channel) {
the_channel = &pppoe_channel;
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
index 2bd910f..502e17f 100644
--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
@@ -177,7 +177,8 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
sa.sll_family = AF_PACKET;
sa.sll_protocol = htons(type);
- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ ifr.ifr_name[IFNAMSIZ - 1] = 0;
if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) {
fatalSys("ioctl(SIOCFIGINDEX): Could not get interface index");
}
diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
index f77f5b7..6118e27 100644
--- a/pppd/plugins/rp-pppoe/pppoe.h
+++ b/pppd/plugins/rp-pppoe/pppoe.h
@@ -24,6 +24,8 @@
#include <stdio.h> /* For FILE */
#include <sys/types.h> /* For pid_t */
+#include "pppd/pppd.h" /* For error */
+
/* How do we access raw Ethernet devices? */
#undef USE_LINUX_PACKET
#undef USE_BPF
diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
index bb05acd..4638f46 100644
--- a/pppd/plugins/winbind.c
+++ b/pppd/plugins/winbind.c
@@ -432,6 +432,7 @@ unsigned int run_ntlm_auth(const char *username,
/* parent */
if (close(child_out[0]) == -1) {
+ close(child_in[1]);
notice("error closing pipe?!? for child OUT[0]");
return NOT_AUTHENTICATED;
}
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 9a1d8a6..ef92486 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -2236,7 +2236,6 @@ int ppp_available(void)
}
}
- close (s);
if (!ok) {
slprintf(route_buffer, sizeof(route_buffer),
"Sorry - PPP driver version %d.%d.%d is out of date\n",
@@ -2246,6 +2245,7 @@ int ppp_available(void)
}
}
}
+ close(s);
return ok;
}
@@ -2722,7 +2722,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
warn("Couldn't unlock pty slave %s: %m", pty_name);
#endif
if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ {
warn("Couldn't open pty slave %s: %m", pty_name);
+ close(mfd);
+ }
}
}
#endif /* TIOCGPTN */
@@ -3011,6 +3014,7 @@ ether_to_eui64(eui64_t *p_eui64)
if (get_first_ethernet(&eth_dev) < 0)
{
warn("no ethernet device present on the host");
+ close(skfd);
return 0;
}
diff --git a/pppstats/pppstats.c b/pppstats/pppstats.c
index 6367988..4aaa319 100644
--- a/pppstats/pppstats.c
+++ b/pppstats/pppstats.c
@@ -150,7 +150,8 @@ get_ppp_stats(curp)
#define ifr_name ifr__name
#endif
- strncpy(req.ifr_name, interface, sizeof(req.ifr_name));
+ strncpy(req.ifr_name, interface, IFNAMSIZ);
+ req.ifr_name[IFNAMSIZ - 1] = 0;
if (ioctl(s, SIOCGPPPSTATS, &req) < 0) {
fprintf(stderr, "%s: ", progname);
if (errno == ENOTTY)
@@ -176,7 +177,8 @@ get_ppp_cstats(csp)
#define ifr_name ifr__name
#endif
- strncpy(creq.ifr_name, interface, sizeof(creq.ifr_name));
+ strncpy(creq.ifr_name, interface, IFNAMSIZ);
+ creq.ifr_name[IFNAMSIZ - 1] = 0;
if (ioctl(s, SIOCGPPPCSTATS, &creq) < 0) {
fprintf(stderr, "%s: ", progname);
if (errno == ENOTTY) {
@@ -526,7 +528,8 @@ main(argc, argv)
#undef ifr_name
#define ifr_name ifr_ifrn.ifrn_name
#endif
- strncpy(ifr.ifr_name, interface, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, interface, IFNAMSIZ);
+ ifr.ifr_name[IFNAMSIZ - 1] = 0;
if (ioctl(s, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
fprintf(stderr, "%s: nonexistent interface '%s' specified\n",
progname, interface);

170
ppp-2.4.7-honor-ldflags.patch
View File

@ -1,170 +0,0 @@
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
index 2445637..83114f1 100644
--- a/chat/Makefile.linux
+++ b/chat/Makefile.linux
@@ -18,7 +18,7 @@ INSTALL= install
all: chat
chat: chat.o
- $(CC) -o chat chat.o
+ $(CC) $(LDFLAGS) -o chat chat.o
chat.o: chat.c
$(CC) -c $(CFLAGS) -o chat.o chat.c
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index cf11b74..089f164 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -188,7 +188,7 @@ endif
ifdef PLUGIN
CFLAGS += -DPLUGIN
-LDFLAGS += -Wl,-E
+LDFLAGS_PLUGIN += -Wl,-E
LIBS += -ldl
endif
@@ -230,7 +230,7 @@ install: pppd
$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
pppd: $(PPPDOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
srp-entry: srp-entry.c
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS)
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 303833a..04fe876 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
# EAP-TLS
@@ -33,7 +33,7 @@ all: $(PLUGINS)
for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
%.so: %.c
- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
+ $(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h)
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 4c5826f..1961e0e 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
#***********************************************************************
@@ -33,7 +33,7 @@ endif
all: $(PLUGIN)
$(PLUGIN): $(PLUGIN_OBJS)
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 9cb316d..7b23b25 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
#***********************************************************************
@@ -16,7 +16,7 @@ PLUGINS := pppol2tp.so openl2tp.so
all: $(PLUGINS)
%.so: %.o
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 707326b..2150332 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -43,13 +43,13 @@ install: all
$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
radius.so: radius.o libradiusclient.a
- $(CC) -o radius.so -shared radius.o libradiusclient.a
+ $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
radattr.so: radattr.o
- $(CC) -o radattr.so -shared radattr.o
+ $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o
radrealms.so: radrealms.o
- $(CC) -o radrealms.so -shared radrealms.o
+ $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o
CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
clientid.o sendserver.o lock.o util.o md5.o
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index fa49efb..5e06b52 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
all: rp-pppoe.so pppoe-discovery
pppoe-discovery: pppoe-discovery.o debug.o common.o
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
+ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
pppoe-discovery.o: pppoe-discovery.c
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
@@ -40,7 +40,7 @@ debug.o: debug.c
$(CC) $(CFLAGS) -c -o debug.o debug.c
rp-pppoe.so: plugin.o discovery.o if.o common.o
- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
+ $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
index 95c6805..33e5107 100644
--- a/pppdump/Makefile.linux
+++ b/pppdump/Makefile.linux
@@ -10,7 +10,7 @@ INSTALL= install
all: pppdump
pppdump: $(OBJS)
- $(CC) -o pppdump $(OBJS)
+ $(CC) $(LDFLAGS) -o pppdump $(OBJS)
clean:
rm -f pppdump $(OBJS) *~
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
index c5ba3b1..eeccf83 100644
--- a/pppstats/Makefile.linux
+++ b/pppstats/Makefile.linux
@@ -26,7 +26,7 @@ install: pppstats
$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
pppstats: $(PPPSTATSRCS)
- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
clean:
rm -f pppstats *~ #* core

37
ppp-2.4.8-CVE-2020-8597.patch Normal file
View File

@ -0,0 +1,37 @@
From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Mon, 3 Feb 2020 15:53:28 +1100
Subject: [PATCH] pppd: Fix bounds check in EAP code
Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname). This fixes the check so we
actually avoid overflowing the rhostname array.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
pppd/eap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/eap.c b/pppd/eap.c
index 94407f56..1b93db01 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -1420,7 +1420,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1846,7 +1846,7 @@ int len;
}
/* Not so likely to happen. */
- if (vallen >= len + sizeof (rhostname)) {
+ if (len - vallen >= sizeof (rhostname)) {
dbglog("EAP: trimming really long peer name down");
BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
rhostname[sizeof (rhostname) - 1] = '\0';

2
0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch → ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
View File

@ -16,7 +16,7 @@ index 4339566..9a635b8 100644
-COPTS = -O2 -g -COPTS = -O2 -g
+COPTS = $(RPM_OPT_FLAGS) +COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
LDFLAGS = -shared LDFLAGS_SHARED = -shared
INSTALL = install INSTALL = install
-- --
1.8.3.1 1.8.3.1

2
0022-build-sys-compile-pppol2tp-with-multilink-support.patch → ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch
View File

@ -17,7 +17,7 @@ index 9a635b8..9cb316d 100644
-COPTS = $(RPM_OPT_FLAGS) -COPTS = $(RPM_OPT_FLAGS)
+COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK +COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
LDFLAGS = -shared LDFLAGS_SHARED = -shared
INSTALL = install INSTALL = install
-- --
1.8.3.1 1.8.3.1

2
0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch → ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
View File

@ -33,7 +33,7 @@ index 63872eb..8ed56c1 100644
-COPTS = -Wall $(RPM_OPT_FLAGS) -COPTS = -Wall $(RPM_OPT_FLAGS)
+COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\" +COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
# Uncomment the next 2 lines to include support for Microsoft's # Uncomment the next line to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
diff --git a/pppd/pathnames.h b/pppd/pathnames.h diff --git a/pppd/pathnames.h b/pppd/pathnames.h
index a33f046..a427cb8 100644 index a33f046..a427cb8 100644

2
0002-build-sys-enable-PAM-support.patch → ppp-2.4.8-build-sys-enable-PAM-support.patch
View File

@ -12,7 +12,7 @@ index 1d9ea78..5a44d30 100644
--- a/pppd/Makefile.linux --- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux +++ b/pppd/Makefile.linux
@@ -61,7 +61,7 @@ HAVE_MULTILINK=y @@ -61,7 +61,7 @@ HAVE_MULTILINK=y
USE_TDB=y #SYSTEMD=y
HAS_SHADOW=y HAS_SHADOW=y
-#USE_PAM=y -#USE_PAM=y

6
0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch → ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
View File

@ -40,7 +40,7 @@ index 5a44d30..63872eb 100644
-LIBS = -LIBS =
+COPTS = -Wall $(RPM_OPT_FLAGS) +COPTS = -Wall $(RPM_OPT_FLAGS)
# Uncomment the next 2 lines to include support for Microsoft's # Uncomment the next line to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 0a7ec7b..e09a369 100644 index 0a7ec7b..e09a369 100644
@ -51,7 +51,7 @@ index 0a7ec7b..e09a369 100644
-COPTS = -O2 -g -COPTS = -O2 -g
+COPTS = $(RPM_OPT_FLAGS) +COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS = -shared LDFLAGS_SHARED = -shared
INSTALL = install INSTALL = install
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 20f62e6..5a81447 100644 index 20f62e6..5a81447 100644
@ -62,7 +62,7 @@ index 20f62e6..5a81447 100644
-COPTS = -O2 -g -COPTS = -O2 -g
+COPTS = $(RPM_OPT_FLAGS) +COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
LDFLAGS = -shared LDFLAGS_SHARED = -shared
INSTALL = install INSTALL = install
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 24ed3e5..45b3b8d 100644 index 24ed3e5..45b3b8d 100644

2
ppp-2.4.7-eaptls-mppe-1.102.patch → ppp-2.4.8-eaptls-mppe-1.102.patch
View File

@ -3174,7 +3174,7 @@ diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.102/ppp
--- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200 --- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/Makefile.linux 2018-10-30 16:47:59.539263095 +0100 +++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/Makefile.linux 2018-10-30 16:47:59.539263095 +0100
@@ -4,6 +4,9 @@ @@ -4,6 +4,9 @@
LDFLAGS = -shared LDFLAGS_SHARED = -shared
INSTALL = install INSTALL = install
+# EAP-TLS +# EAP-TLS

4
0013-everywhere-O_CLOEXEC-harder.patch → ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch
View File

@ -146,9 +146,9 @@ index 8a12fa0..00a2cf5 100644
#endif #endif
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
{
warn("Couldn't open pty slave %s: %m", pty_name); warn("Couldn't open pty slave %s: %m", pty_name);
} close(mfd);
}
@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) @@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
for (i = 0; i < 64; ++i) { for (i = 0; i < 64; ++i) {
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",

2
0025-pppd-install-pppd-binary-using-standard-perms-755.patch → ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
View File

@ -23,7 +23,7 @@ index 0e8107f..534ccc2 100644
+ $(INSTALL) -c -m 644 pppd.8 $(MANDIR) + $(INSTALL) -c -m 644 pppd.8 $(MANDIR)
pppd: $(PPPDOBJS) pppd: $(PPPDOBJS)
$(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
-- --
1.8.3.1 1.8.3.1

6
0009-pppd-introduce-ipv6-accept-remote.patch → ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch
View File

@ -19,8 +19,8 @@ index caa2b26..5a56c95 100644
+ { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote, + { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote,
+ "Accept peer's interface identifier for itself", 1 }, + "Accept peer's interface identifier for itself", 1 },
{ "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip, { "defaultroute6", o_bool, &ipv6cp_wantoptions[0].default_route,
"Use (default) IPv4 address as interface identifier", 1 }, "Add default IPv6 route", OPT_ENABLE|1, &ipv6cp_allowoptions[0].default_route },
@@ -437,6 +439,7 @@ ipv6cp_init(unit) @@ -437,6 +439,7 @@ ipv6cp_init(unit)
memset(ao, 0, sizeof(*ao)); memset(ao, 0, sizeof(*ao));
@ -43,9 +43,9 @@ index cc4568d..8c7552e 100644
--- a/pppd/ipv6cp.h --- a/pppd/ipv6cp.h
+++ b/pppd/ipv6cp.h +++ b/pppd/ipv6cp.h
@@ -150,7 +150,8 @@ @@ -150,7 +150,8 @@
typedef struct ipv6cp_options {
int neg_ifaceid; /* Negotiate interface identifier? */ int neg_ifaceid; /* Negotiate interface identifier? */
int req_ifaceid; /* Ask peer to send interface identifier? */ int req_ifaceid; /* Ask peer to send interface identifier? */
int default_route; /* Assign default route through interface? */
- int accept_local; /* accept peer's value for iface id? */ - int accept_local; /* accept peer's value for iface id? */
+ int accept_local; /* accept peer's value for our iface id? */ + int accept_local; /* accept peer's value for our iface id? */
+ int accept_remote; /* accept peer's value for his iface id? */ + int accept_remote; /* accept peer's value for his iface id? */

2
0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch → ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
View File

@ -14,7 +14,7 @@ index 4271af6..9e957fa 100644
--- a/pppd/auth.c --- a/pppd/auth.c
+++ b/pppd/auth.c +++ b/pppd/auth.c
@@ -428,7 +428,7 @@ setupapfile(argv) @@ -428,7 +428,7 @@ setupapfile(argv)
option_error("unable to reset uid before opening %s: %m", fname); free(fname);
return 0; return 0;
} }
- ufile = fopen(fname, "r"); - ufile = fopen(fname, "r");

8
0019-sys-linux-rework-get_first_ethernet.patch → ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch
View File

@ -68,12 +68,12 @@ index 9918091..b949716 100644
all: rp-pppoe.so pppoe-discovery all: rp-pppoe.so pppoe-discovery
-pppoe-discovery: pppoe-discovery.o debug.o -pppoe-discovery: pppoe-discovery.o debug.o
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o - $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o
+pppoe-discovery: pppoe-discovery.o debug.o common.o +pppoe-discovery: pppoe-discovery.o debug.o common.o
+ $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev + $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
pppoe-discovery.o: pppoe-discovery.c pppoe-discovery.o: pppoe-discovery.c
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c $(CC) $(CFLAGS) -I../../.. -c -o pppoe-discovery.o pppoe-discovery.c
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
index c0d927d..2bd910f 100644 index c0d927d..2bd910f 100644
--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c --- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
@ -111,7 +111,7 @@ index c0d927d..2bd910f 100644
conn->discoverySocket = -1; conn->discoverySocket = -1;
conn->sessionSocket = -1; conn->sessionSocket = -1;
@@ -722,3 +734,104 @@ void usage(void) @@ -722,3 +734,104 @@ void usage(void)
fprintf(stderr, "Usage: pppoe-discovery [options]\n"); " -h -- Print usage information.\n");
fprintf(stderr, "\nVersion " RP_VERSION "\n"); fprintf(stderr, "\nVersion " RP_VERSION "\n");
} }
+ +

46
ppp.spec
View File

@ -1,13 +1,13 @@
%global _hardened_build 1 %global _hardened_build 1
Name: ppp Name: ppp
Version: 2.4.7 Version: 2.4.8
Release: 33%{?dist} Release: 1%{?dist}
Summary: The Point-to-Point Protocol daemon Summary: The Point-to-Point Protocol daemon
License: BSD and LGPLv2+ and GPLv2+ and Public Domain License: BSD and LGPLv2+ and GPLv2+ and Public Domain
URL: http://www.samba.org/ppp URL: http://www.samba.org/ppp
Source0: ftp://ftp.samba.org/pub/ppp/ppp-%{version}.tar.gz Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz
Source1: ppp-pam.conf Source1: ppp-pam.conf
Source2: ppp-logrotate.conf Source2: ppp-logrotate.conf
Source3: ppp-tmpfiles.conf Source3: ppp-tmpfiles.conf
@ -23,37 +23,32 @@ Source12: ppp-watch.tar.xz
# Fedora-specific # Fedora-specific
Patch0001: 0001-build-sys-use-gcc-as-our-compiler-of-choice.patch Patch0001: 0001-build-sys-use-gcc-as-our-compiler-of-choice.patch
Patch0002: 0002-build-sys-enable-PAM-support.patch Patch0002: ppp-2.4.8-build-sys-enable-PAM-support.patch
Patch0003: 0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch Patch0003: ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
Patch0004: 0004-doc-add-configuration-samples.patch Patch0004: 0004-doc-add-configuration-samples.patch
Patch0005: 0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch Patch0005: ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
Patch0006: 0006-scritps-use-change_resolv_conf-function.patch Patch0006: 0006-scritps-use-change_resolv_conf-function.patch
Patch0007: 0007-build-sys-don-t-strip-binaries-during-installation.patch Patch0007: 0007-build-sys-don-t-strip-binaries-during-installation.patch
Patch0008: 0008-build-sys-use-prefix-usr-instead-of-usr-local.patch Patch0008: 0008-build-sys-use-prefix-usr-instead-of-usr-local.patch
Patch0009: 0009-pppd-introduce-ipv6-accept-remote.patch Patch0009: ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch
Patch0010: 0010-build-sys-enable-CBCP.patch Patch0010: 0010-build-sys-enable-CBCP.patch
Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
Patch0012: 0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
Patch0013: 0013-everywhere-O_CLOEXEC-harder.patch Patch0013: ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch
Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
Patch0019: 0019-sys-linux-rework-get_first_ethernet.patch Patch0019: ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch
Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch
Patch0021: 0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch Patch0021: ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
Patch0022: 0022-build-sys-compile-pppol2tp-with-multilink-support.patch Patch0022: ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
Patch0026: ppp-2.4.7-eaptls-mppe-1.102.patch Patch0026: ppp-2.4.8-eaptls-mppe-1.102.patch
Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
# rhbz#1556132 Patch0032: ppp-2.4.8-CVE-2020-8597.patch
Patch0029: ppp-2.4.7-DES-openssl.patch
# https://github.com/paulusmack/ppp/pull/95
Patch0030: ppp-2.4.7-honor-ldflags.patch
Patch0031: ppp-2.4.7-coverity-scan-fixes.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
@ -87,7 +82,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
This package contains the header files for building plugins for ppp. This package contains the header files for building plugins for ppp.
%prep %prep
%setup -q %setup -qn %{name}-%{name}-%{version}
%autopatch -p1 %autopatch -p1
tar -xJf %{SOURCE12} tar -xJf %{SOURCE12}
@ -184,6 +179,15 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
%doc PLUGINS %doc PLUGINS
%changelog %changelog
* Fri Feb 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-1
- New version
- Changed sources to github
- Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h,
ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags,
ppp-2.4.7-coverity-scan-fixes patches (all upstreamed)
- Fixed buffer overflow in the eap_request and eap_response functions
Resolves: CVE-2020-8597
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-33 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-33
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

4
sources
View File

@ -1,2 +1,2 @@
78818f40e6d33a1d1de68a1551f6595a ppp-2.4.7.tar.gz SHA512 (ppp-watch.tar.xz) = aee10735facf918b9a1e33408c9f19d8240c2cd265837da87ac9f58e097eece6bbe1abcaf426e2f10369d1368f6e9e68d2e07d005a19857f17d6318708ec438a
166cdfbce3391746fde60e86752c7bc7 ppp-watch.tar.xz SHA512 (ppp-2.4.8.tar.gz) = a99b3b6c7bd80cd133bda4e29d33c793a76f3b67e1f8db774547e88932ce29564fad390a4f51d3fe30a75e006499b95000b042ae0f64cd360548426f8091a478