Updated EAP-TLS patch to v1.101
Resolves: CVE-2018-11574
This commit is contained in:
Jaroslav Škarvada
parent
8870b357ca
commit
ad8f16ddb2
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,7 +1,7 @@
|
|||||||
diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls
|
diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls
|
||||||
--- ppp-2.4.7/README.eap-tls 1970-01-01 01:00:00.000000000 +0100
|
--- ppp-2.4.7/README.eap-tls 1970-01-01 01:00:00.000000000 +0100
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls 2017-05-09 14:38:55.129084488 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls 2018-06-02 01:42:04.021165440 +0200
|
||||||
@@ -0,0 +1,280 @@
|
@@ -0,0 +1,286 @@
|
||||||
+EAP-TLS authentication support for PPP
|
+EAP-TLS authentication support for PPP
|
||||||
+======================================
|
+======================================
|
||||||
+
|
+
|
||||||
@ -277,14 +277,20 @@ diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls
|
|||||||
+v0.996 (28-May-2014)
|
+v0.996 (28-May-2014)
|
||||||
+ - Fix minor bug where SessionTicket message was printed as 'Unknown SSL3 code 4'
|
+ - Fix minor bug where SessionTicket message was printed as 'Unknown SSL3 code 4'
|
||||||
+ - Add EAP-TLS-specific options to pppd.8 manual page.
|
+ - Add EAP-TLS-specific options to pppd.8 manual page.
|
||||||
+ - Updated README.eap-tls file with new option and provide an example.
|
+ - Updated README.eap-tls file with new options and provide an example.
|
||||||
+v0.997 (19-Jun-2014)
|
+v0.997 (19-Jun-2014)
|
||||||
+ - change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET
|
+ - Change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET
|
||||||
+ - fix bug in initialisation code with fragmented packets.
|
+ - Fix bug in initialisation code with fragmented packets.
|
||||||
|
+v0.998 (13-Mar-2015)
|
||||||
|
+ - Added fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023620
|
||||||
|
+v0.999 (11-May-2017)
|
||||||
|
+ - Added support for OpenSSL 1.1: the code will now compile against OpenSSL 1.0.x or 1.1.x.
|
||||||
|
+v1.101 (1-Jun-2018)
|
||||||
|
+ - Fix vulnerabilities CVE-2018-11574.
|
||||||
+
|
+
|
||||||
diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-client
|
diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-client
|
||||||
--- ppp-2.4.7/etc.ppp/eaptls-client 1970-01-01 01:00:00.000000000 +0100
|
--- ppp-2.4.7/etc.ppp/eaptls-client 1970-01-01 01:00:00.000000000 +0100
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-client 2017-05-09 14:38:55.129084488 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-client 2018-06-02 01:42:04.021165440 +0200
|
||||||
@@ -0,0 +1,10 @@
|
@@ -0,0 +1,10 @@
|
||||||
+# Parameters for authentication using EAP-TLS (client)
|
+# Parameters for authentication using EAP-TLS (client)
|
||||||
+
|
+
|
||||||
@ -296,9 +302,9 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/e
|
|||||||
+# client private key file (required)
|
+# client private key file (required)
|
||||||
+
|
+
|
||||||
+#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key
|
+#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key
|
||||||
diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-server
|
diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-server
|
||||||
--- ppp-2.4.7/etc.ppp/eaptls-server 1970-01-01 01:00:00.000000000 +0100
|
--- ppp-2.4.7/etc.ppp/eaptls-server 1970-01-01 01:00:00.000000000 +0100
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-server 2017-05-09 14:38:55.137084099 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-server 2018-06-02 01:42:04.021165440 +0200
|
||||||
@@ -0,0 +1,11 @@
|
@@ -0,0 +1,11 @@
|
||||||
+# Parameters for authentication using EAP-TLS (server)
|
+# Parameters for authentication using EAP-TLS (server)
|
||||||
+
|
+
|
||||||
@ -311,9 +317,9 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/e
|
|||||||
+# allowed addresses (required, can be *)
|
+# allowed addresses (required, can be *)
|
||||||
+
|
+
|
||||||
+#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24
|
+#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24
|
||||||
diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/openssl.cnf
|
diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/openssl.cnf
|
||||||
--- ppp-2.4.7/etc.ppp/openssl.cnf 1970-01-01 01:00:00.000000000 +0100
|
--- ppp-2.4.7/etc.ppp/openssl.cnf 1970-01-01 01:00:00.000000000 +0100
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/openssl.cnf 2017-05-09 14:38:55.137084099 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/openssl.cnf 2018-06-02 01:42:04.021165440 +0200
|
||||||
@@ -0,0 +1,14 @@
|
@@ -0,0 +1,14 @@
|
||||||
+openssl_conf = openssl_def
|
+openssl_conf = openssl_def
|
||||||
+
|
+
|
||||||
@ -329,9 +335,9 @@ diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/ope
|
|||||||
+MODULE_PATH = /usr/lib64/libeTPkcs11.so
|
+MODULE_PATH = /usr/lib64/libeTPkcs11.so
|
||||||
+init = 0
|
+init = 0
|
||||||
+
|
+
|
||||||
diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefile.top
|
diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-1.101b/linux/Makefile.top
|
||||||
--- ppp-2.4.7/linux/Makefile.top 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/linux/Makefile.top 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/linux/Makefile.top 2017-05-09 14:38:55.138084052 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/linux/Makefile.top 2018-06-02 01:42:04.021165440 +0200
|
||||||
@@ -26,7 +26,7 @@
|
@@ -26,7 +26,7 @@
|
||||||
cd pppdump; $(MAKE) $(MFLAGS) install
|
cd pppdump; $(MAKE) $(MFLAGS) install
|
||||||
|
|
||||||
@ -352,9 +358,9 @@ diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefi
|
|||||||
|
|
||||||
$(BINDIR):
|
$(BINDIR):
|
||||||
$(INSTALL) -d -m 755 $@
|
$(INSTALL) -d -m 755 $@
|
||||||
diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefile.linux
|
diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pppd/Makefile.linux
|
||||||
--- ppp-2.4.7/pppd/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefile.linux 2017-05-09 14:38:55.138084052 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/Makefile.linux 2018-06-02 01:42:04.021165440 +0200
|
||||||
@@ -76,6 +76,9 @@
|
@@ -76,6 +76,9 @@
|
||||||
# Use libutil
|
# Use libutil
|
||||||
USE_LIBUTIL=y
|
USE_LIBUTIL=y
|
||||||
@ -381,9 +387,9 @@ diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefi
|
|||||||
ifdef HAS_SHADOW
|
ifdef HAS_SHADOW
|
||||||
CFLAGS += -DHAS_SHADOW
|
CFLAGS += -DHAS_SHADOW
|
||||||
#LIBS += -lshadow $(LIBS)
|
#LIBS += -lshadow $(LIBS)
|
||||||
diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/auth.c
|
||||||
--- ppp-2.4.7/pppd/auth.c 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/auth.c 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c 2017-05-09 14:38:55.139084004 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/auth.c 2018-06-02 01:42:04.022165436 +0200
|
||||||
@@ -109,6 +109,9 @@
|
@@ -109,6 +109,9 @@
|
||||||
#include "upap.h"
|
#include "upap.h"
|
||||||
#include "chap-new.h"
|
#include "chap-new.h"
|
||||||
@ -879,9 +885,9 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c
|
diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/ccp.c
|
||||||
--- ppp-2.4.7/pppd/ccp.c 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/ccp.c 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c 2017-05-09 14:38:55.148083482 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/ccp.c 2018-06-02 01:42:04.022165436 +0200
|
||||||
@@ -540,6 +540,9 @@
|
@@ -540,6 +540,9 @@
|
||||||
if (go->mppe) {
|
if (go->mppe) {
|
||||||
ccp_options *ao = &ccp_allowoptions[f->unit];
|
ccp_options *ao = &ccp_allowoptions[f->unit];
|
||||||
@ -917,9 +923,9 @@ diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c
|
|||||||
lcp_close(f->unit, "MPPE required but not available");
|
lcp_close(f->unit, "MPPE required but not available");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c
|
diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/chap-md5.c
|
||||||
--- ppp-2.4.7/pppd/chap-md5.c 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/chap-md5.c 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c 2017-05-09 14:38:55.148083482 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/chap-md5.c 2018-06-02 01:42:04.022165436 +0200
|
||||||
@@ -36,7 +36,11 @@
|
@@ -36,7 +36,11 @@
|
||||||
#include "chap-new.h"
|
#include "chap-new.h"
|
||||||
#include "chap-md5.h"
|
#include "chap-md5.h"
|
||||||
@ -932,10 +938,10 @@ diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c
|
|||||||
|
|
||||||
#define MD5_HASH_SIZE 16
|
#define MD5_HASH_SIZE 16
|
||||||
#define MD5_MIN_CHALLENGE 16
|
#define MD5_MIN_CHALLENGE 16
|
||||||
diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
|
||||||
--- ppp-2.4.7/pppd/eap-tls.c 1970-01-01 01:00:00.000000000 +0100
|
--- ppp-2.4.7/pppd/eap-tls.c 1970-01-01 01:00:00.000000000 +0100
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c 2017-05-11 10:43:00.345739124 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c 2018-06-02 01:42:16.790124406 +0200
|
||||||
@@ -0,0 +1,1308 @@
|
@@ -0,0 +1,1313 @@
|
||||||
+/*
|
+/*
|
||||||
+ * eap-tls.c - EAP-TLS implementation for PPP
|
+ * eap-tls.c - EAP-TLS implementation for PPP
|
||||||
+ *
|
+ *
|
||||||
@ -1000,6 +1006,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|||||||
+ * tries to provide some guidance but ultimately falls short.
|
+ * tries to provide some guidance but ultimately falls short.
|
||||||
+ */
|
+ */
|
||||||
+
|
+
|
||||||
|
+
|
||||||
+static void HMAC_CTX_free(HMAC_CTX *ctx)
|
+static void HMAC_CTX_free(HMAC_CTX *ctx)
|
||||||
+{
|
+{
|
||||||
+ if (ctx != NULL) {
|
+ if (ctx != NULL) {
|
||||||
@ -1803,46 +1810,47 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|||||||
+int eaptls_receive(struct eaptls_session *ets, u_char * inp, int len)
|
+int eaptls_receive(struct eaptls_session *ets, u_char * inp, int len)
|
||||||
+{
|
+{
|
||||||
+ u_char flags;
|
+ u_char flags;
|
||||||
+ u_int tlslen;
|
+ u_int tlslen = 0;
|
||||||
+ u_char dummy[65536];
|
+ u_char dummy[65536];
|
||||||
+
|
+
|
||||||
|
+ if (len < 1) {
|
||||||
|
+ warn("EAP-TLS: received no or invalid data");
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
+ GETCHAR(flags, inp);
|
+ GETCHAR(flags, inp);
|
||||||
+ len--;
|
+ len--;
|
||||||
+
|
+
|
||||||
+ if (flags & EAP_TLS_FLAGS_LI && !ets->data) {
|
+ if (flags & EAP_TLS_FLAGS_LI && len >= 4) {
|
||||||
+
|
|
||||||
+ /*
|
+ /*
|
||||||
+ * This is the first packet of a message
|
+ * LenghtIncluded flag set -> this is the first packet of a message
|
||||||
+ */
|
+ */
|
||||||
+
|
+
|
||||||
|
+ /*
|
||||||
|
+ * the first 4 octets are the length of the EAP-TLS message
|
||||||
|
+ */
|
||||||
+ GETLONG(tlslen, inp);
|
+ GETLONG(tlslen, inp);
|
||||||
+ len -= 4;
|
+ len -= 4;
|
||||||
+
|
+
|
||||||
+ if (tlslen > EAP_TLS_MAX_LEN) {
|
+ if (!ets->data) {
|
||||||
+ error("Error: tls message length > %d, truncated",
|
+
|
||||||
+ EAP_TLS_MAX_LEN);
|
+ if (tlslen > EAP_TLS_MAX_LEN) {
|
||||||
+ tlslen = EAP_TLS_MAX_LEN;
|
+ error("EAP-TLS: TLS message length > %d, truncated", EAP_TLS_MAX_LEN);
|
||||||
|
+ tlslen = EAP_TLS_MAX_LEN;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Allocate memory for the whole message
|
||||||
|
+ */
|
||||||
|
+ ets->data = malloc(tlslen);
|
||||||
|
+ if (!ets->data)
|
||||||
|
+ fatal("EAP-TLS: allocation error\n");
|
||||||
|
+
|
||||||
|
+ ets->datalen = 0;
|
||||||
|
+ ets->tlslen = tlslen;
|
||||||
+ }
|
+ }
|
||||||
+
|
+ else
|
||||||
+ /*
|
+ warn("EAP-TLS: non-first LI packet? that's odd...");
|
||||||
+ * Allocate memory for the whole message
|
|
||||||
+ */
|
|
||||||
+ ets->data = malloc(tlslen);
|
|
||||||
+ if (!ets->data)
|
|
||||||
+ fatal("EAP TLS: allocation error\n");
|
|
||||||
+
|
|
||||||
+ ets->datalen = 0;
|
|
||||||
+ ets->tlslen = tlslen;
|
|
||||||
+
|
|
||||||
+ }
|
|
||||||
+ else if (flags & EAP_TLS_FLAGS_LI && ets->data) {
|
|
||||||
+ /*
|
|
||||||
+ * Non first with LI (strange...)
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ GETLONG(tlslen, inp);
|
|
||||||
+ len -= 4;
|
|
||||||
+
|
|
||||||
+ }
|
+ }
|
||||||
+ else if (!ets->data) {
|
+ else if (!ets->data) {
|
||||||
+ /*
|
+ /*
|
||||||
@ -1851,7 +1859,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|||||||
+
|
+
|
||||||
+ ets->data = malloc(len);
|
+ ets->data = malloc(len);
|
||||||
+ if (!ets->data)
|
+ if (!ets->data)
|
||||||
+ fatal("EAP TLS: allocation error\n");
|
+ fatal("EAP-TLS: allocation error\n");
|
||||||
+
|
+
|
||||||
+ ets->datalen = 0;
|
+ ets->datalen = 0;
|
||||||
+ ets->tlslen = len;
|
+ ets->tlslen = len;
|
||||||
@ -1862,8 +1870,13 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|||||||
+ else
|
+ else
|
||||||
+ ets->frag = 0;
|
+ ets->frag = 0;
|
||||||
+
|
+
|
||||||
|
+ if (len < 0) {
|
||||||
|
+ warn("EAP-TLS: received malformed data");
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
+ if (len + ets->datalen > ets->tlslen) {
|
+ if (len + ets->datalen > ets->tlslen) {
|
||||||
+ warn("EAP TLS: received data > TLS message length");
|
+ warn("EAP-TLS: received data > TLS message length");
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
@ -1877,7 +1890,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|||||||
+ */
|
+ */
|
||||||
+
|
+
|
||||||
+ if (ets->datalen != ets->tlslen) {
|
+ if (ets->datalen != ets->tlslen) {
|
||||||
+ warn("EAP TLS: received data != TLS message length");
|
+ warn("EAP-TLS: received data != TLS message length");
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
@ -2138,7 +2151,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|||||||
+
|
+
|
||||||
+ switch(content_type) {
|
+ switch(content_type) {
|
||||||
+
|
+
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
+ case SSL3_RT_HEADER:
|
+ case SSL3_RT_HEADER:
|
||||||
+ strcat(string, "SSL/TLS Header: ");
|
+ strcat(string, "SSL/TLS Header: ");
|
||||||
+ switch(hvers) {
|
+ switch(hvers) {
|
||||||
@ -2164,7 +2176,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|||||||
+ strcat(string, "Unknown version");
|
+ strcat(string, "Unknown version");
|
||||||
+ }
|
+ }
|
||||||
+ break;
|
+ break;
|
||||||
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
|
|
||||||
+
|
+
|
||||||
+ case SSL3_RT_ALERT:
|
+ case SSL3_RT_ALERT:
|
||||||
+ strcat(string, "Alert: ");
|
+ strcat(string, "Alert: ");
|
||||||
@ -2244,9 +2255,9 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|||||||
+ dbglog("%s", string);
|
+ dbglog("%s", string);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h
|
diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.h
|
||||||
--- ppp-2.4.7/pppd/eap-tls.h 1970-01-01 01:00:00.000000000 +0100
|
--- ppp-2.4.7/pppd/eap-tls.h 1970-01-01 01:00:00.000000000 +0100
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h 2017-05-09 14:38:55.150083347 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.h 2018-06-02 01:42:04.023165433 +0200
|
||||||
@@ -0,0 +1,107 @@
|
@@ -0,0 +1,107 @@
|
||||||
+/*
|
+/*
|
||||||
+ * eap-tls.h
|
+ * eap-tls.h
|
||||||
@ -2355,9 +2366,9 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h
|
|||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
+#endif
|
+#endif
|
||||||
diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.c
|
||||||
--- ppp-2.4.7/pppd/eap.c 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/eap.c 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c 2017-05-09 14:38:55.151083274 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.c 2018-06-02 01:42:04.023165433 +0200
|
||||||
@@ -43,6 +43,11 @@
|
@@ -43,6 +43,11 @@
|
||||||
* Based on draft-ietf-pppext-eap-srp-03.txt.
|
* Based on draft-ietf-pppext-eap-srp-03.txt.
|
||||||
*/
|
*/
|
||||||
@ -2674,7 +2685,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
#ifdef USE_SRP
|
#ifdef USE_SRP
|
||||||
struct t_client *tc;
|
struct t_client *tc;
|
||||||
struct t_num sval, gval, Nval, *Ap, Bval;
|
struct t_num sval, gval, Nval, *Ap, Bval;
|
||||||
@@ -1456,6 +1696,90 @@
|
@@ -1456,6 +1696,100 @@
|
||||||
esp->es_client.ea_namelen);
|
esp->es_client.ea_namelen);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2685,6 +2696,11 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
+
|
+
|
||||||
+ case eapListen:
|
+ case eapListen:
|
||||||
+
|
+
|
||||||
|
+ if (len < 1) {
|
||||||
|
+ error("EAP: received EAP-TLS Listen packet with no data");
|
||||||
|
+ /* Bogus request; wait for something real. */
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
+ GETCHAR(flags, inp);
|
+ GETCHAR(flags, inp);
|
||||||
+ if(flags & EAP_TLS_FLAGS_START){
|
+ if(flags & EAP_TLS_FLAGS_START){
|
||||||
+
|
+
|
||||||
@ -2722,6 +2738,11 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
+ break;
|
+ break;
|
||||||
+
|
+
|
||||||
+ case eapTlsRecv:
|
+ case eapTlsRecv:
|
||||||
|
+ if (len < 1) {
|
||||||
|
+ error("EAP: discarding EAP-TLS Receive packet with no data");
|
||||||
|
+ /* Bogus request; wait for something real. */
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
+ eaptls_receive(ets, inp, len);
|
+ eaptls_receive(ets, inp, len);
|
||||||
+
|
+
|
||||||
+ if(ets->frag) {
|
+ if(ets->frag) {
|
||||||
@ -2765,7 +2786,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
#ifdef USE_SRP
|
#ifdef USE_SRP
|
||||||
case EAPT_SRP:
|
case EAPT_SRP:
|
||||||
if (len < 1) {
|
if (len < 1) {
|
||||||
@@ -1737,6 +2061,11 @@
|
@@ -1737,6 +2071,11 @@
|
||||||
u_char dig[SHA_DIGESTSIZE];
|
u_char dig[SHA_DIGESTSIZE];
|
||||||
#endif /* USE_SRP */
|
#endif /* USE_SRP */
|
||||||
|
|
||||||
@ -2777,7 +2798,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
if (esp->es_server.ea_id != id) {
|
if (esp->es_server.ea_id != id) {
|
||||||
dbglog("EAP: discarding Response %d; expected ID %d", id,
|
dbglog("EAP: discarding Response %d; expected ID %d", id,
|
||||||
esp->es_server.ea_id);
|
esp->es_server.ea_id);
|
||||||
@@ -1776,6 +2105,60 @@
|
@@ -1776,6 +2115,64 @@
|
||||||
eap_figure_next_state(esp, 0);
|
eap_figure_next_state(esp, 0);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2786,6 +2807,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
+ switch(esp->es_server.ea_state) {
|
+ switch(esp->es_server.ea_state) {
|
||||||
+
|
+
|
||||||
+ case eapTlsRecv:
|
+ case eapTlsRecv:
|
||||||
|
+
|
||||||
+ ets = (struct eaptls_session *) esp->es_server.ea_session;
|
+ ets = (struct eaptls_session *) esp->es_server.ea_session;
|
||||||
+ eap_figure_next_state(esp,
|
+ eap_figure_next_state(esp,
|
||||||
+ eaptls_receive(esp->es_server.ea_session, inp, len));
|
+ eaptls_receive(esp->es_server.ea_session, inp, len));
|
||||||
@ -2806,19 +2828,22 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
+ case eapTlsRecvClient:
|
+ case eapTlsRecvClient:
|
||||||
+ /* Receive authentication response from client */
|
+ /* Receive authentication response from client */
|
||||||
+
|
+
|
||||||
+ GETCHAR(flags, inp);
|
+ if (len > 0) {
|
||||||
|
+ GETCHAR(flags, inp);
|
||||||
+
|
+
|
||||||
+ if(len == 1 && !flags) { /* Ack = ok */
|
+ if(len == 1 && !flags) { /* Ack = ok */
|
||||||
+#ifdef MPPE
|
+#ifdef MPPE
|
||||||
+ eaptls_gen_mppe_keys( esp->es_server.ea_session, "client EAP encryption", 0 );
|
+ eaptls_gen_mppe_keys( esp->es_server.ea_session, "client EAP encryption", 0 );
|
||||||
+#endif
|
+#endif
|
||||||
+ eap_send_success(esp);
|
+ eap_send_success(esp);
|
||||||
+ }
|
+ }
|
||||||
+ else { /* failure */
|
+ else { /* failure */
|
||||||
+ eaptls_receive(esp->es_server.ea_session, inp, len);
|
+ warn("Server authentication failed");
|
||||||
+ warn("Server authentication failed");
|
+ eap_send_failure(esp);
|
||||||
+ eap_send_failure(esp);
|
+ }
|
||||||
+ }
|
+ }
|
||||||
|
+ else
|
||||||
|
+ warn("Bogus EAP-TLS packet received from client");
|
||||||
+
|
+
|
||||||
+ eaptls_free_session(esp->es_server.ea_session);
|
+ eaptls_free_session(esp->es_server.ea_session);
|
||||||
+
|
+
|
||||||
@ -2838,7 +2863,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
case EAPT_NOTIFICATION:
|
case EAPT_NOTIFICATION:
|
||||||
dbglog("EAP unexpected Notification; response discarded");
|
dbglog("EAP unexpected Notification; response discarded");
|
||||||
break;
|
break;
|
||||||
@@ -1807,6 +2190,13 @@
|
@@ -1807,6 +2204,13 @@
|
||||||
esp->es_server.ea_state = eapMD5Chall;
|
esp->es_server.ea_state = eapMD5Chall;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2852,7 +2877,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
default:
|
default:
|
||||||
dbglog("EAP: peer requesting unknown Type %d", vallen);
|
dbglog("EAP: peer requesting unknown Type %d", vallen);
|
||||||
switch (esp->es_server.ea_state) {
|
switch (esp->es_server.ea_state) {
|
||||||
@@ -2018,13 +2408,27 @@
|
@@ -2018,13 +2422,27 @@
|
||||||
int id;
|
int id;
|
||||||
int len;
|
int len;
|
||||||
{
|
{
|
||||||
@ -2881,7 +2906,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
if (esp->es_client.ea_timeout > 0) {
|
if (esp->es_client.ea_timeout > 0) {
|
||||||
UNTIMEOUT(eap_client_timeout, (void *)esp);
|
UNTIMEOUT(eap_client_timeout, (void *)esp);
|
||||||
}
|
}
|
||||||
@@ -2150,6 +2554,9 @@
|
@@ -2150,6 +2568,9 @@
|
||||||
int code, id, len, rtype, vallen;
|
int code, id, len, rtype, vallen;
|
||||||
u_char *pstart;
|
u_char *pstart;
|
||||||
u_int32_t uval;
|
u_int32_t uval;
|
||||||
@ -2891,7 +2916,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
|
|
||||||
if (inlen < EAP_HEADERLEN)
|
if (inlen < EAP_HEADERLEN)
|
||||||
return (0);
|
return (0);
|
||||||
@@ -2214,6 +2621,24 @@
|
@@ -2214,6 +2635,24 @@
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2916,7 +2941,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
case EAPT_SRP:
|
case EAPT_SRP:
|
||||||
if (len < 3)
|
if (len < 3)
|
||||||
goto truncated;
|
goto truncated;
|
||||||
@@ -2325,6 +2750,25 @@
|
@@ -2325,6 +2764,25 @@
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2942,14 +2967,14 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|||||||
case EAPT_NAK:
|
case EAPT_NAK:
|
||||||
if (len <= 0) {
|
if (len <= 0) {
|
||||||
printer(arg, " <missing hint>");
|
printer(arg, " <missing hint>");
|
||||||
@@ -2426,3 +2870,4 @@
|
@@ -2426,3 +2884,4 @@
|
||||||
|
|
||||||
return (inp - pstart);
|
return (inp - pstart);
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
|
diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.h
|
||||||
--- ppp-2.4.7/pppd/eap.h 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/eap.h 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h 2017-05-09 14:38:55.152083200 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.h 2018-06-02 01:42:04.023165433 +0200
|
||||||
@@ -84,6 +84,16 @@
|
@@ -84,6 +84,16 @@
|
||||||
eapClosed, /* Authentication not in use */
|
eapClosed, /* Authentication not in use */
|
||||||
eapListen, /* Client ready (and timer running) */
|
eapListen, /* Client ready (and timer running) */
|
||||||
@ -3018,9 +3043,9 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
|
|||||||
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */
|
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */
|
||||||
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
|
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
|
||||||
|
|
||||||
diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c
|
diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.c
|
||||||
--- ppp-2.4.7/pppd/md5.c 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/md5.c 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c 2017-05-09 14:38:55.152083200 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.c 2018-06-02 01:42:04.023165433 +0200
|
||||||
@@ -33,6 +33,8 @@
|
@@ -33,6 +33,8 @@
|
||||||
***********************************************************************
|
***********************************************************************
|
||||||
*/
|
*/
|
||||||
@ -3036,9 +3061,9 @@ diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c
|
|||||||
*/
|
*/
|
||||||
+#endif /* USE_EAPTLS */
|
+#endif /* USE_EAPTLS */
|
||||||
+
|
+
|
||||||
diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h
|
diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.h
|
||||||
--- ppp-2.4.7/pppd/md5.h 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/md5.h 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h 2017-05-09 14:38:55.152083200 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.h 2018-06-02 01:42:04.024165430 +0200
|
||||||
@@ -36,6 +36,7 @@
|
@@ -36,6 +36,7 @@
|
||||||
** documentation and/or software. **
|
** documentation and/or software. **
|
||||||
***********************************************************************
|
***********************************************************************
|
||||||
@ -3053,9 +3078,9 @@ diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h
|
|||||||
#endif /* __MD5_INCLUDE__ */
|
#endif /* __MD5_INCLUDE__ */
|
||||||
+
|
+
|
||||||
+#endif /* USE_EAPTLS */
|
+#endif /* USE_EAPTLS */
|
||||||
diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames.h
|
diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/pathnames.h
|
||||||
--- ppp-2.4.7/pppd/pathnames.h 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/pathnames.h 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames.h 2017-05-09 14:38:55.153083126 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pathnames.h 2018-06-02 01:42:04.024165430 +0200
|
||||||
@@ -21,6 +21,13 @@
|
@@ -21,6 +21,13 @@
|
||||||
#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets"
|
#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets"
|
||||||
#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets"
|
#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets"
|
||||||
@ -3070,9 +3095,9 @@ diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames
|
|||||||
#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
|
#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
|
||||||
#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up"
|
#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up"
|
||||||
#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down"
|
#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down"
|
||||||
diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/Makefile.linux
|
diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/Makefile.linux
|
||||||
--- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/Makefile.linux 2017-05-09 14:38:55.153083126 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/Makefile.linux 2018-06-02 01:42:04.024165430 +0200
|
||||||
@@ -4,6 +4,9 @@
|
@@ -4,6 +4,9 @@
|
||||||
LDFLAGS = -shared
|
LDFLAGS = -shared
|
||||||
INSTALL = install
|
INSTALL = install
|
||||||
@ -3083,9 +3108,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/ppp
|
|||||||
DESTDIR = $(INSTROOT)@DESTDIR@
|
DESTDIR = $(INSTROOT)@DESTDIR@
|
||||||
BINDIR = $(DESTDIR)/sbin
|
BINDIR = $(DESTDIR)/sbin
|
||||||
MANDIR = $(DESTDIR)/share/man/man8
|
MANDIR = $(DESTDIR)/share/man/man8
|
||||||
diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passprompt.c
|
diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passprompt.c
|
||||||
--- ppp-2.4.7/pppd/plugins/passprompt.c 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/plugins/passprompt.c 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passprompt.c 2017-05-09 14:38:55.153083126 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passprompt.c 2018-06-02 01:42:04.024165430 +0200
|
||||||
@@ -107,4 +107,7 @@
|
@@ -107,4 +107,7 @@
|
||||||
{
|
{
|
||||||
add_options(options);
|
add_options(options);
|
||||||
@ -3094,9 +3119,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-0.999/pppd/
|
|||||||
+ eaptls_passwd_hook = promptpass;
|
+ eaptls_passwd_hook = promptpass;
|
||||||
+#endif
|
+#endif
|
||||||
}
|
}
|
||||||
diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passwordfd.c
|
diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passwordfd.c
|
||||||
--- ppp-2.4.7/pppd/plugins/passwordfd.c 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/plugins/passwordfd.c 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passwordfd.c 2017-05-09 14:38:55.154083052 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passwordfd.c 2018-06-02 01:42:04.024165430 +0200
|
||||||
@@ -79,4 +79,8 @@
|
@@ -79,4 +79,8 @@
|
||||||
|
|
||||||
chap_check_hook = pwfd_check;
|
chap_check_hook = pwfd_check;
|
||||||
@ -3106,9 +3131,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-0.999/pppd/
|
|||||||
+ eaptls_passwd_hook = pwfd_passwd;
|
+ eaptls_passwd_hook = pwfd_passwd;
|
||||||
+#endif
|
+#endif
|
||||||
}
|
}
|
||||||
diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
|
diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.8
|
||||||
--- ppp-2.4.7/pppd/pppd.8 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/pppd.8 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8 2017-05-09 14:38:55.155082978 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.8 2018-06-02 01:42:04.025165427 +0200
|
||||||
@@ -248,6 +248,12 @@
|
@@ -248,6 +248,12 @@
|
||||||
compression in the corresponding direction. Use \fInobsdcomp\fR or
|
compression in the corresponding direction. Use \fInobsdcomp\fR or
|
||||||
\fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
|
\fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
|
||||||
@ -3177,9 +3202,9 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
|
|||||||
.B noauth
|
.B noauth
|
||||||
Do not require the peer to authenticate itself. This option is
|
Do not require the peer to authenticate itself. This option is
|
||||||
privileged.
|
privileged.
|
||||||
diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h
|
diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.h
|
||||||
--- ppp-2.4.7/pppd/pppd.h 2014-08-09 14:31:39.000000000 +0200
|
--- ppp-2.4.7/pppd/pppd.h 2014-08-09 14:31:39.000000000 +0200
|
||||||
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h 2017-05-09 14:38:55.156082905 +0200
|
+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.h 2018-06-02 01:42:04.025165427 +0200
|
||||||
@@ -325,6 +325,11 @@
|
@@ -325,6 +325,11 @@
|
||||||
extern bool dryrun; /* check everything, print options, exit */
|
extern bool dryrun; /* check everything, print options, exit */
|
||||||
extern int child_wait; /* # seconds to wait for children at end */
|
extern int child_wait; /* # seconds to wait for children at end */
|
||||||
10
ppp.spec
10
ppp.spec
@ -3,7 +3,7 @@
|
|||||||
Summary: The Point-to-Point Protocol daemon
|
Summary: The Point-to-Point Protocol daemon
|
||||||
Name: ppp
|
Name: ppp
|
||||||
Version: 2.4.7
|
Version: 2.4.7
|
||||||
Release: 21%{?dist}
|
Release: 22%{?dist}
|
||||||
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
URL: http://www.samba.org/ppp
|
URL: http://www.samba.org/ppp
|
||||||
@ -38,7 +38,6 @@ Patch0013: 0013-everywhere-O_CLOEXEC-harder.patch
|
|||||||
Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
|
Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
|
||||||
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
|
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
|
||||||
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
|
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
|
||||||
Patch0017: 0017-pppd-rebase-EAP-TLS-patch-v0.994.patch
|
|
||||||
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
|
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
|
||||||
Patch0019: 0019-sys-linux-rework-get_first_ethernet.patch
|
Patch0019: 0019-sys-linux-rework-get_first_ethernet.patch
|
||||||
Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch
|
Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch
|
||||||
@ -47,8 +46,7 @@ Patch0022: 0022-build-sys-compile-pppol2tp-with-multilink-support.patch
|
|||||||
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
|
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
|
||||||
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
|
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
|
||||||
Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch
|
Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch
|
||||||
Patch0026: 0026-Revert-pppd-rebase-EAP-TLS-patch-v0.994.patch
|
Patch0026: ppp-2.4.7-eaptls-mppe-1.101.patch
|
||||||
Patch0027: 0027-pppd-EAP-TLS-patch-v0.999.patch
|
|
||||||
Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
|
Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
|
||||||
|
|
||||||
# rhbz#1556132
|
# rhbz#1556132
|
||||||
@ -175,6 +173,10 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
|
|||||||
%doc PLUGINS
|
%doc PLUGINS
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-22
|
||||||
|
- Updated EAP-TLS patch to v1.101
|
||||||
|
Resolves: CVE-2018-11574
|
||||||
|
|
||||||
* Mon Apr 9 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-21
|
* Mon Apr 9 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-21
|
||||||
- Link with -E not to break plugins
|
- Link with -E not to break plugins
|
||||||
Resolves: rhbz#1564459
|
Resolves: rhbz#1564459
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user