[Buildroot] [PATCH/next 1/1] package/pppd: bump to version 2.4.9

[Buildroot] [PATCH/next 1/1] package/pppd: bump to version 2.4.9

[Fabrice Fontaine]

- Drop patch (already in version)
- Update hash of bsd-comp.c, ccp.c and passprompt.c (no change in
  license)
- rp-pppoe has been renamed to pppoe since
  https://github.com/paulusmack/ppp/commit/b2c36e6c0e1655aea9b1b0a03a8160f42a26c884
- Manage EAP-TLS which depends on openssl and has been added and is
  enabled by default since
  https://github.com/paulusmack/ppp/commit/e87fe1bbd37a1486c5223f110e9ce3ef75971f93
- Update indentation in hash file (two spaces)

https://github.com/paulusmack/ppp/blob/2.4.9/README

Fixes:
 - https://bugs.busybox.net/show_bug.cgi?id=13436

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/pppd/0001-pppd-Fix-bounds-check.patch | 37 ------------
 ...n-with-older-glibc-or-kernel-headers.patch | 60 +++++++++++++++++++
 package/pppd/pppd.hash                        | 12 ++--
 package/pppd/pppd.mk                          | 19 +++---
 4 files changed, 76 insertions(+), 52 deletions(-)
 delete mode 100644 package/pppd/0001-pppd-Fix-bounds-check.patch
 create mode 100644 package/pppd/0001-pppd-Fix-compilation-with-older-glibc-or-kernel-headers.patch

diff --git a/package/pppd/0001-pppd-Fix-bounds-check.patch b/package/pppd/0001-pppd-Fix-bounds-check.patch
deleted file mode 100644
index 5d7c51bcac..0000000000
--- a/package/pppd/0001-pppd-Fix-bounds-check.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
-From: Paul Mackerras <paulus@ozlabs.org>
-Date: Mon, 3 Feb 2020 15:53:28 +1100
-Subject: [PATCH] pppd: Fix bounds check in EAP code
-
-Given that we have just checked vallen < len, it can never be the case
-that vallen >= len + sizeof(rhostname).  This fixes the check so we
-actually avoid overflowing the rhostname array.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
----
- pppd/eap.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/pppd/eap.c b/pppd/eap.c
-index 94407f56..1b93db01 100644
---- a/pppd/eap.c
-+++ b/pppd/eap.c
-@@ -1420,7 +1420,7 @@ int len;
- 		}
- 
- 		/* Not so likely to happen. */
--		if (vallen >= len + sizeof (rhostname)) {
-+		if (len - vallen >= sizeof (rhostname)) {
- 			dbglog("EAP: trimming really long peer name down");
- 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
- 			rhostname[sizeof (rhostname) - 1] = '\0';
-@@ -1846,7 +1846,7 @@ int len;
- 		}
- 
- 		/* Not so likely to happen. */
--		if (vallen >= len + sizeof (rhostname)) {
-+		if (len - vallen >= sizeof (rhostname)) {
- 			dbglog("EAP: trimming really long peer name down");
- 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
- 			rhostname[sizeof (rhostname) - 1] = '\0';
diff --git a/package/pppd/0001-pppd-Fix-compilation-with-older-glibc-or-kernel-headers.patch b/package/pppd/0001-pppd-Fix-compilation-with-older-glibc-or-kernel-headers.patch
new file mode 100644
index 0000000000..86d8b8f4e3
--- /dev/null
+++ b/package/pppd/0001-pppd-Fix-compilation-with-older-glibc-or-kernel-headers.patch
@@ -0,0 +1,60 @@
+From 98ec18f098e5ef68e3a8cc6954fcaf5a7fb8b7be Mon Sep 17 00:00:00 2001
+From: pali <7141871+pali@users.noreply.github.com>
+Date: Mon, 15 Feb 2021 07:54:01 +0100
+Subject: [PATCH] pppd: Fix compilation with older glibc or kernel headers
+ (#248)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+glibc versions prior to 2.24 do not define SOL_NETLINK and linux kernel
+versions prior to 4.3 do not define NETLINK_CAP_ACK. So add fallback
+definitions for these macros into pppd/sys-linux.c file.
+
+Also extend description why we call SOL_NETLINK/NETLINK_CAP_ACK option.
+
+Signed-off-by: Pali Rohár <pali@kernel.org>
+
+[Retrieved from:
+https://github.com/ppp-project/ppp/commit/98ec18f098e5ef68e3a8cc6954fcaf5a7fb8b7be]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ pppd/sys-linux.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 85033d97..50c4f2da 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -125,6 +125,14 @@
+ #include <linux/netlink.h>
+ #include <linux/rtnetlink.h>
+ #include <linux/if_addr.h>
++/* glibc versions prior to 2.24 do not define SOL_NETLINK */
++#ifndef SOL_NETLINK
++#define SOL_NETLINK 270
++#endif
++/* linux kernel versions prior to 4.3 do not define/support NETLINK_CAP_ACK */
++#ifndef NETLINK_CAP_ACK
++#define NETLINK_CAP_ACK 10
++#endif
+ #endif
+ 
+ #include "pppd.h"
+@@ -2843,7 +2851,15 @@ static int append_peer_ipv6_address(unsigned int iface, struct in6_addr *local_a
+     if (fd < 0)
+         return 0;
+ 
+-    /* do not ask for error message content */
++    /*
++     * Tell kernel to not send to us payload of acknowledgment error message.
++     * NETLINK_CAP_ACK option is supported since Linux kernel version 4.3 and
++     * older kernel versions always send full payload in acknowledgment netlink
++     * message. We ignore payload of this message as we need only error code,
++     * to check if our set remote peer address request succeeded or failed.
++     * So ignore return value from the following setsockopt() call as setting
++     * option NETLINK_CAP_ACK means for us just a kernel hint / optimization.
++     */
+     one = 1;
+     setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &one, sizeof(one));
+ 
diff --git a/package/pppd/pppd.hash b/package/pppd/pppd.hash
index a923158576..3d471695bb 100644
--- a/package/pppd/pppd.hash
+++ b/package/pppd/pppd.hash
@@ -1,7 +1,7 @@
 # Locally calculated
-sha256	91fbff784ad16a1111a7f22df4675aeb161d958bb79f1cc4c1f0c81944e7cb40	pppd-2.4.8.tar.gz
-sha256	3990c65c506885f7bb75455d1d6188743a14ad46f5b62e136ef3739aed52c532	pppd/tdb.c
-sha256	1822ead9d2854adfbd282322b29730a3fec4cc67f6f6a2e487aad3476e3afd59	pppd/plugins/pppoatm/COPYING
-sha256	91a5e9c173e0e001e081e15bf7850cfd782a0baa02f5921e327ae3b449beff3f	pppdump/bsd-comp.c
-sha256	ee1c28551c87cdcdaf80eb3922726f015201614cb560a5ed18a7a0c15f2b4aa4	pppd/ccp.c
-sha256	6fa4c3dad059f6ef15c1c5e5219d9d0d40991dd3a162098a89967a1720de059e	pppd/plugins/passprompt.c
+sha256  675bff4f366174649f4a3c92fd32ac476e694164ff2b0b7710019b6ead9c561e  pppd-2.4.9.tar.gz
+sha256  3990c65c506885f7bb75455d1d6188743a14ad46f5b62e136ef3739aed52c532  pppd/tdb.c
+sha256  1822ead9d2854adfbd282322b29730a3fec4cc67f6f6a2e487aad3476e3afd59  pppd/plugins/pppoatm/COPYING
+sha256  d759ec16875a69c2d5529f8cb3c040fef8fe38d26f70457aadb73c91b72746c8  pppdump/bsd-comp.c
+sha256  c0d0f14b6ec9948332f10ded741293ed1f3b96e0d266e4903b605a6e1f8af7cd  pppd/ccp.c
+sha256  367f334c509db2b293aea5ce9f54284d9a9f6e0a9e0c6e305d544079baf8ab63  pppd/plugins/passprompt.c
diff --git a/package/pppd/pppd.mk b/package/pppd/pppd.mk
index 098c6a8e6f..71bfceb607 100644
--- a/package/pppd/pppd.mk
+++ b/package/pppd/pppd.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-PPPD_VERSION = 2.4.8
+PPPD_VERSION = 2.4.9
 PPPD_SITE = $(call github,paulusmack,ppp,ppp-$(PPPD_VERSION))
 PPPD_LICENSE = LGPL-2.0+, LGPL, BSD-4-Clause, BSD-3-Clause, GPL-2.0+
 PPPD_LICENSE_FILES = \
@@ -14,14 +14,15 @@ PPPD_CPE_ID_VENDOR = samba
 PPPD_CPE_ID_PRODUCT = ppp
 PPPD_SELINUX_MODULES = ppp
 
-# 0001-pppd-Fix-bounds-check.patch
-PPPD_IGNORE_CVES += CVE-2020-8597
-
 PPPD_MAKE_OPTS = HAVE_INET6=y
-ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
+
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
 PPPD_DEPENDENCIES += openssl
+PPPD_MAKE_OPTS += USE_EAPTLS=y
 else
-PPPD_MAKE_OPTS += USE_CRYPT=y
+PPPD_MAKE_OPTS += \
+	USE_CRYPT=y \
+	USE_EAPTLS=
 endif
 
 PPPD_INSTALL_STAGING = YES
@@ -101,9 +102,9 @@ define PPPD_INSTALL_TARGET_CMDS
 		$(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/passwordfd.so
 	$(INSTALL) -D $(PPPD_DIR)/pppd/plugins/pppoatm/pppoatm.so \
 		$(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/pppoatm.so
-	$(INSTALL) -D $(PPPD_DIR)/pppd/plugins/rp-pppoe/rp-pppoe.so \
-		$(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/rp-pppoe.so
-	$(INSTALL) -D $(PPPD_DIR)/pppd/plugins/rp-pppoe/pppoe-discovery \
+	$(INSTALL) -D $(PPPD_DIR)/pppd/plugins/pppoe/pppoe.so \
+		$(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/pppoe.so
+	$(INSTALL) -D $(PPPD_DIR)/pppd/plugins/pppoe/pppoe-discovery \
 		$(TARGET_DIR)/usr/sbin/pppoe-discovery
 	$(INSTALL) -D $(PPPD_DIR)/pppd/plugins/winbind.so \
 		$(TARGET_DIR)/usr/lib/pppd/$(PPPD_VERSION)/winbind.so
-- 
2.33.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH/next 1/1] package/pppd: bump to version 2.4.9

[Thomas Petazzoni]

On Sun, 14 Nov 2021 12:33:10 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> - Drop patch (already in version)
> - Update hash of bsd-comp.c, ccp.c and passprompt.c (no change in
>   license)
> - rp-pppoe has been renamed to pppoe since
>   https://github.com/paulusmack/ppp/commit/b2c36e6c0e1655aea9b1b0a03a8160f42a26c884
> - Manage EAP-TLS which depends on openssl and has been added and is
>   enabled by default since
>   https://github.com/paulusmack/ppp/commit/e87fe1bbd37a1486c5223f110e9ce3ef75971f93

I am rather confused by this, especially since you're changing pppd.mk,
but not the Config.in that has some funky logic:

        select BR2_PACKAGE_OPENSSL if BR2_TOOLCHAIN_USES_GLIBC
        select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL \
                                                 && BR2_TOOLCHAIN_USES_GLIBC

Could you explain a bit more how this is intended to work, and what is
the logic/rationale ?

Also, I've tested and this 2.4.9 version of pppd build fine with musl,
so:

        depends on !BR2_TOOLCHAIN_USES_MUSL # Use __P() macro all over the tree

could be dropped.

Thanks,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH/next 1/1] package/pppd: bump to version 2.4.9

[Fabrice Fontaine]

Le dim. 14 nov. 2021 à 14:33, Thomas Petazzoni
<thomas.petazzoni@bootlin.com> a écrit :
>
> On Sun, 14 Nov 2021 12:33:10 +0100
> Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
>
> > - Drop patch (already in version)
> > - Update hash of bsd-comp.c, ccp.c and passprompt.c (no change in
> >   license)
> > - rp-pppoe has been renamed to pppoe since
> >   https://github.com/paulusmack/ppp/commit/b2c36e6c0e1655aea9b1b0a03a8160f42a26c884
> > - Manage EAP-TLS which depends on openssl and has been added and is
> >   enabled by default since
> >   https://github.com/paulusmack/ppp/commit/e87fe1bbd37a1486c5223f110e9ce3ef75971f93
>
> I am rather confused by this, especially since you're changing pppd.mk,
> but not the Config.in that has some funky logic:
>
>         select BR2_PACKAGE_OPENSSL if BR2_TOOLCHAIN_USES_GLIBC
>         select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL \
>                                                  && BR2_TOOLCHAIN_USES_GLIBC
>
> Could you explain a bit more how this is intended to work, and what is
> the logic/rationale ?
I'll update the commit message in v2 but basically openssl is still
mandatory with glibc because encrypt and setkey functions have been
removed from glibc 2.28 (cf. commit
b519bcafe75d1256d1fc42aa26393405b89629b3)
>
> Also, I've tested and this 2.4.9 version of pppd build fine with musl,
> so:
>
>         depends on !BR2_TOOLCHAIN_USES_MUSL # Use __P() macro all over the tree
>
> could be dropped.
OK, I'll drop it from v2.

>
> Thanks,
>
> Thomas
> --
> Thomas Petazzoni, co-owner and CEO, Bootlin
> Embedded Linux and Kernel engineering and training
> https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot