4 files changed, 3 insertions, 152 deletions
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch
deleted file mode 100644
index c91246dbf5..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From aba3273273e826c6dc90f197ca9a3e800e826891 Mon Sep 17 00:00:00 2001
-From: Bruce Ashfield <bruce.ashfield@gmail.com>
-Date: Fri, 5 Nov 2021 12:41:35 -0400
-Subject: [PATCH] ppp: fix build against 5.15 headers
-The 5.15 kernel has removed ipx support, along with the userspace
-visible header.
-This support wasn't used previously (as it hasn't been very well
-maintained in the kernel for several years), so we can simply
-disable it in our build and wait for upstream to do a release that
-drops the support.
-Upstream-Status: Inappropriate [OE-specific configuration/headers]
-Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
- pppd/Makefile.linux | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index 22837c5..23b9b22 100644
--- a/pppd/Makefile.linux
-+++ b/pppd/Makefile.linux
-@@ -91,7 +91,7 @@ MAXOCTETS=y
- 
- INCLUDE_DIRS= -I../include
- 
-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
-+COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP -pipe
- 
- CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
- 
-- 
-2.25.1
diff --git a/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch b/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
deleted file mode 100644
index 4325b1d6b0..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From a75fb7b198eed50d769c80c36629f38346882cbf Mon Sep 17 00:00:00 2001
-From: Paul Mackerras <paulus@ozlabs.org>
-Date: Thu, 4 Aug 2022 12:23:08 +1000
-Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer
-This fixes a potential vulnerability where data is written to spkt.buf
-and rpkt.buf without a check on the array index.  To fix this, we
-check the array index (pkt->cnt) before storing the byte or
-incrementing the count.  This also means we no longer have a potential
-signed integer overflow on the increment of pkt->cnt.
-Fortunately, pppdump is not used in the normal process of setting up a
-PPP connection, is not installed setuid-root, and is not invoked
-automatically in any scenario that I am aware of.
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
---
- pppdump/pppdump.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
-index 2b815fc9..b85a8627 100644
--- a/pppdump/pppdump.c
-+++ b/pppdump/pppdump.c
-@@ -297,6 +297,10 @@ dumpppp(f)
-                            printf("%s aborted packet:\n     ", dir);
-                            q = "    ";
-                        }
-+                       if (pkt->cnt >= sizeof(pkt->buf)) {
-+                           printf("%s over-long packet truncated:\n     ", dir);
-+                           q = "    ";
-+                       }
-                        nb = pkt->cnt;
-                        p = pkt->buf;
-                        pkt->cnt = 0;
-@@ -400,7 +404,8 @@ dumpppp(f)
-                        c ^= 0x20;
-                        pkt->esc = 0;
-                    }
-                   pkt->buf[pkt->cnt++] = c;
-+                   if (pkt->cnt < sizeof(pkt->buf))
-+                       pkt->buf[pkt->cnt++] = c;
-                    break;
-                }
-            }
diff --git a/meta/recipes-connectivity/ppp/ppp/makefix.patch b/meta/recipes-connectivity/ppp/ppp/makefix.patch
deleted file mode 100644
index fce068cae0..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/makefix.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-We were seeing reproducibility issues where one host would use the internal 
-logwtmp wrapper, another would use the one in libutil. The issue was that in
-some cases the "\#include" was making it to CC, in others, "#include". The
-issue seems to be related to shell escaping.
-The root cause looks to be:
-http://git.savannah.gnu.org/cgit/make.git/commit/?id=c6966b323811c37acedff05b576b907b06aea5f4
-Instead of relying on shell quoting, use make to indirect the variable
-and avoid the problem.
-See https://github.com/paulusmack/ppp/issues/233
-Upstream-Status: Backport [https://github.com/paulusmack/ppp/commit/b4430f7092ececdff2504d5f3393a4c6528c3686]
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Index: ppp-2.4.9/pppd/Makefile.linux
-===================================================================
--- ppp-2.4.9.orig/pppd/Makefile.linux
-+++ ppp-2.4.9/pppd/Makefile.linux
-@@ -80,7 +80,8 @@ PLUGIN=y
- #USE_SRP=y
- 
- # Use libutil; test if logwtmp is declared in <utmp.h> to detect
-ifeq ($(shell echo '\#include <utmp.h>' | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes)
-+UTMPHEADER = "\#include <utmp.h>"
-+ifeq ($(shell echo $(UTMPHEADER) | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes)
- USE_LIBUTIL=y
- endif
- 
-@@ -143,7 +144,8 @@ CFLAGS   += -DHAS_SHADOW
- #LIBS     += -lshadow $(LIBS)
- endif
- 
-ifeq ($(shell echo '\#include <crypt.h>' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
-+CRYPTHEADER = "\#include <crypt.h>"
-+ifeq ($(shell echo $(CRYPTHEADER) | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
- CFLAGS  += -DHAVE_CRYPT_H=1
- LIBS   += -lcrypt
- endif
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
index 7e3ae43b58..4b052f8ed9 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
@@ -12,7 +12,6 @@ LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77
                    file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
 SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
-           file://makefix.patch \
           file://pon \
           file://poff \
           file://init \
@@ -24,31 +23,15 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
           file://ppp_on_boot \
           file://provider \
           file://ppp@.service \
-           file://0001-ppp-fix-build-against-5.15-headers.patch \
-           file://CVE-2022-4603.patch \
           "
-SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d"
+SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff"
-inherit autotools-brokensep systemd
+inherit autotools systemd
-TARGET_CC_ARCH += " ${LDFLAGS}"
+EXTRA_OECONF += "--with-openssl=${STAGING_EXECPREFIXDIR}"
-EXTRA_OEMAKE = "CC='${CC}' STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}"
-EXTRA_OECONF = "--disable-strip"
-# Package Makefile computes CFLAGS, referencing COPTS.
-# Typically hard-coded to '-O2 -g' in the Makefile's.
-#
-EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
-EXTRA_OECONF:append:libc-musl = " --disable-ipxcp"
-do_configure () {
-        oe_runconf
-}
 do_install:append () {
-        make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp
        mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
        mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
        mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/
@@ -68,12 +51,6 @@ do_install:append () {
        install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir}
        sed -i -e 's,@SBINDIR@,${sbindir},g' \
               ${D}${systemd_system_unitdir}/ppp@.service
-        rm -rf ${D}/${mandir}/man8/man8
-        chmod u+s ${D}${sbindir}/pppd
-}
-do_install:append:libc-musl () {
-        install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h
 }
 CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
@@ -96,5 +73,3 @@ SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe"
 SUMMARY:${PN}-l2tp     = "Plugin for PPP for l2tp support"
 SUMMARY:${PN}-tools    = "Additional tools for the PPP package"
-# Ignore compatibility symlink rp-pppoe.so->pppoe.so
-INSANE_SKIP:${PN}-oe += "dev-so"

diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch deleted file mode 100644 index c91246dbf5..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch +++ /dev/null
@@ -1,36 +0,0 @@
1	From aba3273273e826c6dc90f197ca9a3e800e826891 Mon Sep 17 00:00:00 2001
2	From: Bruce Ashfield <bruce.ashfield@gmail.com>
3	Date: Fri, 5 Nov 2021 12:41:35 -0400
4	Subject: [PATCH] ppp: fix build against 5.15 headers
5
6	The 5.15 kernel has removed ipx support, along with the userspace
7	visible header.
8
9	This support wasn't used previously (as it hasn't been very well
10	maintained in the kernel for several years), so we can simply
11	disable it in our build and wait for upstream to do a release that
12	drops the support.
13
14	Upstream-Status: Inappropriate [OE-specific configuration/headers]
15
16	Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
17	---
18	pppd/Makefile.linux \| 2 +-
19	1 file changed, 1 insertion(+), 1 deletion(-)
20
21	diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
22	index 22837c5..23b9b22 100644
23	--- a/pppd/Makefile.linux
24	+++ b/pppd/Makefile.linux
25	@@ -91,7 +91,7 @@ MAXOCTETS=y
26
27	INCLUDE_DIRS= -I../include
28
29	-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
30	+COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP -pipe
31
32	CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
33
34	--
35	2.25.1
36


diff --git a/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch b/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch deleted file mode 100644 index 4325b1d6b0..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch +++ /dev/null
@@ -1,48 +0,0 @@
1	From a75fb7b198eed50d769c80c36629f38346882cbf Mon Sep 17 00:00:00 2001
2	From: Paul Mackerras <paulus@ozlabs.org>
3	Date: Thu, 4 Aug 2022 12:23:08 +1000
4	Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer
5
6	This fixes a potential vulnerability where data is written to spkt.buf
7	and rpkt.buf without a check on the array index. To fix this, we
8	check the array index (pkt->cnt) before storing the byte or
9	incrementing the count. This also means we no longer have a potential
10	signed integer overflow on the increment of pkt->cnt.
11
12	Fortunately, pppdump is not used in the normal process of setting up a
13	PPP connection, is not installed setuid-root, and is not invoked
14	automatically in any scenario that I am aware of.
15
16	Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
17
18	Upstream-Status: Backport
19	Signed-off-by: Ross Burton <ross.burton@arm.com>
20	---
21	pppdump/pppdump.c \| 7 ++++++-
22	1 file changed, 6 insertions(+), 1 deletion(-)
23
24	diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
25	index 2b815fc9..b85a8627 100644
26	--- a/pppdump/pppdump.c
27	+++ b/pppdump/pppdump.c
28	@@ -297,6 +297,10 @@ dumpppp(f)
29	printf("%s aborted packet:\n ", dir);
30	q = " ";
31	}
32	+ if (pkt->cnt >= sizeof(pkt->buf)) {
33	+ printf("%s over-long packet truncated:\n ", dir);
34	+ q = " ";
35	+ }
36	nb = pkt->cnt;
37	p = pkt->buf;
38	pkt->cnt = 0;
39	@@ -400,7 +404,8 @@ dumpppp(f)
40	c ^= 0x20;
41	pkt->esc = 0;
42	}
43	- pkt->buf[pkt->cnt++] = c;
44	+ if (pkt->cnt < sizeof(pkt->buf))
45	+ pkt->buf[pkt->cnt++] = c;
46	break;
47	}
48	}


diff --git a/meta/recipes-connectivity/ppp/ppp/makefix.patch b/meta/recipes-connectivity/ppp/ppp/makefix.patch deleted file mode 100644 index fce068cae0..0000000000 --- a/meta/recipes-connectivity/ppp/ppp/makefix.patch +++ /dev/null
@@ -1,40 +0,0 @@
1	We were seeing reproducibility issues where one host would use the internal
2	logwtmp wrapper, another would use the one in libutil. The issue was that in
3	some cases the "\#include" was making it to CC, in others, "#include". The
4	issue seems to be related to shell escaping.
5
6	The root cause looks to be:
7	http://git.savannah.gnu.org/cgit/make.git/commit/?id=c6966b323811c37acedff05b576b907b06aea5f4
8
9	Instead of relying on shell quoting, use make to indirect the variable
10	and avoid the problem.
11
12	See https://github.com/paulusmack/ppp/issues/233
13
14	Upstream-Status: Backport [https://github.com/paulusmack/ppp/commit/b4430f7092ececdff2504d5f3393a4c6528c3686]
15	Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
16
17	Index: ppp-2.4.9/pppd/Makefile.linux
18	===================================================================
19	--- ppp-2.4.9.orig/pppd/Makefile.linux
20	+++ ppp-2.4.9/pppd/Makefile.linux
21	@@ -80,7 +80,8 @@ PLUGIN=y
22	#USE_SRP=y
23
24	# Use libutil; test if logwtmp is declared in <utmp.h> to detect
25	-ifeq ($(shell echo '\#include <utmp.h>' \| $(CC) -E - 2>/dev/null \| grep -q logwtmp && echo yes),yes)
26	+UTMPHEADER = "\#include <utmp.h>"
27	+ifeq ($(shell echo $(UTMPHEADER) \| $(CC) -E - 2>/dev/null \| grep -q logwtmp && echo yes),yes)
28	USE_LIBUTIL=y
29	endif
30
31	@@ -143,7 +144,8 @@ CFLAGS += -DHAS_SHADOW
32	#LIBS += -lshadow $(LIBS)
33	endif
34
35	-ifeq ($(shell echo '\#include <crypt.h>' \| $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
36	+CRYPTHEADER = "\#include <crypt.h>"
37	+ifeq ($(shell echo $(CRYPTHEADER) \| $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
38	CFLAGS += -DHAVE_CRYPT_H=1
39	LIBS += -lcrypt
40	endif


diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb index 7e3ae43b58..4b052f8ed9 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
@@ -12,7 +12,6 @@ LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77
12	file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"	12	file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
13		13
14	SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \	14	SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
15	file://makefix.patch \
16	file://pon \	15	file://pon \
17	file://poff \	16	file://poff \
18	file://init \	17	file://init \
@@ -24,31 +23,15 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
24	file://ppp_on_boot \	23	file://ppp_on_boot \
25	file://provider \	24	file://provider \
26	file://ppp@.service \	25	file://ppp@.service \
27	file://0001-ppp-fix-build-against-5.15-headers.patch \
28	file://CVE-2022-4603.patch \
29	"	26	"
30		27
31	SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d"	28	SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff"
32		29
33	inherit autotools-brokensep systemd	30	inherit autotools systemd
34		31
35	TARGET_CC_ARCH += " ${LDFLAGS}"	32	EXTRA_OECONF += "--with-openssl=${STAGING_EXECPREFIXDIR}"
36	EXTRA_OEMAKE = "CC='${CC}' STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}"
37	EXTRA_OECONF = "--disable-strip"
38
39	# Package Makefile computes CFLAGS, referencing COPTS.
40	# Typically hard-coded to '-O2 -g' in the Makefile's.
41	#
42	EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
43
44	EXTRA_OECONF:append:libc-musl = " --disable-ipxcp"
45
46	do_configure () {
47	oe_runconf
48	}
49		33
50	do_install:append () {	34	do_install:append () {
51	make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp
52	mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d	35	mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
53	mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/	36	mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
54	mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/	37	mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/
@@ -68,12 +51,6 @@ do_install:append () {
68	install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir}	51	install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir}
69	sed -i -e 's,@SBINDIR@,${sbindir},g' \	52	sed -i -e 's,@SBINDIR@,${sbindir},g' \
70	${D}${systemd_system_unitdir}/ppp@.service	53	${D}${systemd_system_unitdir}/ppp@.service
71	rm -rf ${D}/${mandir}/man8/man8
72	chmod u+s ${D}${sbindir}/pppd
73	}
74
75	do_install:append:libc-musl () {
76	install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h
77	}	54	}
78		55
79	CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"	56	CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
@@ -96,5 +73,3 @@ SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe"
96	SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support"	73	SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support"
97	SUMMARY:${PN}-tools = "Additional tools for the PPP package"	74	SUMMARY:${PN}-tools = "Additional tools for the PPP package"
98		75
99	# Ignore compatibility symlink rp-pppoe.so->pppoe.so
100	INSANE_SKIP:${PN}-oe += "dev-so"