summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch36
-rw-r--r--meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch48
-rw-r--r--meta/recipes-connectivity/ppp/ppp/makefix.patch40
-rw-r--r--meta/recipes-connectivity/ppp/ppp_2.5.0.bb (renamed from meta/recipes-connectivity/ppp/ppp_2.4.9.bb)31
4 files changed, 3 insertions, 152 deletions
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch
deleted file mode 100644
index c91246dbf5..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1From aba3273273e826c6dc90f197ca9a3e800e826891 Mon Sep 17 00:00:00 2001
2From: Bruce Ashfield <bruce.ashfield@gmail.com>
3Date: Fri, 5 Nov 2021 12:41:35 -0400
4Subject: [PATCH] ppp: fix build against 5.15 headers
5
6The 5.15 kernel has removed ipx support, along with the userspace
7visible header.
8
9This support wasn't used previously (as it hasn't been very well
10maintained in the kernel for several years), so we can simply
11disable it in our build and wait for upstream to do a release that
12drops the support.
13
14Upstream-Status: Inappropriate [OE-specific configuration/headers]
15
16Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
17---
18 pppd/Makefile.linux | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
20
21diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
22index 22837c5..23b9b22 100644
23--- a/pppd/Makefile.linux
24+++ b/pppd/Makefile.linux
25@@ -91,7 +91,7 @@ MAXOCTETS=y
26
27 INCLUDE_DIRS= -I../include
28
29-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
30+COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP -pipe
31
32 CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
33
34--
352.25.1
36
diff --git a/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch b/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
deleted file mode 100644
index 4325b1d6b0..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1From a75fb7b198eed50d769c80c36629f38346882cbf Mon Sep 17 00:00:00 2001
2From: Paul Mackerras <paulus@ozlabs.org>
3Date: Thu, 4 Aug 2022 12:23:08 +1000
4Subject: [PATCH] pppdump: Avoid out-of-range access to packet buffer
5
6This fixes a potential vulnerability where data is written to spkt.buf
7and rpkt.buf without a check on the array index. To fix this, we
8check the array index (pkt->cnt) before storing the byte or
9incrementing the count. This also means we no longer have a potential
10signed integer overflow on the increment of pkt->cnt.
11
12Fortunately, pppdump is not used in the normal process of setting up a
13PPP connection, is not installed setuid-root, and is not invoked
14automatically in any scenario that I am aware of.
15
16Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
17
18Upstream-Status: Backport
19Signed-off-by: Ross Burton <ross.burton@arm.com>
20---
21 pppdump/pppdump.c | 7 ++++++-
22 1 file changed, 6 insertions(+), 1 deletion(-)
23
24diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c
25index 2b815fc9..b85a8627 100644
26--- a/pppdump/pppdump.c
27+++ b/pppdump/pppdump.c
28@@ -297,6 +297,10 @@ dumpppp(f)
29 printf("%s aborted packet:\n ", dir);
30 q = " ";
31 }
32+ if (pkt->cnt >= sizeof(pkt->buf)) {
33+ printf("%s over-long packet truncated:\n ", dir);
34+ q = " ";
35+ }
36 nb = pkt->cnt;
37 p = pkt->buf;
38 pkt->cnt = 0;
39@@ -400,7 +404,8 @@ dumpppp(f)
40 c ^= 0x20;
41 pkt->esc = 0;
42 }
43- pkt->buf[pkt->cnt++] = c;
44+ if (pkt->cnt < sizeof(pkt->buf))
45+ pkt->buf[pkt->cnt++] = c;
46 break;
47 }
48 }
diff --git a/meta/recipes-connectivity/ppp/ppp/makefix.patch b/meta/recipes-connectivity/ppp/ppp/makefix.patch
deleted file mode 100644
index fce068cae0..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/makefix.patch
+++ /dev/null
@@ -1,40 +0,0 @@
1We were seeing reproducibility issues where one host would use the internal
2logwtmp wrapper, another would use the one in libutil. The issue was that in
3some cases the "\#include" was making it to CC, in others, "#include". The
4issue seems to be related to shell escaping.
5
6The root cause looks to be:
7http://git.savannah.gnu.org/cgit/make.git/commit/?id=c6966b323811c37acedff05b576b907b06aea5f4
8
9Instead of relying on shell quoting, use make to indirect the variable
10and avoid the problem.
11
12See https://github.com/paulusmack/ppp/issues/233
13
14Upstream-Status: Backport [https://github.com/paulusmack/ppp/commit/b4430f7092ececdff2504d5f3393a4c6528c3686]
15Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
16
17Index: ppp-2.4.9/pppd/Makefile.linux
18===================================================================
19--- ppp-2.4.9.orig/pppd/Makefile.linux
20+++ ppp-2.4.9/pppd/Makefile.linux
21@@ -80,7 +80,8 @@ PLUGIN=y
22 #USE_SRP=y
23
24 # Use libutil; test if logwtmp is declared in <utmp.h> to detect
25-ifeq ($(shell echo '\#include <utmp.h>' | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes)
26+UTMPHEADER = "\#include <utmp.h>"
27+ifeq ($(shell echo $(UTMPHEADER) | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes)
28 USE_LIBUTIL=y
29 endif
30
31@@ -143,7 +144,8 @@ CFLAGS += -DHAS_SHADOW
32 #LIBS += -lshadow $(LIBS)
33 endif
34
35-ifeq ($(shell echo '\#include <crypt.h>' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
36+CRYPTHEADER = "\#include <crypt.h>"
37+ifeq ($(shell echo $(CRYPTHEADER) | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
38 CFLAGS += -DHAVE_CRYPT_H=1
39 LIBS += -lcrypt
40 endif
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
index 7e3ae43b58..4b052f8ed9 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb
@@ -12,7 +12,6 @@ LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77
12 file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" 12 file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
13 13
14SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ 14SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
15 file://makefix.patch \
16 file://pon \ 15 file://pon \
17 file://poff \ 16 file://poff \
18 file://init \ 17 file://init \
@@ -24,31 +23,15 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
24 file://ppp_on_boot \ 23 file://ppp_on_boot \
25 file://provider \ 24 file://provider \
26 file://ppp@.service \ 25 file://ppp@.service \
27 file://0001-ppp-fix-build-against-5.15-headers.patch \
28 file://CVE-2022-4603.patch \
29 " 26 "
30 27
31SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d" 28SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff"
32 29
33inherit autotools-brokensep systemd 30inherit autotools systemd
34 31
35TARGET_CC_ARCH += " ${LDFLAGS}" 32EXTRA_OECONF += "--with-openssl=${STAGING_EXECPREFIXDIR}"
36EXTRA_OEMAKE = "CC='${CC}' STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}"
37EXTRA_OECONF = "--disable-strip"
38
39# Package Makefile computes CFLAGS, referencing COPTS.
40# Typically hard-coded to '-O2 -g' in the Makefile's.
41#
42EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
43
44EXTRA_OECONF:append:libc-musl = " --disable-ipxcp"
45
46do_configure () {
47 oe_runconf
48}
49 33
50do_install:append () { 34do_install:append () {
51 make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp
52 mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d 35 mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
53 mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/ 36 mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
54 mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/ 37 mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/
@@ -68,12 +51,6 @@ do_install:append () {
68 install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir} 51 install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir}
69 sed -i -e 's,@SBINDIR@,${sbindir},g' \ 52 sed -i -e 's,@SBINDIR@,${sbindir},g' \
70 ${D}${systemd_system_unitdir}/ppp@.service 53 ${D}${systemd_system_unitdir}/ppp@.service
71 rm -rf ${D}/${mandir}/man8/man8
72 chmod u+s ${D}${sbindir}/pppd
73}
74
75do_install:append:libc-musl () {
76 install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h
77} 54}
78 55
79CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options" 56CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
@@ -96,5 +73,3 @@ SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe"
96SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support" 73SUMMARY:${PN}-l2tp = "Plugin for PPP for l2tp support"
97SUMMARY:${PN}-tools = "Additional tools for the PPP package" 74SUMMARY:${PN}-tools = "Additional tools for the PPP package"
98 75
99# Ignore compatibility symlink rp-pppoe.so->pppoe.so
100INSANE_SKIP:${PN}-oe += "dev-so"