From db79e96601211dd50323536d1414928b437f60fe Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 13 Sep 2014 20:56:13 +0000 Subject: [PATCH] ppp: update to version 2.4.7 This fixes: CVE-2014-3158 and some other bugs. Signed-off-by: Hauke Mehrtens git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42525 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/network/services/ppp/Makefile | 4 ++-- .../services/ppp/patches/100-debian_ip-ip_option.patch | 2 +- .../services/ppp/patches/101-debian_close_dev_ppp.patch | 2 +- .../network/services/ppp/patches/105-debian_demand.patch | 4 ++-- .../services/ppp/patches/110-debian_defaultroute.patch | 16 ++++++++-------- .../ppp/patches/120-debian_ipv6_updown_option.patch | 8 ++++---- .../services/ppp/patches/310-precompile_filter.patch | 2 +- .../services/ppp/patches/320-custom_iface_names.patch | 6 +++--- .../321-multilink_support_custom_iface_names.patch | 4 ++-- .../ppp/patches/330-retain_foreign_default_routes.patch | 2 +- .../ppp/patches/340-populate_default_gateway.patch | 4 ++-- .../ppp/patches/400-simplify_kernel_checks.patch | 16 ++++++++-------- .../services/ppp/patches/401-no_record_file.patch | 6 +++--- package/network/services/ppp/patches/403-no_wtmp.patch | 4 ++-- .../ppp/patches/520-ms_chap_buffer_overrun.patch | 13 ------------- 15 files changed, 40 insertions(+), 53 deletions(-) delete mode 100644 package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch diff --git a/package/network/services/ppp/Makefile b/package/network/services/ppp/Makefile index 724be30ef3..b320e304f2 100644 --- a/package/network/services/ppp/Makefile +++ b/package/network/services/ppp/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=ppp -PKG_VERSION:=2.4.6 +PKG_VERSION:=2.4.7 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.samba.org/pub/ppp/ -PKG_MD5SUM:=3434d2cc9327167a0723aaaa8670083b +PKG_MD5SUM:=78818f40e6d33a1d1de68a1551f6595a PKG_MAINTAINER:=Felix Fietkau PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/package/network/services/ppp/patches/100-debian_ip-ip_option.patch b/package/network/services/ppp/patches/100-debian_ip-ip_option.patch index 5712367efe..1017e0fe79 100644 --- a/package/network/services/ppp/patches/100-debian_ip-ip_option.patch +++ b/package/network/services/ppp/patches/100-debian_ip-ip_option.patch @@ -85,7 +85,7 @@ Signed-off-by: Jo-Philipp Wich "Enable multilink operation", OPT_PRIO | 1 }, --- a/pppd/pppd.h +++ b/pppd/pppd.h -@@ -317,6 +317,8 @@ extern bool tune_kernel; /* May alter ke +@@ -318,6 +318,8 @@ extern bool tune_kernel; /* May alter ke extern int connect_delay; /* Time to delay after connect script */ extern int max_data_rate; /* max bytes/sec through charshunt */ extern int req_unit; /* interface unit number to use */ diff --git a/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch b/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch index 232b10b521..7c6765b9f7 100644 --- a/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch +++ b/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch @@ -12,7 +12,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -453,6 +453,13 @@ int generic_establish_ppp (int fd) +@@ -458,6 +458,13 @@ int generic_establish_ppp (int fd) if (new_style_driver) { int flags; diff --git a/package/network/services/ppp/patches/105-debian_demand.patch b/package/network/services/ppp/patches/105-debian_demand.patch index b26a8c329a..2502d49689 100644 --- a/package/network/services/ppp/patches/105-debian_demand.patch +++ b/package/network/services/ppp/patches/105-debian_demand.patch @@ -150,7 +150,7 @@ } else { --- a/pppd/ipv6cp.c +++ b/pppd/ipv6cp.c -@@ -1243,7 +1243,7 @@ ipv6cp_up(f) +@@ -1232,7 +1232,7 @@ ipv6cp_up(f) } } @@ -161,7 +161,7 @@ } else { --- a/pppd/pppd.h +++ b/pppd/pppd.h -@@ -584,7 +584,7 @@ void demand_conf __P((void)); /* config +@@ -585,7 +585,7 @@ void demand_conf __P((void)); /* config void demand_block __P((void)); /* set all NPs to queue up packets */ void demand_unblock __P((void)); /* set all NPs to pass packets */ void demand_discard __P((void)); /* set all NPs to discard packets */ diff --git a/package/network/services/ppp/patches/110-debian_defaultroute.patch b/package/network/services/ppp/patches/110-debian_defaultroute.patch index 41404aba83..e8659ea152 100644 --- a/package/network/services/ppp/patches/110-debian_defaultroute.patch +++ b/package/network/services/ppp/patches/110-debian_defaultroute.patch @@ -153,7 +153,7 @@ Signed-off-by: Jo-Philipp Wich .B nodeflate --- a/pppd/pppd.h +++ b/pppd/pppd.h -@@ -664,7 +664,7 @@ int sif6addr __P((int, eui64_t, eui64_t +@@ -667,7 +667,7 @@ int sif6addr __P((int, eui64_t, eui64_t int cif6addr __P((int, eui64_t, eui64_t)); /* Remove an IPv6 address from i/f */ #endif @@ -164,16 +164,16 @@ Signed-off-by: Jo-Philipp Wich /* Delete default route through i/f */ --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -206,6 +206,8 @@ static unsigned char inbuf[512]; /* buff - +@@ -207,6 +207,8 @@ static unsigned char inbuf[512]; /* buff static int if_is_up; /* Interface has been marked up */ + static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */ static int have_default_route; /* Gateway for default route added */ +static struct rtentry old_def_rt; /* Old default route */ +static int default_rt_repl_rest; /* replace and restore old default rt */ static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ static char proxy_arp_dev[16]; /* Device for proxy arp entry */ static u_int32_t our_old_addr; /* for detecting address changes */ -@@ -1544,6 +1546,9 @@ static int read_route_table(struct rtent +@@ -1552,6 +1554,9 @@ static int read_route_table(struct rtent p = NULL; } @@ -183,7 +183,7 @@ Signed-off-by: Jo-Philipp Wich SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); -@@ -1613,20 +1618,51 @@ int have_route_to(u_int32_t addr) +@@ -1621,20 +1626,51 @@ int have_route_to(u_int32_t addr) /******************************************************************** * * sifdefaultroute - assign a default route through the address given. @@ -248,7 +248,7 @@ Signed-off-by: Jo-Philipp Wich } memset (&rt, 0, sizeof (rt)); -@@ -1641,10 +1677,16 @@ int sifdefaultroute (int unit, u_int32_t +@@ -1649,10 +1685,16 @@ int sifdefaultroute (int unit, u_int32_t rt.rt_flags = RTF_UP; if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) { @@ -266,7 +266,7 @@ Signed-off-by: Jo-Philipp Wich have_default_route = 1; return 1; -@@ -1675,11 +1717,21 @@ int cifdefaultroute (int unit, u_int32_t +@@ -1683,11 +1725,21 @@ int cifdefaultroute (int unit, u_int32_t rt.rt_flags = RTF_UP; if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) { if (still_ppp()) { @@ -291,7 +291,7 @@ Signed-off-by: Jo-Philipp Wich } --- a/pppd/sys-solaris.c +++ b/pppd/sys-solaris.c -@@ -2036,12 +2036,18 @@ cifaddr(u, o, h) +@@ -2039,12 +2039,18 @@ cifaddr(u, o, h) * sifdefaultroute - assign a default route through the address given. */ int diff --git a/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch b/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch index b59c33e623..0e57029d61 100644 --- a/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch +++ b/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch @@ -48,7 +48,7 @@ Signed-off-by: Jo-Philipp Wich "Enable multilink operation", OPT_PRIO | 1 }, --- a/pppd/ipv6cp.c +++ b/pppd/ipv6cp.c -@@ -1303,7 +1303,7 @@ ipv6cp_up(f) +@@ -1269,7 +1269,7 @@ ipv6cp_up(f) */ if (ipv6cp_script_state == s_down && ipv6cp_script_pid == 0) { ipv6cp_script_state = s_up; @@ -57,7 +57,7 @@ Signed-off-by: Jo-Philipp Wich } } -@@ -1357,7 +1357,7 @@ ipv6cp_down(f) +@@ -1321,7 +1321,7 @@ ipv6cp_down(f) /* Execute the ipv6-down script */ if (ipv6cp_script_state == s_up && ipv6cp_script_pid == 0) { ipv6cp_script_state = s_down; @@ -66,7 +66,7 @@ Signed-off-by: Jo-Philipp Wich } } -@@ -1400,13 +1400,13 @@ ipv6cp_script_done(arg) +@@ -1364,13 +1364,13 @@ ipv6cp_script_done(arg) case s_up: if (ipv6cp_fsm[0].state != OPENED) { ipv6cp_script_state = s_down; @@ -84,7 +84,7 @@ Signed-off-by: Jo-Philipp Wich } --- a/pppd/pppd.h +++ b/pppd/pppd.h -@@ -319,6 +319,8 @@ extern int max_data_rate; /* max bytes/s +@@ -320,6 +320,8 @@ extern int max_data_rate; /* max bytes/s extern int req_unit; /* interface unit number to use */ extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */ diff --git a/package/network/services/ppp/patches/310-precompile_filter.patch b/package/network/services/ppp/patches/310-precompile_filter.patch index 7b62a9f2f1..877ca6bd1d 100644 --- a/package/network/services/ppp/patches/310-precompile_filter.patch +++ b/package/network/services/ppp/patches/310-precompile_filter.patch @@ -77,7 +77,7 @@ Signed-off-by: Jo-Philipp Wich #ifdef MAXOCTETS { "maxoctets", o_int, &maxoctets, "Set connection traffic limit", -@@ -1488,6 +1504,29 @@ callfile(argv) +@@ -1493,6 +1509,29 @@ callfile(argv) return ok; } diff --git a/package/network/services/ppp/patches/320-custom_iface_names.patch b/package/network/services/ppp/patches/320-custom_iface_names.patch index 1b6561098b..ccda0c6760 100644 --- a/package/network/services/ppp/patches/320-custom_iface_names.patch +++ b/package/network/services/ppp/patches/320-custom_iface_names.patch @@ -56,7 +56,7 @@ Signed-off-by: Jo-Philipp Wich /* * Limits. */ -@@ -316,6 +320,7 @@ extern char *record_file; /* File to rec +@@ -317,6 +321,7 @@ extern char *record_file; /* File to rec extern bool sync_serial; /* Device is synchronous serial device */ extern int maxfail; /* Max # of unsuccessful connection attempts */ extern char linkname[MAXPATHLEN]; /* logical name for link */ @@ -77,7 +77,7 @@ Signed-off-by: Jo-Philipp Wich static int tty_disc = N_TTY; /* The TTY discipline */ static int ppp_disc = N_PPP; /* The PPP discpline */ static int initfdflags = -1; /* Initial file descriptor flags for fd */ -@@ -615,7 +619,8 @@ void generic_disestablish_ppp(int dev_fd +@@ -620,7 +624,8 @@ void generic_disestablish_ppp(int dev_fd */ static int make_ppp_unit() { @@ -87,7 +87,7 @@ Signed-off-by: Jo-Philipp Wich if (ppp_dev_fd >= 0) { dbglog("in make_ppp_unit, already had /dev/ppp open?"); -@@ -638,6 +643,30 @@ static int make_ppp_unit() +@@ -643,6 +648,30 @@ static int make_ppp_unit() } if (x < 0) error("Couldn't create new ppp unit: %m"); diff --git a/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch b/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch index d7f95590c2..bba5884fa4 100644 --- a/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch +++ b/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch @@ -118,7 +118,7 @@ Signed-off-by: George Kashperko && memcmp(vd.dptr, key.dptr, vd.dsize) == 0; --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -693,6 +693,16 @@ void cfg_bundle(int mrru, int mtru, int +@@ -698,6 +698,16 @@ void cfg_bundle(int mrru, int mtru, int add_fd(ppp_dev_fd); } @@ -135,7 +135,7 @@ Signed-off-by: George Kashperko /* * make_new_bundle - create a new PPP unit (i.e. a bundle) * and connect our channel to it. This should only get called -@@ -711,6 +721,8 @@ void make_new_bundle(int mrru, int mtru, +@@ -716,6 +726,8 @@ void make_new_bundle(int mrru, int mtru, /* set the mrru and flags */ cfg_bundle(mrru, mtru, rssn, tssn); diff --git a/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch b/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch index 96e616e00e..f68b466507 100644 --- a/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch +++ b/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch @@ -12,7 +12,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -1748,6 +1748,7 @@ int cifdefaultroute (int unit, u_int32_t +@@ -1756,6 +1756,7 @@ int cifdefaultroute (int unit, u_int32_t SIN_ADDR(rt.rt_genmask) = 0L; } diff --git a/package/network/services/ppp/patches/340-populate_default_gateway.patch b/package/network/services/ppp/patches/340-populate_default_gateway.patch index 3fe954d108..a1451de3a3 100644 --- a/package/network/services/ppp/patches/340-populate_default_gateway.patch +++ b/package/network/services/ppp/patches/340-populate_default_gateway.patch @@ -13,7 +13,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -1702,6 +1702,9 @@ int sifdefaultroute (int unit, u_int32_t +@@ -1710,6 +1710,9 @@ int sifdefaultroute (int unit, u_int32_t memset (&rt, 0, sizeof (rt)); SET_SA_FAMILY (rt.rt_dst, AF_INET); @@ -23,7 +23,7 @@ Signed-off-by: Jo-Philipp Wich rt.rt_dev = ifname; if (kernel_version > KVERSION(2,1,0)) { -@@ -1709,7 +1712,7 @@ int sifdefaultroute (int unit, u_int32_t +@@ -1717,7 +1720,7 @@ int sifdefaultroute (int unit, u_int32_t SIN_ADDR(rt.rt_genmask) = 0L; } diff --git a/package/network/services/ppp/patches/400-simplify_kernel_checks.patch b/package/network/services/ppp/patches/400-simplify_kernel_checks.patch index 36973d17f9..11af6d8f35 100644 --- a/package/network/services/ppp/patches/400-simplify_kernel_checks.patch +++ b/package/network/services/ppp/patches/400-simplify_kernel_checks.patch @@ -19,7 +19,7 @@ Signed-off-by: Jo-Philipp Wich static char loop_name[20]; static unsigned char inbuf[512]; /* buffer for chars read from loopback */ -@@ -213,8 +213,8 @@ static int looped; /* 1 if using loop +@@ -214,8 +214,8 @@ static int looped; /* 1 if using loop static int link_mtu; /* mtu for the link (not bundle) */ static struct utsname utsname; /* for the kernel version */ @@ -29,7 +29,7 @@ Signed-off-by: Jo-Philipp Wich #define MAX_IFS 100 -@@ -1443,11 +1443,12 @@ int ccp_fatal_error (int unit) +@@ -1451,11 +1451,12 @@ int ccp_fatal_error (int unit) * * path_to_procfs - find the path to the proc file system mount point */ @@ -44,7 +44,7 @@ Signed-off-by: Jo-Philipp Wich struct mntent *mntent; FILE *fp; -@@ -1469,6 +1470,7 @@ static char *path_to_procfs(const char * +@@ -1477,6 +1478,7 @@ static char *path_to_procfs(const char * fclose (fp); } } @@ -52,7 +52,7 @@ Signed-off-by: Jo-Philipp Wich strlcpy(proc_path + proc_path_len, tail, sizeof(proc_path) - proc_path_len); -@@ -2121,15 +2123,19 @@ int ppp_available(void) +@@ -2129,15 +2131,19 @@ int ppp_available(void) int my_version, my_modification, my_patch; int osmaj, osmin, ospatch; @@ -72,7 +72,7 @@ Signed-off-by: Jo-Philipp Wich /* XXX should get from driver */ driver_version = 2; -@@ -2189,6 +2195,7 @@ int ppp_available(void) +@@ -2197,6 +2203,7 @@ int ppp_available(void) if (ok && ((ifr.ifr_hwaddr.sa_family & ~0xFF) != ARPHRD_PPP)) ok = 0; @@ -80,7 +80,7 @@ Signed-off-by: Jo-Philipp Wich /* * This is the PPP device. Validate the version of the driver at this -@@ -2684,6 +2691,7 @@ get_pty(master_fdp, slave_fdp, slave_nam +@@ -2730,6 +2737,7 @@ get_pty(master_fdp, slave_fdp, slave_nam } #endif /* TIOCGPTN */ @@ -88,7 +88,7 @@ Signed-off-by: Jo-Philipp Wich if (sfd < 0) { /* the old way - scan through the pty name space */ for (i = 0; i < 64; ++i) { -@@ -2702,6 +2710,7 @@ get_pty(master_fdp, slave_fdp, slave_nam +@@ -2748,6 +2756,7 @@ get_pty(master_fdp, slave_fdp, slave_nam } } } @@ -138,7 +138,7 @@ Signed-off-by: Jo-Philipp Wich info("RP-PPPoE plugin version %s compiled against pppd %s", --- a/pppd/plugins/pppol2tp/pppol2tp.c +++ b/pppd/plugins/pppol2tp/pppol2tp.c -@@ -500,12 +500,7 @@ static void pppol2tp_cleanup(void) +@@ -486,12 +486,7 @@ static void pppol2tp_cleanup(void) void plugin_init(void) { diff --git a/package/network/services/ppp/patches/401-no_record_file.patch b/package/network/services/ppp/patches/401-no_record_file.patch index 49835a3aa9..f3c13ec977 100644 --- a/package/network/services/ppp/patches/401-no_record_file.patch +++ b/package/network/services/ppp/patches/401-no_record_file.patch @@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/pppd.h +++ b/pppd/pppd.h -@@ -316,7 +316,6 @@ extern int holdoff; /* Dead time before +@@ -317,7 +317,6 @@ extern int holdoff; /* Dead time before extern bool holdoff_specified; /* true if user gave a holdoff value */ extern bool notty; /* Stdin/out is not a tty */ extern char *pty_socket; /* Socket to connect to pty */ @@ -17,7 +17,7 @@ Signed-off-by: Jo-Philipp Wich extern char linkname[MAXPATHLEN]; /* logical name for link */ --- a/pppd/tty.c +++ b/pppd/tty.c -@@ -145,7 +145,7 @@ char *disconnect_script = NULL; /* Scrip +@@ -146,7 +146,7 @@ char *disconnect_script = NULL; /* Scrip char *welcomer = NULL; /* Script to run after phys link estab. */ char *ptycommand = NULL; /* Command to run on other side of pty */ bool notty = 0; /* Stdin/out is not a tty */ @@ -26,7 +26,7 @@ Signed-off-by: Jo-Philipp Wich int max_data_rate; /* max bytes/sec through charshunt */ bool sync_serial = 0; /* Device is synchronous serial device */ char *pty_socket = NULL; /* Socket to connect to pty */ -@@ -201,8 +201,10 @@ option_t tty_options[] = { +@@ -202,8 +202,10 @@ option_t tty_options[] = { "Send and receive over socket, arg is host:port", OPT_PRIO | OPT_DEVNAM }, diff --git a/package/network/services/ppp/patches/403-no_wtmp.patch b/package/network/services/ppp/patches/403-no_wtmp.patch index 00c3dafdcd..3c78894570 100644 --- a/package/network/services/ppp/patches/403-no_wtmp.patch +++ b/package/network/services/ppp/patches/403-no_wtmp.patch @@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -2259,6 +2259,7 @@ int ppp_available(void) +@@ -2267,6 +2267,7 @@ int ppp_available(void) void logwtmp (const char *line, const char *name, const char *host) { @@ -15,7 +15,7 @@ Signed-off-by: Jo-Philipp Wich struct utmp ut, *utp; pid_t mypid = getpid(); #if __GLIBC__ < 2 -@@ -2324,6 +2325,7 @@ void logwtmp (const char *line, const ch +@@ -2332,6 +2333,7 @@ void logwtmp (const char *line, const ch close (wtmp); } #endif diff --git a/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch b/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch deleted file mode 100644 index acbf33b65a..0000000000 --- a/package/network/services/ppp/patches/520-ms_chap_buffer_overrun.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: ppp-2.4.6/pppd/chap_ms.c -=================================================================== ---- ppp-2.4.6.orig/pppd/chap_ms.c 2014-07-29 00:38:03.073968867 +0100 -+++ ppp-2.4.6/pppd/chap_ms.c 2014-07-29 00:41:52.897964689 +0100 -@@ -382,7 +382,7 @@ - unsigned char *private) - { - const struct chapms2_response_cache_entry *cache_entry; -- unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH]; -+ unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH+1]; - - challenge++; /* skip length, should be 16 */ - *response++ = MS_CHAP2_RESPONSE_LEN; -- 2.11.0