Merge from bittboy/buildroot@26c91a9

2025-09-27 22:24:19 +03:00 · 2021-03-13 22:13:38 -03:00
parent c77595adbd
commit b3ecc6e32d
7043 changed files with 119377 additions and 73694 deletions
--- a/package/pppd/0001-Move-netinet-in.h-above-linux-header-includes.patch
+++ b/package/pppd/0001-Move-netinet-in.h-above-linux-header-includes.patch
@@ -1,22 +0,0 @@
-diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
-index 9ab2eee..b827620 100644
--- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
-@@ -47,6 +47,8 @@
- #include <sys/socket.h>
- #endif
- 
-+#include <netinet/in.h>
-+
- /* Ugly header files on some Linux boxes... */
- #if defined(HAVE_LINUX_IF_H)
- #include <linux/if.h>
-@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
- #include <linux/if_ether.h>
- #endif
- 
-#include <netinet/in.h>
-
- #ifdef HAVE_NETINET_IF_ETHER_H
- #include <sys/types.h>
- 
--- a/package/pppd/0001-pppd-Fix-bounds-check.patch
+++ b/package/pppd/0001-pppd-Fix-bounds-check.patch
@@ -0,0 +1,37 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname).  This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f56..1b93db01 100644
+--- a/pppd/eap.c
+++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
+		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
+		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
--- a/package/pppd/0002-pppd-Use-openssl-for-the-DES-instead-of-the-libcrypt-glibc.patch
+++ b/package/pppd/0002-pppd-Use-openssl-for-the-DES-instead-of-the-libcrypt-glibc.patch
@@ -1,113 +0,0 @@
-From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Fri, 6 Apr 2018 14:27:18 +0200
-Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
-libcrypt.  The libxcrypt standalone package can be used instead, but
-it dropped the old setkey/encrypt API which ppp uses for DES.  There
-is support for using openssl in pppcrypt.c, but it contains typos
-preventing it from compiling and seems to be written for an ancient
-openssl version.
-
-This updates the code to use current openssl.
-
-[paulus@ozlabs.org - wrote the commit description, fixed comment in
- Makefile.linux.]
-
-Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
-Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Retrieved from:
-https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875]
---
- pppd/Makefile.linux |  7 ++++---
- pppd/pppcrypt.c     | 18 +++++++++---------
- 2 files changed, 13 insertions(+), 12 deletions(-)
-
-diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index 36d2b036..8d5ce99d 100644
--- a/pppd/Makefile.linux
-+++ b/pppd/Makefile.linux
-@@ -35,10 +35,10 @@ endif
- COPTS = -O2 -pipe -Wall -g
- LIBS =
- 
-# Uncomment the next 2 lines to include support for Microsoft's
-+# Uncomment the next line to include support for Microsoft's
- # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
- CHAPMS=y
-USE_CRYPT=y
-+#USE_CRYPT=y
- # Don't use MSLANMAN unless you really know what you're doing.
- #MSLANMAN=y
- # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
-@@ -137,7 +137,8 @@ endif
- 
- ifdef NEEDDES
- ifndef USE_CRYPT
-LIBS     += -ldes $(LIBS)
-+CFLAGS   += -I/usr/include/openssl
-+LIBS     += -lcrypto
- else
- CFLAGS   += -DUSE_CRYPT=1
- endif
-diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
-index 8b85b132..6b35375e 100644
--- a/pppd/pppcrypt.c
-+++ b/pppd/pppcrypt.c
-@@ -64,7 +64,7 @@ u_char *des_key;	/* OUT 64 bit DES key with parity bits added */
- 	des_key[7] = Get7Bits(key, 49);
- 
- #ifndef USE_CRYPT
-	des_set_odd_parity((des_cblock *)des_key);
-+	DES_set_odd_parity((DES_cblock *)des_key);
- #endif
- }
- 
-@@ -158,25 +158,25 @@ u_char *clear;	/* OUT 8 octets */
- }
- 
- #else /* USE_CRYPT */
-static des_key_schedule	key_schedule;
-+static DES_key_schedule	key_schedule;
- 
- bool
- DesSetkey(key)
- u_char *key;
- {
-	des_cblock des_key;
-+	DES_cblock des_key;
- 	MakeKey(key, des_key);
-	des_set_key(&des_key, key_schedule);
-+	DES_set_key(&des_key, &key_schedule);
- 	return (1);
- }
- 
- bool
-DesEncrypt(clear, key, cipher)
-+DesEncrypt(clear, cipher)
- u_char *clear;	/* IN  8 octets */
- u_char *cipher;	/* OUT 8 octets */
- {
-	des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
-	    key_schedule, 1);
-+	DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
-+	    &key_schedule, 1);
- 	return (1);
- }
- 
-@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
- u_char *cipher;	/* IN  8 octets */
- u_char *clear;	/* OUT 8 octets */
- {
-	des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
-	    key_schedule, 0);
-+	DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
-+	    &key_schedule, 0);
- 	return (1);
- }
- 
--- a/package/pppd/0003-Add-OPENSSL_INCLUDE_DIR.patch
+++ b/package/pppd/0003-Add-OPENSSL_INCLUDE_DIR.patch
@@ -1,38 +0,0 @@
-From 24dd10608bfb554390c17f709a5afa30060c994b Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Wed, 31 Oct 2018 10:49:16 +0100
-Subject: [PATCH] Add OPENSSL_INCLUDE_DIR
-
-Add OPENSSL_INCLUDE_DIR to be able to override openssl include directory
-as -I/usr/include/openssl can't be used when cross-compiling
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/paulusmack/ppp/pull/107]
---
- pppd/Makefile.linux | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index 8d5ce99..b258d86 100644
--- a/pppd/Makefile.linux
-+++ b/pppd/Makefile.linux
-@@ -84,6 +84,7 @@ USE_LIBUTIL=y
- MAXOCTETS=y
- 
- INCLUDE_DIRS= -I../include
-+OPENSSL_INCLUDE_DIR= /usr/include/openssl
- 
- COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP
- 
-@@ -137,7 +138,7 @@ endif
- 
- ifdef NEEDDES
- ifndef USE_CRYPT
-CFLAGS   += -I/usr/include/openssl
-+CFLAGS   += -I$(OPENSSL_INCLUDE_DIR)
- LIBS     += -lcrypto
- else
- CFLAGS   += -DUSE_CRYPT=1
-- 
-2.17.1
-
--- a/package/pppd/Config.in
+++ b/package/pppd/Config.in
@@ -3,7 +3,7 @@ config BR2_PACKAGE_PPPD
 	depends on !BR2_STATIC_LIBS
 	depends on !BR2_TOOLCHAIN_USES_MUSL # Use __P() macro all over the tree
 	depends on BR2_USE_MMU
-	select BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_OPENSSL if BR2_TOOLCHAIN_USES_GLIBC
 	help
 	  An implementation of the Point-to-point protocol.

--- a/package/pppd/pppd.hash
+++ b/package/pppd/pppd.hash
@@ -1,2 +1,7 @@
-# Locally calculated after checking pgp signature
-sha256	02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30	ppp-2.4.7.tar.gz
+# Locally calculated
+sha256	91fbff784ad16a1111a7f22df4675aeb161d958bb79f1cc4c1f0c81944e7cb40	pppd-2.4.8.tar.gz
+sha256	3990c65c506885f7bb75455d1d6188743a14ad46f5b62e136ef3739aed52c532	pppd/tdb.c
+sha256	1822ead9d2854adfbd282322b29730a3fec4cc67f6f6a2e487aad3476e3afd59	pppd/plugins/pppoatm/COPYING
+sha256	91a5e9c173e0e001e081e15bf7850cfd782a0baa02f5921e327ae3b449beff3f	pppdump/bsd-comp.c
+sha256	ee1c28551c87cdcdaf80eb3922726f015201614cb560a5ed18a7a0c15f2b4aa4	pppd/ccp.c
+sha256	6fa4c3dad059f6ef15c1c5e5219d9d0d40991dd3a162098a89967a1720de059e	pppd/plugins/passprompt.c
--- a/package/pppd/pppd.mk
+++ b/package/pppd/pppd.mk
@@ -4,18 +4,23 @@
 #
 ################################################################################

-PPPD_VERSION = 2.4.7
-PPPD_SOURCE = ppp-$(PPPD_VERSION).tar.gz
-PPPD_SITE = https://download.samba.org/pub/ppp
+PPPD_VERSION = 2.4.8
+PPPD_SITE = $(call github,paulusmack,ppp,ppp-$(PPPD_VERSION))
 PPPD_LICENSE = LGPL-2.0+, LGPL, BSD-4-Clause, BSD-3-Clause, GPL-2.0+
 PPPD_LICENSE_FILES = \
 	pppd/tdb.c pppd/plugins/pppoatm/COPYING \
 	pppdump/bsd-comp.c pppd/ccp.c pppd/plugins/passprompt.c

-PPPD_DEPENDENCIES = openssl
-PPPD_MAKE_OPTS = \
-	HAVE_INET6=y \
-	OPENSSL_INCLUDE_DIR=$(STAGING_DIR)/usr/include/openssl
+# 0001-pppd-Fix-bounds-check.patch
+PPPD_IGNORE_CVES += CVE-2020-8597
+
+PPPD_MAKE_OPTS = HAVE_INET6=y
+ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
+PPPD_DEPENDENCIES += openssl
+else
+PPPD_MAKE_OPTS += USE_CRYPT=y
+endif
+
 PPPD_INSTALL_STAGING = YES
 PPPD_TARGET_BINS = chat pppd pppdump pppstats
 PPPD_RADIUS_CONF = \