Date: Monday, January 25, 2021 @ 21:44:39 Author: felixonmars Revision: 406747
upgpkg: ppp 2.4.8-1 Modified: ppp/trunk/PKGBUILD ppp/trunk/ppp-2.4.6-makefiles.patch Deleted: ppp/trunk/CVE-2015-3310.patch ---------------------------+ CVE-2015-3310.patch | 18 --------- PKGBUILD | 26 +++++--------- ppp-2.4.6-makefiles.patch | 80 ++------------------------------------------ 3 files changed, 15 insertions(+), 109 deletions(-) Deleted: CVE-2015-3310.patch =================================================================== --- CVE-2015-3310.patch 2021-01-25 20:40:14 UTC (rev 406746) +++ CVE-2015-3310.patch 2021-01-25 21:44:39 UTC (rev 406747) @@ -1,18 +0,0 @@ -Fix buffer overflow in rc_mksid() - -rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string. -If the process id is bigger than 65535 (FFFF), its hex representation will be -longer than 4 characters, resulting in a buffer overflow. - -The bug can be exploited to cause a remote DoS. ---- ppp-2.4.7/pppd/plugins/radius/util.c -+++ ppp-2.4.7/pppd/plugins/radius/util.c -@@ -77,7 +77,7 @@ rc_mksid (void) - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), -- (unsigned int) getpid (), -+ (unsigned int) getpid () & 0xFFFF, - cnt & 0xFF); - cnt++; - return buf; Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-01-25 20:40:14 UTC (rev 406746) +++ PKGBUILD 2021-01-25 21:44:39 UTC (rev 406747) @@ -1,12 +1,14 @@ -# Maintainer: Thomas Baechler <[email protected]> +# Maintainer: Felix Yan <[email protected]> +# Contributor: Thomas Baechler <[email protected]> + pkgname=ppp -pkgver=2.4.7 -pkgrel=7 +pkgver=2.4.8 +pkgrel=1 pkgdesc="A daemon which implements the Point-to-Point Protocol for dial-up networking" arch=(x86_64) url="https://www.samba.org/ppp/"; license=('GPL' 'BSD') -depends=('glibc' 'libpcap' 'openssl') +depends=('glibc' 'libpcap' 'libxcrypt' 'openssl') backup=(etc/ppp/{chap-secrets,pap-secrets,options,ip-up,ip-down,ip-down.d/00-dns.sh,ip-up.d/00-dns.sh,ipv6-up.d/00-iface-config.sh}) source=(https://download.samba.org/pub/ppp/ppp-$pkgver.tar.gz{,.asc} ppp-2.4.6-makefiles.patch @@ -19,14 +21,11 @@ ipv6-down ipv6-up.d.iface-config.sh ppp.systemd - CVE-2015-3310.patch CVE-2020-8597.patch - ppp-build-fix.patch::"https://github.com/paulusmack/ppp/commit/50a2997b.patch"; - ppp-openssl.patch::https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch LICENSE) -sha512sums=('e34ce24020af6a73e7a26c83c4f73a9c83fa455b7b363794dba27bf01f70368be06bff779777843949bd77f4bc9385d6ad455ea48bf8fff4e0d73cc8fef16ae2' +sha512sums=('580a5856333e1149a66cfb218f7fb5e698f0f0c11d492d5c87b760827e76b5ef1e2e461c95d1abb368b9c92499c366e7ddb31dd3029d5a9026c3ab10b50bdbb6' 'SKIP' - 'd36a23470a2b6217555f367c989ce6fdc09c2627d1f03cf5a12e29de6c5421ef6a697d6399128008138d19beb4a2ae6316e2bf0b3eefe3f23635dbbda5a063be' + 'e319ae8842cf24bdaf3f9ffd9ffe792c18d6b115590174ea930b9a3518834d7f952e2dc4f6061406957d49d9c740f91bb3becfeb6f9c8feb77c2c66eb1e9c58e' '86b13a9f02cc44c5ba16d404fdb54459fcda22fb5f4c4e12b2101e47e2650b62576d6315cd41f30f103ea61fb6f86b7aa2e7d40336f849f45061f7ad9c5119fe' 'bdaaac792dd448ff31da6da2749d8c2f9c4e0311b1d4639de7c68038fcaa333cc28e25f5a6308de0ecb24b60b2e7284a811482df990da5f54d5581a746964f3c' '92f3a5e383f2c888938e891ba831042e7f8c026b0ddf5ce8c3523d06ac32fa81742e638a4c665975cbc79868b98806d92574ee2ee8e034e33b065a90ee3ab28b' @@ -36,21 +35,16 @@ '1b8dc6300f746607c0cce835e69ed444f24ba81874ba061b2b0377f0b9c1cb41a383d6845b364dfabb249a461422972ba5010bacf55c5f85f5eb0d3c0f4c71cd' '5b92a05bcf3ad4b7a88434546884e088069ce7c16a10c472589ca5ecc648f86ca02c2f608fb856ac6cb6ef14b508c2e0dec146c953128693bfb6c988f1963de8' 'b9978c4038fb764a1bbe9dea92850673e14978450c0dcd7a1b0b24c4ebd515fcc4c5cc82cd4b97d826d483261e96945208b9fe97d6fea09a7a5c7910541db24c' - '68b5f9a1b6724b0d1164a9317920f1c0dfc7a61201233febf9bdde2b3f9779dc874703d5b8464160dccaef6d19107c2b0b9257b6e9b029c5b980585ab8c078cc' '242915cfdeefd629287890876e233b83582b3e6094f0ad58c96027b4dc8275fa18809d68b4ff63e77ca444767ed2b4f376f5501ed4a9247a6bbb50970e9b342a' - '3c17faf7e18f936115ea8669354859963f66e4247f02e282ee8e026942534a40511ed862fc43d9044dcf0b72d0fe03dc90ec02f7e09c804f9aecb39a9645435d' - 'fc012971a062456fa4e253f5b4a5e2ce56ae1852293d0245ecfd165ba162fa76ec2c28e1035dd89de3e9d43941d528e2d95a40552eb8037a5ba084c1717c20d1' 'ab3acd0387a7966ac3d220f2b0b6880302f827125d978991f83dd3f1a30340c2a98ca5aedf0b81ec6a9e5eb49b0b0a0a5356419f3b8415c892c2df8b52d3994a') -validpgpkeys=('631E179E370CD727A7F2A33A9E4295D605F66CE9') # Paul Mackerras (Signing key) <[email protected]> +validpgpkeys=('631E179E370CD727A7F2A33A9E4295D605F66CE9' # Paul Mackerras (Signing key) <[email protected]> + 'DE8E01561D8276A4DBFAEFCC040F1D49EC9DBB8C') # Paul Mackerras <[email protected]> prepare() { cd $pkgname-$pkgver patch -p1 -i "$srcdir"/ppp-2.4.6-makefiles.patch - patch -p1 -i "$srcdir"/CVE-2015-3310.patch patch -p1 -i "$srcdir"/CVE-2020-8597.patch - patch -p1 -i "$srcdir"/ppp-build-fix.patch - patch -p1 -i "$srcdir"/ppp-openssl.patch # enable active filter sed -i "s:^#FILTER=y:FILTER=y:" pppd/Makefile.linux Modified: ppp-2.4.6-makefiles.patch =================================================================== --- ppp-2.4.6-makefiles.patch 2021-01-25 20:40:14 UTC (rev 406746) +++ ppp-2.4.6-makefiles.patch 2021-01-25 21:44:39 UTC (rev 406747) @@ -86,8 +86,7 @@ -COPTS = -O2 -g +COPTS = @CFLAGS@ CFLAGS = $(COPTS) -I.. -I../../include -fPIC --LDFLAGS = -shared -+LDFLAGS = @LDFLAGS@ -shared + LDFLAGS_SHARED = -shared INSTALL = install DESTDIR = $(INSTROOT)@DESTDIR@ @@ -104,20 +103,10 @@ -COPTS = -O2 -g +COPTS = @CFLAGS@ CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC --LDFLAGS = -shared -+LDFLAGS = @LDFLAGS@ + LDFLAGS_SHARED = -shared INSTALL = install #*********************************************************************** -@@ -33,7 +33,7 @@ - all: $(PLUGIN) - - $(PLUGIN): $(PLUGIN_OBJS) -- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) -+ $(CC) $(CFLAGS) -o $@ $(LDFLAGS) -shared $^ $(LIBS) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) diff -Nur ppp-2.4.6.orig/pppd/plugins/pppol2tp/Makefile.linux ppp-2.4.6/pppd/plugins/pppol2tp/Makefile.linux --- ppp-2.4.6.orig/pppd/plugins/pppol2tp/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 +++ ppp-2.4.6/pppd/plugins/pppol2tp/Makefile.linux 2014-02-24 09:01:06.325349425 +0100 @@ -126,8 +115,7 @@ -COPTS = -O2 -g +COPTS = @CFLAGS@ CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC --LDFLAGS = -shared -+LDFLAGS = @LDFLAGS@ + LDFLAGS_SHARED = -shared INSTALL = install #*********************************************************************** @@ -137,15 +125,6 @@ LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) -@@ -16,7 +16,7 @@ - all: $(PLUGINS) - - %.so: %.o -- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) -+ $(CC) $(CFLAGS) -o $@ $(LDFLAGS) -shared $^ $(LIBS) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) diff -Nur ppp-2.4.6.orig/pppd/plugins/radius/Makefile.linux ppp-2.4.6/pppd/plugins/radius/Makefile.linux --- ppp-2.4.6.orig/pppd/plugins/radius/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 +++ ppp-2.4.6/pppd/plugins/radius/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 @@ -159,23 +138,6 @@ # Uncomment the next line to include support for Microsoft's # MS-CHAP authentication protocol. -@@ -43,13 +44,13 @@ - $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) - - radius.so: radius.o libradiusclient.a -- $(CC) -o radius.so -shared radius.o libradiusclient.a -+ $(CC) -o radius.so -shared $(LDFLAGS) radius.o libradiusclient.a - - radattr.so: radattr.o -- $(CC) -o radattr.so -shared radattr.o -+ $(CC) -o radattr.so -shared $(LDFLAGS) radattr.o - - radrealms.so: radrealms.o -- $(CC) -o radrealms.so -shared radrealms.o -+ $(CC) -o radrealms.so -shared $(LDFLAGS) radrealms.o - - CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ - clientid.o sendserver.o lock.o util.o md5.o diff -Nur ppp-2.4.6.orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.6/pppd/plugins/rp-pppoe/Makefile.linux --- ppp-2.4.6.orig/pppd/plugins/rp-pppoe/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 +++ ppp-2.4.6/pppd/plugins/rp-pppoe/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 @@ -188,7 +150,7 @@ LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION) PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) -@@ -25,12 +25,14 @@ +@@ -25,7 +25,9 @@ # Version is set ONLY IN THE MAKEFILE! Don't delete this! RP_VERSION=3.8p @@ -200,20 +162,6 @@ all: rp-pppoe.so pppoe-discovery pppoe-discovery: pppoe-discovery.o debug.o -- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -+ $(CC) -o pppoe-discovery $(LDFLAGS) pppoe-discovery.o debug.o - - pppoe-discovery.o: pppoe-discovery.c - $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c -@@ -39,7 +41,7 @@ - $(CC) $(CFLAGS) -c -o debug.o debug.c - - rp-pppoe.so: plugin.o discovery.o if.o common.o -- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o -+ $(CC) -o rp-pppoe.so -shared $(LDFLAGS) plugin.o discovery.o if.o common.o - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) diff -Nur ppp-2.4.6.orig/pppdump/Makefile.linux ppp-2.4.6/pppdump/Makefile.linux --- ppp-2.4.6.orig/pppdump/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 +++ ppp-2.4.6/pppdump/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 @@ -229,15 +177,6 @@ OBJS = pppdump.o bsd-comp.o deflate.o zlib.o INSTALL= install -@@ -10,7 +11,7 @@ - all: pppdump - - pppdump: $(OBJS) -- $(CC) -o pppdump $(OBJS) -+ $(CC) $(LDFLAGS) -o pppdump $(OBJS) - - clean: - rm -f pppdump $(OBJS) *~ diff -Nur ppp-2.4.6.orig/pppstats/Makefile.linux ppp-2.4.6/pppstats/Makefile.linux --- ppp-2.4.6.orig/pppstats/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 +++ ppp-2.4.6/pppstats/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 @@ -258,13 +197,4 @@ +LDFLAGS = @LDFLAGS@ COMPILE_FLAGS = -I../include LIBS = - -@@ -26,7 +27,7 @@ - $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) - - pppstats: $(PPPSTATSRCS) -- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS) - - clean: - rm -f pppstats *~ #* core + \ No newline at end of file
