etc/ppp/ioptions
etc/ppp/ip-down
etc/ppp/ip-up
+#etc/ppp/openssl.cnf
etc/ppp/options
etc/ppp/pap-secrets
etc/ppp/standardloginscript
#usr/include/pppd
+#usr/include/pppd/cbcp.h
#usr/include/pppd/ccp.h
-#usr/include/pppd/chap-new.h
+#usr/include/pppd/chap.h
#usr/include/pppd/chap_ms.h
-#usr/include/pppd/eap-tls.h
+#usr/include/pppd/crypto.h
+#usr/include/pppd/crypto_ms.h
#usr/include/pppd/eap.h
#usr/include/pppd/ecp.h
#usr/include/pppd/eui64.h
#usr/include/pppd/fsm.h
#usr/include/pppd/ipcp.h
#usr/include/pppd/ipv6cp.h
-#usr/include/pppd/ipxcp.h
#usr/include/pppd/lcp.h
#usr/include/pppd/magic.h
-#usr/include/pppd/md4.h
-#usr/include/pppd/md5.h
#usr/include/pppd/mppe.h
-#usr/include/pppd/patchlevel.h
-#usr/include/pppd/pathnames.h
-#usr/include/pppd/pppcrypt.h
+#usr/include/pppd/multilink.h
+#usr/include/pppd/options.h
#usr/include/pppd/pppd.h
+#usr/include/pppd/pppdconf.h
#usr/include/pppd/session.h
-#usr/include/pppd/sha1.h
-#usr/include/pppd/spinlock.h
-#usr/include/pppd/tdb.h
#usr/include/pppd/upap.h
+#usr/lib/pkgconfig/pppd.pc
usr/lib/pppd
-usr/lib/pppd/2.4.9
-usr/lib/pppd/2.4.9/minconn.so
-usr/lib/pppd/2.4.9/openl2tp.so
-usr/lib/pppd/2.4.9/passprompt.so
-usr/lib/pppd/2.4.9/passwordfd.so
-usr/lib/pppd/2.4.9/pppoatm.so
-usr/lib/pppd/2.4.9/pppoe.so
-usr/lib/pppd/2.4.9/pppol2tp.so
-usr/lib/pppd/2.4.9/radattr.so
-usr/lib/pppd/2.4.9/radius.so
-usr/lib/pppd/2.4.9/radrealms.so
-usr/lib/pppd/2.4.9/rp-pppoe.so
-usr/lib/pppd/2.4.9/winbind.so
+usr/lib/pppd/2.5.0
+#usr/lib/pppd/2.5.0/minconn.la
+usr/lib/pppd/2.5.0/minconn.so
+#usr/lib/pppd/2.5.0/openl2tp.la
+usr/lib/pppd/2.5.0/openl2tp.so
+#usr/lib/pppd/2.5.0/passprompt.la
+usr/lib/pppd/2.5.0/passprompt.so
+#usr/lib/pppd/2.5.0/passwordfd.la
+usr/lib/pppd/2.5.0/passwordfd.so
+#usr/lib/pppd/2.5.0/pppoatm.la
+usr/lib/pppd/2.5.0/pppoatm.so
+#usr/lib/pppd/2.5.0/pppoe.la
+usr/lib/pppd/2.5.0/pppoe.so
+#usr/lib/pppd/2.5.0/pppol2tp.la
+usr/lib/pppd/2.5.0/pppol2tp.so
+#usr/lib/pppd/2.5.0/radattr.la
+usr/lib/pppd/2.5.0/radattr.so
+#usr/lib/pppd/2.5.0/radius.la
+usr/lib/pppd/2.5.0/radius.so
+#usr/lib/pppd/2.5.0/radrealms.la
+usr/lib/pppd/2.5.0/radrealms.so
+#usr/lib/pppd/2.5.0/winbind.la
+usr/lib/pppd/2.5.0/winbind.so
usr/sbin/chat
usr/sbin/pppd
usr/sbin/pppdump
#usr/share/man/man8/pppd-radius.8
#usr/share/man/man8/pppd.8
#usr/share/man/man8/pppdump.8
+#usr/share/man/man8/pppoe-discovery.8
#usr/share/man/man8/pppstats.8
var/log/connect-errors
+
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2.4.9
+VER = 2.5.0
THISAPP = ppp-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2cc885c32b7d33dc48766097f1f4c9cd0754924a8c0630ccaa58b2989e6b43a197ca0d41f5f16956c395278a12023d490e085f5635e23b53c5603ba61cfc40d5
+$(DL_FILE)_BLAKE2 = 6a0e9efcbff3cb499705071cc7d0e3411cf4871fd53b2bfedbb1f2cf3ad80728eb436050cf33b78e36d473be64f15907a21da17f283337455f0af379bc18272d
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
- cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
- cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-1-we-don-t-want-to-accidentally-leak-fds.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-3-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-4-increase-max-padi-attempts.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-5-headers_4.9.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.5.0-6-patch-configure-to-handle-cflags-properly.patch
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-logfile-dir=/var/log \
+ cc="gcc" \
+ cflags="$(CFLAGS)"
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- cd $(DIR_APP) && make install-etcppp
touch /var/log/connect-errors
-mkdir -p /etc/ppp
for i in $(DIR_SRC)/src/ppp/* ; do \
+++ /dev/null
-From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Mon, 7 Apr 2014 14:21:41 +0200
-Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
-
----
- pppd/plugins/pppoatm/pppoatm.c | 2 +-
- pppd/plugins/pppol2tp/openl2tp.c | 2 +-
- pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
- pppd/plugins/pppoe/if.c | 2 +-
- pppd/plugins/pppoe/plugin.c | 6 +++---
- pppd/plugins/pppoe/pppoe-discovery.c | 2 +-
- pppd/sys-linux.c | 10 +++++-----
- pppd/tty.c | 2 +-
- 8 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
-index d693350..c31bb34 100644
---- a/pppd/plugins/pppoatm/pppoatm.c
-+++ b/pppd/plugins/pppoatm/pppoatm.c
-@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
-
- if (!device_got_set)
- no_device_given_pppoatm();
-- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
-+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (fd < 0)
- fatal("failed to create socket: %m");
- memset(&qos, 0, sizeof qos);
-diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
-index 9643b96..1099575 100644
---- a/pppd/plugins/pppol2tp/openl2tp.c
-+++ b/pppd/plugins/pppol2tp/openl2tp.c
-@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
- int result;
-
- if (openl2tp_fd < 0) {
-- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
-+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (openl2tp_fd < 0) {
- error("openl2tp connection create: %m");
- return -ENOTCONN;
-diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
-index a7e3400..e64a778 100644
---- a/pppd/plugins/pppol2tp/pppol2tp.c
-+++ b/pppd/plugins/pppol2tp/pppol2tp.c
-@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
- struct ifreq ifr;
- int fd;
-
-- fd = socket(AF_INET, SOCK_DGRAM, 0);
-+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (fd >= 0) {
- memset (&ifr, '\0', sizeof (ifr));
- strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
-diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
-index 91e9a57..72aba41 100644
---- a/pppd/plugins/pppoe/if.c
-+++ b/pppd/plugins/pppoe/if.c
-@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
- stype = SOCK_PACKET;
- #endif
-
-- if ((fd = socket(domain, stype, htons(type))) < 0) {
-+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
- /* Give a more helpful message for the common error case */
- if (errno == EPERM) {
- fatal("Cannot create raw socket -- pppoe must be run as root.");
-diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
-index a8c2bb4..24bdf8f 100644
---- a/pppd/plugins/pppoe/plugin.c
-+++ b/pppd/plugins/pppoe/plugin.c
-@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
- /* server equipment). */
- /* Opening this socket just before waitForPADS in the discovery() */
- /* function would be more appropriate, but it would mess-up the code */
-- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
-+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
- if (conn->sessionSocket < 0) {
- error("Failed to create PPPoE socket: %m");
- return -1;
-@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
- lcp_wantoptions[0].mru = conn->mru;
-
- /* Update maximum MRU */
-- s = socket(AF_INET, SOCK_DGRAM, 0);
-+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (s < 0) {
- error("Can't get MTU for %s: %m", conn->ifName);
- goto errout;
-@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
- }
-
- /* Open a socket */
-- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
-+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
- r = 0;
- }
-
-diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
-index 3d3bf4e..c0d927d 100644
---- a/pppd/plugins/pppoe/pppoe-discovery.c
-+++ b/pppd/plugins/pppoe/pppoe-discovery.c
-@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
- stype = SOCK_PACKET;
- #endif
-
-- if ((fd = socket(domain, stype, htons(type))) < 0) {
-+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
- /* Give a more helpful message for the common error case */
- if (errno == EPERM) {
- rp_fatal("Cannot create raw socket -- pppoe must be run as root.");
-diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
-index 00a2cf5..0690019 100644
---- a/pppd/sys-linux.c
-+++ b/pppd/sys-linux.c
-@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
- void sys_init(void)
- {
- /* Get an internet socket for doing socket ioctls. */
-- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
-+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (sock_fd < 0)
- fatal("Couldn't create IP socket: %m(%d)", errno);
-
- #ifdef INET6
-- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
-+ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (sock6_fd < 0)
- sock6_fd = -errno; /* save errno for later */
- #endif
-@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
- struct ifreq ifreq;
- int ret, sock_fd;
-
-- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
-+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (sock_fd < 0)
- return 0;
- memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
-@@ -2067,7 +2067,7 @@ int ppp_available(void)
- /*
- * Open a socket for doing the ioctl operations.
- */
-- s = socket(AF_INET, SOCK_DGRAM, 0);
-+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
- if (s < 0)
- return 0;
-
-diff --git a/pppd/tty.c b/pppd/tty.c
-index bc96695..8e76a5d 100644
---- a/pppd/tty.c
-+++ b/pppd/tty.c
-@@ -896,7 +896,7 @@ open_socket(dest)
- *sep = ':';
-
- /* get a socket and connect it to the other end */
-- sock = socket(PF_INET, SOCK_STREAM, 0);
-+ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
- if (sock < 0) {
- error("Can't create socket: %m");
- return -1;
---
-1.8.3.1
-
+++ /dev/null
-diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h
-index 9ab2eee..86762bd 100644
---- a/pppd/plugins/pppoe/pppoe.h
-+++ b/pppd/plugins/pppoe/pppoe.h
-@@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
- #define STATE_TERMINATED 4
-
- /* How many PADI/PADS attempts? */
--#define MAX_PADI_ATTEMPTS 3
-+#define MAX_PADI_ATTEMPTS 4
-
- /* Initial timeout for PADO/PADS */
- #define PADI_TIMEOUT 5
+++ /dev/null
-diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c
---- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
-@@ -49,6 +49,8 @@
- #include <net/ethernet.h>
- #include <net/if_arp.h>
- #include <linux/ppp_defs.h>
-+#define _LINUX_IN_H
-+#define _LINUX_IN6_H
- #include <linux/if_pppox.h>
-
- #ifndef _ROOT_PATH
+++ /dev/null
---- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200
-+++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200
-@@ -121,9 +121,9 @@
- rm -f $2
- if [ -f $1 ]; then
- echo " $2 <= $1"
-- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
-- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
-- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
-+ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \
-+ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \
-+ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2
- fi
- }
-
-From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Mon, 7 Apr 2014 12:23:36 +0200
-Subject: [PATCH 12/25] pppd: we don't want to accidentally leak fds
-
----
- pppd/auth.c | 20 ++++++++++----------
- pppd/options.c | 2 +-
- pppd/sys-linux.c | 4 ++--
- 3 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/pppd/auth.c b/pppd/auth.c
-index 4271af6..9e957fa 100644
---- a/pppd/auth.c
-+++ b/pppd/auth.c
-@@ -428,7 +428,7 @@ setupapfile(argv)
- option_error("unable to reset uid before opening %s: %m", fname);
+diff -Naur pppd.orig/auth.c pppd/auth.c
+--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200
+@@ -518,7 +518,7 @@
+ free(fname);
return 0;
}
- ufile = fopen(fname, "r");
if (seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
-@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
- filename = _PATH_UPAPFILE;
+@@ -1535,7 +1535,7 @@
+ filename = PPP_PATH_UPAPFILE;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
- f = fopen(filename, "r");
if (f == NULL) {
error("Can't open PAP password file %s: %m", filename);
-@@ -1512,7 +1512,7 @@ null_login(unit)
+@@ -1635,7 +1635,7 @@
if (ret <= 0) {
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
addrs = NULL;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
-@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
+@@ -1681,7 +1681,7 @@
}
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
-@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
+@@ -1718,7 +1718,7 @@
}
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
-@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
+@@ -1760,7 +1760,7 @@
}
- filename = _PATH_CHAPFILE;
+ filename = PPP_PATH_CHAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
-@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
+@@ -1798,7 +1798,7 @@
struct wordlist *addrs;
- filename = _PATH_SRPFILE;
+ filename = PPP_PATH_SRPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
-@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
+@@ -1849,7 +1849,7 @@
addrs = NULL;
secbuf[0] = 0;
if (f == NULL) {
error("Can't open chap secret file %s: %m", filename);
return 0;
-@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
- filename = _PATH_SRPFILE;
+@@ -1902,7 +1902,7 @@
+ filename = PPP_PATH_SRPFILE;
addrs = NULL;
- fp = fopen(filename, "r");
if (fp == NULL) {
error("Can't open srp secret file %s: %m", filename);
return 0;
-@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
+@@ -2291,7 +2291,7 @@
*/
if (word[0] == '@' && word[1] == '/') {
strlcpy(atfile, word+1, sizeof(atfile));
warn("can't open indirect secret file %s", atfile);
continue;
}
-diff --git a/pppd/options.c b/pppd/options.c
-index 45fa742..1d754ae 100644
---- a/pppd/options.c
-+++ b/pppd/options.c
-@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
- option_error("unable to drop privileges to open %s: %m", filename);
+@@ -2461,7 +2461,7 @@
+ char pkfile[MAXWORDLEN];
+
+ filename = PPP_PATH_EAPTLSSERVFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -2518,7 +2518,7 @@
+ return 1;
+
+ filename = PPP_PATH_EAPTLSCLIFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -2738,7 +2738,7 @@
+ filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE);
+ addrs = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "re");
+ if (fp == NULL)
+ {
+ error("Can't open eap-tls secret file %s: %m", filename);
+diff -Naur pppd.orig/options.c pppd/options.c
+--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200
+@@ -555,7 +555,7 @@
+ ppp_option_error("unable to drop privileges to open %s: %m", filename);
return 0;
}
- f = fopen(filename, "r");
err = errno;
if (check_prot && seteuid(euid) == -1)
fatal("unable to regain privileges");
-diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
-index 72a7727..8a12fa0 100644
---- a/pppd/sys-linux.c
-+++ b/pppd/sys-linux.c
-@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100
++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
+@@ -1978,7 +1978,7 @@
/* Default the mount location of /proc */
strlcpy (proc_path, "/proc", sizeof(proc_path));
proc_path_len = 5;
if (fp != NULL) {
while ((mntent = getmntent(fp)) != NULL) {
if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
-@@ -1472,7 +1472,7 @@ static int open_route_table (void)
+@@ -2038,7 +2038,7 @@
close_route_table();
path = path_to_procfs("/net/route");
if (route_fd == NULL) {
error("can't open routing table %s: %m", path);
return 0;
---
-1.8.3.1
-
+@@ -2322,7 +2322,7 @@
+ close_route_table();
+
+ path = path_to_procfs("/net/ipv6_route");
+- route_fd = fopen (path, "r");
++ route_fd = fopen (path, "re");
+ if (route_fd == NULL) {
+ error("can't open routing table %s: %m", path);
+ return 0;
-From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Mon, 7 Apr 2014 13:56:34 +0200
-Subject: [PATCH 13/25] everywhere: O_CLOEXEC harder
-
----
- pppd/eap.c | 2 +-
- pppd/main.c | 4 ++--
- pppd/options.c | 4 ++--
- pppd/sys-linux.c | 22 +++++++++++-----------
- pppd/tdb.c | 4 ++--
- pppd/tty.c | 4 ++--
- pppd/utils.c | 6 +++---
- 7 files changed, 23 insertions(+), 23 deletions(-)
-
-diff --git a/pppd/eap.c b/pppd/eap.c
-index 6ea6c1f..faced53 100644
---- a/pppd/eap.c
-+++ b/pppd/eap.c
-@@ -1226,7 +1226,7 @@ mode_t modebits;
+diff -Naur pppd.orig/eap.c pppd/eap.c
+--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200
+@@ -1542,7 +1542,7 @@
if ((path = name_of_pn_file()) == NULL)
return (-1);
err = errno;
free(path);
errno = err;
-diff --git a/pppd/main.c b/pppd/main.c
-index 87a5d29..152e4a2 100644
---- a/pppd/main.c
-+++ b/pppd/main.c
-@@ -400,7 +400,7 @@ main(int argc, char *argv[])
+diff -Naur pppd.orig/main.c pppd/main.c
+--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200
+@@ -479,7 +479,7 @@
die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */
-- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
-+ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
+- fd_devnull = open(PPP_DEVNULL, O_RDWR);
++ fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC);
if (fd_devnull < 0)
- fatal("Couldn't open %s: %m", _PATH_DEVNULL);
+ fatal("Couldn't open %s: %m", PPP_DEVNULL);
while (fd_devnull <= 2) {
-@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait)
- if (log_to_fd >= 0)
- errfd = log_to_fd;
- else
-- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
-+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
-
- ++conn_running;
- pid = safe_fork(in, out, errfd);
-diff --git a/pppd/options.c b/pppd/options.c
-index 1d754ae..8e62635 100644
---- a/pppd/options.c
-+++ b/pppd/options.c
-@@ -1544,9 +1544,9 @@ setlogfile(argv)
- option_error("unable to drop permissions to open %s: %m", *argv);
+diff -Naur pppd.orig/options.c pppd/options.c
+--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200
++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200
+@@ -1718,9 +1718,9 @@
+ ppp_option_error("unable to drop permissions to open %s: %m", *argv);
return 0;
}
- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
err = errno;
if (!privileged_option && seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
-diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
-index 8a12fa0..00a2cf5 100644
---- a/pppd/sys-linux.c
-+++ b/pppd/sys-linux.c
-@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
+@@ -666,7 +666,7 @@
goto err;
}
dbglog("using channel %d", chindex);
if (fd < 0) {
error("Couldn't reopen /dev/ppp: %m");
goto err;
-@@ -619,7 +619,7 @@ static int make_ppp_unit()
+@@ -904,7 +904,7 @@
dbglog("in make_ppp_unit, already had /dev/ppp open?");
close(ppp_dev_fd);
}
if (ppp_dev_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
flags = fcntl(ppp_dev_fd, F_GETFL);
-@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
+@@ -1025,7 +1025,7 @@
if (!new_style_driver)
return -1;
if (master_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
-@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
+@@ -2533,7 +2533,7 @@
if (tune_kernel) {
forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
if (forw_path != 0) {
if (fd >= 0) {
if (write(fd, "1", 1) != 1)
error("Couldn't enable IP forwarding: %m");
-@@ -2030,7 +2030,7 @@ int ppp_available(void)
+@@ -2878,7 +2878,7 @@
sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
kernel_version = KVERSION(osmaj, osmin, ospatch);
if (fd >= 0) {
new_style_driver = 1;
-@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
+@@ -3056,7 +3056,7 @@
#if __GLIBC__ >= 2
updwtmp(_PATH_WTMP, &ut);
#else
if (wtmp >= 0) {
flock(wtmp, LOCK_EX);
-@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
+@@ -3280,7 +3280,7 @@
int fd;
path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
if (write(fd, "1", 1) != 1)
error("Couldn't enable dynamic IP addressing: %m");
close(fd);
-@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+@@ -3534,7 +3534,7 @@
/*
* Try the unix98 way first.
*/
if (mfd >= 0) {
int ptn;
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
-@@ -2851,7 +2851,8 @@
+@@ -3545,7 +3545,8 @@
if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
warn("Couldn't unlock pty slave %s: %m", pty_name);
#endif
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+
-+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
- {
++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ {
warn("Couldn't open pty slave %s: %m", pty_name);
- close(mfd);
-@@ -2865,10 +2866,10 @@
+ close(mfd);
+@@ -3559,10 +3560,10 @@
for (i = 0; i < 64; ++i) {
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
'p' + i / 16, i % 16);
- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
+ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
if (sfd >= 0) {
- fchown(sfd, uid, -1);
- fchmod(sfd, S_IRUSR | S_IWUSR);
-diff --git a/pppd/tdb.c b/pppd/tdb.c
-index bdc5828..c7ab71c 100644
---- a/pppd/tdb.c
-+++ b/pppd/tdb.c
-@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+ ret = fchown(sfd, uid, -1);
+ if (ret != 0) {
+diff -Naur pppd.orig/tdb.c pppd/tdb.c
+--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200
++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200
+@@ -1728,7 +1728,7 @@
goto internal;
}
TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
name, strerror(errno)));
goto fail; /* errno set by open(2) */
-@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
+@@ -1971,7 +1971,7 @@
}
if (close(tdb->fd) != 0)
TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
if (tdb->fd == -1) {
TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
goto fail;
-diff --git a/pppd/tty.c b/pppd/tty.c
-index d571b11..bc96695 100644
---- a/pppd/tty.c
-+++ b/pppd/tty.c
-@@ -569,7 +569,7 @@ int connect_tty()
- status = EXIT_OPEN_FAILED;
+diff -Naur pppd.orig/tty.c pppd/tty.c
+--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200
+@@ -621,7 +621,7 @@
+ ppp_set_status(EXIT_OPEN_FAILED);
goto errret;
}
- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
err = errno;
if (prio < OPRIO_ROOT && seteuid(0) == -1)
fatal("Unable to regain privileges");
-@@ -723,7 +723,7 @@ int connect_tty()
+@@ -775,7 +775,7 @@
if (connector == NULL && modem && devnam[0] != 0) {
int i;
for (;;) {
break;
if (errno != EINTR) {
error("Failed to reopen %s: %m", devnam);
-diff --git a/pppd/utils.c b/pppd/utils.c
-index 29bf970..6051b9a 100644
---- a/pppd/utils.c
-+++ b/pppd/utils.c
-@@ -918,14 +918,14 @@ lock(dev)
- slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
+diff -Naur pppd.orig/utils.c pppd/utils.c
+--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200
+@@ -843,14 +843,14 @@
+ slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
#endif
- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
if (fd < 0) {
if (errno == ENOENT) /* This is just a timing problem. */
continue;
-@@ -1004,7 +1004,7 @@ relock(pid)
+@@ -933,7 +933,7 @@
if (lock_file[0] == 0)
return -1;
if (fd < 0) {
error("Couldn't reopen lock file %s: %m", lock_file);
lock_file[0] = 0;
---
-1.8.3.1
-
--- /dev/null
+diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c
+--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200
+@@ -146,7 +146,7 @@
+
+ if (!device_got_set)
+ no_device_given_pppoatm();
+- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd < 0)
+ fatal("failed to create socket: %m");
+ memset(&qos, 0, sizeof qos);
+diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c
+--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200
+@@ -116,7 +116,7 @@
+ stype = SOCK_PACKET;
+ #endif
+
+- if ((fd = socket(domain, stype, htons(type))) < 0) {
++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ /* Give a more helpful message for the common error case */
+ if (errno == EPERM) {
+ fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c
+--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200
+@@ -155,7 +155,7 @@
+ /* server equipment). */
+ /* Opening this socket just before waitForPADS in the discovery() */
+ /* function would be more appropriate, but it would mess-up the code */
+- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
+ if (conn->sessionSocket < 0) {
+ error("Failed to create PPPoE socket: %m");
+ return -1;
+@@ -166,7 +166,7 @@
+ lcp_wantoptions[0].mru = conn->mru = conn->storedmru;
+
+ /* Update maximum MRU */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0) {
+ error("Can't get MTU for %s: %m", conn->ifName);
+ goto errout;
+@@ -364,7 +364,7 @@
+ }
+
+ /* Open a socket */
+- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
+ r = 0;
+ }
+
+diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl2tp.c
+--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100
++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200
+@@ -93,7 +93,7 @@
+ int result;
+
+ if (openl2tp_fd < 0) {
+- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (openl2tp_fd < 0) {
+ error("openl2tp connection create: %m");
+ return -ENOTCONN;
+diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol2tp.c
+--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200
+@@ -220,7 +220,7 @@
+ struct ifreq ifr;
+ int fd;
+
+- fd = socket(AF_INET, SOCK_DGRAM, 0);
++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd >= 0) {
+ memset (&ifr, '\0', sizeof (ifr));
+ ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name));
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200
+@@ -499,12 +499,12 @@
+ void sys_init(void)
+ {
+ /* Get an internet socket for doing socket ioctls. */
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ fatal("Couldn't create IP socket: %m(%d)", errno);
+
+ #ifdef PPP_WITH_IPV6CP
+- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock6_fd < 0)
+ sock6_fd = -errno; /* save errno for later */
+ #endif
+@@ -2675,7 +2675,7 @@
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return -1;
+ memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
+@@ -2698,7 +2698,7 @@
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return -1;
+
+@@ -2915,7 +2915,7 @@
+ /*
+ * Open a socket for doing the ioctl operations.
+ */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0)
+ return 0;
+
+diff -Naur pppd.orig/tty.c pppd/tty.c
+--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200
++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200
+@@ -942,7 +942,7 @@
+ *sep = ':';
+
+ /* get a socket and connect it to the other end */
+- sock = socket(PF_INET, SOCK_STREAM, 0);
++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+ if (sock < 0) {
+ error("Can't create socket: %m");
+ return -1;
--- /dev/null
+diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h
+--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200
+@@ -143,7 +143,7 @@
+ #define STATE_TERMINATED 4
+
+ /* How many PADI/PADS attempts? */
+-#define MAX_PADI_ATTEMPTS 3
++#define MAX_PADI_ATTEMPTS 4
+
+ /* Initial timeout for PADO/PADS */
+ #define PADI_TIMEOUT 5
--- /dev/null
+diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c
+--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200
++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200
+@@ -46,6 +46,8 @@
+ #include <signal.h>
+ #include <net/if_arp.h>
+ #include <linux/ppp_defs.h>
++#define _LINUX_IN_H
++#define _LINUX_IN6_H
+ #include <linux/if_pppox.h>
+
+ #include <pppd/pppd.h>
--- /dev/null
+diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure
+--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100
++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200
+@@ -17774,10 +17774,10 @@
+ rm -f $2
+ if [ -f $1 ]; then
+ echo " $2 <= $1"
+- sed -e "s,@DESTDIR@,$prefix,g" \
+- -e "s,@SYSCONF@,$sysconfdir,g" \
+- -e "s,@CC@,$CC,g" \
+- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2
++ sed -e "s#@DESTDIR@#$prefix#g" \
++ -e "s#@SYSCONF@#$sysconfdir#g" \
++ -e "s#@CC@#$CC#g" \
++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2
+ fi
+ }
+