ppp: Build against openssl

libcrypt has been removed from glibc and openssl
can be used instead for cryptographic operations.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/core/125/filelists/ppp b/config/rootfiles/core/125/filelists/ppp
new file mode 120000 (symlink)
index 0000000..4844a9b
--- /dev/null
+++ b/config/rootfiles/core/125/filelists/ppp
@@ -0,0 +1 @@
+../../../common/ppp
\ No newline at end of file

diff --git a/lfs/ppp b/lfs/ppp
index 45fc2caab9127bd51241f6e1d1183c949d204d34..f02864cc05ae879b02d901b67128d40726516942 100644 (file)
--- a/lfs/ppp
+++ b/lfs/ppp
@@ -79,6 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch

+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp-2.4.7-openssl.patch

        cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
        cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
        cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
        cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
        cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
        cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"

diff --git a/src/patches/ppp-2.4.7-openssl.patch b/src/patches/ppp-2.4.7-openssl.patch
new file mode 100644 (file)
index 0000000..cbb5857
--- /dev/null
+++ b/src/patches/ppp-2.4.7-openssl.patch
@@ -0,0 +1,110 @@
+From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
+Date: Fri, 6 Apr 2018 14:27:18 +0200
+Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
+libcrypt.  The libxcrypt standalone package can be used instead, but
+it dropped the old setkey/encrypt API which ppp uses for DES.  There
+is support for using openssl in pppcrypt.c, but it contains typos
+preventing it from compiling and seems to be written for an ancient
+openssl version.
+
+This updates the code to use current openssl.
+
+[paulus@ozlabs.org - wrote the commit description, fixed comment in
+ Makefile.linux.]
+
+Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/Makefile.linux |  7 ++++---
+ pppd/pppcrypt.c     | 18 +++++++++---------
+ 2 files changed, 13 insertions(+), 12 deletions(-)
+
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 36d2b036..8d5ce99d 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -35,10 +35,10 @@ endif
+ COPTS = -O2 -pipe -Wall -g
+ LIBS =
+ 
+-# Uncomment the next 2 lines to include support for Microsoft's
++# Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
+ CHAPMS=y
+-USE_CRYPT=y
++#USE_CRYPT=y
+ # Don't use MSLANMAN unless you really know what you're doing.
+ #MSLANMAN=y
+ # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
+@@ -137,7 +137,8 @@ endif
+ 
+ ifdef NEEDDES
+ ifndef USE_CRYPT
+-LIBS     += -ldes $(LIBS)
++CFLAGS   += -I/usr/include/openssl
++LIBS     += -lcrypto
+ else
+ CFLAGS   += -DUSE_CRYPT=1
+ endif
+diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
+index 8b85b132..6b35375e 100644
+--- a/pppd/pppcrypt.c
++++ b/pppd/pppcrypt.c
+@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key with parity bits added */
+       des_key[7] = Get7Bits(key, 49);
+ 
+ #ifndef USE_CRYPT
+-      des_set_odd_parity((des_cblock *)des_key);
++      DES_set_odd_parity((DES_cblock *)des_key);
+ #endif
+ }
+ 
+@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */
+ }
+ 
+ #else /* USE_CRYPT */
+-static des_key_schedule       key_schedule;
++static DES_key_schedule       key_schedule;
+ 
+ bool
+ DesSetkey(key)
+ u_char *key;
+ {
+-      des_cblock des_key;
++      DES_cblock des_key;
+       MakeKey(key, des_key);
+-      des_set_key(&des_key, key_schedule);
++      DES_set_key(&des_key, &key_schedule);
+       return (1);
+ }
+ 
+ bool
+-DesEncrypt(clear, key, cipher)
++DesEncrypt(clear, cipher)
+ u_char *clear;        /* IN  8 octets */
+ u_char *cipher;       /* OUT 8 octets */
+ {
+-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
+-          key_schedule, 1);
++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
++          &key_schedule, 1);
+       return (1);
+ }
+ 
+@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
+ u_char *cipher;       /* IN  8 octets */
+ u_char *clear;        /* OUT 8 octets */
+ {
+-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
+-          key_schedule, 0);
++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
++          &key_schedule, 0);
+       return (1);
+ }
+