dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #81931 from andir/ppp

Browse Source 
ppp: 2.4.7 -> 2.4.8 & CVE-2020-8597 fix
This commit is contained in:
Jan Tojnar 2020-03-10 21:10:53 +01:00 committed by GitHub
commit 9d22d1d6f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
pkgs/tools/networking/ppp/default.nix
View File

@ -1,21 +1,18 @@
{ stdenv, fetchurl, substituteAll, libpcap, openssl }: { stdenv, fetchurl, fetchpatch, fetchFromGitHub, substituteAll, libpcap, openssl }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2.4.7"; version = "2.4.8";
pname = "ppp"; pname = "ppp";
src = fetchurl { src = fetchFromGitHub {
url = "mirror://samba/ppp/${pname}-${version}.tar.gz"; owner = "paulusmack";
sha256 = "0c7vrjxl52pdwi4ckrvfjr08b31lfpgwf3pp0cqy76a77vfs7q02"; repo = "ppp";
rev = "ppp-${version}";
sha256 = "1i88m79h6g3fzsb4yw3k8bq1grsx3hsyawm7id2vcaab0gfqzjjv";
}; };
patches = patches =
[ [
# fix for glibc>=2.28
(fetchurl {
url = "https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch";
sha256 = "0qlbi247lx3injpy8a1gcij9yilik0vfaibkpvdp88k3sa1rs69z";
})
( substituteAll { ( substituteAll {
src = ./nix-purity.patch; src = ./nix-purity.patch;
inherit libpcap; inherit libpcap;
@ -25,19 +22,20 @@ stdenv.mkDerivation rec {
# Without nonpriv.patch, pppd --version doesn't work when not run as # Without nonpriv.patch, pppd --version doesn't work when not run as
# root. # root.
./nonpriv.patch ./nonpriv.patch
(fetchurl { (fetchpatch {
name = "CVE-2015-3310.patch"; name = "CVE-2015-3310.patch";
url = "https://salsa.debian.org/roam/ppp/raw/ef5d585aca6b1200a52c7109caa66ef97964d76e/debian/patches/rc_mksid-no-buffer-overflow"; url = "https://github.com/paulusmack/ppp/commit/858976b1fc3107f1261aae337831959b511b83c2.patch";
sha256 = "1dk00j7bg9nfgskw39fagnwv1xgsmyv0xnkd6n1v5gy0psw0lvqh"; sha256 = "0wirmcis67xjwllqhz9lsz1b7dcvl8shvz78lxgybc70j2sv7ih4";
})
(fetchurl {
url = "https://salsa.debian.org/roam/ppp/raw/ef5d585aca6b1200a52c7109caa66ef97964d76e/debian/patches/0016-pppoe-include-netinet-in.h-before-linux-in.h.patch";
sha256 = "1xnmqn02kc6g5y84xynjwnpv9cvrfn3nyv7h7r8j8xi7qf2aj4q8";
}) })
(fetchurl { (fetchurl {
url = https://www.nikhef.nl/~janjust/ppp/ppp-2.4.7-eaptls-mppe-1.102.patch; url = https://www.nikhef.nl/~janjust/ppp/ppp-2.4.7-eaptls-mppe-1.102.patch;
sha256 = "04war8l5szql53l36043hvzgfwqp3v76kj8brbz7wlf7vs2mlkia"; sha256 = "04war8l5szql53l36043hvzgfwqp3v76kj8brbz7wlf7vs2mlkia";
}) })
(fetchpatch {
name = "CVE-2020-8597.patch";
url = "https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426.patch";
sha256 = "129wnhwxmzvr3y9gzxv82jnb5y8m4yg8vkpa0xl2rwkl8anbzgkh";
})
./musl-fix-headers.patch ./musl-fix-headers.patch
]; ];
@ -49,6 +47,7 @@ stdenv.mkDerivation rec {
# everything anyway so we remove it from the Makefiles # everything anyway so we remove it from the Makefiles
for file in $(find -name Makefile.linux); do for file in $(find -name Makefile.linux); do
substituteInPlace "$file" --replace '$(INSTALL) -s' '$(INSTALL)' substituteInPlace "$file" --replace '$(INSTALL) -s' '$(INSTALL)'
substituteInPlace "$file" --replace '-m 4550' '-m 550'
done done
''; '';

6
pkgs/tools/networking/ppp/musl-fix-headers.patch
View File

@ -34,8 +34,8 @@ index c81213b..305aece 100644
+#include <sys/cdefs.h> +#include <sys/cdefs.h>
+ +
void magic_init __P((void)); /* Initialize the magic number generator */ void magic_init (void); /* Initialize the magic number generator */
u_int32_t magic __P((void)); /* Returns the next magic number */ u_int32_t magic (void); /* Returns the next magic number */
diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
index 91e9a57..9c0fac3 100644 index 91e9a57..9c0fac3 100644
@ -119,7 +119,7 @@ index 6d71530..86d224e 100644
#define MAX_ADDR_LEN 7 #define MAX_ADDR_LEN 7
#endif #endif
-#if __GLIBC__ >= 2 -#if !defined(__GLIBC__) || __GLIBC__ >= 2
#include <asm/types.h> /* glibc 2 conflicts with linux/types.h */ #include <asm/types.h> /* glibc 2 conflicts with linux/types.h */
#include <net/if.h> #include <net/if.h>
#include <net/if_arp.h> #include <net/if_arp.h>

12
pkgs/tools/networking/ppp/nix-purity.patch
View File

@ -1,26 +1,26 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 1ebebec..bf90c62 100644 index 9664f70..d07e01e 100644
--- a/pppd/Makefile.linux --- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux +++ b/pppd/Makefile.linux
@@ -120,7 +120,7 @@ CFLAGS += -DHAS_SHADOW @@ -125,7 +125,7 @@ CFLAGS += -DHAS_SHADOW
#LIBS += -lshadow $(LIBS) #LIBS += -lshadow $(LIBS)
endif endif
-ifneq ($(wildcard /usr/include/crypt.h),) -ifneq ($(wildcard $(shell $(CC) --print-sysroot)/usr/include/crypt.h),)
+ifneq ($(wildcard @glibc@/include/crypt.h),) +ifneq ($(wildcard @glibc@/include/crypt.h),)
CFLAGS += -DHAVE_CRYPT_H=1 CFLAGS += -DHAVE_CRYPT_H=1
LIBS += -lcrypt LIBS += -lcrypt
endif endif
@@ -132,7 +132,7 @@ endif @@ -137,7 +137,7 @@ endif
ifdef NEEDDES ifdef NEEDDES
ifndef USE_CRYPT ifndef USE_CRYPT
-CFLAGS += -I/usr/include/openssl -CFLAGS += -I$(shell $(CC) --print-sysroot)/usr/include/openssl
+CFLAGS += -I@openssl@/include/openssl +CFLAGS += -I@openssl@/include/openssl
LIBS += -lcrypto LIBS += -lcrypto
else else
CFLAGS += -DUSE_CRYPT=1 CFLAGS += -DUSE_CRYPT=1
@@ -178,7 +178,7 @@ LIBS += -ldl @@ -188,7 +188,7 @@ LIBS += -ldl
endif endif
ifdef FILTER ifdef FILTER