ppp: Import general patches from Void-Linux

4 files changed, 179 insertions, 0 deletions

diff --git a/net/ppp/HISTORY b/net/ppp/HISTORY
index 88b4fc83ff..62582182f7 100644
--- a/net/ppp/HISTORY
+++ b/net/ppp/HISTORY
@@ -4,6 +4,9 @@
 	* PRE_BUILD: Made the build system respect build flags
 	* BUILD: Added LDFLAGS to COPTS
 	* PRE_BUILD, mppe-header.patch: Move patch to a patches folder
+	* patches/CVE-2015-3310.patch, patches/netinet_in_h_fix.patch,
+	  patches/openssl_DES.patch, patches/openssl_include.patch:
+	  Imported general patches from Void-Linux
 
 2017-01-13 David C. Haley <khoralin@gmail.com>
 	* DETAILS: updated SOURCE_URL
diff --git a/net/ppp/patches/CVE-2015-3310.patch b/net/ppp/patches/CVE-2015-3310.patch
new file mode 100644
index 0000000000..2f5d57cf28
--- /dev/null
+++ b/net/ppp/patches/CVE-2015-3310.patch
@@ -0,0 +1,18 @@
+Fix buffer overflow in rc_mksid()
+
+rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
+If the process id is bigger than 65535 (FFFF), its hex representation will be
+longer than 4 characters, resulting in a buffer overflow.
+
+The bug can be exploited to cause a remote DoS.
+--- a/pppd/plugins/radius/util.c
++++ b/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+   static unsigned short int cnt = 0;
+   sprintf (buf, "%08lX%04X%02hX",
+	   (unsigned long int) time (NULL),
+-	   (unsigned int) getpid (),
++	   (unsigned int) getpid () & 0xFFFF,
+	   cnt & 0xFF);
+   cnt++;
+   return buf;
diff --git a/net/ppp/patches/netinet_in_h_fix.patch b/net/ppp/patches/netinet_in_h_fix.patch
new file mode 100644
index 0000000000..000613d619
--- /dev/null
+++ b/net/ppp/patches/netinet_in_h_fix.patch
@@ -0,0 +1,37 @@
+From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Mon, 9 Jan 2017 13:34:23 +0000
+Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
+
+This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be
+included before <linux/in.h> otherwise the earlier, unaware of the latter,
+tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work
+alone anymore, since it pulls the headers in the wrong order, so we better
+include <netinet/in.h> early.
+---
+ pppd/plugins/rp-pppoe/pppoe.h | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+index 9ab2eee3..c4aaa6e6 100644
+--- a/pppd/plugins/rp-pppoe/pppoe.h
++++ b/pppd/plugins/rp-pppoe/pppoe.h
+@@ -47,6 +47,10 @@
+ #include <sys/socket.h>
+ #endif
+
++/* This has to be included before Linux 4.8's linux/in.h
++ * gets dragged in. */
++#include <netinet/in.h>
++
+ /* Ugly header files on some Linux boxes... */
+ #if defined(HAVE_LINUX_IF_H)
+ #include <linux/if.h>
+@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t;
+ #include <linux/if_ether.h>
+ #endif
+
+-#include <netinet/in.h>
+-
+ #ifdef HAVE_NETINET_IF_ETHER_H
+ #include <sys/types.h>
diff --git a/net/ppp/patches/openssl_DES.patch b/net/ppp/patches/openssl_DES.patch
new file mode 100644
index 0000000000..28fd4825d0
--- /dev/null
+++ b/net/ppp/patches/openssl_DES.patch
@@ -0,0 +1,121 @@
+From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
+Date: Fri, 6 Apr 2018 14:27:18 +0200
+Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc
+
+It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
+libcrypt.  The libxcrypt standalone package can be used instead, but
+it dropped the old setkey/encrypt API which ppp uses for DES.  There
+is support for using openssl in pppcrypt.c, but it contains typos
+preventing it from compiling and seems to be written for an ancient
+openssl version.
+
+This updates the code to use current openssl.
+
+[paulus@ozlabs.org - wrote the commit description, fixed comment in
+ Makefile.linux.]
+[ismael@sourcemage.org: Merged openssl include fix]
+
+Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Ismael Luceno <ismael@sourcemage.org>
+---
+ pppd/Makefile.linux |    6 +++---
+ pppd/pppcrypt.c     |   18 +++++++++---------
+ pppd/pppcrypt.h     |    2 +-
+ 3 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 36d2b036..8d5ce99d 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -35,10 +35,10 @@ endif
+ COPTS = -O2 -pipe -Wall -g
+ LIBS =
+
+-# Uncomment the next 2 lines to include support for Microsoft's
++# Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
+ CHAPMS=y
+-USE_CRYPT=y
++#USE_CRYPT=y
+ # Don't use MSLANMAN unless you really know what you're doing.
+ #MSLANMAN=y
+ # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
+@@ -132,7 +132,7 @@ endif
+
+ ifdef NEEDDES
+ ifndef USE_CRYPT
+-LIBS     += -ldes $(LIBS)
++LIBS     += -lcrypto
+ else
+ CFLAGS   += -DUSE_CRYPT=1
+ endif
+diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
+index 8b85b132..6b35375e 100644
+--- a/pppd/pppcrypt.c
++++ b/pppd/pppcrypt.c
+@@ -64,7 +64,7 @@ u_char *des_key;	/* OUT 64 bit DES key with parity bits added */
+	des_key[7] = Get7Bits(key, 49);
+
+ #ifndef USE_CRYPT
+-	des_set_odd_parity((des_cblock *)des_key);
++	DES_set_odd_parity((DES_cblock *)des_key);
+ #endif
+ }
+
+@@ -158,25 +158,25 @@ u_char *clear;	/* OUT 8 octets */
+ }
+
+ #else /* USE_CRYPT */
+-static des_key_schedule	key_schedule;
++static DES_key_schedule	key_schedule;
+
+ bool
+ DesSetkey(key)
+ u_char *key;
+ {
+-	des_cblock des_key;
++	DES_cblock des_key;
+	MakeKey(key, des_key);
+-	des_set_key(&des_key, key_schedule);
++	DES_set_key(&des_key, &key_schedule);
+	return (1);
+ }
+
+ bool
+-DesEncrypt(clear, key, cipher)
++DesEncrypt(clear, cipher)
+ u_char *clear;	/* IN  8 octets */
+ u_char *cipher;	/* OUT 8 octets */
+ {
+-	des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
+-	    key_schedule, 1);
++	DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
++	    &key_schedule, 1);
+	return (1);
+ }
+
+@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
+ u_char *cipher;	/* IN  8 octets */
+ u_char *clear;	/* OUT 8 octets */
+ {
+-	des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
+-	    key_schedule, 0);
++	DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
++	    &key_schedule, 0);
+	return (1);
+ }
+
+diff --git a/pppd/pppcrypt.h b/pppd/pppcrypt.h
+--- a/pppd/pppcrypt.h
++++ b/pppd/pppcrypt.h
+@@ -38,7 +38,7 @@
+ #endif
+
+ #ifndef USE_CRYPT
+-#include <des.h>
++#include <openssl/des.h>
+ #endif
+
+ extern bool	DesSetkey __P((u_char *));