[src/trunk]: src/external/bsd/ppp/dist import new pppd:

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/external/bsd/ppp/dist import new pppd:
From: christos <christos%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 03:54:00 +0000
details:   https://anonhg.NetBSD.org/src/rev/8ab857ef7b73
branches:  trunk
changeset: 803398:8ab857ef7b73
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Oct 25 18:43:24 2014 +0000

description:
import new pppd:
* Fixed a potential security issue in parsing option files (CVE-2014-3158).
* There is a new "stop-bits" option, which takes an argument of 1 or 2,
  indicating the number of stop bits to use for async serial ports.
* Various bug fixes.

diffstat:

 external/bsd/ppp/dist/.gitignore                       |    7 +
 external/bsd/ppp/dist/PLUGINS                          |    2 +-
 external/bsd/ppp/dist/README                           |   32 +-
 external/bsd/ppp/dist/README.pppoe                     |   93 ++
 external/bsd/ppp/dist/pppd/plugins/passprompt.c        |  110 ++
 external/bsd/ppp/dist/pppd/plugins/pppol2tp/pppol2tp.c |   30 +-
 external/bsd/ppp/dist/pppd/plugins/winbind.c           |  669 +++++++++++++++++
 external/bsd/ppp/dist/pppdump/pppdump.8                |    2 +-
 external/bsd/ppp/dist/pppstats/pppstats.8              |    2 +-
 9 files changed, 925 insertions(+), 22 deletions(-)

diffs (truncated from 1035 to 300 lines):

diff -r af5f8e28333c -r 8ab857ef7b73 external/bsd/ppp/dist/.gitignore
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/ppp/dist/.gitignore  Sat Oct 25 18:43:24 2014 +0000
@@ -0,0 +1,7 @@
+*.orig
+*~
+*.o
+*.so
+*.a
+*.cat8
+Makefile
diff -r af5f8e28333c -r 8ab857ef7b73 external/bsd/ppp/dist/PLUGINS
--- a/external/bsd/ppp/dist/PLUGINS     Sat Oct 25 18:15:18 2014 +0000
+++ b/external/bsd/ppp/dist/PLUGINS     Sat Oct 25 18:43:24 2014 +0000
@@ -284,4 +284,4 @@
 
 
 
-## Id: PLUGINS,v 1.8 2008/06/15 07:02:18 paulus Exp  ##
+## $Id: PLUGINS,v 1.1.1.2 2014/10/25 18:43:25 christos Exp $ ##
diff -r af5f8e28333c -r 8ab857ef7b73 external/bsd/ppp/dist/README
--- a/external/bsd/ppp/dist/README      Sat Oct 25 18:15:18 2014 +0000
+++ b/external/bsd/ppp/dist/README      Sat Oct 25 18:43:24 2014 +0000
@@ -61,9 +61,39 @@
 authenticating itself to you, of course.)
 
 
-What's new in ppp-2.4.5.
+What's new in ppp-2.4.7.
 ************************
 
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+  indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
+* Man page updates.
+
+* Several bug fixes.
+
+* Options files can now set and unset environment variables for
+  scripts.
+
+* The timeout for chat scripts can now be taken from an environment
+  variable.
+
+* There is a new option, master_detach, which allows pppd to detach
+  from the controlling terminal when it is the multilink bundle master
+  but its own link has terminated, even if the nodetach option has
+  been given.
+
+
+What was new in ppp-2.4.5.
+**************************
+
 * Under Linux, pppd can now operate in a mode where it doesn't request
   the peer's IP address, as some peers refuse to supply an IP address.
   Since Linux supports device routes as well as gateway routes, it's
diff -r af5f8e28333c -r 8ab857ef7b73 external/bsd/ppp/dist/README.pppoe
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/ppp/dist/README.pppoe        Sat Oct 25 18:43:24 2014 +0000
@@ -0,0 +1,93 @@
+               PPPoE Support
+               -------------
+
+               Michal Ostrowski
+               8 August 2001
+
+               for ppp-2.4.2
+               Updated for ppp-2.4.5 by Paul Mackerras, Sep 08
+
+1. Introduction
+---------------
+
+This document describes the support for PPP over Ethernet (PPPoE)
+included with this package.  It is assumed that the reader is
+familiar with Linux PPP (as it pertains to tty/modem-based
+connections).  In particular, users of PPP in the Linux 2.2 series
+kernels should ensure they are familiar with the changes to the PPP
+implementation in the 2.4 series kernels before attempting to use
+PPPoE features.
+
+If you are not familiar with PPP, I recommend looking at other
+packages which include end-user configuration tools, such as Roaring
+Penguin (http://www.roaringpenguin.com/pppoe).
+
+PPPoE is a protocol typically used by *DSL providers to manage IP
+addresses and authenticate users.  Essentially, PPPoE provides for a
+PPP connection to be established not over a physical serial-line or
+modem, but over a logical connection between two unique MAC-addresses
+on an ethernet network.  Once the PPPoE layer discovers the end-points
+to be used in the link and negotiates it, frames may be sent to and
+received from the PPPoE layer just as if the link was a serial line
+(or that is how it's supposed to be).
+
+With this in mind, the goal of the implementation of PPPoE support in
+Linux is to allow users to simply specify that the device they intend
+to use for the PPP connection is an ethernet device (e.g. "eth0") and
+the rest of the system should function as usual.
+
+2. Using PPPoE
+--------------
+
+This section is a quick guide for getting PPPoE working, to allow one
+to connect to their ISP who is providing PPPoE based services.
+
+1.  Enable "Prompt for development and/or incomplete code/drivers" and
+    "PPP over Ethernet" in your kernel configuration.  Most distributions
+    will include the kernel PPPoE module by default.
+
+2.  Compile and install your kernel.
+
+3.  Install the ppp package.
+
+4.  Add the following line to /etc/ppp/options:
+
+    plugin rp-pppoe.so
+
+    The effect of this line is simply to make "eth0", "eth1",
+    ....,"ethx" all valid device names for pppd (just like ttyS0,
+    ttyS1).
+
+5.  Add the necessary authentication options to your pppd
+    configuration (i.e. PAP/CHAP information).  If you wish to
+    maintain seperate configurations for different devices you may
+    place configuration options in device-specific configuration
+    files: /etc/ppp/options.devname (devname=ttyS0, ttyS1, eth0, eth1
+    or any other valid device name).
+
+6.  Invoke pppd with the appropriate device name: e.g. "pppd eth0"
+
+
+Do not include any compression or flow control options in your PPPoE
+configuration.  They will be ignored.
+
+Again, here it is assumed that the reader is familiar with the general
+process of configuring PPP.  The steps outlined here refer only to the
+steps and configuration options which are PPPoE specific, and it is
+assumed that the reader will also configure other aspects of the system
+(e.g. PAP authentication parameters).
+
+3.  Advanced Functionality
+--------------------------
+
+For more advanced functionality (such as providing PPPoE services) and
+user configuration tools, look to the Roaring Penguin PPPoE software
+package (http://www.roaringpenguin.com/pppoe).
+
+4.  Credits
+-----------
+
+The PPPoE plugin included in this package is a component of the
+Roaring Penguin PPPoE package, included in this package courtesy of
+Roaring Penguin Software. (http://www.roaringpenguin.com).
+
diff -r af5f8e28333c -r 8ab857ef7b73 external/bsd/ppp/dist/pppd/plugins/passprompt.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/ppp/dist/pppd/plugins/passprompt.c   Sat Oct 25 18:43:24 2014 +0000
@@ -0,0 +1,110 @@
+/*
+ * passprompt.c - pppd plugin to invoke an external PAP password prompter
+ *
+ * Copyright 1999 Paul Mackerras, Alan Curry.
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version
+ *  2 of the License, or (at your option) any later version.
+ */
+#include <errno.h>
+#include <unistd.h>
+#include <sys/wait.h>
+#include <syslog.h>
+#include "pppd.h"
+
+char pppd_version[] = VERSION;
+
+static char promptprog[PATH_MAX+1];
+
+static option_t options[] = {
+    { "promptprog", o_string, promptprog,
+      "External PAP password prompting program",
+      OPT_STATIC, NULL, PATH_MAX },
+    { NULL }
+};
+
+static int promptpass(char *user, char *passwd)
+{
+    int p[2];
+    pid_t kid;
+    int readgood, wstat;
+    ssize_t red;
+
+    if (promptprog[0] == 0 || access(promptprog, X_OK) < 0)
+       return -1;      /* sorry, can't help */
+
+    if (!passwd)
+       return 1;
+
+    if (pipe(p)) {
+       warn("Can't make a pipe for %s", promptprog);
+       return 0;
+    }
+    if ((kid = fork()) == (pid_t) -1) {
+       warn("Can't fork to run %s", promptprog);
+       close(p[0]);
+       close(p[1]);
+       return 0;
+    }
+    if (!kid) {
+       /* we are the child, exec the program */
+       char *argv[5], fdstr[32];
+       sys_close();
+       closelog();
+       close(p[0]);
+       seteuid(getuid());
+       setegid(getgid());
+       argv[0] = promptprog;
+       argv[1] = user;
+       argv[2] = remote_name;
+       sprintf(fdstr, "%d", p[1]);
+       argv[3] = fdstr;
+       argv[4] = 0;
+       execv(*argv, argv);
+       _exit(127);
+    }
+
+    /* we are the parent, read the password from the pipe */
+    close(p[1]);
+    readgood = 0;
+    do {
+       red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood);
+       if (red == 0)
+           break;
+       if (red < 0) {
+           if (errno == EINTR)
+               continue;
+           error("Can't read secret from %s: %m", promptprog);
+           readgood = -1;
+           break;
+       }
+       readgood += red;
+    } while (readgood < MAXSECRETLEN - 1);
+    close(p[0]);
+
+    /* now wait for child to exit */
+    while (waitpid(kid, &wstat, 0) < 0) {
+       if (errno != EINTR) {
+           warn("error waiting for %s: %m", promptprog);
+           break;
+       }
+    }
+
+    if (readgood < 0)
+       return 0;
+    passwd[readgood] = 0;
+    if (!WIFEXITED(wstat))
+       warn("%s terminated abnormally", promptprog);
+    if (WEXITSTATUS(wstat))
+       warn("%s exited with code %d", promptprog, WEXITSTATUS(status));
+
+    return 1;
+}
+
+void plugin_init(void)
+{
+    add_options(options);
+    pap_passwd_hook = promptpass;
+}
diff -r af5f8e28333c -r 8ab857ef7b73 external/bsd/ppp/dist/pppd/plugins/pppol2tp/pppol2tp.c
--- a/external/bsd/ppp/dist/pppd/plugins/pppol2tp/pppol2tp.c    Sat Oct 25 18:15:18 2014 +0000
+++ b/external/bsd/ppp/dist/pppd/plugins/pppol2tp/pppol2tp.c    Sat Oct 25 18:43:24 2014 +0000
@@ -74,8 +74,6 @@
 
 static void (*old_snoop_recv_hook)(unsigned char *p, int len) = NULL;
 static void (*old_snoop_send_hook)(unsigned char *p, int len) = NULL;
-static void (*old_ip_up_hook)(void) = NULL;
-static void (*old_ip_down_hook)(void) = NULL;
 
 /* Hook provided to allow other plugins to handle ACCM changes */
 void (*pppol2tp_send_accm_hook)(int tunnel_id, int session_id,
@@ -436,22 +434,18 @@
  * Interface up/down events
  *****************************************************************************/
 
-static void pppol2tp_ip_up_hook(void)
+static void pppol2tp_ip_up(void *opaque, int arg)
 {
-       if (old_ip_up_hook != NULL)
-               (*old_ip_up_hook)();
-
+       /* may get called twice (for IPv4 and IPv6) but the hook handles that well */
        if (pppol2tp_ip_updown_hook != NULL) {
                (*pppol2tp_ip_updown_hook)(pppol2tp_tunnel_id,
Prev by Date: [src/trunk]: src/sys/dev/ic Fix typo. Use format string.
Next by Date: [src/trunk]: src/external/bsd/ppp/dist * Fixed a potential security issue in ...
Previous by Thread: [src/trunk]: src/sys/dev/ic Fix typo. Use format string.
Next by Thread: [src/trunk]: src/external/bsd/ppp/dist * Fixed a potential security issue in ...
Indexes:
Home | Main Index | Thread Index | Old Index