From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [RFC] ppp: Fixes to build with glibc >= 2.28
Date: Fri, 18 Jan 2019 10:26:16 +0100 [thread overview]
Message-ID: <20190118092616.pv4a6icdhu5dag34@pengutronix.de> (raw)
In-Reply-To: <20190109233243.GA21728@lenoch>
On Thu, Jan 10, 2019 at 12:32:43AM +0100, Ladislav Michl wrote:
> ppp does not build with glibc-2.28 as it dropped libcrypt. Upstream has patch:
> https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875
>
> However it is a bit mystery to me as pppd/auth.c and pppd/session.c
> are still using crypt() and there is not anything to provide it
> (I mean in upstream package - there still is something remaining
> from -lcrypt, it can be linked against both -lcrypto and -lcrypt and
> crypt() will be satisfied - I just do not see how is upstream doing that).
> Thus activate no_crypt_hack. All this is done regardless glibc
> version as we do not currently have a way to detect it.
crypt() is still available. It's just encrypt() and setkey() that are
gone.
> GLIBC_VERSION from rules/glibc.make is not very usefull and we
> should probably introduce some magic in rules/pre/glibc.make
> Better ideas?
We could just disable the parts that use this stuff. Is this actually still
needed? We're talking about DES here and that's not secure anyways. Is that
actually still used?
Michael
> Thank you,
> ladis
> ---
> patches/ppp-2.4.7/0001-adaptive_echos.patch | 8 +-
> ...-for-the-DES-instead-of-the-libcrypt.patch | 109 ++++++++++++++++++
> ...31-pppd-make-makefile-sysroot-aware.patch} | 15 ++-
> ...the-self-made-configure-cross-aware.patch} | 0
> patches/ppp-2.4.7/series | 7 +-
> rules/ppp.in | 8 +-
> rules/ppp.make | 6 +-
> 7 files changed, 137 insertions(+), 16 deletions(-)
> create mode 100644 patches/ppp-2.4.7/0030-pppd-Use-openssl-for-the-DES-instead-of-the-libcrypt.patch
> rename patches/ppp-2.4.7/{0030-pppd-make-makefile-sysroot-aware.patch => 0031-pppd-make-makefile-sysroot-aware.patch} (77%)
> rename patches/ppp-2.4.7/{0031-pppd-make-the-self-made-configure-cross-aware.patch => 0032-pppd-make-the-self-made-configure-cross-aware.patch} (100%)
>
> diff --git a/patches/ppp-2.4.7/0001-adaptive_echos.patch b/patches/ppp-2.4.7/0001-adaptive_echos.patch
> index c736a350d..63b67d87e 100644
> --- a/patches/ppp-2.4.7/0001-adaptive_echos.patch
> +++ b/patches/ppp-2.4.7/0001-adaptive_echos.patch
> @@ -28,10 +28,11 @@ index 8ed2778bfb67..c97a64b7774f 100644
> { "lcp-restart", o_int, &lcp_fsm[0].timeouttime,
> "Set time in seconds between LCP retransmissions", OPT_PRIO },
> { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits,
> -@@ -2332,6 +2335,22 @@ LcpSendEchoRequest (f)
> +@@ -2331,6 +2334,22 @@ LcpSendEchoRequest (f)
> + }
> }
>
> - /*
> ++ /*
> + * If adaptive echos have been enabled, only send the echo request if
> + * no traffic was received since the last one.
> + */
> @@ -47,10 +48,9 @@ index 8ed2778bfb67..c97a64b7774f 100644
> + }
> + }
> +
> -+ /*
> + /*
> * Make and send the echo request frame.
> */
> - if (f->state == OPENED) {
> diff --git a/pppd/pppd.8 b/pppd/pppd.8
> index e2768b135273..b7fd0bdaab52 100644
> --- a/pppd/pppd.8
> diff --git a/patches/ppp-2.4.7/0030-pppd-Use-openssl-for-the-DES-instead-of-the-libcrypt.patch b/patches/ppp-2.4.7/0030-pppd-Use-openssl-for-the-DES-instead-of-the-libcrypt.patch
> new file mode 100644
> index 000000000..84b8a3c7f
> --- /dev/null
> +++ b/patches/ppp-2.4.7/0030-pppd-Use-openssl-for-the-DES-instead-of-the-libcrypt.patch
> @@ -0,0 +1,109 @@
> +From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
> +Date: Fri, 6 Apr 2018 14:27:18 +0200
> +Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
> +libcrypt. The libxcrypt standalone package can be used instead, but
> +it dropped the old setkey/encrypt API which ppp uses for DES. There
> +is support for using openssl in pppcrypt.c, but it contains typos
> +preventing it from compiling and seems to be written for an ancient
> +openssl version.
> +
> +This updates the code to use current openssl.
> +
> +[paulus@ozlabs.org - wrote the commit description, fixed comment in
> + Makefile.linux.]
> +
> +Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
> +Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
> +---
> + pppd/Makefile.linux | 7 ++++---
> + pppd/pppcrypt.c | 18 +++++++++---------
> + 2 files changed, 13 insertions(+), 12 deletions(-)
> +
> +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
> +index f1b2c90bb510..4d536f84c7ba 100644
> +--- a/pppd/Makefile.linux
> ++++ b/pppd/Makefile.linux
> +@@ -35,10 +35,10 @@ endif
> + COPTS = -O2 -pipe -Wall -g
> + LIBS =
> +
> +-# Uncomment the next 2 lines to include support for Microsoft's
> ++# Uncomment the next line to include support for Microsoft's
> + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
> + CHAPMS=y
> +-USE_CRYPT=y
> ++#USE_CRYPT=y
> + # Don't use MSLANMAN unless you really know what you're doing.
> + #MSLANMAN=y
> + # Uncomment the next line to include support for MPPE. CHAPMS (above) must
> +@@ -137,7 +137,8 @@ endif
> +
> + ifdef NEEDDES
> + ifndef USE_CRYPT
> +-LIBS += -ldes $(LIBS)
> ++CFLAGS += -I/usr/include/openssl
> ++LIBS += -lcrypto
> + else
> + CFLAGS += -DUSE_CRYPT=1
> + endif
> +diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
> +index 8b85b13276ab..6b35375edc5e 100644
> +--- a/pppd/pppcrypt.c
> ++++ b/pppd/pppcrypt.c
> +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
> + des_key[7] = Get7Bits(key, 49);
> +
> + #ifndef USE_CRYPT
> +- des_set_odd_parity((des_cblock *)des_key);
> ++ DES_set_odd_parity((DES_cblock *)des_key);
> + #endif
> + }
> +
> +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
> + }
> +
> + #else /* USE_CRYPT */
> +-static des_key_schedule key_schedule;
> ++static DES_key_schedule key_schedule;
> +
> + bool
> + DesSetkey(key)
> + u_char *key;
> + {
> +- des_cblock des_key;
> ++ DES_cblock des_key;
> + MakeKey(key, des_key);
> +- des_set_key(&des_key, key_schedule);
> ++ DES_set_key(&des_key, &key_schedule);
> + return (1);
> + }
> +
> + bool
> +-DesEncrypt(clear, key, cipher)
> ++DesEncrypt(clear, cipher)
> + u_char *clear; /* IN 8 octets */
> + u_char *cipher; /* OUT 8 octets */
> + {
> +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
> +- key_schedule, 1);
> ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
> ++ &key_schedule, 1);
> + return (1);
> + }
> +
> +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
> + u_char *cipher; /* IN 8 octets */
> + u_char *clear; /* OUT 8 octets */
> + {
> +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
> +- key_schedule, 0);
> ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
> ++ &key_schedule, 0);
> + return (1);
> + }
> +
> diff --git a/patches/ppp-2.4.7/0030-pppd-make-makefile-sysroot-aware.patch b/patches/ppp-2.4.7/0031-pppd-make-makefile-sysroot-aware.patch
> similarity index 77%
> rename from patches/ppp-2.4.7/0030-pppd-make-makefile-sysroot-aware.patch
> rename to patches/ppp-2.4.7/0031-pppd-make-makefile-sysroot-aware.patch
> index 098b526c6..ac9959009 100644
> --- a/patches/ppp-2.4.7/0030-pppd-make-makefile-sysroot-aware.patch
> +++ b/patches/ppp-2.4.7/0031-pppd-make-makefile-sysroot-aware.patch
> @@ -9,11 +9,11 @@ ones.
> Signed-off-by: Marc Kleine-Budde <m.kleine-budde@pengutronix.de>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
> - pppd/Makefile.linux | 6 +++---
> - 1 file changed, 3 insertions(+), 3 deletions(-)
> + pppd/Makefile.linux | 8 ++++----
> + 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
> -index f1b2c90bb510..8b88f2b4811d 100644
> +index 4d536f84c7ba..8149af2f1ebc 100644
> --- a/pppd/Makefile.linux
> +++ b/pppd/Makefile.linux
> @@ -100,8 +100,8 @@ endif
> @@ -36,3 +36,12 @@ index f1b2c90bb510..8b88f2b4811d 100644
> CFLAGS += -DHAVE_CRYPT_H=1
> LIBS += -lcrypt
> endif
> +@@ -137,7 +137,7 @@ endif
> +
> + ifdef NEEDDES
> + ifndef USE_CRYPT
> +-CFLAGS += -I/usr/include/openssl
> ++CFLAGS += -I$(SYSROOT)/usr/include/openssl
> + LIBS += -lcrypto
> + else
> + CFLAGS += -DUSE_CRYPT=1
> diff --git a/patches/ppp-2.4.7/0031-pppd-make-the-self-made-configure-cross-aware.patch b/patches/ppp-2.4.7/0032-pppd-make-the-self-made-configure-cross-aware.patch
> similarity index 100%
> rename from patches/ppp-2.4.7/0031-pppd-make-the-self-made-configure-cross-aware.patch
> rename to patches/ppp-2.4.7/0032-pppd-make-the-self-made-configure-cross-aware.patch
> diff --git a/patches/ppp-2.4.7/series b/patches/ppp-2.4.7/series
> index 16d682fd7..5536c74bd 100644
> --- a/patches/ppp-2.4.7/series
> +++ b/patches/ppp-2.4.7/series
> @@ -29,6 +29,7 @@
> 0027-Fix-buffer-overflow-in-rc_mksid.patch
> 0028-Add-a-SONAME-to-the-pppd-binary.patch
> 0029-Fix-FTBFS-in-rp-pppoe.patch
> -0030-pppd-make-makefile-sysroot-aware.patch
> -0031-pppd-make-the-self-made-configure-cross-aware.patch
> -# f55804e4f06ed6ed1e5f0e3f1db50b6a - git-ptx-patches magic
> +0030-pppd-Use-openssl-for-the-DES-instead-of-the-libcrypt.patch
> +0031-pppd-make-makefile-sysroot-aware.patch
> +0032-pppd-make-the-self-made-configure-cross-aware.patch
> +# 14862aa54c0a02bd6c159c29bfe0847d - git-ptx-patches magic
> diff --git a/rules/ppp.in b/rules/ppp.in
> index 9f6a24ca8..b466c4d96 100644
> --- a/rules/ppp.in
> +++ b/rules/ppp.in
> @@ -9,7 +9,7 @@ menuconfig PPP
> select LIBC_RESOLV if PPP_PLUGINS
> select LIBC_CRYPT if PPP_NEEDS_CRYPT
> select LIBPCAP if PPP_FILTER
> - select OPENSSL if PPP_SRP
> + select OPENSSL if !PPP_NEEDS_CRYPT || PPP_SRP
> help
> Point-to-Point Protocol (PPP) - daemon
>
> @@ -73,7 +73,6 @@ config PPP_SHADOW
> config PPP_MS_CHAP
> bool
> prompt "MS-CHAP (Microsoft MS-CHAP authentication protocol)"
> - select PPP_NEEDS_CRYPT
> help
> support Micro$oft's MS-CHAP authentication protocol
>
> @@ -95,8 +94,8 @@ config PPP_MS_CBCP
>
> config PPP_NEEDS_CRYPT
> bool
> - # crypt() calls have slipped into pppd; se we enforce 'y' here until this is fixed upstream
> - default y
> + # this should default to 'y' for glibc < 2.28
> + default n
>
> config PPP_TDB
> bool
> @@ -105,7 +104,6 @@ config PPP_TDB
> menuconfig PPP_PLUGINS
> bool
> prompt "support plugins"
> - select PPP_NEEDS_CRYPT
> help
> If you want to use pppd to handle ADSL you must enable this entry
> (refer 'ppp over ethernet').
> diff --git a/rules/ppp.make b/rules/ppp.make
> index 46b1d14c9..08e32ccd9 100644
> --- a/rules/ppp.make
> +++ b/rules/ppp.make
> @@ -46,11 +46,15 @@ endif
> PPP_CONF_ENV := \
> TARGET_OS=Linux \
> TARGET_OS_VER=$(PPP_KERNEL_VERSION) \
> - TARGET_OS_ARCH=$(GENERIC_KERNEL_ARCH)
> + TARGET_OS_ARCH=$(GENERIC_KERNEL_ARCH) \
>
> PPP_MAKE_ENV := $(CROSS_ENV)
> PPP_MAKE_PAR := NO
>
> +ifndef PTXCONF_PPP_NEEDS_CRYPT
> +PPP_MAKE_ENV += NO_CRYPT_HACK=1
> +endif
> +
> #
> # path to where the shared library based plugins get installed
> # (and be searched at runtime)
> --
> 2.20.1
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
prev parent reply other threads:[~2019-01-18 9:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-09 23:32 Ladislav Michl
2019-01-18 9:26 ` Michael Olbrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190118092616.pv4a6icdhu5dag34@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox