!63 fix CVE-2024-58250

From: @eaglegai 
Reviewed-by: @xiangyu2020 
Signed-off-by: @xiangyu2020

backport-0027-Set-LIBDIR-for-RISCV.patch

@@ -10,92 +10,101 @@ an RISC-V host.
 
 Signed-off-by: whoisxxx <zhangxuzhou4@huawei.com>
 ---
- pppd/Makefile.linux                  | 2 +-
- pppd/plugins/Makefile.linux          | 2 +-
- pppd/plugins/pppoatm/Makefile.linux  | 2 +-
- pppd/plugins/pppol2tp/Makefile.linux | 2 +-
- pppd/plugins/radius/Makefile.linux   | 2 +-
- pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
- 6 files changed, 6 insertions(+), 6 deletions(-)
+rebased-by: laokz <zhangkai@iscas.ac.cn>
 
 diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index c1cf794..da8718d 100644
+index 07df6a7..7dd3a1b 100644
 --- a/pppd/Makefile.linux
 +++ b/pppd/Makefile.linux
-@@ -8,7 +8,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
+@@ -12,7 +12,11 @@ DESTDIR = $(INSTROOT)@DESTDIR@
  BINDIR = $(DESTDIR)/sbin
  MANDIR = $(DESTDIR)/share/man/man8
  INCDIR = $(DESTDIR)/include
--LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)
++ifeq ($(filter riscv64%,$(MAKE_HOST)),)
+ LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)
++else
 +LIBDIR = $(DESTDIR)/lib64
++endif
  
  TARGETS = pppd
  
 diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
-index cf73fa9..0ed5168 100644
+index f42d18c..958923f 100644
 --- a/pppd/plugins/Makefile.linux
 +++ b/pppd/plugins/Makefile.linux
-@@ -10,7 +10,7 @@ CFLAGS += -DUSE_EAPTLS=1
+@@ -5,7 +5,11 @@ COPTS=@CFLAGS@
  DESTDIR = $(INSTROOT)@DESTDIR@
  BINDIR = $(DESTDIR)/sbin
  MANDIR = $(DESTDIR)/share/man/man8
--LIBDIR = $(DESTDIR)/lib/$(shell $(CC) -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
++ifeq ($(filter riscv64%,$(MAKE_HOST)),)
+ LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
++else
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
++endif
  
- SUBDIRS := rp-pppoe pppoatm pppol2tp
- # Uncomment the next line to include the radius authentication plugin
+ CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
+ LDFLAGS_SHARED	= -shared
 diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
-index 1961e0e..a538eef 100644
+index 6387970..daaaa4e 100644
 --- a/pppd/plugins/pppoatm/Makefile.linux
 +++ b/pppd/plugins/pppoatm/Makefile.linux
-@@ -7,7 +7,7 @@ INSTALL	= install
- #***********************************************************************
+@@ -4,7 +4,11 @@ CC=$(CROSS_COMPILE)@CC@
+ COPTS=@CFLAGS@
  
  DESTDIR = $(INSTROOT)@DESTDIR@
--LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
++ifeq ($(filter riscv64%,$(MAKE_HOST)),)
+ LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
++else
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
++endif
  
  VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
  
+diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
+index 6cb8397..af5f9fb 100644
+--- a/pppd/plugins/pppoe/Makefile.linux
++++ b/pppd/plugins/pppoe/Makefile.linux
+@@ -19,7 +19,11 @@ COPTS=@CFLAGS@
+ DESTDIR = $(INSTROOT)@DESTDIR@
+ BINDIR = $(DESTDIR)/sbin
+ MANDIR = $(DESTDIR)/share/man/man8
++ifeq ($(filter riscv64%,$(MAKE_HOST)),)
+ LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
++else
++LIBDIR = $(DESTDIR)/lib64/pppd/$(PPPDVERSION)
++endif
+ 
+ PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+ 
 diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
-index 7b23b25..225a4a9 100644
+index e4442f9..d9ae2ca 100644
 --- a/pppd/plugins/pppol2tp/Makefile.linux
 +++ b/pppd/plugins/pppol2tp/Makefile.linux
-@@ -7,7 +7,7 @@ INSTALL	= install
- #***********************************************************************
+@@ -4,7 +4,11 @@ CC=$(CROSS_COMPILE)@CC@
+ COPTS=@CFLAGS@
  
- DESTDIR = $(INSTROOT)@DESTDIR@
--LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+ DESTDIR = $(INSTROOT)/@DESTDIR@
++ifeq ($(filter riscv64%,$(MAKE_HOST)),)
+ LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
++else
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
++endif
  
  VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
  
 diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
-index 2150332..ff0e8f3 100644
+index d2ef044..1ccc171 100644
 --- a/pppd/plugins/radius/Makefile.linux
 +++ b/pppd/plugins/radius/Makefile.linux
-@@ -5,7 +5,7 @@
+@@ -9,7 +9,11 @@ COPTS=@CFLAGS@
  
  DESTDIR = $(INSTROOT)@DESTDIR@
  MANDIR = $(DESTDIR)/share/man/man8
--LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
++ifeq ($(filter riscv64%,$(MAKE_HOST)),)
+ LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
++else
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
++endif
  
  VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
  
-diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
-index 5f79284..bd95832 100644
---- a/pppd/plugins/rp-pppoe/Makefile.linux
-+++ b/pppd/plugins/rp-pppoe/Makefile.linux
-@@ -17,7 +17,7 @@
- DESTDIR = $(INSTROOT)@DESTDIR@
- BINDIR = $(DESTDIR)/sbin
- MANDIR = $(DESTDIR)/share/man/man8
--LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
-+LIBDIR = $(DESTDIR)/lib64/pppd/$(PPPDVERSION)
- 
- PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
- 
--- 
-2.23.0
-

backport-CVE-2024-58250.patch

@@ -0,0 +1,166 @@
+From 0a66ad22e54c72690ec2a29a019767c55c5281fc Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Fri, 18 Oct 2024 20:22:57 +1100
+Subject: [PATCH] pppd: Remove passprompt plugin
+
+This is prompted by a number of factors:
+
+* It was more useful back in the dial-up days, but no-one uses dial-up
+  any more
+
+* In many cases there will be no terminal accessible to the prompter
+  program at the point where the prompter is run
+
+* The passwordfd plugin does much the same thing but does it more
+  cleanly and securely
+
+* The handling of privileges and file descriptors needs to be audited
+  thoroughly.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+---
+ pppd/plugins/Makefile.linux  |   6 +-
+ pppd/plugins/passprompt.c | 137 --------------------------------------
+ 2 files changed, 1 insertion(+), 142 deletions(-)
+ delete mode 100644 pppd/plugins/passprompt.c
+
+diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
+index 2826148c7..9480d51b4 100644
+--- a/pppd/plugins/Makefile.linux
++++ b/pppd/plugins/Makefile.linux
+@@ -21,7 +21,7 @@
+ SUBDIRS := pppoe pppoatm pppol2tp
+ # Uncomment the next line to include the radius authentication plugin
+ SUBDIRS += radius
+-PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so
++PLUGINS := minconn.so passwordfd.so winbind.so
+ 
+ # This setting should match the one in ../Makefile.linux
+ MPPE=y
+diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c
+deleted file mode 100644
+index ab9f390..0000000
+--- a/pppd/plugins/passprompt.c
++++ /dev/null
+@@ -1,119 +0,0 @@
+-/*
+- * passprompt.c - pppd plugin to invoke an external PAP password prompter
+- *
+- * Copyright 1999 Paul Mackerras, Alan Curry.
+- *
+- *  This program is free software; you can redistribute it and/or
+- *  modify it under the terms of the GNU General Public License
+- *  as published by the Free Software Foundation; either version
+- *  2 of the License, or (at your option) any later version.
+- */
+-#include <errno.h>
+-#include <unistd.h>
+-#include <sys/wait.h>
+-#include <syslog.h>
+-#include "pppd.h"
+-
+-char pppd_version[] = VERSION;
+-
+-static char promptprog[PATH_MAX+1];
+-static int promptprog_refused = 0;
+-
+-static option_t options[] = {
+-    { "promptprog", o_string, promptprog,
+-      "External PAP password prompting program",
+-      OPT_STATIC, NULL, PATH_MAX },
+-    { NULL }
+-};
+-
+-static int promptpass(char *user, char *passwd)
+-{
+-    int p[2];
+-    pid_t kid;
+-    int readgood, wstat;
+-    ssize_t red;
+-
+-    if (promptprog_refused || promptprog[0] == 0 || access(promptprog, X_OK) < 0)
+-	return -1;	/* sorry, can't help */
+-
+-    if (!passwd)
+-	return 1;
+-
+-    if (pipe(p)) {
+-	warn("Can't make a pipe for %s", promptprog);
+-	return 0;
+-    }
+-    if ((kid = fork()) == (pid_t) -1) {
+-	warn("Can't fork to run %s", promptprog);
+-	close(p[0]);
+-	close(p[1]);
+-	return 0;
+-    }
+-    if (!kid) {
+-	/* we are the child, exec the program */
+-	char *argv[5], fdstr[32];
+-	sys_close();
+-	closelog();
+-	close(p[0]);
+-	seteuid(getuid());
+-	setegid(getgid());
+-	argv[0] = promptprog;
+-	argv[1] = user;
+-	argv[2] = remote_name;
+-	sprintf(fdstr, "%d", p[1]);
+-	argv[3] = fdstr;
+-	argv[4] = 0;
+-	execv(*argv, argv);
+-	_exit(127);
+-    }
+-
+-    /* we are the parent, read the password from the pipe */
+-    close(p[1]);
+-    readgood = 0;
+-    do {
+-	red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood);
+-	if (red == 0)
+-	    break;
+-	if (red < 0) {
+-	    if (errno == EINTR && !got_sigterm)
+-		continue;
+-	    error("Can't read secret from %s: %m", promptprog);
+-	    readgood = -1;
+-	    break;
+-	}
+-	readgood += red;
+-    } while (readgood < MAXSECRETLEN - 1);
+-    close(p[0]);
+-
+-    /* now wait for child to exit */
+-    while (waitpid(kid, &wstat, 0) < 0) {
+-	if (errno != EINTR || got_sigterm) {
+-	    warn("error waiting for %s: %m", promptprog);
+-	    break;
+-	}
+-    }
+-
+-    if (readgood < 0)
+-	return 0;
+-    passwd[readgood] = 0;
+-    if (!WIFEXITED(wstat))
+-	warn("%s terminated abnormally", promptprog);
+-    if (WEXITSTATUS(wstat)) {
+-	    warn("%s exited with code %d", promptprog, WEXITSTATUS(wstat));
+-	    /* code when cancel was hit in the prompt prog */
+-	    if (WEXITSTATUS(wstat) == 128) {
+-	        promptprog_refused = 1;
+-	    }
+-	    return -1;
+-    }
+-    return 1;
+-}
+-
+-void plugin_init(void)
+-{
+-    add_options(options);
+-    pap_passwd_hook = promptpass;
+-#ifdef USE_EAPTLS
+-    eaptls_passwd_hook = promptpass;
+-#endif
+-}
+-- 
+2.33.0

backport-Fixing-up-parsing-in-radiusclient.conf.patch

@@ -0,0 +1,49 @@
+From 7f89208b860ea0c41636410bfdb6a609b2772f47 Mon Sep 17 00:00:00 2001
+From: Eivind Naess <eivnaes@yahoo.com>
+Date: Sun, 23 Apr 2023 11:37:01 -0700
+Subject: [PATCH] Closes #411, Fixing up parsing in radiusclient.conf
+
+Adding curly braces to fix the code.
+
+Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
+---
+ pppd/plugins/radius/config.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c
+index 39744fca1..e1a481487 100644
+--- a/pppd/plugins/radius/config.c
++++ b/pppd/plugins/radius/config.c
+@@ -235,24 +235,28 @@ int rc_read_config(char *filename)
+ 
+ 		switch (option->type) {
+ 			case OT_STR:
+-				 if (set_option_str(filename, line, option, p) < 0)
++				if (set_option_str(filename, line, option, p) < 0) {
+ 					fclose(configfd);
+ 					return (-1);
++				}
+ 				break;
+ 			case OT_INT:
+-				 if (set_option_int(filename, line, option, p) < 0)
++				if (set_option_int(filename, line, option, p) < 0) {
+ 					fclose(configfd);
+ 					return (-1);
++				}
+ 				break;
+ 			case OT_SRV:
+-				 if (set_option_srv(filename, line, option, p) < 0)
++				if (set_option_srv(filename, line, option, p) < 0) {
+ 					fclose(configfd);
+ 					return (-1);
++				}
+ 				break;
+ 			case OT_AUO:
+-				 if (set_option_auo(filename, line, option, p) < 0)
++				if (set_option_auo(filename, line, option, p) < 0) {
+ 					fclose(configfd);
+ 					return (-1);
++				}
+ 				break;
+ 			default:
+ 				fatal("rc_read_config: impossible case branch!");

backport-add-fclose-operation-to-fix-file-pointer-not-closed.patch

@@ -0,0 +1,84 @@
+From 883a65eee0ea9de6aa843614bc2a97bc1dd3ccd2 Mon Sep 17 00:00:00 2001
+From: Bmo <35866749+XWwalker@users.noreply.github.com>
+Date: Sat, 18 Mar 2023 06:20:43 +0800
+Subject: [PATCH] radius plugin: add fclose operation to fix file pointer not
+ closed after use (#401)
+
+Signed-off-by: Wei Xing <skyxwwalker@gmail.com>
+
+Co-authored-by: Wei Xing <skyxwwalker@gmail.com>
+
+Conflict: NA
+Reference: https://github.com/ppp-project/ppp/commit/883a65eee0ea9de6aa843614bc2a97bc1dd3ccd2
+
+---
+ pppd/plugins/radius/clientid.c | 2 ++
+ pppd/plugins/radius/config.c   | 6 ++++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/pppd/plugins/radius/clientid.c b/pppd/plugins/radius/clientid.c
+index b1bbc474..eea51650 100644
+--- a/pppd/plugins/radius/clientid.c
++++ b/pppd/plugins/radius/clientid.c
+@@ -68,6 +68,7 @@ int rc_read_mapfile(char *filename)
+ 
+ 			if ((p = (struct map2id_s *)malloc(sizeof(*p))) == NULL) {
+ 				novm("rc_read_mapfile");
++				fclose(mapfd);
+ 				return (-1);
+ 			}
+ 
+@@ -79,6 +80,7 @@ int rc_read_mapfile(char *filename)
+ 		} else {
+ 
+ 			error("rc_read_mapfile: malformed line in %s, line %d", filename, lnr);
++			fclose(mapfd);
+ 			return (-1);
+ 
+ 		}
+diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c
+index 47c172cc..39744fca 100644
+--- a/pppd/plugins/radius/config.c
++++ b/pppd/plugins/radius/config.c
+@@ -212,6 +212,7 @@ int rc_read_config(char *filename)
+ 
+ 		if ((pos = strcspn(p, "\t ")) == 0) {
+ 			error("%s: line %d: bogus format: %s", filename, line, p);
++			fclose(configfd);
+ 			return (-1);
+ 		}
+ 
+@@ -224,6 +225,7 @@ int rc_read_config(char *filename)
+ 
+ 		if (option->status != ST_UNDEF) {
+ 			error("%s: line %d: duplicate option line: %s", filename, line, p);
++			fclose(configfd);
+ 			return (-1);
+ 		}
+ 
+@@ -234,18 +236,22 @@ int rc_read_config(char *filename)
+ 		switch (option->type) {
+ 			case OT_STR:
+ 				 if (set_option_str(filename, line, option, p) < 0)
++					fclose(configfd);
+ 					return (-1);
+ 				break;
+ 			case OT_INT:
+ 				 if (set_option_int(filename, line, option, p) < 0)
++					fclose(configfd);
+ 					return (-1);
+ 				break;
+ 			case OT_SRV:
+ 				 if (set_option_srv(filename, line, option, p) < 0)
++					fclose(configfd);
+ 					return (-1);
+ 				break;
+ 			case OT_AUO:
+ 				 if (set_option_auo(filename, line, option, p) < 0)
++					fclose(configfd);
+ 					return (-1);
+ 				break;
+ 			default:
+
+
+

ppp.spec

@@ -1,6 +1,6 @@
 Name:           ppp
 Version:        2.4.9
-Release:        3
+Release:        8
 Summary:        The Point-to-Point Protocol
 
 License:        BSD and LGPLv2+ and GPLv2+ and Public Domain
@@ -43,11 +43,13 @@ Patch0013:      backport-0023-build-sys-install-rp-pppoe-plugin-files-with-stand
 Patch0014:      backport-0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
 Patch0015:      backport-ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
 Patch0016:      backport-ppp-2.4.9-configure-cflags-allow-commas.patch
-%ifarch riscv64 
-Patch0017:      0027-Set-LIBDIR-for-RISCV.patch
-%endif
+Patch0017:      backport-0027-Set-LIBDIR-for-RISCV.patch
 Patch0018:      backport-pppd-Negotiate-IP-address-when-only-peer-addresses-are-provided.patch
 Patch0019:      backport-CVE-2022-4603.patch
+Patch0020:      backport-add-fclose-operation-to-fix-file-pointer-not-closed.patch
+
+Patch0021:      backport-Fixing-up-parsing-in-radiusclient.conf.patch
+Patch0022:      backport-CVE-2024-58250.patch
 
 %description
 The Point-to-Point Protocol (PPP) provides a standard way to establish
@@ -143,6 +145,37 @@ mkdir -p %{buildroot}%{_rundir}/lock/ppp
 %{_mandir}/man8/*.8.gz
 
 %changelog
+* Tue Apr 29 2025 gaihuiying <eaglegai@163.com> - 2.4.9-8
+- Type:CVE
+- CVE:CVE-2024-58250
+- SUG:NA
+- DESC:fix CVE-2024-58250
+
+* Fri Feb 14 2025 gaihuiying <eaglegai@163.com> - 2.4.9-7
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport upstream
+       Fixing up parsing in radiusclient.conf
+
+* Mon Sep 11 2023 xingwei <xingwei14@h-partners.com> - 2.4.9-6
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:correct patch names and commit messages
+
+* Fri Mar 10 2023 xingwei <xingwei14@h-partners.com> - 2.4.9-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:add fclose operation to fix file pointer not closed after use
+
+* Tue Feb 28 2023 laokz <zhangkai@iscas.ac.cn> - 2.4.9-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix patch0017 for riscv64
+
 * Thu Dec 29 2022 gaihuiying <eaglegai@163.com> - 2.4.9-3
 - Type:cves
 - ID:NA