From 48e25c3690b898487c52397d68fb3b56efc50a45 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 25 Oct 2024 18:31:36 +0300 Subject: [PATCH] import ppp-2.5.0-12.el10 --- .gitignore | 2 + .ppp.metadata | 2 + SOURCES/ip-down | 18 + SOURCES/ip-down.ipv6to4 | 114 +++ SOURCES/ip-up | 17 + SOURCES/ip-up.ipv6to4 | 193 ++++ SOURCES/ipv6-down | 14 + SOURCES/ipv6-down.initscripts | 56 ++ SOURCES/ipv6-up | 15 + SOURCES/ipv6-up.initscripts | 99 +++ .../ppp-2.5.0-radiusclient-parser-fix.patch | 49 ++ ...ppp-2.5.0-use-change-resolv-function.patch | 51 ++ SOURCES/ppp-logrotate.conf | 10 + SOURCES/ppp-pam.conf | 5 + SOURCES/ppp-tmpfiles.conf | 1 + SPECS/ppp.spec | 825 ++++++++++++++++++ 16 files changed, 1471 insertions(+) create mode 100644 .gitignore create mode 100644 .ppp.metadata create mode 100644 SOURCES/ip-down create mode 100644 SOURCES/ip-down.ipv6to4 create mode 100644 SOURCES/ip-up create mode 100644 SOURCES/ip-up.ipv6to4 create mode 100644 SOURCES/ipv6-down create mode 100644 SOURCES/ipv6-down.initscripts create mode 100644 SOURCES/ipv6-up create mode 100644 SOURCES/ipv6-up.initscripts create mode 100644 SOURCES/ppp-2.5.0-radiusclient-parser-fix.patch create mode 100644 SOURCES/ppp-2.5.0-use-change-resolv-function.patch create mode 100644 SOURCES/ppp-logrotate.conf create mode 100644 SOURCES/ppp-pam.conf create mode 100644 SOURCES/ppp-tmpfiles.conf create mode 100644 SPECS/ppp.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..05406de --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/ppp-2.5.0.tar.gz +SOURCES/ppp-watch.tar.xz diff --git a/.ppp.metadata b/.ppp.metadata new file mode 100644 index 0000000..8506eae --- /dev/null +++ b/.ppp.metadata @@ -0,0 +1,2 @@ +014f13c3e9da059b263facb8095759dfb4f58fef SOURCES/ppp-2.5.0.tar.gz +74b6db205dc46fc179a2a3bc3d726ddfeb03c801 SOURCES/ppp-watch.tar.xz diff --git a/SOURCES/ip-down b/SOURCES/ip-down new file mode 100644 index 0000000..bfb0871 --- /dev/null +++ b/SOURCES/ip-down @@ -0,0 +1,18 @@ +#!/bin/bash +# This file should not be modified -- make local changes to +# /etc/ppp/ip-down.local instead + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +LOGDEVICE=$6 +REALDEVICE=$1 + +/etc/ppp/ip-down.ipv6to4 ${LOGDEVICE} + +[ -x /etc/ppp/ip-down.local ] && /etc/ppp/ip-down.local "$@" + +/etc/sysconfig/network-scripts/ifdown-post --realdevice ${REALDEVICE} \ + ifcfg-${LOGDEVICE} + +exit 0 diff --git a/SOURCES/ip-down.ipv6to4 b/SOURCES/ip-down.ipv6to4 new file mode 100644 index 0000000..29f1c64 --- /dev/null +++ b/SOURCES/ip-down.ipv6to4 @@ -0,0 +1,114 @@ +#!/bin/sh +# +# ip-down.ipv6to4 +# +# +# Taken from: +# (P) & (C) 2000-2005 by Peter Bieringer +# +# You will find more information on the initscripts-ipv6 homepage at +# http://www.deepspace6.net/projects/initscripts-ipv6.html +# +# Version 2005-09-22 +# +# Calling parameters: +# $1: interface name +# +# Called (mostly) by /etc/ppp/ip-down.local +# like: /etc/ppp/ip-down.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1 +# +# Note: this script will *check* whether the existing 6to4 tunnel +# was set before by using "ip-up.ipv6to4" comparing IPv4 address +# of device with the generated 6to4 prefix +# +# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# IPV6TO4INIT=yes|no: controls configuration +# IPV6TO4_ROUTING="-/ ...": information to setup additional interfaces +# +# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering +# IPV6_RADVD_PIDFILE=: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" +# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd (optional, default is SIGHUP) +# + + +if [ -z "$1" ]; then + echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization" + exit 1 +fi + +# Get global network configuration +. /etc/sysconfig/network + +# Source IPv4 helper functions +cd /etc/sysconfig/network-scripts +. ./network-functions + +CONFIG=$1 +[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG +source_config + +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=${DEVICE%%:*} +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 + +if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then + exit 1 +fi + +. /etc/sysconfig/network-scripts/network-functions-ipv6 + + +# Run basic IPv6 test, if not ok, skip IPv6 initialization +ipv6_test testonly || exit 0 + +# Test status of ppp device +ipv6_test_device_status $DEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi + +# Test status of tun6to4 device +ipv6_test_device_status tun6to4 +if [ $? = 0 -o $? = 11 ]; then + # Device exists + valid6to4config="yes" + + # Get IPv4 address from interface + ipv4addr="$(ipv6_get_ipv4addr_of_device $DEVICE)" + if [ -z "$ipv4addr" ]; then + # Has no IPv4 address + valid6to4config="no" + fi + + # Get local IPv4 address of dedicated tunnel + ipv4addr6to4local="$(ipv6_get_ipv4addr_of_tunnel tun6to4 local)" + + # IPv6to4 not enabled on this interface? + if [ $IPV6TO4INIT != "yes" ]; then + # Check against configured 6to4 tunnel to see if this interface was regardless used before + if [ "$ipv4addr" != "$ipv4addr6to4local" ]; then + # IPv4 address of interface does't match local tunnel address, interface was not used for current 6to4 setup + valid6to4config="no" + fi + fi + +fi + +if [ "$valid6to4config" = "yes" ]; then + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE + fi + + if [ -n "$IPV6TO4_ROUTING" ]; then + # Delete routes to local networks + for devsuf in $IPV6TO4_ROUTING; do + dev="${devsuf%%-*}" + ipv6_cleanup_6to4_device $dev + done + fi + + # Delete all configured 6to4 address + ipv6_cleanup_6to4_tunnels tun6to4 +fi diff --git a/SOURCES/ip-up b/SOURCES/ip-up new file mode 100644 index 0000000..e610674 --- /dev/null +++ b/SOURCES/ip-up @@ -0,0 +1,17 @@ +#!/bin/bash +# This file should not be modified -- make local changes to +# /etc/ppp/ip-up.local instead + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +LOGDEVICE=$6 +REALDEVICE=$1 + +[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post --realdevice ${REALDEVICE} ifcfg-${LOGDEVICE} + +/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE} + +[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@" + +exit 0 diff --git a/SOURCES/ip-up.ipv6to4 b/SOURCES/ip-up.ipv6to4 new file mode 100644 index 0000000..6a85bbb --- /dev/null +++ b/SOURCES/ip-up.ipv6to4 @@ -0,0 +1,193 @@ +#!/bin/sh +# +# ip-up.ipv6to4 +# +# +# Taken from: +# (P) & (C) 2000-2005 by Peter Bieringer +# +# You will find more information on the initscripts-ipv6 homepage at +# http://www.deepspace6.net/projects/initscripts-ipv6.html +# +# Version: 2005-09-22 +# +# Calling parameters: +# $1: interface name +# +# Called (mostly) by /etc/ppp/ip-up.local +# like: /etc/ppp/ip-up.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1 +# +# Note: this script will *kill* older still existing 6to4 tunnels regardless +# whether they were set before by another device +# +# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# IPV6TO4INIT=yes|no: controls configuration +# IPV6TO4_IPV4ADDR=: special local address for 6to4 tunneling (only needed behind a NAT gateway) +# IPV6TO4_RELAY=: remote 6to4 relay router address (default: 192.88.99.1) +# IPV6TO4_MTU=: controls IPv6 MTU for the 6to4 link (optional, default is MTU of interface - 20) +# IPV6TO4_ROUTING="-/ ...": information to setup additional interfaces +# Example: IPV6TO4_ROUTING="eth0-:f101::1/64 eth1-:f102::1/64" +# +# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering +# IPV6_RADVD_PIDFILE=: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" +# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd (optional, default is SIGHUP) +# +# Requirements +# radvd-0.6.2p3 or newer supporting option "Base6to4Interface" +# + + +if [ -z "$1" ]; then + echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization" + exit 1 +fi + +# Get global network configuration +. /etc/sysconfig/network + +# Source IPv4 helper functions +cd /etc/sysconfig/network-scripts +. ./network-functions + +CONFIG=$1 +[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG +source_config + +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=${DEVICE%%:*} +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 + +if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then + exit 1 +fi + +. /etc/sysconfig/network-scripts/network-functions-ipv6 + + +# Run basic IPv6 test (and make sure the ipv6 module will be loaded), if not ok, skip IPv6 initialization +ipv6_test || exit 1 + +# Setup of 6to4, if configured +valid6to4config="yes" +if [ "$IPV6TO4INIT" = "yes" ]; then + if [ -n "$IPV6TO4_IPV4ADDR" ]; then + # Take 6to4-dedicated configured IPv4 address from config file (precedence 1) + ipv4addr="$IPV6TO4_IPV4ADDR" + else + # Get IPv4 address from interface (precedence 2) + ipv4addr="$(ipv6_get_ipv4addr_of_device $DEVICE)" + if [ -z "$ipv4addr" ]; then + # Take configured IPv4 address of interface from config file (precedence 3) + ipv4addr="$IPADDR" + fi + fi + if [ -n "$ipv4addr" ]; then + # Test for non-global IPv4 address + if ! ipv6_test_ipv4_addr_global_usable $ipv4addr; then + net_log $"Given IPv4 address '$ipv4addr' is not globally usable" info + valid6to4config="no" + fi + else + net_log $"IPv6to4 configuration needs an IPv4 address on related interface or otherwise specified" info + valid6to4config="no" + fi + if [ -z "$IPV6TO4_RELAY" ]; then + IPV6TO4_RELAY="192.88.99.1" + fi + + # Check/generate relay address + ipv6to4_relay="$(ipv6_create_6to4_relay_address $IPV6TO4_RELAY)" + if [ $? -ne 0 ]; then + valid6to4config="no" + fi + + if [ "$valid6to4config" = "yes" ]; then + # Delete routes to local networks + for devsuf in $IPV6TO4_ROUTING; do + dev="${devsuf%%-*}" + ipv6_cleanup_6to4_device $dev + done + + # Cleanup all old data (needed, if "ip-down.ipv6to4" wasn't executed), delete all configured 6to4 address + ipv6_cleanup_6to4_tunnels tun6to4 + + # Get MTU of master device + ipv4mtu="$(/sbin/ip link show dev $DEVICE | awk '/\/ { print $5 }')" + if [ -n "$ipv4mtu" ]; then + # IPv6 tunnel MTU is IPv4 MTU minus 20 for IPv4 header + tunnelmtu=$[ $ipv4mtu - 20 ] + fi + + if [ -n "$IPV6TO4_MTU" ]; then + if [ $IPV6TO4_MTU -gt $tunnelmtu ]; then + net_log $"Warning: configured MTU '$IPV6TO4_MTU' for 6to4 exceeds maximum limit of '$tunnelmtu', ignored" warning + else + tunnelmtu=$IPV6TO4_MTU + fi + fi + + # Setup new data + ipv6_add_6to4_tunnel tun6to4 $ipv4addr "" $tunnelmtu || exit 1 + + # Add route to for compatible addresses (removed later again) + ipv6_add_route "::/96" "::" tun6to4 + + # Add default route, if device matches + if [ "$IPV6_DEFAULTDEV" = "tun6to4" ]; then + if [ -n "$IPV6_DEFAULTGW" ]; then + net_log $"Warning: interface 'tun6to4' does not support 'IPV6_DEFAULTGW', ignored" warning + fi + ipv6_set_default_route $ipv6to4_relay tun6to4 + fi + + # Add static routes + if [ -f /etc/sysconfig/static-routes-ipv6 ]; then + LC_ALL=C grep -w "^tun6to4" /etc/sysconfig/static-routes-ipv6 | while read device network gateway; do + if [ -z "$network" ]; then + continue + fi + if [ -z "$gateway" ]; then + gateway="$ipv6to4_relay" + fi + ipv6_add_route $network $gateway tun6to4 + done + fi + + # Setup additional static IPv6 routes (newer config style) + if [ -f "/etc/sysconfig/network-scripts/route6-tun6to4" ]; then + sed -ne 's/#.*//' -e '/[^[:space:]]/p' /etc/sysconfig/network-scripts/route6-tun6to4 | while read line; do + if echo "$line" | grep -vq 'via'; then + # Add gateway if missing + line="$line via $ipv6to4_relay" + fi + /sbin/ip -6 route add $line + done + fi + + # Cleanup autmatically generated autotunnel (not needed for 6to4) + /sbin/ip -6 route del ::/96 dev tun6to4 + /sbin/ip -6 addr del tun6to4 "::$ipv4addr/128" dev tun6to4 + + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE + + if [ -n "$IPV6TO4_ROUTING" ]; then + # Generate 6to4 address + ipv6to4prefix="$(ipv6_create_6to4_prefix $ipv4addr)" + if [ -n "$ipv6to4prefix" ]; then + # Add IPv6 address to interface (required interface route will be set automatically) + for devsuf in $IPV6TO4_ROUTING; do + dev="${devsuf%%-*}" + suf="$(echo $devsuf | awk -F- '{ print $2 }')" + ipv6_add_addr_on_device ${dev} ${ipv6to4prefix}${suf} + done + else + net_log $"Error occurred while calculating the IPv6to4 prefix" + fi + else + net_log $"radvd control enabled, but config is not complete" + fi + fi + fi +fi diff --git a/SOURCES/ipv6-down b/SOURCES/ipv6-down new file mode 100644 index 0000000..36e0c5f --- /dev/null +++ b/SOURCES/ipv6-down @@ -0,0 +1,14 @@ +#!/bin/sh +# +# ipv6-down +# +# Called by pppd after IPV6CP/down was finished +# +# This file should not be modified -- make local changes to +# /etc/ppp/ipv6-down.local instead + +[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] && /etc/ppp/ipv6-down.initscripts "$@" + +[ -x /etc/ppp/ipv6-down.local ] && /etc/ppp/ipv6-down.local "$@" + +exit 0 diff --git a/SOURCES/ipv6-down.initscripts b/SOURCES/ipv6-down.initscripts new file mode 100644 index 0000000..c8f228f --- /dev/null +++ b/SOURCES/ipv6-down.initscripts @@ -0,0 +1,56 @@ +#!/bin/sh +# +# +# Taken from: +# (P) & (C) 2001-2006 by Peter Bieringer +# +# You will find more information on the initscripts-ipv6 homepage at +# http://www.deepspace6.net/projects/initscripts-ipv6.html +# +# RHL integration assistance by Pekka Savola +# +# Calling parameters: +# $1: interface name +# $6: logical interface name (set by pppd option ipparam) +# +# Version 2006-08-02 +# +# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# IPV6INIT=yes|no: controls IPv6 configuration for this interface +# +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +LOGDEVICE=$6 +REALDEVICE=$1 + +[ -f /etc/sysconfig/network ] || exit 0 +. /etc/sysconfig/network + +cd /etc/sysconfig/network-scripts +. ./network-functions + +CONFIG=$LOGDEVICE +[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG +source_config + +[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1 +. /etc/sysconfig/network-scripts/network-functions-ipv6 + +if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE +fi + +# IPv6 test, no module loaded, exit if system is not IPv6-ready +ipv6_test testonly || exit 0 + +# Test device status +ipv6_test_device_status $REALDEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi + +# Delete all current configured IPv6 addresses on this interface +ipv6_cleanup_device $REALDEVICE diff --git a/SOURCES/ipv6-up b/SOURCES/ipv6-up new file mode 100644 index 0000000..623631a --- /dev/null +++ b/SOURCES/ipv6-up @@ -0,0 +1,15 @@ +#!/bin/bash +# +# ipv6-up +# +# Called by pppd after IPV6CP/up was finished +# +# This file should not be modified -- make local changes to +# /etc/ppp/ipv6-up.local instead +# + +[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] && /etc/ppp/ipv6-up.initscripts "$@" + +[ -x /etc/ppp/ipv6-up.local ] && /etc/ppp/ipv6-up.local "$@" + +exit 0 diff --git a/SOURCES/ipv6-up.initscripts b/SOURCES/ipv6-up.initscripts new file mode 100644 index 0000000..98d6d63 --- /dev/null +++ b/SOURCES/ipv6-up.initscripts @@ -0,0 +1,99 @@ +#!/bin/sh +# Taken from: +# (P) & (C) 2001-2006 by Peter Bieringer +# +# You will find more information on the initscripts-ipv6 homepage at +# http://www.deepspace6.net/projects/initscripts-ipv6.html +# +# RHL integration assistance by Pekka Savola +# +# Calling parameters: +# $1: interface name +# $6: logical interface name (set by pppd option ipparam) +# +# +# Version: 2006-08-02 +# +# Uses following information from "/etc/sysconfig/network": +# IPV6_DEFAULTDEV=: controls default route (optional) +# +# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1": +# IPV6INIT=yes|no: controls IPv6 configuration for this interface +# IPV6ADDR=[/]: specify primary static IPv6 address +# IPV6ADDR_SECONDARIES="[/] ..." (optional) +# IPV6_MTU=: controls IPv6 MTU for this link (optional) +# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +LOGDEVICE=$6 +REALDEVICE=$1 + +[ -f /etc/sysconfig/network ] || exit 0 +. /etc/sysconfig/network + +cd /etc/sysconfig/network-scripts +. ./network-functions +. ./network-functions-ipv6 + +CONFIG=$LOGDEVICE +[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG +source_config + +# Test whether IPv6 configuration is disabled for this interface +[[ "$IPV6INIT" = [nN0]* ]] && exit 0 + +[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1 +. /etc/sysconfig/network-scripts/network-functions-ipv6 + +# IPv6 test, module loaded, exit if system is not IPv6-ready +ipv6_test || exit 1 + +# Test device status +ipv6_test_device_status $REALDEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi + +# Setup IPv6 address on specified interface +if [ -n "$IPV6ADDR" ]; then + ipv6_add_addr_on_device $REALDEVICE $IPV6ADDR || exit 1 +fi + +# Set IPv6 MTU, if given +if [ -n "$IPV6_MTU" ]; then + ipv6_set_mtu $REALDEVICE $IPV6_MTU +fi + +# Setup additional IPv6 addresses from list, if given +if [ -n "$IPV6ADDR_SECONDARIES" ]; then + for ipv6addr in $IPV6ADDR_SECONDARIES; do + ipv6_add_addr_on_device $REALDEVICE $ipv6addr + done +fi + +# Setup default IPv6 route through device +if [ "$IPV6_DEFAULTDEV" = "$LOGDEVICE" ]; then + ipv6_set_default_route "" "$REALDEVICE" "$REALDEVICE" +fi + +# Setup additional static IPv6 routes on specified interface, if given +if [ -f /etc/sysconfig/static-routes-ipv6 ]; then + LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do + ipv6_add_route $args $REALDEVICE + done +fi + +# Setup additional static IPv6 routes (newer config style) +if [ -f "/etc/sysconfig/network-scripts/route6-$DEVICE" ]; then + sed -ne 's/#.*//' -e '/[^[:space:]]/p' "/etc/sysconfig/network-scripts/route6-$DEVICE" | while read line; do + /sbin/ip -6 route add $line + done +fi + +if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE +fi diff --git a/SOURCES/ppp-2.5.0-radiusclient-parser-fix.patch b/SOURCES/ppp-2.5.0-radiusclient-parser-fix.patch new file mode 100644 index 0000000..a898e25 --- /dev/null +++ b/SOURCES/ppp-2.5.0-radiusclient-parser-fix.patch @@ -0,0 +1,49 @@ +From 7f89208b860ea0c41636410bfdb6a609b2772f47 Mon Sep 17 00:00:00 2001 +From: Eivind Naess +Date: Sun, 23 Apr 2023 11:37:01 -0700 +Subject: [PATCH] Closes #411, Fixing up parsing in radiusclient.conf + +Adding curly braces to fix the code. + +Signed-off-by: Eivind Naess +--- + pppd/plugins/radius/config.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c +index 39744fca1..e1a481487 100644 +--- a/pppd/plugins/radius/config.c ++++ b/pppd/plugins/radius/config.c +@@ -235,24 +235,28 @@ int rc_read_config(char *filename) + + switch (option->type) { + case OT_STR: +- if (set_option_str(filename, line, option, p) < 0) ++ if (set_option_str(filename, line, option, p) < 0) { + fclose(configfd); + return (-1); ++ } + break; + case OT_INT: +- if (set_option_int(filename, line, option, p) < 0) ++ if (set_option_int(filename, line, option, p) < 0) { + fclose(configfd); + return (-1); ++ } + break; + case OT_SRV: +- if (set_option_srv(filename, line, option, p) < 0) ++ if (set_option_srv(filename, line, option, p) < 0) { + fclose(configfd); + return (-1); ++ } + break; + case OT_AUO: +- if (set_option_auo(filename, line, option, p) < 0) ++ if (set_option_auo(filename, line, option, p) < 0) { + fclose(configfd); + return (-1); ++ } + break; + default: + fatal("rc_read_config: impossible case branch!"); diff --git a/SOURCES/ppp-2.5.0-use-change-resolv-function.patch b/SOURCES/ppp-2.5.0-use-change-resolv-function.patch new file mode 100644 index 0000000..30a07fe --- /dev/null +++ b/SOURCES/ppp-2.5.0-use-change-resolv-function.patch @@ -0,0 +1,51 @@ +diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add +index b93590e..8889cb6 100644 +--- a/scripts/ip-down.local.add ++++ b/scripts/ip-down.local.add +@@ -9,12 +9,13 @@ + # + # Nick Walker (nickwalker@email.com) + # ++. /etc/sysconfig/network-scripts/network-functions + + if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then + if [ -f /etc/ppp/resolv.prev ]; then +- cp -f /etc/ppp/resolv.prev /etc/resolv.conf ++ change_resolv_conf /etc/ppp/resolv.prev + else +- rm -f /etc/resolv.conf ++ change_resolv_conf + fi + fi + +diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add +index 8017209..5ced496 100644 +--- a/scripts/ip-up.local.add ++++ b/scripts/ip-up.local.add +@@ -9,16 +9,22 @@ + # + # Nick Walker (nickwalker@email.com) + # ++. /etc/sysconfig/network-scripts/network-functions + + if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then + rm -f /etc/ppp/resolv.prev + if [ -f /etc/resolv.conf ]; then + cp /etc/resolv.conf /etc/ppp/resolv.prev +- grep domain /etc/ppp/resolv.prev > /etc/resolv.conf +- grep search /etc/ppp/resolv.prev >> /etc/resolv.conf +- cat /etc/ppp/resolv.conf >> /etc/resolv.conf ++ rscf=/etc/ppp/resolv.new ++ grep domain /etc/ppp/resolv.prev > $rscf ++ grep search /etc/ppp/resolv.prev >> $rscf ++ if [ -f /etc/ppp/resolv.conf ]; then ++ cat /etc/ppp/resolv.conf >> $rscf ++ fi ++ change_resolv_conf $rscf ++ rm -f $rscf + else +- cp /etc/ppp/resolv.conf /etc ++ change_resolv_conf /etc/ppp/resolv.conf + fi + fi + diff --git a/SOURCES/ppp-logrotate.conf b/SOURCES/ppp-logrotate.conf new file mode 100644 index 0000000..7a72979 --- /dev/null +++ b/SOURCES/ppp-logrotate.conf @@ -0,0 +1,10 @@ +# Logrotate file for ppp RPM + +/var/log/ppp/connect-errors { + missingok + compress + notifempty + daily + rotate 5 + create 0600 root root +} diff --git a/SOURCES/ppp-pam.conf b/SOURCES/ppp-pam.conf new file mode 100644 index 0000000..968e252 --- /dev/null +++ b/SOURCES/ppp-pam.conf @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth include password-auth +account required pam_nologin.so +account include password-auth +session include password-auth diff --git a/SOURCES/ppp-tmpfiles.conf b/SOURCES/ppp-tmpfiles.conf new file mode 100644 index 0000000..a48a271 --- /dev/null +++ b/SOURCES/ppp-tmpfiles.conf @@ -0,0 +1 @@ +d /run/pppd/lock 0755 root root diff --git a/SPECS/ppp.spec b/SPECS/ppp.spec new file mode 100644 index 0000000..9c1b9f0 --- /dev/null +++ b/SPECS/ppp.spec @@ -0,0 +1,825 @@ +%global _hardened_build 1 + +Name: ppp +# Please be careful when bumping the ppp version. Several packages +# have version-tied dependencies on it, including NetworkManager-ppp +# (from NetworkManager) and NetworkManager-pptp , which are core +# packages. They may need code changes to build against new ppp +# versions. Please only bump ppp on a side tag and ensure it also +# contains rebuilds of at least those two packages before merging. +# Several other less important packages are also tied to the ppp +# version, as of 2023-04-19 the list is: +# NetworkManager-fortisslvpn +# NetworkManager-l2tp +# NetworkManager-ppp +# NetworkManager-pptp +# NetworkManager-sstp +# sstp-client +# These all need to be patched (if necessary) and rebuilt for new +# versions of ppp. +Version: 2.5.0 +Release: 12%{?dist} +Summary: The Point-to-Point Protocol daemon +License: bsd-3-clause AND zlib AND licenseref-fedora-public-domain AND bsd-attribution-hpnd-disclaimer AND bsd-4.3tahoe AND bsd-4-clause-uc AND apache-2.0 AND lgpl-2.0-or-later AND (gpl-2.0-or-later OR bsd-2-clause OR bsd-3-clause OR bsd-4-clause) AND gpl-2.0-or-later AND xlock AND gpl-1.0-or-later AND mackerras-3-clause-acknowledgment AND mackerras-3-clause AND hpnd-fenneberg-Livingston AND sun-ppp AND hpnd-inria-imag AND sun-ppp-2000 +URL: http://www.samba.org/ppp + +Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz +Source1: ppp-pam.conf +Source2: ppp-logrotate.conf +Source3: ppp-tmpfiles.conf +Source4: ip-down +Source5: ip-down.ipv6to4 +Source6: ip-up +Source7: ip-up.ipv6to4 +Source8: ipv6-down +Source9: ipv6-up +Source12: ppp-watch.tar.xz +Source13: ipv6-up.initscripts +Source14: ipv6-down.initscripts + +# Fedora-specific +Patch0: ppp-2.5.0-use-change-resolv-function.patch + +# https://github.com/ppp-project/ppp/commit/7f89208b860ea0c41636410bfdb6a609b2772f47 +Patch1: ppp-2.5.0-radiusclient-parser-fix.patch + +BuildRequires: libtool +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: make +BuildRequires: gcc +BuildRequires: pam-devel +BuildRequires: libpcap-devel +BuildRequires: systemd +BuildRequires: systemd-devel +BuildRequires: glib2-devel +BuildRequires: openssl-devel +%if %{defined rhel} +Provides: bundled(linux-atm) = 2.4.1 +%else +BuildRequires: linux-atm-libs-devel +%endif + +Requires: glibc >= 2.0.6 +Requires: /etc/pam.d/system-auth +Requires: libpcap >= 14:0.8.3-6 +Requires: systemd +Requires(pre): /usr/bin/getent +Requires(pre): /usr/sbin/groupadd + +# Subpackage removed and obsoleted in F40 +Obsoletes: network-scripts-ppp < %{version}-%{release} + +%description +The ppp package contains the PPP (Point-to-Point Protocol) daemon and +documentation for PPP support. The PPP protocol provides a method for +transmitting datagrams over serial point-to-point links. PPP is +usually used to dial in to an ISP (Internet Service Provider) or other +organization over a modem and phone line. + +%package devel +Summary: Headers for ppp plugin development +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconf-pkg-config + +%description devel +This package contains the header files for building plugins for ppp. + +%prep +%autosetup -p1 -n %{name}-%{name}-%{version} + +tar -xJf %{SOURCE12} + +%build +autoreconf -fi +export CFLAGS="%{build_cflags} -fno-strict-aliasing" +%configure --enable-systemd --enable-cbcp --with-pam --disable-openssl-engine +%make_build +%make_build -C ppp-watch LDFLAGS="%{?build_ldflags} -pie" + +%install +%make_install +find scripts -type f | xargs chmod a-x +make ROOT=%{buildroot} -C ppp-watch install + +# create log files dir +install -d %{buildroot}%{_localstatedir}/log/ppp + +# install pam config +install -d %{buildroot}%{_sysconfdir}/pam.d +install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ppp + +# install logrotate script +install -d %{buildroot}%{_sysconfdir}/logrotate.d +install -m 644 -p %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/ppp + +# install tmpfiles drop-in +install -d %{buildroot}%{_tmpfilesdir} +install -m 644 -p %{SOURCE3} %{buildroot}%{_tmpfilesdir}/ppp.conf + +# install scripts (previously owned by initscripts package) +install -d %{buildroot}%{_sysconfdir}/ppp +install -p %{SOURCE4} %{buildroot}%{_sysconfdir}/ppp/ip-down +install -p %{SOURCE5} %{buildroot}%{_sysconfdir}/ppp/ip-down.ipv6to4 +install -p %{SOURCE6} %{buildroot}%{_sysconfdir}/ppp/ip-up +install -p %{SOURCE7} %{buildroot}%{_sysconfdir}/ppp/ip-up.ipv6to4 +install -p %{SOURCE8} %{buildroot}%{_sysconfdir}/ppp/ipv6-down +install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/ppp/ipv6-up +install -p %{SOURCE13} %{buildroot}%{_sysconfdir}/ppp/ipv6-down.initscripts +install -p %{SOURCE14} %{buildroot}%{_sysconfdir}/ppp/ipv6-up.initscripts + +# ghosts +mkdir -p %{buildroot}%{_rundir}/pppd/lock + +%pre +/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || : + +%post +%tmpfiles_create ppp.conf + +%files +%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls +%{_sbindir}/chat +%{_sbindir}/pppd +%{_sbindir}/pppdump +%{_sbindir}/pppoe-discovery +%{_sbindir}/pppstats +%{_sbindir}/ppp-watch +%dir %{_sysconfdir}/ppp +%{_sysconfdir}/ppp/ip-up +%{_sysconfdir}/ppp/ip-down +%{_sysconfdir}/ppp/ip-up.ipv6to4 +%{_sysconfdir}/ppp/ip-down.ipv6to4 +%{_sysconfdir}/ppp/ipv6-up +%{_sysconfdir}/ppp/ipv6-up.initscripts +%{_sysconfdir}/ppp/ipv6-down +%{_sysconfdir}/ppp/ipv6-down.initscripts +%{_sysconfdir}/ppp/openssl.cnf +%{_mandir}/man8/chat.8* +%{_mandir}/man8/pppd.8* +%{_mandir}/man8/pppdump.8* +%{_mandir}/man8/pppd-radattr.8* +%{_mandir}/man8/pppd-radius.8* +%{_mandir}/man8/pppstats.8* +%{_mandir}/man8/pppoe-discovery.8* +%{_mandir}/man8/ppp-watch.8* +%{_libdir}/pppd +%ghost %dir %{_rundir}/pppd +%ghost %dir %{_rundir}/pppd/lock +%dir %{_sysconfdir}/logrotate.d +%attr(700, root, root) %dir %{_localstatedir}/log/ppp +%config(noreplace) %{_sysconfdir}/ppp/eaptls-client +%config(noreplace) %{_sysconfdir}/ppp/eaptls-server +%config(noreplace) %{_sysconfdir}/ppp/chap-secrets +%config(noreplace) %{_sysconfdir}/ppp/options +%config(noreplace) %{_sysconfdir}/ppp/pap-secrets +%config(noreplace) %{_sysconfdir}/pam.d/ppp +%config(noreplace) %{_sysconfdir}/logrotate.d/ppp +%{_tmpfilesdir}/ppp.conf + +%files devel +%{_includedir}/pppd +%doc PLUGINS +%{_libdir}/pkgconfig/pppd.pc + +%changelog +* Fri Oct 25 2024 MSVSphere Packaging Team - 2.5.0-12 +- Rebuilt for MSVSphere 10 + +* Thu Jun 27 2024 Jaroslav Škarvada - 2.5.0-12 +- Fixed radiusclient parser + Resolves: RHEL-44665 + +* Mon Jun 24 2024 Troy Dawson - 2.5.0-11 +- Bump release for June 2024 mass rebuild + +* Wed Jun 12 2024 Jaroslav Škarvada - 2.5.0-10 +- Openssl engine API is deprecated for a while thus disable it + Resolves: RHEL-33746 + +* Thu May 9 2024 Jaroslav Škarvada - 2.5.0-9 +- Pre-created upstream default lock dir + Resolves: RHEL-35977 + +* Sun Apr 14 2024 Jaroslav Škarvada - 2.5.0-8 +- Added missing and recently approved SPDX licenses + +* Wed Feb 21 2024 Kalev Lember - 2.5.0-7 +- Obsolete dropped network-scripts-ppp subpackage + +* Tue Feb 13 2024 Jaroslav Škarvada - 2.5.0-6 +- Dropped network scripts + +* Wed Jan 24 2024 Jaroslav Škarvada - 2.5.0-5 +- Converted license to SPDX + +* Sun Jan 21 2024 Fedora Release Engineering - 2.5.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Tue Jul 25 2023 Yaakov Selkowitz - 2.5.0-3 +- Use bundled ATM in RHEL builds + +* Fri Jul 21 2023 Fedora Release Engineering - 2.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Apr 13 2023 Jaroslav Škarvada - 2.5.0-1 +- New version + Resolves: rhbz#2184291 + +* Fri Jan 20 2023 Fedora Release Engineering - 2.4.9-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Fri Jul 22 2022 Fedora Release Engineering - 2.4.9-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Apr 05 2022 Marcin Zajaczkowski - 2.4.9-7 +- Backport patches from master for SSTP to connect using EAP-TLS to Azure VnetGWay and Windows RAS server + +* Fri Jan 21 2022 Fedora Release Engineering - 2.4.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Sep 14 2021 Sahana Prasad - 2.4.9-5 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Fedora Release Engineering - 2.4.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Mar 8 2021 Jaroslav Škarvada - 2.4.9-3 +- Keep lock files in /var/lock (https://github.com/ppp-project/ppp/pull/227) + +* Wed Jan 27 2021 Fedora Release Engineering - 2.4.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 5 2021 Jaroslav Škarvada - 2.4.9-1 +- New version + Resolves: rhbz#1912617 + +* Mon Aug 10 2020 Jaroslav Škarvada - 2.4.8-8 +- Added workaround for Windows Server 2019 + Resolves: rhbz#1867047 + +* Tue Jul 28 2020 Fedora Release Engineering - 2.4.8-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu May 21 2020 Jaroslav Škarvada - 2.4.8-6 +- Added missing options to man pages + +* Tue Apr 7 2020 Jaroslav Škarvada - 2.4.8-5 +- Updated EAP-TLS patch to v1.300 + +* Mon Apr 6 2020 Jaroslav Škarvada - 2.4.8-4 +- Updated EAP-TLS patch to v1.201 + +* Fri Feb 28 2020 Tom Stellard - 2.4.8-3 +- Use make_build macro +- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make + +* Wed Feb 26 2020 Jaroslav Škarvada - 2.4.8-2 +- Fixed ghost directories verification + +* Fri Feb 21 2020 Jaroslav Škarvada - 2.4.8-1 +- New version +- Changed sources to github +- Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h, + ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags, + ppp-2.4.7-coverity-scan-fixes patches (all upstreamed) +- Fixed buffer overflow in the eap_request and eap_response functions + Resolves: CVE-2020-8597 + +* Thu Jan 30 2020 Fedora Release Engineering - 2.4.7-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 2.4.7-32 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Feb 02 2019 Fedora Release Engineering - 2.4.7-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 14 2019 Björn Esser - 2.4.7-30 +- Rebuilt for libcrypt.so.2 (#1666033) + +* Mon Dec 3 2018 Jaroslav Škarvada - 2.4.7-29 +- Fixed some issues found by coverity scan + +* Tue Nov 20 2018 Jaroslav Škarvada - 2.4.7-28 +- Fixed network scripts related regression caused by release 26 + +* Mon Nov 5 2018 Jaroslav Škarvada - 2.4.7-27 +- Updated EAP-TLS patch to v1.102 + +* Tue Jul 24 2018 Lubomir Rintel - 2.4.7-26 +- Split out the network-scripts + +* Fri Jul 13 2018 Fedora Release Engineering - 2.4.7-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Sat Jun 30 2018 Peter Robinson 2.4.7-24 +- Remove group/defattr, minor spec cleanups + +* Wed Jun 20 2018 Jaroslav Škarvada - 2.4.7-23 +- Replaced initscripts requirement by the network-scripts + Resolves: rhbz#1592384 + +* Tue Jun 5 2018 Jaroslav Škarvada - 2.4.7-22 +- Updated EAP-TLS patch to v1.101 + Resolves: CVE-2018-11574 + +* Mon Apr 9 2018 Jaroslav Škarvada - 2.4.7-21 +- Link with -E not to break plugins + Resolves: rhbz#1564459 + +* Fri Apr 6 2018 Jaroslav Škarvada - 2.4.7-20 +- Also build all DSOs with distro's LDFLAGS + Related: rhbz#1563157 + +* Wed Apr 4 2018 Jaroslav Škarvada - 2.4.7-19 +- Build with distro's LDFLAGS + Resolves: rhbz#1563157 + +* Tue Mar 27 2018 Jaroslav Škarvada - 2.4.7-18 +- Used openssl for the DES instead of the libcrypt / glibc + Resolves: rhbz#1556132 + +* Fri Feb 09 2018 Igor Gnatenko - 2.4.7-17 +- Escape macros in %%changelog + +* Fri Feb 09 2018 Fedora Release Engineering - 2.4.7-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 2.4.7-15 +- Rebuilt for switch to libxcrypt + +* Mon Aug 21 2017 Jaroslav Škarvada - 2.4.7-14 +- EAP-TLS patch updated to version 0.999 +- Switched to openssl-1.1 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.4.7-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 2.4.7-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 2.4.7-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Dec 10 2016 Lubomir Rintel - 2.4.7-10 +- Fix FTBFS + +* Thu Feb 04 2016 Fedora Release Engineering - 2.4.7-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 2.4.7-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Feb 09 2015 Michal Sekletar - 2.4.7-7 +- prevent running into issues caused by undefined behavior (pointers of incompatible types aliasing the same object) + +* Wed Dec 10 2014 Michal Sekletar - 2.4.7-6 +- fix logical expression in eap_client_active macro (#1023620) + +* Wed Nov 19 2014 Michal Sekletar - 2.4.7-5 +- don't mark logrotate config as executable (#1164435) + +* Tue Sep 2 2014 Peter Robinson 2.4.7-4 +- devel package should depend on base package as per guidelines + +* Tue Aug 19 2014 Michal Sekletar - 2.4.7-3 +- don't mark tmpfiles dropin as executable (#1131293) + +* Sun Aug 17 2014 Fedora Release Engineering - 2.4.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Aug 11 2014 Michal Sekletar - 2.4.7-1 +- rebase to 2.4.7. Includes fix for CVE-2014-3158 (#1128716) + +* Fri Jun 20 2014 Michal Sekletar - 2.4.6-6 +- version 0.997 of EAP-TLS patch + +* Sat Jun 07 2014 Fedora Release Engineering - 2.4.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 16 2014 Michal Sekletar - 2.4.6-4 +- move ppp initscripts to ppp package (#1088220) + +* Mon Apr 14 2014 Michal Sekletar - 2.4.6-3 +- don't require perl and expect (#1086846) + +* Thu Apr 10 2014 Michal Sekletar - 2.4.6-2 +- rebase to 2.4.6 + +* Thu Aug 01 2013 Michal Sekletar - 2.4.5-33 +- fix post installation scriptlet + +* Fri Jul 12 2013 Michal Sekletar - 2.4.5-32 +- don't ship /var/lock/ppp in rpm payload and create it in %%post instead +- fix installation of tmpfiles.d configuration +- enable hardened build +- fix bogus dates in changelog +- compile all binaries with hardening flags + +* Thu Jul 04 2013 Michal Sekletar - 2.4.5-31 +- fix possible NULL pointer dereferencing + +* Wed May 29 2013 Michal Sekletar - 2.4.5-30 +- make radius plugin config parser less strict +- resolves : #906913 + +* Wed Mar 20 2013 Michal Sekletar - 2.4.5-29 +- Add creation of dip system group + +* Wed Mar 20 2013 Michal Sekletar - 2.4.5-28 +- Add /etc/logrotate.d to files section since we no longer hard depend on logrotate + +* Wed Mar 20 2013 Michal Sekletar - 2.4.5-27 +- Don't hard depend on logrotate + +* Thu Feb 14 2013 Fedora Release Engineering - 2.4.5-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 12 2012 Michal Sekletar - 2.4.5-25 +- Resolves: #840190 - install configuration file in /usr/lib/tmpfiles.d + +* Tue Sep 11 2012 Michal Sekletar - 2.4.5-24 +- Removed unnecessary dependency on systemd-unit + +* Sat Jul 21 2012 Fedora Release Engineering - 2.4.5-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue May 29 2012 Michal Sekletar +- Resolves: #817011 - fixed ppp-2.4.5-eaptls-mppe-0.99 patch, added variable definition + +* Mon May 21 2012 Michal Sekletar +- Resolves: #817013 - fixed support for multilink channels in pppol2tp plugin + +* Thu May 17 2012 Michal Sekletar +- Resolves: #771340 - fixed compilation of pppd without USE_EAPTLS + +* Sat Jan 14 2012 Fedora Release Engineering - 2.4.5-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon May 30 2011 Jiri Skala - 2.4.5-18 +- fixes #682381 - hardcodes eth0 +- fixes #708260 - SELinux is preventing access on the file LCK..ttyUSB3 + +* Mon Apr 04 2011 Jiri Skala - 2.4.5-17 +- fixes #664282 and #664868 - man page fixes + +* Wed Feb 09 2011 Fedora Release Engineering - 2.4.5-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 02 2010 Jiri Skala - 2.4.5-15 +- corrected tmpfiles.d conf +- replaced remaining /etc by macros + +* Tue Nov 30 2010 Jiri Skala - 2.4.5-14 +- fixes #656671 - /var/run and /var/lock on tmpfs +- replaced paths /var /etc by macros + +* Tue Nov 16 2010 Jiri Skala - 2.4.5-13 +- fixes #565294 - SELinux is preventing /sbin/consoletype access to a leaked packet_socket fd + +* Wed Sep 29 2010 Jiri Skala - 2.4.5-12 +- fixes #637513 - Missing: README.eap-tls +- updated to latest eaptls upstream +- fixes #637886 - EAP-TLS not working with enabled PPP Multilink Framing option + +* Thu Aug 05 2010 Jiri Skala - 2.4.5-11 +- fixes #617625 - FTBFS in ppp due to change in kernel-headers +- fixes pppol2tp Makefile + +* Tue Jul 13 2010 Jiri Skala - 2.4.5-10 +- fixes #613717 - Missing line in example script ip-up.local.add +- removed /usr/kerberos/include from eaptls patch + +* Wed Jun 16 2010 Jiri Skala - 2.4.5-9 +- included eap-tls patch + +* Wed Apr 07 2010 Jiri Skala - 2.4.5-8 +- added pppoe-discovery(8) + +* Fri Mar 05 2010 Jiri Skala - 2.4.5-7 +- removed duplicities from patches (ip-*.local.add) + +* Fri Feb 12 2010 Jiri Skala - 2.4.5-6 +- fixes #560014 - SELinux is preventing /usr/sbin/pppd "read write" access on pppd2.tdb + +* Thu Feb 04 2010 Jiri Skala - 2.4.5-5 +- one line correction in fd_leak patch + +* Wed Feb 03 2010 Jiri Skala - 2.4.5-4 +- applied patch fd_leak + +* Fri Jan 22 2010 Jiri Skala - 2.4.5-3 +- fixed some rpmlint complains + +* Sun Nov 22 2009 Jiri Skala - 2.4.5-2 +- updated patches (make local succeeded, koji failed) + +* Fri Nov 20 2009 Jiri Skala - 2.4.5-1 +- updated to latest upstream sources (#538058) + +* Thu Oct 08 2009 Jiri Skala - 2.4.4-14 +- fixed #519042 - ppp package is missing URL in spec +- fixed #524575 - ppp: no_strip patch modifies backup files created by previous patches + +* Wed Sep 16 2009 Tomas Mraz 2.4.4-13 +- use password-auth common PAM configuration instead of system-auth + +* Sun Jul 26 2009 Fedora Release Engineering - 2.4.4-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Mar 06 2009 - Jiri Skala 2.4.4-11 +- fixed #488764 - package upgrade should not replace configuration files + +* Thu Feb 26 2009 Fedora Release Engineering - 2.4.4-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Dec 11 2008 Jiri Skala 2.4.4.-9 +- fixed #467004 PPP sometimes gets incorrect DNS servers for mobile broadband connections + +* Thu Aug 28 2008 Tom "spot" Callaway 2.4.4-8 +- fix license tag + +* Tue May 13 2008 Martin Nagy 2.4.4-7 +- add new speeds, patch by Jason Vas Dias (#446132) + +* Thu Mar 06 2008 Martin Nagy 2.4.4-6 +- call closelog earlier (#222295) +- fix ChapMS2 (#217076) +- moving header files to new -devel package (#203542) + +* Mon Mar 03 2008 Martin Nagy 2.4.4-5 +- put logs into /var/log/ppp (#118837) + +* Mon Feb 11 2008 Martin Nagy 2.4.4-4 +- rebuild for gcc-4.3 + +* Fri Nov 09 2007 Martin Nagy 2.4.4-3 +- removed undesired files from the package (#241753) + +* Fri Dec 1 2006 Thomas Woerner 2.4.4-2 +- fixed build requirement for libpcap (#217661) + +* Wed Jul 19 2006 Thomas Woerner 2.4.4-1 +- new version 2.4.4 with lots of fixes +- fixed reesolv.conf docs (#165072) + Thanks to Matt Domsch for the initial patch +- enabled CBCP (#199278) + +* Wed Jul 12 2006 Jesse Keating - 2.4.3-6.2.2 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 2.4.3-6.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.4.3-6.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Sat Nov 12 2005 Florian La Roche +- rebuild + +* Fri Nov 4 2005 David Woodhouse 2.4.3-5 +- Implement ipv6cp-accept-remote option + +* Fri Oct 7 2005 Tomas Mraz 2.4.3-4 +- use include instead of pam_stack in pam config + +* Sun Jul 31 2005 Florian La Roche +- rebuild for libpcap of the day + +* Tue Jul 19 2005 Thomas Woerner 2.4.3-2.1 +- additional patch for the scripts, thanks to Sammy (#163621) + +* Tue Jul 19 2005 Thomas Woerner 2.4.3-2 +- dropped all executable bits in scripts directory to prevent rpm requiring + programs used in there + +* Mon Jul 18 2005 Thomas Woerner 2.4.3-1 +- new version 2.4.3 + - updated patches: make, lib64, dontwriteetc, fix, fix64, no_strip, + radiusplugin + - dropped patches: bpf, signal, pcap, pppoatm, pkgcheck + +* Tue Nov 2 2004 Thomas Woerner 2.4.2-7 +- fixed out of bounds memory access, possible DOS + +* Thu Oct 7 2004 David Woodhouse 2.4.2-6.3 +- Fix use of 'demand' without explicit MTU/MRU with pppoatm + +* Tue Oct 5 2004 David Woodhouse 2.4.2-6.2 +- Link pppoatm plugin against libresolv. +- Revert to linux-atm headers without the workaround for #127098 + +* Mon Oct 4 2004 David Woodhouse 2.4.2-6.1 +- Include atmsap.h for pppoatm plugin. + +* Mon Oct 4 2004 David Woodhouse 2.4.2-6 +- Add pppoatm plugin (#131555) + +* Thu Sep 16 2004 Thomas Woerner 2.4.2-5.1 +- fixed subscript out of range (#132677) + +* Wed Sep 15 2004 Thomas Woerner 2.4.2-5 +- example scripts are using change_resolv_conf to modify /etc/resolv.conf + (#132482) +- require new libpcap library (>= 0.8.3-6) with a fix for inbound/outbound + filter processing +- not using internal libpcap structures anymore, fixes inbound/outbound + filter processing (#128053) + +* Fri Aug 6 2004 Thomas Woerner 2.4.2-4 +- fixed signal handling (#29171) + +* Mon Jun 21 2004 Thomas Woerner 2.4.2-3.1 +- fixed compiler warnings +- fixed 64bit problem with ms-chap (#125501) +- enabled pie again + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Mon May 24 2004 David Woodhouse 2.4.2-2.3 +- Enable IPv6 support. Disable PIE to avoid bogus Provides: + +* Fri May 14 2004 Thomas Woerner 2.4.2-2.2 +- compiled pppd and chat PIE + +* Thu May 13 2004 Thomas Woerner 2.4.2-2.1 +- added 'missingok' to ppp.logrotate (#122911) + +* Fri May 07 2004 Nils Philippsen 2.4.2-2 +- don't write to /etc (#118837) + +* Wed Mar 10 2004 Nalin Dahyabhai 2.4.2-1 +- update to 2.4.2 + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Fri Sep 5 2003 Nalin Dahyabhai 2.4.1-15 +- rebuild + +* Fri Sep 5 2003 Nalin Dahyabhai 2.4.1-14 +- apply the patch from -11 + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue Jun 3 2003 Nalin Dahyabhai 2.4.1-12 +- rebuild + +* Tue Jun 3 2003 Nalin Dahyabhai 2.4.1-11 +- check for libcrypt in the right directory at compile-time + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Thu Dec 12 2002 Elliot Lee 2.4.1-9 +- Fix build failure by rebuilding + +* Tue Nov 19 2002 Nalin Dahyabhai 2.4.1-8 +- rebuild +- set x86_64 to use varargs the way s390 does + +* Mon Jul 22 2002 Florian La Roche +- add patch: + * Thu Jun 06 2002 Phil Knirsch + - Fixed varargs problem for s390/s390x. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Fri May 17 2002 Nalin Dahyabhai 2.4.1-4 +- rebuild in new environment + +* Wed Feb 27 2002 Nalin Dahyabhai 2.4.1-3 +- revert cbcp patch, it's wrong (#55367) + +* Thu Aug 9 2001 Nalin Dahyabhai 2.4.1-2 +- add buildprereq on pam-devel (#49559) +- add patch to respond to CBCP LCP requests (#15738) +- enable cbcp support at build-time +- change the Copyright: tag to a License: tag + +* Wed May 23 2001 Nalin Dahyabhai 2.4.1-1 +- update to 2.4.1 + +* Fri Dec 1 2000 Nalin Dahyabhai +- rebuild in new environment + +* Thu Nov 9 2000 Nalin Dahyabhai +- update to 2.4.0 + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Mon Jun 5 2000 Nalin Dahyabhai +- move man pages to %%{_mandir} + +* Thu Jun 1 2000 Nalin Dahyabhai +- change perms using defattr +- modify PAM setup to use system-auth + +* Sun Mar 26 2000 Florian La Roche +- change to root:root perms + +* Mon Mar 06 2000 Nalin Dahyabhai +- reaper bugs verified as fixed +- check pam_open_session result code (bug #9966) + +* Mon Feb 07 2000 Nalin Dahyabhai +- take a shot at the wrong reaper bugs (#8153, #5290) + +* Thu Feb 03 2000 Nalin Dahyabhai +- free ride through the build system (release 2) + +* Tue Jan 18 2000 Nalin Dahyabhai +- Update to 2.3.11 + +* Sat Nov 06 1999 Michael K. Johnson +- Better fix for both problems + +* Fri Nov 05 1999 Michael K. Johnson +- fix for double-dial problem +- fix for requiring a controlling terminal problem + +* Sun Sep 19 1999 Preston Brown +- 2.3.10 bugfix release + +* Fri Aug 13 1999 Michael K. Johnson +- New version 2.3.9 required for kernel 2.3.13 and will be required + for new initscripts. auth patch removed; 2.3.9 does the same thing + more readably than the previous patch. + +* Thu Jun 24 1999 Cristian Gafton +- add pppdump + +* Fri Apr 09 1999 Cristian Gafton +- force pppd use the glibc's logwtmp instead of implementing its own + +* Thu Apr 01 1999 Preston Brown +- version 2.3.7 bugfix release + +* Tue Mar 23 1999 Cristian Gafton +- version 2.3.6 + +* Mon Mar 22 1999 Michael Johnson +- auth patch + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 3) + +* Thu Jan 07 1999 Cristian Gafton +- build for glibc 2.1 + +* Fri Jun 5 1998 Jeff Johnson +- updated to 2.3.5. + +* Tue May 19 1998 Prospector System +- translations modified for de + +* Fri May 8 1998 Jakub Jelinek +- make it run with kernels 2.1.100 and above. + +* Fri Apr 24 1998 Prospector System +- translations modified for de, fr, tr + +* Wed Mar 18 1998 Cristian Gafton +- requires glibc 2.0.6 or later + +* Wed Mar 18 1998 Michael K. Johnson +- updated PAM patch to not turn off wtmp/utmp/syslog logging. + +* Wed Jan 7 1998 Cristian Gafton +- added the /etc/pam.d config file +- updated PAM patch to include session support + +* Tue Jan 6 1998 Cristian Gafton +- updated to ppp-2.3.3, build against glibc-2.0.6 - previous patches not + required any more. +- added buildroot +- fixed the PAM support, which was really, completely broken and against any + standards (session support is still not here... :-( ) +- we build against running kernel and pray that it will work +- added a samples patch; updated glibc patch + +* Thu Dec 18 1997 Erik Troan +- added a patch to use our own route.h, rather then glibc's (which has + alignment problems on Alpha's) -- I only applied this patch on the Alpha, + though it should be safe everywhere + +* Fri Oct 10 1997 Erik Troan +- turned off the execute bit for scripts in /usr/doc + +* Fri Jul 18 1997 Erik Troan +- built against glibc + +* Tue Mar 25 1997 Erik Troan +- Integrated new patch from David Mosberger +- Improved description