import ppp-2.4.9-5.el9

c9 imports/c9/ppp-2.4.9-5.el9
CentOS Sources 3 years ago committed by MSVSphere Packaging Team
commit 6b52f9c18a

2
.gitignore vendored

@ -0,0 +1,2 @@
SOURCES/ppp-2.4.9.tar.gz
SOURCES/ppp-watch.tar.xz

@ -0,0 +1,2 @@
f879143a310f208c27f5279df9ecf9887ad1864b SOURCES/ppp-2.4.9.tar.gz
74b6db205dc46fc179a2a3bc3d726ddfeb03c801 SOURCES/ppp-watch.tar.xz

@ -0,0 +1,341 @@
From d7faeb88f684c8b2ae193b2c5b5b358ac757fcfa Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 11:39:09 +0200
Subject: [PATCH 04/27] doc: add configuration samples
---
sample/auth-down | 17 ++++++
sample/auth-up | 17 ++++++
sample/ip-down | 22 ++++++++
sample/ip-up | 23 ++++++++
sample/options | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++
sample/options.ttyXX | 14 +++++
sample/pap-secrets | 28 ++++++++++
7 files changed, 274 insertions(+)
create mode 100644 sample/auth-down
create mode 100644 sample/auth-up
create mode 100644 sample/ip-down
create mode 100644 sample/ip-up
create mode 100644 sample/options
create mode 100644 sample/options.ttyXX
create mode 100644 sample/pap-secrets
diff --git a/sample/auth-down b/sample/auth-down
new file mode 100644
index 0000000..edde65d
--- /dev/null
+++ b/sample/auth-down
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# A program or script which is executed after the remote system
+# successfully authenticates itself. It is executed with the parameters
+# <interface-name> <peer-name> <user-name> <tty-device> <speed>
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+echo auth-down `date +'%y/%m/%d %T'` $* >> /var/log/pppstats
+
+# last line
diff --git a/sample/auth-up b/sample/auth-up
new file mode 100644
index 0000000..54722a3
--- /dev/null
+++ b/sample/auth-up
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# A program or script which is executed after the remote system
+# successfully authenticates itself. It is executed with the parameters
+# <interface-name> <peer-name> <user-name> <tty-device> <speed>
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+echo auth-up `date +'%y/%m/%d %T'` $* >> /var/log/pppstats
+
+# last line
diff --git a/sample/ip-down b/sample/ip-down
new file mode 100644
index 0000000..b771fb6
--- /dev/null
+++ b/sample/ip-down
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# This script is run by the pppd _after_ the link is brought down.
+# It should be used to delete routes, unset IP addresses etc.
+#
+# This script is called with the following arguments:
+# Arg Name Example
+# $1 Interface name ppp0
+# $2 The tty ttyS1
+# $3 The link speed 38400
+# $4 Local IP number 12.34.56.78
+# $5 Peer IP number 12.34.56.99
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+# last line
diff --git a/sample/ip-up b/sample/ip-up
new file mode 100644
index 0000000..7ce7c8d
--- /dev/null
+++ b/sample/ip-up
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# This script is run by the pppd after the link is established.
+# It should be used to add routes, set IP address, run the mailq
+# etc.
+#
+# This script is called with the following arguments:
+# Arg Name Example
+# $1 Interface name ppp0
+# $2 The tty ttyS1
+# $3 The link speed 38400
+# $4 Local IP number 12.34.56.78
+# $5 Peer IP number 12.34.56.99
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+# last line
diff --git a/sample/options b/sample/options
new file mode 100644
index 0000000..8d0a3f9
--- /dev/null
+++ b/sample/options
@@ -0,0 +1,153 @@
+# /etc/ppp/options
+
+# The name of this server. Often, the FQDN is used here.
+#name <host>
+
+# Enforce the use of the hostname as the name of the local system for
+# authentication purposes (overrides the name option).
+usehostname
+
+# If no local IP address is given, pppd will use the first IP address
+# that belongs to the local hostname. If "noipdefault" is given, this
+# is disabled and the peer will have to supply an IP address.
+noipdefault
+
+# With this option, pppd will accept the peer's idea of our local IP
+# address, even if the local IP address was specified in an option.
+#ipcp-accept-local
+
+# With this option, pppd will accept the peer's idea of its (remote) IP
+# address, even if the remote IP address was specified in an option.
+#ipcp-accept-remote
+
+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
+# Two Servers can be remotely configured
+#ms-dns 192.168.1.1
+#ms-dns 192.168.1.2
+
+# Specify which WINS Servers the incoming connection Win95 or WinNT should use
+#wins-addr 192.168.1.50
+#wins-addr 192.168.1.51
+
+# enable this on a server that already has a permanent default route
+#nodefaultroute
+
+# Run the executable or shell command specified after pppd has terminated
+# the link. This script could, for example, issue commands to the modem
+# to cause it to hang up if hardware modem control signals were not
+# available.
+# If mgetty is running, it will reset the modem anyway. So there is no need
+# to do it here.
+#disconnect "chat -- \d+++\d\c OK ath0 OK"
+
+# Increase debugging level (same as -d). The debug output is written
+# to syslog LOG_LOCAL2.
+debug
+
+# Enable debugging code in the kernel-level PPP driver. The argument n
+# is a number which is the sum of the following values: 1 to enable
+# general debug messages, 2 to request that the contents of received
+# packets be printed, and 4 to request that the contents of transmitted
+# packets be printed.
+#kdebug n
+
+# Require the peer to authenticate itself before allowing network
+# packets to be sent or received.
+# Please do not disable this setting. It is expected to be standard in
+# future releases of pppd. Use the call option (see manpage) to disable
+# authentication for specific peers.
+#auth
+
+# authentication can either be pap or chap. As most people only want to
+# use pap, you can also disable chap:
+#require-pap
+#refuse-chap
+
+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+# on the serial port.
+crtscts
+
+# Specifies that pppd should use a UUCP-style lock on the serial device
+# to ensure exclusive access to the device.
+lock
+
+# Use the modem control lines.
+modem
+
+# async character map -- 32-bit hex; each bit is a character
+# that needs to be escaped for pppd to receive it. 0x00000001
+# represents '\x01', and 0x80000000 represents '\x1f'.
+# To allow pppd to work over a rlogin/telnet connection, ou should escape
+# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".)
+#asyncmap 200a0000
+asyncmap 0
+
+# Specifies that certain characters should be escaped on transmission
+# (regardless of whether the peer requests them to be escaped with its
+# async control character map). The characters to be escaped are
+# specified as a list of hex numbers separated by commas. Note that
+# almost any character can be specified for the escape option, unlike
+# the asyncmap option which only allows control characters to be
+# specified. The characters which may not be escaped are those with hex
+# values 0x20 - 0x3f or 0x5e.
+#escape 11,13,ff
+
+# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
+# will ask the peer to send packets of no more than <n> bytes. The
+# minimum MRU value is 128. The default MRU value is 1500. A value of
+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
+# bytes of data).
+#mru 542
+
+# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
+# requests a smaller value via MRU negotiation, pppd will request that
+# the kernel networking code send data packets of no more than n bytes
+# through the PPP network interface.
+#mtu <n>
+
+# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+# notation (e.g. 255.255.255.0).
+#netmask 255.255.255.0
+
+# Don't fork to become a background process (otherwise pppd will do so
+# if a serial device is specified).
+nodetach
+
+# Set the assumed name of the remote system for authentication purposes
+# to <n>.
+#remotename <n>
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system. {proxyarp,noproxyarp}
+proxyarp
+
+# Use the system password database for authenticating the peer using
+# PAP. Note: mgetty already provides this option. If this is specified
+# then dialin from users using a script under Linux to fire up ppp wont work.
+#login
+
+# If this option is given, pppd will send an LCP echo-request frame to
+# the peer every n seconds. Under Linux, the echo-request is sent when
+# no packets have been received from the peer for n seconds. Normally
+# the peer should respond to the echo-request by sending an echo-reply.
+# This option can be used with the lcp-echo-failure option to detect
+# that the peer is no longer connected.
+lcp-echo-interval 30
+
+# If this option is given, pppd will presume the peer to be dead if n
+# LCP echo-requests are sent without receiving a valid LCP echo-reply.
+# If this happens, pppd will terminate the connection. Use of this
+# option requires a non-zero value for the lcp-echo-interval parameter.
+# This option can be used to enable pppd to terminate after the physical
+# connection has been broken (e.g., the modem has hung up) in
+# situations where no hardware modem control lines are available.
+lcp-echo-failure 4
+
+# Specifies that pppd should disconnect if the link is idle for n seconds.
+idle 600
+
+# Disable the IPXCP and IPX protocols.
+noipx
+
+# ---<End of File>---
diff --git a/sample/options.ttyXX b/sample/options.ttyXX
new file mode 100644
index 0000000..d4202f5
--- /dev/null
+++ b/sample/options.ttyXX
@@ -0,0 +1,14 @@
+# If you need to set up multiple serial lines then copy this file to
+# options.<ttyname> for each tty with a modem on it.
+#
+# The options.tty file will assign an IP address to each PPP connection
+# as it comes up. They must all be distinct!
+#
+# Example:
+# options.ttyS1 for com2 under DOS.
+#
+# Edit the following line so that the first IP address
+# mentioned is the ip address of the serial port while the second
+# is the IP address of your host
+#
+hostname-s1:hostname
diff --git a/sample/pap-secrets b/sample/pap-secrets
new file mode 100644
index 0000000..098971b
--- /dev/null
+++ b/sample/pap-secrets
@@ -0,0 +1,28 @@
+# Secrets for authentication using PAP
+# client server secret IP addresses
+
+# OUTBOUND CONNECTIONS
+# Here you should add your userid password to connect to your providers via
+# pap. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+#hostname * password
+
+# INBOUND CONNECTIONS
+#client hostname <password> 192.168.1.1
+
+# If you add "auth login -chap +pap" to /etc/mgetty+sendfax/login.config,
+# all users in /etc/passwd can use their password for pap-authentication.
+#
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+#* hostname ""
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd! Replace hostname
+# with your local hostname.
+#guest hostname "*" -
+#master hostname "*" -
+#root hostname "*" -
+#support hostname "*" -
+#stats hostname "*" -
--
1.8.3.1

@ -0,0 +1,85 @@
From 01419dfb684d501b57f1c24dcfdbcf9da93ccca2 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 18:12:47 +0200
Subject: [PATCH 06/27] scritps: use change_resolv_conf function
Don't handle /etc/resolv.conf manually, but use a helper function from
initscripts. Also change path where we save DNS servers supplied by peer while
we are at it.
Resolves: #132482
---
pppd/pppd.8 | 2 +-
scripts/ip-down.local.add | 9 +++++----
scripts/ip-up.local.add | 17 ++++++++++-------
3 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/pppd/pppd.8 b/pppd/pppd.8
index e2768b1..2dd6e1a 100644
--- a/pppd/pppd.8
+++ b/pppd/pppd.8
@@ -1099,7 +1099,7 @@ Ask the peer for up to 2 DNS server addresses. The addresses supplied
by the peer (if any) are passed to the /etc/ppp/ip\-up script in the
environment variables DNS1 and DNS2, and the environment variable
USEPEERDNS will be set to 1. In addition, pppd will create an
-/etc/ppp/resolv.conf file containing one or two nameserver lines with
+/var/run/ppp/resolv.conf file containing one or two nameserver lines with
the address(es) supplied by the peer.
.TP
.B user \fIname
diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add
index b93590e..163f71e 100644
--- a/scripts/ip-down.local.add
+++ b/scripts/ip-down.local.add
@@ -9,12 +9,13 @@
#
# Nick Walker (nickwalker@email.com)
#
+. /etc/sysconfig/network-scripts/network-functions
-if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
- if [ -f /etc/ppp/resolv.prev ]; then
- cp -f /etc/ppp/resolv.prev /etc/resolv.conf
+if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
+ if [ -f /var/run/ppp/resolv.prev ]; then
+ change_resolv_conf /var/run/ppp/resolv.prev
else
- rm -f /etc/resolv.conf
+ change_resolv_conf
fi
fi
diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
index 8017209..26cf5f8 100644
--- a/scripts/ip-up.local.add
+++ b/scripts/ip-up.local.add
@@ -9,16 +9,19 @@
#
# Nick Walker (nickwalker@email.com)
#
+. /etc/sysconfig/network-scripts/network-functions
-if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
- rm -f /etc/ppp/resolv.prev
+if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
+ rm -f /var/run/ppp/resolv.prev
if [ -f /etc/resolv.conf ]; then
- cp /etc/resolv.conf /etc/ppp/resolv.prev
- grep domain /etc/ppp/resolv.prev > /etc/resolv.conf
- grep search /etc/ppp/resolv.prev >> /etc/resolv.conf
- cat /etc/ppp/resolv.conf >> /etc/resolv.conf
+ cp /etc/resolv.conf /var/run/ppp/resolv.prev
+ rscf=/var/run/ppp/resolv.new
+ grep domain /var/run/ppp/resolv.prev > $rscf
+ grep search /var/run/ppp/resolv.prev >> $rscf
+ change_resolv_conf $rscf
+ rm -f $rscf
else
- cp /etc/ppp/resolv.conf /etc
+ change_resolv_conf /var/run/ppp/resolv.conf
fi
fi
--
1.8.3.1

@ -0,0 +1,77 @@
From b4ef433be936c90e356da7a590b032cdee219a3f Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 19:06:05 +0200
Subject: [PATCH 11/27] build-sys: don't put connect-errors log to /etc/ppp/
Resolves: #118837
---
chat/chat.8 | 2 +-
linux/Makefile.top | 8 +++++++-
pppd/pathnames.h | 4 ++--
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/chat/chat.8 b/chat/chat.8
index 6d10836..78d6939 100644
--- a/chat/chat.8
+++ b/chat/chat.8
@@ -200,7 +200,7 @@ The \fBSAY\fR directive allows the script to send strings to the user
at the terminal via standard error. If \fBchat\fR is being run by
pppd, and pppd is running as a daemon (detached from its controlling
terminal), standard error will normally be redirected to the file
-/etc/ppp/connect\-errors.
+/var/log/ppp/connect\-errors.
.LP
\fBSAY\fR strings must be enclosed in single or double quotes. If
carriage return and line feed are needed in the string to be output,
diff --git a/linux/Makefile.top b/linux/Makefile.top
index f63d45e..f42efd5 100644
--- a/linux/Makefile.top
+++ b/linux/Makefile.top
@@ -5,6 +5,8 @@ BINDIR = $(DESTDIR)/sbin
INCDIR = $(DESTDIR)/include
MANDIR = $(DESTDIR)/share/man
ETCDIR = $(INSTROOT)@SYSCONF@/ppp
+RUNDIR = $(DESTDIR)/var/run/ppp
+LOGDIR = $(DESTDIR)/var/log/ppp
# uid 0 = root
INSTALL= install
@@ -16,7 +18,7 @@ all:
cd pppstats; $(MAKE) $(MFLAGS) all
cd pppdump; $(MAKE) $(MFLAGS) all
-install: $(BINDIR) $(MANDIR)/man8 install-progs install-devel
+install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel
install-progs:
cd chat; $(MAKE) $(MFLAGS) install
@@ -44,6 +46,10 @@ $(MANDIR)/man8:
$(INSTALL) -d -m 755 $@
$(ETCDIR):
$(INSTALL) -d -m 755 $@
+$(RUNDIR):
+ $(INSTALL) -d -m 755 $@
+$(LOGDIR):
+ $(INSTALL) -d -m 755 $@
clean:
rm -f `find . -name '*.[oas]' -print`
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
index a427cb8..bef3160 100644
--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
@@ -28,9 +28,9 @@
#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
-#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
+#define _PATH_CONNERRS _ROOT_PATH "/var/log/ppp/connect-errors"
#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf"
+#define _PATH_RESOLV _ROOT_PATH "/var/run/ppp/resolv.conf"
#define _PATH_USEROPT ".ppprc"
#define _PATH_PSEUDONYM ".ppp_pseudonym"
--
1.8.3.1

@ -0,0 +1,149 @@
diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
index d693350..c31bb34 100644
--- a/pppd/plugins/pppoatm/pppoatm.c
+++ b/pppd/plugins/pppoatm/pppoatm.c
@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
if (!device_got_set)
no_device_given_pppoatm();
- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (fd < 0)
fatal("failed to create socket: %m");
memset(&qos, 0, sizeof qos);
diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
index 9643b96..1099575 100644
--- a/pppd/plugins/pppol2tp/openl2tp.c
+++ b/pppd/plugins/pppol2tp/openl2tp.c
@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
int result;
if (openl2tp_fd < 0) {
- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (openl2tp_fd < 0) {
error("openl2tp connection create: %m");
return -ENOTCONN;
diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
index a7e3400..e64a778 100644
--- a/pppd/plugins/pppol2tp/pppol2tp.c
+++ b/pppd/plugins/pppol2tp/pppol2tp.c
@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
struct ifreq ifr;
int fd;
- fd = socket(AF_INET, SOCK_DGRAM, 0);
+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (fd >= 0) {
memset (&ifr, '\0', sizeof (ifr));
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
index 91e9a57..72aba41 100644
--- a/pppd/plugins/pppoe/if.c
+++ b/pppd/plugins/pppoe/if.c
@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
- if ((fd = socket(domain, stype, htons(type))) < 0) {
+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
fatal("Cannot create raw socket -- pppoe must be run as root.");
diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
index a8c2bb4..24bdf8f 100644
--- a/pppd/plugins/pppoe/plugin.c
+++ b/pppd/plugins/pppoe/plugin.c
@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
/* server equipment). */
/* Opening this socket just before waitForPADS in the discovery() */
/* function would be more appropriate, but it would mess-up the code */
- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
if (conn->sessionSocket < 0) {
error("Failed to create PPPoE socket: %m");
return -1;
@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
lcp_wantoptions[0].mru = conn->mru;
/* Update maximum MRU */
- s = socket(AF_INET, SOCK_DGRAM, 0);
+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (s < 0) {
error("Can't get MTU for %s: %m", conn->ifName);
goto errout;
@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
}
/* Open a socket */
- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
r = 0;
}
diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
index 3d3bf4e..c0d927d 100644
--- a/pppd/plugins/pppoe/pppoe-discovery.c
+++ b/pppd/plugins/pppoe/pppoe-discovery.c
@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
- if ((fd = socket(domain, stype, htons(type))) < 0) {
+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
fatal("Cannot create raw socket -- pppoe must be run as root.");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 00a2cf5..0690019 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
void sys_init(void)
{
/* Get an internet socket for doing socket ioctls. */
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock_fd < 0)
fatal("Couldn't create IP socket: %m(%d)", errno);
#ifdef INET6
- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
+ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock6_fd < 0)
sock6_fd = -errno; /* save errno for later */
#endif
@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
struct ifreq ifreq;
int ret, sock_fd;
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock_fd < 0)
return -1;
memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
@@ -2067,7 +2067,7 @@ int ppp_available(void)
/*
* Open a socket for doing the ioctl operations.
*/
- s = socket(AF_INET, SOCK_DGRAM, 0);
+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (s < 0)
return 0;
diff --git a/pppd/tty.c b/pppd/tty.c
index bc96695..8e76a5d 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -896,7 +896,7 @@ open_socket(dest)
*sep = ':';
/* get a socket and connect it to the other end */
- sock = socket(PF_INET, SOCK_STREAM, 0);
+ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (sock < 0) {
error("Can't create socket: %m");
return -1;
--
1.8.3.1

@ -0,0 +1,44 @@
From f2c855462ff56be4121409c7e048cd2503fe0ccf Mon Sep 17 00:00:00 2001
From: Jiri Skala <jskala@fedoraproject.org>
Date: Mon, 7 Apr 2014 14:26:20 +0200
Subject: [PATCH 15/27] pppd: move pppd database to /var/run/ppp
Resolves: #560014
---
pppd/pathnames.h | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
index bef3160..24e010c 100644
--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
@@ -6,8 +6,9 @@
#ifdef HAVE_PATHS_H
#include <paths.h>
-
+#define _PPP_SUBDIR "ppp/"
#else /* HAVE_PATHS_H */
+#define _PPP_SUBDIR
#ifndef _PATH_VARRUN
#define _PATH_VARRUN "/etc/ppp/"
#endif
@@ -46,13 +47,9 @@
#endif /* IPX_CHANGE */
#ifdef __STDC__
-#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd2.tdb"
+#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb"
#else /* __STDC__ */
-#ifdef HAVE_PATHS_H
-#define _PATH_PPPDB "/var/run/pppd2.tdb"
-#else
-#define _PATH_PPPDB "/etc/ppp/pppd2.tdb"
-#endif
+#define _PATH_PPPDB _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb"
#endif /* __STDC__ */
#ifdef PLUGIN
--
1.8.3.1

@ -0,0 +1,115 @@
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index 3cd9101..9918091 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -16,6 +16,7 @@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
+MANDIR = $(DESTDIR)/share/man/man8
LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
@@ -46,6 +47,7 @@ install: all
$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
$(INSTALL) -d -m 755 $(BINDIR)
$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
+ $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
clean:
rm -f *.o *.so pppoe-discovery
diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8
new file mode 100644
index 0000000..d0a93db
--- /dev/null
+++ b/pppd/plugins/pppoe/pppoe-discovery.8
@@ -0,0 +1,86 @@
+.\" pppoe-discovery.8 written by
+.\" Ben Hutchings <ben@decadentplace.org.uk>, based on pppoe.8.
+.\" Licenced under the GPL version 2 or later.
+.TH PPPOE-DISCOVERY 8
+.SH NAME
+pppoe\-discovery \- perform PPPoE discovery
+.SH SYNOPSIS
+.B pppoe\-discovery
+[
+.I options
+]
+.br
+.BR pppoe\-discovery " { " \-V " | " \-h " }"
+.SH DESCRIPTION
+.LP
+\fBpppoe\-discovery\fR performs the same discovery process as
+\fBpppoe\fR, but does not initiate a session.
+It sends a PADI packet and then prints the names of access
+concentrators in each PADO packet it receives.
+.SH OPTIONS
+.TP
+.BI \-I " interface"
+.RS
+The \fB\-I\fR option specifies the Ethernet interface to use.
+Under Linux, it is typically eth0 or eth1.
+The interface should be \(lqup\(rq before you start
+\fBpppoe\-discovery\fR, but should \fInot\fR be configured to have an
+IP address.
+The default interface is eth0.
+.RE
+.TP
+.BI \-D " file_name"
+.RS
+The \fB\-D\fR option causes every packet to be dumped to the specified
+\fIfile_name\fR.
+This is intended for debugging only.
+.RE
+.TP
+.B \-U
+.RS
+Causes \fBpppoe\-discovery\fR to use the Host-Uniq tag in its discovery
+packets.
+This lets you run multiple instances of \fBpppoe\-discovery\fR and/or
+\fBpppoe\fR without having their discovery packets interfere with one
+another.
+You must supply this option to \fIall\fR instances that you intend to
+run simultaneously.
+.RE
+.TP
+.BI \-S " service_name"
+.RS
+Specifies the desired service name.
+\fBpppoe\-discovery\fR will only accept access concentrators which can
+provide the specified service.
+In most cases, you should \fInot\fR specify this option.
+Use it only if you know that there are multiple access concentrators
+or know that you need a specific service name.
+.RE
+.TP
+.BI \-C " ac_name"
+.RS
+Specifies the desired access concentrator name.
+\fBpppoe\-discovery\fR will only accept the specified access
+concentrator.
+In most cases, you should \fInot\fR specify this option.
+Use it only if you know that there are multiple access concentrators.
+If both the \fB\-S\fR and \fB\-C\fR options are specified, they must
+\fIboth\fR match.
+.RE
+.TP
+.B \-A
+.RS
+This option is accepted for compatibility with \fBpppoe\fR, but has no
+effect.
+.RE
+.TP
+.BR \-V " | " \-h
+.RS
+Either of these options causes \fBpppoe\-discovery\fR to print its
+version number and usage information, then exit.
+.RE
+.SH AUTHORS
+\fBpppoe\-discovery\fR was written by Marco d'Itri <md@linux.it>,
+based on \fBpppoe\fR by David F. Skoll <dfs@roaringpenguin.com>.
+.SH SEE ALSO
+pppoe(8), pppoe-sniff(8)
--
1.8.3.1

@ -0,0 +1,27 @@
From 40960f91cdd06da387616ec838ae2599e7f01cee Mon Sep 17 00:00:00 2001
From: Jiri Skala <jskala@fedoraproject.org>
Date: Mon, 7 Apr 2014 15:24:01 +0200
Subject: [PATCH 18/27] scritps: fix ip-up.local sample
Resolves: #613717
---
scripts/ip-up.local.add | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
index 26cf5f8..282337c 100644
--- a/scripts/ip-up.local.add
+++ b/scripts/ip-up.local.add
@@ -18,6 +18,9 @@ if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
rscf=/var/run/ppp/resolv.new
grep domain /var/run/ppp/resolv.prev > $rscf
grep search /var/run/ppp/resolv.prev >> $rscf
+ if [ -f /var/run/ppp/resolv.conf ]; then
+ cat /var/run/ppp/resolv.conf >> $rscf
+ fi
change_resolv_conf $rscf
rm -f $rscf
else
--
1.8.3.1

@ -0,0 +1,26 @@
From c5a5f795b1defcb6d168e79c4d1fc371dfc556ca Mon Sep 17 00:00:00 2001
From: Jiri Skala <jskala@redhat.com>
Date: Wed, 9 Apr 2014 09:29:50 +0200
Subject: [PATCH 20/27] pppd: put lock files in /var/lock/ppp
Resolves: #708260
---
pppd/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/utils.c b/pppd/utils.c
index 6051b9a..8407492 100644
--- a/pppd/utils.c
+++ b/pppd/utils.c
@@ -846,7 +846,7 @@ complete_read(int fd, void *buf, size_t count)
/* Procedures for locking the serial device using a lock file. */
#ifndef LOCK_DIR
#ifdef __linux__
-#define LOCK_DIR "/var/lock"
+#define LOCK_DIR "/var/lock/ppp"
#else
#ifdef SVR4
#define LOCK_DIR "/var/spool/locks"
--
1.8.3.1

@ -0,0 +1,20 @@
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index 2df887b..6cb8397 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -43,12 +43,12 @@ pppoe.so: plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 4550 pppoe.so $(LIBDIR)
+ $(INSTALL) -c -m 755 pppoe.so $(LIBDIR)
# Symlink for backward compatibility
$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
$(INSTALL) -d -m 755 $(BINDIR)
- $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
- $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
+ $(INSTALL) -c -m 755 pppoe-discovery $(BINDIR)
+ $(INSTALL) -c -m 644 pppoe-discovery.8 $(MANDIR)
clean:
rm -f *.o *.so pppoe-discovery

@ -0,0 +1,26 @@
From 0fdb22ef3d3cc3b297372451d60bd6c61d047d27 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 10 Apr 2014 10:08:41 +0200
Subject: [PATCH 24/27] build-sys: install pppoatm plugin files with standard
perms
---
pppd/plugins/pppoatm/Makefile.linux | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 769794b..4c5826f 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -37,7 +37,7 @@ $(PLUGIN): $(PLUGIN_OBJS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 4550 $(PLUGIN) $(LIBDIR)
+ $(INSTALL) -c -m 755 $(PLUGIN) $(LIBDIR)
clean:
rm -f *.o *.so
--
1.8.3.1

@ -0,0 +1,51 @@
#! /bin/bash
cd /etc/sysconfig/network-scripts
. ./network-functions
CONFIG=$1
source_config
if [ "$TYPE" = "xDSL" ] && [ -x /usr/sbin/adsl-stop ] ; then
adsl-stop /etc/sysconfig/network-scripts/$CONFIG
exit $?
fi
CONFIG=${CONFIG##ifcfg-}
if [ "${DEMAND}" = "yes" ] && [ -f /var/run/ppp-${CONFIG}.pid ] ; then
PID=$(head -1 /var/run/ppp-${CONFIG}.pid)
kill -TERM ${PID}
sleep 2
[ ! -d /proc/${PID} ] && exit 0
sleep 5
[ ! -d /proc/${PID} ] && exit 0
kill -TERM ${PID}
[ ! -d /proc/${PID} ] && exit 0
exit 1
fi
file=/var/run/pppwatch-${DEVICE}.pid
if [ ! -f $file ]; then
# ppp isn't running, or we didn't start it
exit 0
fi
PID=$(cat $file)
[ -n "${PID}" ] || exit 1
kill -TERM ${PID} > /dev/null 2>&1
[ ! -d /proc/${PID} ] && exit 0
sleep 2
[ ! -d /proc/${PID} ] && exit 0
sleep 5
[ ! -d /proc/${PID} ] && exit 0
sleep 10
[ ! -d /proc/${PID} ] && exit 0
# killing ppp-watch twice in a row causes it to send a SIGKILL to pppd pgrp
kill -TERM ${PID} > /dev/null 2>&1
[ ! -d /proc/${PID} ] && exit 0
exit 1

@ -0,0 +1,157 @@
#! /bin/bash
. /etc/init.d/functions
cd /etc/sysconfig/network-scripts
. ./network-functions
# ifup-post for PPP is handled through /etc/ppp/ip-up
if [ "${1}" = daemon ] ; then
# we've been called from ppp-watch, so don't invoke it for persistence
shift
else
# just in case a full path to the configuration file is passed in
CONFIG=${1##*/} # CONFIG=$(basename $1)
[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
source_config
# don't start ppp-watch by xDSL
if [ "${DEMAND}" != yes -a "$TYPE" != "xDSL" ] ; then
# let ppp-watch do the right thing
exec /sbin/ppp-watch "${CONFIG##ifcfg-}" "$2"
fi
fi
CONFIG=$1
[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
source_config
if [ -z "${DISCONNECTTIMEOUT}" ]; then
DISCONNECTTIMEOUT=2
fi
if [ -z "${RETRYTIMEOUT}" ]; then
RETRYTIMEOUT=30
fi
if [ -z "${IDLETIMEOUT}" ]; then
IDLETIMEOUT=600
fi
if [ "${2}" = "boot" -a "${ONBOOT}" = "no" ]; then
exit
fi
[ -x /usr/sbin/pppd ] || {
echo $"pppd does not exist or is not executable"
echo $"ifup-ppp for ${DEVICE} exiting"
/usr/bin/logger -p daemon.info -t ifup-ppp \
$"pppd does not exist or is not executable for ${DEVICE}"
exit 1
}
# check that xDSL connection
if [ "$TYPE" = "xDSL" ] ; then
if [ -x /usr/sbin/adsl-start ] ; then
adsl-start /etc/sysconfig/network-scripts/$CONFIG
exit $?
else
/usr/bin/logger -p daemon.info -t ifup-ppp \
$"adsl-start does not exist or is not executable for ${DEVICE}"
exit 1
fi
fi
PEERCONF=/etc/ppp/peers/${DEVNAME}
if [ "${DEBUG}" = "yes" ]; then
CHATDBG="-v"
fi
if [ ! -f ${PEERCONF} ]; then
if [ -z "${WVDIALSECT}" ] ; then
CHATSCRIPT=/etc/sysconfig/network-scripts/chat-${DEVNAME}
[ -f ${CHATSCRIPT} ] || {
echo $"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist"
echo $"ifup-ppp for ${DEVNAME} exiting"
/usr/bin/logger -p daemon.info -t ifup-ppp \
$"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist for ${DEVICE}"
exit 1
}
fi
/usr/bin/logger -s -p daemon.notice -t ifup-ppp \
$"Setting up a new ${PEERCONF} config file"
if [ -f /etc/ppp/peers/${DEVICE} ]; then
cp -f /etc/ppp/peers/${DEVICE} ${PEERCONF}
else
touch ${PEERCONF}
fi
if [ "${WVDIALSECT}" ]; then
echo "connect \"/usr/bin/wvdial --remotename ${DEVNAME} --chat '${WVDIALSECT}'\"" >> ${PEERCONF}
else
echo "connect \"/usr/sbin/chat ${CHATDBG} -f ${CHATSCRIPT}\"" >> ${PEERCONF}
fi
fi
opts="lock"
if [ "${HARDFLOWCTL}" != no ] ; then
opts="$opts modem crtscts"
fi
if [ "${ESCAPECHARS}" != yes ] ; then
opts="$opts asyncmap 00000000"
fi
if [ "${DEFROUTE}" != no ] ; then
# pppd will no longer delete an existing default route
# so we have to help it out a little here.
DEFRT=$(ip route list match 0.0.0.0/0)
[ -n "${DEFRT}" ] && echo "$DEFRT" > /etc/default-routes
echo "$DEFRT" | while read spec; do
ip route del $spec;
done
opts="$opts defaultroute"
fi
if [ "${PEERDNS}" != no ] ; then
cp -f /etc/resolv.conf /etc/resolv.conf.save
opts="$opts usepeerdns"
fi
if [ -n "${MRU}" ] ; then
opts="$opts mru ${MRU}"
fi
if [ -n "${MTU}" ] ; then
opts="$opts mtu ${MTU}"
fi
if [ -n "${IPADDR}${REMIP}" ] ; then
# if either IP address is set, the following will work.
opts="$opts ${IPADDR}:${REMIP}"
fi
if [ -n "${PAPNAME}" ] ; then
opts="$opts user ${PAPNAME} remotename ${DEVNAME}"
fi
if [ "${DEBUG}" = yes ] ; then
opts="$opts debug"
fi
if [ ${DEMAND} = yes ] ; then
opts="$opts demand ktune idle ${IDLETIMEOUT} holdoff ${RETRYTIMEOUT}"
exec=
else
opts="$opts nodetach"
exec=exec
fi
/usr/bin/logger -p daemon.info -t ifup-ppp \
$"pppd started for ${DEVNAME} on ${MODEMPORT} at ${LINESPEED}"
$exec pppd $opts ${MODEMPORT} ${LINESPEED} \
ipparam ${DEVNAME} linkname ${DEVNAME} call ${DEVNAME}\
noauth \
${PPPOPTIONS} || exit
if [ "${DEMAND}" = "yes" ] ; then
# pppd is a tad slow to write the pid-file.
sleep 2
if [ -f /var/run/ppp-${DEVNAME}.pid ] ; then
REALDEVICE=$(tail -1 /var/run/ppp-${DEVNAME}.pid)
/etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
fi
fi

@ -0,0 +1,18 @@
#!/bin/bash
# This file should not be modified -- make local changes to
# /etc/ppp/ip-down.local instead
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
LOGDEVICE=$6
REALDEVICE=$1
/etc/ppp/ip-down.ipv6to4 ${LOGDEVICE}
[ -x /etc/ppp/ip-down.local ] && /etc/ppp/ip-down.local "$@"
/etc/sysconfig/network-scripts/ifdown-post --realdevice ${REALDEVICE} \
ifcfg-${LOGDEVICE}
exit 0

@ -0,0 +1,114 @@
#!/bin/sh
#
# ip-down.ipv6to4
#
#
# Taken from:
# (P) & (C) 2000-2005 by Peter Bieringer <pb@bieringer.de>
#
# You will find more information on the initscripts-ipv6 homepage at
# http://www.deepspace6.net/projects/initscripts-ipv6.html
#
# Version 2005-09-22
#
# Calling parameters:
# $1: interface name
#
# Called (mostly) by /etc/ppp/ip-down.local
# like: /etc/ppp/ip-down.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1
#
# Note: this script will *check* whether the existing 6to4 tunnel
# was set before by using "ip-up.ipv6to4" comparing IPv4 address
# of device with the generated 6to4 prefix
#
# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
# IPV6TO4INIT=yes|no: controls configuration
# IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup additional interfaces
#
# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering
# IPV6_RADVD_PIDFILE=<file>: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid"
# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd (optional, default is SIGHUP)
#
if [ -z "$1" ]; then
echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization"
exit 1
fi
# Get global network configuration
. /etc/sysconfig/network
# Source IPv4 helper functions
cd /etc/sysconfig/network-scripts
. ./network-functions
CONFIG=$1
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
# IPv6 don't need aliases anymore, config is skipped
REALDEVICE=${DEVICE%%:*}
[ "$DEVICE" != "$REALDEVICE" ] && exit 0
if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
exit 1
fi
. /etc/sysconfig/network-scripts/network-functions-ipv6
# Run basic IPv6 test, if not ok, skip IPv6 initialization
ipv6_test testonly || exit 0
# Test status of ppp device
ipv6_test_device_status $DEVICE
if [ $? != 0 -a $? != 11 ]; then
# device doesn't exist or other problem occurs
exit 1
fi
# Test status of tun6to4 device
ipv6_test_device_status tun6to4
if [ $? = 0 -o $? = 11 ]; then
# Device exists
valid6to4config="yes"
# Get IPv4 address from interface
ipv4addr="$(ipv6_get_ipv4addr_of_device $DEVICE)"
if [ -z "$ipv4addr" ]; then
# Has no IPv4 address
valid6to4config="no"
fi
# Get local IPv4 address of dedicated tunnel
ipv4addr6to4local="$(ipv6_get_ipv4addr_of_tunnel tun6to4 local)"
# IPv6to4 not enabled on this interface?
if [ $IPV6TO4INIT != "yes" ]; then
# Check against configured 6to4 tunnel to see if this interface was regardless used before
if [ "$ipv4addr" != "$ipv4addr6to4local" ]; then
# IPv4 address of interface does't match local tunnel address, interface was not used for current 6to4 setup
valid6to4config="no"
fi
fi
fi
if [ "$valid6to4config" = "yes" ]; then
if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
# Control running radvd
ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
fi
if [ -n "$IPV6TO4_ROUTING" ]; then
# Delete routes to local networks
for devsuf in $IPV6TO4_ROUTING; do
dev="${devsuf%%-*}"
ipv6_cleanup_6to4_device $dev
done
fi
# Delete all configured 6to4 address
ipv6_cleanup_6to4_tunnels tun6to4
fi

@ -0,0 +1,17 @@
#!/bin/bash
# This file should not be modified -- make local changes to
# /etc/ppp/ip-up.local instead
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
LOGDEVICE=$6
REALDEVICE=$1
[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post --realdevice ${REALDEVICE} ifcfg-${LOGDEVICE}
/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE}
[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
exit 0

@ -0,0 +1,193 @@
#!/bin/sh
#
# ip-up.ipv6to4
#
#
# Taken from:
# (P) & (C) 2000-2005 by Peter Bieringer <pb@bieringer.de>
#
# You will find more information on the initscripts-ipv6 homepage at
# http://www.deepspace6.net/projects/initscripts-ipv6.html
#
# Version: 2005-09-22
#
# Calling parameters:
# $1: interface name
#
# Called (mostly) by /etc/ppp/ip-up.local
# like: /etc/ppp/ip-up.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1
#
# Note: this script will *kill* older still existing 6to4 tunnels regardless
# whether they were set before by another device
#
# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
# IPV6TO4INIT=yes|no: controls configuration
# IPV6TO4_IPV4ADDR=<IPv4 address>: special local address for 6to4 tunneling (only needed behind a NAT gateway)
# IPV6TO4_RELAY=<IPv4 address>: remote 6to4 relay router address (default: 192.88.99.1)
# IPV6TO4_MTU=<MTU for IPv6>: controls IPv6 MTU for the 6to4 link (optional, default is MTU of interface - 20)
# IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup additional interfaces
# Example: IPV6TO4_ROUTING="eth0-:f101::1/64 eth1-:f102::1/64"
#
# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering
# IPV6_RADVD_PIDFILE=<file>: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid"
# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd (optional, default is SIGHUP)
#
# Requirements
# radvd-0.6.2p3 or newer supporting option "Base6to4Interface"
#
if [ -z "$1" ]; then
echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization"
exit 1
fi
# Get global network configuration
. /etc/sysconfig/network
# Source IPv4 helper functions
cd /etc/sysconfig/network-scripts
. ./network-functions
CONFIG=$1
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
# IPv6 don't need aliases anymore, config is skipped
REALDEVICE=${DEVICE%%:*}
[ "$DEVICE" != "$REALDEVICE" ] && exit 0
if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
exit 1
fi
. /etc/sysconfig/network-scripts/network-functions-ipv6
# Run basic IPv6 test (and make sure the ipv6 module will be loaded), if not ok, skip IPv6 initialization
ipv6_test || exit 1
# Setup of 6to4, if configured
valid6to4config="yes"
if [ "$IPV6TO4INIT" = "yes" ]; then
if [ -n "$IPV6TO4_IPV4ADDR" ]; then
# Take 6to4-dedicated configured IPv4 address from config file (precedence 1)
ipv4addr="$IPV6TO4_IPV4ADDR"
else
# Get IPv4 address from interface (precedence 2)
ipv4addr="$(ipv6_get_ipv4addr_of_device $DEVICE)"
if [ -z "$ipv4addr" ]; then
# Take configured IPv4 address of interface from config file (precedence 3)
ipv4addr="$IPADDR"
fi
fi
if [ -n "$ipv4addr" ]; then
# Test for non-global IPv4 address
if ! ipv6_test_ipv4_addr_global_usable $ipv4addr; then
net_log $"Given IPv4 address '$ipv4addr' is not globally usable" info
valid6to4config="no"
fi
else
net_log $"IPv6to4 configuration needs an IPv4 address on related interface or otherwise specified" info
valid6to4config="no"
fi
if [ -z "$IPV6TO4_RELAY" ]; then
IPV6TO4_RELAY="192.88.99.1"
fi
# Check/generate relay address
ipv6to4_relay="$(ipv6_create_6to4_relay_address $IPV6TO4_RELAY)"
if [ $? -ne 0 ]; then
valid6to4config="no"
fi
if [ "$valid6to4config" = "yes" ]; then
# Delete routes to local networks
for devsuf in $IPV6TO4_ROUTING; do
dev="${devsuf%%-*}"
ipv6_cleanup_6to4_device $dev
done
# Cleanup all old data (needed, if "ip-down.ipv6to4" wasn't executed), delete all configured 6to4 address
ipv6_cleanup_6to4_tunnels tun6to4
# Get MTU of master device
ipv4mtu="$(/sbin/ip link show dev $DEVICE | awk '/\<mtu\>/ { print $5 }')"
if [ -n "$ipv4mtu" ]; then
# IPv6 tunnel MTU is IPv4 MTU minus 20 for IPv4 header
tunnelmtu=$[ $ipv4mtu - 20 ]
fi
if [ -n "$IPV6TO4_MTU" ]; then
if [ $IPV6TO4_MTU -gt $tunnelmtu ]; then
net_log $"Warning: configured MTU '$IPV6TO4_MTU' for 6to4 exceeds maximum limit of '$tunnelmtu', ignored" warning
else
tunnelmtu=$IPV6TO4_MTU
fi
fi
# Setup new data
ipv6_add_6to4_tunnel tun6to4 $ipv4addr "" $tunnelmtu || exit 1
# Add route to for compatible addresses (removed later again)
ipv6_add_route "::/96" "::" tun6to4
# Add default route, if device matches
if [ "$IPV6_DEFAULTDEV" = "tun6to4" ]; then
if [ -n "$IPV6_DEFAULTGW" ]; then
net_log $"Warning: interface 'tun6to4' does not support 'IPV6_DEFAULTGW', ignored" warning
fi
ipv6_set_default_route $ipv6to4_relay tun6to4
fi
# Add static routes
if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
LC_ALL=C grep -w "^tun6to4" /etc/sysconfig/static-routes-ipv6 | while read device network gateway; do
if [ -z "$network" ]; then
continue
fi
if [ -z "$gateway" ]; then
gateway="$ipv6to4_relay"
fi
ipv6_add_route $network $gateway tun6to4
done
fi
# Setup additional static IPv6 routes (newer config style)
if [ -f "/etc/sysconfig/network-scripts/route6-tun6to4" ]; then
sed -ne 's/#.*//' -e '/[^[:space:]]/p' /etc/sysconfig/network-scripts/route6-tun6to4 | while read line; do
if echo "$line" | grep -vq 'via'; then
# Add gateway if missing
line="$line via $ipv6to4_relay"
fi
/sbin/ip -6 route add $line
done
fi
# Cleanup autmatically generated autotunnel (not needed for 6to4)
/sbin/ip -6 route del ::/96 dev tun6to4
/sbin/ip -6 addr del tun6to4 "::$ipv4addr/128" dev tun6to4
if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
# Control running radvd
ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
if [ -n "$IPV6TO4_ROUTING" ]; then
# Generate 6to4 address
ipv6to4prefix="$(ipv6_create_6to4_prefix $ipv4addr)"
if [ -n "$ipv6to4prefix" ]; then
# Add IPv6 address to interface (required interface route will be set automatically)
for devsuf in $IPV6TO4_ROUTING; do
dev="${devsuf%%-*}"
suf="$(echo $devsuf | awk -F- '{ print $2 }')"
ipv6_add_addr_on_device ${dev} ${ipv6to4prefix}${suf}
done
else
net_log $"Error occurred while calculating the IPv6to4 prefix"
fi
else
net_log $"radvd control enabled, but config is not complete"
fi
fi
fi
fi

@ -0,0 +1,70 @@
#!/bin/sh
#
# ipv6-down
#
# Called by pppd after IPV6CP/down was finished
#
# This file should not be modified -- make local changes to
# /etc/ppp/ipv6-down.local instead
#
#
# Taken from:
# (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
#
# You will find more information on the initscripts-ipv6 homepage at
# http://www.deepspace6.net/projects/initscripts-ipv6.html
#
# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
#
# Calling parameters:
# $1: interface name
# $6: logical interface name (set by pppd option ipparam)
#
# Version 2006-08-02
#
# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
# IPV6INIT=yes|no: controls IPv6 configuration for this interface
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
LOGDEVICE=$6
REALDEVICE=$1
[ -f /etc/sysconfig/network ] || exit 0
. /etc/sysconfig/network
cd /etc/sysconfig/network-scripts
. ./network-functions
CONFIG=$LOGDEVICE
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
. /etc/sysconfig/network-scripts/network-functions-ipv6
[ -x /etc/ppp/ipv6-down.local ] && /etc/ppp/ipv6-down.local "$@"
if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
# Control running radvd
ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
fi
# IPv6 test, no module loaded, exit if system is not IPv6-ready
ipv6_test testonly || exit 0
# Test device status
ipv6_test_device_status $REALDEVICE
if [ $? != 0 -a $? != 11 ]; then
# device doesn't exist or other problem occurs
exit 1
fi
# Delete all current configured IPv6 addresses on this interface
ipv6_cleanup_device $REALDEVICE
exit 0

@ -0,0 +1,112 @@
#!/bin/bash
#
# ipv6-up
#
# Called by pppd after IPV6CP/up was finished
#
# This file should not be modified -- make local changes to
# /etc/ppp/ipv6-up.local instead
#
# Taken from:
# (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
#
# You will find more information on the initscripts-ipv6 homepage at
# http://www.deepspace6.net/projects/initscripts-ipv6.html
#
# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
#
# Calling parameters:
# $1: interface name
# $6: logical interface name (set by pppd option ipparam)
#
#
# Version: 2006-08-02
#
# Uses following information from "/etc/sysconfig/network":
# IPV6_DEFAULTDEV=<device>: controls default route (optional)
#
# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
# IPV6INIT=yes|no: controls IPv6 configuration for this interface
# IPV6ADDR=<IPv6 address>[/<prefix length>]: specify primary static IPv6 address
# IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional)
# IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link (optional)
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
LOGDEVICE=$6
REALDEVICE=$1
[ -f /etc/sysconfig/network ] || exit 0
. /etc/sysconfig/network
cd /etc/sysconfig/network-scripts
. ./network-functions
. ./network-functions-ipv6
CONFIG=$LOGDEVICE
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
# Test whether IPv6 configuration is disabled for this interface
[[ "$IPV6INIT" = [nN0]* ]] && exit 0
[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
. /etc/sysconfig/network-scripts/network-functions-ipv6
# IPv6 test, module loaded, exit if system is not IPv6-ready
ipv6_test || exit 1
# Test device status
ipv6_test_device_status $REALDEVICE
if [ $? != 0 -a $? != 11 ]; then
# device doesn't exist or other problem occurs
exit 1
fi
# Setup IPv6 address on specified interface
if [ -n "$IPV6ADDR" ]; then
ipv6_add_addr_on_device $REALDEVICE $IPV6ADDR || exit 1
fi
# Set IPv6 MTU, if given
if [ -n "$IPV6_MTU" ]; then
ipv6_set_mtu $REALDEVICE $IPV6_MTU
fi
# Setup additional IPv6 addresses from list, if given
if [ -n "$IPV6ADDR_SECONDARIES" ]; then
for ipv6addr in $IPV6ADDR_SECONDARIES; do
ipv6_add_addr_on_device $REALDEVICE $ipv6addr
done
fi
# Setup default IPv6 route through device
if [ "$IPV6_DEFAULTDEV" = "$LOGDEVICE" ]; then
ipv6_set_default_route "" "$REALDEVICE" "$REALDEVICE"
fi
# Setup additional static IPv6 routes on specified interface, if given
if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
ipv6_add_route $args $REALDEVICE
done
fi
# Setup additional static IPv6 routes (newer config style)
if [ -f "/etc/sysconfig/network-scripts/route6-$DEVICE" ]; then
sed -ne 's/#.*//' -e '/[^[:space:]]/p' "/etc/sysconfig/network-scripts/route6-$DEVICE" | while read line; do
/sbin/ip -6 route add $line
done
fi
if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
# Control running radvd
ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
fi
[ -x /etc/ppp/ipv6-up.local ] && /etc/ppp/ipv6-up.local "$@"
exit 0

@ -0,0 +1,29 @@
From ab8b06cdc1075abc67f77e7c3bb684e20071d614 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 10 Apr 2014 10:09:41 +0200
Subject: [PATCH 25/27] pppd: install pppd binary using standard perms (755)
---
pppd/Makefile.linux | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 0e8107f..534ccc2 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -223,10 +223,10 @@ all: $(TARGETS)
install: pppd
mkdir -p $(BINDIR) $(MANDIR)
$(EXTRAINSTALL)
- $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
+ $(INSTALL) -c -m 755 pppd $(BINDIR)/pppd
if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
chmod o-rx,u+s $(BINDIR)/pppd; fi
- $(INSTALL) -c -m 444 pppd.8 $(MANDIR)
+ $(INSTALL) -c -m 644 pppd.8 $(MANDIR)
pppd: $(PPPDOBJS)
$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
--
1.8.3.1

@ -0,0 +1,143 @@
From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 12:23:36 +0200
Subject: [PATCH 12/27] pppd: we don't want to accidentally leak fds
---
pppd/auth.c | 20 ++++++++++----------
pppd/options.c | 2 +-
pppd/sys-linux.c | 4 ++--
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/pppd/auth.c b/pppd/auth.c
index 4271af6..9e957fa 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -428,7 +428,7 @@ setupapfile(argv)
free(fname);
return 0;
}
- ufile = fopen(fname, "r");
+ ufile = fopen(fname, "re");
if (seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
filename = _PATH_UPAPFILE;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL) {
error("Can't open PAP password file %s: %m", filename);
@@ -1512,7 +1512,7 @@ null_login(unit)
if (ret <= 0) {
filename = _PATH_UPAPFILE;
addrs = NULL;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
}
filename = _PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
}
filename = _PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
}
filename = _PATH_CHAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
struct wordlist *addrs;
filename = _PATH_SRPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
addrs = NULL;
secbuf[0] = 0;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL) {
error("Can't open chap secret file %s: %m", filename);
return 0;
@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
filename = _PATH_SRPFILE;
addrs = NULL;
- fp = fopen(filename, "r");
+ fp = fopen(filename, "re");
if (fp == NULL) {
error("Can't open srp secret file %s: %m", filename);
return 0;
@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
*/
if (word[0] == '@' && word[1] == '/') {
strlcpy(atfile, word+1, sizeof(atfile));
- if ((sf = fopen(atfile, "r")) == NULL) {
+ if ((sf = fopen(atfile, "re")) == NULL) {
warn("can't open indirect secret file %s", atfile);
continue;
}
diff --git a/pppd/options.c b/pppd/options.c
index 45fa742..1d754ae 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
option_error("unable to drop privileges to open %s: %m", filename);
return 0;
}
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
err = errno;
if (check_prot && seteuid(euid) == -1)
fatal("unable to regain privileges");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 72a7727..8a12fa0 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
/* Default the mount location of /proc */
strlcpy (proc_path, "/proc", sizeof(proc_path));
proc_path_len = 5;
- fp = fopen(MOUNTED, "r");
+ fp = fopen(MOUNTED, "re");
if (fp != NULL) {
while ((mntent = getmntent(fp)) != NULL) {
if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
@@ -1472,7 +1472,7 @@ static int open_route_table (void)
close_route_table();
path = path_to_procfs("/net/route");
- route_fd = fopen (path, "r");
+ route_fd = fopen (path, "re");
if (route_fd == NULL) {
error("can't open routing table %s: %m", path);
return 0;
--
1.8.3.1

@ -0,0 +1,99 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 6a4b897..8f29c1f 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -12,6 +12,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
INCDIR = $(DESTDIR)/include
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)
TARGETS = pppd
@@ -93,7 +94,7 @@ INCLUDE_DIRS= -I../include
COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
-CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
+CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -DLIBDIR=\""$(LIBDIR)"\"
ifdef CHAPMS
CFLAGS += -DCHAPMS=1
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
index 524d608..c7eadbb 100644
--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
@@ -62,7 +62,7 @@
#ifdef PLUGIN
#ifdef __STDC__
-#define _PATH_PLUGIN DESTDIR "/lib/pppd/" VERSION
+#define _PATH_PLUGIN LIBDIR "/pppd/" VERSION
#else /* __STDC__ */
#define _PATH_PLUGIN "/usr/lib/pppd"
#endif /* __STDC__ */
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 6403e3d..f42d18c 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -5,7 +5,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS_SHARED = -shared
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index d3a8086..c2aff0c 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index c415ce3..d3b7392 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -18,7 +18,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
-LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 1aa1c0b..e4442f9 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)/@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 489aef2..d2ef044 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -9,7 +9,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)

@ -0,0 +1,21 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index e77373e..07df6a7 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -68,14 +68,14 @@ USE_TDB=y
#SYSTEMD=y
HAS_SHADOW=y
-#USE_PAM=y
+USE_PAM=y
HAVE_INET6=y
# Enable plugins
PLUGIN=y
# Enable Microsoft proprietary Callback Control Protocol
-#CBCP=y
+CBCP=y
# Enable EAP SRP-SHA1 authentication (requires libsrp)
#USE_SRP=y

@ -0,0 +1,17 @@
diff --git a/configure b/configure
index f977663..c7031c2 100755
--- a/configure
+++ b/configure
@@ -121,9 +121,9 @@ mkmkf() {
rm -f $2
if [ -f $1 ]; then
echo " $2 <= $1"
- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
+ sed -e "s|@DESTDIR@|$DESTDIR|g" -e "s|@SYSCONF@|$SYSCONF|g" \
+ -e "s|@CROSS_COMPILE@|$CROSS_COMPILE|g" -e "s|@CC@|$CC|g" \
+ -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2
fi
}

@ -0,0 +1,241 @@
From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 13:56:34 +0200
Subject: [PATCH 13/27] everywhere: O_CLOEXEC harder
---
pppd/eap.c | 2 +-
pppd/main.c | 4 ++--
pppd/options.c | 4 ++--
pppd/sys-linux.c | 22 +++++++++++-----------
pppd/tdb.c | 4 ++--
pppd/tty.c | 4 ++--
pppd/utils.c | 6 +++---
7 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/pppd/eap.c b/pppd/eap.c
index 6ea6c1f..faced53 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -1226,7 +1226,7 @@ mode_t modebits;
if ((path = name_of_pn_file()) == NULL)
return (-1);
- fd = open(path, modebits, S_IRUSR | S_IWUSR);
+ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
err = errno;
free(path);
errno = err;
diff --git a/pppd/main.c b/pppd/main.c
index 6d50d1b..4880377 100644
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -420,7 +420,7 @@ main(argc, argv)
die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */
- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
+ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
if (fd_devnull < 0)
fatal("Couldn't open %s: %m", _PATH_DEVNULL);
while (fd_devnull <= 2) {
@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
if (log_to_fd >= 0)
errfd = log_to_fd;
else
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
++conn_running;
pid = safe_fork(in, out, errfd);
diff --git a/pppd/options.c b/pppd/options.c
index 1d754ae..8e62635 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -1544,9 +1544,9 @@ setlogfile(argv)
option_error("unable to drop permissions to open %s: %m", *argv);
return 0;
}
- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
+ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
if (fd < 0 && errno == EEXIST)
- fd = open(*argv, O_WRONLY | O_APPEND);
+ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
err = errno;
if (!privileged_option && seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 8a12fa0..00a2cf5 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
goto err;
}
dbglog("using channel %d", chindex);
- fd = open("/dev/ppp", O_RDWR);
+ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (fd < 0) {
error("Couldn't reopen /dev/ppp: %m");
goto err;
@@ -619,7 +619,7 @@ static int make_ppp_unit()
dbglog("in make_ppp_unit, already had /dev/ppp open?");
close(ppp_dev_fd);
}
- ppp_dev_fd = open("/dev/ppp", O_RDWR);
+ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (ppp_dev_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
flags = fcntl(ppp_dev_fd, F_GETFL);
@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
if (!new_style_driver)
return -1;
- master_fd = open("/dev/ppp", O_RDWR);
+ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (master_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
if (tune_kernel) {
forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
if (forw_path != 0) {
- int fd = open(forw_path, O_WRONLY);
+ int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
if (fd >= 0) {
if (write(fd, "1", 1) != 1)
error("Couldn't enable IP forwarding: %m");
@@ -2030,7 +2030,7 @@ int ppp_available(void)
sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
kernel_version = KVERSION(osmaj, osmin, ospatch);
- fd = open("/dev/ppp", O_RDWR);
+ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (fd >= 0) {
new_style_driver = 1;
@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
#if __GLIBC__ >= 2
updwtmp(_PATH_WTMP, &ut);
#else
- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
+ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
if (wtmp >= 0) {
flock(wtmp, LOCK_EX);
@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
int fd;
path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
+ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
if (write(fd, "1", 1) != 1)
error("Couldn't enable dynamic IP addressing: %m");
close(fd);
@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
/*
* Try the unix98 way first.
*/
- mfd = open("/dev/ptmx", O_RDWR);
+ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
if (mfd >= 0) {
int ptn;
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
warn("Couldn't unlock pty slave %s: %m", pty_name);
#endif
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
{
warn("Couldn't open pty slave %s: %m", pty_name);
close(mfd);
@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
for (i = 0; i < 64; ++i) {
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
'p' + i / 16, i % 16);
- mfd = open(pty_name, O_RDWR, 0);
+ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
if (mfd >= 0) {
pty_name[5] = 't';
- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
+ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
if (sfd >= 0) {
fchown(sfd, uid, -1);
fchmod(sfd, S_IRUSR | S_IWUSR);
diff --git a/pppd/tdb.c b/pppd/tdb.c
index bdc5828..c7ab71c 100644
--- a/pppd/tdb.c
+++ b/pppd/tdb.c
@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
goto internal;
}
- if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
name, strerror(errno)));
goto fail; /* errno set by open(2) */
@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
}
if (close(tdb->fd) != 0)
TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
+ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
if (tdb->fd == -1) {
TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
goto fail;
diff --git a/pppd/tty.c b/pppd/tty.c
index d571b11..bc96695 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -569,7 +569,7 @@ int connect_tty()
status = EXIT_OPEN_FAILED;
goto errret;
}
- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
+ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
err = errno;
if (prio < OPRIO_ROOT && seteuid(0) == -1)
fatal("Unable to regain privileges");
@@ -723,7 +723,7 @@ int connect_tty()
if (connector == NULL && modem && devnam[0] != 0) {
int i;
for (;;) {
- if ((i = open(devnam, O_RDWR)) >= 0)
+ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
break;
if (errno != EINTR) {
error("Failed to reopen %s: %m", devnam);
diff --git a/pppd/utils.c b/pppd/utils.c
index 29bf970..6051b9a 100644
--- a/pppd/utils.c
+++ b/pppd/utils.c
@@ -918,14 +918,14 @@ lock(dev)
slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
#endif
- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
+ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
if (errno != EEXIST) {
error("Can't create lock file %s: %m", lock_file);
break;
}
/* Read the lock file to find out who has the device locked. */
- fd = open(lock_file, O_RDONLY, 0);
+ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) {
if (errno == ENOENT) /* This is just a timing problem. */
continue;
@@ -1004,7 +1004,7 @@ relock(pid)
if (lock_file[0] == 0)
return -1;
- fd = open(lock_file, O_WRONLY, 0);
+ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
if (fd < 0) {
error("Couldn't reopen lock file %s: %m", lock_file);
lock_file[0] = 0;
--
1.8.3.1

@ -0,0 +1,10 @@
# Logrotate file for ppp RPM
/var/log/ppp/connect-errors {
missingok
compress
notifempty
daily
rotate 5
create 0600 root root
}

@ -0,0 +1,5 @@
#%PAM-1.0
auth include password-auth
account required pam_nologin.so
account include password-auth
session include password-auth

@ -0,0 +1,2 @@
d /run/ppp 0755 root root
d /run/lock/ppp 0755 root root

@ -0,0 +1,760 @@
%global _hardened_build 1
Name: ppp
Version: 2.4.9
Release: 5%{?dist}
Summary: The Point-to-Point Protocol daemon
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
URL: http://www.samba.org/ppp
Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz
Source1: ppp-pam.conf
Source2: ppp-logrotate.conf
Source3: ppp-tmpfiles.conf
Source4: ip-down
Source5: ip-down.ipv6to4
Source6: ip-up
Source7: ip-up.ipv6to4
Source8: ipv6-down
Source9: ipv6-up
Source10: ifup-ppp
Source11: ifdown-ppp
Source12: ppp-watch.tar.xz
# Fedora-specific
Patch0002: ppp-2.4.9-config.patch
Patch0004: 0004-doc-add-configuration-samples.patch
Patch0005: ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
Patch0006: 0006-scritps-use-change_resolv_conf-function.patch
Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
Patch0013: ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
Patch0026: ppp-2.4.9-configure-cflags-allow-commas.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
BuildRequires: openssl-devel
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
Requires(pre): /usr/bin/getent
Requires(pre): /usr/sbin/groupadd
%description
The ppp package contains the PPP (Point-to-Point Protocol) daemon and
documentation for PPP support. The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is
usually used to dial in to an ISP (Internet Service Provider) or other
organization over a modem and phone line.
%package -n network-scripts-%{name}
Summary: PPP legacy network service support
Requires: network-scripts
Supplements: (%{name} and network-scripts)
%description -n network-scripts-%{name}
This provides the ifup and ifdown scripts for use with the legacy network
service.
%package devel
Summary: Headers for ppp plugin development
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
This package contains the header files for building plugins for ppp.
%prep
%setup -qn %{name}-%{name}-%{version}
%autopatch -p1
tar -xJf %{SOURCE12}
%build
%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
%{make_build} LDFLAGS="%{?build_ldflags} -pie"
%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"
%install
make INSTROOT=%{buildroot} install install-etcppp
find scripts -type f | xargs chmod a-x
make ROOT=%{buildroot} -C ppp-watch install
# create log files dir
install -d %{buildroot}%{_localstatedir}/log/ppp
# install pam config
install -d %{buildroot}%{_sysconfdir}/pam.d
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ppp
# install logrotate script
install -d %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 -p %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/ppp
# install tmpfiles drop-in
install -d %{buildroot}%{_tmpfilesdir}
install -m 644 -p %{SOURCE3} %{buildroot}%{_tmpfilesdir}/ppp.conf
# install scripts (previously owned by initscripts package)
install -d %{buildroot}%{_sysconfdir}/ppp
install -p %{SOURCE4} %{buildroot}%{_sysconfdir}/ppp/ip-down
install -p %{SOURCE5} %{buildroot}%{_sysconfdir}/ppp/ip-down.ipv6to4
install -p %{SOURCE6} %{buildroot}%{_sysconfdir}/ppp/ip-up
install -p %{SOURCE7} %{buildroot}%{_sysconfdir}/ppp/ip-up.ipv6to4
install -p %{SOURCE8} %{buildroot}%{_sysconfdir}/ppp/ipv6-down
install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/ppp/ipv6-up
install -d %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/
install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
# ghosts
mkdir -p %{buildroot}%{_rundir}/ppp
mkdir -p %{buildroot}%{_rundir}/lock/ppp
%pre
/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
%post
%tmpfiles_create ppp.conf
%files
%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
%{_sbindir}/chat
%{_sbindir}/pppd
%{_sbindir}/pppdump
%{_sbindir}/pppoe-discovery
%{_sbindir}/pppstats
%{_sbindir}/ppp-watch
%dir %{_sysconfdir}/ppp
%{_sysconfdir}/ppp/ip-up
%{_sysconfdir}/ppp/ip-down
%{_sysconfdir}/ppp/ip-up.ipv6to4
%{_sysconfdir}/ppp/ip-down.ipv6to4
%{_sysconfdir}/ppp/ipv6-up
%{_sysconfdir}/ppp/ipv6-down
%{_mandir}/man8/chat.8*
%{_mandir}/man8/pppd.8*
%{_mandir}/man8/pppdump.8*
%{_mandir}/man8/pppd-radattr.8*
%{_mandir}/man8/pppd-radius.8*
%{_mandir}/man8/pppstats.8*
%{_mandir}/man8/pppoe-discovery.8*
%{_mandir}/man8/ppp-watch.8*
%{_libdir}/pppd
%ghost %dir %{_rundir}/ppp
%ghost %dir %{_rundir}/lock/ppp
%dir %{_sysconfdir}/logrotate.d
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
%config(noreplace) %{_sysconfdir}/ppp/eaptls-server
%config(noreplace) %{_sysconfdir}/ppp/chap-secrets
%config(noreplace) %{_sysconfdir}/ppp/options
%config(noreplace) %{_sysconfdir}/ppp/pap-secrets
%config(noreplace) %{_sysconfdir}/pam.d/ppp
%config(noreplace) %{_sysconfdir}/logrotate.d/ppp
%{_tmpfilesdir}/ppp.conf
%files -n network-scripts-%{name}
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
%files devel
%{_includedir}/pppd
%doc PLUGINS
%changelog
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-1
- New version
Resolves: rhbz#1912617
* Mon Aug 10 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-8
- Added workaround for Windows Server 2019
Resolves: rhbz#1867047
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.8-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu May 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-6
- Added missing options to man pages
* Tue Apr 7 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-5
- Updated EAP-TLS patch to v1.300
* Mon Apr 6 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-4
- Updated EAP-TLS patch to v1.201
* Fri Feb 28 2020 Tom Stellard <tstellar@redhat.com> - 2.4.8-3
- Use make_build macro
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
* Wed Feb 26 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-2
- Fixed ghost directories verification
* Fri Feb 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-1
- New version
- Changed sources to github
- Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h,
ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags,
ppp-2.4.7-coverity-scan-fixes patches (all upstreamed)
- Fixed buffer overflow in the eap_request and eap_response functions
Resolves: CVE-2020-8597
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-33
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-31
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.4.7-30
- Rebuilt for libcrypt.so.2 (#1666033)
* Mon Dec 3 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-29
- Fixed some issues found by coverity scan
* Tue Nov 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-28
- Fixed network scripts related regression caused by release 26
* Mon Nov 5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-27
- Updated EAP-TLS patch to v1.102
* Tue Jul 24 2018 Lubomir Rintel <lkundrak@v3.sk> - 2.4.7-26
- Split out the network-scripts
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat Jun 30 2018 Peter Robinson <pbrobinson@fedoraproject.org> 2.4.7-24
- Remove group/defattr, minor spec cleanups
* Wed Jun 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-23
- Replaced initscripts requirement by the network-scripts
Resolves: rhbz#1592384
* Tue Jun 5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-22
- Updated EAP-TLS patch to v1.101
Resolves: CVE-2018-11574
* Mon Apr 9 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-21
- Link with -E not to break plugins
Resolves: rhbz#1564459
* Fri Apr 6 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-20
- Also build all DSOs with distro's LDFLAGS
Related: rhbz#1563157
* Wed Apr 4 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-19
- Build with distro's LDFLAGS
Resolves: rhbz#1563157
* Tue Mar 27 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-18
- Used openssl for the DES instead of the libcrypt / glibc
Resolves: rhbz#1556132
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.4.7-17
- Escape macros in %%changelog
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2.4.7-15
- Rebuilt for switch to libxcrypt
* Mon Aug 21 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-14
- EAP-TLS patch updated to version 0.999
- Switched to openssl-1.1
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sat Dec 10 2016 Lubomir Rintel <lkundrak@v3.sk> - 2.4.7-10
- Fix FTBFS
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.7-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Feb 09 2015 Michal Sekletar <msekleta@redhat.com> - 2.4.7-7
- prevent running into issues caused by undefined behavior (pointers of incompatible types aliasing the same object)
* Wed Dec 10 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.7-6
- fix logical expression in eap_client_active macro (#1023620)
* Wed Nov 19 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.7-5
- don't mark logrotate config as executable (#1164435)
* Tue Sep 2 2014 Peter Robinson <pbrobinson@fedoraproject.org> 2.4.7-4
- devel package should depend on base package as per guidelines
* Tue Aug 19 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.7-3
- don't mark tmpfiles dropin as executable (#1131293)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Aug 11 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.7-1
- rebase to 2.4.7. Includes fix for CVE-2014-3158 (#1128716)
* Fri Jun 20 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.6-6
- version 0.997 of EAP-TLS patch
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 16 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.6-4
- move ppp initscripts to ppp package (#1088220)
* Mon Apr 14 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.6-3
- don't require perl and expect (#1086846)
* Thu Apr 10 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.6-2
- rebase to 2.4.6
* Thu Aug 01 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-33
- fix post installation scriptlet
* Fri Jul 12 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-32
- don't ship /var/lock/ppp in rpm payload and create it in %%post instead
- fix installation of tmpfiles.d configuration
- enable hardened build
- fix bogus dates in changelog
- compile all binaries with hardening flags
* Thu Jul 04 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-31
- fix possible NULL pointer dereferencing
* Wed May 29 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-30
- make radius plugin config parser less strict
- resolves : #906913
* Wed Mar 20 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-29
- Add creation of dip system group
* Wed Mar 20 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-28
- Add /etc/logrotate.d to files section since we no longer hard depend on logrotate
* Wed Mar 20 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-27
- Don't hard depend on logrotate
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Nov 12 2012 Michal Sekletar <msekleta@redhat.com> - 2.4.5-25
- Resolves: #840190 - install configuration file in /usr/lib/tmpfiles.d
* Tue Sep 11 2012 Michal Sekletar <msekleta@redhat.com> - 2.4.5-24
- Removed unnecessary dependency on systemd-unit
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue May 29 2012 Michal Sekletar <msekleta@redhat.com>
- Resolves: #817011 - fixed ppp-2.4.5-eaptls-mppe-0.99 patch, added variable definition
* Mon May 21 2012 Michal Sekletar <msekleta@redhat.com>
- Resolves: #817013 - fixed support for multilink channels in pppol2tp plugin
* Thu May 17 2012 Michal Sekletar <msekleta@redhat.com>
- Resolves: #771340 - fixed compilation of pppd without USE_EAPTLS
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon May 30 2011 Jiri Skala <jskala@redhat.com> - 2.4.5-18
- fixes #682381 - hardcodes eth0
- fixes #708260 - SELinux is preventing access on the file LCK..ttyUSB3
* Mon Apr 04 2011 Jiri Skala <jskala@redhat.com> - 2.4.5-17
- fixes #664282 and #664868 - man page fixes
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Dec 02 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-15
- corrected tmpfiles.d conf
- replaced remaining /etc by macros
* Tue Nov 30 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-14
- fixes #656671 - /var/run and /var/lock on tmpfs
- replaced paths /var /etc by macros
* Tue Nov 16 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-13
- fixes #565294 - SELinux is preventing /sbin/consoletype access to a leaked packet_socket fd
* Wed Sep 29 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-12
- fixes #637513 - Missing: README.eap-tls
- updated to latest eaptls upstream
- fixes #637886 - EAP-TLS not working with enabled PPP Multilink Framing option
* Thu Aug 05 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-11
- fixes #617625 - FTBFS in ppp due to change in kernel-headers
- fixes pppol2tp Makefile
* Tue Jul 13 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-10
- fixes #613717 - Missing line in example script ip-up.local.add
- removed /usr/kerberos/include from eaptls patch
* Wed Jun 16 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-9
- included eap-tls patch
* Wed Apr 07 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-8
- added pppoe-discovery(8)
* Fri Mar 05 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-7
- removed duplicities from patches (ip-*.local.add)
* Fri Feb 12 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-6
- fixes #560014 - SELinux is preventing /usr/sbin/pppd "read write" access on pppd2.tdb
* Thu Feb 04 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-5
- one line correction in fd_leak patch
* Wed Feb 03 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-4
- applied patch fd_leak
* Fri Jan 22 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-3
- fixed some rpmlint complains
* Sun Nov 22 2009 Jiri Skala <jskala@redhat.com> - 2.4.5-2
- updated patches (make local succeeded, koji failed)
* Fri Nov 20 2009 Jiri Skala <jskala@redhat.com> - 2.4.5-1
- updated to latest upstream sources (#538058)
* Thu Oct 08 2009 Jiri Skala <jskala@redhat.com> - 2.4.4-14
- fixed #519042 - ppp package is missing URL in spec
- fixed #524575 - ppp: no_strip patch modifies backup files created by previous patches
* Wed Sep 16 2009 Tomas Mraz <tmraz@redhat.com> 2.4.4-13
- use password-auth common PAM configuration instead of system-auth
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.4-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Fri Mar 06 2009 - Jiri Skala <jskala@redhat.com> 2.4.4-11
- fixed #488764 - package upgrade should not replace configuration files
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Dec 11 2008 Jiri Skala <jskala@redhat.com> 2.4.4.-9
- fixed #467004 PPP sometimes gets incorrect DNS servers for mobile broadband connections
* Thu Aug 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.4.4-8
- fix license tag
* Tue May 13 2008 Martin Nagy <mnagy@redhat.com> 2.4.4-7
- add new speeds, patch by Jason Vas Dias (#446132)
* Thu Mar 06 2008 Martin Nagy <mnagy@redhat.com> 2.4.4-6
- call closelog earlier (#222295)
- fix ChapMS2 (#217076)
- moving header files to new -devel package (#203542)
* Mon Mar 03 2008 Martin Nagy <mnagy@redhat.com> 2.4.4-5
- put logs into /var/log/ppp (#118837)
* Mon Feb 11 2008 Martin Nagy <mnagy@redhat.com> 2.4.4-4
- rebuild for gcc-4.3
* Fri Nov 09 2007 Martin Nagy <mnagy@redhat.com> 2.4.4-3
- removed undesired files from the package (#241753)
* Fri Dec 1 2006 Thomas Woerner <twoerner@redhat.com> 2.4.4-2
- fixed build requirement for libpcap (#217661)
* Wed Jul 19 2006 Thomas Woerner <twoerner@redhat.com> 2.4.4-1
- new version 2.4.4 with lots of fixes
- fixed reesolv.conf docs (#165072)
Thanks to Matt Domsch for the initial patch
- enabled CBCP (#199278)
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.4.3-6.2.2
- rebuild
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.4.3-6.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.4.3-6.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Sat Nov 12 2005 Florian La Roche <laroche@redhat.com>
- rebuild
* Fri Nov 4 2005 David Woodhouse <dwmw2@redhat.com> 2.4.3-5
- Implement ipv6cp-accept-remote option
* Fri Oct 7 2005 Tomas Mraz <tmraz@redhat.com> 2.4.3-4
- use include instead of pam_stack in pam config
* Sun Jul 31 2005 Florian La Roche <laroche@redhat.com>
- rebuild for libpcap of the day
* Tue Jul 19 2005 Thomas Woerner <twoerner@redhat.com> 2.4.3-2.1
- additional patch for the scripts, thanks to Sammy (#163621)
* Tue Jul 19 2005 Thomas Woerner <twoerner@redhat.com> 2.4.3-2
- dropped all executable bits in scripts directory to prevent rpm requiring
programs used in there
* Mon Jul 18 2005 Thomas Woerner <twoerner@redhat.com> 2.4.3-1
- new version 2.4.3
- updated patches: make, lib64, dontwriteetc, fix, fix64, no_strip,
radiusplugin
- dropped patches: bpf, signal, pcap, pppoatm, pkgcheck
* Tue Nov 2 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-7
- fixed out of bounds memory access, possible DOS
* Thu Oct 7 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-6.3
- Fix use of 'demand' without explicit MTU/MRU with pppoatm
* Tue Oct 5 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-6.2
- Link pppoatm plugin against libresolv.
- Revert to linux-atm headers without the workaround for #127098
* Mon Oct 4 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-6.1
- Include atmsap.h for pppoatm plugin.
* Mon Oct 4 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-6
- Add pppoatm plugin (#131555)
* Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-5.1
- fixed subscript out of range (#132677)
* Wed Sep 15 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-5
- example scripts are using change_resolv_conf to modify /etc/resolv.conf
(#132482)
- require new libpcap library (>= 0.8.3-6) with a fix for inbound/outbound
filter processing
- not using internal libpcap structures anymore, fixes inbound/outbound
filter processing (#128053)
* Fri Aug 6 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-4
- fixed signal handling (#29171)
* Mon Jun 21 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-3.1
- fixed compiler warnings
- fixed 64bit problem with ms-chap (#125501)
- enabled pie again
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Mon May 24 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-2.3
- Enable IPv6 support. Disable PIE to avoid bogus Provides:
* Fri May 14 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-2.2
- compiled pppd and chat PIE
* Thu May 13 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-2.1
- added 'missingok' to ppp.logrotate (#122911)
* Fri May 07 2004 Nils Philippsen <nphilipp@redhat.com> 2.4.2-2
- don't write to /etc (#118837)
* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 2.4.2-1
- update to 2.4.2
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Sep 5 2003 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-15
- rebuild
* Fri Sep 5 2003 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-14
- apply the patch from -11
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Tue Jun 3 2003 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-12
- rebuild
* Tue Jun 3 2003 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-11
- check for libcrypt in the right directory at compile-time
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt
* Thu Dec 12 2002 Elliot Lee <sopwith@redhat.com> 2.4.1-9
- Fix build failure by rebuilding
* Tue Nov 19 2002 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-8
- rebuild
- set x86_64 to use varargs the way s390 does
* Mon Jul 22 2002 Florian La Roche <Florian.LaRoche@redhat.de>
- add patch:
* Thu Jun 06 2002 Phil Knirsch <pknirsch@redhat.com>
- Fixed varargs problem for s390/s390x.
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Sun May 26 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-4
- rebuild in new environment
* Wed Feb 27 2002 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-3
- revert cbcp patch, it's wrong (#55367)
* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-2
- add buildprereq on pam-devel (#49559)
- add patch to respond to CBCP LCP requests (#15738)
- enable cbcp support at build-time
- change the Copyright: tag to a License: tag
* Wed May 23 2001 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-1
- update to 2.4.1
* Fri Dec 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
* Thu Nov 9 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.4.0
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
* Mon Jun 5 2000 Nalin Dahyabhai <nalin@redhat.com>
- move man pages to %%{_mandir}
* Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- change perms using defattr
- modify PAM setup to use system-auth
* Sun Mar 26 2000 Florian La Roche <Florian.La Roche@redhat.com>
- change to root:root perms
* Mon Mar 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- reaper bugs verified as fixed
- check pam_open_session result code (bug #9966)
* Mon Feb 07 2000 Nalin Dahyabhai <nalin@redhat.com>
- take a shot at the wrong reaper bugs (#8153, #5290)
* Thu Feb 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- free ride through the build system (release 2)
* Tue Jan 18 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to 2.3.11
* Sat Nov 06 1999 Michael K. Johnson <johnsonm@redhat.com>
- Better fix for both problems
* Fri Nov 05 1999 Michael K. Johnson <johnsonm@redhat.com>
- fix for double-dial problem
- fix for requiring a controlling terminal problem
* Sun Sep 19 1999 Preston Brown <pbrown@redhat.com>
- 2.3.10 bugfix release
* Fri Aug 13 1999 Michael K. Johnson <johnsonm@redhat.com>
- New version 2.3.9 required for kernel 2.3.13 and will be required
for new initscripts. auth patch removed; 2.3.9 does the same thing
more readably than the previous patch.
* Thu Jun 24 1999 Cristian Gafton <gafton@redhat.com>
- add pppdump
* Fri Apr 09 1999 Cristian Gafton <gafton@redhat.com>
- force pppd use the glibc's logwtmp instead of implementing its own
* Thu Apr 01 1999 Preston Brown <pbrown@redhat.com>
- version 2.3.7 bugfix release
* Tue Mar 23 1999 Cristian Gafton <gafton@redhat.com>
- version 2.3.6
* Mon Mar 22 1999 Michael Johnson <johnsonm@redhat.com>
- auth patch
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 3)
* Thu Jan 07 1999 Cristian Gafton <gafton@redhat.com>
- build for glibc 2.1
* Fri Jun 5 1998 Jeff Johnson <jbj@redhat.com>
- updated to 2.3.5.
* Tue May 19 1998 Prospector System <bugs@redhat.com>
- translations modified for de
* Fri May 8 1998 Jakub Jelinek <jj@ultra.linux.cz>
- make it run with kernels 2.1.100 and above.
* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr
* Wed Mar 18 1998 Cristian Gafton <gafton@redhat.com>
- requires glibc 2.0.6 or later
* Wed Mar 18 1998 Michael K. Johnson <johnsonm@redhat.com>
- updated PAM patch to not turn off wtmp/utmp/syslog logging.
* Wed Jan 7 1998 Cristian Gafton <gafton@redhat.com>
- added the /etc/pam.d config file
- updated PAM patch to include session support
* Tue Jan 6 1998 Cristian Gafton <gafton@redhat.com>
- updated to ppp-2.3.3, build against glibc-2.0.6 - previous patches not
required any more.
- added buildroot
- fixed the PAM support, which was really, completely broken and against any
standards (session support is still not here... :-( )
- we build against running kernel and pray that it will work
- added a samples patch; updated glibc patch
* Thu Dec 18 1997 Erik Troan <ewt@redhat.com>
- added a patch to use our own route.h, rather then glibc's (which has
alignment problems on Alpha's) -- I only applied this patch on the Alpha,
though it should be safe everywhere
* Fri Oct 10 1997 Erik Troan <ewt@redhat.com>
- turned off the execute bit for scripts in /usr/doc
* Fri Jul 18 1997 Erik Troan <ewt@redhat.com>
- built against glibc
* Tue Mar 25 1997 Erik Troan <ewt@redhat.com>
- Integrated new patch from David Mosberger
- Improved description
Loading…
Cancel
Save