commit 6b52f9c18accbe9b416a3caab867c7e9af5ba83e Author: CentOS Sources Date: Tue May 17 06:40:51 2022 -0400 import ppp-2.4.9-5.el9 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..85a8753 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/ppp-2.4.9.tar.gz +SOURCES/ppp-watch.tar.xz diff --git a/.ppp.metadata b/.ppp.metadata new file mode 100644 index 0000000..7f3376b --- /dev/null +++ b/.ppp.metadata @@ -0,0 +1,2 @@ +f879143a310f208c27f5279df9ecf9887ad1864b SOURCES/ppp-2.4.9.tar.gz +74b6db205dc46fc179a2a3bc3d726ddfeb03c801 SOURCES/ppp-watch.tar.xz diff --git a/SOURCES/0004-doc-add-configuration-samples.patch b/SOURCES/0004-doc-add-configuration-samples.patch new file mode 100644 index 0000000..0cea037 --- /dev/null +++ b/SOURCES/0004-doc-add-configuration-samples.patch @@ -0,0 +1,341 @@ +From d7faeb88f684c8b2ae193b2c5b5b358ac757fcfa Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 4 Apr 2014 11:39:09 +0200 +Subject: [PATCH 04/27] doc: add configuration samples + +--- + sample/auth-down | 17 ++++++ + sample/auth-up | 17 ++++++ + sample/ip-down | 22 ++++++++ + sample/ip-up | 23 ++++++++ + sample/options | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++ + sample/options.ttyXX | 14 +++++ + sample/pap-secrets | 28 ++++++++++ + 7 files changed, 274 insertions(+) + create mode 100644 sample/auth-down + create mode 100644 sample/auth-up + create mode 100644 sample/ip-down + create mode 100644 sample/ip-up + create mode 100644 sample/options + create mode 100644 sample/options.ttyXX + create mode 100644 sample/pap-secrets + +diff --git a/sample/auth-down b/sample/auth-down +new file mode 100644 +index 0000000..edde65d +--- /dev/null ++++ b/sample/auth-down +@@ -0,0 +1,17 @@ ++#!/bin/sh ++# ++# A program or script which is executed after the remote system ++# successfully authenticates itself. It is executed with the parameters ++# ++# ++ ++# ++# The environment is cleared before executing this script ++# so the path must be reset ++# ++PATH=/usr/sbin:/sbin:/usr/bin:/bin ++export PATH ++ ++echo auth-down `date +'%y/%m/%d %T'` $* >> /var/log/pppstats ++ ++# last line +diff --git a/sample/auth-up b/sample/auth-up +new file mode 100644 +index 0000000..54722a3 +--- /dev/null ++++ b/sample/auth-up +@@ -0,0 +1,17 @@ ++#!/bin/sh ++# ++# A program or script which is executed after the remote system ++# successfully authenticates itself. It is executed with the parameters ++# ++# ++ ++# ++# The environment is cleared before executing this script ++# so the path must be reset ++# ++PATH=/usr/sbin:/sbin:/usr/bin:/bin ++export PATH ++ ++echo auth-up `date +'%y/%m/%d %T'` $* >> /var/log/pppstats ++ ++# last line +diff --git a/sample/ip-down b/sample/ip-down +new file mode 100644 +index 0000000..b771fb6 +--- /dev/null ++++ b/sample/ip-down +@@ -0,0 +1,22 @@ ++#!/bin/sh ++# ++# This script is run by the pppd _after_ the link is brought down. ++# It should be used to delete routes, unset IP addresses etc. ++# ++# This script is called with the following arguments: ++# Arg Name Example ++# $1 Interface name ppp0 ++# $2 The tty ttyS1 ++# $3 The link speed 38400 ++# $4 Local IP number 12.34.56.78 ++# $5 Peer IP number 12.34.56.99 ++# ++ ++# ++# The environment is cleared before executing this script ++# so the path must be reset ++# ++PATH=/usr/sbin:/sbin:/usr/bin:/bin ++export PATH ++ ++# last line +diff --git a/sample/ip-up b/sample/ip-up +new file mode 100644 +index 0000000..7ce7c8d +--- /dev/null ++++ b/sample/ip-up +@@ -0,0 +1,23 @@ ++#!/bin/sh ++# ++# This script is run by the pppd after the link is established. ++# It should be used to add routes, set IP address, run the mailq ++# etc. ++# ++# This script is called with the following arguments: ++# Arg Name Example ++# $1 Interface name ppp0 ++# $2 The tty ttyS1 ++# $3 The link speed 38400 ++# $4 Local IP number 12.34.56.78 ++# $5 Peer IP number 12.34.56.99 ++# ++ ++# ++# The environment is cleared before executing this script ++# so the path must be reset ++# ++PATH=/usr/sbin:/sbin:/usr/bin:/bin ++export PATH ++ ++# last line +diff --git a/sample/options b/sample/options +new file mode 100644 +index 0000000..8d0a3f9 +--- /dev/null ++++ b/sample/options +@@ -0,0 +1,153 @@ ++# /etc/ppp/options ++ ++# The name of this server. Often, the FQDN is used here. ++#name ++ ++# Enforce the use of the hostname as the name of the local system for ++# authentication purposes (overrides the name option). ++usehostname ++ ++# If no local IP address is given, pppd will use the first IP address ++# that belongs to the local hostname. If "noipdefault" is given, this ++# is disabled and the peer will have to supply an IP address. ++noipdefault ++ ++# With this option, pppd will accept the peer's idea of our local IP ++# address, even if the local IP address was specified in an option. ++#ipcp-accept-local ++ ++# With this option, pppd will accept the peer's idea of its (remote) IP ++# address, even if the remote IP address was specified in an option. ++#ipcp-accept-remote ++ ++# Specify which DNS Servers the incoming Win95 or WinNT Connection should use ++# Two Servers can be remotely configured ++#ms-dns 192.168.1.1 ++#ms-dns 192.168.1.2 ++ ++# Specify which WINS Servers the incoming connection Win95 or WinNT should use ++#wins-addr 192.168.1.50 ++#wins-addr 192.168.1.51 ++ ++# enable this on a server that already has a permanent default route ++#nodefaultroute ++ ++# Run the executable or shell command specified after pppd has terminated ++# the link. This script could, for example, issue commands to the modem ++# to cause it to hang up if hardware modem control signals were not ++# available. ++# If mgetty is running, it will reset the modem anyway. So there is no need ++# to do it here. ++#disconnect "chat -- \d+++\d\c OK ath0 OK" ++ ++# Increase debugging level (same as -d). The debug output is written ++# to syslog LOG_LOCAL2. ++debug ++ ++# Enable debugging code in the kernel-level PPP driver. The argument n ++# is a number which is the sum of the following values: 1 to enable ++# general debug messages, 2 to request that the contents of received ++# packets be printed, and 4 to request that the contents of transmitted ++# packets be printed. ++#kdebug n ++ ++# Require the peer to authenticate itself before allowing network ++# packets to be sent or received. ++# Please do not disable this setting. It is expected to be standard in ++# future releases of pppd. Use the call option (see manpage) to disable ++# authentication for specific peers. ++#auth ++ ++# authentication can either be pap or chap. As most people only want to ++# use pap, you can also disable chap: ++#require-pap ++#refuse-chap ++ ++# Use hardware flow control (i.e. RTS/CTS) to control the flow of data ++# on the serial port. ++crtscts ++ ++# Specifies that pppd should use a UUCP-style lock on the serial device ++# to ensure exclusive access to the device. ++lock ++ ++# Use the modem control lines. ++modem ++ ++# async character map -- 32-bit hex; each bit is a character ++# that needs to be escaped for pppd to receive it. 0x00000001 ++# represents '\x01', and 0x80000000 represents '\x1f'. ++# To allow pppd to work over a rlogin/telnet connection, ou should escape ++# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".) ++#asyncmap 200a0000 ++asyncmap 0 ++ ++# Specifies that certain characters should be escaped on transmission ++# (regardless of whether the peer requests them to be escaped with its ++# async control character map). The characters to be escaped are ++# specified as a list of hex numbers separated by commas. Note that ++# almost any character can be specified for the escape option, unlike ++# the asyncmap option which only allows control characters to be ++# specified. The characters which may not be escaped are those with hex ++# values 0x20 - 0x3f or 0x5e. ++#escape 11,13,ff ++ ++# Set the MRU [Maximum Receive Unit] value to for negotiation. pppd ++# will ask the peer to send packets of no more than bytes. The ++# minimum MRU value is 128. The default MRU value is 1500. A value of ++# 296 is recommended for slow links (40 bytes for TCP/IP header + 256 ++# bytes of data). ++#mru 542 ++ ++# Set the MTU [Maximum Transmit Unit] value to . Unless the peer ++# requests a smaller value via MRU negotiation, pppd will request that ++# the kernel networking code send data packets of no more than n bytes ++# through the PPP network interface. ++#mtu ++ ++# Set the interface netmask to , a 32 bit netmask in "decimal dot" ++# notation (e.g. 255.255.255.0). ++#netmask 255.255.255.0 ++ ++# Don't fork to become a background process (otherwise pppd will do so ++# if a serial device is specified). ++nodetach ++ ++# Set the assumed name of the remote system for authentication purposes ++# to . ++#remotename ++ ++# Add an entry to this system's ARP [Address Resolution Protocol] ++# table with the IP address of the peer and the Ethernet address of this ++# system. {proxyarp,noproxyarp} ++proxyarp ++ ++# Use the system password database for authenticating the peer using ++# PAP. Note: mgetty already provides this option. If this is specified ++# then dialin from users using a script under Linux to fire up ppp wont work. ++#login ++ ++# If this option is given, pppd will send an LCP echo-request frame to ++# the peer every n seconds. Under Linux, the echo-request is sent when ++# no packets have been received from the peer for n seconds. Normally ++# the peer should respond to the echo-request by sending an echo-reply. ++# This option can be used with the lcp-echo-failure option to detect ++# that the peer is no longer connected. ++lcp-echo-interval 30 ++ ++# If this option is given, pppd will presume the peer to be dead if n ++# LCP echo-requests are sent without receiving a valid LCP echo-reply. ++# If this happens, pppd will terminate the connection. Use of this ++# option requires a non-zero value for the lcp-echo-interval parameter. ++# This option can be used to enable pppd to terminate after the physical ++# connection has been broken (e.g., the modem has hung up) in ++# situations where no hardware modem control lines are available. ++lcp-echo-failure 4 ++ ++# Specifies that pppd should disconnect if the link is idle for n seconds. ++idle 600 ++ ++# Disable the IPXCP and IPX protocols. ++noipx ++ ++# ------ +diff --git a/sample/options.ttyXX b/sample/options.ttyXX +new file mode 100644 +index 0000000..d4202f5 +--- /dev/null ++++ b/sample/options.ttyXX +@@ -0,0 +1,14 @@ ++# If you need to set up multiple serial lines then copy this file to ++# options. for each tty with a modem on it. ++# ++# The options.tty file will assign an IP address to each PPP connection ++# as it comes up. They must all be distinct! ++# ++# Example: ++# options.ttyS1 for com2 under DOS. ++# ++# Edit the following line so that the first IP address ++# mentioned is the ip address of the serial port while the second ++# is the IP address of your host ++# ++hostname-s1:hostname +diff --git a/sample/pap-secrets b/sample/pap-secrets +new file mode 100644 +index 0000000..098971b +--- /dev/null ++++ b/sample/pap-secrets +@@ -0,0 +1,28 @@ ++# Secrets for authentication using PAP ++# client server secret IP addresses ++ ++# OUTBOUND CONNECTIONS ++# Here you should add your userid password to connect to your providers via ++# pap. The * means that the password is to be used for ANY host you connect ++# to. Thus you do not have to worry about the foreign machine name. Just ++# replace password with your password. ++# If you have different providers with different passwords then you better ++# remove the following line. ++#hostname * password ++ ++# INBOUND CONNECTIONS ++#client hostname 192.168.1.1 ++ ++# If you add "auth login -chap +pap" to /etc/mgetty+sendfax/login.config, ++# all users in /etc/passwd can use their password for pap-authentication. ++# ++# Every regular user can use PPP and has to use passwords from /etc/passwd ++#* hostname "" ++# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any ++# other accounts that should not be able to use pppd! Replace hostname ++# with your local hostname. ++#guest hostname "*" - ++#master hostname "*" - ++#root hostname "*" - ++#support hostname "*" - ++#stats hostname "*" - +-- +1.8.3.1 + diff --git a/SOURCES/0006-scritps-use-change_resolv_conf-function.patch b/SOURCES/0006-scritps-use-change_resolv_conf-function.patch new file mode 100644 index 0000000..cbf8713 --- /dev/null +++ b/SOURCES/0006-scritps-use-change_resolv_conf-function.patch @@ -0,0 +1,85 @@ +From 01419dfb684d501b57f1c24dcfdbcf9da93ccca2 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 4 Apr 2014 18:12:47 +0200 +Subject: [PATCH 06/27] scritps: use change_resolv_conf function + +Don't handle /etc/resolv.conf manually, but use a helper function from +initscripts. Also change path where we save DNS servers supplied by peer while +we are at it. + +Resolves: #132482 +--- + pppd/pppd.8 | 2 +- + scripts/ip-down.local.add | 9 +++++---- + scripts/ip-up.local.add | 17 ++++++++++------- + 3 files changed, 16 insertions(+), 12 deletions(-) + +diff --git a/pppd/pppd.8 b/pppd/pppd.8 +index e2768b1..2dd6e1a 100644 +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -1099,7 +1099,7 @@ Ask the peer for up to 2 DNS server addresses. The addresses supplied + by the peer (if any) are passed to the /etc/ppp/ip\-up script in the + environment variables DNS1 and DNS2, and the environment variable + USEPEERDNS will be set to 1. In addition, pppd will create an +-/etc/ppp/resolv.conf file containing one or two nameserver lines with ++/var/run/ppp/resolv.conf file containing one or two nameserver lines with + the address(es) supplied by the peer. + .TP + .B user \fIname +diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add +index b93590e..163f71e 100644 +--- a/scripts/ip-down.local.add ++++ b/scripts/ip-down.local.add +@@ -9,12 +9,13 @@ + # + # Nick Walker (nickwalker@email.com) + # ++. /etc/sysconfig/network-scripts/network-functions + +-if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then +- if [ -f /etc/ppp/resolv.prev ]; then +- cp -f /etc/ppp/resolv.prev /etc/resolv.conf ++if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then ++ if [ -f /var/run/ppp/resolv.prev ]; then ++ change_resolv_conf /var/run/ppp/resolv.prev + else +- rm -f /etc/resolv.conf ++ change_resolv_conf + fi + fi + +diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add +index 8017209..26cf5f8 100644 +--- a/scripts/ip-up.local.add ++++ b/scripts/ip-up.local.add +@@ -9,16 +9,19 @@ + # + # Nick Walker (nickwalker@email.com) + # ++. /etc/sysconfig/network-scripts/network-functions + +-if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then +- rm -f /etc/ppp/resolv.prev ++if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then ++ rm -f /var/run/ppp/resolv.prev + if [ -f /etc/resolv.conf ]; then +- cp /etc/resolv.conf /etc/ppp/resolv.prev +- grep domain /etc/ppp/resolv.prev > /etc/resolv.conf +- grep search /etc/ppp/resolv.prev >> /etc/resolv.conf +- cat /etc/ppp/resolv.conf >> /etc/resolv.conf ++ cp /etc/resolv.conf /var/run/ppp/resolv.prev ++ rscf=/var/run/ppp/resolv.new ++ grep domain /var/run/ppp/resolv.prev > $rscf ++ grep search /var/run/ppp/resolv.prev >> $rscf ++ change_resolv_conf $rscf ++ rm -f $rscf + else +- cp /etc/ppp/resolv.conf /etc ++ change_resolv_conf /var/run/ppp/resolv.conf + fi + fi + +-- +1.8.3.1 + diff --git a/SOURCES/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch b/SOURCES/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch new file mode 100644 index 0000000..56ac388 --- /dev/null +++ b/SOURCES/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch @@ -0,0 +1,77 @@ +From b4ef433be936c90e356da7a590b032cdee219a3f Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 4 Apr 2014 19:06:05 +0200 +Subject: [PATCH 11/27] build-sys: don't put connect-errors log to /etc/ppp/ + +Resolves: #118837 +--- + chat/chat.8 | 2 +- + linux/Makefile.top | 8 +++++++- + pppd/pathnames.h | 4 ++-- + 3 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/chat/chat.8 b/chat/chat.8 +index 6d10836..78d6939 100644 +--- a/chat/chat.8 ++++ b/chat/chat.8 +@@ -200,7 +200,7 @@ The \fBSAY\fR directive allows the script to send strings to the user + at the terminal via standard error. If \fBchat\fR is being run by + pppd, and pppd is running as a daemon (detached from its controlling + terminal), standard error will normally be redirected to the file +-/etc/ppp/connect\-errors. ++/var/log/ppp/connect\-errors. + .LP + \fBSAY\fR strings must be enclosed in single or double quotes. If + carriage return and line feed are needed in the string to be output, +diff --git a/linux/Makefile.top b/linux/Makefile.top +index f63d45e..f42efd5 100644 +--- a/linux/Makefile.top ++++ b/linux/Makefile.top +@@ -5,6 +5,8 @@ BINDIR = $(DESTDIR)/sbin + INCDIR = $(DESTDIR)/include + MANDIR = $(DESTDIR)/share/man + ETCDIR = $(INSTROOT)@SYSCONF@/ppp ++RUNDIR = $(DESTDIR)/var/run/ppp ++LOGDIR = $(DESTDIR)/var/log/ppp + + # uid 0 = root + INSTALL= install +@@ -16,7 +18,7 @@ all: + cd pppstats; $(MAKE) $(MFLAGS) all + cd pppdump; $(MAKE) $(MFLAGS) all + +-install: $(BINDIR) $(MANDIR)/man8 install-progs install-devel ++install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel + + install-progs: + cd chat; $(MAKE) $(MFLAGS) install +@@ -44,6 +46,10 @@ $(MANDIR)/man8: + $(INSTALL) -d -m 755 $@ + $(ETCDIR): + $(INSTALL) -d -m 755 $@ ++$(RUNDIR): ++ $(INSTALL) -d -m 755 $@ ++$(LOGDIR): ++ $(INSTALL) -d -m 755 $@ + + clean: + rm -f `find . -name '*.[oas]' -print` +diff --git a/pppd/pathnames.h b/pppd/pathnames.h +index a427cb8..bef3160 100644 +--- a/pppd/pathnames.h ++++ b/pppd/pathnames.h +@@ -28,9 +28,9 @@ + #define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up" + #define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down" + #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." +-#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" ++#define _PATH_CONNERRS _ROOT_PATH "/var/log/ppp/connect-errors" + #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" +-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" ++#define _PATH_RESOLV _ROOT_PATH "/var/run/ppp/resolv.conf" + + #define _PATH_USEROPT ".ppprc" + #define _PATH_PSEUDONYM ".ppp_pseudonym" +-- +1.8.3.1 + diff --git a/SOURCES/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/SOURCES/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch new file mode 100644 index 0000000..1352370 --- /dev/null +++ b/SOURCES/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch @@ -0,0 +1,149 @@ +diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c +index d693350..c31bb34 100644 +--- a/pppd/plugins/pppoatm/pppoatm.c ++++ b/pppd/plugins/pppoatm/pppoatm.c +@@ -135,7 +135,7 @@ static int connect_pppoatm(void) + + if (!device_got_set) + no_device_given_pppoatm(); +- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); ++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd < 0) + fatal("failed to create socket: %m"); + memset(&qos, 0, sizeof qos); +diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c +index 9643b96..1099575 100644 +--- a/pppd/plugins/pppol2tp/openl2tp.c ++++ b/pppd/plugins/pppol2tp/openl2tp.c +@@ -83,7 +83,7 @@ static int openl2tp_client_create(void) + int result; + + if (openl2tp_fd < 0) { +- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); ++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (openl2tp_fd < 0) { + error("openl2tp connection create: %m"); + return -ENOTCONN; +diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c +index a7e3400..e64a778 100644 +--- a/pppd/plugins/pppol2tp/pppol2tp.c ++++ b/pppd/plugins/pppol2tp/pppol2tp.c +@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu, + struct ifreq ifr; + int fd; + +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (fd >= 0) { + memset (&ifr, '\0', sizeof (ifr)); + strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); +diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c +index 91e9a57..72aba41 100644 +--- a/pppd/plugins/pppoe/if.c ++++ b/pppd/plugins/pppoe/if.c +@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) + stype = SOCK_PACKET; + #endif + +- if ((fd = socket(domain, stype, htons(type))) < 0) { ++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno == EPERM) { + fatal("Cannot create raw socket -- pppoe must be run as root."); +diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c +index a8c2bb4..24bdf8f 100644 +--- a/pppd/plugins/pppoe/plugin.c ++++ b/pppd/plugins/pppoe/plugin.c +@@ -137,7 +137,7 @@ PPPOEConnectDevice(void) + /* server equipment). */ + /* Opening this socket just before waitForPADS in the discovery() */ + /* function would be more appropriate, but it would mess-up the code */ +- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); ++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); + if (conn->sessionSocket < 0) { + error("Failed to create PPPoE socket: %m"); + return -1; +@@ -148,7 +148,7 @@ PPPOEConnectDevice(void) + lcp_wantoptions[0].mru = conn->mru; + + /* Update maximum MRU */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) { + error("Can't get MTU for %s: %m", conn->ifName); + goto errout; +@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) + } + + /* Open a socket */ +- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { ++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { + r = 0; + } + +diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c +index 3d3bf4e..c0d927d 100644 +--- a/pppd/plugins/pppoe/pppoe-discovery.c ++++ b/pppd/plugins/pppoe/pppoe-discovery.c +@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) + stype = SOCK_PACKET; + #endif + +- if ((fd = socket(domain, stype, htons(type))) < 0) { ++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { + /* Give a more helpful message for the common error case */ + if (errno == EPERM) { + fatal("Cannot create raw socket -- pppoe must be run as root."); +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index 00a2cf5..0690019 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits) + void sys_init(void) + { + /* Get an internet socket for doing socket ioctls. */ +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + fatal("Couldn't create IP socket: %m(%d)", errno); + + #ifdef INET6 +- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); ++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock6_fd < 0) + sock6_fd = -errno; /* save errno for later */ + #endif +@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name) + struct ifreq ifreq; + int ret, sock_fd; + +- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (sock_fd < 0) + return -1; + memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); +@@ -2067,7 +2067,7 @@ int ppp_available(void) + /* + * Open a socket for doing the ioctl operations. + */ +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + if (s < 0) + return 0; + +diff --git a/pppd/tty.c b/pppd/tty.c +index bc96695..8e76a5d 100644 +--- a/pppd/tty.c ++++ b/pppd/tty.c +@@ -896,7 +896,7 @@ open_socket(dest) + *sep = ':'; + + /* get a socket and connect it to the other end */ +- sock = socket(PF_INET, SOCK_STREAM, 0); ++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (sock < 0) { + error("Can't create socket: %m"); + return -1; +-- +1.8.3.1 + diff --git a/SOURCES/0015-pppd-move-pppd-database-to-var-run-ppp.patch b/SOURCES/0015-pppd-move-pppd-database-to-var-run-ppp.patch new file mode 100644 index 0000000..88b84d5 --- /dev/null +++ b/SOURCES/0015-pppd-move-pppd-database-to-var-run-ppp.patch @@ -0,0 +1,44 @@ +From f2c855462ff56be4121409c7e048cd2503fe0ccf Mon Sep 17 00:00:00 2001 +From: Jiri Skala +Date: Mon, 7 Apr 2014 14:26:20 +0200 +Subject: [PATCH 15/27] pppd: move pppd database to /var/run/ppp + +Resolves: #560014 +--- + pppd/pathnames.h | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +diff --git a/pppd/pathnames.h b/pppd/pathnames.h +index bef3160..24e010c 100644 +--- a/pppd/pathnames.h ++++ b/pppd/pathnames.h +@@ -6,8 +6,9 @@ + + #ifdef HAVE_PATHS_H + #include +- ++#define _PPP_SUBDIR "ppp/" + #else /* HAVE_PATHS_H */ ++#define _PPP_SUBDIR + #ifndef _PATH_VARRUN + #define _PATH_VARRUN "/etc/ppp/" + #endif +@@ -46,13 +47,9 @@ + #endif /* IPX_CHANGE */ + + #ifdef __STDC__ +-#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd2.tdb" ++#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb" + #else /* __STDC__ */ +-#ifdef HAVE_PATHS_H +-#define _PATH_PPPDB "/var/run/pppd2.tdb" +-#else +-#define _PATH_PPPDB "/etc/ppp/pppd2.tdb" +-#endif ++#define _PATH_PPPDB _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb" + #endif /* __STDC__ */ + + #ifdef PLUGIN +-- +1.8.3.1 + diff --git a/SOURCES/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch b/SOURCES/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch new file mode 100644 index 0000000..b7f7c91 --- /dev/null +++ b/SOURCES/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch @@ -0,0 +1,115 @@ +diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux +index 3cd9101..9918091 100644 +--- a/pppd/plugins/pppoe/Makefile.linux ++++ b/pppd/plugins/pppoe/Makefile.linux +@@ -16,6 +16,7 @@ + + DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin ++MANDIR = $(DESTDIR)/share/man/man8 + LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION) + + PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) +@@ -46,6 +47,7 @@ install: all + $(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so + $(INSTALL) -d -m 755 $(BINDIR) + $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) ++ $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR) + + clean: + rm -f *.o *.so pppoe-discovery +diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8 +new file mode 100644 +index 0000000..d0a93db +--- /dev/null ++++ b/pppd/plugins/pppoe/pppoe-discovery.8 +@@ -0,0 +1,86 @@ ++.\" pppoe-discovery.8 written by ++.\" Ben Hutchings , based on pppoe.8. ++.\" Licenced under the GPL version 2 or later. ++.TH PPPOE-DISCOVERY 8 ++.SH NAME ++pppoe\-discovery \- perform PPPoE discovery ++.SH SYNOPSIS ++.B pppoe\-discovery ++[ ++.I options ++] ++.br ++.BR pppoe\-discovery " { " \-V " | " \-h " }" ++.SH DESCRIPTION ++.LP ++\fBpppoe\-discovery\fR performs the same discovery process as ++\fBpppoe\fR, but does not initiate a session. ++It sends a PADI packet and then prints the names of access ++concentrators in each PADO packet it receives. ++.SH OPTIONS ++.TP ++.BI \-I " interface" ++.RS ++The \fB\-I\fR option specifies the Ethernet interface to use. ++Under Linux, it is typically eth0 or eth1. ++The interface should be \(lqup\(rq before you start ++\fBpppoe\-discovery\fR, but should \fInot\fR be configured to have an ++IP address. ++The default interface is eth0. ++.RE ++.TP ++.BI \-D " file_name" ++.RS ++The \fB\-D\fR option causes every packet to be dumped to the specified ++\fIfile_name\fR. ++This is intended for debugging only. ++.RE ++.TP ++.B \-U ++.RS ++Causes \fBpppoe\-discovery\fR to use the Host-Uniq tag in its discovery ++packets. ++This lets you run multiple instances of \fBpppoe\-discovery\fR and/or ++\fBpppoe\fR without having their discovery packets interfere with one ++another. ++You must supply this option to \fIall\fR instances that you intend to ++run simultaneously. ++.RE ++.TP ++.BI \-S " service_name" ++.RS ++Specifies the desired service name. ++\fBpppoe\-discovery\fR will only accept access concentrators which can ++provide the specified service. ++In most cases, you should \fInot\fR specify this option. ++Use it only if you know that there are multiple access concentrators ++or know that you need a specific service name. ++.RE ++.TP ++.BI \-C " ac_name" ++.RS ++Specifies the desired access concentrator name. ++\fBpppoe\-discovery\fR will only accept the specified access ++concentrator. ++In most cases, you should \fInot\fR specify this option. ++Use it only if you know that there are multiple access concentrators. ++If both the \fB\-S\fR and \fB\-C\fR options are specified, they must ++\fIboth\fR match. ++.RE ++.TP ++.B \-A ++.RS ++This option is accepted for compatibility with \fBpppoe\fR, but has no ++effect. ++.RE ++.TP ++.BR \-V " | " \-h ++.RS ++Either of these options causes \fBpppoe\-discovery\fR to print its ++version number and usage information, then exit. ++.RE ++.SH AUTHORS ++\fBpppoe\-discovery\fR was written by Marco d'Itri , ++based on \fBpppoe\fR by David F. Skoll . ++.SH SEE ALSO ++pppoe(8), pppoe-sniff(8) +-- +1.8.3.1 + diff --git a/SOURCES/0018-scritps-fix-ip-up.local-sample.patch b/SOURCES/0018-scritps-fix-ip-up.local-sample.patch new file mode 100644 index 0000000..c36e0b8 --- /dev/null +++ b/SOURCES/0018-scritps-fix-ip-up.local-sample.patch @@ -0,0 +1,27 @@ +From 40960f91cdd06da387616ec838ae2599e7f01cee Mon Sep 17 00:00:00 2001 +From: Jiri Skala +Date: Mon, 7 Apr 2014 15:24:01 +0200 +Subject: [PATCH 18/27] scritps: fix ip-up.local sample + +Resolves: #613717 +--- + scripts/ip-up.local.add | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add +index 26cf5f8..282337c 100644 +--- a/scripts/ip-up.local.add ++++ b/scripts/ip-up.local.add +@@ -18,6 +18,9 @@ if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then + rscf=/var/run/ppp/resolv.new + grep domain /var/run/ppp/resolv.prev > $rscf + grep search /var/run/ppp/resolv.prev >> $rscf ++ if [ -f /var/run/ppp/resolv.conf ]; then ++ cat /var/run/ppp/resolv.conf >> $rscf ++ fi + change_resolv_conf $rscf + rm -f $rscf + else +-- +1.8.3.1 + diff --git a/SOURCES/0020-pppd-put-lock-files-in-var-lock-ppp.patch b/SOURCES/0020-pppd-put-lock-files-in-var-lock-ppp.patch new file mode 100644 index 0000000..93d26c5 --- /dev/null +++ b/SOURCES/0020-pppd-put-lock-files-in-var-lock-ppp.patch @@ -0,0 +1,26 @@ +From c5a5f795b1defcb6d168e79c4d1fc371dfc556ca Mon Sep 17 00:00:00 2001 +From: Jiri Skala +Date: Wed, 9 Apr 2014 09:29:50 +0200 +Subject: [PATCH 20/27] pppd: put lock files in /var/lock/ppp + +Resolves: #708260 +--- + pppd/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/utils.c b/pppd/utils.c +index 6051b9a..8407492 100644 +--- a/pppd/utils.c ++++ b/pppd/utils.c +@@ -846,7 +846,7 @@ complete_read(int fd, void *buf, size_t count) + /* Procedures for locking the serial device using a lock file. */ + #ifndef LOCK_DIR + #ifdef __linux__ +-#define LOCK_DIR "/var/lock" ++#define LOCK_DIR "/var/lock/ppp" + #else + #ifdef SVR4 + #define LOCK_DIR "/var/spool/locks" +-- +1.8.3.1 + diff --git a/SOURCES/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch b/SOURCES/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch new file mode 100644 index 0000000..23b1f93 --- /dev/null +++ b/SOURCES/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch @@ -0,0 +1,20 @@ +diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux +index 2df887b..6cb8397 100644 +--- a/pppd/plugins/pppoe/Makefile.linux ++++ b/pppd/plugins/pppoe/Makefile.linux +@@ -43,12 +43,12 @@ pppoe.so: plugin.o discovery.o if.o common.o + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -c -m 4550 pppoe.so $(LIBDIR) ++ $(INSTALL) -c -m 755 pppoe.so $(LIBDIR) + # Symlink for backward compatibility + $(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so + $(INSTALL) -d -m 755 $(BINDIR) +- $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) +- $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR) ++ $(INSTALL) -c -m 755 pppoe-discovery $(BINDIR) ++ $(INSTALL) -c -m 644 pppoe-discovery.8 $(MANDIR) + + clean: + rm -f *.o *.so pppoe-discovery diff --git a/SOURCES/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch b/SOURCES/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch new file mode 100644 index 0000000..9982d92 --- /dev/null +++ b/SOURCES/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch @@ -0,0 +1,26 @@ +From 0fdb22ef3d3cc3b297372451d60bd6c61d047d27 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 10 Apr 2014 10:08:41 +0200 +Subject: [PATCH 24/27] build-sys: install pppoatm plugin files with standard + perms + +--- + pppd/plugins/pppoatm/Makefile.linux | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux +index 769794b..4c5826f 100644 +--- a/pppd/plugins/pppoatm/Makefile.linux ++++ b/pppd/plugins/pppoatm/Makefile.linux +@@ -37,7 +37,7 @@ $(PLUGIN): $(PLUGIN_OBJS) + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -c -m 4550 $(PLUGIN) $(LIBDIR) ++ $(INSTALL) -c -m 755 $(PLUGIN) $(LIBDIR) + + clean: + rm -f *.o *.so +-- +1.8.3.1 + diff --git a/SOURCES/ifdown-ppp b/SOURCES/ifdown-ppp new file mode 100755 index 0000000..fca6463 --- /dev/null +++ b/SOURCES/ifdown-ppp @@ -0,0 +1,51 @@ +#! /bin/bash + +cd /etc/sysconfig/network-scripts +. ./network-functions + +CONFIG=$1 +source_config + +if [ "$TYPE" = "xDSL" ] && [ -x /usr/sbin/adsl-stop ] ; then + adsl-stop /etc/sysconfig/network-scripts/$CONFIG + exit $? +fi + +CONFIG=${CONFIG##ifcfg-} + +if [ "${DEMAND}" = "yes" ] && [ -f /var/run/ppp-${CONFIG}.pid ] ; then + PID=$(head -1 /var/run/ppp-${CONFIG}.pid) + kill -TERM ${PID} + sleep 2 + [ ! -d /proc/${PID} ] && exit 0 + sleep 5 + [ ! -d /proc/${PID} ] && exit 0 + kill -TERM ${PID} + [ ! -d /proc/${PID} ] && exit 0 + exit 1 +fi + +file=/var/run/pppwatch-${DEVICE}.pid + +if [ ! -f $file ]; then + # ppp isn't running, or we didn't start it + exit 0 +fi + +PID=$(cat $file) +[ -n "${PID}" ] || exit 1 + +kill -TERM ${PID} > /dev/null 2>&1 +[ ! -d /proc/${PID} ] && exit 0 +sleep 2 +[ ! -d /proc/${PID} ] && exit 0 +sleep 5 +[ ! -d /proc/${PID} ] && exit 0 +sleep 10 +[ ! -d /proc/${PID} ] && exit 0 + +# killing ppp-watch twice in a row causes it to send a SIGKILL to pppd pgrp +kill -TERM ${PID} > /dev/null 2>&1 +[ ! -d /proc/${PID} ] && exit 0 + +exit 1 diff --git a/SOURCES/ifup-ppp b/SOURCES/ifup-ppp new file mode 100755 index 0000000..fb30639 --- /dev/null +++ b/SOURCES/ifup-ppp @@ -0,0 +1,157 @@ +#! /bin/bash + +. /etc/init.d/functions + +cd /etc/sysconfig/network-scripts +. ./network-functions + +# ifup-post for PPP is handled through /etc/ppp/ip-up +if [ "${1}" = daemon ] ; then + # we've been called from ppp-watch, so don't invoke it for persistence + shift +else + # just in case a full path to the configuration file is passed in + CONFIG=${1##*/} # CONFIG=$(basename $1) + [ -f "${CONFIG}" ] || CONFIG=ifcfg-${1} + source_config + # don't start ppp-watch by xDSL + if [ "${DEMAND}" != yes -a "$TYPE" != "xDSL" ] ; then + # let ppp-watch do the right thing + exec /sbin/ppp-watch "${CONFIG##ifcfg-}" "$2" + fi +fi + +CONFIG=$1 +[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1} +source_config + +if [ -z "${DISCONNECTTIMEOUT}" ]; then + DISCONNECTTIMEOUT=2 +fi + +if [ -z "${RETRYTIMEOUT}" ]; then + RETRYTIMEOUT=30 +fi + +if [ -z "${IDLETIMEOUT}" ]; then + IDLETIMEOUT=600 +fi + +if [ "${2}" = "boot" -a "${ONBOOT}" = "no" ]; then + exit +fi + +[ -x /usr/sbin/pppd ] || { + echo $"pppd does not exist or is not executable" + echo $"ifup-ppp for ${DEVICE} exiting" + /usr/bin/logger -p daemon.info -t ifup-ppp \ + $"pppd does not exist or is not executable for ${DEVICE}" + exit 1 +} + +# check that xDSL connection +if [ "$TYPE" = "xDSL" ] ; then + if [ -x /usr/sbin/adsl-start ] ; then + adsl-start /etc/sysconfig/network-scripts/$CONFIG + exit $? + else + /usr/bin/logger -p daemon.info -t ifup-ppp \ + $"adsl-start does not exist or is not executable for ${DEVICE}" + exit 1 + fi +fi + +PEERCONF=/etc/ppp/peers/${DEVNAME} + +if [ "${DEBUG}" = "yes" ]; then + CHATDBG="-v" +fi + +if [ ! -f ${PEERCONF} ]; then + if [ -z "${WVDIALSECT}" ] ; then + CHATSCRIPT=/etc/sysconfig/network-scripts/chat-${DEVNAME} + [ -f ${CHATSCRIPT} ] || { + echo $"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist" + echo $"ifup-ppp for ${DEVNAME} exiting" + /usr/bin/logger -p daemon.info -t ifup-ppp \ + $"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist for ${DEVICE}" + exit 1 + } + fi + /usr/bin/logger -s -p daemon.notice -t ifup-ppp \ + $"Setting up a new ${PEERCONF} config file" + if [ -f /etc/ppp/peers/${DEVICE} ]; then + cp -f /etc/ppp/peers/${DEVICE} ${PEERCONF} + else + touch ${PEERCONF} + fi + if [ "${WVDIALSECT}" ]; then + echo "connect \"/usr/bin/wvdial --remotename ${DEVNAME} --chat '${WVDIALSECT}'\"" >> ${PEERCONF} + else + echo "connect \"/usr/sbin/chat ${CHATDBG} -f ${CHATSCRIPT}\"" >> ${PEERCONF} + fi +fi + +opts="lock" +if [ "${HARDFLOWCTL}" != no ] ; then + opts="$opts modem crtscts" +fi +if [ "${ESCAPECHARS}" != yes ] ; then + opts="$opts asyncmap 00000000" +fi +if [ "${DEFROUTE}" != no ] ; then + # pppd will no longer delete an existing default route + # so we have to help it out a little here. + DEFRT=$(ip route list match 0.0.0.0/0) + [ -n "${DEFRT}" ] && echo "$DEFRT" > /etc/default-routes + echo "$DEFRT" | while read spec; do + ip route del $spec; + done + opts="$opts defaultroute" +fi +if [ "${PEERDNS}" != no ] ; then + cp -f /etc/resolv.conf /etc/resolv.conf.save + opts="$opts usepeerdns" +fi +if [ -n "${MRU}" ] ; then + opts="$opts mru ${MRU}" +fi +if [ -n "${MTU}" ] ; then + opts="$opts mtu ${MTU}" +fi +if [ -n "${IPADDR}${REMIP}" ] ; then + # if either IP address is set, the following will work. + opts="$opts ${IPADDR}:${REMIP}" +fi +if [ -n "${PAPNAME}" ] ; then + opts="$opts user ${PAPNAME} remotename ${DEVNAME}" +fi +if [ "${DEBUG}" = yes ] ; then + opts="$opts debug" +fi + +if [ ${DEMAND} = yes ] ; then + opts="$opts demand ktune idle ${IDLETIMEOUT} holdoff ${RETRYTIMEOUT}" + exec= +else + opts="$opts nodetach" + exec=exec +fi + +/usr/bin/logger -p daemon.info -t ifup-ppp \ + $"pppd started for ${DEVNAME} on ${MODEMPORT} at ${LINESPEED}" + +$exec pppd $opts ${MODEMPORT} ${LINESPEED} \ + ipparam ${DEVNAME} linkname ${DEVNAME} call ${DEVNAME}\ + noauth \ + ${PPPOPTIONS} || exit + +if [ "${DEMAND}" = "yes" ] ; then + # pppd is a tad slow to write the pid-file. + sleep 2 + if [ -f /var/run/ppp-${DEVNAME}.pid ] ; then + REALDEVICE=$(tail -1 /var/run/ppp-${DEVNAME}.pid) + /etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME} + fi +fi + diff --git a/SOURCES/ip-down b/SOURCES/ip-down new file mode 100644 index 0000000..bfb0871 --- /dev/null +++ b/SOURCES/ip-down @@ -0,0 +1,18 @@ +#!/bin/bash +# This file should not be modified -- make local changes to +# /etc/ppp/ip-down.local instead + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +LOGDEVICE=$6 +REALDEVICE=$1 + +/etc/ppp/ip-down.ipv6to4 ${LOGDEVICE} + +[ -x /etc/ppp/ip-down.local ] && /etc/ppp/ip-down.local "$@" + +/etc/sysconfig/network-scripts/ifdown-post --realdevice ${REALDEVICE} \ + ifcfg-${LOGDEVICE} + +exit 0 diff --git a/SOURCES/ip-down.ipv6to4 b/SOURCES/ip-down.ipv6to4 new file mode 100644 index 0000000..29f1c64 --- /dev/null +++ b/SOURCES/ip-down.ipv6to4 @@ -0,0 +1,114 @@ +#!/bin/sh +# +# ip-down.ipv6to4 +# +# +# Taken from: +# (P) & (C) 2000-2005 by Peter Bieringer +# +# You will find more information on the initscripts-ipv6 homepage at +# http://www.deepspace6.net/projects/initscripts-ipv6.html +# +# Version 2005-09-22 +# +# Calling parameters: +# $1: interface name +# +# Called (mostly) by /etc/ppp/ip-down.local +# like: /etc/ppp/ip-down.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1 +# +# Note: this script will *check* whether the existing 6to4 tunnel +# was set before by using "ip-up.ipv6to4" comparing IPv4 address +# of device with the generated 6to4 prefix +# +# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# IPV6TO4INIT=yes|no: controls configuration +# IPV6TO4_ROUTING="-/ ...": information to setup additional interfaces +# +# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering +# IPV6_RADVD_PIDFILE=: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" +# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd (optional, default is SIGHUP) +# + + +if [ -z "$1" ]; then + echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization" + exit 1 +fi + +# Get global network configuration +. /etc/sysconfig/network + +# Source IPv4 helper functions +cd /etc/sysconfig/network-scripts +. ./network-functions + +CONFIG=$1 +[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG +source_config + +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=${DEVICE%%:*} +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 + +if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then + exit 1 +fi + +. /etc/sysconfig/network-scripts/network-functions-ipv6 + + +# Run basic IPv6 test, if not ok, skip IPv6 initialization +ipv6_test testonly || exit 0 + +# Test status of ppp device +ipv6_test_device_status $DEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi + +# Test status of tun6to4 device +ipv6_test_device_status tun6to4 +if [ $? = 0 -o $? = 11 ]; then + # Device exists + valid6to4config="yes" + + # Get IPv4 address from interface + ipv4addr="$(ipv6_get_ipv4addr_of_device $DEVICE)" + if [ -z "$ipv4addr" ]; then + # Has no IPv4 address + valid6to4config="no" + fi + + # Get local IPv4 address of dedicated tunnel + ipv4addr6to4local="$(ipv6_get_ipv4addr_of_tunnel tun6to4 local)" + + # IPv6to4 not enabled on this interface? + if [ $IPV6TO4INIT != "yes" ]; then + # Check against configured 6to4 tunnel to see if this interface was regardless used before + if [ "$ipv4addr" != "$ipv4addr6to4local" ]; then + # IPv4 address of interface does't match local tunnel address, interface was not used for current 6to4 setup + valid6to4config="no" + fi + fi + +fi + +if [ "$valid6to4config" = "yes" ]; then + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE + fi + + if [ -n "$IPV6TO4_ROUTING" ]; then + # Delete routes to local networks + for devsuf in $IPV6TO4_ROUTING; do + dev="${devsuf%%-*}" + ipv6_cleanup_6to4_device $dev + done + fi + + # Delete all configured 6to4 address + ipv6_cleanup_6to4_tunnels tun6to4 +fi diff --git a/SOURCES/ip-up b/SOURCES/ip-up new file mode 100644 index 0000000..e610674 --- /dev/null +++ b/SOURCES/ip-up @@ -0,0 +1,17 @@ +#!/bin/bash +# This file should not be modified -- make local changes to +# /etc/ppp/ip-up.local instead + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +LOGDEVICE=$6 +REALDEVICE=$1 + +[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post --realdevice ${REALDEVICE} ifcfg-${LOGDEVICE} + +/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE} + +[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@" + +exit 0 diff --git a/SOURCES/ip-up.ipv6to4 b/SOURCES/ip-up.ipv6to4 new file mode 100644 index 0000000..6a85bbb --- /dev/null +++ b/SOURCES/ip-up.ipv6to4 @@ -0,0 +1,193 @@ +#!/bin/sh +# +# ip-up.ipv6to4 +# +# +# Taken from: +# (P) & (C) 2000-2005 by Peter Bieringer +# +# You will find more information on the initscripts-ipv6 homepage at +# http://www.deepspace6.net/projects/initscripts-ipv6.html +# +# Version: 2005-09-22 +# +# Calling parameters: +# $1: interface name +# +# Called (mostly) by /etc/ppp/ip-up.local +# like: /etc/ppp/ip-up.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1 +# +# Note: this script will *kill* older still existing 6to4 tunnels regardless +# whether they were set before by another device +# +# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# IPV6TO4INIT=yes|no: controls configuration +# IPV6TO4_IPV4ADDR=: special local address for 6to4 tunneling (only needed behind a NAT gateway) +# IPV6TO4_RELAY=: remote 6to4 relay router address (default: 192.88.99.1) +# IPV6TO4_MTU=: controls IPv6 MTU for the 6to4 link (optional, default is MTU of interface - 20) +# IPV6TO4_ROUTING="-/ ...": information to setup additional interfaces +# Example: IPV6TO4_ROUTING="eth0-:f101::1/64 eth1-:f102::1/64" +# +# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering +# IPV6_RADVD_PIDFILE=: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" +# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd (optional, default is SIGHUP) +# +# Requirements +# radvd-0.6.2p3 or newer supporting option "Base6to4Interface" +# + + +if [ -z "$1" ]; then + echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization" + exit 1 +fi + +# Get global network configuration +. /etc/sysconfig/network + +# Source IPv4 helper functions +cd /etc/sysconfig/network-scripts +. ./network-functions + +CONFIG=$1 +[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG +source_config + +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=${DEVICE%%:*} +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 + +if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then + exit 1 +fi + +. /etc/sysconfig/network-scripts/network-functions-ipv6 + + +# Run basic IPv6 test (and make sure the ipv6 module will be loaded), if not ok, skip IPv6 initialization +ipv6_test || exit 1 + +# Setup of 6to4, if configured +valid6to4config="yes" +if [ "$IPV6TO4INIT" = "yes" ]; then + if [ -n "$IPV6TO4_IPV4ADDR" ]; then + # Take 6to4-dedicated configured IPv4 address from config file (precedence 1) + ipv4addr="$IPV6TO4_IPV4ADDR" + else + # Get IPv4 address from interface (precedence 2) + ipv4addr="$(ipv6_get_ipv4addr_of_device $DEVICE)" + if [ -z "$ipv4addr" ]; then + # Take configured IPv4 address of interface from config file (precedence 3) + ipv4addr="$IPADDR" + fi + fi + if [ -n "$ipv4addr" ]; then + # Test for non-global IPv4 address + if ! ipv6_test_ipv4_addr_global_usable $ipv4addr; then + net_log $"Given IPv4 address '$ipv4addr' is not globally usable" info + valid6to4config="no" + fi + else + net_log $"IPv6to4 configuration needs an IPv4 address on related interface or otherwise specified" info + valid6to4config="no" + fi + if [ -z "$IPV6TO4_RELAY" ]; then + IPV6TO4_RELAY="192.88.99.1" + fi + + # Check/generate relay address + ipv6to4_relay="$(ipv6_create_6to4_relay_address $IPV6TO4_RELAY)" + if [ $? -ne 0 ]; then + valid6to4config="no" + fi + + if [ "$valid6to4config" = "yes" ]; then + # Delete routes to local networks + for devsuf in $IPV6TO4_ROUTING; do + dev="${devsuf%%-*}" + ipv6_cleanup_6to4_device $dev + done + + # Cleanup all old data (needed, if "ip-down.ipv6to4" wasn't executed), delete all configured 6to4 address + ipv6_cleanup_6to4_tunnels tun6to4 + + # Get MTU of master device + ipv4mtu="$(/sbin/ip link show dev $DEVICE | awk '/\/ { print $5 }')" + if [ -n "$ipv4mtu" ]; then + # IPv6 tunnel MTU is IPv4 MTU minus 20 for IPv4 header + tunnelmtu=$[ $ipv4mtu - 20 ] + fi + + if [ -n "$IPV6TO4_MTU" ]; then + if [ $IPV6TO4_MTU -gt $tunnelmtu ]; then + net_log $"Warning: configured MTU '$IPV6TO4_MTU' for 6to4 exceeds maximum limit of '$tunnelmtu', ignored" warning + else + tunnelmtu=$IPV6TO4_MTU + fi + fi + + # Setup new data + ipv6_add_6to4_tunnel tun6to4 $ipv4addr "" $tunnelmtu || exit 1 + + # Add route to for compatible addresses (removed later again) + ipv6_add_route "::/96" "::" tun6to4 + + # Add default route, if device matches + if [ "$IPV6_DEFAULTDEV" = "tun6to4" ]; then + if [ -n "$IPV6_DEFAULTGW" ]; then + net_log $"Warning: interface 'tun6to4' does not support 'IPV6_DEFAULTGW', ignored" warning + fi + ipv6_set_default_route $ipv6to4_relay tun6to4 + fi + + # Add static routes + if [ -f /etc/sysconfig/static-routes-ipv6 ]; then + LC_ALL=C grep -w "^tun6to4" /etc/sysconfig/static-routes-ipv6 | while read device network gateway; do + if [ -z "$network" ]; then + continue + fi + if [ -z "$gateway" ]; then + gateway="$ipv6to4_relay" + fi + ipv6_add_route $network $gateway tun6to4 + done + fi + + # Setup additional static IPv6 routes (newer config style) + if [ -f "/etc/sysconfig/network-scripts/route6-tun6to4" ]; then + sed -ne 's/#.*//' -e '/[^[:space:]]/p' /etc/sysconfig/network-scripts/route6-tun6to4 | while read line; do + if echo "$line" | grep -vq 'via'; then + # Add gateway if missing + line="$line via $ipv6to4_relay" + fi + /sbin/ip -6 route add $line + done + fi + + # Cleanup autmatically generated autotunnel (not needed for 6to4) + /sbin/ip -6 route del ::/96 dev tun6to4 + /sbin/ip -6 addr del tun6to4 "::$ipv4addr/128" dev tun6to4 + + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE + + if [ -n "$IPV6TO4_ROUTING" ]; then + # Generate 6to4 address + ipv6to4prefix="$(ipv6_create_6to4_prefix $ipv4addr)" + if [ -n "$ipv6to4prefix" ]; then + # Add IPv6 address to interface (required interface route will be set automatically) + for devsuf in $IPV6TO4_ROUTING; do + dev="${devsuf%%-*}" + suf="$(echo $devsuf | awk -F- '{ print $2 }')" + ipv6_add_addr_on_device ${dev} ${ipv6to4prefix}${suf} + done + else + net_log $"Error occurred while calculating the IPv6to4 prefix" + fi + else + net_log $"radvd control enabled, but config is not complete" + fi + fi + fi +fi diff --git a/SOURCES/ipv6-down b/SOURCES/ipv6-down new file mode 100644 index 0000000..b290585 --- /dev/null +++ b/SOURCES/ipv6-down @@ -0,0 +1,70 @@ +#!/bin/sh +# +# ipv6-down +# +# Called by pppd after IPV6CP/down was finished +# +# This file should not be modified -- make local changes to +# /etc/ppp/ipv6-down.local instead +# +# +# Taken from: +# (P) & (C) 2001-2006 by Peter Bieringer +# +# You will find more information on the initscripts-ipv6 homepage at +# http://www.deepspace6.net/projects/initscripts-ipv6.html +# +# RHL integration assistance by Pekka Savola +# +# Calling parameters: +# $1: interface name +# $6: logical interface name (set by pppd option ipparam) +# +# Version 2006-08-02 +# +# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# IPV6INIT=yes|no: controls IPv6 configuration for this interface +# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +LOGDEVICE=$6 +REALDEVICE=$1 + +[ -f /etc/sysconfig/network ] || exit 0 +. /etc/sysconfig/network + +cd /etc/sysconfig/network-scripts +. ./network-functions + +CONFIG=$LOGDEVICE +[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG +source_config + +[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1 +. /etc/sysconfig/network-scripts/network-functions-ipv6 + +[ -x /etc/ppp/ipv6-down.local ] && /etc/ppp/ipv6-down.local "$@" + + +if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE +fi + +# IPv6 test, no module loaded, exit if system is not IPv6-ready +ipv6_test testonly || exit 0 + +# Test device status +ipv6_test_device_status $REALDEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi + +# Delete all current configured IPv6 addresses on this interface +ipv6_cleanup_device $REALDEVICE + +exit 0 diff --git a/SOURCES/ipv6-up b/SOURCES/ipv6-up new file mode 100644 index 0000000..059afec --- /dev/null +++ b/SOURCES/ipv6-up @@ -0,0 +1,112 @@ +#!/bin/bash +# +# ipv6-up +# +# Called by pppd after IPV6CP/up was finished +# +# This file should not be modified -- make local changes to +# /etc/ppp/ipv6-up.local instead +# +# Taken from: +# (P) & (C) 2001-2006 by Peter Bieringer +# +# You will find more information on the initscripts-ipv6 homepage at +# http://www.deepspace6.net/projects/initscripts-ipv6.html +# +# RHL integration assistance by Pekka Savola +# +# Calling parameters: +# $1: interface name +# $6: logical interface name (set by pppd option ipparam) +# +# +# Version: 2006-08-02 +# +# Uses following information from "/etc/sysconfig/network": +# IPV6_DEFAULTDEV=: controls default route (optional) +# +# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1": +# IPV6INIT=yes|no: controls IPv6 configuration for this interface +# IPV6ADDR=[/]: specify primary static IPv6 address +# IPV6ADDR_SECONDARIES="[/] ..." (optional) +# IPV6_MTU=: controls IPv6 MTU for this link (optional) +# + + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH + +LOGDEVICE=$6 +REALDEVICE=$1 + +[ -f /etc/sysconfig/network ] || exit 0 +. /etc/sysconfig/network + +cd /etc/sysconfig/network-scripts +. ./network-functions +. ./network-functions-ipv6 + +CONFIG=$LOGDEVICE +[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG +source_config + +# Test whether IPv6 configuration is disabled for this interface +[[ "$IPV6INIT" = [nN0]* ]] && exit 0 + +[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1 +. /etc/sysconfig/network-scripts/network-functions-ipv6 + +# IPv6 test, module loaded, exit if system is not IPv6-ready +ipv6_test || exit 1 + +# Test device status +ipv6_test_device_status $REALDEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi + +# Setup IPv6 address on specified interface +if [ -n "$IPV6ADDR" ]; then + ipv6_add_addr_on_device $REALDEVICE $IPV6ADDR || exit 1 +fi + +# Set IPv6 MTU, if given +if [ -n "$IPV6_MTU" ]; then + ipv6_set_mtu $REALDEVICE $IPV6_MTU +fi + +# Setup additional IPv6 addresses from list, if given +if [ -n "$IPV6ADDR_SECONDARIES" ]; then + for ipv6addr in $IPV6ADDR_SECONDARIES; do + ipv6_add_addr_on_device $REALDEVICE $ipv6addr + done +fi + +# Setup default IPv6 route through device +if [ "$IPV6_DEFAULTDEV" = "$LOGDEVICE" ]; then + ipv6_set_default_route "" "$REALDEVICE" "$REALDEVICE" +fi + +# Setup additional static IPv6 routes on specified interface, if given +if [ -f /etc/sysconfig/static-routes-ipv6 ]; then + LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do + ipv6_add_route $args $REALDEVICE + done +fi + +# Setup additional static IPv6 routes (newer config style) +if [ -f "/etc/sysconfig/network-scripts/route6-$DEVICE" ]; then + sed -ne 's/#.*//' -e '/[^[:space:]]/p' "/etc/sysconfig/network-scripts/route6-$DEVICE" | while read line; do + /sbin/ip -6 route add $line + done +fi + +if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE +fi + +[ -x /etc/ppp/ipv6-up.local ] && /etc/ppp/ipv6-up.local "$@" + +exit 0 diff --git a/SOURCES/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch b/SOURCES/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch new file mode 100644 index 0000000..bedb902 --- /dev/null +++ b/SOURCES/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch @@ -0,0 +1,29 @@ +From ab8b06cdc1075abc67f77e7c3bb684e20071d614 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Thu, 10 Apr 2014 10:09:41 +0200 +Subject: [PATCH 25/27] pppd: install pppd binary using standard perms (755) + +--- + pppd/Makefile.linux | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 0e8107f..534ccc2 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -223,10 +223,10 @@ all: $(TARGETS) + install: pppd + mkdir -p $(BINDIR) $(MANDIR) + $(EXTRAINSTALL) +- $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd ++ $(INSTALL) -c -m 755 pppd $(BINDIR)/pppd + if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ + chmod o-rx,u+s $(BINDIR)/pppd; fi +- $(INSTALL) -c -m 444 pppd.8 $(MANDIR) ++ $(INSTALL) -c -m 644 pppd.8 $(MANDIR) + + pppd: $(PPPDOBJS) + $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) +-- +1.8.3.1 + diff --git a/SOURCES/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/SOURCES/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch new file mode 100644 index 0000000..1b4a9cd --- /dev/null +++ b/SOURCES/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch @@ -0,0 +1,143 @@ +From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Mon, 7 Apr 2014 12:23:36 +0200 +Subject: [PATCH 12/27] pppd: we don't want to accidentally leak fds + +--- + pppd/auth.c | 20 ++++++++++---------- + pppd/options.c | 2 +- + pppd/sys-linux.c | 4 ++-- + 3 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/pppd/auth.c b/pppd/auth.c +index 4271af6..9e957fa 100644 +--- a/pppd/auth.c ++++ b/pppd/auth.c +@@ -428,7 +428,7 @@ setupapfile(argv) + free(fname); + return 0; + } +- ufile = fopen(fname, "r"); ++ ufile = fopen(fname, "re"); + if (seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); + if (ufile == NULL) { +@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) + filename = _PATH_UPAPFILE; + addrs = opts = NULL; + ret = UPAP_AUTHNAK; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) { + error("Can't open PAP password file %s: %m", filename); + +@@ -1512,7 +1512,7 @@ null_login(unit) + if (ret <= 0) { + filename = _PATH_UPAPFILE; + addrs = NULL; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd) + } + + filename = _PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + check_access(f, filename); +@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp) + } + + filename = _PATH_UPAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp) + } + + filename = _PATH_CHAPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp) + struct wordlist *addrs; + + filename = _PATH_SRPFILE; +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) + return 0; + +@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server) + addrs = NULL; + secbuf[0] = 0; + +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + if (f == NULL) { + error("Can't open chap secret file %s: %m", filename); + return 0; +@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server) + filename = _PATH_SRPFILE; + addrs = NULL; + +- fp = fopen(filename, "r"); ++ fp = fopen(filename, "re"); + if (fp == NULL) { + error("Can't open srp secret file %s: %m", filename); + return 0; +@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags) + */ + if (word[0] == '@' && word[1] == '/') { + strlcpy(atfile, word+1, sizeof(atfile)); +- if ((sf = fopen(atfile, "r")) == NULL) { ++ if ((sf = fopen(atfile, "re")) == NULL) { + warn("can't open indirect secret file %s", atfile); + continue; + } +diff --git a/pppd/options.c b/pppd/options.c +index 45fa742..1d754ae 100644 +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv) + option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } +- f = fopen(filename, "r"); ++ f = fopen(filename, "re"); + err = errno; + if (check_prot && seteuid(euid) == -1) + fatal("unable to regain privileges"); +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index 72a7727..8a12fa0 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail) + /* Default the mount location of /proc */ + strlcpy (proc_path, "/proc", sizeof(proc_path)); + proc_path_len = 5; +- fp = fopen(MOUNTED, "r"); ++ fp = fopen(MOUNTED, "re"); + if (fp != NULL) { + while ((mntent = getmntent(fp)) != NULL) { + if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) +@@ -1472,7 +1472,7 @@ static int open_route_table (void) + close_route_table(); + + path = path_to_procfs("/net/route"); +- route_fd = fopen (path, "r"); ++ route_fd = fopen (path, "re"); + if (route_fd == NULL) { + error("can't open routing table %s: %m", path); + return 0; +-- +1.8.3.1 + diff --git a/SOURCES/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch b/SOURCES/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch new file mode 100644 index 0000000..c2c8cce --- /dev/null +++ b/SOURCES/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch @@ -0,0 +1,99 @@ +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index 6a4b897..8f29c1f 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -12,6 +12,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + INCDIR = $(DESTDIR)/include ++LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null) + + TARGETS = pppd + +@@ -93,7 +94,7 @@ INCLUDE_DIRS= -I../include + + COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe + +-CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' ++CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -DLIBDIR=\""$(LIBDIR)"\" + + ifdef CHAPMS + CFLAGS += -DCHAPMS=1 +diff --git a/pppd/pathnames.h b/pppd/pathnames.h +index 524d608..c7eadbb 100644 +--- a/pppd/pathnames.h ++++ b/pppd/pathnames.h +@@ -62,7 +62,7 @@ + + #ifdef PLUGIN + #ifdef __STDC__ +-#define _PATH_PLUGIN DESTDIR "/lib/pppd/" VERSION ++#define _PATH_PLUGIN LIBDIR "/pppd/" VERSION + #else /* __STDC__ */ + #define _PATH_PLUGIN "/usr/lib/pppd" + #endif /* __STDC__ */ +diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux +index 6403e3d..f42d18c 100644 +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -5,7 +5,7 @@ COPTS=@CFLAGS@ + DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 +-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) ++LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION) + + CFLAGS = $(COPTS) -I.. -I../../include -fPIC + LDFLAGS_SHARED = -shared +diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux +index d3a8086..c2aff0c 100644 +--- a/pppd/plugins/pppoatm/Makefile.linux ++++ b/pppd/plugins/pppoatm/Makefile.linux +@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@ + COPTS=@CFLAGS@ + + DESTDIR = $(INSTROOT)@DESTDIR@ +-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) ++LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION) + + VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + +diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux +index c415ce3..d3b7392 100644 +--- a/pppd/plugins/pppoe/Makefile.linux ++++ b/pppd/plugins/pppoe/Makefile.linux +@@ -18,7 +18,7 @@ COPTS=@CFLAGS@ + + DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin +-LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION) ++LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION) + + PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + +diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux +index 1aa1c0b..e4442f9 100644 +--- a/pppd/plugins/pppol2tp/Makefile.linux ++++ b/pppd/plugins/pppol2tp/Makefile.linux +@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@ + COPTS=@CFLAGS@ + + DESTDIR = $(INSTROOT)/@DESTDIR@ +-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) ++LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION) + + VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + +diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux +index 489aef2..d2ef044 100644 +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -9,7 +9,7 @@ COPTS=@CFLAGS@ + + DESTDIR = $(INSTROOT)@DESTDIR@ + MANDIR = $(DESTDIR)/share/man/man8 +-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) ++LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION) + + VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + diff --git a/SOURCES/ppp-2.4.9-config.patch b/SOURCES/ppp-2.4.9-config.patch new file mode 100644 index 0000000..fc7c781 --- /dev/null +++ b/SOURCES/ppp-2.4.9-config.patch @@ -0,0 +1,21 @@ +diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux +index e77373e..07df6a7 100644 +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -68,14 +68,14 @@ USE_TDB=y + #SYSTEMD=y + + HAS_SHADOW=y +-#USE_PAM=y ++USE_PAM=y + HAVE_INET6=y + + # Enable plugins + PLUGIN=y + + # Enable Microsoft proprietary Callback Control Protocol +-#CBCP=y ++CBCP=y + + # Enable EAP SRP-SHA1 authentication (requires libsrp) + #USE_SRP=y diff --git a/SOURCES/ppp-2.4.9-configure-cflags-allow-commas.patch b/SOURCES/ppp-2.4.9-configure-cflags-allow-commas.patch new file mode 100644 index 0000000..5a4ef98 --- /dev/null +++ b/SOURCES/ppp-2.4.9-configure-cflags-allow-commas.patch @@ -0,0 +1,17 @@ +diff --git a/configure b/configure +index f977663..c7031c2 100755 +--- a/configure ++++ b/configure +@@ -121,9 +121,9 @@ mkmkf() { + rm -f $2 + if [ -f $1 ]; then + echo " $2 <= $1" +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ +- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ +- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 ++ sed -e "s|@DESTDIR@|$DESTDIR|g" -e "s|@SYSCONF@|$SYSCONF|g" \ ++ -e "s|@CROSS_COMPILE@|$CROSS_COMPILE|g" -e "s|@CC@|$CC|g" \ ++ -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2 + fi + } + diff --git a/SOURCES/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch b/SOURCES/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch new file mode 100644 index 0000000..84a3bdb --- /dev/null +++ b/SOURCES/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch @@ -0,0 +1,241 @@ +From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Mon, 7 Apr 2014 13:56:34 +0200 +Subject: [PATCH 13/27] everywhere: O_CLOEXEC harder + +--- + pppd/eap.c | 2 +- + pppd/main.c | 4 ++-- + pppd/options.c | 4 ++-- + pppd/sys-linux.c | 22 +++++++++++----------- + pppd/tdb.c | 4 ++-- + pppd/tty.c | 4 ++-- + pppd/utils.c | 6 +++--- + 7 files changed, 23 insertions(+), 23 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 6ea6c1f..faced53 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1226,7 +1226,7 @@ mode_t modebits; + + if ((path = name_of_pn_file()) == NULL) + return (-1); +- fd = open(path, modebits, S_IRUSR | S_IWUSR); ++ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC); + err = errno; + free(path); + errno = err; +diff --git a/pppd/main.c b/pppd/main.c +index 6d50d1b..4880377 100644 +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -420,7 +420,7 @@ main(argc, argv) + die(0); + + /* Make sure fds 0, 1, 2 are open to somewhere. */ +- fd_devnull = open(_PATH_DEVNULL, O_RDWR); ++ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC); + if (fd_devnull < 0) + fatal("Couldn't open %s: %m", _PATH_DEVNULL); + while (fd_devnull <= 2) { +@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait) + if (log_to_fd >= 0) + errfd = log_to_fd; + else +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); ++ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644); + + ++conn_running; + pid = safe_fork(in, out, errfd); +diff --git a/pppd/options.c b/pppd/options.c +index 1d754ae..8e62635 100644 +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -1544,9 +1544,9 @@ setlogfile(argv) + option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } +- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); ++ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644); + if (fd < 0 && errno == EEXIST) +- fd = open(*argv, O_WRONLY | O_APPEND); ++ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC); + err = errno; + if (!privileged_option && seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index 8a12fa0..00a2cf5 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd) + goto err; + } + dbglog("using channel %d", chindex); +- fd = open("/dev/ppp", O_RDWR); ++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd < 0) { + error("Couldn't reopen /dev/ppp: %m"); + goto err; +@@ -619,7 +619,7 @@ static int make_ppp_unit() + dbglog("in make_ppp_unit, already had /dev/ppp open?"); + close(ppp_dev_fd); + } +- ppp_dev_fd = open("/dev/ppp", O_RDWR); ++ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (ppp_dev_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + flags = fcntl(ppp_dev_fd, F_GETFL); +@@ -693,7 +693,7 @@ int bundle_attach(int ifnum) + if (!new_style_driver) + return -1; + +- master_fd = open("/dev/ppp", O_RDWR); ++ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (master_fd < 0) + fatal("Couldn't open /dev/ppp: %m"); + if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { +@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr) + if (tune_kernel) { + forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); + if (forw_path != 0) { +- int fd = open(forw_path, O_WRONLY); ++ int fd = open(forw_path, O_WRONLY | O_CLOEXEC); + if (fd >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable IP forwarding: %m"); +@@ -2030,7 +2030,7 @@ int ppp_available(void) + sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); + kernel_version = KVERSION(osmaj, osmin, ospatch); + +- fd = open("/dev/ppp", O_RDWR); ++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); + if (fd >= 0) { + new_style_driver = 1; + +@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host) + #if __GLIBC__ >= 2 + updwtmp(_PATH_WTMP, &ut); + #else +- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY); ++ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC); + if (wtmp >= 0) { + flock(wtmp, LOCK_EX); + +@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr, + int fd; + + path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); +- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { ++ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) { + if (write(fd, "1", 1) != 1) + error("Couldn't enable dynamic IP addressing: %m"); + close(fd); +@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) + /* + * Try the unix98 way first. + */ +- mfd = open("/dev/ptmx", O_RDWR); ++ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC); + if (mfd >= 0) { + int ptn; + if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { +@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) + if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) + warn("Couldn't unlock pty slave %s: %m", pty_name); + #endif +- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) ++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { + warn("Couldn't open pty slave %s: %m", pty_name); + close(mfd); +@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) + for (i = 0; i < 64; ++i) { + slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", + 'p' + i / 16, i % 16); +- mfd = open(pty_name, O_RDWR, 0); ++ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0); + if (mfd >= 0) { + pty_name[5] = 't'; +- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); ++ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); + if (sfd >= 0) { + fchown(sfd, uid, -1); + fchmod(sfd, S_IRUSR | S_IWUSR); +diff --git a/pppd/tdb.c b/pppd/tdb.c +index bdc5828..c7ab71c 100644 +--- a/pppd/tdb.c ++++ b/pppd/tdb.c +@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, + goto internal; + } + +- if ((tdb->fd = open(name, open_flags, mode)) == -1) { ++ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) { + TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", + name, strerror(errno))); + goto fail; /* errno set by open(2) */ +@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb) + } + if (close(tdb->fd) != 0) + TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); +- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); ++ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0); + if (tdb->fd == -1) { + TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); + goto fail; +diff --git a/pppd/tty.c b/pppd/tty.c +index d571b11..bc96695 100644 +--- a/pppd/tty.c ++++ b/pppd/tty.c +@@ -569,7 +569,7 @@ int connect_tty() + status = EXIT_OPEN_FAILED; + goto errret; + } +- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); ++ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0); + err = errno; + if (prio < OPRIO_ROOT && seteuid(0) == -1) + fatal("Unable to regain privileges"); +@@ -723,7 +723,7 @@ int connect_tty() + if (connector == NULL && modem && devnam[0] != 0) { + int i; + for (;;) { +- if ((i = open(devnam, O_RDWR)) >= 0) ++ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0) + break; + if (errno != EINTR) { + error("Failed to reopen %s: %m", devnam); +diff --git a/pppd/utils.c b/pppd/utils.c +index 29bf970..6051b9a 100644 +--- a/pppd/utils.c ++++ b/pppd/utils.c +@@ -918,14 +918,14 @@ lock(dev) + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); + #endif + +- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { ++ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) { + if (errno != EEXIST) { + error("Can't create lock file %s: %m", lock_file); + break; + } + + /* Read the lock file to find out who has the device locked. */ +- fd = open(lock_file, O_RDONLY, 0); ++ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0); + if (fd < 0) { + if (errno == ENOENT) /* This is just a timing problem. */ + continue; +@@ -1004,7 +1004,7 @@ relock(pid) + + if (lock_file[0] == 0) + return -1; +- fd = open(lock_file, O_WRONLY, 0); ++ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0); + if (fd < 0) { + error("Couldn't reopen lock file %s: %m", lock_file); + lock_file[0] = 0; +-- +1.8.3.1 + diff --git a/SOURCES/ppp-logrotate.conf b/SOURCES/ppp-logrotate.conf new file mode 100644 index 0000000..7a72979 --- /dev/null +++ b/SOURCES/ppp-logrotate.conf @@ -0,0 +1,10 @@ +# Logrotate file for ppp RPM + +/var/log/ppp/connect-errors { + missingok + compress + notifempty + daily + rotate 5 + create 0600 root root +} diff --git a/SOURCES/ppp-pam.conf b/SOURCES/ppp-pam.conf new file mode 100644 index 0000000..968e252 --- /dev/null +++ b/SOURCES/ppp-pam.conf @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth include password-auth +account required pam_nologin.so +account include password-auth +session include password-auth diff --git a/SOURCES/ppp-tmpfiles.conf b/SOURCES/ppp-tmpfiles.conf new file mode 100644 index 0000000..a07719c --- /dev/null +++ b/SOURCES/ppp-tmpfiles.conf @@ -0,0 +1,2 @@ +d /run/ppp 0755 root root +d /run/lock/ppp 0755 root root diff --git a/SPECS/ppp.spec b/SPECS/ppp.spec new file mode 100644 index 0000000..3b9c33d --- /dev/null +++ b/SPECS/ppp.spec @@ -0,0 +1,760 @@ +%global _hardened_build 1 + +Name: ppp +Version: 2.4.9 +Release: 5%{?dist} +Summary: The Point-to-Point Protocol daemon +License: BSD and LGPLv2+ and GPLv2+ and Public Domain +URL: http://www.samba.org/ppp + +Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz +Source1: ppp-pam.conf +Source2: ppp-logrotate.conf +Source3: ppp-tmpfiles.conf +Source4: ip-down +Source5: ip-down.ipv6to4 +Source6: ip-up +Source7: ip-up.ipv6to4 +Source8: ipv6-down +Source9: ipv6-up +Source10: ifup-ppp +Source11: ifdown-ppp +Source12: ppp-watch.tar.xz + +# Fedora-specific +Patch0002: ppp-2.4.9-config.patch +Patch0004: 0004-doc-add-configuration-samples.patch +Patch0005: ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch +Patch0006: 0006-scritps-use-change_resolv_conf-function.patch +Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch +Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch +Patch0013: ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch +Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch +Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch +Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch +Patch0018: 0018-scritps-fix-ip-up.local-sample.patch +Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch +Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch +Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch +Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch +Patch0026: ppp-2.4.9-configure-cflags-allow-commas.patch + +BuildRequires: make +BuildRequires: gcc +BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel +BuildRequires: openssl-devel + +Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd +Requires(pre): /usr/bin/getent +Requires(pre): /usr/sbin/groupadd + +%description +The ppp package contains the PPP (Point-to-Point Protocol) daemon and +documentation for PPP support. The PPP protocol provides a method for +transmitting datagrams over serial point-to-point links. PPP is +usually used to dial in to an ISP (Internet Service Provider) or other +organization over a modem and phone line. + +%package -n network-scripts-%{name} +Summary: PPP legacy network service support +Requires: network-scripts +Supplements: (%{name} and network-scripts) + +%description -n network-scripts-%{name} +This provides the ifup and ifdown scripts for use with the legacy network +service. + +%package devel +Summary: Headers for ppp plugin development +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +This package contains the header files for building plugins for ppp. + +%prep +%setup -qn %{name}-%{name}-%{version} +%autopatch -p1 + +tar -xJf %{SOURCE12} + +%build +%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing" +%{make_build} LDFLAGS="%{?build_ldflags} -pie" +%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags} -pie" + +%install +make INSTROOT=%{buildroot} install install-etcppp +find scripts -type f | xargs chmod a-x +make ROOT=%{buildroot} -C ppp-watch install + +# create log files dir +install -d %{buildroot}%{_localstatedir}/log/ppp + +# install pam config +install -d %{buildroot}%{_sysconfdir}/pam.d +install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ppp + +# install logrotate script +install -d %{buildroot}%{_sysconfdir}/logrotate.d +install -m 644 -p %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/ppp + +# install tmpfiles drop-in +install -d %{buildroot}%{_tmpfilesdir} +install -m 644 -p %{SOURCE3} %{buildroot}%{_tmpfilesdir}/ppp.conf + +# install scripts (previously owned by initscripts package) +install -d %{buildroot}%{_sysconfdir}/ppp +install -p %{SOURCE4} %{buildroot}%{_sysconfdir}/ppp/ip-down +install -p %{SOURCE5} %{buildroot}%{_sysconfdir}/ppp/ip-down.ipv6to4 +install -p %{SOURCE6} %{buildroot}%{_sysconfdir}/ppp/ip-up +install -p %{SOURCE7} %{buildroot}%{_sysconfdir}/ppp/ip-up.ipv6to4 +install -p %{SOURCE8} %{buildroot}%{_sysconfdir}/ppp/ipv6-down +install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/ppp/ipv6-up + +install -d %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ +install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp +install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp + +# ghosts +mkdir -p %{buildroot}%{_rundir}/ppp +mkdir -p %{buildroot}%{_rundir}/lock/ppp + +%pre +/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || : + +%post +%tmpfiles_create ppp.conf + +%files +%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls +%{_sbindir}/chat +%{_sbindir}/pppd +%{_sbindir}/pppdump +%{_sbindir}/pppoe-discovery +%{_sbindir}/pppstats +%{_sbindir}/ppp-watch +%dir %{_sysconfdir}/ppp +%{_sysconfdir}/ppp/ip-up +%{_sysconfdir}/ppp/ip-down +%{_sysconfdir}/ppp/ip-up.ipv6to4 +%{_sysconfdir}/ppp/ip-down.ipv6to4 +%{_sysconfdir}/ppp/ipv6-up +%{_sysconfdir}/ppp/ipv6-down +%{_mandir}/man8/chat.8* +%{_mandir}/man8/pppd.8* +%{_mandir}/man8/pppdump.8* +%{_mandir}/man8/pppd-radattr.8* +%{_mandir}/man8/pppd-radius.8* +%{_mandir}/man8/pppstats.8* +%{_mandir}/man8/pppoe-discovery.8* +%{_mandir}/man8/ppp-watch.8* +%{_libdir}/pppd +%ghost %dir %{_rundir}/ppp +%ghost %dir %{_rundir}/lock/ppp +%dir %{_sysconfdir}/logrotate.d +%attr(700, root, root) %dir %{_localstatedir}/log/ppp +%config(noreplace) %{_sysconfdir}/ppp/eaptls-client +%config(noreplace) %{_sysconfdir}/ppp/eaptls-server +%config(noreplace) %{_sysconfdir}/ppp/chap-secrets +%config(noreplace) %{_sysconfdir}/ppp/options +%config(noreplace) %{_sysconfdir}/ppp/pap-secrets +%config(noreplace) %{_sysconfdir}/pam.d/ppp +%config(noreplace) %{_sysconfdir}/logrotate.d/ppp +%{_tmpfilesdir}/ppp.conf + +%files -n network-scripts-%{name} +%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp +%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp + +%files devel +%{_includedir}/pppd +%doc PLUGINS + +%changelog +* Tue Aug 10 2021 Mohan Boddu - 2.4.9-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 16 2021 Mohan Boddu - 2.4.9-4 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri Apr 16 2021 Mohan Boddu - 2.4.9-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 2.4.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 5 2021 Jaroslav Škarvada - 2.4.9-1 +- New version + Resolves: rhbz#1912617 + +* Mon Aug 10 2020 Jaroslav Škarvada - 2.4.8-8 +- Added workaround for Windows Server 2019 + Resolves: rhbz#1867047 + +* Tue Jul 28 2020 Fedora Release Engineering - 2.4.8-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu May 21 2020 Jaroslav Škarvada - 2.4.8-6 +- Added missing options to man pages + +* Tue Apr 7 2020 Jaroslav Škarvada - 2.4.8-5 +- Updated EAP-TLS patch to v1.300 + +* Mon Apr 6 2020 Jaroslav Škarvada - 2.4.8-4 +- Updated EAP-TLS patch to v1.201 + +* Fri Feb 28 2020 Tom Stellard - 2.4.8-3 +- Use make_build macro +- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make + +* Wed Feb 26 2020 Jaroslav Škarvada - 2.4.8-2 +- Fixed ghost directories verification + +* Fri Feb 21 2020 Jaroslav Škarvada - 2.4.8-1 +- New version +- Changed sources to github +- Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h, + ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags, + ppp-2.4.7-coverity-scan-fixes patches (all upstreamed) +- Fixed buffer overflow in the eap_request and eap_response functions + Resolves: CVE-2020-8597 + +* Thu Jan 30 2020 Fedora Release Engineering - 2.4.7-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 2.4.7-32 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Feb 02 2019 Fedora Release Engineering - 2.4.7-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 14 2019 Björn Esser - 2.4.7-30 +- Rebuilt for libcrypt.so.2 (#1666033) + +* Mon Dec 3 2018 Jaroslav Škarvada - 2.4.7-29 +- Fixed some issues found by coverity scan + +* Tue Nov 20 2018 Jaroslav Škarvada - 2.4.7-28 +- Fixed network scripts related regression caused by release 26 + +* Mon Nov 5 2018 Jaroslav Škarvada - 2.4.7-27 +- Updated EAP-TLS patch to v1.102 + +* Tue Jul 24 2018 Lubomir Rintel - 2.4.7-26 +- Split out the network-scripts + +* Fri Jul 13 2018 Fedora Release Engineering - 2.4.7-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Sat Jun 30 2018 Peter Robinson 2.4.7-24 +- Remove group/defattr, minor spec cleanups + +* Wed Jun 20 2018 Jaroslav Škarvada - 2.4.7-23 +- Replaced initscripts requirement by the network-scripts + Resolves: rhbz#1592384 + +* Tue Jun 5 2018 Jaroslav Škarvada - 2.4.7-22 +- Updated EAP-TLS patch to v1.101 + Resolves: CVE-2018-11574 + +* Mon Apr 9 2018 Jaroslav Škarvada - 2.4.7-21 +- Link with -E not to break plugins + Resolves: rhbz#1564459 + +* Fri Apr 6 2018 Jaroslav Škarvada - 2.4.7-20 +- Also build all DSOs with distro's LDFLAGS + Related: rhbz#1563157 + +* Wed Apr 4 2018 Jaroslav Škarvada - 2.4.7-19 +- Build with distro's LDFLAGS + Resolves: rhbz#1563157 + +* Tue Mar 27 2018 Jaroslav Škarvada - 2.4.7-18 +- Used openssl for the DES instead of the libcrypt / glibc + Resolves: rhbz#1556132 + +* Fri Feb 09 2018 Igor Gnatenko - 2.4.7-17 +- Escape macros in %%changelog + +* Fri Feb 09 2018 Fedora Release Engineering - 2.4.7-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 2.4.7-15 +- Rebuilt for switch to libxcrypt + +* Mon Aug 21 2017 Jaroslav Škarvada - 2.4.7-14 +- EAP-TLS patch updated to version 0.999 +- Switched to openssl-1.1 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.4.7-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 2.4.7-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 2.4.7-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Dec 10 2016 Lubomir Rintel - 2.4.7-10 +- Fix FTBFS + +* Thu Feb 04 2016 Fedora Release Engineering - 2.4.7-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 2.4.7-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Feb 09 2015 Michal Sekletar - 2.4.7-7 +- prevent running into issues caused by undefined behavior (pointers of incompatible types aliasing the same object) + +* Wed Dec 10 2014 Michal Sekletar - 2.4.7-6 +- fix logical expression in eap_client_active macro (#1023620) + +* Wed Nov 19 2014 Michal Sekletar - 2.4.7-5 +- don't mark logrotate config as executable (#1164435) + +* Tue Sep 2 2014 Peter Robinson 2.4.7-4 +- devel package should depend on base package as per guidelines + +* Tue Aug 19 2014 Michal Sekletar - 2.4.7-3 +- don't mark tmpfiles dropin as executable (#1131293) + +* Sun Aug 17 2014 Fedora Release Engineering - 2.4.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Aug 11 2014 Michal Sekletar - 2.4.7-1 +- rebase to 2.4.7. Includes fix for CVE-2014-3158 (#1128716) + +* Fri Jun 20 2014 Michal Sekletar - 2.4.6-6 +- version 0.997 of EAP-TLS patch + +* Sat Jun 07 2014 Fedora Release Engineering - 2.4.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 16 2014 Michal Sekletar - 2.4.6-4 +- move ppp initscripts to ppp package (#1088220) + +* Mon Apr 14 2014 Michal Sekletar - 2.4.6-3 +- don't require perl and expect (#1086846) + +* Thu Apr 10 2014 Michal Sekletar - 2.4.6-2 +- rebase to 2.4.6 + +* Thu Aug 01 2013 Michal Sekletar - 2.4.5-33 +- fix post installation scriptlet + +* Fri Jul 12 2013 Michal Sekletar - 2.4.5-32 +- don't ship /var/lock/ppp in rpm payload and create it in %%post instead +- fix installation of tmpfiles.d configuration +- enable hardened build +- fix bogus dates in changelog +- compile all binaries with hardening flags + +* Thu Jul 04 2013 Michal Sekletar - 2.4.5-31 +- fix possible NULL pointer dereferencing + +* Wed May 29 2013 Michal Sekletar - 2.4.5-30 +- make radius plugin config parser less strict +- resolves : #906913 + +* Wed Mar 20 2013 Michal Sekletar - 2.4.5-29 +- Add creation of dip system group + +* Wed Mar 20 2013 Michal Sekletar - 2.4.5-28 +- Add /etc/logrotate.d to files section since we no longer hard depend on logrotate + +* Wed Mar 20 2013 Michal Sekletar - 2.4.5-27 +- Don't hard depend on logrotate + +* Thu Feb 14 2013 Fedora Release Engineering - 2.4.5-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 12 2012 Michal Sekletar - 2.4.5-25 +- Resolves: #840190 - install configuration file in /usr/lib/tmpfiles.d + +* Tue Sep 11 2012 Michal Sekletar - 2.4.5-24 +- Removed unnecessary dependency on systemd-unit + +* Sat Jul 21 2012 Fedora Release Engineering - 2.4.5-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue May 29 2012 Michal Sekletar +- Resolves: #817011 - fixed ppp-2.4.5-eaptls-mppe-0.99 patch, added variable definition + +* Mon May 21 2012 Michal Sekletar +- Resolves: #817013 - fixed support for multilink channels in pppol2tp plugin + +* Thu May 17 2012 Michal Sekletar +- Resolves: #771340 - fixed compilation of pppd without USE_EAPTLS + +* Sat Jan 14 2012 Fedora Release Engineering - 2.4.5-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon May 30 2011 Jiri Skala - 2.4.5-18 +- fixes #682381 - hardcodes eth0 +- fixes #708260 - SELinux is preventing access on the file LCK..ttyUSB3 + +* Mon Apr 04 2011 Jiri Skala - 2.4.5-17 +- fixes #664282 and #664868 - man page fixes + +* Wed Feb 09 2011 Fedora Release Engineering - 2.4.5-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 02 2010 Jiri Skala - 2.4.5-15 +- corrected tmpfiles.d conf +- replaced remaining /etc by macros + +* Tue Nov 30 2010 Jiri Skala - 2.4.5-14 +- fixes #656671 - /var/run and /var/lock on tmpfs +- replaced paths /var /etc by macros + +* Tue Nov 16 2010 Jiri Skala - 2.4.5-13 +- fixes #565294 - SELinux is preventing /sbin/consoletype access to a leaked packet_socket fd + +* Wed Sep 29 2010 Jiri Skala - 2.4.5-12 +- fixes #637513 - Missing: README.eap-tls +- updated to latest eaptls upstream +- fixes #637886 - EAP-TLS not working with enabled PPP Multilink Framing option + +* Thu Aug 05 2010 Jiri Skala - 2.4.5-11 +- fixes #617625 - FTBFS in ppp due to change in kernel-headers +- fixes pppol2tp Makefile + +* Tue Jul 13 2010 Jiri Skala - 2.4.5-10 +- fixes #613717 - Missing line in example script ip-up.local.add +- removed /usr/kerberos/include from eaptls patch + +* Wed Jun 16 2010 Jiri Skala - 2.4.5-9 +- included eap-tls patch + +* Wed Apr 07 2010 Jiri Skala - 2.4.5-8 +- added pppoe-discovery(8) + +* Fri Mar 05 2010 Jiri Skala - 2.4.5-7 +- removed duplicities from patches (ip-*.local.add) + +* Fri Feb 12 2010 Jiri Skala - 2.4.5-6 +- fixes #560014 - SELinux is preventing /usr/sbin/pppd "read write" access on pppd2.tdb + +* Thu Feb 04 2010 Jiri Skala - 2.4.5-5 +- one line correction in fd_leak patch + +* Wed Feb 03 2010 Jiri Skala - 2.4.5-4 +- applied patch fd_leak + +* Fri Jan 22 2010 Jiri Skala - 2.4.5-3 +- fixed some rpmlint complains + +* Sun Nov 22 2009 Jiri Skala - 2.4.5-2 +- updated patches (make local succeeded, koji failed) + +* Fri Nov 20 2009 Jiri Skala - 2.4.5-1 +- updated to latest upstream sources (#538058) + +* Thu Oct 08 2009 Jiri Skala - 2.4.4-14 +- fixed #519042 - ppp package is missing URL in spec +- fixed #524575 - ppp: no_strip patch modifies backup files created by previous patches + +* Wed Sep 16 2009 Tomas Mraz 2.4.4-13 +- use password-auth common PAM configuration instead of system-auth + +* Sun Jul 26 2009 Fedora Release Engineering - 2.4.4-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Mar 06 2009 - Jiri Skala 2.4.4-11 +- fixed #488764 - package upgrade should not replace configuration files + +* Thu Feb 26 2009 Fedora Release Engineering - 2.4.4-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Dec 11 2008 Jiri Skala 2.4.4.-9 +- fixed #467004 PPP sometimes gets incorrect DNS servers for mobile broadband connections + +* Thu Aug 28 2008 Tom "spot" Callaway 2.4.4-8 +- fix license tag + +* Tue May 13 2008 Martin Nagy 2.4.4-7 +- add new speeds, patch by Jason Vas Dias (#446132) + +* Thu Mar 06 2008 Martin Nagy 2.4.4-6 +- call closelog earlier (#222295) +- fix ChapMS2 (#217076) +- moving header files to new -devel package (#203542) + +* Mon Mar 03 2008 Martin Nagy 2.4.4-5 +- put logs into /var/log/ppp (#118837) + +* Mon Feb 11 2008 Martin Nagy 2.4.4-4 +- rebuild for gcc-4.3 + +* Fri Nov 09 2007 Martin Nagy 2.4.4-3 +- removed undesired files from the package (#241753) + +* Fri Dec 1 2006 Thomas Woerner 2.4.4-2 +- fixed build requirement for libpcap (#217661) + +* Wed Jul 19 2006 Thomas Woerner 2.4.4-1 +- new version 2.4.4 with lots of fixes +- fixed reesolv.conf docs (#165072) + Thanks to Matt Domsch for the initial patch +- enabled CBCP (#199278) + +* Wed Jul 12 2006 Jesse Keating - 2.4.3-6.2.2 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 2.4.3-6.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.4.3-6.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Sat Nov 12 2005 Florian La Roche +- rebuild + +* Fri Nov 4 2005 David Woodhouse 2.4.3-5 +- Implement ipv6cp-accept-remote option + +* Fri Oct 7 2005 Tomas Mraz 2.4.3-4 +- use include instead of pam_stack in pam config + +* Sun Jul 31 2005 Florian La Roche +- rebuild for libpcap of the day + +* Tue Jul 19 2005 Thomas Woerner 2.4.3-2.1 +- additional patch for the scripts, thanks to Sammy (#163621) + +* Tue Jul 19 2005 Thomas Woerner 2.4.3-2 +- dropped all executable bits in scripts directory to prevent rpm requiring + programs used in there + +* Mon Jul 18 2005 Thomas Woerner 2.4.3-1 +- new version 2.4.3 + - updated patches: make, lib64, dontwriteetc, fix, fix64, no_strip, + radiusplugin + - dropped patches: bpf, signal, pcap, pppoatm, pkgcheck + +* Tue Nov 2 2004 Thomas Woerner 2.4.2-7 +- fixed out of bounds memory access, possible DOS + +* Thu Oct 7 2004 David Woodhouse 2.4.2-6.3 +- Fix use of 'demand' without explicit MTU/MRU with pppoatm + +* Tue Oct 5 2004 David Woodhouse 2.4.2-6.2 +- Link pppoatm plugin against libresolv. +- Revert to linux-atm headers without the workaround for #127098 + +* Mon Oct 4 2004 David Woodhouse 2.4.2-6.1 +- Include atmsap.h for pppoatm plugin. + +* Mon Oct 4 2004 David Woodhouse 2.4.2-6 +- Add pppoatm plugin (#131555) + +* Thu Sep 16 2004 Thomas Woerner 2.4.2-5.1 +- fixed subscript out of range (#132677) + +* Wed Sep 15 2004 Thomas Woerner 2.4.2-5 +- example scripts are using change_resolv_conf to modify /etc/resolv.conf + (#132482) +- require new libpcap library (>= 0.8.3-6) with a fix for inbound/outbound + filter processing +- not using internal libpcap structures anymore, fixes inbound/outbound + filter processing (#128053) + +* Fri Aug 6 2004 Thomas Woerner 2.4.2-4 +- fixed signal handling (#29171) + +* Mon Jun 21 2004 Thomas Woerner 2.4.2-3.1 +- fixed compiler warnings +- fixed 64bit problem with ms-chap (#125501) +- enabled pie again + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Mon May 24 2004 David Woodhouse 2.4.2-2.3 +- Enable IPv6 support. Disable PIE to avoid bogus Provides: + +* Fri May 14 2004 Thomas Woerner 2.4.2-2.2 +- compiled pppd and chat PIE + +* Thu May 13 2004 Thomas Woerner 2.4.2-2.1 +- added 'missingok' to ppp.logrotate (#122911) + +* Fri May 07 2004 Nils Philippsen 2.4.2-2 +- don't write to /etc (#118837) + +* Wed Mar 10 2004 Nalin Dahyabhai 2.4.2-1 +- update to 2.4.2 + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Fri Sep 5 2003 Nalin Dahyabhai 2.4.1-15 +- rebuild + +* Fri Sep 5 2003 Nalin Dahyabhai 2.4.1-14 +- apply the patch from -11 + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue Jun 3 2003 Nalin Dahyabhai 2.4.1-12 +- rebuild + +* Tue Jun 3 2003 Nalin Dahyabhai 2.4.1-11 +- check for libcrypt in the right directory at compile-time + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Thu Dec 12 2002 Elliot Lee 2.4.1-9 +- Fix build failure by rebuilding + +* Tue Nov 19 2002 Nalin Dahyabhai 2.4.1-8 +- rebuild +- set x86_64 to use varargs the way s390 does + +* Mon Jul 22 2002 Florian La Roche +- add patch: + * Thu Jun 06 2002 Phil Knirsch + - Fixed varargs problem for s390/s390x. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Fri May 17 2002 Nalin Dahyabhai 2.4.1-4 +- rebuild in new environment + +* Wed Feb 27 2002 Nalin Dahyabhai 2.4.1-3 +- revert cbcp patch, it's wrong (#55367) + +* Thu Aug 9 2001 Nalin Dahyabhai 2.4.1-2 +- add buildprereq on pam-devel (#49559) +- add patch to respond to CBCP LCP requests (#15738) +- enable cbcp support at build-time +- change the Copyright: tag to a License: tag + +* Wed May 23 2001 Nalin Dahyabhai 2.4.1-1 +- update to 2.4.1 + +* Fri Dec 1 2000 Nalin Dahyabhai +- rebuild in new environment + +* Thu Nov 9 2000 Nalin Dahyabhai +- update to 2.4.0 + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Mon Jun 5 2000 Nalin Dahyabhai +- move man pages to %%{_mandir} + +* Thu Jun 1 2000 Nalin Dahyabhai +- change perms using defattr +- modify PAM setup to use system-auth + +* Sun Mar 26 2000 Florian La Roche +- change to root:root perms + +* Mon Mar 06 2000 Nalin Dahyabhai +- reaper bugs verified as fixed +- check pam_open_session result code (bug #9966) + +* Mon Feb 07 2000 Nalin Dahyabhai +- take a shot at the wrong reaper bugs (#8153, #5290) + +* Thu Feb 03 2000 Nalin Dahyabhai +- free ride through the build system (release 2) + +* Tue Jan 18 2000 Nalin Dahyabhai +- Update to 2.3.11 + +* Sat Nov 06 1999 Michael K. Johnson +- Better fix for both problems + +* Fri Nov 05 1999 Michael K. Johnson +- fix for double-dial problem +- fix for requiring a controlling terminal problem + +* Sun Sep 19 1999 Preston Brown +- 2.3.10 bugfix release + +* Fri Aug 13 1999 Michael K. Johnson +- New version 2.3.9 required for kernel 2.3.13 and will be required + for new initscripts. auth patch removed; 2.3.9 does the same thing + more readably than the previous patch. + +* Thu Jun 24 1999 Cristian Gafton +- add pppdump + +* Fri Apr 09 1999 Cristian Gafton +- force pppd use the glibc's logwtmp instead of implementing its own + +* Thu Apr 01 1999 Preston Brown +- version 2.3.7 bugfix release + +* Tue Mar 23 1999 Cristian Gafton +- version 2.3.6 + +* Mon Mar 22 1999 Michael Johnson +- auth patch + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 3) + +* Thu Jan 07 1999 Cristian Gafton +- build for glibc 2.1 + +* Fri Jun 5 1998 Jeff Johnson +- updated to 2.3.5. + +* Tue May 19 1998 Prospector System +- translations modified for de + +* Fri May 8 1998 Jakub Jelinek +- make it run with kernels 2.1.100 and above. + +* Fri Apr 24 1998 Prospector System +- translations modified for de, fr, tr + +* Wed Mar 18 1998 Cristian Gafton +- requires glibc 2.0.6 or later + +* Wed Mar 18 1998 Michael K. Johnson +- updated PAM patch to not turn off wtmp/utmp/syslog logging. + +* Wed Jan 7 1998 Cristian Gafton +- added the /etc/pam.d config file +- updated PAM patch to include session support + +* Tue Jan 6 1998 Cristian Gafton +- updated to ppp-2.3.3, build against glibc-2.0.6 - previous patches not + required any more. +- added buildroot +- fixed the PAM support, which was really, completely broken and against any + standards (session support is still not here... :-( ) +- we build against running kernel and pray that it will work +- added a samples patch; updated glibc patch + +* Thu Dec 18 1997 Erik Troan +- added a patch to use our own route.h, rather then glibc's (which has + alignment problems on Alpha's) -- I only applied this patch on the Alpha, + though it should be safe everywhere + +* Fri Oct 10 1997 Erik Troan +- turned off the execute bit for scripts in /usr/doc + +* Fri Jul 18 1997 Erik Troan +- built against glibc + +* Tue Mar 25 1997 Erik Troan +- Integrated new patch from David Mosberger +- Improved description