28 changed files with 1886 additions and 388 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/ppp-2.5.0.tar.gz
+SOURCES/ppp-2.4.9.tar.gz
 SOURCES/ppp-watch.tar.xz
--- a/.ppp.metadata
+++ b/.ppp.metadata
@ -1,2 +1,2 @@
-014f13c3e9da059b263facb8095759dfb4f58fef SOURCES/ppp-2.5.0.tar.gz
+f879143a310f208c27f5279df9ecf9887ad1864b SOURCES/ppp-2.4.9.tar.gz
 74b6db205dc46fc179a2a3bc3d726ddfeb03c801 SOURCES/ppp-watch.tar.xz
--- a/SOURCES/0004-doc-add-configuration-samples.patch
+++ b/SOURCES/0004-doc-add-configuration-samples.patch
@ -0,0 +1,341 @@
 From d7faeb88f684c8b2ae193b2c5b5b358ac757fcfa Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Fri, 4 Apr 2014 11:39:09 +0200
 Subject: [PATCH 04/27] doc: add configuration samples
 ---
 sample/auth-down     |  17 ++++++
 sample/auth-up       |  17 ++++++
 sample/ip-down       |  22 ++++++++
 sample/ip-up         |  23 ++++++++
 sample/options       | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++
 sample/options.ttyXX |  14 +++++
 sample/pap-secrets   |  28 ++++++++++
 7 files changed, 274 insertions(+)
 create mode 100644 sample/auth-down
 create mode 100644 sample/auth-up
 create mode 100644 sample/ip-down
 create mode 100644 sample/ip-up
 create mode 100644 sample/options
 create mode 100644 sample/options.ttyXX
 create mode 100644 sample/pap-secrets
 diff --git a/sample/auth-down b/sample/auth-down
 new file mode 100644
 index 0000000..edde65d
 --- /dev/null
 +++ b/sample/auth-down
@@ -0,0 +1,17 @@
 +#!/bin/sh
 +#
 +# A program or script which is executed after the remote system
 +# successfully authenticates itself. It is executed with the parameters
 +# <interface-name> <peer-name> <user-name> <tty-device> <speed>
 +#
 +
 +#
 +# The environment is cleared before executing this script
 +# so the path must be reset
 +#
 +PATH=/usr/sbin:/sbin:/usr/bin:/bin
 +export PATH
 +
 +echo auth-down `date +'%y/%m/%d %T'` $* >> /var/log/pppstats
 +
 +# last line
 diff --git a/sample/auth-up b/sample/auth-up
 new file mode 100644
 index 0000000..54722a3
 --- /dev/null
 +++ b/sample/auth-up
@@ -0,0 +1,17 @@
 +#!/bin/sh
 +#
 +# A program or script which is executed after the remote system
 +# successfully authenticates itself. It is executed with the parameters
 +# <interface-name> <peer-name> <user-name> <tty-device> <speed>
 +#
 +
 +#
 +# The environment is cleared before executing this script
 +# so the path must be reset
 +#
 +PATH=/usr/sbin:/sbin:/usr/bin:/bin
 +export PATH
 +
 +echo auth-up `date +'%y/%m/%d %T'` $* >> /var/log/pppstats
 +
 +# last line
 diff --git a/sample/ip-down b/sample/ip-down
 new file mode 100644
 index 0000000..b771fb6
 --- /dev/null
 +++ b/sample/ip-down
@@ -0,0 +1,22 @@
 +#!/bin/sh
 +#
 +# This script is run by the pppd _after_ the link is brought down.
 +# It should be used to delete routes, unset IP addresses etc.
 +#
 +# This script is called with the following arguments:
 +#    Arg  Name               Example
 +#    $1   Interface name     ppp0
 +#    $2   The tty            ttyS1
 +#    $3   The link speed     38400
 +#    $4   Local IP number    12.34.56.78
 +#    $5   Peer  IP number    12.34.56.99
 +#
 +
 +#
 +# The  environment is cleared before executing this script
 +# so the path must be reset
 +#
 +PATH=/usr/sbin:/sbin:/usr/bin:/bin
 +export PATH
 +
 +# last line
 diff --git a/sample/ip-up b/sample/ip-up
 new file mode 100644
 index 0000000..7ce7c8d
 --- /dev/null
 +++ b/sample/ip-up
@@ -0,0 +1,23 @@
 +#!/bin/sh
 +#
 +# This script is run by the pppd after the link is established.
 +# It should be used to add routes, set IP address, run the mailq
 +# etc.
 +#
 +# This script is called with the following arguments:
 +#    Arg  Name               Example
 +#    $1   Interface name     ppp0
 +#    $2   The tty            ttyS1
 +#    $3   The link speed     38400
 +#    $4   Local IP number    12.34.56.78
 +#    $5   Peer  IP number    12.34.56.99
 +#
 +
 +#
 +# The  environment is cleared before executing this script
 +# so the path must be reset
 +#
 +PATH=/usr/sbin:/sbin:/usr/bin:/bin
 +export PATH
 +
 +# last line
 diff --git a/sample/options b/sample/options
 new file mode 100644
 index 0000000..8d0a3f9
 --- /dev/null
 +++ b/sample/options
@@ -0,0 +1,153 @@
 +# /etc/ppp/options
 +
 +# The name of this server. Often, the FQDN is used here.
 +#name <host>
 +
 +# Enforce the use of the hostname as the name of the local system for
 +# authentication purposes (overrides the name option).
 +usehostname
 +
 +# If no local IP address is given, pppd will use the first IP address
 +# that belongs to the local hostname. If "noipdefault" is given, this
 +# is disabled and the peer will have to supply an IP address.
 +noipdefault
 +
 +# With this option, pppd will accept the peer's idea of our local IP
 +# address, even if the local IP address was specified in an option.
 +#ipcp-accept-local
 +
 +# With this option, pppd will accept the peer's idea of its (remote) IP
 +# address, even if the remote IP address was specified in an option.
 +#ipcp-accept-remote
 +
 +# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
 +# Two Servers can be remotely configured
 +#ms-dns 192.168.1.1
 +#ms-dns 192.168.1.2
 +
 +# Specify which WINS Servers the incoming connection Win95 or WinNT should use
 +#wins-addr 192.168.1.50
 +#wins-addr 192.168.1.51
 +
 +# enable this on a server that already has a permanent default route
 +#nodefaultroute
 +
 +# Run the executable or shell command specified after pppd has terminated
 +# the link.  This script could, for example, issue commands to the modem
 +# to cause it to hang up if hardware modem control signals were not
 +# available.
 +# If mgetty is running, it will reset the modem anyway. So there is no need
 +# to do it here.
 +#disconnect "chat -- \d+++\d\c OK ath0 OK"
 +
 +# Increase debugging level (same as -d). The debug output is written
 +# to syslog LOG_LOCAL2.
 +debug
 +
 +# Enable debugging code in the kernel-level PPP driver.  The argument n
 +# is a number which is the sum of the following values: 1 to enable
 +# general debug messages, 2 to request that the contents of received
 +# packets be printed, and 4 to request that the contents of transmitted
 +# packets be printed.
 +#kdebug n
 +
 +# Require the peer to authenticate itself before allowing network
 +# packets to be sent or received.
 +# Please do not disable this setting. It is expected to be standard in
 +# future releases of pppd. Use the call option (see manpage) to disable
 +# authentication for specific peers.
 +#auth
 +
 +# authentication can either be pap or chap. As most people only want to
 +# use pap, you can also disable chap:
 +#require-pap
 +#refuse-chap
 +
 +# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
 +# on the serial port.
 +crtscts
 +
 +# Specifies that pppd should use a UUCP-style lock on the serial device
 +# to ensure exclusive access to the device.
 +lock
 +
 +# Use the modem control lines.
 +modem
 +
 +# async character map -- 32-bit hex; each bit is a character
 +# that needs to be escaped for pppd to receive it.  0x00000001
 +# represents '\x01', and 0x80000000 represents '\x1f'.
 +# To allow pppd to work over a rlogin/telnet connection, ou should escape
 +# XON (^Q), XOFF  (^S) and ^]: (The peer should use "escape ff".)
 +#asyncmap  200a0000
 +asyncmap 0
 +
 +# Specifies that certain characters should be escaped on transmission
 +# (regardless of whether the peer requests them to be escaped with its
 +# async control character map).  The characters to be escaped are
 +# specified as a list of hex numbers separated by commas.  Note that
 +# almost any character can be specified for the escape option, unlike
 +# the asyncmap option which only allows control characters to be
 +# specified.  The characters which may not be escaped are those with hex
 +# values 0x20 - 0x3f or 0x5e.
 +#escape 11,13,ff
 +
 +# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
 +# will ask the peer to send packets of no more than <n> bytes. The
 +# minimum MRU value is 128.  The default MRU value is 1500.  A value of
 +# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
 +# bytes of data).
 +#mru 542
 +
 +# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
 +# requests a smaller value via MRU negotiation, pppd will request that
 +# the kernel networking code send data packets of no more than n bytes
 +# through the PPP network interface.
 +#mtu <n>
 +
 +# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
 +# notation (e.g. 255.255.255.0).
 +#netmask 255.255.255.0
 +
 +# Don't fork to become a background process (otherwise pppd will do so
 +# if a serial device is specified).
 +nodetach
 +
 +# Set the assumed name of the remote system for authentication purposes
 +# to <n>.
 +#remotename <n>
 +
 +# Add an entry to this system's ARP [Address Resolution Protocol]
 +# table with the IP address of the peer and the Ethernet address of this
 +# system. {proxyarp,noproxyarp}
 +proxyarp
 +
 +# Use the system password database for authenticating the peer using
 +# PAP. Note: mgetty already provides this option. If this is specified
 +# then dialin from users using a script under Linux to fire up ppp wont work.
 +#login
 +
 +# If this option is given, pppd will send an LCP echo-request frame to
 +# the peer every n seconds. Under Linux, the echo-request is sent when
 +# no packets have been received from the peer for n seconds. Normally
 +# the peer should respond to the echo-request by sending an echo-reply.
 +# This option can be used with the lcp-echo-failure option to detect
 +# that the peer is no longer connected.
 +lcp-echo-interval 30
 +
 +# If this option is given, pppd will presume the peer to be dead if n
 +# LCP echo-requests are sent without receiving a valid LCP echo-reply.
 +# If this happens, pppd will terminate the connection.  Use of this
 +# option requires a non-zero value for the lcp-echo-interval parameter.
 +# This option can be used to enable pppd to terminate after the physical
 +# connection has been broken (e.g., the modem has hung up) in
 +# situations where no hardware modem control lines are available.
 +lcp-echo-failure 4
 +
 +# Specifies that pppd should disconnect if the link is idle for n seconds.
 +idle 600
 +
 +# Disable the IPXCP and IPX protocols.
 +noipx
 +
 +# ---<End of File>---
 diff --git a/sample/options.ttyXX b/sample/options.ttyXX
 new file mode 100644
 index 0000000..d4202f5
 --- /dev/null
 +++ b/sample/options.ttyXX
@@ -0,0 +1,14 @@
 +# If you need to set up multiple serial lines then copy this file to
 +# options.<ttyname> for each tty with a modem on it.
 +#
 +# The options.tty file will assign an IP address to each PPP connection
 +# as it comes up. They must all be distinct!
 +#
 +# Example:
 +# options.ttyS1		for com2 under DOS.
 +#
 +# Edit the following line so that the first IP address
 +# mentioned is the ip address of the serial port while the second
 +# is the IP address of your host
 +#
 +hostname-s1:hostname
 diff --git a/sample/pap-secrets b/sample/pap-secrets
 new file mode 100644
 index 0000000..098971b
 --- /dev/null
 +++ b/sample/pap-secrets
@@ -0,0 +1,28 @@
 +# Secrets for authentication using PAP
 +# client	server	secret			IP addresses
 +
 +# OUTBOUND CONNECTIONS
 +# Here you should add your userid password to connect to your providers via
 +# pap. The * means that the password is to be used for ANY host you connect
 +# to. Thus you do not have to worry about the foreign machine name. Just
 +# replace password with your password.
 +# If you have different providers with different passwords then you better
 +# remove the following line.
 +#hostname	*	password
 +
 +# INBOUND CONNECTIONS
 +#client		hostname	<password>	192.168.1.1
 +
 +# If you add "auth login -chap +pap" to /etc/mgetty+sendfax/login.config,
 +# all users in /etc/passwd can use their password for pap-authentication.
 +#
 +# Every regular user can use PPP and has to use passwords from /etc/passwd
 +#*	hostname	""
 +# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
 +# other accounts that should not be able to use pppd! Replace hostname
 +# with your local hostname.
 +#guest		hostname	"*"	-
 +#master		hostname	"*"	-
 +#root		hostname	"*"	-
 +#support	hostname	"*"	-
 +#stats		hostname	"*"	-
 -- 
 1.8.3.1
--- a/SOURCES/0006-scritps-use-change_resolv_conf-function.patch
+++ b/SOURCES/0006-scritps-use-change_resolv_conf-function.patch
@ -0,0 +1,85 @@
 From 01419dfb684d501b57f1c24dcfdbcf9da93ccca2 Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Fri, 4 Apr 2014 18:12:47 +0200
 Subject: [PATCH 06/27] scritps: use change_resolv_conf function
 Don't handle /etc/resolv.conf manually, but use a helper function from
 initscripts. Also change path where we save DNS servers supplied by peer while
 we are at it.
 Resolves: #132482
 ---
 pppd/pppd.8               |  2 +-
 scripts/ip-down.local.add |  9 +++++----
 scripts/ip-up.local.add   | 17 ++++++++++-------
 3 files changed, 16 insertions(+), 12 deletions(-)
 diff --git a/pppd/pppd.8 b/pppd/pppd.8
 index e2768b1..2dd6e1a 100644
 --- a/pppd/pppd.8
 +++ b/pppd/pppd.8
@@ -1099,7 +1099,7 @@ Ask the peer for up to 2 DNS server addresses.  The addresses supplied
 by the peer (if any) are passed to the /etc/ppp/ip\-up script in the
 environment variables DNS1 and DNS2, and the environment variable
 USEPEERDNS will be set to 1.  In addition, pppd will create an
 -/etc/ppp/resolv.conf file containing one or two nameserver lines with
 +/var/run/ppp/resolv.conf file containing one or two nameserver lines with
 the address(es) supplied by the peer.
 .TP
 .B user \fIname
 diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add
 index b93590e..163f71e 100644
 --- a/scripts/ip-down.local.add
 +++ b/scripts/ip-down.local.add
@@ -9,12 +9,13 @@
 #
 # Nick Walker (nickwalker@email.com)
 #
 +. /etc/sysconfig/network-scripts/network-functions
 -if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
 -	if [ -f /etc/ppp/resolv.prev ]; then
 -		cp -f /etc/ppp/resolv.prev /etc/resolv.conf
 +if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
 +	if [ -f /var/run/ppp/resolv.prev ]; then
 +		change_resolv_conf /var/run/ppp/resolv.prev
 	else
 -		rm -f /etc/resolv.conf
 +		change_resolv_conf
 	fi
 fi
 diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
 index 8017209..26cf5f8 100644
 --- a/scripts/ip-up.local.add
 +++ b/scripts/ip-up.local.add
@@ -9,16 +9,19 @@
 #
 # Nick Walker (nickwalker@email.com)
 #
 +. /etc/sysconfig/network-scripts/network-functions
 -if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
 -	rm -f /etc/ppp/resolv.prev
 +if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
 +	rm -f /var/run/ppp/resolv.prev
 	if [ -f /etc/resolv.conf ]; then
 -		cp /etc/resolv.conf /etc/ppp/resolv.prev
 -		grep domain /etc/ppp/resolv.prev > /etc/resolv.conf
 -		grep search /etc/ppp/resolv.prev >> /etc/resolv.conf
 -		cat /etc/ppp/resolv.conf >> /etc/resolv.conf
 +		cp /etc/resolv.conf /var/run/ppp/resolv.prev
 +		rscf=/var/run/ppp/resolv.new
 +		grep domain /var/run/ppp/resolv.prev > $rscf
 +		grep search /var/run/ppp/resolv.prev >> $rscf
 +		change_resolv_conf $rscf
 +		rm -f $rscf
 	else
 -		cp /etc/ppp/resolv.conf /etc
 +		change_resolv_conf /var/run/ppp/resolv.conf
 	fi
 fi
 -- 
 1.8.3.1
--- a/SOURCES/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
+++ b/SOURCES/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
@ -0,0 +1,77 @@
 From b4ef433be936c90e356da7a590b032cdee219a3f Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Fri, 4 Apr 2014 19:06:05 +0200
 Subject: [PATCH 11/27] build-sys: don't put connect-errors log to /etc/ppp/
 Resolves: #118837
 ---
 chat/chat.8        | 2 +-
 linux/Makefile.top | 8 +++++++-
 pppd/pathnames.h   | 4 ++--
 3 files changed, 10 insertions(+), 4 deletions(-)
 diff --git a/chat/chat.8 b/chat/chat.8
 index 6d10836..78d6939 100644
 --- a/chat/chat.8
 +++ b/chat/chat.8
@@ -200,7 +200,7 @@ The \fBSAY\fR directive allows the script to send strings to the user
 at the terminal via standard error.  If \fBchat\fR is being run by
 pppd, and pppd is running as a daemon (detached from its controlling
 terminal), standard error will normally be redirected to the file
 -/etc/ppp/connect\-errors.
 +/var/log/ppp/connect\-errors.
 .LP
 \fBSAY\fR strings must be enclosed in single or double quotes. If
 carriage return and line feed are needed in the string to be output,
 diff --git a/linux/Makefile.top b/linux/Makefile.top
 index f63d45e..f42efd5 100644
 --- a/linux/Makefile.top
 +++ b/linux/Makefile.top
@@ -5,6 +5,8 @@ BINDIR = $(DESTDIR)/sbin
 INCDIR = $(DESTDIR)/include
 MANDIR = $(DESTDIR)/share/man
 ETCDIR = $(INSTROOT)@SYSCONF@/ppp
 +RUNDIR = $(DESTDIR)/var/run/ppp
 +LOGDIR = $(DESTDIR)/var/log/ppp
 # uid 0 = root
 INSTALL= install
@@ -16,7 +18,7 @@ all:
 	cd pppstats; $(MAKE) $(MFLAGS) all
 	cd pppdump; $(MAKE) $(MFLAGS) all
 -install: $(BINDIR) $(MANDIR)/man8 install-progs install-devel
 +install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel
 install-progs:
 	cd chat; $(MAKE) $(MFLAGS) install
@@ -44,6 +46,10 @@ $(MANDIR)/man8:
 	$(INSTALL) -d -m 755 $@
 $(ETCDIR):
 	$(INSTALL) -d -m 755 $@
 +$(RUNDIR):
 +	$(INSTALL) -d -m 755 $@
 +$(LOGDIR):
 +	$(INSTALL) -d -m 755 $@
 clean:
 	rm -f `find . -name '*.[oas]' -print`
 diff --git a/pppd/pathnames.h b/pppd/pathnames.h
 index a427cb8..bef3160 100644
 --- a/pppd/pathnames.h
 +++ b/pppd/pathnames.h
@@ -28,9 +28,9 @@
 #define _PATH_AUTHUP	 _ROOT_PATH "/etc/ppp/auth-up"
 #define _PATH_AUTHDOWN	 _ROOT_PATH "/etc/ppp/auth-down"
 #define _PATH_TTYOPT	 _ROOT_PATH "/etc/ppp/options."
 -#define _PATH_CONNERRS	 _ROOT_PATH "/etc/ppp/connect-errors"
 +#define _PATH_CONNERRS	 _ROOT_PATH "/var/log/ppp/connect-errors"
 #define _PATH_PEERFILES	 _ROOT_PATH "/etc/ppp/peers/"
 -#define _PATH_RESOLV	 _ROOT_PATH "/etc/ppp/resolv.conf"
 +#define _PATH_RESOLV	 _ROOT_PATH "/var/run/ppp/resolv.conf"
 #define _PATH_USEROPT	 ".ppprc"
 #define	_PATH_PSEUDONYM	 ".ppp_pseudonym"
 -- 
 1.8.3.1
--- a/SOURCES/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+++ b/SOURCES/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
@ -0,0 +1,149 @@
 diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
 index d693350..c31bb34 100644
 --- a/pppd/plugins/pppoatm/pppoatm.c
 +++ b/pppd/plugins/pppoatm/pppoatm.c
@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
 	if (!device_got_set)
 		no_device_given_pppoatm();
 -	fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
 +	fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 	if (fd < 0)
 		fatal("failed to create socket: %m");
 	memset(&qos, 0, sizeof qos);
 diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
 index 9643b96..1099575 100644
 --- a/pppd/plugins/pppol2tp/openl2tp.c
 +++ b/pppd/plugins/pppol2tp/openl2tp.c
@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
 	int result;
 	if (openl2tp_fd < 0) {
 -		openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
 +		openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 		if (openl2tp_fd < 0) {
 			error("openl2tp connection create: %m");
 			return -ENOTCONN;
 diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
 index a7e3400..e64a778 100644
 --- a/pppd/plugins/pppol2tp/pppol2tp.c
 +++ b/pppd/plugins/pppol2tp/pppol2tp.c
@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
 		struct ifreq ifr;
 		int fd;
 -		fd = socket(AF_INET, SOCK_DGRAM, 0);
 +		fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 		if (fd >= 0) {
 			memset (&ifr, '\0', sizeof (ifr));
 			strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
 diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
 index 91e9a57..72aba41 100644
 --- a/pppd/plugins/pppoe/if.c
 +++ b/pppd/plugins/pppoe/if.c
@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
     stype = SOCK_PACKET;
 #endif
 -    if ((fd = socket(domain, stype, htons(type))) < 0) {
 +    if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
 	/* Give a more helpful message for the common error case */
 	if (errno == EPERM) {
 	    fatal("Cannot create raw socket -- pppoe must be run as root.");
 diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
 index a8c2bb4..24bdf8f 100644
 --- a/pppd/plugins/pppoe/plugin.c
 +++ b/pppd/plugins/pppoe/plugin.c
@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
     /* server equipment).                                                  */
     /* Opening this socket just before waitForPADS in the discovery()      */
     /* function would be more appropriate, but it would mess-up the code   */
 -    conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
 +    conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
     if (conn->sessionSocket < 0) {
 	error("Failed to create PPPoE socket: %m");
 	return -1;
@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
     lcp_wantoptions[0].mru = conn->mru;
     /* Update maximum MRU */
 -    s = socket(AF_INET, SOCK_DGRAM, 0);
 +    s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
     if (s < 0) {
 	error("Can't get MTU for %s: %m", conn->ifName);
 	goto errout;
@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
     }
     /* Open a socket */
 -    if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
 +    if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
 	r = 0;
     }
 diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
 index 3d3bf4e..c0d927d 100644
 --- a/pppd/plugins/pppoe/pppoe-discovery.c
 +++ b/pppd/plugins/pppoe/pppoe-discovery.c
@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
     stype = SOCK_PACKET;
 #endif
 -    if ((fd = socket(domain, stype, htons(type))) < 0) {
 +    if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
 	/* Give a more helpful message for the common error case */
 	if (errno == EPERM) {
 	    fatal("Cannot create raw socket -- pppoe must be run as root.");
 diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
 index 00a2cf5..0690019 100644
 --- a/pppd/sys-linux.c
 +++ b/pppd/sys-linux.c
@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
 void sys_init(void)
 {
     /* Get an internet socket for doing socket ioctls. */
 -    sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
 +    sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
     if (sock_fd < 0)
 	fatal("Couldn't create IP socket: %m(%d)", errno);
 #ifdef INET6
 -    sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
 +    sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
     if (sock6_fd < 0)
 	sock6_fd = -errno;	/* save errno for later */
 #endif
@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
 	struct ifreq ifreq;
 	int ret, sock_fd;
 -	sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
 +	sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 	if (sock_fd < 0)
 		return -1;
 	memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
@@ -2067,7 +2067,7 @@ int ppp_available(void)
 /*
  * Open a socket for doing the ioctl operations.
  */
 -    s = socket(AF_INET, SOCK_DGRAM, 0);
 +    s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
     if (s < 0)
 	return 0;
 diff --git a/pppd/tty.c b/pppd/tty.c
 index bc96695..8e76a5d 100644
 --- a/pppd/tty.c
 +++ b/pppd/tty.c
@@ -896,7 +896,7 @@ open_socket(dest)
     *sep = ':';
     /* get a socket and connect it to the other end */
 -    sock = socket(PF_INET, SOCK_STREAM, 0);
 +    sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
     if (sock < 0) {
 	error("Can't create socket: %m");
 	return -1;
 -- 
 1.8.3.1
--- a/SOURCES/0015-pppd-move-pppd-database-to-var-run-ppp.patch
+++ b/SOURCES/0015-pppd-move-pppd-database-to-var-run-ppp.patch
@ -0,0 +1,44 @@
 From f2c855462ff56be4121409c7e048cd2503fe0ccf Mon Sep 17 00:00:00 2001
 From: Jiri Skala <jskala@fedoraproject.org>
 Date: Mon, 7 Apr 2014 14:26:20 +0200
 Subject: [PATCH 15/27] pppd: move pppd database to /var/run/ppp
 Resolves: #560014
 ---
 pppd/pathnames.h | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)
 diff --git a/pppd/pathnames.h b/pppd/pathnames.h
 index bef3160..24e010c 100644
 --- a/pppd/pathnames.h
 +++ b/pppd/pathnames.h
@@ -6,8 +6,9 @@
 #ifdef HAVE_PATHS_H
 #include <paths.h>
 -
 +#define _PPP_SUBDIR	"ppp/"
 #else /* HAVE_PATHS_H */
 +#define _PPP_SUBDIR
 #ifndef _PATH_VARRUN
 #define _PATH_VARRUN 	"/etc/ppp/"
 #endif
@@ -46,13 +47,9 @@
 #endif /* IPX_CHANGE */
 #ifdef __STDC__
 -#define _PATH_PPPDB	_ROOT_PATH _PATH_VARRUN "pppd2.tdb"
 +#define _PATH_PPPDB	_ROOT_PATH _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb"
 #else /* __STDC__ */
 -#ifdef HAVE_PATHS_H
 -#define _PATH_PPPDB	"/var/run/pppd2.tdb"
 -#else
 -#define _PATH_PPPDB	"/etc/ppp/pppd2.tdb"
 -#endif
 +#define _PATH_PPPDB	_PATH_VARRUN _PPP_SUBDIR "pppd2.tdb"
 #endif /* __STDC__ */
 #ifdef PLUGIN
 -- 
 1.8.3.1
--- a/SOURCES/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
+++ b/SOURCES/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
@ -0,0 +1,115 @@
 diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
 index 3cd9101..9918091 100644
 --- a/pppd/plugins/pppoe/Makefile.linux
 +++ b/pppd/plugins/pppoe/Makefile.linux
@@ -16,6 +16,7 @@
 DESTDIR = $(INSTROOT)@DESTDIR@
 BINDIR = $(DESTDIR)/sbin
 +MANDIR = $(DESTDIR)/share/man/man8
 LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
 PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
@@ -46,6 +47,7 @@ install: all
 	$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
 	$(INSTALL) -d -m 755 $(BINDIR)
 	$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
 +	$(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
 clean:
 	rm -f *.o *.so pppoe-discovery
 diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8
 new file mode 100644
 index 0000000..d0a93db
 --- /dev/null
 +++ b/pppd/plugins/pppoe/pppoe-discovery.8
@@ -0,0 +1,86 @@
 +.\" pppoe-discovery.8 written by
 +.\" Ben Hutchings <ben@decadentplace.org.uk>, based on pppoe.8.
 +.\" Licenced under the GPL version 2 or later.
 +.TH PPPOE-DISCOVERY 8
 +.SH NAME
 +pppoe\-discovery \- perform PPPoE discovery
 +.SH SYNOPSIS
 +.B pppoe\-discovery
 +[
 +.I options
 +]
 +.br
 +.BR pppoe\-discovery " { " \-V " | " \-h " }"
 +.SH DESCRIPTION
 +.LP
 +\fBpppoe\-discovery\fR performs the same discovery process as
 +\fBpppoe\fR, but does not initiate a session.
 +It sends a PADI packet and then prints the names of access
 +concentrators in each PADO packet it receives.
 +.SH OPTIONS
 +.TP
 +.BI \-I " interface"
 +.RS
 +The \fB\-I\fR option specifies the Ethernet interface to use.
 +Under Linux, it is typically eth0 or eth1.
 +The interface should be \(lqup\(rq before you start
 +\fBpppoe\-discovery\fR, but should \fInot\fR be configured to have an
 +IP address.
 +The default interface is eth0.
 +.RE
 +.TP
 +.BI \-D " file_name"
 +.RS
 +The \fB\-D\fR option causes every packet to be dumped to the specified
 +\fIfile_name\fR.
 +This is intended for debugging only.
 +.RE
 +.TP
 +.B \-U
 +.RS
 +Causes \fBpppoe\-discovery\fR to use the Host-Uniq tag in its discovery
 +packets.
 +This lets you run multiple instances of \fBpppoe\-discovery\fR and/or
 +\fBpppoe\fR without having their discovery packets interfere with one
 +another.
 +You must supply this option to \fIall\fR instances that you intend to
 +run simultaneously.
 +.RE
 +.TP
 +.BI \-S " service_name"
 +.RS
 +Specifies the desired service name.
 +\fBpppoe\-discovery\fR will only accept access concentrators which can
 +provide the specified service.
 +In most cases, you should \fInot\fR specify this option.
 +Use it only if you know that there are multiple access concentrators
 +or know that you need a specific service name.
 +.RE
 +.TP
 +.BI \-C " ac_name"
 +.RS
 +Specifies the desired access concentrator name.
 +\fBpppoe\-discovery\fR will only accept the specified access
 +concentrator.
 +In most cases, you should \fInot\fR specify this option.
 +Use it only if you know that there are multiple access concentrators.
 +If both the \fB\-S\fR and \fB\-C\fR options are specified, they must
 +\fIboth\fR match.
 +.RE
 +.TP
 +.B \-A
 +.RS
 +This option is accepted for compatibility with \fBpppoe\fR, but has no
 +effect.
 +.RE
 +.TP
 +.BR \-V " | " \-h
 +.RS
 +Either of these options causes \fBpppoe\-discovery\fR to print its
 +version number and usage information, then exit.
 +.RE
 +.SH AUTHORS
 +\fBpppoe\-discovery\fR was written by Marco d'Itri <md@linux.it>,
 +based on \fBpppoe\fR by David F. Skoll <dfs@roaringpenguin.com>.
 +.SH SEE ALSO
 +pppoe(8), pppoe-sniff(8)
 -- 
 1.8.3.1
--- a/SOURCES/0018-scritps-fix-ip-up.local-sample.patch
+++ b/SOURCES/0018-scritps-fix-ip-up.local-sample.patch
@ -0,0 +1,27 @@
 From 40960f91cdd06da387616ec838ae2599e7f01cee Mon Sep 17 00:00:00 2001
 From: Jiri Skala <jskala@fedoraproject.org>
 Date: Mon, 7 Apr 2014 15:24:01 +0200
 Subject: [PATCH 18/27] scritps: fix ip-up.local sample
 Resolves: #613717
 ---
 scripts/ip-up.local.add | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
 index 26cf5f8..282337c 100644
 --- a/scripts/ip-up.local.add
 +++ b/scripts/ip-up.local.add
@@ -18,6 +18,9 @@ if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
 		rscf=/var/run/ppp/resolv.new
 		grep domain /var/run/ppp/resolv.prev > $rscf
 		grep search /var/run/ppp/resolv.prev >> $rscf
 +		if [ -f /var/run/ppp/resolv.conf ]; then
 +			cat /var/run/ppp/resolv.conf >> $rscf
 +		fi
 		change_resolv_conf $rscf
 		rm -f $rscf
 	else
 -- 
 1.8.3.1
--- a/SOURCES/0020-pppd-put-lock-files-in-var-lock-ppp.patch
+++ b/SOURCES/0020-pppd-put-lock-files-in-var-lock-ppp.patch
@ -0,0 +1,26 @@
 From c5a5f795b1defcb6d168e79c4d1fc371dfc556ca Mon Sep 17 00:00:00 2001
 From: Jiri Skala <jskala@redhat.com>
 Date: Wed, 9 Apr 2014 09:29:50 +0200
 Subject: [PATCH 20/27] pppd: put lock files in /var/lock/ppp
 Resolves: #708260
 ---
 pppd/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/pppd/utils.c b/pppd/utils.c
 index 6051b9a..8407492 100644
 --- a/pppd/utils.c
 +++ b/pppd/utils.c
@@ -846,7 +846,7 @@ complete_read(int fd, void *buf, size_t count)
 /* Procedures for locking the serial device using a lock file. */
 #ifndef LOCK_DIR
 #ifdef __linux__
 -#define LOCK_DIR	"/var/lock"
 +#define LOCK_DIR	"/var/lock/ppp"
 #else
 #ifdef SVR4
 #define LOCK_DIR	"/var/spool/locks"
 -- 
 1.8.3.1
--- a/SOURCES/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
+++ b/SOURCES/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
@ -0,0 +1,20 @@
 diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
 index 2df887b..6cb8397 100644
 --- a/pppd/plugins/pppoe/Makefile.linux
 +++ b/pppd/plugins/pppoe/Makefile.linux
@@ -43,12 +43,12 @@ pppoe.so: plugin.o discovery.o if.o common.o
 install: all
 	$(INSTALL) -d -m 755 $(LIBDIR)
 -	$(INSTALL) -c -m 4550 pppoe.so $(LIBDIR)
 +	$(INSTALL) -c -m 755 pppoe.so $(LIBDIR)
 	# Symlink for backward compatibility
 	$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
 	$(INSTALL) -d -m 755 $(BINDIR)
 -	$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
 -	$(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
 +	$(INSTALL) -c -m 755 pppoe-discovery $(BINDIR)
 +	$(INSTALL) -c -m 644 pppoe-discovery.8 $(MANDIR)
 clean:
 	rm -f *.o *.so pppoe-discovery
--- a/SOURCES/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
+++ b/SOURCES/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
@ -0,0 +1,26 @@
 From 0fdb22ef3d3cc3b297372451d60bd6c61d047d27 Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Thu, 10 Apr 2014 10:08:41 +0200
 Subject: [PATCH 24/27] build-sys: install pppoatm plugin files with standard
 perms
 ---
 pppd/plugins/pppoatm/Makefile.linux | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
 index 769794b..4c5826f 100644
 --- a/pppd/plugins/pppoatm/Makefile.linux
 +++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -37,7 +37,7 @@ $(PLUGIN): $(PLUGIN_OBJS)
 install: all
 	$(INSTALL) -d -m 755 $(LIBDIR)
 -	$(INSTALL) -c -m 4550 $(PLUGIN) $(LIBDIR)
 +	$(INSTALL) -c -m 755 $(PLUGIN) $(LIBDIR)
 clean:
 	rm -f *.o *.so
 -- 
 1.8.3.1
--- a/SOURCES/ifdown-ppp
+++ b/SOURCES/ifdown-ppp
@ -0,0 +1,51 @@
 #! /bin/bash
 cd /etc/sysconfig/network-scripts
 . ./network-functions
 CONFIG=$1
 source_config
 if [ "$TYPE" = "xDSL" ] && [ -x /usr/sbin/adsl-stop ] ; then
    adsl-stop /etc/sysconfig/network-scripts/$CONFIG
    exit $?
 fi
 CONFIG=${CONFIG##ifcfg-}
 if [ "${DEMAND}" = "yes" ] && [ -f /var/run/ppp-${CONFIG}.pid ] ; then
    PID=$(head -1 /var/run/ppp-${CONFIG}.pid)
    kill -TERM ${PID}
    sleep 2
    [ ! -d /proc/${PID} ] && exit 0
    sleep 5
    [ ! -d /proc/${PID} ] && exit 0
    kill -TERM ${PID}
    [ ! -d /proc/${PID} ] && exit 0
    exit 1
 fi
 file=/var/run/pppwatch-${DEVICE}.pid
 if [ ! -f $file ]; then
    # ppp isn't running, or we didn't start it
    exit 0
 fi
 PID=$(cat $file)
 [ -n "${PID}" ] || exit 1
 kill -TERM ${PID} > /dev/null 2>&1
 [ ! -d /proc/${PID} ] && exit 0
 sleep 2
 [ ! -d /proc/${PID} ] && exit 0
 sleep 5
 [ ! -d /proc/${PID} ] && exit 0
 sleep 10
 [ ! -d /proc/${PID} ] && exit 0
 # killing ppp-watch twice in a row causes it to send a SIGKILL to pppd pgrp
 kill -TERM ${PID} > /dev/null 2>&1
 [ ! -d /proc/${PID} ] && exit 0
 exit 1
--- a/SOURCES/ifup-ppp
+++ b/SOURCES/ifup-ppp
@ -0,0 +1,157 @@
 #! /bin/bash
 . /etc/init.d/functions
 cd /etc/sysconfig/network-scripts
 . ./network-functions
 # ifup-post for PPP is handled through /etc/ppp/ip-up
 if [ "${1}" = daemon ] ; then
  # we've been called from ppp-watch, so don't invoke it for persistence
  shift
 else
  # just in case a full path to the configuration file is passed in
  CONFIG=${1##*/} # CONFIG=$(basename $1)
  [ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
  source_config
  # don't start ppp-watch by xDSL
  if [ "${DEMAND}" != yes -a "$TYPE" != "xDSL" ] ; then
    # let ppp-watch do the right thing
    exec /sbin/ppp-watch "${CONFIG##ifcfg-}" "$2"
  fi
 fi
 CONFIG=$1
 [ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
 source_config
 if [ -z "${DISCONNECTTIMEOUT}" ]; then
  DISCONNECTTIMEOUT=2
 fi
 if [ -z "${RETRYTIMEOUT}" ]; then
  RETRYTIMEOUT=30
 fi
 if [ -z "${IDLETIMEOUT}" ]; then
  IDLETIMEOUT=600
 fi
 if [ "${2}" = "boot" -a "${ONBOOT}" = "no" ]; then
  exit
 fi
 [ -x /usr/sbin/pppd ] || {
  echo $"pppd does not exist or is not executable"
  echo $"ifup-ppp for ${DEVICE} exiting"
  /usr/bin/logger -p daemon.info -t ifup-ppp \
    $"pppd does not exist or is not executable for ${DEVICE}"
  exit 1
 }
 # check that xDSL connection
 if [ "$TYPE" = "xDSL" ] ; then
    if [ -x /usr/sbin/adsl-start ] ; then
        adsl-start /etc/sysconfig/network-scripts/$CONFIG
        exit $?
    else
        /usr/bin/logger -p daemon.info -t ifup-ppp \
            $"adsl-start does not exist or is not executable for ${DEVICE}"
        exit 1
    fi
 fi
 PEERCONF=/etc/ppp/peers/${DEVNAME}
 if [ "${DEBUG}" = "yes" ]; then
  CHATDBG="-v"
 fi
 if [ ! -f ${PEERCONF} ]; then
  if [ -z "${WVDIALSECT}" ] ; then
    CHATSCRIPT=/etc/sysconfig/network-scripts/chat-${DEVNAME}
    [ -f ${CHATSCRIPT} ] || {
     echo $"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist"
     echo $"ifup-ppp for ${DEVNAME} exiting"
     /usr/bin/logger -p daemon.info -t ifup-ppp \
       $"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist for ${DEVICE}"
     exit 1
    }
  fi
  /usr/bin/logger -s -p daemon.notice -t ifup-ppp \
    $"Setting up a new ${PEERCONF} config file"
  if [ -f /etc/ppp/peers/${DEVICE} ]; then
    cp -f /etc/ppp/peers/${DEVICE} ${PEERCONF}
  else
    touch ${PEERCONF}
  fi
  if [ "${WVDIALSECT}" ]; then
    echo "connect \"/usr/bin/wvdial --remotename ${DEVNAME} --chat '${WVDIALSECT}'\"" >> ${PEERCONF}
  else
    echo "connect \"/usr/sbin/chat ${CHATDBG} -f ${CHATSCRIPT}\"" >> ${PEERCONF}
  fi
 fi
 opts="lock"
 if [ "${HARDFLOWCTL}" != no ] ; then
  opts="$opts modem crtscts"
 fi
 if [ "${ESCAPECHARS}" != yes ] ; then
  opts="$opts asyncmap 00000000"
 fi
 if [ "${DEFROUTE}" != no ] ; then
  # pppd will no longer delete an existing default route
  # so we have to help it out a little here.
  DEFRT=$(ip route list match 0.0.0.0/0)
  [ -n "${DEFRT}" ] && echo "$DEFRT" > /etc/default-routes
  echo "$DEFRT" | while read spec; do
      ip route del $spec;
  done
  opts="$opts defaultroute"
 fi
 if [ "${PEERDNS}" != no ] ; then
  cp -f /etc/resolv.conf /etc/resolv.conf.save
  opts="$opts usepeerdns"
 fi
 if [ -n "${MRU}" ] ; then
  opts="$opts mru ${MRU}"
 fi
 if [ -n "${MTU}" ] ; then
  opts="$opts mtu ${MTU}"
 fi
 if [ -n "${IPADDR}${REMIP}" ] ; then
  # if either IP address is set, the following will work.
  opts="$opts ${IPADDR}:${REMIP}"
 fi
 if [ -n "${PAPNAME}" ] ; then
  opts="$opts user ${PAPNAME} remotename ${DEVNAME}"
 fi
 if [ "${DEBUG}" = yes ] ; then
  opts="$opts debug"
 fi
 if [ ${DEMAND} = yes ] ; then
  opts="$opts demand ktune idle ${IDLETIMEOUT} holdoff ${RETRYTIMEOUT}"
  exec=
 else
  opts="$opts nodetach"
  exec=exec
 fi
 /usr/bin/logger -p daemon.info -t ifup-ppp \
  $"pppd started for ${DEVNAME} on ${MODEMPORT} at ${LINESPEED}"
 $exec pppd $opts ${MODEMPORT} ${LINESPEED} \
    ipparam ${DEVNAME} linkname ${DEVNAME} call ${DEVNAME}\
    noauth \
    ${PPPOPTIONS} || exit
 if [ "${DEMAND}" = "yes" ] ; then
  # pppd is a tad slow to write the pid-file.
  sleep 2
  if [ -f /var/run/ppp-${DEVNAME}.pid ] ; then
    REALDEVICE=$(tail -1 /var/run/ppp-${DEVNAME}.pid)
    /etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
  fi
 fi
--- a/SOURCES/ipv6-down
+++ b/SOURCES/ipv6-down
@ -6,9 +6,65 @@
 #
 # This file should not be modified -- make local changes to
 # /etc/ppp/ipv6-down.local instead
 #
 #
 # Taken from:
 # (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
 #
 #  You will find more information on the initscripts-ipv6 homepage at
 #   http://www.deepspace6.net/projects/initscripts-ipv6.html
 #
 # RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
 #
 # Calling parameters:
 #  $1: interface name
 #  $6: logical interface name (set by pppd option ipparam)
 #
 # Version 2006-08-02
 #
 # Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
 #  IPV6INIT=yes|no: controls IPv6 configuration for this interface
 #
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 export PATH
-[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] && /etc/ppp/ipv6-down.initscripts "$@"
+LOGDEVICE=$6
 REALDEVICE=$1
 [ -f /etc/sysconfig/network ] || exit 0
 . /etc/sysconfig/network
 cd /etc/sysconfig/network-scripts
 . ./network-functions
 CONFIG=$LOGDEVICE
 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
 source_config
 [ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
 . /etc/sysconfig/network-scripts/network-functions-ipv6
 [ -x /etc/ppp/ipv6-down.local ] && /etc/ppp/ipv6-down.local "$@"
 if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
 	# Control running radvd
 	ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
 fi
 # IPv6 test, no module loaded, exit if system is not IPv6-ready
 ipv6_test testonly || exit 0
 # Test device status
 ipv6_test_device_status $REALDEVICE
 if [ $? != 0 -a $? != 11 ]; then
 	# device doesn't exist or other problem occurs
 	exit 1
 fi
 # Delete all current configured IPv6 addresses on this interface
 ipv6_cleanup_device $REALDEVICE
 exit 0
--- a/SOURCES/ipv6-down.initscripts
+++ b/SOURCES/ipv6-down.initscripts
@ -1,56 +0,0 @@
 #!/bin/sh
 #
 #
 # Taken from:
 # (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
 #
 #  You will find more information on the initscripts-ipv6 homepage at
 #   http://www.deepspace6.net/projects/initscripts-ipv6.html
 #
 # RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
 #
 # Calling parameters:
 #  $1: interface name
 #  $6: logical interface name (set by pppd option ipparam)
 #
 # Version 2006-08-02
 #
 # Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
 #  IPV6INIT=yes|no: controls IPv6 configuration for this interface
 #
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 export PATH
 LOGDEVICE=$6
 REALDEVICE=$1
 [ -f /etc/sysconfig/network ] || exit 0
 . /etc/sysconfig/network
 cd /etc/sysconfig/network-scripts
 . ./network-functions
 CONFIG=$LOGDEVICE
 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
 source_config
 [ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
 . /etc/sysconfig/network-scripts/network-functions-ipv6
 if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
 	# Control running radvd
 	ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
 fi
 # IPv6 test, no module loaded, exit if system is not IPv6-ready
 ipv6_test testonly || exit 0
 # Test device status
 ipv6_test_device_status $REALDEVICE
 if [ $? != 0 -a $? != 11 ]; then
 	# device doesn't exist or other problem occurs
 	exit 1
 fi
 # Delete all current configured IPv6 addresses on this interface
 ipv6_cleanup_device $REALDEVICE
--- a/SOURCES/ipv6-up
+++ b/SOURCES/ipv6-up
@ -7,8 +7,105 @@
 # This file should not be modified -- make local changes to
 # /etc/ppp/ipv6-up.local instead
 #
 # Taken from:
 # (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
 #
 #  You will find more information on the initscripts-ipv6 homepage at
 #   http://www.deepspace6.net/projects/initscripts-ipv6.html
 #
 # RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
 #
 # Calling parameters:
 #  $1: interface name
 #  $6: logical interface name (set by pppd option ipparam)
 #
 #
 # Version: 2006-08-02
 #
 # Uses following information from "/etc/sysconfig/network":
 #  IPV6_DEFAULTDEV=<device>: controls default route (optional)
 #
 # Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
 #  IPV6INIT=yes|no: controls IPv6 configuration for this interface
 #  IPV6ADDR=<IPv6 address>[/<prefix length>]: specify primary static IPv6 address
 #  IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional)
 #  IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link (optional)
 #
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 export PATH
 LOGDEVICE=$6
 REALDEVICE=$1
 [ -f /etc/sysconfig/network ] || exit 0
 . /etc/sysconfig/network
 cd /etc/sysconfig/network-scripts
 . ./network-functions
 . ./network-functions-ipv6
 CONFIG=$LOGDEVICE
 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
 source_config
 # Test whether IPv6 configuration is disabled for this interface
 [[ "$IPV6INIT" = [nN0]* ]] && exit 0
 [ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
 . /etc/sysconfig/network-scripts/network-functions-ipv6
 # IPv6 test, module loaded, exit if system is not IPv6-ready
 ipv6_test || exit 1
 # Test device status
 ipv6_test_device_status $REALDEVICE
 if [ $? != 0 -a $? != 11 ]; then
 	# device doesn't exist or other problem occurs
 	exit 1
 fi
 # Setup IPv6 address on specified interface
 if [ -n "$IPV6ADDR" ]; then
 	ipv6_add_addr_on_device $REALDEVICE $IPV6ADDR || exit 1
 fi
 # Set IPv6 MTU, if given
 if [ -n "$IPV6_MTU" ]; then
 	ipv6_set_mtu $REALDEVICE $IPV6_MTU
 fi
 # Setup additional IPv6 addresses from list, if given
 if [ -n "$IPV6ADDR_SECONDARIES" ]; then
 	for ipv6addr in $IPV6ADDR_SECONDARIES; do
 			ipv6_add_addr_on_device $REALDEVICE $ipv6addr
 	done
 fi
 # Setup default IPv6 route through device
 if [ "$IPV6_DEFAULTDEV" = "$LOGDEVICE" ]; then
 	ipv6_set_default_route "" "$REALDEVICE" "$REALDEVICE"
 fi
 # Setup additional static IPv6 routes on specified interface, if given
 if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
 	LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
 		ipv6_add_route $args $REALDEVICE
 	done
 fi
 # Setup additional static IPv6 routes (newer config style)
 if [ -f "/etc/sysconfig/network-scripts/route6-$DEVICE" ]; then
 	sed -ne 's/#.*//' -e '/[^[:space:]]/p' "/etc/sysconfig/network-scripts/route6-$DEVICE" | while read line; do
 		/sbin/ip -6 route add $line
 	done
 fi
-[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] && /etc/ppp/ipv6-up.initscripts "$@"
+if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then						
 	# Control running radvd								
 	ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE		
 fi											
 [ -x /etc/ppp/ipv6-up.local ] && /etc/ppp/ipv6-up.local "$@"
--- a/SOURCES/ipv6-up.initscripts
+++ b/SOURCES/ipv6-up.initscripts
@ -1,99 +0,0 @@
 #!/bin/sh
 # Taken from:
 # (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
 #
 #  You will find more information on the initscripts-ipv6 homepage at
 #   http://www.deepspace6.net/projects/initscripts-ipv6.html
 #
 # RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
 #
 # Calling parameters:
 #  $1: interface name
 #  $6: logical interface name (set by pppd option ipparam)
 #
 #
 # Version: 2006-08-02
 #
 # Uses following information from "/etc/sysconfig/network":
 #  IPV6_DEFAULTDEV=<device>: controls default route (optional)
 #
 # Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
 #  IPV6INIT=yes|no: controls IPv6 configuration for this interface
 #  IPV6ADDR=<IPv6 address>[/<prefix length>]: specify primary static IPv6 address
 #  IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional)
 #  IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link (optional)
 #
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 export PATH
 LOGDEVICE=$6
 REALDEVICE=$1
 [ -f /etc/sysconfig/network ] || exit 0
 . /etc/sysconfig/network
 cd /etc/sysconfig/network-scripts
 . ./network-functions
 . ./network-functions-ipv6
 CONFIG=$LOGDEVICE
 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
 source_config
 # Test whether IPv6 configuration is disabled for this interface
 [[ "$IPV6INIT" = [nN0]* ]] && exit 0
 [ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
 . /etc/sysconfig/network-scripts/network-functions-ipv6
 # IPv6 test, module loaded, exit if system is not IPv6-ready
 ipv6_test || exit 1
 # Test device status
 ipv6_test_device_status $REALDEVICE
 if [ $? != 0 -a $? != 11 ]; then
 	# device doesn't exist or other problem occurs
 	exit 1
 fi
 # Setup IPv6 address on specified interface
 if [ -n "$IPV6ADDR" ]; then
 	ipv6_add_addr_on_device $REALDEVICE $IPV6ADDR || exit 1
 fi
 # Set IPv6 MTU, if given
 if [ -n "$IPV6_MTU" ]; then
 	ipv6_set_mtu $REALDEVICE $IPV6_MTU
 fi
 # Setup additional IPv6 addresses from list, if given
 if [ -n "$IPV6ADDR_SECONDARIES" ]; then
 	for ipv6addr in $IPV6ADDR_SECONDARIES; do
 			ipv6_add_addr_on_device $REALDEVICE $ipv6addr
 	done
 fi
 # Setup default IPv6 route through device
 if [ "$IPV6_DEFAULTDEV" = "$LOGDEVICE" ]; then
 	ipv6_set_default_route "" "$REALDEVICE" "$REALDEVICE"
 fi
 # Setup additional static IPv6 routes on specified interface, if given
 if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
 	LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
 		ipv6_add_route $args $REALDEVICE
 	done
 fi
 # Setup additional static IPv6 routes (newer config style)
 if [ -f "/etc/sysconfig/network-scripts/route6-$DEVICE" ]; then
 	sed -ne 's/#.*//' -e '/[^[:space:]]/p' "/etc/sysconfig/network-scripts/route6-$DEVICE" | while read line; do
 		/sbin/ip -6 route add $line
 	done
 fi
 if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then						
 	# Control running radvd								
 	ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE		
 fi											
--- a/SOURCES/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
+++ b/SOURCES/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
@ -0,0 +1,29 @@
 From ab8b06cdc1075abc67f77e7c3bb684e20071d614 Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Thu, 10 Apr 2014 10:09:41 +0200
 Subject: [PATCH 25/27] pppd: install pppd binary using standard perms (755)
 ---
 pppd/Makefile.linux | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
 index 0e8107f..534ccc2 100644
 --- a/pppd/Makefile.linux
 +++ b/pppd/Makefile.linux
@@ -223,10 +223,10 @@ all: $(TARGETS)
 install: pppd
 	mkdir -p $(BINDIR) $(MANDIR)
 	$(EXTRAINSTALL)
 -	$(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
 +	$(INSTALL) -c -m 755 pppd $(BINDIR)/pppd
 	if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
 	  chmod o-rx,u+s $(BINDIR)/pppd; fi
 -	$(INSTALL) -c -m 444 pppd.8 $(MANDIR)
 +	$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
 pppd: $(PPPDOBJS)
 	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
 -- 
 1.8.3.1
--- a/SOURCES/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
+++ b/SOURCES/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
@ -0,0 +1,143 @@
 From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Mon, 7 Apr 2014 12:23:36 +0200
 Subject: [PATCH 12/27] pppd: we don't want to accidentally leak fds
 ---
 pppd/auth.c      | 20 ++++++++++----------
 pppd/options.c   |  2 +-
 pppd/sys-linux.c |  4 ++--
 3 files changed, 13 insertions(+), 13 deletions(-)
 diff --git a/pppd/auth.c b/pppd/auth.c
 index 4271af6..9e957fa 100644
 --- a/pppd/auth.c
 +++ b/pppd/auth.c
@@ -428,7 +428,7 @@ setupapfile(argv)
         free(fname);
 	return 0;
     }
 -    ufile = fopen(fname, "r");
 +    ufile = fopen(fname, "re");
     if (seteuid(euid) == -1)
 	fatal("unable to regain privileges: %m");
     if (ufile == NULL) {
@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
     filename = _PATH_UPAPFILE;
     addrs = opts = NULL;
     ret = UPAP_AUTHNAK;
 -    f = fopen(filename, "r");
 +    f = fopen(filename, "re");
     if (f == NULL) {
 	error("Can't open PAP password file %s: %m", filename);
@@ -1512,7 +1512,7 @@ null_login(unit)
     if (ret <= 0) {
 	filename = _PATH_UPAPFILE;
 	addrs = NULL;
 -	f = fopen(filename, "r");
 +	f = fopen(filename, "re");
 	if (f == NULL)
 	    return 0;
 	check_access(f, filename);
@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
     }
     filename = _PATH_UPAPFILE;
 -    f = fopen(filename, "r");
 +    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
     check_access(f, filename);
@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
     }
     filename = _PATH_UPAPFILE;
 -    f = fopen(filename, "r");
 +    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
     }
     filename = _PATH_CHAPFILE;
 -    f = fopen(filename, "r");
 +    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
     struct wordlist *addrs;
     filename = _PATH_SRPFILE;
 -    f = fopen(filename, "r");
 +    f = fopen(filename, "re");
     if (f == NULL)
 	return 0;
@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
 	addrs = NULL;
 	secbuf[0] = 0;
 -	f = fopen(filename, "r");
 +	f = fopen(filename, "re");
 	if (f == NULL) {
 	    error("Can't open chap secret file %s: %m", filename);
 	    return 0;
@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
 	filename = _PATH_SRPFILE;
 	addrs = NULL;
 -	fp = fopen(filename, "r");
 +	fp = fopen(filename, "re");
 	if (fp == NULL) {
 	    error("Can't open srp secret file %s: %m", filename);
 	    return 0;
@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
 	     */
 	    if (word[0] == '@' && word[1] == '/') {
 		strlcpy(atfile, word+1, sizeof(atfile));
 -		if ((sf = fopen(atfile, "r")) == NULL) {
 +		if ((sf = fopen(atfile, "re")) == NULL) {
 		    warn("can't open indirect secret file %s", atfile);
 		    continue;
 		}
 diff --git a/pppd/options.c b/pppd/options.c
 index 45fa742..1d754ae 100644
 --- a/pppd/options.c
 +++ b/pppd/options.c
@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
 	option_error("unable to drop privileges to open %s: %m", filename);
 	return 0;
     }
 -    f = fopen(filename, "r");
 +    f = fopen(filename, "re");
     err = errno;
     if (check_prot && seteuid(euid) == -1)
 	fatal("unable to regain privileges");
 diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
 index 72a7727..8a12fa0 100644
 --- a/pppd/sys-linux.c
 +++ b/pppd/sys-linux.c
@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
 	/* Default the mount location of /proc */
 	strlcpy (proc_path, "/proc", sizeof(proc_path));
 	proc_path_len = 5;
 -	fp = fopen(MOUNTED, "r");
 +	fp = fopen(MOUNTED, "re");
 	if (fp != NULL) {
 	    while ((mntent = getmntent(fp)) != NULL) {
 		if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
@@ -1472,7 +1472,7 @@ static int open_route_table (void)
     close_route_table();
     path = path_to_procfs("/net/route");
 -    route_fd = fopen (path, "r");
 +    route_fd = fopen (path, "re");
     if (route_fd == NULL) {
 	error("can't open routing table %s: %m", path);
 	return 0;
 -- 
 1.8.3.1
--- a/SOURCES/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
+++ b/SOURCES/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
@ -0,0 +1,99 @@
 diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
 index 6a4b897..8f29c1f 100644
 --- a/pppd/Makefile.linux
 +++ b/pppd/Makefile.linux
@@ -12,6 +12,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
 BINDIR = $(DESTDIR)/sbin
 MANDIR = $(DESTDIR)/share/man/man8
 INCDIR = $(DESTDIR)/include
 +LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)
 TARGETS = pppd
@@ -93,7 +94,7 @@ INCLUDE_DIRS= -I../include
 COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
 -CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
 +CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -DLIBDIR=\""$(LIBDIR)"\"
 ifdef CHAPMS
 CFLAGS   += -DCHAPMS=1
 diff --git a/pppd/pathnames.h b/pppd/pathnames.h
 index 524d608..c7eadbb 100644
 --- a/pppd/pathnames.h
 +++ b/pppd/pathnames.h
@@ -62,7 +62,7 @@
 #ifdef PLUGIN
 #ifdef __STDC__
 -#define _PATH_PLUGIN	DESTDIR "/lib/pppd/" VERSION
 +#define _PATH_PLUGIN	LIBDIR "/pppd/" VERSION
 #else /* __STDC__ */
 #define _PATH_PLUGIN	"/usr/lib/pppd"
 #endif /* __STDC__ */
 diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
 index 6403e3d..f42d18c 100644
 --- a/pppd/plugins/Makefile.linux
 +++ b/pppd/plugins/Makefile.linux
@@ -5,7 +5,7 @@ COPTS=@CFLAGS@
 DESTDIR = $(INSTROOT)@DESTDIR@
 BINDIR = $(DESTDIR)/sbin
 MANDIR = $(DESTDIR)/share/man/man8
 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
 +LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
 CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
 LDFLAGS_SHARED	= -shared
 diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
 index d3a8086..c2aff0c 100644
 --- a/pppd/plugins/pppoatm/Makefile.linux
 +++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
 COPTS=@CFLAGS@
 DESTDIR = $(INSTROOT)@DESTDIR@
 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
 +LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
 VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
 diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
 index c415ce3..d3b7392 100644
 --- a/pppd/plugins/pppoe/Makefile.linux
 +++ b/pppd/plugins/pppoe/Makefile.linux
@@ -18,7 +18,7 @@ COPTS=@CFLAGS@
 DESTDIR = $(INSTROOT)@DESTDIR@
 BINDIR = $(DESTDIR)/sbin
 -LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION)
 +LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
 PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
 diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
 index 1aa1c0b..e4442f9 100644
 --- a/pppd/plugins/pppol2tp/Makefile.linux
 +++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
 COPTS=@CFLAGS@
 DESTDIR = $(INSTROOT)/@DESTDIR@
 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
 +LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
 VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
 diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
 index 489aef2..d2ef044 100644
 --- a/pppd/plugins/radius/Makefile.linux
 +++ b/pppd/plugins/radius/Makefile.linux
@@ -9,7 +9,7 @@ COPTS=@CFLAGS@
 DESTDIR = $(INSTROOT)@DESTDIR@
 MANDIR = $(DESTDIR)/share/man/man8
 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
 +LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
 VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
--- a/SOURCES/ppp-2.4.9-config.patch
+++ b/SOURCES/ppp-2.4.9-config.patch
@ -0,0 +1,21 @@
 diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
 index e77373e..07df6a7 100644
 --- a/pppd/Makefile.linux
 +++ b/pppd/Makefile.linux
@@ -68,14 +68,14 @@ USE_TDB=y
 #SYSTEMD=y
 HAS_SHADOW=y
 -#USE_PAM=y
 +USE_PAM=y
 HAVE_INET6=y
 # Enable plugins
 PLUGIN=y
 # Enable Microsoft proprietary Callback Control Protocol
 -#CBCP=y
 +CBCP=y
 # Enable EAP SRP-SHA1 authentication (requires libsrp)
 #USE_SRP=y
--- a/SOURCES/ppp-2.4.9-configure-cflags-allow-commas.patch
+++ b/SOURCES/ppp-2.4.9-configure-cflags-allow-commas.patch
@ -0,0 +1,17 @@
 diff --git a/configure b/configure
 index f977663..c7031c2 100755
 --- a/configure
 +++ b/configure
@@ -121,9 +121,9 @@ mkmkf() {
     rm -f $2
     if [ -f $1 ]; then
 	echo "  $2 <= $1"
 -	sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
 -	    -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
 -	    -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
 +	sed -e "s|@DESTDIR@|$DESTDIR|g" -e "s|@SYSCONF@|$SYSCONF|g" \
 +	    -e "s|@CROSS_COMPILE@|$CROSS_COMPILE|g" -e "s|@CC@|$CC|g" \
 +	    -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2
     fi
 }
--- a/SOURCES/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
+++ b/SOURCES/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
@ -0,0 +1,241 @@
 From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Mon, 7 Apr 2014 13:56:34 +0200
 Subject: [PATCH 13/27] everywhere: O_CLOEXEC harder
 ---
 pppd/eap.c       |  2 +-
 pppd/main.c      |  4 ++--
 pppd/options.c   |  4 ++--
 pppd/sys-linux.c | 22 +++++++++++-----------
 pppd/tdb.c       |  4 ++--
 pppd/tty.c       |  4 ++--
 pppd/utils.c     |  6 +++---
 7 files changed, 23 insertions(+), 23 deletions(-)
 diff --git a/pppd/eap.c b/pppd/eap.c
 index 6ea6c1f..faced53 100644
 --- a/pppd/eap.c
 +++ b/pppd/eap.c
@@ -1226,7 +1226,7 @@ mode_t modebits;
 	if ((path = name_of_pn_file()) == NULL)
 		return (-1);
 -	fd = open(path, modebits, S_IRUSR | S_IWUSR);
 +	fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
 	err = errno;
 	free(path);
 	errno = err;
 diff --git a/pppd/main.c b/pppd/main.c
 index 6d50d1b..4880377 100644
 --- a/pppd/main.c
 +++ b/pppd/main.c
@@ -420,7 +420,7 @@ main(argc, argv)
 	die(0);
     /* Make sure fds 0, 1, 2 are open to somewhere. */
 -    fd_devnull = open(_PATH_DEVNULL, O_RDWR);
 +    fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
     if (fd_devnull < 0)
 	fatal("Couldn't open %s: %m", _PATH_DEVNULL);
     while (fd_devnull <= 2) {
@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
     if (log_to_fd >= 0)
 	errfd = log_to_fd;
     else
 -	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
 +	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
     ++conn_running;
     pid = safe_fork(in, out, errfd);
 diff --git a/pppd/options.c b/pppd/options.c
 index 1d754ae..8e62635 100644
 --- a/pppd/options.c
 +++ b/pppd/options.c
@@ -1544,9 +1544,9 @@ setlogfile(argv)
 	option_error("unable to drop permissions to open %s: %m", *argv);
 	return 0;
     }
 -    fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
 +    fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
     if (fd < 0 && errno == EEXIST)
 -	fd = open(*argv, O_WRONLY | O_APPEND);
 +	fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
     err = errno;
     if (!privileged_option && seteuid(euid) == -1)
 	fatal("unable to regain privileges: %m");
 diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
 index 8a12fa0..00a2cf5 100644
 --- a/pppd/sys-linux.c
 +++ b/pppd/sys-linux.c
@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
 	    goto err;
 	}
 	dbglog("using channel %d", chindex);
 -	fd = open("/dev/ppp", O_RDWR);
 +	fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
 	if (fd < 0) {
 	    error("Couldn't reopen /dev/ppp: %m");
 	    goto err;
@@ -619,7 +619,7 @@ static int make_ppp_unit()
 		dbglog("in make_ppp_unit, already had /dev/ppp open?");
 		close(ppp_dev_fd);
 	}
 -	ppp_dev_fd = open("/dev/ppp", O_RDWR);
 +	ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
 	if (ppp_dev_fd < 0)
 		fatal("Couldn't open /dev/ppp: %m");
 	flags = fcntl(ppp_dev_fd, F_GETFL);
@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
 	if (!new_style_driver)
 		return -1;
 -	master_fd = open("/dev/ppp", O_RDWR);
 +	master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
 	if (master_fd < 0)
 		fatal("Couldn't open /dev/ppp: %m");
 	if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
 	if (tune_kernel) {
 	    forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
 	    if (forw_path != 0) {
 -		int fd = open(forw_path, O_WRONLY);
 +		int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
 		if (fd >= 0) {
 		    if (write(fd, "1", 1) != 1)
 			error("Couldn't enable IP forwarding: %m");
@@ -2030,7 +2030,7 @@ int ppp_available(void)
     sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
     kernel_version = KVERSION(osmaj, osmin, ospatch);
 -    fd = open("/dev/ppp", O_RDWR);
 +    fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
     if (fd >= 0) {
 	new_style_driver = 1;
@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
 #if __GLIBC__ >= 2
     updwtmp(_PATH_WTMP, &ut);
 #else
 -    wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
 +    wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
     if (wtmp >= 0) {
 	flock(wtmp, LOCK_EX);
@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
 	int fd;
 	path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
 -	if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
 +	if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
 	    if (write(fd, "1", 1) != 1)
 		error("Couldn't enable dynamic IP addressing: %m");
 	    close(fd);
@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
     /*
      * Try the unix98 way first.
      */
 -    mfd = open("/dev/ptmx", O_RDWR);
 +    mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
     if (mfd >= 0) {
 	int ptn;
 	if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
 	    if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
 		warn("Couldn't unlock pty slave %s: %m", pty_name);
 #endif
 -	    if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
 +	    if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
 	    {
 		warn("Couldn't open pty slave %s: %m", pty_name);
 		close(mfd);
@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
 	for (i = 0; i < 64; ++i) {
 	    slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
 		     'p' + i / 16, i % 16);
 -	    mfd = open(pty_name, O_RDWR, 0);
 +	    mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
 	    if (mfd >= 0) {
 		pty_name[5] = 't';
 -		sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
 +		sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
 		if (sfd >= 0) {
 		    fchown(sfd, uid, -1);
 		    fchmod(sfd, S_IRUSR | S_IWUSR);
 diff --git a/pppd/tdb.c b/pppd/tdb.c
 index bdc5828..c7ab71c 100644
 --- a/pppd/tdb.c
 +++ b/pppd/tdb.c
@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
 		goto internal;
 	}
 -	if ((tdb->fd = open(name, open_flags, mode)) == -1) {
 +	if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
 		TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
 			 name, strerror(errno)));
 		goto fail;	/* errno set by open(2) */
@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
 	}
 	if (close(tdb->fd) != 0)
 		TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
 -	tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
 +	tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
 	if (tdb->fd == -1) {
 		TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
 		goto fail;
 diff --git a/pppd/tty.c b/pppd/tty.c
 index d571b11..bc96695 100644
 --- a/pppd/tty.c
 +++ b/pppd/tty.c
@@ -569,7 +569,7 @@ int connect_tty()
 				status = EXIT_OPEN_FAILED;
 				goto errret;
 			}
 -			real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
 +			real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
 			err = errno;
 			if (prio < OPRIO_ROOT && seteuid(0) == -1)
 				fatal("Unable to regain privileges");
@@ -723,7 +723,7 @@ int connect_tty()
 	if (connector == NULL && modem && devnam[0] != 0) {
 		int i;
 		for (;;) {
 -			if ((i = open(devnam, O_RDWR)) >= 0)
 +			if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
 				break;
 			if (errno != EINTR) {
 				error("Failed to reopen %s: %m", devnam);
 diff --git a/pppd/utils.c b/pppd/utils.c
 index 29bf970..6051b9a 100644
 --- a/pppd/utils.c
 +++ b/pppd/utils.c
@@ -918,14 +918,14 @@ lock(dev)
     slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
 #endif
 -    while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
 +    while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
 	if (errno != EEXIST) {
 	    error("Can't create lock file %s: %m", lock_file);
 	    break;
 	}
 	/* Read the lock file to find out who has the device locked. */
 -	fd = open(lock_file, O_RDONLY, 0);
 +	fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
 	if (fd < 0) {
 	    if (errno == ENOENT) /* This is just a timing problem. */
 		continue;
@@ -1004,7 +1004,7 @@ relock(pid)
     if (lock_file[0] == 0)
 	return -1;
 -    fd = open(lock_file, O_WRONLY, 0);
 +    fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
     if (fd < 0) {
 	error("Couldn't reopen lock file %s: %m", lock_file);
 	lock_file[0] = 0;
 -- 
 1.8.3.1
--- a/SOURCES/ppp-2.5.0-radiusclient-parser-fix.patch
+++ b/SOURCES/ppp-2.5.0-radiusclient-parser-fix.patch
@ -1,49 +0,0 @@
 From 7f89208b860ea0c41636410bfdb6a609b2772f47 Mon Sep 17 00:00:00 2001
 From: Eivind Naess <eivnaes@yahoo.com>
 Date: Sun, 23 Apr 2023 11:37:01 -0700
 Subject: [PATCH] Closes #411, Fixing up parsing in radiusclient.conf
 Adding curly braces to fix the code.
 Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
 ---
 pppd/plugins/radius/config.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
 diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c
 index 39744fca1..e1a481487 100644
 --- a/pppd/plugins/radius/config.c
 +++ b/pppd/plugins/radius/config.c
@@ -235,24 +235,28 @@ int rc_read_config(char *filename)
 		switch (option->type) {
 			case OT_STR:
 -				 if (set_option_str(filename, line, option, p) < 0)
 +				if (set_option_str(filename, line, option, p) < 0) {
 					fclose(configfd);
 					return (-1);
 +				}
 				break;
 			case OT_INT:
 -				 if (set_option_int(filename, line, option, p) < 0)
 +				if (set_option_int(filename, line, option, p) < 0) {
 					fclose(configfd);
 					return (-1);
 +				}
 				break;
 			case OT_SRV:
 -				 if (set_option_srv(filename, line, option, p) < 0)
 +				if (set_option_srv(filename, line, option, p) < 0) {
 					fclose(configfd);
 					return (-1);
 +				}
 				break;
 			case OT_AUO:
 -				 if (set_option_auo(filename, line, option, p) < 0)
 +				if (set_option_auo(filename, line, option, p) < 0) {
 					fclose(configfd);
 					return (-1);
 +				}
 				break;
 			default:
 				fatal("rc_read_config: impossible case branch!");
--- a/SOURCES/ppp-2.5.0-use-change-resolv-function.patch
+++ b/SOURCES/ppp-2.5.0-use-change-resolv-function.patch
@ -1,51 +0,0 @@
 diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add
 index b93590e..8889cb6 100644
 --- a/scripts/ip-down.local.add
 +++ b/scripts/ip-down.local.add
@@ -9,12 +9,13 @@
 #
 # Nick Walker (nickwalker@email.com)
 #
 +. /etc/sysconfig/network-scripts/network-functions
 if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
 	if [ -f /etc/ppp/resolv.prev ]; then
 -		cp -f /etc/ppp/resolv.prev /etc/resolv.conf
 +		change_resolv_conf /etc/ppp/resolv.prev
 	else
 -		rm -f /etc/resolv.conf
 +		change_resolv_conf
 	fi
 fi
 diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
 index 8017209..5ced496 100644
 --- a/scripts/ip-up.local.add
 +++ b/scripts/ip-up.local.add
@@ -9,16 +9,22 @@
 #
 # Nick Walker (nickwalker@email.com)
 #
 +. /etc/sysconfig/network-scripts/network-functions
 if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
 	rm -f /etc/ppp/resolv.prev
 	if [ -f /etc/resolv.conf ]; then
 		cp /etc/resolv.conf /etc/ppp/resolv.prev
 -		grep domain /etc/ppp/resolv.prev > /etc/resolv.conf
 -		grep search /etc/ppp/resolv.prev >> /etc/resolv.conf
 -		cat /etc/ppp/resolv.conf >> /etc/resolv.conf
 +		rscf=/etc/ppp/resolv.new
 +		grep domain /etc/ppp/resolv.prev > $rscf
 +		grep search /etc/ppp/resolv.prev >> $rscf
 +		if [ -f /etc/ppp/resolv.conf ]; then
 +			cat /etc/ppp/resolv.conf >> $rscf
 +		fi
 +		change_resolv_conf $rscf
 +		rm -f $rscf
 	else
 -		cp /etc/ppp/resolv.conf /etc
 +		change_resolv_conf /etc/ppp/resolv.conf
 	fi
 fi
--- a/SOURCES/ppp-tmpfiles.conf
+++ b/SOURCES/ppp-tmpfiles.conf
@ -1 +1,2 @@
-d	/run/pppd/lock	0755 root root
+d	/run/ppp	0755 root root
 d	/run/lock/ppp	0755 root root
--- a/SPECS/ppp.spec
+++ b/SPECS/ppp.spec
@ -1,26 +1,10 @@
 %global _hardened_build 1
 Name:    ppp
-# Please be careful when bumping the ppp version. Several packages
+Version: 2.4.9
-# have version-tied dependencies on it, including NetworkManager-ppp
+Release: 5%{?dist}
 # (from NetworkManager) and NetworkManager-pptp , which are core
 # packages. They may need code changes to build against new ppp
 # versions. Please only bump ppp on a side tag and ensure it also
 # contains rebuilds of at least those two packages before merging.
 # Several other less important packages are also tied to the ppp
 # version, as of 2023-04-19 the list is:
 # NetworkManager-fortisslvpn
 # NetworkManager-l2tp
 # NetworkManager-ppp
 # NetworkManager-pptp
 # NetworkManager-sstp
 # sstp-client
 # These all need to be patched (if necessary) and rebuilt for new
 # versions of ppp.
 Version: 2.5.0
 Release: 13%{?dist}
 Summary: The Point-to-Point Protocol daemon
-License: bsd-3-clause AND zlib AND licenseref-fedora-public-domain AND bsd-attribution-hpnd-disclaimer AND bsd-4.3tahoe AND bsd-4-clause-uc AND apache-2.0 AND lgpl-2.0-or-later AND (gpl-2.0-or-later OR bsd-2-clause OR bsd-3-clause OR bsd-4-clause) AND gpl-2.0-or-later AND xlock AND gpl-1.0-or-later AND mackerras-3-clause-acknowledgment AND mackerras-3-clause AND hpnd-fenneberg-Livingston AND sun-ppp AND hpnd-inria-imag AND sun-ppp-2000
+License: BSD and LGPLv2+ and GPLv2+ and Public Domain
 URL:     http://www.samba.org/ppp
 Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz
@ -33,43 +17,37 @@ Source6: ip-up
 Source7: ip-up.ipv6to4
 Source8: ipv6-down
 Source9: ipv6-up
 Source10: ifup-ppp
 Source11: ifdown-ppp
 Source12: ppp-watch.tar.xz
 Source13: ipv6-up.initscripts
 Source14: ipv6-down.initscripts
 # Fedora-specific
-Patch0: ppp-2.5.0-use-change-resolv-function.patch
+Patch0002:     ppp-2.4.9-config.patch
 Patch0004:     0004-doc-add-configuration-samples.patch
 Patch0005:     ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
 Patch0006:     0006-scritps-use-change_resolv_conf-function.patch
 Patch0011:     0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
 Patch0012:     ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
 Patch0013:     ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
 Patch0014:     0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
 Patch0015:     0015-pppd-move-pppd-database-to-var-run-ppp.patch
 Patch0016:     0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
 Patch0018:     0018-scritps-fix-ip-up.local-sample.patch
 Patch0020:     0020-pppd-put-lock-files-in-var-lock-ppp.patch
 Patch0023:     0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
 Patch0024:     0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
 Patch0025:     ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
 Patch0026:     ppp-2.4.9-configure-cflags-allow-commas.patch
 # https://github.com/ppp-project/ppp/commit/7f89208b860ea0c41636410bfdb6a609b2772f47
 Patch1: ppp-2.5.0-radiusclient-parser-fix.patch
 BuildRequires: libtool
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: make
 BuildRequires: gcc
-BuildRequires: pam-devel
+BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
 BuildRequires: libpcap-devel
 BuildRequires: systemd
 BuildRequires: systemd-devel
 BuildRequires: glib2-devel
 BuildRequires: openssl-devel
-%if %{defined rhel}
+
-Provides: bundled(linux-atm) = 2.4.1
+Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
 %else
 BuildRequires: linux-atm-libs-devel
 %endif
 Requires: glibc >= 2.0.6
 Requires: /etc/pam.d/system-auth
 Requires: libpcap >= 14:0.8.3-6
 Requires: systemd
 Requires(pre): /usr/bin/getent
 Requires(pre): /usr/sbin/groupadd
 # Subpackage removed and obsoleted in F40
 Obsoletes: network-scripts-ppp < %{version}-%{release}
 %description
 The ppp package contains the PPP (Point-to-Point Protocol) daemon and
 documentation for PPP support. The PPP protocol provides a method for
@ -77,28 +55,35 @@ transmitting datagrams over serial point-to-point links. PPP is
 usually used to dial in to an ISP (Internet Service Provider) or other
 organization over a modem and phone line.
 %package -n network-scripts-%{name}
 Summary: PPP legacy network service support
 Requires: network-scripts
 Supplements: (%{name} and network-scripts)
 %description -n network-scripts-%{name}
 This provides the ifup and ifdown scripts for use with the legacy network
 service.
 %package devel
 Summary: Headers for ppp plugin development
 Requires: %{name}%{?_isa} = %{version}-%{release}
 Requires: pkgconf-pkg-config
 %description devel
 This package contains the header files for building plugins for ppp.
 %prep
-%autosetup -p1 -n %{name}-%{name}-%{version}
+%setup -qn %{name}-%{name}-%{version}
 %autopatch -p1
 tar -xJf %{SOURCE12}
 %build
-autoreconf -fi
+%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
-export CFLAGS="%{build_cflags} -fno-strict-aliasing"
+%{make_build} LDFLAGS="%{?build_ldflags} -pie"
-%configure --enable-systemd --enable-cbcp --with-pam --disable-openssl-engine
+%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"
 %make_build
 %make_build -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"
 %install
-%make_install
+make INSTROOT=%{buildroot} install install-etcppp
 find scripts -type f | xargs chmod a-x
 make ROOT=%{buildroot} -C ppp-watch install
@ -125,11 +110,14 @@ install -p %{SOURCE6} %{buildroot}%{_sysconfdir}/ppp/ip-up
 install -p %{SOURCE7} %{buildroot}%{_sysconfdir}/ppp/ip-up.ipv6to4
 install -p %{SOURCE8} %{buildroot}%{_sysconfdir}/ppp/ipv6-down
 install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/ppp/ipv6-up
-install -p %{SOURCE13} %{buildroot}%{_sysconfdir}/ppp/ipv6-down.initscripts
+
-install -p %{SOURCE14} %{buildroot}%{_sysconfdir}/ppp/ipv6-up.initscripts
+install -d %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/
 install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
 install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
 # ghosts
-mkdir -p %{buildroot}%{_rundir}/pppd/lock
+mkdir -p %{buildroot}%{_rundir}/ppp
 mkdir -p %{buildroot}%{_rundir}/lock/ppp
 %pre
 /usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
@ -151,10 +139,7 @@ mkdir -p %{buildroot}%{_rundir}/pppd/lock
 %{_sysconfdir}/ppp/ip-up.ipv6to4
 %{_sysconfdir}/ppp/ip-down.ipv6to4
 %{_sysconfdir}/ppp/ipv6-up
 %{_sysconfdir}/ppp/ipv6-up.initscripts
 %{_sysconfdir}/ppp/ipv6-down
 %{_sysconfdir}/ppp/ipv6-down.initscripts
 %{_sysconfdir}/ppp/openssl.cnf
 %{_mandir}/man8/chat.8*
 %{_mandir}/man8/pppd.8*
 %{_mandir}/man8/pppdump.8*
@ -164,8 +149,8 @@ mkdir -p %{buildroot}%{_rundir}/pppd/lock
 %{_mandir}/man8/pppoe-discovery.8*
 %{_mandir}/man8/ppp-watch.8*
 %{_libdir}/pppd
-%ghost %dir %{_rundir}/pppd
+%ghost %dir %{_rundir}/ppp
-%ghost %dir %{_rundir}/pppd/lock
+%ghost %dir %{_rundir}/lock/ppp
 %dir %{_sysconfdir}/logrotate.d
 %attr(700, root, root) %dir %{_localstatedir}/log/ppp
 %config(noreplace) %{_sysconfdir}/ppp/eaptls-client
@ -177,79 +162,25 @@ mkdir -p %{buildroot}%{_rundir}/pppd/lock
 %config(noreplace) %{_sysconfdir}/logrotate.d/ppp
 %{_tmpfilesdir}/ppp.conf
 %files -n network-scripts-%{name}
 %{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
 %{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
 %files devel
 %{_includedir}/pppd
 %doc PLUGINS
 %{_libdir}/pkgconfig/pppd.pc
 %changelog
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.5.0-13
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-5
- Bump release for October 2024 mass rebuild:
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Resolves: RHEL-64018
+  Related: rhbz#1991688
 * Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.5.0-12
 - Rebuilt for MSVSphere 10
 * Thu Jun 27 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-12
 - Fixed radiusclient parser
  Resolves: RHEL-44665
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.5.0-11
 - Bump release for June 2024 mass rebuild
 * Wed Jun 12 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-10
 - Openssl engine API is deprecated for a while thus disable it
  Resolves: RHEL-33746
 * Thu May  9 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-9
 - Pre-created upstream default lock dir
  Resolves: RHEL-35977
 * Sun Apr 14 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-8
 - Added missing and recently approved SPDX licenses
 * Wed Feb 21 2024 Kalev Lember <klember@redhat.com> - 2.5.0-7
 - Obsolete dropped network-scripts-ppp subpackage
 * Tue Feb 13 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-6
 - Dropped network scripts
 * Wed Jan 24 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-5
 - Converted license to SPDX
 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Tue Jul 25 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 2.5.0-3
 - Use bundled ATM in RHEL builds
 * Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Thu Apr 13 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-1
 - New version
  Resolves: rhbz#2184291
 * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Tue Apr 05 2022 Marcin Zajaczkowski <mszpak ATT wp DOTT pl> - 2.4.9-7
 - Backport patches from master for SSTP to connect using EAP-TLS to Azure VnetGWay and Windows RAS server
 * Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4.9-5
 - Rebuilt with OpenSSL 3.0.0
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-4
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+- Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
-* Mon Mar  8 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-3
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-3
- Keep lock files in /var/lock (https://github.com/ppp-project/ppp/pull/227)
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
`@ -1,2 +1,2 @@`
	`SOURCES/ppp-2.5.0.tar.gz`	`SOURCES/ppp-2.4.9.tar.gz`
	`SOURCES/ppp-watch.tar.xz`	`SOURCES/ppp-watch.tar.xz`
`@ -1,2 +1,2 @@`
	`014f13c3e9da059b263facb8095759dfb4f58fef SOURCES/ppp-2.5.0.tar.gz`	`f879143a310f208c27f5279df9ecf9887ad1864b SOURCES/ppp-2.4.9.tar.gz`
	`74b6db205dc46fc179a2a3bc3d726ddfeb03c801 SOURCES/ppp-watch.tar.xz`	`74b6db205dc46fc179a2a3bc3d726ddfeb03c801 SOURCES/ppp-watch.tar.xz`
`@ -1 +1,2 @@`
	`d /run/pppd/lock 0755 root root`	`d /run/ppp 0755 root root`
		`d /run/lock/ppp 0755 root root`