Compare commits

..

No commits in common. 'i10cs' and 'c9' have entirely different histories.
i10cs ... c9

2
.gitignore vendored

@ -1,2 +1,2 @@
SOURCES/ppp-2.5.0.tar.gz
SOURCES/ppp-2.4.9.tar.gz
SOURCES/ppp-watch.tar.xz

@ -1,2 +1,2 @@
014f13c3e9da059b263facb8095759dfb4f58fef SOURCES/ppp-2.5.0.tar.gz
f879143a310f208c27f5279df9ecf9887ad1864b SOURCES/ppp-2.4.9.tar.gz
74b6db205dc46fc179a2a3bc3d726ddfeb03c801 SOURCES/ppp-watch.tar.xz

@ -0,0 +1,341 @@
From d7faeb88f684c8b2ae193b2c5b5b358ac757fcfa Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 11:39:09 +0200
Subject: [PATCH 04/27] doc: add configuration samples
---
sample/auth-down | 17 ++++++
sample/auth-up | 17 ++++++
sample/ip-down | 22 ++++++++
sample/ip-up | 23 ++++++++
sample/options | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++
sample/options.ttyXX | 14 +++++
sample/pap-secrets | 28 ++++++++++
7 files changed, 274 insertions(+)
create mode 100644 sample/auth-down
create mode 100644 sample/auth-up
create mode 100644 sample/ip-down
create mode 100644 sample/ip-up
create mode 100644 sample/options
create mode 100644 sample/options.ttyXX
create mode 100644 sample/pap-secrets
diff --git a/sample/auth-down b/sample/auth-down
new file mode 100644
index 0000000..edde65d
--- /dev/null
+++ b/sample/auth-down
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# A program or script which is executed after the remote system
+# successfully authenticates itself. It is executed with the parameters
+# <interface-name> <peer-name> <user-name> <tty-device> <speed>
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+echo auth-down `date +'%y/%m/%d %T'` $* >> /var/log/pppstats
+
+# last line
diff --git a/sample/auth-up b/sample/auth-up
new file mode 100644
index 0000000..54722a3
--- /dev/null
+++ b/sample/auth-up
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# A program or script which is executed after the remote system
+# successfully authenticates itself. It is executed with the parameters
+# <interface-name> <peer-name> <user-name> <tty-device> <speed>
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+echo auth-up `date +'%y/%m/%d %T'` $* >> /var/log/pppstats
+
+# last line
diff --git a/sample/ip-down b/sample/ip-down
new file mode 100644
index 0000000..b771fb6
--- /dev/null
+++ b/sample/ip-down
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# This script is run by the pppd _after_ the link is brought down.
+# It should be used to delete routes, unset IP addresses etc.
+#
+# This script is called with the following arguments:
+# Arg Name Example
+# $1 Interface name ppp0
+# $2 The tty ttyS1
+# $3 The link speed 38400
+# $4 Local IP number 12.34.56.78
+# $5 Peer IP number 12.34.56.99
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+# last line
diff --git a/sample/ip-up b/sample/ip-up
new file mode 100644
index 0000000..7ce7c8d
--- /dev/null
+++ b/sample/ip-up
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# This script is run by the pppd after the link is established.
+# It should be used to add routes, set IP address, run the mailq
+# etc.
+#
+# This script is called with the following arguments:
+# Arg Name Example
+# $1 Interface name ppp0
+# $2 The tty ttyS1
+# $3 The link speed 38400
+# $4 Local IP number 12.34.56.78
+# $5 Peer IP number 12.34.56.99
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+# last line
diff --git a/sample/options b/sample/options
new file mode 100644
index 0000000..8d0a3f9
--- /dev/null
+++ b/sample/options
@@ -0,0 +1,153 @@
+# /etc/ppp/options
+
+# The name of this server. Often, the FQDN is used here.
+#name <host>
+
+# Enforce the use of the hostname as the name of the local system for
+# authentication purposes (overrides the name option).
+usehostname
+
+# If no local IP address is given, pppd will use the first IP address
+# that belongs to the local hostname. If "noipdefault" is given, this
+# is disabled and the peer will have to supply an IP address.
+noipdefault
+
+# With this option, pppd will accept the peer's idea of our local IP
+# address, even if the local IP address was specified in an option.
+#ipcp-accept-local
+
+# With this option, pppd will accept the peer's idea of its (remote) IP
+# address, even if the remote IP address was specified in an option.
+#ipcp-accept-remote
+
+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
+# Two Servers can be remotely configured
+#ms-dns 192.168.1.1
+#ms-dns 192.168.1.2
+
+# Specify which WINS Servers the incoming connection Win95 or WinNT should use
+#wins-addr 192.168.1.50
+#wins-addr 192.168.1.51
+
+# enable this on a server that already has a permanent default route
+#nodefaultroute
+
+# Run the executable or shell command specified after pppd has terminated
+# the link. This script could, for example, issue commands to the modem
+# to cause it to hang up if hardware modem control signals were not
+# available.
+# If mgetty is running, it will reset the modem anyway. So there is no need
+# to do it here.
+#disconnect "chat -- \d+++\d\c OK ath0 OK"
+
+# Increase debugging level (same as -d). The debug output is written
+# to syslog LOG_LOCAL2.
+debug
+
+# Enable debugging code in the kernel-level PPP driver. The argument n
+# is a number which is the sum of the following values: 1 to enable
+# general debug messages, 2 to request that the contents of received
+# packets be printed, and 4 to request that the contents of transmitted
+# packets be printed.
+#kdebug n
+
+# Require the peer to authenticate itself before allowing network
+# packets to be sent or received.
+# Please do not disable this setting. It is expected to be standard in
+# future releases of pppd. Use the call option (see manpage) to disable
+# authentication for specific peers.
+#auth
+
+# authentication can either be pap or chap. As most people only want to
+# use pap, you can also disable chap:
+#require-pap
+#refuse-chap
+
+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+# on the serial port.
+crtscts
+
+# Specifies that pppd should use a UUCP-style lock on the serial device
+# to ensure exclusive access to the device.
+lock
+
+# Use the modem control lines.
+modem
+
+# async character map -- 32-bit hex; each bit is a character
+# that needs to be escaped for pppd to receive it. 0x00000001
+# represents '\x01', and 0x80000000 represents '\x1f'.
+# To allow pppd to work over a rlogin/telnet connection, ou should escape
+# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".)
+#asyncmap 200a0000
+asyncmap 0
+
+# Specifies that certain characters should be escaped on transmission
+# (regardless of whether the peer requests them to be escaped with its
+# async control character map). The characters to be escaped are
+# specified as a list of hex numbers separated by commas. Note that
+# almost any character can be specified for the escape option, unlike
+# the asyncmap option which only allows control characters to be
+# specified. The characters which may not be escaped are those with hex
+# values 0x20 - 0x3f or 0x5e.
+#escape 11,13,ff
+
+# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
+# will ask the peer to send packets of no more than <n> bytes. The
+# minimum MRU value is 128. The default MRU value is 1500. A value of
+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
+# bytes of data).
+#mru 542
+
+# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
+# requests a smaller value via MRU negotiation, pppd will request that
+# the kernel networking code send data packets of no more than n bytes
+# through the PPP network interface.
+#mtu <n>
+
+# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+# notation (e.g. 255.255.255.0).
+#netmask 255.255.255.0
+
+# Don't fork to become a background process (otherwise pppd will do so
+# if a serial device is specified).
+nodetach
+
+# Set the assumed name of the remote system for authentication purposes
+# to <n>.
+#remotename <n>
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system. {proxyarp,noproxyarp}
+proxyarp
+
+# Use the system password database for authenticating the peer using
+# PAP. Note: mgetty already provides this option. If this is specified
+# then dialin from users using a script under Linux to fire up ppp wont work.
+#login
+
+# If this option is given, pppd will send an LCP echo-request frame to
+# the peer every n seconds. Under Linux, the echo-request is sent when
+# no packets have been received from the peer for n seconds. Normally
+# the peer should respond to the echo-request by sending an echo-reply.
+# This option can be used with the lcp-echo-failure option to detect
+# that the peer is no longer connected.
+lcp-echo-interval 30
+
+# If this option is given, pppd will presume the peer to be dead if n
+# LCP echo-requests are sent without receiving a valid LCP echo-reply.
+# If this happens, pppd will terminate the connection. Use of this
+# option requires a non-zero value for the lcp-echo-interval parameter.
+# This option can be used to enable pppd to terminate after the physical
+# connection has been broken (e.g., the modem has hung up) in
+# situations where no hardware modem control lines are available.
+lcp-echo-failure 4
+
+# Specifies that pppd should disconnect if the link is idle for n seconds.
+idle 600
+
+# Disable the IPXCP and IPX protocols.
+noipx
+
+# ---<End of File>---
diff --git a/sample/options.ttyXX b/sample/options.ttyXX
new file mode 100644
index 0000000..d4202f5
--- /dev/null
+++ b/sample/options.ttyXX
@@ -0,0 +1,14 @@
+# If you need to set up multiple serial lines then copy this file to
+# options.<ttyname> for each tty with a modem on it.
+#
+# The options.tty file will assign an IP address to each PPP connection
+# as it comes up. They must all be distinct!
+#
+# Example:
+# options.ttyS1 for com2 under DOS.
+#
+# Edit the following line so that the first IP address
+# mentioned is the ip address of the serial port while the second
+# is the IP address of your host
+#
+hostname-s1:hostname
diff --git a/sample/pap-secrets b/sample/pap-secrets
new file mode 100644
index 0000000..098971b
--- /dev/null
+++ b/sample/pap-secrets
@@ -0,0 +1,28 @@
+# Secrets for authentication using PAP
+# client server secret IP addresses
+
+# OUTBOUND CONNECTIONS
+# Here you should add your userid password to connect to your providers via
+# pap. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+#hostname * password
+
+# INBOUND CONNECTIONS
+#client hostname <password> 192.168.1.1
+
+# If you add "auth login -chap +pap" to /etc/mgetty+sendfax/login.config,
+# all users in /etc/passwd can use their password for pap-authentication.
+#
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+#* hostname ""
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd! Replace hostname
+# with your local hostname.
+#guest hostname "*" -
+#master hostname "*" -
+#root hostname "*" -
+#support hostname "*" -
+#stats hostname "*" -
--
1.8.3.1

@ -0,0 +1,85 @@
From 01419dfb684d501b57f1c24dcfdbcf9da93ccca2 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 18:12:47 +0200
Subject: [PATCH 06/27] scritps: use change_resolv_conf function
Don't handle /etc/resolv.conf manually, but use a helper function from
initscripts. Also change path where we save DNS servers supplied by peer while
we are at it.
Resolves: #132482
---
pppd/pppd.8 | 2 +-
scripts/ip-down.local.add | 9 +++++----
scripts/ip-up.local.add | 17 ++++++++++-------
3 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/pppd/pppd.8 b/pppd/pppd.8
index e2768b1..2dd6e1a 100644
--- a/pppd/pppd.8
+++ b/pppd/pppd.8
@@ -1099,7 +1099,7 @@ Ask the peer for up to 2 DNS server addresses. The addresses supplied
by the peer (if any) are passed to the /etc/ppp/ip\-up script in the
environment variables DNS1 and DNS2, and the environment variable
USEPEERDNS will be set to 1. In addition, pppd will create an
-/etc/ppp/resolv.conf file containing one or two nameserver lines with
+/var/run/ppp/resolv.conf file containing one or two nameserver lines with
the address(es) supplied by the peer.
.TP
.B user \fIname
diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add
index b93590e..163f71e 100644
--- a/scripts/ip-down.local.add
+++ b/scripts/ip-down.local.add
@@ -9,12 +9,13 @@
#
# Nick Walker (nickwalker@email.com)
#
+. /etc/sysconfig/network-scripts/network-functions
-if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
- if [ -f /etc/ppp/resolv.prev ]; then
- cp -f /etc/ppp/resolv.prev /etc/resolv.conf
+if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
+ if [ -f /var/run/ppp/resolv.prev ]; then
+ change_resolv_conf /var/run/ppp/resolv.prev
else
- rm -f /etc/resolv.conf
+ change_resolv_conf
fi
fi
diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
index 8017209..26cf5f8 100644
--- a/scripts/ip-up.local.add
+++ b/scripts/ip-up.local.add
@@ -9,16 +9,19 @@
#
# Nick Walker (nickwalker@email.com)
#
+. /etc/sysconfig/network-scripts/network-functions
-if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
- rm -f /etc/ppp/resolv.prev
+if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
+ rm -f /var/run/ppp/resolv.prev
if [ -f /etc/resolv.conf ]; then
- cp /etc/resolv.conf /etc/ppp/resolv.prev
- grep domain /etc/ppp/resolv.prev > /etc/resolv.conf
- grep search /etc/ppp/resolv.prev >> /etc/resolv.conf
- cat /etc/ppp/resolv.conf >> /etc/resolv.conf
+ cp /etc/resolv.conf /var/run/ppp/resolv.prev
+ rscf=/var/run/ppp/resolv.new
+ grep domain /var/run/ppp/resolv.prev > $rscf
+ grep search /var/run/ppp/resolv.prev >> $rscf
+ change_resolv_conf $rscf
+ rm -f $rscf
else
- cp /etc/ppp/resolv.conf /etc
+ change_resolv_conf /var/run/ppp/resolv.conf
fi
fi
--
1.8.3.1

@ -0,0 +1,77 @@
From b4ef433be936c90e356da7a590b032cdee219a3f Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 19:06:05 +0200
Subject: [PATCH 11/27] build-sys: don't put connect-errors log to /etc/ppp/
Resolves: #118837
---
chat/chat.8 | 2 +-
linux/Makefile.top | 8 +++++++-
pppd/pathnames.h | 4 ++--
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/chat/chat.8 b/chat/chat.8
index 6d10836..78d6939 100644
--- a/chat/chat.8
+++ b/chat/chat.8
@@ -200,7 +200,7 @@ The \fBSAY\fR directive allows the script to send strings to the user
at the terminal via standard error. If \fBchat\fR is being run by
pppd, and pppd is running as a daemon (detached from its controlling
terminal), standard error will normally be redirected to the file
-/etc/ppp/connect\-errors.
+/var/log/ppp/connect\-errors.
.LP
\fBSAY\fR strings must be enclosed in single or double quotes. If
carriage return and line feed are needed in the string to be output,
diff --git a/linux/Makefile.top b/linux/Makefile.top
index f63d45e..f42efd5 100644
--- a/linux/Makefile.top
+++ b/linux/Makefile.top
@@ -5,6 +5,8 @@ BINDIR = $(DESTDIR)/sbin
INCDIR = $(DESTDIR)/include
MANDIR = $(DESTDIR)/share/man
ETCDIR = $(INSTROOT)@SYSCONF@/ppp
+RUNDIR = $(DESTDIR)/var/run/ppp
+LOGDIR = $(DESTDIR)/var/log/ppp
# uid 0 = root
INSTALL= install
@@ -16,7 +18,7 @@ all:
cd pppstats; $(MAKE) $(MFLAGS) all
cd pppdump; $(MAKE) $(MFLAGS) all
-install: $(BINDIR) $(MANDIR)/man8 install-progs install-devel
+install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel
install-progs:
cd chat; $(MAKE) $(MFLAGS) install
@@ -44,6 +46,10 @@ $(MANDIR)/man8:
$(INSTALL) -d -m 755 $@
$(ETCDIR):
$(INSTALL) -d -m 755 $@
+$(RUNDIR):
+ $(INSTALL) -d -m 755 $@
+$(LOGDIR):
+ $(INSTALL) -d -m 755 $@
clean:
rm -f `find . -name '*.[oas]' -print`
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
index a427cb8..bef3160 100644
--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
@@ -28,9 +28,9 @@
#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
-#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
+#define _PATH_CONNERRS _ROOT_PATH "/var/log/ppp/connect-errors"
#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf"
+#define _PATH_RESOLV _ROOT_PATH "/var/run/ppp/resolv.conf"
#define _PATH_USEROPT ".ppprc"
#define _PATH_PSEUDONYM ".ppp_pseudonym"
--
1.8.3.1

@ -0,0 +1,149 @@
diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
index d693350..c31bb34 100644
--- a/pppd/plugins/pppoatm/pppoatm.c
+++ b/pppd/plugins/pppoatm/pppoatm.c
@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
if (!device_got_set)
no_device_given_pppoatm();
- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (fd < 0)
fatal("failed to create socket: %m");
memset(&qos, 0, sizeof qos);
diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
index 9643b96..1099575 100644
--- a/pppd/plugins/pppol2tp/openl2tp.c
+++ b/pppd/plugins/pppol2tp/openl2tp.c
@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
int result;
if (openl2tp_fd < 0) {
- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (openl2tp_fd < 0) {
error("openl2tp connection create: %m");
return -ENOTCONN;
diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
index a7e3400..e64a778 100644
--- a/pppd/plugins/pppol2tp/pppol2tp.c
+++ b/pppd/plugins/pppol2tp/pppol2tp.c
@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
struct ifreq ifr;
int fd;
- fd = socket(AF_INET, SOCK_DGRAM, 0);
+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (fd >= 0) {
memset (&ifr, '\0', sizeof (ifr));
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
index 91e9a57..72aba41 100644
--- a/pppd/plugins/pppoe/if.c
+++ b/pppd/plugins/pppoe/if.c
@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
- if ((fd = socket(domain, stype, htons(type))) < 0) {
+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
fatal("Cannot create raw socket -- pppoe must be run as root.");
diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
index a8c2bb4..24bdf8f 100644
--- a/pppd/plugins/pppoe/plugin.c
+++ b/pppd/plugins/pppoe/plugin.c
@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
/* server equipment). */
/* Opening this socket just before waitForPADS in the discovery() */
/* function would be more appropriate, but it would mess-up the code */
- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
if (conn->sessionSocket < 0) {
error("Failed to create PPPoE socket: %m");
return -1;
@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
lcp_wantoptions[0].mru = conn->mru;
/* Update maximum MRU */
- s = socket(AF_INET, SOCK_DGRAM, 0);
+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (s < 0) {
error("Can't get MTU for %s: %m", conn->ifName);
goto errout;
@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
}
/* Open a socket */
- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
r = 0;
}
diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
index 3d3bf4e..c0d927d 100644
--- a/pppd/plugins/pppoe/pppoe-discovery.c
+++ b/pppd/plugins/pppoe/pppoe-discovery.c
@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
- if ((fd = socket(domain, stype, htons(type))) < 0) {
+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
fatal("Cannot create raw socket -- pppoe must be run as root.");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 00a2cf5..0690019 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
void sys_init(void)
{
/* Get an internet socket for doing socket ioctls. */
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock_fd < 0)
fatal("Couldn't create IP socket: %m(%d)", errno);
#ifdef INET6
- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
+ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock6_fd < 0)
sock6_fd = -errno; /* save errno for later */
#endif
@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
struct ifreq ifreq;
int ret, sock_fd;
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock_fd < 0)
return -1;
memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
@@ -2067,7 +2067,7 @@ int ppp_available(void)
/*
* Open a socket for doing the ioctl operations.
*/
- s = socket(AF_INET, SOCK_DGRAM, 0);
+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (s < 0)
return 0;
diff --git a/pppd/tty.c b/pppd/tty.c
index bc96695..8e76a5d 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -896,7 +896,7 @@ open_socket(dest)
*sep = ':';
/* get a socket and connect it to the other end */
- sock = socket(PF_INET, SOCK_STREAM, 0);
+ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (sock < 0) {
error("Can't create socket: %m");
return -1;
--
1.8.3.1

@ -0,0 +1,44 @@
From f2c855462ff56be4121409c7e048cd2503fe0ccf Mon Sep 17 00:00:00 2001
From: Jiri Skala <jskala@fedoraproject.org>
Date: Mon, 7 Apr 2014 14:26:20 +0200
Subject: [PATCH 15/27] pppd: move pppd database to /var/run/ppp
Resolves: #560014
---
pppd/pathnames.h | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
index bef3160..24e010c 100644
--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
@@ -6,8 +6,9 @@
#ifdef HAVE_PATHS_H
#include <paths.h>
-
+#define _PPP_SUBDIR "ppp/"
#else /* HAVE_PATHS_H */
+#define _PPP_SUBDIR
#ifndef _PATH_VARRUN
#define _PATH_VARRUN "/etc/ppp/"
#endif
@@ -46,13 +47,9 @@
#endif /* IPX_CHANGE */
#ifdef __STDC__
-#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd2.tdb"
+#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb"
#else /* __STDC__ */
-#ifdef HAVE_PATHS_H
-#define _PATH_PPPDB "/var/run/pppd2.tdb"
-#else
-#define _PATH_PPPDB "/etc/ppp/pppd2.tdb"
-#endif
+#define _PATH_PPPDB _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb"
#endif /* __STDC__ */
#ifdef PLUGIN
--
1.8.3.1

@ -0,0 +1,115 @@
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index 3cd9101..9918091 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -16,6 +16,7 @@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
+MANDIR = $(DESTDIR)/share/man/man8
LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
@@ -46,6 +47,7 @@ install: all
$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
$(INSTALL) -d -m 755 $(BINDIR)
$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
+ $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
clean:
rm -f *.o *.so pppoe-discovery
diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8
new file mode 100644
index 0000000..d0a93db
--- /dev/null
+++ b/pppd/plugins/pppoe/pppoe-discovery.8
@@ -0,0 +1,86 @@
+.\" pppoe-discovery.8 written by
+.\" Ben Hutchings <ben@decadentplace.org.uk>, based on pppoe.8.
+.\" Licenced under the GPL version 2 or later.
+.TH PPPOE-DISCOVERY 8
+.SH NAME
+pppoe\-discovery \- perform PPPoE discovery
+.SH SYNOPSIS
+.B pppoe\-discovery
+[
+.I options
+]
+.br
+.BR pppoe\-discovery " { " \-V " | " \-h " }"
+.SH DESCRIPTION
+.LP
+\fBpppoe\-discovery\fR performs the same discovery process as
+\fBpppoe\fR, but does not initiate a session.
+It sends a PADI packet and then prints the names of access
+concentrators in each PADO packet it receives.
+.SH OPTIONS
+.TP
+.BI \-I " interface"
+.RS
+The \fB\-I\fR option specifies the Ethernet interface to use.
+Under Linux, it is typically eth0 or eth1.
+The interface should be \(lqup\(rq before you start
+\fBpppoe\-discovery\fR, but should \fInot\fR be configured to have an
+IP address.
+The default interface is eth0.
+.RE
+.TP
+.BI \-D " file_name"
+.RS
+The \fB\-D\fR option causes every packet to be dumped to the specified
+\fIfile_name\fR.
+This is intended for debugging only.
+.RE
+.TP
+.B \-U
+.RS
+Causes \fBpppoe\-discovery\fR to use the Host-Uniq tag in its discovery
+packets.
+This lets you run multiple instances of \fBpppoe\-discovery\fR and/or
+\fBpppoe\fR without having their discovery packets interfere with one
+another.
+You must supply this option to \fIall\fR instances that you intend to
+run simultaneously.
+.RE
+.TP
+.BI \-S " service_name"
+.RS
+Specifies the desired service name.
+\fBpppoe\-discovery\fR will only accept access concentrators which can
+provide the specified service.
+In most cases, you should \fInot\fR specify this option.
+Use it only if you know that there are multiple access concentrators
+or know that you need a specific service name.
+.RE
+.TP
+.BI \-C " ac_name"
+.RS
+Specifies the desired access concentrator name.
+\fBpppoe\-discovery\fR will only accept the specified access
+concentrator.
+In most cases, you should \fInot\fR specify this option.
+Use it only if you know that there are multiple access concentrators.
+If both the \fB\-S\fR and \fB\-C\fR options are specified, they must
+\fIboth\fR match.
+.RE
+.TP
+.B \-A
+.RS
+This option is accepted for compatibility with \fBpppoe\fR, but has no
+effect.
+.RE
+.TP
+.BR \-V " | " \-h
+.RS
+Either of these options causes \fBpppoe\-discovery\fR to print its
+version number and usage information, then exit.
+.RE
+.SH AUTHORS
+\fBpppoe\-discovery\fR was written by Marco d'Itri <md@linux.it>,
+based on \fBpppoe\fR by David F. Skoll <dfs@roaringpenguin.com>.
+.SH SEE ALSO
+pppoe(8), pppoe-sniff(8)
--
1.8.3.1

@ -0,0 +1,27 @@
From 40960f91cdd06da387616ec838ae2599e7f01cee Mon Sep 17 00:00:00 2001
From: Jiri Skala <jskala@fedoraproject.org>
Date: Mon, 7 Apr 2014 15:24:01 +0200
Subject: [PATCH 18/27] scritps: fix ip-up.local sample
Resolves: #613717
---
scripts/ip-up.local.add | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
index 26cf5f8..282337c 100644
--- a/scripts/ip-up.local.add
+++ b/scripts/ip-up.local.add
@@ -18,6 +18,9 @@ if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
rscf=/var/run/ppp/resolv.new
grep domain /var/run/ppp/resolv.prev > $rscf
grep search /var/run/ppp/resolv.prev >> $rscf
+ if [ -f /var/run/ppp/resolv.conf ]; then
+ cat /var/run/ppp/resolv.conf >> $rscf
+ fi
change_resolv_conf $rscf
rm -f $rscf
else
--
1.8.3.1

@ -0,0 +1,26 @@
From c5a5f795b1defcb6d168e79c4d1fc371dfc556ca Mon Sep 17 00:00:00 2001
From: Jiri Skala <jskala@redhat.com>
Date: Wed, 9 Apr 2014 09:29:50 +0200
Subject: [PATCH 20/27] pppd: put lock files in /var/lock/ppp
Resolves: #708260
---
pppd/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/utils.c b/pppd/utils.c
index 6051b9a..8407492 100644
--- a/pppd/utils.c
+++ b/pppd/utils.c
@@ -846,7 +846,7 @@ complete_read(int fd, void *buf, size_t count)
/* Procedures for locking the serial device using a lock file. */
#ifndef LOCK_DIR
#ifdef __linux__
-#define LOCK_DIR "/var/lock"
+#define LOCK_DIR "/var/lock/ppp"
#else
#ifdef SVR4
#define LOCK_DIR "/var/spool/locks"
--
1.8.3.1

@ -0,0 +1,20 @@
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index 2df887b..6cb8397 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -43,12 +43,12 @@ pppoe.so: plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 4550 pppoe.so $(LIBDIR)
+ $(INSTALL) -c -m 755 pppoe.so $(LIBDIR)
# Symlink for backward compatibility
$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
$(INSTALL) -d -m 755 $(BINDIR)
- $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
- $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
+ $(INSTALL) -c -m 755 pppoe-discovery $(BINDIR)
+ $(INSTALL) -c -m 644 pppoe-discovery.8 $(MANDIR)
clean:
rm -f *.o *.so pppoe-discovery

@ -0,0 +1,26 @@
From 0fdb22ef3d3cc3b297372451d60bd6c61d047d27 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 10 Apr 2014 10:08:41 +0200
Subject: [PATCH 24/27] build-sys: install pppoatm plugin files with standard
perms
---
pppd/plugins/pppoatm/Makefile.linux | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 769794b..4c5826f 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -37,7 +37,7 @@ $(PLUGIN): $(PLUGIN_OBJS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 4550 $(PLUGIN) $(LIBDIR)
+ $(INSTALL) -c -m 755 $(PLUGIN) $(LIBDIR)
clean:
rm -f *.o *.so
--
1.8.3.1

@ -0,0 +1,51 @@
#! /bin/bash
cd /etc/sysconfig/network-scripts
. ./network-functions
CONFIG=$1
source_config
if [ "$TYPE" = "xDSL" ] && [ -x /usr/sbin/adsl-stop ] ; then
adsl-stop /etc/sysconfig/network-scripts/$CONFIG
exit $?
fi
CONFIG=${CONFIG##ifcfg-}
if [ "${DEMAND}" = "yes" ] && [ -f /var/run/ppp-${CONFIG}.pid ] ; then
PID=$(head -1 /var/run/ppp-${CONFIG}.pid)
kill -TERM ${PID}
sleep 2
[ ! -d /proc/${PID} ] && exit 0
sleep 5
[ ! -d /proc/${PID} ] && exit 0
kill -TERM ${PID}
[ ! -d /proc/${PID} ] && exit 0
exit 1
fi
file=/var/run/pppwatch-${DEVICE}.pid
if [ ! -f $file ]; then
# ppp isn't running, or we didn't start it
exit 0
fi
PID=$(cat $file)
[ -n "${PID}" ] || exit 1
kill -TERM ${PID} > /dev/null 2>&1
[ ! -d /proc/${PID} ] && exit 0
sleep 2
[ ! -d /proc/${PID} ] && exit 0
sleep 5
[ ! -d /proc/${PID} ] && exit 0
sleep 10
[ ! -d /proc/${PID} ] && exit 0
# killing ppp-watch twice in a row causes it to send a SIGKILL to pppd pgrp
kill -TERM ${PID} > /dev/null 2>&1
[ ! -d /proc/${PID} ] && exit 0
exit 1

@ -0,0 +1,157 @@
#! /bin/bash
. /etc/init.d/functions
cd /etc/sysconfig/network-scripts
. ./network-functions
# ifup-post for PPP is handled through /etc/ppp/ip-up
if [ "${1}" = daemon ] ; then
# we've been called from ppp-watch, so don't invoke it for persistence
shift
else
# just in case a full path to the configuration file is passed in
CONFIG=${1##*/} # CONFIG=$(basename $1)
[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
source_config
# don't start ppp-watch by xDSL
if [ "${DEMAND}" != yes -a "$TYPE" != "xDSL" ] ; then
# let ppp-watch do the right thing
exec /sbin/ppp-watch "${CONFIG##ifcfg-}" "$2"
fi
fi
CONFIG=$1
[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
source_config
if [ -z "${DISCONNECTTIMEOUT}" ]; then
DISCONNECTTIMEOUT=2
fi
if [ -z "${RETRYTIMEOUT}" ]; then
RETRYTIMEOUT=30
fi
if [ -z "${IDLETIMEOUT}" ]; then
IDLETIMEOUT=600
fi
if [ "${2}" = "boot" -a "${ONBOOT}" = "no" ]; then
exit
fi
[ -x /usr/sbin/pppd ] || {
echo $"pppd does not exist or is not executable"
echo $"ifup-ppp for ${DEVICE} exiting"
/usr/bin/logger -p daemon.info -t ifup-ppp \
$"pppd does not exist or is not executable for ${DEVICE}"
exit 1
}
# check that xDSL connection
if [ "$TYPE" = "xDSL" ] ; then
if [ -x /usr/sbin/adsl-start ] ; then
adsl-start /etc/sysconfig/network-scripts/$CONFIG
exit $?
else
/usr/bin/logger -p daemon.info -t ifup-ppp \
$"adsl-start does not exist or is not executable for ${DEVICE}"
exit 1
fi
fi
PEERCONF=/etc/ppp/peers/${DEVNAME}
if [ "${DEBUG}" = "yes" ]; then
CHATDBG="-v"
fi
if [ ! -f ${PEERCONF} ]; then
if [ -z "${WVDIALSECT}" ] ; then
CHATSCRIPT=/etc/sysconfig/network-scripts/chat-${DEVNAME}
[ -f ${CHATSCRIPT} ] || {
echo $"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist"
echo $"ifup-ppp for ${DEVNAME} exiting"
/usr/bin/logger -p daemon.info -t ifup-ppp \
$"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist for ${DEVICE}"
exit 1
}
fi
/usr/bin/logger -s -p daemon.notice -t ifup-ppp \
$"Setting up a new ${PEERCONF} config file"
if [ -f /etc/ppp/peers/${DEVICE} ]; then
cp -f /etc/ppp/peers/${DEVICE} ${PEERCONF}
else
touch ${PEERCONF}
fi
if [ "${WVDIALSECT}" ]; then
echo "connect \"/usr/bin/wvdial --remotename ${DEVNAME} --chat '${WVDIALSECT}'\"" >> ${PEERCONF}
else
echo "connect \"/usr/sbin/chat ${CHATDBG} -f ${CHATSCRIPT}\"" >> ${PEERCONF}
fi
fi
opts="lock"
if [ "${HARDFLOWCTL}" != no ] ; then
opts="$opts modem crtscts"
fi
if [ "${ESCAPECHARS}" != yes ] ; then
opts="$opts asyncmap 00000000"
fi
if [ "${DEFROUTE}" != no ] ; then
# pppd will no longer delete an existing default route
# so we have to help it out a little here.
DEFRT=$(ip route list match 0.0.0.0/0)
[ -n "${DEFRT}" ] && echo "$DEFRT" > /etc/default-routes
echo "$DEFRT" | while read spec; do
ip route del $spec;
done
opts="$opts defaultroute"
fi
if [ "${PEERDNS}" != no ] ; then
cp -f /etc/resolv.conf /etc/resolv.conf.save
opts="$opts usepeerdns"
fi
if [ -n "${MRU}" ] ; then
opts="$opts mru ${MRU}"
fi
if [ -n "${MTU}" ] ; then
opts="$opts mtu ${MTU}"
fi
if [ -n "${IPADDR}${REMIP}" ] ; then
# if either IP address is set, the following will work.
opts="$opts ${IPADDR}:${REMIP}"
fi
if [ -n "${PAPNAME}" ] ; then
opts="$opts user ${PAPNAME} remotename ${DEVNAME}"
fi
if [ "${DEBUG}" = yes ] ; then
opts="$opts debug"
fi
if [ ${DEMAND} = yes ] ; then
opts="$opts demand ktune idle ${IDLETIMEOUT} holdoff ${RETRYTIMEOUT}"
exec=
else
opts="$opts nodetach"
exec=exec
fi
/usr/bin/logger -p daemon.info -t ifup-ppp \
$"pppd started for ${DEVNAME} on ${MODEMPORT} at ${LINESPEED}"
$exec pppd $opts ${MODEMPORT} ${LINESPEED} \
ipparam ${DEVNAME} linkname ${DEVNAME} call ${DEVNAME}\
noauth \
${PPPOPTIONS} || exit
if [ "${DEMAND}" = "yes" ] ; then
# pppd is a tad slow to write the pid-file.
sleep 2
if [ -f /var/run/ppp-${DEVNAME}.pid ] ; then
REALDEVICE=$(tail -1 /var/run/ppp-${DEVNAME}.pid)
/etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
fi
fi

@ -6,9 +6,65 @@
#
# This file should not be modified -- make local changes to
# /etc/ppp/ipv6-down.local instead
#
#
# Taken from:
# (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
#
# You will find more information on the initscripts-ipv6 homepage at
# http://www.deepspace6.net/projects/initscripts-ipv6.html
#
# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
#
# Calling parameters:
# $1: interface name
# $6: logical interface name (set by pppd option ipparam)
#
# Version 2006-08-02
#
# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
# IPV6INIT=yes|no: controls IPv6 configuration for this interface
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] && /etc/ppp/ipv6-down.initscripts "$@"
LOGDEVICE=$6
REALDEVICE=$1
[ -f /etc/sysconfig/network ] || exit 0
. /etc/sysconfig/network
cd /etc/sysconfig/network-scripts
. ./network-functions
CONFIG=$LOGDEVICE
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
. /etc/sysconfig/network-scripts/network-functions-ipv6
[ -x /etc/ppp/ipv6-down.local ] && /etc/ppp/ipv6-down.local "$@"
if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
# Control running radvd
ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
fi
# IPv6 test, no module loaded, exit if system is not IPv6-ready
ipv6_test testonly || exit 0
# Test device status
ipv6_test_device_status $REALDEVICE
if [ $? != 0 -a $? != 11 ]; then
# device doesn't exist or other problem occurs
exit 1
fi
# Delete all current configured IPv6 addresses on this interface
ipv6_cleanup_device $REALDEVICE
exit 0

@ -1,56 +0,0 @@
#!/bin/sh
#
#
# Taken from:
# (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
#
# You will find more information on the initscripts-ipv6 homepage at
# http://www.deepspace6.net/projects/initscripts-ipv6.html
#
# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
#
# Calling parameters:
# $1: interface name
# $6: logical interface name (set by pppd option ipparam)
#
# Version 2006-08-02
#
# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
# IPV6INIT=yes|no: controls IPv6 configuration for this interface
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
LOGDEVICE=$6
REALDEVICE=$1
[ -f /etc/sysconfig/network ] || exit 0
. /etc/sysconfig/network
cd /etc/sysconfig/network-scripts
. ./network-functions
CONFIG=$LOGDEVICE
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
. /etc/sysconfig/network-scripts/network-functions-ipv6
if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
# Control running radvd
ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
fi
# IPv6 test, no module loaded, exit if system is not IPv6-ready
ipv6_test testonly || exit 0
# Test device status
ipv6_test_device_status $REALDEVICE
if [ $? != 0 -a $? != 11 ]; then
# device doesn't exist or other problem occurs
exit 1
fi
# Delete all current configured IPv6 addresses on this interface
ipv6_cleanup_device $REALDEVICE

@ -7,8 +7,105 @@
# This file should not be modified -- make local changes to
# /etc/ppp/ipv6-up.local instead
#
# Taken from:
# (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
#
# You will find more information on the initscripts-ipv6 homepage at
# http://www.deepspace6.net/projects/initscripts-ipv6.html
#
# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
#
# Calling parameters:
# $1: interface name
# $6: logical interface name (set by pppd option ipparam)
#
#
# Version: 2006-08-02
#
# Uses following information from "/etc/sysconfig/network":
# IPV6_DEFAULTDEV=<device>: controls default route (optional)
#
# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
# IPV6INIT=yes|no: controls IPv6 configuration for this interface
# IPV6ADDR=<IPv6 address>[/<prefix length>]: specify primary static IPv6 address
# IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional)
# IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link (optional)
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
LOGDEVICE=$6
REALDEVICE=$1
[ -f /etc/sysconfig/network ] || exit 0
. /etc/sysconfig/network
cd /etc/sysconfig/network-scripts
. ./network-functions
. ./network-functions-ipv6
CONFIG=$LOGDEVICE
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
# Test whether IPv6 configuration is disabled for this interface
[[ "$IPV6INIT" = [nN0]* ]] && exit 0
[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
. /etc/sysconfig/network-scripts/network-functions-ipv6
# IPv6 test, module loaded, exit if system is not IPv6-ready
ipv6_test || exit 1
# Test device status
ipv6_test_device_status $REALDEVICE
if [ $? != 0 -a $? != 11 ]; then
# device doesn't exist or other problem occurs
exit 1
fi
# Setup IPv6 address on specified interface
if [ -n "$IPV6ADDR" ]; then
ipv6_add_addr_on_device $REALDEVICE $IPV6ADDR || exit 1
fi
# Set IPv6 MTU, if given
if [ -n "$IPV6_MTU" ]; then
ipv6_set_mtu $REALDEVICE $IPV6_MTU
fi
# Setup additional IPv6 addresses from list, if given
if [ -n "$IPV6ADDR_SECONDARIES" ]; then
for ipv6addr in $IPV6ADDR_SECONDARIES; do
ipv6_add_addr_on_device $REALDEVICE $ipv6addr
done
fi
# Setup default IPv6 route through device
if [ "$IPV6_DEFAULTDEV" = "$LOGDEVICE" ]; then
ipv6_set_default_route "" "$REALDEVICE" "$REALDEVICE"
fi
# Setup additional static IPv6 routes on specified interface, if given
if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
ipv6_add_route $args $REALDEVICE
done
fi
# Setup additional static IPv6 routes (newer config style)
if [ -f "/etc/sysconfig/network-scripts/route6-$DEVICE" ]; then
sed -ne 's/#.*//' -e '/[^[:space:]]/p' "/etc/sysconfig/network-scripts/route6-$DEVICE" | while read line; do
/sbin/ip -6 route add $line
done
fi
[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] && /etc/ppp/ipv6-up.initscripts "$@"
if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
# Control running radvd
ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
fi
[ -x /etc/ppp/ipv6-up.local ] && /etc/ppp/ipv6-up.local "$@"

@ -1,99 +0,0 @@
#!/bin/sh
# Taken from:
# (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
#
# You will find more information on the initscripts-ipv6 homepage at
# http://www.deepspace6.net/projects/initscripts-ipv6.html
#
# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
#
# Calling parameters:
# $1: interface name
# $6: logical interface name (set by pppd option ipparam)
#
#
# Version: 2006-08-02
#
# Uses following information from "/etc/sysconfig/network":
# IPV6_DEFAULTDEV=<device>: controls default route (optional)
#
# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
# IPV6INIT=yes|no: controls IPv6 configuration for this interface
# IPV6ADDR=<IPv6 address>[/<prefix length>]: specify primary static IPv6 address
# IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional)
# IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link (optional)
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
LOGDEVICE=$6
REALDEVICE=$1
[ -f /etc/sysconfig/network ] || exit 0
. /etc/sysconfig/network
cd /etc/sysconfig/network-scripts
. ./network-functions
. ./network-functions-ipv6
CONFIG=$LOGDEVICE
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
# Test whether IPv6 configuration is disabled for this interface
[[ "$IPV6INIT" = [nN0]* ]] && exit 0
[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
. /etc/sysconfig/network-scripts/network-functions-ipv6
# IPv6 test, module loaded, exit if system is not IPv6-ready
ipv6_test || exit 1
# Test device status
ipv6_test_device_status $REALDEVICE
if [ $? != 0 -a $? != 11 ]; then
# device doesn't exist or other problem occurs
exit 1
fi
# Setup IPv6 address on specified interface
if [ -n "$IPV6ADDR" ]; then
ipv6_add_addr_on_device $REALDEVICE $IPV6ADDR || exit 1
fi
# Set IPv6 MTU, if given
if [ -n "$IPV6_MTU" ]; then
ipv6_set_mtu $REALDEVICE $IPV6_MTU
fi
# Setup additional IPv6 addresses from list, if given
if [ -n "$IPV6ADDR_SECONDARIES" ]; then
for ipv6addr in $IPV6ADDR_SECONDARIES; do
ipv6_add_addr_on_device $REALDEVICE $ipv6addr
done
fi
# Setup default IPv6 route through device
if [ "$IPV6_DEFAULTDEV" = "$LOGDEVICE" ]; then
ipv6_set_default_route "" "$REALDEVICE" "$REALDEVICE"
fi
# Setup additional static IPv6 routes on specified interface, if given
if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
ipv6_add_route $args $REALDEVICE
done
fi
# Setup additional static IPv6 routes (newer config style)
if [ -f "/etc/sysconfig/network-scripts/route6-$DEVICE" ]; then
sed -ne 's/#.*//' -e '/[^[:space:]]/p' "/etc/sysconfig/network-scripts/route6-$DEVICE" | while read line; do
/sbin/ip -6 route add $line
done
fi
if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
# Control running radvd
ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
fi

@ -0,0 +1,29 @@
From ab8b06cdc1075abc67f77e7c3bb684e20071d614 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 10 Apr 2014 10:09:41 +0200
Subject: [PATCH 25/27] pppd: install pppd binary using standard perms (755)
---
pppd/Makefile.linux | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 0e8107f..534ccc2 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -223,10 +223,10 @@ all: $(TARGETS)
install: pppd
mkdir -p $(BINDIR) $(MANDIR)
$(EXTRAINSTALL)
- $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
+ $(INSTALL) -c -m 755 pppd $(BINDIR)/pppd
if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
chmod o-rx,u+s $(BINDIR)/pppd; fi
- $(INSTALL) -c -m 444 pppd.8 $(MANDIR)
+ $(INSTALL) -c -m 644 pppd.8 $(MANDIR)
pppd: $(PPPDOBJS)
$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
--
1.8.3.1

@ -0,0 +1,143 @@
From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 12:23:36 +0200
Subject: [PATCH 12/27] pppd: we don't want to accidentally leak fds
---
pppd/auth.c | 20 ++++++++++----------
pppd/options.c | 2 +-
pppd/sys-linux.c | 4 ++--
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/pppd/auth.c b/pppd/auth.c
index 4271af6..9e957fa 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -428,7 +428,7 @@ setupapfile(argv)
free(fname);
return 0;
}
- ufile = fopen(fname, "r");
+ ufile = fopen(fname, "re");
if (seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
filename = _PATH_UPAPFILE;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL) {
error("Can't open PAP password file %s: %m", filename);
@@ -1512,7 +1512,7 @@ null_login(unit)
if (ret <= 0) {
filename = _PATH_UPAPFILE;
addrs = NULL;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
}
filename = _PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
check_access(f, filename);
@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
}
filename = _PATH_UPAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
}
filename = _PATH_CHAPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
struct wordlist *addrs;
filename = _PATH_SRPFILE;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return 0;
@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
addrs = NULL;
secbuf[0] = 0;
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL) {
error("Can't open chap secret file %s: %m", filename);
return 0;
@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
filename = _PATH_SRPFILE;
addrs = NULL;
- fp = fopen(filename, "r");
+ fp = fopen(filename, "re");
if (fp == NULL) {
error("Can't open srp secret file %s: %m", filename);
return 0;
@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
*/
if (word[0] == '@' && word[1] == '/') {
strlcpy(atfile, word+1, sizeof(atfile));
- if ((sf = fopen(atfile, "r")) == NULL) {
+ if ((sf = fopen(atfile, "re")) == NULL) {
warn("can't open indirect secret file %s", atfile);
continue;
}
diff --git a/pppd/options.c b/pppd/options.c
index 45fa742..1d754ae 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
option_error("unable to drop privileges to open %s: %m", filename);
return 0;
}
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
err = errno;
if (check_prot && seteuid(euid) == -1)
fatal("unable to regain privileges");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 72a7727..8a12fa0 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
/* Default the mount location of /proc */
strlcpy (proc_path, "/proc", sizeof(proc_path));
proc_path_len = 5;
- fp = fopen(MOUNTED, "r");
+ fp = fopen(MOUNTED, "re");
if (fp != NULL) {
while ((mntent = getmntent(fp)) != NULL) {
if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
@@ -1472,7 +1472,7 @@ static int open_route_table (void)
close_route_table();
path = path_to_procfs("/net/route");
- route_fd = fopen (path, "r");
+ route_fd = fopen (path, "re");
if (route_fd == NULL) {
error("can't open routing table %s: %m", path);
return 0;
--
1.8.3.1

@ -0,0 +1,99 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 6a4b897..8f29c1f 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -12,6 +12,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
INCDIR = $(DESTDIR)/include
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)
TARGETS = pppd
@@ -93,7 +94,7 @@ INCLUDE_DIRS= -I../include
COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
-CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
+CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -DLIBDIR=\""$(LIBDIR)"\"
ifdef CHAPMS
CFLAGS += -DCHAPMS=1
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
index 524d608..c7eadbb 100644
--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
@@ -62,7 +62,7 @@
#ifdef PLUGIN
#ifdef __STDC__
-#define _PATH_PLUGIN DESTDIR "/lib/pppd/" VERSION
+#define _PATH_PLUGIN LIBDIR "/pppd/" VERSION
#else /* __STDC__ */
#define _PATH_PLUGIN "/usr/lib/pppd"
#endif /* __STDC__ */
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 6403e3d..f42d18c 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -5,7 +5,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS_SHARED = -shared
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index d3a8086..c2aff0c 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index c415ce3..d3b7392 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -18,7 +18,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
-LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 1aa1c0b..e4442f9 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)/@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 489aef2..d2ef044 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -9,7 +9,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)

@ -0,0 +1,21 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index e77373e..07df6a7 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -68,14 +68,14 @@ USE_TDB=y
#SYSTEMD=y
HAS_SHADOW=y
-#USE_PAM=y
+USE_PAM=y
HAVE_INET6=y
# Enable plugins
PLUGIN=y
# Enable Microsoft proprietary Callback Control Protocol
-#CBCP=y
+CBCP=y
# Enable EAP SRP-SHA1 authentication (requires libsrp)
#USE_SRP=y

@ -0,0 +1,17 @@
diff --git a/configure b/configure
index f977663..c7031c2 100755
--- a/configure
+++ b/configure
@@ -121,9 +121,9 @@ mkmkf() {
rm -f $2
if [ -f $1 ]; then
echo " $2 <= $1"
- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
+ sed -e "s|@DESTDIR@|$DESTDIR|g" -e "s|@SYSCONF@|$SYSCONF|g" \
+ -e "s|@CROSS_COMPILE@|$CROSS_COMPILE|g" -e "s|@CC@|$CC|g" \
+ -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2
fi
}

@ -0,0 +1,241 @@
From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 13:56:34 +0200
Subject: [PATCH 13/27] everywhere: O_CLOEXEC harder
---
pppd/eap.c | 2 +-
pppd/main.c | 4 ++--
pppd/options.c | 4 ++--
pppd/sys-linux.c | 22 +++++++++++-----------
pppd/tdb.c | 4 ++--
pppd/tty.c | 4 ++--
pppd/utils.c | 6 +++---
7 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/pppd/eap.c b/pppd/eap.c
index 6ea6c1f..faced53 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -1226,7 +1226,7 @@ mode_t modebits;
if ((path = name_of_pn_file()) == NULL)
return (-1);
- fd = open(path, modebits, S_IRUSR | S_IWUSR);
+ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
err = errno;
free(path);
errno = err;
diff --git a/pppd/main.c b/pppd/main.c
index 6d50d1b..4880377 100644
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -420,7 +420,7 @@ main(argc, argv)
die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */
- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
+ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
if (fd_devnull < 0)
fatal("Couldn't open %s: %m", _PATH_DEVNULL);
while (fd_devnull <= 2) {
@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
if (log_to_fd >= 0)
errfd = log_to_fd;
else
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
++conn_running;
pid = safe_fork(in, out, errfd);
diff --git a/pppd/options.c b/pppd/options.c
index 1d754ae..8e62635 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -1544,9 +1544,9 @@ setlogfile(argv)
option_error("unable to drop permissions to open %s: %m", *argv);
return 0;
}
- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
+ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
if (fd < 0 && errno == EEXIST)
- fd = open(*argv, O_WRONLY | O_APPEND);
+ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
err = errno;
if (!privileged_option && seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 8a12fa0..00a2cf5 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
goto err;
}
dbglog("using channel %d", chindex);
- fd = open("/dev/ppp", O_RDWR);
+ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (fd < 0) {
error("Couldn't reopen /dev/ppp: %m");
goto err;
@@ -619,7 +619,7 @@ static int make_ppp_unit()
dbglog("in make_ppp_unit, already had /dev/ppp open?");
close(ppp_dev_fd);
}
- ppp_dev_fd = open("/dev/ppp", O_RDWR);
+ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (ppp_dev_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
flags = fcntl(ppp_dev_fd, F_GETFL);
@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
if (!new_style_driver)
return -1;
- master_fd = open("/dev/ppp", O_RDWR);
+ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (master_fd < 0)
fatal("Couldn't open /dev/ppp: %m");
if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
if (tune_kernel) {
forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
if (forw_path != 0) {
- int fd = open(forw_path, O_WRONLY);
+ int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
if (fd >= 0) {
if (write(fd, "1", 1) != 1)
error("Couldn't enable IP forwarding: %m");
@@ -2030,7 +2030,7 @@ int ppp_available(void)
sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
kernel_version = KVERSION(osmaj, osmin, ospatch);
- fd = open("/dev/ppp", O_RDWR);
+ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
if (fd >= 0) {
new_style_driver = 1;
@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
#if __GLIBC__ >= 2
updwtmp(_PATH_WTMP, &ut);
#else
- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
+ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
if (wtmp >= 0) {
flock(wtmp, LOCK_EX);
@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
int fd;
path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
+ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
if (write(fd, "1", 1) != 1)
error("Couldn't enable dynamic IP addressing: %m");
close(fd);
@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
/*
* Try the unix98 way first.
*/
- mfd = open("/dev/ptmx", O_RDWR);
+ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
if (mfd >= 0) {
int ptn;
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
warn("Couldn't unlock pty slave %s: %m", pty_name);
#endif
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
{
warn("Couldn't open pty slave %s: %m", pty_name);
close(mfd);
@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
for (i = 0; i < 64; ++i) {
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
'p' + i / 16, i % 16);
- mfd = open(pty_name, O_RDWR, 0);
+ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
if (mfd >= 0) {
pty_name[5] = 't';
- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
+ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
if (sfd >= 0) {
fchown(sfd, uid, -1);
fchmod(sfd, S_IRUSR | S_IWUSR);
diff --git a/pppd/tdb.c b/pppd/tdb.c
index bdc5828..c7ab71c 100644
--- a/pppd/tdb.c
+++ b/pppd/tdb.c
@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
goto internal;
}
- if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
name, strerror(errno)));
goto fail; /* errno set by open(2) */
@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
}
if (close(tdb->fd) != 0)
TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
+ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
if (tdb->fd == -1) {
TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
goto fail;
diff --git a/pppd/tty.c b/pppd/tty.c
index d571b11..bc96695 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -569,7 +569,7 @@ int connect_tty()
status = EXIT_OPEN_FAILED;
goto errret;
}
- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
+ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
err = errno;
if (prio < OPRIO_ROOT && seteuid(0) == -1)
fatal("Unable to regain privileges");
@@ -723,7 +723,7 @@ int connect_tty()
if (connector == NULL && modem && devnam[0] != 0) {
int i;
for (;;) {
- if ((i = open(devnam, O_RDWR)) >= 0)
+ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
break;
if (errno != EINTR) {
error("Failed to reopen %s: %m", devnam);
diff --git a/pppd/utils.c b/pppd/utils.c
index 29bf970..6051b9a 100644
--- a/pppd/utils.c
+++ b/pppd/utils.c
@@ -918,14 +918,14 @@ lock(dev)
slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
#endif
- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
+ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
if (errno != EEXIST) {
error("Can't create lock file %s: %m", lock_file);
break;
}
/* Read the lock file to find out who has the device locked. */
- fd = open(lock_file, O_RDONLY, 0);
+ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) {
if (errno == ENOENT) /* This is just a timing problem. */
continue;
@@ -1004,7 +1004,7 @@ relock(pid)
if (lock_file[0] == 0)
return -1;
- fd = open(lock_file, O_WRONLY, 0);
+ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
if (fd < 0) {
error("Couldn't reopen lock file %s: %m", lock_file);
lock_file[0] = 0;
--
1.8.3.1

@ -1,49 +0,0 @@
From 7f89208b860ea0c41636410bfdb6a609b2772f47 Mon Sep 17 00:00:00 2001
From: Eivind Naess <eivnaes@yahoo.com>
Date: Sun, 23 Apr 2023 11:37:01 -0700
Subject: [PATCH] Closes #411, Fixing up parsing in radiusclient.conf
Adding curly braces to fix the code.
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
---
pppd/plugins/radius/config.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c
index 39744fca1..e1a481487 100644
--- a/pppd/plugins/radius/config.c
+++ b/pppd/plugins/radius/config.c
@@ -235,24 +235,28 @@ int rc_read_config(char *filename)
switch (option->type) {
case OT_STR:
- if (set_option_str(filename, line, option, p) < 0)
+ if (set_option_str(filename, line, option, p) < 0) {
fclose(configfd);
return (-1);
+ }
break;
case OT_INT:
- if (set_option_int(filename, line, option, p) < 0)
+ if (set_option_int(filename, line, option, p) < 0) {
fclose(configfd);
return (-1);
+ }
break;
case OT_SRV:
- if (set_option_srv(filename, line, option, p) < 0)
+ if (set_option_srv(filename, line, option, p) < 0) {
fclose(configfd);
return (-1);
+ }
break;
case OT_AUO:
- if (set_option_auo(filename, line, option, p) < 0)
+ if (set_option_auo(filename, line, option, p) < 0) {
fclose(configfd);
return (-1);
+ }
break;
default:
fatal("rc_read_config: impossible case branch!");

@ -1,51 +0,0 @@
diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add
index b93590e..8889cb6 100644
--- a/scripts/ip-down.local.add
+++ b/scripts/ip-down.local.add
@@ -9,12 +9,13 @@
#
# Nick Walker (nickwalker@email.com)
#
+. /etc/sysconfig/network-scripts/network-functions
if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
if [ -f /etc/ppp/resolv.prev ]; then
- cp -f /etc/ppp/resolv.prev /etc/resolv.conf
+ change_resolv_conf /etc/ppp/resolv.prev
else
- rm -f /etc/resolv.conf
+ change_resolv_conf
fi
fi
diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
index 8017209..5ced496 100644
--- a/scripts/ip-up.local.add
+++ b/scripts/ip-up.local.add
@@ -9,16 +9,22 @@
#
# Nick Walker (nickwalker@email.com)
#
+. /etc/sysconfig/network-scripts/network-functions
if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
rm -f /etc/ppp/resolv.prev
if [ -f /etc/resolv.conf ]; then
cp /etc/resolv.conf /etc/ppp/resolv.prev
- grep domain /etc/ppp/resolv.prev > /etc/resolv.conf
- grep search /etc/ppp/resolv.prev >> /etc/resolv.conf
- cat /etc/ppp/resolv.conf >> /etc/resolv.conf
+ rscf=/etc/ppp/resolv.new
+ grep domain /etc/ppp/resolv.prev > $rscf
+ grep search /etc/ppp/resolv.prev >> $rscf
+ if [ -f /etc/ppp/resolv.conf ]; then
+ cat /etc/ppp/resolv.conf >> $rscf
+ fi
+ change_resolv_conf $rscf
+ rm -f $rscf
else
- cp /etc/ppp/resolv.conf /etc
+ change_resolv_conf /etc/ppp/resolv.conf
fi
fi

@ -1 +1,2 @@
d /run/pppd/lock 0755 root root
d /run/ppp 0755 root root
d /run/lock/ppp 0755 root root

@ -1,26 +1,10 @@
%global _hardened_build 1
Name: ppp
# Please be careful when bumping the ppp version. Several packages
# have version-tied dependencies on it, including NetworkManager-ppp
# (from NetworkManager) and NetworkManager-pptp , which are core
# packages. They may need code changes to build against new ppp
# versions. Please only bump ppp on a side tag and ensure it also
# contains rebuilds of at least those two packages before merging.
# Several other less important packages are also tied to the ppp
# version, as of 2023-04-19 the list is:
# NetworkManager-fortisslvpn
# NetworkManager-l2tp
# NetworkManager-ppp
# NetworkManager-pptp
# NetworkManager-sstp
# sstp-client
# These all need to be patched (if necessary) and rebuilt for new
# versions of ppp.
Version: 2.5.0
Release: 13%{?dist}
Version: 2.4.9
Release: 5%{?dist}
Summary: The Point-to-Point Protocol daemon
License: bsd-3-clause AND zlib AND licenseref-fedora-public-domain AND bsd-attribution-hpnd-disclaimer AND bsd-4.3tahoe AND bsd-4-clause-uc AND apache-2.0 AND lgpl-2.0-or-later AND (gpl-2.0-or-later OR bsd-2-clause OR bsd-3-clause OR bsd-4-clause) AND gpl-2.0-or-later AND xlock AND gpl-1.0-or-later AND mackerras-3-clause-acknowledgment AND mackerras-3-clause AND hpnd-fenneberg-Livingston AND sun-ppp AND hpnd-inria-imag AND sun-ppp-2000
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
URL: http://www.samba.org/ppp
Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz
@ -33,43 +17,37 @@ Source6: ip-up
Source7: ip-up.ipv6to4
Source8: ipv6-down
Source9: ipv6-up
Source10: ifup-ppp
Source11: ifdown-ppp
Source12: ppp-watch.tar.xz
Source13: ipv6-up.initscripts
Source14: ipv6-down.initscripts
# Fedora-specific
Patch0: ppp-2.5.0-use-change-resolv-function.patch
Patch0002: ppp-2.4.9-config.patch
Patch0004: 0004-doc-add-configuration-samples.patch
Patch0005: ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
Patch0006: 0006-scritps-use-change_resolv_conf-function.patch
Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
Patch0013: ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
Patch0026: ppp-2.4.9-configure-cflags-allow-commas.patch
# https://github.com/ppp-project/ppp/commit/7f89208b860ea0c41636410bfdb6a609b2772f47
Patch1: ppp-2.5.0-radiusclient-parser-fix.patch
BuildRequires: libtool
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: make
BuildRequires: gcc
BuildRequires: pam-devel
BuildRequires: libpcap-devel
BuildRequires: systemd
BuildRequires: systemd-devel
BuildRequires: glib2-devel
BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
BuildRequires: openssl-devel
%if %{defined rhel}
Provides: bundled(linux-atm) = 2.4.1
%else
BuildRequires: linux-atm-libs-devel
%endif
Requires: glibc >= 2.0.6
Requires: /etc/pam.d/system-auth
Requires: libpcap >= 14:0.8.3-6
Requires: systemd
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
Requires(pre): /usr/bin/getent
Requires(pre): /usr/sbin/groupadd
# Subpackage removed and obsoleted in F40
Obsoletes: network-scripts-ppp < %{version}-%{release}
%description
The ppp package contains the PPP (Point-to-Point Protocol) daemon and
documentation for PPP support. The PPP protocol provides a method for
@ -77,28 +55,35 @@ transmitting datagrams over serial point-to-point links. PPP is
usually used to dial in to an ISP (Internet Service Provider) or other
organization over a modem and phone line.
%package -n network-scripts-%{name}
Summary: PPP legacy network service support
Requires: network-scripts
Supplements: (%{name} and network-scripts)
%description -n network-scripts-%{name}
This provides the ifup and ifdown scripts for use with the legacy network
service.
%package devel
Summary: Headers for ppp plugin development
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconf-pkg-config
%description devel
This package contains the header files for building plugins for ppp.
%prep
%autosetup -p1 -n %{name}-%{name}-%{version}
%setup -qn %{name}-%{name}-%{version}
%autopatch -p1
tar -xJf %{SOURCE12}
%build
autoreconf -fi
export CFLAGS="%{build_cflags} -fno-strict-aliasing"
%configure --enable-systemd --enable-cbcp --with-pam --disable-openssl-engine
%make_build
%make_build -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"
%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
%{make_build} LDFLAGS="%{?build_ldflags} -pie"
%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"
%install
%make_install
make INSTROOT=%{buildroot} install install-etcppp
find scripts -type f | xargs chmod a-x
make ROOT=%{buildroot} -C ppp-watch install
@ -125,11 +110,14 @@ install -p %{SOURCE6} %{buildroot}%{_sysconfdir}/ppp/ip-up
install -p %{SOURCE7} %{buildroot}%{_sysconfdir}/ppp/ip-up.ipv6to4
install -p %{SOURCE8} %{buildroot}%{_sysconfdir}/ppp/ipv6-down
install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/ppp/ipv6-up
install -p %{SOURCE13} %{buildroot}%{_sysconfdir}/ppp/ipv6-down.initscripts
install -p %{SOURCE14} %{buildroot}%{_sysconfdir}/ppp/ipv6-up.initscripts
install -d %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/
install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
# ghosts
mkdir -p %{buildroot}%{_rundir}/pppd/lock
mkdir -p %{buildroot}%{_rundir}/ppp
mkdir -p %{buildroot}%{_rundir}/lock/ppp
%pre
/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
@ -151,10 +139,7 @@ mkdir -p %{buildroot}%{_rundir}/pppd/lock
%{_sysconfdir}/ppp/ip-up.ipv6to4
%{_sysconfdir}/ppp/ip-down.ipv6to4
%{_sysconfdir}/ppp/ipv6-up
%{_sysconfdir}/ppp/ipv6-up.initscripts
%{_sysconfdir}/ppp/ipv6-down
%{_sysconfdir}/ppp/ipv6-down.initscripts
%{_sysconfdir}/ppp/openssl.cnf
%{_mandir}/man8/chat.8*
%{_mandir}/man8/pppd.8*
%{_mandir}/man8/pppdump.8*
@ -164,8 +149,8 @@ mkdir -p %{buildroot}%{_rundir}/pppd/lock
%{_mandir}/man8/pppoe-discovery.8*
%{_mandir}/man8/ppp-watch.8*
%{_libdir}/pppd
%ghost %dir %{_rundir}/pppd
%ghost %dir %{_rundir}/pppd/lock
%ghost %dir %{_rundir}/ppp
%ghost %dir %{_rundir}/lock/ppp
%dir %{_sysconfdir}/logrotate.d
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
@ -177,79 +162,25 @@ mkdir -p %{buildroot}%{_rundir}/pppd/lock
%config(noreplace) %{_sysconfdir}/logrotate.d/ppp
%{_tmpfilesdir}/ppp.conf
%files -n network-scripts-%{name}
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
%files devel
%{_includedir}/pppd
%doc PLUGINS
%{_libdir}/pkgconfig/pppd.pc
%changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.5.0-13
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.5.0-12
- Rebuilt for MSVSphere 10
* Thu Jun 27 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-12
- Fixed radiusclient parser
Resolves: RHEL-44665
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.5.0-11
- Bump release for June 2024 mass rebuild
* Wed Jun 12 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-10
- Openssl engine API is deprecated for a while thus disable it
Resolves: RHEL-33746
* Thu May 9 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-9
- Pre-created upstream default lock dir
Resolves: RHEL-35977
* Sun Apr 14 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-8
- Added missing and recently approved SPDX licenses
* Wed Feb 21 2024 Kalev Lember <klember@redhat.com> - 2.5.0-7
- Obsolete dropped network-scripts-ppp subpackage
* Tue Feb 13 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-6
- Dropped network scripts
* Wed Jan 24 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-5
- Converted license to SPDX
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Jul 25 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 2.5.0-3
- Use bundled ATM in RHEL builds
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Apr 13 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2.5.0-1
- New version
Resolves: rhbz#2184291
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Apr 05 2022 Marcin Zajaczkowski <mszpak ATT wp DOTT pl> - 2.4.9-7
- Backport patches from master for SSTP to connect using EAP-TLS to Azure VnetGWay and Windows RAS server
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4.9-5
- Rebuilt with OpenSSL 3.0.0
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon Mar 8 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-3
- Keep lock files in /var/lock (https://github.com/ppp-project/ppp/pull/227)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Loading…
Cancel
Save