- Update to version 2.5.2:

* Some old and probably unused code has been removed, notably
    the pppgetpass program and the passprompt plugin, and some of
    the files in the sample and scripts directories.
  * If a remote number has been set, it is available to scripts in
    the REMOTENUMBER environment variable.
  * Various other bug fixes and minor enhancements.
- Obsoleted patches:
  * ppp-fix-bashisms.patch

- Update to version 2.5.1:
  * Pppd can now measure and log the round-trip time (RTT) of LCP
    echo-requests and record them in a binary file structured as a
    circular buffer.  Other programs or scripts can examine the
    file and provide real-time statistics on link latency.
    This is enabled by a new "lcp-rtt-file" option.
  * New scripts net-init, net-pre-up and net-down are executed in
    the process of bringing the network interface up and down.
    They provide additional, more deterministic ways for pppd to
    interact with the rest of the networking configuration.
  * New options have been added to allow the system administrator
    to set the location of various scripts and secrets files.
  * A new "noresolvconf" option tells pppd not to write the
    /etc/ppp/resolv.conf file; DNS server addresses, if obtained
    from the peer, are still passed to scripts in the environment.
  * Pppd will now create the directory for the TDB connection
    database if it doesn't already exist.
- Obsoleted patches:
  * ppp-mkdir-run.patch
  * ppp-pidfiles.patch

OBS-URL: https://build.opensuse.org/package/show/network/ppp?expand=0&rev=86

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

chap-secrets.template

@@ -0,0 +1,18 @@
+# Secrets for authentication using CHAP
+# client	server		secret		IP addresses
+
+# OUTBOUND CONNECTIONS
+# Here you should add your PPP Login and PPP password to connect to your
+# provider via pap. The * means that the entry(login and passoword may be
+# used for ANY host you connect to.
+# Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+#hostname	*	password
+
+# PREDIFINED CONNECTIONS
+# These are user and password entries for publically accessible call-by-call
+# Internet providers in Germany. If they confict with your config, remove them.
+# READ_IN_CALLBYCALL_SECRETS
+
+# INBOUND CONNECTIONS
+#client		hostname	<password>	192.168.1.1

filters

@@ -0,0 +1,14 @@
+#
+# These filter rules should prevent unwanted internet services to
+# keep your connections up by ignoring their connection requests
+# and your 'go way' responses.
+#
+# This file should be included by the line 'file /etc/ppp/filters' in
+# /etc/ppp/options.
+#
+# Note: This has nothing to do with firewall rules. It only affects
+# the idle time calculation of the kernel/pppd.
+#
+
+active-filter 'outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0'
+

modem-peers

@@ -0,0 +1,18 @@
+460800
+defaultroute
+usepeerdns
+crtscts
+lock
+noauth
+local
+persist
+modem
+nopcomp
+novjccomp
+nobsdcomp
+nodeflate
+noaccomp
+ipcp-accept-local
+ipcp-accept-remote
+noipdefault
+connect "/usr/sbin/chat -t10 -f /etc/ppp/chatscripts/modem.chat"

modem.chat

@@ -0,0 +1,19 @@
+ABORT 'BUSY'
+ABORT 'NO CARRIER'
+ABORT 'VOICE'
+ABORT 'NO DIALTONE'
+ABORT 'NO DIAL TONE'
+ABORT 'NO ANSWER'
+ABORT 'DELAYED'
+REPORT CONNECT
+TIMEOUT 5
+'' 'ATQ0'
+'OK-AT-OK' 'ATZ'
+TIMEOUT 3
+'OK-AT-OK' 'ATI'
+'OK' 'ATZ'
+'OK' 'ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0'
+'OK' 'AT\^SYSCFG=2,2,3fffffff,0,1'
+'OK-AT-OK' 'AT+CGDCONT=1,"IP","internet.mts.ru"'
+'OK' 'ATDT*99#'
+CONNECT

modem.rules

@@ -0,0 +1 @@
+KERNEL=="ttyACM[0-9]*", TAG+="systemd", ENV{SYSTEMD_WANTS}="modem@%n.service"

modem@.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Modem /dev/ttyACM%i
+BindsTo=dev-ttyACM%i.device
+After=dev-ttyACM%i.device
+Before=network.target
+
+[Service]
+Group=dialout
+ExecStart=/usr/sbin/pppd call modem /dev/ttyACM%i
+
+[Install]
+WantedBy=multi-user.target

options

@@ -0,0 +1,198 @@
+# /etc/ppp/options
+#
+# Not every option is listed here, see man pppd for more details.  This file
+# is read by the pppd, it is an error when it is not present.
+#
+# Use the following command to see the active options:
+# grep -v ^# /etc/ppp/options | grep -v ^$
+#
+
+# The name of this server. Often, the FQDN is used here.
+#name <host>
+
+# Enforce the use of the hostname as the name of the local system for
+# authentication purposes (overrides the name option).
+#usehostname
+
+# If no local IP address is given, pppd will use the first IP address
+# that belongs to the local hostname. If "noipdefault" is given, this
+# is disabled and the peer will have to supply an IP address.
+noipdefault
+
+# With this option, pppd will accept the peer's idea of our local IP
+# address, even if the local IP address was specified in an option.
+#ipcp-accept-local
+
+# With this option, pppd will accept the peer's idea of its (remote) IP
+# address, even if the remote IP address was specified in an option.
+#ipcp-accept-remote
+
+# Run the executable or shell command specified after pppd has terminated
+# the link.  This script could, for example, issue commands to the modem
+# to cause it to hang up if hardware modem control signals were not
+# available.
+# If mgetty is running, it will reset the modem anyway. So there is no need
+# to do it here.
+#disconnect "chat -- \d+++\d\c OK ath0 OK"
+
+# Increase debugging level (same as -d). The debug output is written
+# to syslog LOG_LOCAL2.
+#debug
+
+# Enable debugging code in the kernel-level PPP driver.  The argument n
+# is a number which is the sum of the following values: 1 to enable
+# general debug messages, 2 to request that the contents of received
+# packets be printed, and 4 to request that the contents of transmitted
+# packets be printed.
+#kdebug n
+
+# noauth means do not require the peer to authenticate itself, this must
+# be set if you want to use pppd to connect to the internet. In this case
+# *you* must authenicate yourself to the peer(internet provider), so do
+# not disable this setting unless you are the dial-in server which where
+# the peer has to autenticate to.
+noauth
+
+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+# on the serial port.
+crtscts
+
+# Specifies that pppd should use a UUCP-style lock on the serial device
+# to ensure exclusive access to the device.
+lock
+
+# Use the modem control lines.(is default)
+modem
+# The opposite: local
+#
+# Description:
+# Don't use the modem control lines.  With this option, pppd will ignore the
+# state of the CD (Carrier Detect) signal from the modem and will not change
+# the state of the DTR (Data Terminal Ready) signal.
+#
+# You need to disable modem and enable local if you want to connect to anoter
+# system without using a modem:
+#local
+
+# async character map -- 32-bit hex; each bit is a character
+# that needs to be escaped for pppd to receive it.  0x00000001
+# represents '\x01', and 0x80000000 represents '\x1f'.
+# To allow pppd to work over a rlogin/telnet connection, ou should escape
+# XON (^Q), XOFF  (^S) and ^]: (The peer should use "escape ff".)
+#asyncmap  200a0000
+asyncmap 0
+
+# needed for some ISDN Terminaladaters, namely ELSA, those seem to have
+# problems with asyncmap negotiation, so you can turn off this procedure
+# in case your ISDN box has trouble with it, by enabling this option.
+# You have to disable the asyncmap <x> option to be sure to have it
+# active. If you use wvdial, set the ISDN parameter in /etc/wvdial.conf
+# instead.
+#default-asyncmap
+
+# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
+# will ask the peer to send packets of no more than <n> bytes. The
+# minimum MRU value is 128.  The default MRU value is 1500.  A value of
+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
+# bytes of data). The value 1492 is for DSL connections (PPP Default -
+# PPPoE Header: 1500 - 8 = 1492)
+# mru 1492
+
+# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
+# requests a smaller value via MRU negotiation, pppd will request that
+# the kernel networking code send data packets of no more than n bytes
+# through the PPP network interface. The value 1492 is for DSL connections
+# (PPP Default - PPPoE Header: 1500 - 8 = 1492)
+# mtu 1492
+
+# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+# notation (e.g. 255.255.255.0).
+#netmask 255.255.255.0
+
+# Don't fork to become a background process (otherwise pppd will do so
+# if a serial device is specified).
+nodetach
+
+# If this option is given, pppd will send an LCP echo-request frame to
+# the peer every n seconds. Normally the peer should respond to the
+# echo-request by sending an echo-reply.  This option can be used with
+# the lcp-echo-failure option to detect that the peer is no longer
+# connected.
+lcp-echo-interval 30
+
+# If this option is given, pppd will presume the peer to be dead if n
+# LCP echo-requests are sent without receiving a valid LCP echo-reply.
+# If this happens, pppd will terminate the connection.  Use of this
+# option requires a non-zero value for the lcp-echo-interval parameter.
+# This option can be used to enable pppd to terminate after the physical
+# connection has been broken (e.g., the modem has hung up) in
+# situations where no hardware modem control lines are available.
+lcp-echo-failure 4
+
+# Send up to 60 LCP configure-request during negotiation. With a value
+# of 2 for lcp-restart below, this might take up to 2 minutes.
+lcp-max-configure 60
+
+# Resend unanswered LCP requests after 2 seconds.
+lcp-restart 2
+
+# Specifies that pppd should disconnect if the link is idle for n seconds.
+idle 600
+
+# Specifies the maximal number of attempts to connect to the server. This
+# is useful for dial on demand. Default value is 10.
+#maxfail 3
+
+# Disable the IPXCP and IPX protocols.
+noipx
+
+# In the file /etc/ppp/filters are some active-filter rules. See man pppd
+# and man tcpdump for more informations.
+file /etc/ppp/filters
+
+#-------------------------------------------------------------------------
+# The next two options are only interesting for you if you are admin of
+# a system with other users that use ppp, and those users are normally
+# never allowed to add default route, or you do not want users to
+# replace the default route.
+#-------------------------------------------------------------------------
+
+# enable this to prevent users from attempting to add a default route.
+# Use this option with caution: If the user needs to use a program like
+# wvdial, he will not be able to connect because wvdial forces defaulroute
+# but this is rejected by this option and the user will not be able to
+# connect to the internet.
+#nodefaultroute
+
+# enable this to prevent users from replacing an existing default route.
+#noreplacedefaultroute
+
+#-------------------------------------------------------------------------
+# All options below only make sense if you configure pppd to be a dial-in
+# server, so don't touch these if you want dial into your provider with
+# PPP!
+#-------------------------------------------------------------------------
+
+# Set the assumed name of the remote system for authentication purposes
+# to <n>.
+#remotename <n>
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system. {proxyarp,noproxyarp}
+#proxyarp
+
+# Use the system password database for authenticating the peer using
+# PAP. Note: mgetty already provides this option. If this is specified
+# then dialin from users using a script under Linux to fire up ppp wont work.
+#login
+
+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
+# Two Servers can be remotely configured
+#ms-dns 192.168.1.1
+#ms-dns 192.168.1.2
+
+# Specify which WINS Servers the incoming connection Win95 or WinNT should use
+#ms-wins 192.168.1.50
+#ms-wins 192.168.1.51
+

pap-secrets.template

@@ -0,0 +1,33 @@
+# Secrets for authentication using PAP
+# client	server	secret			IP addresses
+
+# OUTBOUND CONNECTIONS
+# Here you should add your PPP Login and PPP password to connect to your
+# provider via pap. The * means that the entry(login and passoword may be
+# used for ANY host you connect to.
+# Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+#hostname	*	password
+
+# PREDIFINED CONNECTIONS
+# These are user and password entries for publically accessible call-by-call
+# Internet providers in Germany. If they confict with your config, remove them.
+# READ_IN_CALLBYCALL_SECRETS
+
+# INBOUND CONNECTIONS
+#client		hostname	<password>	192.168.1.1
+
+# If you add "auth login -chap +pap" to /etc/mgetty+sendfax/login.config,
+# all users in /etc/passwd can use their password for pap-authentication.
+#
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+#*	hostname	""
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd! Replace hostname
+# with your local hostname.
+#guest		hostname	"*"	-
+#master		hostname	"*"	-
+#root		hostname	"*"	-
+#support	hostname	"*"	-
+#stats		hostname	"*"	-
+

ppp-2.5.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff
+size 1170057

ppp-2.5.0.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQFGBAABCAAwFiEEv0VLfXa2m9eKuaRpnZrqdyxjcZ8FAmQrvoQSHHBhdWx1c0Bv
+emxhYnMub3JnAAoJEJ2a6ncsY3Gfx+YH/3DJdp8pCZDaONwBADpWc9ttGAusH3k6
+fsOntaWKumy5HyJIF7h/ArDvYiAUeO3rgSckZS9o94u3OfkDxP4uf9AnGWBPzCir
+CAwUes6JIP23IHAI5uLnSqo72lGtsRNbh95H8PALobKGN/Im+CTi2j6FIx+Nnf2f
+6GRSJuw+OSRDzp+rJb1osAoUyuMnRpogXuQAAAeKJAHFDC+98vInQhDmwcu7wNWP
+rhR1PrviW8nIsikwRQQptCQNC35DVI3IYUg3L1o8Y2LU1ofF3gYtX7lDF7IthqLM
+pUPy+ddE8AsOiHOnKKIxzH9YFy9/xABQmtFLRJDAT24BHe1BCTyqniI=
+=4tVk
+-----END PGP SIGNATURE-----

ppp-2.5.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:47da358de54a10cb10bf6ff2cf9b1c03c0d3555518f6182e8f701b8e55733cb2
+size 973132

ppp-2.5.2.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEv0VLfXa2m9eKuaRpnZrqdyxjcZ8FAmdze4gACgkQnZrqdyxj
+cZ+crgf+IA+VDraa4/0+cnlvI/meqgia/K9nQG9JXt7cLouqNqwJyNV4j5RO8WxO
+x/iI2l7UMTMxYs3iRgm7GJwUTlt5m7jtV3pR9h1Vpu1Zco4POmCsL5dB8GLA4F2l
+AYvSTiK68rVCFsBurlqvL1ZTvXVHScKKFSbn8YjFHMJ5i3UHyCElaK2H2Bhpzqtx
+8+t4yaI0+N+M7xwiT+CZym+xWi02uhZS+dSUmHpMrEL7zQKEQE83aVY9sazo9Q4Y
+gKJ/TwTDnZQ/QqXraY7LlOSKxrzRQ3KyW6bJJlCE2sM3vW7TXXlYsy7OyLZmYAm5
+oJoo4hC03pxz6ycIqSPMax/A0BUfTA==
+=5RCg
+-----END PGP SIGNATURE-----

ppp-fix-bashisms.patch

@@ -0,0 +1,29 @@
+--- scripts/redialer.orig
++++ scripts/redialer
+@@ -31,7 +31,7 @@ PASSWORD=my_password
+ # Function to initialize the modem and ensure that it is in command
+ # state. This may not be needed, but it doesn't hurt.
+ #
+-function initialize
++initialize()
+ {
+     chat -v TIMEOUT 3 '' AT 'OK-+++\c-OK'
+     return
+@@ -41,7 +41,7 @@ function initialize
+ #
+ # Script to dial a telephone
+ #
+-function callnumber
++callnumber()
+ {
+ chat -v							\
+ 	ABORT		'\nBUSY\r'			\
+@@ -66,7 +66,7 @@ chat -v							\
+ #
+ # Script to dial any telephone number
+ #
+-function callall
++callall()
+ {
+ #   echo "dialing attempt number: $1" >/dev/console
+     callnumber $PHONE1

ppp-fork-fix.patch

@@ -0,0 +1,91 @@
+--- pppd/main.c.orig
++++ pppd/main.c
+@@ -1632,14 +1632,6 @@ ppp_safe_fork(int infd, int outfd, int e
+ 	int fd, pipefd[2];
+ 	char buf[1];
+ 
+-	/* make sure fds 0, 1, 2 are occupied (probably not necessary) */
+-	while ((fd = dup(fd_devnull)) >= 0) {
+-		if (fd > 2) {
+-			close(fd);
+-			break;
+-		}
+-	}
+-
+ 	if (pipe(pipefd) == -1)
+ 		pipefd[0] = pipefd[1] = -1;
+ 	pid = fork();
+@@ -1663,25 +1655,31 @@ ppp_safe_fork(int infd, int outfd, int e
+ 		tdb_close(pppdb);
+ #endif
+ 
+-	/* make sure infd, outfd and errfd won't get tromped on below */
+-	if (infd == 1 || infd == 2)
+-		infd = dup(infd);
+-	if (outfd == 0 || outfd == 2)
+-		outfd = dup(outfd);
+-	if (errfd == 0 || errfd == 1)
+-		errfd = dup(errfd);
+-
++        /* make sure fds 0, 1, 2 are occupied, so the duplicated  fds always > 2 */
++        while ((fd = dup(fd_devnull)) >= 0) {
++                if (fd > 2) {
++                        close(fd);
++                        break;
++                }
++        }
++
++        /* always copy fd's to avoid to use a already closed fd later */
++        {
++                int     fdi = infd, fdo = outfd;
++ 
++                infd = dup(infd);
++                outfd = dup(outfd);
++                if (errfd >= 0) {
++                        fd = errfd;
++                        errfd = dup(errfd);
++                        close(fd);
++                }
++                close(fdi);
++                close(fdo);
++        }
+ 	closelog();
+ 
+-	/* dup the in, out, err fds to 0, 1, 2 */
+-	if (infd != 0)
+-		dup2(infd, 0);
+-	if (outfd != 1)
+-		dup2(outfd, 1);
+-	if (errfd != 2)
+-		dup2(errfd, 2);
+-
+-	if (log_to_fd > 2)
++	if (log_to_fd > 0)
+ 		close(log_to_fd);
+ 	if (the_channel->close)
+ 		(*the_channel->close)();
+@@ -1689,12 +1687,18 @@ ppp_safe_fork(int infd, int outfd, int e
+ 		close(devfd);	/* some plugins don't have a close function */
+ 	close(fd_ppp);
+ 	close(fd_devnull);
+-	if (infd != 0)
+-		close(infd);
+-	if (outfd != 1)
+-		close(outfd);
+-	if (errfd != 2)
+-		close(errfd);
++
++	close(0);
++        dup2(infd, 0);
++        close(infd);
++        close(1);
++        dup2(outfd, 1);
++        close(outfd);
++        if (errfd >= 0) {
++                close(2);
++                dup2(errfd, 2);
++ 		close(errfd);
++	}
+ 
+ 	notify(fork_notifier, 0);
+ 	close(pipefd[0]);

ppp-misc.patch

@@ -0,0 +1,45 @@
+--- pppd/auth.c.orig
++++ pppd/auth.c
+@@ -2202,9 +2202,10 @@ check_access(FILE *f, char *filename)
+ 
+     if (fstat(fileno(f), &sbuf) < 0) {
+ 	warn("cannot stat secret file %s: %m", filename);
+-    } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
+-	warn("Warning - secret file %s has world and/or group access",
+-	     filename);
++    } else if ((sbuf.st_mode & S_IRWXO) != 0) {
++	warn("Warning - secret file %s has world access", filename);
++    } else if ((sbuf.st_mode & S_IRWXG) != 0 && sbuf.st_gid != 15) {
++	warn("Warning - secret file %s has group access", filename);
+     }
+ }
+ 
+--- pppd/lcp.c.orig
++++ pppd/lcp.c
+@@ -2330,7 +2330,7 @@ lcp_received_echo_reply (fsm *f, int id,
+     if (lcp_gotoptions[f->unit].neg_magicnumber
+ 	&& magic == lcp_gotoptions[f->unit].magicnumber) {
+ 	warn("appear to have received our own echo-reply!");
+-	return;
++	/* M$-Software did get this wrong so we also accept those packets. */
+     }
+ 
+     if (lcp_rtt_file_fd && len >= 16) {
+--- pppd/pppd-private.h.orig
++++ pppd/pppd-private.h
+@@ -552,15 +552,7 @@ int parse_dotted_ip(char *, u_int32_t *)
+ #define DEBUGCHAP	1
+ #endif
+ 
+-#ifndef LOG_PPP			/* we use LOG_LOCAL2 for syslog by default */
+-#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
+-  || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
+-  || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
+ #define LOG_PPP LOG_LOCAL2
+-#else
+-#define LOG_PPP LOG_DAEMON
+-#endif
+-#endif /* LOG_PPP */
+ 
+ #ifdef DEBUGMAIN
+ #define MAINDEBUG(x)	if (debug) dbglog x

ppp-mkdir-run.patch

@@ -0,0 +1,453 @@
+From b0e7307b3569a5dad0f2606d2736cc8317851598 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Date: Wed, 30 Aug 2023 11:46:01 +0900
+Subject: [PATCH 1/2] utils: add mkdir_recursive
+
+This will be used in the next commit.
+
+A test file for utils has also been added to check mkdir works as
+intended.
+
+Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+---
+ pppd/Makefile.am    |   6 ++
+ pppd/pppd-private.h |   1 +
+ pppd/utils.c        |  82 ++++++++++++++++++++++++++
+ pppd/utils_utest.c  | 139 ++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 228 insertions(+)
+ create mode 100644 pppd/utils_utest.c
+
+--- pppd/Makefile.am.orig
++++ pppd/Makefile.am
+@@ -20,6 +20,12 @@ utest_pppcrypt_LDFLAGS =
+ 
+ check_PROGRAMS += utest_crypto
+ 
++utest_utils_SOURCES = utils.c utils_utest.c
++utest_utils_CPPFLAGS = -DUNIT_TEST
++utest_utils_LDFLAGS =
++
++check_PROGRAMS += utest_utils
++
+ if WITH_SRP
+ sbin_PROGRAMS += srp-entry
+ dist_man8_MANS += srp-entry.8
+--- pppd/pppd-private.h.orig
++++ pppd/pppd-private.h
+@@ -437,6 +437,7 @@ int  sifproxyarp(int, u_int32_t);
+ int  cifproxyarp(int, u_int32_t);
+ 				/* Delete proxy ARP entry for peer */
+ u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */
++int  mkdir_recursive(const char *); /* Recursively create directory */
+ int  lock(char *);	/* Create lock file for device */
+ int  relock(int);		/* Rewrite lock file with new pid */
+ void unlock(void);	/* Delete previously-created lock file */
+--- pppd/utils.c.orig
++++ pppd/utils.c
+@@ -781,6 +781,88 @@ complete_read(int fd, void *buf, size_t
+ }
+ #endif
+ 
++/*
++ * mkdir_check - helper for mkdir_recursive, creates a directory
++ * but do not error on EEXIST if and only if entry is a directory
++ * The caller must check for errno == ENOENT if appropriate.
++ */
++static int
++mkdir_check(const char *path)
++{
++    struct stat statbuf;
++
++    if (mkdir(path, 0755) >= 0)
++	return 0;
++
++    if (errno == EEXIST) {
++	if (stat(path, &statbuf) < 0)
++	    /* got raced? */
++	    return -1;
++
++	if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
++	    return 0;
++
++	/* already exists but not a dir, treat as failure */
++	errno = EEXIST;
++	return -1;
++    }
++
++    return -1;
++}
++
++/*
++ * mkdir_parent - helper for mkdir_recursive, modifies the string in place
++ * Assumes mkdir(path) already failed, so it first creates the parent then
++ * full path again.
++ */
++static int
++mkdir_parent(char *path)
++{
++    char *slash;
++    int rc;
++
++    slash = strrchr(path, '/');
++    if (!slash)
++	return -1;
++
++    *slash = 0;
++    if (mkdir_check(path) < 0) {
++	if (errno != ENOENT) {
++	    *slash = '/';
++	    return -1;
++	}
++	if (mkdir_parent(path) < 0) {
++	    *slash = '/';
++	    return -1;
++	}
++    }
++    *slash = '/';
++
++    return mkdir_check(path);
++}
++
++/*
++ * mkdir_recursive - recursively create directory if it didn't exist
++ */
++int
++mkdir_recursive(const char *path)
++{
++    char *copy;
++    int rc;
++
++    // optimistically try on full path first to avoid allocation
++    if (mkdir_check(path) == 0)
++	return 0;
++
++    copy = strdup(path);
++    if (!copy)
++	return -1;
++
++    rc = mkdir_parent(copy);
++    free(copy);
++    return rc;
++}
++
+ /* Procedures for locking the serial device using a lock file. */
+ static char lock_file[MAXPATHLEN];
+ 
+--- /dev/null
++++ pppd/utils_utest.c
+@@ -0,0 +1,139 @@
++#include <fcntl.h>
++#include <string.h>
++#include <sys/stat.h>
++#include <unistd.h>
++
++#include "pppd-private.h"
++
++/* globals used in test.c... */
++int debug = 1;
++int error_count;
++int unsuccess;
++
++/* check if path exists and returns its type */
++static int
++file_type(char *path)
++{
++    struct stat statbuf;
++
++    if (stat(path, &statbuf) < 0)
++	return -1;
++
++    return statbuf.st_mode & S_IFMT;
++}
++
++int
++test_simple() {
++    if (mkdir_recursive("dir"))
++	return -1;
++
++    if (file_type("dir") != S_IFDIR)
++	return -1;
++
++    rmdir("dir");
++    return 0;
++}
++
++int
++test_recurse() {
++    if (mkdir_recursive("dir/subdir/subsubdir"))
++	return -1;
++
++    if (file_type("dir/subdir/subsubdir") != S_IFDIR)
++	return -1;
++
++    rmdir("dir/subdir/subsubdir");
++
++    /* try again with partial existence */
++    if (mkdir_recursive("dir/subdir/subsubdir"))
++	return -1;
++
++    if (file_type("dir/subdir/subsubdir") != S_IFDIR)
++	return -1;
++
++    rmdir("dir/subdir/subsubdir");
++    rmdir("dir/subdir");
++    rmdir("dir");
++    return 0;
++}
++
++int
++test_recurse_multislash() {
++    if (mkdir_recursive("dir/subdir///subsubdir"))
++	return -1;
++
++    if (file_type("dir/subdir/subsubdir") != S_IFDIR)
++	return -1;
++
++    rmdir("dir/subdir/subsubdir");
++    rmdir("dir/subdir");
++
++    /* try again with partial existence */
++    if (mkdir_recursive("dir/subdir/subsubdir///"))
++	return -1;
++
++    if (file_type("dir/subdir/subsubdir") != S_IFDIR)
++	return -1;
++
++    rmdir("dir/subdir/subsubdir");
++    rmdir("dir/subdir");
++    rmdir("dir");
++    return 0;
++}
++
++int
++test_parent_notdir() {
++    int fd = open("file", O_CREAT, 0600);
++    if (fd < 0)
++	return -1;
++    close(fd);
++
++    if (mkdir_recursive("file") == 0)
++	return -1;
++    if (mkdir_recursive("file/dir") == 0)
++	return -1;
++
++    unlink("file");
++    return 0;
++}
++
++int
++main()
++{
++    char *base_dir = strdup("/tmp/ppp_utils_utest.XXXXXX");
++    int failure = 0;
++
++    if (mkdtemp(base_dir) == NULL) {
++	printf("Could not create test directory, aborting\n");
++	return 1;
++    }
++
++    if (chdir(base_dir) < 0) {
++	printf("Could not enter newly created test dir, aborting\n");
++	return 1;
++    }
++
++    if (test_simple()) {
++	printf("Could not create simple directory\n");
++	failure++;
++    }
++
++    if (test_recurse()) {
++	printf("Could not create recursive directory\n");
++	failure++;
++    }
++
++    if (test_recurse_multislash()) {
++	printf("Could not create recursive directory with multiple slashes\n");
++	failure++;
++    }
++
++    if (test_parent_notdir()) {
++	printf("Creating over a file appeared to work?\n");
++	failure++;
++    }
++
++    rmdir(base_dir);
++    free(base_dir);
++    return failure;
++}
+--- pppd/tdb.c.orig
++++ pppd/tdb.c
+@@ -60,8 +60,11 @@
+ #include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <signal.h>
++
++#include "pppd-private.h"
+ #include "tdb.h"
+ #include "spinlock.h"
++#include "pathnames.h"
+ 
+ #define TDB_MAGIC_FOOD "TDB file\n"
+ #define TDB_VERSION (0x26011967 + 6)
+@@ -1728,7 +1731,12 @@ TDB_CONTEXT *tdb_open_ex(const char *nam
+ 		goto internal;
+ 	}
+ 
++again:
+ 	if ((tdb->fd = open(name, open_flags, mode)) == -1) {
++		if ((open_flags & O_CREAT) && errno == ENOENT &&
++			mkdir_recursive(PPP_PATH_VARRUN) == 0)
++			goto again;
++
+ 		TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
+ 			 name, strerror(errno)));
+ 		goto fail;	/* errno set by open(2) */
+--- pppd/Makefile.in.orig
++++ pppd/Makefile.in
+@@ -92,8 +92,8 @@ POST_UNINSTALL = :
+ build_triplet = @build@
+ host_triplet = @host@
+ sbin_PROGRAMS = pppd$(EXEEXT) $(am__EXEEXT_4)
+-check_PROGRAMS = utest_crypto$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2) \
+-	$(am__EXEEXT_3)
++check_PROGRAMS = utest_crypto$(EXEEXT) utest_utils$(EXEEXT) \
++	$(am__EXEEXT_1) $(am__EXEEXT_2) $(am__EXEEXT_3)
+ @WITH_SRP_TRUE@am__append_1 = srp-entry
+ @WITH_SRP_TRUE@am__append_2 = srp-entry.8
+ @PPP_WITH_SYSTEM_CA_PATH_TRUE@am__append_3 = -DSYSTEM_CA_PATH='"@SYSTEM_CA_PATH@"'
+@@ -258,6 +258,13 @@ utest_pppcrypt_LINK = $(LIBTOOL) $(AM_V_
+ 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ 	$(AM_CFLAGS) $(CFLAGS) $(utest_pppcrypt_LDFLAGS) $(LDFLAGS) -o \
+ 	$@
++am_utest_utils_OBJECTS = utest_utils-utils.$(OBJEXT) \
++	utest_utils-utils_utest.$(OBJEXT)
++utest_utils_OBJECTS = $(am_utest_utils_OBJECTS)
++utest_utils_LDADD = $(LDADD)
++utest_utils_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
++	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
++	$(utest_utils_LDFLAGS) $(LDFLAGS) -o $@
+ AM_V_P = $(am__v_P_@AM_V@)
+ am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+ am__v_P_0 = false
+@@ -300,7 +307,9 @@ am__depfiles_remade = ./$(DEPDIR)/libppp
+ 	./$(DEPDIR)/utest_crypto-crypto.Po \
+ 	./$(DEPDIR)/utest_peap-mppe.Po ./$(DEPDIR)/utest_peap-peap.Po \
+ 	./$(DEPDIR)/utest_peap-utils.Po \
+-	./$(DEPDIR)/utest_pppcrypt-crypto_ms.Po
++	./$(DEPDIR)/utest_pppcrypt-crypto_ms.Po \
++	./$(DEPDIR)/utest_utils-utils.Po \
++	./$(DEPDIR)/utest_utils-utils_utest.Po
+ am__mv = mv -f
+ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+@@ -323,11 +332,11 @@ am__v_CCLD_1 =
+ SOURCES = $(libppp_crypto_la_SOURCES) $(pppd_SOURCES) \
+ 	$(srp_entry_SOURCES) $(utest_chap_SOURCES) \
+ 	$(utest_crypto_SOURCES) $(utest_peap_SOURCES) \
+-	$(utest_pppcrypt_SOURCES)
++	$(utest_pppcrypt_SOURCES) $(utest_utils_SOURCES)
+ DIST_SOURCES = $(libppp_crypto_la_SOURCES) $(am__pppd_SOURCES_DIST) \
+ 	$(am__srp_entry_SOURCES_DIST) $(utest_chap_SOURCES) \
+ 	$(utest_crypto_SOURCES) $(utest_peap_SOURCES) \
+-	$(utest_pppcrypt_SOURCES)
++	$(utest_pppcrypt_SOURCES) $(utest_utils_SOURCES)
+ am__can_run_installinfo = \
+   case $$AM_UPDATE_INFO_DIR in \
+     n|no|NO) false;; \
+@@ -733,6 +742,9 @@ utest_crypto_LDFLAGS =
+ utest_pppcrypt_SOURCES = crypto_ms.c
+ utest_pppcrypt_CPPFLAGS = -DUNIT_TEST_MSCRYPTO
+ utest_pppcrypt_LDFLAGS = 
++utest_utils_SOURCES = utils.c utils_utest.c
++utest_utils_CPPFLAGS = -DUNIT_TEST
++utest_utils_LDFLAGS = 
+ pkgconfigdir = $(libdir)/pkgconfig
+ pkgconfig_DATA = pppd.pc
+ pppd_includedir = $(includedir)/pppd
+@@ -955,6 +967,10 @@ utest_pppcrypt$(EXEEXT): $(utest_pppcryp
+ 	@rm -f utest_pppcrypt$(EXEEXT)
+ 	$(AM_V_CCLD)$(utest_pppcrypt_LINK) $(utest_pppcrypt_OBJECTS) $(utest_pppcrypt_LDADD) $(LIBS)
+ 
++utest_utils$(EXEEXT): $(utest_utils_OBJECTS) $(utest_utils_DEPENDENCIES) $(EXTRA_utest_utils_DEPENDENCIES) 
++	@rm -f utest_utils$(EXEEXT)
++	$(AM_V_CCLD)$(utest_utils_LINK) $(utest_utils_OBJECTS) $(utest_utils_LDADD) $(LIBS)
++
+ mostlyclean-compile:
+ 	-rm -f *.$(OBJEXT)
+ 
+@@ -1006,6 +1022,8 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utest_peap-peap.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utest_peap-utils.Po@am__quote@ # am--include-marker
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utest_pppcrypt-crypto_ms.Po@am__quote@ # am--include-marker
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utest_utils-utils.Po@am__quote@ # am--include-marker
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utest_utils-utils_utest.Po@am__quote@ # am--include-marker
+ 
+ $(am__depfiles_remade):
+ 	@$(MKDIR_P) $(@D)
+@@ -1629,6 +1647,34 @@ utest_pppcrypt-crypto_ms.obj: crypto_ms.
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_pppcrypt_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o utest_pppcrypt-crypto_ms.obj `if test -f 'crypto_ms.c'; then $(CYGPATH_W) 'crypto_ms.c'; else $(CYGPATH_W) '$(srcdir)/crypto_ms.c'; fi`
+ 
++utest_utils-utils.o: utils.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT utest_utils-utils.o -MD -MP -MF $(DEPDIR)/utest_utils-utils.Tpo -c -o utest_utils-utils.o `test -f 'utils.c' || echo '$(srcdir)/'`utils.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/utest_utils-utils.Tpo $(DEPDIR)/utest_utils-utils.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utils.c' object='utest_utils-utils.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o utest_utils-utils.o `test -f 'utils.c' || echo '$(srcdir)/'`utils.c
++
++utest_utils-utils.obj: utils.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT utest_utils-utils.obj -MD -MP -MF $(DEPDIR)/utest_utils-utils.Tpo -c -o utest_utils-utils.obj `if test -f 'utils.c'; then $(CYGPATH_W) 'utils.c'; else $(CYGPATH_W) '$(srcdir)/utils.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/utest_utils-utils.Tpo $(DEPDIR)/utest_utils-utils.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utils.c' object='utest_utils-utils.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o utest_utils-utils.obj `if test -f 'utils.c'; then $(CYGPATH_W) 'utils.c'; else $(CYGPATH_W) '$(srcdir)/utils.c'; fi`
++
++utest_utils-utils_utest.o: utils_utest.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT utest_utils-utils_utest.o -MD -MP -MF $(DEPDIR)/utest_utils-utils_utest.Tpo -c -o utest_utils-utils_utest.o `test -f 'utils_utest.c' || echo '$(srcdir)/'`utils_utest.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/utest_utils-utils_utest.Tpo $(DEPDIR)/utest_utils-utils_utest.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utils_utest.c' object='utest_utils-utils_utest.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o utest_utils-utils_utest.o `test -f 'utils_utest.c' || echo '$(srcdir)/'`utils_utest.c
++
++utest_utils-utils_utest.obj: utils_utest.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT utest_utils-utils_utest.obj -MD -MP -MF $(DEPDIR)/utest_utils-utils_utest.Tpo -c -o utest_utils-utils_utest.obj `if test -f 'utils_utest.c'; then $(CYGPATH_W) 'utils_utest.c'; else $(CYGPATH_W) '$(srcdir)/utils_utest.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/utest_utils-utils_utest.Tpo $(DEPDIR)/utest_utils-utils_utest.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utils_utest.c' object='utest_utils-utils_utest.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(utest_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o utest_utils-utils_utest.obj `if test -f 'utils_utest.c'; then $(CYGPATH_W) 'utils_utest.c'; else $(CYGPATH_W) '$(srcdir)/utils_utest.c'; fi`
++
+ mostlyclean-libtool:
+ 	-rm -f *.lo
+ 
+@@ -1918,6 +1964,13 @@ utest_crypto.log: utest_crypto$(EXEEXT)
+ 	--log-file $$b.log --trs-file $$b.trs \
+ 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ 	"$$tst" $(AM_TESTS_FD_REDIRECT)
++utest_utils.log: utest_utils$(EXEEXT)
++	@p='utest_utils$(EXEEXT)'; \
++	b='utest_utils'; \
++	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
++	--log-file $$b.log --trs-file $$b.trs \
++	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
++	"$$tst" $(AM_TESTS_FD_REDIRECT)
+ utest_chap.log: utest_chap$(EXEEXT)
+ 	@p='utest_chap$(EXEEXT)'; \
+ 	b='utest_chap'; \
+@@ -2080,6 +2133,8 @@ distclean: distclean-am
+ 	-rm -f ./$(DEPDIR)/utest_peap-peap.Po
+ 	-rm -f ./$(DEPDIR)/utest_peap-utils.Po
+ 	-rm -f ./$(DEPDIR)/utest_pppcrypt-crypto_ms.Po
++	-rm -f ./$(DEPDIR)/utest_utils-utils.Po
++	-rm -f ./$(DEPDIR)/utest_utils-utils_utest.Po
+ 	-rm -f Makefile
+ distclean-am: clean-am distclean-compile distclean-generic \
+ 	distclean-hdr distclean-tags
+@@ -2171,6 +2226,8 @@ maintainer-clean: maintainer-clean-am
+ 	-rm -f ./$(DEPDIR)/utest_peap-peap.Po
+ 	-rm -f ./$(DEPDIR)/utest_peap-utils.Po
+ 	-rm -f ./$(DEPDIR)/utest_pppcrypt-crypto_ms.Po
++	-rm -f ./$(DEPDIR)/utest_utils-utils.Po
++	-rm -f ./$(DEPDIR)/utest_utils-utils_utest.Po
+ 	-rm -f Makefile
+ maintainer-clean-am: distclean-am maintainer-clean-generic
+ 

ppp-peers

@@ -0,0 +1,9 @@
+#
+# PPP (plain old modem) options
+#
+# Plugin passwordfd enables us to pipe the password to pppd, thus we
+# don't have to put it into pap-secrets and chap-secrets.
+#
+plugin passwordfd.so
+#
+noauth

ppp-pidfiles.patch

@@ -0,0 +1,34 @@
+From 091e69b4e612427eeb95410dbc73eff10ea5dadb Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Mon, 26 Jun 2023 01:17:16 -0400
+Subject: [PATCH] Ensure there is a '/' between PPP_PATH_VARRUN and the PID
+ filename (#427)
+
+Bug: https://bugs.gentoo.org/907311
+
+Fixes: 66a8c74c3f73 ("Let ./configure control the paths for pppd", 2022-07-30)
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+---
+ pppd/main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- pppd/main.c.orig
++++ pppd/main.c
+@@ -888,7 +888,7 @@ create_pidfile(int pid)
+ {
+     FILE *pidfile;
+ 
+-    slprintf(pidfilename, sizeof(pidfilename), "%s%s.pid",
++    slprintf(pidfilename, sizeof(pidfilename), "%s/%s.pid",
+ 	     PPP_PATH_VARRUN, ifname);
+     if ((pidfile = fopen(pidfilename, "w")) != NULL) {
+ 	fprintf(pidfile, "%d\n", pid);
+@@ -907,7 +907,7 @@ create_linkpidfile(int pid)
+     if (linkname[0] == 0)
+ 	return;
+     ppp_script_setenv("LINKNAME", linkname, 1);
+-    slprintf(linkpidfile, sizeof(linkpidfile), "%sppp-%s.pid",
++    slprintf(linkpidfile, sizeof(linkpidfile), "%s/ppp-%s.pid",
+ 	     PPP_PATH_VARRUN, linkname);
+     if ((pidfile = fopen(linkpidfile, "w")) != NULL) {
+ 	fprintf(pidfile, "%d\n", pid);

ppp-smpppd.patch

@@ -0,0 +1,13 @@
+--- pppd/main.c.orig
++++ pppd/main.c
+@@ -1995,8 +1995,8 @@ forget_child(int pid, int status)
+     if (WIFSIGNALED(status)) {
+         warn("Child process %s (pid %d) terminated with signal %d",
+ 	     (chp? chp->prog: "??"), pid, WTERMSIG(status));
+-    } else if (debug)
+-        dbglog("Script %s finished (pid %d), status = 0x%x",
++    } else
++        info("Script %s finished (pid %d), status = 0x%x",
+ 	       (chp? chp->prog: "??"), pid,
+ 	       WIFEXITED(status) ? WEXITSTATUS(status) : status);
+     if (chp && chp->done)

ppp-var_run_resolv_conf.patch

@@ -0,0 +1,74 @@
+Tue Jul 22 14:16:29 CEST 2008 - hvogel@suse.de
+
+Move the resolv.conf written by pppd to /var/run [bnc#401648]
+
+
+--- Changes-2.3.orig
++++ Changes-2.3
+@@ -262,10 +262,10 @@ What was new in ppp-2.3.6.
+ 
+ * Added new option `usepeerdns', thanks to Nick Walker
+   <nickwalker@email.com>.  If the peer supplies DNS addresses, these
+-  will be written to /etc/ppp/resolv.conf.  The ip-up script can then
+-  be used to add these addresses to /etc/resolv.conf if desired (see
+-  the ip-up.local.add and ip-down.local.add files in the scripts
+-  directory).
++  will be written to /run/ppp_resolv.conf.$INTERFACE_NAME.
++  The ip-up script can then be used to add these addresses to
++  /etc/resolv.conf if desired (see the ip-up.local.add and
++  ip-down.local.add files in the scripts directory).
+ 
+ * The Solaris ppp driver should now work correctly on SMP systems.
+ 
+--- pppd/ipcp.c.orig
++++ pppd/ipcp.c
+@@ -2155,13 +2155,16 @@ static void
+ create_resolv(u_int32_t peerdns1, u_int32_t peerdns2)
+ {
+     FILE *f;
++    char rcfilename[PATH_MAX];
+ 
+     if (noresolvconf)
+ 	return;
+ 
+-    f = fopen(PPP_PATH_RESOLV, "w");
++    slprintf(rcfilename, sizeof(rcfilename), "%s.%s", PPP_PATH_RESOLV, ifname);
++    
++    f = fopen(rcfilename, "w");
+     if (f == NULL) {
+-	error("Failed to create %s: %m", PPP_PATH_RESOLV);
++	error("Failed to create %s: %m", rcfilename);
+ 	return;
+     }
+ 
+@@ -2172,7 +2175,7 @@ create_resolv(u_int32_t peerdns1, u_int3
+ 	fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2));
+ 
+     if (ferror(f))
+-	error("Write failed to %s: %m", PPP_PATH_RESOLV);
++	error("Write failed to %s: %m", rcfilename);
+ 
+     fclose(f);
+ }
+--- pppd/pathnames.h.orig
++++ pppd/pathnames.h
+@@ -105,7 +105,7 @@
+ #define PPP_PATH_AUTHDOWN       PPP_PATH_CONFDIR "/auth-down"
+ #define PPP_PATH_TTYOPT         PPP_PATH_CONFDIR "/options."
+ #define PPP_PATH_PEERFILES      PPP_PATH_CONFDIR "/peers/"
+-#define PPP_PATH_RESOLV         PPP_PATH_CONFDIR "/resolv.conf"
++#define PPP_PATH_RESOLV         PPP_PATH_VARRUN  "/ppp/resolv.conf"
+ 
+ #define PPP_PATH_NET_INIT	PPP_PATH_CONFDIR "/net-init"
+ #define PPP_PATH_NET_PREUP	PPP_PATH_CONFDIR "/net-pre-up"
+--- pppd/pppd.8.orig
++++ pppd/pppd.8
+@@ -1199,7 +1199,7 @@ Ask the peer for up to 2 DNS server addr
+ by the peer (if any) are passed to the /etc/ppp/ip\-up script in the
+ environment variables DNS1 and DNS2, and the environment variable
+ USEPEERDNS will be set to 1.  In addition, pppd will create an
+-/etc/ppp/resolv.conf file containing one or two nameserver lines with
++/run/ppp/resolv.conf.$INTERFACE file containing one or two nameserver lines with
+ the address(es) supplied by the peer (unless the \fInoresolvconf\fR
+ option is given).
+ .TP

ppp.keyring

@@ -0,0 +1,157 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.1.6
+Comment: Hostname: sks.pod02.fleetstreetops.com
+
+mQINBE6U9CMBEADlOHAMjZEsRW0/0kNcckRWRbW5J29rhPM7N0cgSC2NcJEcPYDT/yoNsv8g
+bzhGCACSvYDMscTdifon7o9JZyOxoUcn+AaFMyNCuZRcvmZNsHcKfB82dkmSniM+nCwC6Oqv
+4av5XyeRz9k5o06Gno6k8nio0zX5ZIdHjtHTxB8mvur7tNkkUiDvl++VXk8txsJNKLNti3Eq
+RTaHHG9Uu+bx4j1HuDyqh5+RAWoVClAc9OaiaPxQw44p1meWPLcR/E4ClEUvzN/L03AKFj2K
+d85HuYc5zoqP4GsfnDwvqMKZZvNP7Ohq9hw3rtweoFrU476umQ+XYyBhEtY7ktP6jVbipZpS
+4UoF49/ZZHx/pA+8VzMUWf5OwgGUxHYHWdeR7ffgsWKBM2+EZlfmAEzLWMC5FEvpvQkdAgy+
+QsZWE+Hvom4IueBxEiimcL2DjIfIx0HcVsMObM82/w35p3ymYHM+WuKuqq8eXNgx6uAMnGYP
+vVXrp/1DxCMog+aaZslPhgKelF31Oh4S7IIeG/YRRsQaxiFl2M01+uhpNOGoLhW08H6Y3irw
+Jz5x8WACDaA9adZN6qJB1LI1QnxUxan4ZUqPoCuUuwn8uqBet7OU8Z8u3VEMs9EMW477wjkR
+qZedIopUJRgQnnlUYTPPY235gn/UNSy6X27o33vWngt3A5JLLQARAQABtCFQYXVsIE1hY2tl
+cnJhcyA8cGF1bHVzQHNhbWJhLm9yZz6JARwEEAECAAYFAlJnvJYACgkQeb4+QwBBGIYwYQf/
+S57+Z6KAE05MEstwQbRx7GsoJpGYj3I8vOiU7NmUgbU/CEi3Tmu/N4AJ+5r+cmeebFgFoL2Y
+3AFCtrDVOn9+DqHM0PzdpFU4H/c+3+LJF5MafmdV0hXCOU15dJvTOvPcs7dy2wQNc3oV6TMs
+F6LkBbr2e0UMRNSTpfQ/ypG5eoc4WjWO+syAaHWceKvHSaLv/bRbdFxoj7Ctwb5ImntTo/tA
+GGbcbICVA1qAfliq8YqflByARdV9vHhLODlCHTLa5NVZMvldkjyxdYYrvS0cfe620vtBzegs
+0BbLj6nUG6I9tN/tfOvog3cjfLKBdhAyNk3q+eF5TDOm1fj4P7touokCHAQQAQIABgUCUmkn
+xQAKCRCevxLzctn7jN40D/9WMKOUAZlTd6leCjOYc17uRvyqf0BmF3I3vLfHy1FLqec1y5pf
+NB/qjzKiSNwricvHtq1W+6lNP00Q3zDLPRA8XdEoEEKU7nnHqXN72Nu4fUM8jH48Zzk5aWU8
+dLuOQmiT8HglaPSCqziU3wkWz5Wvn77OOccw3v3iHgMgJE7k6YQ74JQURSWX7qJOlJ23vxay
+H7rh9Yj71CShZaW6WYm/+H8RqDdCpB8NU7W9zSdxE14+BpTrpu7iubN9Ouh0EYutqRom4DcO
+PzwNPEGqkIIDY7aXMdkVeXHHt7bt9hTMwd2+45bNLC0TpyIwenF16cEU/NleFeqBRe4IbAod
+/tVFWYRdG0h4MvZWLj503vV7QG0O/+LTJbXNk+y7JHDez9xLKUUUydLx5cIeKnVFQHwyH15y
+DpXhysi3xx4AbL4m+72zoCoKbDD9fw5wNTGwbvTIZrFPKtIffY2BMjc/kLv+8P6aLaS0BUad
+0nb9p6Na+3Ui4zJHiPIhAu0k/7nd6GRyR0wyv0FF0L8Em8cYRLu29u/oBv8hkEOUOPmRX8dJ
++IAFIpVQvT/8OCWQe2TzQlWPpd6yNsGGVoARQq9g5koAg9zjKegXYXB5bZ30N+aE78vPVOp5
+NbH2/ZYNfOywzToVbUW47UC9Qw1Vt10a56nvFsVBdOUKMTpc5DYE3tuT/YkCIAQQAQIACgUC
+TpT0tgMFAXgACgkQnkKV1gX2bOkn1A/8Cr6FdKkwBhQLI2TeNlU78uV3pChLBu9id8bCAIZX
+mlrXjYPwY+qOva1CEAQ7+2pbnLqVoFvnjzqh9kwh5hloF+Y9OyZg6cPRbES6DIvKdb04K+Zy
+FHAUlwgxWH1UKNugi9Ts6RWYxBKkhD1as30RqsGw87ChA8l5gVd4JkO9yyRn9QujzpUhniAU
+TvocYKQgBHXba/aBVppDo7XcEnQwtrpSI9+QwIyiwKsiE4zt4wdyE82g1cX3Jgtfvg8e8mij
+KNoDMCXzsFutd7rcON42+2IjeA6RnqRlbkP1Trnf5UGuncVL06XTADiArxkeP7jvwi+x9fX1
+8slRlZGHs8rEx6GCgy8MGYPAj+iljGNKI7ncjcyUjXVy7J9g4SDlHb4dUvihreWo96N7aKcu
+RxdoXei15xHdI8XWOfLrD87ZkirNzSWjNkZJBStncDf5N3v05glaEF1iGtBuL8dmOSZZAXA7
+frsARfBdiUnjsCK+hhCx5kVp1MZOxAyJ7OdspE4bnpGFBXBKD4NJBUXnzzCKQPQdIXHPpZhM
+mXTcxCqu88YYnQcsOj8cLNtd1NsBocE2ldtZCmJFUoKRkLXOWGDQAN2AsOmbB71h0IMgG6IZ
+zuy8ac+cZnXB1uHzclJS53p+C7v9Ndqayhjh8C2twCOeLYe53+0g/f2ImB+QfSfMeC2JAiAE
+EwEIAAoFAk/armUDBQE8AAoJEFrSQhHAYNHId/oP/jhCwPWzOlrIx2hHkHbqg1gOFnuIF+pE
+zIPUvwKKk0yRJqU5dKGj+KZQMsnsfvEbltdcdqhLXIXXYkyWneHEm1kqdkB3/rifTIopZo1z
+eQa4VHHCc2TzO9chAcyMAHlSXf/1nWgHgiP3RuvqdIb4tfdeS0niyVyc1kOhiNCRsKEGsKOG
+PnTTzDxnDRYkgQgTXPjbggD/ymHs2rfVF8xjCgLMNlVTrurLSBr7SpwOGJx8xfnnoRH+8mpA
+2MrZNdJboSz/kF1GpQXc7sXz/4kjyFFR7c8ckQnneWKoVpRo/Cbs12li1ZSfZbyZr8RVNtPb
+k7atyiQExl5nqRjmz+RvA8/zL7LwlL5YPlRRPbU2KGdYzFiZzG+BG+2FPLso1Ohob+ONwLHk
+tRmnv72Hj3yUK70VJKLVUckeYIwd7Il7ua1cgr21RkyFKJxWuiGxpKtusuJAkPFaj4ByLnGC
+94t3yGx9s43wbUv3FxXU45sqC1MgQLzOaKlEFWQW2ZPneca7W4dmqGQR/ejmiGcBSh8YJKxK
+TJ3X9xHQrgo71XBU57C0kk+Yutv+3QDHOiOZl45CJgaPiTvTYatHk8TQy3KVgMn5xmPK+2+O
+/+Cfc81hBvQnBNRyzsSRNCb04CDDS8e/hNehGz3zEHPwp8NxHWKHQjy4WulNprNXsdr6ckCa
+oMpBiQI4BBMBAgAiAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCWgKLYgAKCRAEDx1J
+7J27jATxD/93PpJ7yDVxpBYH+zTnU4ffFdDPSZLNJY4JaoFaz2tBiKvp548Qf3tZHd9v39x+
+gY15iRph7+2P5sx5w+ov4akztkD209adkzcmlv9fRPjOcJfwRX8JLF7vGrIiWxqvfd7C7N0g
+vGPizpb9o2LoF5L4g2XEJWXDw9/t1w/o0IfCXIuqg4eHJMC/dZKh37LpVpa70TqmeB6uSeG3
+pHJ3tNVo+/pn/ZfqBUaL2cvhf0hfWM+1SXLmkXaF15TESLc+HD0/KGvaohcldY3zz6/wKPsF
+z2lj6fQ72i5vh3u+YP6Lm50u3W4MpfyNOhwI5TUQM96MWUSLhOW5PUhEBC3wcXpa6ZhzX42+
+IVRbouPy9ZLbmKirQoqjgQ+Ax7YmajAzNA+O1wRNPN89vyrRU/dLs11eekc/C6ipMMvpOWFA
+/V4FDSnKA9Z6QImkeWCRSw5jQjZDoKonTEV4E0acya7PSrE+opz+vqOwAJAnrpZfdRf1mOoh
+5QBphNqDBGujxtXswGfy9F9EfSRcaHBw80qpP6lEMOF0HtgI9i0OE6uoYtdCRPLkhq6lJDaO
+L8dhOEevsr8sRzH79T5A0fNbfm8p7TEzR++azPgalqeLnD+ttk3gD5Xzxvfkqzw14+90zbPK
+kKYEoiUvGNrXIp439jkQ66OxrWeoVIqGjVS93LE7XzmiTYkCPgQTAQIAKAUCTpT0IwIbAwUJ
+BaOagAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQBA8dSeydu4yFOhAAkP7PBxDyF+27
+FDR933leTtMF9cYwBstr+bgcGJxG3qBRjxBeqts76ibxBQoRYlVR4rdBG0L93ELZSOGyvDHF
+7UM01K5dbp4wZpOKg4CALiUiv3SZVwCGfX65lSesKgtuREBj5FyhyAdcSdqDp0hh8hplU/OK
+txetExmrWSdkBIZ2y/grpgEYBEoKw1RZEuksTolRXiHuQxzpO+JZp/+wU+qF11hYJ+P+fBS/
+KYXPGQKaXPXuwimZJAaeh6vifWVfRG4QGE2W/UZipnWaWXOvIkNcT70+hbB6K8VG/mUCZXNx
+Ir+2/qamrpSrt1zPNQzlMCPMlarVjgzPsw0McZXShis+SBGi/SyqDaYatimntJKyi7MRoySy
+nvYW7DC0MjwlM/3Sn9IETWaYPLdUqTjgz6QvD+pSnYi8U3XXbjqKuDwQAutVBQHfZZf48e4T
+BtetWDkqBjjKP/9Ul3q07jY/ApsPEH6AM/w6iayQYA/UIdJISEwIUtFysiBY4tghZePGZkJ+
+WqEwMlt6X95Trc70DaSxWQ2Kq/AyWyJalvqY/SdjDGRZgotjNhFxOA1TC4kh7YAQXY/nPI69
+wqvVMorWw9dZ3snoqj9QRJTXKWoXVIdp3ZX2Jmo1SfZK1FUOreO1Q0YYIFp5Z7g18zo8iRuo
+++95jcfWn0vwKWtX9n/LsZu0IlBhdWwgTWFja2VycmFzIDxwYXVsdXNAb3psYWJzLm9yZz6J
+AiAEEAECAAoFAloCjeoDBQJ4AAoJEJ5CldYF9mzp2AEP/RCyin/5ku57CgScj6hOGiwITPQa
+vyESGBQojk+BtbgLe3COMM9H2lX4qiAzV5o7QiQX6t1IM8WaiErUV7gLB5bbmQUPswac71wM
+v0t2VsMCzLTxvS24/LTv3eAcIFOmjgvcYnRiZG4+0L3bxikFxpY+rL6/sDxSuR97jI6uOkii
+Ydpql0ZvF2fZ3Y8B+6HtVmdmihXtgKHDQetbE/G0RDYfS98kDj+un2vWUmvrsM4JlNnV94CJ
+LeXEmUTRiTaLMR0AsBDsdZWI0KCBVgaAxdZWtScTrmfe6sSFDZDhhaVVBA3foCaI/WTmAJFP
+4Ez3aavQ6gZZUg1Q1KtxJFPU/jNNo+94LFEIiYyUG445Q/Ym2JI3OLn3OIjCDYt/rEIZnfaW
+2S0Oj6DxkHlPRAfvakq/90nGpHm19GXq2jl7ZXILk+IgsS/E0M/BO4BkTG7l8Fe3R0R7g2Nn
+ksTYRNmbm0DJuKDEjmvMLnTaVI+FoHWHFM7h+XQct/UjYuQQRS55tqk1ykuoeEfSUnBsoZg+
+txJk9KU694gq6ij/qhDWySrLn6TcgM58iK7/bGjrNOYnR5dMT57nCvk1AA+RmQtAILPEB6s8
+ma0Jjdn5B+Qzkl9lSsJxIRSF0B0vi6ZMP4rP2LNz3jvo71bYj1+fD4+tjmUk0AbgogFGDLvo
+xed2WLbZiQIzBBMBCAAdFiEE1Byj7VswJ1z1oBsFWtJCEcBg0cgFAlq7FWcACgkQWtJCEcBg
+0chISA/9HX9kkW3VXZbGBT4KSYojbFOBN7JiAyd9ENCVd7346cOxBuxe0bvQkaYFdJ9++koi
+YaeNwxSdgUQoZCLX1V69FbEfIxUyyRkIufVkyPI0CFknIs7K4t5IMEpQ3+y88VymNYqAYUM8
+sa3KKx1MAhK6TVWMOiJa7ePVU4y5CByAnyswqvAxjYd22Dlq8tYU2a01lvRFrGTa8w2IDVVj
+y5thBrQfQV39UQLNcJ1NDHeX9CovK55Uj6Pq0E71eK03zqxxHsKOFV+bXlBwT/l5SB6WXW46
+n33SpZLvFyIfXJgesNpDRSdJ9gnwq5F+dttX97cJNjqMSiKvbDQc8/HPaENddsg8IDAXfv3P
+/iIc146NKZ4M3E1LcFjN8lmL2YT2O65SYaTJcZ3YnAHZ4RVOoUCgnhZlv0w25ovWWOsvxOO9
+aBmdjGf/AToh6pC7NSp2Z9Ko1b0Tmkc7qhDz8hiXBZmtu72bME4jbHgSpMGAJr+lAPTA/slu
+j/K1mAXqvQ5a536e1lYS/PF4ZvVoNLc+1z6woKaYa6lr0ahSsF9vK0Z6bZ7G/0kLyiOfO+nS
+hvnpTjqORNT7INHfkxNQcpFzr2A/fFrnQB0ZP4dY27N7r//SRe6+tJwdUZL98MEAg01TPgzs
+eAM/mIygFifS64F/nGy7vk7s+7Tm0ECaoRSYjiM25N+JAjgEEwECACIFAloCjcgCGwMGCwkI
+BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAQPHUnsnbuMR94P/iYl4dB63Rlqv9dxUpEyTQ8e
+P2J+crYTrYjS2WhPIkUW5R5Ua4CUiUYqUAf5M30hsvuV6/BoHxATQttzFtxm7QfWxijwJ84V
+SpINvmtOLmgSYj77Ab+tJHXQTLoh7235Se8sZg357oCTCz/tQPVp2jIGS1OTD1antY3/PhAY
+nHvGK5cV0R8Tj1FyGeHavX3Z7AclmffCSf5Grni/6YMJA6+keGApZSSQriJtpeUtVkgYuFoT
+bHkwIPZSGv88jrfPYzVTqrYtmXAWVCFSq8guSt3x+aE9NOf9u8c+PB6S5MstpTJsJlCa7x+y
+UCFcZ4pJekphCxf7JYwsVtAbqjkPKVVfvLWNwsBRSc5uP/z84ux4iC44VMEowrZSybbyOKWp
+xc3ofCfTc8nnEC67yfZCFCNvTuJCIaXa4L7+MvkCZ1WwoARePgQprtvk3cK4kcMQpXrRQW03
++F1TkgSa4tJ/hn+st46aUGAoWUGFPcES71ISAy2Thcx5UcZkem47OAAE+BVVcpiljZH+0dnt
+geCHn9FBI17rUE2yg6dmCyJ5AEQ7RaCeLmdBu+XTFLFx7a+RYm3B77uAU2N8AeGT0Y/NUlzC
+Bfxy+bUb/I6LdkrXK2H5CD/mevY+tPagXkYedyjhM2VFpef0/QZjkTWTLwVaz/u385HQ8Kg8
+evUNGnCZlfFXuQENBFoCjTMBCADooRUk5FTc5nL7Kc4g+qzJTlkogU7Mg74xk/vwAkPhjOHu
+LNAUrcTwNPTwLND9nzfmWWctI+9deYbdue/16HjMN4+81DwfyObBJxrFzTfEpRvA0QmF2Sp/
+m8LCmf+lIrAn8p8abAe9g6gPP3TzL8Ic6kEzr+R0aWUaTyIJcaNoARjdaXTCPswDH/dJump6
+6xDT9EQD4n0aygZmHjnqIbbazpILLDWPEYY1wh4wmwpOCfG4cAY5F6ZeM4yMDzuuw+iSBDXG
+ATSbE+apdP1B4TcUTilNSzIN/xJzfc0hdbsxPkdaearDbZHs9bJIy2qYgsjEJkARcoguTUu2
+w1BCzXp7ABEBAAGJAz4EGAECAAkFAloCjTMCGwIBKQkQBA8dSeydu4zAXSAEGQECAAYFAloC
+jTMACgkQnZrqdyxjcZ93IQf/cIGz0nxb7KwlEmRbFkURxfZk8wlAIWFC2l9aSd2f7kkAkKQx
+tqjbwGVlOMAJCH1JTK+DMrVXxvlybpZ+DqwcNucSg9Dpbva/5Mp/6APfeh8+cV3iCi//GmvV
+saYkBiQ7nFN94bXFlsB2x/l21MzSwgz6g+evmfnV/62oz0eH+MqLslZflszN+GNnUvNTWykJ
+a4SqLMlD3+evEvo0OlTgHBneV7tVoNRLCVOl447kV7vZaEO3ac/WNkMSB6ATYo7ncLgQjlPt
+Uxobm22OArEugeZcF6PD+VpMjmeicOsdWYDRGYdTMK5bMvlBSIyLYQnhSWLMxdiL/EnL8zhF
+JjRB6zr9D/92agQjOOI299UP8TYyOwVumBJWTS+21vLGCIsBzoWl0+F6aIxJkFKdsErh1uxh
+w1c/+6rpiFekQQw/H9sq2Y791Vou0l9IrWjGg9B84vqcvRvf7H+dYIZZ0MNHv3exfY9B2WNS
+atmXAYE6Nmzl2d1wTURLm0zaBZwrB0M0V2zAIRG5VX4KikKJDyUxhlvxyuct6b4uKE8LK5MM
+Q7qQFmaIOntOId3wK3rUBfvtuX5k758XrXT9tU/kim7bO6EJ7213xbBnxouEzMBsJMcxYnyD
+wKNcEX6e//1e6eriB2/q/7V8Yk5x8f1I4kqNDFj7e7snBpfD+rjJGYTWXpfl+sEojepNPseA
+Usg26lK1qI345/mNR+mDjE01YWIGfk996C1c2jMdwTjkQLxUMpdt8z6iYNX6uG/PLOSSAiKO
+uX2t92VBOpWWfb15mJvv4s5tE7d32ApsE0kYv2cPWp1P3ud4myRfL7ILRVK2geBM53uJuD8K
+S18vkmCh5KKInE5cex+azOEv5z+s6mskG3X/72LqMq1e9Z9p9I2szaP+sposYZOyhZbww2IT
+1C2N/XqW4fFlqysMY3LhU8IKugk98cwvpkDd+JAXR7CnXANsbvU48yT6ulqCb5MvSnB6C+KF
+k4nia8GhRgZk4hSdA0weG83A8lNUl18N8rB8bFNKxYOwl7kCDQROlPQjARAA1TGT4F0VqvmU
+7tKxxhSmaIQPhr8dF/SmM36duFUUHFispChuujLVb/JcCDvnuLPi/vDcH9S1oZ6ZNs5pWP6a
+ATJlyQv1LuNlzw7RDn4krWCruC9lf3rUZfSHmI98mnwKz2lU4HuVqh4cacq+Dl2bTbHOvbyE
+rzkdISPsWhXZcHzrHxOafkaiJhAMh+3RnFi5pzKq7YP6SXud4z+iF98pAGc7fbpyMpM0U0q2
+Js5BugYfo2BaXo5x3EOld3fgNkZfxxSQ+qr6USRr0X2MerI+TT+QbbmYEqI9fY9xx5ofAM4P
+vIKxhIUNgEFDXL3y1KFw9IaX2FiDMfyjYf7JN6bxtTYeALK1wGirCgEl2Vslx/8EBEs5ZvWm
+szg3+/SrE076Pj/kGHza/NTy25/zrkC4izqr+k/ieL/23mj/zf2nusk/cDBvRxmjteon+IDZ
+RNT/7ZDdUI/JEx8vfSOPrVxlQGi+hGVMJcAyDMMOle7BZHjDkooZ0uZi88X0Bhr0fOXhhLCM
+p/I2e5FV5eEWebO4Oyrom2OxPTdm+ZKz2iWdtZqM8XtVAz/bizuMdPnAGjEK8k5XkbXgJ6n3
+K7vg7MuTN5bMy8cq1boRZ29/v8jv1LdoMkeIrOrBx7aGTOaWq31dmMguGV+Nn0pQ86UZxJgE
+cpt4Z8ucJ1yIU1tbfK7u280AEQEAAYkCHwQYAQIACQIbDAUCWgKLqQAKCRAEDx1J7J27jCN+
+EACO1ypZQ+JIajDyXAKAQ4aawJNV50ywJGSrNa6CdP8iDnA4LhUGEdg8QLBdhu5XaB//hLtz
+AVarEbtiSGHflUu352kANtUjj39AWK2088K6gRmwRpn3lABD6oBrx09jRZ/jG+KqswRWOjht
+m2O+dIzBW2ihDBajvHIXL1Nv7qGw5dlg9vP+l95PE7cYZUP8c50cnLZY2Y31nOkModj/diWK
+lMc1pge93TJEsSsfNctngqQP1L9IM1slqBzZZgtRSFaXkRU45lBPzEE9AN8St2PV1Dp7a7Zv
+VXu7JgCbSKvV3j2Gf7xLSj5m+spCG3B2glrybRIHP97psMMzHS4QmblLynNa0Hszx8eTStDP
+Jd6IhSGvFebwWHCHF3jj/nCXj2ePqcAMPJexz321+H/h0fKSJGdpa1bURIR+wkvjDllW7ehD
+xndxj7MuyDAbwSdb4bxqZw2hu/V6HxhBeIUGKz4LvrNyCSpdn2qF2i4pYRJuBCWfa3EMLhmz
+xsvwP4blstQjbJMFqRqZIoww3zYxbbIlT5VqNuwyRKlucsdzYDoi+i6+1Uooh6cp1D68Ogyu
+9dZ2hcb+mLUlcbLuWB8rtZRsYcB0fAzya90l/FPSaErv0qsnQedyTRwT63n2DjPJvCER/BYc
+2a6VdgvUNvL3/OFOw1hrBtnF4yca7Z1x64+qV4kCJQQYAQIADwUCTpT0IwIbDAUJBaOagAAK
+CRAEDx1J7J27jHMvD/9lR0h+Y6D5IyjVczbVqZP01nUekJ3Ii3UckW4Y/QalQLtv8q903dYb
+HAKey3nzLQF1h2KfeGKoSOQeDzxbUDxxQPcB6y2AYpgy3rHQ+19CBzgsvlyWcuDhVuT3/olk
+zm5/5w6lFShhU68s6tlMUxfP8bYYqGmyRBrDS5Jg44otOH7gisqbhAb5bpb48loaKwOYVAvw
+l2VdcG3+JK/k8JBKStESB0njIyrW1qxJdftNdHS2Ts5aoSBa+ZOPiyIqAa4VW6uJ9xOSFGdW
+B4rnGfB7h/VlsKvsLPtQy7D8lajN07RDYTel6vWK31/4ub/BUKjRdbfLaSi1FFBjo5DGWJoo
+ZQDUARaxDGQixCcNuIYoF4Xu+8ZNbzRo7wBgmQTWeFxKPJYnmIL/ECgvvZNuDhMQq41nlE42
+FjAY6h7OYIKOEB6xyaTXdNMxR0Nnr/ce6l83OyGJDpujFJAJB+nAgd0pv+RrHqzbdlhq57y2
+mtD+451i1EhsrN8RXwmB7gdrJelEc65b87BL2idoqtLDGNX4lipps5saiJK954FdGzr+5BRd
+ihsTKNHc074oaGFgYe/puE/nbQ31JKN8Pzo97fVYc2nYKnWUMCEYp4YgspwZd9Jm3a1Aw1WK
+NkSoM6+BtqWOLSp7mBCCGGsV0OwXfdqlBGcv2KVfvNLcg18mY4sniQ==
+=lvBd
+-----END PGP PUBLIC KEY BLOCK-----
+

ppp.pamd

@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth     required       pam_nologin.so
+auth	 include	common-auth
+account  include 	common-account
+password include	common-password
+session  optional	pam_keyinit.so revoke
+session	 include	common-session

ppp.spec

@@ -0,0 +1,200 @@
+#
+# spec file for package ppp
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define _group dialout
+Name:           ppp
+Version:        2.5.2
+Release:        0
+Summary:        The Point to Point Protocol for Linux
+License:        BSD-3-Clause AND LGPL-2.1-or-later AND GPL-2.0-or-later
+Group:          Productivity/Networking/PPP
+URL:            https://ppp.samba.org
+Source0:        https://download.samba.org/pub/ppp/ppp-%{version}.tar.gz
+Source1:        https://download.samba.org/pub/ppp/ppp-%{version}.tar.gz.asc
+# templates for secrets
+Source2:        pap-secrets.template
+Source3:        chap-secrets.template
+# config for pam
+Source4:        ppp.pamd
+# options and filters files
+Source5:        options
+Source6:        filters
+# several peers file
+Source7:        modem-peers
+Source8:        pppoe-peers
+Source9:        pppoe-rp-peers
+Source11:       ppp-peers
+Source12:       pptp-peers
+# modem files
+Source14:       modem.chat
+Source15:       modem@.service
+Source16:       modem.rules
+# https://www.kernel.org/doc/wot/paulus.html
+Source17:       %{name}.keyring
+# PATCH-FEATURE-OPENSUSE ppp-smpppd.patch -- Add more log output for smpppd (move from debug to info log)
+Patch0:         ppp-smpppd.patch
+# PATCH-FIX-UPSTREAM ppp-var_run_resolv_conf.patch -- Move resolv.conf to /var/run
+Patch3:         ppp-var_run_resolv_conf.patch
+# PATCH-FIX-UPSTREAM ppp-fork-fix.patch -- fix safe_fork to not close needed file descriptors
+Patch5:         ppp-fork-fix.patch
+# misc tiny stuff
+Patch6:         ppp-misc.patch
+
+# Of cause any other compatible libc would work, like musl, but 2.24 required for SOL_NETLINK
+BuildRequires:  glibc-devel >= 2.24
+BuildRequires:  libpcap-devel
+BuildRequires:  openssl-devel
+BuildRequires:  pam-devel
+BuildRequires:  pkgconfig(libsystemd)
+Requires:       group(%{_group})
+Requires(pre):  group(%{_group})
+
+%description
+The ppp package contains the PPP (Point-to-Point Protocol) daemon,
+pppd, additional PPP utilities, documentation, and sample files. PPP
+provides a method for transmitting IP and IPX datagrams over serial
+point-to-point links, for example over a modem. The PPP daemon handles
+the details of setting up a PPP link including configuring the network
+interface and performing the PPP negotiations.
+
+%package devel
+Summary:        Header Files Required for Developing Plugins for pppd
+Group:          Development/Libraries/C and C++
+Requires:       ppp = %{version}
+
+%description devel
+The package ppp-devel contains C header files required for developing
+plugins for the pppd.
+
+%package modem
+Summary:        Automatic redial for any USB modem supported by the kernel
+Group:          System/Kernel
+Requires:       ppp
+Requires:       udev
+Requires:       group(dialout)
+BuildArch:      noarch
+
+%description modem
+This package contains peer, chat script, systemd unit and udev rule for
+automatic redial when connecting any USB modem supported by the kernel.
+For disable automatic redial (by default enabled for all), run
+sudo systemctl mask modem@0.service
+For enable again automatic redial, run
+sudo systemctl unmask modem@0.service
+"0" after "@" is the serial number of the modem, if you have more than one,
+you can disable unnecessary or disable everything.
+
+%prep
+%autosetup -p0
+
+find scripts -type f | xargs chmod a-x
+find -type f -name '*.orig' | xargs rm -f
+
+%build
+%configure \
+	--with-runtime-dir=%_rundir/ppp/ \
+	--enable-cbcp \
+	--with-pam \
+	--enable-multilink \
+	--enable-systemd
+%make_build
+
+#CHAPMS=y CBCP=y HAS_SHADOW=y USE_PAM=y FILTER=y HAVE_INET6=y HAVE_LOGWTMP=y
+
+%install
+make install DESTDIR=%{buildroot}
+for f in %{buildroot}%{_sysconfdir}/ppp/*.example; do
+    mv $f ${f%.example}
+done
+install -dm 750 %{buildroot}%{_sysconfdir}/ppp
+install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/ppp/options
+install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ppp/filters
+install -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/ppp/pap-secrets
+install -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/ppp/chap-secrets
+install -d 755 %{buildroot}%{_sysconfdir}/ppp/peers
+install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/ppp/peers/modem
+install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/ppp/peers/pppoe
+install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/ppp/peers/pppoe-rp
+install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/ppp/peers/ppp
+install -m 644 %{SOURCE12} %{buildroot}%{_sysconfdir}/ppp/peers/pptp
+%if 0%{?suse_version} > 1500
+install -d 755 %{buildroot}%{_pam_vendordir}
+install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/ppp
+%else
+install -d 755 %{buildroot}%{_sysconfdir}/pam.d
+install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/ppp
+%endif
+install -Dm 644 %{SOURCE14} %{buildroot}%{_sysconfdir}/ppp/chatscripts/modem.chat
+install -Dm 644 %{SOURCE15} %{buildroot}%{_unitdir}/modem@.service
+install -Dm 644 %{SOURCE16} %{buildroot}%{_udevrulesdir}/90-modem.rules
+
+%if 0%{?suse_version} > 1500
+%pre
+# Prepare for migration to /usr/etc; save any old .rpmsave
+for i in pam.d/ppp ; do
+     test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
+done
+
+%posttrans
+# Migration to /usr/etc, restore just created .rpmsave
+for i in pam.d/ppp ; do
+     test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
+done
+%endif
+
+%files
+%attr(0750,root,root) %dir %{_sysconfdir}/ppp
+%dir %{_sysconfdir}/ppp/peers
+%config(noreplace) %{_sysconfdir}/ppp/options
+%config(noreplace) %{_sysconfdir}/ppp/filters
+%config(noreplace) %{_sysconfdir}/ppp/pap-secrets
+%config(noreplace) %{_sysconfdir}/ppp/chap-secrets
+%config(noreplace) %{_sysconfdir}/ppp/eaptls-*
+%config(noreplace) %{_sysconfdir}/ppp/openssl.cnf
+%config(noreplace) %{_sysconfdir}/ppp/peers/p*
+%if 0%{?suse_version} > 1500
+%{_pam_vendordir}/ppp
+%else
+%config(noreplace) %{_sysconfdir}/pam.d/ppp
+%endif
+%doc FAQ README* SETUP scripts PLUGINS
+%{_mandir}/man?/*.?%{ext_man}
+%attr(-,root,%{_group}) %{_sbindir}/pppd
+%{_sbindir}/chat
+%{_sbindir}/pppdump
+%{_sbindir}/pppstats
+%{_sbindir}/pppoe-discovery
+%dir %{_libdir}/pppd
+%dir %{_libdir}/pppd/%{version}
+%attr(0755,root,root) %{_libdir}/pppd/%{version}/*.so
+
+%files devel
+%{_includedir}/pppd
+%_libdir/pkgconfig/*
+%{_libdir}/pppd/%{version}/*.la
+
+%files modem
+%dir %{_sysconfdir}/ppp/peers
+%config(noreplace) %{_sysconfdir}/ppp/peers/modem
+%dir %{_sysconfdir}/ppp/chatscripts
+%config(noreplace) %{_sysconfdir}/ppp/chatscripts/modem.chat
+%{_unitdir}/modem@.service
+%dir %{_udevrulesdir}
+%{_udevrulesdir}/90-modem.rules
+
+%changelog

pppoatm-peers

@@ -0,0 +1,11 @@
+#
+# PPP over ATM options
+#
+plugin pppoatm.so
+#
+# Plugin passwordfd enables us to pipe the password to pppd, thus we
+# don't have to put it into pap-secrets and chap-secrets.
+#
+plugin passwordfd.so
+#
+noauth

pppoe-peers

@@ -0,0 +1,19 @@
+#
+# PPP over Ethernet options (using pppoe plugin)
+#
+plugin pppoe.so
+#
+# Plugin passwordfd enables us to pipe the password to pppd, thus we
+# don't have to put it into pap-secrets and chap-secrets.
+#
+plugin passwordfd.so
+#
+noauth
+# pppoe has a lower mtu/mru
+mtu 1492
+mru 1492
+# switch off all compressions (this is a must)
+nopcomp
+# this is recommended
+novjccomp
+noccp

pppoe-rp-peers

@@ -0,0 +1,17 @@
+#
+# PPP over Ethernet options (using roaring pinguin external program)
+#
+# Plugin passwordfd enables us to pipe the password to pppd, thus we
+# don't have to put it into pap-secrets and chap-secrets.
+#
+plugin passwordfd.so
+#
+noauth
+# pppoe has a lower mtu/mru
+mtu 1492
+mru 1492
+# switch off all compressions (this is a must)
+nopcomp
+# this is recommended
+novjccomp
+noccp

pptp-peers

@@ -0,0 +1,15 @@
+#
+# PPTP options
+#
+# Plugin passwordfd enables us to pipe the password to pppd, thus we
+# don't have to put it into pap-secrets and chap-secrets.
+#
+plugin passwordfd.so
+#
+noauth
+linkname adsl
+nocrtscts
+local
+# switch off all compressions (this is a must)
+noaccomp
+nopcomp