Accepting request 1134222 from network

- Update to version 2.5.0. This release is a major release of pppd which contains breaking changes for third-party plugins, a complete revamp of the build-system and that allows for flexibility of configuring features as needed. * CVE-2022-4603, bsc#1218251: improper validation of array index of the component pppdump * Support for PEAP authentication * Support for loading PKCS12 certificate envelopes * Adoption of GNU Autoconf / Automake build environment * Support for pkgconfig * Bunch of fixes and cleanup to PPPoE and IPv6 support * Major revision to PPPD's Plugin API * Lots of internal fixes and cleanups for Radius and PPPoE * Dropped IPX support, as Linux has dropped it in version 5.15 * Pppd is no longer installed setuid-root * New pppd options: - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber, ipv6-up-script, ipv6-down-script - -v, show-options - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip * On Linux, any baud rate can be set on a serial port provided the kernel serial driver supports that. - Obsoleted patches: * ppp-lib64.patch * ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch * ppp-pie.patch - Source file pppoe-discovery.8.gz is now part of the tarball. - Enable support for systemd notification. OBS-URL: https://build.opensuse.org/request/show/1134222 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ppp?expand=0&rev=50
2023-12-21 22:37:27 +00:00 · 2023-12-21 22:37:27 +00:00 · fa2af14574
commit fa2af14574
parent 1770bae85f 2927176af0
15 changed files with 105 additions and 277 deletions
--- a/ppp-2.4.9.tar.gz
+++ b/ppp-2.4.9.tar.gz
--- a/ppp-2.4.9.tar.gz.asc
+++ b/ppp-2.4.9.tar.gz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCAAdFiEEv0VLfXa2m9eKuaRpnZrqdyxjcZ8FAl/zpLgACgkQnZrqdyxj
 cZ8ImAgAzRJAmRuS4BB87OkE5LQMO68CVji/jHVyTgt3/hTMhJ6HYlX2iLzjmkM9
 tXX3vZ+qP0WfcSm65QDIIBd9ICy1VNjjuwb9QH1qBSQJIlE9ZDSbECKtqxtHI//H
 gSXe8w4L7xGTl7ODYB3m3JnR13qnfTjf15kDIJ+RKPXmZjYo5cIBb3zATurJBWqC
 H8N00XL4d3RPD+hLQtxDDZE8hIIYxVrtmsV6e4MB90/2BBAhEKuW3YgXTDekD6dr
 Q3BXdsFcQnUssEIfWFvxt0b08/y92HhtyVaIqVEPxyfGEv/KfugIwzP6E6h7XtX9
 uU4Lrqr0652/9UJQT3FS5ou7aaW/PQ==
 =x0Lf
 -----END PGP SIGNATURE-----
--- a/ppp-2.5.0.tar.gz
+++ b/ppp-2.5.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff
 size 1170057
--- a/ppp-2.5.0.tar.gz.asc
+++ b/ppp-2.5.0.tar.gz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQFGBAABCAAwFiEEv0VLfXa2m9eKuaRpnZrqdyxjcZ8FAmQrvoQSHHBhdWx1c0Bv
 emxhYnMub3JnAAoJEJ2a6ncsY3Gfx+YH/3DJdp8pCZDaONwBADpWc9ttGAusH3k6
 fsOntaWKumy5HyJIF7h/ArDvYiAUeO3rgSckZS9o94u3OfkDxP4uf9AnGWBPzCir
 CAwUes6JIP23IHAI5uLnSqo72lGtsRNbh95H8PALobKGN/Im+CTi2j6FIx+Nnf2f
 6GRSJuw+OSRDzp+rJb1osAoUyuMnRpogXuQAAAeKJAHFDC+98vInQhDmwcu7wNWP
 rhR1PrviW8nIsikwRQQptCQNC35DVI3IYUg3L1o8Y2LU1ofF3gYtX7lDF7IthqLM
 pUPy+ddE8AsOiHOnKKIxzH9YFy9/xABQmtFLRJDAT24BHe1BCTyqniI=
 =4tVk
 -----END PGP SIGNATURE-----
--- a/ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch
+++ b/ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch
@ -1,54 +0,0 @@
 diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c
 index 5740f30..46a4d5b 100644
 --- a/pppd/eap-tls.c
 +++ b/pppd/eap-tls.c
@@ -280,6 +280,23 @@ ENGINE *eaptls_ssl_load_engine( char *engine_name )
 +#ifndef OPENSSL_NO_ENGINE
 +static int eaptls_UI_writer(UI *ui, UI_STRING *uis)
 +{
 +    PW_CB_DATA* cb_data = (PW_CB_DATA*)UI_get0_user_data(ui);
 +    UI_set_result(ui, uis, cb_data->password);
 +    return 1;
 +}
 +
 +static int eaptls_UI_stub(UI* ui) {
 +    return 1;
 +}
 +
 +static int eaptls_UI_reader(UI *ui, UI_STRING *uis) {
 +    return 1;
 +}
 +#endif
 +
 /*
  * Initialize the SSL stacks and tests if certificates, key and crl
  * for client or server use can be loaded.
@@ -516,20 +533,11 @@ SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, char *capath,
         {
             UI_METHOD* transfer_pin = UI_create_method("transfer_pin");
 -            int writer (UI *ui, UI_STRING *uis)
 -            {
 -                PW_CB_DATA* cb_data = (PW_CB_DATA*)UI_get0_user_data(ui);
 -                UI_set_result(ui, uis, cb_data->password);
 -                return 1;
 -            };
 -            int stub (UI* ui) {return 1;};
 -            int stub_reader (UI *ui, UI_STRING *uis) {return 1;};
 -
 -            UI_method_set_writer(transfer_pin,  writer);
 -            UI_method_set_opener(transfer_pin,  stub);
 -            UI_method_set_closer(transfer_pin,  stub);
 -            UI_method_set_flusher(transfer_pin, stub);
 -            UI_method_set_reader(transfer_pin,  stub_reader);
 +            UI_method_set_writer(transfer_pin,  eaptls_UI_writer);
 +            UI_method_set_opener(transfer_pin,  eaptls_UI_stub);
 +            UI_method_set_closer(transfer_pin,  eaptls_UI_stub);
 +            UI_method_set_flusher(transfer_pin, eaptls_UI_stub);
 +            UI_method_set_reader(transfer_pin,  eaptls_UI_reader);
             dbglog( "Using our private key '%s' in engine", pkey_identifier );
             pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier, transfer_pin, &cb_data);
--- a/ppp-fix-bashisms.patch
+++ b/ppp-fix-bashisms.patch
@ -1,7 +1,6 @@
-diff -Ndur ppp-2.4.7/scripts/redialer ppp-2.4.7-fix-bashisms/scripts/redialer
+--- scripts/redialer.orig
--- ppp-2.4.7/scripts/redialer	2014-08-09 15:31:39.000000000 +0300
+++ scripts/redialer
-+++ ppp-2.4.7-fix-bashisms/scripts/redialer	2014-11-19 05:09:46.168864978 +0200
+@@ -31,7 +31,7 @@ PASSWORD=my_password
@@ -31,7 +31,7 @@
 # Function to initialize the modem and ensure that it is in command
 # state. This may not be needed, but it doesn't hurt.
 #
@ -10,7 +9,7 @@ diff -Ndur ppp-2.4.7/scripts/redialer ppp-2.4.7-fix-bashisms/scripts/redialer
 {
     chat -v TIMEOUT 3 '' AT 'OK-+++\c-OK'
     return
-@@ -41,7 +41,7 @@
+@@ -41,7 +41,7 @@ function initialize
 #
 # Script to dial a telephone
 #
@ -19,7 +18,7 @@ diff -Ndur ppp-2.4.7/scripts/redialer ppp-2.4.7-fix-bashisms/scripts/redialer
 {
 chat -v							\
 	ABORT		'\nBUSY\r'			\
-@@ -66,7 +66,7 @@
+@@ -66,7 +66,7 @@ chat -v							\
 #
 # Script to dial any telephone number
 #
--- a/ppp-fork-fix.patch
+++ b/ppp-fork-fix.patch
@ -1,6 +1,6 @@
 --- pppd/main.c.orig
 +++ pppd/main.c
-@@ -1551,14 +1551,6 @@ safe_fork(int infd, int outfd, int errfd
+@@ -1632,14 +1632,6 @@ ppp_safe_fork(int infd, int outfd, int e
 	int fd, pipefd[2];
 	char buf[1];
@ -15,7 +15,7 @@
 	if (pipe(pipefd) == -1)
 		pipefd[0] = pipefd[1] = -1;
 	pid = fork();
-@@ -1582,25 +1574,31 @@ safe_fork(int infd, int outfd, int errfd
+@@ -1663,25 +1655,31 @@ ppp_safe_fork(int infd, int outfd, int e
 		tdb_close(pppdb);
 #endif
@ -64,7 +64,7 @@
 		close(log_to_fd);
 	if (the_channel->close)
 		(*the_channel->close)();
-@@ -1608,12 +1606,18 @@ safe_fork(int infd, int outfd, int errfd
+@@ -1689,12 +1687,18 @@ ppp_safe_fork(int infd, int outfd, int e
 		close(devfd);	/* some plugins don't have a close function */
 	close(fd_ppp);
 	close(fd_devnull);
--- a/ppp-lib64.patch
+++ b/ppp-lib64.patch
@ -1,99 +0,0 @@
 diff -Nur ppp-2.4.9/pppd/Makefile.linux new/pppd/Makefile.linux
 --- ppp-2.4.9/pppd/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/Makefile.linux	2022-05-23 17:42:04.835599374 +0200
@@ -112,7 +112,7 @@
 # EAP SRP-SHA1
 ifdef USE_SRP
 CFLAGS	+= -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
 -LIBS	+= -lsrp -L/usr/local/ssl/lib
 +LIBS	+= -lsrp -L/usr/local/ssl/lib6464
 NEEDCRYPTOLIB = y
 TARGETS	+= srp-entry
 EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
 diff -Nur ppp-2.4.9/pppd/pathnames.h new/pppd/pathnames.h
 --- ppp-2.4.9/pppd/pathnames.h	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/pathnames.h	2022-05-23 17:42:04.835599374 +0200
@@ -62,9 +62,9 @@
 #ifdef PLUGIN
 #ifdef __STDC__
 -#define _PATH_PLUGIN	DESTDIR "/lib/pppd/" VERSION
 +#define _PATH_PLUGIN	DESTDIR "/lib64/pppd/" VERSION
 #else /* __STDC__ */
 -#define _PATH_PLUGIN	"/usr/lib/pppd"
 +#define _PATH_PLUGIN	"/usr/lib64/pppd"
 #endif /* __STDC__ */
 #endif /* PLUGIN */
 diff -Nur ppp-2.4.9/pppd/plugins/Makefile.linux new/pppd/plugins/Makefile.linux
 --- ppp-2.4.9/pppd/plugins/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/plugins/Makefile.linux	2022-05-23 17:42:04.835599374 +0200
@@ -5,7 +5,7 @@
 DESTDIR = $(INSTROOT)@DESTDIR@
 BINDIR = $(DESTDIR)/sbin
 MANDIR = $(DESTDIR)/share/man/man8
 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
 CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
 LDFLAGS_SHARED	= -shared
 diff -Nur ppp-2.4.9/pppd/plugins/pppoatm/Makefile.linux new/pppd/plugins/pppoatm/Makefile.linux
 --- ppp-2.4.9/pppd/plugins/pppoatm/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/plugins/pppoatm/Makefile.linux	2022-05-23 17:42:04.835599374 +0200
@@ -4,7 +4,7 @@
 COPTS=@CFLAGS@
 DESTDIR = $(INSTROOT)@DESTDIR@
 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
 VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
 diff -Nur ppp-2.4.9/pppd/plugins/pppoe/Makefile.linux new/pppd/plugins/pppoe/Makefile.linux
 --- ppp-2.4.9/pppd/plugins/pppoe/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/plugins/pppoe/Makefile.linux	2022-05-23 17:42:04.835599374 +0200
@@ -18,7 +18,7 @@
 DESTDIR = $(INSTROOT)@DESTDIR@
 BINDIR = $(DESTDIR)/sbin
 -LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION)
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(PPPDVERSION)
 PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
 diff -Nur ppp-2.4.9/pppd/plugins/pppol2tp/Makefile.linux new/pppd/plugins/pppol2tp/Makefile.linux
 --- ppp-2.4.9/pppd/plugins/pppol2tp/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/plugins/pppol2tp/Makefile.linux	2022-05-23 17:42:04.835599374 +0200
@@ -4,7 +4,7 @@
 COPTS=@CFLAGS@
 DESTDIR = $(INSTROOT)/@DESTDIR@
 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
 VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
 diff -Nur ppp-2.4.9/pppd/plugins/radius/Makefile.linux new/pppd/plugins/radius/Makefile.linux
 --- ppp-2.4.9/pppd/plugins/radius/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/plugins/radius/Makefile.linux	2022-05-23 17:42:04.835599374 +0200
@@ -9,7 +9,7 @@
 DESTDIR = $(INSTROOT)@DESTDIR@
 MANDIR = $(DESTDIR)/share/man/man8
 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
 +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION)
 VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
 diff -Nur ppp-2.4.9/pppd/pppd.8 new/pppd/pppd.8
 --- ppp-2.4.9/pppd/pppd.8	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/pppd.8	2022-05-23 17:42:04.835599374 +0200
@@ -995,7 +995,7 @@
 .B plugin \fIfilename
 Load the shared library object file \fIfilename\fR as a plugin.  This
 is a privileged option.  If \fIfilename\fR does not contain a slash
 -(/), pppd will look in the \fB/usr/lib/pppd/\fIversion\fR directory
 +(/), pppd will look in the \fB/usr/lib64/pppd/\fIversion\fR directory
 for the plugin, where
 \fIversion\fR is the version number of pppd (for example, 2.4.2).
 .TP
--- a/ppp-misc.patch
+++ b/ppp-misc.patch
@ -1,6 +1,6 @@
 --- pppd/auth.c.orig
 +++ pppd/auth.c
-@@ -2105,9 +2105,10 @@ check_access(f, filename)
+@@ -2184,9 +2184,10 @@ check_access(FILE *f, char *filename)
     if (fstat(fileno(f), &sbuf) < 0) {
 	warn("cannot stat secret file %s: %m", filename);
@ -16,7 +16,7 @@
 --- pppd/lcp.c.orig
 +++ pppd/lcp.c
-@@ -2302,7 +2302,7 @@ lcp_received_echo_reply (f, id, inp, len
+@@ -2243,7 +2243,7 @@ lcp_received_echo_reply (fsm *f, int id,
     if (lcp_gotoptions[f->unit].neg_magicnumber
 	&& magic == lcp_gotoptions[f->unit].magicnumber) {
 	warn("appear to have received our own echo-reply!");
@ -25,9 +25,9 @@
     }
     /* Reset the number of outstanding echo frames */
--- pppd/pppd.h.orig
+--- pppd/pppd-private.h.orig
-+++ pppd/pppd.h
+++ pppd/pppd-private.h
-@@ -873,15 +873,7 @@ extern void (*snoop_send_hook) __P((unsi
+@@ -545,15 +545,7 @@ int parse_dotted_ip(char *, u_int32_t *)
 #define DEBUGCHAP	1
 #endif
--- a/ppp-pie.patch
+++ b/ppp-pie.patch
@ -1,36 +0,0 @@
 diff -Nur ppp-2.4.9/chat/Makefile.linux new/chat/Makefile.linux
 --- ppp-2.4.9/chat/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/chat/Makefile.linux	2022-05-23 17:29:53.108022140 +0200
@@ -19,7 +19,7 @@
 all:	chat
 chat:	chat.o
 -	$(CC) $(LDFLAGS) -o chat chat.o
 +	$(CC) -pie $(LDFLAGS) -o chat chat.o
 chat.o:	chat.c
 	$(CC) -c $(CFLAGS) -o chat.o chat.c
 diff -Nur ppp-2.4.9/pppd/Makefile.linux new/pppd/Makefile.linux
 --- ppp-2.4.9/pppd/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppd/Makefile.linux	2022-05-23 17:29:53.108022140 +0200
@@ -245,7 +245,7 @@
 	$(INSTALL) -c -m 444 pppd.8 $(MANDIR)
 pppd: $(PPPDOBJS)
 -	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
 +	$(CC) $(CFLAGS) -pie -fPIC $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
 srp-entry:	srp-entry.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS)
 diff -Nur ppp-2.4.9/pppstats/Makefile.linux new/pppstats/Makefile.linux
 --- ppp-2.4.9/pppstats/Makefile.linux	2021-01-05 00:06:37.000000000 +0100
 +++ new/pppstats/Makefile.linux	2022-05-23 17:29:53.108022140 +0200
@@ -27,7 +27,7 @@
 	$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
 pppstats: $(PPPSTATSRCS)
 -	$(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
 +	$(CC) $(CFLAGS) -pie -fPIE $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
 clean:
 	rm -f pppstats *~ #* core
--- a/ppp-smpppd.patch
+++ b/ppp-smpppd.patch
@ -1,6 +1,6 @@
 --- pppd/main.c.orig
 +++ pppd/main.c
-@@ -1920,8 +1920,8 @@ forget_child(pid, status)
+@@ -1995,8 +1995,8 @@ forget_child(int pid, int status)
     if (WIFSIGNALED(status)) {
         warn("Child process %s (pid %d) terminated with signal %d",
 	     (chp? chp->prog: "??"), pid, WTERMSIG(status));
--- a/ppp-var_run_resolv_conf.patch
+++ b/ppp-var_run_resolv_conf.patch
@ -3,10 +3,9 @@ Tue Jul 22 14:16:29 CEST 2008 - hvogel@suse.de
 Move the resolv.conf written by pppd to /var/run [bnc#401648]
-diff -Nur ppp-2.4.9/Changes-2.3 new/Changes-2.3
+--- Changes-2.3.orig
--- ppp-2.4.9/Changes-2.3	2021-01-05 00:06:37.000000000 +0100
+++ Changes-2.3
-+++ new/Changes-2.3	2022-05-23 18:30:08.827773633 +0200
+@@ -262,10 +262,10 @@ What was new in ppp-2.3.6.
@@ -262,10 +262,10 @@
 * Added new option `usepeerdns', thanks to Nick Walker
   <nickwalker@email.com>.  If the peer supplies DNS addresses, these
@ -14,64 +13,61 @@ diff -Nur ppp-2.4.9/Changes-2.3 new/Changes-2.3
 -  be used to add these addresses to /etc/resolv.conf if desired (see
 -  the ip-up.local.add and ip-down.local.add files in the scripts
 -  directory).
-+  will be written to /var/run/ppp_resolv.conf.$INTERFACE_NAME.
+  will be written to /run/ppp_resolv.conf.$INTERFACE_NAME.
 +  The ip-up script can then be used to add these addresses to
 +  /etc/resolv.conf if desired (see the ip-up.local.add and
 +  ip-down.local.add files in the scripts directory).
 * The Solaris ppp driver should now work correctly on SMP systems.
-diff -Nur ppp-2.4.9/pppd/ipcp.c new/pppd/ipcp.c
+--- pppd/ipcp.c.orig
--- ppp-2.4.9/pppd/ipcp.c	2021-01-05 00:06:37.000000000 +0100
+++ pppd/ipcp.c
-+++ new/pppd/ipcp.c	2022-05-23 18:30:08.827773633 +0200
+@@ -2151,10 +2151,13 @@ static void
@@ -2090,10 +2090,13 @@
 create_resolv(u_int32_t peerdns1, u_int32_t peerdns2)
 {
     FILE *f;
-+    char rcfilename[MAXIFNAMELEN];
+    char rcfilename[PATH_MAX];
-    f = fopen(_PATH_RESOLV, "w");
+-    f = fopen(PPP_PATH_RESOLV, "w");
-+    slprintf(rcfilename, sizeof(rcfilename), "%s.%s",
+    slprintf(rcfilename, sizeof(rcfilename), "%s.%s", PPP_PATH_RESOLV, ifname);
-+                 _PATH_RESOLV, ifname);
+    
 +    f = fopen(rcfilename, "w");
     if (f == NULL) {
-	error("Failed to create %s: %m", _PATH_RESOLV);
+-	error("Failed to create %s: %m", PPP_PATH_RESOLV);
 +	error("Failed to create %s: %m", rcfilename);
 	return;
     }
-@@ -2104,7 +2107,7 @@
+@@ -2165,7 +2168,7 @@ create_resolv(u_int32_t peerdns1, u_int3
 	fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2));
     if (ferror(f))
-	error("Write failed to %s: %m", _PATH_RESOLV);
+-	error("Write failed to %s: %m", PPP_PATH_RESOLV);
 +	error("Write failed to %s: %m", rcfilename);
     fclose(f);
 }
-diff -Nur ppp-2.4.9/pppd/pathnames.h new/pppd/pathnames.h
+--- pppd/pathnames.h.orig
--- ppp-2.4.9/pppd/pathnames.h	2021-01-05 00:06:37.000000000 +0100
+++ pppd/pathnames.h
-+++ new/pppd/pathnames.h	2022-05-23 18:30:08.827773633 +0200
+@@ -105,7 +105,7 @@
-@@ -35,7 +35,7 @@
+ #define PPP_PATH_AUTHDOWN       PPP_PATH_CONFDIR "/auth-down"
- #define _PATH_TTYOPT	 _ROOT_PATH "/etc/ppp/options."
+ #define PPP_PATH_TTYOPT         PPP_PATH_CONFDIR "/options."
- #define _PATH_CONNERRS	 _ROOT_PATH "/etc/ppp/connect-errors"
+ #define PPP_PATH_PEERFILES      PPP_PATH_CONFDIR "/peers/"
- #define _PATH_PEERFILES	 _ROOT_PATH "/etc/ppp/peers/"
+-#define PPP_PATH_RESOLV         PPP_PATH_CONFDIR "/resolv.conf"
-#define _PATH_RESOLV	 _ROOT_PATH "/etc/ppp/resolv.conf"
+#define PPP_PATH_RESOLV         PPP_PATH_CONFDIR "/run/ppp_resolv.conf"
 +#define _PATH_RESOLV	 _ROOT_PATH "/var/run/ppp_resolv.conf"
- #define _PATH_USEROPT	 ".ppprc"
+ #define PPP_PATH_CONNERRS       PPP_PATH_VARLOG  "/connect-errors"
- #define	_PATH_PSEUDONYM	 ".ppp_pseudonym"
+ 
-diff -Nur ppp-2.4.9/pppd/pppd.8 new/pppd/pppd.8
+--- pppd/pppd.8.orig
--- ppp-2.4.9/pppd/pppd.8	2021-01-05 00:06:37.000000000 +0100
+++ pppd/pppd.8
-+++ new/pppd/pppd.8	2022-05-23 18:30:08.827773633 +0200
+@@ -1189,8 +1189,8 @@ Ask the peer for up to 2 DNS server addr
@@ -1196,8 +1196,8 @@
 by the peer (if any) are passed to the /etc/ppp/ip\-up script in the
 environment variables DNS1 and DNS2, and the environment variable
 USEPEERDNS will be set to 1.  In addition, pppd will create an
 -/etc/ppp/resolv.conf file containing one or two nameserver lines with
 -the address(es) supplied by the peer.
-+/var/run/ppp_resolv.conf.$INTERFACE file containing one or two nameserver
+/run/ppp_resolv.conf.$INTERFACE file containing one or two nameserver
 +lines with the address(es) supplied by the peer.
 .TP
- .B user \fIname
+ .B usepeerwins
- Sets the name used for authenticating the local system to the peer to
+ Ask the peer for up to 2 WINS server addresses.  The addresses supplied
--- a/ppp.changes
+++ b/ppp.changes
@ -1,3 +1,35 @@
 -------------------------------------------------------------------
 Fri Apr 21 11:52:53 UTC 2023 - Reinhard Max <max@suse.com>
 - Update to version 2.5.0. This release is a major release of pppd
  which contains breaking changes for third-party plugins, a
  complete revamp of the build-system and that allows for
  flexibility of configuring features as needed.
  * CVE-2022-4603, bsc#1218251: improper validation of array index
    of the component pppdump
  * Support for PEAP authentication
  * Support for loading PKCS12 certificate envelopes
  * Adoption of GNU Autoconf / Automake build environment
  * Support for pkgconfig
  * Bunch of fixes and cleanup to PPPoE and IPv6 support
  * Major revision to PPPD's Plugin API
  * Lots of internal fixes and cleanups for Radius and PPPoE
  * Dropped IPX support, as Linux has dropped it in version 5.15
  * Pppd is no longer installed setuid-root
  * New pppd options:
    - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
      ipv6-up-script, ipv6-down-script
    - -v, show-options
    - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
  * On Linux, any baud rate can be set on a serial port provided
    the kernel serial driver supports that.
 - Obsoleted patches:
  * ppp-lib64.patch
  * ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch
  * ppp-pie.patch
 - Source file pppoe-discovery.8.gz is now part of the tarball.
 - Enable support for systemd notification.
 -------------------------------------------------------------------
 Wed Dec 28 14:32:02 UTC 2022 - Stefan Schubert <schubi@suse.com>
--- a/ppp.spec
+++ b/ppp.spec
@ -1,7 +1,7 @@
 #
 # spec file for package ppp
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@
 %define _group dialout
 Name:           ppp
-Version:        2.4.9
+Version:        2.5.0
 Release:        0
 Summary:        The Point to Point Protocol for Linux
 License:        BSD-3-Clause AND LGPL-2.1-or-later AND GPL-2.0-or-later
@ -41,7 +41,6 @@ Source9:        pppoe-rp-peers
 Source10:       pppoatm-peers
 Source11:       ppp-peers
 Source12:       pptp-peers
 Source13:       pppoe-discovery.8.gz
 # modem files
 Source14:       modem.chat
 Source15:       modem@.service
@ -50,10 +49,6 @@ Source16:       modem.rules
 Source17:       %{name}.keyring
 # PATCH-FEATURE-OPENSUSE ppp-smpppd.patch -- Add more log output for smpppd (move from debug to info log)
 Patch0:         ppp-smpppd.patch
 # PATCH-FIX-OPENSUSE ppp-pie.patch -- Build position independent code
 Patch1:         ppp-pie.patch
 # PATCH-FIX-OPENSUSE ppp-lib64.patch -- Install into lib64 on 64bit systems
 Patch2:         ppp-lib64.patch
 # PATCH-FIX-UPSTREAM ppp-var_run_resolv_conf.patch -- Move resolv.conf to /var/run
 Patch3:         ppp-var_run_resolv_conf.patch
 # PATCH-FIX-UPSTREAM ppp-fix-bashisms.patch -- Remove bashism from posix shell interpreted script https://github.com/ppp-project/ppp/issues/348
@ -62,14 +57,13 @@ Patch4:         ppp-fix-bashisms.patch
 Patch5:         ppp-fork-fix.patch
 # misc tiny stuff
 Patch6:         ppp-misc.patch
 # PATCH-FIX-UPSTREAM ppp-fork-fix.patch -- fix E: executable-stack (Badness: 10000) /usr/sbin/pppd
 Patch7:         ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch
 # Of cause any other compatible libc would work, like musl, but 2.24 required for SOL_NETLINK
 BuildRequires:  glibc-devel >= 2.24
 BuildRequires:  libpcap-devel
 BuildRequires:  linux-atm-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
 BuildRequires:  pkgconfig(libsystemd)
 Requires:       group(%{_group})
 Requires(pre):  group(%{_group})
@ -111,16 +105,10 @@ you can disable unnecessary or disable everything.
 %prep
 %setup -q
 %patch0
-%patch1 -p1
+%patch3
-%patch3 -p1
+%patch4
 %patch4 -p1
 %patch5
 %patch6
 %patch7 -p1
 %if "%{_lib}" == "lib64"
 %patch2 -p1
 %endif
 sed -i -e '1s/local\///' scripts/secure-card
 find scripts -type f | xargs chmod a-x
@ -128,14 +116,16 @@ find -type f -name '*.orig' | xargs rm -f
 # Have to patch this in the Makefile, because setting it on the make
 # command line only is not enough.
-sed -i '/#HAVE_LIBATM/s/#//' pppd/plugins/pppoatm/Makefile.linux
+#sed -i '/#HAVE_LIBATM/s/#//' pppd/plugins/pppoatm/Makefile.linux
 %build
-%configure --cflags "%{optflags} -fno-strict-aliasing -fPIC $SP"
+%configure --enable-cbcp --with-pam --enable-multilink --enable-systemd
-%make_build CHAPMS=y CBCP=y HAS_SHADOW=y USE_PAM=y FILTER=y HAVE_INET6=y HAVE_LOGWTMP=y
+%make_build
 #CHAPMS=y CBCP=y HAS_SHADOW=y USE_PAM=y FILTER=y HAVE_INET6=y HAVE_LOGWTMP=y
 %install
-make install DESTDIR=%{buildroot}%{_prefix}
+make install DESTDIR=%{buildroot}
 install -dm 750 %{buildroot}%{_sysconfdir}/ppp
 install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/ppp/options
 install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ppp/filters
@ -157,7 +147,6 @@ install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/ppp
 install -d 755 %{buildroot}%{_sysconfdir}/pam.d
 install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/ppp
 %endif
 install -m 644 %{SOURCE13} %{buildroot}%{_mandir}/man8/pppoe-discovery.8.gz
 install -Dm 644 %{SOURCE14} %{buildroot}%{_sysconfdir}/ppp/chatscripts/modem.chat
 install -Dm 644 %{SOURCE15} %{buildroot}%{_unitdir}/modem@.service
 install -Dm 644 %{SOURCE16} %{buildroot}%{_udevrulesdir}/90-modem.rules
@ -183,6 +172,8 @@ done
 %config(noreplace) %{_sysconfdir}/ppp/filters
 %config(noreplace) %{_sysconfdir}/ppp/pap-secrets
 %config(noreplace) %{_sysconfdir}/ppp/chap-secrets
 %config(noreplace) %{_sysconfdir}/ppp/eaptls-*
 %config(noreplace) %{_sysconfdir}/ppp/openssl.cnf
 %config(noreplace) %{_sysconfdir}/ppp/peers/p*
 %if 0%{?suse_version} > 1500
 %{_pam_vendordir}/ppp
@ -202,6 +193,8 @@ done
 %files devel
 %{_includedir}/pppd
 %_libdir/pkgconfig/*
 %{_libdir}/pppd/%{version}/*.la
 %files modem
 %dir %{_sysconfdir}/ppp/peers
--- a/pppoe-discovery.8.gz
+++ b/pppoe-discovery.8.gz