diff --git a/fix-header-conflict.patch b/fix-header-conflict.patch deleted file mode 100644 index 19c109b..0000000 --- a/fix-header-conflict.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c -=================================================================== ---- ppp-2.4.7.orig/pppd/plugins/rp-pppoe/plugin.c -+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c -@@ -49,6 +49,8 @@ static char const RCSID[] = - #include - #include - #include -+#define _LINUX_IN_H /* block from being included */ -+#define _LINUX_IN6_H /* block from being included */ - #include - - #ifndef _ROOT_PATH diff --git a/ppp-2.4.3-strip.diff b/ppp-2.4.3-strip.diff deleted file mode 100644 index 5dcf5ab..0000000 --- a/ppp-2.4.3-strip.diff +++ /dev/null @@ -1,30 +0,0 @@ -Index: pppd/plugins/radius/Makefile.linux -=================================================================== ---- pppd/plugins/radius/Makefile.linux.orig -+++ pppd/plugins/radius/Makefile.linux -@@ -37,9 +37,9 @@ all: $(PLUGIN) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radius.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) - $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) - $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) - -Index: pppd/plugins/rp-pppoe/Makefile.linux -=================================================================== ---- pppd/plugins/rp-pppoe/Makefile.linux.orig -+++ pppd/plugins/rp-pppoe/Makefile.linux -@@ -45,7 +45,7 @@ install: all - $(INSTALL) -d -m 755 $(LIBDIR) - $(INSTALL) rp-pppoe.so $(LIBDIR) - $(INSTALL) -d -m 755 $(BINDIR) -- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) -+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) - - clean: - rm -f *.o *.so pppoe-discovery diff --git a/ppp-2.4.3-winbind-setuidfix.patch b/ppp-2.4.3-winbind-setuidfix.patch deleted file mode 100644 index d6f3beb..0000000 --- a/ppp-2.4.3-winbind-setuidfix.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- pppd/plugins/winbind.c -+++ pppd/plugins/winbind.c -@@ -296,16 +296,23 @@ - - if (forkret == 0) { - /* child process */ -- uid_t uid; -+ uid_t uid = getuid(); - - close(child_out[0]); - close(child_in[1]); - - /* run winbind as the user that invoked pppd */ - setgid(getgid()); -- uid = getuid(); - if (setuid(uid) == -1 || getuid() != uid) -+ { - fatal("pppd/winbind: could not setuid to %d: %m", uid); -+ exit(1); -+ } -+ if (getuid() != uid) { -+ perror("pppd/winbind: could not setuid to orig uid"); -+ exit(1); -+ } -+ - execl("/bin/sh", "sh", "-c", ntlm_auth, NULL); - fatal("pppd/winbind: could not exec /bin/sh: %m"); - } diff --git a/ppp-2.4.8.tar.gz b/ppp-2.4.8.tar.gz deleted file mode 100644 index 8a1c169..0000000 --- a/ppp-2.4.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f6bf89beae26b2943dff8f1003533d6a5a4909a0fa6edfbec44fe039bbe61bc6 -size 693809 diff --git a/ppp-2.4.8.tar.gz.asc b/ppp-2.4.8.tar.gz.asc deleted file mode 100644 index ca4071f..0000000 --- a/ppp-2.4.8.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEv0VLfXa2m9eKuaRpnZrqdyxjcZ8FAl4KsmsACgkQnZrqdyxj -cZ9mKAgAyT0zJgK60apFRaCKO03cVVb3ND5g1AgY3tXbtSIl1sDHPFo3Az+HIX2S -F7kl/Qi/wAZD87y6Pt9nN6yqF/F5SrERwAELkx5teTGjqsIj97u8mILP+B9TzMu0 -TGTDQ01Gm3m5m0km2h1DMpEahGDCl3LwXHsanu8XYdedVZAxTJzeO7Kqh/OJ7xaP -IELhG38zdDSP4BHcwEIHEi2NWGyNCY5XwswpHmhZi5JupP+f2iQ+7fIbIKRHyX0f -yVtRv1ekaNB8eLjiiR2uMoFgV/fLPxCDVuLyOaYa77nqeaCL97ZzBe/0L7TPwOIG -Q58eDqqL0wqn2Mg2jZ9N6j+YcF5iLg== -=mBYc ------END PGP SIGNATURE----- diff --git a/ppp-2.4.9.tar.gz b/ppp-2.4.9.tar.gz new file mode 100644 index 0000000..346b247 --- /dev/null +++ b/ppp-2.4.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d +size 716165 diff --git a/ppp-2.4.9.tar.gz.asc b/ppp-2.4.9.tar.gz.asc new file mode 100644 index 0000000..2916b64 --- /dev/null +++ b/ppp-2.4.9.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEv0VLfXa2m9eKuaRpnZrqdyxjcZ8FAl/zpLgACgkQnZrqdyxj +cZ8ImAgAzRJAmRuS4BB87OkE5LQMO68CVji/jHVyTgt3/hTMhJ6HYlX2iLzjmkM9 +tXX3vZ+qP0WfcSm65QDIIBd9ICy1VNjjuwb9QH1qBSQJIlE9ZDSbECKtqxtHI//H +gSXe8w4L7xGTl7ODYB3m3JnR13qnfTjf15kDIJ+RKPXmZjYo5cIBb3zATurJBWqC +H8N00XL4d3RPD+hLQtxDDZE8hIIYxVrtmsV6e4MB90/2BBAhEKuW3YgXTDekD6dr +Q3BXdsFcQnUssEIfWFvxt0b08/y92HhtyVaIqVEPxyfGEv/KfugIwzP6E6h7XtX9 +uU4Lrqr0652/9UJQT3FS5ou7aaW/PQ== +=x0Lf +-----END PGP SIGNATURE----- diff --git a/ppp-CVE-2015-3310.patch b/ppp-CVE-2015-3310.patch deleted file mode 100644 index 357469c..0000000 --- a/ppp-CVE-2015-3310.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- pppd/plugins/radius/util.c.orig -+++ pppd/plugins/radius/util.c -@@ -77,7 +77,7 @@ rc_mksid (void) - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), -- (unsigned int) getpid (), -+ (unsigned int) getpid () % 65535, - cnt & 0xFF); - cnt++; - return buf; diff --git a/ppp-CVE-2020-8597.patch b/ppp-CVE-2020-8597.patch deleted file mode 100644 index 4dcf753..0000000 --- a/ppp-CVE-2020-8597.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 -From: Paul Mackerras -Date: Mon, 3 Feb 2020 15:53:28 +1100 -Subject: [PATCH] pppd: Fix bounds check in EAP code - -Given that we have just checked vallen < len, it can never be the case -that vallen >= len + sizeof(rhostname). This fixes the check so we -actually avoid overflowing the rhostname array. - -Reported-by: Ilja Van Sprundel -Signed-off-by: Paul Mackerras ---- - pppd/eap.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- pppd/eap.c.orig -+++ pppd/eap.c -@@ -1420,7 +1420,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; -@@ -1846,7 +1846,7 @@ int len; - } - - /* Not so likely to happen. */ -- if (vallen >= len + sizeof (rhostname)) { -+ if (len - vallen >= sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/ppp-__P.patch b/ppp-__P.patch deleted file mode 100644 index 8b6b0db..0000000 --- a/ppp-__P.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- pppd/pppd.h.orig -+++ pppd/pppd.h -@@ -59,14 +59,17 @@ - #include - #include "patchlevel.h" - -+#undef __P - #if defined(__STDC__) - #include - #define __V(x) x -+#define __P(args) args - #else - #include - #define __V(x) (va_alist) va_dcl - #define const - #define volatile -+#define __P(args) - #endif - - #ifdef INET6 diff --git a/ppp-cifdefroute.patch b/ppp-cifdefroute.patch deleted file mode 100644 index 54e713a..0000000 --- a/ppp-cifdefroute.patch +++ /dev/null @@ -1,286 +0,0 @@ ---- pppd/ipcp.c.orig -+++ pppd/ipcp.c -@@ -197,6 +197,16 @@ static option_t ipcp_option_list[] = { - "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, - &ipcp_wantoptions[0].default_route }, - -+#ifdef __linux__ -+ { "replacedefaultroute", o_bool, -+ &ipcp_wantoptions[0].replace_default_route, -+ "Replace default route", 1 -+ }, -+ { "noreplacedefaultroute", o_bool, -+ &ipcp_allowoptions[0].replace_default_route, -+ "Never replace default route", OPT_A2COPY, -+ &ipcp_wantoptions[0].replace_default_route }, -+#endif - { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, - "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, - { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, -@@ -270,7 +280,7 @@ struct protent ipcp_protent = { - ip_active_pkt - }; - --static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t)); -+static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool)); - static void ipcp_script __P((char *, int)); /* Run an up/down script */ - static void ipcp_script_done __P((void *)); - -@@ -1760,7 +1770,12 @@ ip_demand_conf(u) - if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) - return 0; - if (wo->default_route) -+#ifndef __linux__ - if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) -+#else -+ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[u] = 1; - if (wo->proxy_arp) - if (sifproxyarp(u, wo->hisaddr)) -@@ -1848,7 +1863,8 @@ ipcp_up(f) - */ - if (demand) { - if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { -- ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr); -+ ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, -+ wo->replace_default_route); - if (go->ouraddr != wo->ouraddr) { - warn("Local IP address changed to %I", go->ouraddr); - script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); -@@ -1873,7 +1889,12 @@ ipcp_up(f) - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) -+#ifndef __linux__ - if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) -+#else -+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ -@@ -1923,7 +1944,12 @@ ipcp_up(f) - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) -+#ifndef __linux__ - if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) -+#else -+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, -+ wo->replace_default_route)) -+#endif - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ -@@ -2001,7 +2027,7 @@ ipcp_down(f) - sifnpmode(f->unit, PPP_IP, NPMODE_DROP); - sifdown(f->unit); - ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr, -- ipcp_hisoptions[f->unit].hisaddr); -+ ipcp_hisoptions[f->unit].hisaddr, 0); - } - - /* Execute the ip-down script */ -@@ -2017,16 +2043,25 @@ ipcp_down(f) - * proxy arp entries, etc. - */ - static void --ipcp_clear_addrs(unit, ouraddr, hisaddr) -+ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute) - int unit; - u_int32_t ouraddr; /* local address */ - u_int32_t hisaddr; /* remote address */ -+ bool replacedefaultroute; - { - if (proxy_arp_set[unit]) { - cifproxyarp(unit, hisaddr); - proxy_arp_set[unit] = 0; - } -- if (default_route_set[unit]) { -+ /* If replacedefaultroute, sifdefaultroute will be called soon -+ * with replacedefaultroute set and that will overwrite the current -+ * default route. This is the case only when doing demand, otherwise -+ * during demand, this cifdefaultroute would restore the old default -+ * route which is not what we want in this case. In the non-demand -+ * case, we'll delete the default route and restore the old if there -+ * is one saved by an sifdefaultroute with replacedefaultroute. -+ */ -+ if (!replacedefaultroute && default_route_set[unit]) { - cifdefaultroute(unit, ouraddr, hisaddr); - default_route_set[unit] = 0; - } ---- pppd/ipcp.h.orig -+++ pppd/ipcp.h -@@ -70,6 +70,7 @@ typedef struct ipcp_options { - bool old_addrs; /* Use old (IP-Addresses) option? */ - bool req_addr; /* Ask peer to send IP address? */ - bool default_route; /* Assign default route through interface? */ -+ bool replace_default_route; /* Replace default route through interface? */ - bool proxy_arp; /* Make proxy ARP entry for peer? */ - bool neg_vj; /* Van Jacobson Compression? */ - bool old_vj; /* use old (short) form of VJ option? */ ---- pppd/pppd.8.orig -+++ pppd/pppd.8 -@@ -133,6 +133,13 @@ the gateway, when IPv6CP negotiation is - This entry is removed when the PPP connection is broken. This option - is privileged if the \fInodefaultroute6\fR option has been specified. - .TP -+.B replacedefaultroute -+This option is a flag to the defaultroute option. If defaultroute is -+set and this flag is also set, pppd replaces an existing default route -+with the new default route. -+ -+ -+.TP - .B disconnect \fIscript - Execute the command specified by \fIscript\fR, by passing it to a - shell, after -@@ -746,7 +753,12 @@ disable both forms of hardware flow cont - .TP - .B nodefaultroute - Disable the \fIdefaultroute\fR option. The system administrator who --wishes to prevent users from creating default routes with pppd -+wishes to prevent users from adding a default route with pppd -+can do so by placing this option in the /etc/ppp/options file. -+.TP -+.B noreplacedefaultroute -+Disable the \fIreplacedefaultroute\fR option. The system administrator who -+wishes to prevent users from replacing a default route with pppd - can do so by placing this option in the /etc/ppp/options file. - .TP - .B nodefaultroute6 ---- pppd/pppd.h.orig -+++ pppd/pppd.h -@@ -681,7 +681,11 @@ int sif6addr __P((int, eui64_t, eui64_t - int cif6addr __P((int, eui64_t, eui64_t)); - /* Remove an IPv6 address from i/f */ - #endif -+#ifndef __linux__ - int sifdefaultroute __P((int, u_int32_t, u_int32_t)); -+#else -+int sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt)); -+#endif - /* Create default route through i/f */ - int cifdefaultroute __P((int, u_int32_t, u_int32_t)); - /* Delete default route through i/f */ ---- pppd/sys-linux.c.orig -+++ pppd/sys-linux.c -@@ -209,6 +209,8 @@ static int if_is_up; /* Interface has be - static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */ - static int have_default_route; /* Gateway for default route added */ - static int have_default_route6; /* Gateway for default IPv6 route added */ -+static struct rtentry old_def_rt; /* Old default route */ -+static int default_rt_repl_rest; /* replace and restore old default rt */ - static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ - static char proxy_arp_dev[16]; /* Device for proxy arp entry */ - static u_int32_t our_old_addr; /* for detecting address changes */ -@@ -1570,6 +1572,9 @@ static int read_route_table(struct rtent - p = NULL; - } - -+ SET_SA_FAMILY (rt->rt_dst, AF_INET); -+ SET_SA_FAMILY (rt->rt_gateway, AF_INET); -+ - SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); - SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); - SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); -@@ -1642,20 +1647,52 @@ int have_route_to(u_int32_t addr) - /******************************************************************** - * - * sifdefaultroute - assign a default route through the address given. -- */ -- --int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) --{ -- struct rtentry rt; -- -- if (defaultroute_exists(&rt, dfl_route_metric) && strcmp(rt.rt_dev, ifname) != 0) { -- if (rt.rt_flags & RTF_GATEWAY) -- error("not replacing existing default route via %I with metric %d", -- SIN_ADDR(rt.rt_gateway), dfl_route_metric); -- else -- error("not replacing existing default route through %s with metric %d", -- rt.rt_dev, dfl_route_metric); -- return 0; -+ * -+ * If the global default_rt_repl_rest flag is set, then this function -+ * already replaced the original system defaultroute with some other -+ * route and it should just replace the current defaultroute with -+ * another one, without saving the current route. Use: demand mode, -+ * when pppd sets first a defaultroute it it's temporary ppp0 addresses -+ * and then changes the temporary addresses to the addresses for the real -+ * ppp connection when it has come up. -+ */ -+ -+int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace) -+{ -+ struct rtentry rt, tmp_rt; -+ struct rtentry *del_rt = NULL; -+ -+ if (default_rt_repl_rest) { -+ /* We have already reclaced the original defaultroute, if we -+ * are called again, we will delete the current default route -+ * and set the new default route in this function. -+ * - this is normally only the case the doing demand: */ -+ if (defaultroute_exists( &tmp_rt, dfl_route_metric )) -+ del_rt = &tmp_rt; -+ } else if ( defaultroute_exists( &old_def_rt, dfl_route_metric ) && -+ strcmp( old_def_rt.rt_dev, ifname ) != 0) { -+ /* We did not yet replace an existing default route, let's -+ * check if we should save and replace a default route: -+ */ -+ u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway); -+ -+ if (old_gateway != gateway) { -+ if (!replace) { -+ error("not replacing default route to %s [%I] with metric %d", -+ old_def_rt.rt_dev, old_gateway, dfl_route_metric); -+ return 0; -+ } else { -+ // we need to copy rt_dev because we need it permanent too: -+ char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1); -+ strcpy(tmp_dev, old_def_rt.rt_dev); -+ old_def_rt.rt_dev = tmp_dev; -+ -+ notice("replacing old default route to %s [%I] with metric $d", -+ old_def_rt.rt_dev, old_gateway, dfl_route_metric); -+ default_rt_repl_rest = 1; -+ del_rt = &old_def_rt; -+ } -+ } - } - - memset (&rt, 0, sizeof (rt)); -@@ -1675,6 +1712,12 @@ int sifdefaultroute (int unit, u_int32_t - error("default route ioctl(SIOCADDRT): %m"); - return 0; - } -+ if (default_rt_repl_rest && del_rt) -+ if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) { -+ if ( ! ok_error ( errno )) -+ error("del old default route ioctl(SIOCDELRT): %m(%d)", errno); -+ return 0; -+ } - - have_default_route = 1; - return 1; -@@ -1713,6 +1756,16 @@ int cifdefaultroute (int unit, u_int32_t - return 0; - } - } -+ if (default_rt_repl_rest) { -+ notice("restoring old default route to %s [%I]", -+ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway)); -+ if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) { -+ if ( ! ok_error ( errno )) -+ error("restore default route ioctl(SIOCADDRT): %m(%d)", errno); -+ return 0; -+ } -+ default_rt_repl_rest = 0; -+ } - - return 1; - } diff --git a/ppp-filter.patch b/ppp-filter.patch deleted file mode 100644 index 3c32402..0000000 --- a/ppp-filter.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- pppd/demand.c.orig -+++ pppd/demand.c -@@ -45,6 +45,7 @@ - #include - #ifdef PPP_FILTER - #include -+#include - #endif - - #include "pppd.h" -@@ -340,6 +341,7 @@ active_packet(p, len) - return 0; - proto = PPP_PROTOCOL(p); - #ifdef PPP_FILTER -+ *p = 1; /* set outbound for the filter rule */ - p[0] = 1; /* outbound packet indicator */ - if ((pass_filter.bf_len != 0 - && bpf_filter(pass_filter.bf_insns, p, len, len) == 0) -@@ -349,6 +351,7 @@ active_packet(p, len) - return 0; - } - p[0] = 0xff; -+ *p = 0xff; /* restore original ppp header */ - #endif - for (i = 0; (protp = protocols[i]) != NULL; ++i) { - if (protp->protocol < 0xC000 && (protp->protocol & ~0x8000) == proto) { ---- pppd/options.c.orig -+++ pppd/options.c -@@ -1505,6 +1505,10 @@ setpassfilter(argv) - int ret = 1; - - pc = pcap_open_dead(DLT_PPP_PPPD, 65535); -+ if (!pc) { -+ option_error("error in pass-filter expression: pcap_open_dead failed\n"); -+ return 0; -+ } - if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) { - option_error("error in pass-filter expression: %s\n", - pcap_geterr(pc)); -@@ -1526,6 +1530,11 @@ setactivefilter(argv) - int ret = 1; - - pc = pcap_open_dead(DLT_PPP_PPPD, 65535); -+ if (!pc) { -+ option_error("error in active-filter expression: pcap_open_dead failed\n"); -+ return 0; -+ } -+ - if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) { - option_error("error in active-filter expression: %s\n", - pcap_geterr(pc)); diff --git a/ppp-higher-speeds.patch b/ppp-higher-speeds.patch deleted file mode 100644 index cc7121a..0000000 --- a/ppp-higher-speeds.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- pppd/sys-linux.c.orig -+++ pppd/sys-linux.c -@@ -904,6 +904,24 @@ struct speed { - #ifdef B4000000 - { 4000000, B4000000 }, - #endif -+#ifdef B1500000 -+ { 1500000, B1500000 }, -+#endif -+#ifdef B2000000 -+ { 2000000, B2000000 }, -+#endif -+#ifdef B2500000 -+ { 2500000, B2500000 }, -+#endif -+#ifdef B3000000 -+ { 3000000, B3000000 }, -+#endif -+#ifdef B3500000 -+ { 3500000, B3500000 }, -+#endif -+#ifdef B4000000 -+ { 4000000, B4000000 }, -+#endif - { 0, 0 } - }; - diff --git a/ppp-lib64.patch b/ppp-lib64.patch index c02978f..66a29a7 100644 --- a/ppp-lib64.patch +++ b/ppp-lib64.patch @@ -1,30 +1,19 @@ ---- PLUGINS.orig -+++ PLUGINS -@@ -14,7 +14,7 @@ plugin support only under Linux and Sola - Plugins are loaded into pppd using the `plugin' option, which takes - one argument, the name of a shared object file. The plugin option is - a privileged option. If the name given does not contain a slash, pppd --will look in the /usr/lib/pppd/ directory for the file, where -+will look in the /usr/lib64/pppd/ directory for the file, where - is the version number of pppd, for example, 2.4.2. I - suggest that you either give the full path name of the shared object - file or just the base name; if you don't, it may be possible for ---- README.orig -+++ README -@@ -261,8 +261,8 @@ What was new in ppp-2.4.1. - per-tty options file are parsed correctly, and don't override values - from the command line in most cases. - --* The plugin option now looks in /usr/lib/pppd/ (for -- example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if -+* The plugin option now looks in /usr/lib64/pppd/ (for -+ example, /usr/lib64/pppd/2.4.1b1) for shared objects for plugins if - there is no slash in the plugin name. - - * When loading a plugin, pppd will now check the version of pppd for ---- pppd/pathnames.h.orig -+++ pppd/pathnames.h -@@ -57,9 +57,9 @@ +diff -Nur ppp-2.4.9/pppd/Makefile.linux new/pppd/Makefile.linux +--- ppp-2.4.9/pppd/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/Makefile.linux 2022-05-23 17:42:04.835599374 +0200 +@@ -112,7 +112,7 @@ + # EAP SRP-SHA1 + ifdef USE_SRP + CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include +-LIBS += -lsrp -L/usr/local/ssl/lib ++LIBS += -lsrp -L/usr/local/ssl/lib6464 + NEEDCRYPTOLIB = y + TARGETS += srp-entry + EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry +diff -Nur ppp-2.4.9/pppd/pathnames.h new/pppd/pathnames.h +--- ppp-2.4.9/pppd/pathnames.h 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/pathnames.h 2022-05-23 17:42:04.835599374 +0200 +@@ -62,9 +62,9 @@ #ifdef PLUGIN #ifdef __STDC__ @@ -36,21 +25,23 @@ #endif /* __STDC__ */ #endif /* PLUGIN */ ---- pppd/plugins/Makefile.linux.orig -+++ pppd/plugins/Makefile.linux -@@ -7,7 +7,7 @@ INSTALL = install +diff -Nur ppp-2.4.9/pppd/plugins/Makefile.linux new/pppd/plugins/Makefile.linux +--- ppp-2.4.9/pppd/plugins/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/plugins/Makefile.linux 2022-05-23 17:42:04.835599374 +0200 +@@ -5,7 +5,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ BINDIR = $(DESTDIR)/sbin MANDIR = $(DESTDIR)/share/man/man8 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) +LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION) - SUBDIRS := rp-pppoe pppoatm pppol2tp - # Uncomment the next line to include the radius authentication plugin ---- pppd/plugins/pppoatm/Makefile.linux.orig -+++ pppd/plugins/pppoatm/Makefile.linux -@@ -7,7 +7,7 @@ INSTALL = install - #*********************************************************************** + CFLAGS = $(COPTS) -I.. -I../../include -fPIC + LDFLAGS_SHARED = -shared +diff -Nur ppp-2.4.9/pppd/plugins/pppoatm/Makefile.linux new/pppd/plugins/pppoatm/Makefile.linux +--- ppp-2.4.9/pppd/plugins/pppoatm/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/plugins/pppoatm/Makefile.linux 2022-05-23 17:42:04.835599374 +0200 +@@ -4,7 +4,7 @@ + COPTS=@CFLAGS@ DESTDIR = $(INSTROOT)@DESTDIR@ -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) @@ -58,31 +49,10 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) ---- pppd/plugins/pppol2tp/Makefile.linux.orig -+++ pppd/plugins/pppol2tp/Makefile.linux -@@ -7,7 +7,7 @@ INSTALL = install - #*********************************************************************** - - DESTDIR = @DESTDIR@ --LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) -+LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION) - - VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - ---- pppd/plugins/radius/Makefile.linux.orig -+++ pppd/plugins/radius/Makefile.linux -@@ -5,7 +5,7 @@ - - DESTDIR = $(INSTROOT)@DESTDIR@ - MANDIR = $(DESTDIR)/share/man/man8 --LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) -+LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION) - - VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - ---- pppd/plugins/rp-pppoe/Makefile.linux.orig -+++ pppd/plugins/rp-pppoe/Makefile.linux -@@ -16,7 +16,7 @@ +diff -Nur ppp-2.4.9/pppd/plugins/pppoe/Makefile.linux new/pppd/plugins/pppoe/Makefile.linux +--- ppp-2.4.9/pppd/plugins/pppoe/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/plugins/pppoe/Makefile.linux 2022-05-23 17:42:04.835599374 +0200 +@@ -18,7 +18,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ BINDIR = $(DESTDIR)/sbin @@ -91,9 +61,34 @@ PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) ---- pppd/pppd.8.orig -+++ pppd/pppd.8 -@@ -946,7 +946,7 @@ persistent connections. +diff -Nur ppp-2.4.9/pppd/plugins/pppol2tp/Makefile.linux new/pppd/plugins/pppol2tp/Makefile.linux +--- ppp-2.4.9/pppd/plugins/pppol2tp/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/plugins/pppol2tp/Makefile.linux 2022-05-23 17:42:04.835599374 +0200 +@@ -4,7 +4,7 @@ + COPTS=@CFLAGS@ + + DESTDIR = $(INSTROOT)/@DESTDIR@ +-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) ++LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION) + + VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + +diff -Nur ppp-2.4.9/pppd/plugins/radius/Makefile.linux new/pppd/plugins/radius/Makefile.linux +--- ppp-2.4.9/pppd/plugins/radius/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/plugins/radius/Makefile.linux 2022-05-23 17:42:04.835599374 +0200 +@@ -9,7 +9,7 @@ + + DESTDIR = $(INSTROOT)@DESTDIR@ + MANDIR = $(DESTDIR)/share/man/man8 +-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) ++LIBDIR = $(DESTDIR)/lib64/pppd/$(VERSION) + + VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) + +diff -Nur ppp-2.4.9/pppd/pppd.8 new/pppd/pppd.8 +--- ppp-2.4.9/pppd/pppd.8 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/pppd.8 2022-05-23 17:42:04.835599374 +0200 +@@ -995,7 +995,7 @@ .B plugin \fIfilename Load the shared library object file \fIfilename\fR as a plugin. This is a privileged option. If \fIfilename\fR does not contain a slash diff --git a/ppp-make.patch b/ppp-make.patch deleted file mode 100644 index bdc6192..0000000 --- a/ppp-make.patch +++ /dev/null @@ -1,162 +0,0 @@ ---- chat/Makefile.linux.orig -+++ chat/Makefile.linux -@@ -11,7 +11,7 @@ CDEF4= -DFNDELAY=O_NDELAY # Old name va - CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) - - COPTS= -O2 -g -pipe --CFLAGS= $(COPTS) $(CDEFS) -+CFLAGS= $(MY_CFLAGS) $(COPTS) $(CDEFS) - - INSTALL= install - -@@ -25,8 +25,8 @@ chat.o: chat.c - - install: chat - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c chat $(BINDIR) -- $(INSTALL) -c -m 644 chat.8 $(MANDIR) -+ $(INSTALL) chat $(BINDIR) -+ $(INSTALL) -m 644 chat.8 $(MANDIR) - - clean: - rm -f chat.o chat *~ ---- pppd/Makefile.linux.orig -+++ pppd/Makefile.linux -@@ -32,8 +32,9 @@ endif - - # CC = gcc - # --COPTS = -O2 -pipe -Wall -g --LIBS = -+CC = gcc -+COPTS = $(MY_CFLAGS) -O2 -pipe -Wall -fno-strict-aliasing -+LIBS = -lutil - - # Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. -@@ -219,10 +220,8 @@ all: $(TARGETS) - install: pppd - mkdir -p $(BINDIR) $(MANDIR) - $(EXTRAINSTALL) -- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd -- if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ -- chmod o-rx,u+s $(BINDIR)/pppd; fi -- $(INSTALL) -c -m 444 pppd.8 $(MANDIR) -+ $(INSTALL) -m 755 pppd $(BINDIR)/pppd -+ $(INSTALL) -m 644 pppd.8 $(MANDIR) - - pppd: $(PPPDOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) ---- pppd/plugins/Makefile.linux.orig -+++ pppd/plugins/Makefile.linux -@@ -1,5 +1,5 @@ --#CC = gcc --COPTS = -O2 -g -+CC = gcc -+COPTS = $(MY_CFLAGS) -O2 -g -Wall - CFLAGS = $(COPTS) -I.. -I../../include -fPIC - LDFLAGS_SHARED = -shared - INSTALL = install ---- pppd/plugins/pppoatm/Makefile.linux.orig -+++ pppd/plugins/pppoatm/Makefile.linux -@@ -1,5 +1,5 @@ - #CC = gcc --COPTS = -O2 -g -+COPTS = $(MY_CFLAGS) -O2 -g - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC - LDFLAGS_SHARED = -shared - INSTALL = install ---- pppd/plugins/pppol2tp/Makefile.linux.orig -+++ pppd/plugins/pppol2tp/Makefile.linux -@@ -1,5 +1,5 @@ --#CC = gcc --COPTS = -O2 -g -+CC = gcc -+COPTS = $(MY_CFLAGS) -O2 -pipe -Wall - CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC - LDFLAGS_SHARED = -shared - INSTALL = install -@@ -20,7 +20,7 @@ all: $(PLUGINS) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -c -m 755 $(PLUGINS) $(LIBDIR) -+ $(INSTALL) -m 755 $(PLUGINS) $(LIBDIR) - - clean: - rm -f *.o *.so ---- pppd/plugins/radius/Makefile.linux.orig -+++ pppd/plugins/radius/Makefile.linux -@@ -12,7 +12,8 @@ VERSION = $(shell awk -F '"' '/VERSION/ - INSTALL = install - - PLUGIN=radius.so radattr.so radrealms.so --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -+COPTS = $(MY_CFLAGS) -O2 -fPIC -+CFLAGS= $(COPTS) -I. -I../.. -I../../../include -DRC_LOG_FACILITY=LOG_DAEMON -fno-strict-aliasing - - # Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. ---- pppd/plugins/rp-pppoe/Makefile.linux.orig -+++ pppd/plugins/rp-pppoe/Makefile.linux -@@ -25,7 +25,7 @@ INSTALL = install - # Version is set ONLY IN THE MAKEFILE! Don't delete this! - RP_VERSION=3.8p - --COPTS=-O2 -g -+COPTS= $(MY_CFLAGS) -O2 -pipe -Wall - CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' - all: rp-pppoe.so pppoe-discovery - -@@ -43,7 +43,7 @@ rp-pppoe.so: plugin.o discovery.o if.o c - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) -+ $(INSTALL) rp-pppoe.so $(LIBDIR) - $(INSTALL) -d -m 755 $(BINDIR) - $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) - ---- pppdump/Makefile.linux.orig -+++ pppdump/Makefile.linux -@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin - MANDIR = $(DESTDIR)/share/man/man8 - --CFLAGS= -O -I../include/net -+CFLAGS = $(MY_CFLAGS) -pipe -Wall -O -I../include/net - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o - - INSTALL= install -@@ -17,5 +17,5 @@ clean: - - install: - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c pppdump $(BINDIR) -- $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) -+ $(INSTALL) pppdump $(BINDIR) -+ $(INSTALL) -m 444 pppdump.8 $(MANDIR) ---- pppstats/Makefile.linux.orig -+++ pppstats/Makefile.linux -@@ -9,8 +9,8 @@ MANDIR = $(DESTDIR)/share/man/man8 - PPPSTATSRCS = pppstats.c - PPPSTATOBJS = pppstats.o - --#CC = gcc --COPTS = -O -+CC = gcc -+COPTS = $(MY_CFLAGS) -O2 -pipe -Wall - COMPILE_FLAGS = -I../include - LIBS = - -@@ -22,8 +22,8 @@ all: pppstats - - install: pppstats - -mkdir -p $(MANDIR) -- $(INSTALL) -s -c pppstats $(BINDIR) -- $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) -+ $(INSTALL) pppstats $(BINDIR) -+ $(INSTALL) -m 444 pppstats.8 $(MANDIR) - - pppstats: $(PPPSTATSRCS) - $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS) diff --git a/ppp-pie.patch b/ppp-pie.patch index cbea0a8..09f9877 100644 --- a/ppp-pie.patch +++ b/ppp-pie.patch @@ -1,17 +1,7 @@ ---- pppd/Makefile.linux.orig -+++ pppd/Makefile.linux -@@ -224,7 +224,7 @@ install: pppd - $(INSTALL) -m 644 pppd.8 $(MANDIR) - - pppd: $(PPPDOBJS) -- $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) -+ $(CC) $(CFLAGS) -pie -fPIC $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) - - srp-entry: srp-entry.c - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS) ---- chat/Makefile.linux.orig -+++ chat/Makefile.linux -@@ -18,7 +18,7 @@ INSTALL= install +diff -Nur ppp-2.4.9/chat/Makefile.linux new/chat/Makefile.linux +--- ppp-2.4.9/chat/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/chat/Makefile.linux 2022-05-23 17:29:53.108022140 +0200 +@@ -19,7 +19,7 @@ all: chat chat: chat.o @@ -20,10 +10,23 @@ chat.o: chat.c $(CC) -c $(CFLAGS) -o chat.o chat.c ---- pppstats/Makefile.linux.orig -+++ pppstats/Makefile.linux -@@ -26,7 +26,7 @@ install: pppstats - $(INSTALL) -m 444 pppstats.8 $(MANDIR) +diff -Nur ppp-2.4.9/pppd/Makefile.linux new/pppd/Makefile.linux +--- ppp-2.4.9/pppd/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/Makefile.linux 2022-05-23 17:29:53.108022140 +0200 +@@ -245,7 +245,7 @@ + $(INSTALL) -c -m 444 pppd.8 $(MANDIR) + + pppd: $(PPPDOBJS) +- $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) ++ $(CC) $(CFLAGS) -pie -fPIC $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) + + srp-entry: srp-entry.c + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS) +diff -Nur ppp-2.4.9/pppstats/Makefile.linux new/pppstats/Makefile.linux +--- ppp-2.4.9/pppstats/Makefile.linux 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppstats/Makefile.linux 2022-05-23 17:29:53.108022140 +0200 +@@ -27,7 +27,7 @@ + $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) pppstats: $(PPPSTATSRCS) - $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS) diff --git a/ppp-var_run_resolv_conf.patch b/ppp-var_run_resolv_conf.patch index 7e7db8a..45581e6 100644 --- a/ppp-var_run_resolv_conf.patch +++ b/ppp-var_run_resolv_conf.patch @@ -1,6 +1,12 @@ ---- Changes-2.3.orig -+++ Changes-2.3 -@@ -262,10 +262,10 @@ What was new in ppp-2.3.6. +Tue Jul 22 14:16:29 CEST 2008 - hvogel@suse.de + +Move the resolv.conf written by pppd to /var/run [bnc#401648] + + +diff -Nur ppp-2.4.9/Changes-2.3 new/Changes-2.3 +--- ppp-2.4.9/Changes-2.3 2021-01-05 00:06:37.000000000 +0100 ++++ new/Changes-2.3 2022-05-23 18:30:08.827773633 +0200 +@@ -262,10 +262,10 @@ * Added new option `usepeerdns', thanks to Nick Walker . If the peer supplies DNS addresses, these @@ -15,10 +21,11 @@ * The Solaris ppp driver should now work correctly on SMP systems. ---- pppd/ipcp.c.orig -+++ pppd/ipcp.c -@@ -2148,10 +2148,13 @@ create_resolv(peerdns1, peerdns2) - u_int32_t peerdns1, peerdns2; +diff -Nur ppp-2.4.9/pppd/ipcp.c new/pppd/ipcp.c +--- ppp-2.4.9/pppd/ipcp.c 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/ipcp.c 2022-05-23 18:30:08.827773633 +0200 +@@ -2090,10 +2090,13 @@ + create_resolv(u_int32_t peerdns1, u_int32_t peerdns2) { FILE *f; + char rcfilename[MAXIFNAMELEN]; @@ -33,7 +40,7 @@ return; } -@@ -2162,7 +2165,7 @@ create_resolv(peerdns1, peerdns2) +@@ -2104,7 +2107,7 @@ fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2)); if (ferror(f)) @@ -42,9 +49,10 @@ fclose(f); } ---- pppd/pathnames.h.orig -+++ pppd/pathnames.h -@@ -30,7 +30,7 @@ +diff -Nur ppp-2.4.9/pppd/pathnames.h new/pppd/pathnames.h +--- ppp-2.4.9/pppd/pathnames.h 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/pathnames.h 2022-05-23 18:30:08.827773633 +0200 +@@ -35,7 +35,7 @@ #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." #define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" @@ -53,9 +61,10 @@ #define _PATH_USEROPT ".ppprc" #define _PATH_PSEUDONYM ".ppp_pseudonym" ---- pppd/pppd.8.orig -+++ pppd/pppd.8 -@@ -1143,8 +1143,8 @@ Ask the peer for up to 2 DNS server addr +diff -Nur ppp-2.4.9/pppd/pppd.8 new/pppd/pppd.8 +--- ppp-2.4.9/pppd/pppd.8 2021-01-05 00:06:37.000000000 +0100 ++++ new/pppd/pppd.8 2022-05-23 18:30:08.827773633 +0200 +@@ -1196,8 +1196,8 @@ by the peer (if any) are passed to the /etc/ppp/ip\-up script in the environment variables DNS1 and DNS2, and the environment variable USEPEERDNS will be set to 1. In addition, pppd will create an diff --git a/ppp.changes b/ppp.changes index 5bbb282..a5110e3 100644 --- a/ppp.changes +++ b/ppp.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Mon May 23 14:07:58 UTC 2022 - Ferdinand Thiessen + +- Update to version 2.4.9 + * Support for new EAP (Extensible Authentication Protocol) methods + * Support for EAP-TLS + * Support for EAP-MSCHAPv2 + * New pppd options: + * chap-timeout + * chapms-strip-domain + * replacedefaultroute + * noreplacedefaultroute + * ipv6cp-accept-remote + * lcp-echo-adaptive + * ip-up-script + * ip-down-script + * ca + * capath + * cert + * key + * crl-dir + * crl + * max-tls-version + * need-peer-eap + * Fixes for CVE-2020-8597 and CVE-2015-3310. + * The rp-pppoe plugin has been renamed to pppoe, to distinguish it + from the upstream rp-pppoe code. Its options have changed names, + but the old names are kept as aliases. + * Many bug fixes and cleanups. +- Drop upstream fixed patches + * ppp-2.4.3-winbind-setuidfix.patch + * fix-header-conflict.patch + * ppp-CVE-2015-3310.patch + * ppp-CVE-2020-8597.patch + * ppp-cifdefroute.patch + * ppp-higher-speeds.patch + * ppp-2.4.3-strip.diff + * ppp-filter.patch + * ppp-__P.patch +- Drop upstream resolved ppp-make.patch use `--cflags` configure + switch instead + ------------------------------------------------------------------- Thu Mar 10 13:59:07 UTC 2022 - Илья Индиго diff --git a/ppp.spec b/ppp.spec index 2796a4c..81c478b 100644 --- a/ppp.spec +++ b/ppp.spec @@ -1,7 +1,7 @@ # # spec file for package ppp # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,18 +18,19 @@ %define _group dialout Name: ppp -Version: 2.4.8 +Version: 2.4.9 Release: 0 Summary: The Point to Point Protocol for Linux License: BSD-3-Clause AND LGPL-2.1-or-later AND GPL-2.0-or-later Group: Productivity/Networking/PPP URL: https://ppp.samba.org -Source0: https://download.samba.org/pub/%{name}/%{name}-%{version}.tar.gz -# config for pam -Source1: ppp.pamd +Source0: https://download.samba.org/pub/ppp/ppp-%{version}.tar.gz +Source1: https://download.samba.org/pub/ppp/ppp-%{version}.tar.gz.asc # templates for secrets Source2: pap-secrets.template Source3: chap-secrets.template +# config for pam +Source4: ppp.pamd # options and filters files Source5: options Source6: filters @@ -47,32 +48,22 @@ Source15: modem@.service Source16: modem.rules # https://www.kernel.org/doc/wot/paulus.html Source17: %{name}.keyring -Source18: https://download.samba.org/pub/%{name}/%{name}-%{version}.tar.gz.asc -# Makefile changes -Patch0: ppp-make.patch -# replacedefaultroute option -Patch2: ppp-cifdefroute.patch +# PATCH-FEATURE-OPENSUSE ppp-smpppd.patch -- Add more log output for smpppd (move from debug to info log) +Patch0: ppp-smpppd.patch +# PATCH-FIX-OPENSUSE ppp-pie.patch -- Build position independent code +Patch1: ppp-pie.patch +# PATCH-FIX-OPENSUSE ppp-lib64.patch -- Install into lib64 on 64bit systems +Patch2: ppp-lib64.patch +# PATCH-FIX-UPSTREAM ppp-var_run_resolv_conf.patch -- Move resolv.conf to /var/run +Patch3: ppp-var_run_resolv_conf.patch +# PATCH-FIX-UPSTREAM ppp-fix-bashisms.patch -- Remove bashism from posix shell interpreted script https://github.com/ppp-project/ppp/issues/348 +Patch4: ppp-fix-bashisms.patch +# PATCH-FIX-UPSTREAM ppp-fork-fix.patch -- fix safe_fork to not close needed file descriptors +Patch5: ppp-fork-fix.patch # misc tiny stuff -Patch3: ppp-misc.patch -# more log output for smpppd -Patch4: ppp-smpppd.patch -# allow higher serial speeds -Patch5: ppp-higher-speeds.patch -# fixed use of libpcap including dial on demand -Patch6: ppp-filter.patch -# Don't use __P from glibc (pppd uses it wrong) -Patch9: ppp-__P.patch -Patch11: ppp-fix-bashisms.patch -Patch12: ppp-pie.patch -Patch14: ppp-fork-fix.patch -Patch17: ppp-2.4.3-strip.diff -Patch18: ppp-2.4.3-winbind-setuidfix.patch -Patch21: ppp-lib64.patch -Patch22: ppp-var_run_resolv_conf.patch -# PATCH-FIX-UPSTREAM -- Patch for CVE-2015-3310 -Patch24: ppp-CVE-2015-3310.patch -Patch25: fix-header-conflict.patch -Patch27: ppp-CVE-2020-8597.patch +Patch6: ppp-misc.patch +# Of cause any other compatible libc would work, like musl, but 2.24 required for SOL_NETLINK +BuildRequires: glibc-devel >= 2.24 BuildRequires: libpcap-devel BuildRequires: linux-atm-devel BuildRequires: openssl-devel @@ -100,9 +91,9 @@ plugins for the pppd. %package modem Summary: Automatic redial for any USB modem supported by the kernel Group: System/Kernel -Requires: group(dialout) Requires: ppp Requires: udev +Requires: group(dialout) BuildArch: noarch %description modem @@ -118,24 +109,16 @@ you can disable unnecessary or disable everything. %prep %setup -q %patch0 -%patch2 -%patch3 -%patch4 +%patch1 -p1 +%patch3 -p1 +%patch4 -p1 %patch5 %patch6 -%patch9 -%patch11 -p1 -%patch12 -%patch14 -%patch17 -%patch18 + %if "%{_lib}" == "lib64" -%patch21 +%patch2 -p1 %endif -%patch22 -%patch24 -%patch25 -p1 -%patch27 + sed -i -e '1s/local\///' scripts/secure-card find scripts -type f | xargs chmod a-x find -type f -name '*.orig' | xargs rm -f @@ -145,8 +128,7 @@ find -type f -name '*.orig' | xargs rm -f sed -i '/#HAVE_LIBATM/s/#//' pppd/plugins/pppoatm/Makefile.linux %build -export MY_CFLAGS="%{optflags} -fno-strict-aliasing -fPIC $SP" -%configure +%configure --cflags "%{optflags} -fno-strict-aliasing -fPIC $SP" %make_build CHAPMS=y CBCP=y HAS_SHADOW=y USE_PAM=y FILTER=y HAVE_INET6=y HAVE_LOGWTMP=y %install @@ -166,7 +148,7 @@ install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/ppp/peers/pppoatm install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/ppp/peers/ppp install -m 644 %{SOURCE12} %{buildroot}%{_sysconfdir}/ppp/peers/pptp install -d 755 %{buildroot}%{_sysconfdir}/pam.d -install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ppp +install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/ppp install -m 644 %{SOURCE13} %{buildroot}%{_mandir}/man8/pppoe-discovery.8.gz install -Dm 644 %{SOURCE14} %{buildroot}%{_sysconfdir}/ppp/chatscripts/modem.chat install -Dm 644 %{SOURCE15} %{buildroot}%{_unitdir}/modem@.service