From 171029fcc85e2f10def95a2e8786040579dcdbfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= Date: Mon, 17 Apr 2023 18:20:11 +0200 Subject: [PATCH] New version Resolves: rhbz#2184291 --- .gitignore | 6 +- 0004-doc-add-configuration-samples.patch | 341 ------- ...itps-use-change_resolv_conf-function.patch | 85 -- ...-t-put-connect-errors-log-to-etc-ppp.patch | 77 -- ...se-SOCK_CLOEXEC-when-creating-socket.patch | 149 --- ...pd-move-pppd-database-to-var-run-ppp.patch | 44 - ...ppoe-add-manpage-for-pppoe-discovery.patch | 115 --- 0018-scritps-fix-ip-up.local-sample.patch | 27 - ...l-rp-pppoe-plugin-files-with-standar.patch | 20 - ...l-pppoatm-plugin-files-with-standard.patch | 26 - ...pppd-binary-using-standard-perms-755.patch | 29 - ...-don-t-want-to-accidentally-leak-fds.patch | 143 --- ...hardcode-LIBDIR-but-set-it-according.patch | 99 -- ppp-2.4.9-config.patch | 21 - ppp-2.4.9-configure-cflags-allow-commas.patch | 17 - ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch | 241 ----- ...MPPE-keys-generated-through-an-API-2.patch | 898 ------------------ ...-error-in-comparing-valid-encryption.patch | 37 - ...-causing-incorrect-response-length-3.patch | 32 - ppp-2.5.0-use-change-resolv-function.patch | 51 + ppp.spec | 58 +- sources | 2 +- 22 files changed, 82 insertions(+), 2436 deletions(-) delete mode 100644 0004-doc-add-configuration-samples.patch delete mode 100644 0006-scritps-use-change_resolv_conf-function.patch delete mode 100644 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch delete mode 100644 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch delete mode 100644 0015-pppd-move-pppd-database-to-var-run-ppp.patch delete mode 100644 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch delete mode 100644 0018-scritps-fix-ip-up.local-sample.patch delete mode 100644 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch delete mode 100644 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch delete mode 100644 ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch delete mode 100644 ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch delete mode 100644 ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch delete mode 100644 ppp-2.4.9-config.patch delete mode 100644 ppp-2.4.9-configure-cflags-allow-commas.patch delete mode 100644 ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch delete mode 100644 ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch delete mode 100644 ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch delete mode 100644 ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch create mode 100644 ppp-2.5.0-use-change-resolv-function.patch diff --git a/.gitignore b/.gitignore index 3a9dd7f..4a4eaa3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,2 @@ -ppp-2.4.5.tar.gz -/ppp-2.4.6.tar.gz +/ppp-*.tar.gz /ppp-watch.tar.xz -/ppp-2.4.7.tar.gz -/ppp-2.4.8.tar.gz -/ppp-2.4.9.tar.gz diff --git a/0004-doc-add-configuration-samples.patch b/0004-doc-add-configuration-samples.patch deleted file mode 100644 index 0cea037..0000000 --- a/0004-doc-add-configuration-samples.patch +++ /dev/null @@ -1,341 +0,0 @@ -From d7faeb88f684c8b2ae193b2c5b5b358ac757fcfa Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Fri, 4 Apr 2014 11:39:09 +0200 -Subject: [PATCH 04/27] doc: add configuration samples - ---- - sample/auth-down | 17 ++++++ - sample/auth-up | 17 ++++++ - sample/ip-down | 22 ++++++++ - sample/ip-up | 23 ++++++++ - sample/options | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++ - sample/options.ttyXX | 14 +++++ - sample/pap-secrets | 28 ++++++++++ - 7 files changed, 274 insertions(+) - create mode 100644 sample/auth-down - create mode 100644 sample/auth-up - create mode 100644 sample/ip-down - create mode 100644 sample/ip-up - create mode 100644 sample/options - create mode 100644 sample/options.ttyXX - create mode 100644 sample/pap-secrets - -diff --git a/sample/auth-down b/sample/auth-down -new file mode 100644 -index 0000000..edde65d ---- /dev/null -+++ b/sample/auth-down -@@ -0,0 +1,17 @@ -+#!/bin/sh -+# -+# A program or script which is executed after the remote system -+# successfully authenticates itself. It is executed with the parameters -+# -+# -+ -+# -+# The environment is cleared before executing this script -+# so the path must be reset -+# -+PATH=/usr/sbin:/sbin:/usr/bin:/bin -+export PATH -+ -+echo auth-down `date +'%y/%m/%d %T'` $* >> /var/log/pppstats -+ -+# last line -diff --git a/sample/auth-up b/sample/auth-up -new file mode 100644 -index 0000000..54722a3 ---- /dev/null -+++ b/sample/auth-up -@@ -0,0 +1,17 @@ -+#!/bin/sh -+# -+# A program or script which is executed after the remote system -+# successfully authenticates itself. It is executed with the parameters -+# -+# -+ -+# -+# The environment is cleared before executing this script -+# so the path must be reset -+# -+PATH=/usr/sbin:/sbin:/usr/bin:/bin -+export PATH -+ -+echo auth-up `date +'%y/%m/%d %T'` $* >> /var/log/pppstats -+ -+# last line -diff --git a/sample/ip-down b/sample/ip-down -new file mode 100644 -index 0000000..b771fb6 ---- /dev/null -+++ b/sample/ip-down -@@ -0,0 +1,22 @@ -+#!/bin/sh -+# -+# This script is run by the pppd _after_ the link is brought down. -+# It should be used to delete routes, unset IP addresses etc. -+# -+# This script is called with the following arguments: -+# Arg Name Example -+# $1 Interface name ppp0 -+# $2 The tty ttyS1 -+# $3 The link speed 38400 -+# $4 Local IP number 12.34.56.78 -+# $5 Peer IP number 12.34.56.99 -+# -+ -+# -+# The environment is cleared before executing this script -+# so the path must be reset -+# -+PATH=/usr/sbin:/sbin:/usr/bin:/bin -+export PATH -+ -+# last line -diff --git a/sample/ip-up b/sample/ip-up -new file mode 100644 -index 0000000..7ce7c8d ---- /dev/null -+++ b/sample/ip-up -@@ -0,0 +1,23 @@ -+#!/bin/sh -+# -+# This script is run by the pppd after the link is established. -+# It should be used to add routes, set IP address, run the mailq -+# etc. -+# -+# This script is called with the following arguments: -+# Arg Name Example -+# $1 Interface name ppp0 -+# $2 The tty ttyS1 -+# $3 The link speed 38400 -+# $4 Local IP number 12.34.56.78 -+# $5 Peer IP number 12.34.56.99 -+# -+ -+# -+# The environment is cleared before executing this script -+# so the path must be reset -+# -+PATH=/usr/sbin:/sbin:/usr/bin:/bin -+export PATH -+ -+# last line -diff --git a/sample/options b/sample/options -new file mode 100644 -index 0000000..8d0a3f9 ---- /dev/null -+++ b/sample/options -@@ -0,0 +1,153 @@ -+# /etc/ppp/options -+ -+# The name of this server. Often, the FQDN is used here. -+#name -+ -+# Enforce the use of the hostname as the name of the local system for -+# authentication purposes (overrides the name option). -+usehostname -+ -+# If no local IP address is given, pppd will use the first IP address -+# that belongs to the local hostname. If "noipdefault" is given, this -+# is disabled and the peer will have to supply an IP address. -+noipdefault -+ -+# With this option, pppd will accept the peer's idea of our local IP -+# address, even if the local IP address was specified in an option. -+#ipcp-accept-local -+ -+# With this option, pppd will accept the peer's idea of its (remote) IP -+# address, even if the remote IP address was specified in an option. -+#ipcp-accept-remote -+ -+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use -+# Two Servers can be remotely configured -+#ms-dns 192.168.1.1 -+#ms-dns 192.168.1.2 -+ -+# Specify which WINS Servers the incoming connection Win95 or WinNT should use -+#wins-addr 192.168.1.50 -+#wins-addr 192.168.1.51 -+ -+# enable this on a server that already has a permanent default route -+#nodefaultroute -+ -+# Run the executable or shell command specified after pppd has terminated -+# the link. This script could, for example, issue commands to the modem -+# to cause it to hang up if hardware modem control signals were not -+# available. -+# If mgetty is running, it will reset the modem anyway. So there is no need -+# to do it here. -+#disconnect "chat -- \d+++\d\c OK ath0 OK" -+ -+# Increase debugging level (same as -d). The debug output is written -+# to syslog LOG_LOCAL2. -+debug -+ -+# Enable debugging code in the kernel-level PPP driver. The argument n -+# is a number which is the sum of the following values: 1 to enable -+# general debug messages, 2 to request that the contents of received -+# packets be printed, and 4 to request that the contents of transmitted -+# packets be printed. -+#kdebug n -+ -+# Require the peer to authenticate itself before allowing network -+# packets to be sent or received. -+# Please do not disable this setting. It is expected to be standard in -+# future releases of pppd. Use the call option (see manpage) to disable -+# authentication for specific peers. -+#auth -+ -+# authentication can either be pap or chap. As most people only want to -+# use pap, you can also disable chap: -+#require-pap -+#refuse-chap -+ -+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data -+# on the serial port. -+crtscts -+ -+# Specifies that pppd should use a UUCP-style lock on the serial device -+# to ensure exclusive access to the device. -+lock -+ -+# Use the modem control lines. -+modem -+ -+# async character map -- 32-bit hex; each bit is a character -+# that needs to be escaped for pppd to receive it. 0x00000001 -+# represents '\x01', and 0x80000000 represents '\x1f'. -+# To allow pppd to work over a rlogin/telnet connection, ou should escape -+# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".) -+#asyncmap 200a0000 -+asyncmap 0 -+ -+# Specifies that certain characters should be escaped on transmission -+# (regardless of whether the peer requests them to be escaped with its -+# async control character map). The characters to be escaped are -+# specified as a list of hex numbers separated by commas. Note that -+# almost any character can be specified for the escape option, unlike -+# the asyncmap option which only allows control characters to be -+# specified. The characters which may not be escaped are those with hex -+# values 0x20 - 0x3f or 0x5e. -+#escape 11,13,ff -+ -+# Set the MRU [Maximum Receive Unit] value to for negotiation. pppd -+# will ask the peer to send packets of no more than bytes. The -+# minimum MRU value is 128. The default MRU value is 1500. A value of -+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256 -+# bytes of data). -+#mru 542 -+ -+# Set the MTU [Maximum Transmit Unit] value to . Unless the peer -+# requests a smaller value via MRU negotiation, pppd will request that -+# the kernel networking code send data packets of no more than n bytes -+# through the PPP network interface. -+#mtu -+ -+# Set the interface netmask to , a 32 bit netmask in "decimal dot" -+# notation (e.g. 255.255.255.0). -+#netmask 255.255.255.0 -+ -+# Don't fork to become a background process (otherwise pppd will do so -+# if a serial device is specified). -+nodetach -+ -+# Set the assumed name of the remote system for authentication purposes -+# to . -+#remotename -+ -+# Add an entry to this system's ARP [Address Resolution Protocol] -+# table with the IP address of the peer and the Ethernet address of this -+# system. {proxyarp,noproxyarp} -+proxyarp -+ -+# Use the system password database for authenticating the peer using -+# PAP. Note: mgetty already provides this option. If this is specified -+# then dialin from users using a script under Linux to fire up ppp wont work. -+#login -+ -+# If this option is given, pppd will send an LCP echo-request frame to -+# the peer every n seconds. Under Linux, the echo-request is sent when -+# no packets have been received from the peer for n seconds. Normally -+# the peer should respond to the echo-request by sending an echo-reply. -+# This option can be used with the lcp-echo-failure option to detect -+# that the peer is no longer connected. -+lcp-echo-interval 30 -+ -+# If this option is given, pppd will presume the peer to be dead if n -+# LCP echo-requests are sent without receiving a valid LCP echo-reply. -+# If this happens, pppd will terminate the connection. Use of this -+# option requires a non-zero value for the lcp-echo-interval parameter. -+# This option can be used to enable pppd to terminate after the physical -+# connection has been broken (e.g., the modem has hung up) in -+# situations where no hardware modem control lines are available. -+lcp-echo-failure 4 -+ -+# Specifies that pppd should disconnect if the link is idle for n seconds. -+idle 600 -+ -+# Disable the IPXCP and IPX protocols. -+noipx -+ -+# ------ -diff --git a/sample/options.ttyXX b/sample/options.ttyXX -new file mode 100644 -index 0000000..d4202f5 ---- /dev/null -+++ b/sample/options.ttyXX -@@ -0,0 +1,14 @@ -+# If you need to set up multiple serial lines then copy this file to -+# options. for each tty with a modem on it. -+# -+# The options.tty file will assign an IP address to each PPP connection -+# as it comes up. They must all be distinct! -+# -+# Example: -+# options.ttyS1 for com2 under DOS. -+# -+# Edit the following line so that the first IP address -+# mentioned is the ip address of the serial port while the second -+# is the IP address of your host -+# -+hostname-s1:hostname -diff --git a/sample/pap-secrets b/sample/pap-secrets -new file mode 100644 -index 0000000..098971b ---- /dev/null -+++ b/sample/pap-secrets -@@ -0,0 +1,28 @@ -+# Secrets for authentication using PAP -+# client server secret IP addresses -+ -+# OUTBOUND CONNECTIONS -+# Here you should add your userid password to connect to your providers via -+# pap. The * means that the password is to be used for ANY host you connect -+# to. Thus you do not have to worry about the foreign machine name. Just -+# replace password with your password. -+# If you have different providers with different passwords then you better -+# remove the following line. -+#hostname * password -+ -+# INBOUND CONNECTIONS -+#client hostname 192.168.1.1 -+ -+# If you add "auth login -chap +pap" to /etc/mgetty+sendfax/login.config, -+# all users in /etc/passwd can use their password for pap-authentication. -+# -+# Every regular user can use PPP and has to use passwords from /etc/passwd -+#* hostname "" -+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any -+# other accounts that should not be able to use pppd! Replace hostname -+# with your local hostname. -+#guest hostname "*" - -+#master hostname "*" - -+#root hostname "*" - -+#support hostname "*" - -+#stats hostname "*" - --- -1.8.3.1 - diff --git a/0006-scritps-use-change_resolv_conf-function.patch b/0006-scritps-use-change_resolv_conf-function.patch deleted file mode 100644 index cbf8713..0000000 --- a/0006-scritps-use-change_resolv_conf-function.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 01419dfb684d501b57f1c24dcfdbcf9da93ccca2 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Fri, 4 Apr 2014 18:12:47 +0200 -Subject: [PATCH 06/27] scritps: use change_resolv_conf function - -Don't handle /etc/resolv.conf manually, but use a helper function from -initscripts. Also change path where we save DNS servers supplied by peer while -we are at it. - -Resolves: #132482 ---- - pppd/pppd.8 | 2 +- - scripts/ip-down.local.add | 9 +++++---- - scripts/ip-up.local.add | 17 ++++++++++------- - 3 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/pppd/pppd.8 b/pppd/pppd.8 -index e2768b1..2dd6e1a 100644 ---- a/pppd/pppd.8 -+++ b/pppd/pppd.8 -@@ -1099,7 +1099,7 @@ Ask the peer for up to 2 DNS server addresses. The addresses supplied - by the peer (if any) are passed to the /etc/ppp/ip\-up script in the - environment variables DNS1 and DNS2, and the environment variable - USEPEERDNS will be set to 1. In addition, pppd will create an --/etc/ppp/resolv.conf file containing one or two nameserver lines with -+/var/run/ppp/resolv.conf file containing one or two nameserver lines with - the address(es) supplied by the peer. - .TP - .B user \fIname -diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add -index b93590e..163f71e 100644 ---- a/scripts/ip-down.local.add -+++ b/scripts/ip-down.local.add -@@ -9,12 +9,13 @@ - # - # Nick Walker (nickwalker@email.com) - # -+. /etc/sysconfig/network-scripts/network-functions - --if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then -- if [ -f /etc/ppp/resolv.prev ]; then -- cp -f /etc/ppp/resolv.prev /etc/resolv.conf -+if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then -+ if [ -f /var/run/ppp/resolv.prev ]; then -+ change_resolv_conf /var/run/ppp/resolv.prev - else -- rm -f /etc/resolv.conf -+ change_resolv_conf - fi - fi - -diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add -index 8017209..26cf5f8 100644 ---- a/scripts/ip-up.local.add -+++ b/scripts/ip-up.local.add -@@ -9,16 +9,19 @@ - # - # Nick Walker (nickwalker@email.com) - # -+. /etc/sysconfig/network-scripts/network-functions - --if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then -- rm -f /etc/ppp/resolv.prev -+if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then -+ rm -f /var/run/ppp/resolv.prev - if [ -f /etc/resolv.conf ]; then -- cp /etc/resolv.conf /etc/ppp/resolv.prev -- grep domain /etc/ppp/resolv.prev > /etc/resolv.conf -- grep search /etc/ppp/resolv.prev >> /etc/resolv.conf -- cat /etc/ppp/resolv.conf >> /etc/resolv.conf -+ cp /etc/resolv.conf /var/run/ppp/resolv.prev -+ rscf=/var/run/ppp/resolv.new -+ grep domain /var/run/ppp/resolv.prev > $rscf -+ grep search /var/run/ppp/resolv.prev >> $rscf -+ change_resolv_conf $rscf -+ rm -f $rscf - else -- cp /etc/ppp/resolv.conf /etc -+ change_resolv_conf /var/run/ppp/resolv.conf - fi - fi - --- -1.8.3.1 - diff --git a/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch b/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch deleted file mode 100644 index 56ac388..0000000 --- a/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch +++ /dev/null @@ -1,77 +0,0 @@ -From b4ef433be936c90e356da7a590b032cdee219a3f Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Fri, 4 Apr 2014 19:06:05 +0200 -Subject: [PATCH 11/27] build-sys: don't put connect-errors log to /etc/ppp/ - -Resolves: #118837 ---- - chat/chat.8 | 2 +- - linux/Makefile.top | 8 +++++++- - pppd/pathnames.h | 4 ++-- - 3 files changed, 10 insertions(+), 4 deletions(-) - -diff --git a/chat/chat.8 b/chat/chat.8 -index 6d10836..78d6939 100644 ---- a/chat/chat.8 -+++ b/chat/chat.8 -@@ -200,7 +200,7 @@ The \fBSAY\fR directive allows the script to send strings to the user - at the terminal via standard error. If \fBchat\fR is being run by - pppd, and pppd is running as a daemon (detached from its controlling - terminal), standard error will normally be redirected to the file --/etc/ppp/connect\-errors. -+/var/log/ppp/connect\-errors. - .LP - \fBSAY\fR strings must be enclosed in single or double quotes. If - carriage return and line feed are needed in the string to be output, -diff --git a/linux/Makefile.top b/linux/Makefile.top -index f63d45e..f42efd5 100644 ---- a/linux/Makefile.top -+++ b/linux/Makefile.top -@@ -5,6 +5,8 @@ BINDIR = $(DESTDIR)/sbin - INCDIR = $(DESTDIR)/include - MANDIR = $(DESTDIR)/share/man - ETCDIR = $(INSTROOT)@SYSCONF@/ppp -+RUNDIR = $(DESTDIR)/var/run/ppp -+LOGDIR = $(DESTDIR)/var/log/ppp - - # uid 0 = root - INSTALL= install -@@ -16,7 +18,7 @@ all: - cd pppstats; $(MAKE) $(MFLAGS) all - cd pppdump; $(MAKE) $(MFLAGS) all - --install: $(BINDIR) $(MANDIR)/man8 install-progs install-devel -+install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel - - install-progs: - cd chat; $(MAKE) $(MFLAGS) install -@@ -44,6 +46,10 @@ $(MANDIR)/man8: - $(INSTALL) -d -m 755 $@ - $(ETCDIR): - $(INSTALL) -d -m 755 $@ -+$(RUNDIR): -+ $(INSTALL) -d -m 755 $@ -+$(LOGDIR): -+ $(INSTALL) -d -m 755 $@ - - clean: - rm -f `find . -name '*.[oas]' -print` -diff --git a/pppd/pathnames.h b/pppd/pathnames.h -index a427cb8..bef3160 100644 ---- a/pppd/pathnames.h -+++ b/pppd/pathnames.h -@@ -28,9 +28,9 @@ - #define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up" - #define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down" - #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." --#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" -+#define _PATH_CONNERRS _ROOT_PATH "/var/log/ppp/connect-errors" - #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" --#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" -+#define _PATH_RESOLV _ROOT_PATH "/var/run/ppp/resolv.conf" - - #define _PATH_USEROPT ".ppprc" - #define _PATH_PSEUDONYM ".ppp_pseudonym" --- -1.8.3.1 - diff --git a/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch deleted file mode 100644 index 1352370..0000000 --- a/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c -index d693350..c31bb34 100644 ---- a/pppd/plugins/pppoatm/pppoatm.c -+++ b/pppd/plugins/pppoatm/pppoatm.c -@@ -135,7 +135,7 @@ static int connect_pppoatm(void) - - if (!device_got_set) - no_device_given_pppoatm(); -- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); -+ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (fd < 0) - fatal("failed to create socket: %m"); - memset(&qos, 0, sizeof qos); -diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c -index 9643b96..1099575 100644 ---- a/pppd/plugins/pppol2tp/openl2tp.c -+++ b/pppd/plugins/pppol2tp/openl2tp.c -@@ -83,7 +83,7 @@ static int openl2tp_client_create(void) - int result; - - if (openl2tp_fd < 0) { -- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0); -+ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (openl2tp_fd < 0) { - error("openl2tp connection create: %m"); - return -ENOTCONN; -diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c -index a7e3400..e64a778 100644 ---- a/pppd/plugins/pppol2tp/pppol2tp.c -+++ b/pppd/plugins/pppol2tp/pppol2tp.c -@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu, - struct ifreq ifr; - int fd; - -- fd = socket(AF_INET, SOCK_DGRAM, 0); -+ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (fd >= 0) { - memset (&ifr, '\0', sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); -diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c -index 91e9a57..72aba41 100644 ---- a/pppd/plugins/pppoe/if.c -+++ b/pppd/plugins/pppoe/if.c -@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - stype = SOCK_PACKET; - #endif - -- if ((fd = socket(domain, stype, htons(type))) < 0) { -+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { - /* Give a more helpful message for the common error case */ - if (errno == EPERM) { - fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c -index a8c2bb4..24bdf8f 100644 ---- a/pppd/plugins/pppoe/plugin.c -+++ b/pppd/plugins/pppoe/plugin.c -@@ -137,7 +137,7 @@ PPPOEConnectDevice(void) - /* server equipment). */ - /* Opening this socket just before waitForPADS in the discovery() */ - /* function would be more appropriate, but it would mess-up the code */ -- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); -+ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE); - if (conn->sessionSocket < 0) { - error("Failed to create PPPoE socket: %m"); - return -1; -@@ -148,7 +148,7 @@ PPPOEConnectDevice(void) - lcp_wantoptions[0].mru = conn->mru; - - /* Update maximum MRU */ -- s = socket(AF_INET, SOCK_DGRAM, 0); -+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (s < 0) { - error("Can't get MTU for %s: %m", conn->ifName); - goto errout; -@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) - } - - /* Open a socket */ -- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { -+ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) { - r = 0; - } - -diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c -index 3d3bf4e..c0d927d 100644 ---- a/pppd/plugins/pppoe/pppoe-discovery.c -+++ b/pppd/plugins/pppoe/pppoe-discovery.c -@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) - stype = SOCK_PACKET; - #endif - -- if ((fd = socket(domain, stype, htons(type))) < 0) { -+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) { - /* Give a more helpful message for the common error case */ - if (errno == EPERM) { - fatal("Cannot create raw socket -- pppoe must be run as root."); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 00a2cf5..0690019 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits) - void sys_init(void) - { - /* Get an internet socket for doing socket ioctls. */ -- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); -+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock_fd < 0) - fatal("Couldn't create IP socket: %m(%d)", errno); - - #ifdef INET6 -- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); -+ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock6_fd < 0) - sock6_fd = -errno; /* save errno for later */ - #endif -@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name) - struct ifreq ifreq; - int ret, sock_fd; - -- sock_fd = socket(AF_INET, SOCK_DGRAM, 0); -+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (sock_fd < 0) - return -1; - memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); -@@ -2067,7 +2067,7 @@ int ppp_available(void) - /* - * Open a socket for doing the ioctl operations. - */ -- s = socket(AF_INET, SOCK_DGRAM, 0); -+ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); - if (s < 0) - return 0; - -diff --git a/pppd/tty.c b/pppd/tty.c -index bc96695..8e76a5d 100644 ---- a/pppd/tty.c -+++ b/pppd/tty.c -@@ -896,7 +896,7 @@ open_socket(dest) - *sep = ':'; - - /* get a socket and connect it to the other end */ -- sock = socket(PF_INET, SOCK_STREAM, 0); -+ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); - if (sock < 0) { - error("Can't create socket: %m"); - return -1; --- -1.8.3.1 - diff --git a/0015-pppd-move-pppd-database-to-var-run-ppp.patch b/0015-pppd-move-pppd-database-to-var-run-ppp.patch deleted file mode 100644 index 88b84d5..0000000 --- a/0015-pppd-move-pppd-database-to-var-run-ppp.patch +++ /dev/null @@ -1,44 +0,0 @@ -From f2c855462ff56be4121409c7e048cd2503fe0ccf Mon Sep 17 00:00:00 2001 -From: Jiri Skala -Date: Mon, 7 Apr 2014 14:26:20 +0200 -Subject: [PATCH 15/27] pppd: move pppd database to /var/run/ppp - -Resolves: #560014 ---- - pppd/pathnames.h | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/pppd/pathnames.h b/pppd/pathnames.h -index bef3160..24e010c 100644 ---- a/pppd/pathnames.h -+++ b/pppd/pathnames.h -@@ -6,8 +6,9 @@ - - #ifdef HAVE_PATHS_H - #include -- -+#define _PPP_SUBDIR "ppp/" - #else /* HAVE_PATHS_H */ -+#define _PPP_SUBDIR - #ifndef _PATH_VARRUN - #define _PATH_VARRUN "/etc/ppp/" - #endif -@@ -46,13 +47,9 @@ - #endif /* IPX_CHANGE */ - - #ifdef __STDC__ --#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd2.tdb" -+#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb" - #else /* __STDC__ */ --#ifdef HAVE_PATHS_H --#define _PATH_PPPDB "/var/run/pppd2.tdb" --#else --#define _PATH_PPPDB "/etc/ppp/pppd2.tdb" --#endif -+#define _PATH_PPPDB _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb" - #endif /* __STDC__ */ - - #ifdef PLUGIN --- -1.8.3.1 - diff --git a/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch b/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch deleted file mode 100644 index b7f7c91..0000000 --- a/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch +++ /dev/null @@ -1,115 +0,0 @@ -diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux -index 3cd9101..9918091 100644 ---- a/pppd/plugins/pppoe/Makefile.linux -+++ b/pppd/plugins/pppoe/Makefile.linux -@@ -16,6 +16,7 @@ - - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin -+MANDIR = $(DESTDIR)/share/man/man8 - LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION) - - PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) -@@ -46,6 +47,7 @@ install: all - $(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so - $(INSTALL) -d -m 755 $(BINDIR) - $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) -+ $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR) - - clean: - rm -f *.o *.so pppoe-discovery -diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8 -new file mode 100644 -index 0000000..d0a93db ---- /dev/null -+++ b/pppd/plugins/pppoe/pppoe-discovery.8 -@@ -0,0 +1,86 @@ -+.\" pppoe-discovery.8 written by -+.\" Ben Hutchings , based on pppoe.8. -+.\" Licenced under the GPL version 2 or later. -+.TH PPPOE-DISCOVERY 8 -+.SH NAME -+pppoe\-discovery \- perform PPPoE discovery -+.SH SYNOPSIS -+.B pppoe\-discovery -+[ -+.I options -+] -+.br -+.BR pppoe\-discovery " { " \-V " | " \-h " }" -+.SH DESCRIPTION -+.LP -+\fBpppoe\-discovery\fR performs the same discovery process as -+\fBpppoe\fR, but does not initiate a session. -+It sends a PADI packet and then prints the names of access -+concentrators in each PADO packet it receives. -+.SH OPTIONS -+.TP -+.BI \-I " interface" -+.RS -+The \fB\-I\fR option specifies the Ethernet interface to use. -+Under Linux, it is typically eth0 or eth1. -+The interface should be \(lqup\(rq before you start -+\fBpppoe\-discovery\fR, but should \fInot\fR be configured to have an -+IP address. -+The default interface is eth0. -+.RE -+.TP -+.BI \-D " file_name" -+.RS -+The \fB\-D\fR option causes every packet to be dumped to the specified -+\fIfile_name\fR. -+This is intended for debugging only. -+.RE -+.TP -+.B \-U -+.RS -+Causes \fBpppoe\-discovery\fR to use the Host-Uniq tag in its discovery -+packets. -+This lets you run multiple instances of \fBpppoe\-discovery\fR and/or -+\fBpppoe\fR without having their discovery packets interfere with one -+another. -+You must supply this option to \fIall\fR instances that you intend to -+run simultaneously. -+.RE -+.TP -+.BI \-S " service_name" -+.RS -+Specifies the desired service name. -+\fBpppoe\-discovery\fR will only accept access concentrators which can -+provide the specified service. -+In most cases, you should \fInot\fR specify this option. -+Use it only if you know that there are multiple access concentrators -+or know that you need a specific service name. -+.RE -+.TP -+.BI \-C " ac_name" -+.RS -+Specifies the desired access concentrator name. -+\fBpppoe\-discovery\fR will only accept the specified access -+concentrator. -+In most cases, you should \fInot\fR specify this option. -+Use it only if you know that there are multiple access concentrators. -+If both the \fB\-S\fR and \fB\-C\fR options are specified, they must -+\fIboth\fR match. -+.RE -+.TP -+.B \-A -+.RS -+This option is accepted for compatibility with \fBpppoe\fR, but has no -+effect. -+.RE -+.TP -+.BR \-V " | " \-h -+.RS -+Either of these options causes \fBpppoe\-discovery\fR to print its -+version number and usage information, then exit. -+.RE -+.SH AUTHORS -+\fBpppoe\-discovery\fR was written by Marco d'Itri , -+based on \fBpppoe\fR by David F. Skoll . -+.SH SEE ALSO -+pppoe(8), pppoe-sniff(8) --- -1.8.3.1 - diff --git a/0018-scritps-fix-ip-up.local-sample.patch b/0018-scritps-fix-ip-up.local-sample.patch deleted file mode 100644 index c36e0b8..0000000 --- a/0018-scritps-fix-ip-up.local-sample.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 40960f91cdd06da387616ec838ae2599e7f01cee Mon Sep 17 00:00:00 2001 -From: Jiri Skala -Date: Mon, 7 Apr 2014 15:24:01 +0200 -Subject: [PATCH 18/27] scritps: fix ip-up.local sample - -Resolves: #613717 ---- - scripts/ip-up.local.add | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add -index 26cf5f8..282337c 100644 ---- a/scripts/ip-up.local.add -+++ b/scripts/ip-up.local.add -@@ -18,6 +18,9 @@ if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then - rscf=/var/run/ppp/resolv.new - grep domain /var/run/ppp/resolv.prev > $rscf - grep search /var/run/ppp/resolv.prev >> $rscf -+ if [ -f /var/run/ppp/resolv.conf ]; then -+ cat /var/run/ppp/resolv.conf >> $rscf -+ fi - change_resolv_conf $rscf - rm -f $rscf - else --- -1.8.3.1 - diff --git a/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch b/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch deleted file mode 100644 index 23b1f93..0000000 --- a/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux -index 2df887b..6cb8397 100644 ---- a/pppd/plugins/pppoe/Makefile.linux -+++ b/pppd/plugins/pppoe/Makefile.linux -@@ -43,12 +43,12 @@ pppoe.so: plugin.o discovery.o if.o common.o - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -c -m 4550 pppoe.so $(LIBDIR) -+ $(INSTALL) -c -m 755 pppoe.so $(LIBDIR) - # Symlink for backward compatibility - $(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so - $(INSTALL) -d -m 755 $(BINDIR) -- $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) -- $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR) -+ $(INSTALL) -c -m 755 pppoe-discovery $(BINDIR) -+ $(INSTALL) -c -m 644 pppoe-discovery.8 $(MANDIR) - - clean: - rm -f *.o *.so pppoe-discovery diff --git a/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch b/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch deleted file mode 100644 index 9982d92..0000000 --- a/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0fdb22ef3d3cc3b297372451d60bd6c61d047d27 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Thu, 10 Apr 2014 10:08:41 +0200 -Subject: [PATCH 24/27] build-sys: install pppoatm plugin files with standard - perms - ---- - pppd/plugins/pppoatm/Makefile.linux | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux -index 769794b..4c5826f 100644 ---- a/pppd/plugins/pppoatm/Makefile.linux -+++ b/pppd/plugins/pppoatm/Makefile.linux -@@ -37,7 +37,7 @@ $(PLUGIN): $(PLUGIN_OBJS) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -c -m 4550 $(PLUGIN) $(LIBDIR) -+ $(INSTALL) -c -m 755 $(PLUGIN) $(LIBDIR) - - clean: - rm -f *.o *.so --- -1.8.3.1 - diff --git a/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch b/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch deleted file mode 100644 index bedb902..0000000 --- a/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch +++ /dev/null @@ -1,29 +0,0 @@ -From ab8b06cdc1075abc67f77e7c3bb684e20071d614 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Thu, 10 Apr 2014 10:09:41 +0200 -Subject: [PATCH 25/27] pppd: install pppd binary using standard perms (755) - ---- - pppd/Makefile.linux | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 0e8107f..534ccc2 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -223,10 +223,10 @@ all: $(TARGETS) - install: pppd - mkdir -p $(BINDIR) $(MANDIR) - $(EXTRAINSTALL) -- $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd -+ $(INSTALL) -c -m 755 pppd $(BINDIR)/pppd - if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ - chmod o-rx,u+s $(BINDIR)/pppd; fi -- $(INSTALL) -c -m 444 pppd.8 $(MANDIR) -+ $(INSTALL) -c -m 644 pppd.8 $(MANDIR) - - pppd: $(PPPDOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) --- -1.8.3.1 - diff --git a/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch deleted file mode 100644 index 1b4a9cd..0000000 --- a/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 7 Apr 2014 12:23:36 +0200 -Subject: [PATCH 12/27] pppd: we don't want to accidentally leak fds - ---- - pppd/auth.c | 20 ++++++++++---------- - pppd/options.c | 2 +- - pppd/sys-linux.c | 4 ++-- - 3 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/pppd/auth.c b/pppd/auth.c -index 4271af6..9e957fa 100644 ---- a/pppd/auth.c -+++ b/pppd/auth.c -@@ -428,7 +428,7 @@ setupapfile(argv) - free(fname); - return 0; - } -- ufile = fopen(fname, "r"); -+ ufile = fopen(fname, "re"); - if (seteuid(euid) == -1) - fatal("unable to regain privileges: %m"); - if (ufile == NULL) { -@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) - filename = _PATH_UPAPFILE; - addrs = opts = NULL; - ret = UPAP_AUTHNAK; -- f = fopen(filename, "r"); -+ f = fopen(filename, "re"); - if (f == NULL) { - error("Can't open PAP password file %s: %m", filename); - -@@ -1512,7 +1512,7 @@ null_login(unit) - if (ret <= 0) { - filename = _PATH_UPAPFILE; - addrs = NULL; -- f = fopen(filename, "r"); -+ f = fopen(filename, "re"); - if (f == NULL) - return 0; - check_access(f, filename); -@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd) - } - - filename = _PATH_UPAPFILE; -- f = fopen(filename, "r"); -+ f = fopen(filename, "re"); - if (f == NULL) - return 0; - check_access(f, filename); -@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp) - } - - filename = _PATH_UPAPFILE; -- f = fopen(filename, "r"); -+ f = fopen(filename, "re"); - if (f == NULL) - return 0; - -@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp) - } - - filename = _PATH_CHAPFILE; -- f = fopen(filename, "r"); -+ f = fopen(filename, "re"); - if (f == NULL) - return 0; - -@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp) - struct wordlist *addrs; - - filename = _PATH_SRPFILE; -- f = fopen(filename, "r"); -+ f = fopen(filename, "re"); - if (f == NULL) - return 0; - -@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server) - addrs = NULL; - secbuf[0] = 0; - -- f = fopen(filename, "r"); -+ f = fopen(filename, "re"); - if (f == NULL) { - error("Can't open chap secret file %s: %m", filename); - return 0; -@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server) - filename = _PATH_SRPFILE; - addrs = NULL; - -- fp = fopen(filename, "r"); -+ fp = fopen(filename, "re"); - if (fp == NULL) { - error("Can't open srp secret file %s: %m", filename); - return 0; -@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags) - */ - if (word[0] == '@' && word[1] == '/') { - strlcpy(atfile, word+1, sizeof(atfile)); -- if ((sf = fopen(atfile, "r")) == NULL) { -+ if ((sf = fopen(atfile, "re")) == NULL) { - warn("can't open indirect secret file %s", atfile); - continue; - } -diff --git a/pppd/options.c b/pppd/options.c -index 45fa742..1d754ae 100644 ---- a/pppd/options.c -+++ b/pppd/options.c -@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv) - option_error("unable to drop privileges to open %s: %m", filename); - return 0; - } -- f = fopen(filename, "r"); -+ f = fopen(filename, "re"); - err = errno; - if (check_prot && seteuid(euid) == -1) - fatal("unable to regain privileges"); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 72a7727..8a12fa0 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail) - /* Default the mount location of /proc */ - strlcpy (proc_path, "/proc", sizeof(proc_path)); - proc_path_len = 5; -- fp = fopen(MOUNTED, "r"); -+ fp = fopen(MOUNTED, "re"); - if (fp != NULL) { - while ((mntent = getmntent(fp)) != NULL) { - if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) -@@ -1472,7 +1472,7 @@ static int open_route_table (void) - close_route_table(); - - path = path_to_procfs("/net/route"); -- route_fd = fopen (path, "r"); -+ route_fd = fopen (path, "re"); - if (route_fd == NULL) { - error("can't open routing table %s: %m", path); - return 0; --- -1.8.3.1 - diff --git a/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch b/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch deleted file mode 100644 index c2c8cce..0000000 --- a/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 6a4b897..8f29c1f 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -12,6 +12,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin - MANDIR = $(DESTDIR)/share/man/man8 - INCDIR = $(DESTDIR)/include -+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null) - - TARGETS = pppd - -@@ -93,7 +94,7 @@ INCLUDE_DIRS= -I../include - - COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe - --CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -+CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -DLIBDIR=\""$(LIBDIR)"\" - - ifdef CHAPMS - CFLAGS += -DCHAPMS=1 -diff --git a/pppd/pathnames.h b/pppd/pathnames.h -index 524d608..c7eadbb 100644 ---- a/pppd/pathnames.h -+++ b/pppd/pathnames.h -@@ -62,7 +62,7 @@ - - #ifdef PLUGIN - #ifdef __STDC__ --#define _PATH_PLUGIN DESTDIR "/lib/pppd/" VERSION -+#define _PATH_PLUGIN LIBDIR "/pppd/" VERSION - #else /* __STDC__ */ - #define _PATH_PLUGIN "/usr/lib/pppd" - #endif /* __STDC__ */ -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux -index 6403e3d..f42d18c 100644 ---- a/pppd/plugins/Makefile.linux -+++ b/pppd/plugins/Makefile.linux -@@ -5,7 +5,7 @@ COPTS=@CFLAGS@ - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin - MANDIR = $(DESTDIR)/share/man/man8 --LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) -+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION) - - CFLAGS = $(COPTS) -I.. -I../../include -fPIC - LDFLAGS_SHARED = -shared -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux -index d3a8086..c2aff0c 100644 ---- a/pppd/plugins/pppoatm/Makefile.linux -+++ b/pppd/plugins/pppoatm/Makefile.linux -@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@ - COPTS=@CFLAGS@ - - DESTDIR = $(INSTROOT)@DESTDIR@ --LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) -+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION) - - VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - -diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux -index c415ce3..d3b7392 100644 ---- a/pppd/plugins/pppoe/Makefile.linux -+++ b/pppd/plugins/pppoe/Makefile.linux -@@ -18,7 +18,7 @@ COPTS=@CFLAGS@ - - DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin --LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION) -+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION) - - PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - -diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux -index 1aa1c0b..e4442f9 100644 ---- a/pppd/plugins/pppol2tp/Makefile.linux -+++ b/pppd/plugins/pppol2tp/Makefile.linux -@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@ - COPTS=@CFLAGS@ - - DESTDIR = $(INSTROOT)/@DESTDIR@ --LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) -+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION) - - VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux -index 489aef2..d2ef044 100644 ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -9,7 +9,7 @@ COPTS=@CFLAGS@ - - DESTDIR = $(INSTROOT)@DESTDIR@ - MANDIR = $(DESTDIR)/share/man/man8 --LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) -+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION) - - VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - diff --git a/ppp-2.4.9-config.patch b/ppp-2.4.9-config.patch deleted file mode 100644 index fc7c781..0000000 --- a/ppp-2.4.9-config.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index e77373e..07df6a7 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -68,14 +68,14 @@ USE_TDB=y - #SYSTEMD=y - - HAS_SHADOW=y --#USE_PAM=y -+USE_PAM=y - HAVE_INET6=y - - # Enable plugins - PLUGIN=y - - # Enable Microsoft proprietary Callback Control Protocol --#CBCP=y -+CBCP=y - - # Enable EAP SRP-SHA1 authentication (requires libsrp) - #USE_SRP=y diff --git a/ppp-2.4.9-configure-cflags-allow-commas.patch b/ppp-2.4.9-configure-cflags-allow-commas.patch deleted file mode 100644 index 5a4ef98..0000000 --- a/ppp-2.4.9-configure-cflags-allow-commas.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/configure b/configure -index f977663..c7031c2 100755 ---- a/configure -+++ b/configure -@@ -121,9 +121,9 @@ mkmkf() { - rm -f $2 - if [ -f $1 ]; then - echo " $2 <= $1" -- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \ -- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \ -- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2 -+ sed -e "s|@DESTDIR@|$DESTDIR|g" -e "s|@SYSCONF@|$SYSCONF|g" \ -+ -e "s|@CROSS_COMPILE@|$CROSS_COMPILE|g" -e "s|@CC@|$CC|g" \ -+ -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2 - fi - } - diff --git a/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch b/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch deleted file mode 100644 index 84a3bdb..0000000 --- a/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 7 Apr 2014 13:56:34 +0200 -Subject: [PATCH 13/27] everywhere: O_CLOEXEC harder - ---- - pppd/eap.c | 2 +- - pppd/main.c | 4 ++-- - pppd/options.c | 4 ++-- - pppd/sys-linux.c | 22 +++++++++++----------- - pppd/tdb.c | 4 ++-- - pppd/tty.c | 4 ++-- - pppd/utils.c | 6 +++--- - 7 files changed, 23 insertions(+), 23 deletions(-) - -diff --git a/pppd/eap.c b/pppd/eap.c -index 6ea6c1f..faced53 100644 ---- a/pppd/eap.c -+++ b/pppd/eap.c -@@ -1226,7 +1226,7 @@ mode_t modebits; - - if ((path = name_of_pn_file()) == NULL) - return (-1); -- fd = open(path, modebits, S_IRUSR | S_IWUSR); -+ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC); - err = errno; - free(path); - errno = err; -diff --git a/pppd/main.c b/pppd/main.c -index 6d50d1b..4880377 100644 ---- a/pppd/main.c -+++ b/pppd/main.c -@@ -420,7 +420,7 @@ main(argc, argv) - die(0); - - /* Make sure fds 0, 1, 2 are open to somewhere. */ -- fd_devnull = open(_PATH_DEVNULL, O_RDWR); -+ fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC); - if (fd_devnull < 0) - fatal("Couldn't open %s: %m", _PATH_DEVNULL); - while (fd_devnull <= 2) { -@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait) - if (log_to_fd >= 0) - errfd = log_to_fd; - else -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); -+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644); - - ++conn_running; - pid = safe_fork(in, out, errfd); -diff --git a/pppd/options.c b/pppd/options.c -index 1d754ae..8e62635 100644 ---- a/pppd/options.c -+++ b/pppd/options.c -@@ -1544,9 +1544,9 @@ setlogfile(argv) - option_error("unable to drop permissions to open %s: %m", *argv); - return 0; - } -- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); -+ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644); - if (fd < 0 && errno == EEXIST) -- fd = open(*argv, O_WRONLY | O_APPEND); -+ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC); - err = errno; - if (!privileged_option && seteuid(euid) == -1) - fatal("unable to regain privileges: %m"); -diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c -index 8a12fa0..00a2cf5 100644 ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd) - goto err; - } - dbglog("using channel %d", chindex); -- fd = open("/dev/ppp", O_RDWR); -+ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); - if (fd < 0) { - error("Couldn't reopen /dev/ppp: %m"); - goto err; -@@ -619,7 +619,7 @@ static int make_ppp_unit() - dbglog("in make_ppp_unit, already had /dev/ppp open?"); - close(ppp_dev_fd); - } -- ppp_dev_fd = open("/dev/ppp", O_RDWR); -+ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); - if (ppp_dev_fd < 0) - fatal("Couldn't open /dev/ppp: %m"); - flags = fcntl(ppp_dev_fd, F_GETFL); -@@ -693,7 +693,7 @@ int bundle_attach(int ifnum) - if (!new_style_driver) - return -1; - -- master_fd = open("/dev/ppp", O_RDWR); -+ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); - if (master_fd < 0) - fatal("Couldn't open /dev/ppp: %m"); - if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { -@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr) - if (tune_kernel) { - forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); - if (forw_path != 0) { -- int fd = open(forw_path, O_WRONLY); -+ int fd = open(forw_path, O_WRONLY | O_CLOEXEC); - if (fd >= 0) { - if (write(fd, "1", 1) != 1) - error("Couldn't enable IP forwarding: %m"); -@@ -2030,7 +2030,7 @@ int ppp_available(void) - sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); - kernel_version = KVERSION(osmaj, osmin, ospatch); - -- fd = open("/dev/ppp", O_RDWR); -+ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); - if (fd >= 0) { - new_style_driver = 1; - -@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host) - #if __GLIBC__ >= 2 - updwtmp(_PATH_WTMP, &ut); - #else -- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY); -+ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC); - if (wtmp >= 0) { - flock(wtmp, LOCK_EX); - -@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr, - int fd; - - path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); -- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { -+ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) { - if (write(fd, "1", 1) != 1) - error("Couldn't enable dynamic IP addressing: %m"); - close(fd); -@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) - /* - * Try the unix98 way first. - */ -- mfd = open("/dev/ptmx", O_RDWR); -+ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC); - if (mfd >= 0) { - int ptn; - if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { -@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) - if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) - warn("Couldn't unlock pty slave %s: %m", pty_name); - #endif -- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) -+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) - { - warn("Couldn't open pty slave %s: %m", pty_name); - close(mfd); -@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) - for (i = 0; i < 64; ++i) { - slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", - 'p' + i / 16, i % 16); -- mfd = open(pty_name, O_RDWR, 0); -+ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0); - if (mfd >= 0) { - pty_name[5] = 't'; -- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); -+ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); - if (sfd >= 0) { - fchown(sfd, uid, -1); - fchmod(sfd, S_IRUSR | S_IWUSR); -diff --git a/pppd/tdb.c b/pppd/tdb.c -index bdc5828..c7ab71c 100644 ---- a/pppd/tdb.c -+++ b/pppd/tdb.c -@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, - goto internal; - } - -- if ((tdb->fd = open(name, open_flags, mode)) == -1) { -+ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) { - TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", - name, strerror(errno))); - goto fail; /* errno set by open(2) */ -@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb) - } - if (close(tdb->fd) != 0) - TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); -- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); -+ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0); - if (tdb->fd == -1) { - TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); - goto fail; -diff --git a/pppd/tty.c b/pppd/tty.c -index d571b11..bc96695 100644 ---- a/pppd/tty.c -+++ b/pppd/tty.c -@@ -569,7 +569,7 @@ int connect_tty() - status = EXIT_OPEN_FAILED; - goto errret; - } -- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); -+ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0); - err = errno; - if (prio < OPRIO_ROOT && seteuid(0) == -1) - fatal("Unable to regain privileges"); -@@ -723,7 +723,7 @@ int connect_tty() - if (connector == NULL && modem && devnam[0] != 0) { - int i; - for (;;) { -- if ((i = open(devnam, O_RDWR)) >= 0) -+ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0) - break; - if (errno != EINTR) { - error("Failed to reopen %s: %m", devnam); -diff --git a/pppd/utils.c b/pppd/utils.c -index 29bf970..6051b9a 100644 ---- a/pppd/utils.c -+++ b/pppd/utils.c -@@ -918,14 +918,14 @@ lock(dev) - slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); - #endif - -- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { -+ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) { - if (errno != EEXIST) { - error("Can't create lock file %s: %m", lock_file); - break; - } - - /* Read the lock file to find out who has the device locked. */ -- fd = open(lock_file, O_RDONLY, 0); -+ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0); - if (fd < 0) { - if (errno == ENOENT) /* This is just a timing problem. */ - continue; -@@ -1004,7 +1004,7 @@ relock(pid) - - if (lock_file[0] == 0) - return -1; -- fd = open(lock_file, O_WRONLY, 0); -+ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0); - if (fd < 0) { - error("Couldn't reopen lock file %s: %m", lock_file); - lock_file[0] = 0; --- -1.8.3.1 - diff --git a/ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch b/ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch deleted file mode 100644 index fb0bcc1..0000000 --- a/ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch +++ /dev/null @@ -1,898 +0,0 @@ -From d706c95906d996534f13632a747af5dc617f306e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Eivind=20N=C3=A6ss?= -Date: Sat, 24 Apr 2021 03:00:34 -0700 -Subject: [PATCH] pppd: Expose the MPPE keys generated through an API (#267) - -The lengthy part of this fix is to refactor the handling of MPPE keys -by moving it into mppe.c and thus reducing the clutter in chap_ms.c. -It does so by renaming the mppe_set_keys/2 to the corresponding -mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these -functions. - -Having done so, it conveniently allows the name "mppe_set_keys" to be -re-used for this new purpose which will copy the key material up to -its size and then clear the input parameters (avoids leaving the MPPE -keys on the stack). - -Additional functiions added to the MPPE code allow plugins et al. to -access the MPPE keys, clear the keys, and check if they are set. All -plugin and CCP code has been updated to use this API. - -This fixes GitHub Issue #258 - -Signed-off-by: Eivind Naess ---- - pppd/Makefile.linux | 2 + - pppd/Makefile.sol2 | 2 +- - pppd/ccp.c | 15 +-- - pppd/chap_ms.c | 167 +---------------------- - pppd/chap_ms.h | 22 +--- - pppd/eap-tls.c | 21 +-- - pppd/eap-tls.h | 5 - - pppd/mppe.c | 248 +++++++++++++++++++++++++++++++++++ - pppd/mppe.h | 70 +++++++++- - pppd/plugins/radius/radius.c | 14 +- - pppd/plugins/winbind.c | 8 +- - 11 files changed, 348 insertions(+), 226 deletions(-) - create mode 100644 pppd/mppe.c - -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index f92f7c0..852945e 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -109,6 +109,8 @@ CFLAGS += -DMSLANMAN=1 - endif - ifdef MPPE - CFLAGS += -DMPPE=1 -+PPPDOBJS += mppe.o -+PPPDSRC += mppe.c - HEADERS += mppe.h - endif - endif -diff --git a/pppd/Makefile.sol2 b/pppd/Makefile.sol2 -index 809cb4b..3a8681c 100644 ---- a/pppd/Makefile.sol2 -+++ b/pppd/Makefile.sol2 -@@ -37,7 +37,7 @@ OBJS += ipv6cp.o eui64.o - - # Uncomment to enable MS-CHAP - CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H --OBJS += chap_ms.o pppcrypt.o md4.o sha1.o -+OBJS += chap_ms.o pppcrypt.o md4.o sha1.o mppe.o - - # Uncomment to enable MPPE (in both CHAP and EAP-TLS) - CFLAGS += -DMPPE -diff --git a/pppd/ccp.c b/pppd/ccp.c -index 052c4c6..387b571 100644 ---- a/pppd/ccp.c -+++ b/pppd/ccp.c -@@ -38,10 +38,9 @@ - #include "ccp.h" - #include - --#ifdef MPPE --#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */ -+#include "chap_ms.h" -+#include "mppe.h" - #include "lcp.h" /* lcp_close(), lcp_fsm */ --#endif - - - /* -@@ -574,7 +573,7 @@ ccp_resetci(fsm *f) - } - - /* A plugin (eg radius) may not have obtained key material. */ -- if (!mppe_keys_set) { -+ if (!mppe_keys_isset()) { - error("MPPE required, but keys are not available. " - "Possible plugin problem?"); - lcp_close(f->unit, "MPPE required but not available"); -@@ -705,7 +704,7 @@ static void - p[1] = opt_buf[1] = CILEN_MPPE; - MPPE_OPTS_TO_CI(go->mppe, &p[2]); - MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); -- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); -+ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); - res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0); - if (res > 0) - p += CILEN_MPPE; -@@ -1156,8 +1155,7 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) - int mtu; - - BCOPY(p, opt_buf, CILEN_MPPE); -- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], -- MPPE_MAX_KEY_LEN); -+ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); - if (ccp_test(f->unit, opt_buf, - CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) { - /* This shouldn't happen, we've already tested it! */ -@@ -1426,8 +1424,7 @@ ccp_up(fsm *f) - notice("%s transmit compression enabled", method_name(ho, NULL)); - #ifdef MPPE - if (go->mppe) { -- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN); -- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN); -+ mppe_clear_keys(); - continue_networks(f->unit); /* Bring up IP et al */ - } - #endif -diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c -index df2dadd..d315ab4 100644 ---- a/pppd/chap_ms.c -+++ b/pppd/chap_ms.c -@@ -93,8 +93,7 @@ - #include "sha1.h" - #include "pppcrypt.h" - #include "magic.h" -- -- -+#include "mppe.h" - - static void ascii2unicode (char[], int, u_char[]); - static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]); -@@ -109,21 +108,12 @@ static void GenerateAuthenticatorResponsePlain - static void ChapMS_LANMan (u_char *, char *, int, u_char *); - #endif - --#ifdef MPPE --static void Set_Start_Key (u_char *, char *, int); --static void SetMasterKeys (char *, int, u_char[24], int); --#endif -- - #ifdef MSLANMAN - bool ms_lanman = 0; /* Use LanMan password instead of NT */ - /* Has meaning only with MS-CHAP challenges */ - #endif - - #ifdef MPPE --u_char mppe_send_key[MPPE_MAX_KEY_LEN]; --u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; --int mppe_keys_set = 0; /* Have the MPPE keys been set? */ -- - #ifdef DEBUGMPPEKEY - /* For MPPE debug */ - /* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */ -@@ -719,28 +709,6 @@ GenerateAuthenticatorResponsePlain - - - #ifdef MPPE --/* -- * Set mppe_xxxx_key from the NTPasswordHashHash. -- * RFC 2548 (RADIUS support) requires us to export this function (ugh). -- */ --void --mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) --{ -- SHA1_CTX sha1Context; -- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ -- -- SHA1_Init(&sha1Context); -- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); -- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); -- SHA1_Update(&sha1Context, rchallenge, 8); -- SHA1_Final(Digest, &sha1Context); -- -- /* Same key in both directions. */ -- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); -- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); -- -- mppe_keys_set = 1; --} - - /* - * Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079) -@@ -757,104 +725,7 @@ Set_Start_Key(u_char *rchallenge, char *secret, int secret_len) - NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); - NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); - -- mppe_set_keys(rchallenge, PasswordHashHash); --} -- --/* -- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) -- * -- * This helper function used in the Winbind module, which gets the -- * NTHashHash from the server. -- */ --void --mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], -- u_char NTResponse[24], int IsServer) --{ -- SHA1_CTX sha1Context; -- u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ -- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ -- -- u_char SHApad1[40] = -- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; -- u_char SHApad2[40] = -- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, -- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, -- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, -- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; -- -- /* "This is the MPPE Master Key" */ -- u_char Magic1[27] = -- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, -- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, -- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; -- /* "On the client side, this is the send key; " -- "on the server side, it is the receive key." */ -- u_char Magic2[84] = -- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, -- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, -- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, -- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, -- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, -- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, -- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, -- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, -- 0x6b, 0x65, 0x79, 0x2e }; -- /* "On the client side, this is the receive key; " -- "on the server side, it is the send key." */ -- u_char Magic3[84] = -- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, -- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, -- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, -- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, -- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, -- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, -- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, -- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, -- 0x6b, 0x65, 0x79, 0x2e }; -- u_char *s; -- -- SHA1_Init(&sha1Context); -- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); -- SHA1_Update(&sha1Context, NTResponse, 24); -- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); -- SHA1_Final(MasterKey, &sha1Context); -- -- /* -- * generate send key -- */ -- if (IsServer) -- s = Magic3; -- else -- s = Magic2; -- SHA1_Init(&sha1Context); -- SHA1_Update(&sha1Context, MasterKey, 16); -- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); -- SHA1_Update(&sha1Context, s, 84); -- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); -- SHA1_Final(Digest, &sha1Context); -- -- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); -- -- /* -- * generate recv key -- */ -- if (IsServer) -- s = Magic2; -- else -- s = Magic3; -- SHA1_Init(&sha1Context); -- SHA1_Update(&sha1Context, MasterKey, 16); -- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); -- SHA1_Update(&sha1Context, s, 84); -- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); -- SHA1_Final(Digest, &sha1Context); -- -- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); -- -- mppe_keys_set = 1; -+ mppe_set_chapv1(rchallenge, PasswordHashHash); - } - - /* -@@ -870,7 +741,7 @@ SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer) - ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); - NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); -- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer); -+ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer); - } - - #endif /* MPPE */ -@@ -945,38 +816,6 @@ ChapMS2(u_char *rchallenge, u_char *PeerChallenge, - #endif - } - --#ifdef MPPE --/* -- * Set MPPE options from plugins. -- */ --void --set_mppe_enc_types(int policy, int types) --{ -- /* Early exit for unknown policies. */ -- if (policy != MPPE_ENC_POL_ENC_ALLOWED && -- policy != MPPE_ENC_POL_ENC_REQUIRED) -- return; -- -- /* Don't modify MPPE if it's optional and wasn't already configured. */ -- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe) -- return; -- -- /* -- * Disable undesirable encryption types. Note that we don't ENABLE -- * any encryption types, to avoid overriding manual configuration. -- */ -- switch(types) { -- case MPPE_ENC_TYPES_RC4_40: -- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ -- break; -- case MPPE_ENC_TYPES_RC4_128: -- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ -- break; -- default: -- break; -- } --} --#endif /* MPPE */ - - static struct chap_digest_type chapms_digest = { - CHAP_MICROSOFT, /* code */ -diff --git a/pppd/chap_ms.h b/pppd/chap_ms.h -index 005eb63..4e6a621 100644 ---- a/pppd/chap_ms.h -+++ b/pppd/chap_ms.h -@@ -38,6 +38,7 @@ - #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ - #define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */ - #define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */ -+#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */ - /* as ASCII */ - - /* E=eeeeeeeeee error codes for MS-CHAP failure messages. */ -@@ -67,22 +68,6 @@ - #define MS_CHAP2_NTRESP_LEN 24 - #define MS_CHAP2_FLAGS 48 - --#ifdef MPPE --#include "mppe.h" /* MPPE_MAX_KEY_LEN */ --extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; --extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; --extern int mppe_keys_set; -- --/* These values are the RADIUS attribute values--see RFC 2548. */ --#define MPPE_ENC_POL_ENC_ALLOWED 1 --#define MPPE_ENC_POL_ENC_REQUIRED 2 --#define MPPE_ENC_TYPES_RC4_40 2 --#define MPPE_ENC_TYPES_RC4_128 4 -- --/* used by plugins (using above values) */ --extern void set_mppe_enc_types(int, int); --#endif -- - /* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */ - #define MS_CHAP2_AUTHENTICATEE 0 - #define MS_CHAP2_AUTHENTICATOR 1 -@@ -90,11 +75,6 @@ extern void set_mppe_enc_types(int, int); - void ChapMS (u_char *, char *, int, u_char *); - void ChapMS2 (u_char *, u_char *, char *, char *, int, - u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int); --#ifdef MPPE --void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]); --void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], -- u_char NTResponse[24], int IsServer); --#endif - - void ChallengeHash (u_char[16], u_char *, char *, u_char[8]); - -diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c -index 5c202c7..bfcf199 100644 ---- a/pppd/eap-tls.c -+++ b/pppd/eap-tls.c -@@ -48,6 +48,8 @@ - #include "eap-tls.h" - #include "fsm.h" - #include "lcp.h" -+#include "chap_ms.h" -+#include "mppe.h" - #include "pathnames.h" - - typedef struct pw_cb_data -@@ -74,10 +76,6 @@ int ssl_new_session_cb(SSL *s, SSL_SESSION *sess); - X509 *get_X509_from_file(char *filename); - int ssl_cmp_certs(char *filename, X509 * a); - --#ifdef MPPE -- --#define EAPTLS_MPPE_KEY_LEN 32 -- - /* - * OpenSSL 1.1+ introduced a generic TLS_method() - * For older releases we substitute the appropriate method -@@ -119,6 +117,8 @@ static inline int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) - - #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - -+#ifdef MPPE -+#define EAPTLS_MPPE_KEY_LEN 32 - - /* - * Generate keys according to RFC 2716 and add to reply -@@ -161,24 +161,17 @@ void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client) - */ - if (client) - { -- p = out; -- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); -- p += EAPTLS_MPPE_KEY_LEN; -- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); -+ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN); - } - else - { -- p = out; -- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); -- p += EAPTLS_MPPE_KEY_LEN; -- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); -+ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN); - } -- -- mppe_keys_set = 1; - } - - #endif /* MPPE */ - -+ - void log_ssl_errors( void ) - { - unsigned long ssl_err = ERR_get_error(); -diff --git a/pppd/eap-tls.h b/pppd/eap-tls.h -index c74a831..b935ec5 100644 ---- a/pppd/eap-tls.h -+++ b/pppd/eap-tls.h -@@ -86,11 +86,6 @@ int get_eaptls_secret(int unit, char *client, char *server, - char *capath, char *pkfile, int am_server); - - #ifdef MPPE --#include "mppe.h" /* MPPE_MAX_KEY_LEN */ --extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; --extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; --extern int mppe_keys_set; -- - void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client); - #endif - -diff --git a/pppd/mppe.c b/pppd/mppe.c -new file mode 100644 -index 0000000..4f3d131 ---- /dev/null -+++ b/pppd/mppe.c -@@ -0,0 +1,248 @@ -+/* * mppe.c - MPPE key implementation -+ * -+ * Copyright (c) 2020 Eivind Naess. All rights reserved. -+ * Copyright (c) 2008 Paul Mackerras. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. The name(s) of the authors of this software must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. -+ * -+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO -+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ * -+ */ -+ -+#include -+ -+#include "pppd.h" -+#include "fsm.h" -+#include "md4.h" -+#include "sha1.h" -+#include "ccp.h" -+#include "chap_ms.h" -+#include "mppe.h" -+ -+u_char mppe_send_key[MPPE_MAX_KEY_SIZE]; -+u_char mppe_recv_key[MPPE_MAX_KEY_SIZE]; -+int mppe_keys_set = 0; -+ -+void -+mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen) -+{ -+ int length = keylen; -+ if (length > MPPE_MAX_KEY_SIZE) -+ length = MPPE_MAX_KEY_SIZE; -+ -+ if (send_key) { -+ BCOPY(send_key, mppe_send_key, length); -+ BZERO(send_key, keylen); -+ } -+ -+ if (recv_key) { -+ BCOPY(recv_key, mppe_recv_key, length); -+ BZERO(recv_key, keylen); -+ } -+ -+ mppe_keys_set = length; -+} -+ -+bool -+mppe_keys_isset() -+{ -+ return !!mppe_keys_set; -+} -+ -+int -+mppe_get_recv_key(u_char *recv_key, int length) -+{ -+ if (mppe_keys_isset()) { -+ if (length > mppe_keys_set) -+ length = mppe_keys_set; -+ BCOPY(mppe_recv_key, recv_key, length); -+ return length; -+ } -+ return 0; -+} -+ -+int -+mppe_get_send_key(u_char *send_key, int length) -+{ -+ if (mppe_keys_isset()) { -+ if (length > mppe_keys_set) -+ length = mppe_keys_set; -+ BCOPY(mppe_send_key, send_key, length); -+ return length; -+ } -+ return 0; -+} -+ -+void -+mppe_clear_keys(void) -+{ -+ mppe_keys_set = 0; -+ BZERO(mppe_send_key, sizeof(mppe_send_key)); -+ BZERO(mppe_recv_key, sizeof(mppe_recv_key)); -+} -+ -+/* -+ * Set mppe_xxxx_key from the NTPasswordHashHash. -+ * RFC 2548 (RADIUS support) requires us to export this function (ugh). -+ */ -+void -+mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) -+{ -+ SHA1_CTX sha1Context; -+ u_char Digest[SHA1_SIGNATURE_SIZE]; -+ -+ SHA1_Init(&sha1Context); -+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); -+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); -+ SHA1_Update(&sha1Context, rchallenge, 8); -+ SHA1_Final(Digest, &sha1Context); -+ -+ /* Same key in both directions. */ -+ mppe_set_keys(Digest, Digest, sizeof(Digest)); -+} -+ -+/* -+ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) -+ * -+ * This helper function used in the Winbind module, which gets the -+ * NTHashHash from the server. -+ */ -+void -+mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], -+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer) -+{ -+ SHA1_CTX sha1Context; -+ u_char MasterKey[SHA1_SIGNATURE_SIZE]; -+ u_char SendKey[SHA1_SIGNATURE_SIZE]; -+ u_char RecvKey[SHA1_SIGNATURE_SIZE]; -+ -+ u_char SHApad1[40] = -+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; -+ u_char SHApad2[40] = -+ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, -+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, -+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, -+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; -+ -+ /* "This is the MPPE Master Key" */ -+ u_char Magic1[27] = -+ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, -+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, -+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; -+ /* "On the client side, this is the send key; " -+ "on the server side, it is the receive key." */ -+ u_char Magic2[84] = -+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, -+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, -+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, -+ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, -+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, -+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, -+ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, -+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, -+ 0x6b, 0x65, 0x79, 0x2e }; -+ /* "On the client side, this is the receive key; " -+ "on the server side, it is the send key." */ -+ u_char Magic3[84] = -+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, -+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, -+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, -+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, -+ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, -+ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, -+ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, -+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, -+ 0x6b, 0x65, 0x79, 0x2e }; -+ u_char *s; -+ -+ SHA1_Init(&sha1Context); -+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); -+ SHA1_Update(&sha1Context, NTResponse, 24); -+ SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); -+ SHA1_Final(MasterKey, &sha1Context); -+ -+ /* -+ * generate send key -+ */ -+ if (IsServer) -+ s = Magic3; -+ else -+ s = Magic2; -+ SHA1_Init(&sha1Context); -+ SHA1_Update(&sha1Context, MasterKey, 16); -+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); -+ SHA1_Update(&sha1Context, s, 84); -+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); -+ SHA1_Final(SendKey, &sha1Context); -+ -+ /* -+ * generate recv key -+ */ -+ if (IsServer) -+ s = Magic2; -+ else -+ s = Magic3; -+ SHA1_Init(&sha1Context); -+ SHA1_Update(&sha1Context, MasterKey, 16); -+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); -+ SHA1_Update(&sha1Context, s, 84); -+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); -+ SHA1_Final(RecvKey, &sha1Context); -+ -+ mppe_set_keys(SendKey, RecvKey, SHA1_SIGNATURE_SIZE); -+} -+ -+/* -+ * Set MPPE options from plugins. -+ */ -+void -+mppe_set_enc_types(int policy, int types) -+{ -+ /* Early exit for unknown policies. */ -+ if (policy != MPPE_ENC_POL_ENC_ALLOWED && -+ policy != MPPE_ENC_POL_ENC_REQUIRED) -+ return; -+ -+ /* Don't modify MPPE if it's optional and wasn't already configured. */ -+ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe) -+ return; -+ -+ /* -+ * Disable undesirable encryption types. Note that we don't ENABLE -+ * any encryption types, to avoid overriding manual configuration. -+ */ -+ switch(types) { -+ case MPPE_ENC_TYPES_RC4_40: -+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ -+ break; -+ case MPPE_ENC_TYPES_RC4_128: -+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ -+ break; -+ default: -+ break; -+ } -+} -+ -diff --git a/pppd/mppe.h b/pppd/mppe.h -index 5eb3b37..98a89d3 100644 ---- a/pppd/mppe.h -+++ b/pppd/mppe.h -@@ -32,9 +32,12 @@ - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -+#ifndef __MPPE_H__ -+#define __MPPE_H__ - - #define MPPE_PAD 4 /* MPPE growth per frame */ --#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */ -+#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */ -+#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */ - - /* option bits for ccp_options.mppe */ - #define MPPE_OPT_40 0x01 /* 40 bit */ -@@ -119,3 +122,68 @@ - if (ptr[3] & ~MPPE_ALL_BITS) \ - opts |= MPPE_OPT_UNKNOWN; \ - } while (/* CONSTCOND */ 0) -+ -+ -+#if MPPE -+ -+/* -+ * NOTE: -+ * Access to these variables directly is discuraged. Please -+ * change your code to use below accessor functions. -+ */ -+ -+/* The key material generated which is used for MPPE send key */ -+extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE]; -+/* The key material generated which is used for MPPE recv key */ -+extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE]; -+/* Keys are set if value is non-zero */ -+extern int mppe_keys_set; -+ -+/* These values are the RADIUS attribute values--see RFC 2548. */ -+#define MPPE_ENC_POL_ENC_ALLOWED 1 -+#define MPPE_ENC_POL_ENC_REQUIRED 2 -+#define MPPE_ENC_TYPES_RC4_40 2 -+#define MPPE_ENC_TYPES_RC4_128 4 -+ -+/* used by plugins (using above values) */ -+void mppe_set_enc_types (int policy, int types); -+ -+/* -+ * Set the MPPE send and recv keys. NULL values for keys are ignored -+ * and input values are cleared to avoid leaving them on the stack -+ */ -+void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen); -+ -+/* -+ * Get the MPPE recv key -+ */ -+int mppe_get_recv_key(u_char *recv_key, int length); -+ -+/* -+ * Get the MPPE send key -+ */ -+int mppe_get_send_key(u_char *send_key, int length); -+ -+/* -+ * Clear the MPPE keys -+ */ -+void mppe_clear_keys(void); -+ -+/* -+ * Check if the MPPE keys are set -+ */ -+bool mppe_keys_isset(void); -+ -+/* -+ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079 -+ */ -+void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]); -+ -+/* -+ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079 -+ */ -+void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], -+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer); -+ -+#endif // #ifdef MPPE -+#endif // #ifdef __MPPE_H__ -diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c -index c579831..cf4c0f2 100644 ---- a/pppd/plugins/radius/radius.c -+++ b/pppd/plugins/radius/radius.c -@@ -31,6 +31,7 @@ static char const RCSID[] = - #ifdef CHAPMS - #include "chap_ms.h" - #ifdef MPPE -+#include "mppe.h" - #include "md5.h" - #endif - #endif -@@ -743,11 +744,12 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, - * Note that if the policy value was '0' we don't set the key! - */ - if (mppe_enc_policy && mppe_enc_keys) { -- mppe_keys_set = 1; - /* Set/modify allowed encryption types. */ - if (mppe_enc_types) -- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types); -+ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types); -+ return 0; - } -+ mppe_clear_keys(); - #endif - - return 0; -@@ -803,7 +805,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, - * the NAS (us) doesn't need; we only need the start key. So we have - * to generate the start key, sigh. NB: We do not support the LM-Key. - */ -- mppe_set_keys(challenge, &plain[8]); -+ mppe_set_chapv1(challenge, &plain[8]); - - return 0; - } -@@ -855,7 +857,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) - for (i = 0; i < 16; i++) - plain[i] ^= buf[i]; - -- if (plain[0] != sizeof(mppe_send_key) /* 16 */) { -+ if (plain[0] != 16) { - error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", - (int) plain[0], type); - return -1; -@@ -869,9 +871,9 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) - plain[16] ^= buf[0]; /* only need the first byte */ - - if (vp->attribute == PW_MS_MPPE_SEND_KEY) -- memcpy(mppe_send_key, plain + 1, 16); -+ mppe_set_keys(plain + 1, NULL, 16); - else -- memcpy(mppe_recv_key, plain + 1, 16); -+ mppe_set_keys(NULL, plain + 1, 16); - - return 0; - } -diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c -index 0c395c3..67c72f6 100644 ---- a/pppd/plugins/winbind.c -+++ b/pppd/plugins/winbind.c -@@ -37,11 +37,9 @@ - #include "pppd.h" - #include "chap-new.h" - #include "chap_ms.h" --#ifdef MPPE --#include "md5.h" --#endif - #include "fsm.h" - #include "ipcp.h" -+#include "mppe.h" - #include - #include - #include -@@ -583,7 +581,7 @@ winbind_chap_verify(char *user, char *ourname, int id, - nt_response, nt_response_size, - session_key, - &error_string) == AUTHENTICATED) { -- mppe_set_keys(challenge, session_key); -+ mppe_set_chapv1(challenge, session_key); - slprintf(message, message_space, "Access granted"); - return AUTHENTICATED; - -@@ -628,7 +626,7 @@ winbind_chap_verify(char *user, char *ourname, int id, - &response[MS_CHAP2_NTRESP], - &response[MS_CHAP2_PEER_CHALLENGE], - challenge, user, saresponse); -- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP], -+ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP], - MS_CHAP2_AUTHENTICATOR); - if (response[MS_CHAP2_FLAGS]) { - slprintf(message, message_space, "S=%s", saresponse); --- -2.34.1 - diff --git a/ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch b/ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch deleted file mode 100644 index c8eb350..0000000 --- a/ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e609ed8bb62e4648568eaa49fbbc858dfda6d122 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Eivind=20N=C3=A6ss?= -Date: Sun, 14 Mar 2021 16:20:29 -0700 -Subject: [PATCH] pppd: Fix logical error in comparing valid encryption - policies (#262) - -RFC2548 describes the proper values of the MS-MPPE-Encryption-Policy attribute. -and it can only hold 2 values: 1 (encryption allowed) and 2 (encryption required). - -See - https://tools.ietf.org/html/rfc2548, section 2.4.4 - -The correct comparison should be made with an && and not a ||. - -This fixes github issue #218 - -Signed-off-by: Eivind Naess ---- - pppd/chap_ms.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c -index e6b84f2..df2dadd 100644 ---- a/pppd/chap_ms.c -+++ b/pppd/chap_ms.c -@@ -953,7 +953,7 @@ void - set_mppe_enc_types(int policy, int types) - { - /* Early exit for unknown policies. */ -- if (policy != MPPE_ENC_POL_ENC_ALLOWED || -+ if (policy != MPPE_ENC_POL_ENC_ALLOWED && - policy != MPPE_ENC_POL_ENC_REQUIRED) - return; - --- -2.34.1 - diff --git a/ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch b/ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch deleted file mode 100644 index 2b6f53e..0000000 --- a/ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d7e62a8499c4032d79e05afbd8fd3efd51c5b148 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Eivind=20N=C3=A6ss?= -Date: Thu, 3 Feb 2022 14:28:22 -0800 -Subject: [PATCH] pppd/eap: Fix bug causing incorrect response length (#334) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Need to update the esp->ea_client.ea_namelen variable. A plugin can override the -name of the user, and the variable is passed onto the eap_chap2_response generating -the wrong response length. - -Signed-off-by: Eivind Næss ---- - pppd/eap.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/pppd/eap.c b/pppd/eap.c -index 54c3d42..6cb595f 100644 ---- a/pppd/eap.c -+++ b/pppd/eap.c -@@ -2182,6 +2182,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len) - eap_send_nak(esp, id, EAPT_SRP); - break; - } -+ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name); - - /* Create the MSCHAPv2 response (and add to cache) */ - unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE --- -2.34.1 - diff --git a/ppp-2.5.0-use-change-resolv-function.patch b/ppp-2.5.0-use-change-resolv-function.patch new file mode 100644 index 0000000..30a07fe --- /dev/null +++ b/ppp-2.5.0-use-change-resolv-function.patch @@ -0,0 +1,51 @@ +diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add +index b93590e..8889cb6 100644 +--- a/scripts/ip-down.local.add ++++ b/scripts/ip-down.local.add +@@ -9,12 +9,13 @@ + # + # Nick Walker (nickwalker@email.com) + # ++. /etc/sysconfig/network-scripts/network-functions + + if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then + if [ -f /etc/ppp/resolv.prev ]; then +- cp -f /etc/ppp/resolv.prev /etc/resolv.conf ++ change_resolv_conf /etc/ppp/resolv.prev + else +- rm -f /etc/resolv.conf ++ change_resolv_conf + fi + fi + +diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add +index 8017209..5ced496 100644 +--- a/scripts/ip-up.local.add ++++ b/scripts/ip-up.local.add +@@ -9,16 +9,22 @@ + # + # Nick Walker (nickwalker@email.com) + # ++. /etc/sysconfig/network-scripts/network-functions + + if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then + rm -f /etc/ppp/resolv.prev + if [ -f /etc/resolv.conf ]; then + cp /etc/resolv.conf /etc/ppp/resolv.prev +- grep domain /etc/ppp/resolv.prev > /etc/resolv.conf +- grep search /etc/ppp/resolv.prev >> /etc/resolv.conf +- cat /etc/ppp/resolv.conf >> /etc/resolv.conf ++ rscf=/etc/ppp/resolv.new ++ grep domain /etc/ppp/resolv.prev > $rscf ++ grep search /etc/ppp/resolv.prev >> $rscf ++ if [ -f /etc/ppp/resolv.conf ]; then ++ cat /etc/ppp/resolv.conf >> $rscf ++ fi ++ change_resolv_conf $rscf ++ rm -f $rscf + else +- cp /etc/ppp/resolv.conf /etc ++ change_resolv_conf /etc/ppp/resolv.conf + fi + fi + diff --git a/ppp.spec b/ppp.spec index de8598c..a9d6d51 100644 --- a/ppp.spec +++ b/ppp.spec @@ -1,8 +1,8 @@ %global _hardened_build 1 Name: ppp -Version: 2.4.9 -Release: 9%{?dist} +Version: 2.5.0 +Release: 1%{?dist} Summary: The Point-to-Point Protocol daemon License: BSD and LGPLv2+ and GPLv2+ and Public Domain URL: http://www.samba.org/ppp @@ -22,34 +22,25 @@ Source11: ifdown-ppp Source12: ppp-watch.tar.xz # Fedora-specific -Patch0002: ppp-2.4.9-config.patch -Patch0004: 0004-doc-add-configuration-samples.patch -Patch0005: ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch -Patch0006: 0006-scritps-use-change_resolv_conf-function.patch -Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch -Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch -Patch0013: ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch -Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch -Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch -Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch -Patch0018: 0018-scritps-fix-ip-up.local-sample.patch -Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch -Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch -Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch -Patch0026: ppp-2.4.9-configure-cflags-allow-commas.patch -# https://github.com/ppp-project/ppp/commit/d7e62a8499c4032d79e05afbd8fd3efd51c5b148 -Patch0027: ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch -# https://github.com/ppp-project/ppp/commit/e609ed8bb62e4648568eaa49fbbc858dfda6d122 -Patch0028: ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch -# https://github.com/ppp-project/ppp/pull/267/commits/6bfe06b9428a60eb637d5450d65dd3932fe5a83f -Patch0029: ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch +Patch0: ppp-2.5.0-use-change-resolv-function.patch +BuildRequires: libtool +BuildRequires: autoconf +BuildRequires: automake BuildRequires: make BuildRequires: gcc -BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel +BuildRequires: pam-devel +BuildRequires: libpcap-devel +BuildRequires: systemd +BuildRequires: systemd-devel +BuildRequires: glib2-devel BuildRequires: openssl-devel +BuildRequires: linux-atm-libs-devel -Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd +Requires: glibc >= 2.0.6 +Requires: /etc/pam.d/system-auth +Requires: libpcap >= 14:0.8.3-6 +Requires: systemd Requires(pre): /usr/bin/getent Requires(pre): /usr/sbin/groupadd @@ -72,6 +63,7 @@ service. %package devel Summary: Headers for ppp plugin development Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconf-pkg-config %description devel This package contains the header files for building plugins for ppp. @@ -82,12 +74,14 @@ This package contains the header files for building plugins for ppp. tar -xJf %{SOURCE12} %build -%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing" -%{make_build} LDFLAGS="%{?build_ldflags} -pie" -%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags} -pie" +autoreconf -fi +export CFLAGS="%{build_cflags} -fno-strict-aliasing" +%configure --enable-systemd --enable-cbcp --with-pam +%make_build +%make_build -C ppp-watch LDFLAGS="%{?build_ldflags} -pie" %install -make INSTROOT=%{buildroot} install install-etcppp +%make_install find scripts -type f | xargs chmod a-x make ROOT=%{buildroot} -C ppp-watch install @@ -143,6 +137,7 @@ mkdir -p %{buildroot}%{_rundir}/ppp %{_sysconfdir}/ppp/ip-down.ipv6to4 %{_sysconfdir}/ppp/ipv6-up %{_sysconfdir}/ppp/ipv6-down +%{_sysconfdir}/ppp/openssl.cnf %{_mandir}/man8/chat.8* %{_mandir}/man8/pppd.8* %{_mandir}/man8/pppdump.8* @@ -171,8 +166,13 @@ mkdir -p %{buildroot}%{_rundir}/ppp %files devel %{_includedir}/pppd %doc PLUGINS +%{_libdir}/pkgconfig/pppd.pc %changelog +* Thu Apr 13 2023 Jaroslav Škarvada - 2.5.0-1 +- New version + Resolves: rhbz#2184291 + * Fri Jan 20 2023 Fedora Release Engineering - 2.4.9-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild diff --git a/sources b/sources index db4f244..010a7fe 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ +SHA512 (ppp-2.5.0.tar.gz) = cf62410a952053f9aa71c5179453831152e958fcad9e77df2ddac864e39aa71af0b746e54b91e8fa3ad6295d6d2b1bb736e36dc05521b495f573468679133324 SHA512 (ppp-watch.tar.xz) = aee10735facf918b9a1e33408c9f19d8240c2cd265837da87ac9f58e097eece6bbe1abcaf426e2f10369d1368f6e9e68d2e07d005a19857f17d6318708ec438a -SHA512 (ppp-2.4.9.tar.gz) = c309f8f69f534c05547cd2f66dade0e0f198ea4c2928a7e899e660280786b3e965437a67b8c5bb81c59d0fa1818b4eb7b701d2dce015a420d380422d2bca4e1a