* Wed Sep 29 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-12

- fixes #637513 - Missing: README.eap-tls - updated to latest eaptls upstream - fixes #637886 - EAP-TLS not working with enabled PPP Multilink Framing option
2010-10-05 15:44:04 +02:00 · 2010-10-05 15:44:04 +02:00 · 732177dcba
commit 732177dcba
parent b63b42ce35
2 changed files with 96 additions and 72 deletions
--- a/ppp-2.4.5-eaptls-mppe-0.99.patch
+++ b/ppp-2.4.5-eaptls-mppe-0.99.patch
@ -1,6 +1,6 @@
-diff -Naur ppp-2.4.5/README.eap-tls ppp-2.4.5-eaptls-mppe-0.98/README.eap-tls
+diff -Naur ppp-2.4.5/README.eap-tls ppp-2.4.5-eaptls-mppe-0.99/README.eap-tls
 --- ppp-2.4.5/README.eap-tls	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/README.eap-tls	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/README.eap-tls	2010-10-01 15:17:54.205272328 +0200
@@ -0,0 +1,169 @@
 +EAP-TLS authentication support for PPP
 +======================================
@ -171,9 +171,9 @@ diff -Naur ppp-2.4.5/README.eap-tls ppp-2.4.5-eaptls-mppe-0.98/README.eap-tls
 +   This is experimental code.
 +   Send suggestions and comments to Jan Just Keijser <janjust@nikhef.nl>
 +
-diff -Naur ppp-2.4.5/etc.ppp/eaptls-client ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/eaptls-client
+diff -Naur ppp-2.4.5/etc.ppp/eaptls-client ppp-2.4.5-eaptls-mppe-0.99/etc.ppp/eaptls-client
 --- ppp-2.4.5/etc.ppp/eaptls-client	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/eaptls-client	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/etc.ppp/eaptls-client	2010-10-01 15:17:54.205272328 +0200
@@ -0,0 +1,10 @@
 +# Parameters for authentication using EAP-TLS (client)
 +
@ -185,9 +185,9 @@ diff -Naur ppp-2.4.5/etc.ppp/eaptls-client ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/ea
 +# client private key file (required)
 +
 +#client	server	/root/cert/client.crt	-	/root/cert/ca.crt	/root/cert/client.key
-diff -Naur ppp-2.4.5/etc.ppp/eaptls-server ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/eaptls-server
+diff -Naur ppp-2.4.5/etc.ppp/eaptls-server ppp-2.4.5-eaptls-mppe-0.99/etc.ppp/eaptls-server
 --- ppp-2.4.5/etc.ppp/eaptls-server	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/eaptls-server	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/etc.ppp/eaptls-server	2010-10-01 15:17:54.205272328 +0200
@@ -0,0 +1,11 @@
 +# Parameters for authentication using EAP-TLS (server)
 +
@ -200,9 +200,9 @@ diff -Naur ppp-2.4.5/etc.ppp/eaptls-server ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/ea
 +# allowed addresses (required, can be *)
 +
 +#client	server	-	/root/cert/server.crt	/root/cert/ca.crt	/root/cert/server.key	192.168.1.0/24
-diff -Naur ppp-2.4.5/etc.ppp/openssl.cnf ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/openssl.cnf
+diff -Naur ppp-2.4.5/etc.ppp/openssl.cnf ppp-2.4.5-eaptls-mppe-0.99/etc.ppp/openssl.cnf
 --- ppp-2.4.5/etc.ppp/openssl.cnf	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/openssl.cnf	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/etc.ppp/openssl.cnf	2010-10-01 15:17:54.206272162 +0200
@@ -0,0 +1,14 @@
 +openssl_conf = openssl_def
 +
@ -218,9 +218,9 @@ diff -Naur ppp-2.4.5/etc.ppp/openssl.cnf ppp-2.4.5-eaptls-mppe-0.98/etc.ppp/open
 +MODULE_PATH = /usr/lib64/libeTPkcs11.so
 +init = 0
 +
-diff -Naur ppp-2.4.5/linux/Makefile.top ppp-2.4.5-eaptls-mppe-0.98/linux/Makefile.top
+diff -Naur ppp-2.4.5/linux/Makefile.top ppp-2.4.5-eaptls-mppe-0.99/linux/Makefile.top
 --- ppp-2.4.5/linux/Makefile.top	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/linux/Makefile.top	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/linux/Makefile.top	2010-10-01 15:17:54.206272162 +0200
@@ -26,7 +26,7 @@
 	cd pppdump; $(MAKE) $(MFLAGS) install
@ -241,27 +241,18 @@ diff -Naur ppp-2.4.5/linux/Makefile.top ppp-2.4.5-eaptls-mppe-0.98/linux/Makefil
 $(BINDIR):
 	$(INSTALL) -d -m 755 $@
-diff -Naur ppp-2.4.5/openssl.cnf ppp-2.4.5-eaptls-mppe-0.98/openssl.cnf
+diff -Naur ppp-2.4.5/pppd/Makefile.linux ppp-2.4.5-eaptls-mppe-0.99/pppd/Makefile.linux
 --- ppp-2.4.5/openssl.cnf	1970-01-01 01:00:00.000000000 +0100
 +++ ppp-2.4.5-eaptls-mppe-0.98/openssl.cnf	2010-02-09 10:58:38.000000000 +0100
@@ -0,0 +1,14 @@
 +openssl_conf = openssl_def
 +
 +[ openssl_def ]
 +engines = engine_section
 +
 +[ engine_section ]
 +pkcs11 = pkcs11_section
 +
 +[ pkcs11_section ]
 +engine_id = pkcs11
 +dynamic_path = /usr/lib64/openssl/engines/engine_pkcs11.so
 +MODULE_PATH = /usr/lib64/libeTPkcs11.so
 +init = 0
 +
 diff -Naur ppp-2.4.5/pppd/Makefile.linux ppp-2.4.5-eaptls-mppe-0.98/pppd/Makefile.linux
 --- ppp-2.4.5/pppd/Makefile.linux	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/Makefile.linux	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/Makefile.linux	2010-10-01 15:17:54.207272272 +0200
@@ -33,7 +33,7 @@
 # CC = gcc
 #
 COPTS = -O2 -pipe -Wall -g
 -LIBS =
 +LIBS = 
 # Uncomment the next 2 lines to include support for Microsoft's
 # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
@@ -73,6 +73,9 @@
 # Enable EAP SRP-SHA1 authentication (requires libsrp)
 #USE_SRP=y
@ -278,8 +269,8 @@ diff -Naur ppp-2.4.5/pppd/Makefile.linux ppp-2.4.5-eaptls-mppe-0.98/pppd/Makefil
 +# EAP-TLS
 +ifdef USE_EAPTLS
-+CFLAGS += -DUSE_EAPTLS=1
+CFLAGS += -DUSE_EAPTLS=1 -I/usr/kerberos/include
-+LIBS += -lssl -lcrypto
+LIBS += -lssl
 +PPPDSRC += eap-tls.c
 +HEADERS += eap-tls.h
 +PPPDOBJS += eap-tls.o
@ -288,9 +279,9 @@ diff -Naur ppp-2.4.5/pppd/Makefile.linux ppp-2.4.5-eaptls-mppe-0.98/pppd/Makefil
 ifdef HAS_SHADOW
 CFLAGS   += -DHAS_SHADOW
 #LIBS     += -lshadow $(LIBS)
-diff -Naur ppp-2.4.5/pppd/auth.c ppp-2.4.5-eaptls-mppe-0.98/pppd/auth.c
+diff -Naur ppp-2.4.5/pppd/auth.c ppp-2.4.5-eaptls-mppe-0.99/pppd/auth.c
 --- ppp-2.4.5/pppd/auth.c	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/auth.c	2010-02-09 10:58:55.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/auth.c	2010-10-01 15:17:54.210272021 +0200
@@ -109,6 +109,9 @@
 #include "upap.h"
 #include "chap-new.h"
@ -784,9 +775,9 @@ diff -Naur ppp-2.4.5/pppd/auth.c ppp-2.4.5-eaptls-mppe-0.98/pppd/auth.c
 +}
 +#endif
 +
-diff -Naur ppp-2.4.5/pppd/ccp.c ppp-2.4.5-eaptls-mppe-0.98/pppd/ccp.c
+diff -Naur ppp-2.4.5/pppd/ccp.c ppp-2.4.5-eaptls-mppe-0.99/pppd/ccp.c
 --- ppp-2.4.5/pppd/ccp.c	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/ccp.c	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/ccp.c	2010-10-01 15:17:54.211272258 +0200
@@ -540,6 +540,9 @@
     if (go->mppe) {
 	ccp_options *ao = &ccp_allowoptions[f->unit];
@ -822,9 +813,9 @@ diff -Naur ppp-2.4.5/pppd/ccp.c ppp-2.4.5-eaptls-mppe-0.98/pppd/ccp.c
 	    lcp_close(f->unit, "MPPE required but not available");
 	    return;
 	}
-diff -Naur ppp-2.4.5/pppd/chap-md5.c ppp-2.4.5-eaptls-mppe-0.98/pppd/chap-md5.c
+diff -Naur ppp-2.4.5/pppd/chap-md5.c ppp-2.4.5-eaptls-mppe-0.99/pppd/chap-md5.c
 --- ppp-2.4.5/pppd/chap-md5.c	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/chap-md5.c	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/chap-md5.c	2010-10-01 15:17:54.212272142 +0200
@@ -36,7 +36,11 @@
 #include "chap-new.h"
 #include "chap-md5.h"
@ -837,10 +828,10 @@ diff -Naur ppp-2.4.5/pppd/chap-md5.c ppp-2.4.5-eaptls-mppe-0.98/pppd/chap-md5.c
 #define MD5_HASH_SIZE		16
 #define MD5_MIN_CHALLENGE	16
-diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c
+diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.99/pppd/eap-tls.c
 --- ppp-2.4.5/pppd/eap-tls.c	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/eap-tls.c	2010-10-05 15:12:45.881615580 +0200
-@@ -0,0 +1,1146 @@
+@@ -0,0 +1,1174 @@
 +/*
 + * eap-tls.c - EAP-TLS implementation for PPP
 + *
@ -887,6 +878,8 @@ diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c
 +#include "pppd.h"
 +#include "eap.h"
 +#include "eap-tls.h"
 +#include "fsm.h"
 +#include "lcp.h"
 +#include "pathnames.h"
 +
 +/* The openssl configuration file and engines can be loaded only once */
@ -1388,6 +1381,28 @@ diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c
 +}
 +
 +/*
 + * Determine the maximum packet size by looking at the LCP handshake
 + */
 +
 +int eaptls_get_mtu(int unit)
 +{
 +	int mtu, mru;
 +
 +	lcp_options *wo = &lcp_wantoptions[unit];
 +	lcp_options *go = &lcp_gotoptions[unit];
 +	lcp_options *ho = &lcp_hisoptions[unit];
 +	lcp_options *ao = &lcp_allowoptions[unit];
 +
 +	mtu = ho->neg_mru? ho->mru: PPP_MRU;
 +	mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU;
 +    mtu = MIN(MIN(mtu, mru), ao->mru)- PPP_HDRLEN - 10;
 +
 +	dbglog("MTU = %d", mtu);
 + 	return mtu;
 +}
 +
 +
 +/*
 + * Init the ssl handshake (server mode)
 + */
 +int eaptls_init_ssl_server(eap_state * esp)
@ -1416,11 +1431,12 @@ diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c
 +	if (!get_eaptls_secret(esp->es_unit, esp->es_server.ea_peer,
 +			       esp->es_server.ea_name, clicertfile,
 +			       servcertfile, cacertfile, pkfile, 1)) {
-+		error( "EAP-TLS: Cannot get secret/password" );
+		error( "EAP-TLS: Cannot get secret/password for client \"%s\", server \"%s\"",
 +				esp->es_server.ea_peer, esp->es_server.ea_name );
 +		return 0;
 +	}
 +
-+	ets->mtu = netif_get_mtu(esp->es_unit) - PPP_HDRLEN - 10;
+	ets->mtu = eaptls_get_mtu(esp->es_unit);
 +
 +	ets->ctx = eaptls_init_ssl(1, cacertfile, servcertfile, clicertfile, pkfile);
 +	if (!ets->ctx)
@ -1501,13 +1517,14 @@ diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c
 +	else
 +		ets->peer[0] = 0;
 +	
-+	ets->mtu = netif_get_mtu(esp->es_unit) - PPP_HDRLEN - 10;
+	ets->mtu = eaptls_get_mtu(esp->es_unit);
 +
 +	dbglog( "calling get_eaptls_secret" );
 +	if (!get_eaptls_secret(esp->es_unit, esp->es_client.ea_name,
 +			       esp->es_client.ea_peer, clicertfile,
 +			       servcertfile, cacertfile, pkfile, 0)) {
-+		error( "EAP-TLS: Cannot get secret/password" );
+		error( "EAP-TLS: Cannot get secret/password for client \"%s\", server \"%s\"",
 +				esp->es_client.ea_name, esp->es_client.ea_peer );
 +		return 0;
 +	}
 +
@ -1524,6 +1541,7 @@ diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c
 +	/*
 +	 * Initialize the BIOs we use to read/write to ssl engine 
 +	 */
 +	dbglog( "Initializing SSL BIOs" );
 +	ets->into_ssl = BIO_new(BIO_s_mem());
 +	ets->from_ssl = BIO_new(BIO_s_mem());
 +	SSL_set_bio(ets->ssl, ets->into_ssl, ets->from_ssl);
@ -1557,6 +1575,7 @@ diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c
 +	return 1;
 +
 +fail:
 +	dbglog( "eaptls_init_ssl_client: fail" );
 +	SSL_CTX_free(ets->ctx);
 +	return 0;
 +
@ -1987,9 +2006,9 @@ diff -Naur ppp-2.4.5/pppd/eap-tls.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.c
 +		dbglog("%s", string);
 +}
 +
-diff -Naur ppp-2.4.5/pppd/eap-tls.h ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.h
+diff -Naur ppp-2.4.5/pppd/eap-tls.h ppp-2.4.5-eaptls-mppe-0.99/pppd/eap-tls.h
 --- ppp-2.4.5/pppd/eap-tls.h	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.h	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/eap-tls.h	2010-10-01 15:17:54.213271816 +0200
@@ -0,0 +1,107 @@
 +/*
 + * eap-tls.h
@ -2098,9 +2117,9 @@ diff -Naur ppp-2.4.5/pppd/eap-tls.h ppp-2.4.5-eaptls-mppe-0.98/pppd/eap-tls.h
 +#endif
 +
 +#endif
-diff -Naur ppp-2.4.5/pppd/eap.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap.c
+diff -Naur ppp-2.4.5/pppd/eap.c ppp-2.4.5-eaptls-mppe-0.99/pppd/eap.c
 --- ppp-2.4.5/pppd/eap.c	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/eap.c	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/eap.c	2010-01-29 16:31:29.000000000 +0100
@@ -43,6 +43,11 @@
  * Based on draft-ietf-pppext-eap-srp-03.txt.
  */
@ -2692,9 +2711,9 @@ diff -Naur ppp-2.4.5/pppd/eap.c ppp-2.4.5-eaptls-mppe-0.98/pppd/eap.c
 	return (inp - pstart);
 }
 +
-diff -Naur ppp-2.4.5/pppd/eap.h ppp-2.4.5-eaptls-mppe-0.98/pppd/eap.h
+diff -Naur ppp-2.4.5/pppd/eap.h ppp-2.4.5-eaptls-mppe-0.99/pppd/eap.h
 --- ppp-2.4.5/pppd/eap.h	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/eap.h	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/eap.h	2010-10-01 15:17:54.214270927 +0200
@@ -84,6 +84,16 @@
 	eapClosed,	/* Authentication not in use */
 	eapListen,	/* Client ready (and timer running) */
@ -2763,9 +2782,9 @@ diff -Naur ppp-2.4.5/pppd/eap.h ppp-2.4.5-eaptls-mppe-0.98/pppd/eap.h
 #define	EAP_DEFREQTIME		20	/* Time to wait for peer request */
 #define	EAP_DEFALLOWREQ		20	/* max # times to accept requests */
-diff -Naur ppp-2.4.5/pppd/md5.c ppp-2.4.5-eaptls-mppe-0.98/pppd/md5.c
+diff -Naur ppp-2.4.5/pppd/md5.c ppp-2.4.5-eaptls-mppe-0.99/pppd/md5.c
 --- ppp-2.4.5/pppd/md5.c	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/md5.c	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/md5.c	2010-10-01 15:17:54.214270927 +0200
@@ -33,6 +33,8 @@
  ***********************************************************************
  */
@ -2781,9 +2800,9 @@ diff -Naur ppp-2.4.5/pppd/md5.c ppp-2.4.5-eaptls-mppe-0.98/pppd/md5.c
  */
 +#endif /* USE_EAPTLS */
 +
-diff -Naur ppp-2.4.5/pppd/md5.h ppp-2.4.5-eaptls-mppe-0.98/pppd/md5.h
+diff -Naur ppp-2.4.5/pppd/md5.h ppp-2.4.5-eaptls-mppe-0.99/pppd/md5.h
 --- ppp-2.4.5/pppd/md5.h	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/md5.h	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/md5.h	2010-10-01 15:17:54.215271014 +0200
@@ -36,6 +36,7 @@
  ** documentation and/or software.                                    **
  ***********************************************************************
@ -2798,9 +2817,9 @@ diff -Naur ppp-2.4.5/pppd/md5.h ppp-2.4.5-eaptls-mppe-0.98/pppd/md5.h
 #endif /* __MD5_INCLUDE__ */
 +
 +#endif /* USE_EAPTLS */
-diff -Naur ppp-2.4.5/pppd/options.c ppp-2.4.5-eaptls-mppe-0.98/pppd/options.c
+diff -Naur ppp-2.4.5/pppd/options.c ppp-2.4.5-eaptls-mppe-0.99/pppd/options.c
 --- ppp-2.4.5/pppd/options.c	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/options.c	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/options.c	2010-10-01 15:17:54.215271014 +0200
@@ -119,6 +119,10 @@
 bool	dryrun;			/* print out option values and exit */
 char	*domain;		/* domain name set by domain option */
@ -2825,9 +2844,9 @@ diff -Naur ppp-2.4.5/pppd/options.c ppp-2.4.5-eaptls-mppe-0.98/pppd/options.c
     { NULL }
 };
-diff -Naur ppp-2.4.5/pppd/pathnames.h ppp-2.4.5-eaptls-mppe-0.98/pppd/pathnames.h
+diff -Naur ppp-2.4.5/pppd/pathnames.h ppp-2.4.5-eaptls-mppe-0.99/pppd/pathnames.h
 --- ppp-2.4.5/pppd/pathnames.h	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/pathnames.h	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/pathnames.h	2010-10-01 15:17:54.215271014 +0200
@@ -21,6 +21,13 @@
 #define _PATH_UPAPFILE 	 _ROOT_PATH "/etc/ppp/pap-secrets"
 #define _PATH_CHAPFILE 	 _ROOT_PATH "/etc/ppp/chap-secrets"
@ -2842,9 +2861,9 @@ diff -Naur ppp-2.4.5/pppd/pathnames.h ppp-2.4.5-eaptls-mppe-0.98/pppd/pathnames.
 #define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
 #define _PATH_IPUP	 _ROOT_PATH "/etc/ppp/ip-up"
 #define _PATH_IPDOWN	 _ROOT_PATH "/etc/ppp/ip-down"
-diff -Naur ppp-2.4.5/pppd/plugins/Makefile.linux ppp-2.4.5-eaptls-mppe-0.98/pppd/plugins/Makefile.linux
+diff -Naur ppp-2.4.5/pppd/plugins/Makefile.linux ppp-2.4.5-eaptls-mppe-0.99/pppd/plugins/Makefile.linux
 --- ppp-2.4.5/pppd/plugins/Makefile.linux	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/plugins/Makefile.linux	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/plugins/Makefile.linux	2010-10-01 15:17:54.215271014 +0200
@@ -4,6 +4,9 @@
 LDFLAGS	= -shared
 INSTALL	= install
@ -2855,9 +2874,9 @@ diff -Naur ppp-2.4.5/pppd/plugins/Makefile.linux ppp-2.4.5-eaptls-mppe-0.98/pppd
 DESTDIR = $(INSTROOT)@DESTDIR@
 BINDIR = $(DESTDIR)/sbin
 MANDIR = $(DESTDIR)/share/man/man8
-diff -Naur ppp-2.4.5/pppd/plugins/passprompt.c ppp-2.4.5-eaptls-mppe-0.98/pppd/plugins/passprompt.c
+diff -Naur ppp-2.4.5/pppd/plugins/passprompt.c ppp-2.4.5-eaptls-mppe-0.99/pppd/plugins/passprompt.c
 --- ppp-2.4.5/pppd/plugins/passprompt.c	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/plugins/passprompt.c	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/plugins/passprompt.c	2010-10-01 15:17:54.215271014 +0200
@@ -107,4 +107,7 @@
 {
     add_options(options);
@ -2866,9 +2885,9 @@ diff -Naur ppp-2.4.5/pppd/plugins/passprompt.c ppp-2.4.5-eaptls-mppe-0.98/pppd/p
 +    eaptls_passwd_hook = promptpass;
 +#endif
 }
-diff -Naur ppp-2.4.5/pppd/plugins/passwordfd.c ppp-2.4.5-eaptls-mppe-0.98/pppd/plugins/passwordfd.c
+diff -Naur ppp-2.4.5/pppd/plugins/passwordfd.c ppp-2.4.5-eaptls-mppe-0.99/pppd/plugins/passwordfd.c
 --- ppp-2.4.5/pppd/plugins/passwordfd.c	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/plugins/passwordfd.c	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/plugins/passwordfd.c	2010-10-01 15:17:54.216270820 +0200
@@ -79,4 +79,9 @@
     chap_check_hook = pwfd_check;
@ -2879,9 +2898,9 @@ diff -Naur ppp-2.4.5/pppd/plugins/passwordfd.c ppp-2.4.5-eaptls-mppe-0.98/pppd/p
 +    eaptls_passwd_hook = pwfd_passwd;
 +#endif
 }
-diff -Naur ppp-2.4.5/pppd/pppd.h ppp-2.4.5-eaptls-mppe-0.98/pppd/pppd.h
+diff -Naur ppp-2.4.5/pppd/pppd.h ppp-2.4.5-eaptls-mppe-0.99/pppd/pppd.h
 --- ppp-2.4.5/pppd/pppd.h	2009-11-16 23:26:07.000000000 +0100
-+++ ppp-2.4.5-eaptls-mppe-0.98/pppd/pppd.h	2010-02-09 10:58:38.000000000 +0100
+++ ppp-2.4.5-eaptls-mppe-0.99/pppd/pppd.h	2010-10-01 15:17:54.216270820 +0200
@@ -320,6 +320,10 @@
 extern bool	dryrun;		/* check everything, print options, exit */
 extern int	child_wait;	/* # seconds to wait for children at end */
--- a/ppp.spec
+++ b/ppp.spec
@ -1,7 +1,7 @@
 Summary: The Point-to-Point Protocol daemon
 Name: ppp
 Version: 2.4.5
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: BSD and LGPLv2+ and GPLv2+ and Public Domain
 Group: System Environment/Daemons
 URL: http://www.samba.org/ppp
@ -26,7 +26,7 @@ Patch23: ppp-2.4.2-dontwriteetc.patch
 Patch24: ppp-2.4.4-fd_leak.patch
 Patch25: ppp-2.4.5-var_run_ppp.patch
 Patch26: ppp-2.4.5-manpg.patch
-Patch27: ppp-2.4.5-eaptls-mppe-0.98.patch
+Patch27: ppp-2.4.5-eaptls-mppe-0.99.patch
 Patch28: ppp-2.4.5-ppp_resolv.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -133,7 +133,7 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) /etc/ppp/pap-secrets
 %config(noreplace) /etc/pam.d/ppp
 %config(noreplace) /etc/logrotate.d/ppp
-%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample
+%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
 %files devel
 %defattr(-,root,root)
@ -141,6 +141,11 @@ rm -rf $RPM_BUILD_ROOT
 %doc PLUGINS
 %changelog
 * Wed Sep 29 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-12
 - fixes #637513 - Missing: README.eap-tls
 - updated to latest eaptls upstream
 - fixes #637886 - EAP-TLS not working with enabled PPP Multilink Framing option
 * Thu Aug 05 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-11
 - fixes #617625 - FTBFS in ppp due to change in kernel-headers
 - fixes pppol2tp Makefile