Compare commits

...

15 Commits
f22 ... master

Author SHA1 Message Date
Jaroslav Škarvada
8870b357ca Link with -E not to break plugins
Resolves: rhbz#1564459
2018-04-09 14:49:53 +02:00
Jaroslav Škarvada
cf1e6c7c6b Also build all DSOs with distro's LDFLAGS
Related: rhbz#1563157
2018-04-06 14:09:44 +02:00
Jaroslav Škarvada
5da2a6a5b0 Build with distro's LDFLAGS
Resolves: rhbz#1563157
2018-04-04 11:33:41 +02:00
Jaroslav Škarvada
5a9cdf3bbf Used openssl for the DES instead of the libcrypt / glibc
Resolves: rhbz#1556132
2018-03-27 17:02:14 +02:00
Igor Gnatenko
93aa42b0f6
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:05:33 +01:00
Fedora Release Engineering
b2dc3349ef - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-09 05:42:31 +00:00
Björn Esser
ed2a4706b1
Rebuilt for switch to libxcrypt 2018-01-20 23:07:37 +01:00
Jaroslav Škarvada
ebcb6e8d2d EAP-TLS patch updated to version 0.999
Switched to openssl-1.1
2017-08-21 22:00:47 +02:00
Fedora Release Engineering
f3e51c8301 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 06:20:11 +00:00
Fedora Release Engineering
3adcba02c6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 09:00:20 +00:00
Fedora Release Engineering
2249e5df0c - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 07:49:04 +00:00
Lubomir Rintel
edc4b10fc6 Actually fix the FTBFS
Fix to OpenSSL older than 1.1, until a patch [1] is applied.
[1] https://people.freedesktop.org/~lkundrak/%5bPATCH%5d_eap-tls:_port_to_OpenSSL_1.1.0.mbox
2017-02-04 15:32:20 +01:00
Lubomir Rintel
d314a19341 Fix FTBFS 2016-12-10 20:08:15 +01:00
Fedora Release Engineering
8b7f7266b3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 18:25:57 +00:00
Dennis Gilmore
a9b6c4d167 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 17:46:29 +00:00
6 changed files with 586 additions and 245 deletions

View File

@ -1,44 +1,6 @@
From 7887b3d84468e1ebfbe5adc373f0816eda2b995a Mon Sep 17 00:00:00 2001 diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls
From: Michal Sekletar <msekleta@redhat.com> --- ppp-2.4.7/README.eap-tls 1970-01-01 01:00:00.000000000 +0100
Date: Fri, 20 Jun 2014 10:31:43 +0200 +++ ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls 2017-05-09 14:38:55.129084488 +0200
Subject: [PATCH 27/27] pppd: EAP-TLS patch v0.997
See: http://www.nikhef.nl/~janjust/ppp/download.html
---
README.eap-tls | 280 ++++++++++
etc.ppp/eaptls-client | 10 +
etc.ppp/eaptls-server | 11 +
etc.ppp/openssl.cnf | 14 +
linux/Makefile.top | 6 +-
pppd/Makefile.linux | 12 +
pppd/auth.c | 413 ++++++++++++++-
pppd/ccp.c | 20 +-
pppd/chap-md5.c | 4 +
pppd/eap-tls.c | 1212 +++++++++++++++++++++++++++++++++++++++++++
pppd/eap-tls.h | 107 ++++
pppd/eap.c | 449 +++++++++++++++-
pppd/eap.h | 32 +-
pppd/md5.c | 4 +
pppd/md5.h | 3 +
pppd/pathnames.h | 7 +
pppd/plugins/Makefile.linux | 3 +
pppd/plugins/passprompt.c | 3 +
pppd/plugins/passwordfd.c | 4 +
pppd/pppd.8 | 33 ++
pppd/pppd.h | 9 +
21 files changed, 2629 insertions(+), 7 deletions(-)
create mode 100644 README.eap-tls
create mode 100644 etc.ppp/eaptls-client
create mode 100644 etc.ppp/eaptls-server
create mode 100644 etc.ppp/openssl.cnf
create mode 100644 pppd/eap-tls.c
create mode 100644 pppd/eap-tls.h
diff --git a/README.eap-tls b/README.eap-tls
new file mode 100644
index 0000000..037be0a
--- /dev/null
+++ b/README.eap-tls
@@ -0,0 +1,280 @@ @@ -0,0 +1,280 @@
+EAP-TLS authentication support for PPP +EAP-TLS authentication support for PPP
+====================================== +======================================
@ -320,11 +282,9 @@ index 0000000..037be0a
+ - change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET + - change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET
+ - fix bug in initialisation code with fragmented packets. + - fix bug in initialisation code with fragmented packets.
+ +
diff --git a/etc.ppp/eaptls-client b/etc.ppp/eaptls-client diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-client
new file mode 100644 --- ppp-2.4.7/etc.ppp/eaptls-client 1970-01-01 01:00:00.000000000 +0100
index 0000000..7782f0e +++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-client 2017-05-09 14:38:55.129084488 +0200
--- /dev/null
+++ b/etc.ppp/eaptls-client
@@ -0,0 +1,10 @@ @@ -0,0 +1,10 @@
+# Parameters for authentication using EAP-TLS (client) +# Parameters for authentication using EAP-TLS (client)
+ +
@ -336,11 +296,9 @@ index 0000000..7782f0e
+# client private key file (required) +# client private key file (required)
+ +
+#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key +#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key
diff --git a/etc.ppp/eaptls-server b/etc.ppp/eaptls-server diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-server
new file mode 100644 --- ppp-2.4.7/etc.ppp/eaptls-server 1970-01-01 01:00:00.000000000 +0100
index 0000000..fa53cbd +++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-server 2017-05-09 14:38:55.137084099 +0200
--- /dev/null
+++ b/etc.ppp/eaptls-server
@@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
+# Parameters for authentication using EAP-TLS (server) +# Parameters for authentication using EAP-TLS (server)
+ +
@ -353,11 +311,9 @@ index 0000000..fa53cbd
+# allowed addresses (required, can be *) +# allowed addresses (required, can be *)
+ +
+#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24 +#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24
diff --git a/etc.ppp/openssl.cnf b/etc.ppp/openssl.cnf diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/openssl.cnf
new file mode 100644 --- ppp-2.4.7/etc.ppp/openssl.cnf 1970-01-01 01:00:00.000000000 +0100
index 0000000..dd32f30 +++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/openssl.cnf 2017-05-09 14:38:55.137084099 +0200
--- /dev/null
+++ b/etc.ppp/openssl.cnf
@@ -0,0 +1,14 @@ @@ -0,0 +1,14 @@
+openssl_conf = openssl_def +openssl_conf = openssl_def
+ +
@ -373,11 +329,10 @@ index 0000000..dd32f30
+MODULE_PATH = /usr/lib64/libeTPkcs11.so +MODULE_PATH = /usr/lib64/libeTPkcs11.so
+init = 0 +init = 0
+ +
diff --git a/linux/Makefile.top b/linux/Makefile.top diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefile.top
index f42efd5..9a8945a 100644 --- ppp-2.4.7/linux/Makefile.top 2014-08-09 14:31:39.000000000 +0200
--- a/linux/Makefile.top +++ ppp-2.4.7-eaptls-mppe-0.999/linux/Makefile.top 2017-05-09 14:38:55.138084052 +0200
+++ b/linux/Makefile.top @@ -26,7 +26,7 @@
@@ -28,7 +28,7 @@ install-progs:
cd pppdump; $(MAKE) $(MFLAGS) install cd pppdump; $(MAKE) $(MFLAGS) install
install-etcppp: $(ETCDIR) $(ETCDIR)/options $(ETCDIR)/pap-secrets \ install-etcppp: $(ETCDIR) $(ETCDIR)/options $(ETCDIR)/pap-secrets \
@ -386,7 +341,7 @@ index f42efd5..9a8945a 100644
install-devel: install-devel:
cd pppd; $(MAKE) $(MFLAGS) install-devel cd pppd; $(MAKE) $(MFLAGS) install-devel
@@ -39,6 +39,10 @@ $(ETCDIR)/pap-secrets: @@ -37,6 +37,10 @@
$(INSTALL) -c -m 600 etc.ppp/pap-secrets $@ $(INSTALL) -c -m 600 etc.ppp/pap-secrets $@
$(ETCDIR)/chap-secrets: $(ETCDIR)/chap-secrets:
$(INSTALL) -c -m 600 etc.ppp/chap-secrets $@ $(INSTALL) -c -m 600 etc.ppp/chap-secrets $@
@ -397,11 +352,10 @@ index f42efd5..9a8945a 100644
$(BINDIR): $(BINDIR):
$(INSTALL) -d -m 755 $@ $(INSTALL) -d -m 755 $@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefile.linux
index 943cf83..534ccc2 100644 --- ppp-2.4.7/pppd/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/Makefile.linux +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefile.linux 2017-05-09 14:38:55.138084052 +0200
+++ b/pppd/Makefile.linux @@ -76,6 +76,9 @@
@@ -79,6 +79,9 @@ CBCP=y
# Use libutil # Use libutil
USE_LIBUTIL=y USE_LIBUTIL=y
@ -411,7 +365,7 @@ index 943cf83..534ccc2 100644
MAXOCTETS=y MAXOCTETS=y
INCLUDE_DIRS= -I../include INCLUDE_DIRS= -I../include
@@ -118,6 +121,15 @@ HEADERS += sha1.h @@ -115,6 +118,15 @@
PPPDOBJS += sha1.o PPPDOBJS += sha1.o
endif endif
@ -427,10 +381,9 @@ index 943cf83..534ccc2 100644
ifdef HAS_SHADOW ifdef HAS_SHADOW
CFLAGS += -DHAS_SHADOW CFLAGS += -DHAS_SHADOW
#LIBS += -lshadow $(LIBS) #LIBS += -lshadow $(LIBS)
diff --git a/pppd/auth.c b/pppd/auth.c diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
index 9e957fa..656ffe9 100644 --- ppp-2.4.7/pppd/auth.c 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/auth.c +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c 2017-05-09 14:38:55.139084004 +0200
+++ b/pppd/auth.c
@@ -109,6 +109,9 @@ @@ -109,6 +109,9 @@
#include "upap.h" #include "upap.h"
#include "chap-new.h" #include "chap-new.h"
@ -441,7 +394,7 @@ index 9e957fa..656ffe9 100644
#ifdef CBCP_SUPPORT #ifdef CBCP_SUPPORT
#include "cbcp.h" #include "cbcp.h"
#endif #endif
@@ -183,6 +186,11 @@ int (*chap_check_hook) __P((void)) = NULL; @@ -183,6 +186,11 @@
/* Hook for a plugin to get the CHAP password for authenticating us */ /* Hook for a plugin to get the CHAP password for authenticating us */
int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL; int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL;
@ -453,7 +406,7 @@ index 9e957fa..656ffe9 100644
/* Hook for a plugin to say whether it is OK if the peer /* Hook for a plugin to say whether it is OK if the peer
refuses to authenticate. */ refuses to authenticate. */
int (*null_auth_hook) __P((struct wordlist **paddrs, int (*null_auth_hook) __P((struct wordlist **paddrs,
@@ -238,6 +246,14 @@ bool explicit_remote = 0; /* User specified explicit remote name */ @@ -238,6 +246,14 @@
bool explicit_user = 0; /* Set if "user" option supplied */ bool explicit_user = 0; /* Set if "user" option supplied */
bool explicit_passwd = 0; /* Set if "password" option supplied */ bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
@ -468,7 +421,7 @@ index 9e957fa..656ffe9 100644
static char *uafname; /* name of most recent +ua file */ static char *uafname; /* name of most recent +ua file */
@@ -254,6 +270,19 @@ static int have_pap_secret __P((int *)); @@ -254,6 +270,19 @@
static int have_chap_secret __P((char *, char *, int, int *)); static int have_chap_secret __P((char *, char *, int, int *));
static int have_srp_secret __P((char *client, char *server, int need_ip, static int have_srp_secret __P((char *client, char *server, int need_ip,
int *lacks_ipp)); int *lacks_ipp));
@ -488,7 +441,7 @@ index 9e957fa..656ffe9 100644
static int ip_addr_check __P((u_int32_t, struct permitted_ip *)); static int ip_addr_check __P((u_int32_t, struct permitted_ip *));
static int scan_authfile __P((FILE *, char *, char *, char *, static int scan_authfile __P((FILE *, char *, char *, char *,
struct wordlist **, struct wordlist **, struct wordlist **, struct wordlist **,
@@ -401,6 +430,15 @@ option_t auth_options[] = { @@ -401,6 +430,15 @@
"Set telephone number(s) which are allowed to connect", "Set telephone number(s) which are allowed to connect",
OPT_PRIV | OPT_A2LIST }, OPT_PRIV | OPT_A2LIST },
@ -504,7 +457,7 @@ index 9e957fa..656ffe9 100644
{ NULL } { NULL }
}; };
@@ -730,6 +768,9 @@ link_established(unit) @@ -730,6 +768,9 @@
lcp_options *wo = &lcp_wantoptions[unit]; lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit]; lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit]; lcp_options *ho = &lcp_hisoptions[unit];
@ -514,7 +467,7 @@ index 9e957fa..656ffe9 100644
int i; int i;
struct protent *protp; struct protent *protp;
@@ -764,6 +805,22 @@ link_established(unit) @@ -764,6 +805,22 @@
} }
} }
@ -537,7 +490,7 @@ index 9e957fa..656ffe9 100644
new_phase(PHASE_AUTHENTICATE); new_phase(PHASE_AUTHENTICATE);
auth = 0; auth = 0;
if (go->neg_eap) { if (go->neg_eap) {
@@ -1277,6 +1334,15 @@ auth_check_options() @@ -1277,6 +1334,15 @@
our_name, 1, &lacks_ip); our_name, 1, &lacks_ip);
} }
@ -553,7 +506,7 @@ index 9e957fa..656ffe9 100644
if (auth_required && !can_auth && noauth_addrs == NULL) { if (auth_required && !can_auth && noauth_addrs == NULL) {
if (default_auth) { if (default_auth) {
option_error( option_error(
@@ -1331,7 +1397,11 @@ auth_reset(unit) @@ -1331,7 +1397,11 @@
passwd[0] != 0 || passwd[0] != 0 ||
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user, (hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) || (explicit_remote? remote_name: NULL), 0, NULL))) ||
@ -566,7 +519,7 @@ index 9e957fa..656ffe9 100644
hadchap = -1; hadchap = -1;
if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) if (go->neg_upap && !uselogin && !have_pap_secret(NULL))
@@ -1346,8 +1416,14 @@ auth_reset(unit) @@ -1346,8 +1416,14 @@
!have_chap_secret((explicit_remote? remote_name: NULL), our_name, !have_chap_secret((explicit_remote? remote_name: NULL), our_name,
1, NULL))) && 1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, !have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
@ -582,7 +535,7 @@ index 9e957fa..656ffe9 100644
} }
@@ -1707,6 +1783,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp) @@ -1707,6 +1783,7 @@
} }
@ -590,7 +543,7 @@ index 9e957fa..656ffe9 100644
/* /*
* get_secret - open the CHAP secret file and return the secret * get_secret - open the CHAP secret file and return the secret
* for authenticating the given client on the given server. * for authenticating the given client on the given server.
@@ -2359,3 +2436,335 @@ auth_script(script) @@ -2359,3 +2436,335 @@
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0); auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
} }
@ -926,11 +879,10 @@ index 9e957fa..656ffe9 100644
+} +}
+#endif +#endif
+ +
diff --git a/pppd/ccp.c b/pppd/ccp.c diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c
index 5814f35..7dead23 100644 --- ppp-2.4.7/pppd/ccp.c 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/ccp.c +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c 2017-05-09 14:38:55.148083482 +0200
+++ b/pppd/ccp.c @@ -540,6 +540,9 @@
@@ -540,6 +540,9 @@ ccp_resetci(f)
if (go->mppe) { if (go->mppe) {
ccp_options *ao = &ccp_allowoptions[f->unit]; ccp_options *ao = &ccp_allowoptions[f->unit];
int auth_mschap_bits = auth_done[f->unit]; int auth_mschap_bits = auth_done[f->unit];
@ -940,7 +892,7 @@ index 5814f35..7dead23 100644
int numbits; int numbits;
/* /*
@@ -567,8 +570,23 @@ ccp_resetci(f) @@ -567,8 +570,23 @@
lcp_close(f->unit, "MPPE required but not available"); lcp_close(f->unit, "MPPE required but not available");
return; return;
} }
@ -965,10 +917,9 @@ index 5814f35..7dead23 100644
lcp_close(f->unit, "MPPE required but not available"); lcp_close(f->unit, "MPPE required but not available");
return; return;
} }
diff --git a/pppd/chap-md5.c b/pppd/chap-md5.c diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c
index 77dd4ec..269b52c 100644 --- ppp-2.4.7/pppd/chap-md5.c 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/chap-md5.c +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c 2017-05-09 14:38:55.148083482 +0200
+++ b/pppd/chap-md5.c
@@ -36,7 +36,11 @@ @@ -36,7 +36,11 @@
#include "chap-new.h" #include "chap-new.h"
#include "chap-md5.h" #include "chap-md5.h"
@ -981,12 +932,10 @@ index 77dd4ec..269b52c 100644
#define MD5_HASH_SIZE 16 #define MD5_HASH_SIZE 16
#define MD5_MIN_CHALLENGE 16 #define MD5_MIN_CHALLENGE 16
diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
new file mode 100644 --- ppp-2.4.7/pppd/eap-tls.c 1970-01-01 01:00:00.000000000 +0100
index 0000000..edcb0cb +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c 2017-05-11 10:43:00.345739124 +0200
--- /dev/null @@ -0,0 +1,1308 @@
+++ b/pppd/eap-tls.c
@@ -0,0 +1,1212 @@
+/* +/*
+ * eap-tls.c - EAP-TLS implementation for PPP + * eap-tls.c - EAP-TLS implementation for PPP
+ * + *
@ -1044,6 +993,72 @@ index 0000000..edcb0cb
+ +
+#ifdef MPPE +#ifdef MPPE
+ +
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+/*
+ * https://wiki.openssl.org/index.php/1.1_API_Changes
+ * tries to provide some guidance but ultimately falls short.
+ */
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ if (ctx != NULL) {
+ HMAC_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+ if (ctx != NULL)
+ HMAC_CTX_init(ctx);
+ return ctx;
+}
+
+/*
+ * These were basically jacked directly from the OpenSSL tree
+ * without adjustments.
+ */
+
+static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+ size_t outlen)
+{
+ if (outlen == 0)
+ return sizeof(ssl->s3->client_random);
+ if (outlen > sizeof(ssl->s3->client_random))
+ outlen = sizeof(ssl->s3->client_random);
+ memcpy(out, ssl->s3->client_random, outlen);
+ return outlen;
+}
+
+static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+ size_t outlen)
+{
+ if (outlen == 0)
+ return sizeof(ssl->s3->server_random);
+ if (outlen > sizeof(ssl->s3->server_random))
+ outlen = sizeof(ssl->s3->server_random);
+ memcpy(out, ssl->s3->server_random, outlen);
+ return outlen;
+}
+
+static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+ unsigned char *out, size_t outlen)
+{
+ if (outlen == 0)
+ return session->master_key_length;
+ if (outlen > session->master_key_length)
+ outlen = session->master_key_length;
+ memcpy(out, session->master_key, outlen);
+ return outlen;
+}
+
+/* Avoid a deprecated warning in OpenSSL 1.1 whilst still allowing to build against 1.0.x */
+#define TLS_method TLSv1_method
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+/* +/*
+ * TLS PRF from RFC 2246 + * TLS PRF from RFC 2246
+ */ + */
@ -1052,47 +1067,47 @@ index 0000000..edcb0cb
+ const unsigned char *seed, unsigned int seed_len, + const unsigned char *seed, unsigned int seed_len,
+ unsigned char *out, unsigned int out_len) + unsigned char *out, unsigned int out_len)
+{ +{
+ HMAC_CTX ctx_a, ctx_out; + HMAC_CTX *ctx_a, *ctx_out;
+ unsigned char a[HMAC_MAX_MD_CBLOCK]; + unsigned char a[HMAC_MAX_MD_CBLOCK];
+ unsigned int size; + unsigned int size;
+ +
+ HMAC_CTX_init(&ctx_a); + ctx_a = HMAC_CTX_new();
+ HMAC_CTX_init(&ctx_out); + ctx_out = HMAC_CTX_new();
+ HMAC_Init_ex(&ctx_a, secret, secret_len, evp_md, NULL); + HMAC_Init_ex(ctx_a, secret, secret_len, evp_md, NULL);
+ HMAC_Init_ex(&ctx_out, secret, secret_len, evp_md, NULL); + HMAC_Init_ex(ctx_out, secret, secret_len, evp_md, NULL);
+ +
+ size = HMAC_size(&ctx_out); + size = HMAC_size(ctx_out);
+ +
+ /* Calculate A(1) */ + /* Calculate A(1) */
+ HMAC_Update(&ctx_a, seed, seed_len); + HMAC_Update(ctx_a, seed, seed_len);
+ HMAC_Final(&ctx_a, a, NULL); + HMAC_Final(ctx_a, a, NULL);
+ +
+ while (1) { + while (1) {
+ /* Calculate next part of output */ + /* Calculate next part of output */
+ HMAC_Update(&ctx_out, a, size); + HMAC_Update(ctx_out, a, size);
+ HMAC_Update(&ctx_out, seed, seed_len); + HMAC_Update(ctx_out, seed, seed_len);
+ +
+ /* Check if last part */ + /* Check if last part */
+ if (out_len < size) { + if (out_len < size) {
+ HMAC_Final(&ctx_out, a, NULL); + HMAC_Final(ctx_out, a, NULL);
+ memcpy(out, a, out_len); + memcpy(out, a, out_len);
+ break; + break;
+ } + }
+ +
+ /* Place digest in output buffer */ + /* Place digest in output buffer */
+ HMAC_Final(&ctx_out, out, NULL); + HMAC_Final(ctx_out, out, NULL);
+ HMAC_Init_ex(&ctx_out, NULL, 0, NULL, NULL); + HMAC_Init_ex(ctx_out, NULL, 0, NULL, NULL);
+ out += size; + out += size;
+ out_len -= size; + out_len -= size;
+ +
+ /* Calculate next A(i) */ + /* Calculate next A(i) */
+ HMAC_Init_ex(&ctx_a, NULL, 0, NULL, NULL); + HMAC_Init_ex(ctx_a, NULL, 0, NULL, NULL);
+ HMAC_Update(&ctx_a, a, size); + HMAC_Update(ctx_a, a, size);
+ HMAC_Final(&ctx_a, a, NULL); + HMAC_Final(ctx_a, a, NULL);
+ } + }
+ +
+ HMAC_CTX_cleanup(&ctx_a); + HMAC_CTX_free(ctx_a);
+ HMAC_CTX_cleanup(&ctx_out); + HMAC_CTX_free(ctx_out);
+ memset(a, 0, sizeof(a)); + memset(a, 0, sizeof(a));
+} +}
+ +
@ -1126,21 +1141,22 @@ index 0000000..edcb0cb
+ unsigned char *p = seed; + unsigned char *p = seed;
+ SSL *s = ets->ssl; + SSL *s = ets->ssl;
+ size_t prf_size; + size_t prf_size;
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+ size_t master_key_length;
+ +
+ prf_size = strlen(prf_label); + prf_size = strlen(prf_label);
+ +
+ memcpy(p, prf_label, prf_size); + memcpy(p, prf_label, prf_size);
+ p += prf_size; + p += prf_size;
+ +
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); + prf_size += SSL_get_client_random(s, p, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE; + p += SSL3_RANDOM_SIZE;
+ prf_size += SSL3_RANDOM_SIZE;
+ +
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); + prf_size += SSL_get_server_random(s, p, SSL3_RANDOM_SIZE);
+ prf_size += SSL3_RANDOM_SIZE;
+ +
+ PRF(s->session->master_key, s->session->master_key_length, + master_key_length = SSL_SESSION_get_master_key(SSL_get_session(s), master_key,
+ seed, prf_size, out, buf, sizeof(out)); + sizeof(master_key));
+ PRF(master_key, master_key_length, seed, prf_size, out, buf, sizeof(out));
+ +
+ /* + /*
+ * We now have the master send and receive keys. + * We now have the master send and receive keys.
@ -1308,7 +1324,7 @@ index 0000000..edcb0cb
+ SSL_library_init(); + SSL_library_init();
+ SSL_load_error_strings(); + SSL_load_error_strings();
+ +
+ ctx = SSL_CTX_new(TLSv1_method()); + ctx = SSL_CTX_new(TLS_method());
+ +
+ if (!ctx) { + if (!ctx) {
+ error("EAP-TLS: Cannot initialize SSL CTX context"); + error("EAP-TLS: Cannot initialize SSL CTX context");
@ -2112,18 +2128,47 @@ index 0000000..edcb0cb
+ char string[256]; + char string[256];
+ struct eaptls_session *ets = (struct eaptls_session *)arg; + struct eaptls_session *ets = (struct eaptls_session *)arg;
+ unsigned char code; + unsigned char code;
+ const unsigned char*msg = buf;
+ int hvers = msg[1] << 8 | msg[2];
+ +
+ if(write_p) + if(write_p)
+ strcpy(string, " -> "); + strcpy(string, " -> ");
+ else + else
+ strcpy(string, " <- "); + strcpy(string, " <- ");
+ +
+
+ switch(content_type) { + switch(content_type) {
+ +
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ case SSL3_RT_HEADER:
+ strcat(string, "SSL/TLS Header: ");
+ switch(hvers) {
+ case SSL3_VERSION:
+ strcat(string, "SSL 3.0");
+ break;
+ case TLS1_VERSION:
+ strcat(string, "TLS 1.0");
+ break;
+ case TLS1_1_VERSION:
+ strcat(string, "TLS 1.1");
+ break;
+ case TLS1_2_VERSION:
+ strcat(string, "TLS 1.2");
+ break;
+ case DTLS1_VERSION:
+ strcat(string, "DTLS 1.0");
+ break;
+ case DTLS1_2_VERSION:
+ strcat(string, "DTLS 1.2");
+ break;
+ default:
+ strcat(string, "Unknown version");
+ }
+ break;
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+
+ case SSL3_RT_ALERT: + case SSL3_RT_ALERT:
+ strcat(string, "Alert: "); + strcat(string, "Alert: ");
+ code = ((const unsigned char *)buf)[1]; + code = msg[1];
+ +
+ if (write_p) { + if (write_p) {
+ ets->alert_sent = 1; + ets->alert_sent = 1;
@ -2143,7 +2188,7 @@ index 0000000..edcb0cb
+ case SSL3_RT_HANDSHAKE: + case SSL3_RT_HANDSHAKE:
+ +
+ strcat(string, "Handshake: "); + strcat(string, "Handshake: ");
+ code = ((const unsigned char *)buf)[0]; + code = msg[0];
+ +
+ switch(code) { + switch(code) {
+ case SSL3_MT_HELLO_REQUEST: + case SSL3_MT_HELLO_REQUEST:
@ -2199,11 +2244,9 @@ index 0000000..edcb0cb
+ dbglog("%s", string); + dbglog("%s", string);
+} +}
+ +
diff --git a/pppd/eap-tls.h b/pppd/eap-tls.h diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h
new file mode 100644 --- ppp-2.4.7/pppd/eap-tls.h 1970-01-01 01:00:00.000000000 +0100
index 0000000..2d45a0b +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h 2017-05-09 14:38:55.150083347 +0200
--- /dev/null
+++ b/pppd/eap-tls.h
@@ -0,0 +1,107 @@ @@ -0,0 +1,107 @@
+/* +/*
+ * eap-tls.h + * eap-tls.h
@ -2312,10 +2355,9 @@ index 0000000..2d45a0b
+#endif +#endif
+ +
+#endif +#endif
diff --git a/pppd/eap.c b/pppd/eap.c diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
index faced53..bfbce95 100644 --- ppp-2.4.7/pppd/eap.c 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/eap.c +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c 2017-05-09 14:38:55.151083274 +0200
+++ b/pppd/eap.c
@@ -43,6 +43,11 @@ @@ -43,6 +43,11 @@
* Based on draft-ietf-pppext-eap-srp-03.txt. * Based on draft-ietf-pppext-eap-srp-03.txt.
*/ */
@ -2342,7 +2384,7 @@ index faced53..bfbce95 100644
#ifdef USE_SRP #ifdef USE_SRP
#include <t_pwd.h> #include <t_pwd.h>
@@ -209,6 +218,9 @@ int unit; @@ -209,6 +218,9 @@
esp->es_server.ea_id = (u_char)(drand48() * 0x100); esp->es_server.ea_id = (u_char)(drand48() * 0x100);
esp->es_client.ea_timeout = EAP_DEFREQTIME; esp->es_client.ea_timeout = EAP_DEFREQTIME;
esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ; esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ;
@ -2352,7 +2394,7 @@ index faced53..bfbce95 100644
} }
/* /*
@@ -436,8 +448,16 @@ int status; @@ -436,8 +448,16 @@
u_char vals[2]; u_char vals[2];
struct b64state bs; struct b64state bs;
#endif /* USE_SRP */ #endif /* USE_SRP */
@ -2369,7 +2411,7 @@ index faced53..bfbce95 100644
switch (esp->es_server.ea_state) { switch (esp->es_server.ea_state) {
case eapBadAuth: case eapBadAuth:
return; return;
@@ -562,9 +582,79 @@ int status; @@ -562,9 +582,79 @@
break; break;
} }
#endif /* USE_SRP */ #endif /* USE_SRP */
@ -2449,7 +2491,7 @@ index faced53..bfbce95 100644
case eapSRP1: case eapSRP1:
#ifdef USE_SRP #ifdef USE_SRP
ts = (struct t_server *)esp->es_server.ea_session; ts = (struct t_server *)esp->es_server.ea_session;
@@ -718,6 +808,30 @@ eap_state *esp; @@ -718,6 +808,30 @@
INCPTR(esp->es_server.ea_namelen, outp); INCPTR(esp->es_server.ea_namelen, outp);
break; break;
@ -2480,7 +2522,7 @@ index faced53..bfbce95 100644
#ifdef USE_SRP #ifdef USE_SRP
case eapSRP1: case eapSRP1:
PUTCHAR(EAPT_SRP, outp); PUTCHAR(EAPT_SRP, outp);
@@ -904,11 +1018,57 @@ static void @@ -904,11 +1018,57 @@
eap_server_timeout(arg) eap_server_timeout(arg)
void *arg; void *arg;
{ {
@ -2538,7 +2580,7 @@ index faced53..bfbce95 100644
/* EAP ID number must not change on timeout. */ /* EAP ID number must not change on timeout. */
eap_send_request(esp); eap_send_request(esp);
} }
@@ -1166,6 +1326,81 @@ u_char *str; @@ -1166,6 +1326,81 @@
} }
#endif /* USE_SRP */ #endif /* USE_SRP */
@ -2620,7 +2662,7 @@ index faced53..bfbce95 100644
static void static void
eap_send_nak(esp, id, type) eap_send_nak(esp, id, type)
eap_state *esp; eap_state *esp;
@@ -1320,6 +1555,11 @@ int len; @@ -1320,6 +1555,11 @@
char rhostname[256]; char rhostname[256];
MD5_CTX mdContext; MD5_CTX mdContext;
u_char hash[MD5_SIGNATURE_SIZE]; u_char hash[MD5_SIGNATURE_SIZE];
@ -2632,7 +2674,7 @@ index faced53..bfbce95 100644
#ifdef USE_SRP #ifdef USE_SRP
struct t_client *tc; struct t_client *tc;
struct t_num sval, gval, Nval, *Ap, Bval; struct t_num sval, gval, Nval, *Ap, Bval;
@@ -1456,6 +1696,90 @@ int len; @@ -1456,6 +1696,90 @@
esp->es_client.ea_namelen); esp->es_client.ea_namelen);
break; break;
@ -2723,7 +2765,7 @@ index faced53..bfbce95 100644
#ifdef USE_SRP #ifdef USE_SRP
case EAPT_SRP: case EAPT_SRP:
if (len < 1) { if (len < 1) {
@@ -1737,6 +2061,11 @@ int len; @@ -1737,6 +2061,11 @@
u_char dig[SHA_DIGESTSIZE]; u_char dig[SHA_DIGESTSIZE];
#endif /* USE_SRP */ #endif /* USE_SRP */
@ -2735,7 +2777,7 @@ index faced53..bfbce95 100644
if (esp->es_server.ea_id != id) { if (esp->es_server.ea_id != id) {
dbglog("EAP: discarding Response %d; expected ID %d", id, dbglog("EAP: discarding Response %d; expected ID %d", id,
esp->es_server.ea_id); esp->es_server.ea_id);
@@ -1776,6 +2105,60 @@ int len; @@ -1776,6 +2105,60 @@
eap_figure_next_state(esp, 0); eap_figure_next_state(esp, 0);
break; break;
@ -2796,7 +2838,7 @@ index faced53..bfbce95 100644
case EAPT_NOTIFICATION: case EAPT_NOTIFICATION:
dbglog("EAP unexpected Notification; response discarded"); dbglog("EAP unexpected Notification; response discarded");
break; break;
@@ -1807,6 +2190,13 @@ int len; @@ -1807,6 +2190,13 @@
esp->es_server.ea_state = eapMD5Chall; esp->es_server.ea_state = eapMD5Chall;
break; break;
@ -2810,7 +2852,7 @@ index faced53..bfbce95 100644
default: default:
dbglog("EAP: peer requesting unknown Type %d", vallen); dbglog("EAP: peer requesting unknown Type %d", vallen);
switch (esp->es_server.ea_state) { switch (esp->es_server.ea_state) {
@@ -2018,13 +2408,27 @@ u_char *inp; @@ -2018,13 +2408,27 @@
int id; int id;
int len; int len;
{ {
@ -2839,7 +2881,7 @@ index faced53..bfbce95 100644
if (esp->es_client.ea_timeout > 0) { if (esp->es_client.ea_timeout > 0) {
UNTIMEOUT(eap_client_timeout, (void *)esp); UNTIMEOUT(eap_client_timeout, (void *)esp);
} }
@@ -2150,6 +2554,9 @@ void *arg; @@ -2150,6 +2554,9 @@
int code, id, len, rtype, vallen; int code, id, len, rtype, vallen;
u_char *pstart; u_char *pstart;
u_int32_t uval; u_int32_t uval;
@ -2849,7 +2891,7 @@ index faced53..bfbce95 100644
if (inlen < EAP_HEADERLEN) if (inlen < EAP_HEADERLEN)
return (0); return (0);
@@ -2214,6 +2621,24 @@ void *arg; @@ -2214,6 +2621,24 @@
} }
break; break;
@ -2874,7 +2916,7 @@ index faced53..bfbce95 100644
case EAPT_SRP: case EAPT_SRP:
if (len < 3) if (len < 3)
goto truncated; goto truncated;
@@ -2325,6 +2750,25 @@ void *arg; @@ -2325,6 +2750,25 @@
} }
break; break;
@ -2900,16 +2942,15 @@ index faced53..bfbce95 100644
case EAPT_NAK: case EAPT_NAK:
if (len <= 0) { if (len <= 0) {
printer(arg, " <missing hint>"); printer(arg, " <missing hint>");
@@ -2426,3 +2870,4 @@ void *arg; @@ -2426,3 +2870,4 @@
return (inp - pstart); return (inp - pstart);
} }
+ +
diff --git a/pppd/eap.h b/pppd/eap.h diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
index 199d184..3fa5391 100644 --- ppp-2.4.7/pppd/eap.h 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/eap.h +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h 2017-05-09 14:38:55.152083200 +0200
+++ b/pppd/eap.h @@ -84,6 +84,16 @@
@@ -84,6 +84,16 @@ enum eap_state_code {
eapClosed, /* Authentication not in use */ eapClosed, /* Authentication not in use */
eapListen, /* Client ready (and timer running) */ eapListen, /* Client ready (and timer running) */
eapIdentify, /* EAP Identify sent */ eapIdentify, /* EAP Identify sent */
@ -2926,7 +2967,7 @@ index 199d184..3fa5391 100644
eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */ eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */
eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */ eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */
eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */ eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */
@@ -95,9 +105,18 @@ enum eap_state_code { @@ -95,9 +105,18 @@
#define EAP_STATES \ #define EAP_STATES \
"Initial", "Pending", "Closed", "Listen", "Identify", \ "Initial", "Pending", "Closed", "Listen", "Identify", \
@ -2936,8 +2977,8 @@ index 199d184..3fa5391 100644
-#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) -#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
+#ifdef USE_EAPTLS +#ifdef USE_EAPTLS
+#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial ||\ +#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\
+ (esp)->es_client.ea_state != eapPending ||\ + (esp)->es_client.ea_state != eapPending &&\
+ (esp)->es_client.ea_state != eapClosed) + (esp)->es_client.ea_state != eapClosed)
+#else +#else
+#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) +#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
@ -2946,7 +2987,7 @@ index 199d184..3fa5391 100644
#define eap_server_active(esp) \ #define eap_server_active(esp) \
((esp)->es_server.ea_state >= eapIdentify && \ ((esp)->es_server.ea_state >= eapIdentify && \
(esp)->es_server.ea_state <= eapMD5Chall) (esp)->es_server.ea_state <= eapMD5Chall)
@@ -112,11 +131,17 @@ struct eap_auth { @@ -112,11 +131,17 @@
u_short ea_namelen; /* Length of our name */ u_short ea_namelen; /* Length of our name */
u_short ea_peerlen; /* Length of peer's name */ u_short ea_peerlen; /* Length of peer's name */
enum eap_state_code ea_state; enum eap_state_code ea_state;
@ -2964,7 +3005,7 @@ index 199d184..3fa5391 100644
}; };
/* /*
@@ -139,7 +164,12 @@ typedef struct eap_state { @@ -139,7 +164,12 @@
* Timeouts. * Timeouts.
*/ */
#define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */ #define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */
@ -2977,10 +3018,9 @@ index 199d184..3fa5391 100644
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */ #define EAP_DEFREQTIME 20 /* Time to wait for peer request */
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */ #define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
diff --git a/pppd/md5.c b/pppd/md5.c diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c
index f1291ce..6f8f720 100644 --- ppp-2.4.7/pppd/md5.c 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/md5.c +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c 2017-05-09 14:38:55.152083200 +0200
+++ b/pppd/md5.c
@@ -33,6 +33,8 @@ @@ -33,6 +33,8 @@
*********************************************************************** ***********************************************************************
*/ */
@ -2990,16 +3030,15 @@ index f1291ce..6f8f720 100644
#include <string.h> #include <string.h>
#include "md5.h" #include "md5.h"
@@ -305,3 +307,5 @@ UINT4 *in; @@ -305,3 +307,5 @@
** End of md5.c ** ** End of md5.c **
******************************** (cut) ******************************** ******************************** (cut) ********************************
*/ */
+#endif /* USE_EAPTLS */ +#endif /* USE_EAPTLS */
+ +
diff --git a/pppd/md5.h b/pppd/md5.h diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h
index 71e8b00..14d7121 100644 --- ppp-2.4.7/pppd/md5.h 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/md5.h +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h 2017-05-09 14:38:55.152083200 +0200
+++ b/pppd/md5.h
@@ -36,6 +36,7 @@ @@ -36,6 +36,7 @@
** documentation and/or software. ** ** documentation and/or software. **
*********************************************************************** ***********************************************************************
@ -3008,17 +3047,16 @@ index 71e8b00..14d7121 100644
#ifndef __MD5_INCLUDE__ #ifndef __MD5_INCLUDE__
@@ -63,3 +64,5 @@ void MD5_Final (unsigned char hash[], MD5_CTX *mdContext); @@ -63,3 +64,5 @@
#define __MD5_INCLUDE__ #define __MD5_INCLUDE__
#endif /* __MD5_INCLUDE__ */ #endif /* __MD5_INCLUDE__ */
+ +
+#endif /* USE_EAPTLS */ +#endif /* USE_EAPTLS */
diff --git a/pppd/pathnames.h b/pppd/pathnames.h diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames.h
index 24e010c..6275df6 100644 --- ppp-2.4.7/pppd/pathnames.h 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/pathnames.h +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames.h 2017-05-09 14:38:55.153083126 +0200
+++ b/pppd/pathnames.h @@ -21,6 +21,13 @@
@@ -22,6 +22,13 @@
#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets" #define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets"
#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets" #define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets"
#define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets" #define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets"
@ -3032,11 +3070,10 @@ index 24e010c..6275df6 100644
#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options" #define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up" #define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up"
#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down" #define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down"
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/Makefile.linux
index b474a19..760cad4 100644 --- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/plugins/Makefile.linux +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/Makefile.linux 2017-05-09 14:38:55.153083126 +0200
+++ b/pppd/plugins/Makefile.linux @@ -4,6 +4,9 @@
@@ -4,6 +4,9 @@ CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS = -shared LDFLAGS = -shared
INSTALL = install INSTALL = install
@ -3046,11 +3083,10 @@ index b474a19..760cad4 100644
DESTDIR = $(INSTROOT)@DESTDIR@ DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8 MANDIR = $(DESTDIR)/share/man/man8
diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passprompt.c
index babb6dc..6ba73ca 100644 --- ppp-2.4.7/pppd/plugins/passprompt.c 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/plugins/passprompt.c +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passprompt.c 2017-05-09 14:38:55.153083126 +0200
+++ b/pppd/plugins/passprompt.c @@ -107,4 +107,7 @@
@@ -107,4 +107,7 @@ void plugin_init(void)
{ {
add_options(options); add_options(options);
pap_passwd_hook = promptpass; pap_passwd_hook = promptpass;
@ -3058,11 +3094,10 @@ index babb6dc..6ba73ca 100644
+ eaptls_passwd_hook = promptpass; + eaptls_passwd_hook = promptpass;
+#endif +#endif
} }
diff --git a/pppd/plugins/passwordfd.c b/pppd/plugins/passwordfd.c diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passwordfd.c
index d718f3b..c3f9793 100644 --- ppp-2.4.7/pppd/plugins/passwordfd.c 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/plugins/passwordfd.c +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passwordfd.c 2017-05-09 14:38:55.154083052 +0200
+++ b/pppd/plugins/passwordfd.c @@ -79,4 +79,8 @@
@@ -79,4 +79,8 @@ void plugin_init (void)
chap_check_hook = pwfd_check; chap_check_hook = pwfd_check;
chap_passwd_hook = pwfd_passwd; chap_passwd_hook = pwfd_passwd;
@ -3071,11 +3106,10 @@ index d718f3b..c3f9793 100644
+ eaptls_passwd_hook = pwfd_passwd; + eaptls_passwd_hook = pwfd_passwd;
+#endif +#endif
} }
diff --git a/pppd/pppd.8 b/pppd/pppd.8 diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
index 2dd6e1a..75dd6f3 100644 --- ppp-2.4.7/pppd/pppd.8 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/pppd.8 +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8 2017-05-09 14:38:55.155082978 +0200
+++ b/pppd/pppd.8 @@ -248,6 +248,12 @@
@@ -248,6 +248,12 @@ Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
compression in the corresponding direction. Use \fInobsdcomp\fR or compression in the corresponding direction. Use \fInobsdcomp\fR or
\fIbsdcomp 0\fR to disable BSD-Compress compression entirely. \fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
.TP .TP
@ -3088,7 +3122,7 @@ index 2dd6e1a..75dd6f3 100644
.B cdtrcts .B cdtrcts
Use a non-standard hardware flow control (i.e. DTR/CTS) to control Use a non-standard hardware flow control (i.e. DTR/CTS) to control
the flow of data on the serial port. If neither the \fIcrtscts\fR, the flow of data on the serial port. If neither the \fIcrtscts\fR,
@@ -259,6 +265,12 @@ RTS output. Such serial ports use this mode to implement true @@ -259,6 +265,12 @@
bi-directional flow control. The sacrifice is that this flow bi-directional flow control. The sacrifice is that this flow
control mode does not permit using DTR as a modem control line. control mode does not permit using DTR as a modem control line.
.TP .TP
@ -3101,7 +3135,7 @@ index 2dd6e1a..75dd6f3 100644
.B chap\-interval \fIn .B chap\-interval \fIn
If this option is given, pppd will rechallenge the peer every \fIn\fR If this option is given, pppd will rechallenge the peer every \fIn\fR
seconds. seconds.
@@ -287,6 +299,18 @@ negotiation by sending its first LCP packet. The default value is @@ -287,6 +299,18 @@
1000 (1 second). This wait period only applies if the \fBconnect\fR 1000 (1 second). This wait period only applies if the \fBconnect\fR
or \fBpty\fR option is used. or \fBpty\fR option is used.
.TP .TP
@ -3120,7 +3154,7 @@ index 2dd6e1a..75dd6f3 100644
.B debug .B debug
Enables connection debugging facilities. Enables connection debugging facilities.
If this option is given, pppd will log the contents of all If this option is given, pppd will log the contents of all
@@ -551,6 +575,12 @@ transmitted packets be printed. On most systems, messages printed by @@ -551,6 +575,12 @@
the kernel are logged by syslog(1) to a file as directed in the the kernel are logged by syslog(1) to a file as directed in the
/etc/syslog.conf configuration file. /etc/syslog.conf configuration file.
.TP .TP
@ -3133,7 +3167,7 @@ index 2dd6e1a..75dd6f3 100644
.B ktune .B ktune
Enables pppd to alter kernel settings as appropriate. Under Linux, Enables pppd to alter kernel settings as appropriate. Under Linux,
pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward
@@ -709,6 +739,9 @@ name to \fIname\fR.) @@ -709,6 +739,9 @@
Disable Address/Control compression in both directions (send and Disable Address/Control compression in both directions (send and
receive). receive).
.TP .TP
@ -3143,11 +3177,10 @@ index 2dd6e1a..75dd6f3 100644
.B noauth .B noauth
Do not require the peer to authenticate itself. This option is Do not require the peer to authenticate itself. This option is
privileged. privileged.
diff --git a/pppd/pppd.h b/pppd/pppd.h diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h
index 5f72f72..523f226 100644 --- ppp-2.4.7/pppd/pppd.h 2014-08-09 14:31:39.000000000 +0200
--- a/pppd/pppd.h +++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h 2017-05-09 14:38:55.156082905 +0200
+++ b/pppd/pppd.h @@ -325,6 +325,11 @@
@@ -324,6 +324,11 @@ extern bool dump_options; /* print out option values */
extern bool dryrun; /* check everything, print options, exit */ extern bool dryrun; /* check everything, print options, exit */
extern int child_wait; /* # seconds to wait for children at end */ extern int child_wait; /* # seconds to wait for children at end */
@ -3159,7 +3192,7 @@ index 5f72f72..523f226 100644
#ifdef MAXOCTETS #ifdef MAXOCTETS
extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */ extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
extern int maxoctets_dir; /* Direction : extern int maxoctets_dir; /* Direction :
@@ -738,6 +743,10 @@ extern int (*chap_check_hook) __P((void)); @@ -741,6 +746,10 @@
extern int (*chap_passwd_hook) __P((char *user, char *passwd)); extern int (*chap_passwd_hook) __P((char *user, char *passwd));
extern void (*multilink_join_hook) __P((void)); extern void (*multilink_join_hook) __P((void));
@ -3170,6 +3203,3 @@ index 5f72f72..523f226 100644
/* Let a plugin snoop sent and received packets. Useful for L2TP */ /* Let a plugin snoop sent and received packets. Useful for L2TP */
extern void (*snoop_recv_hook) __P((unsigned char *p, int len)); extern void (*snoop_recv_hook) __P((unsigned char *p, int len));
extern void (*snoop_send_hook) __P((unsigned char *p, int len)); extern void (*snoop_send_hook) __P((unsigned char *p, int len));
--
1.8.3.1

View File

@ -1,27 +0,0 @@
From fcb95abad72ac043f2e5f5ddcffc42b0783a3c2d Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 10 Dec 2014 12:21:31 +0100
Subject: [PATCH] Fix logical expression in eap_client_active macro
---
pppd/eap.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/eap.h b/pppd/eap.h
index 3fa5391..087baad 100644
--- a/pppd/eap.h
+++ b/pppd/eap.h
@@ -110,8 +110,8 @@ enum eap_state_code {
"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
#ifdef USE_EAPTLS
-#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial ||\
- (esp)->es_client.ea_state != eapPending ||\
+#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\
+ (esp)->es_client.ea_state != eapPending &&\
(esp)->es_client.ea_state != eapClosed)
#else
#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
--
1.8.3.1

View File

@ -0,0 +1,35 @@
From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Sat, 10 Dec 2016 19:53:56 +0100
Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
To fix build breakage.
---
pppd/plugins/rp-pppoe/pppoe.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
index 9ab2eee..f77f5b7 100644
--- a/pppd/plugins/rp-pppoe/pppoe.h
+++ b/pppd/plugins/rp-pppoe/pppoe.h
@@ -15,6 +15,8 @@
#include "config.h"
+#include <netinet/in.h>
+
#if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H)
#define _POSIX_SOURCE 1 /* For sigaction defines */
#endif
@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
#include <linux/if_ether.h>
#endif
-#include <netinet/in.h>
-
#ifdef HAVE_NETINET_IF_ETHER_H
#include <sys/types.h>
--
2.9.3

View File

@ -0,0 +1,79 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 534ccc2..cf11b74 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -41,7 +41,7 @@ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
# Uncomment the next 2 lines to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
CHAPMS=y
-USE_CRYPT=y
+#USE_CRYPT=y
# Don't use MSLANMAN unless you really know what you're doing.
#MSLANMAN=y
# Uncomment the next line to include support for MPPE. CHAPMS (above) must
@@ -147,7 +147,8 @@ endif
ifdef NEEDDES
ifndef USE_CRYPT
-LIBS += -ldes $(LIBS)
+CFLAGS += -I/usr/include/openssl
+LIBS += -lcrypto
else
CFLAGS += -DUSE_CRYPT=1
endif
diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
index 8b85b13..6b35375 100644
--- a/pppd/pppcrypt.c
+++ b/pppd/pppcrypt.c
@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
des_key[7] = Get7Bits(key, 49);
#ifndef USE_CRYPT
- des_set_odd_parity((des_cblock *)des_key);
+ DES_set_odd_parity((DES_cblock *)des_key);
#endif
}
@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
}
#else /* USE_CRYPT */
-static des_key_schedule key_schedule;
+static DES_key_schedule key_schedule;
bool
DesSetkey(key)
u_char *key;
{
- des_cblock des_key;
+ DES_cblock des_key;
MakeKey(key, des_key);
- des_set_key(&des_key, key_schedule);
+ DES_set_key(&des_key, &key_schedule);
return (1);
}
bool
-DesEncrypt(clear, key, cipher)
+DesEncrypt(clear, cipher)
u_char *clear; /* IN 8 octets */
u_char *cipher; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
- key_schedule, 1);
+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
+ &key_schedule, 1);
return (1);
}
@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
u_char *cipher; /* IN 8 octets */
u_char *clear; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
- key_schedule, 0);
+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
+ &key_schedule, 0);
return (1);
}

View File

@ -0,0 +1,170 @@
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
index 2445637..83114f1 100644
--- a/chat/Makefile.linux
+++ b/chat/Makefile.linux
@@ -18,7 +18,7 @@ INSTALL= install
all: chat
chat: chat.o
- $(CC) -o chat chat.o
+ $(CC) $(LDFLAGS) -o chat chat.o
chat.o: chat.c
$(CC) -c $(CFLAGS) -o chat.o chat.c
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index cf11b74..089f164 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -188,7 +188,7 @@ endif
ifdef PLUGIN
CFLAGS += -DPLUGIN
-LDFLAGS += -Wl,-E
+LDFLAGS_PLUGIN += -Wl,-E
LIBS += -ldl
endif
@@ -230,7 +230,7 @@ install: pppd
$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
pppd: $(PPPDOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
srp-entry: srp-entry.c
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS)
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 303833a..04fe876 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
# EAP-TLS
@@ -33,7 +33,7 @@ all: $(PLUGINS)
for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
%.so: %.c
- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
+ $(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h)
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 4c5826f..1961e0e 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
#***********************************************************************
@@ -33,7 +33,7 @@ endif
all: $(PLUGIN)
$(PLUGIN): $(PLUGIN_OBJS)
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 9cb316d..7b23b25 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
#***********************************************************************
@@ -16,7 +16,7 @@ PLUGINS := pppol2tp.so openl2tp.so
all: $(PLUGINS)
%.so: %.o
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 707326b..2150332 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -43,13 +43,13 @@ install: all
$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
radius.so: radius.o libradiusclient.a
- $(CC) -o radius.so -shared radius.o libradiusclient.a
+ $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
radattr.so: radattr.o
- $(CC) -o radattr.so -shared radattr.o
+ $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o
radrealms.so: radrealms.o
- $(CC) -o radrealms.so -shared radrealms.o
+ $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o
CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
clientid.o sendserver.o lock.o util.o md5.o
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index fa49efb..5e06b52 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
all: rp-pppoe.so pppoe-discovery
pppoe-discovery: pppoe-discovery.o debug.o common.o
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
+ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
pppoe-discovery.o: pppoe-discovery.c
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
@@ -40,7 +40,7 @@ debug.o: debug.c
$(CC) $(CFLAGS) -c -o debug.o debug.c
rp-pppoe.so: plugin.o discovery.o if.o common.o
- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
+ $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
index 95c6805..33e5107 100644
--- a/pppdump/Makefile.linux
+++ b/pppdump/Makefile.linux
@@ -10,7 +10,7 @@ INSTALL= install
all: pppdump
pppdump: $(OBJS)
- $(CC) -o pppdump $(OBJS)
+ $(CC) $(LDFLAGS) -o pppdump $(OBJS)
clean:
rm -f pppdump $(OBJS) *~
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
index c5ba3b1..eeccf83 100644
--- a/pppstats/Makefile.linux
+++ b/pppstats/Makefile.linux
@@ -26,7 +26,7 @@ install: pppstats
$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
pppstats: $(PPPSTATSRCS)
- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
clean:
rm -f pppstats *~ #* core

View File

@ -3,7 +3,7 @@
Summary: The Point-to-Point Protocol daemon Summary: The Point-to-Point Protocol daemon
Name: ppp Name: ppp
Version: 2.4.7 Version: 2.4.7
Release: 7%{?dist} Release: 21%{?dist}
License: BSD and LGPLv2+ and GPLv2+ and Public Domain License: BSD and LGPLv2+ and GPLv2+ and Public Domain
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://www.samba.org/ppp URL: http://www.samba.org/ppp
@ -48,10 +48,16 @@ Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch
Patch0026: 0026-Revert-pppd-rebase-EAP-TLS-patch-v0.994.patch Patch0026: 0026-Revert-pppd-rebase-EAP-TLS-patch-v0.994.patch
Patch0027: 0027-pppd-EAP-TLS-patch-v0.997.patch Patch0027: 0027-pppd-EAP-TLS-patch-v0.999.patch
Patch0028: 0028-Fix-logical-expression-in-eap_client_active-macro.patch Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
BuildRequires: pam-devel, libpcap-devel, openssl-devel, systemd, systemd-devel, glib2-devel # rhbz#1556132
Patch0029: ppp-2.4.7-DES-openssl.patch
# https://github.com/paulusmack/ppp/pull/95
Patch0030: ppp-2.4.7-honor-ldflags.patch
BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
BuildRequires: openssl-devel
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd, initscripts >= 9.54 Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd, initscripts >= 9.54
Requires(pre): /usr/bin/getent Requires(pre): /usr/bin/getent
Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/groupadd
@ -79,9 +85,10 @@ tar -xJf %{SOURCE12}
%build %build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing" export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
export RPM_LD_FLAGS="$LDFLAGS"
%configure %configure
make %{?_smp_mflags} make %{?_smp_mflags} LDFLAGS="%{?build_ldflags}"
make -C ppp-watch %{?_smp_mflags} make -C ppp-watch %{?_smp_mflags} LDFLAGS="%{?build_ldflags}"
%install %install
make INSTROOT=%{buildroot} install install-etcppp make INSTROOT=%{buildroot} install install-etcppp
@ -168,6 +175,53 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
%doc PLUGINS %doc PLUGINS
%changelog %changelog
* Mon Apr 9 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-21
- Link with -E not to break plugins
Resolves: rhbz#1564459
* Fri Apr 6 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-20
- Also build all DSOs with distro's LDFLAGS
Related: rhbz#1563157
* Wed Apr 4 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-19
- Build with distro's LDFLAGS
Resolves: rhbz#1563157
* Tue Mar 27 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-18
- Used openssl for the DES instead of the libcrypt / glibc
Resolves: rhbz#1556132
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.4.7-17
- Escape macros in %%changelog
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2.4.7-15
- Rebuilt for switch to libxcrypt
* Mon Aug 21 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-14
- EAP-TLS patch updated to version 0.999
- Switched to openssl-1.1
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sat Dec 10 2016 Lubomir Rintel <lkundrak@v3.sk> - 2.4.7-10
- Fix FTBFS
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.7-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Feb 09 2015 Michal Sekletar <msekleta@redhat.com> - 2.4.7-7 * Mon Feb 09 2015 Michal Sekletar <msekleta@redhat.com> - 2.4.7-7
- prevent running into issues caused by undefined behavior (pointers of incompatible types aliasing the same object) - prevent running into issues caused by undefined behavior (pointers of incompatible types aliasing the same object)
@ -208,7 +262,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
- fix post installation scriptlet - fix post installation scriptlet
* Fri Jul 12 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-32 * Fri Jul 12 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-32
- don't ship /var/lock/ppp in rpm payload and create it in %post instead - don't ship /var/lock/ppp in rpm payload and create it in %%post instead
- fix installation of tmpfiles.d configuration - fix installation of tmpfiles.d configuration
- enable hardened build - enable hardened build
- fix bogus dates in changelog - fix bogus dates in changelog
@ -517,7 +571,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
- automatic rebuild - automatic rebuild
* Mon Jun 5 2000 Nalin Dahyabhai <nalin@redhat.com> * Mon Jun 5 2000 Nalin Dahyabhai <nalin@redhat.com>
- move man pages to %{_mandir} - move man pages to %%{_mandir}
* Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com> * Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- change perms using defattr - change perms using defattr