rpms
/
ppp
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

merge into: rpms:master
Branches Tags
rpms:master
rpms:f38-riscv64
rpms:master-riscv64
rpms:f28
rpms:f27
rpms:f26
rpms:f24
rpms:f25
rpms:f23
rpms:f22
rpms:f21
rpms:f20
rpms:f19
rpms:f18
rpms:f16
rpms:f17
rpms:f13
rpms:f15
rpms:f14
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f7
rpms:f8
rpms:ppp-2_4_5-9_fc12
rpms:ppp-2_4_5-9_fc13
rpms:ppp-2_4_5-10_fc14
rpms:ppp-2_4_5-9_fc14
rpms:ppp-2_4_4-13_fc11
rpms:ppp-2_4_5-8_fc13
rpms:ppp-2_4_5-7_fc13
rpms:ppp-2_4_5-8_fc14
rpms:ppp-2_4_5-8_fc12
rpms:ppp-2_4_5-7_fc12
rpms:ppp-2_4_5-6_fc12
rpms:ppp-2_4_5-6_fc13
rpms:F-13-start
rpms:F-13-split
rpms:ppp-2_4_5-5_fc12
rpms:ppp-2_4_5-5_fc13
rpms:ppp-2_4_5-4_fc13
rpms:ppp-2_4_5-3_fc12
rpms:ppp-2_4_4-12_fc11
rpms:ppp-2_4_5-2_fc12
rpms:ppp-2_4_5-1_fc12
rpms:ppp-2_4_5-2_fc13
rpms:ppp-2_4_5-1_fc13
rpms:ppp-2_4_4-14_fc13
rpms:ppp-2_4_4-13_fc12
rpms:F-12-start
rpms:F-12-split
rpms:ppp-2_4_4-12_fc12
rpms:ppp-2_4_4-11_fc11
rpms:F-11-start
rpms:F-11-split
rpms:ppp-2_4_4-10_fc11
rpms:ppp-2_4_4-9_fc11
rpms:ppp-2_4_4-8_fc10
rpms:F-10-start
rpms:F-10-split
rpms:ppp-2_4_4-7_fc9
rpms:ppp-2_4_4-7_fc10
rpms:ppp-2_4_4-6_fc9
rpms:F-9-start
rpms:F-9-split
rpms:ppp-2_4_4-5_fc9
rpms:ppp-2_4_4-4_fc9
rpms:ppp-2_4_4-3
rpms:F-8-start
rpms:F-8-split
rpms:ppp-2_4_4-2
rpms:F-7-start
rpms:F-7-split
rpms:ppp-2_4_4-1
rpms:FC-6-split
rpms:ppp-2_4_3-6_2_2
rpms:ppp-2_4_3-6_2_1
rpms:FC-5-split
rpms:ppp-2_4_3-6_2
rpms:ppp-2_4_3-6_1
rpms:ppp-2_4_3-6
rpms:ppp-2_4_3-5
rpms:ppp-2_4_3-4
rpms:ppp-2_4_3-3
rpms:ppp-2_4_3-2_1
rpms:ppp-2_4_3-2
rpms:ppp-2_4_3-1
rpms:ppp-2_4_2-7
rpms:FC-4-split
rpms:ppp-2_4_2-6_3
rpms:RHEL-4-split
rpms:FC-3-split
rpms:ppp-2_4_2-6_2
rpms:ppp-2_4_2-6_1
rpms:ppp-2_4_2-6
rpms:ppp-2_4_2-5_1
rpms:ppp-2_4_2-5
rpms:present-on-devel
rpms:ppp-2_4_2-4
rpms:ppp-2_4_2-3_1
rpms:ppp-2_4_2-3
rpms:ppp-2_4_2-2_3
rpms:ppp-2_4_2-2_2
rpms:ppp-2_4_2-2_1
rpms:ppp-2_4_2-2
rpms:scratch-split
rpms:ppp-2_4_1-16
rpms:ppp-2_4_1-15
rpms:FC-2-split
rpms:FC-1-split
rpms:ppp-2_4_1-10
rpms:RHL-9-split
rpms:RHL-8-split
rpms:RHEL-3-split
rpms:ppp-2_4_1-7
rpms:ppp-2_4_1-6
rpms:ppp-2_4_1-3
rpms:RHL-7_3-split
rpms:RHL-7_2-split
rpms:ppp-2_4_1-2
rpms:RHEL-2_1-split
rpms:ppp-2_4_1-1
rpms:ppp-2_4_0-2
rpms:RHL-7_1-split
rpms:ppp-2_3_11-7
rpms:RHL-7_0-split
...
pull from: rpms:f38-riscv64
Branches Tags
rpms:f38-riscv64
rpms:master-riscv64
rpms:f28
rpms:master
rpms:f27
rpms:f26
rpms:f24
rpms:f25
rpms:f23
rpms:f22
rpms:f21
rpms:f20
rpms:f19
rpms:f18
rpms:f16
rpms:f17
rpms:f13
rpms:f15
rpms:f14
rpms:f11
rpms:f9
rpms:f10
rpms:f12
rpms:f7
rpms:f8
rpms:ppp-2_4_5-9_fc12
rpms:ppp-2_4_5-9_fc13
rpms:ppp-2_4_5-10_fc14
rpms:ppp-2_4_5-9_fc14
rpms:ppp-2_4_4-13_fc11
rpms:ppp-2_4_5-8_fc13
rpms:ppp-2_4_5-7_fc13
rpms:ppp-2_4_5-8_fc14
rpms:ppp-2_4_5-8_fc12
rpms:ppp-2_4_5-7_fc12
rpms:ppp-2_4_5-6_fc12
rpms:ppp-2_4_5-6_fc13
rpms:F-13-start
rpms:F-13-split
rpms:ppp-2_4_5-5_fc12
rpms:ppp-2_4_5-5_fc13
rpms:ppp-2_4_5-4_fc13
rpms:ppp-2_4_5-3_fc12
rpms:ppp-2_4_4-12_fc11
rpms:ppp-2_4_5-2_fc12
rpms:ppp-2_4_5-1_fc12
rpms:ppp-2_4_5-2_fc13
rpms:ppp-2_4_5-1_fc13
rpms:ppp-2_4_4-14_fc13
rpms:ppp-2_4_4-13_fc12
rpms:F-12-start
rpms:F-12-split
rpms:ppp-2_4_4-12_fc12
rpms:ppp-2_4_4-11_fc11
rpms:F-11-start
rpms:F-11-split
rpms:ppp-2_4_4-10_fc11
rpms:ppp-2_4_4-9_fc11
rpms:ppp-2_4_4-8_fc10
rpms:F-10-start
rpms:F-10-split
rpms:ppp-2_4_4-7_fc9
rpms:ppp-2_4_4-7_fc10
rpms:ppp-2_4_4-6_fc9
rpms:F-9-start
rpms:F-9-split
rpms:ppp-2_4_4-5_fc9
rpms:ppp-2_4_4-4_fc9
rpms:ppp-2_4_4-3
rpms:F-8-start
rpms:F-8-split
rpms:ppp-2_4_4-2
rpms:F-7-start
rpms:F-7-split
rpms:ppp-2_4_4-1
rpms:FC-6-split
rpms:ppp-2_4_3-6_2_2
rpms:ppp-2_4_3-6_2_1
rpms:FC-5-split
rpms:ppp-2_4_3-6_2
rpms:ppp-2_4_3-6_1
rpms:ppp-2_4_3-6
rpms:ppp-2_4_3-5
rpms:ppp-2_4_3-4
rpms:ppp-2_4_3-3
rpms:ppp-2_4_3-2_1
rpms:ppp-2_4_3-2
rpms:ppp-2_4_3-1
rpms:ppp-2_4_2-7
rpms:FC-4-split
rpms:ppp-2_4_2-6_3
rpms:RHEL-4-split
rpms:FC-3-split
rpms:ppp-2_4_2-6_2
rpms:ppp-2_4_2-6_1
rpms:ppp-2_4_2-6
rpms:ppp-2_4_2-5_1
rpms:ppp-2_4_2-5
rpms:present-on-devel
rpms:ppp-2_4_2-4
rpms:ppp-2_4_2-3_1
rpms:ppp-2_4_2-3
rpms:ppp-2_4_2-2_3
rpms:ppp-2_4_2-2_2
rpms:ppp-2_4_2-2_1
rpms:ppp-2_4_2-2
rpms:scratch-split
rpms:ppp-2_4_1-16
rpms:ppp-2_4_1-15
rpms:FC-2-split
rpms:FC-1-split
rpms:ppp-2_4_1-10
rpms:RHL-9-split
rpms:RHL-8-split
rpms:RHEL-3-split
rpms:ppp-2_4_1-7
rpms:ppp-2_4_1-6
rpms:ppp-2_4_1-3
rpms:RHL-7_3-split
rpms:RHL-7_2-split
rpms:ppp-2_4_1-2
rpms:RHEL-2_1-split
rpms:ppp-2_4_1-1
rpms:ppp-2_4_0-2
rpms:RHL-7_1-split
rpms:ppp-2_3_11-7
rpms:RHL-7_0-split

38 Commits
master ... f38-riscv6

Author SHA1 Message Date
David Abdurachmanov 944fdee35a
Fix path 
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
 2023-04-25 13:23:06 +03:00
David Abdurachmanov 8bb5eff3ea
Add workaround for RISC-V (riscv64) to pick lib64 
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
 2023-04-25 12:48:13 +03:00
Fedora Release Engineering 9e045dfc2d Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-20 10:12:01 +00:00
Fedora Release Engineering 329b6bd0d1 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2022-07-22 15:19:58 +00:00
Jaroslav Škarvada 6e51f2673a Added links to patches 
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
 2022-05-31 14:08:48 +02:00
Marcin Zajączkowski 8c079e9264 Backport patches from master for SSTP and EAP-TLS 
With those changes will allow pppd to connect to an Azure VnetGWay using SSTP
(or using EAP-TLS to a Windows RAS server). Backport to Fedora endorsed
by Eivind Næss, their author and the author of sstp-client and
network-manager-sstp.

Links to git commits used to generate patches:
e609ed8bb6
d706c95906
d7e62a8499
(the first one is only needed to make the second apply in the original
form from Git - those changed lines are removed anyway)
 2022-04-05 23:45:18 +02:00
Fedora Release Engineering 879a84b9d8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2022-01-21 09:22:37 +00:00
Sahana Prasad 0221a70cad Rebuilt with OpenSSL 3.0.0 2021-09-14 19:12:00 +02:00
Fedora Release Engineering ebfb905788 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-07-23 03:59:18 +00:00
Jaroslav Škarvada bfc43d320d Keep lock files in /var/lock (https://github.com/ppp-project/ppp/pull/227) 2021-03-08 21:12:25 +01:00
Fedora Release Engineering e8f51851e7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-01-27 08:31:13 +00:00
Tom Stellard f1667c8a0f Add BuildRequires: make 
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
 2021-01-08 19:28:43 +00:00
Jaroslav Škarvada 23f594e008 New version 
Resolves: rhbz#1912617
 2021-01-05 22:35:54 +01:00
Timm Bäder bf3c413175 spec: Pass -pie via LDFLAGS 
Makes the clang build pass
 2020-11-10 15:17:07 +01:00
Timm Bäder 61c3711488 spec: Remove unused export 
RPM_LD_FLAGS is not used anywhere.
 2020-11-10 15:13:48 +01:00
Timm Bäder 02c8201efb Use gcc directly for -print-multi-os-directory 
The patch uses gcc directly everywhere else.
 2020-11-10 14:57:56 +01:00
Timm Bäder 4c460e431e Remove patch setting CC to gcc 
This is automatically done these days, so no need for us to do it
 2020-11-10 14:50:51 +01:00
Jaroslav Škarvada a9d0d03ee8 Added workaround for Windows Server 2019 
Resolves: rhbz#1867047
 2020-08-10 19:51:14 +02:00
Fedora Release Engineering 22365d4cf2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-07-28 22:56:17 +00:00
Jaroslav Škarvada 568dc9d422 Added missing options to man pages 2020-05-21 20:03:30 +02:00
Jaroslav Škarvada e4e647d22e Updated EAP-TLS patch to v1.300 2020-04-07 10:23:05 +02:00
Jaroslav Škarvada ad5e2374cc Updated EAP-TLS patch to v1.201 2020-04-06 18:33:17 +02:00
Tom Stellard a5cfee84bd Use make_build macro 
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
 2020-02-28 02:37:06 +00:00
Jaroslav Škarvada 47c6e80e42 Fixed ghost directories verification 2020-02-26 11:26:32 +01:00
Jaroslav Škarvada 6d73752ab1 New version 
Changed sources to github
Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h,
  ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags,
  ppp-2.4.7-coverity-scan-fixes  patches (all upstreamed)
Fixed buffer overflow in the eap_request and eap_response functions
  Resolves: CVE-2020-8597
 2020-02-21 17:34:33 +01:00
Fedora Release Engineering 0237a3fb30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-01-30 09:40:43 +00:00
Fedora Release Engineering be5731e256 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-07-26 11:14:45 +00:00
Fedora Release Engineering ce3286c404 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-02-02 04:45:00 +00:00
Björn Esser 11e6611246
Rebuilt for libcrypt.so.2 (#1666033) 2019-01-14 19:13:28 +01:00
Jaroslav Škarvada 984c17894a Fixed some issues found by coverity scan 2018-12-03 22:28:51 +01:00
Jaroslav Škarvada 332d094cb4 Fixed network scripts related regression caused by release 26 2018-11-20 21:07:53 +01:00
Jaroslav Škarvada 735ece793d Updated EAP-TLS patch to v1.102 2018-11-05 16:51:12 +01:00
Lubomir Rintel bb98696009 Split out the network-scripts 
The network-scripts are now removed from the RHEL 8 base installation (and
possibly Fedora too). Let's remove them, so that we don't drag in the legacy
scripts when we don't need them (e.g. invoking through NetworkManager or
pptp and the like).

The boolean weak dependency is utilized to make life easier for those still
relying on the legacy network service and to avoid breakage on upgrades.
 2018-07-24 15:19:26 +02:00
Peter Robinson 0e0bd8ac45 add gcc build dep 2018-07-17 16:51:18 +01:00
Fedora Release Engineering ad2ec1482b - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-07-13 22:48:57 +00:00
Peter Robinson eaa5f714f4 Remove group/defattr, minor spec cleanups 2018-06-30 11:23:26 +01:00
Jaroslav Škarvada 1bd88cdb7f Replaced initscripts requirement by the network-scripts 
Resolves: rhbz#1592384
 2018-06-20 11:59:48 +02:00
Jaroslav Škarvada ad8f16ddb2 Updated EAP-TLS patch to v1.101 
Resolves: CVE-2018-11574
 2018-06-11 23:59:15 +02:00
33 changed files with 1259 additions and 10699 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -2,3 +2,5 @@ ppp-2.4.5.tar.gz
/ppp-2.4.6.tar.gz
/ppp-watch.tar.xz
/ppp-2.4.7.tar.gz
/ppp-2.4.8.tar.gz
/ppp-2.4.9.tar.gz

25
0001-build-sys-use-gcc-as-our-compiler-of-choice.patch
View File

@ -1,25 +0,0 @@
From 486e36d184cbaee7e34bb582ea6fdf3bfa9ca531 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 11:23:42 +0200
Subject: [PATCH 01/27] build-sys: use gcc as our compiler of choice
---
pppd/Makefile.linux | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index a74c914..1d9ea78 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -30,7 +30,7 @@ ifeq (.depend,$(wildcard .depend))
include .depend
endif
-# CC = gcc
+CC = gcc
#
COPTS = -O2 -pipe -Wall -g
LIBS =
--
1.8.3.1

25
0002-build-sys-enable-PAM-support.patch
View File

@ -1,25 +0,0 @@
From 0d71a32b73b71c9793d0b304320858062faf00d1 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 11:25:43 +0200
Subject: [PATCH 02/27] build-sys: enable PAM support
---
pppd/Makefile.linux | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 1d9ea78..5a44d30 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -61,7 +61,7 @@ HAVE_MULTILINK=y
USE_TDB=y
HAS_SHADOW=y
-#USE_PAM=y
+USE_PAM=y
HAVE_INET6=y
# Enable plugins
--
1.8.3.1

121
0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
View File

@ -1,121 +0,0 @@
From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 11:29:39 +0200
Subject: [PATCH 03/27] build-sys: utilize compiler flags handed to us by
rpmbuild
---
chat/Makefile.linux | 2 +-
pppd/Makefile.linux | 3 +--
pppd/plugins/Makefile.linux | 2 +-
pppd/plugins/pppoatm/Makefile.linux | 2 +-
pppd/plugins/radius/Makefile.linux | 2 +-
pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
pppdump/Makefile.linux | 2 +-
pppstats/Makefile.linux | 2 +-
8 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
index 1065ac5..848cd8d 100644
--- a/chat/Makefile.linux
+++ b/chat/Makefile.linux
@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
CDEF4= -DFNDELAY=O_NDELAY # Old name value
CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
-COPTS= -O2 -g -pipe
+COPTS= $(RPM_OPT_FLAGS)
CFLAGS= $(COPTS) $(CDEFS)
INSTALL= install
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 5a44d30..63872eb 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -32,8 +32,7 @@ endif
CC = gcc
#
-COPTS = -O2 -pipe -Wall -g
-LIBS =
+COPTS = -Wall $(RPM_OPT_FLAGS)
# Uncomment the next 2 lines to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 0a7ec7b..e09a369 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -1,5 +1,5 @@
#CC = gcc
-COPTS = -O2 -g
+COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS = -shared
INSTALL = install
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 20f62e6..5a81447 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -1,5 +1,5 @@
#CC = gcc
-COPTS = -O2 -g
+COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
LDFLAGS = -shared
INSTALL = install
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 24ed3e5..45b3b8d 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
INSTALL = install
PLUGIN=radius.so radattr.so radrealms.so
-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
# Uncomment the next line to include support for Microsoft's
# MS-CHAP authentication protocol.
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index 5d7a271..352991a 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -25,7 +25,7 @@ INSTALL = install
# Version is set ONLY IN THE MAKEFILE! Don't delete this!
RP_VERSION=3.8p
-COPTS=-O2 -g
+COPTS=$(RPM_OPT_FLAGS)
CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
all: rp-pppoe.so pppoe-discovery
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
index ac028f6..d0a5032 100644
--- a/pppdump/Makefile.linux
+++ b/pppdump/Makefile.linux
@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
-CFLAGS= -O -I../include/net
+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
INSTALL= install
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
index cca6f0f..42aba73 100644
--- a/pppstats/Makefile.linux
+++ b/pppstats/Makefile.linux
@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
PPPSTATOBJS = pppstats.o
#CC = gcc
-COPTS = -O
+COPTS = $(RPM_OPT_FLAGS)
COMPILE_FLAGS = -I../include
LIBS =
--
1.8.3.1

111
0007-build-sys-don-t-strip-binaries-during-installation.patch
View File

@ -1,111 +0,0 @@
From b9fb631a493c5f1b490c8e9645eb6ebab4b25cc8 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 18:37:00 +0200
Subject: [PATCH 07/27] build-sys: don't strip binaries during installation
We don't want that when building rpms. rpmbuild does final stripping of binaries
for us and generetes debuginfo rpm.
---
chat/Makefile.linux | 2 +-
pppd/Makefile.linux | 4 ++--
pppd/plugins/radius/Makefile.linux | 6 +++---
pppd/plugins/rp-pppoe/Makefile.linux | 4 ++--
pppdump/Makefile.linux | 2 +-
pppstats/Makefile.linux | 2 +-
6 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
index 848cd8d..2445637 100644
--- a/chat/Makefile.linux
+++ b/chat/Makefile.linux
@@ -25,7 +25,7 @@ chat.o: chat.c
install: chat
mkdir -p $(BINDIR) $(MANDIR)
- $(INSTALL) -s -c chat $(BINDIR)
+ $(INSTALL) -c chat $(BINDIR)
$(INSTALL) -c -m 644 chat.8 $(MANDIR)
clean:
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 8ed56c1..4f27100 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -102,7 +102,7 @@ ifdef USE_SRP
CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
TARGETS += srp-entry
-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
MANPAGES += srp-entry.8
EXTRACLEAN += srp-entry.o
NEEDDES=y
@@ -208,7 +208,7 @@ all: $(TARGETS)
install: pppd
mkdir -p $(BINDIR) $(MANDIR)
$(EXTRAINSTALL)
- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd
+ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
chmod o-rx,u+s $(BINDIR)/pppd; fi
$(INSTALL) -c -m 444 pppd.8 $(MANDIR)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 179d0b7..707326b 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -36,9 +36,9 @@ all: $(PLUGIN)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR)
- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR)
- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR)
+ $(INSTALL) -c -m 755 radius.so $(LIBDIR)
+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR)
+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
$(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index 1305ed8..3cd9101 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -43,9 +43,9 @@ rp-pppoe.so: plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR)
+ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
$(INSTALL) -d -m 755 $(BINDIR)
- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR)
+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
clean:
rm -f *.o *.so pppoe-discovery
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
index d0a5032..95c6805 100644
--- a/pppdump/Makefile.linux
+++ b/pppdump/Makefile.linux
@@ -17,5 +17,5 @@ clean:
install:
mkdir -p $(BINDIR) $(MANDIR)
- $(INSTALL) -s -c pppdump $(BINDIR)
+ $(INSTALL) -c pppdump $(BINDIR)
$(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
index 42aba73..c5ba3b1 100644
--- a/pppstats/Makefile.linux
+++ b/pppstats/Makefile.linux
@@ -22,7 +22,7 @@ all: pppstats
install: pppstats
-mkdir -p $(MANDIR)
- $(INSTALL) -s -c pppstats $(BINDIR)
+ $(INSTALL) -c pppstats $(BINDIR)
$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
pppstats: $(PPPSTATSRCS)
--
1.8.3.1

89
0008-build-sys-use-prefix-usr-instead-of-usr-local.patch
View File

@ -1,89 +0,0 @@
From 343728d5de6e44bd67923503e62eefaad50760a4 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 18:47:01 +0200
Subject: [PATCH 08/27] build-sys: use prefix /usr instead of /usr/local
---
configure | 2 +-
pppd/Makefile.linux | 4 ++--
scripts/ppp-on-rsh | 2 +-
scripts/ppp-on-ssh | 4 ++--
scripts/secure-card | 2 +-
5 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/configure b/configure
index 6a55e0f..db54d77 100755
--- a/configure
+++ b/configure
@@ -2,7 +2,7 @@
# $Id: configure,v 1.38 2008/06/15 07:08:49 paulus Exp $
# Where to install stuff by default
-DESTDIR=/usr/local
+DESTDIR=/usr
SYSCONF=/etc
# if [ -d /NextApps ]; then
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 4f27100..95c2598 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -99,8 +99,8 @@ endif
# EAP SRP-SHA1
ifdef USE_SRP
-CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
-LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
+CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/include/openssl
+LIBS += -lsrp -L/usr/lib -lcrypto
TARGETS += srp-entry
EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
MANPAGES += srp-entry.8
diff --git a/scripts/ppp-on-rsh b/scripts/ppp-on-rsh
index 30a50db..a80616a 100755
--- a/scripts/ppp-on-rsh
+++ b/scripts/ppp-on-rsh
@@ -26,7 +26,7 @@ PPPD_RHOST=myremotehost
# For this example, we assume that pppd on both local and remote
# machines reside in the same place, /usr/local/bin/pppd
#
-PPPD_LOC=/usr/local/bin/pppd
+PPPD_LOC=/usr/sbin/pppd
#
# The location of local options file (where rsh client is running).
diff --git a/scripts/ppp-on-ssh b/scripts/ppp-on-ssh
index 0e41aca..c27e80a 100755
--- a/scripts/ppp-on-ssh
+++ b/scripts/ppp-on-ssh
@@ -26,7 +26,7 @@ PPPD_RHOST=myremotehost
# For this example, we assume that pppd on both local and remote
# machines reside in the same place, /usr/local/bin/pppd
#
-PPPD_LOC=/usr/local/bin/pppd
+PPPD_LOC=/usr/sbin/pppd
#
# The location of local options file (where ssh client is running).
@@ -52,7 +52,7 @@ PPPD_REM_OPT=/etc/ppp/options-ssh-rem
#
# The location of ssh client on the local machine
#
-SSH_LOC=/usr/local/bin/ssh
+SSH_LOC=/usr/bin/ssh
export PPPD_LOC PPPD_LOC_OPT PPPD_REM_OPT PPPD_RHOST SSH_LOC
diff --git a/scripts/secure-card b/scripts/secure-card
index 0002365..ae3ae50 100755
--- a/scripts/secure-card
+++ b/scripts/secure-card
@@ -1,4 +1,4 @@
-#!/usr/local/bin/expect -f
+#!/usr/bin/expect -f
#
# This script was written by Jim Isaacson <jcisaac@crl.com>. It is
# designed to work as a script to use the SecureCARD(tm) device. This
--
1.8.3.1

57
0009-pppd-introduce-ipv6-accept-remote.patch
View File

@ -1,57 +0,0 @@
From abef895f9d144f05a83045136b77277352dc450f Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@fedoraproject.org>
Date: Fri, 4 Apr 2014 18:53:33 +0200
Subject: [PATCH 09/27] pppd: introduce ipv6-accept-remote
---
pppd/ipv6cp.c | 5 ++++-
pppd/ipv6cp.h | 3 ++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/pppd/ipv6cp.c b/pppd/ipv6cp.c
index caa2b26..5a56c95 100644
--- a/pppd/ipv6cp.c
+++ b/pppd/ipv6cp.c
@@ -245,6 +245,8 @@ static option_t ipv6cp_option_list[] = {
{ "ipv6cp-accept-local", o_bool, &ipv6cp_allowoptions[0].accept_local,
"Accept peer's interface identifier for us", 1 },
+ { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote,
+ "Accept peer's interface identifier for itself", 1 },
{ "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip,
"Use (default) IPv4 address as interface identifier", 1 },
@@ -437,6 +439,7 @@ ipv6cp_init(unit)
memset(ao, 0, sizeof(*ao));
wo->accept_local = 1;
+ wo->accept_remote = 1;
wo->neg_ifaceid = 1;
ao->neg_ifaceid = 1;
@@ -962,7 +965,7 @@ ipv6cp_reqci(f, inp, len, reject_if_disagree)
orc = CONFREJ; /* Reject CI */
break;
}
- if (!eui64_iszero(wo->hisid) &&
+ if (!eui64_iszero(wo->hisid) && !wo->accept_remote &&
!eui64_equals(ifaceid, wo->hisid) &&
eui64_iszero(go->hisid)) {
diff --git a/pppd/ipv6cp.h b/pppd/ipv6cp.h
index cc4568d..8c7552e 100644
--- a/pppd/ipv6cp.h
+++ b/pppd/ipv6cp.h
@@ -150,7 +150,8 @@
typedef struct ipv6cp_options {
int neg_ifaceid; /* Negotiate interface identifier? */
int req_ifaceid; /* Ask peer to send interface identifier? */
- int accept_local; /* accept peer's value for iface id? */
+ int accept_local; /* accept peer's value for our iface id? */
+ int accept_remote; /* accept peer's value for his iface id? */
int opt_local; /* ourtoken set by option */
int opt_remote; /* histoken set by option */
int use_ip; /* use IP as interface identifier */
--
1.8.3.1

26
0010-build-sys-enable-CBCP.patch
View File

@ -1,26 +0,0 @@
From 8015a0ef23a874f288d5e77ffafe1d7f4281725d Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 18:59:24 +0200
Subject: [PATCH 10/27] build-sys: enable CBCP
Resolves: #199278
---
pppd/Makefile.linux | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 95c2598..65700fa 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -68,7 +68,7 @@ HAVE_INET6=y
PLUGIN=y
# Enable Microsoft proprietary Callback Control Protocol
-#CBCP=y
+CBCP=y
# Enable EAP SRP-SHA1 authentication (requires libsrp)
#USE_SRP=y
--
1.8.3.1

47
0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
View File

@ -1,19 +1,3 @@
From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 14:21:41 +0200
Subject: [PATCH 14/27] everywhere: use SOCK_CLOEXEC when creating socket
---
pppd/plugins/pppoatm/pppoatm.c | 2 +-
pppd/plugins/pppol2tp/openl2tp.c | 2 +-
pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
pppd/plugins/rp-pppoe/if.c | 2 +-
pppd/plugins/rp-pppoe/plugin.c | 6 +++---
pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
pppd/sys-linux.c | 10 +++++-----
pppd/tty.c | 2 +-
8 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
index d693350..c31bb34 100644
--- a/pppd/plugins/pppoatm/pppoatm.c
@ -53,10 +37,10 @@ index a7e3400..e64a778 100644
if (fd >= 0) {
memset (&ifr, '\0', sizeof (ifr));
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
index 91e9a57..72aba41 100644
--- a/pppd/plugins/rp-pppoe/if.c
+++ b/pppd/plugins/rp-pppoe/if.c
--- a/pppd/plugins/pppoe/if.c
+++ b/pppd/plugins/pppoe/if.c
@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
@ -66,10 +50,10 @@ index 91e9a57..72aba41 100644
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
fatal("Cannot create raw socket -- pppoe must be run as root.");
diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
index a8c2bb4..24bdf8f 100644
--- a/pppd/plugins/rp-pppoe/plugin.c
+++ b/pppd/plugins/rp-pppoe/plugin.c
--- a/pppd/plugins/pppoe/plugin.c
+++ b/pppd/plugins/pppoe/plugin.c
@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
/* server equipment). */
/* Opening this socket just before waitForPADS in the discovery() */
@ -97,10 +81,10 @@ index a8c2bb4..24bdf8f 100644
r = 0;
}
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
index 3d3bf4e..c0d927d 100644
--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
--- a/pppd/plugins/pppoe/pppoe-discovery.c
+++ b/pppd/plugins/pppoe/pppoe-discovery.c
@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
stype = SOCK_PACKET;
#endif
@ -109,7 +93,7 @@ index 3d3bf4e..c0d927d 100644
+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
rp_fatal("Cannot create raw socket -- pppoe must be run as root.");
fatal("Cannot create raw socket -- pppoe must be run as root.");
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 00a2cf5..0690019 100644
--- a/pppd/sys-linux.c
@ -136,7 +120,7 @@ index 00a2cf5..0690019 100644
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sock_fd < 0)
return 0;
return -1;
memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
@@ -2067,7 +2067,7 @@ int ppp_available(void)
/*
@ -147,15 +131,6 @@ index 00a2cf5..0690019 100644
if (s < 0)
return 0;
@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
int skfd;
const unsigned char *ptr;
- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if(skfd == -1)
{
warn("could not open IPv6 socket");
diff --git a/pppd/tty.c b/pppd/tty.c
index bc96695..8e76a5d 100644
--- a/pppd/tty.c

23
0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
View File

@ -1,18 +1,7 @@
From a30efa2cc99a5b6ab220de04cbcc7db38888a17a Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 7 Apr 2014 14:29:45 +0200
Subject: [PATCH 16/27] rp-pppoe: add manpage for pppoe-discovery
---
pppd/plugins/rp-pppoe/Makefile.linux | 2 +
pppd/plugins/rp-pppoe/pppoe-discovery.8 | 86 +++++++++++++++++++++++++++++++++
2 files changed, 88 insertions(+)
create mode 100644 pppd/plugins/rp-pppoe/pppoe-discovery.8
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index 3cd9101..9918091 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -16,6 +16,7 @@
DESTDIR = $(INSTROOT)@DESTDIR@
@ -22,18 +11,18 @@ index 3cd9101..9918091 100644
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
@@ -46,6 +47,7 @@ install: all
$(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
$(INSTALL) -d -m 755 $(BINDIR)
$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
+ $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
clean:
rm -f *.o *.so pppoe-discovery
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.8 b/pppd/plugins/rp-pppoe/pppoe-discovery.8
diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8
new file mode 100644
index 0000000..d0a93db
--- /dev/null
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.8
+++ b/pppd/plugins/pppoe/pppoe-discovery.8
@@ -0,0 +1,86 @@
+.\" pppoe-discovery.8 written by
+.\" Ben Hutchings <ben@decadentplace.org.uk>, based on pppoe.8.

3045
0017-pppd-rebase-EAP-TLS-patch-v0.994.patch
View File

File diff suppressed because it is too large Load Diff

383
0019-sys-linux-rework-get_first_ethernet.patch
View File

@ -1,383 +0,0 @@
From 6edc865bd02ab591b9121d4a5f6dc3cdbe5af809 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 9 Apr 2014 09:18:24 +0200
Subject: [PATCH 19/27] sys-linux: rework get_first_ethernet()
We can't assume that host has ethernet NIC named "eth0". Rather than guessing we
better ask udev. We iterate over symlinks symlinks in /sys/class/net and
for each device we determine if it is ethernet device and additionally we query
udev database for sub-type of the device. If we find PCI or USB device which has
ethernet datalink type and appropriate sub-type we return its name. If we don't
succeed in determining more information about device we will return "good
enough" device which in turn is first device with ethernet datalink type.
Note that we now have two copies of get_first_ethernet() in the source code. This
is bad and should be fixed in the future.
This commit replaces ppp-2.4.5-eth.patch.
Resolves: #682381
---
pppd/Makefile.linux | 3 +
pppd/multilink.c | 4 +-
pppd/plugins/rp-pppoe/Makefile.linux | 4 +-
pppd/plugins/rp-pppoe/pppoe-discovery.c | 117 +++++++++++++++++++++++++++++++-
pppd/pppd.h | 2 +-
pppd/sys-linux.c | 115 +++++++++++++++++++++++++++++--
6 files changed, 232 insertions(+), 13 deletions(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 53df4d2..0e8107f 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -32,6 +32,9 @@ include .depend
endif
CC = gcc
+
+LIBS = -ludev
+
#
COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
diff --git a/pppd/multilink.c b/pppd/multilink.c
index 135cab0..2f0ed50 100644
--- a/pppd/multilink.c
+++ b/pppd/multilink.c
@@ -436,12 +436,12 @@ static int
get_default_epdisc(ep)
struct epdisc *ep;
{
- char *p;
+ char *p = NULL;
struct hostent *hp;
u_int32_t addr;
/* First try for an ethernet MAC address */
- p = get_first_ethernet();
+ get_first_ethernet(&p);
if (p != 0 && get_if_hwaddr(ep->value, p) >= 0) {
ep->class = EPD_MAC;
ep->length = 6;
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index 9918091..b949716 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -30,8 +30,8 @@ COPTS=$(RPM_OPT_FLAGS)
CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
all: rp-pppoe.so pppoe-discovery
-pppoe-discovery: pppoe-discovery.o debug.o
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o
+pppoe-discovery: pppoe-discovery.o debug.o common.o
+ $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
pppoe-discovery.o: pppoe-discovery.c
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
index c0d927d..2bd910f 100644
--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
@@ -47,8 +47,13 @@
#include <net/if_arp.h>
#endif
+#include <dirent.h>
+#include <sys/types.h>
+#include <libudev.h>
+
char *xstrdup(const char *s);
void usage(void);
+int get_first_ethernet(char **_r);
void die(int status)
{
@@ -681,8 +686,15 @@ int main(int argc, char *argv[])
}
/* default interface name */
- if (!conn->ifName)
- conn->ifName = strdup("eth0");
+ if (!conn->ifName) {
+ char *eth_dev;
+ if (get_first_ethernet(&eth_dev) < 0) {
+ fprintf(stderr, "No ethernet device on the host.\n");
+ exit(1);
+ }
+ conn->ifName = eth_dev;
+ }
+
conn->discoverySocket = -1;
conn->sessionSocket = -1;
@@ -722,3 +734,104 @@ void usage(void)
fprintf(stderr, "Usage: pppoe-discovery [options]\n");
fprintf(stderr, "\nVersion " RP_VERSION "\n");
}
+
+/*
+ * get_first_ethernet - return the name of the first ethernet-style
+ * interface on this system.
+ */
+int
+get_first_ethernet(char **_r)
+{
+ int r = 0;
+ DIR *d = NULL;
+ struct dirent *entry = NULL;
+ struct udev *udev = NULL;
+ struct udev_device *dev = NULL;
+ char *eth_dev = NULL;
+
+ d = opendir("/sys/class/net");
+ if (!d) {
+ fprintf(stderr, "Failed to open dir /sys/class/net : %m\n");
+ r = -errno;
+ goto fail;
+ }
+
+ udev = udev_new();
+ if (!udev) {
+ fprintf(stderr, "Failed to talk to systemd-udevd\n");
+ r = -EIO;
+ goto fail;
+ }
+
+ while ((entry = readdir(d)) != NULL) {
+ char syspath[PATH_MAX] = {};
+ const char *type = NULL;
+
+ if ((strcmp(entry->d_name, ".") == 0) || (strcmp(entry->d_name, "..") == 0))
+ continue;
+
+ sprintf(syspath, "/sys/class/net/%s", entry->d_name);
+
+ dev = udev_device_new_from_syspath(udev, syspath);
+ if (!dev)
+ continue;
+
+ type = udev_device_get_sysattr_value(dev, "type");
+ if (strcmp(type, "1") == 0) {
+ const char *pci_dev_subclass = NULL, *usb_dev_subclass = NULL;
+
+ pci_dev_subclass = udev_device_get_property_value(dev,
+ "ID_PCI_SUBCLASS_FROM_DATABASE");
+ usb_dev_subclass = udev_device_get_property_value(dev,
+ "ID_USB_SUBCLASS_FROM_DATABASE");
+
+ if ((pci_dev_subclass && strcmp(pci_dev_subclass, "Ethernet controller") == 0) ||
+ (usb_dev_subclass && (strcmp(usb_dev_subclass, "Ethernet Networking") == 0 ||
+ strcmp(usb_dev_subclass, "Ethernet Emulation") == 0))) {
+ char *d = NULL;
+
+ d = strdup(entry->d_name);
+ if (!d) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ free(eth_dev);
+ eth_dev = d;
+ break;
+ } else if (!eth_dev) {
+ eth_dev = strdup(entry->d_name);
+ if (!eth_dev) {
+ r = -ENOMEM;
+ goto fail;
+ }
+ }
+ }
+
+ udev_device_unref(dev);
+ dev = NULL;
+ }
+
+ if (dev)
+ udev_device_unref(dev);
+ udev_unref(udev);
+ closedir(d);
+
+ *_r = eth_dev;
+
+ return 0;
+
+fail:
+ if (dev)
+ udev_device_unref(dev);
+
+ if (udev)
+ udev_unref(udev);
+
+ if (d)
+ closedir(d);
+
+ free(eth_dev);
+
+ return r;
+}
diff --git a/pppd/pppd.h b/pppd/pppd.h
index de271c1..aaddba1 100644
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
@@ -691,7 +691,7 @@ int sipxfaddr __P((int, unsigned long, unsigned char *));
int cipxfaddr __P((int));
#endif
int get_if_hwaddr __P((u_char *addr, char *name));
-char *get_first_ethernet __P((void));
+int get_first_ethernet __P((char **_r));
/* Procedures exported from options.c */
int setipaddr __P((char *, char **, int)); /* Set local/remote ip addresses */
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
index 0690019..ec09c50 100644
--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
@@ -92,6 +92,9 @@
#include <ctype.h>
#include <termios.h>
#include <unistd.h>
+#include <dirent.h>
+
+#include <libudev.h>
/* This is in netdevice.h. However, this compile will fail miserably if
you attempt to include netdevice.h because it has so many references
@@ -1873,10 +1876,101 @@ get_if_hwaddr(u_char *addr, char *name)
* get_first_ethernet - return the name of the first ethernet-style
* interface on this system.
*/
-char *
-get_first_ethernet()
-{
- return "eth0";
+int
+get_first_ethernet(char **_r)
+{
+ int r = 0;
+ DIR *d = NULL;
+ struct dirent *entry = NULL;
+ struct udev *udev = NULL;
+ struct udev_device *dev = NULL;
+ char *eth_dev = NULL;
+
+ d = opendir("/sys/class/net");
+ if (!d) {
+ fprintf(stderr, "Failed to open dir /sys/class/net : %m\n");
+ r = -errno;
+ goto fail;
+ }
+
+ udev = udev_new();
+ if (!udev) {
+ fprintf(stderr, "Failed to talk to systemd-udevd\n");
+ r = -EIO;
+ goto fail;
+ }
+
+ while ((entry = readdir(d)) != NULL) {
+ char syspath[PATH_MAX] = {};
+ const char *type = NULL;
+
+ if ((strcmp(entry->d_name, ".") == 0) || (strcmp(entry->d_name, "..") == 0))
+ continue;
+
+ sprintf(syspath, "/sys/class/net/%s", entry->d_name);
+
+ dev = udev_device_new_from_syspath(udev, syspath);
+ if (!dev)
+ continue;
+
+ type = udev_device_get_sysattr_value(dev, "type");
+ if (strcmp(type, "1") == 0) {
+ const char *pci_dev_subclass = NULL, *usb_dev_subclass = NULL;
+
+ pci_dev_subclass = udev_device_get_property_value(dev,
+ "ID_PCI_SUBCLASS_FROM_DATABASE");
+ usb_dev_subclass = udev_device_get_property_value(dev,
+ "ID_USB_SUBCLASS_FROM_DATABASE");
+
+ if ((pci_dev_subclass && strcmp(pci_dev_subclass, "Ethernet controller") == 0) ||
+ (usb_dev_subclass && (strcmp(usb_dev_subclass, "Ethernet Networking") == 0 ||
+ strcmp(usb_dev_subclass, "Ethernet Emulation") == 0))) {
+ char *d = NULL;
+
+ d = strdup(entry->d_name);
+ if (!d) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ free(eth_dev);
+ eth_dev = d;
+ break;
+ } else if (!eth_dev) {
+ eth_dev = strdup(entry->d_name);
+ if (!eth_dev) {
+ r = -ENOMEM;
+ goto fail;
+ }
+ }
+ }
+
+ udev_device_unref(dev);
+ dev = NULL;
+ }
+
+ if (dev)
+ udev_device_unref(dev);
+ udev_unref(udev);
+ closedir(d);
+
+ *_r = eth_dev;
+
+ return 0;
+
+fail:
+ if (dev)
+ udev_device_unref(dev);
+
+ if (udev)
+ udev_unref(udev);
+
+ if (d)
+ closedir(d);
+
+ free(eth_dev);
+
+ return r;
}
/********************************************************************
@@ -2859,6 +2953,7 @@ ether_to_eui64(eui64_t *p_eui64)
struct ifreq ifr;
int skfd;
const unsigned char *ptr;
+ char *eth_dev = NULL;
skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if(skfd == -1)
@@ -2867,11 +2962,19 @@ ether_to_eui64(eui64_t *p_eui64)
return 0;
}
- strcpy(ifr.ifr_name, "eth0");
+ if (get_first_ethernet(&eth_dev) < 0)
+ {
+ warn("no ethernet device present on the host");
+ return 0;
+ }
+
+ strcpy(ifr.ifr_name, eth_dev);
+ free(eth_dev);
+
if(ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0)
{
close(skfd);
- warn("could not obtain hardware address for eth0");
+ warn("could not obtain hardware address for %s", ifr.ifr_name);
return 0;
}
close(skfd);
--
1.8.3.1

26
0020-pppd-put-lock-files-in-var-lock-ppp.patch
View File

@ -1,26 +0,0 @@
From c5a5f795b1defcb6d168e79c4d1fc371dfc556ca Mon Sep 17 00:00:00 2001
From: Jiri Skala <jskala@redhat.com>
Date: Wed, 9 Apr 2014 09:29:50 +0200
Subject: [PATCH 20/27] pppd: put lock files in /var/lock/ppp
Resolves: #708260
---
pppd/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/utils.c b/pppd/utils.c
index 6051b9a..8407492 100644
--- a/pppd/utils.c
+++ b/pppd/utils.c
@@ -846,7 +846,7 @@ complete_read(int fd, void *buf, size_t count)
/* Procedures for locking the serial device using a lock file. */
#ifndef LOCK_DIR
#ifdef __linux__
-#define LOCK_DIR "/var/lock"
+#define LOCK_DIR "/var/lock/ppp"
#else
#ifdef SVR4
#define LOCK_DIR "/var/spool/locks"
--
1.8.3.1

23
0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
View File

@ -1,23 +0,0 @@
From d69eb9a8aa284014dd7dd282813989eda9d84d74 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 9 Apr 2014 09:56:09 +0200
Subject: [PATCH 21/27] build-sys: compile pppol2tp plugin with RPM_OPT_FLAGS
---
pppd/plugins/pppol2tp/Makefile.linux | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 4339566..9a635b8 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -1,5 +1,5 @@
#CC = gcc
-COPTS = -O2 -g
+COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
LDFLAGS = -shared
INSTALL = install
--
1.8.3.1

24
0022-build-sys-compile-pppol2tp-with-multilink-support.patch
View File

@ -1,24 +0,0 @@
From a0060c5d48ef742bff4fe9ba9c276a5c21795ce8 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 9 Apr 2014 09:58:38 +0200
Subject: [PATCH 22/27] build-sys: compile pppol2tp with multilink support
Resolves: #817013
---
pppd/plugins/pppol2tp/Makefile.linux | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 9a635b8..9cb316d 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -1,5 +1,5 @@
#CC = gcc
-COPTS = $(RPM_OPT_FLAGS)
+COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
LDFLAGS = -shared
INSTALL = install
--
1.8.3.1

30
0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
View File

@ -1,24 +1,15 @@
From 769521a3798fd554ddc7333cb1255cd1b40790e8 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 10 Apr 2014 10:00:55 +0200
Subject: [PATCH 23/27] build-sys: install rp-pppoe plugin files with standard
perms
This is needed to properly generate debuginfo package.
---
pppd/plugins/rp-pppoe/Makefile.linux | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index b949716..fa49efb 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -44,10 +44,10 @@ rp-pppoe.so: plugin.o discovery.o if.o common.o
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index 2df887b..6cb8397 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -43,12 +43,12 @@ pppoe.so: plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
+ $(INSTALL) -c -m 755 rp-pppoe.so $(LIBDIR)
- $(INSTALL) -c -m 4550 pppoe.so $(LIBDIR)
+ $(INSTALL) -c -m 755 pppoe.so $(LIBDIR)
# Symlink for backward compatibility
$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
$(INSTALL) -d -m 755 $(BINDIR)
- $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
- $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
@ -27,6 +18,3 @@ index b949716..fa49efb 100644
clean:
rm -f *.o *.so pppoe-discovery
--
1.8.3.1

3046
0026-Revert-pppd-rebase-EAP-TLS-patch-v0.994.patch
View File

File diff suppressed because it is too large Load Diff

3205
0027-pppd-EAP-TLS-patch-v0.999.patch
View File

File diff suppressed because it is too large Load Diff

35
0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
View File

@ -1,35 +0,0 @@
From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Sat, 10 Dec 2016 19:53:56 +0100
Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
To fix build breakage.
---
pppd/plugins/rp-pppoe/pppoe.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
index 9ab2eee..f77f5b7 100644
--- a/pppd/plugins/rp-pppoe/pppoe.h
+++ b/pppd/plugins/rp-pppoe/pppoe.h
@@ -15,6 +15,8 @@
#include "config.h"
+#include <netinet/in.h>
+
#if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H)
#define _POSIX_SOURCE 1 /* For sigaction defines */
#endif
@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
#include <linux/if_ether.h>
#endif
-#include <netinet/in.h>
-
#ifdef HAVE_NETINET_IF_ETHER_H
#include <sys/types.h>
--
2.9.3

79
ppp-2.4.7-DES-openssl.patch
View File

@ -1,79 +0,0 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 534ccc2..cf11b74 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -41,7 +41,7 @@ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
# Uncomment the next 2 lines to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
CHAPMS=y
-USE_CRYPT=y
+#USE_CRYPT=y
# Don't use MSLANMAN unless you really know what you're doing.
#MSLANMAN=y
# Uncomment the next line to include support for MPPE. CHAPMS (above) must
@@ -147,7 +147,8 @@ endif
ifdef NEEDDES
ifndef USE_CRYPT
-LIBS += -ldes $(LIBS)
+CFLAGS += -I/usr/include/openssl
+LIBS += -lcrypto
else
CFLAGS += -DUSE_CRYPT=1
endif
diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
index 8b85b13..6b35375 100644
--- a/pppd/pppcrypt.c
+++ b/pppd/pppcrypt.c
@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
des_key[7] = Get7Bits(key, 49);
#ifndef USE_CRYPT
- des_set_odd_parity((des_cblock *)des_key);
+ DES_set_odd_parity((DES_cblock *)des_key);
#endif
}
@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
}
#else /* USE_CRYPT */
-static des_key_schedule key_schedule;
+static DES_key_schedule key_schedule;
bool
DesSetkey(key)
u_char *key;
{
- des_cblock des_key;
+ DES_cblock des_key;
MakeKey(key, des_key);
- des_set_key(&des_key, key_schedule);
+ DES_set_key(&des_key, &key_schedule);
return (1);
}
bool
-DesEncrypt(clear, key, cipher)
+DesEncrypt(clear, cipher)
u_char *clear; /* IN 8 octets */
u_char *cipher; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
- key_schedule, 1);
+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
+ &key_schedule, 1);
return (1);
}
@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
u_char *cipher; /* IN 8 octets */
u_char *clear; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
- key_schedule, 0);
+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
+ &key_schedule, 0);
return (1);
}

170
ppp-2.4.7-honor-ldflags.patch
View File

@ -1,170 +0,0 @@
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
index 2445637..83114f1 100644
--- a/chat/Makefile.linux
+++ b/chat/Makefile.linux
@@ -18,7 +18,7 @@ INSTALL= install
all: chat
chat: chat.o
- $(CC) -o chat chat.o
+ $(CC) $(LDFLAGS) -o chat chat.o
chat.o: chat.c
$(CC) -c $(CFLAGS) -o chat.o chat.c
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index cf11b74..089f164 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -188,7 +188,7 @@ endif
ifdef PLUGIN
CFLAGS += -DPLUGIN
-LDFLAGS += -Wl,-E
+LDFLAGS_PLUGIN += -Wl,-E
LIBS += -ldl
endif
@@ -230,7 +230,7 @@ install: pppd
$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
pppd: $(PPPDOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
srp-entry: srp-entry.c
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS)
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 303833a..04fe876 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
# EAP-TLS
@@ -33,7 +33,7 @@ all: $(PLUGINS)
for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
%.so: %.c
- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
+ $(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h)
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 4c5826f..1961e0e 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
#***********************************************************************
@@ -33,7 +33,7 @@ endif
all: $(PLUGIN)
$(PLUGIN): $(PLUGIN_OBJS)
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 9cb316d..7b23b25 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
#***********************************************************************
@@ -16,7 +16,7 @@ PLUGINS := pppol2tp.so openl2tp.so
all: $(PLUGINS)
%.so: %.o
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 707326b..2150332 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -43,13 +43,13 @@ install: all
$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
radius.so: radius.o libradiusclient.a
- $(CC) -o radius.so -shared radius.o libradiusclient.a
+ $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
radattr.so: radattr.o
- $(CC) -o radattr.so -shared radattr.o
+ $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o
radrealms.so: radrealms.o
- $(CC) -o radrealms.so -shared radrealms.o
+ $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o
CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
clientid.o sendserver.o lock.o util.o md5.o
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index fa49efb..5e06b52 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
all: rp-pppoe.so pppoe-discovery
pppoe-discovery: pppoe-discovery.o debug.o common.o
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
+ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
pppoe-discovery.o: pppoe-discovery.c
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
@@ -40,7 +40,7 @@ debug.o: debug.c
$(CC) $(CFLAGS) -c -o debug.o debug.c
rp-pppoe.so: plugin.o discovery.o if.o common.o
- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
+ $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
index 95c6805..33e5107 100644
--- a/pppdump/Makefile.linux
+++ b/pppdump/Makefile.linux
@@ -10,7 +10,7 @@ INSTALL= install
all: pppdump
pppdump: $(OBJS)
- $(CC) -o pppdump $(OBJS)
+ $(CC) $(LDFLAGS) -o pppdump $(OBJS)
clean:
rm -f pppdump $(OBJS) *~
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
index c5ba3b1..eeccf83 100644
--- a/pppstats/Makefile.linux
+++ b/pppstats/Makefile.linux
@@ -26,7 +26,7 @@ install: pppstats
$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
pppstats: $(PPPSTATSRCS)
- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
clean:
rm -f pppstats *~ #* core

2
0025-pppd-install-pppd-binary-using-standard-perms-755.patch → ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
View File

@ -23,7 +23,7 @@ index 0e8107f..534ccc2 100644
+ $(INSTALL) -c -m 644 pppd.8 $(MANDIR)
pppd: $(PPPDOBJS)
$(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
--
1.8.3.1

2
0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch → ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
View File

@ -14,7 +14,7 @@ index 4271af6..9e957fa 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -428,7 +428,7 @@ setupapfile(argv)
option_error("unable to reset uid before opening %s: %m", fname);
free(fname);
return 0;
}
- ufile = fopen(fname, "r");

121
0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch → ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
View File

@ -1,24 +1,8 @@
From 69711944745af0078da77e108d30f89fd7e06108 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Apr 2014 12:01:33 +0200
Subject: [PATCH 05/27] build-sys: don't hardcode LIBDIR, but set it according
to the target platform
---
pppd/Makefile.linux | 3 ++-
pppd/pathnames.h | 2 +-
pppd/plugins/Makefile.linux | 2 +-
pppd/plugins/pppoatm/Makefile.linux | 2 +-
pppd/plugins/pppol2tp/Makefile.linux | 4 ++--
pppd/plugins/radius/Makefile.linux | 2 +-
pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
7 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 63872eb..8ed56c1 100644
index 6a4b897..8f29c1f 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -8,6 +8,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
@@ -12,6 +12,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
INCDIR = $(DESTDIR)/include
@ -26,20 +10,20 @@ index 63872eb..8ed56c1 100644
TARGETS = pppd
@@ -32,7 +33,7 @@ endif
@@ -93,7 +94,7 @@ INCLUDE_DIRS= -I../include
CC = gcc
#
-COPTS = -Wall $(RPM_OPT_FLAGS)
+COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
# Uncomment the next 2 lines to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
-CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
+CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -DLIBDIR=\""$(LIBDIR)"\"
ifdef CHAPMS
CFLAGS += -DCHAPMS=1
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
index a33f046..a427cb8 100644
index 524d608..c7eadbb 100644
--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
@@ -57,7 +57,7 @@
@@ -62,7 +62,7 @@
#ifdef PLUGIN
#ifdef __STDC__
@ -49,24 +33,24 @@ index a33f046..a427cb8 100644
#define _PATH_PLUGIN "/usr/lib/pppd"
#endif /* __STDC__ */
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index e09a369..b474a19 100644
index 6403e3d..f42d18c 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -7,7 +7,7 @@ INSTALL = install
@@ -5,7 +5,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell $(CC) -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
SUBDIRS := rp-pppoe pppoatm pppol2tp
# Uncomment the next line to include the radius authentication plugin
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS_SHARED = -shared
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 5a81447..769794b 100644
index d3a8086..c2aff0c 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -7,7 +7,7 @@ INSTALL = install
#***********************************************************************
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
@ -74,39 +58,11 @@ index 5a81447..769794b 100644
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index ea3538e..4339566 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -6,8 +6,8 @@ INSTALL = install
#***********************************************************************
-DESTDIR = @DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+DESTDIR = $(INSTROOT)@DESTDIR@
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 45b3b8d..179d0b7 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -5,7 +5,7 @@
DESTDIR = $(INSTROOT)@DESTDIR@
MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index 352991a..1305ed8 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -16,7 +16,7 @@
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
index c415ce3..d3b7392 100644
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -18,7 +18,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin
@ -115,6 +71,29 @@ index 352991a..1305ed8 100644
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
--
1.8.3.1
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 1aa1c0b..e4442f9 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)/@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 489aef2..d2ef044 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -9,7 +9,7 @@ COPTS=@CFLAGS@
DESTDIR = $(INSTROOT)@DESTDIR@
MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)

21
ppp-2.4.9-config.patch Normal file
View File

@ -0,0 +1,21 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index e77373e..07df6a7 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -68,14 +68,14 @@ USE_TDB=y
#SYSTEMD=y
HAS_SHADOW=y
-#USE_PAM=y
+USE_PAM=y
HAVE_INET6=y
# Enable plugins
PLUGIN=y
# Enable Microsoft proprietary Callback Control Protocol
-#CBCP=y
+CBCP=y
# Enable EAP SRP-SHA1 authentication (requires libsrp)
#USE_SRP=y

17
ppp-2.4.9-configure-cflags-allow-commas.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git a/configure b/configure
index f977663..c7031c2 100755
--- a/configure
+++ b/configure
@@ -121,9 +121,9 @@ mkmkf() {
rm -f $2
if [ -f $1 ]; then
echo " $2 <= $1"
- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
+ sed -e "s|@DESTDIR@|$DESTDIR|g" -e "s|@SYSCONF@|$SYSCONF|g" \
+ -e "s|@CROSS_COMPILE@|$CROSS_COMPILE|g" -e "s|@CC@|$CC|g" \
+ -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2
fi
}

8
0013-everywhere-O_CLOEXEC-harder.patch → ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
View File

@ -43,8 +43,8 @@ index 6d50d1b..4880377 100644
if (log_to_fd >= 0)
errfd = log_to_fd;
else
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
++conn_running;
pid = safe_fork(in, out, errfd);
@ -146,9 +146,9 @@ index 8a12fa0..00a2cf5 100644
#endif
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
{
warn("Couldn't open pty slave %s: %m", pty_name);
}
}
close(mfd);
@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
for (i = 0; i < 64; ++i) {
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",

898
ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch Normal file
View File

@ -0,0 +1,898 @@
From d706c95906d996534f13632a747af5dc617f306e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
Date: Sat, 24 Apr 2021 03:00:34 -0700
Subject: [PATCH] pppd: Expose the MPPE keys generated through an API (#267)
The lengthy part of this fix is to refactor the handling of MPPE keys
by moving it into mppe.c and thus reducing the clutter in chap_ms.c.
It does so by renaming the mppe_set_keys/2 to the corresponding
mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these
functions.
Having done so, it conveniently allows the name "mppe_set_keys" to be
re-used for this new purpose which will copy the key material up to
its size and then clear the input parameters (avoids leaving the MPPE
keys on the stack).
Additional functiions added to the MPPE code allow plugins et al. to
access the MPPE keys, clear the keys, and check if they are set. All
plugin and CCP code has been updated to use this API.
This fixes GitHub Issue #258
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
---
pppd/Makefile.linux | 2 +
pppd/Makefile.sol2 | 2 +-
pppd/ccp.c | 15 +--
pppd/chap_ms.c | 167 +----------------------
pppd/chap_ms.h | 22 +---
pppd/eap-tls.c | 21 +--
pppd/eap-tls.h | 5 -
pppd/mppe.c | 248 +++++++++++++++++++++++++++++++++++
pppd/mppe.h | 70 +++++++++-
pppd/plugins/radius/radius.c | 14 +-
pppd/plugins/winbind.c | 8 +-
11 files changed, 348 insertions(+), 226 deletions(-)
create mode 100644 pppd/mppe.c
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index f92f7c0..852945e 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -109,6 +109,8 @@ CFLAGS += -DMSLANMAN=1
endif
ifdef MPPE
CFLAGS += -DMPPE=1
+PPPDOBJS += mppe.o
+PPPDSRC += mppe.c
HEADERS += mppe.h
endif
endif
diff --git a/pppd/Makefile.sol2 b/pppd/Makefile.sol2
index 809cb4b..3a8681c 100644
--- a/pppd/Makefile.sol2
+++ b/pppd/Makefile.sol2
@@ -37,7 +37,7 @@ OBJS += ipv6cp.o eui64.o
# Uncomment to enable MS-CHAP
CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H
-OBJS += chap_ms.o pppcrypt.o md4.o sha1.o
+OBJS += chap_ms.o pppcrypt.o md4.o sha1.o mppe.o
# Uncomment to enable MPPE (in both CHAP and EAP-TLS)
CFLAGS += -DMPPE
diff --git a/pppd/ccp.c b/pppd/ccp.c
index 052c4c6..387b571 100644
--- a/pppd/ccp.c
+++ b/pppd/ccp.c
@@ -38,10 +38,9 @@
#include "ccp.h"
#include <net/ppp-comp.h>
-#ifdef MPPE
-#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */
+#include "chap_ms.h"
+#include "mppe.h"
#include "lcp.h" /* lcp_close(), lcp_fsm */
-#endif
/*
@@ -574,7 +573,7 @@ ccp_resetci(fsm *f)
}
/* A plugin (eg radius) may not have obtained key material. */
- if (!mppe_keys_set) {
+ if (!mppe_keys_isset()) {
error("MPPE required, but keys are not available. "
"Possible plugin problem?");
lcp_close(f->unit, "MPPE required but not available");
@@ -705,7 +704,7 @@ static void
p[1] = opt_buf[1] = CILEN_MPPE;
MPPE_OPTS_TO_CI(go->mppe, &p[2]);
MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
+ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
if (res > 0)
p += CILEN_MPPE;
@@ -1156,8 +1155,7 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak)
int mtu;
BCOPY(p, opt_buf, CILEN_MPPE);
- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
- MPPE_MAX_KEY_LEN);
+ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
if (ccp_test(f->unit, opt_buf,
CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
/* This shouldn't happen, we've already tested it! */
@@ -1426,8 +1424,7 @@ ccp_up(fsm *f)
notice("%s transmit compression enabled", method_name(ho, NULL));
#ifdef MPPE
if (go->mppe) {
- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
+ mppe_clear_keys();
continue_networks(f->unit); /* Bring up IP et al */
}
#endif
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c
index df2dadd..d315ab4 100644
--- a/pppd/chap_ms.c
+++ b/pppd/chap_ms.c
@@ -93,8 +93,7 @@
#include "sha1.h"
#include "pppcrypt.h"
#include "magic.h"
-
-
+#include "mppe.h"
static void ascii2unicode (char[], int, u_char[]);
static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
@@ -109,21 +108,12 @@ static void GenerateAuthenticatorResponsePlain
static void ChapMS_LANMan (u_char *, char *, int, u_char *);
#endif
-#ifdef MPPE
-static void Set_Start_Key (u_char *, char *, int);
-static void SetMasterKeys (char *, int, u_char[24], int);
-#endif
-
#ifdef MSLANMAN
bool ms_lanman = 0; /* Use LanMan password instead of NT */
/* Has meaning only with MS-CHAP challenges */
#endif
#ifdef MPPE
-u_char mppe_send_key[MPPE_MAX_KEY_LEN];
-u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
-int mppe_keys_set = 0; /* Have the MPPE keys been set? */
-
#ifdef DEBUGMPPEKEY
/* For MPPE debug */
/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
@@ -719,28 +709,6 @@ GenerateAuthenticatorResponsePlain
#ifdef MPPE
-/*
- * Set mppe_xxxx_key from the NTPasswordHashHash.
- * RFC 2548 (RADIUS support) requires us to export this function (ugh).
- */
-void
-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
-{
- SHA1_CTX sha1Context;
- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
-
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, rchallenge, 8);
- SHA1_Final(Digest, &sha1Context);
-
- /* Same key in both directions. */
- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
-
- mppe_keys_set = 1;
-}
/*
* Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
@@ -757,104 +725,7 @@ Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
- mppe_set_keys(rchallenge, PasswordHashHash);
-}
-
-/*
- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
- *
- * This helper function used in the Winbind module, which gets the
- * NTHashHash from the server.
- */
-void
-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], int IsServer)
-{
- SHA1_CTX sha1Context;
- u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
-
- u_char SHApad1[40] =
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
- u_char SHApad2[40] =
- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
-
- /* "This is the MPPE Master Key" */
- u_char Magic1[27] =
- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
- /* "On the client side, this is the send key; "
- "on the server side, it is the receive key." */
- u_char Magic2[84] =
- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
- 0x6b, 0x65, 0x79, 0x2e };
- /* "On the client side, this is the receive key; "
- "on the server side, it is the send key." */
- u_char Magic3[84] =
- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
- 0x6b, 0x65, 0x79, 0x2e };
- u_char *s;
-
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, NTResponse, 24);
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
- SHA1_Final(MasterKey, &sha1Context);
-
- /*
- * generate send key
- */
- if (IsServer)
- s = Magic3;
- else
- s = Magic2;
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, MasterKey, 16);
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
- SHA1_Update(&sha1Context, s, 84);
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
- SHA1_Final(Digest, &sha1Context);
-
- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
-
- /*
- * generate recv key
- */
- if (IsServer)
- s = Magic2;
- else
- s = Magic3;
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, MasterKey, 16);
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
- SHA1_Update(&sha1Context, s, 84);
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
- SHA1_Final(Digest, &sha1Context);
-
- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
-
- mppe_keys_set = 1;
+ mppe_set_chapv1(rchallenge, PasswordHashHash);
}
/*
@@ -870,7 +741,7 @@ SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer);
+ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer);
}
#endif /* MPPE */
@@ -945,38 +816,6 @@ ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
#endif
}
-#ifdef MPPE
-/*
- * Set MPPE options from plugins.
- */
-void
-set_mppe_enc_types(int policy, int types)
-{
- /* Early exit for unknown policies. */
- if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
- policy != MPPE_ENC_POL_ENC_REQUIRED)
- return;
-
- /* Don't modify MPPE if it's optional and wasn't already configured. */
- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
- return;
-
- /*
- * Disable undesirable encryption types. Note that we don't ENABLE
- * any encryption types, to avoid overriding manual configuration.
- */
- switch(types) {
- case MPPE_ENC_TYPES_RC4_40:
- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
- break;
- case MPPE_ENC_TYPES_RC4_128:
- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
- break;
- default:
- break;
- }
-}
-#endif /* MPPE */
static struct chap_digest_type chapms_digest = {
CHAP_MICROSOFT, /* code */
diff --git a/pppd/chap_ms.h b/pppd/chap_ms.h
index 005eb63..4e6a621 100644
--- a/pppd/chap_ms.h
+++ b/pppd/chap_ms.h
@@ -38,6 +38,7 @@
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
#define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
+#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */
/* as ASCII */
/* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
@@ -67,22 +68,6 @@
#define MS_CHAP2_NTRESP_LEN 24
#define MS_CHAP2_FLAGS 48
-#ifdef MPPE
-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
-extern int mppe_keys_set;
-
-/* These values are the RADIUS attribute values--see RFC 2548. */
-#define MPPE_ENC_POL_ENC_ALLOWED 1
-#define MPPE_ENC_POL_ENC_REQUIRED 2
-#define MPPE_ENC_TYPES_RC4_40 2
-#define MPPE_ENC_TYPES_RC4_128 4
-
-/* used by plugins (using above values) */
-extern void set_mppe_enc_types(int, int);
-#endif
-
/* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
#define MS_CHAP2_AUTHENTICATEE 0
#define MS_CHAP2_AUTHENTICATOR 1
@@ -90,11 +75,6 @@ extern void set_mppe_enc_types(int, int);
void ChapMS (u_char *, char *, int, u_char *);
void ChapMS2 (u_char *, u_char *, char *, char *, int,
u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
-#ifdef MPPE
-void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]);
-void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], int IsServer);
-#endif
void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c
index 5c202c7..bfcf199 100644
--- a/pppd/eap-tls.c
+++ b/pppd/eap-tls.c
@@ -48,6 +48,8 @@
#include "eap-tls.h"
#include "fsm.h"
#include "lcp.h"
+#include "chap_ms.h"
+#include "mppe.h"
#include "pathnames.h"
typedef struct pw_cb_data
@@ -74,10 +76,6 @@ int ssl_new_session_cb(SSL *s, SSL_SESSION *sess);
X509 *get_X509_from_file(char *filename);
int ssl_cmp_certs(char *filename, X509 * a);
-#ifdef MPPE
-
-#define EAPTLS_MPPE_KEY_LEN 32
-
/*
* OpenSSL 1.1+ introduced a generic TLS_method()
* For older releases we substitute the appropriate method
@@ -119,6 +117,8 @@ static inline int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+#ifdef MPPE
+#define EAPTLS_MPPE_KEY_LEN 32
/*
* Generate keys according to RFC 2716 and add to reply
@@ -161,24 +161,17 @@ void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client)
*/
if (client)
{
- p = out;
- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
- p += EAPTLS_MPPE_KEY_LEN;
- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
+ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN);
}
else
{
- p = out;
- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
- p += EAPTLS_MPPE_KEY_LEN;
- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
+ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN);
}
-
- mppe_keys_set = 1;
}
#endif /* MPPE */
+
void log_ssl_errors( void )
{
unsigned long ssl_err = ERR_get_error();
diff --git a/pppd/eap-tls.h b/pppd/eap-tls.h
index c74a831..b935ec5 100644
--- a/pppd/eap-tls.h
+++ b/pppd/eap-tls.h
@@ -86,11 +86,6 @@ int get_eaptls_secret(int unit, char *client, char *server,
char *capath, char *pkfile, int am_server);
#ifdef MPPE
-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
-extern int mppe_keys_set;
-
void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);
#endif
diff --git a/pppd/mppe.c b/pppd/mppe.c
new file mode 100644
index 0000000..4f3d131
--- /dev/null
+++ b/pppd/mppe.c
@@ -0,0 +1,248 @@
+/* * mppe.c - MPPE key implementation
+ *
+ * Copyright (c) 2020 Eivind Naess. All rights reserved.
+ * Copyright (c) 2008 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ */
+
+#include <string.h>
+
+#include "pppd.h"
+#include "fsm.h"
+#include "md4.h"
+#include "sha1.h"
+#include "ccp.h"
+#include "chap_ms.h"
+#include "mppe.h"
+
+u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
+u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
+int mppe_keys_set = 0;
+
+void
+mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen)
+{
+ int length = keylen;
+ if (length > MPPE_MAX_KEY_SIZE)
+ length = MPPE_MAX_KEY_SIZE;
+
+ if (send_key) {
+ BCOPY(send_key, mppe_send_key, length);
+ BZERO(send_key, keylen);
+ }
+
+ if (recv_key) {
+ BCOPY(recv_key, mppe_recv_key, length);
+ BZERO(recv_key, keylen);
+ }
+
+ mppe_keys_set = length;
+}
+
+bool
+mppe_keys_isset()
+{
+ return !!mppe_keys_set;
+}
+
+int
+mppe_get_recv_key(u_char *recv_key, int length)
+{
+ if (mppe_keys_isset()) {
+ if (length > mppe_keys_set)
+ length = mppe_keys_set;
+ BCOPY(mppe_recv_key, recv_key, length);
+ return length;
+ }
+ return 0;
+}
+
+int
+mppe_get_send_key(u_char *send_key, int length)
+{
+ if (mppe_keys_isset()) {
+ if (length > mppe_keys_set)
+ length = mppe_keys_set;
+ BCOPY(mppe_send_key, send_key, length);
+ return length;
+ }
+ return 0;
+}
+
+void
+mppe_clear_keys(void)
+{
+ mppe_keys_set = 0;
+ BZERO(mppe_send_key, sizeof(mppe_send_key));
+ BZERO(mppe_recv_key, sizeof(mppe_recv_key));
+}
+
+/*
+ * Set mppe_xxxx_key from the NTPasswordHashHash.
+ * RFC 2548 (RADIUS support) requires us to export this function (ugh).
+ */
+void
+mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
+{
+ SHA1_CTX sha1Context;
+ u_char Digest[SHA1_SIGNATURE_SIZE];
+
+ SHA1_Init(&sha1Context);
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
+ SHA1_Update(&sha1Context, rchallenge, 8);
+ SHA1_Final(Digest, &sha1Context);
+
+ /* Same key in both directions. */
+ mppe_set_keys(Digest, Digest, sizeof(Digest));
+}
+
+/*
+ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
+ *
+ * This helper function used in the Winbind module, which gets the
+ * NTHashHash from the server.
+ */
+void
+mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer)
+{
+ SHA1_CTX sha1Context;
+ u_char MasterKey[SHA1_SIGNATURE_SIZE];
+ u_char SendKey[SHA1_SIGNATURE_SIZE];
+ u_char RecvKey[SHA1_SIGNATURE_SIZE];
+
+ u_char SHApad1[40] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ u_char SHApad2[40] =
+ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
+
+ /* "This is the MPPE Master Key" */
+ u_char Magic1[27] =
+ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
+ /* "On the client side, this is the send key; "
+ "on the server side, it is the receive key." */
+ u_char Magic2[84] =
+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
+ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e };
+ /* "On the client side, this is the receive key; "
+ "on the server side, it is the send key." */
+ u_char Magic3[84] =
+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
+ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e };
+ u_char *s;
+
+ SHA1_Init(&sha1Context);
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
+ SHA1_Update(&sha1Context, NTResponse, 24);
+ SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
+ SHA1_Final(MasterKey, &sha1Context);
+
+ /*
+ * generate send key
+ */
+ if (IsServer)
+ s = Magic3;
+ else
+ s = Magic2;
+ SHA1_Init(&sha1Context);
+ SHA1_Update(&sha1Context, MasterKey, 16);
+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
+ SHA1_Update(&sha1Context, s, 84);
+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
+ SHA1_Final(SendKey, &sha1Context);
+
+ /*
+ * generate recv key
+ */
+ if (IsServer)
+ s = Magic2;
+ else
+ s = Magic3;
+ SHA1_Init(&sha1Context);
+ SHA1_Update(&sha1Context, MasterKey, 16);
+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
+ SHA1_Update(&sha1Context, s, 84);
+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
+ SHA1_Final(RecvKey, &sha1Context);
+
+ mppe_set_keys(SendKey, RecvKey, SHA1_SIGNATURE_SIZE);
+}
+
+/*
+ * Set MPPE options from plugins.
+ */
+void
+mppe_set_enc_types(int policy, int types)
+{
+ /* Early exit for unknown policies. */
+ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
+ policy != MPPE_ENC_POL_ENC_REQUIRED)
+ return;
+
+ /* Don't modify MPPE if it's optional and wasn't already configured. */
+ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
+ return;
+
+ /*
+ * Disable undesirable encryption types. Note that we don't ENABLE
+ * any encryption types, to avoid overriding manual configuration.
+ */
+ switch(types) {
+ case MPPE_ENC_TYPES_RC4_40:
+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
+ break;
+ case MPPE_ENC_TYPES_RC4_128:
+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
+ break;
+ default:
+ break;
+ }
+}
+
diff --git a/pppd/mppe.h b/pppd/mppe.h
index 5eb3b37..98a89d3 100644
--- a/pppd/mppe.h
+++ b/pppd/mppe.h
@@ -32,9 +32,12 @@
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef __MPPE_H__
+#define __MPPE_H__
#define MPPE_PAD 4 /* MPPE growth per frame */
-#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
+#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */
+#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */
/* option bits for ccp_options.mppe */
#define MPPE_OPT_40 0x01 /* 40 bit */
@@ -119,3 +122,68 @@
if (ptr[3] & ~MPPE_ALL_BITS) \
opts |= MPPE_OPT_UNKNOWN; \
} while (/* CONSTCOND */ 0)
+
+
+#if MPPE
+
+/*
+ * NOTE:
+ * Access to these variables directly is discuraged. Please
+ * change your code to use below accessor functions.
+ */
+
+/* The key material generated which is used for MPPE send key */
+extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
+/* The key material generated which is used for MPPE recv key */
+extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
+/* Keys are set if value is non-zero */
+extern int mppe_keys_set;
+
+/* These values are the RADIUS attribute values--see RFC 2548. */
+#define MPPE_ENC_POL_ENC_ALLOWED 1
+#define MPPE_ENC_POL_ENC_REQUIRED 2
+#define MPPE_ENC_TYPES_RC4_40 2
+#define MPPE_ENC_TYPES_RC4_128 4
+
+/* used by plugins (using above values) */
+void mppe_set_enc_types (int policy, int types);
+
+/*
+ * Set the MPPE send and recv keys. NULL values for keys are ignored
+ * and input values are cleared to avoid leaving them on the stack
+ */
+void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen);
+
+/*
+ * Get the MPPE recv key
+ */
+int mppe_get_recv_key(u_char *recv_key, int length);
+
+/*
+ * Get the MPPE send key
+ */
+int mppe_get_send_key(u_char *send_key, int length);
+
+/*
+ * Clear the MPPE keys
+ */
+void mppe_clear_keys(void);
+
+/*
+ * Check if the MPPE keys are set
+ */
+bool mppe_keys_isset(void);
+
+/*
+ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
+ */
+void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]);
+
+/*
+ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
+ */
+void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer);
+
+#endif // #ifdef MPPE
+#endif // #ifdef __MPPE_H__
diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c
index c579831..cf4c0f2 100644
--- a/pppd/plugins/radius/radius.c
+++ b/pppd/plugins/radius/radius.c
@@ -31,6 +31,7 @@ static char const RCSID[] =
#ifdef CHAPMS
#include "chap_ms.h"
#ifdef MPPE
+#include "mppe.h"
#include "md5.h"
#endif
#endif
@@ -743,11 +744,12 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
* Note that if the policy value was '0' we don't set the key!
*/
if (mppe_enc_policy && mppe_enc_keys) {
- mppe_keys_set = 1;
/* Set/modify allowed encryption types. */
if (mppe_enc_types)
- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
+ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types);
+ return 0;
}
+ mppe_clear_keys();
#endif
return 0;
@@ -803,7 +805,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
* the NAS (us) doesn't need; we only need the start key. So we have
* to generate the start key, sigh. NB: We do not support the LM-Key.
*/
- mppe_set_keys(challenge, &plain[8]);
+ mppe_set_chapv1(challenge, &plain[8]);
return 0;
}
@@ -855,7 +857,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
for (i = 0; i < 16; i++)
plain[i] ^= buf[i];
- if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
+ if (plain[0] != 16) {
error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
(int) plain[0], type);
return -1;
@@ -869,9 +871,9 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
plain[16] ^= buf[0]; /* only need the first byte */
if (vp->attribute == PW_MS_MPPE_SEND_KEY)
- memcpy(mppe_send_key, plain + 1, 16);
+ mppe_set_keys(plain + 1, NULL, 16);
else
- memcpy(mppe_recv_key, plain + 1, 16);
+ mppe_set_keys(NULL, plain + 1, 16);
return 0;
}
diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
index 0c395c3..67c72f6 100644
--- a/pppd/plugins/winbind.c
+++ b/pppd/plugins/winbind.c
@@ -37,11 +37,9 @@
#include "pppd.h"
#include "chap-new.h"
#include "chap_ms.h"
-#ifdef MPPE
-#include "md5.h"
-#endif
#include "fsm.h"
#include "ipcp.h"
+#include "mppe.h"
#include <syslog.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -583,7 +581,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
nt_response, nt_response_size,
session_key,
&error_string) == AUTHENTICATED) {
- mppe_set_keys(challenge, session_key);
+ mppe_set_chapv1(challenge, session_key);
slprintf(message, message_space, "Access granted");
return AUTHENTICATED;
@@ -628,7 +626,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
&response[MS_CHAP2_NTRESP],
&response[MS_CHAP2_PEER_CHALLENGE],
challenge, user, saresponse);
- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP],
+ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
MS_CHAP2_AUTHENTICATOR);
if (response[MS_CHAP2_FLAGS]) {
slprintf(message, message_space, "S=%s", saresponse);
--
2.34.1

37
ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch Normal file
View File

@ -0,0 +1,37 @@
From e609ed8bb62e4648568eaa49fbbc858dfda6d122 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
Date: Sun, 14 Mar 2021 16:20:29 -0700
Subject: [PATCH] pppd: Fix logical error in comparing valid encryption
policies (#262)
RFC2548 describes the proper values of the MS-MPPE-Encryption-Policy attribute.
and it can only hold 2 values: 1 (encryption allowed) and 2 (encryption required).
See
https://tools.ietf.org/html/rfc2548, section 2.4.4
The correct comparison should be made with an && and not a ||.
This fixes github issue #218
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
---
pppd/chap_ms.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c
index e6b84f2..df2dadd 100644
--- a/pppd/chap_ms.c
+++ b/pppd/chap_ms.c
@@ -953,7 +953,7 @@ void
set_mppe_enc_types(int policy, int types)
{
/* Early exit for unknown policies. */
- if (policy != MPPE_ENC_POL_ENC_ALLOWED ||
+ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
policy != MPPE_ENC_POL_ENC_REQUIRED)
return;
--
2.34.1

32
ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch Normal file
View File

@ -0,0 +1,32 @@
From d7e62a8499c4032d79e05afbd8fd3efd51c5b148 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
Date: Thu, 3 Feb 2022 14:28:22 -0800
Subject: [PATCH] pppd/eap: Fix bug causing incorrect response length (#334)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Need to update the esp->ea_client.ea_namelen variable. A plugin can override the
name of the user, and the variable is passed onto the eap_chap2_response generating
the wrong response length.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
---
pppd/eap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/pppd/eap.c b/pppd/eap.c
index 54c3d42..6cb595f 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -2182,6 +2182,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
eap_send_nak(esp, id, EAPT_SRP);
break;
}
+ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
/* Create the MSCHAPv2 response (and add to cache) */
unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
--
2.34.1

1
ppp-tmpfiles.conf
View File

@ -1,2 +1 @@
d /run/ppp 0755 root root
d /run/lock/ppp 0755 root root

223
ppp.spec
View File

@ -1,13 +1,13 @@
%global _hardened_build 1
Name: ppp
Version: 2.4.9
Release: 9.0.riscv64%{?dist}
Summary: The Point-to-Point Protocol daemon
Name: ppp
Version: 2.4.7
Release: 21%{?dist}
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
Group: System Environment/Daemons
URL: http://www.samba.org/ppp
Source0: ftp://ftp.samba.org/pub/ppp/ppp-%{version}.tar.gz
URL: http://www.samba.org/ppp
Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz
Source1: ppp-pam.conf
Source2: ppp-logrotate.conf
Source3: ppp-tmpfiles.conf
@ -22,43 +22,34 @@ Source11: ifdown-ppp
Source12: ppp-watch.tar.xz
# Fedora-specific
Patch0001: 0001-build-sys-use-gcc-as-our-compiler-of-choice.patch
Patch0002: 0002-build-sys-enable-PAM-support.patch
Patch0003: 0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
Patch0004: 0004-doc-add-configuration-samples.patch
Patch0005: 0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
Patch0006: 0006-scritps-use-change_resolv_conf-function.patch
Patch0007: 0007-build-sys-don-t-strip-binaries-during-installation.patch
Patch0008: 0008-build-sys-use-prefix-usr-instead-of-usr-local.patch
Patch0009: 0009-pppd-introduce-ipv6-accept-remote.patch
Patch0010: 0010-build-sys-enable-CBCP.patch
Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
Patch0012: 0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
Patch0013: 0013-everywhere-O_CLOEXEC-harder.patch
Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
Patch0017: 0017-pppd-rebase-EAP-TLS-patch-v0.994.patch
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
Patch0019: 0019-sys-linux-rework-get_first_ethernet.patch
Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch
Patch0021: 0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
Patch0022: 0022-build-sys-compile-pppol2tp-with-multilink-support.patch
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch
Patch0026: 0026-Revert-pppd-rebase-EAP-TLS-patch-v0.994.patch
Patch0027: 0027-pppd-EAP-TLS-patch-v0.999.patch
Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
# rhbz#1556132
Patch0029: ppp-2.4.7-DES-openssl.patch
# https://github.com/paulusmack/ppp/pull/95
Patch0030: ppp-2.4.7-honor-ldflags.patch
Patch0002: ppp-2.4.9-config.patch
Patch0004: 0004-doc-add-configuration-samples.patch
Patch0005: ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
Patch0006: 0006-scritps-use-change_resolv_conf-function.patch
Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
Patch0013: ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
Patch0026: ppp-2.4.9-configure-cflags-allow-commas.patch
# https://github.com/ppp-project/ppp/commit/d7e62a8499c4032d79e05afbd8fd3efd51c5b148
Patch0027: ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch
# https://github.com/ppp-project/ppp/commit/e609ed8bb62e4648568eaa49fbbc858dfda6d122
Patch0028: ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch
# https://github.com/ppp-project/ppp/pull/267/commits/6bfe06b9428a60eb637d5450d65dd3932fe5a83f
Patch0029: ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
BuildRequires: openssl-devel
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd, initscripts >= 9.54
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
Requires(pre): /usr/bin/getent
Requires(pre): /usr/sbin/groupadd
@ -69,26 +60,45 @@ transmitting datagrams over serial point-to-point links. PPP is
usually used to dial in to an ISP (Internet Service Provider) or other
organization over a modem and phone line.
%package -n network-scripts-%{name}
Summary: PPP legacy network service support
Requires: network-scripts
Supplements: (%{name} and network-scripts)
%description -n network-scripts-%{name}
This provides the ifup and ifdown scripts for use with the legacy network
service.
%package devel
Summary: Headers for ppp plugin development
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
This package contains the header files for building plugins for ppp.
%prep
%setup -q
%autopatch -p1
%autosetup -p1 -n %{name}-%{name}-%{version}
tar -xJf %{SOURCE12}
# Temporary, see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85142
# This was fixed in GCC, but now we produce /lib64/lpd64d/ path.
%ifarch riscv64
sed -i'' \
-e 's|/$(shell gcc -print-multi-os-directory 2> /dev/null)|64|g' \
-e 's|/$(shell $(CC) -print-multi-os-directory 2> /dev/null)|64|g' \
pppd/plugins/radius/Makefile.linux \
pppd/plugins/pppol2tp/Makefile.linux \
pppd/plugins/Makefile.linux \
pppd/plugins/pppoatm/Makefile.linux \
pppd/plugins/pppoe/Makefile.linux \
pppd/Makefile.linux
%endif
%build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
export RPM_LD_FLAGS="$LDFLAGS"
%configure
make %{?_smp_mflags} LDFLAGS="%{?build_ldflags}"
make -C ppp-watch %{?_smp_mflags} LDFLAGS="%{?build_ldflags}"
%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
%{make_build} LDFLAGS="%{?build_ldflags} -pie"
%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"
%install
make INSTROOT=%{buildroot} install install-etcppp
@ -123,6 +133,9 @@ install -d %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/
install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
# ghosts
mkdir -p %{buildroot}%{_rundir}/ppp
%pre
/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
@ -130,7 +143,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
%tmpfiles_create ppp.conf
%files
%defattr(-,root,root)
%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
%{_sbindir}/chat
%{_sbindir}/pppd
%{_sbindir}/pppdump
@ -144,8 +157,6 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
%{_sysconfdir}/ppp/ip-down.ipv6to4
%{_sysconfdir}/ppp/ipv6-up
%{_sysconfdir}/ppp/ipv6-down
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
%{_mandir}/man8/chat.8*
%{_mandir}/man8/pppd.8*
%{_mandir}/man8/pppdump.8*
@ -155,8 +166,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
%{_mandir}/man8/pppoe-discovery.8*
%{_mandir}/man8/ppp-watch.8*
%{_libdir}/pppd
%ghost %dir /run/ppp
%ghost %dir /run/lock/ppp
%ghost %dir %{_rundir}/ppp
%dir %{_sysconfdir}/logrotate.d
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
@ -167,14 +177,117 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
%config(noreplace) %{_sysconfdir}/pam.d/ppp
%config(noreplace) %{_sysconfdir}/logrotate.d/ppp
%{_tmpfilesdir}/ppp.conf
%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
%files -n network-scripts-%{name}
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
%files devel
%defattr(-,root,root)
%{_includedir}/pppd
%doc PLUGINS
%changelog
* Tue Apr 25 2023 David Abdurachmanov <davidlt@rivosinc.com> - 2.4.9-9.0.riscv64
- Add workaround for RISC-V (riscv64)
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Apr 05 2022 Marcin Zajaczkowski <mszpak ATT wp DOTT pl> - 2.4.9-7
- Backport patches from master for SSTP to connect using EAP-TLS to Azure VnetGWay and Windows RAS server
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4.9-5
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Mar 8 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-3
- Keep lock files in /var/lock (https://github.com/ppp-project/ppp/pull/227)
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-1
- New version
Resolves: rhbz#1912617
* Mon Aug 10 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-8
- Added workaround for Windows Server 2019
Resolves: rhbz#1867047
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.8-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu May 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-6
- Added missing options to man pages
* Tue Apr 7 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-5
- Updated EAP-TLS patch to v1.300
* Mon Apr 6 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-4
- Updated EAP-TLS patch to v1.201
* Fri Feb 28 2020 Tom Stellard <tstellar@redhat.com> - 2.4.8-3
- Use make_build macro
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
* Wed Feb 26 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-2
- Fixed ghost directories verification
* Fri Feb 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-1
- New version
- Changed sources to github
- Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h,
ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags,
ppp-2.4.7-coverity-scan-fixes patches (all upstreamed)
- Fixed buffer overflow in the eap_request and eap_response functions
Resolves: CVE-2020-8597
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-33
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-31
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.4.7-30
- Rebuilt for libcrypt.so.2 (#1666033)
* Mon Dec 3 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-29
- Fixed some issues found by coverity scan
* Tue Nov 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-28
- Fixed network scripts related regression caused by release 26
* Mon Nov 5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-27
- Updated EAP-TLS patch to v1.102
* Tue Jul 24 2018 Lubomir Rintel <lkundrak@v3.sk> - 2.4.7-26
- Split out the network-scripts
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat Jun 30 2018 Peter Robinson <pbrobinson@fedoraproject.org> 2.4.7-24
- Remove group/defattr, minor spec cleanups
* Wed Jun 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-23
- Replaced initscripts requirement by the network-scripts
Resolves: rhbz#1592384
* Tue Jun 5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-22
- Updated EAP-TLS patch to v1.101
Resolves: CVE-2018-11574
* Mon Apr 9 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-21
- Link with -E not to break plugins
Resolves: rhbz#1564459

4
sources
View File

@ -1,2 +1,2 @@
78818f40e6d33a1d1de68a1551f6595a ppp-2.4.7.tar.gz
166cdfbce3391746fde60e86752c7bc7 ppp-watch.tar.xz
SHA512 (ppp-watch.tar.xz) = aee10735facf918b9a1e33408c9f19d8240c2cd265837da87ac9f58e097eece6bbe1abcaf426e2f10369d1368f6e9e68d2e07d005a19857f17d6318708ec438a
SHA512 (ppp-2.4.9.tar.gz) = c309f8f69f534c05547cd2f66dade0e0f198ea4c2928a7e899e660280786b3e965437a67b8c5bb81c59d0fa1818b4eb7b701d2dce015a420d380422d2bca4e1a