ppp/ppp.spec

Name:           ppp
Version:        2.5.0
Release:        5
Summary:        The Point-to-Point Protocol

License:        BSD and LGPLv2+ and GPLv2+ and Public Domain
URL:            https://ppp.samba.org/
Source0:        https://download.samba.org/pub/ppp/%{name}-%{version}.tar.gz
Source1:        ppp-watch.tar.xz
Source2:        ip-down
Source3:        ip-down.ipv6to4
Source4:        ip-up
Source5:        ip-up.ipv6to4
Source6:        ipv6-down
Source7:        ipv6-up
Source8:        ifup-ppp
Source9:        ifdown-ppp
Source10:       ppp-pam.conf
Source11:       ppp-logrotate.conf
Source12:       ppp-tmpfiles.conf

BuildRequires:  gcc glib2-devel libpcap-devel openssl-devel pam-devel systemd systemd-devel
BuildRequires:  autoconf automake libtool make
Requires:       libpcap >= 14:0.8.3-6 glibc >= 2.0.6 systemd /etc/pam.d/system-auth network-scripts
Supplements:    (network-scripts)
Requires(pre):  /usr/bin/getent
Requires(pre):  /usr/sbin/groupadd
Provides:       network-scripts-ppp
Obsoletes:      network-scripts-ppp

Patch0002:      backport-0004-doc-add-configuration-samples.patch
Patch0004:      backport-ppp-2.5.0-use-change-resolv-function.patch
Patch0006:      backport-ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
Patch0007:      backport-ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
Patch0008:      backport-0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch

Patch0009:      refuse-pap-by-default-for-security.patch

Patch0010:      backport-Fixing-up-parsing-in-radiusclient.conf.patch
Patch0011:      backport-Add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch
Patch0012:      backport-CVE-2024-58250.patch

%description
The Point-to-Point Protocol (PPP) provides a standard way to establish
a network connection over a serial link.  At present, this package
supports IP and IPV6 and the protocols layered above them, such as TCP
and UDP.  The Linux port of this package also has support for IPX.

%package        devel
Summary:        Development environment for %{name}
Requires:       %{name} = %{version}-%{release}
Requires:       pkgconf-pkg-config

%description    devel
The %{name}-devel package contains libraries and header files for
building plugins for the %{name}.

%package_help

%prep
%setup -qn %{name}-%{version}
%autopatch -p1
tar -xvJf %{SOURCE1}
mkdir ppp
mkdir network-scripts
cp %{SOURCE2} ppp
cp %{SOURCE3} ppp
cp %{SOURCE4} ppp
cp %{SOURCE5} ppp
cp %{SOURCE6} ppp
cp %{SOURCE7} ppp
cp %{SOURCE8} network-scripts
cp %{SOURCE9} network-scripts

%build
autoreconf -fi
export CFLAGS="%{build_cflags} -fno-strict-aliasing"
%configure --enable-systemd --enable-cbcp --with-pam --disable-openssl-engine
%make_build
%make_build -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"

%install
%make_install
find scripts -type f | xargs chmod a-x
make install ROOT=$RPM_BUILD_ROOT -C ppp-watch
mkdir -p %{buildroot}%{_sysconfdir}/ppp
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/network-scripts
mkdir -p %{buildroot}%{_localstatedir}/log/ppp
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d
for file in ppp/*; do
    install -p $file %{buildroot}%{_sysconfdir}/ppp/
done
for file in network-scripts/*; do
    install -p $file %{buildroot}%{_sysconfdir}/sysconfig/network-scripts
done

install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/ppp
install -m 644 -p %{SOURCE11} %{buildroot}%{_sysconfdir}/logrotate.d/ppp
install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf

%delete_la

#ghosts
mkdir -p %{buildroot}%{_rundir}/ppp
mkdir -p %{buildroot}%{_rundir}/pppd/lock

%pre
/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :

%post
%tmpfiles_create ppp.conf
%files
%doc README scripts sample
%{_sysconfdir}/ppp/ip*
%{_sysconfdir}/sysconfig/network-scripts/if*-ppp
%{_sysconfdir}/ppp/openssl.cnf
%config(noreplace) %{_sysconfdir}/%{name}/chap-secrets
%config(noreplace) %{_sysconfdir}/%{name}/eaptls-client
%config(noreplace) %{_sysconfdir}/%{name}/eaptls-server
%config(noreplace) %{_sysconfdir}/%{name}/options
%config(noreplace) %{_sysconfdir}/%{name}/pap-secrets
%config(noreplace) %{_sysconfdir}/pam.d/ppp
%config(noreplace) %{_sysconfdir}/logrotate.d/ppp
%{_prefix}/lib/tmpfiles.d/*.conf
%{_libdir}/pppd/%{version}/*.so
%{_sbindir}/chat
%{_sbindir}/ppp*
%ghost %dir %{_rundir}/ppp
%ghost %dir %{_rundir}/pppd
%ghost %dir %{_rundir}/pppd/lock
%attr(700, root, root) %dir %{_localstatedir}/log/ppp

%files devel
%{_includedir}/pppd/*.h
%{_libdir}/pkgconfig/pppd.pc

%files help
%doc FAQ README.cbcp README.eap-tls README.linux README.MPPE
%doc README.MSCHAP80 README.MSCHAP81 README.pppoe README.pwfd PLUGINS
%{_mandir}/man8/*.8.gz

%changelog
* Tue Apr 29 2025 gaihuiying <eaglegai@163.com> - 2.5.0-5
- Type:CVE
- CVE:CVE-2024-58250
- SUG:NA
- DESC:fix CVE-2024-58250

* Fri Feb 14 2025 gaihuiying <eaglegai@163.com> - 2.5.0-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:backport upstream
       Fixing up parsing in radiusclient.conf
       Add configure check to see if we have struct sockaddr_ll

* Mon Aug 05 2024 gaihuiying <eaglegai@163.com> - 2.5.0-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:pre-created upstream default lock dir
       Openssl engine API is deprecated for a while thus disable it

* Fri May 10 2024 gaihuiying <eaglegai@163.com> - 2.5.0-2
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:refuse pap by default for security

* Mon Jul 24 2023 gaihuiying <eaglegai@163.com> - 2.5.0-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update ppp version from 2.4.9 to 2.5.0

* Fri Mar 10 2023 xingwei <xingwei14@h-partners.com> - 2.4.9-5
- Type:bufix
- ID:NA
- SUG:NA
- DESC:add fclose operation to fix file pointer not closed after use

* Tue Feb 28 2023 laokz <zhangkai@iscas.ac.cn> - 2.4.9-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix patch0017 for riscv64

* Thu Dec 29 2022 gaihuiying <eaglegai@163.com> - 2.4.9-3
- Type:cves
- ID:NA
- SUG:NA
- DESC:fix CVE-2022-4603

* Wed Oct 19 2022 gaihuiying <eaglegai@163.com> - 2.4.9-2
- Type:bufix
- ID:NA
- SUG:NA
- DESC:pppd: Negotiate IP address when only peer addresses are provided

* Mon Mar 28 2022 xihaochen <xihaochen@h-partners.com> - 2.4.9-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update ppp version from 2.4.8 to 2.4.9

* Tue Dec 15 2020 xihaochen <xihaochen@huawei.com> - 2.4.8-3
- Type:requirement
- ID:NA
- SUG:NA
- DESC:remove sensitive words 

* Tue Nov 10 2020 whoisxxx <zhangxuzhou4@huawei.com> - 2.4.8-2
- Type: bugfix
- ID: NA
- SUG: NA
- DESC:Set LIBDIR for RISC-V

* Tue Jun 30 2020 yuboyun <yuboyun@huawei.com> - 2.4.8-1
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:update ppp version from 2.4.7 to 2.4.8

* Tue Mar 17 2020 chenzhen <chenzhen44@huawei.com> - 2.4.7-29
- Type:cves
- ID:CVE-2020-8597
- SUG:restart
- DESC:fix CVE-2020-8597

* Fri Dec 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.7-28
- Type:cves
- ID:CVE-2015-3310
- SUG:restart
- DESC:fix CVE-2015-3310

* Sun Sep 15 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.4.7-27
- Package Init