update 4.2.7 to 4.2.8

2020-06-29 16:02:36 +08:00 · 2020-06-29 16:02:36 +08:00 · 3e8756aade
commit 3e8756aade
parent 73f1d91ac8
17 changed files with 300 additions and 499 deletions
--- a/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
+++ b/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
@ -1,35 +0,0 @@
 From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001
 From: Lubomir Rintel <lkundrak@v3.sk>
 Date: Sat, 10 Dec 2016 19:53:56 +0100
 Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
 To fix build breakage.
 ---
 pppd/plugins/rp-pppoe/pppoe.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
 index 9ab2eee..f77f5b7 100644
 --- a/pppd/plugins/rp-pppoe/pppoe.h
 +++ b/pppd/plugins/rp-pppoe/pppoe.h
@@ -15,6 +15,8 @@
 #include "config.h"
 +#include <netinet/in.h>
 +
 #if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H)
 #define _POSIX_SOURCE 1 /* For sigaction defines */
 #endif
@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
 #include <linux/if_ether.h>
 #endif
 -#include <netinet/in.h>
 -
 #ifdef HAVE_NETINET_IF_ETHER_H
 #include <sys/types.h>
 -- 
 2.9.3
--- a/ppp-2.4.7-DES-openssl.patch
+++ b/ppp-2.4.7-DES-openssl.patch
@ -1,79 +0,0 @@
 diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
 index 534ccc2..cf11b74 100644
 --- a/pppd/Makefile.linux
 +++ b/pppd/Makefile.linux
@@ -41,7 +41,7 @@ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
 # Uncomment the next 2 lines to include support for Microsoft's
 # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
 CHAPMS=y
 -USE_CRYPT=y
 +#USE_CRYPT=y
 # Don't use MSLANMAN unless you really know what you're doing.
 #MSLANMAN=y
 # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
@@ -147,7 +147,8 @@ endif
 ifdef NEEDDES
 ifndef USE_CRYPT
 -LIBS     += -ldes $(LIBS)
 +CFLAGS   += -I/usr/include/openssl
 +LIBS     += -lcrypto
 else
 CFLAGS   += -DUSE_CRYPT=1
 endif
 diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
 index 8b85b13..6b35375 100644
 --- a/pppd/pppcrypt.c
 +++ b/pppd/pppcrypt.c
@@ -64,7 +64,7 @@ u_char *des_key;	/* OUT 64 bit DES key with parity bits added */
 	des_key[7] = Get7Bits(key, 49);
 #ifndef USE_CRYPT
 -	des_set_odd_parity((des_cblock *)des_key);
 +	DES_set_odd_parity((DES_cblock *)des_key);
 #endif
 }
@@ -158,25 +158,25 @@ u_char *clear;	/* OUT 8 octets */
 }
 #else /* USE_CRYPT */
 -static des_key_schedule	key_schedule;
 +static DES_key_schedule	key_schedule;
 bool
 DesSetkey(key)
 u_char *key;
 {
 -	des_cblock des_key;
 +	DES_cblock des_key;
 	MakeKey(key, des_key);
 -	des_set_key(&des_key, key_schedule);
 +	DES_set_key(&des_key, &key_schedule);
 	return (1);
 }
 bool
 -DesEncrypt(clear, key, cipher)
 +DesEncrypt(clear, cipher)
 u_char *clear;	/* IN  8 octets */
 u_char *cipher;	/* OUT 8 octets */
 {
 -	des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
 -	    key_schedule, 1);
 +	DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
 +	    &key_schedule, 1);
 	return (1);
 }
@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
 u_char *cipher;	/* IN  8 octets */
 u_char *clear;	/* OUT 8 octets */
 {
 -	des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
 -	    key_schedule, 0);
 +	DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
 +	    &key_schedule, 0);
 	return (1);
 }
--- a/ppp-2.4.7-honor-ldflags.patch
+++ b/ppp-2.4.7-honor-ldflags.patch
@ -1,170 +0,0 @@
 diff --git a/chat/Makefile.linux b/chat/Makefile.linux
 index 2445637..83114f1 100644
 --- a/chat/Makefile.linux
 +++ b/chat/Makefile.linux
@@ -18,7 +18,7 @@ INSTALL= install
 all:	chat
 chat:	chat.o
 -	$(CC) -o chat chat.o
 +	$(CC) $(LDFLAGS) -o chat chat.o
 chat.o:	chat.c
 	$(CC) -c $(CFLAGS) -o chat.o chat.c
 diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
 index cf11b74..089f164 100644
 --- a/pppd/Makefile.linux
 +++ b/pppd/Makefile.linux
@@ -188,7 +188,7 @@ endif
 ifdef PLUGIN
 CFLAGS	+= -DPLUGIN
 -LDFLAGS	+= -Wl,-E
 +LDFLAGS_PLUGIN	+= -Wl,-E
 LIBS	+= -ldl
 endif
@@ -230,7 +230,7 @@ install: pppd
 	$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
 pppd: $(PPPDOBJS)
 -	$(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
 +	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
 srp-entry:	srp-entry.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS)
 diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
 index 303833a..04fe876 100644
 --- a/pppd/plugins/Makefile.linux
 +++ b/pppd/plugins/Makefile.linux
@@ -1,7 +1,7 @@
 #CC	= gcc
 COPTS	= $(RPM_OPT_FLAGS)
 CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
 -LDFLAGS	= -shared
 +LDFLAGS_SHARED	= -shared
 INSTALL	= install
 # EAP-TLS
@@ -33,7 +33,7 @@ all:	$(PLUGINS)
 	for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
 %.so: %.c
 -	$(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
 +	$(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^
 VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h)
 diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
 index 4c5826f..1961e0e 100644
 --- a/pppd/plugins/pppoatm/Makefile.linux
 +++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -1,7 +1,7 @@
 #CC	= gcc
 COPTS	= $(RPM_OPT_FLAGS)
 CFLAGS	= $(COPTS) -I../.. -I../../../include -fPIC
 -LDFLAGS	= -shared
 +LDFLAGS_SHARED	= -shared
 INSTALL	= install
 #***********************************************************************
@@ -33,7 +33,7 @@ endif
 all: $(PLUGIN)
 $(PLUGIN): $(PLUGIN_OBJS)
 -	$(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
 +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
 install: all
 	$(INSTALL) -d -m 755 $(LIBDIR)
 diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
 index 9cb316d..7b23b25 100644
 --- a/pppd/plugins/pppol2tp/Makefile.linux
 +++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -1,7 +1,7 @@
 #CC	= gcc
 COPTS	= $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
 CFLAGS	= $(COPTS) -I. -I../.. -I../../../include -fPIC
 -LDFLAGS	= -shared
 +LDFLAGS_SHARED	= -shared
 INSTALL	= install
 #***********************************************************************
@@ -16,7 +16,7 @@ PLUGINS := pppol2tp.so openl2tp.so
 all: $(PLUGINS)
 %.so: %.o
 -	$(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
 +	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
 install: all
 	$(INSTALL) -d -m 755 $(LIBDIR)
 diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
 index 707326b..2150332 100644
 --- a/pppd/plugins/radius/Makefile.linux
 +++ b/pppd/plugins/radius/Makefile.linux
@@ -43,13 +43,13 @@ install: all
 	$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
 radius.so: radius.o libradiusclient.a
 -	$(CC) -o radius.so -shared radius.o libradiusclient.a
 +	$(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
 radattr.so: radattr.o
 -	$(CC) -o radattr.so -shared radattr.o
 +	$(CC) $(LDFLAGS) -o radattr.so -shared radattr.o
 radrealms.so: radrealms.o
 -	$(CC) -o radrealms.so -shared radrealms.o
 +	$(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o
 CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
 	clientid.o sendserver.o lock.o util.o md5.o
 diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
 index fa49efb..5e06b52 100644
 --- a/pppd/plugins/rp-pppoe/Makefile.linux
 +++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
 all: rp-pppoe.so pppoe-discovery
 pppoe-discovery: pppoe-discovery.o debug.o common.o
 -	$(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
 +	$(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
 pppoe-discovery.o: pppoe-discovery.c
 	$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
@@ -40,7 +40,7 @@ debug.o: debug.c
 	$(CC) $(CFLAGS) -c -o debug.o debug.c
 rp-pppoe.so: plugin.o discovery.o if.o common.o
 -	$(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
 +	$(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
 install: all
 	$(INSTALL) -d -m 755 $(LIBDIR)
 diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
 index 95c6805..33e5107 100644
 --- a/pppdump/Makefile.linux
 +++ b/pppdump/Makefile.linux
@@ -10,7 +10,7 @@ INSTALL= install
 all:	pppdump
 pppdump: $(OBJS)
 -	$(CC) -o pppdump $(OBJS)
 +	$(CC) $(LDFLAGS) -o pppdump $(OBJS)
 clean:
 	rm -f pppdump $(OBJS) *~
 diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
 index c5ba3b1..eeccf83 100644
 --- a/pppstats/Makefile.linux
 +++ b/pppstats/Makefile.linux
@@ -26,7 +26,7 @@ install: pppstats
 	$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
 pppstats: $(PPPSTATSRCS)
 -	$(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
 +	$(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
 clean:
 	rm -f pppstats *~ #* core
--- a/ppp-2.4.7.tar.gz
+++ b/ppp-2.4.7.tar.gz
--- a/ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
+++ b/ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
@ -16,7 +16,7 @@ index 4339566..9a635b8 100644
 -COPTS	= -O2 -g
 +COPTS	= $(RPM_OPT_FLAGS)
 CFLAGS	= $(COPTS) -I. -I../.. -I../../../include -fPIC
- LDFLAGS	= -shared
+ LDFLAGS_SHARED	= -shared
 INSTALL	= install
 -- 
 1.8.3.1
--- a/ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch
+++ b/ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch
@ -17,7 +17,7 @@ index 9a635b8..9cb316d 100644
 -COPTS	= $(RPM_OPT_FLAGS)
 +COPTS	= $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
 CFLAGS	= $(COPTS) -I. -I../.. -I../../../include -fPIC
- LDFLAGS	= -shared
+ LDFLAGS_SHARED	= -shared
 INSTALL	= install
 -- 
 1.8.3.1
--- a/ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
+++ b/ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
@ -33,7 +33,7 @@ index 63872eb..8ed56c1 100644
 -COPTS = -Wall $(RPM_OPT_FLAGS)
 +COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
- # Uncomment the next 2 lines to include support for Microsoft's
+ # Uncomment the next line to include support for Microsoft's
 # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
 diff --git a/pppd/pathnames.h b/pppd/pathnames.h
 index a33f046..a427cb8 100644
--- a/ppp-2.4.8-build-sys-enable-PAM-support.patch
+++ b/ppp-2.4.8-build-sys-enable-PAM-support.patch
@ -11,8 +11,8 @@ diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
 index 1d9ea78..5a44d30 100644
 --- a/pppd/Makefile.linux
 +++ b/pppd/Makefile.linux
-@@ -61,7 +61,7 @@ HAVE_MULTILINK=y
+@@ -66,7 +66,7 @@ HAVE_MULTILINK=y
- USE_TDB=y
+ #SYSTEMD=y
 HAS_SHADOW=y
 -#USE_PAM=y
--- a/ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
+++ b/ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
@ -40,7 +40,7 @@ index 5a44d30..63872eb 100644
 -LIBS =
 +COPTS = -Wall $(RPM_OPT_FLAGS)
- # Uncomment the next 2 lines to include support for Microsoft's
+ # Uncomment the next line to include support for Microsoft's
 # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
 diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
 index 0a7ec7b..e09a369 100644
@ -51,7 +51,7 @@ index 0a7ec7b..e09a369 100644
 -COPTS	= -O2 -g
 +COPTS	= $(RPM_OPT_FLAGS)
 CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
- LDFLAGS	= -shared
+ LDFLAGS_SHARED	= -shared
 INSTALL	= install
 diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
 index 20f62e6..5a81447 100644
@ -62,7 +62,7 @@ index 20f62e6..5a81447 100644
 -COPTS	= -O2 -g
 +COPTS	= $(RPM_OPT_FLAGS)
 CFLAGS	= $(COPTS) -I../.. -I../../../include -fPIC
- LDFLAGS	= -shared
+ LDFLAGS_SHARED	= -shared
 INSTALL	= install
 diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
 index 24ed3e5..45b3b8d 100644
--- a/ppp-2.4.8-eaptls-mppe-1.102.patch
+++ b/ppp-2.4.8-eaptls-mppe-1.102.patch
@ -1,7 +1,7 @@
-diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls
+diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.102/README.eap-tls
 --- ppp-2.4.7/README.eap-tls	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls	2018-06-02 01:42:04.021165440 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/README.eap-tls	2018-11-02 17:14:08.101636586 +0100
-@@ -0,0 +1,286 @@
+@@ -0,0 +1,291 @@
 +EAP-TLS authentication support for PPP
 +======================================
 +
@ -11,7 +11,7 @@ diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls
 +    security protocol that can be used with PPP.  It provides a means
 +    to plug in multiple optional authentication methods.
 +
-+    Transport Level Security (TLS; RFC 2246) provides for mutual 
+    Transport Level Security (TLS; RFC 5216) provides for mutual 
 +    authentication, integrity-protected ciphersuite negotiation and 
 +    key exchange between two endpoints.  It also provides for optional
 +    MPPE encryption.
@ -282,15 +282,20 @@ diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls
 + - Change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET
 + - Fix bug in initialisation code with fragmented packets.
 +v0.998   (13-Mar-2015)
-+ - Added fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023620
+ - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023620
 +v0.999   (11-May-2017)
-+ - Added support for OpenSSL 1.1: the code will now compile against OpenSSL 1.0.x or 1.1.x.
+ - Add support for OpenSSL 1.1: the code will now compile against OpenSSL 1.0.x or 1.1.x.
 +v1.101 (1-Jun-2018)
 + - Fix vulnerabilities CVE-2018-11574.
-+
+v1.102 (2-Nov-2018)
-diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-client
+ - Add TLS 1.2 support. Windows 7/8 will connect using TLS 1.0, Windows 10 clients using TLS 1.2.
 +   This works both when compiling against OpenSSL 1.0.1+ and 1.1+.
 + - Print warning when certificate is either not yet valid or has expired.
 + - Perform better peer certificate checks.
 + - Allow certificate chain files to be used.
 diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/eaptls-client
 --- ppp-2.4.7/etc.ppp/eaptls-client	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-client	2018-06-02 01:42:04.021165440 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/eaptls-client	2018-10-30 16:47:59.527263750 +0100
@@ -0,0 +1,10 @@
 +# Parameters for authentication using EAP-TLS (client)
 +
@ -302,9 +307,9 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/
 +# client private key file (required)
 +
 +#client	server	/root/cert/client.crt	-	/root/cert/ca.crt	/root/cert/client.key
-diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-server
+diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/eaptls-server
 --- ppp-2.4.7/etc.ppp/eaptls-server	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-server	2018-06-02 01:42:04.021165440 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/eaptls-server	2018-10-30 16:47:59.527263750 +0100
@@ -0,0 +1,11 @@
 +# Parameters for authentication using EAP-TLS (server)
 +
@ -317,9 +322,9 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/
 +# allowed addresses (required, can be *)
 +
 +#client	server	-	/root/cert/server.crt	/root/cert/ca.crt	/root/cert/server.key	192.168.1.0/24
-diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/openssl.cnf
+diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/openssl.cnf
 --- ppp-2.4.7/etc.ppp/openssl.cnf	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/openssl.cnf	2018-06-02 01:42:04.021165440 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/openssl.cnf	2018-10-30 16:47:59.527263750 +0100
@@ -0,0 +1,14 @@
 +openssl_conf = openssl_def
 +
@ -335,9 +340,9 @@ diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/op
 +MODULE_PATH = /usr/lib64/libeTPkcs11.so
 +init = 0
 +
-diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-1.101b/linux/Makefile.top
+diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-1.102/linux/Makefile.top
 --- ppp-2.4.7/linux/Makefile.top	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/linux/Makefile.top	2018-06-02 01:42:04.021165440 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/linux/Makefile.top	2018-10-30 16:47:59.528263707 +0100
@@ -26,7 +26,7 @@
 	cd pppdump; $(MAKE) $(MFLAGS) install
@ -358,9 +363,9 @@ diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-1.101b/linux/Makef
 $(BINDIR):
 	$(INSTALL) -d -m 755 $@
-diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pppd/Makefile.linux
+diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-1.102/pppd/Makefile.linux
 --- ppp-2.4.7/pppd/Makefile.linux	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/Makefile.linux	2018-06-02 01:42:04.021165440 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/Makefile.linux	2018-10-30 16:47:59.528263707 +0100
@@ -76,6 +76,9 @@
 # Use libutil
 USE_LIBUTIL=y
@ -387,9 +392,9 @@ diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pppd/Makef
 ifdef HAS_SHADOW
 CFLAGS   += -DHAS_SHADOW
 #LIBS     += -lshadow $(LIBS)
-diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/auth.c
+diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-1.102/pppd/auth.c
 --- ppp-2.4.7/pppd/auth.c	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/auth.c	2018-06-02 01:42:04.022165436 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/auth.c	2018-10-30 16:47:59.530263608 +0100
@@ -109,6 +109,9 @@
 #include "upap.h"
 #include "chap-new.h"
@ -885,9 +890,9 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/auth.c
 +}
 +#endif
 +
-diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/ccp.c
+diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-1.102/pppd/ccp.c
 --- ppp-2.4.7/pppd/ccp.c	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/ccp.c	2018-06-02 01:42:04.022165436 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/ccp.c	2018-10-30 16:47:59.531263554 +0100
@@ -540,6 +540,9 @@
     if (go->mppe) {
 	ccp_options *ao = &ccp_allowoptions[f->unit];
@ -923,9 +928,9 @@ diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/ccp.c
 	    lcp_close(f->unit, "MPPE required but not available");
 	    return;
 	}
-diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/chap-md5.c
+diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-1.102/pppd/chap-md5.c
 --- ppp-2.4.7/pppd/chap-md5.c	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/chap-md5.c	2018-06-02 01:42:04.022165436 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/chap-md5.c	2018-10-30 16:47:59.532263499 +0100
@@ -36,7 +36,11 @@
 #include "chap-new.h"
 #include "chap-md5.h"
@ -938,12 +943,11 @@ diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/chap-md5.
 #define MD5_HASH_SIZE		16
 #define MD5_MIN_CHALLENGE	16
-diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
+diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.102/pppd/eap-tls.c
 --- ppp-2.4.7/pppd/eap-tls.c	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c	2018-06-02 01:42:16.790124406 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/eap-tls.c	2018-11-02 16:53:05.996742547 +0100
-@@ -0,0 +1,1313 @@
+@@ -0,0 +1,1383 @@
-+/*
+/* * eap-tls.c - EAP-TLS implementation for PPP
 + * eap-tls.c - EAP-TLS implementation for PPP
 + *
 + * Copyright (c) Beniamino Galvani 2005 All rights reserved.
 + *
@ -999,14 +1003,20 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +
 +#ifdef MPPE
 +
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EAPTLS_MPPE_KEY_LEN     32
 +
 +/*
 + * The following stuff is only needed if SSL_export_keying_material() is not available
 + */
 +
 +#if OPENSSL_VERSION_NUMBER < 0x10001000L
 +
 +/*
 + * https://wiki.openssl.org/index.php/1.1_API_Changes
 + * tries to provide some guidance but ultimately falls short.
 + *
 + */
 +
 +
 +static void HMAC_CTX_free(HMAC_CTX *ctx)
 +{
 +	if (ctx != NULL) {
@ -1023,11 +1033,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +	return ctx;
 +}
 +
 +/*
 + * These were basically jacked directly from the OpenSSL tree
 + * without adjustments.
 + */
 +
 +static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
 +				    size_t outlen)
 +{
@ -1061,10 +1066,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +	return outlen;
 +}
 +
 +/* Avoid a deprecated warning in OpenSSL 1.1 whilst still allowing to build against 1.0.x */
 +#define TLS_method           TLSv1_method
 +
 +#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 +
 +/*
 + * TLS PRF from RFC 2246
@ -1135,7 +1136,50 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +	}
 +}
 +
-+#define EAPTLS_MPPE_KEY_LEN     32
+static int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
 +                               const char *label, size_t llen,
 +                               const unsigned char *p, size_t plen,
 +                               int use_context)
 +{
 +	unsigned char seed[64 + 2*SSL3_RANDOM_SIZE];
 +	unsigned char buf[4*EAPTLS_MPPE_KEY_LEN];
 +	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
 +	size_t master_key_length;
 +	unsigned char *pp;
 +
 +	pp = seed;
 +
 +	memcpy(pp, label, llen);
 +	pp += llen;
 +
 +	llen += SSL_get_client_random(s, pp, SSL3_RANDOM_SIZE);
 +	pp += SSL3_RANDOM_SIZE;
 +
 +	llen += SSL_get_server_random(s, pp, SSL3_RANDOM_SIZE);
 +
 +	master_key_length = SSL_SESSION_get_master_key(SSL_get_session(s), master_key,
 +						   sizeof(master_key));
 +	PRF(master_key, master_key_length, seed, llen, out, buf, olen);
 +
 +	return 1;
 +}
 +
 +#endif /* OPENSSL_VERSION_NUMBER < 0x10001000L */
 +
 +
 +/*
 + *  OpenSSL 1.1+ introduced a generic TLS_method()
 + *  For older releases we substitute the appropriate method
 + */
 +
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +
 +#define TLS_method SSLv23_method
 +
 +#define SSL3_RT_HEADER	0x100
 +
 +#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 +
 +
 +/*
 + *  Generate keys according to RFC 2716 and add to reply
@ -1143,27 +1187,15 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +void eaptls_gen_mppe_keys(struct eaptls_session *ets, const char *prf_label,
 +	                      int client)
 +{
-+    unsigned char out[4*EAPTLS_MPPE_KEY_LEN], buf[4*EAPTLS_MPPE_KEY_LEN];
+	unsigned char  out[4*EAPTLS_MPPE_KEY_LEN];
-+    unsigned char seed[64 + 2*SSL3_RANDOM_SIZE];
+	size_t         prf_size = strlen(prf_label);
-+    unsigned char *p = seed;
+	unsigned char *p;
 +	SSL			  *s = ets->ssl;
 +    size_t prf_size;
 +    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
 +    size_t master_key_length;
 +
-+    prf_size = strlen(prf_label);
+	if (SSL_export_keying_material(ets->ssl, out, sizeof(out), prf_label, prf_size, NULL, 0, 0) != 1)
-+
+	{
-+    memcpy(p, prf_label, prf_size);
+	    warn( "EAP-TLS: Failed generating keying material" );
-+    p += prf_size;
+	    return;
-+
+	}   
 +    prf_size += SSL_get_client_random(s, p, SSL3_RANDOM_SIZE);
 +    p += SSL3_RANDOM_SIZE;
 +
 +    prf_size += SSL_get_server_random(s, p, SSL3_RANDOM_SIZE);
 +
 +    master_key_length = SSL_SESSION_get_master_key(SSL_get_session(s), master_key,
 +						   sizeof(master_key));
 +    PRF(master_key, master_key_length, seed, prf_size, out, buf, sizeof(out));
 +
 +	/* 
 +	 * We now have the master send and receive keys.
@ -1303,9 +1335,11 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +	char		*pkey_engine_name = NULL;
 +	char		*pkey_identifier = NULL;
 +	SSL_CTX		*ctx;
 +	SSL			*ssl;
 +	X509_STORE	*certstore;
 +	X509_LOOKUP	*lookup;
 +	X509		*tmp;
 +	int			ret;
 +
 +	/*
 +	 * Without these can't continue 
@ -1468,13 +1502,41 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +	}
 +	else
 +	{
-+		if (!SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM))
+		if (!SSL_CTX_use_certificate_chain_file(ctx, certfile))
 +		{
 +			error( "EAP-TLS: Cannot use public certificate %s", certfile );
 +			goto fail;
 +		}
 +	}
 +
 +
 +	/*
 +	 *  Check the Before and After dates of the certificate
 +	 */
 +	ssl = SSL_new(ctx);
 +	tmp = SSL_get_certificate(ssl);
 +
 +	ret = X509_cmp_time(X509_get_notBefore(tmp), NULL);
 +	if (ret == 0)
 +	{    
 +		warn( "EAP-TLS: Failed to read certificate notBefore field.");
 +	}    
 +	if (ret > 0) 
 +	{    
 +		warn( "EAP-TLS: Your certificate is not yet valid!");
 +	}    
 +
 +	ret = X509_cmp_time(X509_get_notAfter(tmp), NULL);
 +	if (ret == 0)
 +	{    
 +		warn( "EAP-TLS: Failed to read certificate notAfter field.");
 +	}    
 +	if (ret < 0)
 +	{
 +		warn( "EAP-TLS: Your certificate has expired!");
 +	}
 +	SSL_free(ssl);
 +
 +	if (pkey_engine)
 +	{
 +		EVP_PKEY   *pkey = NULL;
@ -1520,6 +1582,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +	| SSL_OP_NO_TICKET
 +#endif
 +	);
 +
 +	SSL_CTX_set_verify_depth(ctx, 5);
 +	SSL_CTX_set_verify(ctx,
 +			   SSL_VERIFY_PEER |
@ -1821,7 +1884,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +	GETCHAR(flags, inp);
 +	len--;
 +
-+    if (flags & EAP_TLS_FLAGS_LI && len >= 4) {
+	if (flags & EAP_TLS_FLAGS_LI && len > 4) {
 +		/*
 +		 * LenghtIncluded flag set -> this is the first packet of a message
 +		*/
@ -1932,7 +1995,10 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +		 * Read from ssl 
 +		 */
 +		if ((res = BIO_read(ets->from_ssl, fromtls, 65536)) == -1)
-+			fatal("No data from BIO_read");
+		{
 +			warn("EAP-TLS send: No data from BIO_read");
 +			return 1;
 +		}
 +
 +		ets->datalen = res;
 +
@ -2009,13 +2075,12 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 + * is done by ssl; we check the CN in the peer certificate 
 + * against the peer name.
 + */
-+int ssl_verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
+int ssl_verify_callback(int ok, X509_STORE_CTX * ctx)
 +{
 +	char subject[256];
 +	char cn_str[256];
 +	X509 *peer_cert;
 +	int err, depth;
 +	int ok = preverify_ok;
 +	SSL *ssl;
 +	struct eaptls_session *ets;
 +
@ -2065,7 +2130,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +		 */
 +		if (!ets->peer[0]) {
 +			warn("Peer name not specified: no check");
-+			return 1;
+			return ok;
 +		}
 +
 +		/*
@ -2093,7 +2158,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +		}
 +	}
 +
-+	return 1;
+	return ok;
 +}
 +
 +/*
@ -2166,12 +2231,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +		case TLS1_2_VERSION:
 +				strcat(string, "TLS 1.2");
 +				break;
 +		case DTLS1_VERSION:
 +				strcat(string, "DTLS 1.0");
 +				break;
 +		case DTLS1_2_VERSION:
 +				strcat(string, "DTLS 1.2");
 +				break;
 +		default:
 +			strcat(string, "Unknown version");
 +		}
@ -2235,9 +2294,25 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +				strcat(string,"Client Key Exchange");
 +				break;
 +			case SSL3_MT_FINISHED:
-+				strcat(string,"Finished");
+				strcat(string,"Finished: ");
 +				hvers = SSL_version(ssl);
 +				switch(hvers) {
 +				case SSL3_VERSION:
 +						strcat(string, "SSL 3.0");
 +						break;
 +				case TLS1_VERSION:
 +						strcat(string, "TLS 1.0");
 +						break;
 +				case TLS1_1_VERSION:
 +						strcat(string, "TLS 1.1");
 +						break;
 +				case TLS1_2_VERSION:
 +						strcat(string, "TLS 1.2");
 +						break;
 +				default:
 +					strcat(string, "Unknown version");
 +				}
 +				break;
 +
 +			default:
 +				sprintf( string, "Handshake: Unknown SSL3 code received: %d", code );
 +		}
@ -2255,9 +2330,9 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c
 +		dbglog("%s", string);
 +}
 +
-diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.h
+diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-1.102/pppd/eap-tls.h
 --- ppp-2.4.7/pppd/eap-tls.h	1970-01-01 01:00:00.000000000 +0100
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.h	2018-06-02 01:42:04.023165433 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/eap-tls.h	2018-10-30 16:47:59.534263383 +0100
@@ -0,0 +1,107 @@
 +/*
 + * eap-tls.h
@ -2366,9 +2441,9 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.h
 +#endif
 +
 +#endif
-diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.c
+diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-1.102/pppd/eap.c
 --- ppp-2.4.7/pppd/eap.c	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.c	2018-06-02 01:42:04.023165433 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/eap.c	2018-10-30 16:47:59.537263209 +0100
@@ -43,6 +43,11 @@
  * Based on draft-ietf-pppext-eap-srp-03.txt.
  */
@ -2972,9 +3047,9 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.c
 	return (inp - pstart);
 }
 +
-diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.h
+diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-1.102/pppd/eap.h
 --- ppp-2.4.7/pppd/eap.h	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.h	2018-06-02 01:42:04.023165433 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/eap.h	2018-10-30 16:47:59.537263209 +0100
@@ -84,6 +84,16 @@
 	eapClosed,	/* Authentication not in use */
 	eapListen,	/* Client ready (and timer running) */
@ -3043,9 +3118,9 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.h
 #define	EAP_DEFREQTIME		20	/* Time to wait for peer request */
 #define	EAP_DEFALLOWREQ		20	/* max # times to accept requests */
-diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.c
+diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-1.102/pppd/md5.c
 --- ppp-2.4.7/pppd/md5.c	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.c	2018-06-02 01:42:04.023165433 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/md5.c	2018-10-30 16:47:59.538263156 +0100
@@ -33,6 +33,8 @@
  ***********************************************************************
  */
@ -3061,9 +3136,9 @@ diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.c
  */
 +#endif /* USE_EAPTLS */
 +
-diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.h
+diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-1.102/pppd/md5.h
 --- ppp-2.4.7/pppd/md5.h	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.h	2018-06-02 01:42:04.024165430 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/md5.h	2018-10-30 16:47:59.538263156 +0100
@@ -36,6 +36,7 @@
  ** documentation and/or software.                                    **
  ***********************************************************************
@ -3078,9 +3153,9 @@ diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.h
 #endif /* __MD5_INCLUDE__ */
 +
 +#endif /* USE_EAPTLS */
-diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/pathnames.h
+diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-1.102/pppd/pathnames.h
 --- ppp-2.4.7/pppd/pathnames.h	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pathnames.h	2018-06-02 01:42:04.024165430 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/pathnames.h	2018-10-30 16:47:59.539263095 +0100
@@ -21,6 +21,13 @@
 #define _PATH_UPAPFILE 	 _ROOT_PATH "/etc/ppp/pap-secrets"
 #define _PATH_CHAPFILE 	 _ROOT_PATH "/etc/ppp/chap-secrets"
@ -3095,11 +3170,11 @@ diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/pathname
 #define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
 #define _PATH_IPUP	 _ROOT_PATH "/etc/ppp/ip-up"
 #define _PATH_IPDOWN	 _ROOT_PATH "/etc/ppp/ip-down"
-diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/Makefile.linux
+diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/Makefile.linux
 --- ppp-2.4.7/pppd/plugins/Makefile.linux	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/Makefile.linux	2018-06-02 01:42:04.024165430 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/Makefile.linux	2018-10-30 16:47:59.539263095 +0100
@@ -4,6 +4,9 @@
- LDFLAGS	= -shared
+ LDFLAGS_SHARED	= -shared
 INSTALL	= install
 +# EAP-TLS
@ -3108,9 +3183,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pp
 DESTDIR = $(INSTROOT)@DESTDIR@
 BINDIR = $(DESTDIR)/sbin
 MANDIR = $(DESTDIR)/share/man/man8
-diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passprompt.c
+diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/passprompt.c
 --- ppp-2.4.7/pppd/plugins/passprompt.c	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passprompt.c	2018-06-02 01:42:04.024165430 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/passprompt.c	2018-10-30 16:47:59.540263023 +0100
@@ -107,4 +107,7 @@
 {
     add_options(options);
@ -3119,9 +3194,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-1.101b/pppd
 +    eaptls_passwd_hook = promptpass;
 +#endif
 }
-diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passwordfd.c
+diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/passwordfd.c
 --- ppp-2.4.7/pppd/plugins/passwordfd.c	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passwordfd.c	2018-06-02 01:42:04.024165430 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/passwordfd.c	2018-10-30 16:47:59.540263023 +0100
@@ -79,4 +79,8 @@
     chap_check_hook = pwfd_check;
@ -3131,9 +3206,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-1.101b/pppd
 +    eaptls_passwd_hook = pwfd_passwd;
 +#endif
 }
-diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.8
+diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-1.102/pppd/pppd.8
 --- ppp-2.4.7/pppd/pppd.8	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.8	2018-06-02 01:42:04.025165427 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/pppd.8	2018-10-30 16:47:59.542262870 +0100
@@ -248,6 +248,12 @@
 compression in the corresponding direction.  Use \fInobsdcomp\fR or
 \fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
@ -3202,9 +3277,9 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.8
 .B noauth
 Do not require the peer to authenticate itself.  This option is
 privileged.
-diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.h
+diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-1.102/pppd/pppd.h
 --- ppp-2.4.7/pppd/pppd.h	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.h	2018-06-02 01:42:04.025165427 +0200
+++ ppp-2.4.7-eaptls-mppe-1.102/pppd/pppd.h	2018-10-30 16:47:59.542262870 +0100
@@ -325,6 +325,11 @@
 extern bool	dryrun;		/* check everything, print options, exit */
 extern int	child_wait;	/* # seconds to wait for children at end */
--- a/ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch
+++ b/ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch
@ -146,9 +146,9 @@ index 8a12fa0..00a2cf5 100644
 #endif
 -	    if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
 +	    if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
 	    {
 		warn("Couldn't open pty slave %s: %m", pty_name);
- 	}
+ 		close(mfd);
     }
@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
 	for (i = 0; i < 64; ++i) {
 	    slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
--- a/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
+++ b/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
@ -23,7 +23,7 @@ index 0e8107f..534ccc2 100644
 +	$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
 pppd: $(PPPDOBJS)
- 	$(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
+ 	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
 -- 
 1.8.3.1
--- a/ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch
+++ b/ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch
@ -19,8 +19,8 @@ index caa2b26..5a56c95 100644
 +    { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote,
 +      "Accept peer's interface identifier for itself", 1 },
-     { "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip,
+     { "defaultroute6", o_bool, &ipv6cp_wantoptions[0].default_route,
-       "Use (default) IPv4 address as interface identifier", 1 },
+       "Add default IPv6 route", OPT_ENABLE|1, &ipv6cp_allowoptions[0].default_route },
@@ -437,6 +439,7 @@ ipv6cp_init(unit)
     memset(ao, 0, sizeof(*ao));
@ -43,9 +43,9 @@ index cc4568d..8c7552e 100644
 --- a/pppd/ipv6cp.h
 +++ b/pppd/ipv6cp.h
@@ -150,7 +150,8 @@
 typedef struct ipv6cp_options {
     int neg_ifaceid;		/* Negotiate interface identifier? */
     int req_ifaceid;		/* Ask peer to send interface identifier? */
     int default_route;		/* Assign default route through interface? */
 -    int accept_local;		/* accept peer's value for iface id? */
 +    int accept_local;		/* accept peer's value for our iface id? */
 +    int accept_remote;		/* accept peer's value for his iface id? */
--- a/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
+++ b/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
@ -14,7 +14,7 @@ index 4271af6..9e957fa 100644
 --- a/pppd/auth.c
 +++ b/pppd/auth.c
@@ -428,7 +428,7 @@ setupapfile(argv)
- 	option_error("unable to reset uid before opening %s: %m", fname);
+         free(fname);
 	return 0;
     }
 -    ufile = fopen(fname, "r");
--- a/ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch
+++ b/ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch
@ -68,12 +68,12 @@ index 9918091..b949716 100644
 all: rp-pppoe.so pppoe-discovery
 -pppoe-discovery: pppoe-discovery.o debug.o
-	$(CC) -o pppoe-discovery pppoe-discovery.o debug.o
+-	$(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o
 +pppoe-discovery: pppoe-discovery.o debug.o common.o
-+	$(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
+	$(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
 pppoe-discovery.o: pppoe-discovery.c
- 	$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
+ 	$(CC) $(CFLAGS) -I../../.. -c -o pppoe-discovery.o pppoe-discovery.c
 diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
 index c0d927d..2bd910f 100644
 --- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
@ -111,7 +111,7 @@ index c0d927d..2bd910f 100644
     conn->discoverySocket = -1;
     conn->sessionSocket = -1;
@@ -722,3 +734,104 @@ void usage(void)
-     fprintf(stderr, "Usage: pppoe-discovery [options]\n");
+ 	    "   -h             -- Print usage information.\n");
     fprintf(stderr, "\nVersion " RP_VERSION "\n");
 }
 +
--- a/ppp-2.4.8.tar.gz
+++ b/ppp-2.4.8.tar.gz
--- a/ppp.spec
+++ b/ppp.spec
@ -1,6 +1,6 @@
 Name:           ppp
-Version:        2.4.7
+Version:        2.4.8
-Release:        29
+Release:        1 
 Summary:        The Point-to-Point Protocol
 License:        BSD and LGPLv2+ and GPLv2+ and Public Domain
@ -21,6 +21,7 @@ Source11:       ppp-logrotate.conf
 Source12:       ppp-tmpfiles.conf
 BuildRequires:  gcc glib2-devel libpcap-devel openssl-devel pam-devel systemd systemd-devel
 BuildRequires:  ppp
 Requires:       libpcap >= 14:0.8.3-6 glibc >= 2.0.6 systemd /etc/pam.d/system-auth network-scripts
 Supplements:    (network-scripts)
 Requires(pre):  /usr/bin/getent
@ -30,34 +31,31 @@ Obsoletes:      network-scripts-ppp
 # Patch0001-Patch0028 are from Fedora29
 Patch0001:      0001-build-sys-use-gcc-as-our-compiler-of-choice.patch
-Patch0002:      0002-build-sys-enable-PAM-support.patch
+Patch0002:      ppp-2.4.8-build-sys-enable-PAM-support.patch
-Patch0003:      0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
+Patch0003:      ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
 Patch0004:      0004-doc-add-configuration-samples.patch
-Patch0005:      0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
+Patch0005:      ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
 Patch0006:      0006-scritps-use-change_resolv_conf-function.patch
 Patch0007:      0007-build-sys-don-t-strip-binaries-during-installation.patch
 Patch0008:      0008-build-sys-use-prefix-usr-instead-of-usr-local.patch
-Patch0009:      0009-pppd-introduce-ipv6-accept-remote.patch
+Patch0009:      ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch
 Patch0010:      0010-build-sys-enable-CBCP.patch
 Patch0011:      0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
-Patch0012:      0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
+Patch0012:      ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
-Patch0013:      0013-everywhere-O_CLOEXEC-harder.patch
+Patch0013:      ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch
 Patch0014:      0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
 Patch0015:      0015-pppd-move-pppd-database-to-var-run-ppp.patch
 Patch0016:      0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
 Patch0018:      0018-scritps-fix-ip-up.local-sample.patch
-Patch0019:      0019-sys-linux-rework-get_first_ethernet.patch
+Patch0019:      ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch
 Patch0020:      0020-pppd-put-lock-files-in-var-lock-ppp.patch
-Patch0021:      0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
+Patch0021:      ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
-Patch0022:      0022-build-sys-compile-pppol2tp-with-multilink-support.patch
+Patch0022:      ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch
 Patch0023:      0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
 Patch0024:      0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
-Patch0025:      0025-pppd-install-pppd-binary-using-standard-perms-755.patch
+Patch0025:      ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
-Patch0026:      ppp-2.4.7-eaptls-mppe-1.101.patch
+Patch0026:      ppp-2.4.8-eaptls-mppe-1.102.patch
 Patch0028:      0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
 Patch0029:      ppp-2.4.7-DES-openssl.patch
 Patch0030:      ppp-2.4.7-honor-ldflags.patch
 Patch6000:      ppp-CVE-2015-3310.patch
 Patch6001:      ppp-CVE-2020-8597.patch
@ -78,7 +76,8 @@ building plugins for the %{name}.
 %package_help
 %prep
-%autosetup -n %{name}-%{version} -p1
+%setup -qn %{name}-%{version}
 %autopatch -p1
 tar -xvJf %{SOURCE1}
 mkdir ppp
 mkdir network-scripts
@ -94,14 +93,14 @@ cp %{SOURCE9} network-scripts
 %build
 export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing" RPM_LD_FLAGS="$LDFLAGS"
 %configure
-make %{?_smp_mflags} LDFLAGS="%{?build_ldflags}"
+%{make_build} LDFLAGS="%{?build_ldflags}"
-make -C ppp-watch %{?_smp_mflags} LDFLAGS="%{?build_ldflags}"
+%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags}"
 %install
 make install INSTROOT=$RPM_BUILD_ROOT install-etcppp 
 find scripts -type f | xargs chmod a-x
 make install ROOT=$RPM_BUILD_ROOT -C ppp-watch
-
+cp -a %{_libdir}/pppd/2.4.7   %{buildroot}%{_libdir}/pppd/
 mkdir -p %{buildroot}%{_sysconfdir}/ppp
 mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/network-scripts
 mkdir -p %{buildroot}%{_localstatedir}/log/ppp
@ -119,6 +118,10 @@ install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/ppp
 install -m 644 -p %{SOURCE11} %{buildroot}%{_sysconfdir}/logrotate.d/ppp
 install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf
 #ghosts
 mkdir -p %{buildroot}%{_rundir}/ppp
 mkdir -p %{buildroot}%{_rundir}/lock/ppp
 %pre
 /usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
@ -136,11 +139,12 @@ install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf
 %config(noreplace) %{_sysconfdir}/pam.d/ppp
 %config(noreplace) %{_sysconfdir}/logrotate.d/ppp
 %{_prefix}/lib/tmpfiles.d/*.conf
-%{_libdir}/pppd/2.4.7/*.so
+%{_libdir}/pppd/%{version}/*.so
 %{_libdir}/pppd/2.4.7
 %{_sbindir}/chat
 %{_sbindir}/ppp*
-%ghost %dir /run/ppp
+%ghost %dir %{_rundir}/ppp
-%ghost %dir /run/lock/ppp
+%ghost %dir %{_rundir}/lock/ppp
 %attr(700, root, root) %dir %{_localstatedir}/log/ppp
 %files devel
@ -152,6 +156,12 @@ install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf
 %{_mandir}/man8/*.8.gz
 %changelog
 * Tue Jun 30 2020 yuboyun <yuboyun@huawei.com> - 2.4.8-1
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:update ppp version from 2.4.7 to 2.4.8
 * Tue Mar 17 2020 chenzhen <chenzhen44@huawei.com> - 2.4.7-29
 - Type:cves
 - ID:CVE-2020-8597