diff --git a/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch b/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch deleted file mode 100644 index 9b0920d..0000000 --- a/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Sat, 10 Dec 2016 19:53:56 +0100 -Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h - -To fix build breakage. ---- - pppd/plugins/rp-pppoe/pppoe.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h -index 9ab2eee..f77f5b7 100644 ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -15,6 +15,8 @@ - - #include "config.h" - -+#include -+ - #if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H) - #define _POSIX_SOURCE 1 /* For sigaction defines */ - #endif -@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t; - #include - #endif - --#include -- - #ifdef HAVE_NETINET_IF_ETHER_H - #include - --- -2.9.3 - diff --git a/ppp-2.4.7-DES-openssl.patch b/ppp-2.4.7-DES-openssl.patch deleted file mode 100644 index ad3b268..0000000 --- a/ppp-2.4.7-DES-openssl.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 534ccc2..cf11b74 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -41,7 +41,7 @@ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\" - # Uncomment the next 2 lines to include support for Microsoft's - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. - CHAPMS=y --USE_CRYPT=y -+#USE_CRYPT=y - # Don't use MSLANMAN unless you really know what you're doing. - #MSLANMAN=y - # Uncomment the next line to include support for MPPE. CHAPMS (above) must -@@ -147,7 +147,8 @@ endif - - ifdef NEEDDES - ifndef USE_CRYPT --LIBS += -ldes $(LIBS) -+CFLAGS += -I/usr/include/openssl -+LIBS += -lcrypto - else - CFLAGS += -DUSE_CRYPT=1 - endif -diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c -index 8b85b13..6b35375 100644 ---- a/pppd/pppcrypt.c -+++ b/pppd/pppcrypt.c -@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */ - des_key[7] = Get7Bits(key, 49); - - #ifndef USE_CRYPT -- des_set_odd_parity((des_cblock *)des_key); -+ DES_set_odd_parity((DES_cblock *)des_key); - #endif - } - -@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ - } - - #else /* USE_CRYPT */ --static des_key_schedule key_schedule; -+static DES_key_schedule key_schedule; - - bool - DesSetkey(key) - u_char *key; - { -- des_cblock des_key; -+ DES_cblock des_key; - MakeKey(key, des_key); -- des_set_key(&des_key, key_schedule); -+ DES_set_key(&des_key, &key_schedule); - return (1); - } - - bool --DesEncrypt(clear, key, cipher) -+DesEncrypt(clear, cipher) - u_char *clear; /* IN 8 octets */ - u_char *cipher; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, -- key_schedule, 1); -+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, -+ &key_schedule, 1); - return (1); - } - -@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) - u_char *cipher; /* IN 8 octets */ - u_char *clear; /* OUT 8 octets */ - { -- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, -- key_schedule, 0); -+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, -+ &key_schedule, 0); - return (1); - } - diff --git a/ppp-2.4.7-honor-ldflags.patch b/ppp-2.4.7-honor-ldflags.patch deleted file mode 100644 index 2c3e20d..0000000 --- a/ppp-2.4.7-honor-ldflags.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff --git a/chat/Makefile.linux b/chat/Makefile.linux -index 2445637..83114f1 100644 ---- a/chat/Makefile.linux -+++ b/chat/Makefile.linux -@@ -18,7 +18,7 @@ INSTALL= install - all: chat - - chat: chat.o -- $(CC) -o chat chat.o -+ $(CC) $(LDFLAGS) -o chat chat.o - - chat.o: chat.c - $(CC) -c $(CFLAGS) -o chat.o chat.c -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index cf11b74..089f164 100644 ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -188,7 +188,7 @@ endif - - ifdef PLUGIN - CFLAGS += -DPLUGIN --LDFLAGS += -Wl,-E -+LDFLAGS_PLUGIN += -Wl,-E - LIBS += -ldl - endif - -@@ -230,7 +230,7 @@ install: pppd - $(INSTALL) -c -m 644 pppd.8 $(MANDIR) - - pppd: $(PPPDOBJS) -- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) - - srp-entry: srp-entry.c - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS) -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux -index 303833a..04fe876 100644 ---- a/pppd/plugins/Makefile.linux -+++ b/pppd/plugins/Makefile.linux -@@ -1,7 +1,7 @@ - #CC = gcc - COPTS = $(RPM_OPT_FLAGS) - CFLAGS = $(COPTS) -I.. -I../../include -fPIC --LDFLAGS = -shared -+LDFLAGS_SHARED = -shared - INSTALL = install - - # EAP-TLS -@@ -33,7 +33,7 @@ all: $(PLUGINS) - for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done - - %.so: %.c -- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ -+ $(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^ - - VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h) - -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux -index 4c5826f..1961e0e 100644 ---- a/pppd/plugins/pppoatm/Makefile.linux -+++ b/pppd/plugins/pppoatm/Makefile.linux -@@ -1,7 +1,7 @@ - #CC = gcc - COPTS = $(RPM_OPT_FLAGS) - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC --LDFLAGS = -shared -+LDFLAGS_SHARED = -shared - INSTALL = install - - #*********************************************************************** -@@ -33,7 +33,7 @@ endif - all: $(PLUGIN) - - $(PLUGIN): $(PLUGIN_OBJS) -- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux -index 9cb316d..7b23b25 100644 ---- a/pppd/plugins/pppol2tp/Makefile.linux -+++ b/pppd/plugins/pppol2tp/Makefile.linux -@@ -1,7 +1,7 @@ - #CC = gcc - COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK - CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC --LDFLAGS = -shared -+LDFLAGS_SHARED = -shared - INSTALL = install - - #*********************************************************************** -@@ -16,7 +16,7 @@ PLUGINS := pppol2tp.so openl2tp.so - all: $(PLUGINS) - - %.so: %.o -- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux -index 707326b..2150332 100644 ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -43,13 +43,13 @@ install: all - $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) - - radius.so: radius.o libradiusclient.a -- $(CC) -o radius.so -shared radius.o libradiusclient.a -+ $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a - - radattr.so: radattr.o -- $(CC) -o radattr.so -shared radattr.o -+ $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o - - radrealms.so: radrealms.o -- $(CC) -o radrealms.so -shared radrealms.o -+ $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o - - CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ - clientid.o sendserver.o lock.o util.o md5.o -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux -index fa49efb..5e06b52 100644 ---- a/pppd/plugins/rp-pppoe/Makefile.linux -+++ b/pppd/plugins/rp-pppoe/Makefile.linux -@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' - all: rp-pppoe.so pppoe-discovery - - pppoe-discovery: pppoe-discovery.o debug.o common.o -- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev -+ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev - - pppoe-discovery.o: pppoe-discovery.c - $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c -@@ -40,7 +40,7 @@ debug.o: debug.c - $(CC) $(CFLAGS) -c -o debug.o debug.c - - rp-pppoe.so: plugin.o discovery.o if.o common.o -- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o -+ $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux -index 95c6805..33e5107 100644 ---- a/pppdump/Makefile.linux -+++ b/pppdump/Makefile.linux -@@ -10,7 +10,7 @@ INSTALL= install - all: pppdump - - pppdump: $(OBJS) -- $(CC) -o pppdump $(OBJS) -+ $(CC) $(LDFLAGS) -o pppdump $(OBJS) - - clean: - rm -f pppdump $(OBJS) *~ -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux -index c5ba3b1..eeccf83 100644 ---- a/pppstats/Makefile.linux -+++ b/pppstats/Makefile.linux -@@ -26,7 +26,7 @@ install: pppstats - $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) - - pppstats: $(PPPSTATSRCS) -- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS) - - clean: - rm -f pppstats *~ #* core diff --git a/ppp-2.4.7.tar.gz b/ppp-2.4.7.tar.gz deleted file mode 100644 index 7e931c9..0000000 Binary files a/ppp-2.4.7.tar.gz and /dev/null differ diff --git a/0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch b/ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch similarity index 96% rename from 0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch rename to ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch index 8340271..fd53ac7 100644 --- a/0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch +++ b/ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch @@ -16,7 +16,7 @@ index 4339566..9a635b8 100644 -COPTS = -O2 -g +COPTS = $(RPM_OPT_FLAGS) CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install -- 1.8.3.1 diff --git a/0022-build-sys-compile-pppol2tp-with-multilink-support.patch b/ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch similarity index 96% rename from 0022-build-sys-compile-pppol2tp-with-multilink-support.patch rename to ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch index 945933e..d801308 100644 --- a/0022-build-sys-compile-pppol2tp-with-multilink-support.patch +++ b/ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch @@ -17,7 +17,7 @@ index 9a635b8..9cb316d 100644 -COPTS = $(RPM_OPT_FLAGS) +COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install -- 1.8.3.1 diff --git a/0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch b/ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch similarity index 98% rename from 0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch rename to ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch index 48190ed..2d6bdd6 100644 --- a/0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch +++ b/ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch @@ -33,7 +33,7 @@ index 63872eb..8ed56c1 100644 -COPTS = -Wall $(RPM_OPT_FLAGS) +COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\" - # Uncomment the next 2 lines to include support for Microsoft's + # Uncomment the next line to include support for Microsoft's # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. diff --git a/pppd/pathnames.h b/pppd/pathnames.h index a33f046..a427cb8 100644 diff --git a/0002-build-sys-enable-PAM-support.patch b/ppp-2.4.8-build-sys-enable-PAM-support.patch similarity index 91% rename from 0002-build-sys-enable-PAM-support.patch rename to ppp-2.4.8-build-sys-enable-PAM-support.patch index 2f1c53b..0df20ba 100644 --- a/0002-build-sys-enable-PAM-support.patch +++ b/ppp-2.4.8-build-sys-enable-PAM-support.patch @@ -11,8 +11,8 @@ diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux index 1d9ea78..5a44d30 100644 --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux -@@ -61,7 +61,7 @@ HAVE_MULTILINK=y - USE_TDB=y +@@ -66,7 +66,7 @@ HAVE_MULTILINK=y + #SYSTEMD=y HAS_SHADOW=y -#USE_PAM=y diff --git a/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch similarity index 97% rename from 0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch rename to ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch index 87da38b..dc0c5df 100644 --- a/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch +++ b/ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch @@ -40,7 +40,7 @@ index 5a44d30..63872eb 100644 -LIBS = +COPTS = -Wall $(RPM_OPT_FLAGS) - # Uncomment the next 2 lines to include support for Microsoft's + # Uncomment the next line to include support for Microsoft's # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux index 0a7ec7b..e09a369 100644 @@ -51,7 +51,7 @@ index 0a7ec7b..e09a369 100644 -COPTS = -O2 -g +COPTS = $(RPM_OPT_FLAGS) CFLAGS = $(COPTS) -I.. -I../../include -fPIC - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux index 20f62e6..5a81447 100644 @@ -62,7 +62,7 @@ index 20f62e6..5a81447 100644 -COPTS = -O2 -g +COPTS = $(RPM_OPT_FLAGS) CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux index 24ed3e5..45b3b8d 100644 diff --git a/ppp-2.4.7-eaptls-mppe-1.101.patch b/ppp-2.4.8-eaptls-mppe-1.102.patch similarity index 90% rename from ppp-2.4.7-eaptls-mppe-1.101.patch rename to ppp-2.4.8-eaptls-mppe-1.102.patch index 127fcf8..c594eba 100644 --- a/ppp-2.4.7-eaptls-mppe-1.101.patch +++ b/ppp-2.4.8-eaptls-mppe-1.102.patch @@ -1,7 +1,7 @@ -diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls +diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.102/README.eap-tls --- ppp-2.4.7/README.eap-tls 1970-01-01 01:00:00.000000000 +0100 -+++ ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls 2018-06-02 01:42:04.021165440 +0200 -@@ -0,0 +1,286 @@ ++++ ppp-2.4.7-eaptls-mppe-1.102/README.eap-tls 2018-11-02 17:14:08.101636586 +0100 +@@ -0,0 +1,291 @@ +EAP-TLS authentication support for PPP +====================================== + @@ -11,7 +11,7 @@ diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls + security protocol that can be used with PPP. It provides a means + to plug in multiple optional authentication methods. + -+ Transport Level Security (TLS; RFC 2246) provides for mutual ++ Transport Level Security (TLS; RFC 5216) provides for mutual + authentication, integrity-protected ciphersuite negotiation and + key exchange between two endpoints. It also provides for optional + MPPE encryption. @@ -282,15 +282,20 @@ diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-1.101b/README.eap-tls + - Change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET + - Fix bug in initialisation code with fragmented packets. +v0.998 (13-Mar-2015) -+ - Added fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023620 ++ - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023620 +v0.999 (11-May-2017) -+ - Added support for OpenSSL 1.1: the code will now compile against OpenSSL 1.0.x or 1.1.x. ++ - Add support for OpenSSL 1.1: the code will now compile against OpenSSL 1.0.x or 1.1.x. +v1.101 (1-Jun-2018) + - Fix vulnerabilities CVE-2018-11574. -+ -diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-client ++v1.102 (2-Nov-2018) ++ - Add TLS 1.2 support. Windows 7/8 will connect using TLS 1.0, Windows 10 clients using TLS 1.2. ++ This works both when compiling against OpenSSL 1.0.1+ and 1.1+. ++ - Print warning when certificate is either not yet valid or has expired. ++ - Perform better peer certificate checks. ++ - Allow certificate chain files to be used. +diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/eaptls-client --- ppp-2.4.7/etc.ppp/eaptls-client 1970-01-01 01:00:00.000000000 +0100 -+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-client 2018-06-02 01:42:04.021165440 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/eaptls-client 2018-10-30 16:47:59.527263750 +0100 @@ -0,0 +1,10 @@ +# Parameters for authentication using EAP-TLS (client) + @@ -302,9 +307,9 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/ +# client private key file (required) + +#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key -diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-server +diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/eaptls-server --- ppp-2.4.7/etc.ppp/eaptls-server 1970-01-01 01:00:00.000000000 +0100 -+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/eaptls-server 2018-06-02 01:42:04.021165440 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/eaptls-server 2018-10-30 16:47:59.527263750 +0100 @@ -0,0 +1,11 @@ +# Parameters for authentication using EAP-TLS (server) + @@ -317,9 +322,9 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/ +# allowed addresses (required, can be *) + +#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24 -diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/openssl.cnf +diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/openssl.cnf --- ppp-2.4.7/etc.ppp/openssl.cnf 1970-01-01 01:00:00.000000000 +0100 -+++ ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/openssl.cnf 2018-06-02 01:42:04.021165440 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/etc.ppp/openssl.cnf 2018-10-30 16:47:59.527263750 +0100 @@ -0,0 +1,14 @@ +openssl_conf = openssl_def + @@ -335,9 +340,9 @@ diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-1.101b/etc.ppp/op +MODULE_PATH = /usr/lib64/libeTPkcs11.so +init = 0 + -diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-1.101b/linux/Makefile.top +diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-1.102/linux/Makefile.top --- ppp-2.4.7/linux/Makefile.top 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/linux/Makefile.top 2018-06-02 01:42:04.021165440 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/linux/Makefile.top 2018-10-30 16:47:59.528263707 +0100 @@ -26,7 +26,7 @@ cd pppdump; $(MAKE) $(MFLAGS) install @@ -358,9 +363,9 @@ diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-1.101b/linux/Makef $(BINDIR): $(INSTALL) -d -m 755 $@ -diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pppd/Makefile.linux +diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-1.102/pppd/Makefile.linux --- ppp-2.4.7/pppd/Makefile.linux 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/Makefile.linux 2018-06-02 01:42:04.021165440 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/Makefile.linux 2018-10-30 16:47:59.528263707 +0100 @@ -76,6 +76,9 @@ # Use libutil USE_LIBUTIL=y @@ -387,9 +392,9 @@ diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pppd/Makef ifdef HAS_SHADOW CFLAGS += -DHAS_SHADOW #LIBS += -lshadow $(LIBS) -diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/auth.c +diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-1.102/pppd/auth.c --- ppp-2.4.7/pppd/auth.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/auth.c 2018-06-02 01:42:04.022165436 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/auth.c 2018-10-30 16:47:59.530263608 +0100 @@ -109,6 +109,9 @@ #include "upap.h" #include "chap-new.h" @@ -885,9 +890,9 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/auth.c +} +#endif + -diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/ccp.c +diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-1.102/pppd/ccp.c --- ppp-2.4.7/pppd/ccp.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/ccp.c 2018-06-02 01:42:04.022165436 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/ccp.c 2018-10-30 16:47:59.531263554 +0100 @@ -540,6 +540,9 @@ if (go->mppe) { ccp_options *ao = &ccp_allowoptions[f->unit]; @@ -923,9 +928,9 @@ diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/ccp.c lcp_close(f->unit, "MPPE required but not available"); return; } -diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/chap-md5.c +diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-1.102/pppd/chap-md5.c --- ppp-2.4.7/pppd/chap-md5.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/chap-md5.c 2018-06-02 01:42:04.022165436 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/chap-md5.c 2018-10-30 16:47:59.532263499 +0100 @@ -36,7 +36,11 @@ #include "chap-new.h" #include "chap-md5.h" @@ -938,12 +943,11 @@ diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/chap-md5. #define MD5_HASH_SIZE 16 #define MD5_MIN_CHALLENGE 16 -diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c +diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.102/pppd/eap-tls.c --- ppp-2.4.7/pppd/eap-tls.c 1970-01-01 01:00:00.000000000 +0100 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c 2018-06-02 01:42:16.790124406 +0200 -@@ -0,0 +1,1313 @@ -+/* -+ * eap-tls.c - EAP-TLS implementation for PPP ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/eap-tls.c 2018-11-02 16:53:05.996742547 +0100 +@@ -0,0 +1,1383 @@ ++/* * eap-tls.c - EAP-TLS implementation for PPP + * + * Copyright (c) Beniamino Galvani 2005 All rights reserved. + * @@ -999,14 +1003,20 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + +#ifdef MPPE + -+#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define EAPTLS_MPPE_KEY_LEN 32 ++ ++/* ++ * The following stuff is only needed if SSL_export_keying_material() is not available ++ */ ++ ++#if OPENSSL_VERSION_NUMBER < 0x10001000L + +/* + * https://wiki.openssl.org/index.php/1.1_API_Changes + * tries to provide some guidance but ultimately falls short. ++ * + */ + -+ +static void HMAC_CTX_free(HMAC_CTX *ctx) +{ + if (ctx != NULL) { @@ -1023,11 +1033,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + return ctx; +} + -+/* -+ * These were basically jacked directly from the OpenSSL tree -+ * without adjustments. -+ */ -+ +static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen) +{ @@ -1061,10 +1066,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + return outlen; +} + -+/* Avoid a deprecated warning in OpenSSL 1.1 whilst still allowing to build against 1.0.x */ -+#define TLS_method TLSv1_method -+ -+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + +/* + * TLS PRF from RFC 2246 @@ -1122,8 +1123,8 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + const unsigned char *seed, unsigned int seed_len, + unsigned char *out, unsigned char *buf, unsigned int out_len) +{ -+ unsigned int i; -+ unsigned int len = (secret_len + 1) / 2; ++ unsigned int i; ++ unsigned int len = (secret_len + 1) / 2; + const unsigned char *s1 = secret; + const unsigned char *s2 = secret + (secret_len - len); + @@ -1135,57 +1136,88 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + } +} + -+#define EAPTLS_MPPE_KEY_LEN 32 ++static int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, ++ const char *label, size_t llen, ++ const unsigned char *p, size_t plen, ++ int use_context) ++{ ++ unsigned char seed[64 + 2*SSL3_RANDOM_SIZE]; ++ unsigned char buf[4*EAPTLS_MPPE_KEY_LEN]; ++ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; ++ size_t master_key_length; ++ unsigned char *pp; ++ ++ pp = seed; ++ ++ memcpy(pp, label, llen); ++ pp += llen; ++ ++ llen += SSL_get_client_random(s, pp, SSL3_RANDOM_SIZE); ++ pp += SSL3_RANDOM_SIZE; ++ ++ llen += SSL_get_server_random(s, pp, SSL3_RANDOM_SIZE); ++ ++ master_key_length = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, ++ sizeof(master_key)); ++ PRF(master_key, master_key_length, seed, llen, out, buf, olen); ++ ++ return 1; ++} ++ ++#endif /* OPENSSL_VERSION_NUMBER < 0x10001000L */ ++ ++ ++/* ++ * OpenSSL 1.1+ introduced a generic TLS_method() ++ * For older releases we substitute the appropriate method ++ */ ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#define TLS_method SSLv23_method ++ ++#define SSL3_RT_HEADER 0x100 ++ ++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ ++ + +/* + * Generate keys according to RFC 2716 and add to reply + */ +void eaptls_gen_mppe_keys(struct eaptls_session *ets, const char *prf_label, -+ int client) ++ int client) +{ -+ unsigned char out[4*EAPTLS_MPPE_KEY_LEN], buf[4*EAPTLS_MPPE_KEY_LEN]; -+ unsigned char seed[64 + 2*SSL3_RANDOM_SIZE]; -+ unsigned char *p = seed; -+ SSL *s = ets->ssl; -+ size_t prf_size; -+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; -+ size_t master_key_length; ++ unsigned char out[4*EAPTLS_MPPE_KEY_LEN]; ++ size_t prf_size = strlen(prf_label); ++ unsigned char *p; + -+ prf_size = strlen(prf_label); ++ if (SSL_export_keying_material(ets->ssl, out, sizeof(out), prf_label, prf_size, NULL, 0, 0) != 1) ++ { ++ warn( "EAP-TLS: Failed generating keying material" ); ++ return; ++ } + -+ memcpy(p, prf_label, prf_size); -+ p += prf_size; -+ -+ prf_size += SSL_get_client_random(s, p, SSL3_RANDOM_SIZE); -+ p += SSL3_RANDOM_SIZE; -+ -+ prf_size += SSL_get_server_random(s, p, SSL3_RANDOM_SIZE); -+ -+ master_key_length = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, -+ sizeof(master_key)); -+ PRF(master_key, master_key_length, seed, prf_size, out, buf, sizeof(out)); -+ -+ /* -+ * We now have the master send and receive keys. -+ * From these, generate the session send and receive keys. -+ * (see RFC3079 / draft-ietf-pppext-mppe-keys-03.txt for details) -+ */ -+ if (client) -+ { ++ /* ++ * We now have the master send and receive keys. ++ * From these, generate the session send and receive keys. ++ * (see RFC3079 / draft-ietf-pppext-mppe-keys-03.txt for details) ++ */ ++ if (client) ++ { + p = out; + BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); + p += EAPTLS_MPPE_KEY_LEN; -+ BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); -+ } -+ else -+ { -+ p = out; -+ BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); ++ BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); ++ } ++ else ++ { ++ p = out; ++ BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); + p += EAPTLS_MPPE_KEY_LEN; + BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); -+ } ++ } + -+ mppe_keys_set = 1; ++ mppe_keys_set = 1; +} + +#endif @@ -1194,7 +1226,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c +{ + unsigned long ssl_err = ERR_get_error(); + -+ if (ssl_err != 0) ++ if (ssl_err != 0) + dbglog("EAP-TLS SSL error stack:"); + while (ssl_err != 0) { + dbglog( ERR_error_string( ssl_err, NULL ) ); @@ -1216,34 +1248,34 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + +CONF *eaptls_ssl_load_config( void ) +{ -+ CONF *config; -+ int ret_code; -+ long error_line = 33; ++ CONF *config; ++ int ret_code; ++ long error_line = 33; + -+ config = NCONF_new( NULL ); ++ config = NCONF_new( NULL ); + dbglog( "Loading OpenSSL config file" ); -+ ret_code = NCONF_load( config, _PATH_OPENSSLCONFFILE, &error_line ); -+ if (ret_code == 0) -+ { -+ warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", _PATH_OPENSSLCONFFILE, error_line ); -+ NCONF_free( config ); -+ config = NULL; -+ ERR_clear_error(); -+ } ++ ret_code = NCONF_load( config, _PATH_OPENSSLCONFFILE, &error_line ); ++ if (ret_code == 0) ++ { ++ warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", _PATH_OPENSSLCONFFILE, error_line ); ++ NCONF_free( config ); ++ config = NULL; ++ ERR_clear_error(); ++ } + + dbglog( "Loading OpenSSL built-ins" ); -+ ENGINE_load_builtin_engines(); -+ OPENSSL_load_builtin_modules(); ++ ENGINE_load_builtin_engines(); ++ OPENSSL_load_builtin_modules(); + + dbglog( "Loading OpenSSL configured modules" ); -+ if (CONF_modules_load( config, NULL, 0 ) <= 0 ) -+ { -+ warn( "EAP-TLS: Error loading OpenSSL modules" ); ++ if (CONF_modules_load( config, NULL, 0 ) <= 0 ) ++ { ++ warn( "EAP-TLS: Error loading OpenSSL modules" ); + log_ssl_errors(); -+ config = NULL; -+ } ++ config = NULL; ++ } + -+ return config; ++ return config; +} + +ENGINE *eaptls_ssl_load_engine( char *engine_name ) @@ -1255,7 +1287,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + + dbglog( "Loading OpenSSL '%s' engine support", engine_name ); + e = ENGINE_by_id( engine_name ); -+ if (!e) ++ if (!e) + { + dbglog( "EAP-TLS: Cannot load '%s' engine support, trying 'dynamic'", engine_name ); + e = ENGINE_by_id( "dynamic" ); @@ -1276,7 +1308,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + } + } + -+ if (e) ++ if (e) + { + dbglog( "Initialising engine" ); + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) @@ -1288,7 +1320,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + } + } + -+ return e; ++ return e; +} + +/* @@ -1303,30 +1335,32 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + char *pkey_engine_name = NULL; + char *pkey_identifier = NULL; + SSL_CTX *ctx; ++ SSL *ssl; + X509_STORE *certstore; + X509_LOOKUP *lookup; + X509 *tmp; ++ int ret; + + /* + * Without these can't continue + */ + if (!cacertfile[0]) -+ { ++ { + error("EAP-TLS: CA certificate missing"); + return NULL; -+ } ++ } + + if (!certfile[0]) -+ { ++ { + error("EAP-TLS: User certificate missing"); + return NULL; -+ } ++ } + + if (!privkeyfile[0]) -+ { ++ { + error("EAP-TLS: User private key missing"); + return NULL; -+ } ++ } + + SSL_library_init(); + SSL_load_error_strings(); @@ -1422,7 +1456,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + } + } + -+ SSL_CTX_set_default_passwd_cb (ctx, password_callback); ++ SSL_CTX_set_default_passwd_cb (ctx, password_callback); + + if (!SSL_CTX_load_verify_locations(ctx, cacertfile, NULL)) + { @@ -1430,7 +1464,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + goto fail; + } + -+ if (init_server) ++ if (init_server) + SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(cacertfile)); + + if (cert_engine) @@ -1468,13 +1502,41 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + } + else + { -+ if (!SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM)) ++ if (!SSL_CTX_use_certificate_chain_file(ctx, certfile)) + { + error( "EAP-TLS: Cannot use public certificate %s", certfile ); + goto fail; + } + } + ++ ++ /* ++ * Check the Before and After dates of the certificate ++ */ ++ ssl = SSL_new(ctx); ++ tmp = SSL_get_certificate(ssl); ++ ++ ret = X509_cmp_time(X509_get_notBefore(tmp), NULL); ++ if (ret == 0) ++ { ++ warn( "EAP-TLS: Failed to read certificate notBefore field."); ++ } ++ if (ret > 0) ++ { ++ warn( "EAP-TLS: Your certificate is not yet valid!"); ++ } ++ ++ ret = X509_cmp_time(X509_get_notAfter(tmp), NULL); ++ if (ret == 0) ++ { ++ warn( "EAP-TLS: Failed to read certificate notAfter field."); ++ } ++ if (ret < 0) ++ { ++ warn( "EAP-TLS: Your certificate has expired!"); ++ } ++ SSL_free(ssl); ++ + if (pkey_engine) + { + EVP_PKEY *pkey = NULL; @@ -1517,9 +1579,10 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + /* Explicitly set the NO_TICKETS flag to support Win7/Win8 clients */ + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 +#ifdef SSL_OP_NO_TICKET -+ | SSL_OP_NO_TICKET ++ | SSL_OP_NO_TICKET +#endif -+); ++ ); ++ + SSL_CTX_set_verify_depth(ctx, 5); + SSL_CTX_set_verify(ctx, + SSL_VERIFY_PEER | @@ -1543,33 +1606,33 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK); + } + -+ if (crl_file) { -+ FILE *fp = NULL; -+ X509_CRL *crl = NULL; ++ if (crl_file) { ++ FILE *fp = NULL; ++ X509_CRL *crl = NULL; + -+ fp = fopen(crl_file, "r"); -+ if (!fp) { -+ error("EAP-TLS: Cannot open CRL file '%s'", crl_file); -+ goto fail; -+ } ++ fp = fopen(crl_file, "r"); ++ if (!fp) { ++ error("EAP-TLS: Cannot open CRL file '%s'", crl_file); ++ goto fail; ++ } + -+ crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL); -+ if (!crl) { -+ error("EAP-TLS: Cannot read CRL file '%s'", crl_file); -+ goto fail; -+ } ++ crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL); ++ if (!crl) { ++ error("EAP-TLS: Cannot read CRL file '%s'", crl_file); ++ goto fail; ++ } + + if (!(certstore = SSL_CTX_get_cert_store(ctx))) { + error("EAP-TLS: Failed to get certificate store"); + goto fail; + } -+ if (!X509_STORE_add_crl(certstore, crl)) { -+ error("EAP-TLS: Cannot add CRL to certificate store"); -+ goto fail; -+ } ++ if (!X509_STORE_add_crl(certstore, crl)) { ++ error("EAP-TLS: Cannot add CRL to certificate store"); ++ goto fail; ++ } + X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK); + -+ } ++ } + + /* + * If a peer certificate file was specified, it must be valid, else fail @@ -1606,10 +1669,10 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + + mtu = ho->neg_mru? ho->mru: PPP_MRU; + mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU; -+ mtu = MIN(MIN(mtu, mru), ao->mru)- PPP_HDRLEN - 10; ++ mtu = MIN(MIN(mtu, mru), ao->mru)- PPP_HDRLEN - 10; + + dbglog("MTU = %d", mtu); -+ return mtu; ++ return mtu; +} + + @@ -1821,7 +1884,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + GETCHAR(flags, inp); + len--; + -+ if (flags & EAP_TLS_FLAGS_LI && len >= 4) { ++ if (flags & EAP_TLS_FLAGS_LI && len > 4) { + /* + * LenghtIncluded flag set -> this is the first packet of a message + */ @@ -1932,7 +1995,10 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + * Read from ssl + */ + if ((res = BIO_read(ets->from_ssl, fromtls, 65536)) == -1) -+ fatal("No data from BIO_read"); ++ { ++ warn("EAP-TLS send: No data from BIO_read"); ++ return 1; ++ } + + ets->datalen = res; + @@ -1945,7 +2011,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + } + + size = ets->datalen - ets->offset; -+ ++ + if (size > ets->mtu) { + size = ets->mtu; + ets->frag = 1; @@ -2009,13 +2075,12 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + * is done by ssl; we check the CN in the peer certificate + * against the peer name. + */ -+int ssl_verify_callback(int preverify_ok, X509_STORE_CTX * ctx) ++int ssl_verify_callback(int ok, X509_STORE_CTX * ctx) +{ + char subject[256]; + char cn_str[256]; + X509 *peer_cert; + int err, depth; -+ int ok = preverify_ok; + SSL *ssl; + struct eaptls_session *ets; + @@ -2025,7 +2090,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + + dbglog("certificate verify depth: %d", depth); + -+ if (auth_required && !ok) { ++ if (auth_required && !ok) { + X509_NAME_oneline(X509_get_subject_name(peer_cert), + subject, 256); + @@ -2065,7 +2130,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + */ + if (!ets->peer[0]) { + warn("Peer name not specified: no check"); -+ return 1; ++ return ok; + } + + /* @@ -2093,7 +2158,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + } + } + -+ return 1; ++ return ok; +} + +/* @@ -2142,7 +2207,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + struct eaptls_session *ets = (struct eaptls_session *)arg; + unsigned char code; + const unsigned char*msg = buf; -+ int hvers = msg[1] << 8 | msg[2]; ++ int hvers = msg[1] << 8 | msg[2]; + + if(write_p) + strcpy(string, " -> "); @@ -2166,12 +2231,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + case TLS1_2_VERSION: + strcat(string, "TLS 1.2"); + break; -+ case DTLS1_VERSION: -+ strcat(string, "DTLS 1.0"); -+ break; -+ case DTLS1_2_VERSION: -+ strcat(string, "DTLS 1.2"); -+ break; + default: + strcat(string, "Unknown version"); + } @@ -2235,9 +2294,25 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + strcat(string,"Client Key Exchange"); + break; + case SSL3_MT_FINISHED: -+ strcat(string,"Finished"); ++ strcat(string,"Finished: "); ++ hvers = SSL_version(ssl); ++ switch(hvers) { ++ case SSL3_VERSION: ++ strcat(string, "SSL 3.0"); ++ break; ++ case TLS1_VERSION: ++ strcat(string, "TLS 1.0"); ++ break; ++ case TLS1_1_VERSION: ++ strcat(string, "TLS 1.1"); ++ break; ++ case TLS1_2_VERSION: ++ strcat(string, "TLS 1.2"); ++ break; ++ default: ++ strcat(string, "Unknown version"); ++ } + break; -+ + default: + sprintf( string, "Handshake: Unknown SSL3 code received: %d", code ); + } @@ -2255,9 +2330,9 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.c + dbglog("%s", string); +} + -diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.h +diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-1.102/pppd/eap-tls.h --- ppp-2.4.7/pppd/eap-tls.h 1970-01-01 01:00:00.000000000 +0100 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.h 2018-06-02 01:42:04.023165433 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/eap-tls.h 2018-10-30 16:47:59.534263383 +0100 @@ -0,0 +1,107 @@ +/* + * eap-tls.h @@ -2366,9 +2441,9 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap-tls.h +#endif + +#endif -diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.c +diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-1.102/pppd/eap.c --- ppp-2.4.7/pppd/eap.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.c 2018-06-02 01:42:04.023165433 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/eap.c 2018-10-30 16:47:59.537263209 +0100 @@ -43,6 +43,11 @@ * Based on draft-ietf-pppext-eap-srp-03.txt. */ @@ -2972,9 +3047,9 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.c return (inp - pstart); } + -diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.h +diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-1.102/pppd/eap.h --- ppp-2.4.7/pppd/eap.h 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.h 2018-06-02 01:42:04.023165433 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/eap.h 2018-10-30 16:47:59.537263209 +0100 @@ -84,6 +84,16 @@ eapClosed, /* Authentication not in use */ eapListen, /* Client ready (and timer running) */ @@ -3043,9 +3118,9 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/eap.h #define EAP_DEFREQTIME 20 /* Time to wait for peer request */ #define EAP_DEFALLOWREQ 20 /* max # times to accept requests */ -diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.c +diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-1.102/pppd/md5.c --- ppp-2.4.7/pppd/md5.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.c 2018-06-02 01:42:04.023165433 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/md5.c 2018-10-30 16:47:59.538263156 +0100 @@ -33,6 +33,8 @@ *********************************************************************** */ @@ -3061,9 +3136,9 @@ diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.c */ +#endif /* USE_EAPTLS */ + -diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.h +diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-1.102/pppd/md5.h --- ppp-2.4.7/pppd/md5.h 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.h 2018-06-02 01:42:04.024165430 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/md5.h 2018-10-30 16:47:59.538263156 +0100 @@ -36,6 +36,7 @@ ** documentation and/or software. ** *********************************************************************** @@ -3078,9 +3153,9 @@ diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/md5.h #endif /* __MD5_INCLUDE__ */ + +#endif /* USE_EAPTLS */ -diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/pathnames.h +diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-1.102/pppd/pathnames.h --- ppp-2.4.7/pppd/pathnames.h 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pathnames.h 2018-06-02 01:42:04.024165430 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/pathnames.h 2018-10-30 16:47:59.539263095 +0100 @@ -21,6 +21,13 @@ #define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets" #define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets" @@ -3095,11 +3170,11 @@ diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/pathname #define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options" #define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up" #define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down" -diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/Makefile.linux +diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/Makefile.linux --- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/Makefile.linux 2018-06-02 01:42:04.024165430 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/Makefile.linux 2018-10-30 16:47:59.539263095 +0100 @@ -4,6 +4,9 @@ - LDFLAGS = -shared + LDFLAGS_SHARED = -shared INSTALL = install +# EAP-TLS @@ -3108,9 +3183,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-1.101b/pp DESTDIR = $(INSTROOT)@DESTDIR@ BINDIR = $(DESTDIR)/sbin MANDIR = $(DESTDIR)/share/man/man8 -diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passprompt.c +diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/passprompt.c --- ppp-2.4.7/pppd/plugins/passprompt.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passprompt.c 2018-06-02 01:42:04.024165430 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/passprompt.c 2018-10-30 16:47:59.540263023 +0100 @@ -107,4 +107,7 @@ { add_options(options); @@ -3119,9 +3194,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-1.101b/pppd + eaptls_passwd_hook = promptpass; +#endif } -diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passwordfd.c +diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/passwordfd.c --- ppp-2.4.7/pppd/plugins/passwordfd.c 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/plugins/passwordfd.c 2018-06-02 01:42:04.024165430 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/plugins/passwordfd.c 2018-10-30 16:47:59.540263023 +0100 @@ -79,4 +79,8 @@ chap_check_hook = pwfd_check; @@ -3131,9 +3206,9 @@ diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-1.101b/pppd + eaptls_passwd_hook = pwfd_passwd; +#endif } -diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.8 +diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-1.102/pppd/pppd.8 --- ppp-2.4.7/pppd/pppd.8 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.8 2018-06-02 01:42:04.025165427 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/pppd.8 2018-10-30 16:47:59.542262870 +0100 @@ -248,6 +248,12 @@ compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. @@ -3202,9 +3277,9 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.8 .B noauth Do not require the peer to authenticate itself. This option is privileged. -diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.h +diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-1.102/pppd/pppd.h --- ppp-2.4.7/pppd/pppd.h 2014-08-09 14:31:39.000000000 +0200 -+++ ppp-2.4.7-eaptls-mppe-1.101b/pppd/pppd.h 2018-06-02 01:42:04.025165427 +0200 ++++ ppp-2.4.7-eaptls-mppe-1.102/pppd/pppd.h 2018-10-30 16:47:59.542262870 +0100 @@ -325,6 +325,11 @@ extern bool dryrun; /* check everything, print options, exit */ extern int child_wait; /* # seconds to wait for children at end */ diff --git a/0013-everywhere-O_CLOEXEC-harder.patch b/ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch similarity index 99% rename from 0013-everywhere-O_CLOEXEC-harder.patch rename to ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch index d720c36..87613af 100644 --- a/0013-everywhere-O_CLOEXEC-harder.patch +++ b/ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch @@ -146,9 +146,9 @@ index 8a12fa0..00a2cf5 100644 #endif - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) + if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) + { warn("Couldn't open pty slave %s: %m", pty_name); - } - } + close(mfd); @@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid) for (i = 0; i < 64; ++i) { slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", diff --git a/0025-pppd-install-pppd-binary-using-standard-perms-755.patch b/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch similarity index 91% rename from 0025-pppd-install-pppd-binary-using-standard-perms-755.patch rename to ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch index 428d71a..bedb902 100644 --- a/0025-pppd-install-pppd-binary-using-standard-perms-755.patch +++ b/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch @@ -23,7 +23,7 @@ index 0e8107f..534ccc2 100644 + $(INSTALL) -c -m 644 pppd.8 $(MANDIR) pppd: $(PPPDOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) + $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS) -- 1.8.3.1 diff --git a/0009-pppd-introduce-ipv6-accept-remote.patch b/ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch similarity index 89% rename from 0009-pppd-introduce-ipv6-accept-remote.patch rename to ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch index af0f015..eddef5b 100644 --- a/0009-pppd-introduce-ipv6-accept-remote.patch +++ b/ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch @@ -19,8 +19,8 @@ index caa2b26..5a56c95 100644 + { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote, + "Accept peer's interface identifier for itself", 1 }, - { "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip, - "Use (default) IPv4 address as interface identifier", 1 }, + { "defaultroute6", o_bool, &ipv6cp_wantoptions[0].default_route, + "Add default IPv6 route", OPT_ENABLE|1, &ipv6cp_allowoptions[0].default_route }, @@ -437,6 +439,7 @@ ipv6cp_init(unit) memset(ao, 0, sizeof(*ao)); @@ -43,9 +43,9 @@ index cc4568d..8c7552e 100644 --- a/pppd/ipv6cp.h +++ b/pppd/ipv6cp.h @@ -150,7 +150,8 @@ - typedef struct ipv6cp_options { int neg_ifaceid; /* Negotiate interface identifier? */ int req_ifaceid; /* Ask peer to send interface identifier? */ + int default_route; /* Assign default route through interface? */ - int accept_local; /* accept peer's value for iface id? */ + int accept_local; /* accept peer's value for our iface id? */ + int accept_remote; /* accept peer's value for his iface id? */ diff --git a/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch b/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch similarity index 98% rename from 0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch rename to ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch index cf25dba..1b4a9cd 100644 --- a/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch +++ b/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch @@ -14,7 +14,7 @@ index 4271af6..9e957fa 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -428,7 +428,7 @@ setupapfile(argv) - option_error("unable to reset uid before opening %s: %m", fname); + free(fname); return 0; } - ufile = fopen(fname, "r"); diff --git a/0019-sys-linux-rework-get_first_ethernet.patch b/ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch similarity index 97% rename from 0019-sys-linux-rework-get_first_ethernet.patch rename to ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch index 9a8c3dd..780e068 100644 --- a/0019-sys-linux-rework-get_first_ethernet.patch +++ b/ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch @@ -68,12 +68,12 @@ index 9918091..b949716 100644 all: rp-pppoe.so pppoe-discovery -pppoe-discovery: pppoe-discovery.o debug.o -- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o +- $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o +pppoe-discovery: pppoe-discovery.o debug.o common.o -+ $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev ++ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev pppoe-discovery.o: pppoe-discovery.c - $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c + $(CC) $(CFLAGS) -I../../.. -c -o pppoe-discovery.o pppoe-discovery.c diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c index c0d927d..2bd910f 100644 --- a/pppd/plugins/rp-pppoe/pppoe-discovery.c @@ -111,7 +111,7 @@ index c0d927d..2bd910f 100644 conn->discoverySocket = -1; conn->sessionSocket = -1; @@ -722,3 +734,104 @@ void usage(void) - fprintf(stderr, "Usage: pppoe-discovery [options]\n"); + " -h -- Print usage information.\n"); fprintf(stderr, "\nVersion " RP_VERSION "\n"); } + diff --git a/ppp-2.4.8.tar.gz b/ppp-2.4.8.tar.gz new file mode 100644 index 0000000..a95164e Binary files /dev/null and b/ppp-2.4.8.tar.gz differ diff --git a/ppp.spec b/ppp.spec index 8005c99..0f93dc4 100644 --- a/ppp.spec +++ b/ppp.spec @@ -1,6 +1,6 @@ Name: ppp -Version: 2.4.7 -Release: 29 +Version: 2.4.8 +Release: 1 Summary: The Point-to-Point Protocol License: BSD and LGPLv2+ and GPLv2+ and Public Domain @@ -21,6 +21,7 @@ Source11: ppp-logrotate.conf Source12: ppp-tmpfiles.conf BuildRequires: gcc glib2-devel libpcap-devel openssl-devel pam-devel systemd systemd-devel +BuildRequires: ppp Requires: libpcap >= 14:0.8.3-6 glibc >= 2.0.6 systemd /etc/pam.d/system-auth network-scripts Supplements: (network-scripts) Requires(pre): /usr/bin/getent @@ -30,34 +31,31 @@ Obsoletes: network-scripts-ppp # Patch0001-Patch0028 are from Fedora29 Patch0001: 0001-build-sys-use-gcc-as-our-compiler-of-choice.patch -Patch0002: 0002-build-sys-enable-PAM-support.patch -Patch0003: 0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch +Patch0002: ppp-2.4.8-build-sys-enable-PAM-support.patch +Patch0003: ppp-2.4.8-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch Patch0004: 0004-doc-add-configuration-samples.patch -Patch0005: 0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch +Patch0005: ppp-2.4.8-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch Patch0006: 0006-scritps-use-change_resolv_conf-function.patch Patch0007: 0007-build-sys-don-t-strip-binaries-during-installation.patch Patch0008: 0008-build-sys-use-prefix-usr-instead-of-usr-local.patch -Patch0009: 0009-pppd-introduce-ipv6-accept-remote.patch +Patch0009: ppp-2.4.8-pppd-introduce-ipv6-accept-remote.patch Patch0010: 0010-build-sys-enable-CBCP.patch Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch -Patch0012: 0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch -Patch0013: 0013-everywhere-O_CLOEXEC-harder.patch +Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch +Patch0013: ppp-2.4.8-everywhere-O_CLOEXEC-harder.patch Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch Patch0018: 0018-scritps-fix-ip-up.local-sample.patch -Patch0019: 0019-sys-linux-rework-get_first_ethernet.patch +Patch0019: ppp-2.4.8-sys-linux-rework-get_first_ethernet.patch Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch -Patch0021: 0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch -Patch0022: 0022-build-sys-compile-pppol2tp-with-multilink-support.patch +Patch0021: ppp-2.4.8-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch +Patch0022: ppp-2.4.8-build-sys-compile-pppol2tp-with-multilink-support.patch Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch -Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch -Patch0026: ppp-2.4.7-eaptls-mppe-1.101.patch -Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch +Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch +Patch0026: ppp-2.4.8-eaptls-mppe-1.102.patch -Patch0029: ppp-2.4.7-DES-openssl.patch -Patch0030: ppp-2.4.7-honor-ldflags.patch Patch6000: ppp-CVE-2015-3310.patch Patch6001: ppp-CVE-2020-8597.patch @@ -78,7 +76,8 @@ building plugins for the %{name}. %package_help %prep -%autosetup -n %{name}-%{version} -p1 +%setup -qn %{name}-%{version} +%autopatch -p1 tar -xvJf %{SOURCE1} mkdir ppp mkdir network-scripts @@ -94,14 +93,14 @@ cp %{SOURCE9} network-scripts %build export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing" RPM_LD_FLAGS="$LDFLAGS" %configure -make %{?_smp_mflags} LDFLAGS="%{?build_ldflags}" -make -C ppp-watch %{?_smp_mflags} LDFLAGS="%{?build_ldflags}" +%{make_build} LDFLAGS="%{?build_ldflags}" +%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags}" %install make install INSTROOT=$RPM_BUILD_ROOT install-etcppp find scripts -type f | xargs chmod a-x make install ROOT=$RPM_BUILD_ROOT -C ppp-watch - +cp -a %{_libdir}/pppd/2.4.7 %{buildroot}%{_libdir}/pppd/ mkdir -p %{buildroot}%{_sysconfdir}/ppp mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/network-scripts mkdir -p %{buildroot}%{_localstatedir}/log/ppp @@ -119,6 +118,10 @@ install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/ppp install -m 644 -p %{SOURCE11} %{buildroot}%{_sysconfdir}/logrotate.d/ppp install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf +#ghosts +mkdir -p %{buildroot}%{_rundir}/ppp +mkdir -p %{buildroot}%{_rundir}/lock/ppp + %pre /usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || : @@ -136,11 +139,12 @@ install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf %config(noreplace) %{_sysconfdir}/pam.d/ppp %config(noreplace) %{_sysconfdir}/logrotate.d/ppp %{_prefix}/lib/tmpfiles.d/*.conf -%{_libdir}/pppd/2.4.7/*.so +%{_libdir}/pppd/%{version}/*.so +%{_libdir}/pppd/2.4.7 %{_sbindir}/chat %{_sbindir}/ppp* -%ghost %dir /run/ppp -%ghost %dir /run/lock/ppp +%ghost %dir %{_rundir}/ppp +%ghost %dir %{_rundir}/lock/ppp %attr(700, root, root) %dir %{_localstatedir}/log/ppp %files devel @@ -152,6 +156,12 @@ install -m 644 -p %{SOURCE12} %{buildroot}%{_prefix}/lib/tmpfiles.d/ppp.conf %{_mandir}/man8/*.8.gz %changelog +* Tue Jun 30 2020 yuboyun - 2.4.8-1 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:update ppp version from 2.4.7 to 2.4.8 + * Tue Mar 17 2020 chenzhen - 2.4.7-29 - Type:cves - ID:CVE-2020-8597