[arch-commits] Commit in ppp/repos (14 files)

Evangelos Foutras foutrelis at archlinux.org
Wed Nov 13 17:46:37 UTC 2019


    Date: Wednesday, November 13, 2019 @ 17:46:37
  Author: foutrelis
Revision: 368401

archrelease: copy trunk to staging-x86_64

Added:
  ppp/repos/staging-x86_64/
  ppp/repos/staging-x86_64/CVE-2015-3310.patch
    (from rev 368400, ppp/trunk/CVE-2015-3310.patch)
  ppp/repos/staging-x86_64/LICENSE
    (from rev 368400, ppp/trunk/LICENSE)
  ppp/repos/staging-x86_64/PKGBUILD
    (from rev 368400, ppp/trunk/PKGBUILD)
  ppp/repos/staging-x86_64/ip-down
    (from rev 368400, ppp/trunk/ip-down)
  ppp/repos/staging-x86_64/ip-down.d.dns.sh
    (from rev 368400, ppp/trunk/ip-down.d.dns.sh)
  ppp/repos/staging-x86_64/ip-up
    (from rev 368400, ppp/trunk/ip-up)
  ppp/repos/staging-x86_64/ip-up.d.dns.sh
    (from rev 368400, ppp/trunk/ip-up.d.dns.sh)
  ppp/repos/staging-x86_64/ipv6-down
    (from rev 368400, ppp/trunk/ipv6-down)
  ppp/repos/staging-x86_64/ipv6-up
    (from rev 368400, ppp/trunk/ipv6-up)
  ppp/repos/staging-x86_64/ipv6-up.d.iface-config.sh
    (from rev 368400, ppp/trunk/ipv6-up.d.iface-config.sh)
  ppp/repos/staging-x86_64/options
    (from rev 368400, ppp/trunk/options)
  ppp/repos/staging-x86_64/ppp-2.4.6-makefiles.patch
    (from rev 368400, ppp/trunk/ppp-2.4.6-makefiles.patch)
  ppp/repos/staging-x86_64/ppp.systemd
    (from rev 368400, ppp/trunk/ppp.systemd)

---------------------------+
 CVE-2015-3310.patch       |   18 ++
 LICENSE                   |    7 
 PKGBUILD                  |   97 ++++++++++++
 ip-down                   |   12 +
 ip-down.d.dns.sh          |    7 
 ip-up                     |   12 +
 ip-up.d.dns.sh            |   11 +
 ipv6-down                 |   12 +
 ipv6-up                   |   12 +
 ipv6-up.d.iface-config.sh |    4 
 options                   |  352 ++++++++++++++++++++++++++++++++++++++++++++
 ppp-2.4.6-makefiles.patch |  270 +++++++++++++++++++++++++++++++++
 ppp.systemd               |    9 +
 13 files changed, 823 insertions(+)

Copied: ppp/repos/staging-x86_64/CVE-2015-3310.patch (from rev 368400, ppp/trunk/CVE-2015-3310.patch)
===================================================================
--- staging-x86_64/CVE-2015-3310.patch	                        (rev 0)
+++ staging-x86_64/CVE-2015-3310.patch	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,18 @@
+Fix buffer overflow in rc_mksid()
+
+rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
+If the process id is bigger than 65535 (FFFF), its hex representation will be
+longer than 4 characters, resulting in a buffer overflow.
+ 
+The bug can be exploited to cause a remote DoS.
+--- ppp-2.4.7/pppd/plugins/radius/util.c
++++ ppp-2.4.7/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+   static unsigned short int cnt = 0;
+   sprintf (buf, "%08lX%04X%02hX",
+ 	   (unsigned long int) time (NULL),
+-	   (unsigned int) getpid (),
++	   (unsigned int) getpid () & 0xFFFF,
+ 	   cnt & 0xFF);
+   cnt++;
+   return buf;

Copied: ppp/repos/staging-x86_64/LICENSE (from rev 368400, ppp/trunk/LICENSE)
===================================================================
--- staging-x86_64/LICENSE	                        (rev 0)
+++ staging-x86_64/LICENSE	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,7 @@
+Copyrights:
+***********
+
+All of the code can be freely used and redistributed.  The individual
+source files each have their own copyright and permission notice.
+Pppd, pppstats and pppdump are under BSD-style notices.  Some of the
+pppd plugins are GPL'd.  Chat is public domain.

Copied: ppp/repos/staging-x86_64/PKGBUILD (from rev 368400, ppp/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,97 @@
+# Maintainer: Thomas Baechler <thomas at archlinux.org>
+pkgname=ppp
+pkgver=2.4.7
+pkgrel=6
+pkgdesc="A daemon which implements the Point-to-Point Protocol for dial-up networking"
+arch=(x86_64)
+url="https://www.samba.org/ppp/"
+license=('GPL' 'BSD')
+depends=('glibc' 'libpcap>=1.0.0' 'openssl')
+backup=(etc/ppp/{chap-secrets,pap-secrets,options,ip-up,ip-down,ip-down.d/00-dns.sh,ip-up.d/00-dns.sh,ipv6-up.d/00-iface-config.sh})
+source=(https://download.samba.org/pub/ppp/ppp-${pkgver}.tar.gz{,.asc}
+        ppp-2.4.6-makefiles.patch
+        options
+        ip-up
+        ip-down
+        ip-up.d.dns.sh
+        ip-down.d.dns.sh
+        ipv6-up
+        ipv6-down
+        ipv6-up.d.iface-config.sh
+        ppp.systemd
+        CVE-2015-3310.patch
+        ppp-build-fix.patch::"https://github.com/paulusmack/ppp/commit/50a2997b.patch"
+        ppp-openssl.patch::https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch
+        LICENSE)
+sha256sums=('02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30'
+            'SKIP'
+            'f04f47318226c79594f45b8b75877c30710d22fe0fb1e2e17db3b4257dc4218c'
+            '0933fecb9e0adaddd88ee1e049a5f3a0508e83b81dc1aa333df784e729ab4b6e'
+            'ddef42b2cc5d49e81556dc9dbacf5ee3bf8dc32704f3670c2233eed42c4a4efd'
+            '658630ba4c5cb583df80af6d4df81df8ae20798f63cc4b9cec8d4dad13a6a897'
+            'aafb75b978aa13225444dc6b914fab324d686821be93c49e893800e647aa7648'
+            '17b486fa69a71dafcbe543dc4f2b8cb9ed31e675aabc5f6c98ef94dbc1561c85'
+            'bb3f44a4f2c4b8dbe7f84d77feae90a71caa9fa3c252a20c390e015d4f8ea248'
+            '77292b79f99f97a01aa9a75cd7cd93da70d746d3b8cc60f35b31dfe0568544c0'
+            '20780cf4bd0774bebb55ecb3bdae7667c9ae5cbe003a52a1ecb0bbc77d46260f'
+            'eb8ab2e2d71c3bb9c4297cf847b6e9d52616a3fdbf2257c479cc43dff318c831'
+            'f0fe7e7d9b35141c2565a09e39c4f66b475ed3fe8e2528d10faa4412f480e338'
+            '94225c64e806e75d6f792649c4beb26a791c4994c2701dc6a47cfccf3d91e4bf'
+            '3f199d83d2632274dbbe7345e5369891469f64642f28e4afb471747a88888b62'
+            '96fd35104e3d0ec472517afecead88419913ae73ae0189476d5dad9029c2be42')
+validpgpkeys=('631E179E370CD727A7F2A33A9E4295D605F66CE9') # Paul Mackerras (Signing key) <paulus at samba.org>
+
+prepare() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  patch -p1 -i "${srcdir}/ppp-2.4.6-makefiles.patch"
+  patch -p1 -i "${srcdir}/CVE-2015-3310.patch"
+  patch -p1 -i "${srcdir}/ppp-build-fix.patch"
+  patch -p1 -i "${srcdir}/ppp-openssl.patch"
+
+  # enable active filter
+  sed -i "s:^#FILTER=y:FILTER=y:" pppd/Makefile.linux
+  # enable ipv6 support
+  sed -i "s:^#HAVE_INET6=y:HAVE_INET6=y:" pppd/Makefile.linux
+  # Enable Microsoft proprietary Callback Control Protocol
+  sed -i "s:^#CBCP=y:CBCP=y:" pppd/Makefile.linux 
+}
+
+build() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  # -D_GNU_SOURCE is needed for IPv6 to work apparently
+  CFLAGS="$CPPFLAGS $CFLAGS -D_GNU_SOURCE" LDFLAGS="$LDFLAGS" ./configure --prefix=/usr
+  make 
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make INSTROOT="${pkgdir}" install 
+
+  install -D -m644 ../options "${pkgdir}/etc/ppp/options"
+  install -D -m755 ../ip-up   "${pkgdir}/etc/ppp/ip-up"
+  install -D -m755 ../ip-down "${pkgdir}/etc/ppp/ip-down"
+  install -d -m755 "${pkgdir}/etc/ppp/ip-up.d"
+  install -d -m755 "${pkgdir}/etc/ppp/ip-down.d"
+  install -m755 ../ip-up.d.dns.sh   "${pkgdir}/etc/ppp/ip-up.d/00-dns.sh"
+  install -m755 ../ip-down.d.dns.sh "${pkgdir}/etc/ppp/ip-down.d/00-dns.sh"
+  install -D -m755 ../ipv6-up   "${pkgdir}/etc/ppp/ipv6-up"
+  install -D -m755 ../ipv6-down "${pkgdir}/etc/ppp/ipv6-down"
+  install -d -m755 "${pkgdir}/etc/ppp/ipv6-up.d"
+  install -d -m755 "${pkgdir}/etc/ppp/ipv6-down.d"
+  install -m755 ../ipv6-up.d.iface-config.sh "${pkgdir}/etc/ppp/ipv6-up.d/00-iface-config.sh"
+
+  install -D -m755 scripts/pon  "${pkgdir}/usr/bin/pon"
+  install -D -m755 scripts/poff "${pkgdir}/usr/bin/poff"
+  install -D -m755 scripts/plog "${pkgdir}/usr/bin/plog"
+  install -D -m644 scripts/pon.1 "${pkgdir}/usr/share/man/man1/pon.1"
+  install -D -m600 etc.ppp/pap-secrets  "${pkgdir}/etc/ppp/pap-secrets"
+  install -D -m600 etc.ppp/chap-secrets "${pkgdir}/etc/ppp/chap-secrets"
+  install -d -m755 "${pkgdir}/etc/ppp/peers" 
+  chmod 0755 "${pkgdir}/usr/lib/pppd/${pkgver}"/*.so
+
+  install -D -m644 "${srcdir}"/ppp.systemd "${pkgdir}"/usr/lib/systemd/system/ppp at .service
+
+  install -Dm644 "$srcdir"/LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
+}

Copied: ppp/repos/staging-x86_64/ip-down (from rev 368400, ppp/trunk/ip-down)
===================================================================
--- staging-x86_64/ip-down	                        (rev 0)
+++ staging-x86_64/ip-down	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# This script is run by pppd after the connection has ended.
+#
+
+# Execute all scripts in /etc/ppp/ip-down.d/
+for ipdown in /etc/ppp/ip-down.d/*.sh; do
+  if [ -x $ipdown ]; then
+    # Parameters: interface-name tty-device speed local-IP-address remote-IP-address ipparam
+    $ipdown "$@"
+  fi
+done

Copied: ppp/repos/staging-x86_64/ip-down.d.dns.sh (from rev 368400, ppp/trunk/ip-down.d.dns.sh)
===================================================================
--- staging-x86_64/ip-down.d.dns.sh	                        (rev 0)
+++ staging-x86_64/ip-down.d.dns.sh	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -x /usr/bin/resolvconf ]; then
+  /usr/bin/resolvconf -fd ${IFNAME}
+else
+  [ -e /etc/resolv.conf.backup.${IFNAME} ] && mv /etc/resolv.conf.backup.${IFNAME} /etc/resolv.conf
+fi

Copied: ppp/repos/staging-x86_64/ip-up (from rev 368400, ppp/trunk/ip-up)
===================================================================
--- staging-x86_64/ip-up	                        (rev 0)
+++ staging-x86_64/ip-up	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# This script is run by pppd when there's a successful ppp connection.
+#
+
+# Execute all scripts in /etc/ppp/ip-up.d/
+for ipup in /etc/ppp/ip-up.d/*.sh; do
+  if [ -x $ipup ]; then
+    # Parameters: interface-name tty-device speed local-IP-address remote-IP-address ipparam
+    $ipup "$@"
+  fi
+done

Copied: ppp/repos/staging-x86_64/ip-up.d.dns.sh (from rev 368400, ppp/trunk/ip-up.d.dns.sh)
===================================================================
--- staging-x86_64/ip-up.d.dns.sh	                        (rev 0)
+++ staging-x86_64/ip-up.d.dns.sh	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ "$USEPEERDNS" = "1" -a -f /etc/ppp/resolv.conf ]; then
+  if [ -x /usr/bin/resolvconf ]; then
+    /usr/bin/resolvconf -a ${IFNAME} </etc/ppp/resolv.conf
+  else
+    [ -e /etc/resolv.conf ] && mv /etc/resolv.conf /etc/resolv.conf.backup.${IFNAME}
+    mv /etc/ppp/resolv.conf /etc/resolv.conf
+    chmod 644 /etc/resolv.conf
+  fi
+fi

Copied: ppp/repos/staging-x86_64/ipv6-down (from rev 368400, ppp/trunk/ipv6-down)
===================================================================
--- staging-x86_64/ipv6-down	                        (rev 0)
+++ staging-x86_64/ipv6-down	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# This script is run by pppd after the connection has ended.
+#
+
+# Execute all scripts in /etc/ppp/ipv6-down.d/
+for ipdown in /etc/ppp/ipv6-down.d/*.sh; do
+  if [ -x $ipdown ]; then
+    # Parameters: interface-name tty-device speed local-link-local-address remote-link-local-address ipparam
+    $ipdown "$@"
+  fi
+done

Copied: ppp/repos/staging-x86_64/ipv6-up (from rev 368400, ppp/trunk/ipv6-up)
===================================================================
--- staging-x86_64/ipv6-up	                        (rev 0)
+++ staging-x86_64/ipv6-up	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# This script is run by pppd when there's a successful ppp connection.
+#
+
+# Execute all scripts in /etc/ppp/ipv6-up.d/
+for ipup in /etc/ppp/ipv6-up.d/*.sh; do
+  if [ -x $ipup ]; then
+    # Parameters: interface-name tty-device speed local-link-local-address remote-link-local-address ipparam
+    $ipup "$@"
+  fi
+done

Copied: ppp/repos/staging-x86_64/ipv6-up.d.iface-config.sh (from rev 368400, ppp/trunk/ipv6-up.d.iface-config.sh)
===================================================================
--- staging-x86_64/ipv6-up.d.iface-config.sh	                        (rev 0)
+++ staging-x86_64/ipv6-up.d.iface-config.sh	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo 0 > /proc/sys/net/ipv6/conf/$1/use_tempaddr
+echo 2 > /proc/sys/net/ipv6/conf/$1/accept_ra

Copied: ppp/repos/staging-x86_64/options (from rev 368400, ppp/trunk/options)
===================================================================
--- staging-x86_64/options	                        (rev 0)
+++ staging-x86_64/options	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,352 @@
+# /etc/ppp/options
+# 
+# Originally created by Jim Knoble <jmknoble at mercury.interpath.net>
+# Modified for Debian by alvar Bray <alvar at meiko.co.uk>
+# Modified for PPP Server setup by Christoph Lameter <clameter at debian.org>
+# Modified for ArchLinux by Manolis Tzanidakis <manolis at archlinux.org>
+#
+# To quickly see what options are active in this file, use this command:
+#   egrep -v '#|^ *$' /etc/ppp/options
+
+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
+# Two Servers can be remotely configured
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.2
+
+# Specify which WINS Servers the incoming connection Win95 or WinNT should use
+# ms-wins 192.168.1.50
+# ms-wins 192.168.1.51
+
+# Run the executable or shell command specified after pppd has
+# terminated the link.  This script could, for example, issue commands
+# to the modem to cause it to hang up if hardware modem control signals
+# were not available.
+#disconnect "chat -- \d+++\d\c OK ath0 OK"
+
+# async character map -- 32-bit hex; each bit is a character
+# that needs to be escaped for pppd to receive it.  0x00000001
+# represents '\x01', and 0x80000000 represents '\x1f'.
+asyncmap 0
+
+# Require the peer to authenticate itself before allowing network
+# packets to be sent or received.
+# Please do not disable this setting. It is expected to be standard in
+# future releases of pppd. Use the call option (see manpage) to disable
+# authentication for specific peers.
+auth
+
+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+# on the serial port.
+crtscts
+
+# Use software flow control (i.e. XON/XOFF) to control the flow of data
+# on the serial port.
+#xonxoff
+
+# Specifies that certain characters should be escaped on transmission
+# (regardless of whether the peer requests them to be escaped with its
+# async control character map).  The characters to be escaped are
+# specified as a list of hex numbers separated by commas.  Note that
+# almost any character can be specified for the escape option, unlike
+# the asyncmap option which only allows control characters to be
+# specified.  The characters which may not be escaped are those with hex
+# values 0x20 - 0x3f or 0x5e.
+#escape 11,13,ff
+
+# Don't use the modem control lines.
+#local
+
+# Specifies that pppd should use a UUCP-style lock on the serial device
+# to ensure exclusive access to the device.
+lock
+
+# Don't show the passwords when logging the contents of PAP packets.
+# This is the default.
+hide-password
+
+# When logging the contents of PAP packets, this option causes pppd to
+# show the password string in the log message.
+#show-password
+
+# Use the modem control lines.  On Ultrix, this option implies hardware
+# flow control, as for the crtscts option.  (This option is not fully
+# implemented.)
+modem
+
+# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
+# will ask the peer to send packets of no more than <n> bytes. The
+# minimum MRU value is 128.  The default MRU value is 1500.  A value of
+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
+# bytes of data).
+#mru 542
+
+# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+# notation (e.g. 255.255.255.0).
+#netmask 255.255.255.0
+
+# Disables the default behaviour when no local IP address is specified,
+# which is to determine (if possible) the local IP address from the
+# hostname. With this option, the peer will have to supply the local IP
+# address during IPCP negotiation (unless it specified explicitly on the
+# command line or in an options file).
+#noipdefault
+
+# Enables the "passive" option in the LCP.  With this option, pppd will
+# attempt to initiate a connection; if no reply is received from the
+# peer, pppd will then just wait passively for a valid LCP packet from
+# the peer (instead of exiting, as it does without this option).
+#passive
+
+# With this option, pppd will not transmit LCP packets to initiate a
+# connection until a valid LCP packet is received from the peer (as for
+# the "passive" option with old versions of pppd).
+#silent
+
+# Don't request or allow negotiation of any options for LCP and IPCP
+# (use default values).
+#-all
+
+# Disable Address/Control compression negotiation (use default, i.e.
+# address/control field disabled).
+#-ac
+
+# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
+# all control characters).
+#-am
+
+# Don't fork to become a background process (otherwise pppd will do so
+# if a serial device is specified).
+#-detach
+
+# Disable IP address negotiation (with this option, the remote IP
+# address must be specified with an option on the command line or in
+# an options file).
+#-ip
+
+# Disable IPCP negotiation and IP communication. This option should
+# only be required if the peer is buggy and gets confused by requests
+# from pppd for IPCP negotiation.
+#noip
+
+# Disable magic number negotiation.  With this option, pppd cannot
+# detect a looped-back line.
+#-mn
+
+# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
+# 1500).
+#-mru
+
+# Disable protocol field compression negotiation (use default, i.e.
+# protocol field compression disabled).
+#-pc
+
+# Require the peer to authenticate itself using PAP.
+#+pap
+
+# Don't agree to authenticate using PAP.
+#-pap
+
+# Require the peer to authenticate itself using CHAP [Cryptographic
+# Handshake Authentication Protocol] authentication.
+#+chap
+
+# Don't agree to authenticate using CHAP.
+#-chap
+
+# Disable negotiation of Van Jacobson style IP header compression (use
+# default, i.e. no compression).
+#-vj
+
+# Increase debugging level (same as -d).  If this option is given, pppd
+# will log the contents of all control packets sent or received in a
+# readable form.  The packets are logged through syslog with facility
+# daemon and level debug. This information can be directed to a file by
+# setting up /etc/syslog.conf appropriately (see syslog.conf(5)).  (If
+# pppd is compiled with extra debugging enabled, it will log messages
+# using facility local2 instead of daemon).
+#debug
+
+# Append the domain name <d> to the local host name for authentication
+# purposes.  For example, if gethostname() returns the name porsche,
+# but the fully qualified domain name is porsche.Quotron.COM, you would
+# use the domain option to set the domain name to Quotron.COM.
+#domain <d>
+
+# Enable debugging code in the kernel-level PPP driver.  The argument n
+# is a number which is the sum of the following values: 1 to enable
+# general debug messages, 2 to request that the contents of received
+# packets be printed, and 4 to request that the contents of transmitted
+# packets be printed.
+#kdebug n
+
+# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
+# requests a smaller value via MRU negotiation, pppd will request that
+# the kernel networking code send data packets of no more than n bytes
+# through the PPP network interface.
+#mtu <n>
+
+# Set the name of the local system for authentication purposes to <n>.
+# This is a privileged option. With this option, pppd will use lines in the
+# secrets files which have <n> as the second field when looking for a
+# secret to use in authenticating the peer. In addition, unless overridden
+# with the user option, <n> will be used as the name to send to the peer
+# when authenticating the local system to the peer. (Note that pppd does
+# not append the domain name to <n>.)
+#name <n>
+
+# Enforce the use of the hostname as the name of the local system for
+# authentication purposes (overrides the name option).
+#usehostname
+
+# Set the assumed name of the remote system for authentication purposes
+# to <n>.
+#remotename <n>
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system.
+proxyarp
+
+# Use the system password database for authenticating the peer using
+# PAP. Note: mgetty already provides this option. If this is specified
+# then dialin from users using a script under Linux to fire up ppp wont work.
+# login
+
+# If this option is given, pppd will send an LCP echo-request frame to the
+# peer every n seconds. Normally the peer should respond to the echo-request
+# by sending an echo-reply. This option can be used with the
+# lcp-echo-failure option to detect that the peer is no longer connected.
+lcp-echo-interval 30
+
+# If this option is given, pppd will presume the peer to be dead if n
+# LCP echo-requests are sent without receiving a valid LCP echo-reply.
+# If this happens, pppd will terminate the connection.  Use of this
+# option requires a non-zero value for the lcp-echo-interval parameter.
+# This option can be used to enable pppd to terminate after the physical
+# connection has been broken (e.g., the modem has hung up) in
+# situations where no hardware modem control lines are available.
+lcp-echo-failure 4
+
+# Set the LCP restart interval (retransmission timeout) to <n> seconds
+# (default 3).
+#lcp-restart <n>
+
+# Set the maximum number of LCP terminate-request transmissions to <n>
+# (default 3).
+#lcp-max-terminate <n>
+
+# Set the maximum number of LCP configure-request transmissions to <n>
+# (default 10).
+#lcp-max-configure <n>
+
+# Set the maximum number of LCP configure-NAKs returned before starting
+# to send configure-Rejects instead to <n> (default 10).
+#lcp-max-failure <n>
+
+# Set the IPCP restart interval (retransmission timeout) to <n>
+# seconds (default 3).
+#ipcp-restart <n>
+
+# Set the maximum number of IPCP terminate-request transmissions to <n>
+# (default 3).
+#ipcp-max-terminate <n>
+
+# Set the maximum number of IPCP configure-request transmissions to <n>
+# (default 10).
+#ipcp-max-configure <n>
+
+# Set the maximum number of IPCP configure-NAKs returned before starting
+# to send configure-Rejects instead to <n> (default 10).
+#ipcp-max-failure <n>
+
+# Set the PAP restart interval (retransmission timeout) to <n> seconds
+# (default 3).
+#pap-restart <n>
+
+# Set the maximum number of PAP authenticate-request transmissions to
+# <n> (default 10).
+#pap-max-authreq <n>
+
+# Set the maximum time that pppd will wait for the peer to authenticate
+# itself with PAP to <n> seconds (0 means no limit).
+#pap-timeout <n>
+
+# Set the CHAP restart interval (retransmission timeout for
+# challenges) to <n> seconds (default 3).
+#chap-restart <n>
+
+# Set the maximum number of CHAP challenge transmissions to <n>
+# (default 10).
+#chap-max-challenge
+
+# If this option is given, pppd will rechallenge the peer every <n>
+# seconds.
+#chap-interval <n>
+
+# With this option, pppd will accept the peer's idea of our local IP
+# address, even if the local IP address was specified in an option.
+#ipcp-accept-local
+
+# With this option, pppd will accept the peer's idea of its (remote) IP
+# address, even if the remote IP address was specified in an option.
+#ipcp-accept-remote
+
+# Disable the IPXCP and IPX protocols.
+# To let pppd pass IPX packets comment this out --- you'll probably also
+# want to install ipxripd, and have the Internal IPX Network option enabled
+# in your kernel.  /usr/doc/HOWTO/IPX-HOWTO.gz contains more info.
+noipx
+
+# Exit once a connection has been made and terminated. This is the default,
+# unless the `persist' or `demand' option has been specified.
+#nopersist
+
+# Do not exit after a connection is terminated; instead try to reopen
+# the connection.
+#persist
+
+# Terminate after n consecutive failed connection attempts.
+# A value of 0 means no limit. The default value is 10.
+#maxfail <n>
+
+# Initiate the link only on demand, i.e. when data traffic is present. 
+# With this option, the remote IP address must be specified by the user on
+# the command line or in an options file.  Pppd will initially configure
+# the interface and enable it for IP traffic without connecting to the peer. 
+# When traffic is available, pppd will connect to the peer and perform
+# negotiation, authentication, etc.  When this is completed, pppd will
+# commence passing data packets (i.e., IP packets) across the link.
+#demand
+
+# Specifies that pppd should disconnect if the link is idle for <n> seconds.
+# The link is idle when no data packets (i.e. IP packets) are being sent or
+# received.  Note: it is not advisable to use this option with the persist
+# option without the demand option.  If the active-filter option is given,
+# data packets which are rejected by the specified activity filter also
+# count as the link being idle.
+#idle <n>
+
+# Specifies how many seconds to wait before re-initiating the link after
+# it terminates.  This option only has any effect if the persist or demand
+# option is used.  The holdoff period is not applied if the link was
+# terminated because it was idle.
+#holdoff <n>
+
+# Wait for up n milliseconds after the connect script finishes for a valid
+# PPP packet from the peer.  At the end of this time, or when a valid PPP
+# packet is received from the peer, pppd will commence negotiation by
+# sending its first LCP packet.  The default value is 1000 (1 second).
+# This wait period only applies if the connect or pty option is used.
+#connect-delay <n>
+
+# Packet filtering: for more information, see pppd(8)
+# Any packets matching the filter expression will be interpreted as link
+# activity, and will cause a "demand" connection to be activated, and reset
+# the idle connection timer. (idle option)
+# The filter expression is akin to that of tcpdump(1)
+#active-filter <filter-expression>
+
+# uncomment the line below this if you use PPPoE
+#plugin /usr/lib/pppd/plugins/pppoe.so
+
+# ---<End of File>---

Copied: ppp/repos/staging-x86_64/ppp-2.4.6-makefiles.patch (from rev 368400, ppp/trunk/ppp-2.4.6-makefiles.patch)
===================================================================
--- staging-x86_64/ppp-2.4.6-makefiles.patch	                        (rev 0)
+++ staging-x86_64/ppp-2.4.6-makefiles.patch	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,270 @@
+diff -Nur ppp-2.4.6.orig/chat/Makefile.linux ppp-2.4.6/chat/Makefile.linux
+--- ppp-2.4.6.orig/chat/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/chat/Makefile.linux	2014-02-24 09:00:16.666577906 +0100
+@@ -1,7 +1,7 @@
+ #	$Id: Makefile.linux,v 1.15 2006/06/04 05:07:46 paulus Exp $
+ 
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+ 
+ CDEF1=	-DTERMIOS			# Use the termios structure
+@@ -10,7 +10,8 @@
+ CDEF4=	-DFNDELAY=O_NDELAY		# Old name value
+ CDEFS=	$(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
+ 
+-COPTS=	-O2 -g -pipe
++COPTS=	@CFLAGS@
++LDFLAGS=	@LDFLAGS@
+ CFLAGS=	$(COPTS) $(CDEFS)
+ 
+ INSTALL= install
+@@ -21,7 +22,7 @@
+ 	$(CC) -o chat chat.o
+ 
+ chat.o:	chat.c
+-	$(CC) -c $(CFLAGS) -o chat.o chat.c
++	$(CC) -c $(CFLAGS) $(LDFLAGS) -o chat.o chat.c
+ 
+ install: chat
+ 	mkdir -p $(BINDIR) $(MANDIR)
+diff -Nur ppp-2.4.6.orig/configure ppp-2.4.6/configure
+--- ppp-2.4.6.orig/configure	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/configure	2014-02-24 09:00:16.743242620 +0100
+@@ -185,7 +185,10 @@
+     rm -f $2
+     if [ -f $1 ]; then
+ 	echo "  $2 <= $1"
+-	sed -e "s, at DESTDIR@,$DESTDIR,g" -e "s, at SYSCONF@,$SYSCONF,g" $1 >$2
++	sed -e "s|@DESTDIR@|$DESTDIR|g" \
++	    -e "s|@SYSCONF@|$SYSCONF|g" \
++	    -e "s|@CFLAGS@|$CFLAGS|g" \
++	    -e "s|@LDFLAGS@|$LDFLAGS|g" $1 >$2
+     fi
+ }
+ 
+diff -Nur ppp-2.4.6.orig/linux/Makefile.top ppp-2.4.6/linux/Makefile.top
+--- ppp-2.4.6.orig/linux/Makefile.top	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/linux/Makefile.top	2014-02-24 09:00:16.743242620 +0100
+@@ -1,7 +1,7 @@
+ # PPP top-level Makefile for Linux.
+ 
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ INCDIR = $(DESTDIR)/include
+ MANDIR = $(DESTDIR)/share/man
+ ETCDIR = $(INSTROOT)@SYSCONF@/ppp
+diff -Nur ppp-2.4.6.orig/pppd/Makefile.linux ppp-2.4.6/pppd/Makefile.linux
+--- ppp-2.4.6.orig/pppd/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/Makefile.linux	2014-02-24 09:00:16.743242620 +0100
+@@ -5,7 +5,7 @@
+ 
+ # Default installation locations
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+ INCDIR = $(DESTDIR)/include
+ 
+@@ -32,7 +32,8 @@
+ 
+ # CC = gcc
+ #
+-COPTS = -O2 -pipe -Wall -g
++COPTS = @CFLAGS@
++LDFLAGS = @LDFLAGS@
+ LIBS =
+ 
+ # Uncomment the next 2 lines to include support for Microsoft's
+diff -Nur ppp-2.4.6.orig/pppd/plugins/Makefile.linux ppp-2.4.6/pppd/plugins/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/Makefile.linux	2014-02-24 09:00:16.779908379 +0100
+@@ -1,11 +1,11 @@
+ #CC	= gcc
+-COPTS	= -O2 -g
++COPTS	= @CFLAGS@
+ CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
+-LDFLAGS	= -shared
++LDFLAGS	= @LDFLAGS@ -shared
+ INSTALL	= install
+ 
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+ LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+ 
+diff -Nur ppp-2.4.6.orig/pppd/plugins/pppoatm/Makefile.linux ppp-2.4.6/pppd/plugins/pppoatm/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/pppoatm/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/pppoatm/Makefile.linux	2014-02-24 09:00:16.809907637 +0100
+@@ -1,7 +1,7 @@
+ #CC	= gcc
+-COPTS	= -O2 -g
++COPTS	= @CFLAGS@
+ CFLAGS	= $(COPTS) -I../.. -I../../../include -fPIC
+-LDFLAGS	= -shared
++LDFLAGS	= @LDFLAGS@
+ INSTALL	= install
+ 
+ #***********************************************************************
+@@ -33,7 +33,7 @@
+ all: $(PLUGIN)
+ 
+ $(PLUGIN): $(PLUGIN_OBJS)
+-	$(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
++	$(CC) $(CFLAGS) -o $@ $(LDFLAGS) -shared $^ $(LIBS)
+ 
+ install: all
+ 	$(INSTALL) -d -m 755 $(LIBDIR)
+diff -Nur ppp-2.4.6.orig/pppd/plugins/pppol2tp/Makefile.linux ppp-2.4.6/pppd/plugins/pppol2tp/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/pppol2tp/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/pppol2tp/Makefile.linux	2014-02-24 09:01:06.325349425 +0100
+@@ -1,12 +1,12 @@
+ #CC	= gcc
+-COPTS	= -O2 -g
++COPTS	= @CFLAGS@
+ CFLAGS	= $(COPTS) -I. -I../.. -I../../../include -fPIC
+-LDFLAGS	= -shared
++LDFLAGS	= @LDFLAGS@
+ INSTALL	= install
+ 
+ #***********************************************************************
+ 
+-DESTDIR = @DESTDIR@
++DESTDIR = $(INSTROOT)@DESTDIR@
+ LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+ 
+ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+@@ -16,7 +16,7 @@
+ all: $(PLUGINS)
+ 
+ %.so: %.o
+-	$(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
++	$(CC) $(CFLAGS) -o $@ $(LDFLAGS) -shared $^ $(LIBS)
+ 
+ install: all
+ 	$(INSTALL) -d -m 755 $(LIBDIR)
+diff -Nur ppp-2.4.6.orig/pppd/plugins/radius/Makefile.linux ppp-2.4.6/pppd/plugins/radius/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/radius/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/radius/Makefile.linux	2014-02-24 09:00:16.809907637 +0100
+@@ -12,7 +12,8 @@
+ INSTALL	= install
+ 
+ PLUGIN=radius.so radattr.so radrealms.so
+-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
++CFLAGS=@CFLAGS@ -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
++LDFLAGS=@LDFLAGS@
+ 
+ # Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.
+@@ -43,13 +44,13 @@
+ 	$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
+ 
+ radius.so: radius.o libradiusclient.a
+-	$(CC) -o radius.so -shared radius.o libradiusclient.a
++	$(CC) -o radius.so -shared $(LDFLAGS) radius.o libradiusclient.a
+ 
+ radattr.so: radattr.o
+-	$(CC) -o radattr.so -shared radattr.o
++	$(CC) -o radattr.so -shared $(LDFLAGS) radattr.o
+ 
+ radrealms.so: radrealms.o
+-	$(CC) -o radrealms.so -shared radrealms.o
++	$(CC) -o radrealms.so -shared $(LDFLAGS) radrealms.o
+ 
+ CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
+ 	clientid.o sendserver.o lock.o util.o md5.o
+diff -Nur ppp-2.4.6.orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.6/pppd/plugins/rp-pppoe/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/rp-pppoe/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/rp-pppoe/Makefile.linux	2014-02-24 09:00:16.809907637 +0100
+@@ -15,7 +15,7 @@
+ #***********************************************************************
+ 
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION)
+ 
+ PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+@@ -25,12 +25,14 @@
+ # Version is set ONLY IN THE MAKEFILE!  Don't delete this!
+ RP_VERSION=3.8p
+ 
+-COPTS=-O2 -g
++COPTS=@CFLAGS@
+ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
++LDFLAGS=@LDFLAGS@
++
+ all: rp-pppoe.so pppoe-discovery
+ 
+ pppoe-discovery: pppoe-discovery.o debug.o
+-	$(CC) -o pppoe-discovery pppoe-discovery.o debug.o
++	$(CC) -o pppoe-discovery $(LDFLAGS) pppoe-discovery.o debug.o
+ 
+ pppoe-discovery.o: pppoe-discovery.c
+ 	$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
+@@ -39,7 +41,7 @@
+ 	$(CC) $(CFLAGS) -c -o debug.o debug.c
+ 
+ rp-pppoe.so: plugin.o discovery.o if.o common.o
+-	$(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
++	$(CC) -o rp-pppoe.so -shared $(LDFLAGS) plugin.o discovery.o if.o common.o
+ 
+ install: all
+ 	$(INSTALL) -d -m 755 $(LIBDIR)
+diff -Nur ppp-2.4.6.orig/pppdump/Makefile.linux ppp-2.4.6/pppdump/Makefile.linux
+--- ppp-2.4.6.orig/pppdump/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppdump/Makefile.linux	2014-02-24 09:00:16.809907637 +0100
+@@ -1,8 +1,9 @@
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+ 
+-CFLAGS= -O -I../include/net
++CFLAGS = @CFLAGS@ -I../include/net
++LDFLAGS = @LDFLAGS@
+ OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
+ 
+ INSTALL= install
+@@ -10,7 +11,7 @@
+ all:	pppdump
+ 
+ pppdump: $(OBJS)
+-	$(CC) -o pppdump $(OBJS)
++	$(CC) $(LDFLAGS) -o pppdump $(OBJS)
+ 
+ clean:
+ 	rm -f pppdump $(OBJS) *~
+diff -Nur ppp-2.4.6.orig/pppstats/Makefile.linux ppp-2.4.6/pppstats/Makefile.linux
+--- ppp-2.4.6.orig/pppstats/Makefile.linux	2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppstats/Makefile.linux	2014-02-24 09:00:16.809907637 +0100
+@@ -3,14 +3,15 @@
+ # $Id: Makefile.linux,v 1.9 2006/06/04 05:07:46 paulus Exp $
+ #
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+ 
+ PPPSTATSRCS = pppstats.c
+ PPPSTATOBJS = pppstats.o
+ 
+ #CC = gcc
+-COPTS = -O
++COPTS = @CFLAGS@
++LDFLAGS = @LDFLAGS@
+ COMPILE_FLAGS = -I../include
+ LIBS =
+ 
+@@ -26,7 +27,7 @@
+ 	$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
+ 
+ pppstats: $(PPPSTATSRCS)
+-	$(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
++	$(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
+ 
+ clean:
+ 	rm -f pppstats *~ #* core

Copied: ppp/repos/staging-x86_64/ppp.systemd (from rev 368400, ppp/trunk/ppp.systemd)
===================================================================
--- staging-x86_64/ppp.systemd	                        (rev 0)
+++ staging-x86_64/ppp.systemd	2019-11-13 17:46:37 UTC (rev 368401)
@@ -0,0 +1,9 @@
+[Unit]
+Description=PPP link to %I
+Before=network.target
+
+[Service]
+ExecStart=/usr/sbin/pppd call %I nodetach nolog
+
+[Install]
+WantedBy=multi-user.target



More information about the arch-commits mailing list