[arch-commits] Commit in ppp/repos (15 files)
Felix Yan
felixonmars at archlinux.org
Thu Feb 20 21:39:16 UTC 2020
Date: Thursday, February 20, 2020 @ 21:39:12
Author: felixonmars
Revision: 375960
archrelease: copy trunk to testing-x86_64
Added:
ppp/repos/testing-x86_64/
ppp/repos/testing-x86_64/CVE-2015-3310.patch
(from rev 375959, ppp/trunk/CVE-2015-3310.patch)
ppp/repos/testing-x86_64/CVE-2020-8597.patch
(from rev 375959, ppp/trunk/CVE-2020-8597.patch)
ppp/repos/testing-x86_64/LICENSE
(from rev 375959, ppp/trunk/LICENSE)
ppp/repos/testing-x86_64/PKGBUILD
(from rev 375959, ppp/trunk/PKGBUILD)
ppp/repos/testing-x86_64/ip-down
(from rev 375959, ppp/trunk/ip-down)
ppp/repos/testing-x86_64/ip-down.d.dns.sh
(from rev 375959, ppp/trunk/ip-down.d.dns.sh)
ppp/repos/testing-x86_64/ip-up
(from rev 375959, ppp/trunk/ip-up)
ppp/repos/testing-x86_64/ip-up.d.dns.sh
(from rev 375959, ppp/trunk/ip-up.d.dns.sh)
ppp/repos/testing-x86_64/ipv6-down
(from rev 375959, ppp/trunk/ipv6-down)
ppp/repos/testing-x86_64/ipv6-up
(from rev 375959, ppp/trunk/ipv6-up)
ppp/repos/testing-x86_64/ipv6-up.d.iface-config.sh
(from rev 375959, ppp/trunk/ipv6-up.d.iface-config.sh)
ppp/repos/testing-x86_64/options
(from rev 375959, ppp/trunk/options)
ppp/repos/testing-x86_64/ppp-2.4.6-makefiles.patch
(from rev 375959, ppp/trunk/ppp-2.4.6-makefiles.patch)
ppp/repos/testing-x86_64/ppp.systemd
(from rev 375959, ppp/trunk/ppp.systemd)
---------------------------+
CVE-2015-3310.patch | 18 ++
CVE-2020-8597.patch | 37 ++++
LICENSE | 7
PKGBUILD | 100 ++++++++++++
ip-down | 12 +
ip-down.d.dns.sh | 7
ip-up | 12 +
ip-up.d.dns.sh | 11 +
ipv6-down | 12 +
ipv6-up | 12 +
ipv6-up.d.iface-config.sh | 4
options | 352 ++++++++++++++++++++++++++++++++++++++++++++
ppp-2.4.6-makefiles.patch | 270 +++++++++++++++++++++++++++++++++
ppp.systemd | 9 +
14 files changed, 863 insertions(+)
Copied: ppp/repos/testing-x86_64/CVE-2015-3310.patch (from rev 375959, ppp/trunk/CVE-2015-3310.patch)
===================================================================
--- testing-x86_64/CVE-2015-3310.patch (rev 0)
+++ testing-x86_64/CVE-2015-3310.patch 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,18 @@
+Fix buffer overflow in rc_mksid()
+
+rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
+If the process id is bigger than 65535 (FFFF), its hex representation will be
+longer than 4 characters, resulting in a buffer overflow.
+
+The bug can be exploited to cause a remote DoS.
+--- ppp-2.4.7/pppd/plugins/radius/util.c
++++ ppp-2.4.7/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+ static unsigned short int cnt = 0;
+ sprintf (buf, "%08lX%04X%02hX",
+ (unsigned long int) time (NULL),
+- (unsigned int) getpid (),
++ (unsigned int) getpid () & 0xFFFF,
+ cnt & 0xFF);
+ cnt++;
+ return buf;
Copied: ppp/repos/testing-x86_64/CVE-2020-8597.patch (from rev 375959, ppp/trunk/CVE-2020-8597.patch)
===================================================================
--- testing-x86_64/CVE-2020-8597.patch (rev 0)
+++ testing-x86_64/CVE-2020-8597.patch 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,37 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus at ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname). This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
+Signed-off-by: Paul Mackerras <paulus at ozlabs.org>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f56..1b93db01 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ }
+
+ /* Not so likely to happen. */
+- if (vallen >= len + sizeof (rhostname)) {
++ if (len - vallen >= sizeof (rhostname)) {
+ dbglog("EAP: trimming really long peer name down");
+ BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ rhostname[sizeof (rhostname) - 1] = '\0';
Copied: ppp/repos/testing-x86_64/LICENSE (from rev 375959, ppp/trunk/LICENSE)
===================================================================
--- testing-x86_64/LICENSE (rev 0)
+++ testing-x86_64/LICENSE 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,7 @@
+Copyrights:
+***********
+
+All of the code can be freely used and redistributed. The individual
+source files each have their own copyright and permission notice.
+Pppd, pppstats and pppdump are under BSD-style notices. Some of the
+pppd plugins are GPL'd. Chat is public domain.
Copied: ppp/repos/testing-x86_64/PKGBUILD (from rev 375959, ppp/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,100 @@
+# Maintainer: Thomas Baechler <thomas at archlinux.org>
+pkgname=ppp
+pkgver=2.4.7
+pkgrel=7
+pkgdesc="A daemon which implements the Point-to-Point Protocol for dial-up networking"
+arch=(x86_64)
+url="https://www.samba.org/ppp/"
+license=('GPL' 'BSD')
+depends=('glibc' 'libpcap' 'openssl')
+backup=(etc/ppp/{chap-secrets,pap-secrets,options,ip-up,ip-down,ip-down.d/00-dns.sh,ip-up.d/00-dns.sh,ipv6-up.d/00-iface-config.sh})
+source=(https://download.samba.org/pub/ppp/ppp-$pkgver.tar.gz{,.asc}
+ ppp-2.4.6-makefiles.patch
+ options
+ ip-up
+ ip-down
+ ip-up.d.dns.sh
+ ip-down.d.dns.sh
+ ipv6-up
+ ipv6-down
+ ipv6-up.d.iface-config.sh
+ ppp.systemd
+ CVE-2015-3310.patch
+ CVE-2020-8597.patch
+ ppp-build-fix.patch::"https://github.com/paulusmack/ppp/commit/50a2997b.patch"
+ ppp-openssl.patch::https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch
+ LICENSE)
+sha512sums=('e34ce24020af6a73e7a26c83c4f73a9c83fa455b7b363794dba27bf01f70368be06bff779777843949bd77f4bc9385d6ad455ea48bf8fff4e0d73cc8fef16ae2'
+ 'SKIP'
+ 'd36a23470a2b6217555f367c989ce6fdc09c2627d1f03cf5a12e29de6c5421ef6a697d6399128008138d19beb4a2ae6316e2bf0b3eefe3f23635dbbda5a063be'
+ '86b13a9f02cc44c5ba16d404fdb54459fcda22fb5f4c4e12b2101e47e2650b62576d6315cd41f30f103ea61fb6f86b7aa2e7d40336f849f45061f7ad9c5119fe'
+ 'bdaaac792dd448ff31da6da2749d8c2f9c4e0311b1d4639de7c68038fcaa333cc28e25f5a6308de0ecb24b60b2e7284a811482df990da5f54d5581a746964f3c'
+ '92f3a5e383f2c888938e891ba831042e7f8c026b0ddf5ce8c3523d06ac32fa81742e638a4c665975cbc79868b98806d92574ee2ee8e034e33b065a90ee3ab28b'
+ '1636b2f8e3e0b0561aae9716e62c58cc7bee06aea0cdc163e64aba17da427810b7a12e4cea3d51b7a0b212fc2f4b7890f08d35d25165cd340b93241c9fe8842c'
+ '7ab85cd977333e89c1d184619a52fa46492db04760c86a44843607c68efc577a1715d0d1f827d6855184af0d87b4b4b02cf7e7102c798516238a45a3c8aa26ad'
+ '256941b220ad54119daf1c76237fecd0b2e9ede1d74b0950c45e373252ce20c1d4cd35a26b4d35f94ad2b7f49569fc9050c44731d672317994b562c750020326'
+ '1b8dc6300f746607c0cce835e69ed444f24ba81874ba061b2b0377f0b9c1cb41a383d6845b364dfabb249a461422972ba5010bacf55c5f85f5eb0d3c0f4c71cd'
+ '5b92a05bcf3ad4b7a88434546884e088069ce7c16a10c472589ca5ecc648f86ca02c2f608fb856ac6cb6ef14b508c2e0dec146c953128693bfb6c988f1963de8'
+ 'b9978c4038fb764a1bbe9dea92850673e14978450c0dcd7a1b0b24c4ebd515fcc4c5cc82cd4b97d826d483261e96945208b9fe97d6fea09a7a5c7910541db24c'
+ '68b5f9a1b6724b0d1164a9317920f1c0dfc7a61201233febf9bdde2b3f9779dc874703d5b8464160dccaef6d19107c2b0b9257b6e9b029c5b980585ab8c078cc'
+ '242915cfdeefd629287890876e233b83582b3e6094f0ad58c96027b4dc8275fa18809d68b4ff63e77ca444767ed2b4f376f5501ed4a9247a6bbb50970e9b342a'
+ '3c17faf7e18f936115ea8669354859963f66e4247f02e282ee8e026942534a40511ed862fc43d9044dcf0b72d0fe03dc90ec02f7e09c804f9aecb39a9645435d'
+ 'fc012971a062456fa4e253f5b4a5e2ce56ae1852293d0245ecfd165ba162fa76ec2c28e1035dd89de3e9d43941d528e2d95a40552eb8037a5ba084c1717c20d1'
+ 'ab3acd0387a7966ac3d220f2b0b6880302f827125d978991f83dd3f1a30340c2a98ca5aedf0b81ec6a9e5eb49b0b0a0a5356419f3b8415c892c2df8b52d3994a')
+validpgpkeys=('631E179E370CD727A7F2A33A9E4295D605F66CE9') # Paul Mackerras (Signing key) <paulus at samba.org>
+
+prepare() {
+ cd $pkgname-$pkgver
+
+ patch -p1 -i "$srcdir"/ppp-2.4.6-makefiles.patch
+ patch -p1 -i "$srcdir"/CVE-2015-3310.patch
+ patch -p1 -i "$srcdir"/CVE-2020-8597.patch
+ patch -p1 -i "$srcdir"/ppp-build-fix.patch
+ patch -p1 -i "$srcdir"/ppp-openssl.patch
+
+ # enable active filter
+ sed -i "s:^#FILTER=y:FILTER=y:" pppd/Makefile.linux
+ # enable ipv6 support
+ sed -i "s:^#HAVE_INET6=y:HAVE_INET6=y:" pppd/Makefile.linux
+ # Enable Microsoft proprietary Callback Control Protocol
+ sed -i "s:^#CBCP=y:CBCP=y:" pppd/Makefile.linux
+}
+
+build() {
+ cd $pkgname-$pkgver
+
+ # -D_GNU_SOURCE is needed for IPv6 to work apparently
+ CFLAGS="$CPPFLAGS $CFLAGS -D_GNU_SOURCE" LDFLAGS="$LDFLAGS" ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd $pkgname-$pkgver
+ make INSTROOT="$pkgdir" install
+
+ install -D -m644 ../options "$pkgdir"/etc/ppp/options
+ install -D -m755 ../ip-up "$pkgdir"/etc/ppp/ip-up
+ install -D -m755 ../ip-down "$pkgdir"/etc/ppp/ip-down
+ install -d -m755 "$pkgdir"/etc/ppp/ip-up.d
+ install -d -m755 "$pkgdir"/etc/ppp/ip-down.d
+ install -m755 ../ip-up.d.dns.sh "$pkgdir"/etc/ppp/ip-up.d/00-dns.sh
+ install -m755 ../ip-down.d.dns.sh "$pkgdir"/etc/ppp/ip-down.d/00-dns.sh
+ install -D -m755 ../ipv6-up "$pkgdir"/etc/ppp/ipv6-up
+ install -D -m755 ../ipv6-down "$pkgdir"/etc/ppp/ipv6-down
+ install -d -m755 "$pkgdir"/etc/ppp/ipv6-up.d
+ install -d -m755 "$pkgdir"/etc/ppp/ipv6-down.d
+ install -m755 ../ipv6-up.d.iface-config.sh "$pkgdir"/etc/ppp/ipv6-up.d/00-iface-config.sh
+
+ install -D -m755 scripts/pon "$pkgdir"/usr/bin/pon
+ install -D -m755 scripts/poff "$pkgdir"/usr/bin/poff
+ install -D -m755 scripts/plog "$pkgdir"/usr/bin/plog
+ install -D -m644 scripts/pon.1 "$pkgdir"/usr/share/man/man1/pon.1
+ install -D -m600 etc.ppp/pap-secrets "$pkgdir"/etc/ppp/pap-secrets
+ install -D -m600 etc.ppp/chap-secrets "$pkgdir"/etc/ppp/chap-secrets
+ install -d -m755 "$pkgdir"/etc/ppp/peers
+ chmod 0755 "$pkgdir"/usr/lib/pppd/$pkgver/*.so
+
+ install -D -m644 "$srcdir"/ppp.systemd "$pkgdir"/usr/lib/systemd/system/ppp at .service
+
+ install -Dm644 "$srcdir"/LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
+}
Copied: ppp/repos/testing-x86_64/ip-down (from rev 375959, ppp/trunk/ip-down)
===================================================================
--- testing-x86_64/ip-down (rev 0)
+++ testing-x86_64/ip-down 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# This script is run by pppd after the connection has ended.
+#
+
+# Execute all scripts in /etc/ppp/ip-down.d/
+for ipdown in /etc/ppp/ip-down.d/*.sh; do
+ if [ -x $ipdown ]; then
+ # Parameters: interface-name tty-device speed local-IP-address remote-IP-address ipparam
+ $ipdown "$@"
+ fi
+done
Copied: ppp/repos/testing-x86_64/ip-down.d.dns.sh (from rev 375959, ppp/trunk/ip-down.d.dns.sh)
===================================================================
--- testing-x86_64/ip-down.d.dns.sh (rev 0)
+++ testing-x86_64/ip-down.d.dns.sh 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -x /usr/bin/resolvconf ]; then
+ /usr/bin/resolvconf -fd ${IFNAME}
+else
+ [ -e /etc/resolv.conf.backup.${IFNAME} ] && mv /etc/resolv.conf.backup.${IFNAME} /etc/resolv.conf
+fi
Copied: ppp/repos/testing-x86_64/ip-up (from rev 375959, ppp/trunk/ip-up)
===================================================================
--- testing-x86_64/ip-up (rev 0)
+++ testing-x86_64/ip-up 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# This script is run by pppd when there's a successful ppp connection.
+#
+
+# Execute all scripts in /etc/ppp/ip-up.d/
+for ipup in /etc/ppp/ip-up.d/*.sh; do
+ if [ -x $ipup ]; then
+ # Parameters: interface-name tty-device speed local-IP-address remote-IP-address ipparam
+ $ipup "$@"
+ fi
+done
Copied: ppp/repos/testing-x86_64/ip-up.d.dns.sh (from rev 375959, ppp/trunk/ip-up.d.dns.sh)
===================================================================
--- testing-x86_64/ip-up.d.dns.sh (rev 0)
+++ testing-x86_64/ip-up.d.dns.sh 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ "$USEPEERDNS" = "1" -a -f /etc/ppp/resolv.conf ]; then
+ if [ -x /usr/bin/resolvconf ]; then
+ /usr/bin/resolvconf -a ${IFNAME} </etc/ppp/resolv.conf
+ else
+ [ -e /etc/resolv.conf ] && mv /etc/resolv.conf /etc/resolv.conf.backup.${IFNAME}
+ mv /etc/ppp/resolv.conf /etc/resolv.conf
+ chmod 644 /etc/resolv.conf
+ fi
+fi
Copied: ppp/repos/testing-x86_64/ipv6-down (from rev 375959, ppp/trunk/ipv6-down)
===================================================================
--- testing-x86_64/ipv6-down (rev 0)
+++ testing-x86_64/ipv6-down 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# This script is run by pppd after the connection has ended.
+#
+
+# Execute all scripts in /etc/ppp/ipv6-down.d/
+for ipdown in /etc/ppp/ipv6-down.d/*.sh; do
+ if [ -x $ipdown ]; then
+ # Parameters: interface-name tty-device speed local-link-local-address remote-link-local-address ipparam
+ $ipdown "$@"
+ fi
+done
Copied: ppp/repos/testing-x86_64/ipv6-up (from rev 375959, ppp/trunk/ipv6-up)
===================================================================
--- testing-x86_64/ipv6-up (rev 0)
+++ testing-x86_64/ipv6-up 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# This script is run by pppd when there's a successful ppp connection.
+#
+
+# Execute all scripts in /etc/ppp/ipv6-up.d/
+for ipup in /etc/ppp/ipv6-up.d/*.sh; do
+ if [ -x $ipup ]; then
+ # Parameters: interface-name tty-device speed local-link-local-address remote-link-local-address ipparam
+ $ipup "$@"
+ fi
+done
Copied: ppp/repos/testing-x86_64/ipv6-up.d.iface-config.sh (from rev 375959, ppp/trunk/ipv6-up.d.iface-config.sh)
===================================================================
--- testing-x86_64/ipv6-up.d.iface-config.sh (rev 0)
+++ testing-x86_64/ipv6-up.d.iface-config.sh 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo 0 > /proc/sys/net/ipv6/conf/$1/use_tempaddr
+echo 2 > /proc/sys/net/ipv6/conf/$1/accept_ra
Copied: ppp/repos/testing-x86_64/options (from rev 375959, ppp/trunk/options)
===================================================================
--- testing-x86_64/options (rev 0)
+++ testing-x86_64/options 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,352 @@
+# /etc/ppp/options
+#
+# Originally created by Jim Knoble <jmknoble at mercury.interpath.net>
+# Modified for Debian by alvar Bray <alvar at meiko.co.uk>
+# Modified for PPP Server setup by Christoph Lameter <clameter at debian.org>
+# Modified for ArchLinux by Manolis Tzanidakis <manolis at archlinux.org>
+#
+# To quickly see what options are active in this file, use this command:
+# egrep -v '#|^ *$' /etc/ppp/options
+
+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
+# Two Servers can be remotely configured
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.2
+
+# Specify which WINS Servers the incoming connection Win95 or WinNT should use
+# ms-wins 192.168.1.50
+# ms-wins 192.168.1.51
+
+# Run the executable or shell command specified after pppd has
+# terminated the link. This script could, for example, issue commands
+# to the modem to cause it to hang up if hardware modem control signals
+# were not available.
+#disconnect "chat -- \d+++\d\c OK ath0 OK"
+
+# async character map -- 32-bit hex; each bit is a character
+# that needs to be escaped for pppd to receive it. 0x00000001
+# represents '\x01', and 0x80000000 represents '\x1f'.
+asyncmap 0
+
+# Require the peer to authenticate itself before allowing network
+# packets to be sent or received.
+# Please do not disable this setting. It is expected to be standard in
+# future releases of pppd. Use the call option (see manpage) to disable
+# authentication for specific peers.
+auth
+
+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+# on the serial port.
+crtscts
+
+# Use software flow control (i.e. XON/XOFF) to control the flow of data
+# on the serial port.
+#xonxoff
+
+# Specifies that certain characters should be escaped on transmission
+# (regardless of whether the peer requests them to be escaped with its
+# async control character map). The characters to be escaped are
+# specified as a list of hex numbers separated by commas. Note that
+# almost any character can be specified for the escape option, unlike
+# the asyncmap option which only allows control characters to be
+# specified. The characters which may not be escaped are those with hex
+# values 0x20 - 0x3f or 0x5e.
+#escape 11,13,ff
+
+# Don't use the modem control lines.
+#local
+
+# Specifies that pppd should use a UUCP-style lock on the serial device
+# to ensure exclusive access to the device.
+lock
+
+# Don't show the passwords when logging the contents of PAP packets.
+# This is the default.
+hide-password
+
+# When logging the contents of PAP packets, this option causes pppd to
+# show the password string in the log message.
+#show-password
+
+# Use the modem control lines. On Ultrix, this option implies hardware
+# flow control, as for the crtscts option. (This option is not fully
+# implemented.)
+modem
+
+# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
+# will ask the peer to send packets of no more than <n> bytes. The
+# minimum MRU value is 128. The default MRU value is 1500. A value of
+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
+# bytes of data).
+#mru 542
+
+# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+# notation (e.g. 255.255.255.0).
+#netmask 255.255.255.0
+
+# Disables the default behaviour when no local IP address is specified,
+# which is to determine (if possible) the local IP address from the
+# hostname. With this option, the peer will have to supply the local IP
+# address during IPCP negotiation (unless it specified explicitly on the
+# command line or in an options file).
+#noipdefault
+
+# Enables the "passive" option in the LCP. With this option, pppd will
+# attempt to initiate a connection; if no reply is received from the
+# peer, pppd will then just wait passively for a valid LCP packet from
+# the peer (instead of exiting, as it does without this option).
+#passive
+
+# With this option, pppd will not transmit LCP packets to initiate a
+# connection until a valid LCP packet is received from the peer (as for
+# the "passive" option with old versions of pppd).
+#silent
+
+# Don't request or allow negotiation of any options for LCP and IPCP
+# (use default values).
+#-all
+
+# Disable Address/Control compression negotiation (use default, i.e.
+# address/control field disabled).
+#-ac
+
+# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
+# all control characters).
+#-am
+
+# Don't fork to become a background process (otherwise pppd will do so
+# if a serial device is specified).
+#-detach
+
+# Disable IP address negotiation (with this option, the remote IP
+# address must be specified with an option on the command line or in
+# an options file).
+#-ip
+
+# Disable IPCP negotiation and IP communication. This option should
+# only be required if the peer is buggy and gets confused by requests
+# from pppd for IPCP negotiation.
+#noip
+
+# Disable magic number negotiation. With this option, pppd cannot
+# detect a looped-back line.
+#-mn
+
+# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
+# 1500).
+#-mru
+
+# Disable protocol field compression negotiation (use default, i.e.
+# protocol field compression disabled).
+#-pc
+
+# Require the peer to authenticate itself using PAP.
+#+pap
+
+# Don't agree to authenticate using PAP.
+#-pap
+
+# Require the peer to authenticate itself using CHAP [Cryptographic
+# Handshake Authentication Protocol] authentication.
+#+chap
+
+# Don't agree to authenticate using CHAP.
+#-chap
+
+# Disable negotiation of Van Jacobson style IP header compression (use
+# default, i.e. no compression).
+#-vj
+
+# Increase debugging level (same as -d). If this option is given, pppd
+# will log the contents of all control packets sent or received in a
+# readable form. The packets are logged through syslog with facility
+# daemon and level debug. This information can be directed to a file by
+# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If
+# pppd is compiled with extra debugging enabled, it will log messages
+# using facility local2 instead of daemon).
+#debug
+
+# Append the domain name <d> to the local host name for authentication
+# purposes. For example, if gethostname() returns the name porsche,
+# but the fully qualified domain name is porsche.Quotron.COM, you would
+# use the domain option to set the domain name to Quotron.COM.
+#domain <d>
+
+# Enable debugging code in the kernel-level PPP driver. The argument n
+# is a number which is the sum of the following values: 1 to enable
+# general debug messages, 2 to request that the contents of received
+# packets be printed, and 4 to request that the contents of transmitted
+# packets be printed.
+#kdebug n
+
+# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
+# requests a smaller value via MRU negotiation, pppd will request that
+# the kernel networking code send data packets of no more than n bytes
+# through the PPP network interface.
+#mtu <n>
+
+# Set the name of the local system for authentication purposes to <n>.
+# This is a privileged option. With this option, pppd will use lines in the
+# secrets files which have <n> as the second field when looking for a
+# secret to use in authenticating the peer. In addition, unless overridden
+# with the user option, <n> will be used as the name to send to the peer
+# when authenticating the local system to the peer. (Note that pppd does
+# not append the domain name to <n>.)
+#name <n>
+
+# Enforce the use of the hostname as the name of the local system for
+# authentication purposes (overrides the name option).
+#usehostname
+
+# Set the assumed name of the remote system for authentication purposes
+# to <n>.
+#remotename <n>
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system.
+proxyarp
+
+# Use the system password database for authenticating the peer using
+# PAP. Note: mgetty already provides this option. If this is specified
+# then dialin from users using a script under Linux to fire up ppp wont work.
+# login
+
+# If this option is given, pppd will send an LCP echo-request frame to the
+# peer every n seconds. Normally the peer should respond to the echo-request
+# by sending an echo-reply. This option can be used with the
+# lcp-echo-failure option to detect that the peer is no longer connected.
+lcp-echo-interval 30
+
+# If this option is given, pppd will presume the peer to be dead if n
+# LCP echo-requests are sent without receiving a valid LCP echo-reply.
+# If this happens, pppd will terminate the connection. Use of this
+# option requires a non-zero value for the lcp-echo-interval parameter.
+# This option can be used to enable pppd to terminate after the physical
+# connection has been broken (e.g., the modem has hung up) in
+# situations where no hardware modem control lines are available.
+lcp-echo-failure 4
+
+# Set the LCP restart interval (retransmission timeout) to <n> seconds
+# (default 3).
+#lcp-restart <n>
+
+# Set the maximum number of LCP terminate-request transmissions to <n>
+# (default 3).
+#lcp-max-terminate <n>
+
+# Set the maximum number of LCP configure-request transmissions to <n>
+# (default 10).
+#lcp-max-configure <n>
+
+# Set the maximum number of LCP configure-NAKs returned before starting
+# to send configure-Rejects instead to <n> (default 10).
+#lcp-max-failure <n>
+
+# Set the IPCP restart interval (retransmission timeout) to <n>
+# seconds (default 3).
+#ipcp-restart <n>
+
+# Set the maximum number of IPCP terminate-request transmissions to <n>
+# (default 3).
+#ipcp-max-terminate <n>
+
+# Set the maximum number of IPCP configure-request transmissions to <n>
+# (default 10).
+#ipcp-max-configure <n>
+
+# Set the maximum number of IPCP configure-NAKs returned before starting
+# to send configure-Rejects instead to <n> (default 10).
+#ipcp-max-failure <n>
+
+# Set the PAP restart interval (retransmission timeout) to <n> seconds
+# (default 3).
+#pap-restart <n>
+
+# Set the maximum number of PAP authenticate-request transmissions to
+# <n> (default 10).
+#pap-max-authreq <n>
+
+# Set the maximum time that pppd will wait for the peer to authenticate
+# itself with PAP to <n> seconds (0 means no limit).
+#pap-timeout <n>
+
+# Set the CHAP restart interval (retransmission timeout for
+# challenges) to <n> seconds (default 3).
+#chap-restart <n>
+
+# Set the maximum number of CHAP challenge transmissions to <n>
+# (default 10).
+#chap-max-challenge
+
+# If this option is given, pppd will rechallenge the peer every <n>
+# seconds.
+#chap-interval <n>
+
+# With this option, pppd will accept the peer's idea of our local IP
+# address, even if the local IP address was specified in an option.
+#ipcp-accept-local
+
+# With this option, pppd will accept the peer's idea of its (remote) IP
+# address, even if the remote IP address was specified in an option.
+#ipcp-accept-remote
+
+# Disable the IPXCP and IPX protocols.
+# To let pppd pass IPX packets comment this out --- you'll probably also
+# want to install ipxripd, and have the Internal IPX Network option enabled
+# in your kernel. /usr/doc/HOWTO/IPX-HOWTO.gz contains more info.
+noipx
+
+# Exit once a connection has been made and terminated. This is the default,
+# unless the `persist' or `demand' option has been specified.
+#nopersist
+
+# Do not exit after a connection is terminated; instead try to reopen
+# the connection.
+#persist
+
+# Terminate after n consecutive failed connection attempts.
+# A value of 0 means no limit. The default value is 10.
+#maxfail <n>
+
+# Initiate the link only on demand, i.e. when data traffic is present.
+# With this option, the remote IP address must be specified by the user on
+# the command line or in an options file. Pppd will initially configure
+# the interface and enable it for IP traffic without connecting to the peer.
+# When traffic is available, pppd will connect to the peer and perform
+# negotiation, authentication, etc. When this is completed, pppd will
+# commence passing data packets (i.e., IP packets) across the link.
+#demand
+
+# Specifies that pppd should disconnect if the link is idle for <n> seconds.
+# The link is idle when no data packets (i.e. IP packets) are being sent or
+# received. Note: it is not advisable to use this option with the persist
+# option without the demand option. If the active-filter option is given,
+# data packets which are rejected by the specified activity filter also
+# count as the link being idle.
+#idle <n>
+
+# Specifies how many seconds to wait before re-initiating the link after
+# it terminates. This option only has any effect if the persist or demand
+# option is used. The holdoff period is not applied if the link was
+# terminated because it was idle.
+#holdoff <n>
+
+# Wait for up n milliseconds after the connect script finishes for a valid
+# PPP packet from the peer. At the end of this time, or when a valid PPP
+# packet is received from the peer, pppd will commence negotiation by
+# sending its first LCP packet. The default value is 1000 (1 second).
+# This wait period only applies if the connect or pty option is used.
+#connect-delay <n>
+
+# Packet filtering: for more information, see pppd(8)
+# Any packets matching the filter expression will be interpreted as link
+# activity, and will cause a "demand" connection to be activated, and reset
+# the idle connection timer. (idle option)
+# The filter expression is akin to that of tcpdump(1)
+#active-filter <filter-expression>
+
+# uncomment the line below this if you use PPPoE
+#plugin /usr/lib/pppd/plugins/pppoe.so
+
+# ---<End of File>---
Copied: ppp/repos/testing-x86_64/ppp-2.4.6-makefiles.patch (from rev 375959, ppp/trunk/ppp-2.4.6-makefiles.patch)
===================================================================
--- testing-x86_64/ppp-2.4.6-makefiles.patch (rev 0)
+++ testing-x86_64/ppp-2.4.6-makefiles.patch 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,270 @@
+diff -Nur ppp-2.4.6.orig/chat/Makefile.linux ppp-2.4.6/chat/Makefile.linux
+--- ppp-2.4.6.orig/chat/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/chat/Makefile.linux 2014-02-24 09:00:16.666577906 +0100
+@@ -1,7 +1,7 @@
+ # $Id: Makefile.linux,v 1.15 2006/06/04 05:07:46 paulus Exp $
+
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+
+ CDEF1= -DTERMIOS # Use the termios structure
+@@ -10,7 +10,8 @@
+ CDEF4= -DFNDELAY=O_NDELAY # Old name value
+ CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
+
+-COPTS= -O2 -g -pipe
++COPTS= @CFLAGS@
++LDFLAGS= @LDFLAGS@
+ CFLAGS= $(COPTS) $(CDEFS)
+
+ INSTALL= install
+@@ -21,7 +22,7 @@
+ $(CC) -o chat chat.o
+
+ chat.o: chat.c
+- $(CC) -c $(CFLAGS) -o chat.o chat.c
++ $(CC) -c $(CFLAGS) $(LDFLAGS) -o chat.o chat.c
+
+ install: chat
+ mkdir -p $(BINDIR) $(MANDIR)
+diff -Nur ppp-2.4.6.orig/configure ppp-2.4.6/configure
+--- ppp-2.4.6.orig/configure 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/configure 2014-02-24 09:00:16.743242620 +0100
+@@ -185,7 +185,10 @@
+ rm -f $2
+ if [ -f $1 ]; then
+ echo " $2 <= $1"
+- sed -e "s, at DESTDIR@,$DESTDIR,g" -e "s, at SYSCONF@,$SYSCONF,g" $1 >$2
++ sed -e "s|@DESTDIR@|$DESTDIR|g" \
++ -e "s|@SYSCONF@|$SYSCONF|g" \
++ -e "s|@CFLAGS@|$CFLAGS|g" \
++ -e "s|@LDFLAGS@|$LDFLAGS|g" $1 >$2
+ fi
+ }
+
+diff -Nur ppp-2.4.6.orig/linux/Makefile.top ppp-2.4.6/linux/Makefile.top
+--- ppp-2.4.6.orig/linux/Makefile.top 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/linux/Makefile.top 2014-02-24 09:00:16.743242620 +0100
+@@ -1,7 +1,7 @@
+ # PPP top-level Makefile for Linux.
+
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ INCDIR = $(DESTDIR)/include
+ MANDIR = $(DESTDIR)/share/man
+ ETCDIR = $(INSTROOT)@SYSCONF@/ppp
+diff -Nur ppp-2.4.6.orig/pppd/Makefile.linux ppp-2.4.6/pppd/Makefile.linux
+--- ppp-2.4.6.orig/pppd/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/Makefile.linux 2014-02-24 09:00:16.743242620 +0100
+@@ -5,7 +5,7 @@
+
+ # Default installation locations
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+ INCDIR = $(DESTDIR)/include
+
+@@ -32,7 +32,8 @@
+
+ # CC = gcc
+ #
+-COPTS = -O2 -pipe -Wall -g
++COPTS = @CFLAGS@
++LDFLAGS = @LDFLAGS@
+ LIBS =
+
+ # Uncomment the next 2 lines to include support for Microsoft's
+diff -Nur ppp-2.4.6.orig/pppd/plugins/Makefile.linux ppp-2.4.6/pppd/plugins/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/Makefile.linux 2014-02-24 09:00:16.779908379 +0100
+@@ -1,11 +1,11 @@
+ #CC = gcc
+-COPTS = -O2 -g
++COPTS = @CFLAGS@
+ CFLAGS = $(COPTS) -I.. -I../../include -fPIC
+-LDFLAGS = -shared
++LDFLAGS = @LDFLAGS@ -shared
+ INSTALL = install
+
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+ LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+
+diff -Nur ppp-2.4.6.orig/pppd/plugins/pppoatm/Makefile.linux ppp-2.4.6/pppd/plugins/pppoatm/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/pppoatm/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/pppoatm/Makefile.linux 2014-02-24 09:00:16.809907637 +0100
+@@ -1,7 +1,7 @@
+ #CC = gcc
+-COPTS = -O2 -g
++COPTS = @CFLAGS@
+ CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
+-LDFLAGS = -shared
++LDFLAGS = @LDFLAGS@
+ INSTALL = install
+
+ #***********************************************************************
+@@ -33,7 +33,7 @@
+ all: $(PLUGIN)
+
+ $(PLUGIN): $(PLUGIN_OBJS)
+- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
++ $(CC) $(CFLAGS) -o $@ $(LDFLAGS) -shared $^ $(LIBS)
+
+ install: all
+ $(INSTALL) -d -m 755 $(LIBDIR)
+diff -Nur ppp-2.4.6.orig/pppd/plugins/pppol2tp/Makefile.linux ppp-2.4.6/pppd/plugins/pppol2tp/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/pppol2tp/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/pppol2tp/Makefile.linux 2014-02-24 09:01:06.325349425 +0100
+@@ -1,12 +1,12 @@
+ #CC = gcc
+-COPTS = -O2 -g
++COPTS = @CFLAGS@
+ CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
+-LDFLAGS = -shared
++LDFLAGS = @LDFLAGS@
+ INSTALL = install
+
+ #***********************************************************************
+
+-DESTDIR = @DESTDIR@
++DESTDIR = $(INSTROOT)@DESTDIR@
+ LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+
+ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+@@ -16,7 +16,7 @@
+ all: $(PLUGINS)
+
+ %.so: %.o
+- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
++ $(CC) $(CFLAGS) -o $@ $(LDFLAGS) -shared $^ $(LIBS)
+
+ install: all
+ $(INSTALL) -d -m 755 $(LIBDIR)
+diff -Nur ppp-2.4.6.orig/pppd/plugins/radius/Makefile.linux ppp-2.4.6/pppd/plugins/radius/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/radius/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/radius/Makefile.linux 2014-02-24 09:00:16.809907637 +0100
+@@ -12,7 +12,8 @@
+ INSTALL = install
+
+ PLUGIN=radius.so radattr.so radrealms.so
+-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
++CFLAGS=@CFLAGS@ -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
++LDFLAGS=@LDFLAGS@
+
+ # Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.
+@@ -43,13 +44,13 @@
+ $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
+
+ radius.so: radius.o libradiusclient.a
+- $(CC) -o radius.so -shared radius.o libradiusclient.a
++ $(CC) -o radius.so -shared $(LDFLAGS) radius.o libradiusclient.a
+
+ radattr.so: radattr.o
+- $(CC) -o radattr.so -shared radattr.o
++ $(CC) -o radattr.so -shared $(LDFLAGS) radattr.o
+
+ radrealms.so: radrealms.o
+- $(CC) -o radrealms.so -shared radrealms.o
++ $(CC) -o radrealms.so -shared $(LDFLAGS) radrealms.o
+
+ CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
+ clientid.o sendserver.o lock.o util.o md5.o
+diff -Nur ppp-2.4.6.orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.6/pppd/plugins/rp-pppoe/Makefile.linux
+--- ppp-2.4.6.orig/pppd/plugins/rp-pppoe/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppd/plugins/rp-pppoe/Makefile.linux 2014-02-24 09:00:16.809907637 +0100
+@@ -15,7 +15,7 @@
+ #***********************************************************************
+
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION)
+
+ PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+@@ -25,12 +25,14 @@
+ # Version is set ONLY IN THE MAKEFILE! Don't delete this!
+ RP_VERSION=3.8p
+
+-COPTS=-O2 -g
++COPTS=@CFLAGS@
+ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
++LDFLAGS=@LDFLAGS@
++
+ all: rp-pppoe.so pppoe-discovery
+
+ pppoe-discovery: pppoe-discovery.o debug.o
+- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o
++ $(CC) -o pppoe-discovery $(LDFLAGS) pppoe-discovery.o debug.o
+
+ pppoe-discovery.o: pppoe-discovery.c
+ $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
+@@ -39,7 +41,7 @@
+ $(CC) $(CFLAGS) -c -o debug.o debug.c
+
+ rp-pppoe.so: plugin.o discovery.o if.o common.o
+- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
++ $(CC) -o rp-pppoe.so -shared $(LDFLAGS) plugin.o discovery.o if.o common.o
+
+ install: all
+ $(INSTALL) -d -m 755 $(LIBDIR)
+diff -Nur ppp-2.4.6.orig/pppdump/Makefile.linux ppp-2.4.6/pppdump/Makefile.linux
+--- ppp-2.4.6.orig/pppdump/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppdump/Makefile.linux 2014-02-24 09:00:16.809907637 +0100
+@@ -1,8 +1,9 @@
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+
+-CFLAGS= -O -I../include/net
++CFLAGS = @CFLAGS@ -I../include/net
++LDFLAGS = @LDFLAGS@
+ OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
+
+ INSTALL= install
+@@ -10,7 +11,7 @@
+ all: pppdump
+
+ pppdump: $(OBJS)
+- $(CC) -o pppdump $(OBJS)
++ $(CC) $(LDFLAGS) -o pppdump $(OBJS)
+
+ clean:
+ rm -f pppdump $(OBJS) *~
+diff -Nur ppp-2.4.6.orig/pppstats/Makefile.linux ppp-2.4.6/pppstats/Makefile.linux
+--- ppp-2.4.6.orig/pppstats/Makefile.linux 2014-01-02 05:42:08.000000000 +0100
++++ ppp-2.4.6/pppstats/Makefile.linux 2014-02-24 09:00:16.809907637 +0100
+@@ -3,14 +3,15 @@
+ # $Id: Makefile.linux,v 1.9 2006/06/04 05:07:46 paulus Exp $
+ #
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-BINDIR = $(DESTDIR)/sbin
++BINDIR = $(DESTDIR)/bin
+ MANDIR = $(DESTDIR)/share/man/man8
+
+ PPPSTATSRCS = pppstats.c
+ PPPSTATOBJS = pppstats.o
+
+ #CC = gcc
+-COPTS = -O
++COPTS = @CFLAGS@
++LDFLAGS = @LDFLAGS@
+ COMPILE_FLAGS = -I../include
+ LIBS =
+
+@@ -26,7 +27,7 @@
+ $(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
+
+ pppstats: $(PPPSTATSRCS)
+- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
++ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
+
+ clean:
+ rm -f pppstats *~ #* core
Copied: ppp/repos/testing-x86_64/ppp.systemd (from rev 375959, ppp/trunk/ppp.systemd)
===================================================================
--- testing-x86_64/ppp.systemd (rev 0)
+++ testing-x86_64/ppp.systemd 2020-02-20 21:39:12 UTC (rev 375960)
@@ -0,0 +1,9 @@
+[Unit]
+Description=PPP link to %I
+Before=network.target
+
+[Service]
+ExecStart=/usr/sbin/pppd call %I nodetach nolog
+
+[Install]
+WantedBy=multi-user.target
More information about the arch-commits
mailing list