Date: Sunday, November 4, 2018 @ 10:31:18 Author: allan Revision: 337812
archrelease: copy trunk to testing-x86_64 Added: ppp/repos/testing-x86_64/ ppp/repos/testing-x86_64/CVE-2015-3310.patch (from rev 337811, ppp/trunk/CVE-2015-3310.patch) ppp/repos/testing-x86_64/LICENSE (from rev 337811, ppp/trunk/LICENSE) ppp/repos/testing-x86_64/PKGBUILD (from rev 337811, ppp/trunk/PKGBUILD) ppp/repos/testing-x86_64/ip-down (from rev 337811, ppp/trunk/ip-down) ppp/repos/testing-x86_64/ip-down.d.dns.sh (from rev 337811, ppp/trunk/ip-down.d.dns.sh) ppp/repos/testing-x86_64/ip-up (from rev 337811, ppp/trunk/ip-up) ppp/repos/testing-x86_64/ip-up.d.dns.sh (from rev 337811, ppp/trunk/ip-up.d.dns.sh) ppp/repos/testing-x86_64/ipv6-down (from rev 337811, ppp/trunk/ipv6-down) ppp/repos/testing-x86_64/ipv6-up (from rev 337811, ppp/trunk/ipv6-up) ppp/repos/testing-x86_64/ipv6-up.d.iface-config.sh (from rev 337811, ppp/trunk/ipv6-up.d.iface-config.sh) ppp/repos/testing-x86_64/options (from rev 337811, ppp/trunk/options) ppp/repos/testing-x86_64/ppp-2.4.6-makefiles.patch (from rev 337811, ppp/trunk/ppp-2.4.6-makefiles.patch) ppp/repos/testing-x86_64/ppp.systemd (from rev 337811, ppp/trunk/ppp.systemd) ---------------------------+ CVE-2015-3310.patch | 18 ++ LICENSE | 7 PKGBUILD | 97 ++++++++++++ ip-down | 12 + ip-down.d.dns.sh | 7 ip-up | 12 + ip-up.d.dns.sh | 11 + ipv6-down | 12 + ipv6-up | 12 + ipv6-up.d.iface-config.sh | 4 options | 352 ++++++++++++++++++++++++++++++++++++++++++++ ppp-2.4.6-makefiles.patch | 270 +++++++++++++++++++++++++++++++++ ppp.systemd | 9 + 13 files changed, 823 insertions(+) Copied: ppp/repos/testing-x86_64/CVE-2015-3310.patch (from rev 337811, ppp/trunk/CVE-2015-3310.patch) =================================================================== --- testing-x86_64/CVE-2015-3310.patch (rev 0) +++ testing-x86_64/CVE-2015-3310.patch 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,18 @@ +Fix buffer overflow in rc_mksid() + +rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string. +If the process id is bigger than 65535 (FFFF), its hex representation will be +longer than 4 characters, resulting in a buffer overflow. + +The bug can be exploited to cause a remote DoS. +--- ppp-2.4.7/pppd/plugins/radius/util.c ++++ ppp-2.4.7/pppd/plugins/radius/util.c +@@ -77,7 +77,7 @@ rc_mksid (void) + static unsigned short int cnt = 0; + sprintf (buf, "%08lX%04X%02hX", + (unsigned long int) time (NULL), +- (unsigned int) getpid (), ++ (unsigned int) getpid () & 0xFFFF, + cnt & 0xFF); + cnt++; + return buf; Copied: ppp/repos/testing-x86_64/LICENSE (from rev 337811, ppp/trunk/LICENSE) =================================================================== --- testing-x86_64/LICENSE (rev 0) +++ testing-x86_64/LICENSE 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,7 @@ +Copyrights: +*********** + +All of the code can be freely used and redistributed. The individual +source files each have their own copyright and permission notice. +Pppd, pppstats and pppdump are under BSD-style notices. Some of the +pppd plugins are GPL'd. Chat is public domain. Copied: ppp/repos/testing-x86_64/PKGBUILD (from rev 337811, ppp/trunk/PKGBUILD) =================================================================== --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,97 @@ +# Maintainer: Thomas Baechler <tho...@archlinux.org> +pkgname=ppp +pkgver=2.4.7 +pkgrel=5 +pkgdesc="A daemon which implements the Point-to-Point Protocol for dial-up networking" +arch=(x86_64) +url="http://www.samba.org/ppp/" +license=('GPL' 'BSD') +depends=('glibc' 'libpcap>=1.0.0' 'openssl') +backup=(etc/ppp/{chap-secrets,pap-secrets,options,ip-up,ip-down,ip-down.d/00-dns.sh,ip-up.d/00-dns.sh,ipv6-up.d/00-iface-config.sh}) +source=(https://download.samba.org/pub/ppp/ppp-${pkgver}.tar.gz{,.asc} + ppp-2.4.6-makefiles.patch + options + ip-up + ip-down + ip-up.d.dns.sh + ip-down.d.dns.sh + ipv6-up + ipv6-down + ipv6-up.d.iface-config.sh + ppp.systemd + CVE-2015-3310.patch + ppp-build-fix.patch::"https://github.com/paulusmack/ppp/commit/50a2997b.patch" + ppp-openssl.patch::https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch + LICENSE) +sha256sums=('02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30' + 'SKIP' + 'f04f47318226c79594f45b8b75877c30710d22fe0fb1e2e17db3b4257dc4218c' + '0933fecb9e0adaddd88ee1e049a5f3a0508e83b81dc1aa333df784e729ab4b6e' + 'ddef42b2cc5d49e81556dc9dbacf5ee3bf8dc32704f3670c2233eed42c4a4efd' + '658630ba4c5cb583df80af6d4df81df8ae20798f63cc4b9cec8d4dad13a6a897' + 'aafb75b978aa13225444dc6b914fab324d686821be93c49e893800e647aa7648' + '17b486fa69a71dafcbe543dc4f2b8cb9ed31e675aabc5f6c98ef94dbc1561c85' + 'bb3f44a4f2c4b8dbe7f84d77feae90a71caa9fa3c252a20c390e015d4f8ea248' + '77292b79f99f97a01aa9a75cd7cd93da70d746d3b8cc60f35b31dfe0568544c0' + '20780cf4bd0774bebb55ecb3bdae7667c9ae5cbe003a52a1ecb0bbc77d46260f' + 'eb8ab2e2d71c3bb9c4297cf847b6e9d52616a3fdbf2257c479cc43dff318c831' + 'f0fe7e7d9b35141c2565a09e39c4f66b475ed3fe8e2528d10faa4412f480e338' + '94225c64e806e75d6f792649c4beb26a791c4994c2701dc6a47cfccf3d91e4bf' + '3f199d83d2632274dbbe7345e5369891469f64642f28e4afb471747a88888b62' + '96fd35104e3d0ec472517afecead88419913ae73ae0189476d5dad9029c2be42') +validpgpkeys=('631E179E370CD727A7F2A33A9E4295D605F66CE9') # Paul Mackerras (Signing key) <pau...@samba.org> + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + + patch -p1 -i "${srcdir}/ppp-2.4.6-makefiles.patch" + patch -p1 -i "${srcdir}/CVE-2015-3310.patch" + patch -p1 -i "${srcdir}/ppp-build-fix.patch" + patch -p1 -i "${srcdir}/ppp-openssl.patch" + + # enable active filter + sed -i "s:^#FILTER=y:FILTER=y:" pppd/Makefile.linux + # enable ipv6 support + sed -i "s:^#HAVE_INET6=y:HAVE_INET6=y:" pppd/Makefile.linux + # Enable Microsoft proprietary Callback Control Protocol + sed -i "s:^#CBCP=y:CBCP=y:" pppd/Makefile.linux +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + # -D_GNU_SOURCE is needed for IPv6 to work apparently + CFLAGS="$CPPFLAGS $CFLAGS -D_GNU_SOURCE" LDFLAGS="$LDFLAGS" ./configure --prefix=/usr + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make INSTROOT="${pkgdir}" install + + install -D -m644 ../options "${pkgdir}/etc/ppp/options" + install -D -m755 ../ip-up "${pkgdir}/etc/ppp/ip-up" + install -D -m755 ../ip-down "${pkgdir}/etc/ppp/ip-down" + install -d -m755 "${pkgdir}/etc/ppp/ip-up.d" + install -d -m755 "${pkgdir}/etc/ppp/ip-down.d" + install -m755 ../ip-up.d.dns.sh "${pkgdir}/etc/ppp/ip-up.d/00-dns.sh" + install -m755 ../ip-down.d.dns.sh "${pkgdir}/etc/ppp/ip-down.d/00-dns.sh" + install -D -m755 ../ipv6-up "${pkgdir}/etc/ppp/ipv6-up" + install -D -m755 ../ipv6-down "${pkgdir}/etc/ppp/ipv6-down" + install -d -m755 "${pkgdir}/etc/ppp/ipv6-up.d" + install -d -m755 "${pkgdir}/etc/ppp/ipv6-down.d" + install -m755 ../ipv6-up.d.iface-config.sh "${pkgdir}/etc/ppp/ipv6-up.d/00-iface-config.sh" + + install -D -m755 scripts/pon "${pkgdir}/usr/bin/pon" + install -D -m755 scripts/poff "${pkgdir}/usr/bin/poff" + install -D -m755 scripts/plog "${pkgdir}/usr/bin/plog" + install -D -m644 scripts/pon.1 "${pkgdir}/usr/share/man/man1/pon.1" + install -D -m600 etc.ppp/pap-secrets "${pkgdir}/etc/ppp/pap-secrets" + install -D -m600 etc.ppp/chap-secrets "${pkgdir}/etc/ppp/chap-secrets" + install -d -m755 "${pkgdir}/etc/ppp/peers" + chmod 0755 "${pkgdir}/usr/lib/pppd/${pkgver}"/*.so + + install -D -m644 "${srcdir}"/ppp.systemd "${pkgdir}"/usr/lib/systemd/system/ppp@.service + + install -Dm644 "$srcdir"/LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE +} Copied: ppp/repos/testing-x86_64/ip-down (from rev 337811, ppp/trunk/ip-down) =================================================================== --- testing-x86_64/ip-down (rev 0) +++ testing-x86_64/ip-down 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,12 @@ +#!/bin/sh +# +# This script is run by pppd after the connection has ended. +# + +# Execute all scripts in /etc/ppp/ip-down.d/ +for ipdown in /etc/ppp/ip-down.d/*.sh; do + if [ -x $ipdown ]; then + # Parameters: interface-name tty-device speed local-IP-address remote-IP-address ipparam + $ipdown "$@" + fi +done Copied: ppp/repos/testing-x86_64/ip-down.d.dns.sh (from rev 337811, ppp/trunk/ip-down.d.dns.sh) =================================================================== --- testing-x86_64/ip-down.d.dns.sh (rev 0) +++ testing-x86_64/ip-down.d.dns.sh 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ -x /usr/bin/resolvconf ]; then + /usr/bin/resolvconf -fd ${IFNAME} +else + [ -e /etc/resolv.conf.backup.${IFNAME} ] && mv /etc/resolv.conf.backup.${IFNAME} /etc/resolv.conf +fi Copied: ppp/repos/testing-x86_64/ip-up (from rev 337811, ppp/trunk/ip-up) =================================================================== --- testing-x86_64/ip-up (rev 0) +++ testing-x86_64/ip-up 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,12 @@ +#!/bin/sh +# +# This script is run by pppd when there's a successful ppp connection. +# + +# Execute all scripts in /etc/ppp/ip-up.d/ +for ipup in /etc/ppp/ip-up.d/*.sh; do + if [ -x $ipup ]; then + # Parameters: interface-name tty-device speed local-IP-address remote-IP-address ipparam + $ipup "$@" + fi +done Copied: ppp/repos/testing-x86_64/ip-up.d.dns.sh (from rev 337811, ppp/trunk/ip-up.d.dns.sh) =================================================================== --- testing-x86_64/ip-up.d.dns.sh (rev 0) +++ testing-x86_64/ip-up.d.dns.sh 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,11 @@ +#!/bin/sh + +if [ "$USEPEERDNS" = "1" -a -f /etc/ppp/resolv.conf ]; then + if [ -x /usr/bin/resolvconf ]; then + /usr/bin/resolvconf -a ${IFNAME} </etc/ppp/resolv.conf + else + [ -e /etc/resolv.conf ] && mv /etc/resolv.conf /etc/resolv.conf.backup.${IFNAME} + mv /etc/ppp/resolv.conf /etc/resolv.conf + chmod 644 /etc/resolv.conf + fi +fi Copied: ppp/repos/testing-x86_64/ipv6-down (from rev 337811, ppp/trunk/ipv6-down) =================================================================== --- testing-x86_64/ipv6-down (rev 0) +++ testing-x86_64/ipv6-down 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,12 @@ +#!/bin/sh +# +# This script is run by pppd after the connection has ended. +# + +# Execute all scripts in /etc/ppp/ipv6-down.d/ +for ipdown in /etc/ppp/ipv6-down.d/*.sh; do + if [ -x $ipdown ]; then + # Parameters: interface-name tty-device speed local-link-local-address remote-link-local-address ipparam + $ipdown "$@" + fi +done Copied: ppp/repos/testing-x86_64/ipv6-up (from rev 337811, ppp/trunk/ipv6-up) =================================================================== --- testing-x86_64/ipv6-up (rev 0) +++ testing-x86_64/ipv6-up 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,12 @@ +#!/bin/sh +# +# This script is run by pppd when there's a successful ppp connection. +# + +# Execute all scripts in /etc/ppp/ipv6-up.d/ +for ipup in /etc/ppp/ipv6-up.d/*.sh; do + if [ -x $ipup ]; then + # Parameters: interface-name tty-device speed local-link-local-address remote-link-local-address ipparam + $ipup "$@" + fi +done Copied: ppp/repos/testing-x86_64/ipv6-up.d.iface-config.sh (from rev 337811, ppp/trunk/ipv6-up.d.iface-config.sh) =================================================================== --- testing-x86_64/ipv6-up.d.iface-config.sh (rev 0) +++ testing-x86_64/ipv6-up.d.iface-config.sh 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,4 @@ +#!/bin/sh + +echo 0 > /proc/sys/net/ipv6/conf/$1/use_tempaddr +echo 2 > /proc/sys/net/ipv6/conf/$1/accept_ra Copied: ppp/repos/testing-x86_64/options (from rev 337811, ppp/trunk/options) =================================================================== --- testing-x86_64/options (rev 0) +++ testing-x86_64/options 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,352 @@ +# /etc/ppp/options +# +# Originally created by Jim Knoble <jmkno...@mercury.interpath.net> +# Modified for Debian by alvar Bray <al...@meiko.co.uk> +# Modified for PPP Server setup by Christoph Lameter <clame...@debian.org> +# Modified for ArchLinux by Manolis Tzanidakis <mano...@archlinux.org> +# +# To quickly see what options are active in this file, use this command: +# egrep -v '#|^ *$' /etc/ppp/options + +# Specify which DNS Servers the incoming Win95 or WinNT Connection should use +# Two Servers can be remotely configured +# ms-dns 192.168.1.1 +# ms-dns 192.168.1.2 + +# Specify which WINS Servers the incoming connection Win95 or WinNT should use +# ms-wins 192.168.1.50 +# ms-wins 192.168.1.51 + +# Run the executable or shell command specified after pppd has +# terminated the link. This script could, for example, issue commands +# to the modem to cause it to hang up if hardware modem control signals +# were not available. +#disconnect "chat -- \d+++\d\c OK ath0 OK" + +# async character map -- 32-bit hex; each bit is a character +# that needs to be escaped for pppd to receive it. 0x00000001 +# represents '\x01', and 0x80000000 represents '\x1f'. +asyncmap 0 + +# Require the peer to authenticate itself before allowing network +# packets to be sent or received. +# Please do not disable this setting. It is expected to be standard in +# future releases of pppd. Use the call option (see manpage) to disable +# authentication for specific peers. +auth + +# Use hardware flow control (i.e. RTS/CTS) to control the flow of data +# on the serial port. +crtscts + +# Use software flow control (i.e. XON/XOFF) to control the flow of data +# on the serial port. +#xonxoff + +# Specifies that certain characters should be escaped on transmission +# (regardless of whether the peer requests them to be escaped with its +# async control character map). The characters to be escaped are +# specified as a list of hex numbers separated by commas. Note that +# almost any character can be specified for the escape option, unlike +# the asyncmap option which only allows control characters to be +# specified. The characters which may not be escaped are those with hex +# values 0x20 - 0x3f or 0x5e. +#escape 11,13,ff + +# Don't use the modem control lines. +#local + +# Specifies that pppd should use a UUCP-style lock on the serial device +# to ensure exclusive access to the device. +lock + +# Don't show the passwords when logging the contents of PAP packets. +# This is the default. +hide-password + +# When logging the contents of PAP packets, this option causes pppd to +# show the password string in the log message. +#show-password + +# Use the modem control lines. On Ultrix, this option implies hardware +# flow control, as for the crtscts option. (This option is not fully +# implemented.) +modem + +# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd +# will ask the peer to send packets of no more than <n> bytes. The +# minimum MRU value is 128. The default MRU value is 1500. A value of +# 296 is recommended for slow links (40 bytes for TCP/IP header + 256 +# bytes of data). +#mru 542 + +# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot" +# notation (e.g. 255.255.255.0). +#netmask 255.255.255.0 + +# Disables the default behaviour when no local IP address is specified, +# which is to determine (if possible) the local IP address from the +# hostname. With this option, the peer will have to supply the local IP +# address during IPCP negotiation (unless it specified explicitly on the +# command line or in an options file). +#noipdefault + +# Enables the "passive" option in the LCP. With this option, pppd will +# attempt to initiate a connection; if no reply is received from the +# peer, pppd will then just wait passively for a valid LCP packet from +# the peer (instead of exiting, as it does without this option). +#passive + +# With this option, pppd will not transmit LCP packets to initiate a +# connection until a valid LCP packet is received from the peer (as for +# the "passive" option with old versions of pppd). +#silent + +# Don't request or allow negotiation of any options for LCP and IPCP +# (use default values). +#-all + +# Disable Address/Control compression negotiation (use default, i.e. +# address/control field disabled). +#-ac + +# Disable asyncmap negotiation (use the default asyncmap, i.e. escape +# all control characters). +#-am + +# Don't fork to become a background process (otherwise pppd will do so +# if a serial device is specified). +#-detach + +# Disable IP address negotiation (with this option, the remote IP +# address must be specified with an option on the command line or in +# an options file). +#-ip + +# Disable IPCP negotiation and IP communication. This option should +# only be required if the peer is buggy and gets confused by requests +# from pppd for IPCP negotiation. +#noip + +# Disable magic number negotiation. With this option, pppd cannot +# detect a looped-back line. +#-mn + +# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e. +# 1500). +#-mru + +# Disable protocol field compression negotiation (use default, i.e. +# protocol field compression disabled). +#-pc + +# Require the peer to authenticate itself using PAP. +#+pap + +# Don't agree to authenticate using PAP. +#-pap + +# Require the peer to authenticate itself using CHAP [Cryptographic +# Handshake Authentication Protocol] authentication. +#+chap + +# Don't agree to authenticate using CHAP. +#-chap + +# Disable negotiation of Van Jacobson style IP header compression (use +# default, i.e. no compression). +#-vj + +# Increase debugging level (same as -d). If this option is given, pppd +# will log the contents of all control packets sent or received in a +# readable form. The packets are logged through syslog with facility +# daemon and level debug. This information can be directed to a file by +# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If +# pppd is compiled with extra debugging enabled, it will log messages +# using facility local2 instead of daemon). +#debug + +# Append the domain name <d> to the local host name for authentication +# purposes. For example, if gethostname() returns the name porsche, +# but the fully qualified domain name is porsche.Quotron.COM, you would +# use the domain option to set the domain name to Quotron.COM. +#domain <d> + +# Enable debugging code in the kernel-level PPP driver. The argument n +# is a number which is the sum of the following values: 1 to enable +# general debug messages, 2 to request that the contents of received +# packets be printed, and 4 to request that the contents of transmitted +# packets be printed. +#kdebug n + +# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer +# requests a smaller value via MRU negotiation, pppd will request that +# the kernel networking code send data packets of no more than n bytes +# through the PPP network interface. +#mtu <n> + +# Set the name of the local system for authentication purposes to <n>. +# This is a privileged option. With this option, pppd will use lines in the +# secrets files which have <n> as the second field when looking for a +# secret to use in authenticating the peer. In addition, unless overridden +# with the user option, <n> will be used as the name to send to the peer +# when authenticating the local system to the peer. (Note that pppd does +# not append the domain name to <n>.) +#name <n> + +# Enforce the use of the hostname as the name of the local system for +# authentication purposes (overrides the name option). +#usehostname + +# Set the assumed name of the remote system for authentication purposes +# to <n>. +#remotename <n> + +# Add an entry to this system's ARP [Address Resolution Protocol] +# table with the IP address of the peer and the Ethernet address of this +# system. +proxyarp + +# Use the system password database for authenticating the peer using +# PAP. Note: mgetty already provides this option. If this is specified +# then dialin from users using a script under Linux to fire up ppp wont work. +# login + +# If this option is given, pppd will send an LCP echo-request frame to the +# peer every n seconds. Normally the peer should respond to the echo-request +# by sending an echo-reply. This option can be used with the +# lcp-echo-failure option to detect that the peer is no longer connected. +lcp-echo-interval 30 + +# If this option is given, pppd will presume the peer to be dead if n +# LCP echo-requests are sent without receiving a valid LCP echo-reply. +# If this happens, pppd will terminate the connection. Use of this +# option requires a non-zero value for the lcp-echo-interval parameter. +# This option can be used to enable pppd to terminate after the physical +# connection has been broken (e.g., the modem has hung up) in +# situations where no hardware modem control lines are available. +lcp-echo-failure 4 + +# Set the LCP restart interval (retransmission timeout) to <n> seconds +# (default 3). +#lcp-restart <n> + +# Set the maximum number of LCP terminate-request transmissions to <n> +# (default 3). +#lcp-max-terminate <n> + +# Set the maximum number of LCP configure-request transmissions to <n> +# (default 10). +#lcp-max-configure <n> + +# Set the maximum number of LCP configure-NAKs returned before starting +# to send configure-Rejects instead to <n> (default 10). +#lcp-max-failure <n> + +# Set the IPCP restart interval (retransmission timeout) to <n> +# seconds (default 3). +#ipcp-restart <n> + +# Set the maximum number of IPCP terminate-request transmissions to <n> +# (default 3). +#ipcp-max-terminate <n> + +# Set the maximum number of IPCP configure-request transmissions to <n> +# (default 10). +#ipcp-max-configure <n> + +# Set the maximum number of IPCP configure-NAKs returned before starting +# to send configure-Rejects instead to <n> (default 10). +#ipcp-max-failure <n> + +# Set the PAP restart interval (retransmission timeout) to <n> seconds +# (default 3). +#pap-restart <n> + +# Set the maximum number of PAP authenticate-request transmissions to +# <n> (default 10). +#pap-max-authreq <n> + +# Set the maximum time that pppd will wait for the peer to authenticate +# itself with PAP to <n> seconds (0 means no limit). +#pap-timeout <n> + +# Set the CHAP restart interval (retransmission timeout for +# challenges) to <n> seconds (default 3). +#chap-restart <n> + +# Set the maximum number of CHAP challenge transmissions to <n> +# (default 10). +#chap-max-challenge + +# If this option is given, pppd will rechallenge the peer every <n> +# seconds. +#chap-interval <n> + +# With this option, pppd will accept the peer's idea of our local IP +# address, even if the local IP address was specified in an option. +#ipcp-accept-local + +# With this option, pppd will accept the peer's idea of its (remote) IP +# address, even if the remote IP address was specified in an option. +#ipcp-accept-remote + +# Disable the IPXCP and IPX protocols. +# To let pppd pass IPX packets comment this out --- you'll probably also +# want to install ipxripd, and have the Internal IPX Network option enabled +# in your kernel. /usr/doc/HOWTO/IPX-HOWTO.gz contains more info. +noipx + +# Exit once a connection has been made and terminated. This is the default, +# unless the `persist' or `demand' option has been specified. +#nopersist + +# Do not exit after a connection is terminated; instead try to reopen +# the connection. +#persist + +# Terminate after n consecutive failed connection attempts. +# A value of 0 means no limit. The default value is 10. +#maxfail <n> + +# Initiate the link only on demand, i.e. when data traffic is present. +# With this option, the remote IP address must be specified by the user on +# the command line or in an options file. Pppd will initially configure +# the interface and enable it for IP traffic without connecting to the peer. +# When traffic is available, pppd will connect to the peer and perform +# negotiation, authentication, etc. When this is completed, pppd will +# commence passing data packets (i.e., IP packets) across the link. +#demand + +# Specifies that pppd should disconnect if the link is idle for <n> seconds. +# The link is idle when no data packets (i.e. IP packets) are being sent or +# received. Note: it is not advisable to use this option with the persist +# option without the demand option. If the active-filter option is given, +# data packets which are rejected by the specified activity filter also +# count as the link being idle. +#idle <n> + +# Specifies how many seconds to wait before re-initiating the link after +# it terminates. This option only has any effect if the persist or demand +# option is used. The holdoff period is not applied if the link was +# terminated because it was idle. +#holdoff <n> + +# Wait for up n milliseconds after the connect script finishes for a valid +# PPP packet from the peer. At the end of this time, or when a valid PPP +# packet is received from the peer, pppd will commence negotiation by +# sending its first LCP packet. The default value is 1000 (1 second). +# This wait period only applies if the connect or pty option is used. +#connect-delay <n> + +# Packet filtering: for more information, see pppd(8) +# Any packets matching the filter expression will be interpreted as link +# activity, and will cause a "demand" connection to be activated, and reset +# the idle connection timer. (idle option) +# The filter expression is akin to that of tcpdump(1) +#active-filter <filter-expression> + +# uncomment the line below this if you use PPPoE +#plugin /usr/lib/pppd/plugins/pppoe.so + +# ---<End of File>--- Copied: ppp/repos/testing-x86_64/ppp-2.4.6-makefiles.patch (from rev 337811, ppp/trunk/ppp-2.4.6-makefiles.patch) =================================================================== --- testing-x86_64/ppp-2.4.6-makefiles.patch (rev 0) +++ testing-x86_64/ppp-2.4.6-makefiles.patch 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,270 @@ +diff -Nur ppp-2.4.6.orig/chat/Makefile.linux ppp-2.4.6/chat/Makefile.linux +--- ppp-2.4.6.orig/chat/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/chat/Makefile.linux 2014-02-24 09:00:16.666577906 +0100 +@@ -1,7 +1,7 @@ + # $Id: Makefile.linux,v 1.15 2006/06/04 05:07:46 paulus Exp $ + + DESTDIR = $(INSTROOT)@DESTDIR@ +-BINDIR = $(DESTDIR)/sbin ++BINDIR = $(DESTDIR)/bin + MANDIR = $(DESTDIR)/share/man/man8 + + CDEF1= -DTERMIOS # Use the termios structure +@@ -10,7 +10,8 @@ + CDEF4= -DFNDELAY=O_NDELAY # Old name value + CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) + +-COPTS= -O2 -g -pipe ++COPTS= @CFLAGS@ ++LDFLAGS= @LDFLAGS@ + CFLAGS= $(COPTS) $(CDEFS) + + INSTALL= install +@@ -21,7 +22,7 @@ + $(CC) -o chat chat.o + + chat.o: chat.c +- $(CC) -c $(CFLAGS) -o chat.o chat.c ++ $(CC) -c $(CFLAGS) $(LDFLAGS) -o chat.o chat.c + + install: chat + mkdir -p $(BINDIR) $(MANDIR) +diff -Nur ppp-2.4.6.orig/configure ppp-2.4.6/configure +--- ppp-2.4.6.orig/configure 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/configure 2014-02-24 09:00:16.743242620 +0100 +@@ -185,7 +185,10 @@ + rm -f $2 + if [ -f $1 ]; then + echo " $2 <= $1" +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" $1 >$2 ++ sed -e "s|@DESTDIR@|$DESTDIR|g" \ ++ -e "s|@SYSCONF@|$SYSCONF|g" \ ++ -e "s|@CFLAGS@|$CFLAGS|g" \ ++ -e "s|@LDFLAGS@|$LDFLAGS|g" $1 >$2 + fi + } + +diff -Nur ppp-2.4.6.orig/linux/Makefile.top ppp-2.4.6/linux/Makefile.top +--- ppp-2.4.6.orig/linux/Makefile.top 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/linux/Makefile.top 2014-02-24 09:00:16.743242620 +0100 +@@ -1,7 +1,7 @@ + # PPP top-level Makefile for Linux. + + DESTDIR = $(INSTROOT)@DESTDIR@ +-BINDIR = $(DESTDIR)/sbin ++BINDIR = $(DESTDIR)/bin + INCDIR = $(DESTDIR)/include + MANDIR = $(DESTDIR)/share/man + ETCDIR = $(INSTROOT)@SYSCONF@/ppp +diff -Nur ppp-2.4.6.orig/pppd/Makefile.linux ppp-2.4.6/pppd/Makefile.linux +--- ppp-2.4.6.orig/pppd/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/pppd/Makefile.linux 2014-02-24 09:00:16.743242620 +0100 +@@ -5,7 +5,7 @@ + + # Default installation locations + DESTDIR = $(INSTROOT)@DESTDIR@ +-BINDIR = $(DESTDIR)/sbin ++BINDIR = $(DESTDIR)/bin + MANDIR = $(DESTDIR)/share/man/man8 + INCDIR = $(DESTDIR)/include + +@@ -32,7 +32,8 @@ + + # CC = gcc + # +-COPTS = -O2 -pipe -Wall -g ++COPTS = @CFLAGS@ ++LDFLAGS = @LDFLAGS@ + LIBS = + + # Uncomment the next 2 lines to include support for Microsoft's +diff -Nur ppp-2.4.6.orig/pppd/plugins/Makefile.linux ppp-2.4.6/pppd/plugins/Makefile.linux +--- ppp-2.4.6.orig/pppd/plugins/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/pppd/plugins/Makefile.linux 2014-02-24 09:00:16.779908379 +0100 +@@ -1,11 +1,11 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = @CFLAGS@ + CFLAGS = $(COPTS) -I.. -I../../include -fPIC +-LDFLAGS = -shared ++LDFLAGS = @LDFLAGS@ -shared + INSTALL = install + + DESTDIR = $(INSTROOT)@DESTDIR@ +-BINDIR = $(DESTDIR)/sbin ++BINDIR = $(DESTDIR)/bin + MANDIR = $(DESTDIR)/share/man/man8 + LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) + +diff -Nur ppp-2.4.6.orig/pppd/plugins/pppoatm/Makefile.linux ppp-2.4.6/pppd/plugins/pppoatm/Makefile.linux +--- ppp-2.4.6.orig/pppd/plugins/pppoatm/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/pppd/plugins/pppoatm/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 +@@ -1,7 +1,7 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = @CFLAGS@ + CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC +-LDFLAGS = -shared ++LDFLAGS = @LDFLAGS@ + INSTALL = install + + #*********************************************************************** +@@ -33,7 +33,7 @@ + all: $(PLUGIN) + + $(PLUGIN): $(PLUGIN_OBJS) +- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) ++ $(CC) $(CFLAGS) -o $@ $(LDFLAGS) -shared $^ $(LIBS) + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +diff -Nur ppp-2.4.6.orig/pppd/plugins/pppol2tp/Makefile.linux ppp-2.4.6/pppd/plugins/pppol2tp/Makefile.linux +--- ppp-2.4.6.orig/pppd/plugins/pppol2tp/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/pppd/plugins/pppol2tp/Makefile.linux 2014-02-24 09:01:06.325349425 +0100 +@@ -1,12 +1,12 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = @CFLAGS@ + CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC +-LDFLAGS = -shared ++LDFLAGS = @LDFLAGS@ + INSTALL = install + + #*********************************************************************** + +-DESTDIR = @DESTDIR@ ++DESTDIR = $(INSTROOT)@DESTDIR@ + LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) + + VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) +@@ -16,7 +16,7 @@ + all: $(PLUGINS) + + %.so: %.o +- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) ++ $(CC) $(CFLAGS) -o $@ $(LDFLAGS) -shared $^ $(LIBS) + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +diff -Nur ppp-2.4.6.orig/pppd/plugins/radius/Makefile.linux ppp-2.4.6/pppd/plugins/radius/Makefile.linux +--- ppp-2.4.6.orig/pppd/plugins/radius/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/pppd/plugins/radius/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 +@@ -12,7 +12,8 @@ + INSTALL = install + + PLUGIN=radius.so radattr.so radrealms.so +-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++CFLAGS=@CFLAGS@ -I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++LDFLAGS=@LDFLAGS@ + + # Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. +@@ -43,13 +44,13 @@ + $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) + + radius.so: radius.o libradiusclient.a +- $(CC) -o radius.so -shared radius.o libradiusclient.a ++ $(CC) -o radius.so -shared $(LDFLAGS) radius.o libradiusclient.a + + radattr.so: radattr.o +- $(CC) -o radattr.so -shared radattr.o ++ $(CC) -o radattr.so -shared $(LDFLAGS) radattr.o + + radrealms.so: radrealms.o +- $(CC) -o radrealms.so -shared radrealms.o ++ $(CC) -o radrealms.so -shared $(LDFLAGS) radrealms.o + + CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ + clientid.o sendserver.o lock.o util.o md5.o +diff -Nur ppp-2.4.6.orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.6/pppd/plugins/rp-pppoe/Makefile.linux +--- ppp-2.4.6.orig/pppd/plugins/rp-pppoe/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/pppd/plugins/rp-pppoe/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 +@@ -15,7 +15,7 @@ + #*********************************************************************** + + DESTDIR = $(INSTROOT)@DESTDIR@ +-BINDIR = $(DESTDIR)/sbin ++BINDIR = $(DESTDIR)/bin + LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION) + + PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) +@@ -25,12 +25,14 @@ + # Version is set ONLY IN THE MAKEFILE! Don't delete this! + RP_VERSION=3.8p + +-COPTS=-O2 -g ++COPTS=@CFLAGS@ + CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' ++LDFLAGS=@LDFLAGS@ ++ + all: rp-pppoe.so pppoe-discovery + + pppoe-discovery: pppoe-discovery.o debug.o +- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o ++ $(CC) -o pppoe-discovery $(LDFLAGS) pppoe-discovery.o debug.o + + pppoe-discovery.o: pppoe-discovery.c + $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c +@@ -39,7 +41,7 @@ + $(CC) $(CFLAGS) -c -o debug.o debug.c + + rp-pppoe.so: plugin.o discovery.o if.o common.o +- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o ++ $(CC) -o rp-pppoe.so -shared $(LDFLAGS) plugin.o discovery.o if.o common.o + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +diff -Nur ppp-2.4.6.orig/pppdump/Makefile.linux ppp-2.4.6/pppdump/Makefile.linux +--- ppp-2.4.6.orig/pppdump/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/pppdump/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 +@@ -1,8 +1,9 @@ + DESTDIR = $(INSTROOT)@DESTDIR@ +-BINDIR = $(DESTDIR)/sbin ++BINDIR = $(DESTDIR)/bin + MANDIR = $(DESTDIR)/share/man/man8 + +-CFLAGS= -O -I../include/net ++CFLAGS = @CFLAGS@ -I../include/net ++LDFLAGS = @LDFLAGS@ + OBJS = pppdump.o bsd-comp.o deflate.o zlib.o + + INSTALL= install +@@ -10,7 +11,7 @@ + all: pppdump + + pppdump: $(OBJS) +- $(CC) -o pppdump $(OBJS) ++ $(CC) $(LDFLAGS) -o pppdump $(OBJS) + + clean: + rm -f pppdump $(OBJS) *~ +diff -Nur ppp-2.4.6.orig/pppstats/Makefile.linux ppp-2.4.6/pppstats/Makefile.linux +--- ppp-2.4.6.orig/pppstats/Makefile.linux 2014-01-02 05:42:08.000000000 +0100 ++++ ppp-2.4.6/pppstats/Makefile.linux 2014-02-24 09:00:16.809907637 +0100 +@@ -3,14 +3,15 @@ + # $Id: Makefile.linux,v 1.9 2006/06/04 05:07:46 paulus Exp $ + # + DESTDIR = $(INSTROOT)@DESTDIR@ +-BINDIR = $(DESTDIR)/sbin ++BINDIR = $(DESTDIR)/bin + MANDIR = $(DESTDIR)/share/man/man8 + + PPPSTATSRCS = pppstats.c + PPPSTATOBJS = pppstats.o + + #CC = gcc +-COPTS = -O ++COPTS = @CFLAGS@ ++LDFLAGS = @LDFLAGS@ + COMPILE_FLAGS = -I../include + LIBS = + +@@ -26,7 +27,7 @@ + $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) + + pppstats: $(PPPSTATSRCS) +- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS) + + clean: + rm -f pppstats *~ #* core Copied: ppp/repos/testing-x86_64/ppp.systemd (from rev 337811, ppp/trunk/ppp.systemd) =================================================================== --- testing-x86_64/ppp.systemd (rev 0) +++ testing-x86_64/ppp.systemd 2018-11-04 10:31:18 UTC (rev 337812) @@ -0,0 +1,9 @@ +[Unit] +Description=PPP link to %I +Before=network.target + +[Service] +ExecStart=/usr/sbin/pppd call %I nodetach nolog + +[Install] +WantedBy=multi-user.target