ppp: Update to include bug fixes that should be in 2.5.1 but not yet released - Update from version 2.5.0 to commit e1266c7 - Update of rootfile - When ppp-2.5.0 was released it had a bug bin it that the lock and run directories had non standard defaults but also that if the directory did not exist ppp just ignored it and continued to start but would then have error messages in the logs about not being able to cretae the lock file - This issue was raised in the ppp github issues and a set of patches merged into ppp. - The plan was written in Nov 2023 that this would be released as 2.5.1, however nearly three months later there is no sight of 2.5.1 being released and people continue to flag up the lock directory issues and have to apply a workaround to create the directory in local.rc - This patch has taken the zip source tarball of master at the commit e1266c7. The zip tarball was then extracted and then tar'd back up as a tar.gz file with the version set at e1266c7 rather than master. I could not find any other way to get a source tarball\ created at a certain commit stage. - The patch ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch had to be updated due to some changes in the source files. - The patch ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch was removed as the changes are now built into the source tarball. - This will need to be tested thoroughly by people with ppp to confirm that the lock directory is created if it doesn't exist on the system. I can't test that as I have no access to a ppp connection system. - For a view of the changelog between 2.5.0 and e1266c7 the github commits list needs to be reviewed. https://github.com/ppp-project/ppp/commits/master/?before=e1266c76d1ad39f98f11676e34f180f78c5a510c+35 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
ppp: Bug#13164 - Update configure options to have correct directory for pid - The original poster of the bug#13164 has already tested out ppp-2.5.0 in CU179 (master) and identified that the startup could not find the directory /usr/var/run/. This is due to the change in use of the prefix command in 2.5.0 vs 2.4.9 so --localstatedir set to /var. runstatedir is then set to localstatedir/run ie /var/run which is then correct for IPFire. - This fix needs to be implemented into CU179 so that the bug poster can test out the update - Updated rootfile to remove additional empty line Fixes: Bug#13164 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
ppp: Fixes bug#13164 - Update to version 2.5.0 - Update from version 2.4.9 to 2.5.0 This includes breaking changes for third-party plugins but as far as I can see IPFire is not using any third party plugins - Update of rootfile - Update of patches and sed commands - pcap-int.h and if_pppol2tp.h files have not been in source file since at least 2014 - Some of the patches required updates as additional lines needing to be patched are now present. nThis was related to the O_CLOEXEC & SOCK_CLOEXEC related patches - connect-errors file location is now defined by a configure command --with-logfile-dir - install-etcppp is no longer provided. However the install command in this version still has the same files available in /etc/ppp as previously. There is a new file, openssl.cnf, which I have commented out. If it is required in future it can always be uncommented in future releases. - Build went without any problems with the updated patches. - I cannot test this as I don't use ppp, however the original bug reporter has agreed to test this out when it is released into Testing unless anyone else is capable of testing it. - Changelog What's new in ppp-2.5.0. The 2.5.0 release is a major release of pppd which contains breaking changes for third-party plugins, a complete revamp of the build-system and that allows for flexibility of configuring features as needed. In Summary: * Support for PEAP authentication by Eivind Næss and Rustam Kovhaev * Support for loading PKCS12 certificate envelopes * Adoption of GNU Autoconf / Automake build environment, by Eivind Næss and others. * Support for pkgconfig tool has been added by Eivind Næss. * Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár. * Major revision to PPPD's Plugin API by Eivind Næss. - Defines in which describes what features was included in pppd - Functions now prefixed with explicit ppp_* to indicate that pppd functions being called. - Header files were renamed to better align with their features, and now use proper include guards - A pppdconf.h file is supplied to allow third-party modules to use the same feature defines pppd was compiled with. - No extern declarations of internal variable names of pppd, continued use of these extern variables are considered unstable. * Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon * Dropped IPX support, as Linux has dropped support in version 5.15 for this protocol. * Many more fixes and cleanups. * Pppd is no longer installed setuid-root. * New pppd options: - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber, ipv6-up-script, ipv6-down-script - -v, show-options - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip * On Linux, any baud rate can be set on a serial port provided the kernel serial driver supports that. Note that if you have built and installed previous versions of this package and you want to continue having configuration and TDB files in /etc/ppp, you will need to use the --sysconfdir option to ./configure. For a list of the changes made during the 2.4 series releases of this package, see the Changes-2.4 file. Compression methods. This package supports two packet compression methods: Deflate and BSD-Compress. Other compression methods which are in common use include Predictor, LZS, and MPPC. These methods are not supported for two reasons - they are patent-encumbered, and they cause some packets to expand slightly, which pppd doesn't currently allow for. BSD-Compress and Deflate (which uses the same algorithm as gzip) don't ever expand packets. Fixes: bug#13164 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
pppd: Explicitly ship pppd shared object files These are needed by pppd, but were not previously shipped as such. Instead, since their parent directory at /usr/lib/pppd/${version}/ was not commented out, we implicitly shipped the entire directory. This patch does not change our behaviour in the end, but makes things more transparent to developers. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
ppp: update to 2.4.9 This is the first ppp release for years, and the project appears to have a different maintainer (team?) by now. As a result, some of our patches are no longer necessary as they made it into upstream, while others need to be adjusted slightly. In addition, their configure script does not handle commas in CFLAGS properly, which is why the delimiter for the 'sed' call in it has to be changed to something neither appearing in a path nor in our CLFAGS set. The full changelog of this release can be retrieved from https://ppp.samba.org/README.html and says: * Support for new EAP (Extensible Authentication Protocol) methods: - Support for EAP-TLS, from Jan Just Keijser and others - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs Van Buggenhout and others * New pppd options: - chap-timeout - chapms-strip-domain - replacedefaultroute - noreplacedefaultroute - ipv6cp-accept-remote - lcp-echo-adaptive - ip-up-script - ip-down-script - ca - capath - cert - key - crl-dir - crl - max-tls-version - need-peer-eap * Fixes for CVE-2020-8597 and CVE-2015-3310. * libpcap is now required when compiling on Linux (previously, if libpcap was not present, pppd would be compiled without packet filtering support). * The rp-pppoe plugin has been renamed to pppoe, to distinguish it from the upstream rp-pppoe code. Its options have changed names, but the old names are kept as aliases. * The configure script now supports cross-compilation. * Many bug fixes and cleanups. Thanks to Michael for his hint on the ./configure CFLAGS issue. The second version of this patch correctly updates the src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch patch for the second hunk in pppd/main.c, where socket permissions have been changed meanwhile. Further, it has been successfully tested against a VDSL 100 line in Germany, using PAP to Easybell via 1&1 L2 BSA. No connectivity issues or other anomalies have been observed so far. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>