[PATCH 1/2] Revert "Revert "ppp: update to 2.4.9""

[PATCH 1/2] Revert "Revert "ppp: update to 2.4.9""

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 19314 bytes --]

This reverts commit 2d6e633d7f20bd94cbc36880049d2599e93bdaf3.
---
 config/rootfiles/common/ppp                   |  29 +++--
 lfs/ppp                                       |  15 +--
 ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------
 .../0013-everywhere-O_CLOEXEC-harder.patch    |  10 +-
 ...se-SOCK_CLOEXEC-when-creating-socket.patch |  33 ++---
 ...ppp-2.4.6-increase-max-padi-attempts.patch |   6 +-
 src/patches/ppp/ppp-2.4.7-headers_4.9.patch   |   6 +-
 ....8-pppd-fix-bounds-check-in-eap-code.patch |  35 -----
 ...-configure-to-handle-cflags-properly.patch |  15 +++
 9 files changed, 62 insertions(+), 208 deletions(-)
 delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
 delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
 create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch

diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
index f1f4f88f2..d61fdf811 100644
--- a/config/rootfiles/common/ppp
+++ b/config/rootfiles/common/ppp
@@ -2,6 +2,8 @@
 etc/ppp/chap-secrets
 etc/ppp/demonloginscript
 etc/ppp/dialer
+#etc/ppp/eaptls-client
+#etc/ppp/eaptls-server
 etc/ppp/ioptions
 etc/ppp/ip-down
 etc/ppp/ip-up
@@ -12,6 +14,7 @@ etc/ppp/standardloginscript
 #usr/include/pppd/ccp.h
 #usr/include/pppd/chap-new.h
 #usr/include/pppd/chap_ms.h
+#usr/include/pppd/eap-tls.h
 #usr/include/pppd/eap.h
 #usr/include/pppd/ecp.h
 #usr/include/pppd/eui64.h
@@ -23,6 +26,7 @@ etc/ppp/standardloginscript
 #usr/include/pppd/magic.h
 #usr/include/pppd/md4.h
 #usr/include/pppd/md5.h
+#usr/include/pppd/mppe.h
 #usr/include/pppd/patchlevel.h
 #usr/include/pppd/pathnames.h
 #usr/include/pppd/pppcrypt.h
@@ -33,18 +37,19 @@ etc/ppp/standardloginscript
 #usr/include/pppd/tdb.h
 #usr/include/pppd/upap.h
 usr/lib/pppd
-usr/lib/pppd/2.4.8
-#usr/lib/pppd/2.4.8/minconn.so
-#usr/lib/pppd/2.4.8/openl2tp.so
-#usr/lib/pppd/2.4.8/passprompt.so
-#usr/lib/pppd/2.4.8/passwordfd.so
-#usr/lib/pppd/2.4.8/pppoatm.so
-#usr/lib/pppd/2.4.8/pppol2tp.so
-#usr/lib/pppd/2.4.8/radattr.so
-#usr/lib/pppd/2.4.8/radius.so
-#usr/lib/pppd/2.4.8/radrealms.so
-#usr/lib/pppd/2.4.8/rp-pppoe.so
-#usr/lib/pppd/2.4.8/winbind.so
+usr/lib/pppd/2.4.9
+usr/lib/pppd/2.4.9/minconn.so
+usr/lib/pppd/2.4.9/openl2tp.so
+usr/lib/pppd/2.4.9/passprompt.so
+usr/lib/pppd/2.4.9/passwordfd.so
+usr/lib/pppd/2.4.9/pppoatm.so
+usr/lib/pppd/2.4.9/pppoe.so
+usr/lib/pppd/2.4.9/pppol2tp.so
+usr/lib/pppd/2.4.9/radattr.so
+usr/lib/pppd/2.4.9/radius.so
+usr/lib/pppd/2.4.9/radrealms.so
+usr/lib/pppd/2.4.9/rp-pppoe.so
+usr/lib/pppd/2.4.9/winbind.so
 usr/sbin/chat
 usr/sbin/pppd
 usr/sbin/pppdump
diff --git a/lfs/ppp b/lfs/ppp
index cbac95067..73356b8c4 100644
--- a/lfs/ppp
+++ b/lfs/ppp
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,12 +24,12 @@
 
 include Config
 
-VER        = 2.4.8
+VER        = 2.4.9
 
 THISAPP    = ppp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/ppp-$(THISAPP)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 CFLAGS    += -fno-strict-aliasing
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123
+$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f
 
 install : $(TARGET)
 
@@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
 	cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
-	cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
-	cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
+	cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls
+	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	cd $(DIR_APP) && make install-etcppp
 	touch /var/log/connect-errors
diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
deleted file mode 100644
index 4a43d444a..000000000
--- a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta(a)redhat.com>
-Date: Fri, 4 Apr 2014 11:29:39 +0200
-Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
- rpmbuild
-
----
- chat/Makefile.linux                  | 2 +-
- pppd/Makefile.linux                  | 3 +--
- pppd/plugins/Makefile.linux          | 2 +-
- pppd/plugins/pppoatm/Makefile.linux  | 2 +-
- pppd/plugins/radius/Makefile.linux   | 2 +-
- pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
- pppdump/Makefile.linux               | 2 +-
- pppstats/Makefile.linux              | 2 +-
- 8 files changed, 8 insertions(+), 9 deletions(-)
-
-diff --git a/chat/Makefile.linux b/chat/Makefile.linux
-index 1065ac5..848cd8d 100644
---- a/chat/Makefile.linux
-+++ b/chat/Makefile.linux
-@@ -10,7 +10,7 @@ CDEF3=	-UNO_SLEEP			# Use the usleep function
- CDEF4=	-DFNDELAY=O_NDELAY		# Old name value
- CDEFS=	$(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
- 
--COPTS=	-O2 -g -pipe
-+COPTS=	$(RPM_OPT_FLAGS)
- CFLAGS=	$(COPTS) $(CDEFS)
- 
- INSTALL= install
-diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index 5a44d30..63872eb 100644
---- a/pppd/Makefile.linux
-+++ b/pppd/Makefile.linux
-@@ -32,8 +32,7 @@ endif
- 
- CC = gcc
- #
--COPTS = -O2 -pipe -Wall -g
--LIBS =
-+COPTS = -Wall $(RPM_OPT_FLAGS)
- 
- # Uncomment the next 2 lines to include support for Microsoft's
- # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
-diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
-index 0a7ec7b..e09a369 100644
---- a/pppd/plugins/Makefile.linux
-+++ b/pppd/plugins/Makefile.linux
-@@ -1,5 +1,5 @@
- #CC	= gcc
--COPTS	= -O2 -g
-+COPTS	= $(RPM_OPT_FLAGS)
- CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
- LDFLAGS	= -shared
- INSTALL	= install
-diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
-index 20f62e6..5a81447 100644
---- a/pppd/plugins/pppoatm/Makefile.linux
-+++ b/pppd/plugins/pppoatm/Makefile.linux
-@@ -1,5 +1,5 @@
- #CC	= gcc
--COPTS	= -O2 -g
-+COPTS	= $(RPM_OPT_FLAGS)
- CFLAGS	= $(COPTS) -I../.. -I../../../include -fPIC
- LDFLAGS	= -shared
- INSTALL	= install
-diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
-index 24ed3e5..45b3b8d 100644
---- a/pppd/plugins/radius/Makefile.linux
-+++ b/pppd/plugins/radius/Makefile.linux
-@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
- INSTALL	= install
- 
- PLUGIN=radius.so radattr.so radrealms.so
--CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
-+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
- 
- # Uncomment the next line to include support for Microsoft's
- # MS-CHAP authentication protocol.
-diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
-index 5d7a271..352991a 100644
---- a/pppd/plugins/rp-pppoe/Makefile.linux
-+++ b/pppd/plugins/rp-pppoe/Makefile.linux
-@@ -25,7 +25,7 @@ INSTALL	= install
- # Version is set ONLY IN THE MAKEFILE!  Don't delete this!
- RP_VERSION=3.8p
- 
--COPTS=-O2 -g
-+COPTS=$(RPM_OPT_FLAGS)
- CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
- all: rp-pppoe.so pppoe-discovery
- 
-diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
-index ac028f6..d0a5032 100644
---- a/pppdump/Makefile.linux
-+++ b/pppdump/Makefile.linux
-@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
- BINDIR = $(DESTDIR)/sbin
- MANDIR = $(DESTDIR)/share/man/man8
- 
--CFLAGS= -O -I../include/net
-+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
- OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
- 
- INSTALL= install
-diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
-index cca6f0f..42aba73 100644
---- a/pppstats/Makefile.linux
-+++ b/pppstats/Makefile.linux
-@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
- PPPSTATOBJS = pppstats.o
- 
- #CC = gcc
--COPTS = -O
-+COPTS = $(RPM_OPT_FLAGS)
- COMPILE_FLAGS = -I../include
- LIBS =
- 
--- 
-1.8.3.1
-
diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
index 2513021b2..0fb028779 100644
--- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
+++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
@@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644
  	free(path);
  	errno = err;
 diff --git a/pppd/main.c b/pppd/main.c
-index 6d50d1b..4880377 100644
+index 87a5d29..152e4a2 100644
 --- a/pppd/main.c
 +++ b/pppd/main.c
-@@ -420,7 +420,7 @@ main(argc, argv)
+@@ -400,7 +400,7 @@ main(int argc, char *argv[])
  	die(0);
  
      /* Make sure fds 0, 1, 2 are open to somewhere. */
@@ -39,12 +39,12 @@ index 6d50d1b..4880377 100644
      if (fd_devnull < 0)
  	fatal("Couldn't open %s: %m", _PATH_DEVNULL);
      while (fd_devnull <= 2) {
-@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
+@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait)
      if (log_to_fd >= 0)
  	errfd = log_to_fd;
      else
--	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
-+	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
+-	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
++	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
  
      ++conn_running;
      pid = safe_fork(in, out, errfd);
diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
index 3475f09a8..fffda981d 100644
--- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
@@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
  pppd/plugins/pppoatm/pppoatm.c          |  2 +-
  pppd/plugins/pppol2tp/openl2tp.c        |  2 +-
  pppd/plugins/pppol2tp/pppol2tp.c        |  2 +-
- pppd/plugins/rp-pppoe/if.c              |  2 +-
- pppd/plugins/rp-pppoe/plugin.c          |  6 +++---
- pppd/plugins/rp-pppoe/pppoe-discovery.c |  2 +-
+ pppd/plugins/pppoe/if.c                 |  2 +-
+ pppd/plugins/pppoe/plugin.c             |  6 +++---
+ pppd/plugins/pppoe/pppoe-discovery.c    |  2 +-
  pppd/sys-linux.c                        | 10 +++++-----
  pppd/tty.c                              |  2 +-
  8 files changed, 14 insertions(+), 14 deletions(-)
@@ -53,10 +53,10 @@ index a7e3400..e64a778 100644
  		if (fd >= 0) {
  			memset (&ifr, '\0', sizeof (ifr));
  			strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
-diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
+diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
 index 91e9a57..72aba41 100644
---- a/pppd/plugins/rp-pppoe/if.c
-+++ b/pppd/plugins/rp-pppoe/if.c
+--- a/pppd/plugins/pppoe/if.c
++++ b/pppd/plugins/pppoe/if.c
 @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
      stype = SOCK_PACKET;
  #endif
@@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644
  	/* Give a more helpful message for the common error case */
  	if (errno == EPERM) {
  	    fatal("Cannot create raw socket -- pppoe must be run as root.");
-diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
+diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
 index a8c2bb4..24bdf8f 100644
---- a/pppd/plugins/rp-pppoe/plugin.c
-+++ b/pppd/plugins/rp-pppoe/plugin.c
+--- a/pppd/plugins/pppoe/plugin.c
++++ b/pppd/plugins/pppoe/plugin.c
 @@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
      /* server equipment).                                                  */
      /* Opening this socket just before waitForPADS in the discovery()      */
@@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644
  	r = 0;
      }
  
-diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
 index 3d3bf4e..c0d927d 100644
---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
-+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+--- a/pppd/plugins/pppoe/pppoe-discovery.c
++++ b/pppd/plugins/pppoe/pppoe-discovery.c
 @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
      stype = SOCK_PACKET;
  #endif
@@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644
      if (s < 0)
  	return 0;
  
-@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
-     int skfd;
-     const unsigned char *ptr;
- 
--    skfd = socket(PF_INET6, SOCK_DGRAM, 0);
-+    skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
-     if(skfd == -1)
-     {
-         warn("could not open IPv6 socket");
 diff --git a/pppd/tty.c b/pppd/tty.c
 index bc96695..8e76a5d 100644
 --- a/pppd/tty.c
diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
index 5127c1f10..1b36e8369 100644
--- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
+++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
@@ -1,7 +1,7 @@
-diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h
 index 9ab2eee..86762bd 100644
---- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
+--- a/pppd/plugins/pppoe/pppoe.h
++++ b/pppd/plugins/pppoe/pppoe.h
 @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
  #define STATE_TERMINATED    4
  
diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
index 633eb045a..686db9204 100644
--- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
+++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
@@ -1,6 +1,6 @@
-diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c
---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c	2014-08-09 14:31:39.000000000 +0200
-+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c	2017-02-09 08:45:12.567493723 +0100
+diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c
+--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c	2014-08-09 14:31:39.000000000 +0200
++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c	2017-02-09 08:45:12.567493723 +0100
 @@ -49,6 +49,8 @@
  #include <net/ethernet.h>
  #include <net/if_arp.h>
diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
deleted file mode 100644
index 858769f48..000000000
--- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-commit 8d7970b8f3db727fe798b65f3377fe6787575426
-Author: Paul Mackerras <paulus(a)ozlabs.org>
-Date:   Mon Feb 3 15:53:28 2020 +1100
-
-    pppd: Fix bounds check in EAP code
-    
-    Given that we have just checked vallen < len, it can never be the case
-    that vallen >= len + sizeof(rhostname).  This fixes the check so we
-    actually avoid overflowing the rhostname array.
-    
-    Reported-by: Ilja Van Sprundel <ivansprundel(a)ioactive.com>
-    Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org>
-
-diff --git a/pppd/eap.c b/pppd/eap.c
-index 94407f5..1b93db0 100644
---- a/pppd/eap.c
-+++ b/pppd/eap.c
-@@ -1420,7 +1420,7 @@ int len;
- 		}
- 
- 		/* Not so likely to happen. */
--		if (vallen >= len + sizeof (rhostname)) {
-+		if (len - vallen >= sizeof (rhostname)) {
- 			dbglog("EAP: trimming really long peer name down");
- 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
- 			rhostname[sizeof (rhostname) - 1] = '\0';
-@@ -1846,7 +1846,7 @@ int len;
- 		}
- 
- 		/* Not so likely to happen. */
--		if (vallen >= len + sizeof (rhostname)) {
-+		if (len - vallen >= sizeof (rhostname)) {
- 			dbglog("EAP: trimming really long peer name down");
- 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
- 			rhostname[sizeof (rhostname) - 1] = '\0';
diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
new file mode 100644
index 000000000..b36ace192
--- /dev/null
+++ b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
@@ -0,0 +1,15 @@
+--- ppp-2.4.9.orig/configure	2021-03-30 21:38:27.415735914 +0200
++++ ppp-2.4.9/configure	2021-04-01 19:10:48.632314447 +0200
+@@ -121,9 +121,9 @@
+     rm -f $2
+     if [ -f $1 ]; then
+ 	echo "  $2 <= $1"
+-	sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
+-	    -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
+-	    -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
++	sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \
++	    -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \
++	    -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2
+     fi
+ }
+ 
-- 
2.26.2

[PATCH 2/2] Tell pppd not to ask for IPv6 addresses during dial-up

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 1518 bytes --]

pppd 2.4.9 supports IPv6 and asks for an IPv6 configuration by default.
Setting the received prefix in the kernel will never work, however, as
the rest of IPFire 2.x does not support IPv6.

pppd notices the ISP about this, and at least Otenet (GR) and British
Telecom (several countries) decide to close a dial-up connection then.
German DTAG seems to ignore such errors silently.

This patch adds an option to the pppd call to prevent asking for an
IPv6 configuration, hence avoiding this errors.

To apply this patch, it is necessary to ship ppp 2.4.9 again. Since I
have no access to a testing machine behind an ISP supporting IPv6, this
patch unfortunately is untested.

Fixes: #12651

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 src/initscripts/networking/red | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red
index ca0a8ae58..56f8ebb66 100644
--- a/src/initscripts/networking/red
+++ b/src/initscripts/networking/red
@@ -410,7 +410,7 @@ case "${1}" in
 			### Standard PPP options we always use
 			#
 			PPP_STD_OPTIONS="$PLUGOPTS usepeerdns defaultroute noipdefault noauth"
-			PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach"
+			PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach noipv6"
 			PPP_STD_OPTIONS+=" noaccomp nodeflate nopcomp novj novjccomp"
 			PPP_STD_OPTIONS+=" nobsdcomp user ${USERNAME} lcp-echo-interval 20"
 			PPP_STD_OPTIONS+=" lcp-echo-failure 5 ${AUTH}"
-- 
2.26.2

Re: [PATCH 2/2] Tell pppd not to ask for IPv6 addresses during dial-up

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1794 bytes --]

Hello,

> On 7 Jul 2021, at 20:49, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> pppd 2.4.9 supports IPv6 and asks for an IPv6 configuration by default.
> Setting the received prefix in the kernel will never work, however, as
> the rest of IPFire 2.x does not support IPv6.
> 
> pppd notices the ISP about this, and at least Otenet (GR) and British
> Telecom (several countries) decide to close a dial-up connection then.
> German DTAG seems to ignore such errors silently.
> 
> This patch adds an option to the pppd call to prevent asking for an
> IPv6 configuration, hence avoiding this errors.
> 
> To apply this patch, it is necessary to ship ppp 2.4.9 again. Since I
> have no access to a testing machine behind an ISP supporting IPv6, this
> patch unfortunately is untested.

In general, but especially for such critical things, this is unacceptable.

Please look for someone who can test this.

> 
> Fixes: #12651
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> src/initscripts/networking/red | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red
> index ca0a8ae58..56f8ebb66 100644
> --- a/src/initscripts/networking/red
> +++ b/src/initscripts/networking/red
> @@ -410,7 +410,7 @@ case "${1}" in
> 			### Standard PPP options we always use
> 			#
> 			PPP_STD_OPTIONS="$PLUGOPTS usepeerdns defaultroute noipdefault noauth"
> -			PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach"
> +			PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach noipv6"
> 			PPP_STD_OPTIONS+=" noaccomp nodeflate nopcomp novj novjccomp"
> 			PPP_STD_OPTIONS+=" nobsdcomp user ${USERNAME} lcp-echo-interval 20"
> 			PPP_STD_OPTIONS+=" lcp-echo-failure 5 ${AUTH}"
> -- 
> 2.26.2

Re: [PATCH 2/2] Tell pppd not to ask for IPv6 addresses during dial-up

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 10881 bytes --]

Hello Michael,

thanks for your reply.

> Hello,
> 
>> On 7 Jul 2021, at 20:49, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>
>> pppd 2.4.9 supports IPv6 and asks for an IPv6 configuration by default.
>> Setting the received prefix in the kernel will never work, however, as
>> the rest of IPFire 2.x does not support IPv6.
>>
>> pppd notices the ISP about this, and at least Otenet (GR) and British
>> Telecom (several countries) decide to close a dial-up connection then.
>> German DTAG seems to ignore such errors silently.
>>
>> This patch adds an option to the pppd call to prevent asking for an
>> IPv6 configuration, hence avoiding this errors.
>>
>> To apply this patch, it is necessary to ship ppp 2.4.9 again. Since I
>> have no access to a testing machine behind an ISP supporting IPv6, this
>> patch unfortunately is untested.
> 
> In general, but especially for such critical things, this is unacceptable.

Full ACK.

> Please look for someone who can test this.

Well, with a high level of confidence, I can tell this patch does the job, since
pppd's debug log show it is not asking for an IPv6 configuration afterwards.

A PPPoE connection attempt to my ISP looks like this running pppd 2.4.9 before applying this patch:

Jul 10 22:XX:XX maverick pppd[22492]: Plugin rp-pppoe.so loaded.
Jul 10 22:XX:XX maverick pppd[22492]: PPPoE plugin from pppd 2.4.9
Jul 10 22:XX:XX maverick pppd[22492]: pppd 2.4.9 started by root, uid 0
Jul 10 22:XX:XX maverick pppd[22492]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Jul 10 22:XX:XX maverick pppd[22492]:  dst ff:ff:ff:ff:ff:ff  src REDACTED
Jul 10 22:XX:XX maverick pppd[22492]:  [service-name] [host-uniq  dc 57 00 00]
Jul 10 22:XX:XX maverick pppd[22492]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 30
Jul 10 22:XX:XX maverick pppd[22492]:  dst REDACTED  src REDACTED
Jul 10 22:XX:XX maverick pppd[22492]:  [service-name] [host-uniq  dc 57 00 00] [AC-name REDACTED]
Jul 10 22:XX:XX maverick pppd[22492]: Send PPPOE Discovery V1T1 PADR session 0x0 length 12
Jul 10 22:XX:XX maverick pppd[22492]:  dst REDACTED  src REDACTED
Jul 10 22:XX:XX maverick pppd[22492]:  [service-name] [host-uniq  dc 57 00 00]
Jul 10 22:XX:XX maverick pppd[22492]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 30
Jul 10 22:XX:XX maverick pppd[22492]:  dst REDACTED  src REDACTED
Jul 10 22:XX:XX maverick pppd[22492]:  [service-name] [host-uniq  dc 57 00 00] [AC-name REDACTED]
Jul 10 22:XX:XX maverick pppd[22492]: Recv PPPOE Discovery V1T1 PADS session 0xe9b3 length 12
Jul 10 22:XX:XX maverick pppd[22492]:  dst REDACTED  src REDACTED
Jul 10 22:XX:XX maverick pppd[22492]:  [service-name] [host-uniq  dc 57 00 00]
Jul 10 22:XX:XX maverick pppd[22492]: PADS: Service-Name: ''
Jul 10 22:XX:XX maverick pppd[22492]: PPP session is REDACTED
Jul 10 22:XX:XX maverick pppd[22492]: Connected to REDACTED via interface red0.7
Jul 10 22:XX:XX maverick pppd[22492]: using channel 2
Jul 10 22:XX:XX maverick pppd[22492]: Using interface ppp0
Jul 10 22:XX:XX maverick pppd[22492]: Connect: ppp0 <--> red0.7
Jul 10 22:XX:XX maverick pppd[22492]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xc15c2203>]
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xc15c2203>]
Jul 10 22:XX:XX maverick pppd[22492]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xc15c2203>]
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xc15c2203>]
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [LCP ConfReq id=0x2 <mru 1492> <auth pap> <magic 0xc2d6cfac>]
Jul 10 22:XX:XX maverick pppd[22492]: sent [LCP ConfAck id=0x2 <mru 1492> <auth pap> <magic 0xc2d6cfac>]
Jul 10 22:XX:XX maverick pppd[22492]: sent [LCP EchoReq id=0x0 magic=0xc15c2203]
Jul 10 22:XX:XX maverick pppd[22492]: sent [PAP AuthReq id=0x1 user="REDACTED" password=<hidden>]
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [LCP EchoRep id=0x0 magic=0xc2d6cfac]
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [PAP AuthAck id=0x1 ""]
Jul 10 22:XX:XX maverick pppd[22492]: PAP authentication succeeded
Jul 10 22:XX:XX maverick pppd[22492]: peer from calling number REDACTED authorized
Jul 10 22:XX:XX maverick pppd[22492]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Jul 10 22:XX:XX maverick pppd[22492]: sent [IPV6CP ConfReq id=0x1 <addr fe80::REDACTED>]					<<<<<
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [IPCP ConfReq id=0x1 <addr REDACTED>]
Jul 10 22:XX:XX maverick pppd[22492]: sent [IPCP ConfAck id=0x1 <addr REDACTED>]
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [LCP ProtRej id=0x1 80 57 01 01 00 0e 01 0a 6c 99 70 54 2e ec 75 2f]			<<<<<
Jul 10 22:XX:XX maverick pppd[22492]: Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received				<<<<<
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [IPCP ConfNak id=0x1 <addr REDACTED> <ms-dns1 REDACTED> <ms-dns2 REDACTED>]
Jul 10 22:XX:XX maverick pppd[22492]: sent [IPCP ConfReq id=0x2 <addr REDACTED> <ms-dns1 REDACTED> <ms-dns2 REDACTED>]
Jul 10 22:XX:XX maverick pppd[22492]: rcvd [IPCP ConfAck id=0x2 <addr REDACTED> <ms-dns1 REDACTED> <ms-dns2 REDACTED>]
Jul 10 22:XX:XX maverick pppd[22492]: local  IP address REDACTED
Jul 10 22:XX:XX maverick pppd[22492]: remote IP address REDACTED
Jul 10 22:XX:XX maverick pppd[22492]: primary   DNS address REDACTED
Jul 10 22:XX:XX maverick pppd[22492]: secondary DNS address REDACTED
Jul 10 22:XX:XX maverick pppd[22492]: Script /etc/ppp/ip-up started (pid 22541)
Jul 10 22:XX:XX maverick pppd[22492]: Script /etc/ppp/ip-up finished (pid 22541), status = 0x0

After applying this patch, these log lines are missing:

Jul 10 22:XX:XX maverick pppd[26870]: Plugin rp-pppoe.so loaded.
Jul 10 22:XX:XX maverick pppd[26870]: PPPoE plugin from pppd 2.4.9
Jul 10 22:XX:XX maverick pppd[26870]: pppd 2.4.9 started by root, uid 0
Jul 10 22:XX:XX maverick pppd[26870]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Jul 10 22:XX:XX maverick pppd[26870]:  dst ff:ff:ff:ff:ff:ff  src REDACTED
Jul 10 22:XX:XX maverick pppd[26870]:  [service-name] [host-uniq  f6 68 00 00]
Jul 10 22:XX:XX maverick pppd[26870]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 30
Jul 10 22:XX:XX maverick pppd[26870]:  dst REDACTED  src REDACTED
Jul 10 22:XX:XX maverick pppd[26870]:  [service-name] [host-uniq  f6 68 00 00] [AC-name REDACTED]
Jul 10 22:XX:XX maverick pppd[26870]: Send PPPOE Discovery V1T1 PADR session 0x0 length 12
Jul 10 22:XX:XX maverick pppd[26870]:  dst REDACTED  src REDACTED
Jul 10 22:XX:XX maverick pppd[26870]:  [service-name] [host-uniq  f6 68 00 00]
Jul 10 22:XX:XX maverick pppd[26870]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 30
Jul 10 22:XX:XX maverick pppd[26870]:  dst REDACTED  src REDACTED
Jul 10 22:XX:XX maverick pppd[26870]:  [service-name] [host-uniq  f6 68 00 00] [AC-name REDACTED]
Jul 10 22:XX:XX maverick pppd[26870]: Recv PPPOE Discovery V1T1 PADS session 0xba2c length 12
Jul 10 22:XX:XX maverick pppd[26870]:  dst REDACTED  src REDACTED
Jul 10 22:XX:XX maverick pppd[26870]:  [service-name] [host-uniq  f6 68 00 00]
Jul 10 22:XX:XX maverick pppd[26870]: PADS: Service-Name: ''
Jul 10 22:XX:XX maverick pppd[26870]: PPP session is REDACTED
Jul 10 22:XX:XX maverick pppd[26870]: Connected to REDACTED via interface red0.7
Jul 10 22:XX:XX maverick pppd[26870]: using channel 3
Jul 10 22:XX:XX maverick pppd[26870]: Using interface ppp0
Jul 10 22:XX:XX maverick pppd[26870]: Connect: ppp0 <--> red0.7
Jul 10 22:XX:XX maverick pppd[26870]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xeeb8dc98>]
Jul 10 22:XX:XX maverick pppd[26870]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xeeb8dc98>]
Jul 10 22:XX:XX maverick pppd[26870]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xeeb8dc98>]
Jul 10 22:XX:XX maverick pppd[26870]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xeeb8dc98>]
Jul 10 22:XX:XX maverick pppd[26870]: rcvd [LCP ConfReq id=0x2 <mru 1492> <auth pap> <magic 0xd72b5643>]
Jul 10 22:XX:XX maverick pppd[26870]: sent [LCP ConfAck id=0x2 <mru 1492> <auth pap> <magic 0xd72b5643>]
Jul 10 22:XX:XX maverick pppd[26870]: sent [LCP EchoReq id=0x0 magic=0xeeb8dc98]
Jul 10 22:XX:XX maverick pppd[26870]: sent [PAP AuthReq id=0x1 user="REDACTED" password=<hidden>]
Jul 10 22:XX:XX maverick pppd[26870]: rcvd [PAP AuthAck id=0x1 ""]
Jul 10 22:XX:XX maverick pppd[26870]: PAP authentication succeeded
Jul 10 22:XX:XX maverick pppd[26870]: peer from calling number REDACTED authorized
Jul 10 22:XX:XX maverick pppd[26870]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Jul 10 22:XX:XX maverick pppd[26870]: rcvd [IPCP ConfReq id=0x1 <addr REDACTED>]
Jul 10 22:XX:XX maverick pppd[26870]: sent [IPCP ConfAck id=0x1 <addr REDACTED>]
Jul 10 22:XX:XX maverick pppd[26870]: rcvd [IPCP ConfNak id=0x1 <addr REDACTED> <ms-dns1 REDACTED> <ms-dns2 REDACTED>]
Jul 10 22:XX:XX maverick pppd[26870]: sent [IPCP ConfReq id=0x2 <addr REDACTED> <ms-dns1 REDACTED> <ms-dns2 REDACTED>]
Jul 10 22:XX:XX maverick pppd[26870]: rcvd [IPCP ConfAck id=0x2 <addr REDACTED> <ms-dns1 REDACTED> <ms-dns2 REDACTED>]
Jul 10 22:XX:XX maverick pppd[26870]: local  IP address REDACTED
Jul 10 22:XX:XX maverick pppd[26870]: remote IP address REDACTED
Jul 10 22:XX:XX maverick pppd[26870]: primary   DNS address REDACTED
Jul 10 22:XX:XX maverick pppd[26870]: secondary DNS address REDACTED
Jul 10 22:XX:XX maverick pppd[26870]: Script /etc/ppp/ip-up started (pid 26919)
Jul 10 22:XX:XX maverick pppd[26870]: Script /etc/ppp/ip-up finished (pid 26919), status = 0x0

Basically, this debug looks looks pretty much the same as it did with pppd 2.4.8 before.

While this is not a really authenticate test case, would you accept it as being sufficient?
If not, I would write a short "call for testers" mail and seek for people sitting behind
Otenet or British Telecom.

Thanks, and best regards,
Peter Müller 

> 
>>
>> Fixes: #12651
>>
>> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
>> ---
>> src/initscripts/networking/red | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red
>> index ca0a8ae58..56f8ebb66 100644
>> --- a/src/initscripts/networking/red
>> +++ b/src/initscripts/networking/red
>> @@ -410,7 +410,7 @@ case "${1}" in
>> 			### Standard PPP options we always use
>> 			#
>> 			PPP_STD_OPTIONS="$PLUGOPTS usepeerdns defaultroute noipdefault noauth"
>> -			PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach"
>> +			PPP_STD_OPTIONS+=" default-asyncmap hide-password nodetach noipv6"
>> 			PPP_STD_OPTIONS+=" noaccomp nodeflate nopcomp novj novjccomp"
>> 			PPP_STD_OPTIONS+=" nobsdcomp user ${USERNAME} lcp-echo-interval 20"
>> 			PPP_STD_OPTIONS+=" lcp-echo-failure 5 ${AUTH}"
>> -- 
>> 2.26.2
> 

Call for testers: pppd 2.4.9 without IPv6 configuration, solving bug #12651

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 3459 bytes --]

Hello development folks,

in order to get bug #12651 fixed, there is a patchset (https://patchwork.ipfire.org/project/ipfire/list/?series=2186)
available, telling pppd not to ask for IPv6 configuration while dial-up, since at least British Telecom and
Otenet seem to terminate a dial-up connection in case the peer fails to apply the IPv6 configuration, albeit
IPv4 is working properly.

(For the records: A lengthy and fruitful discussion also took place at community.ipfire.org:
https://community.ipfire.org/t/core-update-157-pppd-tries-to-fetch-an-ipv6-configuration-despite-it-shouldnt-causing-dial-up-connections-to-be-terminated-by-some-isps/5654)

To ensure this patchset is actually solving #12651 without introducing any further issues, I hereby ask people
having an IPFire machine running behind one of these two ISPs to test and report feedback here, or in Bugzilla
(preferred).

Therefore, a precompiled pppd 2.4.9 is available at https://people.ipfire.org/~pmueller/ppp-2.4.9-noipv6.tar.gz,
including its libraries and the patched initscript for networking on RED.

Please download this .tar.gz, and verify its SHA512 checksum first. It should look like this:

> $ sha512sum ppp-2.4.9-noipv6.tar.gz
> 2c713a4517cbb9370fff6066c482451b759ccfa909e155ed07230eaa2adcb03217c4168c317ea376c5154f8e3b4464e9477c65ab996d5007e05f12d55914fe86  ppp-2.4.9-noipv6.tar.gz

Afterwards, please copy this archive onto your (testing) IPFire machine. Stop the running pppd first (this might take
a few seconds), and backup its executable and the networking initscript:

> $ /etc/rc.d/init.d/network stop red
> $ cp /usr/sbin/pppd /root/pppd-2.4.8.orig
> $ cp /etc/rc.d/init.d/networking/red /root/red.orig

Afterwards, unpack the .tar.gz, preserving file system attributes and writing the contents directly into /:

> $ tar -xavf ppp-2.4.9-noipv6.tar.gz --acls --xattrs --xattrs-include='*' --no-overwrite-dir --preserve-permissions --numeric-owner -C /

Verify the pppd binary to be in place and operational (should return "pppd version 2.4.9"):

> $ /usr/sbin/pppd --version

Start dial-up procedure using pppd 2.4.9 without IPv6 configuration enabled again (might also take a few seconds):

> $ /etc/rc.d/init.d/network start red

Afterwards, your IPFire machine should have a stable dial-up connection to your ISP again.

> $ ps aux | grep pppd | grep noipv6

should return the process command line of pppd, being invoked with "noipv6". In addition, "IPV6CP" must _not_ show
up in /var/log/messages anymore after running the dial-up procedure with pppd 2.4.9 in place.

Please report back if this works like described above. Especially report back in case of any errors, side effects,
or things behaving strangely afterwards. Your feedback is important to ensure we can safely ship pppd 2.4.9 without
breaking anything else.

Thank you very much in advance.

Thanks, and best regards,
Peter Müller

P.S.: Although this might sound like a contradiction: Please do not download and run any 3rd party software on your
IPFire machine, especially not in productive environments (see also: https://community.ipfire.org/t/how-to-compromise-your-ipfire-system-in-two-easy-steps/5652)
This case is a bit different, since the download source is the IPFire project infrastructure itself, and ppp is so critical
we cannot simply throw it into the testing tree, risking to break peoples' internet connectivity. :-/