initial package creation

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
3 years ago · 1669fdb0cd
29 changed files with 2969 additions and 0 deletions
--- a/SOURCES/0004-doc-add-configuration-samples.patch
+++ b/SOURCES/0004-doc-add-configuration-samples.patch
@ -0,0 +1,341 @@
				@@ -0,0 +1,341 @@
+From d7faeb88f684c8b2ae193b2c5b5b358ac757fcfa Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Fri, 4 Apr 2014 11:39:09 +0200
+Subject: [PATCH 04/27] doc: add configuration samples
+
+---
+ sample/auth-down     |  17 ++++++
+ sample/auth-up       |  17 ++++++
+ sample/ip-down       |  22 ++++++++
+ sample/ip-up         |  23 ++++++++
+ sample/options       | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ sample/options.ttyXX |  14 +++++
+ sample/pap-secrets   |  28 ++++++++++
+ 7 files changed, 274 insertions(+)
+ create mode 100644 sample/auth-down
+ create mode 100644 sample/auth-up
+ create mode 100644 sample/ip-down
+ create mode 100644 sample/ip-up
+ create mode 100644 sample/options
+ create mode 100644 sample/options.ttyXX
+ create mode 100644 sample/pap-secrets
+
+diff --git a/sample/auth-down b/sample/auth-down
+new file mode 100644
+index 0000000..edde65d
+--- /dev/null
+++ b/sample/auth-down
+@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# A program or script which is executed after the remote system
+# successfully authenticates itself. It is executed with the parameters
+# <interface-name> <peer-name> <user-name> <tty-device> <speed>
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+echo auth-down `date +'%y/%m/%d %T'` $* >> /var/log/pppstats
+
+# last line
+diff --git a/sample/auth-up b/sample/auth-up
+new file mode 100644
+index 0000000..54722a3
+--- /dev/null
+++ b/sample/auth-up
+@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# A program or script which is executed after the remote system
+# successfully authenticates itself. It is executed with the parameters
+# <interface-name> <peer-name> <user-name> <tty-device> <speed>
+#
+
+#
+# The environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+echo auth-up `date +'%y/%m/%d %T'` $* >> /var/log/pppstats
+
+# last line
+diff --git a/sample/ip-down b/sample/ip-down
+new file mode 100644
+index 0000000..b771fb6
+--- /dev/null
+++ b/sample/ip-down
+@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# This script is run by the pppd _after_ the link is brought down.
+# It should be used to delete routes, unset IP addresses etc.
+#
+# This script is called with the following arguments:
+#    Arg  Name               Example
+#    $1   Interface name     ppp0
+#    $2   The tty            ttyS1
+#    $3   The link speed     38400
+#    $4   Local IP number    12.34.56.78
+#    $5   Peer  IP number    12.34.56.99
+#
+
+#
+# The  environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+# last line
+diff --git a/sample/ip-up b/sample/ip-up
+new file mode 100644
+index 0000000..7ce7c8d
+--- /dev/null
+++ b/sample/ip-up
+@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# This script is run by the pppd after the link is established.
+# It should be used to add routes, set IP address, run the mailq
+# etc.
+#
+# This script is called with the following arguments:
+#    Arg  Name               Example
+#    $1   Interface name     ppp0
+#    $2   The tty            ttyS1
+#    $3   The link speed     38400
+#    $4   Local IP number    12.34.56.78
+#    $5   Peer  IP number    12.34.56.99
+#
+
+#
+# The  environment is cleared before executing this script
+# so the path must be reset
+#
+PATH=/usr/sbin:/sbin:/usr/bin:/bin
+export PATH
+
+# last line
+diff --git a/sample/options b/sample/options
+new file mode 100644
+index 0000000..8d0a3f9
+--- /dev/null
+++ b/sample/options
+@@ -0,0 +1,153 @@
+# /etc/ppp/options
+
+# The name of this server. Often, the FQDN is used here.
+#name <host>
+
+# Enforce the use of the hostname as the name of the local system for
+# authentication purposes (overrides the name option).
+usehostname
+
+# If no local IP address is given, pppd will use the first IP address
+# that belongs to the local hostname. If "noipdefault" is given, this
+# is disabled and the peer will have to supply an IP address.
+noipdefault
+
+# With this option, pppd will accept the peer's idea of our local IP
+# address, even if the local IP address was specified in an option.
+#ipcp-accept-local
+
+# With this option, pppd will accept the peer's idea of its (remote) IP
+# address, even if the remote IP address was specified in an option.
+#ipcp-accept-remote
+
+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
+# Two Servers can be remotely configured
+#ms-dns 192.168.1.1
+#ms-dns 192.168.1.2
+
+# Specify which WINS Servers the incoming connection Win95 or WinNT should use
+#wins-addr 192.168.1.50
+#wins-addr 192.168.1.51
+
+# enable this on a server that already has a permanent default route
+#nodefaultroute
+
+# Run the executable or shell command specified after pppd has terminated
+# the link.  This script could, for example, issue commands to the modem
+# to cause it to hang up if hardware modem control signals were not
+# available.
+# If mgetty is running, it will reset the modem anyway. So there is no need
+# to do it here.
+#disconnect "chat -- \d+++\d\c OK ath0 OK"
+
+# Increase debugging level (same as -d). The debug output is written
+# to syslog LOG_LOCAL2.
+debug
+
+# Enable debugging code in the kernel-level PPP driver.  The argument n
+# is a number which is the sum of the following values: 1 to enable
+# general debug messages, 2 to request that the contents of received
+# packets be printed, and 4 to request that the contents of transmitted
+# packets be printed.
+#kdebug n
+
+# Require the peer to authenticate itself before allowing network
+# packets to be sent or received.
+# Please do not disable this setting. It is expected to be standard in
+# future releases of pppd. Use the call option (see manpage) to disable
+# authentication for specific peers.
+#auth
+
+# authentication can either be pap or chap. As most people only want to
+# use pap, you can also disable chap:
+#require-pap
+#refuse-chap
+
+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+# on the serial port.
+crtscts
+
+# Specifies that pppd should use a UUCP-style lock on the serial device
+# to ensure exclusive access to the device.
+lock
+
+# Use the modem control lines.
+modem
+
+# async character map -- 32-bit hex; each bit is a character
+# that needs to be escaped for pppd to receive it.  0x00000001
+# represents '\x01', and 0x80000000 represents '\x1f'.
+# To allow pppd to work over a rlogin/telnet connection, ou should escape
+# XON (^Q), XOFF  (^S) and ^]: (The peer should use "escape ff".)
+#asyncmap  200a0000
+asyncmap 0
+
+# Specifies that certain characters should be escaped on transmission
+# (regardless of whether the peer requests them to be escaped with its
+# async control character map).  The characters to be escaped are
+# specified as a list of hex numbers separated by commas.  Note that
+# almost any character can be specified for the escape option, unlike
+# the asyncmap option which only allows control characters to be
+# specified.  The characters which may not be escaped are those with hex
+# values 0x20 - 0x3f or 0x5e.
+#escape 11,13,ff
+
+# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
+# will ask the peer to send packets of no more than <n> bytes. The
+# minimum MRU value is 128.  The default MRU value is 1500.  A value of
+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
+# bytes of data).
+#mru 542
+
+# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
+# requests a smaller value via MRU negotiation, pppd will request that
+# the kernel networking code send data packets of no more than n bytes
+# through the PPP network interface.
+#mtu <n>
+
+# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+# notation (e.g. 255.255.255.0).
+#netmask 255.255.255.0
+
+# Don't fork to become a background process (otherwise pppd will do so
+# if a serial device is specified).
+nodetach
+
+# Set the assumed name of the remote system for authentication purposes
+# to <n>.
+#remotename <n>
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system. {proxyarp,noproxyarp}
+proxyarp
+
+# Use the system password database for authenticating the peer using
+# PAP. Note: mgetty already provides this option. If this is specified
+# then dialin from users using a script under Linux to fire up ppp wont work.
+#login
+
+# If this option is given, pppd will send an LCP echo-request frame to
+# the peer every n seconds. Under Linux, the echo-request is sent when
+# no packets have been received from the peer for n seconds. Normally
+# the peer should respond to the echo-request by sending an echo-reply.
+# This option can be used with the lcp-echo-failure option to detect
+# that the peer is no longer connected.
+lcp-echo-interval 30
+
+# If this option is given, pppd will presume the peer to be dead if n
+# LCP echo-requests are sent without receiving a valid LCP echo-reply.
+# If this happens, pppd will terminate the connection.  Use of this
+# option requires a non-zero value for the lcp-echo-interval parameter.
+# This option can be used to enable pppd to terminate after the physical
+# connection has been broken (e.g., the modem has hung up) in
+# situations where no hardware modem control lines are available.
+lcp-echo-failure 4
+
+# Specifies that pppd should disconnect if the link is idle for n seconds.
+idle 600
+
+# Disable the IPXCP and IPX protocols.
+noipx
+
+# ---<End of File>---
+diff --git a/sample/options.ttyXX b/sample/options.ttyXX
+new file mode 100644
+index 0000000..d4202f5
+--- /dev/null
+++ b/sample/options.ttyXX
+@@ -0,0 +1,14 @@
+# If you need to set up multiple serial lines then copy this file to
+# options.<ttyname> for each tty with a modem on it.
+#
+# The options.tty file will assign an IP address to each PPP connection
+# as it comes up. They must all be distinct!
+#
+# Example:
+# options.ttyS1		for com2 under DOS.
+#
+# Edit the following line so that the first IP address
+# mentioned is the ip address of the serial port while the second
+# is the IP address of your host
+#
+hostname-s1:hostname
+diff --git a/sample/pap-secrets b/sample/pap-secrets
+new file mode 100644
+index 0000000..098971b
+--- /dev/null
+++ b/sample/pap-secrets
+@@ -0,0 +1,28 @@
+# Secrets for authentication using PAP
+# client	server	secret			IP addresses
+
+# OUTBOUND CONNECTIONS
+# Here you should add your userid password to connect to your providers via
+# pap. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+#hostname	*	password
+
+# INBOUND CONNECTIONS
+#client		hostname	<password>	192.168.1.1
+
+# If you add "auth login -chap +pap" to /etc/mgetty+sendfax/login.config,
+# all users in /etc/passwd can use their password for pap-authentication.
+#
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+#*	hostname	""
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd! Replace hostname
+# with your local hostname.
+#guest		hostname	"*"	-
+#master		hostname	"*"	-
+#root		hostname	"*"	-
+#support	hostname	"*"	-
+#stats		hostname	"*"	-
+-- 
+1.8.3.1
+
--- a/SOURCES/0006-scritps-use-change_resolv_conf-function.patch
+++ b/SOURCES/0006-scritps-use-change_resolv_conf-function.patch
@ -0,0 +1,85 @@
				@@ -0,0 +1,85 @@
+From 01419dfb684d501b57f1c24dcfdbcf9da93ccca2 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Fri, 4 Apr 2014 18:12:47 +0200
+Subject: [PATCH 06/27] scritps: use change_resolv_conf function
+
+Don't handle /etc/resolv.conf manually, but use a helper function from
+initscripts. Also change path where we save DNS servers supplied by peer while
+we are at it.
+
+Resolves: #132482
+---
+ pppd/pppd.8               |  2 +-
+ scripts/ip-down.local.add |  9 +++++----
+ scripts/ip-up.local.add   | 17 ++++++++++-------
+ 3 files changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/pppd/pppd.8 b/pppd/pppd.8
+index e2768b1..2dd6e1a 100644
+--- a/pppd/pppd.8
+++ b/pppd/pppd.8
+@@ -1099,7 +1099,7 @@ Ask the peer for up to 2 DNS server addresses.  The addresses supplied
+ by the peer (if any) are passed to the /etc/ppp/ip\-up script in the
+ environment variables DNS1 and DNS2, and the environment variable
+ USEPEERDNS will be set to 1.  In addition, pppd will create an
+-/etc/ppp/resolv.conf file containing one or two nameserver lines with
+/var/run/ppp/resolv.conf file containing one or two nameserver lines with
+ the address(es) supplied by the peer.
+ .TP
+ .B user \fIname
+diff --git a/scripts/ip-down.local.add b/scripts/ip-down.local.add
+index b93590e..163f71e 100644
+--- a/scripts/ip-down.local.add
+++ b/scripts/ip-down.local.add
+@@ -9,12 +9,13 @@
+ #
+ # Nick Walker (nickwalker@email.com)
+ #
+. /etc/sysconfig/network-scripts/network-functions
+ 
+-if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
+-	if [ -f /etc/ppp/resolv.prev ]; then
+-		cp -f /etc/ppp/resolv.prev /etc/resolv.conf
+if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
+	if [ -f /var/run/ppp/resolv.prev ]; then
+		change_resolv_conf /var/run/ppp/resolv.prev
+ 	else
+-		rm -f /etc/resolv.conf
+		change_resolv_conf
+ 	fi
+ fi
+ 
+diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
+index 8017209..26cf5f8 100644
+--- a/scripts/ip-up.local.add
+++ b/scripts/ip-up.local.add
+@@ -9,16 +9,19 @@
+ #
+ # Nick Walker (nickwalker@email.com)
+ #
+. /etc/sysconfig/network-scripts/network-functions
+ 
+-if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then
+-	rm -f /etc/ppp/resolv.prev
+if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
+	rm -f /var/run/ppp/resolv.prev
+ 	if [ -f /etc/resolv.conf ]; then
+-		cp /etc/resolv.conf /etc/ppp/resolv.prev
+-		grep domain /etc/ppp/resolv.prev > /etc/resolv.conf
+-		grep search /etc/ppp/resolv.prev >> /etc/resolv.conf
+-		cat /etc/ppp/resolv.conf >> /etc/resolv.conf
+		cp /etc/resolv.conf /var/run/ppp/resolv.prev
+		rscf=/var/run/ppp/resolv.new
+		grep domain /var/run/ppp/resolv.prev > $rscf
+		grep search /var/run/ppp/resolv.prev >> $rscf
+		change_resolv_conf $rscf
+		rm -f $rscf
+ 	else
+-		cp /etc/ppp/resolv.conf /etc
+		change_resolv_conf /var/run/ppp/resolv.conf
+ 	fi
+ fi
+ 
+-- 
+1.8.3.1
+
--- a/SOURCES/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
+++ b/SOURCES/0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
@ -0,0 +1,77 @@
				@@ -0,0 +1,77 @@
+From b4ef433be936c90e356da7a590b032cdee219a3f Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Fri, 4 Apr 2014 19:06:05 +0200
+Subject: [PATCH 11/27] build-sys: don't put connect-errors log to /etc/ppp/
+
+Resolves: #118837
+---
+ chat/chat.8        | 2 +-
+ linux/Makefile.top | 8 +++++++-
+ pppd/pathnames.h   | 4 ++--
+ 3 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/chat/chat.8 b/chat/chat.8
+index 6d10836..78d6939 100644
+--- a/chat/chat.8
+++ b/chat/chat.8
+@@ -200,7 +200,7 @@ The \fBSAY\fR directive allows the script to send strings to the user
+ at the terminal via standard error.  If \fBchat\fR is being run by
+ pppd, and pppd is running as a daemon (detached from its controlling
+ terminal), standard error will normally be redirected to the file
+-/etc/ppp/connect\-errors.
+/var/log/ppp/connect\-errors.
+ .LP
+ \fBSAY\fR strings must be enclosed in single or double quotes. If
+ carriage return and line feed are needed in the string to be output,
+diff --git a/linux/Makefile.top b/linux/Makefile.top
+index f63d45e..f42efd5 100644
+--- a/linux/Makefile.top
+++ b/linux/Makefile.top
+@@ -5,6 +5,8 @@ BINDIR = $(DESTDIR)/sbin
+ INCDIR = $(DESTDIR)/include
+ MANDIR = $(DESTDIR)/share/man
+ ETCDIR = $(INSTROOT)@SYSCONF@/ppp
+RUNDIR = $(DESTDIR)/var/run/ppp
+LOGDIR = $(DESTDIR)/var/log/ppp
+ 
+ # uid 0 = root
+ INSTALL= install
+@@ -16,7 +18,7 @@ all:
+ 	cd pppstats; $(MAKE) $(MFLAGS) all
+ 	cd pppdump; $(MAKE) $(MFLAGS) all
+ 
+-install: $(BINDIR) $(MANDIR)/man8 install-progs install-devel
+install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel
+ 
+ install-progs:
+ 	cd chat; $(MAKE) $(MFLAGS) install
+@@ -44,6 +46,10 @@ $(MANDIR)/man8:
+ 	$(INSTALL) -d -m 755 $@
+ $(ETCDIR):
+ 	$(INSTALL) -d -m 755 $@
+$(RUNDIR):
+	$(INSTALL) -d -m 755 $@
+$(LOGDIR):
+	$(INSTALL) -d -m 755 $@
+ 
+ clean:
+ 	rm -f `find . -name '*.[oas]' -print`
+diff --git a/pppd/pathnames.h b/pppd/pathnames.h
+index a427cb8..bef3160 100644
+--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
+@@ -28,9 +28,9 @@
+ #define _PATH_AUTHUP	 _ROOT_PATH "/etc/ppp/auth-up"
+ #define _PATH_AUTHDOWN	 _ROOT_PATH "/etc/ppp/auth-down"
+ #define _PATH_TTYOPT	 _ROOT_PATH "/etc/ppp/options."
+-#define _PATH_CONNERRS	 _ROOT_PATH "/etc/ppp/connect-errors"
+#define _PATH_CONNERRS	 _ROOT_PATH "/var/log/ppp/connect-errors"
+ #define _PATH_PEERFILES	 _ROOT_PATH "/etc/ppp/peers/"
+-#define _PATH_RESOLV	 _ROOT_PATH "/etc/ppp/resolv.conf"
+#define _PATH_RESOLV	 _ROOT_PATH "/var/run/ppp/resolv.conf"
+ 
+ #define _PATH_USEROPT	 ".ppprc"
+ #define	_PATH_PSEUDONYM	 ".ppp_pseudonym"
+-- 
+1.8.3.1
+
--- a/SOURCES/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+++ b/SOURCES/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
@ -0,0 +1,149 @@
				@@ -0,0 +1,149 @@
+diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
+index d693350..c31bb34 100644
+--- a/pppd/plugins/pppoatm/pppoatm.c
+++ b/pppd/plugins/pppoatm/pppoatm.c
+@@ -135,7 +135,7 @@ static int connect_pppoatm(void)
+ 
+ 	if (!device_got_set)
+ 		no_device_given_pppoatm();
+-	fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
+	fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ 	if (fd < 0)
+ 		fatal("failed to create socket: %m");
+ 	memset(&qos, 0, sizeof qos);
+diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
+index 9643b96..1099575 100644
+--- a/pppd/plugins/pppol2tp/openl2tp.c
+++ b/pppd/plugins/pppol2tp/openl2tp.c
+@@ -83,7 +83,7 @@ static int openl2tp_client_create(void)
+ 	int result;
+ 
+ 	if (openl2tp_fd < 0) {
+-		openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
+		openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ 		if (openl2tp_fd < 0) {
+ 			error("openl2tp connection create: %m");
+ 			return -ENOTCONN;
+diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
+index a7e3400..e64a778 100644
+--- a/pppd/plugins/pppol2tp/pppol2tp.c
+++ b/pppd/plugins/pppol2tp/pppol2tp.c
+@@ -208,7 +208,7 @@ static void send_config_pppol2tp(int mtu,
+ 		struct ifreq ifr;
+ 		int fd;
+ 
+-		fd = socket(AF_INET, SOCK_DGRAM, 0);
+		fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ 		if (fd >= 0) {
+ 			memset (&ifr, '\0', sizeof (ifr));
+ 			strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
+index 91e9a57..72aba41 100644
+--- a/pppd/plugins/pppoe/if.c
+++ b/pppd/plugins/pppoe/if.c
+@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
+     stype = SOCK_PACKET;
+ #endif
+ 
+-    if ((fd = socket(domain, stype, htons(type))) < 0) {
+    if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ 	/* Give a more helpful message for the common error case */
+ 	if (errno == EPERM) {
+ 	    fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
+index a8c2bb4..24bdf8f 100644
+--- a/pppd/plugins/pppoe/plugin.c
+++ b/pppd/plugins/pppoe/plugin.c
+@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
+     /* server equipment).                                                  */
+     /* Opening this socket just before waitForPADS in the discovery()      */
+     /* function would be more appropriate, but it would mess-up the code   */
+-    conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
+    conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
+     if (conn->sessionSocket < 0) {
+ 	error("Failed to create PPPoE socket: %m");
+ 	return -1;
+@@ -148,7 +148,7 @@ PPPOEConnectDevice(void)
+     lcp_wantoptions[0].mru = conn->mru;
+ 
+     /* Update maximum MRU */
+-    s = socket(AF_INET, SOCK_DGRAM, 0);
+    s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+     if (s < 0) {
+ 	error("Can't get MTU for %s: %m", conn->ifName);
+ 	goto errout;
+@@ -320,7 +320,7 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit)
+     }
+ 
+     /* Open a socket */
+-    if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
+    if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
+ 	r = 0;
+     }
+ 
+diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
+index 3d3bf4e..c0d927d 100644
+--- a/pppd/plugins/pppoe/pppoe-discovery.c
+++ b/pppd/plugins/pppoe/pppoe-discovery.c
+@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
+     stype = SOCK_PACKET;
+ #endif
+ 
+-    if ((fd = socket(domain, stype, htons(type))) < 0) {
+    if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ 	/* Give a more helpful message for the common error case */
+ 	if (errno == EPERM) {
+ 	    fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 00a2cf5..0690019 100644
+--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
+@@ -308,12 +308,12 @@ static int modify_flags(int fd, int clear_bits, int set_bits)
+ void sys_init(void)
+ {
+     /* Get an internet socket for doing socket ioctls. */
+-    sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+    sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+     if (sock_fd < 0)
+ 	fatal("Couldn't create IP socket: %m(%d)", errno);
+ 
+ #ifdef INET6
+-    sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
+    sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+     if (sock6_fd < 0)
+ 	sock6_fd = -errno;	/* save errno for later */
+ #endif
+@@ -1857,7 +1857,7 @@ get_if_hwaddr(u_char *addr, char *name)
+ 	struct ifreq ifreq;
+ 	int ret, sock_fd;
+ 
+-	sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+	sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ 	if (sock_fd < 0)
+ 		return -1;
+ 	memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
+@@ -2067,7 +2067,7 @@ int ppp_available(void)
+ /*
+  * Open a socket for doing the ioctl operations.
+  */
+-    s = socket(AF_INET, SOCK_DGRAM, 0);
+    s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+     if (s < 0)
+ 	return 0;
+ 
+diff --git a/pppd/tty.c b/pppd/tty.c
+index bc96695..8e76a5d 100644
+--- a/pppd/tty.c
+++ b/pppd/tty.c
+@@ -896,7 +896,7 @@ open_socket(dest)
+     *sep = ':';
+ 
+     /* get a socket and connect it to the other end */
+-    sock = socket(PF_INET, SOCK_STREAM, 0);
+    sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+     if (sock < 0) {
+ 	error("Can't create socket: %m");
+ 	return -1;
+-- 
+1.8.3.1
+
--- a/SOURCES/0015-pppd-move-pppd-database-to-var-run-ppp.patch
+++ b/SOURCES/0015-pppd-move-pppd-database-to-var-run-ppp.patch
@ -0,0 +1,44 @@
				@@ -0,0 +1,44 @@
+From f2c855462ff56be4121409c7e048cd2503fe0ccf Mon Sep 17 00:00:00 2001
+From: Jiri Skala <jskala@fedoraproject.org>
+Date: Mon, 7 Apr 2014 14:26:20 +0200
+Subject: [PATCH 15/27] pppd: move pppd database to /var/run/ppp
+
+Resolves: #560014
+---
+ pppd/pathnames.h | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/pppd/pathnames.h b/pppd/pathnames.h
+index bef3160..24e010c 100644
+--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
+@@ -6,8 +6,9 @@
+ 
+ #ifdef HAVE_PATHS_H
+ #include <paths.h>
+-
+#define _PPP_SUBDIR	"ppp/"
+ #else /* HAVE_PATHS_H */
+#define _PPP_SUBDIR
+ #ifndef _PATH_VARRUN
+ #define _PATH_VARRUN 	"/etc/ppp/"
+ #endif
+@@ -46,13 +47,9 @@
+ #endif /* IPX_CHANGE */
+ 
+ #ifdef __STDC__
+-#define _PATH_PPPDB	_ROOT_PATH _PATH_VARRUN "pppd2.tdb"
+#define _PATH_PPPDB	_ROOT_PATH _PATH_VARRUN _PPP_SUBDIR "pppd2.tdb"
+ #else /* __STDC__ */
+-#ifdef HAVE_PATHS_H
+-#define _PATH_PPPDB	"/var/run/pppd2.tdb"
+-#else
+-#define _PATH_PPPDB	"/etc/ppp/pppd2.tdb"
+-#endif
+#define _PATH_PPPDB	_PATH_VARRUN _PPP_SUBDIR "pppd2.tdb"
+ #endif /* __STDC__ */
+ 
+ #ifdef PLUGIN
+-- 
+1.8.3.1
+
--- a/SOURCES/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
+++ b/SOURCES/0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
@ -0,0 +1,115 @@
				@@ -0,0 +1,115 @@
+diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
+index 3cd9101..9918091 100644
+--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
+@@ -16,6 +16,7 @@
+ 
+ DESTDIR = $(INSTROOT)@DESTDIR@
+ BINDIR = $(DESTDIR)/sbin
+MANDIR = $(DESTDIR)/share/man/man8
+ LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
+ 
+ PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+@@ -46,6 +47,7 @@ install: all
+	$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
+ 	$(INSTALL) -d -m 755 $(BINDIR)
+ 	$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
+	$(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
+ 
+ clean:
+ 	rm -f *.o *.so pppoe-discovery
+diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8
+new file mode 100644
+index 0000000..d0a93db
+--- /dev/null
+++ b/pppd/plugins/pppoe/pppoe-discovery.8
+@@ -0,0 +1,86 @@
+.\" pppoe-discovery.8 written by
+.\" Ben Hutchings <ben@decadentplace.org.uk>, based on pppoe.8.
+.\" Licenced under the GPL version 2 or later.
+.TH PPPOE-DISCOVERY 8
+.SH NAME
+pppoe\-discovery \- perform PPPoE discovery
+.SH SYNOPSIS
+.B pppoe\-discovery
+[
+.I options
+]
+.br
+.BR pppoe\-discovery " { " \-V " | " \-h " }"
+.SH DESCRIPTION
+.LP
+\fBpppoe\-discovery\fR performs the same discovery process as
+\fBpppoe\fR, but does not initiate a session.
+It sends a PADI packet and then prints the names of access
+concentrators in each PADO packet it receives.
+.SH OPTIONS
+.TP
+.BI \-I " interface"
+.RS
+The \fB\-I\fR option specifies the Ethernet interface to use.
+Under Linux, it is typically eth0 or eth1.
+The interface should be \(lqup\(rq before you start
+\fBpppoe\-discovery\fR, but should \fInot\fR be configured to have an
+IP address.
+The default interface is eth0.
+.RE
+.TP
+.BI \-D " file_name"
+.RS
+The \fB\-D\fR option causes every packet to be dumped to the specified
+\fIfile_name\fR.
+This is intended for debugging only.
+.RE
+.TP
+.B \-U
+.RS
+Causes \fBpppoe\-discovery\fR to use the Host-Uniq tag in its discovery
+packets.
+This lets you run multiple instances of \fBpppoe\-discovery\fR and/or
+\fBpppoe\fR without having their discovery packets interfere with one
+another.
+You must supply this option to \fIall\fR instances that you intend to
+run simultaneously.
+.RE
+.TP
+.BI \-S " service_name"
+.RS
+Specifies the desired service name.
+\fBpppoe\-discovery\fR will only accept access concentrators which can
+provide the specified service.
+In most cases, you should \fInot\fR specify this option.
+Use it only if you know that there are multiple access concentrators
+or know that you need a specific service name.
+.RE
+.TP
+.BI \-C " ac_name"
+.RS
+Specifies the desired access concentrator name.
+\fBpppoe\-discovery\fR will only accept the specified access
+concentrator.
+In most cases, you should \fInot\fR specify this option.
+Use it only if you know that there are multiple access concentrators.
+If both the \fB\-S\fR and \fB\-C\fR options are specified, they must
+\fIboth\fR match.
+.RE
+.TP
+.B \-A
+.RS
+This option is accepted for compatibility with \fBpppoe\fR, but has no
+effect.
+.RE
+.TP
+.BR \-V " | " \-h
+.RS
+Either of these options causes \fBpppoe\-discovery\fR to print its
+version number and usage information, then exit.
+.RE
+.SH AUTHORS
+\fBpppoe\-discovery\fR was written by Marco d'Itri <md@linux.it>,
+based on \fBpppoe\fR by David F. Skoll <dfs@roaringpenguin.com>.
+.SH SEE ALSO
+pppoe(8), pppoe-sniff(8)
+-- 
+1.8.3.1
+
--- a/SOURCES/0018-scritps-fix-ip-up.local-sample.patch
+++ b/SOURCES/0018-scritps-fix-ip-up.local-sample.patch
@ -0,0 +1,27 @@
				@@ -0,0 +1,27 @@
+From 40960f91cdd06da387616ec838ae2599e7f01cee Mon Sep 17 00:00:00 2001
+From: Jiri Skala <jskala@fedoraproject.org>
+Date: Mon, 7 Apr 2014 15:24:01 +0200
+Subject: [PATCH 18/27] scritps: fix ip-up.local sample
+
+Resolves: #613717
+---
+ scripts/ip-up.local.add | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/scripts/ip-up.local.add b/scripts/ip-up.local.add
+index 26cf5f8..282337c 100644
+--- a/scripts/ip-up.local.add
+++ b/scripts/ip-up.local.add
+@@ -18,6 +18,9 @@ if [ -n "$USEPEERDNS" -a -f /var/run/ppp/resolv.conf ]; then
+ 		rscf=/var/run/ppp/resolv.new
+ 		grep domain /var/run/ppp/resolv.prev > $rscf
+ 		grep search /var/run/ppp/resolv.prev >> $rscf
+		if [ -f /var/run/ppp/resolv.conf ]; then
+			cat /var/run/ppp/resolv.conf >> $rscf
+		fi
+ 		change_resolv_conf $rscf
+ 		rm -f $rscf
+ 	else
+-- 
+1.8.3.1
+
--- a/SOURCES/0020-pppd-put-lock-files-in-var-lock-ppp.patch
+++ b/SOURCES/0020-pppd-put-lock-files-in-var-lock-ppp.patch
@ -0,0 +1,26 @@
				@@ -0,0 +1,26 @@
+From c5a5f795b1defcb6d168e79c4d1fc371dfc556ca Mon Sep 17 00:00:00 2001
+From: Jiri Skala <jskala@redhat.com>
+Date: Wed, 9 Apr 2014 09:29:50 +0200
+Subject: [PATCH 20/27] pppd: put lock files in /var/lock/ppp
+
+Resolves: #708260
+---
+ pppd/utils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pppd/utils.c b/pppd/utils.c
+index 6051b9a..8407492 100644
+--- a/pppd/utils.c
+++ b/pppd/utils.c
+@@ -846,7 +846,7 @@ complete_read(int fd, void *buf, size_t count)
+ /* Procedures for locking the serial device using a lock file. */
+ #ifndef LOCK_DIR
+ #ifdef __linux__
+-#define LOCK_DIR	"/var/lock"
+#define LOCK_DIR	"/var/lock/ppp"
+ #else
+ #ifdef SVR4
+ #define LOCK_DIR	"/var/spool/locks"
+-- 
+1.8.3.1
+
--- a/SOURCES/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
+++ b/SOURCES/0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
@ -0,0 +1,20 @@
				@@ -0,0 +1,20 @@
+diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
+index 2df887b..6cb8397 100644
+--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
+@@ -43,12 +43,12 @@ pppoe.so: plugin.o discovery.o if.o common.o
+ 
+ install: all
+ 	$(INSTALL) -d -m 755 $(LIBDIR)
+-	$(INSTALL) -c -m 4550 pppoe.so $(LIBDIR)
+	$(INSTALL) -c -m 755 pppoe.so $(LIBDIR)
+ 	# Symlink for backward compatibility
+ 	$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
+ 	$(INSTALL) -d -m 755 $(BINDIR)
+-	$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
+-	$(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
+	$(INSTALL) -c -m 755 pppoe-discovery $(BINDIR)
+	$(INSTALL) -c -m 644 pppoe-discovery.8 $(MANDIR)
+ 
+ clean:
+ 	rm -f *.o *.so pppoe-discovery
--- a/SOURCES/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
+++ b/SOURCES/0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
@ -0,0 +1,26 @@
				@@ -0,0 +1,26 @@
+From 0fdb22ef3d3cc3b297372451d60bd6c61d047d27 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 10 Apr 2014 10:08:41 +0200
+Subject: [PATCH 24/27] build-sys: install pppoatm plugin files with standard
+ perms
+
+---
+ pppd/plugins/pppoatm/Makefile.linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
+index 769794b..4c5826f 100644
+--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
+@@ -37,7 +37,7 @@ $(PLUGIN): $(PLUGIN_OBJS)
+ 
+ install: all
+ 	$(INSTALL) -d -m 755 $(LIBDIR)
+-	$(INSTALL) -c -m 4550 $(PLUGIN) $(LIBDIR)
+	$(INSTALL) -c -m 755 $(PLUGIN) $(LIBDIR)
+ 
+ clean:
+ 	rm -f *.o *.so
+-- 
+1.8.3.1
+
--- a/SOURCES/ifdown-ppp
+++ b/SOURCES/ifdown-ppp
@ -0,0 +1,51 @@
				@@ -0,0 +1,51 @@
+#! /bin/bash
+
+cd /etc/sysconfig/network-scripts
+. ./network-functions
+
+CONFIG=$1
+source_config
+
+if [ "$TYPE" = "xDSL" ] && [ -x /usr/sbin/adsl-stop ] ; then
+    adsl-stop /etc/sysconfig/network-scripts/$CONFIG
+    exit $?
+fi
+
+CONFIG=${CONFIG##ifcfg-}
+
+if [ "${DEMAND}" = "yes" ] && [ -f /var/run/ppp-${CONFIG}.pid ] ; then
+    PID=$(head -1 /var/run/ppp-${CONFIG}.pid)
+    kill -TERM ${PID}
+    sleep 2
+    [ ! -d /proc/${PID} ] && exit 0
+    sleep 5
+    [ ! -d /proc/${PID} ] && exit 0
+    kill -TERM ${PID}
+    [ ! -d /proc/${PID} ] && exit 0
+    exit 1
+fi
+
+file=/var/run/pppwatch-${DEVICE}.pid
+
+if [ ! -f $file ]; then
+    # ppp isn't running, or we didn't start it
+    exit 0
+fi
+
+PID=$(cat $file)
+[ -n "${PID}" ] || exit 1
+
+kill -TERM ${PID} > /dev/null 2>&1
+[ ! -d /proc/${PID} ] && exit 0
+sleep 2
+[ ! -d /proc/${PID} ] && exit 0
+sleep 5
+[ ! -d /proc/${PID} ] && exit 0
+sleep 10
+[ ! -d /proc/${PID} ] && exit 0
+
+# killing ppp-watch twice in a row causes it to send a SIGKILL to pppd pgrp
+kill -TERM ${PID} > /dev/null 2>&1
+[ ! -d /proc/${PID} ] && exit 0
+
+exit 1
--- a/SOURCES/ifup-ppp
+++ b/SOURCES/ifup-ppp
@ -0,0 +1,157 @@
				@@ -0,0 +1,157 @@
+#! /bin/bash
+
+. /etc/init.d/functions
+
+cd /etc/sysconfig/network-scripts
+. ./network-functions
+
+# ifup-post for PPP is handled through /etc/ppp/ip-up
+if [ "${1}" = daemon ] ; then
+  # we've been called from ppp-watch, so don't invoke it for persistence
+  shift
+else
+  # just in case a full path to the configuration file is passed in
+  CONFIG=${1##*/} # CONFIG=$(basename $1)
+  [ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
+  source_config
+  # don't start ppp-watch by xDSL
+  if [ "${DEMAND}" != yes -a "$TYPE" != "xDSL" ] ; then
+    # let ppp-watch do the right thing
+    exec /sbin/ppp-watch "${CONFIG##ifcfg-}" "$2"
+  fi
+fi
+
+CONFIG=$1
+[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
+source_config
+
+if [ -z "${DISCONNECTTIMEOUT}" ]; then
+  DISCONNECTTIMEOUT=2
+fi
+
+if [ -z "${RETRYTIMEOUT}" ]; then
+  RETRYTIMEOUT=30
+fi
+
+if [ -z "${IDLETIMEOUT}" ]; then
+  IDLETIMEOUT=600
+fi
+
+if [ "${2}" = "boot" -a "${ONBOOT}" = "no" ]; then
+  exit
+fi
+
+[ -x /usr/sbin/pppd ] || {
+  echo $"pppd does not exist or is not executable"
+  echo $"ifup-ppp for ${DEVICE} exiting"
+  /usr/bin/logger -p daemon.info -t ifup-ppp \
+    $"pppd does not exist or is not executable for ${DEVICE}"
+  exit 1
+}
+
+# check that xDSL connection
+if [ "$TYPE" = "xDSL" ] ; then
+    if [ -x /usr/sbin/adsl-start ] ; then
+        adsl-start /etc/sysconfig/network-scripts/$CONFIG
+        exit $?
+    else
+        /usr/bin/logger -p daemon.info -t ifup-ppp \
+            $"adsl-start does not exist or is not executable for ${DEVICE}"
+        exit 1
+    fi
+fi
+
+PEERCONF=/etc/ppp/peers/${DEVNAME}
+
+if [ "${DEBUG}" = "yes" ]; then
+  CHATDBG="-v"
+fi
+
+if [ ! -f ${PEERCONF} ]; then
+  if [ -z "${WVDIALSECT}" ] ; then
+    CHATSCRIPT=/etc/sysconfig/network-scripts/chat-${DEVNAME}
+    [ -f ${CHATSCRIPT} ] || {
+     echo $"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist"
+     echo $"ifup-ppp for ${DEVNAME} exiting"
+     /usr/bin/logger -p daemon.info -t ifup-ppp \
+       $"/etc/sysconfig/network-scripts/chat-${DEVNAME} does not exist for ${DEVICE}"
+     exit 1
+    }
+  fi
+  /usr/bin/logger -s -p daemon.notice -t ifup-ppp \
+    $"Setting up a new ${PEERCONF} config file"
+  if [ -f /etc/ppp/peers/${DEVICE} ]; then
+    cp -f /etc/ppp/peers/${DEVICE} ${PEERCONF}
+  else
+    touch ${PEERCONF}
+  fi
+  if [ "${WVDIALSECT}" ]; then
+    echo "connect \"/usr/bin/wvdial --remotename ${DEVNAME} --chat '${WVDIALSECT}'\"" >> ${PEERCONF}
+  else
+    echo "connect \"/usr/sbin/chat ${CHATDBG} -f ${CHATSCRIPT}\"" >> ${PEERCONF}
+  fi
+fi
+    
+opts="lock"
+if [ "${HARDFLOWCTL}" != no ] ; then
+  opts="$opts modem crtscts"
+fi
+if [ "${ESCAPECHARS}" != yes ] ; then
+  opts="$opts asyncmap 00000000"
+fi
+if [ "${DEFROUTE}" != no ] ; then
+  # pppd will no longer delete an existing default route
+  # so we have to help it out a little here.
+  DEFRT=$(ip route list match 0.0.0.0/0)
+  [ -n "${DEFRT}" ] && echo "$DEFRT" > /etc/default-routes
+  echo "$DEFRT" | while read spec; do
+      ip route del $spec;
+  done
+  opts="$opts defaultroute"
+fi
+if [ "${PEERDNS}" != no ] ; then
+  cp -f /etc/resolv.conf /etc/resolv.conf.save
+  opts="$opts usepeerdns"
+fi
+if [ -n "${MRU}" ] ; then
+  opts="$opts mru ${MRU}"
+fi
+if [ -n "${MTU}" ] ; then
+  opts="$opts mtu ${MTU}"
+fi
+if [ -n "${IPADDR}${REMIP}" ] ; then
+  # if either IP address is set, the following will work.
+  opts="$opts ${IPADDR}:${REMIP}"
+fi
+if [ -n "${PAPNAME}" ] ; then
+  opts="$opts user ${PAPNAME} remotename ${DEVNAME}"
+fi
+if [ "${DEBUG}" = yes ] ; then
+  opts="$opts debug"
+fi
+
+if [ ${DEMAND} = yes ] ; then
+  opts="$opts demand ktune idle ${IDLETIMEOUT} holdoff ${RETRYTIMEOUT}"
+  exec=
+else
+  opts="$opts nodetach"
+  exec=exec
+fi
+
+/usr/bin/logger -p daemon.info -t ifup-ppp \
+  $"pppd started for ${DEVNAME} on ${MODEMPORT} at ${LINESPEED}"
+
+$exec pppd $opts ${MODEMPORT} ${LINESPEED} \
+    ipparam ${DEVNAME} linkname ${DEVNAME} call ${DEVNAME}\
+    noauth \
+    ${PPPOPTIONS} || exit
+
+if [ "${DEMAND}" = "yes" ] ; then
+  # pppd is a tad slow to write the pid-file.
+  sleep 2
+  if [ -f /var/run/ppp-${DEVNAME}.pid ] ; then
+    REALDEVICE=$(tail -1 /var/run/ppp-${DEVNAME}.pid)
+    /etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
+  fi
+fi
+
--- a/SOURCES/ip-down
+++ b/SOURCES/ip-down
@ -0,0 +1,18 @@
				@@ -0,0 +1,18 @@
+#!/bin/bash
+# This file should not be modified -- make local changes to
+# /etc/ppp/ip-down.local instead
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+LOGDEVICE=$6
+REALDEVICE=$1
+
+/etc/ppp/ip-down.ipv6to4 ${LOGDEVICE}
+
+[ -x /etc/ppp/ip-down.local ] && /etc/ppp/ip-down.local "$@"
+
+/etc/sysconfig/network-scripts/ifdown-post --realdevice ${REALDEVICE} \
+    ifcfg-${LOGDEVICE}
+
+exit 0
--- a/SOURCES/ip-down.ipv6to4
+++ b/SOURCES/ip-down.ipv6to4
@ -0,0 +1,114 @@
				@@ -0,0 +1,114 @@
+#!/bin/sh
+#
+# ip-down.ipv6to4
+#
+#
+# Taken from:
+# (P) & (C) 2000-2005 by Peter Bieringer <pb@bieringer.de>
+#
+#  You will find more information on the initscripts-ipv6 homepage at
+#   http://www.deepspace6.net/projects/initscripts-ipv6.html
+#
+# Version 2005-09-22
+#
+# Calling parameters:
+#  $1: interface name
+#
+# Called (mostly) by /etc/ppp/ip-down.local
+#  like: /etc/ppp/ip-down.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1
+#
+# Note: this script will *check* whether the existing 6to4 tunnel
+#        was set before by using "ip-up.ipv6to4" comparing IPv4 address
+#        of device with the generated 6to4 prefix
+#
+# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
+#  IPV6TO4INIT=yes|no: controls configuration
+#  IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup additional interfaces
+#
+#  IPV6_CONTROL_RADVD=yes|no: controls radvd triggering
+#  IPV6_RADVD_PIDFILE=<file>: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid"
+#  IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd (optional, default is SIGHUP)
+#
+
+
+if [ -z "$1" ]; then
+  	echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization"
+	exit 1
+fi
+
+# Get global network configuration
+. /etc/sysconfig/network
+
+# Source IPv4 helper functions
+cd /etc/sysconfig/network-scripts
+. ./network-functions
+
+CONFIG=$1
+[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
+source_config
+
+# IPv6 don't need aliases anymore, config is skipped
+REALDEVICE=${DEVICE%%:*}
+[ "$DEVICE" != "$REALDEVICE" ] && exit 0
+
+if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
+	exit 1
+fi
+
+. /etc/sysconfig/network-scripts/network-functions-ipv6
+
+
+# Run basic IPv6 test, if not ok, skip IPv6 initialization
+ipv6_test testonly || exit 0
+
+# Test status of ppp device
+ipv6_test_device_status $DEVICE
+if [ $? != 0 -a $? != 11 ]; then
+        # device doesn't exist or other problem occurs
+        exit 1
+fi
+
+# Test status of tun6to4 device
+ipv6_test_device_status tun6to4
+if [ $? = 0 -o $? = 11 ]; then
+	# Device exists
+	valid6to4config="yes"
+
+	# Get IPv4 address from interface
+	ipv4addr="$(ipv6_get_ipv4addr_of_device $DEVICE)"
+	if [ -z "$ipv4addr" ]; then
+		# Has no IPv4 address
+		valid6to4config="no"
+	fi
+
+	# Get local IPv4 address of dedicated tunnel
+	ipv4addr6to4local="$(ipv6_get_ipv4addr_of_tunnel tun6to4 local)"
+
+	# IPv6to4 not enabled on this interface?
+	if [ $IPV6TO4INIT != "yes" ]; then
+		# Check against configured 6to4 tunnel to see if this interface was regardless used before
+		if [ "$ipv4addr" != "$ipv4addr6to4local" ]; then
+			# IPv4 address of interface does't match local tunnel address, interface was not used for current 6to4 setup
+			valid6to4config="no"
+		fi
+	fi
+
+fi
+
+if [ "$valid6to4config" = "yes" ]; then
+	if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
+		# Control running radvd
+		ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
+	fi
+
+	if [ -n "$IPV6TO4_ROUTING" ]; then
+		# Delete routes to local networks
+		for devsuf in $IPV6TO4_ROUTING; do
+			dev="${devsuf%%-*}"
+			ipv6_cleanup_6to4_device $dev
+		done
+	fi
+
+	# Delete all configured 6to4 address
+	ipv6_cleanup_6to4_tunnels tun6to4
+fi
--- a/SOURCES/ip-up
+++ b/SOURCES/ip-up
@ -0,0 +1,17 @@
				@@ -0,0 +1,17 @@
+#!/bin/bash
+# This file should not be modified -- make local changes to
+# /etc/ppp/ip-up.local instead
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+LOGDEVICE=$6
+REALDEVICE=$1
+
+[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post --realdevice ${REALDEVICE} ifcfg-${LOGDEVICE}
+
+/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE}
+
+[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
+
+exit 0
--- a/SOURCES/ip-up.ipv6to4
+++ b/SOURCES/ip-up.ipv6to4
@ -0,0 +1,193 @@
				@@ -0,0 +1,193 @@
+#!/bin/sh
+#
+# ip-up.ipv6to4
+#
+#
+# Taken from:
+# (P) & (C) 2000-2005 by Peter Bieringer <pb@bieringer.de>
+#
+#  You will find more information on the initscripts-ipv6 homepage at
+#   http://www.deepspace6.net/projects/initscripts-ipv6.html
+#
+# Version: 2005-09-22
+#
+# Calling parameters:
+#  $1: interface name
+#
+# Called (mostly) by /etc/ppp/ip-up.local
+#  like: /etc/ppp/ip-up.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1
+#
+# Note: this script will *kill* older still existing 6to4 tunnels regardless
+#        whether they were set before by another device
+#
+# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
+#  IPV6TO4INIT=yes|no: controls configuration
+#  IPV6TO4_IPV4ADDR=<IPv4 address>: special local address for 6to4 tunneling (only needed behind a NAT gateway)
+#  IPV6TO4_RELAY=<IPv4 address>: remote 6to4 relay router address (default: 192.88.99.1)
+#  IPV6TO4_MTU=<MTU for IPv6>: controls IPv6 MTU for the 6to4 link (optional, default is MTU of interface - 20)
+#  IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup additional interfaces
+#    Example: IPV6TO4_ROUTING="eth0-:f101::1/64 eth1-:f102::1/64"
+#
+#  IPV6_CONTROL_RADVD=yes|no: controls radvd triggering
+#  IPV6_RADVD_PIDFILE=<file>: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid"
+#  IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd (optional, default is SIGHUP)
+#
+# Requirements
+#  radvd-0.6.2p3 or newer supporting option "Base6to4Interface"
+#
+
+
+if [ -z "$1" ]; then
+	echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization"
+	exit 1
+fi
+
+# Get global network configuration
+. /etc/sysconfig/network
+
+# Source IPv4 helper functions
+cd /etc/sysconfig/network-scripts
+. ./network-functions
+
+CONFIG=$1
+[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
+source_config
+
+# IPv6 don't need aliases anymore, config is skipped
+REALDEVICE=${DEVICE%%:*}
+[ "$DEVICE" != "$REALDEVICE" ] && exit 0
+
+if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
+        exit 1
+fi
+
+. /etc/sysconfig/network-scripts/network-functions-ipv6
+
+
+# Run basic IPv6 test (and make sure the ipv6 module will be loaded), if not ok, skip IPv6 initialization
+ipv6_test || exit 1
+
+# Setup of 6to4, if configured
+valid6to4config="yes"
+if [ "$IPV6TO4INIT" = "yes" ]; then
+	if [ -n "$IPV6TO4_IPV4ADDR" ]; then
+		# Take 6to4-dedicated configured IPv4 address from config file (precedence 1)
+		ipv4addr="$IPV6TO4_IPV4ADDR"
+        else
+		# Get IPv4 address from interface (precedence 2)
+		ipv4addr="$(ipv6_get_ipv4addr_of_device $DEVICE)"
+		if [ -z "$ipv4addr" ]; then
+                	# Take configured IPv4 address of interface from config file (precedence 3)
+                	ipv4addr="$IPADDR"
+            	fi
+        fi
+        if [ -n "$ipv4addr" ]; then
+		# Test for non-global IPv4 address
+		if ! ipv6_test_ipv4_addr_global_usable $ipv4addr; then
+                	net_log $"Given IPv4 address '$ipv4addr' is not globally usable" info
+			valid6to4config="no"
+		fi
+	else
+		net_log $"IPv6to4 configuration needs an IPv4 address on related interface or otherwise specified" info
+		valid6to4config="no"
+	fi
+	if [ -z "$IPV6TO4_RELAY" ]; then
+		IPV6TO4_RELAY="192.88.99.1"
+       	fi
+
+	# Check/generate relay address
+	ipv6to4_relay="$(ipv6_create_6to4_relay_address $IPV6TO4_RELAY)"
+	if [ $? -ne 0 ]; then
+		valid6to4config="no"
+	fi
+
+	if [ "$valid6to4config" = "yes" ]; then
+		# Delete routes to local networks
+       		for devsuf in $IPV6TO4_ROUTING; do
+			dev="${devsuf%%-*}"
+			ipv6_cleanup_6to4_device $dev
+		done
+
+		# Cleanup all old data (needed, if "ip-down.ipv6to4" wasn't executed), delete all configured 6to4 address
+		ipv6_cleanup_6to4_tunnels tun6to4
+
+		# Get MTU of master device
+		ipv4mtu="$(/sbin/ip link show dev $DEVICE | awk '/\<mtu\>/ { print $5 }')"
+		if [ -n "$ipv4mtu" ]; then
+			# IPv6 tunnel MTU is IPv4 MTU minus 20 for IPv4 header
+			tunnelmtu=$[ $ipv4mtu - 20 ]
+		fi
+
+		if [ -n "$IPV6TO4_MTU" ]; then
+			if [ $IPV6TO4_MTU -gt $tunnelmtu ]; then
+				net_log $"Warning: configured MTU '$IPV6TO4_MTU' for 6to4 exceeds maximum limit of '$tunnelmtu', ignored" warning
+			else
+				tunnelmtu=$IPV6TO4_MTU
+			fi
+		fi
+
+		# Setup new data
+		ipv6_add_6to4_tunnel tun6to4 $ipv4addr "" $tunnelmtu || exit 1
+
+		# Add route to for compatible addresses (removed later again)
+		ipv6_add_route "::/96" "::" tun6to4
+
+		# Add default route, if device matches
+		if [ "$IPV6_DEFAULTDEV" = "tun6to4" ]; then
+			if [ -n "$IPV6_DEFAULTGW" ]; then
+				net_log $"Warning: interface 'tun6to4' does not support 'IPV6_DEFAULTGW', ignored" warning
+			fi
+			ipv6_set_default_route $ipv6to4_relay tun6to4
+		fi
+
+		# Add static routes
+		if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
+			LC_ALL=C grep -w "^tun6to4" /etc/sysconfig/static-routes-ipv6 | while read device network gateway; do
+				if [ -z "$network" ]; then
+					continue
+				fi
+				if [ -z "$gateway" ]; then
+					gateway="$ipv6to4_relay"
+				fi
+				ipv6_add_route $network $gateway tun6to4
+			done
+		fi
+
+                # Setup additional static IPv6 routes (newer config style)
+		if [ -f "/etc/sysconfig/network-scripts/route6-tun6to4" ]; then
+			sed -ne 's/#.*//' -e '/[^[:space:]]/p' /etc/sysconfig/network-scripts/route6-tun6to4 | while read line; do
+				if echo "$line" | grep -vq 'via'; then
+					# Add gateway if missing
+					line="$line via $ipv6to4_relay"
+				fi
+				/sbin/ip -6 route add $line
+			done
+                fi
+
+		# Cleanup autmatically generated autotunnel (not needed for 6to4)
+		/sbin/ip -6 route del ::/96 dev tun6to4
+		/sbin/ip -6 addr del tun6to4 "::$ipv4addr/128" dev tun6to4
+
+	        if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
+                        # Control running radvd
+			ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
+
+			if [ -n "$IPV6TO4_ROUTING" ]; then
+				# Generate 6to4 address
+				ipv6to4prefix="$(ipv6_create_6to4_prefix $ipv4addr)"
+				if [ -n "$ipv6to4prefix" ]; then
+					# Add IPv6 address to interface (required interface route will be set automatically)
+					for devsuf in $IPV6TO4_ROUTING; do
+						dev="${devsuf%%-*}"
+						suf="$(echo $devsuf | awk -F- '{ print $2 }')"
+						ipv6_add_addr_on_device ${dev} ${ipv6to4prefix}${suf}
+					done
+				else
+					net_log $"Error occurred while calculating the IPv6to4 prefix"
+				fi
+			else
+				net_log $"radvd control enabled, but config is not complete"
+			fi
+		fi
+	fi
+fi
--- a/SOURCES/ipv6-down
+++ b/SOURCES/ipv6-down
@ -0,0 +1,70 @@
				@@ -0,0 +1,70 @@
+#!/bin/sh
+#
+# ipv6-down
+#
+# Called by pppd after IPV6CP/down was finished
+#
+# This file should not be modified -- make local changes to
+# /etc/ppp/ipv6-down.local instead
+#
+#
+# Taken from:
+# (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
+#
+#  You will find more information on the initscripts-ipv6 homepage at
+#   http://www.deepspace6.net/projects/initscripts-ipv6.html
+#
+# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
+#
+# Calling parameters:
+#  $1: interface name
+#  $6: logical interface name (set by pppd option ipparam)
+#
+# Version 2006-08-02
+#
+# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
+#  IPV6INIT=yes|no: controls IPv6 configuration for this interface
+#
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+LOGDEVICE=$6
+REALDEVICE=$1
+
+[ -f /etc/sysconfig/network ] || exit 0
+. /etc/sysconfig/network
+
+cd /etc/sysconfig/network-scripts
+. ./network-functions
+
+CONFIG=$LOGDEVICE
+[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
+source_config
+
+[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
+. /etc/sysconfig/network-scripts/network-functions-ipv6
+
+[ -x /etc/ppp/ipv6-down.local ] && /etc/ppp/ipv6-down.local "$@"
+
+
+if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then
+	# Control running radvd
+	ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
+fi
+
+# IPv6 test, no module loaded, exit if system is not IPv6-ready
+ipv6_test testonly || exit 0
+
+# Test device status
+ipv6_test_device_status $REALDEVICE
+if [ $? != 0 -a $? != 11 ]; then
+	# device doesn't exist or other problem occurs
+	exit 1
+fi
+
+# Delete all current configured IPv6 addresses on this interface
+ipv6_cleanup_device $REALDEVICE
+
+exit 0
--- a/SOURCES/ipv6-up
+++ b/SOURCES/ipv6-up
@ -0,0 +1,112 @@
				@@ -0,0 +1,112 @@
+#!/bin/bash
+#
+# ipv6-up
+#
+# Called by pppd after IPV6CP/up was finished
+#
+# This file should not be modified -- make local changes to
+# /etc/ppp/ipv6-up.local instead
+#
+# Taken from:
+# (P) & (C) 2001-2006 by Peter Bieringer <pb@bieringer.de>
+#
+#  You will find more information on the initscripts-ipv6 homepage at
+#   http://www.deepspace6.net/projects/initscripts-ipv6.html
+#
+# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
+#
+# Calling parameters:
+#  $1: interface name
+#  $6: logical interface name (set by pppd option ipparam)
+#
+#
+# Version: 2006-08-02
+#
+# Uses following information from "/etc/sysconfig/network":
+#  IPV6_DEFAULTDEV=<device>: controls default route (optional)
+#
+# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
+#  IPV6INIT=yes|no: controls IPv6 configuration for this interface
+#  IPV6ADDR=<IPv6 address>[/<prefix length>]: specify primary static IPv6 address
+#  IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional)
+#  IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link (optional)
+#
+
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+LOGDEVICE=$6
+REALDEVICE=$1
+
+[ -f /etc/sysconfig/network ] || exit 0
+. /etc/sysconfig/network
+
+cd /etc/sysconfig/network-scripts
+. ./network-functions
+. ./network-functions-ipv6
+
+CONFIG=$LOGDEVICE
+[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
+source_config
+
+# Test whether IPv6 configuration is disabled for this interface
+[[ "$IPV6INIT" = [nN0]* ]] && exit 0
+
+[ -f /etc/sysconfig/network-scripts/network-functions-ipv6 ] || exit 1
+. /etc/sysconfig/network-scripts/network-functions-ipv6
+
+# IPv6 test, module loaded, exit if system is not IPv6-ready
+ipv6_test || exit 1
+
+# Test device status
+ipv6_test_device_status $REALDEVICE
+if [ $? != 0 -a $? != 11 ]; then
+	# device doesn't exist or other problem occurs
+	exit 1
+fi
+
+# Setup IPv6 address on specified interface
+if [ -n "$IPV6ADDR" ]; then
+	ipv6_add_addr_on_device $REALDEVICE $IPV6ADDR || exit 1
+fi
+
+# Set IPv6 MTU, if given
+if [ -n "$IPV6_MTU" ]; then
+	ipv6_set_mtu $REALDEVICE $IPV6_MTU
+fi
+
+# Setup additional IPv6 addresses from list, if given
+if [ -n "$IPV6ADDR_SECONDARIES" ]; then
+	for ipv6addr in $IPV6ADDR_SECONDARIES; do
+			ipv6_add_addr_on_device $REALDEVICE $ipv6addr
+	done
+fi
+
+# Setup default IPv6 route through device
+if [ "$IPV6_DEFAULTDEV" = "$LOGDEVICE" ]; then
+	ipv6_set_default_route "" "$REALDEVICE" "$REALDEVICE"
+fi
+
+# Setup additional static IPv6 routes on specified interface, if given
+if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
+	LC_ALL=C grep -w "^$LOGDEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
+		ipv6_add_route $args $REALDEVICE
+	done
+fi
+
+# Setup additional static IPv6 routes (newer config style)
+if [ -f "/etc/sysconfig/network-scripts/route6-$DEVICE" ]; then
+	sed -ne 's/#.*//' -e '/[^[:space:]]/p' "/etc/sysconfig/network-scripts/route6-$DEVICE" | while read line; do
+		/sbin/ip -6 route add $line
+	done
+fi
+
+if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then						
+	# Control running radvd								
+	ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE		
+fi											
+
+[ -x /etc/ppp/ipv6-up.local ] && /etc/ppp/ipv6-up.local "$@"
+
+exit 0
--- a/SOURCES/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
+++ b/SOURCES/ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
@ -0,0 +1,29 @@
				@@ -0,0 +1,29 @@
+From ab8b06cdc1075abc67f77e7c3bb684e20071d614 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 10 Apr 2014 10:09:41 +0200
+Subject: [PATCH 25/27] pppd: install pppd binary using standard perms (755)
+
+---
+ pppd/Makefile.linux | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 0e8107f..534ccc2 100644
+--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
+@@ -223,10 +223,10 @@ all: $(TARGETS)
+ install: pppd
+ 	mkdir -p $(BINDIR) $(MANDIR)
+ 	$(EXTRAINSTALL)
+-	$(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
+	$(INSTALL) -c -m 755 pppd $(BINDIR)/pppd
+ 	if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
+ 	  chmod o-rx,u+s $(BINDIR)/pppd; fi
+-	$(INSTALL) -c -m 444 pppd.8 $(MANDIR)
+	$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
+ 
+ pppd: $(PPPDOBJS)
+ 	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
+-- 
+1.8.3.1
+
--- a/SOURCES/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
+++ b/SOURCES/ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
@ -0,0 +1,143 @@
				@@ -0,0 +1,143 @@
+From 82cd789df0f022eb6f3d28646e7a61d1d0715805 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 7 Apr 2014 12:23:36 +0200
+Subject: [PATCH 12/27] pppd: we don't want to accidentally leak fds
+
+---
+ pppd/auth.c      | 20 ++++++++++----------
+ pppd/options.c   |  2 +-
+ pppd/sys-linux.c |  4 ++--
+ 3 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/pppd/auth.c b/pppd/auth.c
+index 4271af6..9e957fa 100644
+--- a/pppd/auth.c
+++ b/pppd/auth.c
+@@ -428,7 +428,7 @@ setupapfile(argv)
+         free(fname);
+ 	return 0;
+     }
+-    ufile = fopen(fname, "r");
+    ufile = fopen(fname, "re");
+     if (seteuid(euid) == -1)
+ 	fatal("unable to regain privileges: %m");
+     if (ufile == NULL) {
+@@ -1413,7 +1413,7 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
+     filename = _PATH_UPAPFILE;
+     addrs = opts = NULL;
+     ret = UPAP_AUTHNAK;
+-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
+     if (f == NULL) {
+ 	error("Can't open PAP password file %s: %m", filename);
+ 
+@@ -1512,7 +1512,7 @@ null_login(unit)
+     if (ret <= 0) {
+ 	filename = _PATH_UPAPFILE;
+ 	addrs = NULL;
+-	f = fopen(filename, "r");
+	f = fopen(filename, "re");
+ 	if (f == NULL)
+ 	    return 0;
+ 	check_access(f, filename);
+@@ -1559,7 +1559,7 @@ get_pap_passwd(passwd)
+     }
+ 
+     filename = _PATH_UPAPFILE;
+-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
+     if (f == NULL)
+ 	return 0;
+     check_access(f, filename);
+@@ -1597,7 +1597,7 @@ have_pap_secret(lacks_ipp)
+     }
+ 
+     filename = _PATH_UPAPFILE;
+-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
+     if (f == NULL)
+ 	return 0;
+ 
+@@ -1642,7 +1642,7 @@ have_chap_secret(client, server, need_ip, lacks_ipp)
+     }
+ 
+     filename = _PATH_CHAPFILE;
+-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
+     if (f == NULL)
+ 	return 0;
+ 
+@@ -1684,7 +1684,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
+     struct wordlist *addrs;
+ 
+     filename = _PATH_SRPFILE;
+-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
+     if (f == NULL)
+ 	return 0;
+ 
+@@ -1740,7 +1740,7 @@ get_secret(unit, client, server, secret, secret_len, am_server)
+ 	addrs = NULL;
+ 	secbuf[0] = 0;
+ 
+-	f = fopen(filename, "r");
+	f = fopen(filename, "re");
+ 	if (f == NULL) {
+ 	    error("Can't open chap secret file %s: %m", filename);
+ 	    return 0;
+@@ -1797,7 +1797,7 @@ get_srp_secret(unit, client, server, secret, am_server)
+ 	filename = _PATH_SRPFILE;
+ 	addrs = NULL;
+ 
+-	fp = fopen(filename, "r");
+	fp = fopen(filename, "re");
+ 	if (fp == NULL) {
+ 	    error("Can't open srp secret file %s: %m", filename);
+ 	    return 0;
+@@ -2203,7 +2203,7 @@ scan_authfile(f, client, server, secret, addrs, opts, filename, flags)
+ 	     */
+ 	    if (word[0] == '@' && word[1] == '/') {
+ 		strlcpy(atfile, word+1, sizeof(atfile));
+-		if ((sf = fopen(atfile, "r")) == NULL) {
+		if ((sf = fopen(atfile, "re")) == NULL) {
+ 		    warn("can't open indirect secret file %s", atfile);
+ 		    continue;
+ 		}
+diff --git a/pppd/options.c b/pppd/options.c
+index 45fa742..1d754ae 100644
+--- a/pppd/options.c
+++ b/pppd/options.c
+@@ -427,7 +427,7 @@ options_from_file(filename, must_exist, check_prot, priv)
+ 	option_error("unable to drop privileges to open %s: %m", filename);
+ 	return 0;
+     }
+-    f = fopen(filename, "r");
+    f = fopen(filename, "re");
+     err = errno;
+     if (check_prot && seteuid(euid) == -1)
+ 	fatal("unable to regain privileges");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 72a7727..8a12fa0 100644
+--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
+@@ -1412,7 +1412,7 @@ static char *path_to_procfs(const char *tail)
+ 	/* Default the mount location of /proc */
+ 	strlcpy (proc_path, "/proc", sizeof(proc_path));
+ 	proc_path_len = 5;
+-	fp = fopen(MOUNTED, "r");
+	fp = fopen(MOUNTED, "re");
+ 	if (fp != NULL) {
+ 	    while ((mntent = getmntent(fp)) != NULL) {
+ 		if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
+@@ -1472,7 +1472,7 @@ static int open_route_table (void)
+     close_route_table();
+ 
+     path = path_to_procfs("/net/route");
+-    route_fd = fopen (path, "r");
+    route_fd = fopen (path, "re");
+     if (route_fd == NULL) {
+ 	error("can't open routing table %s: %m", path);
+ 	return 0;
+-- 
+1.8.3.1
+
--- a/SOURCES/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
+++ b/SOURCES/ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
@ -0,0 +1,99 @@
				@@ -0,0 +1,99 @@
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 6a4b897..8f29c1f 100644
+--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
+@@ -12,6 +12,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
+ BINDIR = $(DESTDIR)/sbin
+ MANDIR = $(DESTDIR)/share/man/man8
+ INCDIR = $(DESTDIR)/include
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)
+ 
+ TARGETS = pppd
+ 
+@@ -93,7 +94,7 @@ INCLUDE_DIRS= -I../include
+ 
+ COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
+ 
+-CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
+CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -DLIBDIR=\""$(LIBDIR)"\"
+ 
+ ifdef CHAPMS
+ CFLAGS   += -DCHAPMS=1
+diff --git a/pppd/pathnames.h b/pppd/pathnames.h
+index 524d608..c7eadbb 100644
+--- a/pppd/pathnames.h
+++ b/pppd/pathnames.h
+@@ -62,7 +62,7 @@
+ 
+ #ifdef PLUGIN
+ #ifdef __STDC__
+-#define _PATH_PLUGIN	DESTDIR "/lib/pppd/" VERSION
+#define _PATH_PLUGIN	LIBDIR "/pppd/" VERSION
+ #else /* __STDC__ */
+ #define _PATH_PLUGIN	"/usr/lib/pppd"
+ #endif /* __STDC__ */
+diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
+index 6403e3d..f42d18c 100644
+--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
+@@ -5,7 +5,7 @@ COPTS=@CFLAGS@
+ DESTDIR = $(INSTROOT)@DESTDIR@
+ BINDIR = $(DESTDIR)/sbin
+ MANDIR = $(DESTDIR)/share/man/man8
+-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+ 
+ CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
+ LDFLAGS_SHARED	= -shared
+diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
+index d3a8086..c2aff0c 100644
+--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
+@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
+ COPTS=@CFLAGS@
+ 
+ DESTDIR = $(INSTROOT)@DESTDIR@
+-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+ 
+ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+ 
+diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
+index c415ce3..d3b7392 100644
+--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
+@@ -18,7 +18,7 @@ COPTS=@CFLAGS@
+ 
+ DESTDIR = $(INSTROOT)@DESTDIR@
+ BINDIR = $(DESTDIR)/sbin
+-LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(PPPDVERSION)
+ 
+ PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+ 
+diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
+index 1aa1c0b..e4442f9 100644
+--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
+@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
+ COPTS=@CFLAGS@
+ 
+ DESTDIR = $(INSTROOT)/@DESTDIR@
+-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+ 
+ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+ 
+diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
+index 489aef2..d2ef044 100644
+--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
+@@ -9,7 +9,7 @@ COPTS=@CFLAGS@
+ 
+ DESTDIR = $(INSTROOT)@DESTDIR@
+ MANDIR = $(DESTDIR)/share/man/man8
+-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
+ 
+ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
+ 
--- a/SOURCES/ppp-2.4.9-config.patch
+++ b/SOURCES/ppp-2.4.9-config.patch
@ -0,0 +1,21 @@
				@@ -0,0 +1,21 @@
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index e77373e..07df6a7 100644
+--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
+@@ -68,14 +68,14 @@ USE_TDB=y
+ #SYSTEMD=y
+ 
+ HAS_SHADOW=y
+-#USE_PAM=y
+USE_PAM=y
+ HAVE_INET6=y
+ 
+ # Enable plugins
+ PLUGIN=y
+ 
+ # Enable Microsoft proprietary Callback Control Protocol
+-#CBCP=y
+CBCP=y
+ 
+ # Enable EAP SRP-SHA1 authentication (requires libsrp)
+ #USE_SRP=y
--- a/SOURCES/ppp-2.4.9-configure-cflags-allow-commas.patch
+++ b/SOURCES/ppp-2.4.9-configure-cflags-allow-commas.patch
@ -0,0 +1,17 @@
				@@ -0,0 +1,17 @@
+diff --git a/configure b/configure
+index f977663..c7031c2 100755
+--- a/configure
+++ b/configure
+@@ -121,9 +121,9 @@ mkmkf() {
+     rm -f $2
+     if [ -f $1 ]; then
+ 	echo "  $2 <= $1"
+-	sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
+-	    -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
+-	    -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
+	sed -e "s|@DESTDIR@|$DESTDIR|g" -e "s|@SYSCONF@|$SYSCONF|g" \
+	    -e "s|@CROSS_COMPILE@|$CROSS_COMPILE|g" -e "s|@CC@|$CC|g" \
+	    -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2
+     fi
+ }
+ 
--- a/SOURCES/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
+++ b/SOURCES/ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
@ -0,0 +1,241 @@
				@@ -0,0 +1,241 @@
+From 302c1b736cb656c7885a0cba270fd953a672d8a8 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 7 Apr 2014 13:56:34 +0200
+Subject: [PATCH 13/27] everywhere: O_CLOEXEC harder
+
+---
+ pppd/eap.c       |  2 +-
+ pppd/main.c      |  4 ++--
+ pppd/options.c   |  4 ++--
+ pppd/sys-linux.c | 22 +++++++++++-----------
+ pppd/tdb.c       |  4 ++--
+ pppd/tty.c       |  4 ++--
+ pppd/utils.c     |  6 +++---
+ 7 files changed, 23 insertions(+), 23 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 6ea6c1f..faced53 100644
+--- a/pppd/eap.c
+++ b/pppd/eap.c
+@@ -1226,7 +1226,7 @@ mode_t modebits;
+ 
+ 	if ((path = name_of_pn_file()) == NULL)
+ 		return (-1);
+-	fd = open(path, modebits, S_IRUSR | S_IWUSR);
+	fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
+ 	err = errno;
+ 	free(path);
+ 	errno = err;
+diff --git a/pppd/main.c b/pppd/main.c
+index 6d50d1b..4880377 100644
+--- a/pppd/main.c
+++ b/pppd/main.c
+@@ -420,7 +420,7 @@ main(argc, argv)
+ 	die(0);
+ 
+     /* Make sure fds 0, 1, 2 are open to somewhere. */
+-    fd_devnull = open(_PATH_DEVNULL, O_RDWR);
+    fd_devnull = open(_PATH_DEVNULL, O_RDWR | O_CLOEXEC);
+     if (fd_devnull < 0)
+ 	fatal("Couldn't open %s: %m", _PATH_DEVNULL);
+     while (fd_devnull <= 2) {
+@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
+     if (log_to_fd >= 0)
+ 	errfd = log_to_fd;
+     else
+-	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
+	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
+ 
+     ++conn_running;
+     pid = safe_fork(in, out, errfd);
+diff --git a/pppd/options.c b/pppd/options.c
+index 1d754ae..8e62635 100644
+--- a/pppd/options.c
+++ b/pppd/options.c
+@@ -1544,9 +1544,9 @@ setlogfile(argv)
+ 	option_error("unable to drop permissions to open %s: %m", *argv);
+ 	return 0;
+     }
+-    fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
+    fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
+     if (fd < 0 && errno == EEXIST)
+-	fd = open(*argv, O_WRONLY | O_APPEND);
+	fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
+     err = errno;
+     if (!privileged_option && seteuid(euid) == -1)
+ 	fatal("unable to regain privileges: %m");
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index 8a12fa0..00a2cf5 100644
+--- a/pppd/sys-linux.c
+++ b/pppd/sys-linux.c
+@@ -459,7 +459,7 @@ int generic_establish_ppp (int fd)
+ 	    goto err;
+ 	}
+ 	dbglog("using channel %d", chindex);
+-	fd = open("/dev/ppp", O_RDWR);
+	fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ 	if (fd < 0) {
+ 	    error("Couldn't reopen /dev/ppp: %m");
+ 	    goto err;
+@@ -619,7 +619,7 @@ static int make_ppp_unit()
+ 		dbglog("in make_ppp_unit, already had /dev/ppp open?");
+ 		close(ppp_dev_fd);
+ 	}
+-	ppp_dev_fd = open("/dev/ppp", O_RDWR);
+	ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ 	if (ppp_dev_fd < 0)
+ 		fatal("Couldn't open /dev/ppp: %m");
+ 	flags = fcntl(ppp_dev_fd, F_GETFL);
+@@ -693,7 +693,7 @@ int bundle_attach(int ifnum)
+ 	if (!new_style_driver)
+ 		return -1;
+ 
+-	master_fd = open("/dev/ppp", O_RDWR);
+	master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ 	if (master_fd < 0)
+ 		fatal("Couldn't open /dev/ppp: %m");
+ 	if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
+@@ -1715,7 +1715,7 @@ int sifproxyarp (int unit, u_int32_t his_adr)
+ 	if (tune_kernel) {
+ 	    forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
+ 	    if (forw_path != 0) {
+-		int fd = open(forw_path, O_WRONLY);
+		int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
+ 		if (fd >= 0) {
+ 		    if (write(fd, "1", 1) != 1)
+ 			error("Couldn't enable IP forwarding: %m");
+@@ -2030,7 +2030,7 @@ int ppp_available(void)
+     sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
+     kernel_version = KVERSION(osmaj, osmin, ospatch);
+ 
+-    fd = open("/dev/ppp", O_RDWR);
+    fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+     if (fd >= 0) {
+ 	new_style_driver = 1;
+ 
+@@ -2208,7 +2208,7 @@ void logwtmp (const char *line, const char *name, const char *host)
+ #if __GLIBC__ >= 2
+     updwtmp(_PATH_WTMP, &ut);
+ #else
+-    wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
+    wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
+     if (wtmp >= 0) {
+ 	flock(wtmp, LOCK_EX);
+ 
+@@ -2394,7 +2394,7 @@ int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr,
+ 	int fd;
+ 
+ 	path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
+-	if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
+	if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
+ 	    if (write(fd, "1", 1) != 1)
+ 		error("Couldn't enable dynamic IP addressing: %m");
+ 	    close(fd);
+@@ -2570,7 +2570,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+     /*
+      * Try the unix98 way first.
+      */
+-    mfd = open("/dev/ptmx", O_RDWR);
+    mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
+     if (mfd >= 0) {
+ 	int ptn;
+ 	if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
+@@ -2581,7 +2581,7 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ 	    if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
+ 		warn("Couldn't unlock pty slave %s: %m", pty_name);
+ #endif
+-	    if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
+	    if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ 	    {
+ 		warn("Couldn't open pty slave %s: %m", pty_name);
+ 		close(mfd);
+@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
+ 	for (i = 0; i < 64; ++i) {
+ 	    slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
+ 		     'p' + i / 16, i % 16);
+-	    mfd = open(pty_name, O_RDWR, 0);
+	    mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
+ 	    if (mfd >= 0) {
+ 		pty_name[5] = 't';
+-		sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
+		sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
+ 		if (sfd >= 0) {
+ 		    fchown(sfd, uid, -1);
+ 		    fchmod(sfd, S_IRUSR | S_IWUSR);
+diff --git a/pppd/tdb.c b/pppd/tdb.c
+index bdc5828..c7ab71c 100644
+--- a/pppd/tdb.c
+++ b/pppd/tdb.c
+@@ -1724,7 +1724,7 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+ 		goto internal;
+ 	}
+ 
+-	if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+	if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
+ 		TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
+ 			 name, strerror(errno)));
+ 		goto fail;	/* errno set by open(2) */
+@@ -1967,7 +1967,7 @@ int tdb_reopen(TDB_CONTEXT *tdb)
+ 	}
+ 	if (close(tdb->fd) != 0)
+ 		TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
+-	tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
+	tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
+ 	if (tdb->fd == -1) {
+ 		TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
+ 		goto fail;
+diff --git a/pppd/tty.c b/pppd/tty.c
+index d571b11..bc96695 100644
+--- a/pppd/tty.c
+++ b/pppd/tty.c
+@@ -569,7 +569,7 @@ int connect_tty()
+ 				status = EXIT_OPEN_FAILED;
+ 				goto errret;
+ 			}
+-			real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
+			real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
+ 			err = errno;
+ 			if (prio < OPRIO_ROOT && seteuid(0) == -1)
+ 				fatal("Unable to regain privileges");
+@@ -723,7 +723,7 @@ int connect_tty()
+ 	if (connector == NULL && modem && devnam[0] != 0) {
+ 		int i;
+ 		for (;;) {
+-			if ((i = open(devnam, O_RDWR)) >= 0)
+			if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
+ 				break;
+ 			if (errno != EINTR) {
+ 				error("Failed to reopen %s: %m", devnam);
+diff --git a/pppd/utils.c b/pppd/utils.c
+index 29bf970..6051b9a 100644
+--- a/pppd/utils.c
+++ b/pppd/utils.c
+@@ -918,14 +918,14 @@ lock(dev)
+     slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
+ #endif
+ 
+-    while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
+    while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
+ 	if (errno != EEXIST) {
+ 	    error("Can't create lock file %s: %m", lock_file);
+ 	    break;
+ 	}
+ 
+ 	/* Read the lock file to find out who has the device locked. */
+-	fd = open(lock_file, O_RDONLY, 0);
+	fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
+ 	if (fd < 0) {
+ 	    if (errno == ENOENT) /* This is just a timing problem. */
+ 		continue;
+@@ -1004,7 +1004,7 @@ relock(pid)
+ 
+     if (lock_file[0] == 0)
+ 	return -1;
+-    fd = open(lock_file, O_WRONLY, 0);
+    fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
+     if (fd < 0) {
+ 	error("Couldn't reopen lock file %s: %m", lock_file);
+ 	lock_file[0] = 0;
+-- 
+1.8.3.1
+
--- a/SOURCES/ppp-logrotate.conf
+++ b/SOURCES/ppp-logrotate.conf
@ -0,0 +1,10 @@
				@@ -0,0 +1,10 @@
+# Logrotate file for ppp RPM
+ 
+/var/log/ppp/connect-errors {
+	missingok
+	compress
+	notifempty
+	daily
+	rotate 5
+	create 0600 root root
+}
--- a/SOURCES/ppp-pam.conf
+++ b/SOURCES/ppp-pam.conf
@ -0,0 +1,5 @@
				@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth       include	password-auth
+account    required	pam_nologin.so
+account    include	password-auth
+session    include	password-auth
--- a/SOURCES/ppp-tmpfiles.conf
+++ b/SOURCES/ppp-tmpfiles.conf
@ -0,0 +1,2 @@
				@@ -0,0 +1,2 @@
+d	/run/ppp	0755 root root
+d	/run/lock/ppp	0755 root root
--- a/SOURCES/ppp-watch.tar.xz
+++ b/SOURCES/ppp-watch.tar.xz
--- a/SPECS/ppp.spec
+++ b/SPECS/ppp.spec
@ -0,0 +1,760 @@
				@@ -0,0 +1,760 @@
+%global _hardened_build 1
+
+Name:    ppp
+Version: 2.4.9
+Release: 5%{?dist}
+Summary: The Point-to-Point Protocol daemon
+License: BSD and LGPLv2+ and GPLv2+ and Public Domain
+URL:     http://www.samba.org/ppp
+
+Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz
+Source1: ppp-pam.conf
+Source2: ppp-logrotate.conf
+Source3: ppp-tmpfiles.conf
+Source4: ip-down
+Source5: ip-down.ipv6to4
+Source6: ip-up
+Source7: ip-up.ipv6to4
+Source8: ipv6-down
+Source9: ipv6-up
+Source10: ifup-ppp
+Source11: ifdown-ppp
+Source12: ppp-watch.tar.xz
+
+# Fedora-specific
+Patch0002:     ppp-2.4.9-config.patch
+Patch0004:     0004-doc-add-configuration-samples.patch
+Patch0005:     ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
+Patch0006:     0006-scritps-use-change_resolv_conf-function.patch
+Patch0011:     0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
+Patch0012:     ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
+Patch0013:     ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
+Patch0014:     0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
+Patch0015:     0015-pppd-move-pppd-database-to-var-run-ppp.patch
+Patch0016:     0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
+Patch0018:     0018-scritps-fix-ip-up.local-sample.patch
+Patch0020:     0020-pppd-put-lock-files-in-var-lock-ppp.patch
+Patch0023:     0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
+Patch0024:     0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
+Patch0025:     ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
+Patch0026:     ppp-2.4.9-configure-cflags-allow-commas.patch
+
+BuildRequires: make
+BuildRequires: gcc
+BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
+BuildRequires: openssl-devel
+
+Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
+Requires(pre): /usr/bin/getent
+Requires(pre): /usr/sbin/groupadd
+
+%description
+The ppp package contains the PPP (Point-to-Point Protocol) daemon and
+documentation for PPP support. The PPP protocol provides a method for
+transmitting datagrams over serial point-to-point links. PPP is
+usually used to dial in to an ISP (Internet Service Provider) or other
+organization over a modem and phone line.
+
+%package -n network-scripts-%{name}
+Summary: PPP legacy network service support
+Requires: network-scripts
+Supplements: (%{name} and network-scripts)
+
+%description -n network-scripts-%{name}
+This provides the ifup and ifdown scripts for use with the legacy network
+service.
+
+%package devel
+Summary: Headers for ppp plugin development
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+This package contains the header files for building plugins for ppp.
+
+%prep
+%setup -qn %{name}-%{name}-%{version}
+%autopatch -p1
+
+tar -xJf %{SOURCE12}
+
+%build
+%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
+%{make_build} LDFLAGS="%{?build_ldflags} -pie"
+%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"
+
+%install
+make INSTROOT=%{buildroot} install install-etcppp
+find scripts -type f | xargs chmod a-x
+make ROOT=%{buildroot} -C ppp-watch install
+
+# create log files dir
+install -d %{buildroot}%{_localstatedir}/log/ppp
+
+# install pam config
+install -d %{buildroot}%{_sysconfdir}/pam.d
+install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ppp
+
+# install logrotate script
+install -d %{buildroot}%{_sysconfdir}/logrotate.d
+install -m 644 -p %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/ppp
+
+# install tmpfiles drop-in
+install -d %{buildroot}%{_tmpfilesdir}
+install -m 644 -p %{SOURCE3} %{buildroot}%{_tmpfilesdir}/ppp.conf
+
+# install scripts (previously owned by initscripts package)
+install -d %{buildroot}%{_sysconfdir}/ppp
+install -p %{SOURCE4} %{buildroot}%{_sysconfdir}/ppp/ip-down
+install -p %{SOURCE5} %{buildroot}%{_sysconfdir}/ppp/ip-down.ipv6to4
+install -p %{SOURCE6} %{buildroot}%{_sysconfdir}/ppp/ip-up
+install -p %{SOURCE7} %{buildroot}%{_sysconfdir}/ppp/ip-up.ipv6to4
+install -p %{SOURCE8} %{buildroot}%{_sysconfdir}/ppp/ipv6-down
+install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/ppp/ipv6-up
+
+install -d %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/
+install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
+install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
+
+# ghosts
+mkdir -p %{buildroot}%{_rundir}/ppp
+mkdir -p %{buildroot}%{_rundir}/lock/ppp
+
+%pre
+/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
+
+%post
+%tmpfiles_create ppp.conf
+
+%files
+%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
+%{_sbindir}/chat
+%{_sbindir}/pppd
+%{_sbindir}/pppdump
+%{_sbindir}/pppoe-discovery
+%{_sbindir}/pppstats
+%{_sbindir}/ppp-watch
+%dir %{_sysconfdir}/ppp
+%{_sysconfdir}/ppp/ip-up
+%{_sysconfdir}/ppp/ip-down
+%{_sysconfdir}/ppp/ip-up.ipv6to4
+%{_sysconfdir}/ppp/ip-down.ipv6to4
+%{_sysconfdir}/ppp/ipv6-up
+%{_sysconfdir}/ppp/ipv6-down
+%{_mandir}/man8/chat.8*
+%{_mandir}/man8/pppd.8*
+%{_mandir}/man8/pppdump.8*
+%{_mandir}/man8/pppd-radattr.8*
+%{_mandir}/man8/pppd-radius.8*
+%{_mandir}/man8/pppstats.8*
+%{_mandir}/man8/pppoe-discovery.8*
+%{_mandir}/man8/ppp-watch.8*
+%{_libdir}/pppd
+%ghost %dir %{_rundir}/ppp
+%ghost %dir %{_rundir}/lock/ppp
+%dir %{_sysconfdir}/logrotate.d
+%attr(700, root, root) %dir %{_localstatedir}/log/ppp
+%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
+%config(noreplace) %{_sysconfdir}/ppp/eaptls-server
+%config(noreplace) %{_sysconfdir}/ppp/chap-secrets
+%config(noreplace) %{_sysconfdir}/ppp/options
+%config(noreplace) %{_sysconfdir}/ppp/pap-secrets
+%config(noreplace) %{_sysconfdir}/pam.d/ppp
+%config(noreplace) %{_sysconfdir}/logrotate.d/ppp
+%{_tmpfilesdir}/ppp.conf
+
+%files -n network-scripts-%{name}
+%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
+%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
+
+%files devel
+%{_includedir}/pppd
+%doc PLUGINS
+
+%changelog
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-5
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-4
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.9-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jan  5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-1
+- New version
+  Resolves: rhbz#1912617
+
+* Mon Aug 10 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-8
+- Added workaround for Windows Server 2019
+  Resolves: rhbz#1867047
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.8-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu May 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-6
+- Added missing options to man pages
+
+* Tue Apr  7 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-5
+- Updated EAP-TLS patch to v1.300
+
+* Mon Apr  6 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-4
+- Updated EAP-TLS patch to v1.201
+
+* Fri Feb 28 2020 Tom Stellard <tstellar@redhat.com> - 2.4.8-3
+- Use make_build macro
+- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
+
+* Wed Feb 26 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-2
+- Fixed ghost directories verification
+
+* Fri Feb 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-1
+- New version
+- Changed sources to github
+- Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h,
+  ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags,
+  ppp-2.4.7-coverity-scan-fixes  patches (all upstreamed)
+- Fixed buffer overflow in the eap_request and eap_response functions
+  Resolves: CVE-2020-8597
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-33
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.4.7-30
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Mon Dec  3 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-29
+- Fixed some issues found by coverity scan
+
+* Tue Nov 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-28
+- Fixed network scripts related regression caused by release 26
+
+* Mon Nov  5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-27
+- Updated EAP-TLS patch to v1.102
+
+* Tue Jul 24 2018 Lubomir Rintel <lkundrak@v3.sk> - 2.4.7-26
+- Split out the network-scripts
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Sat Jun 30 2018 Peter Robinson <pbrobinson@fedoraproject.org> 2.4.7-24
+- Remove group/defattr, minor spec cleanups
+
+* Wed Jun 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-23
+- Replaced initscripts requirement by the network-scripts
+  Resolves: rhbz#1592384
+
+* Tue Jun  5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-22
+- Updated EAP-TLS patch to v1.101
+  Resolves: CVE-2018-11574
+
+* Mon Apr  9 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-21
+- Link with -E not to break plugins
+  Resolves: rhbz#1564459
+
+* Fri Apr  6 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-20
+- Also build all DSOs with distro's LDFLAGS
+  Related: rhbz#1563157
+
+* Wed Apr  4 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-19
+- Build with distro's LDFLAGS
+  Resolves: rhbz#1563157
+
+* Tue Mar 27 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-18
+- Used openssl for the DES instead of the libcrypt / glibc
+  Resolves: rhbz#1556132
+
+* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.4.7-17
+- Escape macros in %%changelog
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2.4.7-15
+- Rebuilt for switch to libxcrypt
+
+* Mon Aug 21 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-14
+- EAP-TLS patch updated to version 0.999
+- Switched to openssl-1.1
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Sat Dec 10 2016 Lubomir Rintel <lkundrak@v3.sk> - 2.4.7-10
+- Fix FTBFS
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.7-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Feb 09 2015 Michal Sekletar <msekleta@redhat.com> - 2.4.7-7
+- prevent running into issues caused by undefined behavior (pointers of incompatible types aliasing the same object)
+
+* Wed Dec 10 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.7-6
+- fix logical expression in eap_client_active macro (#1023620)
+
+* Wed Nov 19 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.7-5
+- don't mark logrotate config as executable (#1164435)
+
+* Tue Sep  2 2014 Peter Robinson <pbrobinson@fedoraproject.org> 2.4.7-4
+- devel package should depend on base package as per guidelines
+
+* Tue Aug 19 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.7-3
+- don't mark tmpfiles dropin as executable (#1131293)
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Mon Aug 11 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.7-1
+- rebase to 2.4.7. Includes fix for CVE-2014-3158 (#1128716)
+
+* Fri Jun 20 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.6-6
+- version 0.997 of EAP-TLS patch
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.6-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed Apr 16 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.6-4
+- move ppp initscripts to ppp package (#1088220)
+
+* Mon Apr 14 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.6-3
+- don't require perl and expect (#1086846)
+
+* Thu Apr 10 2014 Michal Sekletar <msekleta@redhat.com> - 2.4.6-2
+- rebase to 2.4.6
+
+* Thu Aug 01 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-33
+- fix post installation scriptlet
+
+* Fri Jul 12 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-32
+- don't ship /var/lock/ppp in rpm payload and create it in %%post instead
+- fix installation of tmpfiles.d configuration
+- enable hardened build
+- fix bogus dates in changelog
+- compile all binaries with hardening flags
+
+* Thu Jul 04 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-31
+- fix possible NULL pointer dereferencing
+
+* Wed May 29 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-30
+- make radius plugin config parser less strict
+- resolves : #906913
+
+* Wed Mar 20 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-29
+- Add creation of dip system group
+
+* Wed Mar 20 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-28
+- Add /etc/logrotate.d to files section since we no longer hard depend on logrotate
+
+* Wed Mar 20 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-27
+- Don't hard depend on logrotate
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Mon Nov 12 2012 Michal Sekletar <msekleta@redhat.com> - 2.4.5-25
+- Resolves: #840190 - install configuration file in /usr/lib/tmpfiles.d
+
+* Tue Sep 11 2012 Michal Sekletar <msekleta@redhat.com> - 2.4.5-24
+- Removed unnecessary dependency on systemd-unit
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue May 29 2012 Michal Sekletar <msekleta@redhat.com>
+- Resolves: #817011 - fixed ppp-2.4.5-eaptls-mppe-0.99 patch, added variable definition
+
+* Mon May 21 2012 Michal Sekletar <msekleta@redhat.com>
+- Resolves: #817013 - fixed support for multilink channels in pppol2tp plugin
+
+* Thu May 17 2012 Michal Sekletar <msekleta@redhat.com>
+- Resolves: #771340 - fixed compilation of pppd without USE_EAPTLS
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon May 30 2011 Jiri Skala <jskala@redhat.com> - 2.4.5-18
+- fixes #682381 - hardcodes eth0
+- fixes #708260 - SELinux is preventing access on the file LCK..ttyUSB3
+
+* Mon Apr 04 2011 Jiri Skala <jskala@redhat.com> - 2.4.5-17
+- fixes #664282 and #664868 - man page fixes
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.5-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Thu Dec 02 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-15
+- corrected tmpfiles.d conf
+- replaced remaining /etc by macros
+
+* Tue Nov 30 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-14
+- fixes #656671 - /var/run and /var/lock on tmpfs
+- replaced paths /var /etc by macros
+
+* Tue Nov 16 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-13
+- fixes #565294 - SELinux is preventing /sbin/consoletype access to a leaked packet_socket fd
+
+* Wed Sep 29 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-12
+- fixes #637513 - Missing: README.eap-tls
+- updated to latest eaptls upstream
+- fixes #637886 - EAP-TLS not working with enabled PPP Multilink Framing option
+
+* Thu Aug 05 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-11
+- fixes #617625 - FTBFS in ppp due to change in kernel-headers
+- fixes pppol2tp Makefile
+
+* Tue Jul 13 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-10
+- fixes #613717 - Missing line in example script ip-up.local.add
+- removed /usr/kerberos/include from eaptls patch
+
+* Wed Jun 16 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-9
+- included eap-tls patch
+
+* Wed Apr 07 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-8
+- added pppoe-discovery(8)
+
+* Fri Mar 05 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-7
+- removed duplicities from patches (ip-*.local.add)
+
+* Fri Feb 12 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-6
+- fixes #560014 - SELinux is preventing /usr/sbin/pppd "read write" access on pppd2.tdb
+
+* Thu Feb 04 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-5
+- one line correction in fd_leak patch
+
+* Wed Feb 03 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-4
+- applied patch fd_leak
+
+* Fri Jan 22 2010 Jiri Skala <jskala@redhat.com> - 2.4.5-3
+- fixed some rpmlint complains
+
+* Sun Nov 22 2009 Jiri Skala <jskala@redhat.com>  - 2.4.5-2
+- updated patches (make local succeeded, koji failed)
+
+* Fri Nov 20 2009 Jiri Skala <jskala@redhat.com>  - 2.4.5-1
+- updated to latest upstream sources (#538058)
+
+* Thu Oct 08 2009 Jiri Skala <jskala@redhat.com>  - 2.4.4-14
+- fixed #519042 - ppp package is missing URL in spec
+- fixed #524575 - ppp: no_strip patch modifies backup files created by previous patches
+
+* Wed Sep 16 2009 Tomas Mraz <tmraz@redhat.com> 2.4.4-13
+- use password-auth common PAM configuration instead of system-auth
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.4-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Fri Mar 06 2009 - Jiri Skala <jskala@redhat.com> 2.4.4-11
+- fixed #488764 - package upgrade should not replace configuration files
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.4-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Thu Dec 11 2008 Jiri Skala <jskala@redhat.com> 2.4.4.-9
+- fixed #467004 PPP sometimes gets incorrect DNS servers for mobile broadband connections
+
+* Thu Aug 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.4.4-8
+- fix license tag
+
+* Tue May 13 2008 Martin Nagy <mnagy@redhat.com> 2.4.4-7
+- add new speeds, patch by Jason Vas Dias (#446132)
+
+* Thu Mar 06 2008 Martin Nagy <mnagy@redhat.com> 2.4.4-6
+- call closelog earlier (#222295)
+- fix ChapMS2 (#217076)
+- moving header files to new -devel package (#203542)
+
+* Mon Mar 03 2008 Martin Nagy <mnagy@redhat.com> 2.4.4-5
+- put logs into /var/log/ppp (#118837)
+
+* Mon Feb 11 2008 Martin Nagy <mnagy@redhat.com> 2.4.4-4
+- rebuild for gcc-4.3
+
+* Fri Nov 09 2007 Martin Nagy <mnagy@redhat.com> 2.4.4-3
+- removed undesired files from the package (#241753)
+
+* Fri Dec  1 2006 Thomas Woerner <twoerner@redhat.com> 2.4.4-2
+- fixed build requirement for libpcap (#217661)
+
+* Wed Jul 19 2006 Thomas Woerner <twoerner@redhat.com> 2.4.4-1
+- new version 2.4.4 with lots of fixes
+- fixed reesolv.conf docs (#165072)
+  Thanks to Matt Domsch for the initial patch
+- enabled CBCP (#199278)
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.4.3-6.2.2
+- rebuild
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.4.3-6.2.1
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.4.3-6.2
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Sat Nov 12 2005 Florian La Roche <laroche@redhat.com>
+- rebuild
+
+* Fri Nov  4 2005 David Woodhouse <dwmw2@redhat.com> 2.4.3-5
+- Implement ipv6cp-accept-remote option
+
+* Fri Oct  7 2005 Tomas Mraz <tmraz@redhat.com> 2.4.3-4
+- use include instead of pam_stack in pam config
+
+* Sun Jul 31 2005 Florian La Roche <laroche@redhat.com>
+- rebuild for libpcap of the day
+
+* Tue Jul 19 2005 Thomas Woerner <twoerner@redhat.com> 2.4.3-2.1
+- additional patch for the scripts, thanks to Sammy (#163621)
+
+* Tue Jul 19 2005 Thomas Woerner <twoerner@redhat.com> 2.4.3-2
+- dropped all executable bits in scripts directory to prevent rpm requiring
+  programs used in there
+
+* Mon Jul 18 2005 Thomas Woerner <twoerner@redhat.com> 2.4.3-1
+- new version 2.4.3
+  - updated patches: make, lib64, dontwriteetc, fix, fix64, no_strip,
+    radiusplugin
+  - dropped patches: bpf, signal, pcap, pppoatm, pkgcheck
+
+* Tue Nov  2 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-7
+- fixed out of bounds memory access, possible DOS
+
+* Thu Oct  7 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-6.3
+- Fix use of 'demand' without explicit MTU/MRU with pppoatm
+
+* Tue Oct  5 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-6.2
+- Link pppoatm plugin against libresolv.
+- Revert to linux-atm headers without the workaround for #127098
+
+* Mon Oct  4 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-6.1
+- Include atmsap.h for pppoatm plugin.
+
+* Mon Oct  4 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-6
+- Add pppoatm plugin (#131555)
+
+* Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-5.1
+- fixed subscript out of range (#132677)
+
+* Wed Sep 15 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-5
+- example scripts are using change_resolv_conf to modify /etc/resolv.conf
+  (#132482)
+- require new libpcap library (>= 0.8.3-6) with a fix for inbound/outbound
+  filter processing
+- not using internal libpcap structures anymore, fixes inbound/outbound
+  filter processing (#128053)
+
+* Fri Aug  6 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-4
+- fixed signal handling (#29171)
+
+* Mon Jun 21 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-3.1
+- fixed compiler warnings
+- fixed 64bit problem with ms-chap (#125501)
+- enabled pie again
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Mon May 24 2004 David Woodhouse <dwmw2@redhat.com> 2.4.2-2.3
+- Enable IPv6 support. Disable PIE to avoid bogus Provides:
+
+* Fri May 14 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-2.2
+- compiled pppd and chat PIE
+
+* Thu May 13 2004 Thomas Woerner <twoerner@redhat.com> 2.4.2-2.1
+- added 'missingok' to ppp.logrotate (#122911)
+
+* Fri May 07 2004 Nils Philippsen <nphilipp@redhat.com> 2.4.2-2
+- don't write to /etc (#118837)
+
+* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 2.4.2-1
+- update to 2.4.2
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Sep  5 2003 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-15
+- rebuild
+
+* Fri Sep  5 2003 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-14
+- apply the patch from -11
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Tue Jun  3 2003 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-12
+- rebuild
+
+* Tue Jun  3 2003 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-11
+- check for libcrypt in the right directory at compile-time
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Thu Dec 12 2002 Elliot Lee <sopwith@redhat.com> 2.4.1-9
+- Fix build failure by rebuilding
+
+* Tue Nov 19 2002 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-8
+- rebuild
+- set x86_64 to use varargs the way s390 does
+
+* Mon Jul 22 2002 Florian La Roche <Florian.LaRoche@redhat.de>
+- add patch:
+	* Thu Jun 06 2002 Phil Knirsch <pknirsch@redhat.com>
+	- Fixed varargs problem for s390/s390x.
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Sun May 26 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-4
+- rebuild in new environment
+
+* Wed Feb 27 2002 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-3
+- revert cbcp patch, it's wrong (#55367)
+
+* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-2
+- add buildprereq on pam-devel (#49559)
+- add patch to respond to CBCP LCP requests (#15738)
+- enable cbcp support at build-time
+- change the Copyright: tag to a License: tag
+
+* Wed May 23 2001 Nalin Dahyabhai <nalin@redhat.com> 2.4.1-1
+- update to 2.4.1
+
+* Fri Dec  1 2000 Nalin Dahyabhai <nalin@redhat.com>
+- rebuild in new environment
+
+* Thu Nov  9 2000 Nalin Dahyabhai <nalin@redhat.com>
+- update to 2.4.0
+
+* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
+- automatic rebuild
+
+* Mon Jun  5 2000 Nalin Dahyabhai <nalin@redhat.com>
+- move man pages to %%{_mandir}
+
+* Thu Jun  1 2000 Nalin Dahyabhai <nalin@redhat.com>
+- change perms using defattr
+- modify PAM setup to use system-auth
+
+* Sun Mar 26 2000 Florian La Roche <Florian.La Roche@redhat.com>
+- change to root:root perms
+
+* Mon Mar 06 2000 Nalin Dahyabhai <nalin@redhat.com>
+- reaper bugs verified as fixed
+- check pam_open_session result code (bug #9966)
+
+* Mon Feb 07 2000 Nalin Dahyabhai <nalin@redhat.com>
+- take a shot at the wrong reaper bugs (#8153, #5290)
+
+* Thu Feb 03 2000 Nalin Dahyabhai <nalin@redhat.com>
+- free ride through the build system (release 2)
+
+* Tue Jan 18 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to 2.3.11
+
+* Sat Nov 06 1999 Michael K. Johnson <johnsonm@redhat.com>
+- Better fix for both problems
+
+* Fri Nov 05 1999 Michael K. Johnson <johnsonm@redhat.com>
+- fix for double-dial problem
+- fix for requiring a controlling terminal problem
+
+* Sun Sep 19 1999 Preston Brown <pbrown@redhat.com>
+- 2.3.10 bugfix release
+
+* Fri Aug 13 1999 Michael K. Johnson <johnsonm@redhat.com>
+- New version 2.3.9 required for kernel 2.3.13 and will be required
+  for new initscripts.  auth patch removed; 2.3.9 does the same thing
+  more readably than the previous patch.
+
+* Thu Jun 24 1999 Cristian Gafton <gafton@redhat.com>
+- add pppdump
+
+* Fri Apr 09 1999 Cristian Gafton <gafton@redhat.com>
+- force pppd use the glibc's logwtmp instead of implementing its own
+
+* Thu Apr 01 1999 Preston Brown <pbrown@redhat.com>
+- version 2.3.7 bugfix release
+
+* Tue Mar 23 1999 Cristian Gafton <gafton@redhat.com>
+- version 2.3.6
+
+* Mon Mar 22 1999 Michael Johnson <johnsonm@redhat.com>
+- auth patch
+
+* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
+- auto rebuild in the new build environment (release 3)
+
+* Thu Jan 07 1999 Cristian Gafton <gafton@redhat.com>
+- build for glibc 2.1
+
+* Fri Jun  5 1998 Jeff Johnson <jbj@redhat.com>
+- updated to 2.3.5.
+
+* Tue May 19 1998 Prospector System <bugs@redhat.com>
+- translations modified for de
+
+* Fri May  8 1998 Jakub Jelinek <jj@ultra.linux.cz>
+- make it run with kernels 2.1.100 and above.
+
+* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
+- translations modified for de, fr, tr
+
+* Wed Mar 18 1998 Cristian Gafton <gafton@redhat.com>
+- requires glibc 2.0.6 or later
+
+* Wed Mar 18 1998 Michael K. Johnson <johnsonm@redhat.com>
+- updated PAM patch to not turn off wtmp/utmp/syslog logging.
+
+* Wed Jan  7 1998 Cristian Gafton <gafton@redhat.com>
+- added the /etc/pam.d config file
+- updated PAM patch to include session support
+
+* Tue Jan  6 1998 Cristian Gafton <gafton@redhat.com>
+- updated to ppp-2.3.3, build against glibc-2.0.6 - previous patches not
+  required any more.
+- added buildroot
+- fixed the PAM support, which was really, completely broken and against any
+  standards (session support is still not here... :-( )
+- we build against running kernel and pray that it will work
+- added a samples patch; updated glibc patch
+
+* Thu Dec 18 1997 Erik Troan <ewt@redhat.com>
+- added a patch to use our own route.h, rather then glibc's (which has
+  alignment problems on Alpha's) -- I only applied this patch on the Alpha,
+  though it should be safe everywhere
+
+* Fri Oct 10 1997 Erik Troan <ewt@redhat.com>
+- turned off the execute bit for scripts in /usr/doc
+
+* Fri Jul 18 1997 Erik Troan <ewt@redhat.com>
+- built against glibc
+
+* Tue Mar 25 1997 Erik Troan <ewt@redhat.com>
+- Integrated new patch from David Mosberger
+- Improved description