diff -pruN 2.4.9-1+1.1/debian/changelog 2.4.9-1+1.1ubuntu1/debian/changelog --- 2.4.9-1+1.1/debian/changelog 2022-04-11 09:11:33.000000000 +0000 +++ 2.4.9-1+1.1ubuntu1/debian/changelog 2022-08-25 17:01:06.000000000 +0000 @@ -1,3 +1,16 @@ +ppp (2.4.9-1+1.1ubuntu1) kinetic; urgency=medium + + * Merge with Debian unstable. Remaining changes: + - d/p/expose-mppe-keys-via-api.patch, d/ppp.symbols: allow plugins to + access MPPE keys to enable external SSTP support. + * Drop changes (adopted in Debian in 2.4.9-1+1.1): + - debian/extra/ip-up.d/0000usepeerdns: Added NetworkManager check, which + lets the script exit when NetworkManager is in use + - Fix the length of the username when responding to an EAP MSCHAPv2 + challenge. + + -- Robie Basak Thu, 18 Aug 2022 14:07:10 +0100 + ppp (2.4.9-1+1.1) unstable; urgency=high * Non-maintainer upload @@ -14,6 +27,40 @@ ppp (2.4.9-1+1.1) unstable; urgency=high -- Bastian Germann Mon, 11 Apr 2022 11:11:33 +0200 +ppp (2.4.9-1+1ubuntu3) jammy; urgency=medium + + * d/p/eap-mschap-v2-namelen.patch: fix the length of the username when + responding to an EAP MSCHAPv2 challenge (LP: #1958196). + * d/p/expose-mppe-keys-via-api.patch: allow plugins to access MPPE keys to + enable external SSTP support. + * Thanks to Eivind Næss. + + -- Robie Basak Thu, 24 Feb 2022 17:14:02 +0000 + +ppp (2.4.9-1+1ubuntu2) jammy; urgency=medium + + * No-change rebuild against openssl3 + + -- Simon Chopin Wed, 01 Dec 2021 16:11:26 +0000 + +ppp (2.4.9-1+1ubuntu1) impish; urgency=low + + [ Simon Chopin ] + * Merge from Debian unstable (LP: #1912168). Remaining changes: + - debian/extra/ip-up.d/0000usepeerdns: Added NetworkManager check, which + lets the script exit when NetworkManager is in use + * Dropped changes as obsolete + - debian/patches/CVE-2020-8597.patch: fix bounds check in EAP code in + pppd/eap.c. + + [ Iain Lane ] + * Also drop this change: + - Stop producing udebs on i386 where we no longer have d-i or a kernel. + + Since hirsute these aren't built anyway, so we no longer need to + exclude them on specific arches. + + -- Simon Chopin Mon, 16 Aug 2021 19:00:43 +0200 + ppp (2.4.9-1+1) unstable; urgency=medium [ Samuel Thibault ] @@ -128,6 +175,63 @@ ppp (2.4.8-1+1~exp1) experimental; urgen -- Chris Boot Sat, 15 Feb 2020 16:42:26 +0000 +ppp (2.4.7-2+4.1ubuntu8) hirsute; urgency=medium + + * No-change rebuild to drop the udeb package. + + -- Matthias Klose Thu, 25 Feb 2021 06:59:12 +0100 + +ppp (2.4.7-2+4.1ubuntu7) hirsute; urgency=medium + + * No-change rebuild to drop the udeb package. + + -- Matthias Klose Mon, 22 Feb 2021 10:36:02 +0100 + +ppp (2.4.7-2+4.1ubuntu6) groovy; urgency=medium + + * SECURITY UPDATE: arbitrary file disclosure vulnerability + - debian/patches/load_ppp_generic_if_needed: removed, ppp has been + built into Ubuntu kernels since at least 2012. + - CVE-2020-15704 + + -- Marc Deslauriers Thu, 23 Jul 2020 08:39:04 -0400 + +ppp (2.4.7-2+4.1ubuntu5) focal; urgency=medium + + * SECURITY UPDATE: rhostname buffer overflow + - debian/patches/CVE-2020-8597.patch: fix bounds check in EAP code in + pppd/eap.c. + - CVE-2020-8597 + + -- Marc Deslauriers Tue, 11 Feb 2020 10:03:25 -0500 + +ppp (2.4.7-2+4.1ubuntu4) eoan; urgency=medium + + * Stop producing udebs on i386 where we no longer have d-i or a kernel. + + -- Adam Conrad Wed, 09 Oct 2019 14:11:51 -0600 + +ppp (2.4.7-2+4.1ubuntu3) eoan; urgency=medium + + * No-change upload with strops.h and sys/strops.h removed in glibc. + + -- Matthias Klose Thu, 05 Sep 2019 11:06:52 +0000 + +ppp (2.4.7-2+4.1ubuntu2) eoan; urgency=medium + + * debian/extra/ip-up.d/0000usepeerdns: Added NetworkManager check, which + lets the script exit when NetworkManager is in use (LP: #1778946). + + -- Till Kamppeter Fri, 08 Feb 2019 17:37:29 +0100 + +ppp (2.4.7-2+4.1ubuntu1) disco; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + + -- Gianfranco Costamagna Fri, 15 Mar 2019 13:18:08 +0100 + ppp (2.4.7-2+4.1) unstable; urgency=medium * Non-maintainer upload. @@ -137,12 +241,37 @@ ppp (2.4.7-2+4.1) unstable; urgency=medi -- Chris Lamb Sat, 09 Mar 2019 14:48:25 +0000 +ppp (2.4.7-2+4ubuntu2) disco; urgency=medium + + * debian/patches/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch: + - upstream proposed fix for new glibc 2.28 (thanks ) + + -- Gianfranco Costamagna Fri, 09 Nov 2018 19:32:52 +0100 + +ppp (2.4.7-2+4ubuntu1) disco; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + + -- Gianfranco Costamagna Fri, 09 Nov 2018 10:53:51 +0100 + ppp (2.4.7-2+4) unstable; urgency=medium * Update EAP-TLS patch to version 1.102. (Closes: #912822) -- Chris Boot Sun, 04 Nov 2018 12:56:54 +0000 +ppp (2.4.7-2+3ubuntu1) cosmic; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + * debian/ppp.symbols: updated for Ubuntu. + * Drop preinst change. + + -- Gianfranco Costamagna Wed, 13 Jun 2018 14:01:31 +0200 + ppp (2.4.7-2+3) unstable; urgency=high * Update EAP-TLS patch to version 1.101. (CVE-2018-11574) @@ -150,6 +279,19 @@ ppp (2.4.7-2+3) unstable; urgency=high -- Chris Boot Sat, 09 Jun 2018 14:20:01 +0100 +ppp (2.4.7-2+2ubuntu1) bionic; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + - debian/ppp.preinst: deal with the change in LSB headers start runlevels + of pppd-dns due to dropping our changes (which are no longer necessary + since resolvconf is installed in most systems and has been for a while); + this should probably be kept until the next LTS. + * debian/ppp.symbols: updated for Ubuntu. + + -- Gianfranco Costamagna Sat, 03 Mar 2018 20:37:19 +0100 + ppp (2.4.7-2+2) unstable; urgency=medium * Correct a bug in MS-CHAP authentication introduced in 2.4.7-2+1~exp1 which @@ -157,6 +299,19 @@ ppp (2.4.7-2+2) unstable; urgency=medium -- Chris Boot Sun, 25 Feb 2018 22:28:25 +0000 +ppp (2.4.7-2+1ubuntu1) bionic; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + - debian/ppp.preinst: deal with the change in LSB headers start runlevels + of pppd-dns due to dropping our changes (which are no longer necessary + since resolvconf is installed in most systems and has been for a while); + this should probably be kept until the next LTS. + * debian/ppp.symbols: updated for Ubuntu. + + -- Łukasz 'sil2100' Zemczak Fri, 23 Feb 2018 14:11:03 +0100 + ppp (2.4.7-2+1) unstable; urgency=medium [ Алексей Шилин ] @@ -213,6 +368,36 @@ ppp (2.4.7-2+1~exp1) experimental; urgen -- Chris Boot Sun, 11 Feb 2018 19:17:06 +0000 +ppp (2.4.7-1+4ubuntu3) bionic; urgency=high + + * Replace debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch with + debian/patches/ppp-2.4.7-eaptls-mppe-0.999.patch: + - Use a modified, newer patch for the EAP-TLS/MPPE support that works with + openssl1.1. Fixes FTBFS. + + -- Łukasz 'sil2100' Zemczak Wed, 07 Feb 2018 01:11:51 +0100 + +ppp (2.4.7-1+4ubuntu2) bionic; urgency=high + + * No change rebuild against openssl1.1. + + -- Dimitri John Ledkov Mon, 05 Feb 2018 16:52:03 +0000 + +ppp (2.4.7-1+4ubuntu1) bionic; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + - debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch: EAP-TLS/MPPE support + patch from Jan Just Keijser. + - debian/control: add libssl-dev to Build-Depends for the EAP-TLS patch. + - debian/ppp.preinst: deal with the change in LSB headers start runlevels + of pppd-dns due to dropping our changes (which are no longer necessary + since resolvconf is installed in most systems and has been for a while); + this should probably be kept until the next LTS. + + -- Łukasz 'sil2100' Zemczak Fri, 20 Oct 2017 18:06:25 +0200 + ppp (2.4.7-1+4) unstable; urgency=medium [ Helmut Grohne ] @@ -235,6 +420,23 @@ ppp (2.4.7-1+3) unstable; urgency=medium -- Chris Boot Mon, 29 Aug 2016 00:15:43 +0100 +ppp (2.4.7-1+2ubuntu1) xenial; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + - debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch: EAP-TLS/MPPE support + patch from Jan Just Keijser. + - debian/control: add libssl-dev to Build-Depends for the EAP-TLS patch. + - debian/ppp.preinst: deal with the change in LSB headers start runlevels + of pppd-dns due to dropping our changes (which are no longer necessary + since resolvconf is installed in most systems and has been for a while); + this should probably be kept until the next LTS. + * debian/ppp.symbols: + - Update the symbols to include changes from our Ubuntu patches. + + -- Łukasz 'sil2100' Zemczak Thu, 28 Jan 2016 10:01:37 +0100 + ppp (2.4.7-1+2) unstable; urgency=medium * Replace my email address for my debian.org address. @@ -276,6 +478,21 @@ ppp (2.4.7-1+2~exp1) experimental; urgen -- Chris Boot Sat, 05 Dec 2015 13:35:51 +0000 +ppp (2.4.7-1+1ubuntu1) xenial; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + - debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch: EAP-TLS/MPPE support + patch from Jan Just Keijser. + - debian/control: add libssl-dev to Build-Depends for the EAP-TLS patch. + - debian/ppp.preinst: deal with the change in LSB headers start runlevels + of pppd-dns due to dropping our changes (which are no longer necessary + since resolvconf is installed in most systems and has been for a while); + this should probably be kept until the next LTS. + + -- Łukasz 'sil2100' Zemczak Thu, 07 Jan 2016 13:27:59 +0100 + ppp (2.4.7-1+1) unstable; urgency=medium * Upload to unstable. @@ -325,6 +542,23 @@ ppp (2.4.7-1+1~exp1) experimental; urgen -- Chris Boot Fri, 06 Nov 2015 15:32:25 +0000 +ppp (2.4.6-3.1ubuntu1) vivid; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + - add EAP-TLS/MPPE support patch from Jan Just Keijser. + - debian/control: add libssl-dev to Build-Depends for the EAP-TLS patch. + * debian/patches/ppp-2.4.5-eaptls-mppe-0.994.patch, + debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch: updated the EAP-TLS/MPPE + support patch to the latest version from its upstream (also refreshed it). + * debian/ppp.preinst: deal with the change in LSB headers start runlevels + of pppd-dns due to dropping our changes (which are no longer necessary + since resolvconf is installed in most systems and has been for a while); + this should probably be kept until the next LTS. + + -- Scott Kitterman Thu, 16 Apr 2015 09:07:29 -0400 + ppp (2.4.6-3.1) unstable; urgency=high * Non-maintainer upload. @@ -338,6 +572,23 @@ ppp (2.4.6-3.1) unstable; urgency=high -- Emanuele Rocca Tue, 14 Apr 2015 08:18:06 +0200 +ppp (2.4.6-3ubuntu1) vivid; urgency=medium + + * Merge with Debian unstable; remaining changes: + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + - add EAP-TLS/MPPE support patch from Jan Just Keijser. + - debian/control: add libssl-dev to Build-Depends for the EAP-TLS patch. + * debian/patches/ppp-2.4.5-eaptls-mppe-0.994.patch, + debian/patches/ppp-2.4.6-eaptls-mppe-0.997.patch: updated the EAP-TLS/MPPE + support patch to the latest version from its upstream (also refreshed it). + * debian/ppp.preinst: deal with the change in LSB headers start runlevels + of pppd-dns due to dropping our changes (which are no longer necessary + since resolvconf is installed in most systems and has been for a while); + this should probably be kept until the next LTS. + + -- Mathieu Trudel-Lapierre Fri, 19 Dec 2014 13:51:52 -0500 + ppp (2.4.6-3) unstable; urgency=high * Urgency high due to fix for CVE-2014-3158. @@ -512,6 +763,39 @@ ppp (2.4.5-5.2) unstable; urgency=low -- Chris Boot Tue, 28 May 2013 15:56:31 +0100 +ppp (2.4.5-5.1ubuntu3) utopic; urgency=medium + + * Drop gdm dependency from the pppd-dns script, to resolve failing to + configure ppp package without having gdm's init.d script enabled (and + thus gdm installed & configured). + + -- Dimitri John Ledkov Thu, 29 May 2014 08:54:57 +0200 + +ppp (2.4.5-5.1ubuntu2) raring-proposed; urgency=low + + * add EAPTLS-MPPE 0.994 patch from http://www.nikhef.nl/~janjust/ppp/ + (Closes: #602503, LP: #643417) (quilt refreshed) + * debian/control: Build-Depends on libssl-dev + + -- Pavel Plesov Sun, 23 Dec 2012 23:44:40 +0400 + +ppp (2.4.5-5.1ubuntu1) raring; urgency=low + + [ Ubuntu Merge-o-Matic ] + * Merge from Debian unstable. Remaining changes: + - /etc/ppp/options: default is noauth instead of auth. + - extra/pon: Perform ppp_on_boot migration from pppoe package. + - debian/ppp.postinst: init script migration for version before + 2.4.5~git20081126t100229-0ubuntu2. + - debian/ppp.pppd-dns: Update LSB header. + - Provide pppoe_on_boot file. + - Move pppd-dns script to S45. + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + - Fix FTBFS with linux 3.5 headers. + + -- Adam Conrad Sun, 02 Dec 2012 03:57:07 -0700 + ppp (2.4.5-5.1) unstable; urgency=low * Non-maintainer upload. @@ -519,12 +803,49 @@ ppp (2.4.5-5.1) unstable; urgency=low -- Robert Millan Sun, 22 Apr 2012 16:25:45 +0200 +ppp (2.4.5-5ubuntu2) quantal-proposed; urgency=low + + * FTBS fix against linux 3.5 headers: Update debian/patches/update_if_pppol2tp + to reflect changes in Linux 3.5 includes. + + -- Tim Gardner Tue, 25 Sep 2012 16:20:00 +0000 + +ppp (2.4.5-5ubuntu1) natty; urgency=low + + * Merge from debian unstable. (LP: #712419) Remaining changes: + - /etc/ppp/options: default is noauth instead of auth. + - extra/pon: Perform ppp_on_boot migration from pppoe package. + - debian/ppp.postinst: init script migration for version before + 2.4.5~git20081126t100229-0ubuntu2. + - debian/ppp.pppd-dns: Update LSB header. + - Provide pppoe_on_boot file. + - Move pppd-dns script to S45. + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + + -- Angel Abad Thu, 03 Feb 2011 13:16:46 +0100 + ppp (2.4.5-5) unstable; urgency=medium * Updated debconf translation: da. (Closes: #601791) -- Marco d'Itri Wed, 19 Jan 2011 23:24:16 +0100 +ppp (2.4.5-4ubuntu1) natty; urgency=low + + * Merge with Debian; remaining changes: + - /etc/ppp/options: default is noauth instead of auth. + - extra/pon: Perform ppp_on_boot migration from pppoe package. + - debian/ppp.postinst: init script migration for version before + 2.4.5~git20081126t100229-0ubuntu2. + - debian/ppp.pppd-dns: Update LSB header. + - Provide pppoe_on_boot file. + - Move pppd-dns script to S45. + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed. + + -- Matthias Klose Wed, 24 Nov 2010 18:12:47 +0100 + ppp (2.4.5-4) unstable; urgency=low * Make sure to actually rebuild pppd for the udeb instead of using the @@ -601,6 +922,115 @@ ppp (2.4.4rel-10.1) unstable; urgency=lo -- Christian Perrier Fri, 28 Nov 2008 18:36:26 +0100 +ppp (2.4.5~git20081126t100229-0ubuntu4) maverick; urgency=low + + * debian/patches/update_if_pppol2tp: Update include/linux/if_pppol2tp.h to + match current kernel definitions (LP: #600947). + + -- Colin Watson Fri, 09 Jul 2010 17:27:36 +0100 + +ppp (2.4.5~git20081126t100229-0ubuntu3) lucid; urgency=low + + * rebuild rest of main for armel armv7/thumb2 optimization; + UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2 + + -- Alexander Sack Sun, 07 Mar 2010 01:01:51 +0100 + +ppp (2.4.5~git20081126t100229-0ubuntu2) jaunty; urgency=low + + * debian/rules: Start the init script in runlevels 1-5, it does not need to + start before gdm. + * debian/ppp.postinst: Remove old init script symlinks. + * debian/ppp.pppd-dns: Update LSB header. + + -- Scott James Remnant Fri, 20 Feb 2009 15:15:49 +0000 + +ppp (2.4.5~git20081126t100229-0ubuntu1) jaunty; urgency=low + + * new upstream snapshot 2.4.5pre gitXXXX + * debian/rules,debian/scripts/vars bump upstream version and + and tarball dir + * rebase debian patches that still apply + - debian/patches/008_pathnames.h.diff, + debian/patches/010_scripts_README.diff, + debian/patches/011_scripts_redialer.diff, + debian/patches/018_ip-up_option.diff, + debian/patches/atm_resolver_light, + debian/patches/chat_man, + debian/patches/cifdefroute.dif, + debian/patches/close_dev_ppp, + debian/patches/fix_linkpidfile, + debian/patches/fix_null_pppdb, + debian/patches/load_ppp_generic_if_needed, + debian/patches/no_crypt_hack, + debian/patches/no_crypt_hack_2.4.5, + debian/patches/ppp-2.3.11-oedod.dif, + debian/patches/ppp-2.4.2-stripMSdomain, + debian/patches/pppdump_use_zlib, + debian/patches/pppdump_z_no_deflate, + debian/patches/pppoatm_cleanup, + debian/patches/pppoe_readme, + debian/patches/readable_connerrs, + debian/patches/resolv.conf_no_log, + debian/patches/setevn_call_file, + debian/patches/syslog_local2, + debian/patches/zzz_config, + debian/patches/zzz_man_typos + * drop patches superseeded upstream + - debian/patches/fix_close_fd0 + - debian/patches/fix_mschapv2_ppp + - debian/patches/pppoatm_fix_mtu + - debian/patches/pppoe_cleanup + - debian/patches/zzzz_lp258801_fix_ppp_dns_1.patch + - debian/patches/zzzz_lp258801_fix_ppp_dns_2.patch + - debian/patches/zzzz_lp258801_fix_ppp_dns.patch + * add patches required for new codebase: + - no_crypt_hack_2.4.5: crypt is now also getting used in session.c + apply NO_CRYPT_HACK for -udeb support here too + + -- Alexander Sack Mon, 16 Feb 2009 11:57:28 +0100 + +ppp (2.4.4rel-10.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Traditional Chinese. Closes: #505952 + - Catalan. Closes: #506336 + - Swedish. Closes: #491421 + - Japanese. Closes: #489333 + - Polish. Closes: #506852 + - Belarusian. Closes: #506927 + + -- Christian Perrier Fri, 28 Nov 2008 18:36:26 +0100 + +ppp (2.4.4rel-10ubuntu2.8.10.1) intrepid-proposed; urgency=low + + * fix LP: #258801; Gets bogus DNS servers during PPP negotiation; we + apply two more patches from git (details in patch) + - add debian/patches/zzzz_lp258801_fix_ppp_dns_1.patch + - add debian/patches/zzzz_lp258801_fix_ppp_dns_2.patch + + -- Alexander Sack Wed, 19 Nov 2008 14:05:43 +0100 + +ppp (2.4.4rel-10ubuntu2) intrepid; urgency=low + + * fix LP: #258801; Gets bogus DNS servers during PPP negotiation; we apply + the patch from http://marc.info/?l=linux-ppp&m=119559914711075&w=2 + - add debian/patches/zzzz_lp258801_fix_ppp_dns.patch + + -- Alexander Sack Thu, 16 Oct 2008 03:17:37 +0200 + +ppp (2.4.4rel-10ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - "Perform ppp_on_boot migration from pppoe package." + - provide pppoe_on_boot file + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed + - /etc/ppp/options: default is noauth instead of auth. + + -- Michael Vogt Mon, 23 Jun 2008 14:04:47 +0200 + ppp (2.4.4rel-10) unstable; urgency=low * ppp-udeb: allow for preseeding of the netcfg/get_hostname template. @@ -637,6 +1067,24 @@ ppp (2.4.4rel-10) unstable; urgency=low -- Frans Pop Tue, 08 Apr 2008 16:53:04 +0200 +ppp (2.4.4rel-9ubuntu2) gutsy; urgency=low + + * Trigger rebuild for hppa + + -- LaMont Jones Thu, 04 Oct 2007 12:21:29 -0600 + +ppp (2.4.4rel-9ubuntu1) gutsy; urgency=low + + * Merge from debian unstable, remaining changes: + - "Perform ppp_on_boot migration from pppoe package." + - provide pppoe_on_boot file + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed + - /etc/ppp/options: default is noauth instead of auth. + - maintainer field set to ubuntu + + -- Michael Vogt Tue, 15 May 2007 11:09:49 +0200 + ppp (2.4.4rel-9) unstable; urgency=low * ppp-udeb: quote username and password in pap/chap secrets since they @@ -710,6 +1158,22 @@ ppp (2.4.4rel-5) unstable; urgency=low -- Eddy Petrișor Mon, 29 Jan 2007 16:58:03 +0200 +ppp (2.4.4rel-4.1ubuntu2) feisty; urgency=low + + * /etc/ppp/options: default is noauth instead of auth. + + -- Ian Jackson Wed, 4 Apr 2007 16:46:49 +0100 + +ppp (2.4.4rel-4.1ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - "Perform ppp_on_boot migration from pppoe package." + - provide pppoe_on_boot file + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed + + -- Michael Vogt Wed, 20 Dec 2006 12:23:42 +0100 + ppp (2.4.4rel-4.1) unstable; urgency=low * Non-maintainer upload with maintainer's consent. @@ -722,6 +1186,16 @@ ppp (2.4.4rel-4.1) unstable; urgency=low -- Arnaud Fontaine Thu, 14 Dec 2006 21:31:55 +0100 +ppp (2.4.4rel-4ubuntu1) feisty; urgency=low + + * Merge from debian unstable. Remaining changes: + - "Perform ppp_on_boot migration from pppoe package." + - provide pppoe_on_boot file + - debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel + module if needed + + -- Michael Vogt Fri, 24 Nov 2006 08:39:13 +0100 + ppp (2.4.4rel-4) unstable; urgency=low [ Eddy Petrișor ] @@ -775,6 +1249,12 @@ ppp (2.4.4rel-2) unstable; urgency=high -- Marco d'Itri Wed, 12 Jul 2006 18:26:01 +0200 +ppp (2.4.4rel-1ubuntu1) edgy; urgency=low + + * Merge to Debian unstable. + + -- Martin Pitt Mon, 10 Jul 2006 18:34:10 +0200 + ppp (2.4.4rel-1) unstable; urgency=high * New upstream release. Fixes: @@ -790,6 +1270,36 @@ ppp (2.4.4rel-1) unstable; urgency=high -- Marco d'Itri Sun, 9 Jul 2006 18:38:54 +0200 +ppp (2.4.4b1-1ubuntu4) edgy; urgency=low + + * SECURITY UPDATE: Potential privilege escalation. + * debian/patches/winbind-setuid-failure-check: + - Check for a failing setuid() call (which can happen if the user hits PAM + limits). Before, a failing setuid() call would execute the NTLM + authentication helper as root. + - CVE-2006-2194 + + -- Martin Pitt Wed, 5 Jul 2006 11:48:13 +0200 + +ppp (2.4.4b1-1ubuntu3) dapper; urgency=low + + * Move script to S55. + + -- Scott James Remnant Thu, 23 Feb 2006 15:30:22 +0000 + +ppp (2.4.4b1-1ubuntu2) dapper; urgency=low + + * Move pppd-dns script to S45. + + -- Scott James Remnant Mon, 30 Jan 2006 14:23:23 +0000 + +ppp (2.4.4b1-1ubuntu1) dapper; urgency=low + + * Synchronise with Debian unstable. + * Still keep the pppoe_on_boot stuff. + + -- Matthias Klose Thu, 15 Dec 2005 14:46:57 +0000 + ppp (2.4.4b1-1) unstable; urgency=low * New upstream release. Fixes: @@ -819,6 +1329,12 @@ ppp (2.4.4b1-1) unstable; urgency=low -- Marco d'Itri Sun, 4 Dec 2005 15:22:23 +0100 +ppp (2.4.3-20050321+2ubuntu1) breezy; urgency=low + + * Resynchronise with Debian. + + -- Adam Conrad Fri, 27 May 2005 15:47:55 +0000 + ppp (2.4.3-20050321+2) unstable; urgency=high * Added patch close_dev_ppp to fix pppd spinning on select() and using @@ -834,6 +1350,20 @@ ppp (2.4.3-20050321+2) unstable; urgency -- Marco d'Itri Wed, 4 May 2005 02:00:04 +0200 +ppp (2.4.3-20050321+1ubuntu2) breezy; urgency=low + + * Drop debian/patches/libpcap0.8, which has since been applied to + the upstream sources, and debian/patches/pcap, which is the + Debian patch to revert to libpcap0.7 (Closes Ubuntu bug #10033) + + -- Adam Conrad Fri, 22 Apr 2005 00:16:08 +0000 + +ppp (2.4.3-20050321+1ubuntu1) breezy; urgency=low + + * Resynchronise with Debian, resolving merge conflicts. + + -- Adam Conrad Thu, 21 Apr 2005 08:53:53 +0000 + ppp (2.4.3-20050321+1) unstable; urgency=high * New upstream snapshot, with a fix for the persist configuration option. @@ -893,6 +1423,12 @@ ppp (2.4.3-20041231+1) unstable; urgency -- Marco d'Itri Thu, 24 Feb 2005 23:51:54 +0100 +ppp (2.4.2+20040428-6ubuntu1) hoary; urgency=low + + * Resynchronise with Debian. + + -- Michael Vogt Wed, 12 Jan 2005 10:00:49 +0100 + ppp (2.4.2+20040428-6) unstable; urgency=medium * Removed references to nscd from the 0000usepeerdns scripts. @@ -911,6 +1447,27 @@ ppp (2.4.2+20040428-6) unstable; urgency -- Marco d'Itri Thu, 30 Dec 2004 17:21:22 +0100 +ppp (2.4.2+20040428-5ubuntu3) hoary; urgency=low + + * Migrate to libpcap0.8 + - debian/patches/libpcap0.8 + - Build-Depend on libpcap0.8-dev rather than libpcap0.7-dev + + -- Matt Zimmerman Tue, 28 Dec 2004 13:44:43 -0800 + +ppp (2.4.2+20040428-5ubuntu2) hoary; urgency=low + + * Merge debian/ppp.init file. + * Remove patch applied in unstable (cbcp-check-packetlengths.diff). + + -- Matthias Klose Mon, 15 Nov 2004 15:22:11 +0000 + +ppp (2.4.2+20040428-5ubuntu1) hoary; urgency=low + + * Resynchronise with Debian. + + -- Scott James Remnant Tue, 09 Nov 2004 23:37:30 +0000 + ppp (2.4.2+20040428-5) unstable; urgency=medium * Removed patch pty_command_timeout. (Closes: #279929) @@ -953,6 +1510,66 @@ ppp (2.4.2+20040428-3) unstable; urgency -- Marco d'Itri Sun, 31 Oct 2004 16:02:19 +0100 +ppp (2.4.2+20040428-2ubuntu7) hoary; urgency=low + + * Security upload for hoary (see previous changelog for details). + + -- Martin Pitt Fri, 29 Oct 2004 09:02:37 +0200 + +ppp (2.4.2+20040428-2ubuntu6.1) warty-security; urgency=low + + * SECURITY UPDATE: fix potential buffer overflow and DOS (Warty bug #2808) + * added debian/patches/cbcp-check-packetlengths.diff to add proper packet + length and bounds checking to pppd/cbcp.c (taken from upstream CVS) + * References: + http://www.securityfocus.com/archive/1/379450 + + -- Martin Pitt Thu, 28 Oct 2004 14:48:17 +0200 + +ppp (2.4.2+20040428-2ubuntu6) warty; urgency=low + + * Small fix for ppp_on_boot migration; also fixes pointless warning in pon + (closes: Ubuntu#1977). + * Make really, really sure we get a /dev/ppp device by only loading + ppp_generic if /dev/ppp doesn't exist, and sleep for five seconds to work + around the udev race; move this to pppd, instead of pon, which also + guarantees that it's run as root (closes: Ubuntu#1980, #1981). + + -- Daniel Stone Sat, 2 Oct 2004 17:27:53 +1000 + +ppp (2.4.2+20040428-2ubuntu5) warty; urgency=low + + * If /etc/ppp_on_boot exists and is a symlink to /etc/ppp/ppp_on_boot.dsl, + which doesn't exist, then transition the symlink to pppoe_on_boot (closes: + Ubuntu#1153). + + -- Daniel Stone Sun, 26 Sep 2004 14:13:45 +1000 + +ppp (2.4.2+20040428-2ubuntu4) warty; urgency=low + + * Made pon load ppp_deflate (quietly), so /dev/ppp gets created (closes: + Ubuntu#1644). + + -- Daniel Stone Fri, 24 Sep 2004 14:12:06 +1000 + +ppp (2.4.2+20040428-2ubuntu3) warty; urgency=low + + * Add pppoe_on_boot, from pppoe's ppp_on_boot.dsl. + + -- Daniel Stone Thu, 23 Sep 2004 13:02:42 +1000 + +ppp (2.4.2+20040428-2ubuntu2) warty; urgency=low + + * Added versioned depend on lsb-base + + -- Nathaniel McCallum Fri, 3 Sep 2004 15:14:36 -0400 + +ppp (2.4.2+20040428-2ubuntu1) warty; urgency=low + + * debian/ppp.init: pretty initscript + + -- Nathaniel McCallum Fri, 3 Sep 2004 11:52:53 -0400 + ppp (2.4.2+20040428-2) unstable; urgency=medium * Temporarily removed patch ppp-2.4.2-libpcap.diff: switch back to diff -pruN 2.4.9-1+1.1/debian/control 2.4.9-1+1.1ubuntu1/debian/control --- 2.4.9-1+1.1/debian/control 2022-04-11 08:15:24.000000000 +0000 +++ 2.4.9-1+1.1ubuntu1/debian/control 2022-08-18 13:07:10.000000000 +0000 @@ -2,7 +2,8 @@ Source: ppp Section: admin Priority: optional Homepage: https://ppp.samba.org/ -Maintainer: Chris Boot +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Chris Boot Uploaders: Marco d'Itri Build-Depends: debhelper (>= 13~), diff -pruN 2.4.9-1+1.1/debian/patches/expose-mppe-keys-via-api.patch 2.4.9-1+1.1ubuntu1/debian/patches/expose-mppe-keys-via-api.patch --- 2.4.9-1+1.1/debian/patches/expose-mppe-keys-via-api.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.4.9-1+1.1ubuntu1/debian/patches/expose-mppe-keys-via-api.patch 2022-08-18 13:06:12.000000000 +0000 @@ -0,0 +1,870 @@ +Description: pppd: Expose the MPPE keys generated through an API + The lengthy part of this fix is to refactor the handling of MPPE keys + by moving it into mppe.c and thus reducing the clutter in chap_ms.c. + It does so by renaming the mppe_set_keys/2 to the corresponding + mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these + functions. + . + Having done so, it conveniently allows the name "mppe_set_keys" to be + re-used for this new purpose which will copy the key material up to + its size and then clear the input parameters (avoids leaving the MPPE + keys on the stack). + . + Additional functiions added to the MPPE code allow plugins et al. to + access the MPPE keys, clear the keys, and check if they are set. All + plugin and CCP code has been updated to use this API. + . + [rbasak] + The upstream patch was adjusted by the author against + d/p/replace-vendored-hash-functions.patch + . + Also see the discussion in the MP: + https://code.launchpad.net/~eivnaes/ubuntu/+source/ppp/+git/ppp/+merge/415397 +Author: Eivind Næss +Acked-By: Robie Basak +Origin: backport, https://github.com/ppp-project/ppp/commit/d706c95906d996534f13632a747af5dc617f306e +Bug: https://github.com/ppp-project/ppp/issues/258 +Last-Update: 2022-02-24 + +--- a/pppd/Makefile.sol2 ++++ b/pppd/Makefile.sol2 +@@ -37,7 +37,7 @@ + + # Uncomment to enable MS-CHAP + CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H +-OBJS += chap_ms.o pppcrypt.o md4.o sha1.o ++OBJS += chap_ms.o pppcrypt.o md4.o sha1.o mppe.o + + # Uncomment to enable MPPE (in both CHAP and EAP-TLS) + CFLAGS += -DMPPE +--- a/pppd/ccp.c ++++ b/pppd/ccp.c +@@ -38,10 +38,9 @@ + #include "ccp.h" + #include + +-#ifdef MPPE +-#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */ ++#include "chap_ms.h" ++#include "mppe.h" + #include "lcp.h" /* lcp_close(), lcp_fsm */ +-#endif + + + /* +@@ -574,7 +573,7 @@ + } + + /* A plugin (eg radius) may not have obtained key material. */ +- if (!mppe_keys_set) { ++ if (!mppe_keys_isset()) { + error("MPPE required, but keys are not available. " + "Possible plugin problem?"); + lcp_close(f->unit, "MPPE required but not available"); +@@ -705,7 +704,7 @@ + p[1] = opt_buf[1] = CILEN_MPPE; + MPPE_OPTS_TO_CI(go->mppe, &p[2]); + MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); +- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); ++ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); + res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0); + if (res > 0) + p += CILEN_MPPE; +@@ -1156,8 +1155,7 @@ + int mtu; + + BCOPY(p, opt_buf, CILEN_MPPE); +- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], +- MPPE_MAX_KEY_LEN); ++ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); + if (ccp_test(f->unit, opt_buf, + CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) { + /* This shouldn't happen, we've already tested it! */ +@@ -1426,8 +1424,7 @@ + notice("%s transmit compression enabled", method_name(ho, NULL)); + #ifdef MPPE + if (go->mppe) { +- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN); +- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN); ++ mppe_clear_keys(); + continue_networks(f->unit); /* Bring up IP et al */ + } + #endif +--- a/pppd/chap_ms.c ++++ b/pppd/chap_ms.c +@@ -93,7 +93,7 @@ + #include + #include "pppcrypt.h" + #include "magic.h" +- ++#include "mppe.h" + + + static void ascii2unicode (char[], int, u_char[]); +@@ -109,10 +109,6 @@ + static void ChapMS_LANMan (u_char *, char *, int, u_char *); + #endif + +-#ifdef MPPE +-static void Set_Start_Key (u_char *, char *, int); +-static void SetMasterKeys (char *, int, u_char[24], int); +-#endif + + #ifdef MSLANMAN + bool ms_lanman = 0; /* Use LanMan password instead of NT */ +@@ -120,10 +116,6 @@ + #endif + + #ifdef MPPE +-u_char mppe_send_key[MPPE_MAX_KEY_LEN]; +-u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; +-int mppe_keys_set = 0; /* Have the MPPE keys been set? */ +- + #ifdef DEBUGMPPEKEY + /* For MPPE debug */ + /* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */ +@@ -705,32 +697,8 @@ + rchallenge, username, authResponse); + } + +- + #ifdef MPPE + /* +- * Set mppe_xxxx_key from the NTPasswordHashHash. +- * RFC 2548 (RADIUS support) requires us to export this function (ugh). +- */ +-void +-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) +-{ +- SHA_CTX sha1Context; +- u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ +- +- SHA1_Init(&sha1Context); +- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); +- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); +- SHA1_Update(&sha1Context, rchallenge, 8); +- SHA1_Final(Digest, &sha1Context); +- +- /* Same key in both directions. */ +- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); +- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); +- +- mppe_keys_set = 1; +-} +- +-/* + * Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079) + */ + static void +@@ -744,105 +712,7 @@ + ascii2unicode(secret, secret_len, unicodePassword); + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); + NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); +- +- mppe_set_keys(rchallenge, PasswordHashHash); +-} +- +-/* +- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) +- * +- * This helper function used in the Winbind module, which gets the +- * NTHashHash from the server. +- */ +-void +-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], +- u_char NTResponse[24], int IsServer) +-{ +- SHA_CTX sha1Context; +- u_char MasterKey[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ +- u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ +- +- u_char SHApad1[40] = +- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; +- u_char SHApad2[40] = +- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, +- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, +- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, +- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; +- +- /* "This is the MPPE Master Key" */ +- u_char Magic1[27] = +- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, +- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, +- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; +- /* "On the client side, this is the send key; " +- "on the server side, it is the receive key." */ +- u_char Magic2[84] = +- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, +- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, +- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, +- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, +- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, +- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, +- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, +- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, +- 0x6b, 0x65, 0x79, 0x2e }; +- /* "On the client side, this is the receive key; " +- "on the server side, it is the send key." */ +- u_char Magic3[84] = +- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, +- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, +- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, +- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, +- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, +- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, +- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, +- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, +- 0x6b, 0x65, 0x79, 0x2e }; +- u_char *s; +- +- SHA1_Init(&sha1Context); +- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); +- SHA1_Update(&sha1Context, NTResponse, 24); +- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); +- SHA1_Final(MasterKey, &sha1Context); +- +- /* +- * generate send key +- */ +- if (IsServer) +- s = Magic3; +- else +- s = Magic2; +- SHA1_Init(&sha1Context); +- SHA1_Update(&sha1Context, MasterKey, 16); +- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); +- SHA1_Update(&sha1Context, s, 84); +- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); +- SHA1_Final(Digest, &sha1Context); +- +- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); +- +- /* +- * generate recv key +- */ +- if (IsServer) +- s = Magic2; +- else +- s = Magic3; +- SHA1_Init(&sha1Context); +- SHA1_Update(&sha1Context, MasterKey, 16); +- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); +- SHA1_Update(&sha1Context, s, 84); +- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); +- SHA1_Final(Digest, &sha1Context); +- +- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); +- +- mppe_keys_set = 1; ++ mppe_set_chapv1(rchallenge, PasswordHashHash); + } + + /* +@@ -858,12 +728,11 @@ + ascii2unicode(secret, secret_len, unicodePassword); + NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); + NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); +- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer); ++ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer); + } + + #endif /* MPPE */ + +- + void + ChapMS(u_char *rchallenge, char *secret, int secret_len, + unsigned char *response) +@@ -933,39 +802,6 @@ + #endif + } + +-#ifdef MPPE +-/* +- * Set MPPE options from plugins. +- */ +-void +-set_mppe_enc_types(int policy, int types) +-{ +- /* Early exit for unknown policies. */ +- if (policy != MPPE_ENC_POL_ENC_ALLOWED || +- policy != MPPE_ENC_POL_ENC_REQUIRED) +- return; +- +- /* Don't modify MPPE if it's optional and wasn't already configured. */ +- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe) +- return; +- +- /* +- * Disable undesirable encryption types. Note that we don't ENABLE +- * any encryption types, to avoid overriding manual configuration. +- */ +- switch(types) { +- case MPPE_ENC_TYPES_RC4_40: +- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ +- break; +- case MPPE_ENC_TYPES_RC4_128: +- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ +- break; +- default: +- break; +- } +-} +-#endif /* MPPE */ +- + static struct chap_digest_type chapms_digest = { + CHAP_MICROSOFT, /* code */ + chapms_generate_challenge, +--- a/pppd/chap_ms.h ++++ b/pppd/chap_ms.h +@@ -38,6 +38,7 @@ + #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ + #define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */ + #define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */ ++#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */ + /* as ASCII */ + + /* E=eeeeeeeeee error codes for MS-CHAP failure messages. */ +@@ -67,22 +68,6 @@ + #define MS_CHAP2_NTRESP_LEN 24 + #define MS_CHAP2_FLAGS 48 + +-#ifdef MPPE +-#include "mppe.h" /* MPPE_MAX_KEY_LEN */ +-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; +-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; +-extern int mppe_keys_set; +- +-/* These values are the RADIUS attribute values--see RFC 2548. */ +-#define MPPE_ENC_POL_ENC_ALLOWED 1 +-#define MPPE_ENC_POL_ENC_REQUIRED 2 +-#define MPPE_ENC_TYPES_RC4_40 2 +-#define MPPE_ENC_TYPES_RC4_128 4 +- +-/* used by plugins (using above values) */ +-extern void set_mppe_enc_types(int, int); +-#endif +- + /* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */ + #define MS_CHAP2_AUTHENTICATEE 0 + #define MS_CHAP2_AUTHENTICATOR 1 +@@ -90,12 +75,6 @@ + void ChapMS (u_char *, char *, int, u_char *); + void ChapMS2 (u_char *, u_char *, char *, char *, int, + u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int); +-#ifdef MPPE +-void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]); +-void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], +- u_char NTResponse[24], int IsServer); +-#endif +- + void ChallengeHash (u_char[16], u_char *, char *, u_char[8]); + + void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], +--- a/pppd/eap-tls.c ++++ b/pppd/eap-tls.c +@@ -48,6 +48,8 @@ + #include "eap-tls.h" + #include "fsm.h" + #include "lcp.h" ++#include "chap_ms.h" ++#include "mppe.h" + #include "pathnames.h" + + typedef struct pw_cb_data +@@ -72,10 +74,6 @@ + X509 *get_X509_from_file(char *filename); + int ssl_cmp_certs(char *filename, X509 * a); + +-#ifdef MPPE +- +-#define EAPTLS_MPPE_KEY_LEN 32 +- + /* + * OpenSSL 1.1+ introduced a generic TLS_method() + * For older releases we substitute the appropriate method +@@ -118,6 +116,10 @@ + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + + ++#ifdef MPPE ++ ++#define EAPTLS_MPPE_KEY_LEN 32 ++ + /* + * Generate keys according to RFC 2716 and add to reply + */ +@@ -159,20 +161,12 @@ + */ + if (client) + { +- p = out; +- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); +- p += EAPTLS_MPPE_KEY_LEN; +- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); ++ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN); + } + else + { +- p = out; +- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); +- p += EAPTLS_MPPE_KEY_LEN; +- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); ++ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN); + } +- +- mppe_keys_set = 1; + } + + #endif /* MPPE */ +--- a/pppd/eap-tls.h ++++ b/pppd/eap-tls.h +@@ -85,11 +85,6 @@ + char *capath, char *pkfile, int am_server); + + #ifdef MPPE +-#include "mppe.h" /* MPPE_MAX_KEY_LEN */ +-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; +-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; +-extern int mppe_keys_set; +- + void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client); + #endif + +--- /dev/null ++++ b/pppd/mppe.c +@@ -0,0 +1,248 @@ ++/* * mppe.c - MPPE key implementation ++ * ++ * Copyright (c) 2020 Eivind Naess. All rights reserved. ++ * Copyright (c) 2008 Paul Mackerras. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. The name(s) of the authors of this software must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. ++ * ++ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO ++ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY ++ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY ++ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN ++ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING ++ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ * ++ */ ++ ++#include ++ ++#include "pppd.h" ++#include "fsm.h" ++#include "ccp.h" ++#include "chap_ms.h" ++#include "mppe.h" ++#include ++#include ++ ++u_char mppe_send_key[MPPE_MAX_KEY_SIZE]; ++u_char mppe_recv_key[MPPE_MAX_KEY_SIZE]; ++int mppe_keys_set = 0; ++ ++void ++mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen) ++{ ++ int length = keylen; ++ if (length > MPPE_MAX_KEY_SIZE) ++ length = MPPE_MAX_KEY_SIZE; ++ ++ if (send_key) { ++ BCOPY(send_key, mppe_send_key, length); ++ BZERO(send_key, keylen); ++ } ++ ++ if (recv_key) { ++ BCOPY(recv_key, mppe_recv_key, length); ++ BZERO(recv_key, keylen); ++ } ++ ++ mppe_keys_set = length; ++} ++ ++bool ++mppe_keys_isset() ++{ ++ return !!mppe_keys_set; ++} ++ ++int ++mppe_get_recv_key(u_char *recv_key, int length) ++{ ++ if (mppe_keys_isset()) { ++ if (length > mppe_keys_set) ++ length = mppe_keys_set; ++ BCOPY(mppe_recv_key, recv_key, length); ++ return length; ++ } ++ return 0; ++} ++ ++int ++mppe_get_send_key(u_char *send_key, int length) ++{ ++ if (mppe_keys_isset()) { ++ if (length > mppe_keys_set) ++ length = mppe_keys_set; ++ BCOPY(mppe_send_key, send_key, length); ++ return length; ++ } ++ return 0; ++} ++ ++void ++mppe_clear_keys(void) ++{ ++ mppe_keys_set = 0; ++ BZERO(mppe_send_key, sizeof(mppe_send_key)); ++ BZERO(mppe_recv_key, sizeof(mppe_recv_key)); ++} ++ ++/* ++ * Set mppe_xxxx_key from the NTPasswordHashHash. ++ * RFC 2548 (RADIUS support) requires us to export this function (ugh). ++ */ ++void ++mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) ++{ ++ SHA_CTX sha1Context; ++ u_char Digest[SHA_DIGEST_LENGTH]; ++ ++ SHA1_Init(&sha1Context); ++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); ++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); ++ SHA1_Update(&sha1Context, rchallenge, 8); ++ SHA1_Final(Digest, &sha1Context); ++ ++ /* Same key in both directions. */ ++ mppe_set_keys(Digest, Digest, sizeof(Digest)); ++} ++ ++/* ++ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) ++ * ++ * This helper function used in the Winbind module, which gets the ++ * NTHashHash from the server. ++ */ ++void ++mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], ++ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer) ++{ ++ SHA_CTX sha1Context; ++ u_char MasterKey[SHA_DIGEST_LENGTH]; ++ u_char SendKey[SHA_DIGEST_LENGTH]; ++ u_char RecvKey[SHA_DIGEST_LENGTH]; ++ ++ u_char SHApad1[40] = ++ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; ++ u_char SHApad2[40] = ++ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, ++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, ++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, ++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; ++ ++ /* "This is the MPPE Master Key" */ ++ u_char Magic1[27] = ++ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, ++ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, ++ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; ++ /* "On the client side, this is the send key; " ++ "on the server side, it is the receive key." */ ++ u_char Magic2[84] = ++ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, ++ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, ++ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, ++ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, ++ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, ++ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, ++ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, ++ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, ++ 0x6b, 0x65, 0x79, 0x2e }; ++ /* "On the client side, this is the receive key; " ++ "on the server side, it is the send key." */ ++ u_char Magic3[84] = ++ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, ++ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, ++ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, ++ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, ++ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, ++ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, ++ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, ++ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, ++ 0x6b, 0x65, 0x79, 0x2e }; ++ u_char *s; ++ ++ SHA1_Init(&sha1Context); ++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); ++ SHA1_Update(&sha1Context, NTResponse, 24); ++ SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); ++ SHA1_Final(MasterKey, &sha1Context); ++ ++ /* ++ * generate send key ++ */ ++ if (IsServer) ++ s = Magic3; ++ else ++ s = Magic2; ++ SHA1_Init(&sha1Context); ++ SHA1_Update(&sha1Context, MasterKey, 16); ++ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); ++ SHA1_Update(&sha1Context, s, 84); ++ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); ++ SHA1_Final(SendKey, &sha1Context); ++ ++ /* ++ * generate recv key ++ */ ++ if (IsServer) ++ s = Magic2; ++ else ++ s = Magic3; ++ SHA1_Init(&sha1Context); ++ SHA1_Update(&sha1Context, MasterKey, 16); ++ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); ++ SHA1_Update(&sha1Context, s, 84); ++ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); ++ SHA1_Final(RecvKey, &sha1Context); ++ ++ mppe_set_keys(SendKey, RecvKey, SHA_DIGEST_LENGTH); ++} ++ ++/* ++ * Set MPPE options from plugins. ++ */ ++void ++mppe_set_enc_types(int policy, int types) ++{ ++ /* Early exit for unknown policies. */ ++ if (policy != MPPE_ENC_POL_ENC_ALLOWED && ++ policy != MPPE_ENC_POL_ENC_REQUIRED) ++ return; ++ ++ /* Don't modify MPPE if it's optional and wasn't already configured. */ ++ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe) ++ return; ++ ++ /* ++ * Disable undesirable encryption types. Note that we don't ENABLE ++ * any encryption types, to avoid overriding manual configuration. ++ */ ++ switch(types) { ++ case MPPE_ENC_TYPES_RC4_40: ++ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ ++ break; ++ case MPPE_ENC_TYPES_RC4_128: ++ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ ++ break; ++ default: ++ break; ++ } ++} ++ +--- a/pppd/mppe.h ++++ b/pppd/mppe.h +@@ -32,9 +32,12 @@ + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ ++#ifndef __MPPE_H__ ++#define __MPPE_H__ + + #define MPPE_PAD 4 /* MPPE growth per frame */ +-#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */ ++#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */ ++#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */ + + /* option bits for ccp_options.mppe */ + #define MPPE_OPT_40 0x01 /* 40 bit */ +@@ -119,3 +122,68 @@ + if (ptr[3] & ~MPPE_ALL_BITS) \ + opts |= MPPE_OPT_UNKNOWN; \ + } while (/* CONSTCOND */ 0) ++ ++ ++#if MPPE ++ ++/* ++ * NOTE: ++ * Access to these variables directly is discuraged. Please ++ * change your code to use below accessor functions. ++ */ ++ ++/* The key material generated which is used for MPPE send key */ ++extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE]; ++/* The key material generated which is used for MPPE recv key */ ++extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE]; ++/* Keys are set if value is non-zero */ ++extern int mppe_keys_set; ++ ++/* These values are the RADIUS attribute values--see RFC 2548. */ ++#define MPPE_ENC_POL_ENC_ALLOWED 1 ++#define MPPE_ENC_POL_ENC_REQUIRED 2 ++#define MPPE_ENC_TYPES_RC4_40 2 ++#define MPPE_ENC_TYPES_RC4_128 4 ++ ++/* used by plugins (using above values) */ ++void mppe_set_enc_types (int policy, int types); ++ ++/* ++ * Set the MPPE send and recv keys. NULL values for keys are ignored ++ * and input values are cleared to avoid leaving them on the stack ++ */ ++void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen); ++ ++/* ++ * Get the MPPE recv key ++ */ ++int mppe_get_recv_key(u_char *recv_key, int length); ++ ++/* ++ * Get the MPPE send key ++ */ ++int mppe_get_send_key(u_char *send_key, int length); ++ ++/* ++ * Clear the MPPE keys ++ */ ++void mppe_clear_keys(void); ++ ++/* ++ * Check if the MPPE keys are set ++ */ ++bool mppe_keys_isset(void); ++ ++/* ++ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079 ++ */ ++void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]); ++ ++/* ++ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079 ++ */ ++void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], ++ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer); ++ ++#endif // #ifdef MPPE ++#endif // #ifdef __MPPE_H__ +--- a/pppd/plugins/radius/radius.c ++++ b/pppd/plugins/radius/radius.c +@@ -31,6 +31,7 @@ + #ifdef CHAPMS + #include "chap_ms.h" + #ifdef MPPE ++#include "mppe.h" + #include + #endif + #endif +@@ -743,11 +744,12 @@ + * Note that if the policy value was '0' we don't set the key! + */ + if (mppe_enc_policy && mppe_enc_keys) { +- mppe_keys_set = 1; + /* Set/modify allowed encryption types. */ + if (mppe_enc_types) +- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types); ++ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types); ++ return 0; + } ++ mppe_clear_keys(); + #endif + + return 0; +@@ -803,7 +805,7 @@ + * the NAS (us) doesn't need; we only need the start key. So we have + * to generate the start key, sigh. NB: We do not support the LM-Key. + */ +- mppe_set_keys(challenge, &plain[8]); ++ mppe_set_chapv1(challenge, &plain[8]); + + return 0; + } +@@ -855,7 +857,7 @@ + for (i = 0; i < 16; i++) + plain[i] ^= buf[i]; + +- if (plain[0] != sizeof(mppe_send_key) /* 16 */) { ++ if (plain[0] != 16) { + error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", + (int) plain[0], type); + return -1; +@@ -869,9 +871,9 @@ + plain[16] ^= buf[0]; /* only need the first byte */ + + if (vp->attribute == PW_MS_MPPE_SEND_KEY) +- memcpy(mppe_send_key, plain + 1, 16); ++ mppe_set_keys(plain + 1, NULL, 16); + else +- memcpy(mppe_recv_key, plain + 1, 16); ++ mppe_set_keys(NULL, plain + 1, 16); + + return 0; + } +--- a/pppd/plugins/winbind.c ++++ b/pppd/plugins/winbind.c +@@ -37,11 +37,9 @@ + #include "pppd.h" + #include "chap-new.h" + #include "chap_ms.h" +-#ifdef MPPE +-#include +-#endif + #include "fsm.h" + #include "ipcp.h" ++#include "mppe.h" + #include + #include + #include +@@ -583,7 +581,7 @@ + nt_response, nt_response_size, + session_key, + &error_string) == AUTHENTICATED) { +- mppe_set_keys(challenge, session_key); ++ mppe_set_chapv1(challenge, session_key); + slprintf(message, message_space, "Access granted"); + return AUTHENTICATED; + +@@ -628,7 +626,7 @@ + &response[MS_CHAP2_NTRESP], + &response[MS_CHAP2_PEER_CHALLENGE], + challenge, user, saresponse); +- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP], ++ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP], + MS_CHAP2_AUTHENTICATOR); + if (response[MS_CHAP2_FLAGS]) { + slprintf(message, message_space, "S=%s", saresponse); +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -105,6 +105,8 @@ + endif + ifdef MPPE + CFLAGS += -DMPPE=1 ++PPPDOBJS += mppe.o ++PPPDSRC += mppe.c + HEADERS += mppe.h + endif + endif diff -pruN 2.4.9-1+1.1/debian/patches/series 2.4.9-1+1.1ubuntu1/debian/patches/series --- 2.4.9-1+1.1/debian/patches/series 2022-04-11 08:55:48.000000000 +0000 +++ 2.4.9-1+1.1ubuntu1/debian/patches/series 2022-08-18 13:06:12.000000000 +0000 @@ -18,3 +18,4 @@ replace-vendored-hash-functions.patch # upstream backports eap-mschap-v2-namelen.patch +expose-mppe-keys-via-api.patch diff -pruN 2.4.9-1+1.1/debian/ppp.symbols 2.4.9-1+1.1ubuntu1/debian/ppp.symbols --- 2.4.9-1+1.1/debian/ppp.symbols 2022-04-11 08:15:24.000000000 +0000 +++ 2.4.9-1+1.1ubuntu1/debian/ppp.symbols 2022-08-18 13:06:12.000000000 +0000 @@ -1,11 +1,11 @@ pppd.so.2.4.9 ppp #MINVER# * Build-Depends-Package: ppp-dev # Ignore all symbols that start with an underscore in the Base module - (regex|optional)"^_.*@Base$" 2.4.7-1+2~ + (regex|optional)"^_.*@Base$" 2.4.9-1+1~ # Ignore $global$ which seems to appear on hppa only - (optional)$global$@Base 2.4.7-1+2~ + (optional)$global$@Base 2.4.9-1+1~ # Ignore everything that claims it's part of glibc - (regex|optional)"@GLIBC_" 2.4.7-1+2~ + (regex|optional)"@GLIBC_" 2.4.9-1+1~ # All others should be pppd symbols ChallengeHash@Base 2.4.7-1+2~ ChapMS2@Base 2.4.7-1+2~ @@ -302,11 +302,17 @@ pppd.so.2.4.9 ppp #MINVER# mp_check_options@Base 2.4.7-1+2~ mp_exit_bundle@Base 2.4.7-1+2~ mp_join_bundle@Base 2.4.7-1+2~ + mppe_clear_keys@Base 2.4.9-1+1~ + mppe_get_recv_key@Base 2.4.9-1+1~ + mppe_get_send_key@Base 2.4.9-1+1~ + mppe_keys_isset@Base 2.4.9-1+1~ mppe_keys_set@Base 2.4.7-1+2~ mppe_recv_key@Base 2.4.7-1+2~ mppe_send_key@Base 2.4.7-1+2~ - mppe_set_keys2@Base 2.4.7-1+2~ mppe_set_keys@Base 2.4.7-1+2~ + mppe_set_chapv1@Base 2.4.9-1+1~ + mppe_set_chapv2@Base 2.4.9-1+1~ + mppe_set_enc_types@Base 2.4.9-1+1~ multilink@Base 2.4.7-1+2~ multilink_join_hook@Base 2.4.7-1+2~ multilink_master@Base 2.4.7-1+2~ @@ -419,7 +425,6 @@ pppd.so.2.4.9 ppp #MINVER# session_start@Base 2.4.7-1+2~ set_filters@Base 2.4.7-1+2~ set_ifunit@Base 2.4.7-1+2~ - set_mppe_enc_types@Base 2.4.7-1+2~ set_up_tty@Base 2.4.7-1+2~ setdtr@Base 2.4.7-1+2~ setipaddr@Base 2.4.7-1+2~