-* In 2.3.1, I made a change which was intended to make pppd able to
-detect loss of CD during or immediately after the connection script
-runs. Unfortunately, this had the side-effect that the connection
-script wouldn't work at all on some systems. This change has been
-reversed.
-
-* Fix compilation problems in the Linux kernel driver.
-
-
-What's new in ppp-2.3.
-**********************
-
-* Demand-dialling. Pppd now has a mode where it will establish the
-network interface immediately when it starts, but not actually bring
-the link up until it sees some data to be sent. Look for the demand
-option description in the pppd man page. Demand-dialling is not
-supported under Ultrix or NeXTStep.
-
-* Idle timeout. Pppd will optionally terminate the link if no data
-packets are sent or received within a certain time interval.
-
-* Pppd now runs the /etc/ppp/auth-up script, if it exists, when the
-peer successfully authenticates itself, and /etc/ppp/auth-down when
-the connection is subsequently terminated. This can be useful for
-accounting purposes.
-
-* A new packet compression scheme, Deflate, has been implemented.
-This uses the same compression method as `gzip'. This method is free
-of patent or copyright restrictions, and it achieves better
-compression than BSD-Compress. It does consume more CPU cycles for
-compression than BSD-Compress, but this shouldn't be a problem for
-links running at 100kbit/s or less.
-
-* There is no code in this distribution which is covered by Brad
-Clements' restrictive copyright notice. The STREAMS modules for SunOS
-and OSF/1 have been rewritten, based on the Solaris 2 modules, which
-were written from scratch without any Clements code.
-
-* Pppstats has been reworked to clean up the output format somewhat.
-It also has a new -d option which displays data rate in kbyte/s for
-those columns which would normally display bytes.
-
-* Pppd options beginning with - or + have been renamed, e.g. -ip
-became noip, +chap became require-chap, etc. The old options are
-still accepted for compatibility but may be removed in future.
-
-* Pppd now has some options (such as the new `noauth' option) which
-can only be specified if it is being run by root, or in an
-"privileged" options file: /etc/ppp/options or an options file in the
-/etc/ppp/peers directory. There is a new "call" option to read
-options from a file in /etc/ppp/peers, making it possible for non-root
-users to make unauthenticated connections, but only to certain trusted
-peers. My intention is to make the `auth' option the default in a
-future release.
-
-* Several minor new features have been added to pppd, including the
-maxconnect and welcome options. Pppd will now terminate the
-connection when there are no network control protocols running. The
-allowed IP address(es) field in the secrets files can now specify
-subnets (with a notation like 123.45.67.89/24) and addresses which are
-not acceptable (put a ! on the front).
-
-* Numerous bugs have been fixed (no doubt some have been introduced :-)
-Thanks to those who reported bugs in ppp-2.2.
-
-
-Patents.
-********
-
-The BSD-Compress algorithm used for packet compression is the same as
-that used in the Unix "compress" command. It is apparently covered by
-U.S. patents 4,814,746 (owned by IBM) and 4,558,302 (owned by Unisys),
-and corresponding patents in various other countries (but not
-Australia). If this is of concern, you can build the package without
-including BSD-Compress. To do this, edit net/ppp-comp.h to change the
-definition of DO_BSD_COMPRESS to 0. The bsd-comp.c files are then no
-longer needed, so the references to bsd-comp.o may optionally be
-removed from the Makefiles.
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+ indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
+* Man page updates.
+
+* Several bug fixes.
+
+* Options files can now set and unset environment variables for
+ scripts.
+
+* The timeout for chat scripts can now be taken from an environment
+ variable.
+
+* There is a new option, master_detach, which allows pppd to detach
+ from the controlling terminal when it is the multilink bundle master
+ but its own link has terminated, even if the nodetach option has
+ been given.
+
+
+What was new in ppp-2.4.5.
+**************************
+
+* Under Linux, pppd can now operate in a mode where it doesn't request
+ the peer's IP address, as some peers refuse to supply an IP address.
+ Since Linux supports device routes as well as gateway routes, it's
+ possible to have no remote IP address assigned to the ppp interface
+ and still route traffic over it.
+
+* Pppd now works better with 3G modems that do strange things such as
+ sending IPCP Configure-Naks with the same values over and over again.
+
+* The PPP over L2TP plugin is included, which works with the pppol2tp
+ PPP channel code in the Linux kernel. This allows pppd to be used
+ to set up tunnels using the Layer 2 Tunneling Protocol.
+
+* A new 'enable-session' option has been added, which enables session
+ accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
+ page for details.
+
+* Several bugs have been fixed.
+
+
+What was new in ppp-2.4.4.
+**************************
+
+* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
+ the ppp interface and configuring its IP addresses but before
+ bringing it up. This can be used, for example, for adding firewall
+ rules for the interface.
+
+* Lots of bugs fixed, particularly in the area of demand-dialled and
+ persistent connections.
+
+* The rp-pppoe plugin now accepts any interface name (that isn't an
+ existing pppd option name) without putting "nic-" on the front of
+ it, not just eth*, nas*, tap* and br*.
+
+
+What was new in ppp-2.4.3.
+**************************
+
+* The configure script now accepts --prefix and --sysconfdir options.
+ These default to /usr/local and /etc. If you want pppd put in
+ /usr/sbin as before, use ./configure --prefix=/usr.
+
+* Doing `make install' no longer puts example configuration files in
+ /etc/ppp. Use `make install-etcppp' if you want that.
+
+* The code has been updated to work with version 0.8.3 of libpcap.
+ Unfortunately the libpcap maintainers removed support for the
+ "inbound" and "outbound" keywords on PPP links, meaning that if you
+ link pppd with libpcap-0.8.3, you can't use those keywords in the
+ active-filter and pass-filter expressions. The support has been
+ reinstated in the CVS version and should be in future libpcap
+ releases. If you need the in/outbound keywords, use a later release
+ than 0.8.3, or get the CVS version from http://www.tcpdump.org.
+
+* There is a new option, child-timeout, which sets the length of time
+ that pppd will wait for child processes (such as the command
+ specified with the pty option) to exit before exiting itself. It
+ defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
+ to any remaining child processes and exit. A value of 0 means no
+ timeout.
+
+* Various bugs have been fixed, including some CBCP packet parsing
+ bugs that could lead to the peer being able to crash pppd if CBCP
+ support is enabled.
+
+* Various fixes and enhancements to the radius and rp-pppoe plugins
+ have been added.
+
+* There is a new winbind plugin, from Andrew Bartlet of the Samba
+ team, which provides the ability to authenticate the peer against an
+ NT domain controller using MS-CHAP or MS-CHAPV2.
+
+* There is a new pppoatm plugin, by various authors, sent in by David
+ Woodhouse.
+
+* The multilink code has been substantially reworked. The first pppd
+ for a bundle still controls the ppp interface, but it doesn't exit
+ until all the links in the bundle have terminated. If the first
+ pppd is signalled to exit, it signals all the other pppds
+ controlling links in the bundle.
+
+* The TDB code has been updated to the latest version. This should
+ eliminate the problem that some people have seen where the database
+ file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
+ the new code uses an incompatible database format. For this reason,
+ pppd now uses /var/run/pppd2.tdb as the database filename.
+
+
+What was new in ppp-2.4.2.
+**************************
+
+* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
+ V1 and V2 authentication, both as server and client. The new CHAP
+ code is cleaner than the old code and avoids some copyright problems
+ that existed in the old code.
+
+* MPPE (Microsoft Point-to-Point Encryption) support has been added,
+ although the current implementation shouldn't be considered
+ completely secure. (There is no assurance that the current code
+ won't ever transmit an unencrypted packet.)
+
+* James Carlson's implementation of the Extensible Authentication
+ Protocol (EAP) has been added.
+
+* Support for the Encryption Control Protocol (ECP) has been added.
+
+* Some new plug-ins have been included:
+ - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
+ - A plug-in for supplying the PAP password over a pipe from another
+ process
+ - A plug-in for authenticating using a Radius server.
+
+* Updates and bug-fixes for the Solaris port.
+
+* The CBCP (Call Back Control Protocol) code has been updated. There
+ are new options `remotenumber' and `allow-number'.
+
+* Extra hooks for plugins to use have been added.
+
+* There is now a `maxoctets' option, which causes pppd to terminate
+ the link once the number of bytes passed on the link exceeds a given
+ value.
+
+* There are now options to control whether pppd can use the IPCP
+ IP-Address and IP-Addresses options: `ipcp-no-address' and
+ `ipcp-no-addresses'.
+
+* Fixed several bugs, including potential buffer overflows in chat.
+
+
+What was new in ppp-2.4.1.
+**************************
+
+* Pppd can now print out the set of options that are in effect. The
+ new `dump' option causes pppd to print out the option values after
+ option parsing is complete. The `dryrun' option causes pppd to
+ print the options and then exit.
+
+* The option parsing code has been fixed so that options in the
+ per-tty options file are parsed correctly, and don't override values
+ from the command line in most cases.
+
+* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
+ example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
+ there is no slash in the plugin name.
+
+* When loading a plugin, pppd will now check the version of pppd for
+ which the plugin was compiled, and refuse to load it if it is
+ different to pppd's version string. To enable this, the plugin
+ source needs to #include "pppd.h" and have a line saying:
+ char pppd_version[] = VERSION;
+
+* There is a bug in zlib, discovered by James Carlson, which can cause
+ kernel memory corruption if Deflate is used with the lowest setting,
+ 8. As a workaround pppd will now insist on using at least 9.
+
+* Pppd should compile on Solaris and SunOS again.
+
+* Pppd should now set the MTU correctly on demand-dialled interfaces.
+
+
+What was new in ppp-2.4.0.
+**************************
+
+* Multilink: this package now allows you to combine multiple serial
+ links into one logical link or `bundle', for increased bandwidth and
+ reduced latency. This is currently only supported under the
+ 2.4.x and later Linux kernels.
+
+* All the pppd processes running on a system now write information
+ into a common database. I used the `tdb' code from samba for this.
+
+* New hooks have been added.
+
+For a list of the changes made during the 2.3 series releases of this
+package, see the Changes-2.3 file.
+
+
+Compression methods.
+********************
+
+This package supports two packet compression methods: Deflate and
+BSD-Compress. Other compression methods which are in common use
+include Predictor, LZS, and MPPC. These methods are not supported for
+two reasons - they are patent-encumbered, and they cause some packets
+to expand slightly, which pppd doesn't currently allow for.
+BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
+ever expand packets.