1 What's new since ppp-2.4.9 (unreleased)
2 ***************************************
8 What's new in ppp-2.4.9.
9 ************************
11 * Support for new EAP (Extensible Authentication Protocol) methods:
12 - Support for EAP-TLS, from Jan Just Keijser and others
13 - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
14 Van Buggenhout and others
20 - noreplacedefaultroute
21 - ipv6cp-accept-remote
34 * Fixes for CVE-2020-8597 and CVE-2015-3310.
36 * libpcap is now required when compiling on Linux (previously, if
37 libpcap was not present, pppd would be compiled without packet
40 * The rp-pppoe plugin has been renamed to pppoe, to distinguish it
41 from the upstream rp-pppoe code. Its options have changed names,
42 but the old names are kept as aliases.
44 * The configure script now supports cross-compilation.
46 * Many bug fixes and cleanups.
49 What was new in ppp-2.4.8.
50 **************************
52 * New pppd options have been added:
53 - ifname, to set the name for the PPP interface device
54 - defaultroute-metric, to set the metric for the default route
55 - defaultroute6, to add an IPv6 default route (with nodefaultroute6
56 to prevent adding an IPv6 default route)
57 - up_sdnotify, to have pppd notify systemd when the link is up.
59 * The rp-pppoe plugin has new options:
60 - host-uniq, to set the Host-Uniq value to send
61 - pppoe-padi-timeout, to set the timeout for discovery packets
62 - pppoe-padi-attempts, to set the number of discovery attempts.
64 * Added the CLASS attribute in radius packets.
68 * Fixed warnings and issues found by static analysis.
70 * Added Submitting-patches.md.
73 What was new in ppp-2.4.7.
74 **************************
76 * Fixed a potential security issue in parsing option files (CVE-2014-3158).
78 * There is a new "stop-bits" option, which takes an argument of 1 or 2,
79 indicating the number of stop bits to use for async serial ports.
84 What was new in ppp-2.4.6.
85 **************************
91 * Options files can now set and unset environment variables for
94 * The timeout for chat scripts can now be taken from an environment
97 * There is a new option, master_detach, which allows pppd to detach
98 from the controlling terminal when it is the multilink bundle master
99 but its own link has terminated, even if the nodetach option has
103 What was new in ppp-2.4.5.
104 **************************
106 * Under Linux, pppd can now operate in a mode where it doesn't request
107 the peer's IP address, as some peers refuse to supply an IP address.
108 Since Linux supports device routes as well as gateway routes, it's
109 possible to have no remote IP address assigned to the ppp interface
110 and still route traffic over it.
112 * Pppd now works better with 3G modems that do strange things such as
113 sending IPCP Configure-Naks with the same values over and over again.
115 * The PPP over L2TP plugin is included, which works with the pppol2tp
116 PPP channel code in the Linux kernel. This allows pppd to be used
117 to set up tunnels using the Layer 2 Tunneling Protocol.
119 * A new 'enable-session' option has been added, which enables session
120 accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
123 * Several bugs have been fixed.
126 What was new in ppp-2.4.4.
127 **************************
129 * Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
130 the ppp interface and configuring its IP addresses but before
131 bringing it up. This can be used, for example, for adding firewall
132 rules for the interface.
134 * Lots of bugs fixed, particularly in the area of demand-dialled and
135 persistent connections.
137 * The rp-pppoe plugin now accepts any interface name (that isn't an
138 existing pppd option name) without putting "nic-" on the front of
139 it, not just eth*, nas*, tap* and br*.
142 What was new in ppp-2.4.3.
143 **************************
145 * The configure script now accepts --prefix and --sysconfdir options.
146 These default to /usr/local and /etc. If you want pppd put in
147 /usr/sbin as before, use ./configure --prefix=/usr.
149 * Doing `make install' no longer puts example configuration files in
150 /etc/ppp. Use `make install-etcppp' if you want that.
152 * The code has been updated to work with version 0.8.3 of libpcap.
153 Unfortunately the libpcap maintainers removed support for the
154 "inbound" and "outbound" keywords on PPP links, meaning that if you
155 link pppd with libpcap-0.8.3, you can't use those keywords in the
156 active-filter and pass-filter expressions. The support has been
157 reinstated in the CVS version and should be in future libpcap
158 releases. If you need the in/outbound keywords, use a later release
159 than 0.8.3, or get the CVS version from http://www.tcpdump.org.
161 * There is a new option, child-timeout, which sets the length of time
162 that pppd will wait for child processes (such as the command
163 specified with the pty option) to exit before exiting itself. It
164 defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
165 to any remaining child processes and exit. A value of 0 means no
168 * Various bugs have been fixed, including some CBCP packet parsing
169 bugs that could lead to the peer being able to crash pppd if CBCP
172 * Various fixes and enhancements to the radius and rp-pppoe plugins
175 * There is a new winbind plugin, from Andrew Bartlet of the Samba
176 team, which provides the ability to authenticate the peer against an
177 NT domain controller using MS-CHAP or MS-CHAPV2.
179 * There is a new pppoatm plugin, by various authors, sent in by David
182 * The multilink code has been substantially reworked. The first pppd
183 for a bundle still controls the ppp interface, but it doesn't exit
184 until all the links in the bundle have terminated. If the first
185 pppd is signalled to exit, it signals all the other pppds
186 controlling links in the bundle.
188 * The TDB code has been updated to the latest version. This should
189 eliminate the problem that some people have seen where the database
190 file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
191 the new code uses an incompatible database format. For this reason,
192 pppd now uses /var/run/pppd2.tdb as the database filename.
195 What was new in ppp-2.4.2.
196 **************************
198 * The CHAP code has been rewritten. Pppd now has support for MS-CHAP
199 V1 and V2 authentication, both as server and client. The new CHAP
200 code is cleaner than the old code and avoids some copyright problems
201 that existed in the old code.
203 * MPPE (Microsoft Point-to-Point Encryption) support has been added,
204 although the current implementation shouldn't be considered
205 completely secure. (There is no assurance that the current code
206 won't ever transmit an unencrypted packet.)
208 * James Carlson's implementation of the Extensible Authentication
209 Protocol (EAP) has been added.
211 * Support for the Encryption Control Protocol (ECP) has been added.
213 * Some new plug-ins have been included:
214 - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
215 - A plug-in for supplying the PAP password over a pipe from another
217 - A plug-in for authenticating using a Radius server.
219 * Updates and bug-fixes for the Solaris port.
221 * The CBCP (Call Back Control Protocol) code has been updated. There
222 are new options `remotenumber' and `allow-number'.
224 * Extra hooks for plugins to use have been added.
226 * There is now a `maxoctets' option, which causes pppd to terminate
227 the link once the number of bytes passed on the link exceeds a given
230 * There are now options to control whether pppd can use the IPCP
231 IP-Address and IP-Addresses options: `ipcp-no-address' and
234 * Fixed several bugs, including potential buffer overflows in chat.
237 What was new in ppp-2.4.1.
238 **************************
240 * Pppd can now print out the set of options that are in effect. The
241 new `dump' option causes pppd to print out the option values after
242 option parsing is complete. The `dryrun' option causes pppd to
243 print the options and then exit.
245 * The option parsing code has been fixed so that options in the
246 per-tty options file are parsed correctly, and don't override values
247 from the command line in most cases.
249 * The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
250 example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
251 there is no slash in the plugin name.
253 * When loading a plugin, pppd will now check the version of pppd for
254 which the plugin was compiled, and refuse to load it if it is
255 different to pppd's version string. To enable this, the plugin
256 source needs to #include "pppd.h" and have a line saying:
257 char pppd_version[] = VERSION;
259 * There is a bug in zlib, discovered by James Carlson, which can cause
260 kernel memory corruption if Deflate is used with the lowest setting,
261 8. As a workaround pppd will now insist on using at least 9.
263 * Pppd should compile on Solaris and SunOS again.
265 * Pppd should now set the MTU correctly on demand-dialled interfaces.
268 What was new in ppp-2.4.0.
269 **************************
271 * Multilink: this package now allows you to combine multiple serial
272 links into one logical link or `bundle', for increased bandwidth and
273 reduced latency. This is currently only supported under the
274 2.4.x and later Linux kernels.
276 * All the pppd processes running on a system now write information
277 into a common database. I used the `tdb' code from samba for this.
279 * New hooks have been added.
281 For a list of the changes made during the 2.3 series releases of this
282 package, see the Changes-2.3 file.