From 760ce18f82670eb81cc186fb792919339a2e2fbe Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Sat, 10 Dec 2022 14:26:12 +1100 Subject: [PATCH] Further updates to README for 2.5.0 release History from the 2.4.x series is moved to Changes-2.4. Signed-off-by: Paul Mackerras --- Changes-2.4 | 275 ++++++++++++++++++++++++++++++++++++++++++++ README | 321 +++++----------------------------------------------- 2 files changed, 305 insertions(+), 291 deletions(-) create mode 100644 Changes-2.4 diff --git a/Changes-2.4 b/Changes-2.4 new file mode 100644 index 0000000..c2d0939 --- /dev/null +++ b/Changes-2.4 @@ -0,0 +1,275 @@ +What's new in ppp-2.4.9. +************************ + +* Support for new EAP (Extensible Authentication Protocol) methods: + - Support for EAP-TLS, from Jan Just Keijser and others + - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs + Van Buggenhout and others + +* New pppd options: + - chap-timeout + - chapms-strip-domain + - replacedefaultroute + - noreplacedefaultroute + - ipv6cp-accept-remote + - lcp-echo-adaptive + - ip-up-script + - ip-down-script + - ca + - capath + - cert + - key + - crl-dir + - crl + - max-tls-version + - need-peer-eap + +* Fixes for CVE-2020-8597 and CVE-2015-3310. + +* libpcap is now required when compiling on Linux (previously, if + libpcap was not present, pppd would be compiled without packet + filtering support). + +* The rp-pppoe plugin has been renamed to pppoe, to distinguish it + from the upstream rp-pppoe code. Its options have changed names, + but the old names are kept as aliases. + +* The configure script now supports cross-compilation. + +* Many bug fixes and cleanups. + + +What was new in ppp-2.4.8. +************************** + +* New pppd options have been added: + - ifname, to set the name for the PPP interface device + - defaultroute-metric, to set the metric for the default route + - defaultroute6, to add an IPv6 default route (with nodefaultroute6 + to prevent adding an IPv6 default route) + - up_sdnotify, to have pppd notify systemd when the link is up. + +* The rp-pppoe plugin has new options: + - host-uniq, to set the Host-Uniq value to send + - pppoe-padi-timeout, to set the timeout for discovery packets + - pppoe-padi-attempts, to set the number of discovery attempts. + +* Added the CLASS attribute in radius packets. + +* Sundry bug fixes. + +* Fixed warnings and issues found by static analysis. + +* Added Submitting-patches.md. + + +What was new in ppp-2.4.7. +************************** + +* Fixed a potential security issue in parsing option files (CVE-2014-3158). + +* There is a new "stop-bits" option, which takes an argument of 1 or 2, + indicating the number of stop bits to use for async serial ports. + +* Various bug fixes. + + +What was new in ppp-2.4.6. +************************** + +* Man page updates. + +* Several bug fixes. + +* Options files can now set and unset environment variables for + scripts. + +* The timeout for chat scripts can now be taken from an environment + variable. + +* There is a new option, master_detach, which allows pppd to detach + from the controlling terminal when it is the multilink bundle master + but its own link has terminated, even if the nodetach option has + been given. + + +What was new in ppp-2.4.5. +************************** + +* Under Linux, pppd can now operate in a mode where it doesn't request + the peer's IP address, as some peers refuse to supply an IP address. + Since Linux supports device routes as well as gateway routes, it's + possible to have no remote IP address assigned to the ppp interface + and still route traffic over it. + +* Pppd now works better with 3G modems that do strange things such as + sending IPCP Configure-Naks with the same values over and over again. + +* The PPP over L2TP plugin is included, which works with the pppol2tp + PPP channel code in the Linux kernel. This allows pppd to be used + to set up tunnels using the Layer 2 Tunneling Protocol. + +* A new 'enable-session' option has been added, which enables session + accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man + page for details. + +* Several bugs have been fixed. + + +What was new in ppp-2.4.4. +************************** + +* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating + the ppp interface and configuring its IP addresses but before + bringing it up. This can be used, for example, for adding firewall + rules for the interface. + +* Lots of bugs fixed, particularly in the area of demand-dialled and + persistent connections. + +* The rp-pppoe plugin now accepts any interface name (that isn't an + existing pppd option name) without putting "nic-" on the front of + it, not just eth*, nas*, tap* and br*. + + +What was new in ppp-2.4.3. +************************** + +* The configure script now accepts --prefix and --sysconfdir options. + These default to /usr/local and /etc. If you want pppd put in + /usr/sbin as before, use ./configure --prefix=/usr. + +* Doing `make install' no longer puts example configuration files in + /etc/ppp. Use `make install-etcppp' if you want that. + +* The code has been updated to work with version 0.8.3 of libpcap. + Unfortunately the libpcap maintainers removed support for the + "inbound" and "outbound" keywords on PPP links, meaning that if you + link pppd with libpcap-0.8.3, you can't use those keywords in the + active-filter and pass-filter expressions. The support has been + reinstated in the CVS version and should be in future libpcap + releases. If you need the in/outbound keywords, use a later release + than 0.8.3, or get the CVS version from http://www.tcpdump.org. + +* There is a new option, child-timeout, which sets the length of time + that pppd will wait for child processes (such as the command + specified with the pty option) to exit before exiting itself. It + defaults to 5 seconds. After the timeout, pppd will send a SIGTERM + to any remaining child processes and exit. A value of 0 means no + timeout. + +* Various bugs have been fixed, including some CBCP packet parsing + bugs that could lead to the peer being able to crash pppd if CBCP + support is enabled. + +* Various fixes and enhancements to the radius and rp-pppoe plugins + have been added. + +* There is a new winbind plugin, from Andrew Bartlet of the Samba + team, which provides the ability to authenticate the peer against an + NT domain controller using MS-CHAP or MS-CHAPV2. + +* There is a new pppoatm plugin, by various authors, sent in by David + Woodhouse. + +* The multilink code has been substantially reworked. The first pppd + for a bundle still controls the ppp interface, but it doesn't exit + until all the links in the bundle have terminated. If the first + pppd is signalled to exit, it signals all the other pppds + controlling links in the bundle. + +* The TDB code has been updated to the latest version. This should + eliminate the problem that some people have seen where the database + file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however, + the new code uses an incompatible database format. For this reason, + pppd now uses /var/run/pppd2.tdb as the database filename. + + +What was new in ppp-2.4.2. +************************** + +* The CHAP code has been rewritten. Pppd now has support for MS-CHAP + V1 and V2 authentication, both as server and client. The new CHAP + code is cleaner than the old code and avoids some copyright problems + that existed in the old code. + +* MPPE (Microsoft Point-to-Point Encryption) support has been added, + although the current implementation shouldn't be considered + completely secure. (There is no assurance that the current code + won't ever transmit an unencrypted packet.) + +* James Carlson's implementation of the Extensible Authentication + Protocol (EAP) has been added. + +* Support for the Encryption Control Protocol (ECP) has been added. + +* Some new plug-ins have been included: + - A plug-in for kernel-mode PPPoE (PPP over Ethernet) + - A plug-in for supplying the PAP password over a pipe from another + process + - A plug-in for authenticating using a Radius server. + +* Updates and bug-fixes for the Solaris port. + +* The CBCP (Call Back Control Protocol) code has been updated. There + are new options `remotenumber' and `allow-number'. + +* Extra hooks for plugins to use have been added. + +* There is now a `maxoctets' option, which causes pppd to terminate + the link once the number of bytes passed on the link exceeds a given + value. + +* There are now options to control whether pppd can use the IPCP + IP-Address and IP-Addresses options: `ipcp-no-address' and + `ipcp-no-addresses'. + +* Fixed several bugs, including potential buffer overflows in chat. + + +What was new in ppp-2.4.1. +************************** + +* Pppd can now print out the set of options that are in effect. The + new `dump' option causes pppd to print out the option values after + option parsing is complete. The `dryrun' option causes pppd to + print the options and then exit. + +* The option parsing code has been fixed so that options in the + per-tty options file are parsed correctly, and don't override values + from the command line in most cases. + +* The plugin option now looks in /usr/lib/pppd/ (for + example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if + there is no slash in the plugin name. + +* When loading a plugin, pppd will now check the version of pppd for + which the plugin was compiled, and refuse to load it if it is + different to pppd's version string. To enable this, the plugin + source needs to #include "pppd.h" and have a line saying: + char pppd_version[] = VERSION; + +* There is a bug in zlib, discovered by James Carlson, which can cause + kernel memory corruption if Deflate is used with the lowest setting, + 8. As a workaround pppd will now insist on using at least 9. + +* Pppd should compile on Solaris and SunOS again. + +* Pppd should now set the MTU correctly on demand-dialled interfaces. + + +What was new in ppp-2.4.0. +************************** + +* Multilink: this package now allows you to combine multiple serial + links into one logical link or `bundle', for increased bandwidth and + reduced latency. This is currently only supported under the + 2.4.x and later Linux kernels. + +* All the pppd processes running on a system now write information + into a common database. I used the `tdb' code from samba for this. + +* New hooks have been added. + +For a list of the changes made during the 2.3 series releases of this +package, see the Changes-2.3 file. diff --git a/README b/README index 321eb2e..89e89b5 100644 --- a/README +++ b/README @@ -1,6 +1,7 @@ -This is the README file for ppp-2.4, a package which implements the +This is the README file for ppp-2.5, a package which implements the Point-to-Point Protocol (PPP) to provide Internet connections over -serial lines. +serial lines and other types of links which can be considered to be +point-to-point links. Introduction. @@ -9,7 +10,7 @@ Introduction. The Point-to-Point Protocol (PPP) provides a standard way to establish a network connection over a serial link. At present, this package supports IP and IPV6 and the protocols layered above them, such as TCP -and UDP. The Linux port of this package also has support for IPX. +and UDP. This PPP implementation consists of two parts: @@ -77,296 +78,34 @@ In Summary: * Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár. * Major revision to PPPD's Plugin API by Eivind Næss. - Defines in which describes what features was included in pppd - - Function now prefixed with explicit ppp_* to indicate it's a + - Functions now prefixed with explicit ppp_* to indicate that pppd functions being called. - - Header files was renamed to better align with their features - and use of proper include guards - - A pppdconf.h files is supplied to allow third-party use the same - feature defines pppd was compiled with. + - Header files were renamed to better align with their features, + and now use proper include guards + - A pppdconf.h file is supplied to allow third-party modules to use + the same feature defines pppd was compiled with. - No extern declarations of internal variable names of pppd, continued use of these extern variables are considered unstable. * Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon -* Dropped IPX support, as Linux 5.15 already have dropped support +* Dropped IPX support, as Linux has dropped support in version 5.15 for this protocol. * Many more fixes and cleanups. - - -What's new in ppp-2.4.9. -************************ - -* Support for new EAP (Extensible Authentication Protocol) methods: - - Support for EAP-TLS, from Jan Just Keijser and others - - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs - Van Buggenhout and others - +* Pppd is no longer installed setuid-root. * New pppd options: - - chap-timeout - - chapms-strip-domain - - replacedefaultroute - - noreplacedefaultroute - - ipv6cp-accept-remote - - lcp-echo-adaptive - - ip-up-script - - ip-down-script - - ca - - capath - - cert - - key - - crl-dir - - crl - - max-tls-version - - need-peer-eap - -* Fixes for CVE-2020-8597 and CVE-2015-3310. - -* libpcap is now required when compiling on Linux (previously, if - libpcap was not present, pppd would be compiled without packet - filtering support). - -* The rp-pppoe plugin has been renamed to pppoe, to distinguish it - from the upstream rp-pppoe code. Its options have changed names, - but the old names are kept as aliases. - -* The configure script now supports cross-compilation. - -* Many bug fixes and cleanups. - - -What was new in ppp-2.4.8. -************************** - -* New pppd options have been added: - - ifname, to set the name for the PPP interface device - - defaultroute-metric, to set the metric for the default route - - defaultroute6, to add an IPv6 default route (with nodefaultroute6 - to prevent adding an IPv6 default route) - - up_sdnotify, to have pppd notify systemd when the link is up. - -* The rp-pppoe plugin has new options: - - host-uniq, to set the Host-Uniq value to send - - pppoe-padi-timeout, to set the timeout for discovery packets - - pppoe-padi-attempts, to set the number of discovery attempts. - -* Added the CLASS attribute in radius packets. - -* Sundry bug fixes. - -* Fixed warnings and issues found by static analysis. - -* Added Submitting-patches.md. - - -What was new in ppp-2.4.7. -************************** - -* Fixed a potential security issue in parsing option files (CVE-2014-3158). - -* There is a new "stop-bits" option, which takes an argument of 1 or 2, - indicating the number of stop bits to use for async serial ports. - -* Various bug fixes. - - -What was new in ppp-2.4.6. -************************** - -* Man page updates. - -* Several bug fixes. - -* Options files can now set and unset environment variables for - scripts. - -* The timeout for chat scripts can now be taken from an environment - variable. - -* There is a new option, master_detach, which allows pppd to detach - from the controlling terminal when it is the multilink bundle master - but its own link has terminated, even if the nodetach option has - been given. - - -What was new in ppp-2.4.5. -************************** - -* Under Linux, pppd can now operate in a mode where it doesn't request - the peer's IP address, as some peers refuse to supply an IP address. - Since Linux supports device routes as well as gateway routes, it's - possible to have no remote IP address assigned to the ppp interface - and still route traffic over it. - -* Pppd now works better with 3G modems that do strange things such as - sending IPCP Configure-Naks with the same values over and over again. - -* The PPP over L2TP plugin is included, which works with the pppol2tp - PPP channel code in the Linux kernel. This allows pppd to be used - to set up tunnels using the Layer 2 Tunneling Protocol. - -* A new 'enable-session' option has been added, which enables session - accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man - page for details. - -* Several bugs have been fixed. - - -What was new in ppp-2.4.4. -************************** - -* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating - the ppp interface and configuring its IP addresses but before - bringing it up. This can be used, for example, for adding firewall - rules for the interface. - -* Lots of bugs fixed, particularly in the area of demand-dialled and - persistent connections. - -* The rp-pppoe plugin now accepts any interface name (that isn't an - existing pppd option name) without putting "nic-" on the front of - it, not just eth*, nas*, tap* and br*. - - -What was new in ppp-2.4.3. -************************** - -* The configure script now accepts --prefix and --sysconfdir options. - These default to /usr/local and /etc. If you want pppd put in - /usr/sbin as before, use ./configure --prefix=/usr. - -* Doing `make install' no longer puts example configuration files in - /etc/ppp. Use `make install-etcppp' if you want that. - -* The code has been updated to work with version 0.8.3 of libpcap. - Unfortunately the libpcap maintainers removed support for the - "inbound" and "outbound" keywords on PPP links, meaning that if you - link pppd with libpcap-0.8.3, you can't use those keywords in the - active-filter and pass-filter expressions. The support has been - reinstated in the CVS version and should be in future libpcap - releases. If you need the in/outbound keywords, use a later release - than 0.8.3, or get the CVS version from http://www.tcpdump.org. - -* There is a new option, child-timeout, which sets the length of time - that pppd will wait for child processes (such as the command - specified with the pty option) to exit before exiting itself. It - defaults to 5 seconds. After the timeout, pppd will send a SIGTERM - to any remaining child processes and exit. A value of 0 means no - timeout. - -* Various bugs have been fixed, including some CBCP packet parsing - bugs that could lead to the peer being able to crash pppd if CBCP - support is enabled. - -* Various fixes and enhancements to the radius and rp-pppoe plugins - have been added. - -* There is a new winbind plugin, from Andrew Bartlet of the Samba - team, which provides the ability to authenticate the peer against an - NT domain controller using MS-CHAP or MS-CHAPV2. - -* There is a new pppoatm plugin, by various authors, sent in by David - Woodhouse. - -* The multilink code has been substantially reworked. The first pppd - for a bundle still controls the ppp interface, but it doesn't exit - until all the links in the bundle have terminated. If the first - pppd is signalled to exit, it signals all the other pppds - controlling links in the bundle. - -* The TDB code has been updated to the latest version. This should - eliminate the problem that some people have seen where the database - file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however, - the new code uses an incompatible database format. For this reason, - pppd now uses /var/run/pppd2.tdb as the database filename. - - -What was new in ppp-2.4.2. -************************** - -* The CHAP code has been rewritten. Pppd now has support for MS-CHAP - V1 and V2 authentication, both as server and client. The new CHAP - code is cleaner than the old code and avoids some copyright problems - that existed in the old code. - -* MPPE (Microsoft Point-to-Point Encryption) support has been added, - although the current implementation shouldn't be considered - completely secure. (There is no assurance that the current code - won't ever transmit an unencrypted packet.) - -* James Carlson's implementation of the Extensible Authentication - Protocol (EAP) has been added. - -* Support for the Encryption Control Protocol (ECP) has been added. - -* Some new plug-ins have been included: - - A plug-in for kernel-mode PPPoE (PPP over Ethernet) - - A plug-in for supplying the PAP password over a pipe from another - process - - A plug-in for authenticating using a Radius server. - -* Updates and bug-fixes for the Solaris port. - -* The CBCP (Call Back Control Protocol) code has been updated. There - are new options `remotenumber' and `allow-number'. - -* Extra hooks for plugins to use have been added. - -* There is now a `maxoctets' option, which causes pppd to terminate - the link once the number of bytes passed on the link exceeds a given - value. - -* There are now options to control whether pppd can use the IPCP - IP-Address and IP-Addresses options: `ipcp-no-address' and - `ipcp-no-addresses'. - -* Fixed several bugs, including potential buffer overflows in chat. - - -What was new in ppp-2.4.1. -************************** - -* Pppd can now print out the set of options that are in effect. The - new `dump' option causes pppd to print out the option values after - option parsing is complete. The `dryrun' option causes pppd to - print the options and then exit. - -* The option parsing code has been fixed so that options in the - per-tty options file are parsed correctly, and don't override values - from the command line in most cases. - -* The plugin option now looks in /usr/lib/pppd/ (for - example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if - there is no slash in the plugin name. - -* When loading a plugin, pppd will now check the version of pppd for - which the plugin was compiled, and refuse to load it if it is - different to pppd's version string. To enable this, the plugin - source needs to #include "pppd.h" and have a line saying: - char pppd_version[] = VERSION; - -* There is a bug in zlib, discovered by James Carlson, which can cause - kernel memory corruption if Deflate is used with the lowest setting, - 8. As a workaround pppd will now insist on using at least 9. - -* Pppd should compile on Solaris and SunOS again. - -* Pppd should now set the MTU correctly on demand-dialled interfaces. - - -What was new in ppp-2.4.0. -************************** - -* Multilink: this package now allows you to combine multiple serial - links into one logical link or `bundle', for increased bandwidth and - reduced latency. This is currently only supported under the - 2.4.x and later Linux kernels. - -* All the pppd processes running on a system now write information - into a common database. I used the `tdb' code from samba for this. + - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber, + ipv6-up-script, ipv6-down-script + - -v, show-options + - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip +* On Linux, any baud rate can be set on a serial port provided the + kernel serial driver supports that. -* New hooks have been added. +Note that if you have built and installed previous versions of this +package and you want to continue having configuration and TDB files in +/etc/ppp, you will need to use the --sysconfdir option to ./configure. -For a list of the changes made during the 2.3 series releases of this -package, see the Changes-2.3 file. +For a list of the changes made during the 2.4 series releases of this +package, see the Changes-2.4 file. Compression methods. @@ -384,16 +123,16 @@ ever expand packets. Contacts. ********* -The comp.protocols.ppp newsgroup is a useful place to get help if you -have trouble getting your ppp connections to work. Please do not send -me questions of the form "please help me get connected to my ISP" - -I'm sorry, but I simply do not have the time to answer all the -questions like this that I get. +Most communication relating to this package happens on github at +https://github.com/ppp-project/ppp/. The linux-ppp@vger.kernel.org +mailing list also exists and can be used. -If you find bugs in this package, please report them to the maintainer -for the port for the operating system you are using: +If you find bugs in this package, the best thing to do is to create an +issue on github. If you can't or don't want to do that, you can post +to linux-ppp@vger.kernel.org, or report them to the maintainer for the +port for the operating system you are using: -Linux Paul Mackerras +Linux Paul Mackerras Solaris James Carlson -- 2.39.2