Browse Source

Revert changes on upstream files, create patch queue instead

Changes dropped:
- README
- plugins/pppd.h
- samples/options.pptpd
Christoph Biedl 11 years ago
parent
commit
97028c346a

+ 1 - 2
Makefile.am

@@ -11,10 +11,9 @@ INCLUDES = -I.
 ##  warning with -Wmissing-prototypes).
 ## -Wmissing-prototypes removed (eg, Linux 2.2.6 headers
 ##  aren't up to it).
-#CFLAGS = -O2 -fno-builtin -Wall -DSBINDIR='"$(sbindir)"'
+CFLAGS = -O2 -fno-builtin -Wall -DSBINDIR='"$(sbindir)"'
 #CFLAGS = -O2 -fno-builtin -Wall -ansi -DSBINDIR='"$(sbindir)"'
 #CFLAGS = -O2 -fno-builtin -Wall -ansi -pedantic -Wmissing-prototypes -Werror -DSBINDIR='"$(sbindir)"'
-CPPFLAGS = -DSBINDIR='"$(sbindir)"'
 
 man_MANS = pptpctrl.8 pptpd.8 pptpd.conf.5
 

+ 1 - 1
README

@@ -19,7 +19,7 @@ how Poptop launches PPP.
 
 Type: 'pptpd -h' for options you may specify on the command line.
 
-Sample config files are in examples/
+A sample config file is in samples/
 
 For more help look in html/
 or visit the Poptop web site at: http://poptop.sourceforge.net/

+ 31 - 0
debian/patches/build_hardening-flags.patch

@@ -0,0 +1,31 @@
+Description: Enable hardened build flags
+Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Forwarded: not-needed
+Bug-Debian: http://bugs.debian.org/656650
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -11,9 +11,10 @@
+ ##  warning with -Wmissing-prototypes).
+ ## -Wmissing-prototypes removed (eg, Linux 2.2.6 headers
+ ##  aren't up to it).
+-CFLAGS = -O2 -fno-builtin -Wall -DSBINDIR='"$(sbindir)"'
++#CFLAGS = -O2 -fno-builtin -Wall -DSBINDIR='"$(sbindir)"'
+ #CFLAGS = -O2 -fno-builtin -Wall -ansi -DSBINDIR='"$(sbindir)"'
+ #CFLAGS = -O2 -fno-builtin -Wall -ansi -pedantic -Wmissing-prototypes -Werror -DSBINDIR='"$(sbindir)"'
++CPPFLAGS = -DSBINDIR='"$(sbindir)"'
+ 
+ man_MANS = pptpctrl.8 pptpd.8 pptpd.conf.5
+ 
+--- a/plugins/Makefile
++++ b/plugins/Makefile
+@@ -1,7 +1,7 @@
+ CC	= gcc
+ COPTS	= -O2 -g
+-CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
+-LDFLAGS	= -shared
++CFLAGS  += $(COPTS) -I.. -I../../include -fPIC
++LDFLAGS	+= -shared
+ LDADD   = -lutil
+ INSTALL	= install -o root
+ prefix  = /usr/local

+ 24 - 0
debian/patches/debian-000000_invalid-ip-range.patch

@@ -0,0 +1,24 @@
+Description: Fix segfault upon invalid IP range
+Author: Sergey Naumov
+Origin: http://patch-tracker.debian.org/patch/misc/dl/pptpd/1.3.4-5/pptpd.c
+Forwarded: http://sourceforge.net/mailarchive/forum.php?thread_name=1360193627%40msgid.manchmal.in-ulm.de&forum_name=poptop-server
+
+--- a/pptpd.c
++++ b/pptpd.c
+@@ -735,6 +735,16 @@
+ 				continue;
+ 			}
+ 
++			if (upper < lower) {
++			/* if upper < lower segmantation fault in pptpctrl happens
++			 * due to enabling pppLocal parameter without providing its value.
++			 *
++			 * we can safely use ipstr because it is not modified except
++			 * of truncating.
++			 */
++				syslog(LOG_ERR, "MGR: Bad %s IP range: %s", (type == LOCAL)?"local":"remote", ipstr);
++				exit(1);
++			}
+ 			for (n = lower; n <= upper; n++) {
+ 				sprintf(tmpstr5, "%s%d%s", ip_pre, n, ip_post);
+ 				/* Check if the ip address is valid */

+ 902 - 0
debian/patches/debian-369714_support-ppd-2.4.4.patch

@@ -0,0 +1,902 @@
+Description: Use pppd.h provided by ppp-dev
+Author: Stu Teasdale <stu@drogna.org.uk>
+Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Forwarded: http://sourceforge.net/mailarchive/forum.php?thread_name=1360194160%40msgid.manchmal.in-ulm.de&forum_name=poptop-server
+Bug-Debian: http://bugs.debian.org/369714
+
+--- a/plugins/pptpd-logwtmp.c
++++ b/plugins/pptpd-logwtmp.c
+@@ -12,7 +12,7 @@
+ #include <unistd.h>
+ #include <utmp.h>
+ #include <string.h>
+-#include "pppd.h"
++#include <pppd/pppd.h>
+ 
+ char pppd_version[] = VERSION;
+ 
+--- a/plugins/pppd.h
++++ /dev/null
+@@ -1,882 +0,0 @@
+-/*
+- * pppd.h - PPP daemon global declarations.
+- *
+- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- *
+- * 1. Redistributions of source code must retain the above copyright
+- *    notice, this list of conditions and the following disclaimer.
+- *
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in
+- *    the documentation and/or other materials provided with the
+- *    distribution.
+- *
+- * 3. The name "Carnegie Mellon University" must not be used to
+- *    endorse or promote products derived from this software without
+- *    prior written permission. For permission or any legal
+- *    details, please contact
+- *      Office of Technology Transfer
+- *      Carnegie Mellon University
+- *      5000 Forbes Avenue
+- *      Pittsburgh, PA  15213-3890
+- *      (412) 268-4387, fax: (412) 268-7395
+- *      tech-transfer@andrew.cmu.edu
+- *
+- * 4. Redistributions of any form whatsoever must retain the following
+- *    acknowledgment:
+- *    "This product includes software developed by Computing Services
+- *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
+- *
+- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+- *
+- * upstream pppd.h,v 1.82 2003/04/07 00:01:46 paulus Exp
+- * $Id: pppd.h,v 1.1 2004/04/28 11:36:07 quozl Exp $
+- */
+-
+-/*
+- * TODO:
+- */
+-
+-#ifndef __PPPD_H__
+-#define __PPPD_H__
+-
+-#include <stdio.h>		/* for FILE */
+-#include <limits.h>		/* for NGROUPS_MAX */
+-#include <sys/param.h>		/* for MAXPATHLEN and BSD4_4, if defined */
+-#include <sys/types.h>		/* for u_int32_t, if defined */
+-#include <sys/time.h>		/* for struct timeval */
+-#include <net/ppp_defs.h>
+-#include "patchlevel.h"
+-
+-#if defined(__STDC__)
+-#include <stdarg.h>
+-#define __V(x)	x
+-#else
+-#include <varargs.h>
+-#define __V(x)	(va_alist) va_dcl
+-#define const
+-#define volatile
+-#endif
+-
+-#ifdef INET6
+-#include "eui64.h"
+-#endif
+-
+-/*
+- * Limits.
+- */
+-
+-#define NUM_PPP		1	/* One PPP interface supported (per process) */
+-#define MAXWORDLEN	1024	/* max length of word in file (incl null) */
+-#define MAXARGS		1	/* max # args to a command */
+-#define MAXNAMELEN	256	/* max length of hostname or name for auth */
+-#define MAXSECRETLEN	256	/* max length of password or secret */
+-
+-/*
+- * Option descriptor structure.
+- */
+-
+-typedef unsigned char	bool;
+-
+-enum opt_type {
+-	o_special_noarg = 0,
+-	o_special = 1,
+-	o_bool,
+-	o_int,
+-	o_uint32,
+-	o_string,
+-	o_wild
+-};
+-
+-typedef struct {
+-	char	*name;		/* name of the option */
+-	enum opt_type type;
+-	void	*addr;
+-	char	*description;
+-	unsigned int flags;
+-	void	*addr2;
+-	int	upper_limit;
+-	int	lower_limit;
+-	const char *source;
+-	short int priority;
+-	short int winner;
+-} option_t;
+-
+-/* Values for flags */
+-#define OPT_VALUE	0xff	/* mask for presupplied value */
+-#define OPT_HEX		0x100	/* int option is in hex */
+-#define OPT_NOARG	0x200	/* option doesn't take argument */
+-#define OPT_OR		0x400	/* OR in argument to value */
+-#define OPT_INC		0x800	/* increment value */
+-#define OPT_A2OR	0x800	/* for o_bool, OR arg to *(u_char *)addr2 */
+-#define OPT_PRIV	0x1000	/* privileged option */
+-#define OPT_STATIC	0x2000	/* string option goes into static array */
+-#define OPT_LLIMIT	0x4000	/* check value against lower limit */
+-#define OPT_ULIMIT	0x8000	/* check value against upper limit */
+-#define OPT_LIMITS	(OPT_LLIMIT|OPT_ULIMIT)
+-#define OPT_ZEROOK	0x10000	/* 0 value is OK even if not within limits */
+-#define OPT_HIDE	0x10000	/* for o_string, print value as ?????? */
+-#define OPT_A2LIST	0x10000 /* for o_special, keep list of values */
+-#define OPT_A2CLRB	0x10000 /* o_bool, clr val bits in *(u_char *)addr2 */
+-#define OPT_NOINCR	0x20000	/* value mustn't be increased */
+-#define OPT_ZEROINF	0x40000	/* with OPT_NOINCR, 0 == infinity */
+-#define OPT_PRIO	0x80000	/* process option priorities for this option */
+-#define OPT_PRIOSUB	0x100000 /* subsidiary member of priority group */
+-#define OPT_ALIAS	0x200000 /* option is alias for previous option */
+-#define OPT_A2COPY	0x400000 /* addr2 -> second location to rcv value */
+-#define OPT_ENABLE	0x800000 /* use *addr2 as enable for option */
+-#define OPT_A2CLR	0x1000000 /* clear *(bool *)addr2 */
+-#define OPT_PRIVFIX	0x2000000 /* user can't override if set by root */
+-#define OPT_INITONLY	0x4000000 /* option can only be set in init phase */
+-#define OPT_DEVEQUIV	0x8000000 /* equiv to device name */
+-#define OPT_DEVNAM	(OPT_INITONLY | OPT_DEVEQUIV)
+-#define OPT_A2PRINTER	0x10000000 /* *addr2 is a fn for printing option */
+-#define OPT_A2STRVAL	0x20000000 /* *addr2 points to current string value */
+-#define OPT_NOPRINT	0x40000000 /* don't print this option at all */
+-
+-#define OPT_VAL(x)	((x) & OPT_VALUE)
+-
+-/* Values for priority */
+-#define OPRIO_DEFAULT	0	/* a default value */
+-#define OPRIO_CFGFILE	1	/* value from a configuration file */
+-#define OPRIO_CMDLINE	2	/* value from the command line */
+-#define OPRIO_SECFILE	3	/* value from options in a secrets file */
+-#define OPRIO_ROOT	100	/* added to priority if OPT_PRIVFIX && root */
+-
+-#ifndef GIDSET_TYPE
+-#define GIDSET_TYPE	gid_t
+-#endif
+-
+-/* Structure representing a list of permitted IP addresses. */
+-struct permitted_ip {
+-    int		permit;		/* 1 = permit, 0 = forbid */
+-    u_int32_t	base;		/* match if (addr & mask) == base */
+-    u_int32_t	mask;		/* base and mask are in network byte order */
+-};
+-
+-/*
+- * Unfortunately, the linux kernel driver uses a different structure
+- * for statistics from the rest of the ports.
+- * This structure serves as a common representation for the bits
+- * pppd needs.
+- */
+-struct pppd_stats {
+-    unsigned int	bytes_in;
+-    unsigned int	bytes_out;
+-    unsigned int	pkts_in;
+-    unsigned int	pkts_out;
+-};
+-
+-/* Used for storing a sequence of words.  Usually malloced. */
+-struct wordlist {
+-    struct wordlist	*next;
+-    char		*word;
+-};
+-
+-/* An endpoint discriminator, used with multilink. */
+-#define MAX_ENDP_LEN	20	/* maximum length of discriminator value */
+-struct epdisc {
+-    unsigned char	class;
+-    unsigned char	length;
+-    unsigned char	value[MAX_ENDP_LEN];
+-};
+-
+-/* values for epdisc.class */
+-#define EPD_NULL	0	/* null discriminator, no data */
+-#define EPD_LOCAL	1
+-#define EPD_IP		2
+-#define EPD_MAC		3
+-#define EPD_MAGIC	4
+-#define EPD_PHONENUM	5
+-
+-typedef void (*notify_func) __P((void *, int));
+-
+-struct notifier {
+-    struct notifier *next;
+-    notify_func	    func;
+-    void	    *arg;
+-};
+-
+-/*
+- * Global variables.
+- */
+-
+-extern int	hungup;		/* Physical layer has disconnected */
+-extern int	ifunit;		/* Interface unit number */
+-extern char	ifname[];	/* Interface name */
+-extern char	hostname[];	/* Our hostname */
+-extern u_char	outpacket_buf[]; /* Buffer for outgoing packets */
+-extern int	phase;		/* Current state of link - see values below */
+-extern int	baud_rate;	/* Current link speed in bits/sec */
+-extern char	*progname;	/* Name of this program */
+-extern int	redirect_stderr;/* Connector's stderr should go to file */
+-extern char	peer_authname[];/* Authenticated name of peer */
+-extern int	auth_done[NUM_PPP]; /* Methods actually used for auth */
+-extern int	privileged;	/* We were run by real-uid root */
+-extern int	need_holdoff;	/* Need holdoff period after link terminates */
+-extern char	**script_env;	/* Environment variables for scripts */
+-extern int	detached;	/* Have detached from controlling tty */
+-extern GIDSET_TYPE groups[NGROUPS_MAX];	/* groups the user is in */
+-extern int	ngroups;	/* How many groups valid in groups */
+-extern struct pppd_stats link_stats; /* byte/packet counts etc. for link */
+-extern int	link_stats_valid; /* set if link_stats is valid */
+-extern unsigned	link_connect_time; /* time the link was up for */
+-extern int	using_pty;	/* using pty as device (notty or pty opt.) */
+-extern int	log_to_fd;	/* logging to this fd as well as syslog */
+-extern bool	log_default;	/* log_to_fd is default (stdout) */
+-extern char	*no_ppp_msg;	/* message to print if ppp not in kernel */
+-extern volatile int status;	/* exit status for pppd */
+-extern bool	devnam_fixed;	/* can no longer change devnam */
+-extern int	unsuccess;	/* # unsuccessful connection attempts */
+-extern int	do_callback;	/* set if we want to do callback next */
+-extern int	doing_callback;	/* set if this is a callback */
+-extern int	error_count;	/* # of times error() has been called */
+-extern char	ppp_devnam[MAXPATHLEN];
+-extern char     remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
+-extern int      ppp_session_number; /* Session number (eg PPPoE session) */
+-
+-extern int	listen_time;	/* time to listen first (ms) */
+-extern struct notifier *pidchange;   /* for notifications of pid changing */
+-extern struct notifier *phasechange; /* for notifications of phase changes */
+-extern struct notifier *exitnotify;  /* for notification that we're exiting */
+-extern struct notifier *sigreceived; /* notification of received signal */
+-extern struct notifier *ip_up_notifier; /* IPCP has come up */
+-extern struct notifier *ip_down_notifier; /* IPCP has gone down */
+-extern struct notifier *auth_up_notifier; /* peer has authenticated */
+-extern struct notifier *link_down_notifier; /* link has gone down */
+-extern struct notifier *fork_notifier;	/* we are a new child process */
+-
+-/* Values for do_callback and doing_callback */
+-#define CALLBACK_DIALIN		1	/* we are expecting the call back */
+-#define CALLBACK_DIALOUT	2	/* we are dialling out to call back */
+-
+-/*
+- * Variables set by command-line options.
+- */
+-
+-extern int	debug;		/* Debug flag */
+-extern int	kdebugflag;	/* Tell kernel to print debug messages */
+-extern int	default_device;	/* Using /dev/tty or equivalent */
+-extern char	devnam[MAXPATHLEN];	/* Device name */
+-extern int	crtscts;	/* Use hardware flow control */
+-extern bool	modem;		/* Use modem control lines */
+-extern int	inspeed;	/* Input/Output speed requested */
+-extern u_int32_t netmask;	/* IP netmask to set on interface */
+-extern bool	lockflag;	/* Create lock file to lock the serial dev */
+-extern bool	nodetach;	/* Don't detach from controlling tty */
+-extern bool	updetach;	/* Detach from controlling tty when link up */
+-extern char	*initializer;	/* Script to initialize physical link */
+-extern char	*connect_script; /* Script to establish physical link */
+-extern char	*disconnect_script; /* Script to disestablish physical link */
+-extern char	*welcomer;	/* Script to welcome client after connection */
+-extern char	*ptycommand;	/* Command to run on other side of pty */
+-extern int	maxconnect;	/* Maximum connect time (seconds) */
+-extern char	user[MAXNAMELEN];/* Our name for authenticating ourselves */
+-extern char	passwd[MAXSECRETLEN];	/* Password for PAP or CHAP */
+-extern bool	auth_required;	/* Peer is required to authenticate */
+-extern bool	persist;	/* Reopen link after it goes down */
+-extern bool	uselogin;	/* Use /etc/passwd for checking PAP */
+-extern char	our_name[MAXNAMELEN];/* Our name for authentication purposes */
+-extern char	remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+-extern bool	explicit_remote;/* remote_name specified with remotename opt */
+-extern bool	demand;		/* Do dial-on-demand */
+-extern char	*ipparam;	/* Extra parameter for ip up/down scripts */
+-extern bool	cryptpap;	/* Others' PAP passwords are encrypted */
+-extern int	idle_time_limit;/* Shut down link if idle for this long */
+-extern int	holdoff;	/* Dead time before restarting */
+-extern bool	holdoff_specified; /* true if user gave a holdoff value */
+-extern bool	notty;		/* Stdin/out is not a tty */
+-extern char	*pty_socket;	/* Socket to connect to pty */
+-extern char	*record_file;	/* File to record chars sent/received */
+-extern bool	sync_serial;	/* Device is synchronous serial device */
+-extern int	maxfail;	/* Max # of unsuccessful connection attempts */
+-extern char	linkname[MAXPATHLEN]; /* logical name for link */
+-extern bool	tune_kernel;	/* May alter kernel settings as necessary */
+-extern int	connect_delay;	/* Time to delay after connect script */
+-extern int	max_data_rate;	/* max bytes/sec through charshunt */
+-extern int	req_unit;	/* interface unit number to use */
+-extern bool	multilink;	/* enable multilink operation */
+-extern bool	noendpoint;	/* don't send or accept endpt. discrim. */
+-extern char	*bundle_name;	/* bundle name for multilink */
+-extern bool	dump_options;	/* print out option values */
+-extern bool	dryrun;		/* check everything, print options, exit */
+-
+-#ifdef MAXOCTETS
+-extern unsigned int maxoctets;	     /* Maximum octetes per session (in bytes) */
+-extern int       maxoctets_dir;      /* Direction :
+-				      0 - in+out (default)
+-				      1 - in 
+-				      2 - out
+-				      3 - max(in,out) */
+-extern int       maxoctets_timeout;  /* Timeout for check of octets limit */
+-#define PPP_OCTETS_DIRECTION_SUM        0
+-#define PPP_OCTETS_DIRECTION_IN         1
+-#define PPP_OCTETS_DIRECTION_OUT        2
+-#define PPP_OCTETS_DIRECTION_MAXOVERAL  3
+-/* same as previos, but little different on RADIUS side */
+-#define PPP_OCTETS_DIRECTION_MAXSESSION 4	
+-#endif
+-
+-#ifdef PPP_FILTER
+-extern struct	bpf_program pass_filter;   /* Filter for pkts to pass */
+-extern struct	bpf_program active_filter; /* Filter for link-active pkts */
+-#endif
+-
+-#ifdef MSLANMAN
+-extern bool	ms_lanman;	/* Use LanMan password instead of NT */
+-				/* Has meaning only with MS-CHAP challenges */
+-#endif
+-
+-/* Values for auth_pending, auth_done */
+-#define PAP_WITHPEER	0x1
+-#define PAP_PEER	0x2
+-#define CHAP_WITHPEER	0x4
+-#define CHAP_PEER	0x8
+-#define EAP_WITHPEER	0x10
+-#define EAP_PEER	0x20
+-
+-/* Values for auth_done only */
+-#define CHAP_MD5_WITHPEER	0x40
+-#define CHAP_MD5_PEER		0x80
+-#ifdef CHAPMS
+-#define CHAP_MS_SHIFT		8	/* LSB position for MS auths */
+-#define CHAP_MS_WITHPEER	0x100
+-#define CHAP_MS_PEER		0x200
+-#define CHAP_MS2_WITHPEER	0x400
+-#define CHAP_MS2_PEER		0x800
+-#endif
+-
+-extern char *current_option;	/* the name of the option being parsed */
+-extern int  privileged_option;	/* set iff the current option came from root */
+-extern char *option_source;	/* string saying where the option came from */
+-extern int  option_priority;	/* priority of current options */
+-
+-/*
+- * Values for phase.
+- */
+-#define PHASE_DEAD		0
+-#define PHASE_INITIALIZE	1
+-#define PHASE_SERIALCONN	2
+-#define PHASE_DORMANT		3
+-#define PHASE_ESTABLISH		4
+-#define PHASE_AUTHENTICATE	5
+-#define PHASE_CALLBACK		6
+-#define PHASE_NETWORK		7
+-#define PHASE_RUNNING		8
+-#define PHASE_TERMINATE		9
+-#define PHASE_DISCONNECT	10
+-#define PHASE_HOLDOFF		11
+-
+-/*
+- * The following struct gives the addresses of procedures to call
+- * for a particular protocol.
+- */
+-struct protent {
+-    u_short protocol;		/* PPP protocol number */
+-    /* Initialization procedure */
+-    void (*init) __P((int unit));
+-    /* Process a received packet */
+-    void (*input) __P((int unit, u_char *pkt, int len));
+-    /* Process a received protocol-reject */
+-    void (*protrej) __P((int unit));
+-    /* Lower layer has come up */
+-    void (*lowerup) __P((int unit));
+-    /* Lower layer has gone down */
+-    void (*lowerdown) __P((int unit));
+-    /* Open the protocol */
+-    void (*open) __P((int unit));
+-    /* Close the protocol */
+-    void (*close) __P((int unit, char *reason));
+-    /* Print a packet in readable form */
+-    int  (*printpkt) __P((u_char *pkt, int len,
+-			  void (*printer) __P((void *, char *, ...)),
+-			  void *arg));
+-    /* Process a received data packet */
+-    void (*datainput) __P((int unit, u_char *pkt, int len));
+-    bool enabled_flag;		/* 0 iff protocol is disabled */
+-    char *name;			/* Text name of protocol */
+-    char *data_name;		/* Text name of corresponding data protocol */
+-    option_t *options;		/* List of command-line options */
+-    /* Check requested options, assign defaults */
+-    void (*check_options) __P((void));
+-    /* Configure interface for demand-dial */
+-    int  (*demand_conf) __P((int unit));
+-    /* Say whether to bring up link for this pkt */
+-    int  (*active_pkt) __P((u_char *pkt, int len));
+-};
+-
+-/* Table of pointers to supported protocols */
+-extern struct protent *protocols[];
+-
+-/*
+- * This struct contains pointers to a set of procedures for
+- * doing operations on a "channel".  A channel provides a way
+- * to send and receive PPP packets - the canonical example is
+- * a serial port device in PPP line discipline (or equivalently
+- * with PPP STREAMS modules pushed onto it).
+- */
+-struct channel {
+-	/* set of options for this channel */
+-	option_t *options;
+-	/* find and process a per-channel options file */
+-	void (*process_extra_options) __P((void));
+-	/* check all the options that have been given */
+-	void (*check_options) __P((void));
+-	/* get the channel ready to do PPP, return a file descriptor */
+-	int  (*connect) __P((void));
+-	/* we're finished with the channel */
+-	void (*disconnect) __P((void));
+-	/* put the channel into PPP `mode' */
+-	int  (*establish_ppp) __P((int));
+-	/* take the channel out of PPP `mode', restore loopback if demand */
+-	void (*disestablish_ppp) __P((int));
+-	/* set the transmit-side PPP parameters of the channel */
+-	void (*send_config) __P((int, u_int32_t, int, int));
+-	/* set the receive-side PPP parameters of the channel */
+-	void (*recv_config) __P((int, u_int32_t, int, int));
+-	/* cleanup on error or normal exit */
+-	void (*cleanup) __P((void));
+-	/* close the device, called in children after fork */
+-	void (*close) __P((void));
+-};
+-
+-extern struct channel *the_channel;
+-
+-/*
+- * Prototypes.
+- */
+-
+-/* Procedures exported from main.c. */
+-void set_ifunit __P((int));	/* set stuff that depends on ifunit */
+-void detach __P((void));	/* Detach from controlling tty */
+-void die __P((int));		/* Cleanup and exit */
+-void quit __P((void));		/* like die(1) */
+-void novm __P((char *));	/* Say we ran out of memory, and die */
+-void timeout __P((void (*func)(void *), void *arg, int s, int us));
+-				/* Call func(arg) after s.us seconds */
+-void untimeout __P((void (*func)(void *), void *arg));
+-				/* Cancel call to func(arg) */
+-void record_child __P((int, char *, void (*) (void *), void *));
+-pid_t safe_fork __P((void));	/* Fork & close stuff in child */
+-int  device_script __P((char *cmd, int in, int out, int dont_wait));
+-				/* Run `cmd' with given stdin and stdout */
+-pid_t run_program __P((char *prog, char **args, int must_exist,
+-		       void (*done)(void *), void *arg));
+-				/* Run program prog with args in child */
+-void reopen_log __P((void));	/* (re)open the connection to syslog */
+-void update_link_stats __P((int)); /* Get stats at link termination */
+-void script_setenv __P((char *, char *, int));	/* set script env var */
+-void script_unsetenv __P((char *));		/* unset script env var */
+-void new_phase __P((int));	/* signal start of new phase */
+-void add_notifier __P((struct notifier **, notify_func, void *));
+-void remove_notifier __P((struct notifier **, notify_func, void *));
+-void notify __P((struct notifier *, int));
+-int  ppp_send_config __P((int, int, u_int32_t, int, int));
+-int  ppp_recv_config __P((int, int, u_int32_t, int, int));
+-
+-/* Procedures exported from tty.c. */
+-void tty_init __P((void));
+-
+-/* Procedures exported from utils.c. */
+-void log_packet __P((u_char *, int, char *, int));
+-				/* Format a packet and log it with syslog */
+-void print_string __P((char *, int,  void (*) (void *, char *, ...),
+-		void *));	/* Format a string for output */
+-int slprintf __P((char *, int, char *, ...));		/* sprintf++ */
+-int vslprintf __P((char *, int, char *, va_list));	/* vsprintf++ */
+-size_t strlcpy __P((char *, const char *, size_t));	/* safe strcpy */
+-size_t strlcat __P((char *, const char *, size_t));	/* safe strncpy */
+-void dbglog __P((char *, ...));	/* log a debug message */
+-void info __P((char *, ...));	/* log an informational message */
+-void notice __P((char *, ...));	/* log a notice-level message */
+-void warn __P((char *, ...));	/* log a warning message */
+-void error __P((char *, ...));	/* log an error message */
+-void fatal __P((char *, ...));	/* log an error message and die(1) */
+-void init_pr_log __P((char *, int));	/* initialize for using pr_log */
+-void pr_log __P((void *, char *, ...));	/* printer fn, output to syslog */
+-void end_pr_log __P((void));	/* finish up after using pr_log */
+-void dump_packet __P((const char *, u_char *, int));
+-				/* dump packet to debug log if interesting */
+-ssize_t complete_read __P((int, void *, size_t));
+-				/* read a complete buffer */
+-
+-/* Procedures exported from auth.c */
+-void link_required __P((int));	  /* we are starting to use the link */
+-void link_terminated __P((int));  /* we are finished with the link */
+-void link_down __P((int));	  /* the LCP layer has left the Opened state */
+-void link_established __P((int)); /* the link is up; authenticate now */
+-void start_networks __P((int));   /* start all the network control protos */
+-void continue_networks __P((int)); /* start network [ip, etc] control protos */
+-void np_up __P((int, int));	  /* a network protocol has come up */
+-void np_down __P((int, int));	  /* a network protocol has gone down */
+-void np_finished __P((int, int)); /* a network protocol no longer needs link */
+-void auth_peer_fail __P((int, int));
+-				/* peer failed to authenticate itself */
+-void auth_peer_success __P((int, int, int, char *, int));
+-				/* peer successfully authenticated itself */
+-void auth_withpeer_fail __P((int, int));
+-				/* we failed to authenticate ourselves */
+-void auth_withpeer_success __P((int, int, int));
+-				/* we successfully authenticated ourselves */
+-void auth_check_options __P((void));
+-				/* check authentication options supplied */
+-void auth_reset __P((int));	/* check what secrets we have */
+-int  check_passwd __P((int, char *, int, char *, int, char **));
+-				/* Check peer-supplied username/password */
+-int  get_secret __P((int, char *, char *, char *, int *, int));
+-				/* get "secret" for chap */
+-int  get_srp_secret __P((int unit, char *client, char *server, char *secret,
+-    int am_server));
+-int  auth_ip_addr __P((int, u_int32_t));
+-				/* check if IP address is authorized */
+-int  auth_number __P((void));	/* check if remote number is authorized */
+-int  bad_ip_adrs __P((u_int32_t));
+-				/* check if IP address is unreasonable */
+-
+-/* Procedures exported from demand.c */
+-void demand_conf __P((void));	/* config interface(s) for demand-dial */
+-void demand_block __P((void));	/* set all NPs to queue up packets */
+-void demand_unblock __P((void)); /* set all NPs to pass packets */
+-void demand_discard __P((void)); /* set all NPs to discard packets */
+-void demand_rexmit __P((int));	/* retransmit saved frames for an NP */
+-int  loop_chars __P((unsigned char *, int)); /* process chars from loopback */
+-int  loop_frame __P((unsigned char *, int)); /* should we bring link up? */
+-
+-/* Procedures exported from multilink.c */
+-void mp_check_options __P((void)); /* Check multilink-related options */
+-int  mp_join_bundle __P((void));  /* join our link to an appropriate bundle */
+-char *epdisc_to_str __P((struct epdisc *)); /* string from endpoint discrim. */
+-int  str_to_epdisc __P((struct epdisc *, char *)); /* endpt disc. from str */
+-
+-/* Procedures exported from sys-*.c */
+-void sys_init __P((void));	/* Do system-dependent initialization */
+-void sys_cleanup __P((void));	/* Restore system state before exiting */
+-int  sys_check_options __P((void)); /* Check options specified */
+-void sys_close __P((void));	/* Clean up in a child before execing */
+-int  ppp_available __P((void));	/* Test whether ppp kernel support exists */
+-int  get_pty __P((int *, int *, char *, int));	/* Get pty master/slave */
+-int  open_ppp_loopback __P((void)); /* Open loopback for demand-dialling */
+-int  tty_establish_ppp __P((int));  /* Turn serial port into a ppp interface */
+-void tty_disestablish_ppp __P((int)); /* Restore port to normal operation */
+-void generic_disestablish_ppp __P((int dev_fd)); /* Restore device setting */
+-int  generic_establish_ppp __P((int dev_fd)); /* Make a ppp interface */
+-void make_new_bundle __P((int, int, int, int)); /* Create new bundle */
+-int  bundle_attach __P((int));	/* Attach link to existing bundle */
+-void cfg_bundle __P((int, int, int, int)); /* Configure existing bundle */
+-void clean_check __P((void));	/* Check if line was 8-bit clean */
+-void set_up_tty __P((int, int)); /* Set up port's speed, parameters, etc. */
+-void restore_tty __P((int));	/* Restore port's original parameters */
+-void setdtr __P((int, int));	/* Raise or lower port's DTR line */
+-void output __P((int, u_char *, int)); /* Output a PPP packet */
+-void wait_input __P((struct timeval *));
+-				/* Wait for input, with timeout */
+-void add_fd __P((int));		/* Add fd to set to wait for */
+-void remove_fd __P((int));	/* Remove fd from set to wait for */
+-int  read_packet __P((u_char *)); /* Read PPP packet */
+-int  get_loop_output __P((void)); /* Read pkts from loopback */
+-void tty_send_config __P((int, u_int32_t, int, int));
+-				/* Configure i/f transmit parameters */
+-void tty_set_xaccm __P((ext_accm));
+-				/* Set extended transmit ACCM */
+-void tty_recv_config __P((int, u_int32_t, int, int));
+-				/* Configure i/f receive parameters */
+-int  ccp_test __P((int, u_char *, int, int));
+-				/* Test support for compression scheme */
+-void ccp_flags_set __P((int, int, int));
+-				/* Set kernel CCP state */
+-int  ccp_fatal_error __P((int)); /* Test for fatal decomp error in kernel */
+-int  get_idle_time __P((int, struct ppp_idle *));
+-				/* Find out how long link has been idle */
+-int  get_ppp_stats __P((int, struct pppd_stats *));
+-				/* Return link statistics */
+-void netif_set_mtu __P((int, int)); /* Set PPP interface MTU */
+-int  netif_get_mtu __P((int));      /* Get PPP interface MTU */
+-int  sifvjcomp __P((int, int, int, int));
+-				/* Configure VJ TCP header compression */
+-int  sifup __P((int));		/* Configure i/f up for one protocol */
+-int  sifnpmode __P((int u, int proto, enum NPmode mode));
+-				/* Set mode for handling packets for proto */
+-int  sifdown __P((int));	/* Configure i/f down for one protocol */
+-int  sifaddr __P((int, u_int32_t, u_int32_t, u_int32_t));
+-				/* Configure IPv4 addresses for i/f */
+-int  cifaddr __P((int, u_int32_t, u_int32_t));
+-				/* Reset i/f IP addresses */
+-#ifdef INET6
+-int  sif6addr __P((int, eui64_t, eui64_t));
+-				/* Configure IPv6 addresses for i/f */
+-int  cif6addr __P((int, eui64_t, eui64_t));
+-				/* Remove an IPv6 address from i/f */
+-#endif
+-int  sifdefaultroute __P((int, u_int32_t, u_int32_t));
+-				/* Create default route through i/f */
+-int  cifdefaultroute __P((int, u_int32_t, u_int32_t));
+-				/* Delete default route through i/f */
+-int  sifproxyarp __P((int, u_int32_t));
+-				/* Add proxy ARP entry for peer */
+-int  cifproxyarp __P((int, u_int32_t));
+-				/* Delete proxy ARP entry for peer */
+-u_int32_t GetMask __P((u_int32_t)); /* Get appropriate netmask for address */
+-int  lock __P((char *));	/* Create lock file for device */
+-int  relock __P((int));		/* Rewrite lock file with new pid */
+-void unlock __P((void));	/* Delete previously-created lock file */
+-void logwtmp __P((const char *, const char *, const char *));
+-				/* Write entry to wtmp file */
+-int  get_host_seed __P((void));	/* Get host-dependent random number seed */
+-int  have_route_to __P((u_int32_t)); /* Check if route to addr exists */
+-#ifdef PPP_FILTER
+-int  set_filters __P((struct bpf_program *pass, struct bpf_program *active));
+-				/* Set filter programs in kernel */
+-#endif
+-#ifdef IPX_CHANGE
+-int  sipxfaddr __P((int, unsigned long, unsigned char *));
+-int  cipxfaddr __P((int));
+-#endif
+-int  get_if_hwaddr __P((u_char *addr, char *name));
+-char *get_first_ethernet __P((void));
+-
+-/* Procedures exported from options.c */
+-int setipaddr __P((char *, char **, int)); /* Set local/remote ip addresses */
+-int  parse_args __P((int argc, char **argv));
+-				/* Parse options from arguments given */
+-int  options_from_file __P((char *filename, int must_exist, int check_prot,
+-			    int privileged));
+-				/* Parse options from an options file */
+-int  options_from_user __P((void)); /* Parse options from user's .ppprc */
+-int  options_for_tty __P((void)); /* Parse options from /etc/ppp/options.tty */
+-int  options_from_list __P((struct wordlist *, int privileged));
+-				/* Parse options from a wordlist */
+-int  getword __P((FILE *f, char *word, int *newlinep, char *filename));
+-				/* Read a word from a file */
+-void option_error __P((char *fmt, ...));
+-				/* Print an error message about an option */
+-int int_option __P((char *, int *));
+-				/* Simplified number_option for decimal ints */
+-void add_options __P((option_t *)); /* Add extra options */
+-void check_options __P((void));	/* check values after all options parsed */
+-int  override_value __P((const char *, int, const char *));
+-				/* override value if permitted by priority */
+-void print_options __P((void (*) __P((void *, char *, ...)), void *));
+-				/* print out values of all options */
+-
+-int parse_dotted_ip __P((char *, u_int32_t *));
+-
+-/*
+- * Hooks to enable plugins to change various things.
+- */
+-extern int (*new_phase_hook) __P((int));
+-extern int (*idle_time_hook) __P((struct ppp_idle *));
+-extern int (*holdoff_hook) __P((void));
+-extern int (*pap_check_hook) __P((void));
+-extern int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp,
+-				 struct wordlist **paddrs,
+-				 struct wordlist **popts));
+-extern void (*pap_logout_hook) __P((void));
+-extern int (*pap_passwd_hook) __P((char *user, char *passwd));
+-extern int (*allowed_address_hook) __P((u_int32_t addr));
+-extern void (*ip_up_hook) __P((void));
+-extern void (*ip_down_hook) __P((void));
+-extern void (*ip_choose_hook) __P((u_int32_t *));
+-
+-extern int (*chap_check_hook) __P((void));
+-extern int (*chap_passwd_hook) __P((char *user, char *passwd));
+-
+-/* Let a plugin snoop sent and received packets.  Useful for L2TP */
+-extern void (*snoop_recv_hook) __P((unsigned char *p, int len));
+-extern void (*snoop_send_hook) __P((unsigned char *p, int len));
+-
+-/*
+- * Inline versions of get/put char/short/long.
+- * Pointer is advanced; we assume that both arguments
+- * are lvalues and will already be in registers.
+- * cp MUST be u_char *.
+- */
+-#define GETCHAR(c, cp) { \
+-	(c) = *(cp)++; \
+-}
+-#define PUTCHAR(c, cp) { \
+-	*(cp)++ = (u_char) (c); \
+-}
+-
+-
+-#define GETSHORT(s, cp) { \
+-	(s) = *(cp)++ << 8; \
+-	(s) |= *(cp)++; \
+-}
+-#define PUTSHORT(s, cp) { \
+-	*(cp)++ = (u_char) ((s) >> 8); \
+-	*(cp)++ = (u_char) (s); \
+-}
+-
+-#define GETLONG(l, cp) { \
+-	(l) = *(cp)++ << 8; \
+-	(l) |= *(cp)++; (l) <<= 8; \
+-	(l) |= *(cp)++; (l) <<= 8; \
+-	(l) |= *(cp)++; \
+-}
+-#define PUTLONG(l, cp) { \
+-	*(cp)++ = (u_char) ((l) >> 24); \
+-	*(cp)++ = (u_char) ((l) >> 16); \
+-	*(cp)++ = (u_char) ((l) >> 8); \
+-	*(cp)++ = (u_char) (l); \
+-}
+-
+-#define INCPTR(n, cp)	((cp) += (n))
+-#define DECPTR(n, cp)	((cp) -= (n))
+-
+-/*
+- * System dependent definitions for user-level 4.3BSD UNIX implementation.
+- */
+-
+-#define TIMEOUT(r, f, t)	timeout((r), (f), (t), 0)
+-#define UNTIMEOUT(r, f)		untimeout((r), (f))
+-
+-#define BCOPY(s, d, l)		memcpy(d, s, l)
+-#define BZERO(s, n)		memset(s, 0, n)
+-#define	BCMP(s1, s2, l)		memcmp(s1, s2, l)
+-
+-#define PRINTMSG(m, l)		{ info("Remote message: %0.*v", l, m); }
+-
+-/*
+- * MAKEHEADER - Add Header fields to a packet.
+- */
+-#define MAKEHEADER(p, t) { \
+-    PUTCHAR(PPP_ALLSTATIONS, p); \
+-    PUTCHAR(PPP_UI, p); \
+-    PUTSHORT(t, p); }
+-
+-/*
+- * Exit status values.
+- */
+-#define EXIT_OK			0
+-#define EXIT_FATAL_ERROR	1
+-#define EXIT_OPTION_ERROR	2
+-#define EXIT_NOT_ROOT		3
+-#define EXIT_NO_KERNEL_SUPPORT	4
+-#define EXIT_USER_REQUEST	5
+-#define EXIT_LOCK_FAILED	6
+-#define EXIT_OPEN_FAILED	7
+-#define EXIT_CONNECT_FAILED	8
+-#define EXIT_PTYCMD_FAILED	9
+-#define EXIT_NEGOTIATION_FAILED	10
+-#define EXIT_PEER_AUTH_FAILED	11
+-#define EXIT_IDLE_TIMEOUT	12
+-#define EXIT_CONNECT_TIME	13
+-#define EXIT_CALLBACK		14
+-#define EXIT_PEER_DEAD		15
+-#define EXIT_HANGUP		16
+-#define EXIT_LOOPBACK		17
+-#define EXIT_INIT_FAILED	18
+-#define EXIT_AUTH_TOPEER_FAILED	19
+-#ifdef MAXOCTETS
+-#define EXIT_TRAFFIC_LIMIT	20
+-#endif
+-#define EXIT_CNID_AUTH_FAILED	21
+-
+-/*
+- * Debug macros.  Slightly useful for finding bugs in pppd, not particularly
+- * useful for finding out why your connection isn't being established.
+- */
+-#ifdef DEBUGALL
+-#define DEBUGMAIN	1
+-#define DEBUGFSM	1
+-#define DEBUGLCP	1
+-#define DEBUGIPCP	1
+-#define DEBUGIPV6CP	1
+-#define DEBUGUPAP	1
+-#define DEBUGCHAP	1
+-#endif
+-
+-#ifndef LOG_PPP			/* we use LOG_LOCAL2 for syslog by default */
+-#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
+-  || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
+-  || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
+-#define LOG_PPP LOG_LOCAL2
+-#else
+-#define LOG_PPP LOG_DAEMON
+-#endif
+-#endif /* LOG_PPP */
+-
+-#ifdef DEBUGMAIN
+-#define MAINDEBUG(x)	if (debug) dbglog x
+-#else
+-#define MAINDEBUG(x)
+-#endif
+-
+-#ifdef DEBUGSYS
+-#define SYSDEBUG(x)	if (debug) dbglog x
+-#else
+-#define SYSDEBUG(x)
+-#endif
+-
+-#ifdef DEBUGFSM
+-#define FSMDEBUG(x)	if (debug) dbglog x
+-#else
+-#define FSMDEBUG(x)
+-#endif
+-
+-#ifdef DEBUGLCP
+-#define LCPDEBUG(x)	if (debug) dbglog x
+-#else
+-#define LCPDEBUG(x)
+-#endif
+-
+-#ifdef DEBUGIPCP
+-#define IPCPDEBUG(x)	if (debug) dbglog x
+-#else
+-#define IPCPDEBUG(x)
+-#endif
+-
+-#ifdef DEBUGIPV6CP
+-#define IPV6CPDEBUG(x)  if (debug) dbglog x
+-#else
+-#define IPV6CPDEBUG(x)
+-#endif
+-
+-#ifdef DEBUGUPAP
+-#define UPAPDEBUG(x)	if (debug) dbglog x
+-#else
+-#define UPAPDEBUG(x)
+-#endif
+-
+-#ifdef DEBUGCHAP
+-#define CHAPDEBUG(x)	if (debug) dbglog x
+-#else
+-#define CHAPDEBUG(x)
+-#endif
+-
+-#ifdef DEBUGIPXCP
+-#define IPXCPDEBUG(x)	if (debug) dbglog x
+-#else
+-#define IPXCPDEBUG(x)
+-#endif
+-
+-#ifndef SIGTYPE
+-#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
+-#define SIGTYPE void
+-#else
+-#define SIGTYPE int
+-#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
+-#endif /* SIGTYPE */
+-
+-#ifndef MIN
+-#define MIN(a, b)	((a) < (b)? (a): (b))
+-#endif
+-#ifndef MAX
+-#define MAX(a, b)	((a) > (b)? (a): (b))
+-#endif
+-
+-#ifndef offsetof
+-#define offsetof(type, member) ((size_t) &((type *)0)->member)
+-#endif
+-
+-#endif /* __PPP_H__ */

+ 32 - 0
debian/patches/debian-416404_out-of-order-sequence-number.patch

@@ -0,0 +1,32 @@
+Description: Check for out-of-order sequence numbers
+ Applied upstream 2007-04-24 05:13:17
+Origin: http://marc.info/?l=poptop-server&m=117737453400588&w=2
+Forwarded: not-needed
+Bug-Debian: http://bugs.debian.org/416404
+
+--- a/pptpgre.c
++++ b/pptpgre.c
+@@ -403,15 +403,20 @@
+ 			stats.rx_truncated++;
+ 			return 0;
+ 		}
+-		/* check for out-of-order sequence number */
+-		if (seq == gre.seq_recv + 1) {
++		/* check for out-of-order sequence number
++		 * N.B.: some client implementations violate RFC 2637
++		 * and start their sequence numbers at 1 instead of 0,
++		 * so we have to introduce a kludge to deal with it. 
++		 * on wrap we may allow an out of order packet to pass
++		*/
++		if (seq == gre.seq_recv + 1 || seq == 1) {
+ 			if (pptpctrl_debug)
+ 				syslog(LOG_DEBUG, "GRE: accepting packet #%d", 
+ 				       seq);
+ 			stats.rx_accepted++;
+ 			gre.seq_recv = seq;
+ 			return cb(cl, buffer + ip_len + headersize, payload_len);
+-		} else if (seq == gre.seq_recv) {
++		} else if (!seq_greater(seq, gre.seq_recv)) {
+ 			if (pptpctrl_debug)
+ 				syslog(LOG_DEBUG,
+ 				       "GRE: discarding duplicate or old packet #%d (expecting #%d)", 

+ 29 - 0
debian/patches/debian-610375_remote-number-support.patch

@@ -0,0 +1,29 @@
+Description: "remotenumber" support
+Author: Igor A Tarasov <develop@dicr.org>
+Author: Michael Poetters <michael@poetters.net>
+Forwarded: http://sourceforge.net/mailarchive/forum.php?thread_name=1360193861%40msgid.manchmal.in-ulm.de&forum_name=poptop-server
+Bug-Debian: http://bugs.debian.org/610375
+Bug-Debian: http://bugs.debian.org/625459
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pptpd/+bug/704245
+
+--- a/pptpctrl.c
++++ b/pptpctrl.c
+@@ -657,7 +657,7 @@
+  */
+ static void launch_pppd(char **pppaddrs, struct in_addr *inetaddrs)
+ {
+-	char *pppd_argv[14];
++	char *pppd_argv[16];
+ 	int an = 0;
+ 	sigset_t sigs;
+ 
+@@ -778,6 +778,9 @@
+                  pppd_argv[an++] = inet_ntoa(inetaddrs[1]);
+         }
+ 
++	pppd_argv[an++] = "remotenumber";
++	pppd_argv[an++] = inet_ntoa(inetaddrs[1]);
++
+ 	/* argv arrays must always be NULL terminated */
+ 	pppd_argv[an++] = NULL;
+ 	/* make sure SIGCHLD is unblocked, pppd does not expect it */

+ 37 - 0
debian/patches/debian-692129_pptpd-1.3.4_manage-enobufs.patch

@@ -0,0 +1,37 @@
+Description: Fix PPTP connections drop
+Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692129#22
+Author: Maximiliano Curia <maxy@debian.org>
+Forwarded: http://sourceforge.net/mailarchive/forum.php?thread_name=1360193901%40msgid.manchmal.in-ulm.de&forum_name=poptop-server
+Bug-Debian: http://bugs.debian.org/692129
+
+--- a/pptpgre.c
++++ b/pptpgre.c
+@@ -443,6 +443,7 @@
+ 		unsigned char buffer[PACKET_MAX + sizeof(struct pptp_gre_header)];
+ 	} u;
+ 	unsigned header_len;
++	ssize_t status;
+ #ifdef HAVE_WRITEV
+ 	struct iovec iovec[2];
+ #endif
+@@ -493,12 +494,18 @@
+ 	iovec[0].iov_len = header_len;
+ 	iovec[1].iov_base = pack;
+ 	iovec[1].iov_len = len;
+-	return writev(fd, iovec, 2);
++	status = writev(fd, iovec, 2); 
+ #else
+ 	/* copy payload into buffer */
+ 	memcpy(u.buffer + header_len, pack, len);
+ 	/* record and increment sequence numbers */
+ 	/* write this baby out to the net */
+-	return write(fd, u.buffer, header_len + len);
++	status = write(fd, u.buffer, header_len + len);
+ #endif
++	if ((status >= 0) || (errno != ENOBUFS)) {
++		return status;
++	}
++	// if ENOBUFS, do not close the connection
++	gre.seq_sent--;
++	return 0;
+ }

+ 23 - 0
debian/patches/debian-693136_avoid-binary-trash.patch

@@ -0,0 +1,23 @@
+Description: Fix "Binary trash when launching ppp"
+Author: "tevaum@gmail.com" <tevaum@gmail.com>
+Forwarded: no
+Bug-Debian: http://bugs.debian.org/693136
+
+--- a/pptpctrl.c
++++ b/pptpctrl.c
+@@ -660,6 +660,7 @@
+ 	char *pppd_argv[16];
+ 	int an = 0;
+ 	sigset_t sigs;
++	char pppInterfaceIPs[33];
+ 
+ 	pppd_argv[an++] = ppp_binary;
+ 
+@@ -760,7 +761,6 @@
+ 	}
+ 	
+ 	if (*pppaddrs[0] || *pppaddrs[1]) {
+-		char pppInterfaceIPs[33];
+ 		sprintf(pppInterfaceIPs, "%s:%s", pppaddrs[0], pppaddrs[1]);
+ 		pppd_argv[an++] = pppInterfaceIPs;
+ 	}

+ 8 - 0
debian/patches/series

@@ -0,0 +1,8 @@
+build_hardening-flags.patch
+
+debian-000000_invalid-ip-range.patch
+debian-369714_support-ppd-2.4.4.patch
+debian-416404_out-of-order-sequence-number.patch
+debian-610375_remote-number-support.patch
+debian-692129_pptpd-1.3.4_manage-enobufs.patch
+debian-693136_avoid-binary-trash.patch

+ 2 - 2
plugins/Makefile

@@ -1,7 +1,7 @@
 CC	= gcc
 COPTS	= -O2 -g
-CFLAGS  += $(COPTS) -I.. -I../../include -fPIC
-LDFLAGS += -shared
+CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
+LDFLAGS	= -shared
 LDADD   = -lutil
 INSTALL	= install -o root
 prefix  = /usr/local

+ 9 - 36
plugins/pppd.h

@@ -39,7 +39,8 @@
  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  *
- * $Id: pppd.h,v 1.91 2005/08/25 23:59:34 paulus Exp $
+ * upstream pppd.h,v 1.82 2003/04/07 00:01:46 paulus Exp
+ * $Id: pppd.h,v 1.1 2004/04/28 11:36:07 quozl Exp $
  */
 
 /*
@@ -215,8 +216,6 @@ extern int	ifunit;		/* Interface unit number */
 extern char	ifname[];	/* Interface name */
 extern char	hostname[];	/* Our hostname */
 extern u_char	outpacket_buf[]; /* Buffer for outgoing packets */
-extern int	devfd;		/* fd of underlying device */
-extern int	fd_ppp;		/* fd for talking PPP */
 extern int	phase;		/* Current state of link - see values below */
 extern int	baud_rate;	/* Current link speed in bits/sec */
 extern char	*progname;	/* Name of this program */
@@ -245,14 +244,8 @@ extern int	error_count;	/* # of times error() has been called */
 extern char	ppp_devnam[MAXPATHLEN];
 extern char     remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
 extern int      ppp_session_number; /* Session number (eg PPPoE session) */
-extern int	fd_devnull;	/* fd open to /dev/null */
 
 extern int	listen_time;	/* time to listen first (ms) */
-extern bool	doing_multilink;
-extern bool	multilink_master;
-extern bool	bundle_eof;
-extern bool	bundle_terminating;
-
 extern struct notifier *pidchange;   /* for notifications of pid changing */
 extern struct notifier *phasechange; /* for notifications of phase changes */
 extern struct notifier *exitnotify;  /* for notification that we're exiting */
@@ -312,14 +305,11 @@ extern bool	tune_kernel;	/* May alter kernel settings as necessary */
 extern int	connect_delay;	/* Time to delay after connect script */
 extern int	max_data_rate;	/* max bytes/sec through charshunt */
 extern int	req_unit;	/* interface unit number to use */
-extern char	path_ipup[MAXPATHLEN]; /* pathname of ip-up script */
-extern char	path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */
 extern bool	multilink;	/* enable multilink operation */
 extern bool	noendpoint;	/* don't send or accept endpt. discrim. */
 extern char	*bundle_name;	/* bundle name for multilink */
 extern bool	dump_options;	/* print out option values */
 extern bool	dryrun;		/* check everything, print options, exit */
-extern int	child_wait;	/* # seconds to wait for children at end */
 
 #ifdef MAXOCTETS
 extern unsigned int maxoctets;	     /* Maximum octetes per session (in bytes) */
@@ -358,11 +348,13 @@ extern bool	ms_lanman;	/* Use LanMan password instead of NT */
 /* Values for auth_done only */
 #define CHAP_MD5_WITHPEER	0x40
 #define CHAP_MD5_PEER		0x80
+#ifdef CHAPMS
 #define CHAP_MS_SHIFT		8	/* LSB position for MS auths */
 #define CHAP_MS_WITHPEER	0x100
 #define CHAP_MS_PEER		0x200
 #define CHAP_MS2_WITHPEER	0x400
 #define CHAP_MS2_PEER		0x800
+#endif
 
 extern char *current_option;	/* the name of the option being parsed */
 extern int  privileged_option;	/* set iff the current option came from root */
@@ -384,7 +376,6 @@ extern int  option_priority;	/* priority of current options */
 #define PHASE_TERMINATE		9
 #define PHASE_DISCONNECT	10
 #define PHASE_HOLDOFF		11
-#define PHASE_MASTER		12
 
 /*
  * The following struct gives the addresses of procedures to call
@@ -476,15 +467,13 @@ void timeout __P((void (*func)(void *), void *arg, int s, int us));
 void untimeout __P((void (*func)(void *), void *arg));
 				/* Cancel call to func(arg) */
 void record_child __P((int, char *, void (*) (void *), void *));
-pid_t safe_fork __P((int, int, int));	/* Fork & close stuff in child */
+pid_t safe_fork __P((void));	/* Fork & close stuff in child */
 int  device_script __P((char *cmd, int in, int out, int dont_wait));
 				/* Run `cmd' with given stdin and stdout */
 pid_t run_program __P((char *prog, char **args, int must_exist,
-		       void (*done)(void *), void *arg, int wait));
+		       void (*done)(void *), void *arg));
 				/* Run program prog with args in child */
 void reopen_log __P((void));	/* (re)open the connection to syslog */
-void print_link_stats __P((void)); /* Print stats, if available */
-void reset_link_stats __P((int)); /* Reset (init) stats when link goes up */
 void update_link_stats __P((int)); /* Get stats at link termination */
 void script_setenv __P((char *, char *, int));	/* set script env var */
 void script_unsetenv __P((char *));		/* unset script env var */
@@ -494,10 +483,6 @@ void remove_notifier __P((struct notifier **, notify_func, void *));
 void notify __P((struct notifier *, int));
 int  ppp_send_config __P((int, int, u_int32_t, int, int));
 int  ppp_recv_config __P((int, int, u_int32_t, int, int));
-const char *protocol_name __P((int));
-void remove_pidfiles __P((void));
-void lock_db __P((void));
-void unlock_db __P((void));
 
 /* Procedures exported from tty.c. */
 void tty_init __P((void));
@@ -527,10 +512,8 @@ ssize_t complete_read __P((int, void *, size_t));
 
 /* Procedures exported from auth.c */
 void link_required __P((int));	  /* we are starting to use the link */
-void start_link __P((int));	  /* bring the link up now */
 void link_terminated __P((int));  /* we are finished with the link */
 void link_down __P((int));	  /* the LCP layer has left the Opened state */
-void upper_layers_down __P((int));/* take all NCPs down */
 void link_established __P((int)); /* the link is up; authenticate now */
 void start_networks __P((int));   /* start all the network control protos */
 void continue_networks __P((int)); /* start network [ip, etc] control protos */
@@ -565,24 +548,15 @@ void demand_conf __P((void));	/* config interface(s) for demand-dial */
 void demand_block __P((void));	/* set all NPs to queue up packets */
 void demand_unblock __P((void)); /* set all NPs to pass packets */
 void demand_discard __P((void)); /* set all NPs to discard packets */
-void demand_rexmit __P((int, u_int32_t)); /* retransmit saved frames for an NP*/
+void demand_rexmit __P((int));	/* retransmit saved frames for an NP */
 int  loop_chars __P((unsigned char *, int)); /* process chars from loopback */
 int  loop_frame __P((unsigned char *, int)); /* should we bring link up? */
 
 /* Procedures exported from multilink.c */
-#ifdef HAVE_MULTILINK
 void mp_check_options __P((void)); /* Check multilink-related options */
 int  mp_join_bundle __P((void));  /* join our link to an appropriate bundle */
-void mp_exit_bundle __P((void));  /* have disconnected our link from bundle */
-void mp_bundle_terminated __P((void));
 char *epdisc_to_str __P((struct epdisc *)); /* string from endpoint discrim. */
 int  str_to_epdisc __P((struct epdisc *, char *)); /* endpt disc. from str */
-#else
-#define mp_bundle_terminated()	/* nothing */
-#define mp_exit_bundle()	/* nothing */
-#define doing_multilink		0
-#define multilink_master	0
-#endif
 
 /* Procedures exported from sys-*.c */
 void sys_init __P((void));	/* Do system-dependent initialization */
@@ -599,7 +573,6 @@ int  generic_establish_ppp __P((int dev_fd)); /* Make a ppp interface */
 void make_new_bundle __P((int, int, int, int)); /* Create new bundle */
 int  bundle_attach __P((int));	/* Attach link to existing bundle */
 void cfg_bundle __P((int, int, int, int)); /* Configure existing bundle */
-void destroy_bundle __P((void)); /* Tell driver to destroy bundle */
 void clean_check __P((void));	/* Check if line was 8-bit clean */
 void set_up_tty __P((int, int)); /* Set up port's speed, parameters, etc. */
 void restore_tty __P((int));	/* Restore port's original parameters */
@@ -644,7 +617,7 @@ int  sif6addr __P((int, eui64_t, eui64_t));
 int  cif6addr __P((int, eui64_t, eui64_t));
 				/* Remove an IPv6 address from i/f */
 #endif
-int  sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt));
+int  sifdefaultroute __P((int, u_int32_t, u_int32_t));
 				/* Create default route through i/f */
 int  cifdefaultroute __P((int, u_int32_t, u_int32_t));
 				/* Delete default route through i/f */
@@ -829,7 +802,7 @@ extern void (*snoop_send_hook) __P((unsigned char *p, int len));
   || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
 #define LOG_PPP LOG_LOCAL2
 #else
-#define LOG_PPP LOG_LOCAL2
+#define LOG_PPP LOG_DAEMON
 #endif
 #endif /* LOG_PPP */
 

+ 1 - 1
plugins/pptpd-logwtmp.c

@@ -12,7 +12,7 @@
 #include <unistd.h>
 #include <utmp.h>
 #include <string.h>
-#include <pppd/pppd.h>
+#include "pppd.h"
 
 char pppd_version[] = VERSION;
 

+ 2 - 5
pptpctrl.c

@@ -657,10 +657,9 @@ static int startCall(char **pppaddrs, struct in_addr *inetaddrs)
  */
 static void launch_pppd(char **pppaddrs, struct in_addr *inetaddrs)
 {
-	char *pppd_argv[16];
+	char *pppd_argv[14];
 	int an = 0;
 	sigset_t sigs;
-	char pppInterfaceIPs[33];
 
 	pppd_argv[an++] = ppp_binary;
 
@@ -761,6 +760,7 @@ static void launch_pppd(char **pppaddrs, struct in_addr *inetaddrs)
 	}
 	
 	if (*pppaddrs[0] || *pppaddrs[1]) {
+		char pppInterfaceIPs[33];
 		sprintf(pppInterfaceIPs, "%s:%s", pppaddrs[0], pppaddrs[1]);
 		pppd_argv[an++] = pppInterfaceIPs;
 	}
@@ -777,9 +777,6 @@ static void launch_pppd(char **pppaddrs, struct in_addr *inetaddrs)
                  pppd_argv[an++] = "pptpd-original-ip";
                  pppd_argv[an++] = inet_ntoa(inetaddrs[1]);
         }
-        
-        pppd_argv[an++] = "remotenumber";
-        pppd_argv[an++] = inet_ntoa(inetaddrs[1]);
 
 	/* argv arrays must always be NULL terminated */
 	pppd_argv[an++] = NULL;

+ 0 - 10
pptpd.c

@@ -735,16 +735,6 @@ static void processIPStr(int type, char *ipstr)
 				continue;
 			}
 
-			if (upper < lower) {
-			/* if upper < lower segmantation fault in pptpctrl happens
-			 * due to enabling pppLocal parameter without providing its value.
-			 *
-			 * we can safely use ipstr because it is not modified except
-			 * of truncating.
-			 */
-				syslog(LOG_ERR, "MGR: Bad %s IP range: %s", (type == LOCAL)?"local":"remote", ipstr);
-				exit(1);
-			}
 			for (n = lower; n <= upper; n++) {
 				sprintf(tmpstr5, "%s%d%s", ip_pre, n, ip_post);
 				/* Check if the ip address is valid */

+ 5 - 17
pptpgre.c

@@ -403,20 +403,15 @@ int decaps_gre(int fd, int (*cb) (int cl, void *pack, unsigned len), int cl)
 			stats.rx_truncated++;
 			return 0;
 		}
-		/* check for out-of-order sequence number
-		 * N.B.: some client implementations violate RFC 2637
-		 * and start their sequence numbers at 1 instead of 0,
-		 * so we have to introduce a kludge to deal with it. 
-		 * on wrap we may allow an out of order packet to pass
-		*/
-		if (seq == gre.seq_recv + 1 || seq == 1) {
+		/* check for out-of-order sequence number */
+		if (seq == gre.seq_recv + 1) {
 			if (pptpctrl_debug)
 				syslog(LOG_DEBUG, "GRE: accepting packet #%d", 
 				       seq);
 			stats.rx_accepted++;
 			gre.seq_recv = seq;
 			return cb(cl, buffer + ip_len + headersize, payload_len);
-		} else if (!seq_greater(seq, gre.seq_recv)) {
+		} else if (seq == gre.seq_recv) {
 			if (pptpctrl_debug)
 				syslog(LOG_DEBUG,
 				       "GRE: discarding duplicate or old packet #%d (expecting #%d)", 
@@ -443,7 +438,6 @@ int encaps_gre(int fd, void *pack, unsigned len)
 		unsigned char buffer[PACKET_MAX + sizeof(struct pptp_gre_header)];
 	} u;
 	unsigned header_len;
-	ssize_t status;
 #ifdef HAVE_WRITEV
 	struct iovec iovec[2];
 #endif
@@ -494,18 +488,12 @@ int encaps_gre(int fd, void *pack, unsigned len)
 	iovec[0].iov_len = header_len;
 	iovec[1].iov_base = pack;
 	iovec[1].iov_len = len;
-	status = writev(fd, iovec, 2); 
+	return writev(fd, iovec, 2);
 #else
 	/* copy payload into buffer */
 	memcpy(u.buffer + header_len, pack, len);
 	/* record and increment sequence numbers */
 	/* write this baby out to the net */
-	status = write(fd, u.buffer, header_len + len);
+	return write(fd, u.buffer, header_len + len);
 #endif
-	if ((status >= 0) || (errno != ENOBUFS)) {
-		return status;
-	}
-	// if ENOBUFS, do not close the connection
-	gre.seq_sent--;
-	return 0;
 }

+ 1 - 1
samples/options.pptpd

@@ -1,5 +1,5 @@
 ###############################################################################
-# $Id$
+# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $
 #
 # Sample Poptop PPP options file /etc/ppp/options.pptpd
 # Options used by PPP when a connection arrives from a client.