new file mode 100644
@@ -0,0 +1,162 @@
+diff -Naur pppd.orig/auth.c pppd/auth.c
+--- pppd.orig/auth.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/auth.c 2023-06-30 12:38:13.748482796 +0200
+@@ -518,7 +518,7 @@
+ free(fname);
+ return 0;
+ }
+- ufile = fopen(fname, "r");
++ ufile = fopen(fname, "re");
+ if (seteuid(euid) == -1)
+ fatal("unable to regain privileges: %m");
+ if (ufile == NULL) {
+@@ -1535,7 +1535,7 @@
+ filename = PPP_PATH_UPAPFILE;
+ addrs = opts = NULL;
+ ret = UPAP_AUTHNAK;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL) {
+ error("Can't open PAP password file %s: %m", filename);
+
+@@ -1635,7 +1635,7 @@
+ if (ret <= 0) {
+ filename = PPP_PATH_UPAPFILE;
+ addrs = NULL;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+ check_access(f, filename);
+@@ -1681,7 +1681,7 @@
+ }
+
+ filename = PPP_PATH_UPAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+ check_access(f, filename);
+@@ -1718,7 +1718,7 @@
+ }
+
+ filename = PPP_PATH_UPAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1760,7 +1760,7 @@
+ }
+
+ filename = PPP_PATH_CHAPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1798,7 +1798,7 @@
+ struct wordlist *addrs;
+
+ filename = PPP_PATH_SRPFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -1849,7 +1849,7 @@
+ addrs = NULL;
+ secbuf[0] = 0;
+
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL) {
+ error("Can't open chap secret file %s: %m", filename);
+ return 0;
+@@ -1902,7 +1902,7 @@
+ filename = PPP_PATH_SRPFILE;
+ addrs = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "re");
+ if (fp == NULL) {
+ error("Can't open srp secret file %s: %m", filename);
+ return 0;
+@@ -2291,7 +2291,7 @@
+ */
+ if (word[0] == '@' && word[1] == '/') {
+ strlcpy(atfile, word+1, sizeof(atfile));
+- if ((sf = fopen(atfile, "r")) == NULL) {
++ if ((sf = fopen(atfile, "re")) == NULL) {
+ warn("can't open indirect secret file %s", atfile);
+ continue;
+ }
+@@ -2461,7 +2461,7 @@
+ char pkfile[MAXWORDLEN];
+
+ filename = PPP_PATH_EAPTLSSERVFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -2518,7 +2518,7 @@
+ return 1;
+
+ filename = PPP_PATH_EAPTLSCLIFILE;
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ if (f == NULL)
+ return 0;
+
+@@ -2738,7 +2738,7 @@
+ filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE);
+ addrs = NULL;
+
+- fp = fopen(filename, "r");
++ fp = fopen(filename, "re");
+ if (fp == NULL)
+ {
+ error("Can't open eap-tls secret file %s: %m", filename);
+diff -Naur pppd.orig/options.c pppd/options.c
+--- pppd.orig/options.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/options.c 2023-06-30 12:42:19.262593140 +0200
+@@ -555,7 +555,7 @@
+ ppp_option_error("unable to drop privileges to open %s: %m", filename);
+ return 0;
+ }
+- f = fopen(filename, "r");
++ f = fopen(filename, "re");
+ err = errno;
+ if (check_prot && seteuid(euid) == -1)
+ fatal("unable to regain privileges");
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-03-10 02:50:41.000000000 +0100
++++ pppd/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
+@@ -1978,7 +1978,7 @@
+ /* Default the mount location of /proc */
+ strlcpy (proc_path, "/proc", sizeof(proc_path));
+ proc_path_len = 5;
+- fp = fopen(MOUNTED, "r");
++ fp = fopen(MOUNTED, "re");
+ if (fp != NULL) {
+ while ((mntent = getmntent(fp)) != NULL) {
+ if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0)
+@@ -2038,7 +2038,7 @@
+ close_route_table();
+
+ path = path_to_procfs("/net/route");
+- route_fd = fopen (path, "r");
++ route_fd = fopen (path, "re");
+ if (route_fd == NULL) {
+ error("can't open routing table %s: %m", path);
+ return 0;
+@@ -2322,7 +2322,7 @@
+ close_route_table();
+
+ path = path_to_procfs("/net/ipv6_route");
+- route_fd = fopen (path, "r");
++ route_fd = fopen (path, "re");
+ if (route_fd == NULL) {
+ error("can't open routing table %s: %m", path);
+ return 0;
new file mode 100644
@@ -0,0 +1,208 @@
+diff -Naur pppd.orig/eap.c pppd/eap.c
+--- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200
+@@ -1542,7 +1542,7 @@
+
+ if ((path = name_of_pn_file()) == NULL)
+ return (-1);
+- fd = open(path, modebits, S_IRUSR | S_IWUSR);
++ fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
+ err = errno;
+ free(path);
+ errno = err;
+diff -Naur pppd.orig/main.c pppd/main.c
+--- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200
+@@ -479,7 +479,7 @@
+ die(0);
+
+ /* Make sure fds 0, 1, 2 are open to somewhere. */
+- fd_devnull = open(PPP_DEVNULL, O_RDWR);
++ fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC);
+ if (fd_devnull < 0)
+ fatal("Couldn't open %s: %m", PPP_DEVNULL);
+ while (fd_devnull <= 2) {
+diff -Naur pppd.orig/options.c pppd/options.c
+--- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200
++++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200
+@@ -1718,9 +1718,9 @@
+ ppp_option_error("unable to drop permissions to open %s: %m", *argv);
+ return 0;
+ }
+- fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
++ fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
+ if (fd < 0 && errno == EEXIST)
+- fd = open(*argv, O_WRONLY | O_APPEND);
++ fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
+ err = errno;
+ if (!privileged_option && seteuid(euid) == -1)
+ fatal("unable to regain privileges: %m");
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
++++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
+@@ -666,7 +666,7 @@
+ goto err;
+ }
+ dbglog("using channel %d", chindex);
+- fd = open("/dev/ppp", O_RDWR);
++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (fd < 0) {
+ error("Couldn't reopen /dev/ppp: %m");
+ goto err;
+@@ -904,7 +904,7 @@
+ dbglog("in make_ppp_unit, already had /dev/ppp open?");
+ close(ppp_dev_fd);
+ }
+- ppp_dev_fd = open("/dev/ppp", O_RDWR);
++ ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (ppp_dev_fd < 0)
+ fatal("Couldn't open /dev/ppp: %m");
+ flags = fcntl(ppp_dev_fd, F_GETFL);
+@@ -1025,7 +1025,7 @@
+ if (!new_style_driver)
+ return -1;
+
+- master_fd = open("/dev/ppp", O_RDWR);
++ master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (master_fd < 0)
+ fatal("Couldn't open /dev/ppp: %m");
+ if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
+@@ -2533,7 +2533,7 @@
+ if (tune_kernel) {
+ forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
+ if (forw_path != 0) {
+- int fd = open(forw_path, O_WRONLY);
++ int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
+ if (fd >= 0) {
+ if (write(fd, "1", 1) != 1)
+ error("Couldn't enable IP forwarding: %m");
+@@ -2878,7 +2878,7 @@
+ sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
+ kernel_version = KVERSION(osmaj, osmin, ospatch);
+
+- fd = open("/dev/ppp", O_RDWR);
++ fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
+ if (fd >= 0) {
+ new_style_driver = 1;
+
+@@ -3056,7 +3056,7 @@
+ #if __GLIBC__ >= 2
+ updwtmp(_PATH_WTMP, &ut);
+ #else
+- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
++ wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
+ if (wtmp >= 0) {
+ flock(wtmp, LOCK_EX);
+
+@@ -3280,7 +3280,7 @@
+ int fd;
+
+ path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
+- if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
++ if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
+ if (write(fd, "1", 1) != 1)
+ error("Couldn't enable dynamic IP addressing: %m");
+ close(fd);
+@@ -3534,7 +3534,7 @@
+ /*
+ * Try the unix98 way first.
+ */
+- mfd = open("/dev/ptmx", O_RDWR);
++ mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
+ if (mfd >= 0) {
+ int ptn;
+ if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
+@@ -3545,7 +3545,8 @@
+ if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
+ warn("Couldn't unlock pty slave %s: %m", pty_name);
+ #endif
+- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
++
++ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
+ {
+ warn("Couldn't open pty slave %s: %m", pty_name);
+ close(mfd);
+@@ -3559,10 +3560,10 @@
+ for (i = 0; i < 64; ++i) {
+ slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
+ 'p' + i / 16, i % 16);
+- mfd = open(pty_name, O_RDWR, 0);
++ mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
+ if (mfd >= 0) {
+ pty_name[5] = 't';
+- sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
++ sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
+ if (sfd >= 0) {
+ ret = fchown(sfd, uid, -1);
+ if (ret != 0) {
+diff -Naur pppd.orig/tdb.c pppd/tdb.c
+--- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200
++++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200
+@@ -1728,7 +1728,7 @@
+ goto internal;
+ }
+
+- if ((tdb->fd = open(name, open_flags, mode)) == -1) {
++ if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
+ TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
+ name, strerror(errno)));
+ goto fail; /* errno set by open(2) */
+@@ -1971,7 +1971,7 @@
+ }
+ if (close(tdb->fd) != 0)
+ TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
+- tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
++ tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
+ if (tdb->fd == -1) {
+ TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
+ goto fail;
+diff -Naur pppd.orig/tty.c pppd/tty.c
+--- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200
+@@ -621,7 +621,7 @@
+ ppp_set_status(EXIT_OPEN_FAILED);
+ goto errret;
+ }
+- real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
++ real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
+ err = errno;
+ if (prio < OPRIO_ROOT && seteuid(0) == -1)
+ fatal("Unable to regain privileges");
+@@ -775,7 +775,7 @@
+ if (connector == NULL && modem && devnam[0] != 0) {
+ int i;
+ for (;;) {
+- if ((i = open(devnam, O_RDWR)) >= 0)
++ if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
+ break;
+ if (errno != EINTR) {
+ error("Failed to reopen %s: %m", devnam);
+diff -Naur pppd.orig/utils.c pppd/utils.c
+--- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200
+@@ -843,14 +843,14 @@
+ slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
+ #endif
+
+- while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
++ while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
+ if (errno != EEXIST) {
+ error("Can't create lock file %s: %m", lock_file);
+ break;
+ }
+
+ /* Read the lock file to find out who has the device locked. */
+- fd = open(lock_file, O_RDONLY, 0);
++ fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
+ if (fd < 0) {
+ if (errno == ENOENT) /* This is just a timing problem. */
+ continue;
+@@ -933,7 +933,7 @@
+
+ if (lock_file[0] == 0)
+ return -1;
+- fd = open(lock_file, O_WRONLY, 0);
++ fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
+ if (fd < 0) {
+ error("Couldn't reopen lock file %s: %m", lock_file);
+ lock_file[0] = 0;
new file mode 100644
@@ -0,0 +1,135 @@
+diff -Naur pppd.orig/plugins/pppoatm/pppoatm.c pppd/plugins/pppoatm/pppoatm.c
+--- pppd.orig/plugins/pppoatm/pppoatm.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/plugins/pppoatm/pppoatm.c 2023-06-30 13:21:33.397378347 +0200
+@@ -146,7 +146,7 @@
+
+ if (!device_got_set)
+ no_device_given_pppoatm();
+- fd = socket(AF_ATMPVC, SOCK_DGRAM, 0);
++ fd = socket(AF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd < 0)
+ fatal("failed to create socket: %m");
+ memset(&qos, 0, sizeof qos);
+diff -Naur pppd.orig/plugins/pppoe/if.c pppd/plugins/pppoe/if.c
+--- pppd.orig/plugins/pppoe/if.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppoe/if.c 2023-06-30 13:24:11.372183452 +0200
+@@ -116,7 +116,7 @@
+ stype = SOCK_PACKET;
+ #endif
+
+- if ((fd = socket(domain, stype, htons(type))) < 0) {
++ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
+ /* Give a more helpful message for the common error case */
+ if (errno == EPERM) {
+ fatal("Cannot create raw socket -- pppoe must be run as root.");
+diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c
+--- pppd.orig/plugins/pppoe/plugin.c 2023-03-25 05:38:30.000000000 +0100
++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200
+@@ -155,7 +155,7 @@
+ /* server equipment). */
+ /* Opening this socket just before waitForPADS in the discovery() */
+ /* function would be more appropriate, but it would mess-up the code */
+- conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE);
++ conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM | SOCK_CLOEXEC, PX_PROTO_OE);
+ if (conn->sessionSocket < 0) {
+ error("Failed to create PPPoE socket: %m");
+ return -1;
+@@ -166,7 +166,7 @@
+ lcp_wantoptions[0].mru = conn->mru = conn->storedmru;
+
+ /* Update maximum MRU */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0) {
+ error("Can't get MTU for %s: %m", conn->ifName);
+ goto errout;
+@@ -364,7 +364,7 @@
+ }
+
+ /* Open a socket */
+- if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) {
++ if ((fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC, 0)) < 0) {
+ r = 0;
+ }
+
+diff -Naur pppd.orig/plugins/pppol2tp/openl2tp.c pppd/plugins/pppol2tp/openl2tp.c
+--- pppd.orig/plugins/pppol2tp/openl2tp.c 2023-03-10 02:50:41.000000000 +0100
++++ pppd/plugins/pppol2tp/openl2tp.c 2023-06-30 13:22:30.055768865 +0200
+@@ -93,7 +93,7 @@
+ int result;
+
+ if (openl2tp_fd < 0) {
+- openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
++ openl2tp_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (openl2tp_fd < 0) {
+ error("openl2tp connection create: %m");
+ return -ENOTCONN;
+diff -Naur pppd.orig/plugins/pppol2tp/pppol2tp.c pppd/plugins/pppol2tp/pppol2tp.c
+--- pppd.orig/plugins/pppol2tp/pppol2tp.c 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppol2tp/pppol2tp.c 2023-06-30 13:23:13.493756755 +0200
+@@ -220,7 +220,7 @@
+ struct ifreq ifr;
+ int fd;
+
+- fd = socket(AF_INET, SOCK_DGRAM, 0);
++ fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (fd >= 0) {
+ memset (&ifr, '\0', sizeof (ifr));
+ ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name));
+diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
+--- pppd.orig/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
++++ pppd/sys-linux.c 2023-06-30 13:32:50.021272249 +0200
+@@ -499,12 +499,12 @@
+ void sys_init(void)
+ {
+ /* Get an internet socket for doing socket ioctls. */
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ fatal("Couldn't create IP socket: %m(%d)", errno);
+
+ #ifdef PPP_WITH_IPV6CP
+- sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
++ sock6_fd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock6_fd < 0)
+ sock6_fd = -errno; /* save errno for later */
+ #endif
+@@ -2675,7 +2675,7 @@
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return -1;
+ memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
+@@ -2698,7 +2698,7 @@
+ struct ifreq ifreq;
+ int ret, sock_fd;
+
+- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
++ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (sock_fd < 0)
+ return -1;
+
+@@ -2915,7 +2915,7 @@
+ /*
+ * Open a socket for doing the ioctl operations.
+ */
+- s = socket(AF_INET, SOCK_DGRAM, 0);
++ s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ if (s < 0)
+ return 0;
+
+diff -Naur pppd.orig/tty.c pppd/tty.c
+--- pppd.orig/tty.c 2023-06-30 13:14:06.450418113 +0200
++++ pppd/tty.c 2023-06-30 13:33:31.285858278 +0200
+@@ -942,7 +942,7 @@
+ *sep = ':';
+
+ /* get a socket and connect it to the other end */
+- sock = socket(PF_INET, SOCK_STREAM, 0);
++ sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+ if (sock < 0) {
+ error("Can't create socket: %m");
+ return -1;
new file mode 100644
@@ -0,0 +1,12 @@
+diff -Naur pppd.orig/plugins/pppoe/pppoe.h pppd/plugins/pppoe/pppoe.h
+--- pppd.orig/plugins/pppoe/pppoe.h 2022-12-30 02:12:39.000000000 +0100
++++ pppd/plugins/pppoe/pppoe.h 2023-06-30 13:37:07.189078090 +0200
+@@ -143,7 +143,7 @@
+ #define STATE_TERMINATED 4
+
+ /* How many PADI/PADS attempts? */
+-#define MAX_PADI_ATTEMPTS 3
++#define MAX_PADI_ATTEMPTS 4
+
+ /* Initial timeout for PADO/PADS */
+ #define PADI_TIMEOUT 5
new file mode 100644
@@ -0,0 +1,12 @@
+diff -Naur pppd.orig/plugins/pppoe/plugin.c pppd/plugins/pppoe/plugin.c
+--- pppd.orig/plugins/pppoe/plugin.c 2023-06-30 13:25:58.798782323 +0200
++++ pppd/plugins/pppoe/plugin.c 2023-06-30 13:50:23.150026201 +0200
+@@ -46,6 +46,8 @@
+ #include <signal.h>
+ #include <net/if_arp.h>
+ #include <linux/ppp_defs.h>
++#define _LINUX_IN_H
++#define _LINUX_IN6_H
+ #include <linux/if_pppox.h>
+
+ #include <pppd/pppd.h>
new file mode 100644
@@ -0,0 +1,18 @@
+diff -Naur ppp-2.5.0.orig/configure ppp-2.5.0/configure
+--- ppp-2.5.0.orig/configure 2023-03-25 05:38:36.000000000 +0100
++++ ppp-2.5.0/configure 2023-06-30 14:05:14.773950477 +0200
+@@ -17774,10 +17774,10 @@
+ rm -f $2
+ if [ -f $1 ]; then
+ echo " $2 <= $1"
+- sed -e "s,@DESTDIR@,$prefix,g" \
+- -e "s,@SYSCONF@,$sysconfdir,g" \
+- -e "s,@CC@,$CC,g" \
+- -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2
++ sed -e "s#@DESTDIR@#$prefix#g" \
++ -e "s#@SYSCONF@#$sysconfdir#g" \
++ -e "s#@CC@#$CC#g" \
++ -e "s#@CFLAGS@#$CFLAGS#g" $1 > $2
+ fi
+ }
+
new file mode 100644
@@ -0,0 +1,37 @@
+From 9d6d326b2530cffb1414e4c401675117c42d43ce Mon Sep 17 00:00:00 2001
+From: Eivind Naess <eivnaes@yahoo.com>
+Date: Sun, 23 Apr 2023 11:30:43 -0700
+Subject: [PATCH] Add configure check to see if we have struct sockaddr_ll
+
+Fixes issue #411.
+
+Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
+---
+ configure.ac | 3 ++-
+ pppd/plugins/pppoe/config.h.in | 2 ++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1180f64ec..38b24af92 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -75,7 +75,8 @@ AM_COND_IF([LINUX], [
+ linux/if_ether.h \
+ linux/if_packet.h \
+ netinet/if_ether.h \
+- netpacket/packet.h])])
++ netpacket/packet.h])
++ AC_CHECK_TYPES([struct sockaddr_ll], [], [], [#include <linux/if_packet.h>])])
+
+ AC_CHECK_SIZEOF(unsigned int)
+ AC_CHECK_SIZEOF(unsigned long)
+diff --git a/pppd/plugins/pppoe/config.h.in b/pppd/plugins/pppoe/config.h.in
+index d447f5e89..d7d61c01c 100644
+--- a/pppd/plugins/pppoe/config.h.in
++++ b/pppd/plugins/pppoe/config.h.in
+@@ -69,3 +69,5 @@
+ /* The size of `unsigned short', as computed by sizeof. */
+ #undef SIZEOF_UNSIGNED_SHORT
+
++/* Define to 1 if the system has the type `struct sockaddr_ll'. */
++#undef HAVE_STRUCT_SOCKADDR_LL
@@ -4,8 +4,8 @@
###############################################################################
name = ppp
-version = 2.4.9
-release = 4
+version = 2.5.0
+release = 1
groups = System/Daemons
url = https://ppp.samba.org/
@@ -24,6 +24,8 @@ source_dl = https://download.samba.org/pub/ppp/
build
requires
+ autoconf
+ automake
libpcap-devel
libudev-devel
libxcrypt-devel
@@ -32,43 +34,27 @@ build
systemd-devel
end
- prepare_cmds
- sed -e "s@^RUNDIR .*@RUNDIR = /run/ppp@" \
- -e "s@^LOGDIR .*@LOGDIR = /var/log/ppp@" \
- -i linux/Makefile.top
-
- sed -e "s@^DESTDIR.*@DESTDIR=\$%{INSTROOT}/usr@" \
- -i pppd/plugins/pppol2tp/Makefile.linux
-
- # Remove broken header file that crashed the build.
- rm -f include/linux/if_pppol2tp.h
- end
-
- make_build_targets += \
- CC="gcc %{CFLAGS} %{LDFLAGS}"
+ configure_options += --with-logfile-dir=/var/log
install
make install INSTROOT=%{BUILDROOT}
- rm -rfv %{BUILDROOT}/etc/ppp/plugins
-
+ touch /var/log/connect-errors
mkdir -pv %{BUILDROOT}/etc/ppp
+
+ # Reminder note
+ # code used to be here to copy across IPFire2.x dialler etc scripts
+ # something to replace those for IPFire3.x is likely nedeed somewhere
+
touch %{BUILDROOT}/etc/ppp/secrets
chmod -v 600 %{BUILDROOT}/etc/ppp/secrets
- ln -svf secrets %{BUILDROOT}/etc/ppp/pap-secrets
- ln -svf secrets %{BUILDROOT}/etc/ppp/chap-secrets
-
- # Fix binary permissions.
- find %{BUILDROOT}%{sbindir} -type f -executable \
- -exec chmod 755 {} \;
+ ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/pap-secrets
+ ln -svf %{BUILDROOT}/etc/ppp/secrets /etc/ppp/chap-secrets
end
end
packages
package %{name}
- #requires
- # /usr/lib/network/helpers/pppd-angel
- #end
script postin
systemctl daemon-reload >/dev/null 2>&1 || :