Further updates to README for 2.5.0 releaseppp-2.5.0

History from the 2.4.x series is moved to Changes-2.4.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>

2 files changed, 305 insertions, 291 deletions

diff --git a/Changes-2.4 b/Changes-2.4
new file mode 100644
index 0000000..c2d0939
--- /dev/null
+++ b/Changes-2.4
@@ -0,0 +1,275 @@
+What's new in ppp-2.4.9.
+************************
+
+* Support for new EAP (Extensible Authentication Protocol) methods:
+  - Support for EAP-TLS, from Jan Just Keijser and others
+  - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
+    Van Buggenhout and others
+
+* New pppd options:
+  - chap-timeout
+  - chapms-strip-domain
+  - replacedefaultroute
+  - noreplacedefaultroute
+  - ipv6cp-accept-remote
+  - lcp-echo-adaptive
+  - ip-up-script
+  - ip-down-script
+  - ca
+  - capath
+  - cert
+  - key
+  - crl-dir
+  - crl
+  - max-tls-version
+  - need-peer-eap
+
+* Fixes for CVE-2020-8597 and CVE-2015-3310.
+
+* libpcap is now required when compiling on Linux (previously, if
+  libpcap was not present, pppd would be compiled without packet
+  filtering support).
+
+* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
+  from the upstream rp-pppoe code.  Its options have changed names,
+  but the old names are kept as aliases.
+
+* The configure script now supports cross-compilation.
+
+* Many bug fixes and cleanups.
+  
+
+What was new in ppp-2.4.8.
+**************************
+
+* New pppd options have been added:
+  - ifname, to set the name for the PPP interface device
+  - defaultroute-metric, to set the metric for the default route
+  - defaultroute6, to add an IPv6 default route (with nodefaultroute6
+    to prevent adding an IPv6 default route)
+  - up_sdnotify, to have pppd notify systemd when the link is up.
+
+* The rp-pppoe plugin has new options:
+  - host-uniq, to set the Host-Uniq value to send
+  - pppoe-padi-timeout, to set the timeout for discovery packets
+  - pppoe-padi-attempts, to set the number of discovery attempts.
+
+* Added the CLASS attribute in radius packets.
+
+* Sundry bug fixes.
+
+* Fixed warnings and issues found by static analysis.
+
+* Added Submitting-patches.md.
+
+
+What was new in ppp-2.4.7.
+**************************
+
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+  indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
+* Man page updates.
+
+* Several bug fixes.
+
+* Options files can now set and unset environment variables for
+  scripts.
+
+* The timeout for chat scripts can now be taken from an environment
+  variable.
+
+* There is a new option, master_detach, which allows pppd to detach
+  from the controlling terminal when it is the multilink bundle master
+  but its own link has terminated, even if the nodetach option has
+  been given.
+
+
+What was new in ppp-2.4.5.
+**************************
+
+* Under Linux, pppd can now operate in a mode where it doesn't request
+  the peer's IP address, as some peers refuse to supply an IP address.
+  Since Linux supports device routes as well as gateway routes, it's
+  possible to have no remote IP address assigned to the ppp interface
+  and still route traffic over it.
+
+* Pppd now works better with 3G modems that do strange things such as
+  sending IPCP Configure-Naks with the same values over and over again.
+
+* The PPP over L2TP plugin is included, which works with the pppol2tp
+  PPP channel code in the Linux kernel.  This allows pppd to be used
+  to set up tunnels using the Layer 2 Tunneling Protocol.
+
+* A new 'enable-session' option has been added, which enables session
+  accounting via PAM or wtwp/wtmpx, as appropriate.  See the pppd man
+  page for details.
+
+* Several bugs have been fixed.
+
+
+What was new in ppp-2.4.4.
+**************************
+
+* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
+  the ppp interface and configuring its IP addresses but before
+  bringing it up.  This can be used, for example, for adding firewall
+  rules for the interface.
+
+* Lots of bugs fixed, particularly in the area of demand-dialled and
+  persistent connections.
+
+* The rp-pppoe plugin now accepts any interface name (that isn't an
+  existing pppd option name) without putting "nic-" on the front of
+  it, not just eth*, nas*, tap* and br*.
+
+
+What was new in ppp-2.4.3.
+**************************
+
+* The configure script now accepts --prefix and --sysconfdir options.
+  These default to /usr/local and /etc.  If you want pppd put in
+  /usr/sbin as before, use ./configure --prefix=/usr.
+
+* Doing `make install' no longer puts example configuration files in
+  /etc/ppp.  Use `make install-etcppp' if you want that.
+
+* The code has been updated to work with version 0.8.3 of libpcap.
+  Unfortunately the libpcap maintainers removed support for the
+  "inbound" and "outbound" keywords on PPP links, meaning that if you
+  link pppd with libpcap-0.8.3, you can't use those keywords in the
+  active-filter and pass-filter expressions.  The support has been
+  reinstated in the CVS version and should be in future libpcap
+  releases.  If you need the in/outbound keywords, use a later release
+  than 0.8.3, or get the CVS version from http://www.tcpdump.org.
+
+* There is a new option, child-timeout, which sets the length of time
+  that pppd will wait for child processes (such as the command
+  specified with the pty option) to exit before exiting itself.  It
+  defaults to 5 seconds.  After the timeout, pppd will send a SIGTERM
+  to any remaining child processes and exit.  A value of 0 means no
+  timeout.
+
+* Various bugs have been fixed, including some CBCP packet parsing
+  bugs that could lead to the peer being able to crash pppd if CBCP
+  support is enabled.
+
+* Various fixes and enhancements to the radius and rp-pppoe plugins
+  have been added.
+
+* There is a new winbind plugin, from Andrew Bartlet of the Samba
+  team, which provides the ability to authenticate the peer against an
+  NT domain controller using MS-CHAP or MS-CHAPV2.
+
+* There is a new pppoatm plugin, by various authors, sent in by David
+  Woodhouse.
+
+* The multilink code has been substantially reworked.  The first pppd
+  for a bundle still controls the ppp interface, but it doesn't exit
+  until all the links in the bundle have terminated.  If the first
+  pppd is signalled to exit, it signals all the other pppds
+  controlling links in the bundle.
+
+* The TDB code has been updated to the latest version.  This should
+  eliminate the problem that some people have seen where the database
+  file (/var/run/pppd.tdb) keeps on growing.  Unfortunately, however,
+  the new code uses an incompatible database format.  For this reason,
+  pppd now uses /var/run/pppd2.tdb as the database filename.
+
+
+What was new in ppp-2.4.2.
+**************************
+
+* The CHAP code has been rewritten.  Pppd now has support for MS-CHAP
+  V1 and V2 authentication, both as server and client.  The new CHAP
+  code is cleaner than the old code and avoids some copyright problems
+  that existed in the old code.
+
+* MPPE (Microsoft Point-to-Point Encryption) support has been added,
+  although the current implementation shouldn't be considered
+  completely secure.  (There is no assurance that the current code
+  won't ever transmit an unencrypted packet.)
+
+* James Carlson's implementation of the Extensible Authentication
+  Protocol (EAP) has been added.
+
+* Support for the Encryption Control Protocol (ECP) has been added.
+
+* Some new plug-ins have been included:
+  - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
+  - A plug-in for supplying the PAP password over a pipe from another
+    process
+  - A plug-in for authenticating using a Radius server.
+
+* Updates and bug-fixes for the Solaris port.
+
+* The CBCP (Call Back Control Protocol) code has been updated.  There
+  are new options `remotenumber' and `allow-number'.
+
+* Extra hooks for plugins to use have been added.
+
+* There is now a `maxoctets' option, which causes pppd to terminate
+  the link once the number of bytes passed on the link exceeds a given
+  value.
+
+* There are now options to control whether pppd can use the IPCP
+  IP-Address and IP-Addresses options: `ipcp-no-address' and
+  `ipcp-no-addresses'.
+
+* Fixed several bugs, including potential buffer overflows in chat.
+
+
+What was new in ppp-2.4.1.
+**************************
+
+* Pppd can now print out the set of options that are in effect.  The
+  new `dump' option causes pppd to print out the option values after
+  option parsing is complete.  The `dryrun' option causes pppd to
+  print the options and then exit.
+
+* The option parsing code has been fixed so that options in the
+  per-tty options file are parsed correctly, and don't override values
+  from the command line in most cases.
+
+* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
+  example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
+  there is no slash in the plugin name.
+
+* When loading a plugin, pppd will now check the version of pppd for
+  which the plugin was compiled, and refuse to load it if it is
+  different to pppd's version string.  To enable this, the plugin
+  source needs to #include "pppd.h" and have a line saying:
+	char pppd_version[] = VERSION;
+
+* There is a bug in zlib, discovered by James Carlson, which can cause
+  kernel memory corruption if Deflate is used with the lowest setting,
+  8.  As a workaround pppd will now insist on using at least 9.
+
+* Pppd should compile on Solaris and SunOS again.
+
+* Pppd should now set the MTU correctly on demand-dialled interfaces.
+
+
+What was new in ppp-2.4.0.
+**************************
+
+* Multilink: this package now allows you to combine multiple serial
+  links into one logical link or `bundle', for increased bandwidth and
+  reduced latency.  This is currently only supported under the
+  2.4.x and later Linux kernels.
+
+* All the pppd processes running on a system now write information
+  into a common database.  I used the `tdb' code from samba for this.
+
+* New hooks have been added.
+
+For a list of the changes made during the 2.3 series releases of this
+package, see the Changes-2.3 file.
diff --git a/README b/README
index 321eb2e..89e89b5 100644
--- a/README
+++ b/README
@@ -1,6 +1,7 @@
-This is the README file for ppp-2.4, a package which implements the
+This is the README file for ppp-2.5, a package which implements the
 Point-to-Point Protocol (PPP) to provide Internet connections over
-serial lines.
+serial lines and other types of links which can be considered to be
+point-to-point links.
 
 
 Introduction.
@@ -9,7 +10,7 @@ Introduction.
 The Point-to-Point Protocol (PPP) provides a standard way to establish
 a network connection over a serial link.  At present, this package
 supports IP and IPV6 and the protocols layered above them, such as TCP
-and UDP.  The Linux port of this package also has support for IPX.
+and UDP.
 
 This PPP implementation consists of two parts:
 
@@ -77,296 +78,34 @@ In Summary:
 * Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
 * Major revision to PPPD's Plugin API by Eivind Næss.
   - Defines in which describes what features was included in pppd
-  - Function now prefixed with explicit ppp_* to indicate it's a 
+  - Functions now prefixed with explicit ppp_* to indicate that
     pppd functions being called.
-  - Header files was renamed to better align with their features
-    and use of proper include guards
-  - A pppdconf.h files is supplied to allow third-party use the same
-    feature defines pppd was compiled with.
+  - Header files were renamed to better align with their features,
+    and now use proper include guards
+  - A pppdconf.h file is supplied to allow third-party modules to use
+    the same feature defines pppd was compiled with.
   - No extern declarations of internal variable names of pppd, 
     continued use of these extern variables are considered 
     unstable.
 * Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
-* Dropped IPX support, as Linux 5.15 already have dropped support
+* Dropped IPX support, as Linux has dropped support in version 5.15
   for this protocol.
 * Many more fixes and cleanups.
-
-
-What's new in ppp-2.4.9.
-************************
-
-* Support for new EAP (Extensible Authentication Protocol) methods:
-  - Support for EAP-TLS, from Jan Just Keijser and others
-  - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
-    Van Buggenhout and others
-
+* Pppd is no longer installed setuid-root.
 * New pppd options:
-  - chap-timeout
-  - chapms-strip-domain
-  - replacedefaultroute
-  - noreplacedefaultroute
-  - ipv6cp-accept-remote
-  - lcp-echo-adaptive
-  - ip-up-script
-  - ip-down-script
-  - ca
-  - capath
-  - cert
-  - key
-  - crl-dir
-  - crl
-  - max-tls-version
-  - need-peer-eap
-
-* Fixes for CVE-2020-8597 and CVE-2015-3310.
-
-* libpcap is now required when compiling on Linux (previously, if
-  libpcap was not present, pppd would be compiled without packet
-  filtering support).
-
-* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
-  from the upstream rp-pppoe code.  Its options have changed names,
-  but the old names are kept as aliases.
-
-* The configure script now supports cross-compilation.
-
-* Many bug fixes and cleanups.
-  
-
-What was new in ppp-2.4.8.
-**************************
-
-* New pppd options have been added:
-  - ifname, to set the name for the PPP interface device
-  - defaultroute-metric, to set the metric for the default route
-  - defaultroute6, to add an IPv6 default route (with nodefaultroute6
-    to prevent adding an IPv6 default route)
-  - up_sdnotify, to have pppd notify systemd when the link is up.
-
-* The rp-pppoe plugin has new options:
-  - host-uniq, to set the Host-Uniq value to send
-  - pppoe-padi-timeout, to set the timeout for discovery packets
-  - pppoe-padi-attempts, to set the number of discovery attempts.
-
-* Added the CLASS attribute in radius packets.
-
-* Sundry bug fixes.
-
-* Fixed warnings and issues found by static analysis.
-
-* Added Submitting-patches.md.
-
-
-What was new in ppp-2.4.7.
-**************************
-
-* Fixed a potential security issue in parsing option files (CVE-2014-3158).
-
-* There is a new "stop-bits" option, which takes an argument of 1 or 2,
-  indicating the number of stop bits to use for async serial ports.
-
-* Various bug fixes.
-
-
-What was new in ppp-2.4.6.
-**************************
-
-* Man page updates.
-
-* Several bug fixes.
-
-* Options files can now set and unset environment variables for
-  scripts.
-
-* The timeout for chat scripts can now be taken from an environment
-  variable.
-
-* There is a new option, master_detach, which allows pppd to detach
-  from the controlling terminal when it is the multilink bundle master
-  but its own link has terminated, even if the nodetach option has
-  been given.
-
-
-What was new in ppp-2.4.5.
-**************************
-
-* Under Linux, pppd can now operate in a mode where it doesn't request
-  the peer's IP address, as some peers refuse to supply an IP address.
-  Since Linux supports device routes as well as gateway routes, it's
-  possible to have no remote IP address assigned to the ppp interface
-  and still route traffic over it.
-
-* Pppd now works better with 3G modems that do strange things such as
-  sending IPCP Configure-Naks with the same values over and over again.
-
-* The PPP over L2TP plugin is included, which works with the pppol2tp
-  PPP channel code in the Linux kernel.  This allows pppd to be used
-  to set up tunnels using the Layer 2 Tunneling Protocol.
-
-* A new 'enable-session' option has been added, which enables session
-  accounting via PAM or wtwp/wtmpx, as appropriate.  See the pppd man
-  page for details.
-
-* Several bugs have been fixed.
-
-
-What was new in ppp-2.4.4.
-**************************
-
-* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
-  the ppp interface and configuring its IP addresses but before
-  bringing it up.  This can be used, for example, for adding firewall
-  rules for the interface.
-
-* Lots of bugs fixed, particularly in the area of demand-dialled and
-  persistent connections.
-
-* The rp-pppoe plugin now accepts any interface name (that isn't an
-  existing pppd option name) without putting "nic-" on the front of
-  it, not just eth*, nas*, tap* and br*.
-
-
-What was new in ppp-2.4.3.
-**************************
-
-* The configure script now accepts --prefix and --sysconfdir options.
-  These default to /usr/local and /etc.  If you want pppd put in
-  /usr/sbin as before, use ./configure --prefix=/usr.
-
-* Doing `make install' no longer puts example configuration files in
-  /etc/ppp.  Use `make install-etcppp' if you want that.
-
-* The code has been updated to work with version 0.8.3 of libpcap.
-  Unfortunately the libpcap maintainers removed support for the
-  "inbound" and "outbound" keywords on PPP links, meaning that if you
-  link pppd with libpcap-0.8.3, you can't use those keywords in the
-  active-filter and pass-filter expressions.  The support has been
-  reinstated in the CVS version and should be in future libpcap
-  releases.  If you need the in/outbound keywords, use a later release
-  than 0.8.3, or get the CVS version from http://www.tcpdump.org.
-
-* There is a new option, child-timeout, which sets the length of time
-  that pppd will wait for child processes (such as the command
-  specified with the pty option) to exit before exiting itself.  It
-  defaults to 5 seconds.  After the timeout, pppd will send a SIGTERM
-  to any remaining child processes and exit.  A value of 0 means no
-  timeout.
-
-* Various bugs have been fixed, including some CBCP packet parsing
-  bugs that could lead to the peer being able to crash pppd if CBCP
-  support is enabled.
-
-* Various fixes and enhancements to the radius and rp-pppoe plugins
-  have been added.
-
-* There is a new winbind plugin, from Andrew Bartlet of the Samba
-  team, which provides the ability to authenticate the peer against an
-  NT domain controller using MS-CHAP or MS-CHAPV2.
-
-* There is a new pppoatm plugin, by various authors, sent in by David
-  Woodhouse.
-
-* The multilink code has been substantially reworked.  The first pppd
-  for a bundle still controls the ppp interface, but it doesn't exit
-  until all the links in the bundle have terminated.  If the first
-  pppd is signalled to exit, it signals all the other pppds
-  controlling links in the bundle.
-
-* The TDB code has been updated to the latest version.  This should
-  eliminate the problem that some people have seen where the database
-  file (/var/run/pppd.tdb) keeps on growing.  Unfortunately, however,
-  the new code uses an incompatible database format.  For this reason,
-  pppd now uses /var/run/pppd2.tdb as the database filename.
-
-
-What was new in ppp-2.4.2.
-**************************
-
-* The CHAP code has been rewritten.  Pppd now has support for MS-CHAP
-  V1 and V2 authentication, both as server and client.  The new CHAP
-  code is cleaner than the old code and avoids some copyright problems
-  that existed in the old code.
-
-* MPPE (Microsoft Point-to-Point Encryption) support has been added,
-  although the current implementation shouldn't be considered
-  completely secure.  (There is no assurance that the current code
-  won't ever transmit an unencrypted packet.)
-
-* James Carlson's implementation of the Extensible Authentication
-  Protocol (EAP) has been added.
-
-* Support for the Encryption Control Protocol (ECP) has been added.
-
-* Some new plug-ins have been included:
-  - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
-  - A plug-in for supplying the PAP password over a pipe from another
-    process
-  - A plug-in for authenticating using a Radius server.
-
-* Updates and bug-fixes for the Solaris port.
-
-* The CBCP (Call Back Control Protocol) code has been updated.  There
-  are new options `remotenumber' and `allow-number'.
-
-* Extra hooks for plugins to use have been added.
-
-* There is now a `maxoctets' option, which causes pppd to terminate
-  the link once the number of bytes passed on the link exceeds a given
-  value.
-
-* There are now options to control whether pppd can use the IPCP
-  IP-Address and IP-Addresses options: `ipcp-no-address' and
-  `ipcp-no-addresses'.
-
-* Fixed several bugs, including potential buffer overflows in chat.
-
-
-What was new in ppp-2.4.1.
-**************************
-
-* Pppd can now print out the set of options that are in effect.  The
-  new `dump' option causes pppd to print out the option values after
-  option parsing is complete.  The `dryrun' option causes pppd to
-  print the options and then exit.
-
-* The option parsing code has been fixed so that options in the
-  per-tty options file are parsed correctly, and don't override values
-  from the command line in most cases.
-
-* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
-  example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
-  there is no slash in the plugin name.
-
-* When loading a plugin, pppd will now check the version of pppd for
-  which the plugin was compiled, and refuse to load it if it is
-  different to pppd's version string.  To enable this, the plugin
-  source needs to #include "pppd.h" and have a line saying:
-	char pppd_version[] = VERSION;
-
-* There is a bug in zlib, discovered by James Carlson, which can cause
-  kernel memory corruption if Deflate is used with the lowest setting,
-  8.  As a workaround pppd will now insist on using at least 9.
-
-* Pppd should compile on Solaris and SunOS again.
-
-* Pppd should now set the MTU correctly on demand-dialled interfaces.
-
-
-What was new in ppp-2.4.0.
-**************************
-
-* Multilink: this package now allows you to combine multiple serial
-  links into one logical link or `bundle', for increased bandwidth and
-  reduced latency.  This is currently only supported under the
-  2.4.x and later Linux kernels.
-
-* All the pppd processes running on a system now write information
-  into a common database.  I used the `tdb' code from samba for this.
+  - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
+    ipv6-up-script, ipv6-down-script
+  - -v, show-options
+  - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
+* On Linux, any baud rate can be set on a serial port provided the
+  kernel serial driver supports that.
 
-* New hooks have been added.
+Note that if you have built and installed previous versions of this
+package and you want to continue having configuration and TDB files in
+/etc/ppp, you will need to use the --sysconfdir option to ./configure.
 
-For a list of the changes made during the 2.3 series releases of this
-package, see the Changes-2.3 file.
+For a list of the changes made during the 2.4 series releases of this
+package, see the Changes-2.4 file.
 
 
 Compression methods.
@@ -384,16 +123,16 @@ ever expand packets.
 Contacts.
 *********
 
-The comp.protocols.ppp newsgroup is a useful place to get help if you
-have trouble getting your ppp connections to work.  Please do not send
-me questions of the form "please help me get connected to my ISP" -
-I'm sorry, but I simply do not have the time to answer all the
-questions like this that I get.
+Most communication relating to this package happens on github at
+https://github.com/ppp-project/ppp/.  The linux-ppp@vger.kernel.org
+mailing list also exists and can be used.
 
-If you find bugs in this package, please report them to the maintainer
-for the port for the operating system you are using:
+If you find bugs in this package, the best thing to do is to create an
+issue on github.  If you can't or don't want to do that, you can post
+to linux-ppp@vger.kernel.org, or report them to the maintainer for the
+port for the operating system you are using:
 
-Linux			Paul Mackerras <paulus@samba.org>
+Linux			Paul Mackerras <paulus@ozlabs.org>
 Solaris			James Carlson <carlson@workingcode.com>