What's new in ppp-2.4.7.
************************

* Fixed a potential security issue in parsing option files (CVE-2014-3158).

* There is a new "stop-bits" option, which takes an argument of 1 or 2,
  indicating the number of stop bits to use for async serial ports.

* Various bug fixes.


What was new in ppp-2.4.6.
**************************

* Man page updates.

* Several bug fixes.

* Options files can now set and unset environment variables for
  scripts.

* The timeout for chat scripts can now be taken from an environment
  variable.

* There is a new option, master_detach, which allows pppd to detach
  from the controlling terminal when it is the multilink bundle master
  but its own link has terminated, even if the nodetach option has
  been given.


What was new in ppp-2.4.5.
**************************

* Under Linux, pppd can now operate in a mode where it doesn't request
  the peer's IP address, as some peers refuse to supply an IP address.
  Since Linux supports device routes as well as gateway routes, it's
  possible to have no remote IP address assigned to the ppp interface
  and still route traffic over it.

* Pppd now works better with 3G modems that do strange things such as
  sending IPCP Configure-Naks with the same values over and over again.

* The PPP over L2TP plugin is included, which works with the pppol2tp
  PPP channel code in the Linux kernel.  This allows pppd to be used
  to set up tunnels using the Layer 2 Tunneling Protocol.

* A new 'enable-session' option has been added, which enables session
  accounting via PAM or wtwp/wtmpx, as appropriate.  See the pppd man
  page for details.

* Several bugs have been fixed.


What was new in ppp-2.4.4.
**************************

* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
  the ppp interface and configuring its IP addresses but before
  bringing it up.  This can be used, for example, for adding firewall
  rules for the interface.

* Lots of bugs fixed, particularly in the area of demand-dialled and
  persistent connections.

* The rp-pppoe plugin now accepts any interface name (that isn't an
  existing pppd option name) without putting "nic-" on the front of
  it, not just eth*, nas*, tap* and br*.


What was new in ppp-2.4.3.
**************************

* The configure script now accepts --prefix and --sysconfdir options.
  These default to /usr/local and /etc.  If you want pppd put in
  /usr/sbin as before, use ./configure --prefix=/usr.

* Doing `make install' no longer puts example configuration files in
  /etc/ppp.  Use `make install-etcppp' if you want that.

* The code has been updated to work with version 0.8.3 of libpcap.
  Unfortunately the libpcap maintainers removed support for the
  "inbound" and "outbound" keywords on PPP links, meaning that if you
  link pppd with libpcap-0.8.3, you can't use those keywords in the
  active-filter and pass-filter expressions.  The support has been
  reinstated in the CVS version and should be in future libpcap
  releases.  If you need the in/outbound keywords, use a later release
  than 0.8.3, or get the CVS version from http://www.tcpdump.org.

* There is a new option, child-timeout, which sets the length of time
  that pppd will wait for child processes (such as the command
  specified with the pty option) to exit before exiting itself.  It
  defaults to 5 seconds.  After the timeout, pppd will send a SIGTERM
  to any remaining child processes and exit.  A value of 0 means no
  timeout.

* Various bugs have been fixed, including some CBCP packet parsing
  bugs that could lead to the peer being able to crash pppd if CBCP
  support is enabled.

* Various fixes and enhancements to the radius and rp-pppoe plugins
  have been added.

* There is a new winbind plugin, from Andrew Bartlet of the Samba
  team, which provides the ability to authenticate the peer against an
  NT domain controller using MS-CHAP or MS-CHAPV2.

* There is a new pppoatm plugin, by various authors, sent in by David
  Woodhouse.

* The multilink code has been substantially reworked.  The first pppd
  for a bundle still controls the ppp interface, but it doesn't exit
  until all the links in the bundle have terminated.  If the first
  pppd is signalled to exit, it signals all the other pppds
  controlling links in the bundle.

* The TDB code has been updated to the latest version.  This should
  eliminate the problem that some people have seen where the database
  file (/var/run/pppd.tdb) keeps on growing.  Unfortunately, however,
  the new code uses an incompatible database format.  For this reason,
  pppd now uses /var/run/pppd2.tdb as the database filename.


What was new in ppp-2.4.2.
**************************

* The CHAP code has been rewritten.  Pppd now has support for MS-CHAP
  V1 and V2 authentication, both as server and client.  The new CHAP
  code is cleaner than the old code and avoids some copyright problems
  that existed in the old code.

* MPPE (Microsoft Point-to-Point Encryption) support has been added,
  although the current implementation shouldn't be considered
  completely secure.  (There is no assurance that the current code
  won't ever transmit an unencrypted packet.)

* James Carlson's implementation of the Extensible Authentication
  Protocol (EAP) has been added.

* Support for the Encryption Control Protocol (ECP) has been added.

* Some new plug-ins have been included:
  - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
  - A plug-in for supplying the PAP password over a pipe from another
    process
  - A plug-in for authenticating using a Radius server.

* Updates and bug-fixes for the Solaris port.

* The CBCP (Call Back Control Protocol) code has been updated.  There
  are new options `remotenumber' and `allow-number'.

* Extra hooks for plugins to use have been added.

* There is now a `maxoctets' option, which causes pppd to terminate
  the link once the number of bytes passed on the link exceeds a given
  value.

* There are now options to control whether pppd can use the IPCP
  IP-Address and IP-Addresses options: `ipcp-no-address' and
  `ipcp-no-addresses'.

* Fixed several bugs, including potential buffer overflows in chat.


What was new in ppp-2.4.1.
**************************

* Pppd can now print out the set of options that are in effect.  The
  new `dump' option causes pppd to print out the option values after
  option parsing is complete.  The `dryrun' option causes pppd to
  print the options and then exit.

* The option parsing code has been fixed so that options in the
  per-tty options file are parsed correctly, and don't override values
  from the command line in most cases.

* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
  example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
  there is no slash in the plugin name.

* When loading a plugin, pppd will now check the version of pppd for
  which the plugin was compiled, and refuse to load it if it is
  different to pppd's version string.  To enable this, the plugin
  source needs to #include "pppd.h" and have a line saying:
	char pppd_version[] = VERSION;

* There is a bug in zlib, discovered by James Carlson, which can cause
  kernel memory corruption if Deflate is used with the lowest setting,
  8.  As a workaround pppd will now insist on using at least 9.

* Pppd should compile on Solaris and SunOS again.

* Pppd should now set the MTU correctly on demand-dialled interfaces.


What was new in ppp-2.4.0.
**************************

* Multilink: this package now allows you to combine multiple serial
  links into one logical link or `bundle', for increased bandwidth and
  reduced latency.  This is currently only supported under the
  2.4.x and later Linux kernels.

* All the pppd processes running on a system now write information
  into a common database.  I used the `tdb' code from samba for this.

* New hooks have been added.


What was new in ppp-2.3.11.
***************************

* Support for Solaris 8 has been added, including support for
  replumbing and IPV6.

* The Solaris `snoop' utility should now work on ppp interfaces.

* New hooks have been added - pap_logout_hook, ip_up_hook, and
  ip_down_hook.

* A new `passprompt' plugin is included, thanks to Alan Curry, which
  makes it possible for pppd to call an external program to get the
  PAP password to send to the peer.

* The error messages for the situation where authentication is
  required because the system has a default route have been improved.

* There is a new connect_delay option which specifies how long pppd
  should pause after the connect script finishes.  Previously this
  delay was fixed at 1 second.  (This delay terminates as soon as pppd
  sees a valid PPP frame from the peer.)

* The `hide-password' option is now the default, and there is a new
  `show-password' option to enable the printing of password strings in
  the debug output.

* A fairly complete list of the names of PPP protocols has been added
  so that when pppd rejects a frame because its protocol is not
  supported, it can print the name of the unsupported protocol.

* Synchronous serial lines are supported under Linux 2.3.x.

* The bug where pppd would not recognize a modem hangup under Linux
  2.3.x kernels has been fixed.


What was new in ppp-2.3.10.
***************************

* Pppd now supports `plugins', which are pieces of code (packaged as
  shared libraries) which can be loaded into pppd at runtime and which
  can affect its behaviour.  The intention is that plugins provide a
  way for people to customize the behaviour of pppd for their own
  needs without needing to change the base pppd source.  I have added
  some hooks into pppd (places where pppd will call a function
  pointer, if non-zero, to replace some of pppd's code) and I will be
  receptive to suggestions about places to add more hooks.  Plugins
  are supported under Linux and Solaris at present.

* We have a new maintainer for the Solaris port, Adi Masputra of Sun
  Microsystems, and he has updated the Solaris port so that it should
  work on 64-bit machines under Solaris 7 and later.

* Pppd now has an `allow-ip' option, which takes an argument which is
  an IP address (or subnet) which peers are permitted to use without
  authenticating themselves.  The argument takes the same form as each
  element of the allowed IP address list in the secrets files.  The
  allow-ip option is privileged and may be specified multiple times.
  Using the allow-ip option should be cleaner than putting a line like
  `"" * "" address' in /etc/ppp/pap-secrets.

* Chat can now substitute environment variables into the script.  This
  is enabled by the -E flag.  (Thanks to Andreas Arens for the patch.)

* If the PAP username and password from the peer contains unprintable
  characters, they will be translated to a printable form before
  looking in the pap-secrets file.  Characters >= 0x80 are translated
  to a M- form, and characters from 0 to 0x1f (and 0x7f as well) are
  translated to a ^X form.  If this change causes you grief, let me
  know what would be a better translation.  It appears that some peers
  send nulls or other control characters in their usernames and
  passwords.

* Pppd has new `ktune' and `noktune' options, which enable/disable
  it to change kernel settings as appropriate.  This is only
  implemented under Linux, and requires the /proc filesystem to be
  mounted.  Under Linux, with the ktune option, pppd will enable IP
  forwarding in the kernel if the proxyarp option is used, and will
  enable the dynamic IP address kernel option in demand mode if the
  local IP address changes.

* Pppd no longer requires a remote address to be specified for demand
  dialling.  If none is specified, it will use a default value of
  10.112.112.112+unit_number.  (It will not propose this default to
  the peer.)

* The default holdoff is now 0 if no connect script is given.

* The IPV6 code from Tommi Komulainen, which I unfortunately only
  partially merged in to ppp-2.3.9, has been fixed and updated.

* The linux compilation glitches should be fixed now.


What was new in ppp-2.3.9.
**************************

* Support for the new generic PPP layer under development for the
  Linux kernel.

* You can now place extra options to apply to specific users at the
  end of the line with their password in the pap-secrets or
  chap-secrets file, separated from the IP address(es) with a "--"
  separator.  These options are parsed after the peer is authenticated
  but before network protocol (IPCP, IPXCP) or CCP negotiation
  commences.

* Pppd will apply the holdoff period if the link was terminated by the
  peer.  It doesn't apply it if the link was terminated because the
  local pppd thought it was idle.

* Synchronous support for Solaris has been added, thanks to John
  Morrison, and for FreeBSD, thanks to Paul Fulghum.

* IPV6 support has been merged in, from Tommi Komulainen.  At the
  moment it only supports Linux and it is not tested by me.

* The `nodefaultip' option can be used in demand mode to say that pppd
  should not suggest its local IP address to the peer.

* The `init' option has been added; this causes pppd to run a script
  to initialize the serial device (e.g. by sending an init string to
  the modem).  Unlike the connect option, this can be used in a
  dial-in situation.  (Thanks to Tobias Ringstrom.)

* There is a new `logfile' option to send log messages to a file as
  well as syslog.

* There is a new, privileged `linkname' option which sets a logical
  name for the link.  Pppd will create a /var/run/ppp-<linkname>.pid
  file containing its process ID.

* There is a new `maxfail' option which specifies how many consecutive
  failed connection attempts are permitted before pppd will exit.  The
  default value is 10, and 0 means infinity. :-)

* Sundry bugs fixed.


What was new in ppp-2.3.8.
**************************

* The exit status of pppd will now indicate whether the link was
  successfully established, or if not, what error was encountered.

* Pppd has two new options: fdlog <n> will send log messages to file
  descriptor <n> instead of standard output, and nofdlog will stop log
  messages from being sent to any file descriptor (they will still be
  sent to syslog).  Pppd now will not send log messages to a file
  descriptor if the serial port is open on that file descriptor.

* Pppd sets an environment variable called PPPLOGNAME for scripts that
  it runs, indicating the login name of the user who invoked pppd.

* Pppd sets environment variables CONNECT_TIME, BYTES_SENT and
  BYTES_RCVD for the ip-down and auth-down scripts indicating the
  statistics for the connection just terminated.  (CONNECT_TIME is in
  seconds.)

* If the user has the serial device open on standard input and
  specifies a symbolic link to the serial device on the command line,
  pppd will detect this and behave correctly (i.e. not detach from its
  controlling terminal).  Furthermore, if the serial port is open for
  reading and writing on standard input, pppd will assume that it is
  locked by its invoker and not lock it itself.

* Chat now has a feature where if a string to be sent begins with an
  at sign (@), the rest of the string is taken as the name of a file
  (regular file or named pipe), and the actual string to send is taken
  from that file.

* Support for FreeBSD-2.2.8 and 3.0 has been added, thanks to Paul
  Fulghum.

* The Tru64 (aka Digital Unix aka OSF/1) port has been updated.

* The system panics on Solaris SMP systems related to PPP connections
  being established and terminated should no longer occur.

* Fixed quite a few bugs.


What was new in ppp-2.3.7.
**************************

* Pppd can now automatically allocate itself a pseudo-tty to use as
  the serial device.  This has made three new options possible:

  - `pty script' will run `script' with its standard input and output
    connected to the master side of the pty.  For example:
	pppd pty 'ssh -t server.my.net pppd'
    is a basic command for setting up a PPP link (tunnel) over ssh.
    (In practice you may need to specify other options such as IP
    addresses, etc.)

  - `notty' tells pppd to communicate over its standard input and
    output, which do not have to be a terminal device.

  - `record filename' tells pppd to record all of the characters sent
    and received over the serial device to a file called `filename'.
    The data is recorded in a tagged format with timestamps, which can
    be printed in a readable form with the pppdump program, which is
    included in this distribution.

* Pppd now logs the connect time and number of bytes sent and received
  (at the level of the serial device) when the connection is
  terminated.

* If you use the updetach or nodetach option, pppd will print its
  messages to standard output as well as logging them with syslog
  (provided of course pppd isn't using its standard input or output as
  its serial device).

* There is a new `privgroup groupname' option (a privileged option).
  If the user running pppd is in group `groupname', s/he can use
  privileged options without restriction.

* There is a new `receive-all' option, which causes pppd to accept all
  control characters, even the ones that the peer should be escaping
  (i.e. the receive asyncmap is 0).  This is useful with some buggy
  peers.

* The default asyncmap is now 0.

* There is a new `sync' option, currently only implemented under
  Linux, which allows pppd to run on synchronous HDLC devices.

* If a value for the device name or for the connect, disconnect,
  welcome or pty option is given in a privileged option file
  (i.e. /etc/ppp/options or a file loaded with the `call' option), it
  cannot be overridden by a non-privileged user.

* Many bugs have been fixed, notably:
  - signals are not blocked unnecessarily, as they were in 2.3.6.
  - the usepeerdns option should work now.
  - the SPEED environment variable for scripts is set correctly.
  - the /etc/ppp/auth-down script is not run until auth-up completes.
  - the device is opened as root if it is the device on standard
    input.
  - pppd doesn't die with the ioctl(PPPIOCSASYNCMAP) error under linux
    if a hangup occurs at the wrong time.

* Some error messages have been changed to be clearer (I hope :-)


What was new in ppp-2.3.6.
**************************

* Pppd now opens the tty device as the user (rather than as root) if
  the device name was given by the user, i.e. on the command line or
  in the ~/.ppprc file.  If the device name was given in
  /etc/ppp/options or in a file loaded with the `call' option, the
  device is opened as root.

* The default behaviour of pppd is now to let a peer which has not
  authenticated itself (e.g. your ISP) use any IP address to which the
  system does not already have a route.  (This is currently only
  supported under Linux, Solaris and Digital Unix; on the other
  systems, the peer must now authenticate itself unless the noauth
  option is used.)

* Added new option `usepeerdns', thanks to Nick Walker
  <nickwalker@email.com>.  If the peer supplies DNS addresses, these
  will be written to /etc/ppp/resolv.conf.  The ip-up script can then
  be used to add these addresses to /etc/resolv.conf if desired (see
  the ip-up.local.add and ip-down.local.add files in the scripts
  directory).

* The Solaris ppp driver should now work correctly on SMP systems.

* Minor corrections so that the code can compile under Solaris 7,
  and under Linux with glibc-2.1.

* The Linux kernel driver has been restructured for improved
  performance.

* Pppd now won't start the ip-down script until the ip-up script has
  finished.


What was new in ppp-2.3.5.
**************************

* Minor corrections to the Digital UNIX and NetBSD ports.

* A workaround to avoid tickling a bug in the `se' serial port driver
on Sun PCI Ultra machines running Solaris.

* Fixed a bug in the negotiation of the Microsoft WINS server address
option.

* Fixed a bug in the Linux port where it would fail for kernel
versions above 2.1.99.


What was new in ppp-2.3.4.
**************************

* The NeXT port has been updated, thanks to Steve Perkins.

* ppp-2.3.4 compiles and works under Solaris 2.6, using either gcc or
cc.

* With the Solaris, SVR4 and SunOS ports, you can control the choice
of C compiler, C compiler options, and installation directories by
editing the svr4/Makedefs or sunos4/Makedefs file.

* Until now, we have been using the number 24 to identify Deflate
compression in the CCP negotiations, which was the number in the draft
RFC describing Deflate.  The number actually assigned to Deflate is
26.  The code has been changed to use 26, but to allow the use of 24
for now for backwards compatibility.  (This can be disabled with the
`nodeflatedraft' option to pppd.)

* Fixed some bugs in the linux driver and deflate compressor which
were causing compression problems, including corrupting long
incompressible packets sometimes.

* Fixes to the PAM and shadow password support in pppd, from Al
Longyear and others.

* Pppd now sets some environment variables for scripts it invokes
(ip-up/down, auth-ip/down), giving information about the connection.
The variables it sets are PEERNAME, IPLOCAL, IPREMOTE, UID, DEVICE,
SPEED, and IFNAME.

* Pppd now has an `updetach' option, which will cause it to detach
from its controlling terminal once the link has come up (i.e. once it
is available for IP traffic).


What was new in ppp-2.3.3.
**************************

* Fixed compilation problems under SunOS.

* Fixed a bug introduced into chat in 2.3.2, and compilation problems
introduced into the MS-CHAP implementation in 2.3.2.

* The linux kernel driver has been updated for recent 2.1-series
kernel changes, and it now will ask kerneld to load compression
modules when required, if the kernel is configured to support kerneld.

* Pppd should now compile correctly under linux on systems with glibc.


What was new in ppp-2.3.2.
**************************

* In 2.3.1, I made a change which was intended to make pppd able to
detect loss of CD during or immediately after the connection script
runs.  Unfortunately, this had the side-effect that the connection
script wouldn't work at all on some systems.  This change has been
reversed.

* Fix compilation problems in the Linux kernel driver.


What was new in ppp-2.3.1.
**************************

* Enhancements to chat, thanks to Francis Demierre.  Chat can now
accept comments in the chat script file, and has new SAY, HANGUP,
CLR_ABORT and CLR_REPORT keywords.

* Fixed a bug which causes 2.3.0 to crash Solaris systems.

* Bug-fixes and restructuring of the Linux kernel driver.

* The holdoff behaviour of pppd has been changed slightly: now, if
the link comes up for IP (or other network protocol) traffic, we
consider that the link has been successfully established, and don't
enforce the holdoff period after the link goes down.

* Pppd should now correctly wait for CD (carrier detect) from the
modem, even when the serial port initially had CLOCAL set, and it
should also detect loss of CD during or immediately after the
connection script runs.

* Under linux, pppd will work with older 2.2.0* version kernel
drivers, although demand-dialling is not supported with them.

* Minor bugfixes for pppd.


What was new in ppp-2.3.
************************

* Demand-dialling.  Pppd now has a mode where it will establish the
network interface immediately when it starts, but not actually bring
the link up until it sees some data to be sent.  Look for the demand
option description in the pppd man page.  Demand-dialling is not
supported under Ultrix or NeXTStep.

* Idle timeout.  Pppd will optionally terminate the link if no data
packets are sent or received within a certain time interval.

* Pppd now runs the /etc/ppp/auth-up script, if it exists, when the
peer successfully authenticates itself, and /etc/ppp/auth-down when
the connection is subsequently terminated.  This can be useful for
accounting purposes.

* A new packet compression scheme, Deflate, has been implemented.
This uses the same compression method as `gzip'.  This method is free
of patent or copyright restrictions, and it achieves better
compression than BSD-Compress.  It does consume more CPU cycles for
compression than BSD-Compress, but this shouldn't be a problem for
links running at 100kbit/s or less.

* There is no code in this distribution which is covered by Brad
Clements' restrictive copyright notice.  The STREAMS modules for SunOS
and OSF/1 have been rewritten, based on the Solaris 2 modules, which
were written from scratch without any Clements code.

* Pppstats has been reworked to clean up the output format somewhat.
It also has a new -d option which displays data rate in kbyte/s for
those columns which would normally display bytes.

* Pppd options beginning with - or + have been renamed, e.g. -ip
became noip, +chap became require-chap, etc.  The old options are
still accepted for compatibility but may be removed in future.

* Pppd now has some options (such as the new `noauth' option) which
can only be specified if it is being run by root, or in an
"privileged" options file: /etc/ppp/options or an options file in the
/etc/ppp/peers directory.  There is a new "call" option to read
options from a file in /etc/ppp/peers, making it possible for non-root
users to make unauthenticated connections, but only to certain trusted
peers.  My intention is to make the `auth' option the default in a
future release.

* Several minor new features have been added to pppd, including the
maxconnect and welcome options.  Pppd will now terminate the
connection when there are no network control protocols running.  The
allowed IP address(es) field in the secrets files can now specify
subnets (with a notation like 123.45.67.89/24) and addresses which are
not acceptable (put a ! on the front).

* Numerous bugs have been fixed (no doubt some have been introduced :-)
Thanks to those who reported bugs in ppp-2.2.
