Accepting request 90786 from home:seife:testing

- update to rev 472 of nortel branch
  - memleak fix
  - fritzbox compatibility patches
  - fix some endianness issues
  - improve handling of some isakmp delete payloads
  - fix some format string warnings from debug messages and
    strict aliasing warnings
- add a very ugly patch to restart vpnc after lifetime expired

OBS-URL: https://build.opensuse.org/request/show/90786
OBS-URL: https://build.opensuse.org/package/show/network/vpnc?expand=0&rev=61

checkout_svn.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+URL=http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel
+REL=0.5.3
+if [ x$1 = x-h ]; then
+	echo "usage: $0 <rev>"
+	echo "	check out revision 'rev' of $URL"
+	echo "	and pack it as vpnc-${REL}r<rev>.tar.bz2"
+	echo
+	exit 0
+fi
+
+REV=""
+if [ $1 ]; then
+	REV="$1"
+else
+	REV=$(LC_ALL=C svn info $URL| awk -F": " '/^Revision: / { print $2 }')
+fi
+
+DIR=$(mktemp -d ./vpnc-download-XXXXXX)
+cd $DIR
+echo "exporting revision $REV..."
+svn export -r $REV $URL vpnc
+if [ $? != 0 ]; then
+	echo "export failed? please check and cleanup $DIR afterwards..."
+	exit 1
+fi
+tar cpjf vpnc-${REL}r${REV}.tar.bz2 vpnc
+mv -i vpnc-${REL}r${REV}.tar.bz2 ../
+cd ..
+rm -r $DIR

vpnc-0.5.3r449.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:778e7816ba937f958107d6bdc092a28fd87a54143355351970e0092e83027640
-size 109545

vpnc-0.5.3r472.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:60ff3888d6144c149c48c4292d4eca3c8c97e0c68ace7653da763024c2c842b5
+size 109881

vpnc-restart-after-timeout.diff

@@ -0,0 +1,78 @@
+Index: b/tunip.c
+===================================================================
+--- a/tunip.c
++++ b/tunip.c
+@@ -884,10 +884,13 @@ static void vpnc_main_loop(struct sa_blo
+ 				time(NULL) - s->ipsec.life.start,
+ 				s->ipsec.life.seconds,
+ 				s->ipsec.life.rx/1024,
+ 				s->ipsec.life.tx/1024,
+ 				s->ipsec.life.kbytes));
++			if (s->ipsec.life.seconds &&
++			    (time(NULL) - s->ipsec.life.start + 1 >= s->ipsec.life.seconds))
++				do_kill = -3;
+ 		} while ((presult == 0 || (presult == -1 && errno == EINTR)) && !do_kill);
+ 		if (presult == -1) {
+ 			syslog(LOG_ERR, "select: %m");
+ 			continue;
+ 		}
+@@ -945,10 +948,13 @@ static void vpnc_main_loop(struct sa_blo
+ 		}
+ 
+ 	}
+ 
+ 	switch (do_kill) {
++		case -3:
++			syslog(LOG_NOTICE, "connection terminated by timeout -> restart");
++			break;
+ 		case -2:
+ 			syslog(LOG_NOTICE, "connection terminated by dead peer detection");
+ 			break;
+ 		case -1:
+ 			syslog(LOG_NOTICE, "connection terminated by peer");
+Index: b/vpnc.c
+===================================================================
+--- a/vpnc.c
++++ b/vpnc.c
+@@ -3779,24 +3779,25 @@ int main(int argc, char **argv)
+ #endif
+ 	gcry_check_version("1.1.90");
+ 	gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);
+ 	group_init();
+ 
+-	memset(s, 0, sizeof(*s));
+-	s->ipsec.encap_mode = IPSEC_ENCAP_TUNNEL;
+-	s->ike.timeout = 1000; /* 1 second */
+-
+ 	do_config(argc, argv);
+ 
+ 	if (opt_vendor == VENDOR_NORTEL)
+ 		group_id = tolowercase(config[CONFIG_IPSEC_ID]);
+ 	else
+ 		group_id = config[CONFIG_IPSEC_ID];
+ 
+ 	DEBUG(1, printf("\nvpnc version " VERSION "\n"));
+ 	hex_dump("hex_test", hex_test, sizeof(hex_test), NULL);
+ 
++    do {
++	memset(s, 0, sizeof(*s));
++	s->ipsec.encap_mode = IPSEC_ENCAP_TUNNEL;
++	s->ike.timeout = 1000; /* 1 second */
++
+ 	DEBUGTOP(2, printf("S1 init_sockaddr\n"));
+ 	init_sockaddr(&s->dst, config[CONFIG_IPSEC_GATEWAY]);
+ 	init_sockaddr(&s->opt_src_ip, config[CONFIG_LOCAL_ADDR]);
+ 	DEBUGTOP(2, printf("S2 make_socket\n"));
+ 	s->ike.src_port = atoi(config[CONFIG_LOCAL_PORT]);
+@@ -3847,10 +3848,11 @@ int main(int argc, char **argv)
+ 	close_tunnel(s);
+ 
+ 	/* Free resources */
+ 	DEBUGTOP(2, printf("S9 cleanup\n"));
+ 	cleanup(s);
++    } while (do_kill == -3);
+ 	if (opt_vendor == VENDOR_NORTEL)
+ 		free((void *)group_id);
+ 
+ 	return 0;
+ }

vpnc.changes

@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Wed Nov  9 06:25:30 UTC 2011 - seife+obs@b1-systems.com
+
+- update to rev 472 of nortel branch
+  - memleak fix improved and upstreamed
+
+-------------------------------------------------------------------
+Tue Nov  8 16:15:48 UTC 2011 - seife+obs@b1-systems.com
+
+- update to rev 469 of nortel branch
+  - fritzbox compatibility patches improved and upstreamed
+- add patch to fix memleaks, to be upstreamed
+- add a very ugly patch to restart vpnc after lifetime expired
+
+-------------------------------------------------------------------
+Fri Nov  4 08:04:55 UTC 2011 - seife+obs@b1-systems.com
+
+- update to rev 464 of nortel branch
+  - fix some endianness issues
+  - improve handling of some isakmp delete payloads
+  - fix some format string warnings from debug messages and
+    strict aliasing warnings
+- add URL to spec file
+- add "checkout_svn.sh" to generate a new tarball from SVN
+
+-------------------------------------------------------------------
+Fri Nov  4 06:52:02 UTC 2011 - seife+obs@b1-systems.com
+
+- add another patch from the vpnc mailing list for fritzbox
+  compatibility (vpnc-fritzbox2.diff)
+
+-------------------------------------------------------------------
+Thu Nov  3 20:21:21 UTC 2011 - seife+obs@b1-systems.com
+
+- add patch to make vpnc work against fritzbox vpn:
+  - ignore invalid(?) ike lifetime attribute instead of asserting
+  - ignore ISAKMP_PAYLOAD_N message instead of aborting
+
 -------------------------------------------------------------------
 Mon Oct 24 21:41:51 UTC 2011 - jengelh@medozas.de
 

vpnc.spec

@@ -21,17 +21,22 @@ Name:           vpnc
 Group:          Productivity/Networking/Security
 BuildRequires:  libgcrypt-devel
 BuildRequires:  gnutls libgnutls-devel pkg-config
-Version:        0.5.3r449
-Release:        12
+Version:        0.5.3r472
+Release:        13
 License:        BSD3c(or similar) ; GPLv2+
 AutoReqProv:    on
 Summary:        A Client for Cisco VPN concentrator
+Url:            http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel
 Requires:       /usr/bin/sed /sbin/ip
 Source:         %{name}-%{version}.tar.bz2
+# only for checkin warnings...
+Source1:        checkout_svn.sh
 Patch0:         bugfix.diff
 Patch1:         vpnc-no-build-dates.patch
 Patch2:         work-with-netconfig.patch
 Patch3:         vpnc-ipid.diff
+# most ugly hack ever
+Patch4:         vpnc-restart-after-timeout.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -61,9 +66,10 @@ Authors:
 #Patch is not yet working :-(
 #patch2 -p0
 %patch -P 3 -p1
+%patch4 -p1
 
 %build
-export CFLAGS="%optflags -fno-strict-aliasing"
+export CFLAGS="%optflags"
 make PREFIX=/usr
 
 %install