diff --git a/checkout_svn.sh b/checkout_svn.sh new file mode 100644 index 0000000..51de7b7 --- /dev/null +++ b/checkout_svn.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +URL=http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel +REL=0.5.3 +if [ x$1 = x-h ]; then + echo "usage: $0 " + echo " check out revision 'rev' of $URL" + echo " and pack it as vpnc-${REL}r.tar.bz2" + echo + exit 0 +fi + +REV="" +if [ $1 ]; then + REV="$1" +else + REV=$(LC_ALL=C svn info $URL| awk -F": " '/^Revision: / { print $2 }') +fi + +DIR=$(mktemp -d ./vpnc-download-XXXXXX) +cd $DIR +echo "exporting revision $REV..." +svn export -r $REV $URL vpnc +if [ $? != 0 ]; then + echo "export failed? please check and cleanup $DIR afterwards..." + exit 1 +fi +tar cpjf vpnc-${REL}r${REV}.tar.bz2 vpnc +mv -i vpnc-${REL}r${REV}.tar.bz2 ../ +cd .. +rm -r $DIR diff --git a/vpnc-0.5.3r449.tar.bz2 b/vpnc-0.5.3r449.tar.bz2 deleted file mode 100644 index bd3da0e..0000000 --- a/vpnc-0.5.3r449.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:778e7816ba937f958107d6bdc092a28fd87a54143355351970e0092e83027640 -size 109545 diff --git a/vpnc-0.5.3r472.tar.bz2 b/vpnc-0.5.3r472.tar.bz2 new file mode 100644 index 0000000..f9f4606 --- /dev/null +++ b/vpnc-0.5.3r472.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:60ff3888d6144c149c48c4292d4eca3c8c97e0c68ace7653da763024c2c842b5 +size 109881 diff --git a/vpnc-restart-after-timeout.diff b/vpnc-restart-after-timeout.diff new file mode 100644 index 0000000..1dfe7f3 --- /dev/null +++ b/vpnc-restart-after-timeout.diff @@ -0,0 +1,78 @@ +Index: b/tunip.c +=================================================================== +--- a/tunip.c ++++ b/tunip.c +@@ -884,10 +884,13 @@ static void vpnc_main_loop(struct sa_blo + time(NULL) - s->ipsec.life.start, + s->ipsec.life.seconds, + s->ipsec.life.rx/1024, + s->ipsec.life.tx/1024, + s->ipsec.life.kbytes)); ++ if (s->ipsec.life.seconds && ++ (time(NULL) - s->ipsec.life.start + 1 >= s->ipsec.life.seconds)) ++ do_kill = -3; + } while ((presult == 0 || (presult == -1 && errno == EINTR)) && !do_kill); + if (presult == -1) { + syslog(LOG_ERR, "select: %m"); + continue; + } +@@ -945,10 +948,13 @@ static void vpnc_main_loop(struct sa_blo + } + + } + + switch (do_kill) { ++ case -3: ++ syslog(LOG_NOTICE, "connection terminated by timeout -> restart"); ++ break; + case -2: + syslog(LOG_NOTICE, "connection terminated by dead peer detection"); + break; + case -1: + syslog(LOG_NOTICE, "connection terminated by peer"); +Index: b/vpnc.c +=================================================================== +--- a/vpnc.c ++++ b/vpnc.c +@@ -3779,24 +3779,25 @@ int main(int argc, char **argv) + #endif + gcry_check_version("1.1.90"); + gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); + group_init(); + +- memset(s, 0, sizeof(*s)); +- s->ipsec.encap_mode = IPSEC_ENCAP_TUNNEL; +- s->ike.timeout = 1000; /* 1 second */ +- + do_config(argc, argv); + + if (opt_vendor == VENDOR_NORTEL) + group_id = tolowercase(config[CONFIG_IPSEC_ID]); + else + group_id = config[CONFIG_IPSEC_ID]; + + DEBUG(1, printf("\nvpnc version " VERSION "\n")); + hex_dump("hex_test", hex_test, sizeof(hex_test), NULL); + ++ do { ++ memset(s, 0, sizeof(*s)); ++ s->ipsec.encap_mode = IPSEC_ENCAP_TUNNEL; ++ s->ike.timeout = 1000; /* 1 second */ ++ + DEBUGTOP(2, printf("S1 init_sockaddr\n")); + init_sockaddr(&s->dst, config[CONFIG_IPSEC_GATEWAY]); + init_sockaddr(&s->opt_src_ip, config[CONFIG_LOCAL_ADDR]); + DEBUGTOP(2, printf("S2 make_socket\n")); + s->ike.src_port = atoi(config[CONFIG_LOCAL_PORT]); +@@ -3847,10 +3848,11 @@ int main(int argc, char **argv) + close_tunnel(s); + + /* Free resources */ + DEBUGTOP(2, printf("S9 cleanup\n")); + cleanup(s); ++ } while (do_kill == -3); + if (opt_vendor == VENDOR_NORTEL) + free((void *)group_id); + + return 0; + } diff --git a/vpnc.changes b/vpnc.changes index 265e64b..1686425 100644 --- a/vpnc.changes +++ b/vpnc.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Wed Nov 9 06:25:30 UTC 2011 - seife+obs@b1-systems.com + +- update to rev 472 of nortel branch + - memleak fix improved and upstreamed + +------------------------------------------------------------------- +Tue Nov 8 16:15:48 UTC 2011 - seife+obs@b1-systems.com + +- update to rev 469 of nortel branch + - fritzbox compatibility patches improved and upstreamed +- add patch to fix memleaks, to be upstreamed +- add a very ugly patch to restart vpnc after lifetime expired + +------------------------------------------------------------------- +Fri Nov 4 08:04:55 UTC 2011 - seife+obs@b1-systems.com + +- update to rev 464 of nortel branch + - fix some endianness issues + - improve handling of some isakmp delete payloads + - fix some format string warnings from debug messages and + strict aliasing warnings +- add URL to spec file +- add "checkout_svn.sh" to generate a new tarball from SVN + +------------------------------------------------------------------- +Fri Nov 4 06:52:02 UTC 2011 - seife+obs@b1-systems.com + +- add another patch from the vpnc mailing list for fritzbox + compatibility (vpnc-fritzbox2.diff) + +------------------------------------------------------------------- +Thu Nov 3 20:21:21 UTC 2011 - seife+obs@b1-systems.com + +- add patch to make vpnc work against fritzbox vpn: + - ignore invalid(?) ike lifetime attribute instead of asserting + - ignore ISAKMP_PAYLOAD_N message instead of aborting + ------------------------------------------------------------------- Mon Oct 24 21:41:51 UTC 2011 - jengelh@medozas.de diff --git a/vpnc.spec b/vpnc.spec index d06cdcd..2df9bba 100644 --- a/vpnc.spec +++ b/vpnc.spec @@ -21,17 +21,22 @@ Name: vpnc Group: Productivity/Networking/Security BuildRequires: libgcrypt-devel BuildRequires: gnutls libgnutls-devel pkg-config -Version: 0.5.3r449 -Release: 12 +Version: 0.5.3r472 +Release: 13 License: BSD3c(or similar) ; GPLv2+ AutoReqProv: on Summary: A Client for Cisco VPN concentrator +Url: http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel Requires: /usr/bin/sed /sbin/ip Source: %{name}-%{version}.tar.bz2 +# only for checkin warnings... +Source1: checkout_svn.sh Patch0: bugfix.diff Patch1: vpnc-no-build-dates.patch Patch2: work-with-netconfig.patch Patch3: vpnc-ipid.diff +# most ugly hack ever +Patch4: vpnc-restart-after-timeout.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -61,9 +66,10 @@ Authors: #Patch is not yet working :-( #patch2 -p0 %patch -P 3 -p1 +%patch4 -p1 %build -export CFLAGS="%optflags -fno-strict-aliasing" +export CFLAGS="%optflags" make PREFIX=/usr %install