Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

vpnc-script

@@ -97,7 +97,7 @@ HOOKS_DIR=/etc/vpnc
 # OpenConnect v9.0+ provides VPNPID, so we don't need to determine it.
 if [ -z "$VPNPID" ]; then
     VPNPID=$PPID
-    PCMD=`ps -c -o cmd= -p $PPID`
+    PCMD=`ps -c -o command= -p $PPID`
     case "$PCMD" in
         *sh) VPNPID=`ps -o ppid= -p $PPID` ;;
     esac
@@ -156,7 +156,10 @@ else
 fi
 
 RESOLVEDENABLED=0
-grep '^hosts' /etc/nsswitch.conf 2>/dev/null|grep resolve >/dev/null 2>&1
+# detect usage of systemd-resolved via nss-resolve...
+grep '^hosts' /etc/nsswitch.conf 2>/dev/null | grep resolve >/dev/null 2>&1 || \
+# or via nss-dns with /etc/resolv.conf under control of systemd-resolved
+(grep '^hosts' /etc/nsswitch.conf 2>/dev/null | grep dns >/dev/null 2>&1 && readlink /etc/resolv.conf | grep -e '/run/systemd/resolve/stub-resolv.conf$' -e '/usr/lib/systemd/resolv.conf$' -e '/run/systemd/resolve/resolv.conf$' >/dev/null 2>&1)
 if [ $? = 0 ];then
 	command resolvectl status >/dev/null 2>&1 || command systemd-resolve --status >/dev/null 2>&1
 	if [ $? = 0 ];then
@@ -295,18 +298,23 @@ if [ -n "$IPROUTE" ]; then
 			# after dead-peer detection, but no change in the underlying network devices).
 			$IPROUTE $FAMILY route add `echo "$VPNGATEWAY $LINE" | fix_ip_get_output` 2>/dev/null
 		done
-		$IPROUTE $FAMILY route flush cache 2>/dev/null
+		if [ $FAMILY != -4 ]; then
+			$IPROUTE $FAMILY route flush cache 2>/dev/null
+		fi
 	}
 
 	del_vpngateway_route() {
+		echo "$VPNGATEWAY" | grep -q : && FAMILY=-6 || FAMILY=-4
+
 		$IPROUTE route $route_syntax_del "$VPNGATEWAY"
-		$IPROUTE route flush cache 2>/dev/null
+		if [ $FAMILY != -4 ]; then
+			$IPROUTE $FAMILY route flush cache 2>/dev/null
+		fi
 	}
 
 	set_default_route() {
 		$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
 		$IPROUTE route replace default dev "$TUNDEV"
-		$IPROUTE route flush cache 2>/dev/null
 	}
 
 	set_network_route() {
@@ -320,7 +328,6 @@ if [ -n "$IPROUTE" ]; then
 		else
 			$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
 		fi
-		$IPROUTE route flush cache 2>/dev/null
 	}
 
 	set_exclude_route() {
@@ -329,14 +336,10 @@ if [ -n "$IPROUTE" ]; then
 		NETWORK="$1"
 		NETMASK="$2"
 		NETMASKLEN="$3"
-
-		echo "$1" | grep -q : && FAMILY=-6 || FAMILY=-4
-
 		list_non_loopback_routes "$NETWORK/$NETMASKLEN" |
 		while read LINE ; do
-			$IPROUTE $FAMILY route add `echo "$NETWORK/$NETMASKLEN $LINE" | fix_ip_get_output` 2>/dev/null
+			$IPROUTE route add `echo "$NETWORK/$NETMASKLEN $LINE" | fix_ip_get_output` 2>/dev/null
 		done
-		$IPROUTE $FAMILY route flush cache 2>/dev/null
 	}
 
 	del_exclude_route() {
@@ -346,13 +349,11 @@ if [ -n "$IPROUTE" ]; then
 		NETMASK="$2"
 		NETMASKLEN="$3"
 		$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN"
-		$IPROUTE route flush cache 2>/dev/null
 	}
 
 	reset_default_route() {
 		if [ -s "$DEFAULT_ROUTE_FILE" ]; then
 			$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
-			$IPROUTE route flush cache 2>/dev/null
 			rm -f -- "$DEFAULT_ROUTE_FILE"
 		fi
 	}
@@ -363,7 +364,6 @@ if [ -n "$IPROUTE" ]; then
 		NETMASKLEN="$3"
 		NETDEV="$4"
 		$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
-		$IPROUTE route flush cache 2>/dev/null
 	}
 
 	set_ipv6_default_route() {
@@ -419,7 +419,7 @@ else # use route command
 		# - remove lines containing IPv6 addresses (':')
 		# - remove lines for link-local routes (https://superuser.com/a/1067742)
 		# - remove lines containing $TUNDEV (we don't want loopback)
-		netstat -r -n | awk '/:/ { next; } /link#/ { next; } /[[:space:]]'"$TUNDEV"'([[:space:]]|$)/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; }'
+		netstat -r -n | awk '/:/ { next; } /link#/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; } /[[:space:]]'"$TUNDEV"'([[:space:]]|$)/ { next; }'
 	}
 
 	set_vpngateway_route() {
@@ -484,7 +484,7 @@ else # use route command
 
 	reset_default_route() {
 		if [ -s "$DEFAULT_ROUTE_FILE" ]; then
-			route $route_syntax_del default $route_syntax_gw "`get_default_gw`" $route_syntax_interface
+			route $route_syntax_del default $route_syntax_gw `get_default_gw` $route_syntax_interface
 			route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"`
 			rm -f -- "$DEFAULT_ROUTE_FILE"
 		fi
@@ -690,6 +690,10 @@ search $DOMAINS"
 						close
 					EOF
 				fi
+				# For newer MacOS versions it is needed to set DNS
+				ACTIVE_INTERFACE=`route -n get default | grep interface | awk '{print $2}'`
+				ACTIVE_NETWORK_SERVICE=`networksetup -listnetworkserviceorder | grep -B 1 "$ACTIVE_INTERFACE" | head -n 1 | awk '/\([0-9]+\)/{ print }'|cut -d " " -f2-`
+				networksetup -setdnsservers "$ACTIVE_NETWORK_SERVICE" $INTERNAL_IP4_DNS
 				;;
 		esac
 	fi
@@ -719,17 +723,22 @@ restore_resolvconf_generic() {
 				# to list of used DNS servers
 				if [ -n "$CISCO_SPLIT_INC" ]; then
 					SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'`
-					SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs`
-					if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then
+					SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}'`
+					FILTERED_SERVICE_DNS=`echo "$SERVICE_DNS" | grep -Fv "$(echo $INTERNAL_IP4_DNS | tr ' ' '\n')" | xargs`
+					if [ -n "$FILTERED_SERVICE_DNS" ]; then
 						scutil >/dev/null 2>&1 <<-EOF
 							open
 							get State:/Network/Service/$SERVICE/DNS
-							d.add ServerAddresses * ${SERVICE_DNS##$INTERNAL_IP4_DNS}
+							d.add ServerAddresses * ${FILTERED_SERVICE_DNS}
 							set State:/Network/Service/$SERVICE/DNS
 							close
 						EOF
 					fi
 				fi
+				# For newer MacOS versions it is needed to unset DNS
+				ACTIVE_INTERFACE=`route -n get default | grep interface | awk '{print $2}'`
+				ACTIVE_NETWORK_SERVICE=`networksetup -listnetworkserviceorder | grep -B 1 "$ACTIVE_INTERFACE" | head -n 1 | awk '/\([0-9]+\)/{ print }'|cut -d " " -f2-`
+				networksetup -setdnsservers "$ACTIVE_NETWORK_SERVICE" Empty
 				;;
 		esac
 	fi
@@ -783,6 +792,7 @@ modify_resolvconf_openwrt() {
 restore_resolvconf_openwrt() {
 	remove_dns $OPENWRT_INTERFACE
 }
+
 # === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) =========
 
 modify_resolvconf_manager() {
@@ -802,6 +812,8 @@ restore_resolvconf_manager() {
 	/sbin/resolvconf -d $TUNDEV
 }
 
+# === resolv.conf handling via systemd-resolved =========
+
 AF_INET=2
 
 get_if_index() {
@@ -895,6 +907,11 @@ modify_resolvconf_unbound() {
 		/usr/sbin/unbound-control forward_add +i ${CISCO_DEF_DOMAIN} ${INTERNAL_IP4_DNS}
 		/usr/sbin/unbound-control flush_requestlist
 		/usr/sbin/unbound-control flush_zone ${CISCO_DEF_DOMAIN}
+		# flush infra cache
+		for i in $INTERNAL_IP4_DNS ; do
+			/usr/sbin/unbound-control flush_infra "$i"
+		done
+
 	fi
 }
 
@@ -906,7 +923,7 @@ restore_resolvconf_unbound() {
 	fi
 }
 
-# === resolv.conf handling via resolvd =========
+# === resolv.conf handling via resolvd (OpenBSD) =========
 
 modify_resolvconf_resolvd() {
 	/sbin/route nameserver $TUNDEV $INTERNAL_IP4_DNS $INTERNAL_IP6_DNS
@@ -1006,10 +1023,6 @@ do_connect() {
 			fi
 			i=`expr $i + 1`
 		done
-		for i in $INTERNAL_IP4_DNS ; do
-			echo "$i" | grep : >/dev/null || \
-				set_network_route "$i" "255.255.255.255" "32" "$TUNDEV"
-		done
 	elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
 		set_default_route
 	fi
@@ -1025,11 +1038,6 @@ do_connect() {
 			fi
 			i=`expr $i + 1`
 		done
-		for i in $INTERNAL_IP4_DNS ; do
-			if echo "$i" | grep : >/dev/null; then
-				set_ipv6_network_route "$i" "128" "$TUNDEV"
-			fi
-		done
 	elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
 		set_ipv6_default_route
 	fi
@@ -1055,9 +1063,6 @@ do_disconnect() {
 			fi
 			i=`expr $i + 1`
 		done
-		for i in $INTERNAL_IP4_DNS ; do
-			del_network_route "$i" "255.255.255.255" "32" "$TUNDEV"
-		done
 	else
 		reset_default_route
 	fi
@@ -1096,9 +1101,6 @@ do_disconnect() {
 			fi
 			i=`expr $i + 1`
 		done
-		for i in $INTERNAL_IP6_DNS ; do
-			del_ipv6_network_route "$i" "128" "$TUNDEV"
-		done
 	elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
 		reset_ipv6_default_route
 	fi

vpnc-script.spec

@@ -1,16 +1,17 @@
-%global git_date 20220404
-%global git_commit_hash 40a8c62c
+%global git_date 20230907
+%global git_commit_hash 5b9e7e4c
 
 Name:		vpnc-script
 Version:	%{git_date}
-Release:	1.git%{git_commit_hash}%{?dist}
+Release:	%autorelease -e git%{git_commit_hash}
 
 Summary:	Routing setup script for vpnc and openconnect
 BuildArch:	noarch
 Requires:	iproute
 Requires:	which
 
-License:	GPLv2+
+# Automatically converted from old format: GPLv2+ - review is highly recommended.
+License:	GPL-2.0-or-later
 URL:		https://gitlab.com/openconnect/vpnc-scripts/
 Source0:	vpnc-script
 
@@ -34,50 +35,4 @@ install -m 0755 vpnc-script \
 %{_sysconfdir}/vpnc/vpnc-script
 
 %changelog
-* Mon Apr 04 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 20220404-1.git40a8c62c
-- Updated to latest upstream version
-
-* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-6.git6f87b0f
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-5.git6f87b0f
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sat Dec 01 2018 James Hennessy <jphxxxx@gmail.com>
-- Fixed issue where vpnc-script is using resolvconf on systems where "resolve" isn't enabled in /etc/nsswitch.
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-3.git6f87b0f
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-2.git6f87b0f
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Oct  5 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20171004-1.git6f87b0f
-- Fixed issue with systemd-resolved (#1497750)
-
-* Mon Aug 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170821-1.git6f87b0f
-- new upstream release
-- removed dependency on net-tools and added on iproute (#1481164)
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20140805-6.gitdf5808b
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20140805-5.gitdf5808b
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 20140805-4.gitdf5808b
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 20140805-3.gitdf5808b
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Thu Nov 20 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140805-2.gitdf5808b
-- Added dependency on which (#1068899)
-- Added dependency on net-tools (#1007363)
-
-* Wed Oct 01 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140805-1.gitdf5808b
-- new upstream release (includes unbound patch)
-
-* Tue Aug 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140705-1.git6201ebd
-- new package
-
+%autochangelog