diff --git a/.gitignore b/.gitignore index 8371d4e..35ff967 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ vpnc-0.5.3.tar.gz /vpnc-0.5.3.svn457.tar.gz /vpnc-0.5.3.svn550.tar.gz +/vpnc-c4837a1.tar.gz +/vpnc-11e15a1.tar.gz diff --git a/sources b/sources index ec107ec..0437011 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d45438923db1879efe3479ec27ec1000 vpnc-0.5.3.svn550.tar.gz +SHA512 (vpnc-11e15a1.tar.gz) = 80524bfa3224f56a002892b43c633db729663eff09d5252cc997b0c5a26d0b92a471f1b268b6b422bb3f7cfabbecc93f634216b14fdbdfaef81c88d6823a1755 diff --git a/vpnc-0.5.1-dpd.patch b/vpnc-0.5.1-dpd.patch deleted file mode 100644 index fd934fd..0000000 --- a/vpnc-0.5.1-dpd.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up vpnc-0.5.1/vpnc.c.dpd vpnc-0.5.1/vpnc.c ---- vpnc-0.5.1/vpnc.c.dpd 2007-09-20 11:01:35.000000000 +0200 -+++ vpnc-0.5.1/vpnc.c 2007-11-12 23:11:05.000000000 +0100 -@@ -681,13 +681,13 @@ void dpd_ike(struct sa_block *s) - send_dpd(s, 0, s->ike.dpd_seqno); - } else { - /* Our last dpd request has not yet been acked. If it's been -- ** less than 5 seconds since we sent it do nothing. Otherwise -+ ** less than 1/10th of idle timeout since we sent it do nothing. Otherwise - ** decrement dpd_attempts. If dpd_attempts is 0 dpd fails and we - ** terminate otherwise we send it again with the same sequence - ** number and record current time. - */ - time_t now = time(NULL); -- if (now < s->ike.dpd_sent + 5) -+ if (now < s->ike.dpd_sent + s->ike.dpd_idle/10) - return; - if (--s->ike.dpd_attempts == 0) { - DEBUG(2, printf("dead peer detected, terminating\n")); -@@ -695,6 +695,8 @@ void dpd_ike(struct sa_block *s) - return; - } - s->ike.dpd_sent = now; -+ if (s->ike.dpd_attempts == 3) -+ ++s->ike.dpd_seqno; /* maybe just the dpd reply got lost let's try new seq no */ - send_dpd(s, 0, s->ike.dpd_seqno); - } - } -diff -up vpnc-0.5.1/tunip.c.dpd vpnc-0.5.1/tunip.c ---- vpnc-0.5.1/tunip.c.dpd 2007-09-06 22:05:14.000000000 +0200 -+++ vpnc-0.5.1/tunip.c 2007-11-12 22:42:17.000000000 +0100 -@@ -865,7 +865,7 @@ static void vpnc_main_loop(struct sa_blo - time_t now = time(NULL); - if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) { - /* Wake up more often for dpd attempts */ -- select_timeout.tv_sec = 5; -+ select_timeout.tv_sec = s->ike.dpd_idle/10; - select_timeout.tv_usec = 0; - dpd_ike(s); - next_ike_dpd = now + s->ike.dpd_idle; -@@ -925,8 +925,8 @@ static void vpnc_main_loop(struct sa_blo - if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) { - dpd_ike(s); - next_ike_dpd = now + s->ike.dpd_idle; -- if (now + 5 < next_up) -- next_up = now + 5; -+ if (now + s->ike.dpd_idle/10 < next_up) -+ next_up = now + s->ike.dpd_idle/10; - } - else if (now >= next_ike_dpd) { - dpd_ike(s); -diff -up vpnc-0.5.1/config.c.dpd vpnc-0.5.1/config.c ---- vpnc-0.5.1/config.c.dpd 2007-11-12 22:40:01.000000000 +0100 -+++ vpnc-0.5.1/config.c 2007-11-12 23:17:39.000000000 +0100 -@@ -242,7 +242,7 @@ static const char *config_def_udp_port(v - - static const char *config_def_dpd_idle(void) - { -- return "300"; -+ return "600"; - } - - static const char *config_ca_dir(void) diff --git a/vpnc-0.5.3-cloexec.patch b/vpnc-0.5.3-cloexec.patch deleted file mode 100644 index 3c224f9..0000000 --- a/vpnc-0.5.3-cloexec.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up vpnc-0.5.3/vpnc.c.cloexec vpnc-0.5.3/vpnc.c ---- vpnc-0.5.3/vpnc.c.cloexec 2008-11-19 21:55:51.000000000 +0100 -+++ vpnc-0.5.3/vpnc.c 2008-11-20 11:48:07.000000000 +0100 -@@ -2877,6 +2877,8 @@ static void do_phase2_qm(struct sa_block - close_tunnel(s); - error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)"); - } -+ fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC); -+ - #ifdef IP_HDRINCL - if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) { - close_tunnel(s); diff --git a/vpnc-0.5.3-use-autodie.patch b/vpnc-0.5.3-use-autodie.patch deleted file mode 100644 index 4ad5d6c..0000000 --- a/vpnc-0.5.3-use-autodie.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up vpnc-0.5.3/makeman.pl.autodie vpnc-0.5.3/makeman.pl ---- vpnc-0.5.3/makeman.pl.autodie 2009-11-19 18:03:47.000000000 +0100 -+++ vpnc-0.5.3/makeman.pl 2013-03-07 11:21:43.524106709 +0100 -@@ -17,7 +17,7 @@ - - use strict; - use warnings; --use Fatal qw(open close); -+use autodie qw(open close); - use filetest qw(access); # to always get errno-values on filetests - use POSIX qw(strftime setlocale LC_ALL); - diff --git a/vpnc-disconnect.consolehelper b/vpnc-disconnect.consolehelper index 27cb504..2011c06 100644 --- a/vpnc-disconnect.consolehelper +++ b/vpnc-disconnect.consolehelper @@ -1,2 +1,2 @@ USER=root -PROGRAM=/usr/sbin/vpnc-disconnect +PROGRAM=/usr/libexec/vpnc-disconnect diff --git a/vpnc-helper b/vpnc-helper index 0e906d9..91ef213 100755 --- a/vpnc-helper +++ b/vpnc-helper @@ -1,2 +1,10 @@ #!/bin/sh -/usr/sbin/vpnc + +if [ "$USERHELPER_UID" = "0" ]; then + # if started by root, forward all arguments + /usr/libexec/vpnc "$@" +else + # if started as unprivileged user, discard all arguments + # vpnc will use its default config file /etc/vpnc/default.conf + /usr/libexec/vpnc +fi diff --git a/vpnc.consolehelper b/vpnc.consolehelper index 0170585..fbd2e95 100644 --- a/vpnc.consolehelper +++ b/vpnc.consolehelper @@ -1,2 +1,2 @@ USER=root -PROGRAM=/usr/sbin/vpnc-helper +PROGRAM=/usr/libexec/vpnc-helper diff --git a/vpnc.pam b/vpnc.pam index ddb3673..85cf06e 100644 --- a/vpnc.pam +++ b/vpnc.pam @@ -1,5 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so -auth sufficient pam_console.so auth include config-util account include config-util diff --git a/vpnc.spec b/vpnc.spec index b370ea2..fa35006 100644 --- a/vpnc.spec +++ b/vpnc.spec @@ -1,13 +1,14 @@ -%define snapshot .svn550 +%global commit 11e15a143d6a00fb4e532cad271c70b401a6b9ef +%global shortcommit %(c=%{commit}; echo ${c:0:7}) Name: vpnc -Version: 0.5.3 -Release: 41%{snapshot}%{?dist} +Version: 0.5.3^20241114.git%{shortcommit} +Release: 3%{?dist} Summary: IPSec VPN client compatible with Cisco equipment -License: GPLv2+ -URL: http://www.unix-ag.uni-kl.de/~massar/vpnc/ +License: GPL-2.0-or-later and BSD-2-Clause +URL: https://davidepucci.it/doc/vpnc/ -Source0: http://www.unix-ag.uni-kl.de/~massar/vpnc/%{name}-%{version}%{snapshot}.tar.gz +Source0: https://github.com/streambinder/vpnc/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: generic-vpnc.conf Source2: vpnc.consolehelper Source3: vpnc-disconnect.consolehelper @@ -17,11 +18,8 @@ Source8: %{name}-tmpfiles.conf # script used to generate the svn snapshot, not used in the actual build process Source99: fetch-sources.sh -Patch1: vpnc-0.5.1-dpd.patch -Patch2: vpnc-0.5.3-use-autodie.patch - BuildRequires: make -BuildRequires: gcc +BuildRequires: gcc BuildRequires: libgcrypt-devel > 1.1.90 BuildRequires: gnutls-devel # required for ./makeman.pl @@ -29,34 +27,26 @@ BuildRequires: perl-interpreter BuildRequires: perl(autodie) BuildRequires: perl(filetest) BuildRequires: perl(if) -BuildRequires: systemd -Requires: iproute vpnc-script +BuildRequires: systemd-rpm-macros +Requires: iproute vpnc-script usermode +Obsoletes: vpnc-consoleuser < 0.5.3^20241114.git11e15a1-2 %description -A VPN client compatible with Cisco's EasyVPN equipment. +An IPSec VPN client with support for IP tunelling, Xauth, ESP, +Mode Configuration and shared-secret IPSec authentication. -Supports IPSec (ESP) with Mode Configuration and Xauth. Supports only -shared-secret IPSec authentication, 3DES, MD5, and IP tunneling. - -%package consoleuser -Summary: Allows console user to run the VPN client directly -Requires: vpnc = %{version}-%{release} -Requires: usermode - -%description consoleuser -Allows the console user to run the IPSec VPN client directly without -switching to the root account. +Compatible with Cisco's EasyVPN equipment. %prep -%autosetup +%autosetup -p1 -n %{name}-%{commit} %build CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="$RPM_OPT_FLAGS -pie" make PREFIX=/usr %install -make install DESTDIR="$RPM_BUILD_ROOT" PREFIX=/usr +make install DESTDIR="$RPM_BUILD_ROOT" PREFIX=/usr SBINDIR=%{_libexecdir} rm -f $RPM_BUILD_ROOT%{_bindir}/pcf2vpnc -chmod 0644 pcf2vpnc +chmod 0644 src/pcf2vpnc rm -f $RPM_BUILD_ROOT%{_mandir}/man1/pcf2vpnc.1 chmod 0644 $RPM_BUILD_ROOT%{_mandir}/man8/vpnc.8 install -m 0600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/vpnc/default.conf @@ -69,37 +59,86 @@ install -Dp -m 0644 %{SOURCE4} \ install -Dp -m 0644 %{SOURCE4} \ $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/vpnc-disconnect install -m 0755 %{SOURCE5} \ - $RPM_BUILD_ROOT%{_sbindir}/vpnc-helper + $RPM_BUILD_ROOT%{_libexecdir}/vpnc-helper mkdir -p $RPM_BUILD_ROOT%{_bindir} ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/vpnc ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/vpnc-disconnect rm -f $RPM_BUILD_ROOT%{_datadir}/doc/vpnc/COPYING # vpnc-script is packaged in a separate package rm -f $RPM_BUILD_ROOT%{_sysconfdir}/vpnc/vpnc-script +rm -f $RPM_BUILD_ROOT%{_docdir}/vpnc/*.md mkdir -p %{buildroot}%{_tmpfilesdir} install -m 0644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/%{name}.conf +%post +%systemd_post vpnc@.service + +%preun +%systemd_preun vpnc@.service + +%postun +%systemd_postun vpnc@.service + %files -%license COPYING -%doc README pcf2vpnc pcf2vpnc.1 +%license LICENSE LICENSE.BSD2 +%doc docs/*.md src/pcf2vpnc src/pcf2vpnc.1 %{_tmpfilesdir}/%{name}.conf %config(noreplace) %{_sysconfdir}/vpnc/default.conf -%{_sbindir}/vpnc %{_bindir}/cisco-decrypt -%{_sbindir}/vpnc-disconnect +%{_bindir}/vpnc +%{_bindir}/vpnc-disconnect +%{_libexecdir}/vpnc +%{_libexecdir}/vpnc-disconnect +%{_libexecdir}/vpnc-helper %{_mandir}/man8/vpnc.* %{_mandir}/man1/cisco-decrypt.* - -%files consoleuser +%{_unitdir}/vpnc@.service %config(noreplace) %{_sysconfdir}/security/console.apps/vpnc* %config(noreplace) %{_sysconfdir}/pam.d/vpnc* -%{_bindir}/vpnc* -%{_sbindir}/vpnc-helper %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 0.5.3^20241114.git11e15a1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Wed May 07 2025 Christian Krause - 0.5.3^20241114.git11e15a1-2 +- Fix issues with /usr/bin/ and /usr/sbin/ merge (#2363531) +- Always use consolehelper, implicitly allowed for root, + remove consoleuser sub-package +- Remove pam_console.so from vpnc.pam (not available anymore) + +* Mon Mar 24 2025 Lubomir Rintel - 0.5.3^20241114.gitc4837a1-1 +- Update to a snapshot from an active upstream Git repository + +* Sun Jan 19 2025 Fedora Release Engineering - 0.5.3-50.svn550 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Fri Jul 26 2024 Miroslav Suchý - 0.5.3-49.svn550 +- convert license to SPDX + +* Sat Jul 20 2024 Fedora Release Engineering - 0.5.3-48.svn550 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Sat Jan 27 2024 Fedora Release Engineering - 0.5.3-47.svn550 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jul 22 2023 Fedora Release Engineering - 0.5.3-46.svn550 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sat Jan 21 2023 Fedora Release Engineering - 0.5.3-45.svn550 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Jul 23 2022 Fedora Release Engineering - 0.5.3-44.svn550 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 0.5.3-43.svn550 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Jul 23 2021 Fedora Release Engineering - 0.5.3-42.svn550 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Wed Jan 27 2021 Fedora Release Engineering - 0.5.3-41.svn550 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild