Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

- Fixes #2363531
- Always use consolehelper, implicitly allowed for root,
  remove consoleuser sub-package
- Remove pam_console.so from vpnc.pam (not available anymore)

.gitignore

@@ -1,3 +1,5 @@
 vpnc-0.5.3.tar.gz
 /vpnc-0.5.3.svn457.tar.gz
 /vpnc-0.5.3.svn550.tar.gz
+/vpnc-c4837a1.tar.gz
+/vpnc-11e15a1.tar.gz

sources

@@ -1 +1 @@
-d45438923db1879efe3479ec27ec1000  vpnc-0.5.3.svn550.tar.gz
+SHA512 (vpnc-11e15a1.tar.gz) = 80524bfa3224f56a002892b43c633db729663eff09d5252cc997b0c5a26d0b92a471f1b268b6b422bb3f7cfabbecc93f634216b14fdbdfaef81c88d6823a1755

vpnc-0.5.1-dpd.patch

@@ -1,63 +0,0 @@
-diff -up vpnc-0.5.1/vpnc.c.dpd vpnc-0.5.1/vpnc.c
---- vpnc-0.5.1/vpnc.c.dpd	2007-09-20 11:01:35.000000000 +0200
-+++ vpnc-0.5.1/vpnc.c	2007-11-12 23:11:05.000000000 +0100
-@@ -681,13 +681,13 @@ void dpd_ike(struct sa_block *s)
- 		send_dpd(s, 0, s->ike.dpd_seqno);
- 	} else {
- 		/* Our last dpd request has not yet been acked.  If it's been
--		** less than 5 seconds since we sent it do nothing.  Otherwise
-+		** less than 1/10th of idle timeout since we sent it do nothing.  Otherwise
- 		** decrement dpd_attempts.  If dpd_attempts is 0 dpd fails and we
- 		** terminate otherwise we send it again with the same sequence
- 		** number and record current time.
- 		*/
- 		time_t now = time(NULL);
--		if (now < s->ike.dpd_sent + 5)
-+		if (now < s->ike.dpd_sent + s->ike.dpd_idle/10)
- 			return;
- 		if (--s->ike.dpd_attempts == 0) {
- 			DEBUG(2, printf("dead peer detected, terminating\n"));
-@@ -695,6 +695,8 @@ void dpd_ike(struct sa_block *s)
- 			return;
- 		}
- 		s->ike.dpd_sent = now;
-+		if (s->ike.dpd_attempts == 3)
-+		    ++s->ike.dpd_seqno; /* maybe just the dpd reply got lost let's try new seq no */
- 		send_dpd(s, 0, s->ike.dpd_seqno);
- 	}
- }
-diff -up vpnc-0.5.1/tunip.c.dpd vpnc-0.5.1/tunip.c
---- vpnc-0.5.1/tunip.c.dpd	2007-09-06 22:05:14.000000000 +0200
-+++ vpnc-0.5.1/tunip.c	2007-11-12 22:42:17.000000000 +0100
-@@ -865,7 +865,7 @@ static void vpnc_main_loop(struct sa_blo
- 					time_t now = time(NULL);
- 					if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) {
- 						/* Wake up more often for dpd attempts */
--						select_timeout.tv_sec = 5;
-+						select_timeout.tv_sec = s->ike.dpd_idle/10;
- 						select_timeout.tv_usec = 0;
- 						dpd_ike(s);
- 						next_ike_dpd = now + s->ike.dpd_idle;
-@@ -925,8 +925,8 @@ static void vpnc_main_loop(struct sa_blo
- 				if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) {
- 					dpd_ike(s);
- 					next_ike_dpd = now + s->ike.dpd_idle;
--					if (now + 5 < next_up)
--						next_up = now + 5;
-+					if (now + s->ike.dpd_idle/10 < next_up)
-+						next_up = now + s->ike.dpd_idle/10;
- 				}
- 				else if (now >= next_ike_dpd) {
- 					dpd_ike(s);
-diff -up vpnc-0.5.1/config.c.dpd vpnc-0.5.1/config.c
---- vpnc-0.5.1/config.c.dpd	2007-11-12 22:40:01.000000000 +0100
-+++ vpnc-0.5.1/config.c	2007-11-12 23:17:39.000000000 +0100
-@@ -242,7 +242,7 @@ static const char *config_def_udp_port(v
- 
- static const char *config_def_dpd_idle(void)
- {
--	return "300";
-+	return "600";
- }
- 
- static const char *config_ca_dir(void)

vpnc-0.5.3-cloexec.patch

@@ -1,12 +0,0 @@
-diff -up vpnc-0.5.3/vpnc.c.cloexec vpnc-0.5.3/vpnc.c
---- vpnc-0.5.3/vpnc.c.cloexec	2008-11-19 21:55:51.000000000 +0100
-+++ vpnc-0.5.3/vpnc.c	2008-11-20 11:48:07.000000000 +0100
-@@ -2877,6 +2877,8 @@ static void do_phase2_qm(struct sa_block
- 				close_tunnel(s);
- 				error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
- 			}
-+			fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
-+
- #ifdef IP_HDRINCL
- 			if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
- 				close_tunnel(s);

vpnc-0.5.3-use-autodie.patch

@@ -1,12 +0,0 @@
-diff -up vpnc-0.5.3/makeman.pl.autodie vpnc-0.5.3/makeman.pl
---- vpnc-0.5.3/makeman.pl.autodie	2009-11-19 18:03:47.000000000 +0100
-+++ vpnc-0.5.3/makeman.pl	2013-03-07 11:21:43.524106709 +0100
-@@ -17,7 +17,7 @@
- 
- use strict;
- use warnings;
--use Fatal    qw(open close);
-+use autodie  qw(open close);
- use filetest qw(access);	# to always get errno-values on filetests
- use POSIX    qw(strftime setlocale LC_ALL);
- 

vpnc-disconnect.consolehelper

@@ -1,2 +1,2 @@
 USER=root
-PROGRAM=/usr/sbin/vpnc-disconnect
+PROGRAM=/usr/libexec/vpnc-disconnect

vpnc-helper

@@ -1,2 +1,10 @@
 #!/bin/sh
-/usr/sbin/vpnc
+
+if [ "$USERHELPER_UID" = "0" ]; then
+    # if started by root, forward all arguments
+    /usr/libexec/vpnc "$@"
+else
+    # if started as unprivileged user, discard all arguments
+    # vpnc will use its default config file /etc/vpnc/default.conf
+    /usr/libexec/vpnc
+fi

vpnc.consolehelper

@@ -1,2 +1,2 @@
 USER=root
-PROGRAM=/usr/sbin/vpnc-helper
+PROGRAM=/usr/libexec/vpnc-helper

vpnc.pam

@@ -1,5 +1,4 @@
 #%PAM-1.0
 auth		sufficient	pam_rootok.so
-auth		sufficient	pam_console.so
 auth		include		config-util
 account		include		config-util

vpnc.spec

@@ -1,13 +1,14 @@
-%define snapshot .svn550
+%global commit 11e15a143d6a00fb4e532cad271c70b401a6b9ef
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 Name:		vpnc
-Version:	0.5.3
-Release:	41%{snapshot}%{?dist}
+Version:	0.5.3^20241114.git%{shortcommit}
+Release:	3%{?dist}
 Summary:	IPSec VPN client compatible with Cisco equipment
-License:	GPLv2+
-URL:		http://www.unix-ag.uni-kl.de/~massar/vpnc/
+License:	GPL-2.0-or-later and BSD-2-Clause
+URL:		https://davidepucci.it/doc/vpnc/
 
-Source0:	http://www.unix-ag.uni-kl.de/~massar/vpnc/%{name}-%{version}%{snapshot}.tar.gz
+Source0:	https://github.com/streambinder/vpnc/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1:	generic-vpnc.conf
 Source2:	vpnc.consolehelper
 Source3:	vpnc-disconnect.consolehelper
@@ -17,11 +18,8 @@ Source8:	%{name}-tmpfiles.conf
 # script used to generate the svn snapshot, not used in the actual build process
 Source99:	fetch-sources.sh
 
-Patch1:		vpnc-0.5.1-dpd.patch
-Patch2:		vpnc-0.5.3-use-autodie.patch
-
 BuildRequires: make
-BuildRequires:  gcc
+BuildRequires:	gcc
 BuildRequires:	libgcrypt-devel > 1.1.90
 BuildRequires:	gnutls-devel
 # required for ./makeman.pl
@@ -29,34 +27,26 @@ BuildRequires:	perl-interpreter
 BuildRequires:	perl(autodie)
 BuildRequires:	perl(filetest)
 BuildRequires:	perl(if)
-BuildRequires: systemd
-Requires:	iproute vpnc-script
+BuildRequires:	systemd-rpm-macros
+Requires:	iproute vpnc-script usermode
+Obsoletes:	vpnc-consoleuser < 0.5.3^20241114.git11e15a1-2
 
 %description
-A VPN client compatible with Cisco's EasyVPN equipment.
+An IPSec VPN client with support for IP tunelling, Xauth, ESP,
+Mode Configuration and shared-secret IPSec authentication.
 
-Supports IPSec (ESP) with Mode Configuration and Xauth.  Supports only
-shared-secret IPSec authentication, 3DES, MD5, and IP tunneling.
-
-%package consoleuser
-Summary:	Allows console user to run the VPN client directly
-Requires:	vpnc = %{version}-%{release}
-Requires:	usermode
-
-%description consoleuser
-Allows the console user to run the IPSec VPN client directly without
-switching to the root account.
+Compatible with Cisco's EasyVPN equipment.
 
 %prep
-%autosetup
+%autosetup -p1 -n %{name}-%{commit}
 
 %build
 CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="$RPM_OPT_FLAGS -pie" make PREFIX=/usr
 
 %install
-make install DESTDIR="$RPM_BUILD_ROOT" PREFIX=/usr
+make install DESTDIR="$RPM_BUILD_ROOT" PREFIX=/usr SBINDIR=%{_libexecdir}
 rm -f $RPM_BUILD_ROOT%{_bindir}/pcf2vpnc
-chmod 0644 pcf2vpnc
+chmod 0644 src/pcf2vpnc
 rm -f $RPM_BUILD_ROOT%{_mandir}/man1/pcf2vpnc.1
 chmod 0644 $RPM_BUILD_ROOT%{_mandir}/man8/vpnc.8
 install -m 0600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/vpnc/default.conf
@@ -69,37 +59,86 @@ install -Dp -m 0644 %{SOURCE4} \
 install -Dp -m 0644 %{SOURCE4} \
     $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/vpnc-disconnect
 install -m 0755 %{SOURCE5} \
-    $RPM_BUILD_ROOT%{_sbindir}/vpnc-helper
+    $RPM_BUILD_ROOT%{_libexecdir}/vpnc-helper
 mkdir -p $RPM_BUILD_ROOT%{_bindir}
 ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/vpnc
 ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/vpnc-disconnect
 rm -f $RPM_BUILD_ROOT%{_datadir}/doc/vpnc/COPYING
 # vpnc-script is packaged in a separate package
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/vpnc/vpnc-script
+rm -f $RPM_BUILD_ROOT%{_docdir}/vpnc/*.md
 
 mkdir -p %{buildroot}%{_tmpfilesdir}
 install -m 0644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/%{name}.conf
 
+%post
+%systemd_post vpnc@.service
+
+%preun
+%systemd_preun vpnc@.service
+
+%postun
+%systemd_postun vpnc@.service
+
 %files
-%license COPYING
-%doc README pcf2vpnc pcf2vpnc.1
+%license LICENSE LICENSE.BSD2
+%doc docs/*.md src/pcf2vpnc src/pcf2vpnc.1
 
 %{_tmpfilesdir}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/vpnc/default.conf
-%{_sbindir}/vpnc
 %{_bindir}/cisco-decrypt
-%{_sbindir}/vpnc-disconnect
+%{_bindir}/vpnc
+%{_bindir}/vpnc-disconnect
+%{_libexecdir}/vpnc
+%{_libexecdir}/vpnc-disconnect
+%{_libexecdir}/vpnc-helper
 %{_mandir}/man8/vpnc.*
 %{_mandir}/man1/cisco-decrypt.*
-
-%files consoleuser
+%{_unitdir}/vpnc@.service
 %config(noreplace) %{_sysconfdir}/security/console.apps/vpnc*
 %config(noreplace) %{_sysconfdir}/pam.d/vpnc*
-%{_bindir}/vpnc*
-%{_sbindir}/vpnc-helper
 
 
 %changelog
+* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3^20241114.git11e15a1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Wed May 07 2025 Christian Krause <chkr@fedoraproject.org> - 0.5.3^20241114.git11e15a1-2
+- Fix issues with /usr/bin/ and /usr/sbin/ merge (#2363531)
+- Always use consolehelper, implicitly allowed for root,
+  remove consoleuser sub-package
+- Remove pam_console.so from vpnc.pam (not available anymore)
+
+* Mon Mar 24 2025 Lubomir Rintel <lkundrak@v3.sk> - 0.5.3^20241114.gitc4837a1-1
+- Update to a snapshot from an active upstream Git repository
+
+* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-50.svn550
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Fri Jul 26 2024 Miroslav Suchý <msuchy@redhat.com> - 0.5.3-49.svn550
+- convert license to SPDX
+
+* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-48.svn550
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-47.svn550
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-46.svn550
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-45.svn550
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-44.svn550
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-43.svn550
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-42.svn550
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-41.svn550
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild