Compare commits
No commits in common. "rawhide" and "f34" have entirely different histories.
10 changed files with 128 additions and 89 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
|
@ -1,5 +1,3 @@
|
|||
vpnc-0.5.3.tar.gz
|
||||
/vpnc-0.5.3.svn457.tar.gz
|
||||
/vpnc-0.5.3.svn550.tar.gz
|
||||
/vpnc-c4837a1.tar.gz
|
||||
/vpnc-11e15a1.tar.gz
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (vpnc-11e15a1.tar.gz) = 80524bfa3224f56a002892b43c633db729663eff09d5252cc997b0c5a26d0b92a471f1b268b6b422bb3f7cfabbecc93f634216b14fdbdfaef81c88d6823a1755
|
||||
d45438923db1879efe3479ec27ec1000 vpnc-0.5.3.svn550.tar.gz
|
||||
|
|
|
|||
63
vpnc-0.5.1-dpd.patch
Normal file
63
vpnc-0.5.1-dpd.patch
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
diff -up vpnc-0.5.1/vpnc.c.dpd vpnc-0.5.1/vpnc.c
|
||||
--- vpnc-0.5.1/vpnc.c.dpd 2007-09-20 11:01:35.000000000 +0200
|
||||
+++ vpnc-0.5.1/vpnc.c 2007-11-12 23:11:05.000000000 +0100
|
||||
@@ -681,13 +681,13 @@ void dpd_ike(struct sa_block *s)
|
||||
send_dpd(s, 0, s->ike.dpd_seqno);
|
||||
} else {
|
||||
/* Our last dpd request has not yet been acked. If it's been
|
||||
- ** less than 5 seconds since we sent it do nothing. Otherwise
|
||||
+ ** less than 1/10th of idle timeout since we sent it do nothing. Otherwise
|
||||
** decrement dpd_attempts. If dpd_attempts is 0 dpd fails and we
|
||||
** terminate otherwise we send it again with the same sequence
|
||||
** number and record current time.
|
||||
*/
|
||||
time_t now = time(NULL);
|
||||
- if (now < s->ike.dpd_sent + 5)
|
||||
+ if (now < s->ike.dpd_sent + s->ike.dpd_idle/10)
|
||||
return;
|
||||
if (--s->ike.dpd_attempts == 0) {
|
||||
DEBUG(2, printf("dead peer detected, terminating\n"));
|
||||
@@ -695,6 +695,8 @@ void dpd_ike(struct sa_block *s)
|
||||
return;
|
||||
}
|
||||
s->ike.dpd_sent = now;
|
||||
+ if (s->ike.dpd_attempts == 3)
|
||||
+ ++s->ike.dpd_seqno; /* maybe just the dpd reply got lost let's try new seq no */
|
||||
send_dpd(s, 0, s->ike.dpd_seqno);
|
||||
}
|
||||
}
|
||||
diff -up vpnc-0.5.1/tunip.c.dpd vpnc-0.5.1/tunip.c
|
||||
--- vpnc-0.5.1/tunip.c.dpd 2007-09-06 22:05:14.000000000 +0200
|
||||
+++ vpnc-0.5.1/tunip.c 2007-11-12 22:42:17.000000000 +0100
|
||||
@@ -865,7 +865,7 @@ static void vpnc_main_loop(struct sa_blo
|
||||
time_t now = time(NULL);
|
||||
if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) {
|
||||
/* Wake up more often for dpd attempts */
|
||||
- select_timeout.tv_sec = 5;
|
||||
+ select_timeout.tv_sec = s->ike.dpd_idle/10;
|
||||
select_timeout.tv_usec = 0;
|
||||
dpd_ike(s);
|
||||
next_ike_dpd = now + s->ike.dpd_idle;
|
||||
@@ -925,8 +925,8 @@ static void vpnc_main_loop(struct sa_blo
|
||||
if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) {
|
||||
dpd_ike(s);
|
||||
next_ike_dpd = now + s->ike.dpd_idle;
|
||||
- if (now + 5 < next_up)
|
||||
- next_up = now + 5;
|
||||
+ if (now + s->ike.dpd_idle/10 < next_up)
|
||||
+ next_up = now + s->ike.dpd_idle/10;
|
||||
}
|
||||
else if (now >= next_ike_dpd) {
|
||||
dpd_ike(s);
|
||||
diff -up vpnc-0.5.1/config.c.dpd vpnc-0.5.1/config.c
|
||||
--- vpnc-0.5.1/config.c.dpd 2007-11-12 22:40:01.000000000 +0100
|
||||
+++ vpnc-0.5.1/config.c 2007-11-12 23:17:39.000000000 +0100
|
||||
@@ -242,7 +242,7 @@ static const char *config_def_udp_port(v
|
||||
|
||||
static const char *config_def_dpd_idle(void)
|
||||
{
|
||||
- return "300";
|
||||
+ return "600";
|
||||
}
|
||||
|
||||
static const char *config_ca_dir(void)
|
||||
12
vpnc-0.5.3-cloexec.patch
Normal file
12
vpnc-0.5.3-cloexec.patch
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
diff -up vpnc-0.5.3/vpnc.c.cloexec vpnc-0.5.3/vpnc.c
|
||||
--- vpnc-0.5.3/vpnc.c.cloexec 2008-11-19 21:55:51.000000000 +0100
|
||||
+++ vpnc-0.5.3/vpnc.c 2008-11-20 11:48:07.000000000 +0100
|
||||
@@ -2877,6 +2877,8 @@ static void do_phase2_qm(struct sa_block
|
||||
close_tunnel(s);
|
||||
error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
|
||||
}
|
||||
+ fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
|
||||
+
|
||||
#ifdef IP_HDRINCL
|
||||
if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
|
||||
close_tunnel(s);
|
||||
12
vpnc-0.5.3-use-autodie.patch
Normal file
12
vpnc-0.5.3-use-autodie.patch
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
diff -up vpnc-0.5.3/makeman.pl.autodie vpnc-0.5.3/makeman.pl
|
||||
--- vpnc-0.5.3/makeman.pl.autodie 2009-11-19 18:03:47.000000000 +0100
|
||||
+++ vpnc-0.5.3/makeman.pl 2013-03-07 11:21:43.524106709 +0100
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
-use Fatal qw(open close);
|
||||
+use autodie qw(open close);
|
||||
use filetest qw(access); # to always get errno-values on filetests
|
||||
use POSIX qw(strftime setlocale LC_ALL);
|
||||
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
USER=root
|
||||
PROGRAM=/usr/libexec/vpnc-disconnect
|
||||
PROGRAM=/usr/sbin/vpnc-disconnect
|
||||
|
|
|
|||
10
vpnc-helper
10
vpnc-helper
|
|
@ -1,10 +1,2 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ "$USERHELPER_UID" = "0" ]; then
|
||||
# if started by root, forward all arguments
|
||||
/usr/libexec/vpnc "$@"
|
||||
else
|
||||
# if started as unprivileged user, discard all arguments
|
||||
# vpnc will use its default config file /etc/vpnc/default.conf
|
||||
/usr/libexec/vpnc
|
||||
fi
|
||||
/usr/sbin/vpnc
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
USER=root
|
||||
PROGRAM=/usr/libexec/vpnc-helper
|
||||
PROGRAM=/usr/sbin/vpnc-helper
|
||||
|
|
|
|||
1
vpnc.pam
1
vpnc.pam
|
|
@ -1,4 +1,5 @@
|
|||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth sufficient pam_console.so
|
||||
auth include config-util
|
||||
account include config-util
|
||||
|
|
|
|||
111
vpnc.spec
111
vpnc.spec
|
|
@ -1,14 +1,13 @@
|
|||
%global commit 11e15a143d6a00fb4e532cad271c70b401a6b9ef
|
||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||
%define snapshot .svn550
|
||||
|
||||
Name: vpnc
|
||||
Version: 0.5.3^20241114.git%{shortcommit}
|
||||
Release: 3%{?dist}
|
||||
Version: 0.5.3
|
||||
Release: 41%{snapshot}%{?dist}
|
||||
Summary: IPSec VPN client compatible with Cisco equipment
|
||||
License: GPL-2.0-or-later and BSD-2-Clause
|
||||
URL: https://davidepucci.it/doc/vpnc/
|
||||
License: GPLv2+
|
||||
URL: http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
||||
|
||||
Source0: https://github.com/streambinder/vpnc/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||
Source0: http://www.unix-ag.uni-kl.de/~massar/vpnc/%{name}-%{version}%{snapshot}.tar.gz
|
||||
Source1: generic-vpnc.conf
|
||||
Source2: vpnc.consolehelper
|
||||
Source3: vpnc-disconnect.consolehelper
|
||||
|
|
@ -18,8 +17,11 @@ Source8: %{name}-tmpfiles.conf
|
|||
# script used to generate the svn snapshot, not used in the actual build process
|
||||
Source99: fetch-sources.sh
|
||||
|
||||
Patch1: vpnc-0.5.1-dpd.patch
|
||||
Patch2: vpnc-0.5.3-use-autodie.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libgcrypt-devel > 1.1.90
|
||||
BuildRequires: gnutls-devel
|
||||
# required for ./makeman.pl
|
||||
|
|
@ -27,26 +29,34 @@ BuildRequires: perl-interpreter
|
|||
BuildRequires: perl(autodie)
|
||||
BuildRequires: perl(filetest)
|
||||
BuildRequires: perl(if)
|
||||
BuildRequires: systemd-rpm-macros
|
||||
Requires: iproute vpnc-script usermode
|
||||
Obsoletes: vpnc-consoleuser < 0.5.3^20241114.git11e15a1-2
|
||||
BuildRequires: systemd
|
||||
Requires: iproute vpnc-script
|
||||
|
||||
%description
|
||||
An IPSec VPN client with support for IP tunelling, Xauth, ESP,
|
||||
Mode Configuration and shared-secret IPSec authentication.
|
||||
A VPN client compatible with Cisco's EasyVPN equipment.
|
||||
|
||||
Compatible with Cisco's EasyVPN equipment.
|
||||
Supports IPSec (ESP) with Mode Configuration and Xauth. Supports only
|
||||
shared-secret IPSec authentication, 3DES, MD5, and IP tunneling.
|
||||
|
||||
%package consoleuser
|
||||
Summary: Allows console user to run the VPN client directly
|
||||
Requires: vpnc = %{version}-%{release}
|
||||
Requires: usermode
|
||||
|
||||
%description consoleuser
|
||||
Allows the console user to run the IPSec VPN client directly without
|
||||
switching to the root account.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n %{name}-%{commit}
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="$RPM_OPT_FLAGS -pie" make PREFIX=/usr
|
||||
|
||||
%install
|
||||
make install DESTDIR="$RPM_BUILD_ROOT" PREFIX=/usr SBINDIR=%{_libexecdir}
|
||||
make install DESTDIR="$RPM_BUILD_ROOT" PREFIX=/usr
|
||||
rm -f $RPM_BUILD_ROOT%{_bindir}/pcf2vpnc
|
||||
chmod 0644 src/pcf2vpnc
|
||||
chmod 0644 pcf2vpnc
|
||||
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/pcf2vpnc.1
|
||||
chmod 0644 $RPM_BUILD_ROOT%{_mandir}/man8/vpnc.8
|
||||
install -m 0600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/vpnc/default.conf
|
||||
|
|
@ -59,86 +69,37 @@ install -Dp -m 0644 %{SOURCE4} \
|
|||
install -Dp -m 0644 %{SOURCE4} \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/pam.d/vpnc-disconnect
|
||||
install -m 0755 %{SOURCE5} \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/vpnc-helper
|
||||
$RPM_BUILD_ROOT%{_sbindir}/vpnc-helper
|
||||
mkdir -p $RPM_BUILD_ROOT%{_bindir}
|
||||
ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/vpnc
|
||||
ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/vpnc-disconnect
|
||||
rm -f $RPM_BUILD_ROOT%{_datadir}/doc/vpnc/COPYING
|
||||
# vpnc-script is packaged in a separate package
|
||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/vpnc/vpnc-script
|
||||
rm -f $RPM_BUILD_ROOT%{_docdir}/vpnc/*.md
|
||||
|
||||
mkdir -p %{buildroot}%{_tmpfilesdir}
|
||||
install -m 0644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
||||
|
||||
%post
|
||||
%systemd_post vpnc@.service
|
||||
|
||||
%preun
|
||||
%systemd_preun vpnc@.service
|
||||
|
||||
%postun
|
||||
%systemd_postun vpnc@.service
|
||||
|
||||
%files
|
||||
%license LICENSE LICENSE.BSD2
|
||||
%doc docs/*.md src/pcf2vpnc src/pcf2vpnc.1
|
||||
%license COPYING
|
||||
%doc README pcf2vpnc pcf2vpnc.1
|
||||
|
||||
%{_tmpfilesdir}/%{name}.conf
|
||||
%config(noreplace) %{_sysconfdir}/vpnc/default.conf
|
||||
%{_sbindir}/vpnc
|
||||
%{_bindir}/cisco-decrypt
|
||||
%{_bindir}/vpnc
|
||||
%{_bindir}/vpnc-disconnect
|
||||
%{_libexecdir}/vpnc
|
||||
%{_libexecdir}/vpnc-disconnect
|
||||
%{_libexecdir}/vpnc-helper
|
||||
%{_sbindir}/vpnc-disconnect
|
||||
%{_mandir}/man8/vpnc.*
|
||||
%{_mandir}/man1/cisco-decrypt.*
|
||||
%{_unitdir}/vpnc@.service
|
||||
|
||||
%files consoleuser
|
||||
%config(noreplace) %{_sysconfdir}/security/console.apps/vpnc*
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/vpnc*
|
||||
%{_bindir}/vpnc*
|
||||
%{_sbindir}/vpnc-helper
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3^20241114.git11e15a1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
|
||||
|
||||
* Wed May 07 2025 Christian Krause <chkr@fedoraproject.org> - 0.5.3^20241114.git11e15a1-2
|
||||
- Fix issues with /usr/bin/ and /usr/sbin/ merge (#2363531)
|
||||
- Always use consolehelper, implicitly allowed for root,
|
||||
remove consoleuser sub-package
|
||||
- Remove pam_console.so from vpnc.pam (not available anymore)
|
||||
|
||||
* Mon Mar 24 2025 Lubomir Rintel <lkundrak@v3.sk> - 0.5.3^20241114.gitc4837a1-1
|
||||
- Update to a snapshot from an active upstream Git repository
|
||||
|
||||
* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-50.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
|
||||
|
||||
* Fri Jul 26 2024 Miroslav Suchý <msuchy@redhat.com> - 0.5.3-49.svn550
|
||||
- convert license to SPDX
|
||||
|
||||
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-48.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
|
||||
|
||||
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-47.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-46.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-45.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-44.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-43.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-42.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.3-41.svn550
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue