Hello community,
here is the log from the commit of package vpnc for openSUSE:Factory
checked in at Wed Sep 2 00:15:50 CEST 2009.
--------
New Changes file:
--- /dev/null 2009-04-14 11:55:47.000000000 +0200
+++ vpnc/vpnc.changes 2009-08-26 22:43:30.528820000 +0200
@@ -0,0 +1,129 @@
+-------------------------------------------------------------------
+Wed Aug 26 17:52:19 CET 2009 - tittiatcoke@gmail.com
+
+- adjusted group to Productivity/Networking/Security
+
+-------------------------------------------------------------------
+Sat Jul 18 22:14:19 CET 2009 - tittiatcoke@gmail.com
+
+- disabled the patch to send intial packages twice. This does not
+ always work.
+
+-------------------------------------------------------------------
+Thu Jan 29 16:06:19 CET 2009 - seife@suse.de
+
+- fix segfault in the non-nortel case (bnc#468789)
+
+-------------------------------------------------------------------
+Thu Jan 29 15:13:34 CET 2009 - seife@suse.de
+
+- update the nortel-grouppasswdauth patch.
+ ATTENTION! nortel users have to change "Nortel Auth Mode" to
+ "IKE Authmode" in their config file.
+- add a patch to send initial packages twice, makes connection
+ setup more robust against packet loss
+
+-------------------------------------------------------------------
+Sun Jan 18 13:01:34 CET 2009 - seife@suse.de
+
+- replace vpnc-nortel-grouppasswordauth.diff with the patch that's
+ scheduled for upstream inclusion
+
+-------------------------------------------------------------------
+Thu Jan 8 17:11:36 CET 2009 - seife@suse.de
+
+- fix rpmlint warnings
+
+-------------------------------------------------------------------
+Mon Jan 5 17:07:35 CET 2009 - seife@suse.de
+
+- add vpnc-nortel-attributes.diff, to accept split tunnel configs
+ from the server
+
+-------------------------------------------------------------------
+Mon Jan 5 11:22:40 CET 2009 - seife@suse.de
+
+- update to current SVN, using the "nortel" branch.
+- add a patch for nortel group password authentication
+
+-------------------------------------------------------------------
+Thu Jan 17 10:50:41 CET 2008 - lmuelle@suse.de
+
+- Use the real FULL_SCRIPTNAME.
+
+-------------------------------------------------------------------
+Mon Jan 14 14:55:41 CET 2008 - lmuelle@suse.de
+
+- Update to version 0.5.1.
+ + Link against -lcrypto instead of -lssl.
+ + Fixed crashes on 64bit platforms.
+ + Dead-Peer-Detection support.
+ + Hybrid-Auth support.
+ + Rekeying support; [#134480].
+- Use upstream default location for vpnc-script.
+
+-------------------------------------------------------------------
+Sat Nov 11 11:51:04 CET 2006 - aj@suse.de
+
+- Fix permissions of man files.
+- Compile with RPM_OPT_FLAGS.
+
+-------------------------------------------------------------------
+Wed Jan 25 21:42:43 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Fri Aug 12 00:57:01 CEST 2005 - lmuelle@suse.de
+
+- Install the example configuration as example.conf in the doc dir.
+
+-------------------------------------------------------------------
+Thu Aug 11 01:09:33 CEST 2005 - lmuelle@suse.de
+
+- Install vpnc.conf no longer as default.conf while keeping default.conf as
+ %config(noreplace) and %ghost in the package list; [#103856].
+
+-------------------------------------------------------------------
+Thu May 19 23:36:54 CEST 2005 - lmuelle@suse.de
+
+- Update to version 0.3.3; [#72234].
+
+-------------------------------------------------------------------
+Tue Nov 23 22:32:51 CET 2004 - lmuelle@suse.de
+
+- Update to version 0.3.2.
+- Remove most parts of the vpnc-connect diff, [#46931].
+
+-------------------------------------------------------------------
+Thu Oct 14 14:48:14 CEST 2004 - mc@suse.de
+
+- removed depcomp from filelist [#47074]
+
+-------------------------------------------------------------------
+Sat Aug 7 06:25:29 CEST 2004 - lmuelle@suse.de
+
+- Update to version 0.2-rm+zomb.1; [#43525].
+
+-------------------------------------------------------------------
+Mon Jul 26 13:12:25 CEST 2004 - ro@suse.de
+
+- added libgcrypt-devel, libgpg-error-devel to neededforbuild
+
+-------------------------------------------------------------------
+Sat May 8 21:12:12 CEST 2004 - lmuelle@suse.de
+
+- Update to version 0.2-rm+zomb-pre9.
+
+-------------------------------------------------------------------
+Fri Apr 16 13:51:03 CEST 2004 - lmuelle@suse.de
+
+- add man page and connect and disconnect script patches provided by Eduard
+ Bloch <blade at debian dot org>
+- add /etc/vpnc directory for additional configuration files
+- rename /etc/wlan.conf to /etc/vpnc/default.conf
+
+-------------------------------------------------------------------
+Mon Apr 12 22:40:36 CEST 2004 - lmuelle@suse.de
+
+- inital SuSE RPM
calling whatdependson for head-i586
New:
----
vpnc-0.5.2r394.tar.bz2
vpnc-nortel-attributes.diff
vpnc-nortel-fix-segfault.diff
vpnc-patch_nortel_auth_394.txt.diff
vpnc.changes
vpnc.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ vpnc.spec ++++++
#
# spec file for package vpnc (Version 0.5.2r394)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: vpnc
Group: Productivity/Networking/Security
BuildRequires: libgcrypt-devel
Version: 0.5.2r394
Release: 5
License: BSD 3-clause (or similar) ; GPL v2 or later
AutoReqProv: on
Summary: A Client for Cisco VPN concentrator
Requires: /usr/bin/sed /sbin/ip
Source: %{name}-%{version}.tar.bz2
Patch1: vpnc-patch_nortel_auth_394.txt.diff
Patch2: vpnc-nortel-attributes.diff
Patch3: vpnc-nortel-fix-segfault.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
A VPN client compatible with Cisco's EasyVPN equipment.
Cisco 3000, IOS routers, PIX/ASA Zecurity Appliances, and
Juniper/Netscreen as well as Nortel Contivity (experimental).
Supported Authentications: Pre-Shared-Key + XAUTH, Pre-Shared-Key
Supported IKE DH-Groups: dh1 dh2 dh5 Supported Hash Algo (IKE/IPSEC):
md5 sha1 Supported Encryptions (IKE/IPSEC): (null) (1des) 3des aes128
aes192 aes256 Perfect Forward Secrecy: nopfs dh1 dh2 dh5
It runs entirely in userspace and uses the TUN/TAP driver for access.
Authors:
--------
Maurice Massar <vpnc at unix-ag dot uni-kl dot de>
Eduard Bloch <blade at debian dot org>
%prep
%setup -n %{name}-%{version}
%patch1 -p0
%patch2 -p1
%patch3 -p1
%build
%{?suse_update_config:%{suse_update_config -f}}
%{__make} \
CFLAGS="$RPM_OPT_FLAGS" \
PREFIX=/usr
%install
mkdir -p \
${RPM_BUILD_ROOT}/%{_localstatedir}/run/vpnc
%{__make} install \
DESTDIR=${RPM_BUILD_ROOT} \
PREFIX=/usr
# Use chmod as %attr doesn't work for %doc maked files in the list
touch ${RPM_BUILD_ROOT}/%{_localstatedir}/run/vpnc/{defaultroute,gateway,pid,resolv.conf-backup} || true
rm -rfv ${RPM_BUILD_ROOT}/usr/share/doc/vpnc
%clean
%files
%defattr(-,root,root)
%attr(0600,root,root) %config(noreplace) %ghost %{_sysconfdir}/vpnc/default.conf
%dir %{_sysconfdir}/vpnc
%{_sysconfdir}/vpnc/vpnc-script
%{_sbindir}/vpnc
%{_sbindir}/vpnc-disconnect
%{_bindir}/cisco-decrypt
%{_bindir}/pcf2vpnc
%{_mandir}/man1/cisco-decrypt.1.*
%{_mandir}/man1/pcf2vpnc.1.*
%{_mandir}/man8/vpnc.8.*
%dir %{_localstatedir}/run/vpnc
%ghost %{_localstatedir}/run/vpnc/defaultroute
%ghost %{_localstatedir}/run/vpnc/gateway
%ghost %{_localstatedir}/run/vpnc/pid
%ghost %{_localstatedir}/run/vpnc/resolv.conf-backup
%doc ChangeLog COPYING README TODO VERSION
%changelog
++++++ vpnc-nortel-attributes.diff ++++++
Index: b/isakmp-pkt.c
===================================================================
--- a/isakmp-pkt.c
+++ b/isakmp-pkt.c
@@ -637,10 +637,24 @@ static struct isakmp_attribute *parse_is
hex_dump("t.attributes.u.acl.mask", &r->u.acl.acl_ent[i].mask.s_addr, 4, NULL);
hex_dump("t.attributes.u.acl.protocol", &r->u.acl.acl_ent[i].protocol, DUMP_UINT16, NULL);
hex_dump("t.attributes.u.acl.sport", &r->u.acl.acl_ent[i].sport, DUMP_UINT16, NULL);
hex_dump("t.attributes.u.acl.dport", &r->u.acl.acl_ent[i].dport, DUMP_UINT16, NULL);
}
+ } else if (r->type == ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC) {
+ r->af = isakmp_attr_acl;
+ r->u.acl.count = length / (4 + 4);
+ if (r->u.acl.count * (4 + 4) != length) {
+ *reject = ISAKMP_N_PAYLOAD_MALFORMED;
+ return r;
+ }
+ r->u.acl.acl_ent = xallocc(r->u.acl.count * sizeof(struct acl_ent_s));
+ for (i = 0; i < r->u.acl.count; i++) {
+ fetchn(&r->u.acl.acl_ent[i].addr.s_addr, 4);
+ fetchn(&r->u.acl.acl_ent[i].mask.s_addr, 4);
+ hex_dump("t.attributes.u.acl.addr", &r->u.acl.acl_ent[i].addr.s_addr, 4, NULL);
+ hex_dump("t.attributes.u.acl.mask", &r->u.acl.acl_ent[i].mask.s_addr, 4, NULL);
+ }
} else {
r->u.lots.data = xallocc(length);
fetchn(r->u.lots.data, length);
if ((((ISAKMP_XAUTH_06_ATTRIB_TYPE < type)
&& (type <= ISAKMP_XAUTH_06_ATTRIB_ANSWER)
Index: b/isakmp.h
===================================================================
--- a/isakmp.h
+++ b/isakmp.h
@@ -456,10 +456,11 @@ enum isakmp_modecfg_attrib_enum {
ISAKMP_XAUTH_02_ATTRIB_DOMAIN,
ISAKMP_XAUTH_02_ATTRIB_STATUS,
ISAKMP_XAUTH_02_ATTRIB_NEXT_PIN,
ISAKMP_XAUTH_02_ATTRIB_ANSWER, /* TYPE .. ANSWER is excluded from dump */
+ ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC = 0x4000,
ISAKMP_MODECFG_ATTRIB_NORTEL_UNKNOWN_4011 = 0x4011,
ISAKMP_MODECFG_ATTRIB_NORTEL_CLIENT_ID = 0x4012,
ISAKMP_XAUTH_06_ATTRIB_TYPE = 0x4088,
ISAKMP_XAUTH_06_ATTRIB_USER_NAME,
Index: b/vpnc.c
===================================================================
--- a/vpnc.c
+++ b/vpnc.c
@@ -992,10 +992,11 @@ static int do_config_to_env(struct sa_bl
DEBUG(2, printf("got peer udp encapsulation port: %hu\n", s->ipsec.peer_udpencap_port));
}
break;
case ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_INC:
+ case ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC:
if (a->af != isakmp_attr_acl) {
reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
break;
}
++++++ vpnc-nortel-fix-segfault.diff ++++++
Index: b/vpnc.c
===================================================================
--- a/vpnc.c
+++ b/vpnc.c
@@ -1712,10 +1712,12 @@ static void do_phase1(const char *key_id
gcry_md_setkey(skeyid_ctx, key, key_len);
gcry_md_write(skeyid_ctx, dh_shared_secret, dh_getlen(dh_grp));
gcry_md_final(skeyid_ctx);
} else
error(1, 0, "SKEYID could not be computed: %s", "the selected authentication method is not supported");
+ skeyid = gcry_md_read(skeyid_ctx, 0);
+ hex_dump("skeyid", skeyid, s->ike.md_len, NULL);
} else {
skeyid = gcry_md_read(skeyid_ctx, 0);
hex_dump("skeyid", skeyid, s->ike.md_len, NULL);
}
if (opt_vendor == VENDOR_NORTEL)
++++++ vpnc-patch_nortel_auth_394.txt.diff ++++++
Index: isakmp.h
===================================================================
--- isakmp.h (revision 394)
+++ isakmp.h (working copy)
@@ -486,4 +486,23 @@
ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR = 0x7d88 /* strange cisco things ... need docs! */
};
+enum isakmp_modecfg_type_enum { /* draft-ietf-ipsec-isakmp-xauth-05.txt */
+ ISAKMP_MODECFG_TYPE_GENERIC,
+ ISAKMP_MODECFG_TYPE_RADIUS,
+ ISAKMP_MODECFG_TYPE_OTP,
+ ISAKMP_MODECFG_TYPE_NTDOMAIN,
+ ISAKMP_MODECFG_TYPE_UNIX,
+ ISAKMP_MODECFG_TYPE_SECURID,
+ ISAKMP_MODECFG_TYPE_AXENT,
+ ISAKMP_MODECFG_TYPE_LEEMAH,
+ ISAKMP_MODECFG_TYPE_ACTIVECARD,
+ ISAKMP_MODECFG_TYPE_DESGOLD,
+ ISAKMP_MODECFG_TYPE_TACACS,
+ ISAKMP_MODECFG_TYPE_TACACSPLUS,
+ ISAKMP_MODECFG_TYPE_SKEY,
+ ISAKMP_MODECFG_TYPE_NDS,
+ ISAKMP_MODECFG_TYPE_DIAMETER,
+ ISAKMP_MODECFG_TYPE_LDAP
+};
+
#endif
Index: config.h
===================================================================
--- config.h (revision 394)
+++ config.h (working copy)
@@ -49,6 +49,7 @@
CONFIG_IPSEC_SECRET,
CONFIG_IPSEC_SECRET_OBF,
CONFIG_XAUTH_USERNAME,
+ CONFIG_XAUTH_PIN,
CONFIG_XAUTH_PASSWORD,
CONFIG_XAUTH_PASSWORD_OBF,
CONFIG_XAUTH_INTERACTIVE,
@@ -87,11 +88,16 @@
};
enum auth_mode_enum {
- AUTH_MODE_PSK,
+ AUTH_MODE_PSK, /* pre-shared key */
AUTH_MODE_RSA1,
AUTH_MODE_RSA2,
- AUTH_MODE_CERT,
- AUTH_MODE_HYBRID
+ AUTH_MODE_CERT, /* Digital Certificate Authentication */
+ AUTH_MODE_HYBRID, /* server certificate + xauth */
+ AUTH_MODE_NORTEL_USERNAME, /* User Name and Password Authentication */
+ AUTH_MODE_NORTEL_TOKEN, /* Group Security - Response Only Token - Use Passcode */
+ AUTH_MODE_NORTEL_PINTOKEN, /* Group Security - Response Only Token - Use Two-Factor Card */
+ AUTH_MODE_NORTEL_TOKENSW, /* Group Security - Response Only Token - Use SoftID Software */
+ AUTH_MODE_NORTEL_GPASSWORD /* Group Security - Group Password Authentication */
};
extern const char *config[LAST_CONFIG];
Index: config.c
===================================================================
--- config.c (revision 394)
+++ config.c (working copy)
@@ -159,7 +159,7 @@
static const char *config_def_auth_mode(void)
{
- return "psk";
+ return "default";
}
static const char *config_def_nortel_client_id(void)
@@ -247,6 +247,13 @@
"your username",
NULL
}, {
+ CONFIG_XAUTH_PIN, 1, 0,
+ NULL,
+ "Xauth PIN ",
+ "<ASCII string>",
+ "PIN for Nortel Two-Factor Authentication",
+ NULL
+ }, {
CONFIG_XAUTH_PASSWORD, 1, 0,
NULL,
"Xauth password ",
@@ -434,11 +441,17 @@
CONFIG_AUTH_MODE, 1, 1,
"--auth-mode",
"IKE Authmode ",
- "