Hello community,
here is the log from the commit of package vpnc for openSUSE:Factory
checked in at Fri Jan 9 02:07:55 CET 2009.
--------
--- vpnc/vpnc.changes 2008-01-21 14:42:44.000000000 +0100
+++ /mounts/work_src_done/STABLE/vpnc/vpnc.changes 2009-01-08 17:12:37.000000000 +0100
@@ -1,0 +2,17 @@
+Thu Jan 8 17:11:36 CET 2009 - seife@suse.de
+
+- fix rpmlint warnings
+
+-------------------------------------------------------------------
+Mon Jan 5 17:07:35 CET 2009 - seife@suse.de
+
+- add vpnc-nortel-attributes.diff, to accept split tunnel configs
+ from the server
+
+-------------------------------------------------------------------
+Mon Jan 5 11:22:40 CET 2009 - seife@suse.de
+
+- update to current SVN, using the "nortel" branch.
+- add a patch for nortel group password authentication
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
bin-dir.diff
vpnc-0.5.1.tar.bz2
New:
----
vpnc-0.5.2r394.tar.bz2
vpnc-nortel-attributes.diff
vpnc-nortel-grouppasswordauth.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ vpnc.spec ++++++
--- /var/tmp/diff_new_pack.a17553/_old 2009-01-09 02:07:40.000000000 +0100
+++ /var/tmp/diff_new_pack.a17553/_new 2009-01-09 02:07:40.000000000 +0100
@@ -1,32 +1,44 @@
#
-# spec file for package vpnc (Version 0.5.1)
+# spec file for package vpnc (Version 0.5.2r394)
#
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
+
Name: vpnc
BuildRequires: libgcrypt-devel
-Version: 0.5.1
-Release: 6
+Version: 0.5.2r394
+Release: 1
License: BSD 3-Clause; GPL v2 or later
Group: Productivity/Networking/Security
Url: http://www.unix-ag.uni-kl.de/~massar/vpnc/
AutoReqProv: on
-Summary: Client for Cisco 3000 VPN Concentrator, IOS routers, PIX / ASA Zecurity Appliances, and Juniper/Netscreen
+Summary: A Client for Cisco VPN concentrator
Requires: /usr/bin/sed /sbin/ip
-Source: http://www.unix-ag.uni-kl.de/~massar/vpnc/%{name}-%{version}.tar.bz2
-Patch: bin-dir.diff
+Source: %{name}-%{version}.tar.bz2
+Patch: vpnc-nortel-grouppasswordauth.diff
+Patch1: vpnc-nortel-attributes.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
A VPN client compatible with Cisco's EasyVPN equipment.
+Cisco 3000, IOS routers, PIX/ASA Zecurity Appliances, and
+Juniper/Netscreen as well as Nortel Contivity (experimental).
+
Supported Authentications: Pre-Shared-Key + XAUTH, Pre-Shared-Key
Supported IKE DH-Groups: dh1 dh2 dh5 Supported Hash Algo (IKE/IPSEC):
md5 sha1 Supported Encryptions (IKE/IPSEC): (null) (1des) 3des aes128
@@ -43,7 +55,8 @@
%prep
%setup -n %{name}-%{version}
-%patch -p1
+%patch0 -p1
+%patch1 -p1
%build
%{?suse_update_config:%{suse_update_config -f}}
@@ -52,30 +65,29 @@
PREFIX=/usr
%install
-[ "${RPM_BUILD_ROOT}" != "/" -a -d ${RPM_BUILD_ROOT} ] && rm -rf ${RPM_BUILD_ROOT}
mkdir -p \
${RPM_BUILD_ROOT}/%{_localstatedir}/run/vpnc
%{__make} install \
DESTDIR=${RPM_BUILD_ROOT} \
PREFIX=/usr
# Use chmod as %attr doesn't work for %doc maked files in the list
-touch ${RPM_BUILD_ROOT}/%{_localstatedir}/run/vpnc/{defaultroute,gateway,pid,resolv.conf-backup}
+touch ${RPM_BUILD_ROOT}/%{_localstatedir}/run/vpnc/{defaultroute,gateway,pid,resolv.conf-backup} || true
+rm -rfv ${RPM_BUILD_ROOT}/usr/share/doc/vpnc
%clean
-[ "${RPM_BUILD_ROOT}" != "/" -a -d ${RPM_BUILD_ROOT} ] && rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,root)
%attr(0600,root,root) %config(noreplace) %ghost %{_sysconfdir}/vpnc/default.conf
-%{_sysconfdir}/vpnc/vpnc-script
%dir %{_sysconfdir}/vpnc
+%{_sysconfdir}/vpnc/vpnc-script
%{_sbindir}/vpnc
%{_sbindir}/vpnc-disconnect
%{_bindir}/cisco-decrypt
%{_bindir}/pcf2vpnc
-%{_mandir}/man1/cisco-decrypt.1.gz
-%{_mandir}/man1/pcf2vpnc.1.gz
-%{_mandir}/man8/vpnc.8.gz
+%{_mandir}/man1/cisco-decrypt.1.*
+%{_mandir}/man1/pcf2vpnc.1.*
+%{_mandir}/man8/vpnc.8.*
%dir %{_localstatedir}/run/vpnc
%ghost %{_localstatedir}/run/vpnc/defaultroute
%ghost %{_localstatedir}/run/vpnc/gateway
@@ -84,6 +96,14 @@
%doc ChangeLog COPYING README TODO VERSION
%changelog
+* Thu Jan 08 2009 seife@suse.de
+- fix rpmlint warnings
+* Mon Jan 05 2009 seife@suse.de
+- add vpnc-nortel-attributes.diff, to accept split tunnel configs
+ from the server
+* Mon Jan 05 2009 seife@suse.de
+- update to current SVN, using the "nortel" branch.
+- add a patch for nortel group password authentication
* Thu Jan 17 2008 lmuelle@suse.de
- Use the real FULL_SCRIPTNAME.
* Mon Jan 14 2008 lmuelle@suse.de
@@ -99,7 +119,7 @@
- Compile with RPM_OPT_FLAGS.
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
-* Fri Aug 12 2005 lmuelle@suse.de
+* Thu Aug 11 2005 lmuelle@suse.de
- Install the example configuration as example.conf in the doc dir.
* Thu Aug 11 2005 lmuelle@suse.de
- Install vpnc.conf no longer as default.conf while keeping default.conf as
++++++ vpnc-nortel-attributes.diff ++++++
Index: b/isakmp-pkt.c
===================================================================
--- a/isakmp-pkt.c
+++ b/isakmp-pkt.c
@@ -637,10 +637,24 @@ static struct isakmp_attribute *parse_is
hex_dump("t.attributes.u.acl.mask", &r->u.acl.acl_ent[i].mask.s_addr, 4, NULL);
hex_dump("t.attributes.u.acl.protocol", &r->u.acl.acl_ent[i].protocol, DUMP_UINT16, NULL);
hex_dump("t.attributes.u.acl.sport", &r->u.acl.acl_ent[i].sport, DUMP_UINT16, NULL);
hex_dump("t.attributes.u.acl.dport", &r->u.acl.acl_ent[i].dport, DUMP_UINT16, NULL);
}
+ } else if (r->type == ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC) {
+ r->af = isakmp_attr_acl;
+ r->u.acl.count = length / (4 + 4);
+ if (r->u.acl.count * (4 + 4) != length) {
+ *reject = ISAKMP_N_PAYLOAD_MALFORMED;
+ return r;
+ }
+ r->u.acl.acl_ent = xallocc(r->u.acl.count * sizeof(struct acl_ent_s));
+ for (i = 0; i < r->u.acl.count; i++) {
+ fetchn(&r->u.acl.acl_ent[i].addr.s_addr, 4);
+ fetchn(&r->u.acl.acl_ent[i].mask.s_addr, 4);
+ hex_dump("t.attributes.u.acl.addr", &r->u.acl.acl_ent[i].addr.s_addr, 4, NULL);
+ hex_dump("t.attributes.u.acl.mask", &r->u.acl.acl_ent[i].mask.s_addr, 4, NULL);
+ }
} else {
r->u.lots.data = xallocc(length);
fetchn(r->u.lots.data, length);
if ((((ISAKMP_XAUTH_06_ATTRIB_TYPE < type)
&& (type <= ISAKMP_XAUTH_06_ATTRIB_ANSWER)
Index: b/isakmp.h
===================================================================
--- a/isakmp.h
+++ b/isakmp.h
@@ -456,10 +456,11 @@ enum isakmp_modecfg_attrib_enum {
ISAKMP_XAUTH_02_ATTRIB_DOMAIN,
ISAKMP_XAUTH_02_ATTRIB_STATUS,
ISAKMP_XAUTH_02_ATTRIB_NEXT_PIN,
ISAKMP_XAUTH_02_ATTRIB_ANSWER, /* TYPE .. ANSWER is excluded from dump */
+ ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC = 0x4000,
ISAKMP_MODECFG_ATTRIB_NORTEL_UNKNOWN_4011 = 0x4011,
ISAKMP_MODECFG_ATTRIB_NORTEL_CLIENT_ID = 0x4012,
ISAKMP_XAUTH_06_ATTRIB_TYPE = 0x4088,
ISAKMP_XAUTH_06_ATTRIB_USER_NAME,
Index: b/vpnc.c
===================================================================
--- a/vpnc.c
+++ b/vpnc.c
@@ -992,10 +992,11 @@ static int do_config_to_env(struct sa_bl
DEBUG(2, printf("got peer udp encapsulation port: %hu\n", s->ipsec.peer_udpencap_port));
}
break;
case ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_INC:
+ case ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC:
if (a->af != isakmp_attr_acl) {
reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
break;
}
++++++ vpnc-nortel-grouppasswordauth.diff ++++++
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2008-November/002683.htm...
Index: b/isakmp.h
===================================================================
--- a/isakmp.h
+++ b/isakmp.h
@@ -484,6 +484,25 @@ enum isakmp_modecfg_attrib_enum {
ISAKMP_MODECFG_ATTRIB_CISCO_BACKUP_SERVER,
ISAKMP_MODECFG_ATTRIB_CISCO_DDNS_HOSTNAME,
ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR = 0x7d88 /* strange cisco things ... need docs! */
};
+enum isakmp_modecfg_type_enum { /* draft-ietf-ipsec-isakmp-xauth-05.txt */
+ ISAKMP_MODECFG_TYPE_GENERIC,
+ ISAKMP_MODECFG_TYPE_RADIUS,
+ ISAKMP_MODECFG_TYPE_OTP,
+ ISAKMP_MODECFG_TYPE_NTDOMAIN,
+ ISAKMP_MODECFG_TYPE_UNIX,
+ ISAKMP_MODECFG_TYPE_SECURID,
+ ISAKMP_MODECFG_TYPE_AXENT,
+ ISAKMP_MODECFG_TYPE_LEEMAH,
+ ISAKMP_MODECFG_TYPE_ACTIVECARD,
+ ISAKMP_MODECFG_TYPE_DESGOLD,
+ ISAKMP_MODECFG_TYPE_TACACS,
+ ISAKMP_MODECFG_TYPE_TACACSPLUS,
+ ISAKMP_MODECFG_TYPE_SKEY,
+ ISAKMP_MODECFG_TYPE_NDS,
+ ISAKMP_MODECFG_TYPE_DIAMETER,
+ ISAKMP_MODECFG_TYPE_LDAP
+};
+
#endif
Index: b/config.h
===================================================================
--- a/config.h
+++ b/config.h
@@ -47,20 +47,22 @@ enum config_enum {
CONFIG_IPSEC_TARGET_NETWORK,
CONFIG_IPSEC_ID,
CONFIG_IPSEC_SECRET,
CONFIG_IPSEC_SECRET_OBF,
CONFIG_XAUTH_USERNAME,
+ CONFIG_XAUTH_PIN,
CONFIG_XAUTH_PASSWORD,
CONFIG_XAUTH_PASSWORD_OBF,
CONFIG_XAUTH_INTERACTIVE,
CONFIG_VENDOR,
CONFIG_NATT_MODE,
CONFIG_UDP_ENCAP_PORT,
CONFIG_DPD_IDLE,
CONFIG_AUTH_MODE,
CONFIG_CA_FILE,
CONFIG_CA_DIR,
+ CONFIG_NORTEL_AUTH_MODE,
LAST_CONFIG
};
enum hex_dump_enum {
DUMP_UINT8 = -1,
@@ -92,18 +94,28 @@ enum auth_mode_enum {
AUTH_MODE_RSA2,
AUTH_MODE_CERT,
AUTH_MODE_HYBRID
};
+enum nortel_auth_mode_enum {
+ NORTEL_AUTH_MODE_USERNAME, /* User Name and Password Authentication */
+ NORTEL_AUTH_MODE_CERT, /* Digital Certificate Authentication */
+ NORTEL_AUTH_MODE_TOKEN, /* Group Security - Response Only Token - Use Passcode */
+ NORTEL_AUTH_MODE_PINTOKEN, /* Group Security - Response Only Token - Use Two-Factor Card */
+ NORTEL_AUTH_MODE_TOKENSW, /* Group Security - Response Only Token - Use SoftID Software */
+ NORTEL_AUTH_MODE_GPASSWORD, /* Group Security - Group Password Authentication */
+};
+
extern const char *config[LAST_CONFIG];
extern enum vendor_enum opt_vendor;
extern int opt_debug;
extern int opt_nd;
extern int opt_1des, opt_no_encryption, opt_auth_mode;
extern enum natt_mode_enum opt_natt_mode;
extern enum if_mode_enum opt_if_mode;
+extern enum nortel_auth_mode_enum opt_nortel_auth_mode;
extern uint16_t opt_udpencapport;
extern uint16_t opt_nortel_client_id;
#define TIMESTAMP() ({ \
char st[20]; \
Index: b/config.c
===================================================================
--- a/config.c
+++ b/config.c
@@ -42,10 +42,11 @@ int opt_debug = 0;
int opt_nd;
int opt_1des, opt_no_encryption, opt_auth_mode;
enum natt_mode_enum opt_natt_mode;
enum vendor_enum opt_vendor;
enum if_mode_enum opt_if_mode;
+enum nortel_auth_mode_enum opt_nortel_auth_mode;
uint16_t opt_udpencapport;
uint16_t opt_nortel_client_id;
void hex_dump(const char *str, const void *data, ssize_t len, const struct debug_strings *decode)
{
@@ -195,10 +196,15 @@ static const char *config_def_vendor(voi
static const char *config_def_target_network(void)
{
return "0.0.0.0/0.0.0.0";
}
+static const char *config_def_nortel_auth_mode(void)
+{
+ return "token";
+}
+
static const struct config_names_s {
enum config_enum nm;
const int needsArgument;
const int long_only;
const char *option;
@@ -245,10 +251,17 @@ static const struct config_names_s {
"Xauth username ",
"<ASCII string>",
"your username",
NULL
}, {
+ CONFIG_XAUTH_PIN, 1, 0,
+ NULL,
+ "Xauth PIN ",
+ "<ASCII string>",
+ "PIN for Nortel Two-Factor Authentication",
+ NULL
+ }, {
CONFIG_XAUTH_PASSWORD, 1, 0,
NULL,
"Xauth password ",
"<ASCII string>",
"your password (cleartext)",
@@ -460,10 +473,23 @@ static const struct config_names_s {
"IPSEC target network ",
"