rpms/vpnc/EL-5 vpnc-0.4.0-cloexec.patch, NONE, 1.1 vpnc-0.4.0-pie.patch, NONE, 1.1 vpnc-disconnect.consolehelper, NONE, 1.1 vpnc-helper, NONE, 1.1 vpnc.consolehelper, NONE, 1.1 vpnc.pam, NONE, 1.1 .cvsignore, 1.3, 1.4 generic-vpnc.conf, 1.2, 1.3 sources, 1.3, 1.4 vpnc.spec, 1.18, 1.19 vpnc-0.3.2-pie.patch, 1.2, NONE vpnc-0.3.3-cloexec.patch, 1.1, NONE vpnc-0.3.3-ip-output.patch, 1.2, NONE vpnc-0.3.3-no-srcport.patch, 1.1, NONE vpnc-0.3.3-rekeying.patch, 1.2, NONE
Tomas Mraz (tmraz)
fedora-extras-commits at redhat.com
Wed Aug 1 19:34:04 UTC 2007
Author: tmraz
Update of /cvs/pkgs/rpms/vpnc/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23606
Modified Files:
.cvsignore generic-vpnc.conf sources vpnc.spec
Added Files:
vpnc-0.4.0-cloexec.patch vpnc-0.4.0-pie.patch
vpnc-disconnect.consolehelper vpnc-helper vpnc.consolehelper
vpnc.pam
Removed Files:
vpnc-0.3.2-pie.patch vpnc-0.3.3-cloexec.patch
vpnc-0.3.3-ip-output.patch vpnc-0.3.3-no-srcport.patch
vpnc-0.3.3-rekeying.patch
Log Message:
- update to vpnc-0.4.0
- add consoleuser subpackage
vpnc-0.4.0-cloexec.patch:
--- NEW FILE vpnc-0.4.0-cloexec.patch ---
--- vpnc-0.4.0/vpnc.c.cloexec 2007-02-19 21:49:51.000000000 +0100
+++ vpnc-0.4.0/vpnc.c 2007-02-22 10:49:46.000000000 +0100
@@ -96,6 +96,8 @@
if (sock < 0)
error(1, errno, "making socket");
+ fcntl(sock, F_SETFD, FD_CLOEXEC);
+
/* give the socket a name */
name.sin_family = AF_INET;
name.sin_addr = s->opt_src_ip;
@@ -2246,6 +2248,8 @@
if (s->esp_fd == -1) {
error(1, errno, "socket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
}
+ fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
+
#ifdef IP_HDRINCL
if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
vpnc-0.4.0-pie.patch:
--- NEW FILE vpnc-0.4.0-pie.patch ---
--- vpnc-0.4.0/Makefile.pie 2007-02-19 21:51:12.000000000 +0100
+++ vpnc-0.4.0/Makefile 2007-02-22 10:41:39.000000000 +0100
@@ -35,9 +35,9 @@
RELEASE_VERSION := $(shell cat VERSION)
CC=gcc
-CFLAGS += -W -Wall -O3 -Wmissing-declarations -Wwrite-strings -g
+CFLAGS += $(RPM_OPT_FLAGS) -W -Wall -Wmissing-declarations -Wwrite-strings -fPIE
CPPFLAGS = -DVERSION=\"$(VERSION)\"
-LDFLAGS = -g $(shell libgcrypt-config --libs)
+LDFLAGS = $(RPM_OPT_FLAGS) $(shell libgcrypt-config --libs) -pie
CFLAGS += $(shell libgcrypt-config --cflags)
ifeq ($(shell uname -s), SunOS)
--- NEW FILE vpnc-disconnect.consolehelper ---
USER=root
PROGRAM=/usr/sbin/vpnc-disconnect
--- NEW FILE vpnc-helper ---
#!/bin/sh
/usr/sbin/vpnc
--- NEW FILE vpnc.consolehelper ---
USER=root
PROGRAM=/usr/sbin/vpnc-helper
--- NEW FILE vpnc.pam ---
#%PAM-1.0
auth sufficient pam_rootok.so
auth sufficient pam_console.so
auth include config-util
account include config-util
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/vpnc/EL-5/.cvsignore,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- .cvsignore 16 May 2005 09:48:46 -0000 1.3
+++ .cvsignore 1 Aug 2007 19:33:32 -0000 1.4
@@ -1,2 +1,2 @@
-vpnc-0.3.3.tar.gz
+vpnc-0.4.0.tar.gz
clog
Index: generic-vpnc.conf
===================================================================
RCS file: /cvs/pkgs/rpms/vpnc/EL-5/generic-vpnc.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- generic-vpnc.conf 9 Mar 2006 17:42:53 -0000 1.2
+++ generic-vpnc.conf 1 Aug 2007 19:33:32 -0000 1.3
@@ -3,5 +3,3 @@
#IPSec secret mysecret
# your username goes here:
#Xauth username
-# if you want to test rekeying specify nonzero seconds here:
-#Rekeying interval 0
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/vpnc/EL-5/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sources 16 May 2005 09:48:46 -0000 1.3
+++ sources 1 Aug 2007 19:33:32 -0000 1.4
@@ -1 +1 @@
-e7518cff21326fe7eb9795b60c25ae6a vpnc-0.3.3.tar.gz
+604807e7dd90fce00a4e2344ee29c76d vpnc-0.4.0.tar.gz
Index: vpnc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/vpnc/EL-5/vpnc.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- vpnc.spec 7 Nov 2006 17:46:19 -0000 1.18
+++ vpnc.spec 1 Aug 2007 19:33:32 -0000 1.19
@@ -1,20 +1,21 @@
Name: vpnc
-Version: 0.3.3
-Release: 13%{?dist}
+Version: 0.4.0
+Release: 2%{?dist}
Summary: IPSec VPN client compatible with Cisco equipment
Group: Applications/Internet
License: GPL
URL: http://www.unix-ag.uni-kl.de/~massar/vpnc/
-Source0: vpnc-0.3.3.tar.gz
+Source0: http://www.unix-ag.uni-kl.de/~massar/vpnc/%{name}-%{version}.tar.gz
Source1: generic-vpnc.conf
-Patch0: vpnc-0.3.2-pie.patch
+Source2: vpnc.consolehelper
+Source3: vpnc-disconnect.consolehelper
+Source4: vpnc.pam
+Source5: vpnc-helper
+Patch0: vpnc-0.4.0-pie.patch
Patch1: vpnc-0.3.3-sbin-path.patch
-Patch2: vpnc-0.3.3-ip-output.patch
-Patch3: vpnc-0.3.3-no-srcport.patch
-Patch4: vpnc-0.3.3-rekeying.patch
-Patch5: vpnc-0.3.3-cloexec.patch
+Patch2: vpnc-0.4.0-cloexec.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -27,46 +28,92 @@
Supports IPSec (ESP) with Mode Configuration and Xauth. Supports only
shared-secret IPSec authentication, 3DES, MD5, and IP tunneling.
+%package consoleuser
+Summary: Allows console user to run the VPN client directly
+Group: Applications/Internet
+Requires: vpnc = %{version}-%{release}
+Requires: usermode
+
+%description consoleuser
+Allows the console user to run the IPSec VPN client directly without
+switching to the root account.
+
%prep
%setup -q
%patch0 -p1 -b .pie
%patch1 -p1 -b .sbin-path
-%patch2 -p1 -b .ip-output
-%patch3 -p1 -b .no-srcport
-%patch4 -p1 -b .rekeying
-%patch5 -p1 -b .cloexec
+%patch2 -p1 -b .cloexec
%build
+%ifarch x86_64
+RPM_OPT_FLAGS=$(echo $RPM_OPT_FLAGS | sed s/-fstack-protector//g)
+%endif
make PREFIX=/usr
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR="$RPM_BUILD_ROOT" PREFIX=/usr
+rm -f $RPM_BUILD_ROOT%{_bindir}/pcf2vpnc
+chmod 0644 $RPM_BUILD_ROOT%{_mandir}/man8/vpnc.8
install -m 0600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/vpnc/default.conf
-rm $RPM_BUILD_ROOT%{_sysconfdir}/vpnc/vpnc.conf
mkdir -p $RPM_BUILD_ROOT%{_var}/run/vpnc
touch $RPM_BUILD_ROOT%{_var}/run/vpnc/pid \
$RPM_BUILD_ROOT%{_var}/run/vpnc/defaultroute \
$RPM_BUILD_ROOT%{_var}/run/vpnc/resolv.conf-backup
+install -Dp -m 0644 %{SOURCE2} \
+ $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps/vpnc
+install -Dp -m 0644 %{SOURCE3} \
+ $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps/vpnc-disconnect
+install -Dp -m 0644 %{SOURCE4} \
+ $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/vpnc
+install -Dp -m 0644 %{SOURCE4} \
+ $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/vpnc-disconnect
+install -m 0755 %{SOURCE5} \
+ $RPM_BUILD_ROOT%{_sbindir}/vpnc-helper
+mkdir -p $RPM_BUILD_ROOT%{_bindir}
+ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/vpnc
+ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/vpnc-disconnect
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
-%doc README
+%doc README COPYING pcf2vpnc
%dir %{_sysconfdir}/vpnc
-%{_sysconfdir}/vpnc/vpnc-script
+%config(noreplace) %{_sysconfdir}/vpnc/vpnc-script
%config(noreplace) %{_sysconfdir}/vpnc/default.conf
-%{_sbindir}/*
+%{_sbindir}/vpnc
+%{_sbindir}/vpnc-disconnect
%{_mandir}/man8/*
%dir %{_var}/run/vpnc
%ghost %verify(not md5 size mtime) %{_var}/run/vpnc/pid
%ghost %verify(not md5 size mtime) %{_var}/run/vpnc/defaultroute
%ghost %verify(not md5 size mtime) %{_var}/run/vpnc/resolv.conf-backup
+%files consoleuser
+%defattr(-,root,root)
+%config(noreplace) %{_sysconfdir}/security/console.apps/vpnc*
+%config(noreplace) %{_sysconfdir}/pam.d/vpnc*
+%{_bindir}/vpnc*
+%{_sbindir}/vpnc-helper
+
%changelog
+* Tue Mar 20 2007 Tomas Mraz <tmraz at redhat.com> - 0.4.0-2
+- -fstack-protector miscompilation on x86_64 is back (#232565)
+
+* Mon Feb 26 2007 Tomas Mraz <tmraz at redhat.com> - 0.4.0-1
+- upgrade to new upstream version
+
+* Wed Jan 17 2007 Tomas Mraz <tmraz at redhat.com> - 0.3.3-15
+- do not overwrite personalized vpnc scripts (#195842)
+- we must not allow commandline options to vpnc when run through consolehelper
+
+* Wed Jan 17 2007 Tomas Mraz <tmraz at redhat.com> - 0.3.3-14
+- add consoleuser subpackage (#160571)
+- fix permissions on manpage (#222578)
+
* Tue Nov 7 2006 Tomas Mraz <tmraz at redhat.com> - 0.3.3-13
- don't leak socket fds
--- vpnc-0.3.2-pie.patch DELETED ---
--- vpnc-0.3.3-cloexec.patch DELETED ---
--- vpnc-0.3.3-ip-output.patch DELETED ---
--- vpnc-0.3.3-no-srcport.patch DELETED ---
--- vpnc-0.3.3-rekeying.patch DELETED ---
More information about the fedora-extras-commits
mailing list