From 2b7225251d0ec08ee3523d783a3637dbe5bfe8d9 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 09:34:13 +0000 Subject: [PATCH 01/12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- NetworkManager-l2tp.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index 3c3f03a..ce4d2f0 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -7,7 +7,7 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp Version: 1.8.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz @@ -113,6 +113,9 @@ exit 0 %endif %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 1.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Fri Dec 13 2019 Douglas Kosovic - 1.8.0-1 - Updated to 1.8.0 release From 0b3f4496bd9dbcbd72d5b62c050d0fdfbb272051 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sat, 22 Feb 2020 09:29:29 -0800 Subject: [PATCH 02/12] Rebuild for new ppp --- NetworkManager-l2tp.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index ce4d2f0..62142cc 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -7,7 +7,7 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp Version: 1.8.0 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz @@ -113,6 +113,9 @@ exit 0 %endif %changelog +* Sat Feb 22 2020 Adam Williamson - 1.8.0-3 +- Rebuild for new ppp + * Tue Jan 28 2020 Fedora Release Engineering - 1.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 16eb6174efe34e004df417f862bf2333e3438e9c Mon Sep 17 00:00:00 2001 From: Douglas Kosovic Date: Wed, 26 Feb 2020 00:11:59 +1000 Subject: [PATCH 03/12] Patch to support libreswan 3.30 which is no longer built with modp1024 support --- NetworkManager-l2tp-1.8.0-libreswan-3.30.patch | 13 +++++++++++++ NetworkManager-l2tp.spec | 7 ++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 NetworkManager-l2tp-1.8.0-libreswan-3.30.patch diff --git a/NetworkManager-l2tp-1.8.0-libreswan-3.30.patch b/NetworkManager-l2tp-1.8.0-libreswan-3.30.patch new file mode 100644 index 0000000..d95d8d7 --- /dev/null +++ b/NetworkManager-l2tp-1.8.0-libreswan-3.30.patch @@ -0,0 +1,13 @@ +diff --git a/src/nm-l2tp-service.c b/src/nm-l2tp-service.c +index c80135f..1c6cbb4 100644 +--- a/src/nm-l2tp-service.c ++++ b/src/nm-l2tp-service.c +@@ -98,7 +98,7 @@ typedef struct { + #define STRONGSWAN_IKEV1_ALGORITHMS_PHASE1 "aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-modp1024,aes256-sha1-ecp384,aes128-sha1-modp1024,aes128-sha1-ecp256,3des-sha1-modp2048,3des-sha1-modp1024!" + #define STRONGSWAN_IKEV1_ALGORITHMS_PHASE2 "aes256-sha1,aes128-sha1,3des-sha1!" + +-#define LIBRESWAN_IKEV1_ALGORITHMS_PHASE1 "aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-modp1024,aes256-sha1-ecp_384,aes128-sha1-modp1024,aes128-sha1-ecp_256,3des-sha1-modp2048,3des-sha1-modp1024" ++#define LIBRESWAN_IKEV1_ALGORITHMS_PHASE1 "aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-ecp_384,aes128-sha1-ecp_256,3des-sha1-modp2048" + #define LIBRESWAN_IKEV1_ALGORITHMS_PHASE2 "aes256-sha1,aes128-sha1,3des-sha1" + + /*****************************************************************************/ diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index 62142cc..62b85fc 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -7,10 +7,11 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp Version: 1.8.0 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz +Patch1: NetworkManager-l2tp-1.8.0-libreswan-3.30.patch %global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad) @@ -54,6 +55,7 @@ IPsec VPN support with the NetworkManager (GNOME files). %prep %setup -q +%patch1 -p1 -b .modp1024 %build if [ ! -f configure ]; then @@ -113,6 +115,9 @@ exit 0 %endif %changelog +* Wed Feb 26 2020 Douglas Kosovic - 1.8.0-1 +- Patch to support libreswan 3.30 which is no longer built with modp1024 support + * Sat Feb 22 2020 Adam Williamson - 1.8.0-3 - Rebuild for new ppp From eacb9678bfe61867c8b0f378650c9964940c3a32 Mon Sep 17 00:00:00 2001 From: Douglas Kosovic Date: Thu, 27 Feb 2020 08:46:42 +1000 Subject: [PATCH 04/12] Patch for user certificate support fix --- NetworkManager-l2tp-1.8.0-usercert.patch | 121 +++++++++++++++++++++++ NetworkManager-l2tp.spec | 9 +- 2 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 NetworkManager-l2tp-1.8.0-usercert.patch diff --git a/NetworkManager-l2tp-1.8.0-usercert.patch b/NetworkManager-l2tp-1.8.0-usercert.patch new file mode 100644 index 0000000..4fd5f21 --- /dev/null +++ b/NetworkManager-l2tp-1.8.0-usercert.patch @@ -0,0 +1,121 @@ +diff --git a/src/nm-l2tp-service.c b/src/nm-l2tp-service.c +index 660bbe0..5ca8617 100644 +--- a/src/nm-l2tp-service.c ++++ b/src/nm-l2tp-service.c +@@ -1117,13 +1117,16 @@ nm_l2tp_config_write (NML2tpPlugin *plugin, + return FALSE; + } + if (tls_need_password) +- value = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_MACHINE_CERTPASS); ++ value = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS); + else + value = NULL; + + tls_key_out_filename = g_strdup_printf ("%s/key.pem", rundir); + tls_cert_out_filename = g_strdup_printf ("%s/cert.pem", rundir); +- tls_ca_out_filename = g_strdup_printf ("%s/ca.pem", rundir);; ++ tls_ca_out_filename = g_strdup_printf ("%s/ca.pem", rundir); ++ unlink (tls_key_out_filename); ++ unlink (tls_cert_out_filename); ++ unlink (tls_ca_out_filename); + if (tls_key_fileformat == NM_L2TP_CRYPTO_FILE_FORMAT_PKCS12) { + crypto_pkcs12_to_pem_files (tls_cert_filename, + value, +@@ -1198,20 +1201,29 @@ nm_l2tp_config_write (NML2tpPlugin *plugin, + } + + write_config_option (fd, "need-peer-eap\n"); +- if (tls_key_out_filename) +- write_config_option (fd, "key \"%s\"\n", tls_key_out_filename); +- else ++ if (tls_key_out_filename) { ++ if (g_file_test (tls_key_out_filename, G_FILE_TEST_EXISTS)) { ++ write_config_option (fd, "key \"%s\"\n", tls_key_out_filename); ++ } ++ } else { + write_config_option (fd, "key \"%s\"\n", tls_key_filename); ++ } + +- if (tls_cert_out_filename) +- write_config_option (fd, "cert \"%s\"\n", tls_cert_out_filename); +- else ++ if (tls_cert_out_filename) { ++ if (g_file_test (tls_cert_out_filename, G_FILE_TEST_EXISTS)) { ++ write_config_option (fd, "cert \"%s\"\n", tls_cert_out_filename); ++ } ++ } else { + write_config_option (fd, "cert \"%s\"\n", tls_cert_filename); ++ } + +- if (tls_ca_out_filename) +- write_config_option (fd, "ca \"%s\"\n", tls_ca_filename); +- else if (tls_ca_filename) ++ if (tls_ca_out_filename) { ++ if (g_file_test (tls_ca_out_filename, G_FILE_TEST_EXISTS)) { ++ write_config_option (fd, "ca \"%s\"\n", tls_ca_out_filename); ++ } ++ } else if (tls_ca_filename) { + write_config_option (fd, "ca \"%s\"\n", tls_ca_filename); ++ } + } else { + /* Username; try L2TP specific username first, then generic username */ + value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER); +@@ -1529,8 +1541,10 @@ handle_need_secrets (NMDBusL2tpPpp *object, + NML2tpPlugin *self = NM_L2TP_PLUGIN (user_data); + NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (self); + NMSettingVpn *s_vpn; ++ NML2tpCryptoFileFormat tls_key_fileformat; + const char *user, *password, *domain, *auth_type, *tls_key_filename; + gchar *username; ++ gchar *key_filename; + gboolean tls_need_password = FALSE; + + remove_timeout_handler (NM_L2TP_PLUGIN (user_data)); +@@ -1541,20 +1555,36 @@ handle_need_secrets (NMDBusL2tpPpp *object, + auth_type = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER_AUTH_TYPE); + if (nm_streq0 (auth_type, NM_L2TP_AUTHTYPE_TLS)) { + tls_key_filename = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER_KEY); +- crypto_file_format (tls_key_filename, &tls_need_password, NULL); ++ tls_key_fileformat = crypto_file_format (tls_key_filename, &tls_need_password, NULL); ++ ++ switch (tls_key_fileformat) { ++ case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS12 : ++ case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS8_DER : ++ case NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_DER : ++ case NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_DER : ++ case NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_DER : ++ key_filename = g_strdup_printf (RUNSTATEDIR"/nm-l2tp-%s/key.pem", priv->uuid); ++ break; + +- if (!tls_need_password) +- return FALSE; ++ default : ++ key_filename = g_strdup (tls_key_filename); ++ } + +- password = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS); +- if (!password || !strlen (password)) { +- g_dbus_method_invocation_return_error_literal (invocation, +- NM_VPN_PLUGIN_ERROR, +- NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, +- _("Missing or invalid VPN user certificate password.")); +- return FALSE;; ++ if (!tls_need_password) { ++ nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, key_filename, ""); ++ } else { ++ password = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS); ++ if (!password || !strlen (password)) { ++ g_dbus_method_invocation_return_error_literal (invocation, ++ NM_VPN_PLUGIN_ERROR, ++ NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, ++ _("Missing or invalid VPN user certificate password.")); ++ g_free (key_filename); ++ return FALSE;; ++ } ++ nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, key_filename, password); + } +- nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, tls_key_filename, password); ++ g_free (key_filename); + + } else { + /* Username; try L2TP specific username first, then generic username */ diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index 62b85fc..46fed91 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -7,11 +7,12 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp Version: 1.8.0 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz Patch1: NetworkManager-l2tp-1.8.0-libreswan-3.30.patch +Patch2: NetworkManager-l2tp-1.8.0-usercert.patch %global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad) @@ -56,6 +57,7 @@ IPsec VPN support with the NetworkManager (GNOME files). %prep %setup -q %patch1 -p1 -b .modp1024 +%patch2 -p1 -b .usercert %build if [ ! -f configure ]; then @@ -115,7 +117,10 @@ exit 0 %endif %changelog -* Wed Feb 26 2020 Douglas Kosovic - 1.8.0-1 +* Thu Feb 27 2020 Douglas Kosovic - 1.8.0-5 +- Patch for user certificate support fix + +* Wed Feb 26 2020 Douglas Kosovic - 1.8.0-4 - Patch to support libreswan 3.30 which is no longer built with modp1024 support * Sat Feb 22 2020 Adam Williamson - 1.8.0-3 From 07300afbfee9ba77fb2eba6846b1404c7b2273c8 Mon Sep 17 00:00:00 2001 From: Douglas Kosovic Date: Thu, 26 Mar 2020 22:12:30 +1000 Subject: [PATCH 05/12] Updated to 1.8.2 release Remove redundant patches Recommends (libreswan or strongswan) instead of just libreswan --- .gitignore | 1 + ...orkManager-l2tp-1.8.0-libreswan-3.30.patch | 13 -- NetworkManager-l2tp-1.8.0-usercert.patch | 121 ------------------ NetworkManager-l2tp.spec | 15 ++- sources | 2 +- 5 files changed, 10 insertions(+), 142 deletions(-) delete mode 100644 NetworkManager-l2tp-1.8.0-libreswan-3.30.patch delete mode 100644 NetworkManager-l2tp-1.8.0-usercert.patch diff --git a/.gitignore b/.gitignore index 29f4d31..00bca54 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /NetworkManager-l2tp-1.2.14.tar.xz /NetworkManager-l2tp-1.2.16.tar.xz /NetworkManager-l2tp-1.8.0.tar.xz +/NetworkManager-l2tp-1.8.2.tar.xz diff --git a/NetworkManager-l2tp-1.8.0-libreswan-3.30.patch b/NetworkManager-l2tp-1.8.0-libreswan-3.30.patch deleted file mode 100644 index d95d8d7..0000000 --- a/NetworkManager-l2tp-1.8.0-libreswan-3.30.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/nm-l2tp-service.c b/src/nm-l2tp-service.c -index c80135f..1c6cbb4 100644 ---- a/src/nm-l2tp-service.c -+++ b/src/nm-l2tp-service.c -@@ -98,7 +98,7 @@ typedef struct { - #define STRONGSWAN_IKEV1_ALGORITHMS_PHASE1 "aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-modp1024,aes256-sha1-ecp384,aes128-sha1-modp1024,aes128-sha1-ecp256,3des-sha1-modp2048,3des-sha1-modp1024!" - #define STRONGSWAN_IKEV1_ALGORITHMS_PHASE2 "aes256-sha1,aes128-sha1,3des-sha1!" - --#define LIBRESWAN_IKEV1_ALGORITHMS_PHASE1 "aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-modp1024,aes256-sha1-ecp_384,aes128-sha1-modp1024,aes128-sha1-ecp_256,3des-sha1-modp2048,3des-sha1-modp1024" -+#define LIBRESWAN_IKEV1_ALGORITHMS_PHASE1 "aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-ecp_384,aes128-sha1-ecp_256,3des-sha1-modp2048" - #define LIBRESWAN_IKEV1_ALGORITHMS_PHASE2 "aes256-sha1,aes128-sha1,3des-sha1" - - /*****************************************************************************/ diff --git a/NetworkManager-l2tp-1.8.0-usercert.patch b/NetworkManager-l2tp-1.8.0-usercert.patch deleted file mode 100644 index 4fd5f21..0000000 --- a/NetworkManager-l2tp-1.8.0-usercert.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff --git a/src/nm-l2tp-service.c b/src/nm-l2tp-service.c -index 660bbe0..5ca8617 100644 ---- a/src/nm-l2tp-service.c -+++ b/src/nm-l2tp-service.c -@@ -1117,13 +1117,16 @@ nm_l2tp_config_write (NML2tpPlugin *plugin, - return FALSE; - } - if (tls_need_password) -- value = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_MACHINE_CERTPASS); -+ value = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS); - else - value = NULL; - - tls_key_out_filename = g_strdup_printf ("%s/key.pem", rundir); - tls_cert_out_filename = g_strdup_printf ("%s/cert.pem", rundir); -- tls_ca_out_filename = g_strdup_printf ("%s/ca.pem", rundir);; -+ tls_ca_out_filename = g_strdup_printf ("%s/ca.pem", rundir); -+ unlink (tls_key_out_filename); -+ unlink (tls_cert_out_filename); -+ unlink (tls_ca_out_filename); - if (tls_key_fileformat == NM_L2TP_CRYPTO_FILE_FORMAT_PKCS12) { - crypto_pkcs12_to_pem_files (tls_cert_filename, - value, -@@ -1198,20 +1201,29 @@ nm_l2tp_config_write (NML2tpPlugin *plugin, - } - - write_config_option (fd, "need-peer-eap\n"); -- if (tls_key_out_filename) -- write_config_option (fd, "key \"%s\"\n", tls_key_out_filename); -- else -+ if (tls_key_out_filename) { -+ if (g_file_test (tls_key_out_filename, G_FILE_TEST_EXISTS)) { -+ write_config_option (fd, "key \"%s\"\n", tls_key_out_filename); -+ } -+ } else { - write_config_option (fd, "key \"%s\"\n", tls_key_filename); -+ } - -- if (tls_cert_out_filename) -- write_config_option (fd, "cert \"%s\"\n", tls_cert_out_filename); -- else -+ if (tls_cert_out_filename) { -+ if (g_file_test (tls_cert_out_filename, G_FILE_TEST_EXISTS)) { -+ write_config_option (fd, "cert \"%s\"\n", tls_cert_out_filename); -+ } -+ } else { - write_config_option (fd, "cert \"%s\"\n", tls_cert_filename); -+ } - -- if (tls_ca_out_filename) -- write_config_option (fd, "ca \"%s\"\n", tls_ca_filename); -- else if (tls_ca_filename) -+ if (tls_ca_out_filename) { -+ if (g_file_test (tls_ca_out_filename, G_FILE_TEST_EXISTS)) { -+ write_config_option (fd, "ca \"%s\"\n", tls_ca_out_filename); -+ } -+ } else if (tls_ca_filename) { - write_config_option (fd, "ca \"%s\"\n", tls_ca_filename); -+ } - } else { - /* Username; try L2TP specific username first, then generic username */ - value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER); -@@ -1529,8 +1541,10 @@ handle_need_secrets (NMDBusL2tpPpp *object, - NML2tpPlugin *self = NM_L2TP_PLUGIN (user_data); - NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (self); - NMSettingVpn *s_vpn; -+ NML2tpCryptoFileFormat tls_key_fileformat; - const char *user, *password, *domain, *auth_type, *tls_key_filename; - gchar *username; -+ gchar *key_filename; - gboolean tls_need_password = FALSE; - - remove_timeout_handler (NM_L2TP_PLUGIN (user_data)); -@@ -1541,20 +1555,36 @@ handle_need_secrets (NMDBusL2tpPpp *object, - auth_type = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER_AUTH_TYPE); - if (nm_streq0 (auth_type, NM_L2TP_AUTHTYPE_TLS)) { - tls_key_filename = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER_KEY); -- crypto_file_format (tls_key_filename, &tls_need_password, NULL); -+ tls_key_fileformat = crypto_file_format (tls_key_filename, &tls_need_password, NULL); -+ -+ switch (tls_key_fileformat) { -+ case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS12 : -+ case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS8_DER : -+ case NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_DER : -+ case NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_DER : -+ case NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_DER : -+ key_filename = g_strdup_printf (RUNSTATEDIR"/nm-l2tp-%s/key.pem", priv->uuid); -+ break; - -- if (!tls_need_password) -- return FALSE; -+ default : -+ key_filename = g_strdup (tls_key_filename); -+ } - -- password = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS); -- if (!password || !strlen (password)) { -- g_dbus_method_invocation_return_error_literal (invocation, -- NM_VPN_PLUGIN_ERROR, -- NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, -- _("Missing or invalid VPN user certificate password.")); -- return FALSE;; -+ if (!tls_need_password) { -+ nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, key_filename, ""); -+ } else { -+ password = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS); -+ if (!password || !strlen (password)) { -+ g_dbus_method_invocation_return_error_literal (invocation, -+ NM_VPN_PLUGIN_ERROR, -+ NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION, -+ _("Missing or invalid VPN user certificate password.")); -+ g_free (key_filename); -+ return FALSE;; -+ } -+ nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, key_filename, password); - } -- nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, tls_key_filename, password); -+ g_free (key_filename); - - } else { - /* Username; try L2TP specific username first, then generic username */ diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index 46fed91..f10a6df 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -6,13 +6,11 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp -Version: 1.8.0 -Release: 5%{?dist} +Version: 1.8.2 +Release: 1%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz -Patch1: NetworkManager-l2tp-1.8.0-libreswan-3.30.patch -Patch2: NetworkManager-l2tp-1.8.0-usercert.patch %global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad) @@ -37,7 +35,7 @@ Requires: xl2tpd %if 0%{?fedora} < 24 && 0%{?rhel} < 8 Requires: libreswan %else -Recommends: libreswan +Recommends: (libreswan or strongswan) %endif %global __provides_exclude ^libnm-.*\\.so @@ -56,8 +54,6 @@ IPsec VPN support with the NetworkManager (GNOME files). %prep %setup -q -%patch1 -p1 -b .modp1024 -%patch2 -p1 -b .usercert %build if [ ! -f configure ]; then @@ -117,6 +113,11 @@ exit 0 %endif %changelog +* Thu Mar 26 2020 Douglas Kosovic - 1.8.2-1 +- Updated to 1.8.2 release +- Remove redundant patches +- Recommends (libreswan or strongswan) instead of just libreswan + * Thu Feb 27 2020 Douglas Kosovic - 1.8.0-5 - Patch for user certificate support fix diff --git a/sources b/sources index e2d4cb8..4088c20 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (NetworkManager-l2tp-1.8.0.tar.xz) = 8ef6732dbef2d24a51c6f70bcd98b272244dfc4d89e888e0d2c6c12b0042c1bcc750b73cdfda3489f4987af4fe85df4fc54976c48151996aa205939671d250da +SHA512 (NetworkManager-l2tp-1.8.2.tar.xz) = fc7f4037a4e2d442231f3c72692b7d405f13507625828dc4b975fab3717c7c0daaeaa757ef2ed875f347a87ac4ccaf5a0df1834235d8879f3d1e0d1b450531b8 From 53a2f472ccd52d353f8827fd072aab4b62c37124 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 27 Jul 2020 10:30:12 +0000 Subject: [PATCH 06/12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- NetworkManager-l2tp.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index f10a6df..9687979 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -7,7 +7,7 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp Version: 1.8.2 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz @@ -113,6 +113,9 @@ exit 0 %endif %changelog +* Mon Jul 27 2020 Fedora Release Engineering - 1.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Thu Mar 26 2020 Douglas Kosovic - 1.8.2-1 - Updated to 1.8.2 release - Remove redundant patches From 9222bb3bc11afc90a4e09fe33224c4bd49cfd398 Mon Sep 17 00:00:00 2001 From: Douglas Kosovic Date: Tue, 3 Nov 2020 21:34:01 +1000 Subject: [PATCH 07/12] Updated to 1.8.6 release Remove redundant libnm_glib conditionals explictly recommend libreswan >= 4.0 because of change in NSS DB location. AppData file now in %{_datadir}/metainfo/ D-Bus policy file now in %{_datadir}/dbus-1/system.d/ --- .gitignore | 1 + NetworkManager-l2tp.spec | 48 +++++++++++++++------------------------- sources | 2 +- 3 files changed, 20 insertions(+), 31 deletions(-) diff --git a/.gitignore b/.gitignore index 00bca54..5212ea6 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /NetworkManager-l2tp-1.2.16.tar.xz /NetworkManager-l2tp-1.8.0.tar.xz /NetworkManager-l2tp-1.8.2.tar.xz +/NetworkManager-l2tp-1.8.6.tar.xz diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index 9687979..9eedb13 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -1,13 +1,7 @@ -%if 0%{?fedora} < 28 && 0%{?rhel} < 8 -%bcond_without libnm_glib -%else -%bcond_with libnm_glib -%endif - Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp -Version: 1.8.2 -Release: 2%{?dist} +Version: 1.8.6 +Release: 1%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz @@ -16,27 +10,19 @@ Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{ve BuildRequires: glib2-devel BuildRequires: gtk3-devel -BuildRequires: NetworkManager-libnm-devel >= 1:1.2.0 -BuildRequires: libnma-devel >= 1.2.0 +BuildRequires: NetworkManager-libnm-devel >= 1:1.8.0 +BuildRequires: libnma-devel >= 1.8.0 BuildRequires: ppp-devel BuildRequires: libtool intltool gettext BuildRequires: libsecret-devel -%if %with libnm_glib -BuildRequires: NetworkManager-glib-devel >= 1:1.2.0 -BuildRequires: libnm-gtk-devel >= 1.2.0 -%endif -BuildRequires: openssl-devel +BuildRequires: openssl-devel >= 1:1.1.0 BuildRequires: nss-devel Requires: dbus -Requires: NetworkManager >= 1:1.2.0 +Requires: NetworkManager >= 1:1.8.0 Requires: ppp = %{ppp_version} Requires: xl2tpd -%if 0%{?fedora} < 24 && 0%{?rhel} < 8 -Requires: libreswan -%else -Recommends: (libreswan or strongswan) -%endif +Recommends: (libreswan >= 4.0 or strongswan) %global __provides_exclude ^libnm-.*\\.so @@ -62,8 +48,8 @@ if [ ! -f configure ]; then fi %configure \ --disable-static \ -%if %with libnm_glib - --with-libnm-glib \ +%if 0%{?rhel} == 8 + --enable-libreswan-dh2 \ %endif --with-pppd-plugin-dir=%{_libdir}/pppd/%{ppp_version} \ --with-dist-version=%{version}-%{release} @@ -93,7 +79,7 @@ exit 0 %files -f %{name}.lang %{_libdir}/NetworkManager/libnm-vpn-plugin-l2tp.so -%{_sysconfdir}/dbus-1/system.d/nm-l2tp-service.conf +%{_datadir}/dbus-1/system.d/nm-l2tp-service.conf %{_prefix}/lib/NetworkManager/VPN/nm-l2tp-service.name %{_libexecdir}/nm-l2tp-service %{_libdir}/pppd/%{ppp_version}/nm-l2tp-pppd-plugin.so @@ -105,14 +91,16 @@ exit 0 %files gnome %{_libexecdir}/nm-l2tp-auth-dialog %{_libdir}/NetworkManager/libnm-vpn-plugin-l2tp-editor.so -%{_datadir}/appdata/network-manager-l2tp.metainfo.xml - -%if %with libnm_glib -%{_sysconfdir}/NetworkManager/VPN/nm-l2tp-service.name -%{_libdir}/NetworkManager/libnm-*-properties.so -%endif +%{_datadir}/metainfo/network-manager-l2tp.metainfo.xml %changelog +* Tue Nov 03 2020 Douglas Kosovic - 1.8.6-1 +- Updated to 1.8.6 release +- Remove redundant libnm_glib conditionals +- explictly recommend libreswan >= 4.0 because of change in NSS DB location. +- AppData file now in %%{_datadir}/metainfo/ +- D-Bus policy file now in %%{_datadir}/dbus-1/system.d/ + * Mon Jul 27 2020 Fedora Release Engineering - 1.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sources b/sources index 4088c20..ef5d3f0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (NetworkManager-l2tp-1.8.2.tar.xz) = fc7f4037a4e2d442231f3c72692b7d405f13507625828dc4b975fab3717c7c0daaeaa757ef2ed875f347a87ac4ccaf5a0df1834235d8879f3d1e0d1b450531b8 +SHA512 (NetworkManager-l2tp-1.8.6.tar.xz) = 968e8c9140f800935e57e6a58fb4cc8a92385427b8a070a5106c37f5a9d05cfcc1333fe706dfa5ae79dfdcdde89e4becd7866a4e5f535b32e1edafe7171946a7 From c9a0d5e3d380fa311b8169d8931a7b1dfb8e57fb Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 7 Jan 2021 05:44:50 +0000 Subject: [PATCH 08/12] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- NetworkManager-l2tp.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index 9eedb13..0d75122 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -8,6 +8,7 @@ Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{ve %global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad) +BuildRequires: make BuildRequires: glib2-devel BuildRequires: gtk3-devel BuildRequires: NetworkManager-libnm-devel >= 1:1.8.0 From bc7f3900e379840158426da9b8cf0f827d67fcc3 Mon Sep 17 00:00:00 2001 From: Tomas Hrcka Date: Fri, 8 Jan 2021 12:31:48 +0100 Subject: [PATCH 09/12] rebuilt for new version of ppp Signed-off-by: Tomas Hrcka --- NetworkManager-l2tp.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index 0d75122..dddbfa4 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -1,7 +1,7 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp Version: 1.8.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz @@ -95,6 +95,9 @@ exit 0 %{_datadir}/metainfo/network-manager-l2tp.metainfo.xml %changelog +* Fri Jan 8 12:30:58 CET 2021 Tomas Hrcka - 1.8.6-2 +- rebuilt for new version of ppp + * Tue Nov 03 2020 Douglas Kosovic - 1.8.6-1 - Updated to 1.8.6 release - Remove redundant libnm_glib conditionals From df9f185182e1506f7e3501c4ede5e6c3b4568e84 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 25 Jan 2021 22:32:29 +0000 Subject: [PATCH 10/12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- NetworkManager-l2tp.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index dddbfa4..00aff64 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -1,7 +1,7 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp Version: 1.8.6 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz @@ -95,6 +95,9 @@ exit 0 %{_datadir}/metainfo/network-manager-l2tp.metainfo.xml %changelog +* Mon Jan 25 2021 Fedora Release Engineering - 1.8.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Fri Jan 8 12:30:58 CET 2021 Tomas Hrcka - 1.8.6-2 - rebuilt for new version of ppp From 439d5bb8a3046b8d111feb5785695b94bdbd153f Mon Sep 17 00:00:00 2001 From: Douglas Kosovic Date: Sun, 7 Feb 2021 21:47:33 +1000 Subject: [PATCH 11/12] Sync with EPEL8 --- NetworkManager-l2tp.spec | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index 00aff64..c69e040 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -1,7 +1,7 @@ Summary: NetworkManager VPN plugin for L2TP and L2TP/IPsec Name: NetworkManager-l2tp Version: 1.8.6 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: https://github.com/nm-l2tp/NetworkManager-l2tp Source: https://github.com/nm-l2tp/NetworkManager-l2tp/releases/download/%{version}/%{name}-%{version}.tar.xz @@ -23,7 +23,11 @@ Requires: dbus Requires: NetworkManager >= 1:1.8.0 Requires: ppp = %{ppp_version} Requires: xl2tpd +%if 0%{?rhel} < 9 +Recommends: (libreswan or strongswan) +%else Recommends: (libreswan >= 4.0 or strongswan) +%endif %global __provides_exclude ^libnm-.*\\.so @@ -49,8 +53,11 @@ if [ ! -f configure ]; then fi %configure \ --disable-static \ -%if 0%{?rhel} == 8 +%if 0%{?rhel} < 9 --enable-libreswan-dh2 \ + --with-nm-ipsec-nss-dir=%{_sysconfdir}/ipsec.d \ +%else + --with-nm-ipsec-nss-dir=%{_sharedstatedir}/ipsec/nss \ %endif --with-pppd-plugin-dir=%{_libdir}/pppd/%{ppp_version} \ --with-dist-version=%{version}-%{release} @@ -95,6 +102,9 @@ exit 0 %{_datadir}/metainfo/network-manager-l2tp.metainfo.xml %changelog +* Sun Feb 07 2021 Douglas Kosovic - 1.8.6-4 +- Sync with EPEL8 + * Mon Jan 25 2021 Fedora Release Engineering - 1.8.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From 254470b896d04529906f1479abf1d0bcfa88bd95 Mon Sep 17 00:00:00 2001 From: Douglas Kosovic Date: Sun, 7 Feb 2021 21:56:06 +1000 Subject: [PATCH 12/12] Correct EPEL8 conditional --- NetworkManager-l2tp.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/NetworkManager-l2tp.spec b/NetworkManager-l2tp.spec index c69e040..861dfa5 100644 --- a/NetworkManager-l2tp.spec +++ b/NetworkManager-l2tp.spec @@ -23,7 +23,7 @@ Requires: dbus Requires: NetworkManager >= 1:1.8.0 Requires: ppp = %{ppp_version} Requires: xl2tpd -%if 0%{?rhel} < 9 +%if 0%{?rhel} == 8 Recommends: (libreswan or strongswan) %else Recommends: (libreswan >= 4.0 or strongswan) @@ -53,7 +53,7 @@ if [ ! -f configure ]; then fi %configure \ --disable-static \ -%if 0%{?rhel} < 9 +%if 0%{?rhel} == 8 --enable-libreswan-dh2 \ --with-nm-ipsec-nss-dir=%{_sysconfdir}/ipsec.d \ %else @@ -102,6 +102,9 @@ exit 0 %{_datadir}/metainfo/network-manager-l2tp.metainfo.xml %changelog +* Sun Feb 07 2021 Douglas Kosovic - 1.8.6-5 +- Correct EPEL8 conditional + * Sun Feb 07 2021 Douglas Kosovic - 1.8.6-4 - Sync with EPEL8