From bdc734d8a2fb7546492d438bf533664ee62a6181 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 5 Dec 2006 03:26:09 +0000 Subject: [PATCH 01/85] auto-import xl2tpd-1.1.06-1 on branch devel from xl2tpd-1.1.06-1.src.rpm --- .cvsignore | 1 + sources | 1 + xl2tpd.spec | 250 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 252 insertions(+) create mode 100644 xl2tpd.spec diff --git a/.cvsignore b/.cvsignore index e69de29..bed62c3 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +xl2tpd-1.1.06.tar.gz diff --git a/sources b/sources index e69de29..6dad88a 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +44e5a85ecce622a0f55aafc42ce589a8 xl2tpd-1.1.06.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec new file mode 100644 index 0000000..58d7ef6 --- /dev/null +++ b/xl2tpd.spec @@ -0,0 +1,250 @@ +Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) +Name: xl2tpd +Version: 1.1.06 +Release: 1 +License: GPL +Url: http://www.xelerance.com/software/xl2tpd/ +Group: System Environment/Daemons +Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-1.1.06.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Requires: ppp +#BuildRequires: +Obsoletes: l2tpd + +%description +xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). +L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user +sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP +servers. Another important application is Virtual Private Networks where +the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec, +RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and +Mac OS X clients. On Linux, xl2tpd can be used in combination with IPsec +implementations such as Openswan. +Example configuration files for such a setup are included in this RPM. + +xl2tpd works by opening a pseudo-tty for communicating with pppd. +It runs completely in userspace. + + +%prep +%setup -q + +%build +make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY" + +%install +rm -rf %{buildroot} +make DESTDIR=%{buildroot} install +install -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf +install -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd +install -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets +install -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample +install -D -m755 packaging/fedora/xl2tpd.init %{buildroot}%{_initrddir}/xl2tpd + +%clean +rm -rf %{buildroot} + +%post +/sbin/chkconfig --add xl2tpd +# if we migrate from l2tpd to xl2tpd, copy the configs +if [ -f /etc/l2tpd/l2tpd.conf ] +then + echo "Old /etc/l2tpd configuration found, migrating to /etc/xl2tpd" + mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.rpmsave + cat /etc/l2tpd/l2tpd.conf | sed "s/options.l2tpd/options.xl2tpd/" > /etc/xl2tpd/xl2tpd.conf + mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.rpmsave + mv /etc/ppp/options.l2tpd /etc/ppp/options.xl2tpd + mv /etc/xl2tpd/l2tp-secrets /etc/xl2tpd/l2tpd-secrets.rpmsave + cp -a /etc/l2tpd/l2tp-secrets /etc/xl2tpd/l2tp-secrets + +fi + + +%preun +if [ $1 -eq 0 ]; then + /sbin/service xl2tpd stop > /dev/null 2>&1 + /sbin/chkconfig --del xl2tpd +fi + +%postun +if [ $1 -ge 1 ]; then + /sbin/service xl2tpd condrestart 2>&1 >/dev/null +fi + +%files +%defattr(-,root,root) +%doc BUGS CHANGES CREDITS LICENSE README TODO doc/rfc2661.txt +%doc doc/README.patents examples/chapsecrets.sample +%{_sbindir}/xl2tpd +%{_mandir}/*/* +%dir %{_sysconfdir}/xl2tpd +%config(noreplace) %{_sysconfdir}/xl2tpd/* +%config(noreplace) %{_sysconfdir}/ppp/* +%attr(0755,root,root) %{_initrddir}/xl2tpd + + +%changelog +* Mon Dec 4 2006 Paul Wouters 1.1.06-1 +- Rebased spec file on Fedora Extras copy, but using xl2tpd as package name + +* Sun Nov 27 2005 Paul Wouters 0.69.20051030 +- Pulled up sourceforget.net CVS fixes. +- various debugging added, but debugging should not be on by default. +- async/sync conversion routines must be ready for possibility that the read + will block due to routing loops. +- refactor control socket handling. +- move all logic about pty usage to pty.c. Try ptmx first, if it fails try + legacy ptys +- rename log() to l2tp_log(), as "log" is a math function. +- if we aren't deamonized, then log to stderr. +- added install: and DESTDIR support. + +* Thu Oct 20 2005 Paul Wouters 0.69-13 +- Removed suse/mandrake specifics. Comply for Fedora Extras guidelines + +* Tue Jun 21 2005 Jacco de Leeuw 0.69-12jdl +- Added log() patch by Paul Wouters so that l2tpd compiles on FC4. + +* Sat Jun 4 2005 Jacco de Leeuw +- l2tpd.org has been hijacked. Project moved back to SourceForge: + http://l2tpd.sourceforge.net + +* Tue May 3 2005 Jacco de Leeuw +- Small Makefile fixes. Explicitly use gcc instead of cc. + Network services library was not linked on Solaris due to typo. + +* Thu Mar 17 2005 Jacco de Leeuw 0.69-11jdl +- Choosing between SysV or BSD style ptys is now configurable through + a compile-time boolean "unix98pty". + +* Fri Feb 4 2005 Jacco de Leeuw +- Added code from Roaring Penguin (rp-l2tp) to support SysV-style ptys. + Requires the N_HDLC kernel module. + +* Fri Nov 26 2004 Jacco de Leeuw +- Updated the README. + +* Wed Nov 10 2004 Jacco de Leeuw 0.69-10jdl +- Patch by Marald Klein and Roger Luethi. Fixes writing PID file. + (http://l2tpd.graffl.net/msg01790.html) + Long overdue. Rereleasing 10jdl. + +* Tue Nov 9 2004 Jacco de Leeuw 0.69-10jdl +- [SECURITY FIX] Added fix from Debian because of a bss-based + buffer overflow. + (http://www.mail-archive.com/l2tpd-devel@l2tpd.org/msg01071.html) +- Mandrake's FreeS/WAN, Openswan and Strongswan RPMS use configuration + directories /etc/{freeswan,openswan,strongswan}. Install our + configuration files to /etc/ipsec.d and create symbolic links in + those directories. + +* Tue Aug 18 2004 Jacco de Leeuw +- Removed 'leftnexthop=' lines. Not relevant for recent versions + of FreeS/WAN and derivates. + +* Tue Jan 20 2004 Jacco de Leeuw 0.69-9jdl +- Added "noccp" because of too much MPPE/CCP messages sometimes. + +* Wed Dec 31 2003 Jacco de Leeuw +- Added patch in order to prevent StopCCN messages. + +* Sat Aug 23 2003 Jacco de Leeuw +- MTU/MRU 1410 seems to be the lowest possible for MSL2TP. + For Windows 2000/XP it doesn't seem to matter. +- Typo in l2tpd.conf (192.168.128/25). + +* Fri Aug 8 2003 Jacco de Leeuw 0.69-8jdl +- Added MTU/MRU 1400 to options.l2tpd. I don't know the optimal + value but some apps had problems with the default value. + +* Fri Aug 1 2003 Jacco de Leeuw +- Added workaround for the missing hostname bug in the MSL2TP client + ('Specify your hostname', error 629: "You have been disconnected + from the computer you are dialing"). + +* Thu Jul 20 2003 Jacco de Leeuw 0.69-7jdl +- Added the "listen-addr" global parameter for l2tpd.conf. By + default, the daemon listens on *all* interfaces. Use + "listen-addr" if you want it to bind to one specific + IP address (interface), for security reasons. (See also: + http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Firewallwarning) +- Explained in l2tpd.conf that two different IP addresses should be + used for 'listen-addr' and 'local ip'. +- Modified init script. Upgrades should work better now. You + still need to start/chkconfig l2tpd manually. +- Renamed the example Openswan .conf files to better reflect + the situation. There are two variants using different portselectors. + Previously I thought Windows 2000/XP used portselector 17/0 + and the rest used 17/1701. But with the release of an updated + IPsec client by Microsoft, it turns out that 17/0 must have + been a mistake: the updated client now also uses 17/1701. + +* Mon Apr 10 2003 Jacco de Leeuw 0.69-6jdl +- Changed sample chap-secrets to be valid only for specific + IP addresses. + +* Thu Mar 13 2003 Bernhard Thoni +- Adjustments for SuSE8.x (thanks, Bernhard!) +- Added sample chap-secrets. + +* Thu Mar 6 2003 Jacco de Leeuw 0.69-5jdl +- Replaced Dominique's patch by Damion de Soto's, which does not + depend on the N_HDLC kernel module. + +* Wed Feb 26 2003 Jacco de Leeuw 0.69-4jdl +- Seperate example config files for Win9x (MSL2TP) and Win2K/XP + due to left/rightprotoport differences. + Fixing preun for Red Hat. + +* Mon Feb 3 2003 Jacco de Leeuw 0.69-3jdl +- Mandrake uses /etc/freeswan/ instead of /etc/ipsec.d/ + Error fixed: source6 was used for both PSK and CERT. + +* Wed Jan 29 2003 Jacco de Leeuw 0.69-3jdl +- Added Dominique Cressatti's pty patch in another attempt to + prevent the Windows 2000 Professional "loopback detected" error. + Seems to work! + +* Wed Dec 25 2002 Jacco de Leeuw 0.69-2jdl +- Added 'connect-delay' to PPP parameters in an attempt to + prevent the Windows 2000 Professional "loopback detected" error. + Didn't seem to work. + +* Fri Dec 13 2002 Jacco de Leeuw 0.69-1jdl +- Did not build on Red Hat 8.0. Solved by adding comments(?!). + Bug detected in spec file: chkconfig --list l2tpd does not work + on Red Hat 8.0. Not important enough to look into yet. + +* Sun Nov 17 2002 Jacco de Leeuw 0.69-1jdl +- Tested on Red Hat, required some changes. No gprintf. Used different + pty patch, otherwise wouldn't run. Added buildroot sanity check. + +* Sun Nov 10 2002 Jacco de Leeuw +- Specfile adapted from Mandrake Cooker. The original RPM can be + retrieved through: + http://www.rpmfind.net/linux/rpm2html/search.php?query=l2tpd +- Config path changed from /etc/l2tp/ to /etc/l2tpd/ + (Seems more logical and rp-l2tp already uses /etc/l2tp/). +- Do not run at boot or install. The original RPM uses a config file + which is completely commented out, but it still starts l2tpd on all + interfaces. Could be a security risk. This RPM does not start l2tpd, + the sysadmin has to edit the config file and start l2tpd explicitly. +- Renamed patches to start with l2tpd- +- Added dependencies for pppd, glibc-devel. +- Use %%{name} as much as possible. +- l2tp-secrets contains passwords, thus should not be world readable. +- Removed dependency on rpm-helper. + +* Mon Oct 21 2002 Lenny Cartier 0.69-3mdk +- from Per Øyvind Karlsen : + - PreReq and Requires + - Fix preun_service + +* Thu Oct 17 2002 Per Øyvind Karlsen 0.69-2mdk +- Move l2tpd from /usr/bin to /usr/sbin +- Added SysV initscript +- Patch0 +- Patch1 + +* Thu Oct 17 2002 Per Øyvind Karlsen 0.69-1mdk +- Initial release From 97dafa01c65f224bd3bfc5601ce4f9d4713de613 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Thu, 7 Dec 2006 17:52:47 +0000 Subject: [PATCH 02/85] - Changed space/tab replacing method Wed Dec 6 2006 Paul Wouters 1.1.06-4 - Added -p to keep original timestamps - Added temporary hack to change space/tab in init file. - Added /sbin/service dependancy Tue Dec 5 2006 Paul Wouters 1.1.06-3 - Added Requires(post) / Requires(preun) - changed init file to create /var/run/xl2tpd fixed a tab/space - changed control file to be within /var/run/xl2tpd/ Tue Dec 5 2006 Paul Wouters 1.1.06-2 - Changed Mr. Karlsen's name to not be a utf8 problem - Fixed Obosoletes/Provides to be more specific wrt l2tpd. - Added dist tag which accidentally got deleted. --- xl2tpd.spec | 50 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 58d7ef6..2012ca7 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.1.06 -Release: 1 +Release: 5%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -9,7 +9,11 @@ Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-1.1.06.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp #BuildRequires: -Obsoletes: l2tpd +Obsoletes: l2tpd <= 0.69-0.6.20051030.fc6 +Provides: l2tpd = 0.69-0.6.20051030.fc7 +Requires(post): /sbin/chkconfig +Requires(preun): /sbin/chkconfig +Requires(preun): /sbin/service %description xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). @@ -31,15 +35,17 @@ It runs completely in userspace. %build make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY" +sed -i -e 's|chkconfig:[ \t][ \t]*|chkconfig: |' packaging/fedora/xl2tpd.init %install rm -rf %{buildroot} make DESTDIR=%{buildroot} install -install -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf -install -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd -install -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets -install -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample -install -D -m755 packaging/fedora/xl2tpd.init %{buildroot}%{_initrddir}/xl2tpd +install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf +install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd +install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets +install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample +install -p -D -m755 packaging/fedora/xl2tpd.init %{buildroot}%{_initrddir}/xl2tpd + %clean rm -rf %{buildroot} @@ -55,15 +61,15 @@ then mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.rpmsave mv /etc/ppp/options.l2tpd /etc/ppp/options.xl2tpd mv /etc/xl2tpd/l2tp-secrets /etc/xl2tpd/l2tpd-secrets.rpmsave - cp -a /etc/l2tpd/l2tp-secrets /etc/xl2tpd/l2tp-secrets + cp -pa /etc/l2tpd/l2tp-secrets /etc/xl2tpd/l2tp-secrets fi %preun if [ $1 -eq 0 ]; then - /sbin/service xl2tpd stop > /dev/null 2>&1 - /sbin/chkconfig --del xl2tpd + /sbin/service xl2tpd stop > /dev/null 2>&1 + /sbin/chkconfig --del xl2tpd fi %postun @@ -84,6 +90,24 @@ fi %changelog +* Thu Dec 7 2006 Paul Wouters 1.1.06-5 +- Changed space/tab replacing method + +* Wed Dec 6 2006 Paul Wouters 1.1.06-4 +- Added -p to keep original timestamps +- Added temporary hack to change space/tab in init file. +- Added /sbin/service dependancy + +* Tue Dec 5 2006 Paul Wouters 1.1.06-3 +- Added Requires(post) / Requires(preun) +- changed init file to create /var/run/xl2tpd fixed a tab/space +- changed control file to be within /var/run/xl2tpd/ + +* Tue Dec 5 2006 Paul Wouters 1.1.06-2 +- Changed Mr. Karlsen's name to not be a utf8 problem +- Fixed Obosoletes/Provides to be more specific wrt l2tpd. +- Added dist tag which accidentally got deleted. + * Mon Dec 4 2006 Paul Wouters 1.1.06-1 - Rebased spec file on Fedora Extras copy, but using xl2tpd as package name @@ -236,15 +260,15 @@ fi - Removed dependency on rpm-helper. * Mon Oct 21 2002 Lenny Cartier 0.69-3mdk -- from Per Øyvind Karlsen : +- from Per 0yvind Karlsen : - PreReq and Requires - Fix preun_service -* Thu Oct 17 2002 Per Øyvind Karlsen 0.69-2mdk +* Thu Oct 17 2002 Per 0yvind Karlsen 0.69-2mdk - Move l2tpd from /usr/bin to /usr/sbin - Added SysV initscript - Patch0 - Patch1 -* Thu Oct 17 2002 Per Øyvind Karlsen 0.69-1mdk +* Thu Oct 17 2002 Per 0yvind Karlsen 0.69-1mdk - Initial release From 2328d3059437e323f88061621660d470c22d0b02 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 20 Feb 2007 20:06:17 +0000 Subject: [PATCH 03/85] updated sources --- sources | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources b/sources index 6dad88a..389b73c 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -44e5a85ecce622a0f55aafc42ce589a8 xl2tpd-1.1.06.tar.gz +56688bc2eaae6a55d92bdc9fa4680632 xl2tpd-1.1.07.tar.gz +5aebd437a6a9049a63c44825a6d1829c xl2tpd.init From b7229a8ccef841149555d684ae6d9017e87d62e5 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 20 Feb 2007 20:11:00 +0000 Subject: [PATCH 04/85] - Upgraded to 1.1.07 - Added /var/run/xl2tpd to the spec file so this pacakge owns /var/run/xl2tpd --- xl2tpd.spec | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 2012ca7..774b43e 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.1.06 -Release: 5%{?dist} +Version: 1.1.07 +Release: 1%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -45,6 +45,7 @@ install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/o install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample install -p -D -m755 packaging/fedora/xl2tpd.init %{buildroot}%{_initrddir}/xl2tpd +install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %clean @@ -87,9 +88,14 @@ fi %config(noreplace) %{_sysconfdir}/xl2tpd/* %config(noreplace) %{_sysconfdir}/ppp/* %attr(0755,root,root) %{_initrddir}/xl2tpd - +%dir %{_localstatedir}/run/xl2tpd %changelog +* Tue Feb 20 2007 Paul Wouters 1.1.07-1 +- Upgraded to 1.1.07 +- Added /var/run/xl2tpd to the spec file so this pacakge + owns /var/run/xl2tpd + * Thu Dec 7 2006 Paul Wouters 1.1.06-5 - Changed space/tab replacing method From 5ef7e8390b55e410d568653890ab801f0499f0de Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 20 Feb 2007 20:12:39 +0000 Subject: [PATCH 05/85] .cvsignore --- .cvsignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.cvsignore b/.cvsignore index bed62c3..a637210 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1,3 @@ xl2tpd-1.1.06.tar.gz +xl2tpd-1.1.07.tar.gz +xl2tpd.init From 77501b1d62a970e0788653d00e5cec51577c5a45 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 20 Feb 2007 20:17:26 +0000 Subject: [PATCH 06/85] Fixed harcoded version in Source to use version macro instead. --- xl2tpd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 774b43e..a801517 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,11 +1,11 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.1.07 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons -Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-1.1.06.tar.gz +Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp #BuildRequires: From 4f5868c25fa51a98d52bea800e34f8378607ec2c Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 20 Feb 2007 20:20:49 +0000 Subject: [PATCH 07/85] updated changelog --- xl2tpd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xl2tpd.spec b/xl2tpd.spec index a801517..a307aac 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -91,6 +91,10 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +%changelog +* Tue Feb 20 2007 Paul Wouters 1.1.07-2 +- Fixed version usage in source macro + * Tue Feb 20 2007 Paul Wouters 1.1.07-1 - Upgraded to 1.1.07 - Added /var/run/xl2tpd to the spec file so this pacakge From 8ba1415f8b9db0c01c84d3ada7c19d177653fcba Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Fri, 23 Feb 2007 18:18:50 +0000 Subject: [PATCH 08/85] - Upgraded to 1.1.08 - This works around the ppp-2.4.2-6.4 issue of not dying on SIGTERM --- .cvsignore | 1 + sources | 1 + xl2tpd.spec | 9 ++++++--- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index a637210..2a4d207 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,4 @@ xl2tpd-1.1.06.tar.gz xl2tpd-1.1.07.tar.gz xl2tpd.init +xl2tpd-1.1.08.tar.gz diff --git a/sources b/sources index 389b73c..eb65b53 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ 56688bc2eaae6a55d92bdc9fa4680632 xl2tpd-1.1.07.tar.gz 5aebd437a6a9049a63c44825a6d1829c xl2tpd.init +d0c310b7a135b385ab5a61325e56566a xl2tpd-1.1.08.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index a307aac..3480fd4 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.1.07 -Release: 2%{?dist} +Version: 1.1.08 +Release: 1%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -91,7 +91,10 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog -%changelog +* Fri Feb 23 2007 Paul Wouters 1.1.08-1 +- Upgraded to 1.1.08 +- This works around the ppp-2.4.2-6.4 issue of not dying on SIGTERM + * Tue Feb 20 2007 Paul Wouters 1.1.07-2 - Fixed version usage in source macro From 24bff0b1a964170f2e16779f601cbca70da9b6d4 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Fri, 23 Feb 2007 18:37:56 +0000 Subject: [PATCH 09/85] - Bump for EVR --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 3480fd4..b98e119 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.1.08 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -91,6 +91,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Fri Feb 23 2007 Paul Wouters 1.1.08-2 +- Bump for EVR + * Fri Feb 23 2007 Paul Wouters 1.1.08-1 - Upgraded to 1.1.08 - This works around the ppp-2.4.2-6.4 issue of not dying on SIGTERM From cf407c829f8ed518a8205b1d5fb30e4e58373ea1 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 20 Mar 2007 01:53:33 +0000 Subject: [PATCH 10/85] new version upstream --- xl2tpd.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index b98e119..f6077ed 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.1.08 -Release: 2%{?dist} +Version: 1.1.09 +Release: 1%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -91,6 +91,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Mon Mar 19 2007 Paul Wouters 1.1.09-1 +- Upgraded to 1.1.09 + * Fri Feb 23 2007 Paul Wouters 1.1.08-2 - Bump for EVR From 18621a0fe60322e2f0468fd0a10593b622d630f7 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 20 Mar 2007 01:56:34 +0000 Subject: [PATCH 11/85] new upstream source --- .cvsignore | 1 + sources | 1 + 2 files changed, 2 insertions(+) diff --git a/.cvsignore b/.cvsignore index 2a4d207..1eb176c 100644 --- a/.cvsignore +++ b/.cvsignore @@ -2,3 +2,4 @@ xl2tpd-1.1.06.tar.gz xl2tpd-1.1.07.tar.gz xl2tpd.init xl2tpd-1.1.08.tar.gz +xl2tpd-1.1.09.tar.gz diff --git a/sources b/sources index eb65b53..28969d2 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ 56688bc2eaae6a55d92bdc9fa4680632 xl2tpd-1.1.07.tar.gz 5aebd437a6a9049a63c44825a6d1829c xl2tpd.init d0c310b7a135b385ab5a61325e56566a xl2tpd-1.1.08.tar.gz +7782de2b3a37631bcf83305127aca9ac xl2tpd-1.1.09.tar.gz From 06eb6c9b861137776dfa76ac96fa312995fc1d06 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sat, 28 Jul 2007 17:18:35 +0000 Subject: [PATCH 12/85] upgraded to version 1.1.11-1 --- .cvsignore | 1 + sources | 1 + xl2tpd.spec | 5 ++++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.cvsignore b/.cvsignore index 1eb176c..d497d77 100644 --- a/.cvsignore +++ b/.cvsignore @@ -3,3 +3,4 @@ xl2tpd-1.1.07.tar.gz xl2tpd.init xl2tpd-1.1.08.tar.gz xl2tpd-1.1.09.tar.gz +xl2tpd-1.1.11.tar.gz diff --git a/sources b/sources index 28969d2..878f1e7 100644 --- a/sources +++ b/sources @@ -2,3 +2,4 @@ 5aebd437a6a9049a63c44825a6d1829c xl2tpd.init d0c310b7a135b385ab5a61325e56566a xl2tpd-1.1.08.tar.gz 7782de2b3a37631bcf83305127aca9ac xl2tpd-1.1.09.tar.gz +ab5656eb5a3d1973f7f69b039675332e xl2tpd-1.1.11.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index f6077ed..7f8768a 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,6 +1,6 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.1.09 +Version: 1.1.11 Release: 1%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ @@ -91,6 +91,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Sat Jul 28 2007 Paul Wouters 1.1.11-1 +- Upgraded to 1.1.11 + * Mon Mar 19 2007 Paul Wouters 1.1.09-1 - Upgraded to 1.1.09 From 6b6c0c42d0defd3c9c4cdfbca05783b420c69070 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sat, 28 Jul 2007 17:30:14 +0000 Subject: [PATCH 13/85] Include new split README.* --- xl2tpd.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 7f8768a..f13d8e6 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.1.11 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -80,7 +80,7 @@ fi %files %defattr(-,root,root) -%doc BUGS CHANGES CREDITS LICENSE README TODO doc/rfc2661.txt +%doc BUGS CHANGES CREDITS LICENSE README.* TODO doc/rfc2661.txt %doc doc/README.patents examples/chapsecrets.sample %{_sbindir}/xl2tpd %{_mandir}/*/* @@ -91,8 +91,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog -* Sat Jul 28 2007 Paul Wouters 1.1.11-1 +* Sat Jul 28 2007 Paul Wouters 1.1.11-2 - Upgraded to 1.1.11 +- Include new split README.* * Mon Mar 19 2007 Paul Wouters 1.1.09-1 - Upgraded to 1.1.09 From 1b9db3e2d30401b185efc5b0813f645934e4ad49 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Wed, 29 Aug 2007 05:26:44 +0000 Subject: [PATCH 14/85] - Rebuild for selinux ppc32 issue. --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index f13d8e6..1f6804a 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.1.11 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -91,6 +91,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Wed Aug 29 2007 Fedora Release Engineering - 1.1.11-3 +- Rebuild for selinux ppc32 issue. + * Sat Jul 28 2007 Paul Wouters 1.1.11-2 - Upgraded to 1.1.11 - Include new split README.* From 72deb3930fde76083de9d48f3f9551de2cf716ae Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Fri, 26 Oct 2007 04:09:58 +0000 Subject: [PATCH 15/85] Fri Oct 26 2007 Paul Wouters 1.1.12-1 - Upgraded to new release upstream - Removed l2tpd to xl2tpd migration in post --- .cvsignore | 1 + sources | 4 +--- xl2tpd.spec | 23 ++++++----------------- 3 files changed, 8 insertions(+), 20 deletions(-) diff --git a/.cvsignore b/.cvsignore index d497d77..2d09f04 100644 --- a/.cvsignore +++ b/.cvsignore @@ -4,3 +4,4 @@ xl2tpd.init xl2tpd-1.1.08.tar.gz xl2tpd-1.1.09.tar.gz xl2tpd-1.1.11.tar.gz +xl2tpd-1.1.12.tar.gz diff --git a/sources b/sources index 878f1e7..a171a7b 100644 --- a/sources +++ b/sources @@ -1,5 +1,3 @@ -56688bc2eaae6a55d92bdc9fa4680632 xl2tpd-1.1.07.tar.gz 5aebd437a6a9049a63c44825a6d1829c xl2tpd.init -d0c310b7a135b385ab5a61325e56566a xl2tpd-1.1.08.tar.gz -7782de2b3a37631bcf83305127aca9ac xl2tpd-1.1.09.tar.gz ab5656eb5a3d1973f7f69b039675332e xl2tpd-1.1.11.tar.gz +8ace771a29139485c0edf428091cad5d xl2tpd-1.1.12.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index 1f6804a..d4fecdd 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.1.11 -Release: 3%{?dist} +Version: 1.1.12 +Release: 1%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -9,8 +9,6 @@ Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp #BuildRequires: -Obsoletes: l2tpd <= 0.69-0.6.20051030.fc6 -Provides: l2tpd = 0.69-0.6.20051030.fc7 Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service @@ -53,19 +51,6 @@ rm -rf %{buildroot} %post /sbin/chkconfig --add xl2tpd -# if we migrate from l2tpd to xl2tpd, copy the configs -if [ -f /etc/l2tpd/l2tpd.conf ] -then - echo "Old /etc/l2tpd configuration found, migrating to /etc/xl2tpd" - mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.rpmsave - cat /etc/l2tpd/l2tpd.conf | sed "s/options.l2tpd/options.xl2tpd/" > /etc/xl2tpd/xl2tpd.conf - mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.rpmsave - mv /etc/ppp/options.l2tpd /etc/ppp/options.xl2tpd - mv /etc/xl2tpd/l2tp-secrets /etc/xl2tpd/l2tpd-secrets.rpmsave - cp -pa /etc/l2tpd/l2tp-secrets /etc/xl2tpd/l2tp-secrets - -fi - %preun if [ $1 -eq 0 ]; then @@ -91,6 +76,10 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Fri Oct 26 2007 Paul Wouters 1.1.12-1 +- Upgraded to new release upstream +- Removed l2tpd to xl2tpd migration in post + * Wed Aug 29 2007 Fedora Release Engineering - 1.1.11-3 - Rebuild for selinux ppc32 issue. From 26060749e93ad3c98c05b68304e8f796ab44098a Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Tue, 19 Feb 2008 20:17:37 +0000 Subject: [PATCH 16/85] - Autorebuild for GCC 4.3 --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index d4fecdd..376c70c 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.1.12 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -76,6 +76,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Tue Feb 19 2008 Fedora Release Engineering - 1.1.12-2 +- Autorebuild for GCC 4.3 + * Fri Oct 26 2007 Paul Wouters 1.1.12-1 - Upgraded to new release upstream - Removed l2tpd to xl2tpd migration in post From 333859df55965c70cff8ad41a9c5984cdaa025cf Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Sat, 6 Sep 2008 21:42:18 +0000 Subject: [PATCH 17/85] fix license tag --- xl2tpd.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 376c70c..fc093ec 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,8 +1,9 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.1.12 -Release: 2%{?dist} -License: GPL +Release: 3%{?dist} +# No version specified. +License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz @@ -76,6 +77,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Sat Sep 6 2008 Tom "spot" Callaway 1.1.12-3 +- fix license tag + * Tue Feb 19 2008 Fedora Release Engineering - 1.1.12-2 - Autorebuild for GCC 4.3 From 550a740a68ef54d3359c2c40766cafced2cbfc61 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Thu, 9 Oct 2008 23:34:22 +0000 Subject: [PATCH 18/85] - Updated to new upstream release --- .cvsignore | 1 + sources | 1 + xl2tpd.spec | 7 +++++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.cvsignore b/.cvsignore index 2d09f04..701ab82 100644 --- a/.cvsignore +++ b/.cvsignore @@ -5,3 +5,4 @@ xl2tpd-1.1.08.tar.gz xl2tpd-1.1.09.tar.gz xl2tpd-1.1.11.tar.gz xl2tpd-1.1.12.tar.gz +xl2tpd-1.2.0.tar.gz diff --git a/sources b/sources index a171a7b..4239c2e 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ 5aebd437a6a9049a63c44825a6d1829c xl2tpd.init ab5656eb5a3d1973f7f69b039675332e xl2tpd-1.1.11.tar.gz 8ace771a29139485c0edf428091cad5d xl2tpd-1.1.12.tar.gz +07463b89394ff80ad6ee800d005d45b0 xl2tpd-1.2.0.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index fc093ec..7f5b672 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.1.12 -Release: 3%{?dist} +Version: 1.2.0 +Release: 1%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -77,6 +77,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Thu Oct 9 2008 Paul Wouters - 1.2.0-1 +- Updated to new upstream release + * Sat Sep 6 2008 Tom "spot" Callaway 1.1.12-3 - fix license tag From 173fa11d482cfc79da8045e5c7b19b8c2fbeadc2 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Thu, 26 Feb 2009 09:47:41 +0000 Subject: [PATCH 19/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 7f5b672..4660712 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.2.0 -Release: 1%{?dist} +Release: 2%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -77,6 +77,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Thu Feb 26 2009 Fedora Release Engineering - 1.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + * Thu Oct 9 2008 Paul Wouters - 1.2.0-1 - Updated to new upstream release From bba24c50cbaf05ae1b14905c7102dc724aea02ef Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sun, 8 Mar 2009 23:39:37 +0000 Subject: [PATCH 20/85] - Upgraded to 1.2.4 --- .cvsignore | 1 + sources | 1 + xl2tpd.spec | 7 +++++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.cvsignore b/.cvsignore index 701ab82..46b9478 100644 --- a/.cvsignore +++ b/.cvsignore @@ -6,3 +6,4 @@ xl2tpd-1.1.09.tar.gz xl2tpd-1.1.11.tar.gz xl2tpd-1.1.12.tar.gz xl2tpd-1.2.0.tar.gz +xl2tpd-1.2.4.tar.gz diff --git a/sources b/sources index 4239c2e..fb39b6b 100644 --- a/sources +++ b/sources @@ -2,3 +2,4 @@ ab5656eb5a3d1973f7f69b039675332e xl2tpd-1.1.11.tar.gz 8ace771a29139485c0edf428091cad5d xl2tpd-1.1.12.tar.gz 07463b89394ff80ad6ee800d005d45b0 xl2tpd-1.2.0.tar.gz +d94fc8a13596f12a561240dfcea9f977 xl2tpd-1.2.4.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index 4660712..4befc8f 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.2.0 -Release: 2%{?dist} +Version: 1.2.4 +Release: 1%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -77,6 +77,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Sun Mar 08 2009 Paul Wouters - 1.2.4-1 +- Upgraded to 1.2.4 + * Thu Feb 26 2009 Fedora Release Engineering - 1.2.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild From 49f5583bbed50f30368fb3ecbc07cc72e5654304 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sun, 8 Mar 2009 23:43:38 +0000 Subject: [PATCH 21/85] clean up sources --- sources | 3 --- 1 file changed, 3 deletions(-) diff --git a/sources b/sources index fb39b6b..950d139 100644 --- a/sources +++ b/sources @@ -1,5 +1,2 @@ 5aebd437a6a9049a63c44825a6d1829c xl2tpd.init -ab5656eb5a3d1973f7f69b039675332e xl2tpd-1.1.11.tar.gz -8ace771a29139485c0edf428091cad5d xl2tpd-1.1.12.tar.gz -07463b89394ff80ad6ee800d005d45b0 xl2tpd-1.2.0.tar.gz d94fc8a13596f12a561240dfcea9f977 xl2tpd-1.2.4.tar.gz From f89a0cf6094a624f05ea0c5a2e9c89e55dfa50ad Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sun, 8 Mar 2009 23:54:46 +0000 Subject: [PATCH 22/85] Merged in updates to spec from upstream --- xl2tpd.spec | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 4befc8f..5061c90 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -9,7 +9,11 @@ Group: System Environment/Daemons Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp -#BuildRequires: +%if 0%{?el3}%{?el4} +BuildRequires: libpcap +%else +BuildRequires: libpcap-devel +%endif Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service @@ -28,6 +32,16 @@ Example configuration files for such a setup are included in this RPM. xl2tpd works by opening a pseudo-tty for communicating with pppd. It runs completely in userspace. +xl2tpd supports IPsec SA Reference tracking to enable overlapping internak +NAT'ed IP's by different clients (eg all clients connecting from their +linksys internal IP 192.168.1.101) as well as multiple clients behind +the same NAT router. + +xl2tpd supports the pppol2tp kernel mode operations on 2.6.23 or higher, +or via a patch in contrib for 2.4.x kernels. + +Xl2tpd is based on the 0.69 L2TP by Jeff McAdams +It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep %setup -q @@ -38,7 +52,7 @@ sed -i -e 's|chkconfig:[ \t][ \t]*|chkconfig: |' packaging/fedora/xl2tpd.init %install rm -rf %{buildroot} -make DESTDIR=%{buildroot} install +make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets @@ -69,6 +83,7 @@ fi %doc BUGS CHANGES CREDITS LICENSE README.* TODO doc/rfc2661.txt %doc doc/README.patents examples/chapsecrets.sample %{_sbindir}/xl2tpd +%{_bindir}/pfc %{_mandir}/*/* %dir %{_sysconfdir}/xl2tpd %config(noreplace) %{_sysconfdir}/xl2tpd/* @@ -79,6 +94,7 @@ fi %changelog * Sun Mar 08 2009 Paul Wouters - 1.2.4-1 - Upgraded to 1.2.4 +- Merged spec file with upstream * Thu Feb 26 2009 Fedora Release Engineering - 1.2.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild From d93161c696bf9799cd86fe73e2a2e74871fbbdb2 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 9 Mar 2009 00:19:56 +0000 Subject: [PATCH 23/85] updated init file for https://bugzilla.redhat.com/show_bug.cgi?id=247100 --- xl2tpd.init | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 xl2tpd.init diff --git a/xl2tpd.init b/xl2tpd.init new file mode 100644 index 0000000..6b9e732 --- /dev/null +++ b/xl2tpd.init @@ -0,0 +1,94 @@ +#!/bin/sh +# +# xl2tpd This shell script takes care of starting and stopping l2tpd. +# +# chkconfig: - 80 30 +# description: Layer 2 Tunnelling Protocol Daemon (RFC 2661) +# +# processname: /usr/sbin/xl2tpd +# config: /etc/xl2tpd/xl2tpd.conf +# pidfile: /var/run/xl2tpd.pid + +### BEGIN INIT INFO +# Provides: xl2tpd +# Required-Start: $local_fs $network $syslog +# Required-Stop: $local_fs $network $syslog +# Default-Start: +# Short-Description: start|stop|status|restart|try-restart|reload|force-reload xl2tpd server +# Description: control xl2tpd server +### END INIT INFO + +#Servicename +SERVICE=xl2tpd + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +if [ ${NETWORKING} = "no" ] +then + exit 0 +fi + +[ -x /usr/sbin/$SERVICE ] || exit 0 + +RETVAL=0 + +start() { + echo -n "Starting $SERVICE: " + if [ ! -d /var/run/xl2tpd ] + then + mkdir /var/run/xl2tpd + fi + daemon $SERVICE + RETVAL=$? + echo + if [ $RETVAL -eq 0 ];then + touch /var/lock/subsys/$SERVICE + else + exit 7; + fi + return 0; +} + +stop() { + echo -n "Stopping $SERVICE: " + killproc $SERVICE + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + rm -f /var/run/xl2tpd/$SERVICE + rm -f /var/lock/subsys/$SERVICE + fi + echo + return $RETVAL +} + +restart() { + stop + start +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status $SERVICE + RETVAL=$? + ;; + restart|reload) + restart + ;; + condrestart) + [ -f /var/lock/subsys/$SERVICE ] && restart || : + ;; + *) + echo "Usage: $SERVICE {start|stop|status|restart|reload|condrestart}" + exit 1 +esac From 3e853ed302e42bd6c6e266f9b7bcc938c5994d64 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 9 Mar 2009 00:20:30 +0000 Subject: [PATCH 24/85] updated sources --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index 950d139..737cfe5 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -5aebd437a6a9049a63c44825a6d1829c xl2tpd.init d94fc8a13596f12a561240dfcea9f977 xl2tpd-1.2.4.tar.gz +f796838eb19fb36d23ba8f25139302e3 xl2tpd.init From ad80b84ea311c70afe74b27664ced2856f41a409 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 9 Mar 2009 00:26:12 +0000 Subject: [PATCH 25/85] -Fix initscript for https://bugzilla.redhat.com/show_bug.cgi?id=247100 --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 5061c90..c3e4615 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.2.4 -Release: 1%{?dist} +Release: 2%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -92,6 +92,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Sun Mar 08 2009 Paul Wouters - 1.2.4-2 +-Fix initscript for https://bugzilla.redhat.com/show_bug.cgi?id=247100 + * Sun Mar 08 2009 Paul Wouters - 1.2.4-1 - Upgraded to 1.2.4 - Merged spec file with upstream From a05c0640c06662eeb33fa74f6ce5345ca80b0620 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 9 Mar 2009 00:28:09 +0000 Subject: [PATCH 26/85] bump --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index c3e4615..ba0dfbc 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.2.4 -Release: 2%{?dist} +Release: 3%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -92,6 +92,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Sun Mar 08 2009 Paul Wouters - 1.2.4-3 +- Bump version for tagging mistake + * Sun Mar 08 2009 Paul Wouters - 1.2.4-2 -Fix initscript for https://bugzilla.redhat.com/show_bug.cgi?id=247100 From f8910437e5151c052f162818fdff446991ae21ba Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Mon, 27 Jul 2009 08:07:42 +0000 Subject: [PATCH 27/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index ba0dfbc..65fc8b9 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.2.4 -Release: 3%{?dist} +Release: 4%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -92,6 +92,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Mon Jul 27 2009 Fedora Release Engineering - 1.2.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + * Sun Mar 08 2009 Paul Wouters - 1.2.4-3 - Bump version for tagging mistake From 3aa8a79cad78d11690b1a28bfe75da938b732d86 Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Wed, 25 Nov 2009 22:40:59 +0000 Subject: [PATCH 28/85] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8bab16b..92d29de 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ NAME := xl2tpd SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From 9af6d577d29de6976e5a39ffcfe5a302c071d8fe Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sun, 10 Jan 2010 04:42:08 +0000 Subject: [PATCH 29/85] - Upgraded to 1.2.5. (fixes interop with two Windows machines behind same NAT) - Fix mix space/tab in spec file - Added missing keyword Default-Stop --- .cvsignore | 1 + sources | 2 +- xl2tpd.init | 1 + xl2tpd.spec | 13 +++++++++---- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.cvsignore b/.cvsignore index 46b9478..8b92b2b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -7,3 +7,4 @@ xl2tpd-1.1.11.tar.gz xl2tpd-1.1.12.tar.gz xl2tpd-1.2.0.tar.gz xl2tpd-1.2.4.tar.gz +xl2tpd-1.2.5.tar.gz diff --git a/sources b/sources index 737cfe5..f5d735c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -d94fc8a13596f12a561240dfcea9f977 xl2tpd-1.2.4.tar.gz f796838eb19fb36d23ba8f25139302e3 xl2tpd.init +40404ea230edd9ebdd0d53f07c832520 xl2tpd-1.2.5.tar.gz diff --git a/xl2tpd.init b/xl2tpd.init index 6b9e732..e0494e3 100644 --- a/xl2tpd.init +++ b/xl2tpd.init @@ -14,6 +14,7 @@ # Required-Start: $local_fs $network $syslog # Required-Stop: $local_fs $network $syslog # Default-Start: +# Default-Stop: 0 1 2 3 4 5 6 # Short-Description: start|stop|status|restart|try-restart|reload|force-reload xl2tpd server # Description: control xl2tpd server ### END INIT INFO diff --git a/xl2tpd.spec b/xl2tpd.spec index 65fc8b9..ad5f02f 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.2.4 -Release: 4%{?dist} +Version: 1.2.5 +Release: 1%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -69,8 +69,8 @@ rm -rf %{buildroot} %preun if [ $1 -eq 0 ]; then - /sbin/service xl2tpd stop > /dev/null 2>&1 - /sbin/chkconfig --del xl2tpd + /sbin/service xl2tpd stop > /dev/null 2>&1 + /sbin/chkconfig --del xl2tpd fi %postun @@ -92,6 +92,11 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Sat Jan 09 2010 Paul Wouters - 1.2.5-1 +- Upgraded to 1.2.5. (fixes interop with two Windows machines behind same NAT) +- Fix mix space/tab in spec file +- Added missing keyword Default-Stop + * Mon Jul 27 2009 Fedora Release Engineering - 1.2.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild From df62e198052fe9f970ab197b6a4c3d9132b779f2 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sun, 10 Jan 2010 05:00:41 +0000 Subject: [PATCH 30/85] - Bump for EVR --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index ad5f02f..ad400c8 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.2.5 -Release: 1%{?dist} +Release: 2%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -92,6 +92,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Sat Jan 09 2010 Paul Wouters - 1.2.5-2 +- Bump for EVR + * Sat Jan 09 2010 Paul Wouters - 1.2.5-1 - Upgraded to 1.2.5. (fixes interop with two Windows machines behind same NAT) - Fix mix space/tab in spec file From 99c04f1ce22caf06c6899d0ad8b47b8cecbb2f5a Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 15:54:24 +0000 Subject: [PATCH 31/85] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index 92d29de..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: xl2tpd -# $Id$ -NAME := xl2tpd -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From 66f0b27a5a64cd36423d46371ff87640043f5807 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 30 Nov 2010 18:25:23 -0500 Subject: [PATCH 32/85] - Updated to 1.2.7 - Added more DEBUG build options to the make command - Minor cleanups --- .gitignore | 1 + sources | 2 +- xl2tpd.spec | 12 ++++++++---- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 8b92b2b..3d8193b 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ xl2tpd-1.1.12.tar.gz xl2tpd-1.2.0.tar.gz xl2tpd-1.2.4.tar.gz xl2tpd-1.2.5.tar.gz +/xl2tpd-1.2.7.tar.gz diff --git a/sources b/sources index f5d735c..457a799 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ f796838eb19fb36d23ba8f25139302e3 xl2tpd.init -40404ea230edd9ebdd0d53f07c832520 xl2tpd-1.2.5.tar.gz +cd13732664905194565ea7f07546876b xl2tpd-1.2.7.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index ad400c8..030122a 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.2.5 -Release: 2%{?dist} +Version: 1.2.7 +Release: 1%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -47,8 +47,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %setup -q %build -make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY" -sed -i -e 's|chkconfig:[ \t][ \t]*|chkconfig: |' packaging/fedora/xl2tpd.init +make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" %install rm -rf %{buildroot} @@ -92,6 +91,11 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Tue Nov 30 2010 Paul Wouters - 1.2.7-1 +- Updated to 1.2.7 +- Added more DEBUG build options to the make command +- Minor cleanups + * Sat Jan 09 2010 Paul Wouters - 1.2.5-2 - Bump for EVR From 742558af32630ef61d4ed1571cf1f2ed4188dd0c Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 30 Nov 2010 18:40:49 -0500 Subject: [PATCH 33/85] - fix md5 of init script in sources --- sources | 2 +- xl2tpd.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/sources b/sources index 457a799..fba6767 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -f796838eb19fb36d23ba8f25139302e3 xl2tpd.init +167f3e8621562c78dc66f07fe62e0638 xl2tpd.init cd13732664905194565ea7f07546876b xl2tpd-1.2.7.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index 030122a..777ff01 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.2.7 -Release: 1%{?dist} +Release: 2%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -91,6 +91,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Tue Nov 30 2010 Paul Wouters - 1.2.7-2 +- fix md5 of init script in sources + * Tue Nov 30 2010 Paul Wouters - 1.2.7-1 - Updated to 1.2.7 - Added more DEBUG build options to the make command From 5a2f89a54448776f32afc8d0a0bf6a01e4f22c63 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 30 Nov 2010 18:51:37 -0500 Subject: [PATCH 34/85] remove initscript from sources --- sources | 1 - 1 file changed, 1 deletion(-) diff --git a/sources b/sources index fba6767..7c8670a 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -167f3e8621562c78dc66f07fe62e0638 xl2tpd.init cd13732664905194565ea7f07546876b xl2tpd-1.2.7.tar.gz From 71fca9d8caef4bd69d9913efc0680ccf74c68f29 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Mon, 7 Feb 2011 23:20:23 -0600 Subject: [PATCH 35/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 777ff01..f6528c7 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.2.7 -Release: 2%{?dist} +Release: 3%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -91,6 +91,9 @@ fi %dir %{_localstatedir}/run/xl2tpd %changelog +* Mon Feb 07 2011 Fedora Release Engineering - 1.2.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Tue Nov 30 2010 Paul Wouters - 1.2.7-2 - fix md5 of init script in sources From 3d6729fe5d3b944e1a04bf87551e48e5baa621b0 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 23 Feb 2011 00:04:46 -0500 Subject: [PATCH 36/85] Added %ghost for /var/run/xl2tpd/l2tp-control --- xl2tpd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/xl2tpd.spec b/xl2tpd.spec index 777ff01..4468c90 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -89,6 +89,7 @@ fi %config(noreplace) %{_sysconfdir}/ppp/* %attr(0755,root,root) %{_initrddir}/xl2tpd %dir %{_localstatedir}/run/xl2tpd +%ghost %{_localstatedir}/run/xl2tpd/l2tp-control %changelog * Tue Nov 30 2010 Paul Wouters - 1.2.7-2 From 3ad4da4a1f9a101865b28bc24aae1999f628626e Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 23 Feb 2011 00:10:49 -0500 Subject: [PATCH 37/85] set file perms for %ghost file --- xl2tpd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 45e9df6..b32a39e 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -89,7 +89,7 @@ fi %config(noreplace) %{_sysconfdir}/ppp/* %attr(0755,root,root) %{_initrddir}/xl2tpd %dir %{_localstatedir}/run/xl2tpd -%ghost %{_localstatedir}/run/xl2tpd/l2tp-control +%ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog * Mon Feb 07 2011 Fedora Release Engineering - 1.2.7-3 From 9b714872c47f160d51600fd16f626a58e750a85d Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 23 Feb 2011 00:20:35 -0500 Subject: [PATCH 38/85] * Wed Feb 23 2011 Paul Wouters - 1.2.8-1 - Updated to 1.2.8 - Add ghosting for l2tp pipe (bz#656725) --- .gitignore | 1 + sources | 3 +-- xl2tpd.spec | 8 ++++++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 3d8193b..a5d847c 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ xl2tpd-1.2.0.tar.gz xl2tpd-1.2.4.tar.gz xl2tpd-1.2.5.tar.gz /xl2tpd-1.2.7.tar.gz +/xl2tpd-1.2.8.tar.gz diff --git a/sources b/sources index fba6767..1f27e48 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -167f3e8621562c78dc66f07fe62e0638 xl2tpd.init -cd13732664905194565ea7f07546876b xl2tpd-1.2.7.tar.gz +8748ac5e2f5289963d9a908eede546b5 xl2tpd-1.2.8.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index b32a39e..4f88cfc 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.2.7 -Release: 3%{?dist} +Version: 1.2.8 +Release: 1%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -92,6 +92,10 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Wed Feb 23 2011 Paul Wouters - 1.2.8-1 +- Updated to 1.2.8 +- Add ghosting for l2tp pipe (bz#656725) + * Mon Feb 07 2011 Fedora Release Engineering - 1.2.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild From b779b0cf4fa3a4a6e170ef719bf1aab27fe1406e Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sat, 23 Jul 2011 20:19:39 -0400 Subject: [PATCH 39/85] * Sat Jul 23 2011 Paul Wouters - 1.3.0-1 - Upgraded to 1.3.0 with better NetworkManager support - Compiled without DEBUG per default to gain more performance --- .gitignore | 1 + sources | 1 + xl2tpd.spec | 9 +++++++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a5d847c..821402a 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ xl2tpd-1.2.4.tar.gz xl2tpd-1.2.5.tar.gz /xl2tpd-1.2.7.tar.gz /xl2tpd-1.2.8.tar.gz +/xl2tpd-1.3.0.tar.gz diff --git a/sources b/sources index 1f27e48..ddbee21 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ 8748ac5e2f5289963d9a908eede546b5 xl2tpd-1.2.8.tar.gz +28264284552c442b24cf421755a2bb48 xl2tpd-1.3.0.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index 4f88cfc..e63b0e8 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,6 +1,6 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.2.8 +Version: 1.3.0 Release: 1%{?dist} # No version specified. License: GPL+ @@ -47,7 +47,8 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %setup -q %build -make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" +#make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" +make DFLAGS="$RPM_OPT_FLAGS -g %install rm -rf %{buildroot} @@ -92,6 +93,10 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sat Jul 23 2011 Paul Wouters - 1.3.0-1 +- Upgraded to 1.3.0 with better NetworkManager support +- Compiled without DEBUG per default to gain more performance + * Wed Feb 23 2011 Paul Wouters - 1.2.8-1 - Updated to 1.2.8 - Add ghosting for l2tp pipe (bz#656725) From 25106e0255cd6d26cc256f4d0a7ba3a56bf5023c Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sat, 23 Jul 2011 21:38:12 -0400 Subject: [PATCH 40/85] fix quote typo --- xl2tpd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index e63b0e8..fbcee7f 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -48,7 +48,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" -make DFLAGS="$RPM_OPT_FLAGS -g +make DFLAGS="$RPM_OPT_FLAGS -g " %install rm -rf %{buildroot} From 24be306bc8baeb1169e745c3698017ebcbdffd6b Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sat, 23 Jul 2011 21:58:30 -0400 Subject: [PATCH 41/85] Add the new xl2tpd-control binary. --- xl2tpd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xl2tpd.spec b/xl2tpd.spec index fbcee7f..470c441 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -83,6 +83,7 @@ fi %doc BUGS CHANGES CREDITS LICENSE README.* TODO doc/rfc2661.txt %doc doc/README.patents examples/chapsecrets.sample %{_sbindir}/xl2tpd +%{_sbindir}/xl2tpd-control %{_bindir}/pfc %{_mandir}/*/* %dir %{_sysconfdir}/xl2tpd @@ -96,6 +97,7 @@ fi * Sat Jul 23 2011 Paul Wouters - 1.3.0-1 - Upgraded to 1.3.0 with better NetworkManager support - Compiled without DEBUG per default to gain more performance +- Added xl2tpd-control * Wed Feb 23 2011 Paul Wouters - 1.2.8-1 - Updated to 1.2.8 From 76d8d219309b48cfc22e35420f681b210d1543c0 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 14 Jan 2012 03:00:00 -0600 Subject: [PATCH 42/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 1c6c40f..db1a5f9 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 1%{?dist} +Release: 2%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -94,6 +94,9 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sat Jan 14 2012 Fedora Release Engineering - 1.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + * Thu Oct 06 2011 Paul Wouters - 1.3.1-1 - Upgraded to 1.3.1 - Use ghost for /var/run files From 23c5a05ca90f553138fc0d218636bb3920b9b8ea Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 27 Feb 2012 22:53:55 -0500 Subject: [PATCH 43/85] * Tue Feb 28 2012 Paul Wouters - 1.3.1-3 - Converted to systemd - Added -Wunused patch to fix two minor warnings --- sources | 1 - xl2tpd.spec | 56 +++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 39 insertions(+), 18 deletions(-) diff --git a/sources b/sources index 696a55b..568bb82 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -28264284552c442b24cf421755a2bb48 xl2tpd-1.3.0.tar.gz cf61576fef5c2d6c68279a408ec1f0d5 xl2tpd-1.3.1.tar.gz diff --git a/xl2tpd.spec b/xl2tpd.spec index db1a5f9..0e56975 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,22 +1,23 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 2%{?dist} +Release: 3%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz +Source1: xl2tpd.service +Source2: tmpfiles-xl2tpd.conf +Patch1: xl2tpd-1.3.1-Wunused.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp -%if 0%{?el3}%{?el4} -BuildRequires: libpcap -%else BuildRequires: libpcap-devel -%endif -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/chkconfig -Requires(preun): /sbin/service +BuildRequires: systemd-units +Requires(post): systemd-sysv +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units %description xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). @@ -45,6 +46,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep %setup -q +%patch1 -p1 %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -53,31 +55,46 @@ make DFLAGS="$RPM_OPT_FLAGS -g " %install rm -rf %{buildroot} make DESTDIR=%{buildroot} PREFIX=%{_prefix} install +install -d 0755 %{buildroot}%{_unitdir} +install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/xl2tpd.service +mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ +install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf + + install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample -install -p -D -m755 packaging/fedora/xl2tpd.init %{buildroot}%{_initrddir}/xl2tpd install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %clean rm -rf %{buildroot} -%post -/sbin/chkconfig --add xl2tpd %preun if [ $1 -eq 0 ]; then - /sbin/service xl2tpd stop > /dev/null 2>&1 - /sbin/chkconfig --del xl2tpd + # Package removal, not upgrade + /bin/systemctl --no-reload disable xl2tpd.service > /dev/null 2>&1 || : + /bin/systemctl stop xl2tpd.service > /dev/null 2>&1 || : fi %postun -if [ $1 -ge 1 ]; then - /sbin/service xl2tpd condrestart 2>&1 >/dev/null +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ] ; then + # Package upgrade, not uninstall + /bin/systemctl try-restart xl2tpd.service >/dev/null 2>&1 || : fi +%triggerun -- xl2td < 1.3.1-3 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply xl2tpd +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save xl2tpd >/dev/null 2>&1 ||: +# Run these because the SysV package being removed won't do them +/sbin/chkconfig --del xl2tpd >/dev/null 2>&1 || : +/bin/systemctl try-restart xl2tpd.service >/dev/null 2>&1 || : + %files %defattr(-,root,root) %doc BUGS CHANGES CREDITS LICENSE README.* TODO doc/rfc2661.txt @@ -89,11 +106,16 @@ fi %dir %{_sysconfdir}/xl2tpd %config(noreplace) %{_sysconfdir}/xl2tpd/* %config(noreplace) %{_sysconfdir}/ppp/* -%attr(0755,root,root) %{_initrddir}/xl2tpd -%ghost %dir %{_localstatedir}/run/xl2tpd +%dir %{_localstatedir}/run/xl2tpd +%{_unitdir}/%{name}.service +%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue Feb 28 2012 Paul Wouters - 1.3.1-3 +- Converted to systemd +- Added -Wunused patch to fix two minor warnings + * Sat Jan 14 2012 Fedora Release Engineering - 1.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild From 21a192bf3f47b9f07620fb8101dd1fceb123ee5c Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 27 Feb 2012 22:59:47 -0500 Subject: [PATCH 44/85] Added systemd files and patch for xl2tpd --- tmpfiles-xl2tpd.conf | 1 + xl2tpd-1.3.1-Wunused.patch | 41 ++++++++++++++++++++++++++++++++++++++ xl2tpd.service | 13 ++++++++++++ 3 files changed, 55 insertions(+) create mode 100644 tmpfiles-xl2tpd.conf create mode 100644 xl2tpd-1.3.1-Wunused.patch create mode 100644 xl2tpd.service diff --git a/tmpfiles-xl2tpd.conf b/tmpfiles-xl2tpd.conf new file mode 100644 index 0000000..66bc6f8 --- /dev/null +++ b/tmpfiles-xl2tpd.conf @@ -0,0 +1 @@ +D /var/run/xl2tpd 0755 root root - diff --git a/xl2tpd-1.3.1-Wunused.patch b/xl2tpd-1.3.1-Wunused.patch new file mode 100644 index 0000000..67e7cd8 --- /dev/null +++ b/xl2tpd-1.3.1-Wunused.patch @@ -0,0 +1,41 @@ +diff --git a/control.c b/control.c +index 0892df9..a124d04 100644 +--- a/control.c ++++ b/control.c +@@ -1685,7 +1685,6 @@ void handle_special (struct buffer *buf, struct call *c, _u16 call) + * call if it was a CDN, otherwise, send a CDN to notify them + * that this call has been terminated. + */ +- struct buffer *outgoing; + struct tunnel *t = c->container; + /* Don't do anything unless it's a control packet */ + if (!CTBIT (*((_u16 *) buf->start))) +@@ -1705,7 +1704,6 @@ void handle_special (struct buffer *buf, struct call *c, _u16 call) + return; + } + /* Make a packet with the specified call number */ +- outgoing = new_outgoing (t); + /* FIXME: If I'm not a CDN, I need to send a CDN */ + control_zlb (buf, t, c); + c->cid = 0; +diff --git a/network.c b/network.c +index 783a181..82aedd7 100644 +--- a/network.c ++++ b/network.c +@@ -377,7 +377,7 @@ void network_thread () + * our network socket. Control handling is no longer done here. + */ + struct sockaddr_in from, to; +- unsigned int fromlen, tolen; ++ unsigned int fromlen; + int tunnel, call; /* Tunnel and call */ + int recvsize; /* Length of data received */ + struct buffer *buf; /* Payload buffer */ +@@ -443,7 +443,6 @@ void network_thread () + memset(&to, 0, sizeof(to)); + + fromlen = sizeof(from); +- tolen = sizeof(to); + + memset(&msgh, 0, sizeof(struct msghdr)); + iov.iov_base = buf->start; diff --git a/xl2tpd.service b/xl2tpd.service new file mode 100644 index 0000000..b17a447 --- /dev/null +++ b/xl2tpd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Level 2 Tunnel Protocol Daemon (L2TP) +After=syslog.target network.target +After=openswan.service +Wants=openswan.service + +[Service] +Type=simple +PIDFile=/var/run/xl2tpd/xl2tpd.pid +ExecStart=/usr/sbin/xl2tpd -D + +[Install] +WantedBy=multi-user.target From bd5a80d2611aa8b23fede2a5ef04b4f7e3aa9240 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Thu, 5 Apr 2012 13:22:35 -0400 Subject: [PATCH 45/85] * Thu Apr 05 2012 Paul Wouters - 1.3.1-4 - Fix parse error on lines > 80 chars, rhbz#806963 --- xl2tpd-bz80693.patch | 22 ++++++++++++++++++++++ xl2tpd.spec | 7 ++++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 xl2tpd-bz80693.patch diff --git a/xl2tpd-bz80693.patch b/xl2tpd-bz80693.patch new file mode 100644 index 0000000..e86f8da --- /dev/null +++ b/xl2tpd-bz80693.patch @@ -0,0 +1,22 @@ +diff --git a/file.c b/file.c +index 289aee6..d710e30 100644 +--- a/file.c ++++ b/file.c +@@ -1229,7 +1229,7 @@ int parse_config (FILE * f) + /* Read in the configuration file handed to us */ + /* FIXME: I should check for incompatible options */ + int context = 0; +- char buf[STRLEN]; ++ char buf[1024]; + char *s, *d, *t; + int linenum = 0; + int def = 0; +@@ -1395,7 +1395,7 @@ int parse_config (FILE * f) + } + if (!(t = strchr (s, '='))) + { +- l2tp_log (LOG_WARNING, "parse_config: line %d: no '=' in data\n", ++ l2tp_log (LOG_WARNING, "parse_config: line %d: line too long or no '=' in data\n", + linenum); + return -1; + } diff --git a/xl2tpd.spec b/xl2tpd.spec index 0e56975..ac13283 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 3%{?dist} +Release: 4%{?dist} # No version specified. License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ @@ -10,6 +10,7 @@ Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.1-Wunused.patch +Patch2: xl2tpd-bz80693.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp BuildRequires: libpcap-devel @@ -47,6 +48,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep %setup -q %patch1 -p1 +%patch2 -p1 %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -112,6 +114,9 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Thu Apr 05 2012 Paul Wouters - 1.3.1-4 +- Fix parse error on lines > 80 chars, rhbz#806963 + * Tue Feb 28 2012 Paul Wouters - 1.3.1-3 - Converted to systemd - Added -Wunused patch to fix two minor warnings From 8ecc1e56567d11f0058d16321b8fc858a45d0689 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 18 Apr 2012 18:07:37 -0400 Subject: [PATCH 46/85] * Wed Apr 18 2012 Paul Wouters - 1.3.1-5 - Added support for CONFIG_PPPOL2TP by sigwall - Require current ppp because some old versions lacked pppol2tp.so plugin --- xl2tpd-1.3.0-kernelmode.patch | 436 ++++++++++++++++++++++++++++++++++ xl2tpd.spec | 11 +- 2 files changed, 444 insertions(+), 3 deletions(-) create mode 100644 xl2tpd-1.3.0-kernelmode.patch diff --git a/xl2tpd-1.3.0-kernelmode.patch b/xl2tpd-1.3.0-kernelmode.patch new file mode 100644 index 0000000..fafa456 --- /dev/null +++ b/xl2tpd-1.3.0-kernelmode.patch @@ -0,0 +1,436 @@ +diff --git a/Makefile b/Makefile +index 6f6481f..778f38d 100644 +--- a/Makefile ++++ b/Makefile +@@ -62,8 +62,8 @@ + # are packages seperately (eg kernel-headers on Fedora) + # Note: 2.6.23+ support still needs some changes in the xl2tpd source + # +-#OSFLAGS+= -DUSE_KERNEL +-# ++# Kernel mode fixed by sigwall ++OSFLAGS+= -DUSE_KERNEL + # + # Uncomment the next line for FreeBSD + # +diff --git a/call.c b/call.c +index d1b1858..b672f91 100644 +--- a/call.c ++++ b/call.c +@@ -680,6 +680,8 @@ struct call *get_call (int tunnel, int call, struct in_addr addr, int port, + st->peer.sin_port = port; + st->refme = refme; + st->refhim = refhim; ++ st->udp_fd = -1; ++ st->pppox_fd = -1; + bcopy (&addr, &st->peer.sin_addr, sizeof (addr)); + st->next = tunnels.head; + tunnels.head = st; +diff --git a/control.c b/control.c +index 0892df9..9362ffd 100644 +--- a/control.c ++++ b/control.c +@@ -596,6 +596,9 @@ int control_finish (struct tunnel *t, struct call *c) + if (gconfig.debug_state) + l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__); + control_xmit (buf); ++ ++ connect_pppol2tp(t); ++ + /* Schedule a HELLO */ + tv.tv_sec = HELLO_DELAY; + tv.tv_usec = 0; +@@ -608,6 +611,7 @@ int control_finish (struct tunnel *t, struct call *c) + "Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n", + IPADDY (t->peer.sin_addr), + ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim); ++ + if (t->lac) + { + /* This is part of a LAC, so we want to go ahead +@@ -635,6 +639,9 @@ int control_finish (struct tunnel *t, struct call *c) + IPADDY (t->peer.sin_addr), + ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim, + t->lns->entname); ++ ++ connect_pppol2tp(t); ++ + /* Schedule a HELLO */ + tv.tv_sec = HELLO_DELAY; + tv.tv_usec = 0; +diff --git a/l2tp.h b/l2tp.h +index 2724fff..856423f 100644 +--- a/l2tp.h ++++ b/l2tp.h +@@ -167,6 +167,8 @@ struct tunnel + int ourrws; /* Receive Window Size */ + int rxspeed; /* Receive bps */ + int txspeed; /* Transmit bps */ ++ int udp_fd; /* UDP fd */ ++ int pppox_fd; /* PPPOX tunnel fd */ + struct call *self; + struct lns *lns; /* LNS that owns us */ + struct lac *lac; /* LAC that owns us */ +@@ -220,6 +222,7 @@ extern void control_xmit (void *); + extern int ppd; + extern int switch_io; /* jz */ + extern int control_fd; ++extern int connect_pppol2tp(struct tunnel *t); + extern int start_pppd (struct call *c, struct ppp_opts *); + extern void magic_lac_dial (void *); + extern int get_entropy (unsigned char *, int); +diff --git a/linux/include/linux/if_pppol2tp.h b/linux/include/linux/if_pppol2tp.h +index a7d6a22..0795e4a 100644 +--- a/linux/include/linux/if_pppol2tp.h ++++ b/linux/include/linux/if_pppol2tp.h +@@ -36,6 +36,20 @@ struct pppol2tp_addr + __u16 d_tunnel, d_session; /* For sending outgoing packets */ + }; + ++/* The L2TPv3 protocol changes tunnel and session ids from 16 to 32 ++ * bits. So we need a different sockaddr structure. ++ */ ++struct pppol2tpv3_addr { ++ pid_t pid; /* pid that owns the fd. ++ * 0 => current */ ++ int fd; /* FD of UDP or IP socket to use */ ++ ++ struct sockaddr_in addr; /* IP address and port to send to */ ++ ++ __u32 s_tunnel, s_session; /* For matching incoming packets */ ++ __u32 d_tunnel, d_session; /* For sending outgoing packets */ ++}; ++ + /* Socket options: + * DEBUG - bitmask of debug message categories + * SENDSEQ - 0 => don't send packets with sequence numbers +diff --git a/network.c b/network.c +index 241bd82..fde250e 100644 +--- a/network.c ++++ b/network.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #ifndef LINUX + # include + #endif +@@ -36,6 +37,51 @@ int server_socket; /* Server socket */ + int kernel_support; /* Kernel Support there or not? */ + #endif + ++#ifdef USE_KERNEL ++void modprobe() { ++ char * modules[] = { "l2tp_ppp", "pppol2tp", NULL }; ++ char ** module; ++ char buf[256], *tok; ++ int pid, exit_status, fd; ++ ++ FILE * fmod = fopen("/proc/modules", "r"); ++ ++ if (fmod == NULL) ++ return; ++ ++ while (fgets(buf, 255, fmod) != NULL) { ++ if ((tok = strtok(buf, " ")) != NULL) { ++ for (module = modules; *module != NULL; ++module) { ++ if (!strcmp(*module, tok)) { ++ fclose(fmod); ++ return; ++ } ++ } ++ } ++ } ++ ++ fclose(fmod); ++ ++ for (module = modules; *module != NULL; ++module) { ++ if ((pid = fork()) >= 0) { ++ if (pid == 0) { ++ setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1); ++ if ((fd = open("/dev/null", O_RDWR)) > -1) { ++ dup2(fd, 1); ++ dup2(fd, 2); ++ } ++ execlp("modprobe", "modprobe", "-q", *module, (char *)NULL); ++ exit(1); ++ } else { ++ if ((pid = waitpid(pid, &exit_status, 0)) != -1 && WIFEXITED(exit_status)) { ++ if (WEXITSTATUS(exit_status) == 0) ++ return; ++ } ++ } ++ } ++ } ++} ++#endif + + int init_network (void) + { +@@ -45,6 +91,7 @@ int init_network (void) + server.sin_family = AF_INET; + server.sin_addr.s_addr = gconfig.listenaddr; + server.sin_port = htons (gconfig.port); ++ int flags; + if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0) + { + l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n", +@@ -52,6 +99,10 @@ int init_network (void) + return -EINVAL; + }; + ++ flags = 1; ++ setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); ++ setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); ++ + if (bind (server_socket, (struct sockaddr *) &server, sizeof (server))) + { + close (server_socket); +@@ -91,6 +142,7 @@ int init_network (void) + } + else + { ++ modprobe(); + int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); + if (kernel_fd < 0) + { +@@ -321,6 +373,11 @@ int build_fdset (fd_set *readfds) + + while (tun) + { ++ if (tun->udp_fd > -1) { ++ if (tun->udp_fd > max) ++ max = tun->udp_fd; ++ FD_SET (tun->udp_fd, readfds); ++ } + call = tun->call_head; + while (call) + { +@@ -390,6 +447,8 @@ void network_thread () + struct iovec iov; + char cbuf[256]; + unsigned int refme, refhim; ++ int * currentfd; ++ int server_socket_processed; + + /* This one buffer can be recycled for everything except control packets */ + buf = new_buf (MAX_RECV_SIZE); +@@ -428,7 +487,21 @@ void network_thread () + { + do_control (); + } +- if (FD_ISSET (server_socket, &readfds)) ++ server_socket_processed = 0; ++ currentfd = NULL; ++ st = tunnels.head; ++ while (st || !server_socket_processed) { ++ if (st && (st->udp_fd == -1)) { ++ st=st->next; ++ continue; ++ } ++ if (st) { ++ currentfd = &st->udp_fd; ++ } else { ++ currentfd = &server_socket; ++ server_socket_processed = 1; ++ } ++ if (FD_ISSET (*currentfd, &readfds)) + { + /* + * Okay, now we're ready for reading and processing new data. +@@ -457,12 +530,19 @@ void network_thread () + msgh.msg_flags = 0; + + /* Receive one packet. */ +- recvsize = recvmsg(server_socket, &msgh, 0); ++ recvsize = recvmsg(*currentfd, &msgh, 0); + + if (recvsize < MIN_PAYLOAD_HDR_LEN) + { + if (recvsize < 0) + { ++ if (errno == ECONNREFUSED) { ++ close(*currentfd); ++ } ++ if ((errno == ECONNREFUSED) || ++ (errno == EBADF)) { ++ *currentfd = -1; ++ } + if (errno != EAGAIN) + l2tp_log (LOG_WARNING, + "%s: recvfrom returned error %d (%s)\n", +@@ -567,6 +647,8 @@ void network_thread () + } + }; + } ++ if (st) st=st->next; ++ } + + /* + * finished obvious sources, look for data from PPP connections. +@@ -639,3 +721,82 @@ void network_thread () + } + + } ++ ++int connect_pppol2tp(struct tunnel *t) { ++#ifdef USE_KERNEL ++ if (kernel_support) { ++ int ufd = -1, fd2 = -1; ++ int flags; ++ struct sockaddr_pppol2tp sax; ++ ++ struct sockaddr_in server; ++ server.sin_family = AF_INET; ++ server.sin_addr.s_addr = gconfig.listenaddr; ++ server.sin_port = htons (gconfig.port); ++ if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0) ++ { ++ l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ }; ++ ++ flags=1; ++ setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); ++ setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); ++ ++ if (bind (ufd, (struct sockaddr *) &server, sizeof (server))) ++ { ++ close (ufd); ++ l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n", ++ __FUNCTION__, strerror(errno), errno); ++ return -EINVAL; ++ }; ++ server = t->peer; ++ flags = fcntl(ufd, F_GETFL); ++ if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) { ++ l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) { ++ l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ ++ t->udp_fd=ufd; ++ ++ fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); ++ if (fd2 < 0) { ++ l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ flags = fcntl(fd2, F_GETFL); ++ if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) { ++ l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ sax.sa_family = AF_PPPOX; ++ sax.sa_protocol = PX_PROTO_OL2TP; ++ sax.pppol2tp.pid = 0; ++ sax.pppol2tp.fd = t->udp_fd; ++ sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr; ++ sax.pppol2tp.addr.sin_port = t->peer.sin_port; ++ sax.pppol2tp.addr.sin_family = AF_INET; ++ sax.pppol2tp.s_tunnel = t->ourtid; ++ sax.pppol2tp.s_session = 0; ++ sax.pppol2tp.d_tunnel = t->tid; ++ sax.pppol2tp.d_session = 0; ++ if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) { ++ l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n", ++ __FUNCTION__, errno, strerror(errno)); ++ close(fd2); ++ return -EINVAL; ++ } ++ t->pppox_fd = fd2; ++ } ++#endif ++ return 0; ++} +diff --git a/xl2tpd.c b/xl2tpd.c +index 307ac2e..3fb6dd7 100644 +--- a/xl2tpd.c ++++ b/xl2tpd.c +@@ -278,7 +278,11 @@ void death_handler (int signal) + struct tunnel *st, *st2; + int sec; + l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal); ++#ifdef USE_KERNEL ++ if (kernel_support || signal != SIGTERM) { ++#else + if (signal != SIGTERM) { ++#endif + st = tunnels.head; + while (st) + { +@@ -349,7 +353,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts) + int flags; + #endif + int pos = 1; +- int fd2; ++ int fd2 = -1; + #ifdef DEBUG_PPPD + int x; + #endif +@@ -397,7 +401,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts) + sax.sa_family = AF_PPPOX; + sax.sa_protocol = PX_PROTO_OL2TP; + sax.pppol2tp.pid = 0; +- sax.pppol2tp.fd = server_socket; ++ sax.pppol2tp.fd = c->container->udp_fd; + sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr; + sax.pppol2tp.addr.sin_port = c->container->peer.sin_port; + sax.pppol2tp.addr.sin_family = AF_INET; +@@ -408,6 +412,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts) + if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) { + l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n", + __FUNCTION__); ++ close(fd2); + return -EINVAL; + } + stropt[pos++] = strdup ("plugin"); +@@ -484,7 +489,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts) + dup2 (fd2, 0); + dup2 (fd2, 1); + close(fd2); +- ++ } + /* close all the calls pty fds */ + st = tunnels.head; + while (st) +@@ -492,12 +497,17 @@ int start_pppd (struct call *c, struct ppp_opts *opts) + sc = st->call_head; + while (sc) + { +- close (sc->fd); ++#ifdef USE_KERNEL ++ if (kernel_support) { ++ close(st->udp_fd); /* tunnel UDP fd */ ++ close(st->pppox_fd); /* tunnel PPPoX fd */ ++ } else ++#endif ++ close (sc->fd); /* call pty fd */ + sc = sc->next; + } + st = st->next; + } +- } + + /* close the UDP socket fd */ + close (server_socket); +@@ -615,6 +625,10 @@ void destroy_tunnel (struct tunnel *t) + the memory pointed to by t->chal_us.vector at some other place */ + if (t->chal_them.vector) + free (t->chal_them.vector); ++ if (t->pppox_fd > -1 ) ++ close (t->pppox_fd); ++ if (t->udp_fd > -1 ) ++ close (t->udp_fd); + free (t); + free (me); + } diff --git a/xl2tpd.spec b/xl2tpd.spec index ac13283..4289abb 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,8 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 4%{?dist} -# No version specified. +Release: 5%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -11,8 +10,9 @@ Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.1-Wunused.patch Patch2: xl2tpd-bz80693.patch +Patch3: xl2tpd-1.3.0-kernelmode.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: ppp +Requires: ppp >= 2.4.5-18 BuildRequires: libpcap-devel BuildRequires: systemd-units Requires(post): systemd-sysv @@ -49,6 +49,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -114,6 +115,10 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Wed Apr 18 2012 Paul Wouters - 1.3.1-5 +- Added support for CONFIG_PPPOL2TP by sigwall +- Require current ppp because some old versions lacked pppol2tp.so plugin + * Thu Apr 05 2012 Paul Wouters - 1.3.1-4 - Fix parse error on lines > 80 chars, rhbz#806963 From 56764a95d2d759fe4903fe9a96e5427a36792217 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 12 Jun 2012 11:43:44 -0400 Subject: [PATCH 47/85] * Tue Jun 12 2012 Paul Wouters - 1.3.1-6 - Added patch for xl2tpd.conf to improve interop settings (no longer need to say "no encryption" on Windows) --- xl2tpd-1.3.1-conf.patch | 25 +++++++++++++++++++++++++ xl2tpd.spec | 8 +++++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 xl2tpd-1.3.1-conf.patch diff --git a/xl2tpd-1.3.1-conf.patch b/xl2tpd-1.3.1-conf.patch new file mode 100644 index 0000000..48aa3fd --- /dev/null +++ b/xl2tpd-1.3.1-conf.patch @@ -0,0 +1,25 @@ +diff -Naur xl2tpd-1.3.1-orig/examples/xl2tpd.conf xl2tpd-1.3.1/examples/xl2tpd.conf +--- xl2tpd-1.3.1-orig/examples/xl2tpd.conf 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/examples/xl2tpd.conf 2012-06-12 11:40:10.870840864 -0400 +@@ -14,6 +14,11 @@ + ; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99) + ; will be used by xl2tpd as its address on pppX interfaces. + ++ ++; IMPORTANT: always set listen-addr to a specific address, to work around a ++; udpfromto bug!!! ++ ++ + [global] + ; listen-addr = 192.168.1.98 + ; +@@ -31,7 +36,8 @@ + [lns default] + ip range = 192.168.1.128-192.168.1.254 + local ip = 192.168.1.99 +-require chap = yes ++; leave chap unspecified for maximum compatibility with windows, iOS, etc ++; require chap = yes + refuse pap = yes + require authentication = yes + name = LinuxVPNserver diff --git a/xl2tpd.spec b/xl2tpd.spec index 4289abb..1ac6793 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 5%{?dist} +Release: 6%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -11,6 +11,7 @@ Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.1-Wunused.patch Patch2: xl2tpd-bz80693.patch Patch3: xl2tpd-1.3.0-kernelmode.patch +Patch4: xl2tpd-1.3.1-conf.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp >= 2.4.5-18 BuildRequires: libpcap-devel @@ -50,6 +51,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -115,6 +117,10 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue Jun 12 2012 Paul Wouters - 1.3.1-6 +- Added patch for xl2tpd.conf to improve interop settings + (no longer need to say "no encryption" on Windows) + * Wed Apr 18 2012 Paul Wouters - 1.3.1-5 - Added support for CONFIG_PPPOL2TP by sigwall - Require current ppp because some old versions lacked pppol2tp.so plugin From 442f6f89f5cd30bfd93b95862e00f6dc7f87f485 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 12 Jun 2012 12:27:37 -0400 Subject: [PATCH 48/85] * Tue Jun 12 2012 Paul Wouters - 1.3.1-7 - Improved patch, more doc fixed (esp. "force userspace" option) --- xl2tpd-1.3.1-conf.patch | 42 +++++++++++++++++++++++++++++++++++++++-- xl2tpd.spec | 5 ++++- 2 files changed, 44 insertions(+), 3 deletions(-) diff --git a/xl2tpd-1.3.1-conf.patch b/xl2tpd-1.3.1-conf.patch index 48aa3fd..7c240fc 100644 --- a/xl2tpd-1.3.1-conf.patch +++ b/xl2tpd-1.3.1-conf.patch @@ -1,6 +1,36 @@ +diff -Naur xl2tpd-1.3.1-orig/examples/chapsecrets.sample xl2tpd-1.3.1/examples/chapsecrets.sample +--- xl2tpd-1.3.1-orig/examples/chapsecrets.sample 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/examples/chapsecrets.sample 2012-06-12 12:08:26.850851970 -0400 +@@ -1,7 +1,9 @@ +-# Secrets for authentication using CHAP +-# client server secret IP addresses +-jacco * "mysecret" 192.168.1.128/25 +-* jacco "mysecret" 192.168.1.128/25 +-sam * "rumpelstiltskin" 192.168.1.5 +-* sam "rumpelstiltskin" 192.168.1.5 +- ++# Secrets for authentication on server using CHAP ++# client server secret IP addresses ++jacco * "mysecret" 192.168.1.128/25 # Dynamic IP ++sam * "rumpelstiltskin" 192.168.1.5 # Static IP ++# ++# Secrets for authentication on client using CHAP ++# client server secret IP addresses ++* jacco "mysecret" ++* sam "rumpelstiltskin" +diff -Naur xl2tpd-1.3.1-orig/examples/README xl2tpd-1.3.1/examples/README +--- xl2tpd-1.3.1-orig/examples/README 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/examples/README 2012-06-12 12:08:26.850851970 -0400 +@@ -1,2 +1,4 @@ +-These are example files for use with xl2tpd. The xl2tpd*conf files are +-examples to use xl2tpd with Openswan's IPsec. See www.openswan.org ++These are example files for use with xl2tpd. ++ ++Openswan carries config examples for use with l2tp-over-ipsec. ++See http://www.openswan.org/ diff -Naur xl2tpd-1.3.1-orig/examples/xl2tpd.conf xl2tpd-1.3.1/examples/xl2tpd.conf --- xl2tpd-1.3.1-orig/examples/xl2tpd.conf 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/examples/xl2tpd.conf 2012-06-12 11:40:10.870840864 -0400 ++++ xl2tpd-1.3.1/examples/xl2tpd.conf 2012-06-12 12:27:00.922911049 -0400 @@ -14,6 +14,11 @@ ; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99) ; will be used by xl2tpd as its address on pppX interfaces. @@ -13,7 +43,15 @@ diff -Naur xl2tpd-1.3.1-orig/examples/xl2tpd.conf xl2tpd-1.3.1/examples/xl2tpd.c [global] ; listen-addr = 192.168.1.98 ; -@@ -31,7 +36,8 @@ +@@ -24,14 +29,15 @@ + ; when using any of the SAref kernel patches for kernels up to 2.6.35. + ; ipsec refinfo = 30 + ; +-; forceuserspace = yes ++; force userspace = yes + ; + ; debug tunnel = yes + [lns default] ip range = 192.168.1.128-192.168.1.254 local ip = 192.168.1.99 diff --git a/xl2tpd.spec b/xl2tpd.spec index 1ac6793..9bc5e55 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 6%{?dist} +Release: 7%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -117,6 +117,9 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue Jun 12 2012 Paul Wouters - 1.3.1-7 +- Improved patch, more doc fixed (esp. "force userspace" option) + * Tue Jun 12 2012 Paul Wouters - 1.3.1-6 - Added patch for xl2tpd.conf to improve interop settings (no longer need to say "no encryption" on Windows) From d63dbfa210f3556a14c31a9b14a6a6714bb589fe Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 12 Jun 2012 12:58:32 -0400 Subject: [PATCH 49/85] * don't use old version of if_pppol2tp.h --- xl2tpd.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 9bc5e55..d0b360f 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 7%{?dist} +Release: 6%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -52,6 +52,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %patch2 -p1 %patch3 -p1 %patch4 -p1 +rm linux/include/linux/if_pppol2tp.h %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -117,12 +118,11 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog -* Tue Jun 12 2012 Paul Wouters - 1.3.1-7 -- Improved patch, more doc fixed (esp. "force userspace" option) - * Tue Jun 12 2012 Paul Wouters - 1.3.1-6 - Added patch for xl2tpd.conf to improve interop settings (no longer need to say "no encryption" on Windows) +- Improved patch, more doc fixed (esp. "force userspace" option) +- don't use old version of if_pppol2tp.h * Wed Apr 18 2012 Paul Wouters - 1.3.1-5 - Added support for CONFIG_PPPOL2TP by sigwall From c73b62ee6c2b18e498a2febb048d952264c0bc3d Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Fri, 15 Jun 2012 16:27:04 -0400 Subject: [PATCH 50/85] * Fri Jun 15 2012 Paul Wouters - 1.3.1-7 - Moved modprobe code from daemon to initscript/systemd (SElinux does not allow a daemon to do this, see rhbz#832149) --- xl2tpd-1.3.1-kernelmode.patch | 362 ++++++++++++++++++++++++++++++++++ xl2tpd.init | 6 + xl2tpd.service | 2 + xl2tpd.spec | 8 +- 4 files changed, 376 insertions(+), 2 deletions(-) create mode 100644 xl2tpd-1.3.1-kernelmode.patch diff --git a/xl2tpd-1.3.1-kernelmode.patch b/xl2tpd-1.3.1-kernelmode.patch new file mode 100644 index 0000000..34c2e09 --- /dev/null +++ b/xl2tpd-1.3.1-kernelmode.patch @@ -0,0 +1,362 @@ +diff -Naur xl2tpd-1.3.1-orig/call.c xl2tpd-1.3.1/call.c +--- xl2tpd-1.3.1-orig/call.c 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/call.c 2012-06-15 15:57:17.250953288 -0400 +@@ -680,6 +680,8 @@ + st->peer.sin_port = port; + st->refme = refme; + st->refhim = refhim; ++ st->udp_fd = -1; ++ st->pppox_fd = -1; + bcopy (&addr, &st->peer.sin_addr, sizeof (addr)); + st->next = tunnels.head; + tunnels.head = st; +diff -Naur xl2tpd-1.3.1-orig/control.c xl2tpd-1.3.1/control.c +--- xl2tpd-1.3.1-orig/control.c 2012-06-15 15:56:30.169585604 -0400 ++++ xl2tpd-1.3.1/control.c 2012-06-15 15:57:17.251953296 -0400 +@@ -596,6 +596,9 @@ + if (gconfig.debug_state) + l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__); + control_xmit (buf); ++ ++ connect_pppol2tp(t); ++ + /* Schedule a HELLO */ + tv.tv_sec = HELLO_DELAY; + tv.tv_usec = 0; +@@ -608,6 +611,7 @@ + "Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n", + IPADDY (t->peer.sin_addr), + ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim); ++ + if (t->lac) + { + /* This is part of a LAC, so we want to go ahead +@@ -635,6 +639,9 @@ + IPADDY (t->peer.sin_addr), + ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim, + t->lns->entname); ++ ++ connect_pppol2tp(t); ++ + /* Schedule a HELLO */ + tv.tv_sec = HELLO_DELAY; + tv.tv_usec = 0; +diff -Naur xl2tpd-1.3.1-orig/l2tp.h xl2tpd-1.3.1/l2tp.h +--- xl2tpd-1.3.1-orig/l2tp.h 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/l2tp.h 2012-06-15 15:57:17.251953296 -0400 +@@ -167,6 +167,8 @@ + int ourrws; /* Receive Window Size */ + int rxspeed; /* Receive bps */ + int txspeed; /* Transmit bps */ ++ int udp_fd; /* UDP fd */ ++ int pppox_fd; /* PPPOX tunnel fd */ + struct call *self; + struct lns *lns; /* LNS that owns us */ + struct lac *lac; /* LAC that owns us */ +@@ -220,6 +222,7 @@ + extern int ppd; + extern int switch_io; /* jz */ + extern int control_fd; ++extern int connect_pppol2tp(struct tunnel *t); + extern int start_pppd (struct call *c, struct ppp_opts *); + extern void magic_lac_dial (void *); + extern int get_entropy (unsigned char *, int); +diff -Naur xl2tpd-1.3.1-orig/Makefile xl2tpd-1.3.1/Makefile +--- xl2tpd-1.3.1-orig/Makefile 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/Makefile 2012-06-15 15:57:17.250953288 -0400 +@@ -62,8 +62,8 @@ + # are packages seperately (eg kernel-headers on Fedora) + # Note: 2.6.23+ support still needs some changes in the xl2tpd source + # +-#OSFLAGS+= -DUSE_KERNEL +-# ++# Kernel mode fixed by sigwall ++OSFLAGS+= -DUSE_KERNEL + # + # Uncomment the next line for FreeBSD + # +diff -Naur xl2tpd-1.3.1-orig/network.c xl2tpd-1.3.1/network.c +--- xl2tpd-1.3.1-orig/network.c 2012-06-15 15:56:30.169585604 -0400 ++++ xl2tpd-1.3.1/network.c 2012-06-15 16:00:26.259429931 -0400 +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #ifndef LINUX + # include + #endif +@@ -36,7 +37,6 @@ + int kernel_support; /* Kernel Support there or not? */ + #endif + +- + int init_network (void) + { + long arg; +@@ -45,6 +45,7 @@ + server.sin_family = AF_INET; + server.sin_addr.s_addr = gconfig.listenaddr; + server.sin_port = htons (gconfig.port); ++ int flags; + if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0) + { + l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n", +@@ -52,6 +53,10 @@ + return -EINVAL; + }; + ++ flags = 1; ++ setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); ++ setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); ++ + if (bind (server_socket, (struct sockaddr *) &server, sizeof (server))) + { + close (server_socket); +@@ -94,7 +99,7 @@ + int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); + if (kernel_fd < 0) + { +- l2tp_log (LOG_INFO, "L2TP kernel support not detected.\n"); ++ l2tp_log (LOG_INFO, "L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)\n"); + kernel_support = 0; + } + else +@@ -321,6 +326,11 @@ + + while (tun) + { ++ if (tun->udp_fd > -1) { ++ if (tun->udp_fd > max) ++ max = tun->udp_fd; ++ FD_SET (tun->udp_fd, readfds); ++ } + call = tun->call_head; + while (call) + { +@@ -390,6 +400,8 @@ + struct iovec iov; + char cbuf[256]; + unsigned int refme, refhim; ++ int * currentfd; ++ int server_socket_processed; + + /* This one buffer can be recycled for everything except control packets */ + buf = new_buf (MAX_RECV_SIZE); +@@ -428,7 +440,21 @@ + { + do_control (); + } +- if (FD_ISSET (server_socket, &readfds)) ++ server_socket_processed = 0; ++ currentfd = NULL; ++ st = tunnels.head; ++ while (st || !server_socket_processed) { ++ if (st && (st->udp_fd == -1)) { ++ st=st->next; ++ continue; ++ } ++ if (st) { ++ currentfd = &st->udp_fd; ++ } else { ++ currentfd = &server_socket; ++ server_socket_processed = 1; ++ } ++ if (FD_ISSET (*currentfd, &readfds)) + { + /* + * Okay, now we're ready for reading and processing new data. +@@ -456,12 +482,19 @@ + msgh.msg_flags = 0; + + /* Receive one packet. */ +- recvsize = recvmsg(server_socket, &msgh, 0); ++ recvsize = recvmsg(*currentfd, &msgh, 0); + + if (recvsize < MIN_PAYLOAD_HDR_LEN) + { + if (recvsize < 0) + { ++ if (errno == ECONNREFUSED) { ++ close(*currentfd); ++ } ++ if ((errno == ECONNREFUSED) || ++ (errno == EBADF)) { ++ *currentfd = -1; ++ } + if (errno != EAGAIN) + l2tp_log (LOG_WARNING, + "%s: recvfrom returned error %d (%s)\n", +@@ -566,6 +599,8 @@ + } + }; + } ++ if (st) st=st->next; ++ } + + /* + * finished obvious sources, look for data from PPP connections. +@@ -638,3 +673,82 @@ + } + + } ++ ++int connect_pppol2tp(struct tunnel *t) { ++#ifdef USE_KERNEL ++ if (kernel_support) { ++ int ufd = -1, fd2 = -1; ++ int flags; ++ struct sockaddr_pppol2tp sax; ++ ++ struct sockaddr_in server; ++ server.sin_family = AF_INET; ++ server.sin_addr.s_addr = gconfig.listenaddr; ++ server.sin_port = htons (gconfig.port); ++ if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0) ++ { ++ l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ }; ++ ++ flags=1; ++ setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); ++ setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); ++ ++ if (bind (ufd, (struct sockaddr *) &server, sizeof (server))) ++ { ++ close (ufd); ++ l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n", ++ __FUNCTION__, strerror(errno), errno); ++ return -EINVAL; ++ }; ++ server = t->peer; ++ flags = fcntl(ufd, F_GETFL); ++ if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) { ++ l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) { ++ l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ ++ t->udp_fd=ufd; ++ ++ fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); ++ if (fd2 < 0) { ++ l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ flags = fcntl(fd2, F_GETFL); ++ if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) { ++ l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n", ++ __FUNCTION__); ++ return -EINVAL; ++ } ++ sax.sa_family = AF_PPPOX; ++ sax.sa_protocol = PX_PROTO_OL2TP; ++ sax.pppol2tp.pid = 0; ++ sax.pppol2tp.fd = t->udp_fd; ++ sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr; ++ sax.pppol2tp.addr.sin_port = t->peer.sin_port; ++ sax.pppol2tp.addr.sin_family = AF_INET; ++ sax.pppol2tp.s_tunnel = t->ourtid; ++ sax.pppol2tp.s_session = 0; ++ sax.pppol2tp.d_tunnel = t->tid; ++ sax.pppol2tp.d_session = 0; ++ if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) { ++ l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n", ++ __FUNCTION__, errno, strerror(errno)); ++ close(fd2); ++ return -EINVAL; ++ } ++ t->pppox_fd = fd2; ++ } ++#endif ++ return 0; ++} +diff -Naur xl2tpd-1.3.1-orig/xl2tpd.c xl2tpd-1.3.1/xl2tpd.c +--- xl2tpd-1.3.1-orig/xl2tpd.c 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/xl2tpd.c 2012-06-15 15:57:25.189015286 -0400 +@@ -278,7 +278,11 @@ + struct tunnel *st, *st2; + int sec; + l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal); ++#ifdef USE_KERNEL ++ if (kernel_support || signal != SIGTERM) { ++#else + if (signal != SIGTERM) { ++#endif + st = tunnels.head; + while (st) + { +@@ -349,7 +353,7 @@ + int flags; + #endif + int pos = 1; +- int fd2; ++ int fd2 = -1; + #ifdef DEBUG_PPPD + int x; + #endif +@@ -397,7 +401,7 @@ + sax.sa_family = AF_PPPOX; + sax.sa_protocol = PX_PROTO_OL2TP; + sax.pppol2tp.pid = 0; +- sax.pppol2tp.fd = server_socket; ++ sax.pppol2tp.fd = c->container->udp_fd; + sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr; + sax.pppol2tp.addr.sin_port = c->container->peer.sin_port; + sax.pppol2tp.addr.sin_family = AF_INET; +@@ -408,6 +412,7 @@ + if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) { + l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n", + __FUNCTION__); ++ close(fd2); + return -EINVAL; + } + stropt[pos++] = strdup ("plugin"); +@@ -484,7 +489,7 @@ + dup2 (fd2, 0); + dup2 (fd2, 1); + close(fd2); +- ++ } + /* close all the calls pty fds */ + st = tunnels.head; + while (st) +@@ -492,12 +497,17 @@ + sc = st->call_head; + while (sc) + { +- close (sc->fd); ++#ifdef USE_KERNEL ++ if (kernel_support) { ++ close(st->udp_fd); /* tunnel UDP fd */ ++ close(st->pppox_fd); /* tunnel PPPoX fd */ ++ } else ++#endif ++ close (sc->fd); /* call pty fd */ + sc = sc->next; + } + st = st->next; + } +- } + + /* close the UDP socket fd */ + close (server_socket); +@@ -615,6 +625,10 @@ + the memory pointed to by t->chal_us.vector at some other place */ + if (t->chal_them.vector) + free (t->chal_them.vector); ++ if (t->pppox_fd > -1 ) ++ close (t->pppox_fd); ++ if (t->udp_fd > -1 ) ++ close (t->udp_fd); + free (t); + free (me); + } diff --git a/xl2tpd.init b/xl2tpd.init index e0494e3..8f20b9d 100644 --- a/xl2tpd.init +++ b/xl2tpd.init @@ -39,6 +39,12 @@ RETVAL=0 start() { echo -n "Starting $SERVICE: " + + # Look for the L2TP kernel handler module, load when needed + if [ ! -d /sys/module/l2tp_ppp ]; then modprobe l2tp_ppp + # if still not found, try legacy one + if [ ! -d /sys/module/l2tp_ppp ]; then modprobe pppol2tp + if [ ! -d /var/run/xl2tpd ] then mkdir /var/run/xl2tpd diff --git a/xl2tpd.service b/xl2tpd.service index b17a447..d222874 100644 --- a/xl2tpd.service +++ b/xl2tpd.service @@ -7,7 +7,9 @@ Wants=openswan.service [Service] Type=simple PIDFile=/var/run/xl2tpd/xl2tpd.pid +ExecStartPre=/sbin/modprobe -q l2tp_ppp ExecStart=/usr/sbin/xl2tpd -D +Restart=on-abort [Install] WantedBy=multi-user.target diff --git a/xl2tpd.spec b/xl2tpd.spec index d0b360f..60672d9 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 6%{?dist} +Release: 7%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -10,7 +10,7 @@ Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.1-Wunused.patch Patch2: xl2tpd-bz80693.patch -Patch3: xl2tpd-1.3.0-kernelmode.patch +Patch3: xl2tpd-1.3.1-kernelmode.patch Patch4: xl2tpd-1.3.1-conf.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp >= 2.4.5-18 @@ -118,6 +118,10 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Fri Jun 15 2012 Paul Wouters - 1.3.1-7 +- Moved modprobe code from daemon to initscript/systemd + (SElinux does not allow a daemon to do this, see rhbz#832149) + * Tue Jun 12 2012 Paul Wouters - 1.3.1-6 - Added patch for xl2tpd.conf to improve interop settings (no longer need to say "no encryption" on Windows) From 66109b0d4b63335bf566fb19a137c1af3feacab0 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 25 Jun 2012 23:49:17 -0400 Subject: [PATCH 51/85] * Tue Jun 26 2012 Paul Wouters - 1.3.1-8 - The l2tp_ppp kernel module is now in kernel-module-extra - Don't insist on openswan, some ISPS use L2TP without IPsec - Don't call grantpt(), it's not needed and triggers SElinux block (rhbz#834861) --- xl2tpd-1.3.1-pty.patch | 19 +++++++++++++++++++ xl2tpd.service | 3 ++- xl2tpd.spec | 12 ++++++++++-- 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 xl2tpd-1.3.1-pty.patch diff --git a/xl2tpd-1.3.1-pty.patch b/xl2tpd-1.3.1-pty.patch new file mode 100644 index 0000000..2679873 --- /dev/null +++ b/xl2tpd-1.3.1-pty.patch @@ -0,0 +1,19 @@ +diff -aur xl2tpd-1.3.1-orig/pty.c xl2tpd-1.3.1/pty.c +--- xl2tpd-1.3.1-orig/pty.c 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/pty.c 2012-06-25 23:45:51.241543911 -0400 +@@ -87,6 +87,7 @@ + return -EINVAL; + } + ++#if 0 /* not needed, triggers SElinux block */ + /* change the onwership */ + if (grantpt(fd)) + { +@@ -95,6 +96,7 @@ + close(fd); + return -EINVAL; + } ++#endif + + if (unlockpt(fd)) + { diff --git a/xl2tpd.service b/xl2tpd.service index d222874..247a2ce 100644 --- a/xl2tpd.service +++ b/xl2tpd.service @@ -2,7 +2,8 @@ Description=Level 2 Tunnel Protocol Daemon (L2TP) After=syslog.target network.target After=openswan.service -Wants=openswan.service +# Some ISPs in Russia use l2tp without IPsec, so don't insist anymore +#Wants=openswan.service [Service] Type=simple diff --git a/xl2tpd.spec b/xl2tpd.spec index 60672d9..aa13150 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -12,8 +12,9 @@ Patch1: xl2tpd-1.3.1-Wunused.patch Patch2: xl2tpd-bz80693.patch Patch3: xl2tpd-1.3.1-kernelmode.patch Patch4: xl2tpd-1.3.1-conf.patch +Patch5: xl2tpd-1.3.1-pty.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: ppp >= 2.4.5-18 +Requires: ppp >= 2.4.5-18, kernel-modules-extra BuildRequires: libpcap-devel BuildRequires: systemd-units Requires(post): systemd-sysv @@ -52,6 +53,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 rm linux/include/linux/if_pppol2tp.h %build @@ -118,6 +120,12 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue Jun 26 2012 Paul Wouters - 1.3.1-8 +- The l2tp_ppp kernel module is now in kernel-module-extra +- Don't insist on openswan, some ISPS use L2TP without IPsec +- Don't call grantpt(), it's not needed and triggers SElinux + block (rhbz#834861) + * Fri Jun 15 2012 Paul Wouters - 1.3.1-7 - Moved modprobe code from daemon to initscript/systemd (SElinux does not allow a daemon to do this, see rhbz#832149) From 5f8afd616e275d2d13945011ae60ffcc81400efc Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 25 Jun 2012 23:50:49 -0400 Subject: [PATCH 52/85] add rhbz# --- xl2tpd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/xl2tpd.spec b/xl2tpd.spec index aa13150..e3e8ce3 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -122,6 +122,7 @@ fi %changelog * Tue Jun 26 2012 Paul Wouters - 1.3.1-8 - The l2tp_ppp kernel module is now in kernel-module-extra + (rhbz#832149) - Don't insist on openswan, some ISPS use L2TP without IPsec - Don't call grantpt(), it's not needed and triggers SElinux block (rhbz#834861) From 2dae2489976d41bcd77d0d199673d5856d59aa35 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 2 Jul 2012 22:46:18 -0400 Subject: [PATCH 53/85] * Tue Jul 03 2012 Paul Wouters - 1.3.1-9 - Rename non-existing openswan.service to ipsec.service (rhbz#836783) - Start after ipsec.service, but do not require it --- xl2tpd.service | 4 ++-- xl2tpd.spec | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/xl2tpd.service b/xl2tpd.service index 247a2ce..38b9abb 100644 --- a/xl2tpd.service +++ b/xl2tpd.service @@ -1,9 +1,9 @@ [Unit] Description=Level 2 Tunnel Protocol Daemon (L2TP) After=syslog.target network.target -After=openswan.service +After=ipsec.service # Some ISPs in Russia use l2tp without IPsec, so don't insist anymore -#Wants=openswan.service +#Wants=ipsec.service [Service] Type=simple diff --git a/xl2tpd.spec b/xl2tpd.spec index e3e8ce3..d135674 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 8%{?dist} +Release: 9%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -120,6 +120,10 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue Jul 03 2012 Paul Wouters - 1.3.1-9 +- Rename non-existing openswan.service to ipsec.service (rhbz#836783) +- Start after ipsec.service, but do not require it + * Tue Jun 26 2012 Paul Wouters - 1.3.1-8 - The l2tp_ppp kernel module is now in kernel-module-extra (rhbz#832149) From c23582bf101439c0e41398f7fd84a2f4d6aa122b Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Thu, 19 Jul 2012 11:02:15 -0400 Subject: [PATCH 54/85] * updated documentation --- xl2tpd-1.3.1-conf.patch | 33 ++++++++++++++++++++++++++++++++- xl2tpd.spec | 8 +++++++- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/xl2tpd-1.3.1-conf.patch b/xl2tpd-1.3.1-conf.patch index 7c240fc..f7e2710 100644 --- a/xl2tpd-1.3.1-conf.patch +++ b/xl2tpd-1.3.1-conf.patch @@ -1,7 +1,7 @@ diff -Naur xl2tpd-1.3.1-orig/examples/chapsecrets.sample xl2tpd-1.3.1/examples/chapsecrets.sample --- xl2tpd-1.3.1-orig/examples/chapsecrets.sample 2011-10-06 15:22:05.000000000 -0400 +++ xl2tpd-1.3.1/examples/chapsecrets.sample 2012-06-12 12:08:26.850851970 -0400 -@@ -1,7 +1,9 @@ +@@ -1,7 +1,10 @@ -# Secrets for authentication using CHAP -# client server secret IP addresses -jacco * "mysecret" 192.168.1.128/25 @@ -10,6 +10,7 @@ diff -Naur xl2tpd-1.3.1-orig/examples/chapsecrets.sample xl2tpd-1.3.1/examples/c -* sam "rumpelstiltskin" 192.168.1.5 - +# Secrets for authentication on server using CHAP ++# See /etc/ppp/options.xl2tpd on how to use Windows authentication +# client server secret IP addresses +jacco * "mysecret" 192.168.1.128/25 # Dynamic IP +sam * "rumpelstiltskin" 192.168.1.5 # Static IP @@ -61,3 +62,33 @@ diff -Naur xl2tpd-1.3.1-orig/examples/xl2tpd.conf xl2tpd-1.3.1/examples/xl2tpd.c refuse pap = yes require authentication = yes name = LinuxVPNserver +diff -aur xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.1/examples/ppp-options.xl2tpd +--- xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1/examples/ppp-options.xl2tpd 2012-07-19 10:54:13.810503823 -0400 +@@ -1,9 +1,10 @@ + ipcp-accept-local + ipcp-accept-remote +-ms-dns 192.168.1.1 +-ms-dns 192.168.1.3 +-ms-wins 192.168.1.2 +-ms-wins 192.168.1.4 ++ms-dns 8.8.8.8 ++# ms-dns 192.168.1.1 ++# ms-dns 192.168.1.3 ++# ms-wins 192.168.1.2 ++# ms-wins 192.168.1.4 + noccp + auth + crtscts +@@ -15,3 +16,11 @@ + lock + proxyarp + connect-delay 5000 ++# To allow authentication against a Windows domain EXAMPLE, and require the ++# user to be in a group "VPN Users". Requires the samba-winbind package ++# require-mschap-v2 ++# plugin winbind.so ++# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"' ++# You need to join the domain on the server, for example using samba: ++# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html ++ diff --git a/xl2tpd.spec b/xl2tpd.spec index d135674..133f4ed 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 9%{?dist} +Release: 10%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -15,6 +15,8 @@ Patch4: xl2tpd-1.3.1-conf.patch Patch5: xl2tpd-1.3.1-pty.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp >= 2.4.5-18, kernel-modules-extra +# If you want to authenticate against a Microsoft PDC/Active Directory +# Requires: samba-winbind BuildRequires: libpcap-devel BuildRequires: systemd-units Requires(post): systemd-sysv @@ -120,6 +122,10 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Thu Jul 19 2012 Paul Wouters - 1.3.1-10 +- Updated comments in config files on how to authenticate against + a Windows PDC / Active Directory + * Tue Jul 03 2012 Paul Wouters - 1.3.1-9 - Rename non-existing openswan.service to ipsec.service (rhbz#836783) - Start after ipsec.service, but do not require it From 6b5e36de4991a860dc5785af02d03cfb897a780d Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 11 Dec 2012 01:19:50 -0500 Subject: [PATCH 55/85] * Added makefile patch --- xl2tpd.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xl2tpd.spec b/xl2tpd.spec index 133f4ed..f48e84b 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -13,6 +13,7 @@ Patch2: xl2tpd-bz80693.patch Patch3: xl2tpd-1.3.1-kernelmode.patch Patch4: xl2tpd-1.3.1-conf.patch Patch5: xl2tpd-1.3.1-pty.patch +Patch6: xl2tpd-1.3.1-Makefile BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp >= 2.4.5-18, kernel-modules-extra # If you want to authenticate against a Microsoft PDC/Active Directory @@ -56,6 +57,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 rm linux/include/linux/if_pppol2tp.h %build From e64160bdaaf8d9e6033e072b666c475f5cd5aa8b Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Thu, 14 Feb 2013 21:46:36 -0600 Subject: [PATCH 56/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 133f4ed..138eb16 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,7 +1,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 10%{?dist} +Release: 11%{?dist} License: GPL+ Url: http://www.xelerance.com/software/xl2tpd/ Group: System Environment/Daemons @@ -122,6 +122,9 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Fri Feb 15 2013 Fedora Release Engineering - 1.3.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + * Thu Jul 19 2012 Paul Wouters - 1.3.1-10 - Updated comments in config files on how to authenticate against a Windows PDC / Active Directory From f526fca0ad5c199024fc048f1f41970c8890802b Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 1 Apr 2013 13:28:34 -0400 Subject: [PATCH 57/85] * rhbz#929447 - Fix ipparam so ipv6-up does not fail (Michal Bruncko) --- xl2tpd-1.3.1-ipparam-to-remotenumber.patch | 29 ++++++++++++++++++++++ xl2tpd.spec | 18 ++++++++++++-- 2 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 xl2tpd-1.3.1-ipparam-to-remotenumber.patch diff --git a/xl2tpd-1.3.1-ipparam-to-remotenumber.patch b/xl2tpd-1.3.1-ipparam-to-remotenumber.patch new file mode 100644 index 0000000..02bf50a --- /dev/null +++ b/xl2tpd-1.3.1-ipparam-to-remotenumber.patch @@ -0,0 +1,29 @@ +--- xl2tpd-1.3.1-orig/control.c 2011-10-06 21:22:05.000000000 +0200 ++++ xl2tpd-1.3.1/control.c 2013-03-30 21:45:04.641605756 +0100 +@@ -898,7 +898,7 @@ + po = add_opt (po, c->lac->pppoptfile); + } + }; +- po = add_opt (po, "ipparam"); ++ po = add_opt (po, "remotenumber"); + po = add_opt (po, IPADDY (t->peer.sin_addr)); + start_pppd (c, po); + opt_destroy (po); +@@ -974,7 +974,7 @@ + po = add_opt (po, "file"); + po = add_opt (po, c->lns->pppoptfile); + } +- po = add_opt (po, "ipparam"); ++ po = add_opt (po, "remotenumber"); + po = add_opt (po, IPADDY (t->peer.sin_addr)); + start_pppd (c, po); + opt_destroy (po); +@@ -1034,7 +1034,7 @@ + po = add_opt (po, c->lac->pppoptfile); + } + }; +- po = add_opt (po, "ipparam"); ++ po = add_opt (po, "remotenumber"); + po = add_opt (po, IPADDY (t->peer.sin_addr)); + start_pppd (c, po); + diff --git a/xl2tpd.spec b/xl2tpd.spec index 138eb16..853ebbd 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,11 +1,17 @@ +# upstream is switching to github, but has not released a new tar ball there yet +%global commit 3be48f8b7fc0e8de8cef7675a9861484b8b68c52 +%global shortcommit %(c=%{commit}; echo ${c:0:7}) + Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 11%{?dist} +Release: 12%{?dist} License: GPL+ -Url: http://www.xelerance.com/software/xl2tpd/ +Url: https://github.com/xelerance/xl2tpd Group: System Environment/Daemons Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz +#Source0: https://github.com/xelerance/%{name}/archive/v%{version}.tar.gz +#Source0: https://github.com/xelerance/%{name}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.1-Wunused.patch @@ -13,6 +19,7 @@ Patch2: xl2tpd-bz80693.patch Patch3: xl2tpd-1.3.1-kernelmode.patch Patch4: xl2tpd-1.3.1-conf.patch Patch5: xl2tpd-1.3.1-pty.patch +Patch6: xl2tpd-1.3.1-ipparam-to-remotenumber.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp >= 2.4.5-18, kernel-modules-extra # If you want to authenticate against a Microsoft PDC/Active Directory @@ -50,12 +57,16 @@ Xl2tpd is based on the 0.69 L2TP by Jeff McAdams It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep +# for git version +#% setup -qn %{name}-%{commit} %setup -q %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 + rm linux/include/linux/if_pppol2tp.h %build @@ -122,6 +133,9 @@ fi %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Mon Apr 01 2013 Paul Wouters - 1.3.1-12 +- rhbz#929447 - Fix ipparam so ipv6-up does not fail (Michal Bruncko) + * Fri Feb 15 2013 Fedora Release Engineering - 1.3.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild From d374fe85ac46298faf76ff2f3c6369b5f45f5e33 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 1 Apr 2013 13:49:58 -0400 Subject: [PATCH 58/85] * Introduce new systemd-rpm macros in xl2tpd spec file --- xl2tpd.spec | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 853ebbd..200154b 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -20,16 +20,14 @@ Patch3: xl2tpd-1.3.1-kernelmode.patch Patch4: xl2tpd-1.3.1-conf.patch Patch5: xl2tpd-1.3.1-pty.patch Patch6: xl2tpd-1.3.1-ipparam-to-remotenumber.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: ppp >= 2.4.5-18, kernel-modules-extra # If you want to authenticate against a Microsoft PDC/Active Directory # Requires: samba-winbind BuildRequires: libpcap-devel BuildRequires: systemd-units -Requires(post): systemd-sysv -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd %description xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). @@ -88,24 +86,13 @@ install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2 install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd - -%clean -rm -rf %{buildroot} - - %preun -if [ $1 -eq 0 ]; then - # Package removal, not upgrade - /bin/systemctl --no-reload disable xl2tpd.service > /dev/null 2>&1 || : - /bin/systemctl stop xl2tpd.service > /dev/null 2>&1 || : -fi +%systemd_preun xl2tpd.service +%post +%systemd_post xl2tpd.service %postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -if [ $1 -ge 1 ] ; then - # Package upgrade, not uninstall - /bin/systemctl try-restart xl2tpd.service >/dev/null 2>&1 || : -fi +%systemd_postun_with_restart xl2tpd.service %triggerun -- xl2td < 1.3.1-3 # Save the current service runlevel info @@ -117,7 +104,6 @@ fi /bin/systemctl try-restart xl2tpd.service >/dev/null 2>&1 || : %files -%defattr(-,root,root) %doc BUGS CHANGES CREDITS LICENSE README.* TODO doc/rfc2661.txt %doc doc/README.patents examples/chapsecrets.sample %{_sbindir}/xl2tpd @@ -135,6 +121,7 @@ fi %changelog * Mon Apr 01 2013 Paul Wouters - 1.3.1-12 - rhbz#929447 - Fix ipparam so ipv6-up does not fail (Michal Bruncko) +- rhbz#850372 - Introduce new systemd-rpm macros in xl2tpd spec file * Fri Feb 15 2013 Fedora Release Engineering - 1.3.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild From 6c8bb0513445f9ce36f3eb7d7b06d4b2450b238c Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 1 Apr 2013 16:58:01 -0400 Subject: [PATCH 59/85] - Use relro,pie for compiling - Use openssl's MD5 function instead of private copy, so FIPS restrictions work --- xl2tpd-1.3.1-md5-fips.patch | 453 ++++++++++++++++++++++++++++++++++++ xl2tpd.spec | 9 +- 2 files changed, 460 insertions(+), 2 deletions(-) create mode 100644 xl2tpd-1.3.1-md5-fips.patch diff --git a/xl2tpd-1.3.1-md5-fips.patch b/xl2tpd-1.3.1-md5-fips.patch new file mode 100644 index 0000000..6ad39ec --- /dev/null +++ b/xl2tpd-1.3.1-md5-fips.patch @@ -0,0 +1,453 @@ +diff -Naur xl2tpd-1.3.1/aaa.c xl2tpd-1.3.1-fips/aaa.c +--- xl2tpd-1.3.1/aaa.c 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1-fips/aaa.c 2013-04-01 16:36:40.929098507 -0400 +@@ -21,6 +21,8 @@ + #include + #include "l2tp.h" + ++#include ++ + extern void bufferDump (char *, int); + + /* FIXME: Accounting? */ +@@ -273,11 +275,11 @@ + #endif + + memset (chal->response, 0, MD_SIG_SIZE); +- MD5Init (&chal->md5); +- MD5Update (&chal->md5, &chal->ss, 1); +- MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret)); +- MD5Update (&chal->md5, chal->challenge, chal->chal_len); +- MD5Final (chal->response, &chal->md5); ++ MD5_Init (&chal->md5); ++ MD5_Update (&chal->md5, &chal->ss, 1); ++ MD5_Update (&chal->md5, chal->secret, strlen ((char *)chal->secret)); ++ MD5_Update (&chal->md5, chal->challenge, chal->chal_len); ++ MD5_Final (chal->response, &chal->md5); + #ifdef DEBUG_AUTH + l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n", + *((int *) &chal->response[0]), +@@ -392,12 +394,12 @@ + buf->len += length; + /* Back to the beginning of real data, including the original length AVP */ + +- MD5Init (&t->chal_them.md5); +- MD5Update (&t->chal_them.md5, (void *) &attr, 2); +- MD5Update (&t->chal_them.md5, t->chal_them.secret, ++ MD5_Init (&t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, (void *) &attr, 2); ++ MD5_Update (&t->chal_them.md5, t->chal_them.secret, + strlen ((char *)t->chal_them.secret)); +- MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE); +- MD5Final (digest, &t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE); ++ MD5_Final (digest, &t->chal_them.md5); + + /* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */ + ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr); +@@ -421,11 +423,11 @@ + #endif + if (ptr < end) + { +- MD5Init (&t->chal_them.md5); +- MD5Update (&t->chal_them.md5, t->chal_them.secret, ++ MD5_Init (&t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, t->chal_them.secret, + strlen ((char *)t->chal_them.secret)); +- MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE); +- MD5Final (digest, &t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE); ++ MD5_Final (digest, &t->chal_them.md5); + } + previous_segment = ptr; + } +@@ -458,12 +460,12 @@ + that it will be padded to a 16 byte boundary, so we + have to be more careful than when encrypting */ + attr = ntohs (old_hdr->attr); +- MD5Init (&t->chal_us.md5); +- MD5Update (&t->chal_us.md5, (void *) &attr, 2); +- MD5Update (&t->chal_us.md5, t->chal_us.secret, ++ MD5_Init (&t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, (void *) &attr, 2); ++ MD5_Update (&t->chal_us.md5, t->chal_us.secret, + strlen ((char *)t->chal_us.secret)); +- MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len); +- MD5Final (digest, &t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len); ++ MD5_Final (digest, &t->chal_us.md5); + #ifdef DEBUG_HIDDEN + l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr); + print_challenge (&t->chal_us); +@@ -474,11 +476,11 @@ + { + if (cnt >= MD_SIG_SIZE) + { +- MD5Init (&t->chal_us.md5); +- MD5Update (&t->chal_us.md5, t->chal_us.secret, ++ MD5_Init (&t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, t->chal_us.secret, + strlen ((char *)t->chal_us.secret)); +- MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE); +- MD5Final (digest, &t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE); ++ MD5_Final (digest, &t->chal_us.md5); + cnt = 0; + } + /* at the beginning of each segment, we save the current segment (16 octets or less) of cipher +diff -Naur xl2tpd-1.3.1/aaa.h xl2tpd-1.3.1-fips/aaa.h +--- xl2tpd-1.3.1/aaa.h 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1-fips/aaa.h 2013-04-01 16:46:39.532823130 -0400 +@@ -15,7 +15,7 @@ + + #ifndef _AAA_H + #define _AAA_H +-#include "md5.h" ++#include + + #define ADDR_HASH_SIZE 256 + #define MD_SIG_SIZE 16 +@@ -34,7 +43,8 @@ + + struct challenge + { +- struct MD5Context md5; ++ /* struct MD5Context md5; */ ++ MD5_CTX md5; + unsigned char ss; /* State we're sending in */ + unsigned char secret[MAXSTRLEN]; /* The shared secret */ + unsigned char *challenge; /* The original challenge */ +diff -Naur xl2tpd-1.3.1/Makefile xl2tpd-1.3.1-fips/Makefile +--- xl2tpd-1.3.1/Makefile 2013-04-01 16:40:44.576870296 -0400 ++++ xl2tpd-1.3.1-fips/Makefile 2013-04-01 16:48:30.405039381 -0400 +@@ -91,8 +91,8 @@ + IPFLAGS?= -DIP_ALLOCATION + + CFLAGS+= $(DFLAGS) -O2 -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS) +-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h +-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o ++HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h ++OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o + SRCS=${OBJS:.o=.c} ${HDRS} + CONTROL_SRCS=xl2tpd-control.c + #LIBS= $(OSLIBS) # -lefence # efence for malloc checking +@@ -112,7 +112,7 @@ + rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC) + + $(EXEC): $(OBJS) $(HDRS) +- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS) ++ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS) + + $(CONTROL_EXEC): $(CONTROL_SRCS) + $(CC) $(CFLAGS) -c $(CONTROL_SRCS) +diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c +--- xl2tpd-1.3.1/md5.c 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1-fips/md5.c 1969-12-31 19:00:00.000000000 -0500 +@@ -1,275 +0,0 @@ +-#ifdef FREEBSD +-# include +-#elif defined(OPENBSD) +-# define __BSD_VISIBLE 0 +-# include +-#elif defined(LINUX) +-# include +-#elif defined(SOLARIS) +-# include +-#endif +-#if __BYTE_ORDER == __BIG_ENDIAN +-#define HIGHFIRST 1 +-#endif +- +-/* +- * This code implements the MD5 message-digest algorithm. +- * The algorithm is due to Ron Rivest. This code was +- * written by Colin Plumb in 1993, no copyright is claimed. +- * This code is in the public domain; do with it what you wish. +- * +- * Equivalent code is available from RSA Data Security, Inc. +- * This code has been tested against that, and is equivalent, +- * except that you don't need to include two pages of legalese +- * with every copy. +- * +- * To compute the message digest of a chunk of bytes, declare an +- * MD5Context structure, pass it to MD5Init, call MD5Update as +- * needed on buffers full of bytes, and then call MD5Final, which +- * will fill a supplied 16-byte array with the digest. +- */ +-#include /* for memcpy() */ +-#include "md5.h" +- +-#ifndef HIGHFIRST +-#define byteReverse(buf, len) /* Nothing */ +-#else +-void byteReverse (unsigned char *buf, unsigned longs); +- +-#ifndef ASM_MD5 +-/* +- * Note: this code is harmless on little-endian machines. +- */ +-void byteReverse (unsigned char *buf, unsigned longs) +-{ +- uint32 t; +- do +- { +- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | +- ((unsigned) buf[1] << 8 | buf[0]); +- *(uint32 *) buf = t; +- buf += 4; +- } +- while (--longs); +-} +-#endif +-#endif +- +-/* +- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious +- * initialization constants. +- */ +-void MD5Init (struct MD5Context *ctx) +-{ +- ctx->buf[0] = 0x67452301; +- ctx->buf[1] = 0xefcdab89; +- ctx->buf[2] = 0x98badcfe; +- ctx->buf[3] = 0x10325476; +- +- ctx->bits[0] = 0; +- ctx->bits[1] = 0; +-} +- +-/* +- * Update context to reflect the concatenation of another buffer full +- * of bytes. +- */ +-void MD5Update (struct MD5Context *ctx, unsigned char const *buf, +- unsigned len) +-{ +- uint32 t; +- +- /* Update bitcount */ +- +- t = ctx->bits[0]; +- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) +- ctx->bits[1]++; /* Carry from low to high */ +- ctx->bits[1] += len >> 29; +- +- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ +- +- /* Handle any leading odd-sized chunks */ +- +- if (t) +- { +- unsigned char *p = (unsigned char *) ctx->in + t; +- +- t = 64 - t; +- if (len < t) +- { +- memcpy (p, buf, len); +- return; +- } +- memcpy (p, buf, t); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- buf += t; +- len -= t; +- } +- /* Process data in 64-byte chunks */ +- +- while (len >= 64) +- { +- memcpy (ctx->in, buf, 64); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- buf += 64; +- len -= 64; +- } +- +- /* Handle any remaining bytes of data. */ +- +- memcpy (ctx->in, buf, len); +-} +- +-/* +- * Final wrapup - pad to 64-byte boundary with the bit pattern +- * 1 0* (64-bit count of bits processed, MSB-first) +- */ +-void MD5Final (unsigned char digest[16], struct MD5Context *ctx) +-{ +- unsigned count; +- unsigned char *p; +- +- /* Compute number of bytes mod 64 */ +- count = (ctx->bits[0] >> 3) & 0x3F; +- +- /* Set the first char of padding to 0x80. This is safe since there is +- always at least one byte free */ +- p = ctx->in + count; +- *p++ = 0x80; +- +- /* Bytes of padding needed to make 64 bytes */ +- count = 64 - 1 - count; +- +- /* Pad out to 56 mod 64 */ +- if (count < 8) +- { +- /* Two lots of padding: Pad the first block to 64 bytes */ +- memset (p, 0, count); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- +- /* Now fill the next block with 56 bytes */ +- memset (ctx->in, 0, 56); +- } +- else +- { +- /* Pad block to 56 bytes */ +- memset (p, 0, count - 8); +- } +- byteReverse (ctx->in, 14); +- +- /* Append length in bits and transform */ +- ((uint32 *) ctx->in)[14] = ctx->bits[0]; +- ((uint32 *) ctx->in)[15] = ctx->bits[1]; +- +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- byteReverse ((unsigned char *) ctx->buf, 4); +- memcpy (digest, ctx->buf, 16); +- memset (ctx, 0, sizeof (ctx)); /* In case it's sensitive */ +-} +- +-#ifndef ASM_MD5 +- +-/* The four core functions - F1 is optimized somewhat */ +- +-/* #define F1(x, y, z) (x & y | ~x & z) */ +-#define F1(x, y, z) (z ^ (x & (y ^ z))) +-#define F2(x, y, z) F1(z, x, y) +-#define F3(x, y, z) (x ^ y ^ z) +-#define F4(x, y, z) (y ^ (x | ~z)) +- +-/* This is the central step in the MD5 algorithm. */ +-#define MD5STEP(f, w, x, y, z, data, s) \ +- ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) +- +-/* +- * The core of the MD5 algorithm, this alters an existing MD5 hash to +- * reflect the addition of 16 longwords of new data. MD5Update blocks +- * the data and converts bytes into longwords for this routine. +- */ +-void MD5Transform (uint32 buf[4], uint32 const in[16]) +-{ +- register uint32 a, b, c, d; +- +- a = buf[0]; +- b = buf[1]; +- c = buf[2]; +- d = buf[3]; +- +- MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7); +- MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12); +- MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17); +- MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22); +- MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7); +- MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12); +- MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17); +- MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22); +- MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7); +- MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12); +- MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17); +- MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22); +- MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7); +- MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12); +- MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17); +- MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22); +- +- MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5); +- MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9); +- MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14); +- MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); +- MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5); +- MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9); +- MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14); +- MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); +- MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5); +- MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9); +- MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14); +- MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20); +- MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5); +- MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); +- MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14); +- MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); +- +- MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4); +- MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11); +- MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16); +- MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23); +- MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4); +- MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); +- MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); +- MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23); +- MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4); +- MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11); +- MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16); +- MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23); +- MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4); +- MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11); +- MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); +- MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23); +- +- MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6); +- MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10); +- MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15); +- MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21); +- MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6); +- MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); +- MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15); +- MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21); +- MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); +- MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); +- MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15); +- MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21); +- MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6); +- MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10); +- MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); +- MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21); +- +- buf[0] += a; +- buf[1] += b; +- buf[2] += c; +- buf[3] += d; +-} +- +-#endif +diff -Naur xl2tpd-1.3.1/md5.h xl2tpd-1.3.1-fips/md5.h +--- xl2tpd-1.3.1/md5.h 2011-10-06 15:22:05.000000000 -0400 ++++ xl2tpd-1.3.1-fips/md5.h 1969-12-31 19:00:00.000000000 -0500 +@@ -1,28 +0,0 @@ +-#ifndef MD5_H +-#define MD5_H +- +-#ifdef __alpha +-typedef unsigned int uint32; +-#else +-typedef unsigned long uint32; +-#endif +- +-struct MD5Context +-{ +- uint32 buf[4]; +- uint32 bits[2]; +- unsigned char in[64]; +-}; +- +-void MD5Init (struct MD5Context *context); +-void MD5Update (struct MD5Context *context, unsigned char const *buf, +- unsigned len); +-void MD5Final (unsigned char digest[16], struct MD5Context *context); +-void MD5Transform (uint32 buf[4], uint32 const in[16]); +- +-/* +- * This is needed to make RSAREF happy on some MS-DOS compilers. +- */ +-typedef struct MD5Context MD5_CTX; +- +-#endif /* !MD5_H */ diff --git a/xl2tpd.spec b/xl2tpd.spec index 6023f6a..94a84b0 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -5,7 +5,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 12%{?dist} +Release: 13%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd Group: System Environment/Daemons @@ -21,12 +21,14 @@ Patch4: xl2tpd-1.3.1-conf.patch Patch5: xl2tpd-1.3.1-pty.patch Patch6: xl2tpd-1.3.1-ipparam-to-remotenumber.patch Patch7: xl2tpd-1.3.1-Makefile +Patch8: xl2tpd-1.3.1-md5-fips.patch Requires: ppp >= 2.4.5-18, kernel-modules-extra # If you want to authenticate against a Microsoft PDC/Active Directory # Requires: samba-winbind BuildRequires: libpcap-devel BuildRequires: systemd-units +BuildRequires: openssl-devel Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -67,6 +69,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 rm linux/include/linux/if_pppol2tp.h @@ -126,9 +129,11 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog -* Mon Apr 01 2013 Paul Wouters - 1.3.1-12 +* Mon Apr 01 2013 Paul Wouters - 1.3.1-13 - rhbz#929447 - Fix ipparam so ipv6-up does not fail (Michal Bruncko) - rhbz#850372 - Introduce new systemd-rpm macros in xl2tpd spec file +- Use relro,pie for compiling +- Use openssl's MD5 function instead of private copy, so FIPS restrictions work * Fri Feb 15 2013 Fedora Release Engineering - 1.3.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild From 10d9b5b79832f6d26ea70b7a2399560e916bf445 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 1 Apr 2013 17:05:06 -0400 Subject: [PATCH 60/85] * udate changelog with bugzilla entry --- xl2tpd.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 94a84b0..52045e3 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -133,7 +133,8 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd - rhbz#929447 - Fix ipparam so ipv6-up does not fail (Michal Bruncko) - rhbz#850372 - Introduce new systemd-rpm macros in xl2tpd spec file - Use relro,pie for compiling -- Use openssl's MD5 function instead of private copy, so FIPS restrictions work +- rhbz#947209 - Use openssl's MD5 function instead of private copy + (so FIPS restrictions work) * Fri Feb 15 2013 Fedora Release Engineering - 1.3.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild From 19afcbe0fcdac23ed6e0c0e6216352bc52cefa0a Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sun, 4 Aug 2013 03:22:19 -0500 Subject: [PATCH 61/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 52045e3..8da2e63 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -5,7 +5,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.1 -Release: 13%{?dist} +Release: 14%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd Group: System Environment/Daemons @@ -129,6 +129,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sun Aug 04 2013 Fedora Release Engineering - 1.3.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Mon Apr 01 2013 Paul Wouters - 1.3.1-13 - rhbz#929447 - Fix ipparam so ipv6-up does not fail (Michal Bruncko) - rhbz#850372 - Introduce new systemd-rpm macros in xl2tpd spec file From 38e97b03eac9ba54dd4610652e455436fb01a064 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Mon, 12 May 2014 21:59:33 -0400 Subject: [PATCH 62/85] * Tue May 13 2014 Paul Wouters - 1.3.6-1 - Updated to 1.3.6 - using github-only monstrosity packaging - Resolves: rhbz#1051785 (new upstream version available) - Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address - Revert: rhbz#929447 Incorrect "ipparam" manipulation - Resolves: rhbz#1055196 Don't order service after syslog.target - Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory - Removed patches merged in upstream. - FIPS patch updated with advertising clause for openssl in xl2tpd -V (although the GPL code was already basically taken from openssl) --- .gitignore | 1 + sources | 2 +- xl2tpd-1.3.0-kernelmode.patch | 436 ------------------ xl2tpd-1.3.1-Makefile | 21 - xl2tpd-1.3.1-Wunused.patch | 41 -- xl2tpd-1.3.1-conf.patch | 94 ---- xl2tpd-1.3.1-ipparam-to-remotenumber.patch | 29 -- xl2tpd-1.3.1-kernelmode.patch | 362 --------------- xl2tpd-1.3.1-pty.patch | 19 - xl2tpd-1.3.6-conf.patch | 40 ++ ...-fips.patch => xl2tpd-1.3.6-md5-fips.patch | 59 ++- xl2tpd-bz80693.patch | 22 - xl2tpd.init | 101 ---- xl2tpd.service | 2 +- xl2tpd.spec | 61 ++- 15 files changed, 105 insertions(+), 1185 deletions(-) delete mode 100644 xl2tpd-1.3.0-kernelmode.patch delete mode 100644 xl2tpd-1.3.1-Makefile delete mode 100644 xl2tpd-1.3.1-Wunused.patch delete mode 100644 xl2tpd-1.3.1-conf.patch delete mode 100644 xl2tpd-1.3.1-ipparam-to-remotenumber.patch delete mode 100644 xl2tpd-1.3.1-kernelmode.patch delete mode 100644 xl2tpd-1.3.1-pty.patch create mode 100644 xl2tpd-1.3.6-conf.patch rename xl2tpd-1.3.1-md5-fips.patch => xl2tpd-1.3.6-md5-fips.patch (89%) delete mode 100644 xl2tpd-bz80693.patch delete mode 100644 xl2tpd.init diff --git a/.gitignore b/.gitignore index b276d35..cc9fdd7 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ xl2tpd-1.2.7.tar.gz xl2tpd-1.2.8.tar.gz xl2tpd-1.3.0.tar.gz xl2tpd-1.3.1.tar.gz +/xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz diff --git a/sources b/sources index 568bb82..cbe85ac 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -cf61576fef5c2d6c68279a408ec1f0d5 xl2tpd-1.3.1.tar.gz +e08e34510a97e126b324f3407c71806c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz diff --git a/xl2tpd-1.3.0-kernelmode.patch b/xl2tpd-1.3.0-kernelmode.patch deleted file mode 100644 index fafa456..0000000 --- a/xl2tpd-1.3.0-kernelmode.patch +++ /dev/null @@ -1,436 +0,0 @@ -diff --git a/Makefile b/Makefile -index 6f6481f..778f38d 100644 ---- a/Makefile -+++ b/Makefile -@@ -62,8 +62,8 @@ - # are packages seperately (eg kernel-headers on Fedora) - # Note: 2.6.23+ support still needs some changes in the xl2tpd source - # --#OSFLAGS+= -DUSE_KERNEL --# -+# Kernel mode fixed by sigwall -+OSFLAGS+= -DUSE_KERNEL - # - # Uncomment the next line for FreeBSD - # -diff --git a/call.c b/call.c -index d1b1858..b672f91 100644 ---- a/call.c -+++ b/call.c -@@ -680,6 +680,8 @@ struct call *get_call (int tunnel, int call, struct in_addr addr, int port, - st->peer.sin_port = port; - st->refme = refme; - st->refhim = refhim; -+ st->udp_fd = -1; -+ st->pppox_fd = -1; - bcopy (&addr, &st->peer.sin_addr, sizeof (addr)); - st->next = tunnels.head; - tunnels.head = st; -diff --git a/control.c b/control.c -index 0892df9..9362ffd 100644 ---- a/control.c -+++ b/control.c -@@ -596,6 +596,9 @@ int control_finish (struct tunnel *t, struct call *c) - if (gconfig.debug_state) - l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__); - control_xmit (buf); -+ -+ connect_pppol2tp(t); -+ - /* Schedule a HELLO */ - tv.tv_sec = HELLO_DELAY; - tv.tv_usec = 0; -@@ -608,6 +611,7 @@ int control_finish (struct tunnel *t, struct call *c) - "Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n", - IPADDY (t->peer.sin_addr), - ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim); -+ - if (t->lac) - { - /* This is part of a LAC, so we want to go ahead -@@ -635,6 +639,9 @@ int control_finish (struct tunnel *t, struct call *c) - IPADDY (t->peer.sin_addr), - ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim, - t->lns->entname); -+ -+ connect_pppol2tp(t); -+ - /* Schedule a HELLO */ - tv.tv_sec = HELLO_DELAY; - tv.tv_usec = 0; -diff --git a/l2tp.h b/l2tp.h -index 2724fff..856423f 100644 ---- a/l2tp.h -+++ b/l2tp.h -@@ -167,6 +167,8 @@ struct tunnel - int ourrws; /* Receive Window Size */ - int rxspeed; /* Receive bps */ - int txspeed; /* Transmit bps */ -+ int udp_fd; /* UDP fd */ -+ int pppox_fd; /* PPPOX tunnel fd */ - struct call *self; - struct lns *lns; /* LNS that owns us */ - struct lac *lac; /* LAC that owns us */ -@@ -220,6 +222,7 @@ extern void control_xmit (void *); - extern int ppd; - extern int switch_io; /* jz */ - extern int control_fd; -+extern int connect_pppol2tp(struct tunnel *t); - extern int start_pppd (struct call *c, struct ppp_opts *); - extern void magic_lac_dial (void *); - extern int get_entropy (unsigned char *, int); -diff --git a/linux/include/linux/if_pppol2tp.h b/linux/include/linux/if_pppol2tp.h -index a7d6a22..0795e4a 100644 ---- a/linux/include/linux/if_pppol2tp.h -+++ b/linux/include/linux/if_pppol2tp.h -@@ -36,6 +36,20 @@ struct pppol2tp_addr - __u16 d_tunnel, d_session; /* For sending outgoing packets */ - }; - -+/* The L2TPv3 protocol changes tunnel and session ids from 16 to 32 -+ * bits. So we need a different sockaddr structure. -+ */ -+struct pppol2tpv3_addr { -+ pid_t pid; /* pid that owns the fd. -+ * 0 => current */ -+ int fd; /* FD of UDP or IP socket to use */ -+ -+ struct sockaddr_in addr; /* IP address and port to send to */ -+ -+ __u32 s_tunnel, s_session; /* For matching incoming packets */ -+ __u32 d_tunnel, d_session; /* For sending outgoing packets */ -+}; -+ - /* Socket options: - * DEBUG - bitmask of debug message categories - * SENDSEQ - 0 => don't send packets with sequence numbers -diff --git a/network.c b/network.c -index 241bd82..fde250e 100644 ---- a/network.c -+++ b/network.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #ifndef LINUX - # include - #endif -@@ -36,6 +37,51 @@ int server_socket; /* Server socket */ - int kernel_support; /* Kernel Support there or not? */ - #endif - -+#ifdef USE_KERNEL -+void modprobe() { -+ char * modules[] = { "l2tp_ppp", "pppol2tp", NULL }; -+ char ** module; -+ char buf[256], *tok; -+ int pid, exit_status, fd; -+ -+ FILE * fmod = fopen("/proc/modules", "r"); -+ -+ if (fmod == NULL) -+ return; -+ -+ while (fgets(buf, 255, fmod) != NULL) { -+ if ((tok = strtok(buf, " ")) != NULL) { -+ for (module = modules; *module != NULL; ++module) { -+ if (!strcmp(*module, tok)) { -+ fclose(fmod); -+ return; -+ } -+ } -+ } -+ } -+ -+ fclose(fmod); -+ -+ for (module = modules; *module != NULL; ++module) { -+ if ((pid = fork()) >= 0) { -+ if (pid == 0) { -+ setenv("PATH", "/sbin:/usr/sbin:/bin:/usr/bin", 1); -+ if ((fd = open("/dev/null", O_RDWR)) > -1) { -+ dup2(fd, 1); -+ dup2(fd, 2); -+ } -+ execlp("modprobe", "modprobe", "-q", *module, (char *)NULL); -+ exit(1); -+ } else { -+ if ((pid = waitpid(pid, &exit_status, 0)) != -1 && WIFEXITED(exit_status)) { -+ if (WEXITSTATUS(exit_status) == 0) -+ return; -+ } -+ } -+ } -+ } -+} -+#endif - - int init_network (void) - { -@@ -45,6 +91,7 @@ int init_network (void) - server.sin_family = AF_INET; - server.sin_addr.s_addr = gconfig.listenaddr; - server.sin_port = htons (gconfig.port); -+ int flags; - if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0) - { - l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n", -@@ -52,6 +99,10 @@ int init_network (void) - return -EINVAL; - }; - -+ flags = 1; -+ setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); -+ setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); -+ - if (bind (server_socket, (struct sockaddr *) &server, sizeof (server))) - { - close (server_socket); -@@ -91,6 +142,7 @@ int init_network (void) - } - else - { -+ modprobe(); - int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); - if (kernel_fd < 0) - { -@@ -321,6 +373,11 @@ int build_fdset (fd_set *readfds) - - while (tun) - { -+ if (tun->udp_fd > -1) { -+ if (tun->udp_fd > max) -+ max = tun->udp_fd; -+ FD_SET (tun->udp_fd, readfds); -+ } - call = tun->call_head; - while (call) - { -@@ -390,6 +447,8 @@ void network_thread () - struct iovec iov; - char cbuf[256]; - unsigned int refme, refhim; -+ int * currentfd; -+ int server_socket_processed; - - /* This one buffer can be recycled for everything except control packets */ - buf = new_buf (MAX_RECV_SIZE); -@@ -428,7 +487,21 @@ void network_thread () - { - do_control (); - } -- if (FD_ISSET (server_socket, &readfds)) -+ server_socket_processed = 0; -+ currentfd = NULL; -+ st = tunnels.head; -+ while (st || !server_socket_processed) { -+ if (st && (st->udp_fd == -1)) { -+ st=st->next; -+ continue; -+ } -+ if (st) { -+ currentfd = &st->udp_fd; -+ } else { -+ currentfd = &server_socket; -+ server_socket_processed = 1; -+ } -+ if (FD_ISSET (*currentfd, &readfds)) - { - /* - * Okay, now we're ready for reading and processing new data. -@@ -457,12 +530,19 @@ void network_thread () - msgh.msg_flags = 0; - - /* Receive one packet. */ -- recvsize = recvmsg(server_socket, &msgh, 0); -+ recvsize = recvmsg(*currentfd, &msgh, 0); - - if (recvsize < MIN_PAYLOAD_HDR_LEN) - { - if (recvsize < 0) - { -+ if (errno == ECONNREFUSED) { -+ close(*currentfd); -+ } -+ if ((errno == ECONNREFUSED) || -+ (errno == EBADF)) { -+ *currentfd = -1; -+ } - if (errno != EAGAIN) - l2tp_log (LOG_WARNING, - "%s: recvfrom returned error %d (%s)\n", -@@ -567,6 +647,8 @@ void network_thread () - } - }; - } -+ if (st) st=st->next; -+ } - - /* - * finished obvious sources, look for data from PPP connections. -@@ -639,3 +721,82 @@ void network_thread () - } - - } -+ -+int connect_pppol2tp(struct tunnel *t) { -+#ifdef USE_KERNEL -+ if (kernel_support) { -+ int ufd = -1, fd2 = -1; -+ int flags; -+ struct sockaddr_pppol2tp sax; -+ -+ struct sockaddr_in server; -+ server.sin_family = AF_INET; -+ server.sin_addr.s_addr = gconfig.listenaddr; -+ server.sin_port = htons (gconfig.port); -+ if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0) -+ { -+ l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ }; -+ -+ flags=1; -+ setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); -+ setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); -+ -+ if (bind (ufd, (struct sockaddr *) &server, sizeof (server))) -+ { -+ close (ufd); -+ l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n", -+ __FUNCTION__, strerror(errno), errno); -+ return -EINVAL; -+ }; -+ server = t->peer; -+ flags = fcntl(ufd, F_GETFL); -+ if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) { -+ l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) { -+ l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ -+ t->udp_fd=ufd; -+ -+ fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); -+ if (fd2 < 0) { -+ l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ flags = fcntl(fd2, F_GETFL); -+ if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) { -+ l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ sax.sa_family = AF_PPPOX; -+ sax.sa_protocol = PX_PROTO_OL2TP; -+ sax.pppol2tp.pid = 0; -+ sax.pppol2tp.fd = t->udp_fd; -+ sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr; -+ sax.pppol2tp.addr.sin_port = t->peer.sin_port; -+ sax.pppol2tp.addr.sin_family = AF_INET; -+ sax.pppol2tp.s_tunnel = t->ourtid; -+ sax.pppol2tp.s_session = 0; -+ sax.pppol2tp.d_tunnel = t->tid; -+ sax.pppol2tp.d_session = 0; -+ if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) { -+ l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n", -+ __FUNCTION__, errno, strerror(errno)); -+ close(fd2); -+ return -EINVAL; -+ } -+ t->pppox_fd = fd2; -+ } -+#endif -+ return 0; -+} -diff --git a/xl2tpd.c b/xl2tpd.c -index 307ac2e..3fb6dd7 100644 ---- a/xl2tpd.c -+++ b/xl2tpd.c -@@ -278,7 +278,11 @@ void death_handler (int signal) - struct tunnel *st, *st2; - int sec; - l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal); -+#ifdef USE_KERNEL -+ if (kernel_support || signal != SIGTERM) { -+#else - if (signal != SIGTERM) { -+#endif - st = tunnels.head; - while (st) - { -@@ -349,7 +353,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts) - int flags; - #endif - int pos = 1; -- int fd2; -+ int fd2 = -1; - #ifdef DEBUG_PPPD - int x; - #endif -@@ -397,7 +401,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts) - sax.sa_family = AF_PPPOX; - sax.sa_protocol = PX_PROTO_OL2TP; - sax.pppol2tp.pid = 0; -- sax.pppol2tp.fd = server_socket; -+ sax.pppol2tp.fd = c->container->udp_fd; - sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr; - sax.pppol2tp.addr.sin_port = c->container->peer.sin_port; - sax.pppol2tp.addr.sin_family = AF_INET; -@@ -408,6 +412,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts) - if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) { - l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n", - __FUNCTION__); -+ close(fd2); - return -EINVAL; - } - stropt[pos++] = strdup ("plugin"); -@@ -484,7 +489,7 @@ int start_pppd (struct call *c, struct ppp_opts *opts) - dup2 (fd2, 0); - dup2 (fd2, 1); - close(fd2); -- -+ } - /* close all the calls pty fds */ - st = tunnels.head; - while (st) -@@ -492,12 +497,17 @@ int start_pppd (struct call *c, struct ppp_opts *opts) - sc = st->call_head; - while (sc) - { -- close (sc->fd); -+#ifdef USE_KERNEL -+ if (kernel_support) { -+ close(st->udp_fd); /* tunnel UDP fd */ -+ close(st->pppox_fd); /* tunnel PPPoX fd */ -+ } else -+#endif -+ close (sc->fd); /* call pty fd */ - sc = sc->next; - } - st = st->next; - } -- } - - /* close the UDP socket fd */ - close (server_socket); -@@ -615,6 +625,10 @@ void destroy_tunnel (struct tunnel *t) - the memory pointed to by t->chal_us.vector at some other place */ - if (t->chal_them.vector) - free (t->chal_them.vector); -+ if (t->pppox_fd > -1 ) -+ close (t->pppox_fd); -+ if (t->udp_fd > -1 ) -+ close (t->udp_fd); - free (t); - free (me); - } diff --git a/xl2tpd-1.3.1-Makefile b/xl2tpd-1.3.1-Makefile deleted file mode 100644 index b21ef78..0000000 --- a/xl2tpd-1.3.1-Makefile +++ /dev/null @@ -1,21 +0,0 @@ -diff -Naur xl2tpd-1.3.1-orig/Makefile xl2tpd-1.3.1/Makefile ---- xl2tpd-1.3.1-orig/Makefile 2013-04-01 16:05:42.459122589 -0400 -+++ xl2tpd-1.3.1/Makefile 2013-04-01 16:06:03.800359414 -0400 -@@ -98,6 +98,7 @@ - #LIBS= $(OSLIBS) # -lefence # efence for malloc checking - EXEC=xl2tpd - CONTROL_EXEC=xl2tpd-control -+CONTROL_OBJ=xl2tpd-control.o - - PREFIX?=/usr/local - SBINDIR?=$(DESTDIR)${PREFIX}/sbin -@@ -114,7 +115,8 @@ - $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS) - - $(CONTROL_EXEC): $(CONTROL_SRCS) -- $(CC) $(CONTROL_SRCS) -o $@ -+ $(CC) $(CFLAGS) -c $(CONTROL_SRCS) -+ $(CC) $(LDFLAGS) -o $@ $(CONTROL_OBJ) - - pfc: - $(CC) $(CFLAGS) -c contrib/pfc.c diff --git a/xl2tpd-1.3.1-Wunused.patch b/xl2tpd-1.3.1-Wunused.patch deleted file mode 100644 index 67e7cd8..0000000 --- a/xl2tpd-1.3.1-Wunused.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff --git a/control.c b/control.c -index 0892df9..a124d04 100644 ---- a/control.c -+++ b/control.c -@@ -1685,7 +1685,6 @@ void handle_special (struct buffer *buf, struct call *c, _u16 call) - * call if it was a CDN, otherwise, send a CDN to notify them - * that this call has been terminated. - */ -- struct buffer *outgoing; - struct tunnel *t = c->container; - /* Don't do anything unless it's a control packet */ - if (!CTBIT (*((_u16 *) buf->start))) -@@ -1705,7 +1704,6 @@ void handle_special (struct buffer *buf, struct call *c, _u16 call) - return; - } - /* Make a packet with the specified call number */ -- outgoing = new_outgoing (t); - /* FIXME: If I'm not a CDN, I need to send a CDN */ - control_zlb (buf, t, c); - c->cid = 0; -diff --git a/network.c b/network.c -index 783a181..82aedd7 100644 ---- a/network.c -+++ b/network.c -@@ -377,7 +377,7 @@ void network_thread () - * our network socket. Control handling is no longer done here. - */ - struct sockaddr_in from, to; -- unsigned int fromlen, tolen; -+ unsigned int fromlen; - int tunnel, call; /* Tunnel and call */ - int recvsize; /* Length of data received */ - struct buffer *buf; /* Payload buffer */ -@@ -443,7 +443,6 @@ void network_thread () - memset(&to, 0, sizeof(to)); - - fromlen = sizeof(from); -- tolen = sizeof(to); - - memset(&msgh, 0, sizeof(struct msghdr)); - iov.iov_base = buf->start; diff --git a/xl2tpd-1.3.1-conf.patch b/xl2tpd-1.3.1-conf.patch deleted file mode 100644 index f7e2710..0000000 --- a/xl2tpd-1.3.1-conf.patch +++ /dev/null @@ -1,94 +0,0 @@ -diff -Naur xl2tpd-1.3.1-orig/examples/chapsecrets.sample xl2tpd-1.3.1/examples/chapsecrets.sample ---- xl2tpd-1.3.1-orig/examples/chapsecrets.sample 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/examples/chapsecrets.sample 2012-06-12 12:08:26.850851970 -0400 -@@ -1,7 +1,10 @@ --# Secrets for authentication using CHAP --# client server secret IP addresses --jacco * "mysecret" 192.168.1.128/25 --* jacco "mysecret" 192.168.1.128/25 --sam * "rumpelstiltskin" 192.168.1.5 --* sam "rumpelstiltskin" 192.168.1.5 -- -+# Secrets for authentication on server using CHAP -+# See /etc/ppp/options.xl2tpd on how to use Windows authentication -+# client server secret IP addresses -+jacco * "mysecret" 192.168.1.128/25 # Dynamic IP -+sam * "rumpelstiltskin" 192.168.1.5 # Static IP -+# -+# Secrets for authentication on client using CHAP -+# client server secret IP addresses -+* jacco "mysecret" -+* sam "rumpelstiltskin" -diff -Naur xl2tpd-1.3.1-orig/examples/README xl2tpd-1.3.1/examples/README ---- xl2tpd-1.3.1-orig/examples/README 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/examples/README 2012-06-12 12:08:26.850851970 -0400 -@@ -1,2 +1,4 @@ --These are example files for use with xl2tpd. The xl2tpd*conf files are --examples to use xl2tpd with Openswan's IPsec. See www.openswan.org -+These are example files for use with xl2tpd. -+ -+Openswan carries config examples for use with l2tp-over-ipsec. -+See http://www.openswan.org/ -diff -Naur xl2tpd-1.3.1-orig/examples/xl2tpd.conf xl2tpd-1.3.1/examples/xl2tpd.conf ---- xl2tpd-1.3.1-orig/examples/xl2tpd.conf 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/examples/xl2tpd.conf 2012-06-12 12:27:00.922911049 -0400 -@@ -14,6 +14,11 @@ - ; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99) - ; will be used by xl2tpd as its address on pppX interfaces. - -+ -+; IMPORTANT: always set listen-addr to a specific address, to work around a -+; udpfromto bug!!! -+ -+ - [global] - ; listen-addr = 192.168.1.98 - ; -@@ -24,14 +29,15 @@ - ; when using any of the SAref kernel patches for kernels up to 2.6.35. - ; ipsec refinfo = 30 - ; --; forceuserspace = yes -+; force userspace = yes - ; - ; debug tunnel = yes - - [lns default] - ip range = 192.168.1.128-192.168.1.254 - local ip = 192.168.1.99 --require chap = yes -+; leave chap unspecified for maximum compatibility with windows, iOS, etc -+; require chap = yes - refuse pap = yes - require authentication = yes - name = LinuxVPNserver -diff -aur xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.1/examples/ppp-options.xl2tpd ---- xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/examples/ppp-options.xl2tpd 2012-07-19 10:54:13.810503823 -0400 -@@ -1,9 +1,10 @@ - ipcp-accept-local - ipcp-accept-remote --ms-dns 192.168.1.1 --ms-dns 192.168.1.3 --ms-wins 192.168.1.2 --ms-wins 192.168.1.4 -+ms-dns 8.8.8.8 -+# ms-dns 192.168.1.1 -+# ms-dns 192.168.1.3 -+# ms-wins 192.168.1.2 -+# ms-wins 192.168.1.4 - noccp - auth - crtscts -@@ -15,3 +16,11 @@ - lock - proxyarp - connect-delay 5000 -+# To allow authentication against a Windows domain EXAMPLE, and require the -+# user to be in a group "VPN Users". Requires the samba-winbind package -+# require-mschap-v2 -+# plugin winbind.so -+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"' -+# You need to join the domain on the server, for example using samba: -+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html -+ diff --git a/xl2tpd-1.3.1-ipparam-to-remotenumber.patch b/xl2tpd-1.3.1-ipparam-to-remotenumber.patch deleted file mode 100644 index 02bf50a..0000000 --- a/xl2tpd-1.3.1-ipparam-to-remotenumber.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- xl2tpd-1.3.1-orig/control.c 2011-10-06 21:22:05.000000000 +0200 -+++ xl2tpd-1.3.1/control.c 2013-03-30 21:45:04.641605756 +0100 -@@ -898,7 +898,7 @@ - po = add_opt (po, c->lac->pppoptfile); - } - }; -- po = add_opt (po, "ipparam"); -+ po = add_opt (po, "remotenumber"); - po = add_opt (po, IPADDY (t->peer.sin_addr)); - start_pppd (c, po); - opt_destroy (po); -@@ -974,7 +974,7 @@ - po = add_opt (po, "file"); - po = add_opt (po, c->lns->pppoptfile); - } -- po = add_opt (po, "ipparam"); -+ po = add_opt (po, "remotenumber"); - po = add_opt (po, IPADDY (t->peer.sin_addr)); - start_pppd (c, po); - opt_destroy (po); -@@ -1034,7 +1034,7 @@ - po = add_opt (po, c->lac->pppoptfile); - } - }; -- po = add_opt (po, "ipparam"); -+ po = add_opt (po, "remotenumber"); - po = add_opt (po, IPADDY (t->peer.sin_addr)); - start_pppd (c, po); - diff --git a/xl2tpd-1.3.1-kernelmode.patch b/xl2tpd-1.3.1-kernelmode.patch deleted file mode 100644 index 34c2e09..0000000 --- a/xl2tpd-1.3.1-kernelmode.patch +++ /dev/null @@ -1,362 +0,0 @@ -diff -Naur xl2tpd-1.3.1-orig/call.c xl2tpd-1.3.1/call.c ---- xl2tpd-1.3.1-orig/call.c 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/call.c 2012-06-15 15:57:17.250953288 -0400 -@@ -680,6 +680,8 @@ - st->peer.sin_port = port; - st->refme = refme; - st->refhim = refhim; -+ st->udp_fd = -1; -+ st->pppox_fd = -1; - bcopy (&addr, &st->peer.sin_addr, sizeof (addr)); - st->next = tunnels.head; - tunnels.head = st; -diff -Naur xl2tpd-1.3.1-orig/control.c xl2tpd-1.3.1/control.c ---- xl2tpd-1.3.1-orig/control.c 2012-06-15 15:56:30.169585604 -0400 -+++ xl2tpd-1.3.1/control.c 2012-06-15 15:57:17.251953296 -0400 -@@ -596,6 +596,9 @@ - if (gconfig.debug_state) - l2tp_log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__); - control_xmit (buf); -+ -+ connect_pppol2tp(t); -+ - /* Schedule a HELLO */ - tv.tv_sec = HELLO_DELAY; - tv.tv_usec = 0; -@@ -608,6 +611,7 @@ - "Connection established to %s, %d. Local: %d, Remote: %d (ref=%u/%u).\n", - IPADDY (t->peer.sin_addr), - ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim); -+ - if (t->lac) - { - /* This is part of a LAC, so we want to go ahead -@@ -635,6 +639,9 @@ - IPADDY (t->peer.sin_addr), - ntohs (t->peer.sin_port), t->ourtid, t->tid, t->refme, t->refhim, - t->lns->entname); -+ -+ connect_pppol2tp(t); -+ - /* Schedule a HELLO */ - tv.tv_sec = HELLO_DELAY; - tv.tv_usec = 0; -diff -Naur xl2tpd-1.3.1-orig/l2tp.h xl2tpd-1.3.1/l2tp.h ---- xl2tpd-1.3.1-orig/l2tp.h 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/l2tp.h 2012-06-15 15:57:17.251953296 -0400 -@@ -167,6 +167,8 @@ - int ourrws; /* Receive Window Size */ - int rxspeed; /* Receive bps */ - int txspeed; /* Transmit bps */ -+ int udp_fd; /* UDP fd */ -+ int pppox_fd; /* PPPOX tunnel fd */ - struct call *self; - struct lns *lns; /* LNS that owns us */ - struct lac *lac; /* LAC that owns us */ -@@ -220,6 +222,7 @@ - extern int ppd; - extern int switch_io; /* jz */ - extern int control_fd; -+extern int connect_pppol2tp(struct tunnel *t); - extern int start_pppd (struct call *c, struct ppp_opts *); - extern void magic_lac_dial (void *); - extern int get_entropy (unsigned char *, int); -diff -Naur xl2tpd-1.3.1-orig/Makefile xl2tpd-1.3.1/Makefile ---- xl2tpd-1.3.1-orig/Makefile 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/Makefile 2012-06-15 15:57:17.250953288 -0400 -@@ -62,8 +62,8 @@ - # are packages seperately (eg kernel-headers on Fedora) - # Note: 2.6.23+ support still needs some changes in the xl2tpd source - # --#OSFLAGS+= -DUSE_KERNEL --# -+# Kernel mode fixed by sigwall -+OSFLAGS+= -DUSE_KERNEL - # - # Uncomment the next line for FreeBSD - # -diff -Naur xl2tpd-1.3.1-orig/network.c xl2tpd-1.3.1/network.c ---- xl2tpd-1.3.1-orig/network.c 2012-06-15 15:56:30.169585604 -0400 -+++ xl2tpd-1.3.1/network.c 2012-06-15 16:00:26.259429931 -0400 -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #ifndef LINUX - # include - #endif -@@ -36,7 +37,6 @@ - int kernel_support; /* Kernel Support there or not? */ - #endif - -- - int init_network (void) - { - long arg; -@@ -45,6 +45,7 @@ - server.sin_family = AF_INET; - server.sin_addr.s_addr = gconfig.listenaddr; - server.sin_port = htons (gconfig.port); -+ int flags; - if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0) - { - l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n", -@@ -52,6 +53,10 @@ - return -EINVAL; - }; - -+ flags = 1; -+ setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); -+ setsockopt(server_socket, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); -+ - if (bind (server_socket, (struct sockaddr *) &server, sizeof (server))) - { - close (server_socket); -@@ -94,7 +99,7 @@ - int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); - if (kernel_fd < 0) - { -- l2tp_log (LOG_INFO, "L2TP kernel support not detected.\n"); -+ l2tp_log (LOG_INFO, "L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)\n"); - kernel_support = 0; - } - else -@@ -321,6 +326,11 @@ - - while (tun) - { -+ if (tun->udp_fd > -1) { -+ if (tun->udp_fd > max) -+ max = tun->udp_fd; -+ FD_SET (tun->udp_fd, readfds); -+ } - call = tun->call_head; - while (call) - { -@@ -390,6 +400,8 @@ - struct iovec iov; - char cbuf[256]; - unsigned int refme, refhim; -+ int * currentfd; -+ int server_socket_processed; - - /* This one buffer can be recycled for everything except control packets */ - buf = new_buf (MAX_RECV_SIZE); -@@ -428,7 +440,21 @@ - { - do_control (); - } -- if (FD_ISSET (server_socket, &readfds)) -+ server_socket_processed = 0; -+ currentfd = NULL; -+ st = tunnels.head; -+ while (st || !server_socket_processed) { -+ if (st && (st->udp_fd == -1)) { -+ st=st->next; -+ continue; -+ } -+ if (st) { -+ currentfd = &st->udp_fd; -+ } else { -+ currentfd = &server_socket; -+ server_socket_processed = 1; -+ } -+ if (FD_ISSET (*currentfd, &readfds)) - { - /* - * Okay, now we're ready for reading and processing new data. -@@ -456,12 +482,19 @@ - msgh.msg_flags = 0; - - /* Receive one packet. */ -- recvsize = recvmsg(server_socket, &msgh, 0); -+ recvsize = recvmsg(*currentfd, &msgh, 0); - - if (recvsize < MIN_PAYLOAD_HDR_LEN) - { - if (recvsize < 0) - { -+ if (errno == ECONNREFUSED) { -+ close(*currentfd); -+ } -+ if ((errno == ECONNREFUSED) || -+ (errno == EBADF)) { -+ *currentfd = -1; -+ } - if (errno != EAGAIN) - l2tp_log (LOG_WARNING, - "%s: recvfrom returned error %d (%s)\n", -@@ -566,6 +599,8 @@ - } - }; - } -+ if (st) st=st->next; -+ } - - /* - * finished obvious sources, look for data from PPP connections. -@@ -638,3 +673,82 @@ - } - - } -+ -+int connect_pppol2tp(struct tunnel *t) { -+#ifdef USE_KERNEL -+ if (kernel_support) { -+ int ufd = -1, fd2 = -1; -+ int flags; -+ struct sockaddr_pppol2tp sax; -+ -+ struct sockaddr_in server; -+ server.sin_family = AF_INET; -+ server.sin_addr.s_addr = gconfig.listenaddr; -+ server.sin_port = htons (gconfig.port); -+ if ((ufd = socket (PF_INET, SOCK_DGRAM, 0)) < 0) -+ { -+ l2tp_log (LOG_CRIT, "%s: Unable to allocate UDP socket. Terminating.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ }; -+ -+ flags=1; -+ setsockopt(ufd, SOL_SOCKET, SO_REUSEADDR, &flags, sizeof(flags)); -+ setsockopt(ufd, SOL_SOCKET, SO_NO_CHECK, &flags, sizeof(flags)); -+ -+ if (bind (ufd, (struct sockaddr *) &server, sizeof (server))) -+ { -+ close (ufd); -+ l2tp_log (LOG_CRIT, "%s: Unable to bind UDP socket: %s. Terminating.\n", -+ __FUNCTION__, strerror(errno), errno); -+ return -EINVAL; -+ }; -+ server = t->peer; -+ flags = fcntl(ufd, F_GETFL); -+ if (flags == -1 || fcntl(ufd, F_SETFL, flags | O_NONBLOCK) == -1) { -+ l2tp_log (LOG_WARNING, "%s: Unable to set UDP socket nonblock.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ if (connect (ufd, (struct sockaddr *) &server, sizeof(server)) < 0) { -+ l2tp_log (LOG_CRIT, "%s: Unable to connect UDP peer. Terminating.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ -+ t->udp_fd=ufd; -+ -+ fd2 = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); -+ if (fd2 < 0) { -+ l2tp_log (LOG_WARNING, "%s: Unable to allocate PPPoL2TP socket.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ flags = fcntl(fd2, F_GETFL); -+ if (flags == -1 || fcntl(fd2, F_SETFL, flags | O_NONBLOCK) == -1) { -+ l2tp_log (LOG_WARNING, "%s: Unable to set PPPoL2TP socket nonblock.\n", -+ __FUNCTION__); -+ return -EINVAL; -+ } -+ sax.sa_family = AF_PPPOX; -+ sax.sa_protocol = PX_PROTO_OL2TP; -+ sax.pppol2tp.pid = 0; -+ sax.pppol2tp.fd = t->udp_fd; -+ sax.pppol2tp.addr.sin_addr.s_addr = t->peer.sin_addr.s_addr; -+ sax.pppol2tp.addr.sin_port = t->peer.sin_port; -+ sax.pppol2tp.addr.sin_family = AF_INET; -+ sax.pppol2tp.s_tunnel = t->ourtid; -+ sax.pppol2tp.s_session = 0; -+ sax.pppol2tp.d_tunnel = t->tid; -+ sax.pppol2tp.d_session = 0; -+ if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) { -+ l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n", -+ __FUNCTION__, errno, strerror(errno)); -+ close(fd2); -+ return -EINVAL; -+ } -+ t->pppox_fd = fd2; -+ } -+#endif -+ return 0; -+} -diff -Naur xl2tpd-1.3.1-orig/xl2tpd.c xl2tpd-1.3.1/xl2tpd.c ---- xl2tpd-1.3.1-orig/xl2tpd.c 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/xl2tpd.c 2012-06-15 15:57:25.189015286 -0400 -@@ -278,7 +278,11 @@ - struct tunnel *st, *st2; - int sec; - l2tp_log (LOG_CRIT, "%s: Fatal signal %d received\n", __FUNCTION__, signal); -+#ifdef USE_KERNEL -+ if (kernel_support || signal != SIGTERM) { -+#else - if (signal != SIGTERM) { -+#endif - st = tunnels.head; - while (st) - { -@@ -349,7 +353,7 @@ - int flags; - #endif - int pos = 1; -- int fd2; -+ int fd2 = -1; - #ifdef DEBUG_PPPD - int x; - #endif -@@ -397,7 +401,7 @@ - sax.sa_family = AF_PPPOX; - sax.sa_protocol = PX_PROTO_OL2TP; - sax.pppol2tp.pid = 0; -- sax.pppol2tp.fd = server_socket; -+ sax.pppol2tp.fd = c->container->udp_fd; - sax.pppol2tp.addr.sin_addr.s_addr = c->container->peer.sin_addr.s_addr; - sax.pppol2tp.addr.sin_port = c->container->peer.sin_port; - sax.pppol2tp.addr.sin_family = AF_INET; -@@ -408,6 +412,7 @@ - if (connect(fd2, (struct sockaddr *)&sax, sizeof(sax)) < 0) { - l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket.\n", - __FUNCTION__); -+ close(fd2); - return -EINVAL; - } - stropt[pos++] = strdup ("plugin"); -@@ -484,7 +489,7 @@ - dup2 (fd2, 0); - dup2 (fd2, 1); - close(fd2); -- -+ } - /* close all the calls pty fds */ - st = tunnels.head; - while (st) -@@ -492,12 +497,17 @@ - sc = st->call_head; - while (sc) - { -- close (sc->fd); -+#ifdef USE_KERNEL -+ if (kernel_support) { -+ close(st->udp_fd); /* tunnel UDP fd */ -+ close(st->pppox_fd); /* tunnel PPPoX fd */ -+ } else -+#endif -+ close (sc->fd); /* call pty fd */ - sc = sc->next; - } - st = st->next; - } -- } - - /* close the UDP socket fd */ - close (server_socket); -@@ -615,6 +625,10 @@ - the memory pointed to by t->chal_us.vector at some other place */ - if (t->chal_them.vector) - free (t->chal_them.vector); -+ if (t->pppox_fd > -1 ) -+ close (t->pppox_fd); -+ if (t->udp_fd > -1 ) -+ close (t->udp_fd); - free (t); - free (me); - } diff --git a/xl2tpd-1.3.1-pty.patch b/xl2tpd-1.3.1-pty.patch deleted file mode 100644 index 2679873..0000000 --- a/xl2tpd-1.3.1-pty.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -aur xl2tpd-1.3.1-orig/pty.c xl2tpd-1.3.1/pty.c ---- xl2tpd-1.3.1-orig/pty.c 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1/pty.c 2012-06-25 23:45:51.241543911 -0400 -@@ -87,6 +87,7 @@ - return -EINVAL; - } - -+#if 0 /* not needed, triggers SElinux block */ - /* change the onwership */ - if (grantpt(fd)) - { -@@ -95,6 +96,7 @@ - close(fd); - return -EINVAL; - } -+#endif - - if (unlockpt(fd)) - { diff --git a/xl2tpd-1.3.6-conf.patch b/xl2tpd-1.3.6-conf.patch new file mode 100644 index 0000000..1976244 --- /dev/null +++ b/xl2tpd-1.3.6-conf.patch @@ -0,0 +1,40 @@ +diff -Naur xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.6/examples/ppp-options.xl2tpd +--- xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-1.3.6/examples/ppp-options.xl2tpd 2014-05-12 14:46:24.358653357 -0400 +@@ -1,9 +1,10 @@ + ipcp-accept-local + ipcp-accept-remote +-ms-dns 192.168.1.1 +-ms-dns 192.168.1.3 +-ms-wins 192.168.1.2 +-ms-wins 192.168.1.4 ++ms-dns 8.8.8.8 ++# ms-dns 192.168.1.1 ++# ms-dns 192.168.1.3 ++# ms-wins 192.168.1.2 ++# ms-wins 192.168.1.4 + noccp + auth + crtscts +@@ -15,3 +16,11 @@ + lock + proxyarp + connect-delay 5000 ++# To allow authentication against a Windows domain EXAMPLE, and require the ++# user to be in a group "VPN Users". Requires the samba-winbind package ++# require-mschap-v2 ++# plugin winbind.so ++# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"' ++# You need to join the domain on the server, for example using samba: ++# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html ++ +diff -Naur xl2tpd-1.3.6-orig/examples/README xl2tpd-1.3.6/examples/README +--- xl2tpd-1.3.6-orig/examples/README 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-1.3.6/examples/README 2014-05-12 14:46:59.168476547 -0400 +@@ -1,4 +1,4 @@ + These are example files for use with xl2tpd. + +-Openswan carries config examples for use with l2tp-over-ipsec. +-See http://www.openswan.org/ ++xl2tpd is often used in combination with libreswan to offer L2TP/IPsec ++See https://libreswan.org/ diff --git a/xl2tpd-1.3.1-md5-fips.patch b/xl2tpd-1.3.6-md5-fips.patch similarity index 89% rename from xl2tpd-1.3.1-md5-fips.patch rename to xl2tpd-1.3.6-md5-fips.patch index 6ad39ec..3ee8cc9 100644 --- a/xl2tpd-1.3.1-md5-fips.patch +++ b/xl2tpd-1.3.6-md5-fips.patch @@ -1,6 +1,6 @@ -diff -Naur xl2tpd-1.3.1/aaa.c xl2tpd-1.3.1-fips/aaa.c ---- xl2tpd-1.3.1/aaa.c 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1-fips/aaa.c 2013-04-01 16:36:40.929098507 -0400 +diff -Naur xl2tpd-1.3.6-orig/aaa.c xl2tpd-1.3.6/aaa.c +--- xl2tpd-1.3.6-orig/aaa.c 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-1.3.6/aaa.c 2014-05-12 15:01:05.936492449 -0400 @@ -21,6 +21,8 @@ #include #include "l2tp.h" @@ -95,9 +95,9 @@ diff -Naur xl2tpd-1.3.1/aaa.c xl2tpd-1.3.1-fips/aaa.c cnt = 0; } /* at the beginning of each segment, we save the current segment (16 octets or less) of cipher -diff -Naur xl2tpd-1.3.1/aaa.h xl2tpd-1.3.1-fips/aaa.h ---- xl2tpd-1.3.1/aaa.h 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1-fips/aaa.h 2013-04-01 16:46:39.532823130 -0400 +diff -Naur xl2tpd-1.3.6-orig/aaa.h xl2tpd-1.3.6/aaa.h +--- xl2tpd-1.3.6-orig/aaa.h 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-1.3.6/aaa.h 2014-05-12 15:02:39.262697808 -0400 @@ -15,7 +15,7 @@ #ifndef _AAA_H @@ -107,27 +107,26 @@ diff -Naur xl2tpd-1.3.1/aaa.h xl2tpd-1.3.1-fips/aaa.h #define ADDR_HASH_SIZE 256 #define MD_SIG_SIZE 16 -@@ -34,7 +43,8 @@ +@@ -34,7 +34,7 @@ struct challenge { - struct MD5Context md5; -+ /* struct MD5Context md5; */ + MD5_CTX md5; unsigned char ss; /* State we're sending in */ unsigned char secret[MAXSTRLEN]; /* The shared secret */ unsigned char *challenge; /* The original challenge */ -diff -Naur xl2tpd-1.3.1/Makefile xl2tpd-1.3.1-fips/Makefile ---- xl2tpd-1.3.1/Makefile 2013-04-01 16:40:44.576870296 -0400 -+++ xl2tpd-1.3.1-fips/Makefile 2013-04-01 16:48:30.405039381 -0400 -@@ -91,8 +91,8 @@ +diff -Naur xl2tpd-1.3.6-orig/Makefile xl2tpd-1.3.6/Makefile +--- xl2tpd-1.3.6-orig/Makefile 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-1.3.6/Makefile 2014-05-12 15:03:43.832223559 -0400 +@@ -92,8 +92,8 @@ IPFLAGS?= -DIP_ALLOCATION CFLAGS+= $(DFLAGS) -O2 -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS) -HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h -OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o +HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h -+OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o ++OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o SRCS=${OBJS:.o=.c} ${HDRS} CONTROL_SRCS=xl2tpd-control.c #LIBS= $(OSLIBS) # -lefence # efence for malloc checking @@ -139,11 +138,11 @@ diff -Naur xl2tpd-1.3.1/Makefile xl2tpd-1.3.1-fips/Makefile + $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS) $(CONTROL_EXEC): $(CONTROL_SRCS) - $(CC) $(CFLAGS) -c $(CONTROL_SRCS) -diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c ---- xl2tpd-1.3.1/md5.c 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1-fips/md5.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,275 +0,0 @@ + $(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@ +diff -Naur xl2tpd-1.3.6-orig/md5.c xl2tpd-1.3.6/md5.c +--- xl2tpd-1.3.6-orig/md5.c 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-1.3.6/md5.c 1969-12-31 19:00:00.000000000 -0500 +@@ -1,274 +0,0 @@ -#ifdef FREEBSD -# include -#elif defined(OPENBSD) @@ -307,8 +306,7 @@ diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c - byteReverse (ctx->in, 14); - - /* Append length in bits and transform */ -- ((uint32 *) ctx->in)[14] = ctx->bits[0]; -- ((uint32 *) ctx->in)[15] = ctx->bits[1]; +- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits)); - - MD5Transform (ctx->buf, (uint32 *) ctx->in); - byteReverse ((unsigned char *) ctx->buf, 4); @@ -419,9 +417,9 @@ diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c -} - -#endif -diff -Naur xl2tpd-1.3.1/md5.h xl2tpd-1.3.1-fips/md5.h ---- xl2tpd-1.3.1/md5.h 2011-10-06 15:22:05.000000000 -0400 -+++ xl2tpd-1.3.1-fips/md5.h 1969-12-31 19:00:00.000000000 -0500 +diff -Naur xl2tpd-1.3.6-orig/md5.h xl2tpd-1.3.6/md5.h +--- xl2tpd-1.3.6-orig/md5.h 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-1.3.6/md5.h 1969-12-31 19:00:00.000000000 -0500 @@ -1,28 +0,0 @@ -#ifndef MD5_H -#define MD5_H @@ -451,3 +449,18 @@ diff -Naur xl2tpd-1.3.1/md5.h xl2tpd-1.3.1-fips/md5.h -typedef struct MD5Context MD5_CTX; - -#endif /* !MD5_H */ +diff -Naur xl2tpd-1.3.6-orig/xl2tpd.c xl2tpd-1.3.6/xl2tpd.c +--- xl2tpd-1.3.6-orig/xl2tpd.c 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-1.3.6/xl2tpd.c 2014-05-12 14:58:58.903490392 -0400 +@@ -1310,7 +1310,10 @@ + + + void usage(void) { +- printf("\nxl2tpd version: %s\n", SERVER_VERSION); ++ printf("\nxl2tpd version: %s\n" ++"This product includes software developed by the OpenSSL Project for use\n" ++"in the OpenSSL Toolkit. (http://www.openssl.org/)\n" ++, SERVER_VERSION); + printf("Usage: xl2tpd [-c ] [-s ] [-p ]\n" + " [-C ] [-D]\n" + " [-v, --version]\n"); diff --git a/xl2tpd-bz80693.patch b/xl2tpd-bz80693.patch deleted file mode 100644 index e86f8da..0000000 --- a/xl2tpd-bz80693.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/file.c b/file.c -index 289aee6..d710e30 100644 ---- a/file.c -+++ b/file.c -@@ -1229,7 +1229,7 @@ int parse_config (FILE * f) - /* Read in the configuration file handed to us */ - /* FIXME: I should check for incompatible options */ - int context = 0; -- char buf[STRLEN]; -+ char buf[1024]; - char *s, *d, *t; - int linenum = 0; - int def = 0; -@@ -1395,7 +1395,7 @@ int parse_config (FILE * f) - } - if (!(t = strchr (s, '='))) - { -- l2tp_log (LOG_WARNING, "parse_config: line %d: no '=' in data\n", -+ l2tp_log (LOG_WARNING, "parse_config: line %d: line too long or no '=' in data\n", - linenum); - return -1; - } diff --git a/xl2tpd.init b/xl2tpd.init deleted file mode 100644 index 8f20b9d..0000000 --- a/xl2tpd.init +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh -# -# xl2tpd This shell script takes care of starting and stopping l2tpd. -# -# chkconfig: - 80 30 -# description: Layer 2 Tunnelling Protocol Daemon (RFC 2661) -# -# processname: /usr/sbin/xl2tpd -# config: /etc/xl2tpd/xl2tpd.conf -# pidfile: /var/run/xl2tpd.pid - -### BEGIN INIT INFO -# Provides: xl2tpd -# Required-Start: $local_fs $network $syslog -# Required-Stop: $local_fs $network $syslog -# Default-Start: -# Default-Stop: 0 1 2 3 4 5 6 -# Short-Description: start|stop|status|restart|try-restart|reload|force-reload xl2tpd server -# Description: control xl2tpd server -### END INIT INFO - -#Servicename -SERVICE=xl2tpd - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -if [ ${NETWORKING} = "no" ] -then - exit 0 -fi - -[ -x /usr/sbin/$SERVICE ] || exit 0 - -RETVAL=0 - -start() { - echo -n "Starting $SERVICE: " - - # Look for the L2TP kernel handler module, load when needed - if [ ! -d /sys/module/l2tp_ppp ]; then modprobe l2tp_ppp - # if still not found, try legacy one - if [ ! -d /sys/module/l2tp_ppp ]; then modprobe pppol2tp - - if [ ! -d /var/run/xl2tpd ] - then - mkdir /var/run/xl2tpd - fi - daemon $SERVICE - RETVAL=$? - echo - if [ $RETVAL -eq 0 ];then - touch /var/lock/subsys/$SERVICE - else - exit 7; - fi - return 0; -} - -stop() { - echo -n "Stopping $SERVICE: " - killproc $SERVICE - RETVAL=$? - if [ $RETVAL -eq 0 ]; then - rm -f /var/run/xl2tpd/$SERVICE - rm -f /var/lock/subsys/$SERVICE - fi - echo - return $RETVAL -} - -restart() { - stop - start -} - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status $SERVICE - RETVAL=$? - ;; - restart|reload) - restart - ;; - condrestart) - [ -f /var/lock/subsys/$SERVICE ] && restart || : - ;; - *) - echo "Usage: $SERVICE {start|stop|status|restart|reload|condrestart}" - exit 1 -esac diff --git a/xl2tpd.service b/xl2tpd.service index 38b9abb..082b4ff 100644 --- a/xl2tpd.service +++ b/xl2tpd.service @@ -1,6 +1,6 @@ [Unit] Description=Level 2 Tunnel Protocol Daemon (L2TP) -After=syslog.target network.target +After=network.target After=ipsec.service # Some ISPs in Russia use l2tp without IPsec, so don't insist anymore #Wants=ipsec.service diff --git a/xl2tpd.spec b/xl2tpd.spec index 8da2e63..54a9a20 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -1,27 +1,17 @@ -# upstream is switching to github, but has not released a new tar ball there yet -%global commit 3be48f8b7fc0e8de8cef7675a9861484b8b68c52 -%global shortcommit %(c=%{commit}; echo ${c:0:7}) +%global commit 5619e1771048e74b729804e8602f409af0f3faea Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.3.1 -Release: 14%{?dist} +Version: 1.3.6 +Release: 1%{?dist} License: GPL+ -Url: https://github.com/xelerance/xl2tpd +Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons -Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz -#Source0: https://github.com/xelerance/%{name}/archive/v%{version}.tar.gz -#Source0: https://github.com/xelerance/%{name}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz +Source0: https://github.com/xelerance/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf -Patch1: xl2tpd-1.3.1-Wunused.patch -Patch2: xl2tpd-bz80693.patch -Patch3: xl2tpd-1.3.1-kernelmode.patch -Patch4: xl2tpd-1.3.1-conf.patch -Patch5: xl2tpd-1.3.1-pty.patch -Patch6: xl2tpd-1.3.1-ipparam-to-remotenumber.patch -Patch7: xl2tpd-1.3.1-Makefile -Patch8: xl2tpd-1.3.1-md5-fips.patch +Patch1: xl2tpd-1.3.6-conf.patch +Patch2: xl2tpd-1.3.6-md5-fips.patch Requires: ppp >= 2.4.5-18, kernel-modules-extra # If you want to authenticate against a Microsoft PDC/Active Directory @@ -59,19 +49,9 @@ Xl2tpd is based on the 0.69 L2TP by Jeff McAdams It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep -# for git version -#% setup -qn %{name}-%{commit} -%setup -q +%setup -qn %{name}-%{commit} %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 - -rm linux/include/linux/if_pppol2tp.h %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -86,9 +66,8 @@ rm -rf %{buildroot} make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install -d 0755 %{buildroot}%{_unitdir} install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/xl2tpd.service -mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ -install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf - +mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d/ +install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd @@ -98,6 +77,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %preun %systemd_preun xl2tpd.service + %post %systemd_post xl2tpd.service @@ -125,10 +105,21 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %config(noreplace) %{_sysconfdir}/ppp/* %dir %{_localstatedir}/run/xl2tpd %{_unitdir}/%{name}.service -%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf +%{_prefix}/lib/tmpfiles.d/%{name}.conf %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue May 13 2014 Paul Wouters - 1.3.6-1 +- Updated to 1.3.6 - using github-only monstrosity packaging +- Resolves: rhbz#1051785 (new upstream version available) +- Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address +- Revert: rhbz#929447 Incorrect "ipparam" manipulation +- Resolves: rhbz#1055196 Don't order service after syslog.target +- Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory +- Removed patches merged in upstream. +- FIPS patch updated with advertising clause for openssl in xl2tpd -V + (although the GPL code was already basically taken from openssl) + * Sun Aug 04 2013 Fedora Release Engineering - 1.3.1-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild @@ -339,7 +330,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd configuration files to /etc/ipsec.d and create symbolic links in those directories. -* Tue Aug 18 2004 Jacco de Leeuw +* Wed Aug 18 2004 Jacco de Leeuw - Removed 'leftnexthop=' lines. Not relevant for recent versions of FreeS/WAN and derivates. @@ -363,7 +354,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd ('Specify your hostname', error 629: "You have been disconnected from the computer you are dialing"). -* Thu Jul 20 2003 Jacco de Leeuw 0.69-7jdl +* Sun Jul 20 2003 Jacco de Leeuw 0.69-7jdl - Added the "listen-addr" global parameter for l2tpd.conf. By default, the daemon listens on *all* interfaces. Use "listen-addr" if you want it to bind to one specific @@ -380,7 +371,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd IPsec client by Microsoft, it turns out that 17/0 must have been a mistake: the updated client now also uses 17/1701. -* Mon Apr 10 2003 Jacco de Leeuw 0.69-6jdl +* Thu Apr 10 2003 Jacco de Leeuw 0.69-6jdl - Changed sample chap-secrets to be valid only for specific IP addresses. From 109565da306efd4040b2363a164b62dcbd2540f2 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Wed, 14 May 2014 14:27:28 -0400 Subject: [PATCH 63/85] Switch to using Requires on individual kernel modules - Resolves rhbz#1056192 --- xl2tpd.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 54a9a20..48c95cf 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -13,7 +13,7 @@ Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.6-conf.patch Patch2: xl2tpd-1.3.6-md5-fips.patch -Requires: ppp >= 2.4.5-18, kernel-modules-extra +Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko) # If you want to authenticate against a Microsoft PDC/Active Directory # Requires: samba-winbind BuildRequires: libpcap-devel @@ -109,6 +109,10 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Wed May 14 2014 Josh Boyer +- Switch to using Requires on individual kernel modules +- Resolves rhbz#1056192 + * Tue May 13 2014 Paul Wouters - 1.3.6-1 - Updated to 1.3.6 - using github-only monstrosity packaging - Resolves: rhbz#1051785 (new upstream version available) From 0781e90c84ee8008f9e82da8d49d318aceb6c851 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sun, 8 Jun 2014 00:59:29 -0500 Subject: [PATCH 64/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 48c95cf..8dd48ad 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -109,6 +109,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sun Jun 08 2014 Fedora Release Engineering - 1.3.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + * Wed May 14 2014 Josh Boyer - Switch to using Requires on individual kernel modules - Resolves rhbz#1056192 From 9f28c44f17c5b4ab6f59f2ff1f465743e6ca2787 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sat, 14 Jun 2014 12:39:43 -0400 Subject: [PATCH 65/85] - Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set --- xl2tpd-1.3.6-saref.patch | 36 ++++++++++++++++++++++++++++++++++++ xl2tpd.spec | 7 ++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 xl2tpd-1.3.6-saref.patch diff --git a/xl2tpd-1.3.6-saref.patch b/xl2tpd-1.3.6-saref.patch new file mode 100644 index 0000000..c0b2160 --- /dev/null +++ b/xl2tpd-1.3.6-saref.patch @@ -0,0 +1,36 @@ +diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c +--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c 2014-06-14 12:34:06.422355636 -0400 +@@ -42,6 +42,8 @@ + + gconfig.port = UDP_LISTEN_PORT; + gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */ ++ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */ ++ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */ + gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */ + gconfig.debug_avp = 0; + gconfig.debug_network = 0; +diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c +--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c 2014-01-15 15:58:37.000000000 -0500 ++++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c 2014-06-14 12:37:06.953574143 -0400 +@@ -78,6 +78,12 @@ + * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO + * values. + */ ++ if (!gconfig.ipsecsaref) ++ { ++ l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n"); ++ } ++ else ++ { + arg=1; + if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, + &arg, sizeof(arg)) != 0) { +@@ -85,6 +91,7 @@ + + gconfig.ipsecsaref=0; + } ++ } + + arg=1; + if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { diff --git a/xl2tpd.spec b/xl2tpd.spec index 8dd48ad..33f792c 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 3%{?dist} +Release: 4%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -12,6 +12,7 @@ Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.6-conf.patch Patch2: xl2tpd-1.3.6-md5-fips.patch +Patch3: xl2tpd-1.3.6-saref.patch Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko) # If you want to authenticate against a Microsoft PDC/Active Directory @@ -52,6 +53,7 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %setup -qn %{name}-%{commit} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -109,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sat Jun 14 2014 Paul Wouters - 1.3.6-4 +- Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set + * Sun Jun 08 2014 Fedora Release Engineering - 1.3.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild From 8ad9760546a6e64e089ba4131e4b3841b5fb82c7 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Mon, 18 Aug 2014 10:08:54 +0000 Subject: [PATCH 66/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 33f792c..db1d8b3 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 4%{?dist} +Release: 5%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -111,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Mon Aug 18 2014 Fedora Release Engineering - 1.3.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Sat Jun 14 2014 Paul Wouters - 1.3.6-4 - Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set From ddc290b3bc3ff3bef5221fc5c6f3c5a09dfd2c35 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 21 Aug 2014 11:55:09 -0600 Subject: [PATCH 67/85] Rebuild for rpm bug 1131960 --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index db1d8b3..0e0d978 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 5%{?dist} +Release: 6%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -111,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Thu Aug 21 2014 Kevin Fenzi - 1.3.6-6 +- Rebuild for rpm bug 1131960 + * Mon Aug 18 2014 Fedora Release Engineering - 1.3.6-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild From 35b1059cdca9aed8a649960d4ba7aeb32e348a45 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 31 Mar 2015 13:41:39 -0400 Subject: [PATCH 68/85] - Rebuild with -DTRUST_PPPD_TO_DIE so pppd will execute its down script --- xl2tpd.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 0e0d978..13f663f 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 6%{?dist} +Release: 7%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -58,10 +58,10 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" -export CFLAGS="$CFLAGS -fPIC -Wall" +export CFLAGS="$CFLAGS -fPIC -Wall -DTRUST_PPPD_TO_DIE" export DFLAGS="$RPM_OPT_FLAGS -g " export LDFLAGS="$LDFLAGS -pie -Wl,-z,relro -Wl,-z,now" -make +make %install rm -rf %{buildroot} @@ -111,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue Mar 31 2015 Paul Wouters - 1.3.6-7 +- Rebuild with -DTRUST_PPPD_TO_DIE so pppd will execute its down script + * Thu Aug 21 2014 Kevin Fenzi - 1.3.6-6 - Rebuild for rpm bug 1131960 From f8e62d6fc8e44142cd66dd034e4b1b49d8028193 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 31 Mar 2015 14:52:33 -0400 Subject: [PATCH 69/85] - Bump EVR --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 13f663f..cd9cf80 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 7%{?dist} +Release: 8%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -111,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Tue Mar 31 2015 Paul Wouters - 1.3.6-8 +- Bump EVR + * Tue Mar 31 2015 Paul Wouters - 1.3.6-7 - Rebuild with -DTRUST_PPPD_TO_DIE so pppd will execute its down script From fcee1ba8440ccec636ea969dda824de32626933d Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 19 Jun 2015 04:05:36 +0000 Subject: [PATCH 70/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index cd9cf80..25f20b7 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 8%{?dist} +Release: 9%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -111,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Fri Jun 19 2015 Fedora Release Engineering - 1.3.6-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Tue Mar 31 2015 Paul Wouters - 1.3.6-8 - Bump EVR From 1f2b3840ad62c154e444c04bec679c44086f25ce Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 5 Feb 2016 03:33:36 +0000 Subject: [PATCH 71/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 25f20b7..1e86a9d 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.6 -Release: 9%{?dist} +Release: 10%{?dist} License: GPL+ Url: https://github.com/xelerance/%{name}/ Group: System Environment/Daemons @@ -111,6 +111,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Fri Feb 05 2016 Fedora Release Engineering - 1.3.6-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + * Fri Jun 19 2015 Fedora Release Engineering - 1.3.6-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild From c748ec9d9d963a14eb32c29a9aa16fd3cb71e346 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 24 Aug 2016 12:27:48 -0400 Subject: [PATCH 72/85] * Wed Aug 24 2016 Paul Wouters - 1.3.8-1 - Upgraded to 1.3.8 and updated existing patches still required - Fix kernel mode breaking the closing tunnels --- xl2tpd.spec | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 1e86a9d..44f8478 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -2,17 +2,19 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.3.6 -Release: 10%{?dist} +Version: 1.3.8 +Release: 1%{?dist} License: GPL+ -Url: https://github.com/xelerance/%{name}/ +Url: https://github.com/xelerance/xl2tpd/ Group: System Environment/Daemons -Source0: https://github.com/xelerance/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz +# upstream isn't using proper names, we manually rename v-VERSION.tar.gz to xl2tpd-VERSION.tar.gz +Source0: https://github.com/xelerance/xl2tpd/archive/xl2tpd-%{version}.tar.gz Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf Patch1: xl2tpd-1.3.6-conf.patch -Patch2: xl2tpd-1.3.6-md5-fips.patch -Patch3: xl2tpd-1.3.6-saref.patch +Patch2: xl2tpd-1.3.8-md5-fips.patch +Patch3: xl2tpd-1.3.8-saref.patch +Patch4: xl2tpd-1.3.8-kernelmode.patch Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko) # If you want to authenticate against a Microsoft PDC/Active Directory @@ -30,7 +32,7 @@ L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP servers. Another important application is Virtual Private Networks where the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec, -RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and +RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and Mac OS X clients. On Linux, xl2tpd can be used in combination with IPsec implementations such as Openswan. Example configuration files for such a setup are included in this RPM. @@ -50,10 +52,11 @@ Xl2tpd is based on the 0.69 L2TP by Jeff McAdams It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %prep -%setup -qn %{name}-%{commit} -%patch1 -p1 +%setup +%patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build #make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" @@ -84,7 +87,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %systemd_post xl2tpd.service %postun -%systemd_postun_with_restart xl2tpd.service +%systemd_postun_with_restart xl2tpd.service %triggerun -- xl2td < 1.3.1-3 # Save the current service runlevel info @@ -96,7 +99,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd /bin/systemctl try-restart xl2tpd.service >/dev/null 2>&1 || : %files -%doc BUGS CHANGES CREDITS LICENSE README.* TODO doc/rfc2661.txt +%doc BUGS CHANGES CREDITS LICENSE README.* TODO %doc doc/README.patents examples/chapsecrets.sample %{_sbindir}/xl2tpd %{_sbindir}/xl2tpd-control @@ -111,6 +114,10 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Wed Aug 24 2016 Paul Wouters - 1.3.8-1 +- Upgraded to 1.3.8 and updated existing patches still required +- Fix kernel mode breaking the closing tunnels + * Fri Feb 05 2016 Fedora Release Engineering - 1.3.6-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild @@ -287,7 +294,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd - Upgraded to 1.1.07 - Added /var/run/xl2tpd to the spec file so this pacakge owns /var/run/xl2tpd - + * Thu Dec 7 2006 Paul Wouters 1.1.06-5 - Changed space/tab replacing method @@ -329,10 +336,10 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd * Sat Jun 4 2005 Jacco de Leeuw - l2tpd.org has been hijacked. Project moved back to SourceForge: - http://l2tpd.sourceforge.net + http://l2tpd.sourceforge.net * Tue May 3 2005 Jacco de Leeuw -- Small Makefile fixes. Explicitly use gcc instead of cc. +- Small Makefile fixes. Explicitly use gcc instead of cc. Network services library was not linked on Solaris due to typo. * Thu Mar 17 2005 Jacco de Leeuw 0.69-11jdl @@ -341,7 +348,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd * Fri Feb 4 2005 Jacco de Leeuw - Added code from Roaring Penguin (rp-l2tp) to support SysV-style ptys. - Requires the N_HDLC kernel module. + Requires the N_HDLC kernel module. * Fri Nov 26 2004 Jacco de Leeuw - Updated the README. @@ -397,7 +404,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd - Renamed the example Openswan .conf files to better reflect the situation. There are two variants using different portselectors. Previously I thought Windows 2000/XP used portselector 17/0 - and the rest used 17/1701. But with the release of an updated + and the rest used 17/1701. But with the release of an updated IPsec client by Microsoft, it turns out that 17/0 must have been a mistake: the updated client now also uses 17/1701. @@ -411,7 +418,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd * Thu Mar 6 2003 Jacco de Leeuw 0.69-5jdl - Replaced Dominique's patch by Damion de Soto's, which does not - depend on the N_HDLC kernel module. + depend on the N_HDLC kernel module. * Wed Feb 26 2003 Jacco de Leeuw 0.69-4jdl - Seperate example config files for Win9x (MSL2TP) and Win2K/XP @@ -445,7 +452,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd - Specfile adapted from Mandrake Cooker. The original RPM can be retrieved through: http://www.rpmfind.net/linux/rpm2html/search.php?query=l2tpd -- Config path changed from /etc/l2tp/ to /etc/l2tpd/ +- Config path changed from /etc/l2tp/ to /etc/l2tpd/ (Seems more logical and rp-l2tp already uses /etc/l2tp/). - Do not run at boot or install. The original RPM uses a config file which is completely commented out, but it still starts l2tpd on all From e4a0dc5b7644ee13322a20bbfa510f17850bb9a5 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 24 Aug 2016 12:34:53 -0400 Subject: [PATCH 73/85] new sources and patches --- .gitignore | 1 + sources | 2 +- xl2tpd-1.3.8-kernelmode.patch | 26 ++ xl2tpd-1.3.8-md5-fips.patch | 467 ++++++++++++++++++++++++++++++++++ xl2tpd-1.3.8-saref.patch | 36 +++ 5 files changed, 531 insertions(+), 1 deletion(-) create mode 100644 xl2tpd-1.3.8-kernelmode.patch create mode 100644 xl2tpd-1.3.8-md5-fips.patch create mode 100644 xl2tpd-1.3.8-saref.patch diff --git a/.gitignore b/.gitignore index cc9fdd7..a22e372 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ xl2tpd-1.2.8.tar.gz xl2tpd-1.3.0.tar.gz xl2tpd-1.3.1.tar.gz /xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz +/xl2tpd-1.3.8.tar.gz diff --git a/sources b/sources index cbe85ac..ea62266 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e08e34510a97e126b324f3407c71806c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz +d244fdcd88f64601b64b7302870afca8 xl2tpd-1.3.8.tar.gz diff --git a/xl2tpd-1.3.8-kernelmode.patch b/xl2tpd-1.3.8-kernelmode.patch new file mode 100644 index 0000000..9349a8c --- /dev/null +++ b/xl2tpd-1.3.8-kernelmode.patch @@ -0,0 +1,26 @@ +diff -Naur xl2tpd-1.3.8-orig/network.c xl2tpd-1.3.8/network.c +--- xl2tpd-1.3.8-orig/network.c 2016-08-24 11:56:13.438007170 -0400 ++++ xl2tpd-1.3.8/network.c 2016-08-24 12:22:36.945960487 -0400 +@@ -781,6 +781,9 @@ + sax.pppol2tp.addr.sin_family = AF_INET; + sax.pppol2tp.s_tunnel = t->ourtid; + sax.pppol2tp.d_tunnel = t->tid; ++ sax.pppol2tp.s_session = 0; ++ sax.pppol2tp.d_session = 0; ++ + if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) { + l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n", + __FUNCTION__, errno, strerror(errno)); +diff -Naur xl2tpd-1.3.8-orig/xl2tpd.c xl2tpd-1.3.8/xl2tpd.c +--- xl2tpd-1.3.8-orig/xl2tpd.c 2016-08-24 11:56:13.436007180 -0400 ++++ xl2tpd-1.3.8/xl2tpd.c 2016-08-24 12:07:47.057504872 -0400 +@@ -274,9 +274,6 @@ + * OK...pppd died, we can go ahead and close the pty for + * it + */ +-#ifdef USE_KERNEL +- if (!kernel_support) +-#endif + close (c->fd); + c->fd = -1; + /* diff --git a/xl2tpd-1.3.8-md5-fips.patch b/xl2tpd-1.3.8-md5-fips.patch new file mode 100644 index 0000000..bc4d965 --- /dev/null +++ b/xl2tpd-1.3.8-md5-fips.patch @@ -0,0 +1,467 @@ +diff -Naur xl2tpd-1.3.8-orig/aaa.c xl2tpd-1.3.8/aaa.c +--- xl2tpd-1.3.8-orig/aaa.c 2016-08-11 20:56:53.000000000 -0400 ++++ xl2tpd-1.3.8/aaa.c 2016-08-24 11:40:46.784683160 -0400 +@@ -21,6 +21,8 @@ + #include + #include "l2tp.h" + ++#include ++ + extern void bufferDump (char *, int); + + /* FIXME: Accounting? */ +@@ -273,11 +275,11 @@ + #endif + + memset (chal->response, 0, MD_SIG_SIZE); +- MD5Init (&chal->md5); +- MD5Update (&chal->md5, &chal->ss, 1); +- MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret)); +- MD5Update (&chal->md5, chal->challenge, chal->chal_len); +- MD5Final (chal->response, &chal->md5); ++ MD5_Init (&chal->md5); ++ MD5_Update (&chal->md5, &chal->ss, 1); ++ MD5_Update (&chal->md5, chal->secret, strlen ((char *)chal->secret)); ++ MD5_Update (&chal->md5, chal->challenge, chal->chal_len); ++ MD5_Final (chal->response, &chal->md5); + #ifdef DEBUG_AUTH + l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n", + *((int *) &chal->response[0]), +@@ -392,12 +394,12 @@ + buf->len += length; + /* Back to the beginning of real data, including the original length AVP */ + +- MD5Init (&t->chal_them.md5); +- MD5Update (&t->chal_them.md5, (void *) &attr, 2); +- MD5Update (&t->chal_them.md5, t->chal_them.secret, ++ MD5_Init (&t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, (void *) &attr, 2); ++ MD5_Update (&t->chal_them.md5, t->chal_them.secret, + strlen ((char *)t->chal_them.secret)); +- MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE); +- MD5Final (digest, &t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE); ++ MD5_Final (digest, &t->chal_them.md5); + + /* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */ + ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr); +@@ -421,11 +423,11 @@ + #endif + if (ptr < end) + { +- MD5Init (&t->chal_them.md5); +- MD5Update (&t->chal_them.md5, t->chal_them.secret, ++ MD5_Init (&t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, t->chal_them.secret, + strlen ((char *)t->chal_them.secret)); +- MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE); +- MD5Final (digest, &t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE); ++ MD5_Final (digest, &t->chal_them.md5); + } + previous_segment = ptr; + } +@@ -458,12 +460,12 @@ + that it will be padded to a 16 byte boundary, so we + have to be more careful than when encrypting */ + attr = ntohs (old_hdr->attr); +- MD5Init (&t->chal_us.md5); +- MD5Update (&t->chal_us.md5, (void *) &attr, 2); +- MD5Update (&t->chal_us.md5, t->chal_us.secret, ++ MD5_Init (&t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, (void *) &attr, 2); ++ MD5_Update (&t->chal_us.md5, t->chal_us.secret, + strlen ((char *)t->chal_us.secret)); +- MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len); +- MD5Final (digest, &t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len); ++ MD5_Final (digest, &t->chal_us.md5); + #ifdef DEBUG_HIDDEN + l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr); + print_challenge (&t->chal_us); +@@ -474,11 +476,11 @@ + { + if (cnt >= MD_SIG_SIZE) + { +- MD5Init (&t->chal_us.md5); +- MD5Update (&t->chal_us.md5, t->chal_us.secret, ++ MD5_Init (&t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, t->chal_us.secret, + strlen ((char *)t->chal_us.secret)); +- MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE); +- MD5Final (digest, &t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE); ++ MD5_Final (digest, &t->chal_us.md5); + cnt = 0; + } + /* at the beginning of each segment, we save the current segment (16 octets or less) of cipher +diff -Naur xl2tpd-1.3.8-orig/aaa.h xl2tpd-1.3.8/aaa.h +--- xl2tpd-1.3.8-orig/aaa.h 2016-08-11 20:56:53.000000000 -0400 ++++ xl2tpd-1.3.8/aaa.h 2016-08-24 11:41:21.032506562 -0400 +@@ -15,7 +15,7 @@ + + #ifndef _AAA_H + #define _AAA_H +-#include "md5.h" ++#include + + #define ADDR_HASH_SIZE 256 + #define MD_SIG_SIZE 16 +@@ -34,7 +34,7 @@ + + struct challenge + { +- struct MD5Context md5; ++ MD5_CTX md5; + unsigned char ss; /* State we're sending in */ + unsigned char secret[MAXSTRLEN]; /* The shared secret */ + unsigned char *challenge; /* The original challenge */ +diff -Naur xl2tpd-1.3.8-orig/Makefile xl2tpd-1.3.8/Makefile +--- xl2tpd-1.3.8-orig/Makefile 2016-08-11 20:56:53.000000000 -0400 ++++ xl2tpd-1.3.8/Makefile 2016-08-24 11:42:18.389210804 -0400 +@@ -98,8 +98,8 @@ + IPFLAGS?= -DIP_ALLOCATION + + CFLAGS+= $(DFLAGS) -Os -Wall -DSANITY $(OSFLAGS) $(IPFLAGS) +-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h +-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o ++HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h ++OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o + SRCS=${OBJS:.o=.c} ${HDRS} + CONTROL_SRCS=xl2tpd-control.c + #LIBS= $(OSLIBS) # -lefence # efence for malloc checking +@@ -119,7 +119,7 @@ + rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC) + + $(EXEC): $(OBJS) $(HDRS) +- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS) ++ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS) + + $(CONTROL_EXEC): $(CONTROL_SRCS) + $(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@ +diff -Naur xl2tpd-1.3.8-orig/md5.c xl2tpd-1.3.8/md5.c +--- xl2tpd-1.3.8-orig/md5.c 2016-08-11 20:56:53.000000000 -0400 ++++ xl2tpd-1.3.8/md5.c 2016-08-24 11:42:47.940058425 -0400 +@@ -1,274 +0,0 @@ +-#ifdef FREEBSD +-# include +-#elif defined(OPENBSD) || defined(NETBSD) +-# define __BSD_VISIBLE 0 +-# include +-#elif defined(LINUX) +-# include +-#elif defined(SOLARIS) +-# include +-#endif +-#if __BYTE_ORDER == __BIG_ENDIAN +-#define HIGHFIRST 1 +-#endif +- +-/* +- * This code implements the MD5 message-digest algorithm. +- * The algorithm is due to Ron Rivest. This code was +- * written by Colin Plumb in 1993, no copyright is claimed. +- * This code is in the public domain; do with it what you wish. +- * +- * Equivalent code is available from RSA Data Security, Inc. +- * This code has been tested against that, and is equivalent, +- * except that you don't need to include two pages of legalese +- * with every copy. +- * +- * To compute the message digest of a chunk of bytes, declare an +- * MD5Context structure, pass it to MD5Init, call MD5Update as +- * needed on buffers full of bytes, and then call MD5Final, which +- * will fill a supplied 16-byte array with the digest. +- */ +-#include /* for memcpy() */ +-#include "md5.h" +- +-#ifndef HIGHFIRST +-#define byteReverse(buf, len) /* Nothing */ +-#else +-void byteReverse (unsigned char *buf, unsigned longs); +- +-#ifndef ASM_MD5 +-/* +- * Note: this code is harmless on little-endian machines. +- */ +-void byteReverse (unsigned char *buf, unsigned longs) +-{ +- uint32 t; +- do +- { +- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | +- ((unsigned) buf[1] << 8 | buf[0]); +- *(uint32 *) buf = t; +- buf += 4; +- } +- while (--longs); +-} +-#endif +-#endif +- +-/* +- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious +- * initialization constants. +- */ +-void MD5Init (struct MD5Context *ctx) +-{ +- ctx->buf[0] = 0x67452301; +- ctx->buf[1] = 0xefcdab89; +- ctx->buf[2] = 0x98badcfe; +- ctx->buf[3] = 0x10325476; +- +- ctx->bits[0] = 0; +- ctx->bits[1] = 0; +-} +- +-/* +- * Update context to reflect the concatenation of another buffer full +- * of bytes. +- */ +-void MD5Update (struct MD5Context *ctx, unsigned char const *buf, +- unsigned len) +-{ +- uint32 t; +- +- /* Update bitcount */ +- +- t = ctx->bits[0]; +- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) +- ctx->bits[1]++; /* Carry from low to high */ +- ctx->bits[1] += len >> 29; +- +- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ +- +- /* Handle any leading odd-sized chunks */ +- +- if (t) +- { +- unsigned char *p = (unsigned char *) ctx->in + t; +- +- t = 64 - t; +- if (len < t) +- { +- memcpy (p, buf, len); +- return; +- } +- memcpy (p, buf, t); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- buf += t; +- len -= t; +- } +- /* Process data in 64-byte chunks */ +- +- while (len >= 64) +- { +- memcpy (ctx->in, buf, 64); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- buf += 64; +- len -= 64; +- } +- +- /* Handle any remaining bytes of data. */ +- +- memcpy (ctx->in, buf, len); +-} +- +-/* +- * Final wrapup - pad to 64-byte boundary with the bit pattern +- * 1 0* (64-bit count of bits processed, MSB-first) +- */ +-void MD5Final (unsigned char digest[16], struct MD5Context *ctx) +-{ +- unsigned count; +- unsigned char *p; +- +- /* Compute number of bytes mod 64 */ +- count = (ctx->bits[0] >> 3) & 0x3F; +- +- /* Set the first char of padding to 0x80. This is safe since there is +- always at least one byte free */ +- p = ctx->in + count; +- *p++ = 0x80; +- +- /* Bytes of padding needed to make 64 bytes */ +- count = 64 - 1 - count; +- +- /* Pad out to 56 mod 64 */ +- if (count < 8) +- { +- /* Two lots of padding: Pad the first block to 64 bytes */ +- memset (p, 0, count); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- +- /* Now fill the next block with 56 bytes */ +- memset (ctx->in, 0, 56); +- } +- else +- { +- /* Pad block to 56 bytes */ +- memset (p, 0, count - 8); +- } +- byteReverse (ctx->in, 14); +- +- /* Append length in bits and transform */ +- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits)); +- +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- byteReverse ((unsigned char *) ctx->buf, 4); +- memcpy (digest, ctx->buf, 16); +- memset (ctx, 0, sizeof (*ctx)); /* In case it's sensitive */ +-} +- +-#ifndef ASM_MD5 +- +-/* The four core functions - F1 is optimized somewhat */ +- +-/* #define F1(x, y, z) (x & y | ~x & z) */ +-#define F1(x, y, z) (z ^ (x & (y ^ z))) +-#define F2(x, y, z) F1(z, x, y) +-#define F3(x, y, z) (x ^ y ^ z) +-#define F4(x, y, z) (y ^ (x | ~z)) +- +-/* This is the central step in the MD5 algorithm. */ +-#define MD5STEP(f, w, x, y, z, data, s) \ +- ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) +- +-/* +- * The core of the MD5 algorithm, this alters an existing MD5 hash to +- * reflect the addition of 16 longwords of new data. MD5Update blocks +- * the data and converts bytes into longwords for this routine. +- */ +-void MD5Transform (uint32 buf[4], uint32 const in[16]) +-{ +- register uint32 a, b, c, d; +- +- a = buf[0]; +- b = buf[1]; +- c = buf[2]; +- d = buf[3]; +- +- MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7); +- MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12); +- MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17); +- MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22); +- MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7); +- MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12); +- MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17); +- MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22); +- MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7); +- MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12); +- MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17); +- MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22); +- MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7); +- MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12); +- MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17); +- MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22); +- +- MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5); +- MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9); +- MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14); +- MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); +- MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5); +- MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9); +- MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14); +- MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); +- MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5); +- MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9); +- MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14); +- MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20); +- MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5); +- MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); +- MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14); +- MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); +- +- MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4); +- MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11); +- MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16); +- MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23); +- MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4); +- MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); +- MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); +- MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23); +- MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4); +- MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11); +- MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16); +- MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23); +- MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4); +- MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11); +- MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); +- MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23); +- +- MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6); +- MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10); +- MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15); +- MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21); +- MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6); +- MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); +- MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15); +- MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21); +- MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); +- MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); +- MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15); +- MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21); +- MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6); +- MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10); +- MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); +- MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21); +- +- buf[0] += a; +- buf[1] += b; +- buf[2] += c; +- buf[3] += d; +-} +- +-#endif +diff -Naur xl2tpd-1.3.8-orig/md5.h xl2tpd-1.3.8/md5.h +--- xl2tpd-1.3.8-orig/md5.h 2016-08-11 20:56:53.000000000 -0400 ++++ xl2tpd-1.3.8/md5.h 2016-08-24 11:42:51.182041708 -0400 +@@ -1,29 +0,0 @@ +-#ifndef MD5_H +-#define MD5_H +- +-#ifdef __alpha +-typedef unsigned int uint32; +-#else +-#include +-typedef uint32_t uint32; +-#endif +- +-struct MD5Context +-{ +- uint32 buf[4]; +- uint32 bits[2]; +- unsigned char in[64]; +-}; +- +-void MD5Init (struct MD5Context *context); +-void MD5Update (struct MD5Context *context, unsigned char const *buf, +- unsigned len); +-void MD5Final (unsigned char digest[16], struct MD5Context *context); +-void MD5Transform (uint32 buf[4], uint32 const in[16]); +- +-/* +- * This is needed to make RSAREF happy on some MS-DOS compilers. +- */ +-typedef struct MD5Context MD5_CTX; +- +-#endif /* !MD5_H */ +diff -Naur xl2tpd-1.3.8-orig/xl2tpd.c xl2tpd-1.3.8/xl2tpd.c +--- xl2tpd-1.3.8-orig/xl2tpd.c 2016-08-11 20:56:53.000000000 -0400 ++++ xl2tpd-1.3.8/xl2tpd.c 2016-08-24 11:43:37.704807118 -0400 +@@ -1630,7 +1630,10 @@ + + + void usage(void) { +- printf("\nxl2tpd version: %s\n", SERVER_VERSION); ++ printf("\nxl2tpd version: %s\n" ++"This product includes software developed by the OpenSSL Project for use\n" ++"in the OpenSSL Toolkit. (http://www.openssl.org/)\n" ++, SERVER_VERSION); + printf("Usage: xl2tpd [-c ] [-s ] [-p ]\n" + " [-C ] [-D] [-l]\n" + " [-v, --version]\n"); diff --git a/xl2tpd-1.3.8-saref.patch b/xl2tpd-1.3.8-saref.patch new file mode 100644 index 0000000..a3fabbf --- /dev/null +++ b/xl2tpd-1.3.8-saref.patch @@ -0,0 +1,36 @@ +diff -Naur xl2tpd-1.3.8-orig/file.c xl2tpd-1.3.8/file.c +--- xl2tpd-1.3.8-orig/file.c 2016-08-11 20:56:53.000000000 -0400 ++++ xl2tpd-1.3.8/file.c 2016-08-24 11:46:12.046031065 -0400 +@@ -42,6 +42,8 @@ + + gconfig.port = UDP_LISTEN_PORT; + gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */ ++ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */ ++ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */ + gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */ + gconfig.debug_avp = 0; + gconfig.debug_network = 0; +diff -Naur xl2tpd-1.3.8-orig/network.c xl2tpd-1.3.8/network.c +--- xl2tpd-1.3.8-orig/network.c 2016-08-11 20:56:53.000000000 -0400 ++++ xl2tpd-1.3.8/network.c 2016-08-24 11:47:01.683781479 -0400 +@@ -80,6 +80,12 @@ + * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO + * values. + */ ++ if (!gconfig.ipsecsaref) ++ { ++ l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n"); ++ } ++ else ++ { + arg=1; + if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, + &arg, sizeof(arg)) != 0) { +@@ -87,6 +93,7 @@ + + gconfig.ipsecsaref=0; + } ++ } + + arg=1; + if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { From c3b7e511ff596f32c7a2a3c33b66ecaba00d99a3 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sun, 15 Jan 2017 13:02:46 -0500 Subject: [PATCH 74/85] - Resolves: rhbz#1192189 Both kernel-debug-core and kernel-core are installed --- xl2tpd.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 44f8478..cd55c86 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ Group: System Environment/Daemons @@ -25,6 +25,8 @@ BuildRequires: openssl-devel Requires(post): systemd Requires(preun): systemd Requires(postun): systemd +# dnf resolving prefers kernel-debug-modules-extra over kernel-modules-extra +Suggests: kernel-modules-extra %description xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). @@ -114,6 +116,10 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sun Jan 15 2017 Paul Wouters - 1.3.8-2 +- Very reluctantly add a Suggests: tag to work around dnf/kernel bug +- Resolves: rhbz#1192189 Both kernel-debug-core and kernel-core are installed + * Wed Aug 24 2016 Paul Wouters - 1.3.8-1 - Upgraded to 1.3.8 and updated existing patches still required - Fix kernel mode breaking the closing tunnels From d0eaf84aff653b3ec91dbee9bc1f053e63f5f7c7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 11 Feb 2017 17:55:01 +0000 Subject: [PATCH 75/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index cd55c86..b5e182b 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ Group: System Environment/Daemons @@ -116,6 +116,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sat Feb 11 2017 Fedora Release Engineering - 1.3.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + * Sun Jan 15 2017 Paul Wouters - 1.3.8-2 - Very reluctantly add a Suggests: tag to work around dnf/kernel bug - Resolves: rhbz#1192189 Both kernel-debug-core and kernel-core are installed From cf7fbbafbfdc4944e541e48c7fd9045e4dfd3b7a Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 27 Jul 2017 22:10:54 +0000 Subject: [PATCH 76/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index b5e182b..a6181c0 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 3%{?dist} +Release: 4%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ Group: System Environment/Daemons @@ -116,6 +116,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Thu Jul 27 2017 Fedora Release Engineering - 1.3.8-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Sat Feb 11 2017 Fedora Release Engineering - 1.3.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild From 9d289c20bac6deadbbeef8d876e55e05d2ff24d7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 3 Aug 2017 10:45:33 +0000 Subject: [PATCH 77/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index a6181c0..0309fcc 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 4%{?dist} +Release: 5%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ Group: System Environment/Daemons @@ -116,6 +116,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Thu Aug 03 2017 Fedora Release Engineering - 1.3.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Thu Jul 27 2017 Fedora Release Engineering - 1.3.8-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From cfcbc4e311012e18fcb97ad1d18e15dfc20d1213 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 9 Feb 2018 21:43:43 +0000 Subject: [PATCH 78/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 0309fcc..29933b6 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 5%{?dist} +Release: 6%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ Group: System Environment/Daemons @@ -116,6 +116,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Fri Feb 09 2018 Fedora Release Engineering - 1.3.8-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Thu Aug 03 2017 Fedora Release Engineering - 1.3.8-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From f60905f0f43a533871b34820164631ce04e7d044 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sun, 1 Apr 2018 22:04:41 +0200 Subject: [PATCH 79/85] - Resolves: rhbz#1562512 kernels 4.15 and 4.16 break xl2tpd --- xl2tpd-1.3.8-saref.patch | 61 +++++++++++++++++++++++++++------------- xl2tpd.spec | 5 +++- 2 files changed, 46 insertions(+), 20 deletions(-) diff --git a/xl2tpd-1.3.8-saref.patch b/xl2tpd-1.3.8-saref.patch index a3fabbf..3cd9a23 100644 --- a/xl2tpd-1.3.8-saref.patch +++ b/xl2tpd-1.3.8-saref.patch @@ -1,7 +1,8 @@ -diff -Naur xl2tpd-1.3.8-orig/file.c xl2tpd-1.3.8/file.c ---- xl2tpd-1.3.8-orig/file.c 2016-08-11 20:56:53.000000000 -0400 -+++ xl2tpd-1.3.8/file.c 2016-08-24 11:46:12.046031065 -0400 -@@ -42,6 +42,8 @@ +diff --git a/file.c b/file.c +index f61c221..a6362c0 100644 +--- a/file.c ++++ b/file.c +@@ -42,6 +42,8 @@ int init_config () gconfig.port = UDP_LISTEN_PORT; gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */ @@ -10,27 +11,49 @@ diff -Naur xl2tpd-1.3.8-orig/file.c xl2tpd-1.3.8/file.c gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */ gconfig.debug_avp = 0; gconfig.debug_network = 0; -diff -Naur xl2tpd-1.3.8-orig/network.c xl2tpd-1.3.8/network.c ---- xl2tpd-1.3.8-orig/network.c 2016-08-11 20:56:53.000000000 -0400 -+++ xl2tpd-1.3.8/network.c 2016-08-24 11:47:01.683781479 -0400 -@@ -80,6 +80,12 @@ +diff --git a/network.c b/network.c +index 543d30e..c66d1e3 100644 +--- a/network.c ++++ b/network.c +@@ -78,23 +78,27 @@ int init_network (void) * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO * values. */ +- arg=1; +- if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, +- &arg, sizeof(arg)) != 0) { +- l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno)); +- +- gconfig.ipsecsaref=0; +- } +- +- arg=1; +- if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { +- l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno)); + if (!gconfig.ipsecsaref) + { + l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n"); -+ } + } +-#else + else -+ { - arg=1; - if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, - &arg, sizeof(arg)) != 0) { -@@ -87,6 +93,7 @@ - - gconfig.ipsecsaref=0; + { +- l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n"); ++ arg=1; ++ if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, &arg, sizeof(arg)) != 0) { ++ l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno)); ++ gconfig.ipsecsaref=0; ++ } ++ else ++ { ++ arg=1; ++ if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { ++ l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno)); ++ } ++ } } -+ } +- ++#else ++ l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n"); + #endif - arg=1; - if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) { + #ifdef USE_KERNEL diff --git a/xl2tpd.spec b/xl2tpd.spec index 29933b6..7d9ad76 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 6%{?dist} +Release: 7%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ Group: System Environment/Daemons @@ -116,6 +116,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sun Apr 01 2018 Paul Wouters - 1.3.8-7 +- Resolves: rhbz#1562512 kernels 4.15 and 4.16 break xl2tpd + * Fri Feb 09 2018 Fedora Release Engineering - 1.3.8-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From ad07bc59e321ddb605a63bf1865964ab69b1f03e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 14 Jul 2018 09:21:18 +0000 Subject: [PATCH 80/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 7d9ad76..7aa43d8 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 7%{?dist} +Release: 8%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ Group: System Environment/Daemons @@ -116,6 +116,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sat Jul 14 2018 Fedora Release Engineering - 1.3.8-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Sun Apr 01 2018 Paul Wouters - 1.3.8-7 - Resolves: rhbz#1562512 kernels 4.15 and 4.16 break xl2tpd From 6b6328450bbd06bb1f62ee02848c144b261f9b21 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Tue, 24 Jul 2018 16:03:13 +0200 Subject: [PATCH 81/85] Add missing BuildRequires on gcc make: cc: Command not found References: https://bugzilla.redhat.com/show_bug.cgi?id=1606739 Signed-off-by: Igor Gnatenko --- xl2tpd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/xl2tpd.spec b/xl2tpd.spec index 7aa43d8..8cc27da 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -19,6 +19,7 @@ Patch4: xl2tpd-1.3.8-kernelmode.patch Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko) # If you want to authenticate against a Microsoft PDC/Active Directory # Requires: samba-winbind +BuildRequires: gcc BuildRequires: libpcap-devel BuildRequires: systemd-units BuildRequires: openssl-devel From c8a0d171c12f8d691263060e2ec236ba5144d0f6 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:18:31 +0100 Subject: [PATCH 82/85] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- xl2tpd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 8cc27da..1eea3d1 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -6,7 +6,6 @@ Version: 1.3.8 Release: 8%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ -Group: System Environment/Daemons # upstream isn't using proper names, we manually rename v-VERSION.tar.gz to xl2tpd-VERSION.tar.gz Source0: https://github.com/xelerance/xl2tpd/archive/xl2tpd-%{version}.tar.gz Source1: xl2tpd.service From a66699945586b53e7b2b64b3727aeac345c84465 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 3 Feb 2019 12:29:49 +0000 Subject: [PATCH 83/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index 1eea3d1..e988928 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 8%{?dist} +Release: 9%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ # upstream isn't using proper names, we manually rename v-VERSION.tar.gz to xl2tpd-VERSION.tar.gz @@ -116,6 +116,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sun Feb 03 2019 Fedora Release Engineering - 1.3.8-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Sat Jul 14 2018 Fedora Release Engineering - 1.3.8-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From cceeeb6ca799b83c5b42aeba485e2a77c268a056 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jul 2019 04:17:33 +0000 Subject: [PATCH 84/85] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- xl2tpd.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xl2tpd.spec b/xl2tpd.spec index e988928..6880ea3 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -3,7 +3,7 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd Version: 1.3.8 -Release: 9%{?dist} +Release: 10%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ # upstream isn't using proper names, we manually rename v-VERSION.tar.gz to xl2tpd-VERSION.tar.gz @@ -116,6 +116,9 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control %changelog +* Sat Jul 27 2019 Fedora Release Engineering - 1.3.8-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Sun Feb 03 2019 Fedora Release Engineering - 1.3.8-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 78cd38b6166cc54915b9c4cd5853363bf4c6d045 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Tue, 24 Sep 2019 21:57:59 -0400 Subject: [PATCH 85/85] * Wed Sep 25 2019 Paul Wouters - 1.3.14-1 - Resolves: rhbz#1322190 Updated to 1.3.14 - Resolves: rhbz#1722121 Use proper /run directory - Resolves: rhbz#1399648 Review Request: xl2tpd --- .gitignore | 1 + sources | 2 +- tmpfiles-xl2tpd.conf | 2 +- xl2tpd-1.3.14-conf.patch | 31 +++ xl2tpd-1.3.14-kernelmode.patch | 18 ++ xl2tpd-1.3.14-md5-fips.patch | 468 +++++++++++++++++++++++++++++++++ xl2tpd.spec | 39 +-- 7 files changed, 541 insertions(+), 20 deletions(-) create mode 100644 xl2tpd-1.3.14-conf.patch create mode 100644 xl2tpd-1.3.14-kernelmode.patch create mode 100644 xl2tpd-1.3.14-md5-fips.patch diff --git a/.gitignore b/.gitignore index a22e372..ae0ec2f 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ xl2tpd-1.3.0.tar.gz xl2tpd-1.3.1.tar.gz /xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz /xl2tpd-1.3.8.tar.gz +/xl2tpd-1.3.14.tar.gz diff --git a/sources b/sources index ea62266..31efa93 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d244fdcd88f64601b64b7302870afca8 xl2tpd-1.3.8.tar.gz +SHA512 (xl2tpd-1.3.14.tar.gz) = a0c007b5a2d45f4c73d8651c8ca2525cd46b779e4b8cfabebd2c7905770d128f25edea5665c25828c53788083fda73896faccb49f4da9a38a2042b5f957a3327 diff --git a/tmpfiles-xl2tpd.conf b/tmpfiles-xl2tpd.conf index 66bc6f8..ee868fb 100644 --- a/tmpfiles-xl2tpd.conf +++ b/tmpfiles-xl2tpd.conf @@ -1 +1 @@ -D /var/run/xl2tpd 0755 root root - +D /run/xl2tpd 0755 root root - diff --git a/xl2tpd-1.3.14-conf.patch b/xl2tpd-1.3.14-conf.patch new file mode 100644 index 0000000..8f70a3d --- /dev/null +++ b/xl2tpd-1.3.14-conf.patch @@ -0,0 +1,31 @@ +diff -Naur xl2tpd-1.3.14-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.14/examples/ppp-options.xl2tpd +--- xl2tpd-1.3.14-orig/examples/ppp-options.xl2tpd 2019-04-17 12:23:39.000000000 -0400 ++++ xl2tpd-1.3.14/examples/ppp-options.xl2tpd 2019-09-24 20:47:35.056615746 -0400 +@@ -1,9 +1,11 @@ + ipcp-accept-local + ipcp-accept-remote +-ms-dns 192.168.1.1 +-ms-dns 192.168.1.3 +-ms-wins 192.168.1.2 +-ms-wins 192.168.1.4 ++ms-dns 8.8.8.8 ++ms-dns 1.1.1.1 ++# ms-dns 192.168.1.1 ++# ms-dns 192.168.1.3 ++# ms-wins 192.168.1.2 ++# ms-wins 192.168.1.4 + noccp + auth + crtscts +@@ -15,3 +17,11 @@ + lock + proxyarp + connect-delay 5000 ++# To allow authentication against a Windows domain EXAMPLE, and require the ++# user to be in a group "VPN Users". Requires the samba-winbind package ++# require-mschap-v2 ++# plugin winbind.so ++# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"' ++# You need to join the domain on the server, for example using samba: ++# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html ++ diff --git a/xl2tpd-1.3.14-kernelmode.patch b/xl2tpd-1.3.14-kernelmode.patch new file mode 100644 index 0000000..9f30914 --- /dev/null +++ b/xl2tpd-1.3.14-kernelmode.patch @@ -0,0 +1,18 @@ +diff -Naur xl2tpd-1.3.14-orig/xl2tpd.c xl2tpd-1.3.14/xl2tpd.c +--- xl2tpd-1.3.14-orig/xl2tpd.c 2019-04-17 12:23:39.000000000 -0400 ++++ xl2tpd-1.3.14/xl2tpd.c 2019-09-24 21:48:49.234308626 -0400 +@@ -277,14 +277,7 @@ + * OK...pppd died, we can go ahead and close the pty for + * it + */ +-#ifdef USE_KERNEL +- if (!kernel_support) { +- +-#endif + close (c->fd); +-#ifdef USE_KERNEL +- } +-#endif + c->fd = -1; + /* + * terminate tunnel and call loops, returning to the diff --git a/xl2tpd-1.3.14-md5-fips.patch b/xl2tpd-1.3.14-md5-fips.patch new file mode 100644 index 0000000..ed8304f --- /dev/null +++ b/xl2tpd-1.3.14-md5-fips.patch @@ -0,0 +1,468 @@ +diff -Naur xl2tpd-1.3.14-orig/aaa.c xl2tpd-1.3.14/aaa.c +--- xl2tpd-1.3.14-orig/aaa.c 2019-04-17 12:23:39.000000000 -0400 ++++ xl2tpd-1.3.14/aaa.c 2019-09-24 20:51:39.478952494 -0400 +@@ -21,6 +21,8 @@ + #include + #include "l2tp.h" + ++#include ++ + extern void bufferDump (char *, int); + + /* FIXME: Accounting? */ +@@ -273,11 +275,11 @@ + #endif + + memset (chal->response, 0, MD_SIG_SIZE); +- MD5Init (&chal->md5); +- MD5Update (&chal->md5, &chal->ss, 1); +- MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret)); +- MD5Update (&chal->md5, chal->challenge, chal->chal_len); +- MD5Final (chal->response, &chal->md5); ++ MD5_Init (&chal->md5); ++ MD5_Update (&chal->md5, &chal->ss, 1); ++ MD5_Update (&chal->md5, chal->secret, strlen ((char *)chal->secret)); ++ MD5_Update (&chal->md5, chal->challenge, chal->chal_len); ++ MD5_Final (chal->response, &chal->md5); + #ifdef DEBUG_AUTH + l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n", + *((int *) &chal->response[0]), +@@ -392,12 +394,12 @@ + buf->len += length; + /* Back to the beginning of real data, including the original length AVP */ + +- MD5Init (&t->chal_them.md5); +- MD5Update (&t->chal_them.md5, (void *) &attr, 2); +- MD5Update (&t->chal_them.md5, t->chal_them.secret, ++ MD5_Init (&t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, (void *) &attr, 2); ++ MD5_Update (&t->chal_them.md5, t->chal_them.secret, + strlen ((char *)t->chal_them.secret)); +- MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE); +- MD5Final (digest, &t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE); ++ MD5_Final (digest, &t->chal_them.md5); + + /* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */ + ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr); +@@ -421,11 +423,11 @@ + #endif + if (ptr < end) + { +- MD5Init (&t->chal_them.md5); +- MD5Update (&t->chal_them.md5, t->chal_them.secret, ++ MD5_Init (&t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, t->chal_them.secret, + strlen ((char *)t->chal_them.secret)); +- MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE); +- MD5Final (digest, &t->chal_them.md5); ++ MD5_Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE); ++ MD5_Final (digest, &t->chal_them.md5); + } + previous_segment = ptr; + } +@@ -458,12 +460,12 @@ + that it will be padded to a 16 byte boundary, so we + have to be more careful than when encrypting */ + attr = ntohs (old_hdr->attr); +- MD5Init (&t->chal_us.md5); +- MD5Update (&t->chal_us.md5, (void *) &attr, 2); +- MD5Update (&t->chal_us.md5, t->chal_us.secret, ++ MD5_Init (&t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, (void *) &attr, 2); ++ MD5_Update (&t->chal_us.md5, t->chal_us.secret, + strlen ((char *)t->chal_us.secret)); +- MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len); +- MD5Final (digest, &t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len); ++ MD5_Final (digest, &t->chal_us.md5); + #ifdef DEBUG_HIDDEN + l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr); + print_challenge (&t->chal_us); +@@ -474,11 +476,11 @@ + { + if (cnt >= MD_SIG_SIZE) + { +- MD5Init (&t->chal_us.md5); +- MD5Update (&t->chal_us.md5, t->chal_us.secret, ++ MD5_Init (&t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, t->chal_us.secret, + strlen ((char *)t->chal_us.secret)); +- MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE); +- MD5Final (digest, &t->chal_us.md5); ++ MD5_Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE); ++ MD5_Final (digest, &t->chal_us.md5); + cnt = 0; + } + /* at the beginning of each segment, we save the current segment (16 octets or less) of cipher +diff -Naur xl2tpd-1.3.14-orig/aaa.h xl2tpd-1.3.14/aaa.h +--- xl2tpd-1.3.14-orig/aaa.h 2019-04-17 12:23:39.000000000 -0400 ++++ xl2tpd-1.3.14/aaa.h 2019-09-24 20:52:14.179531612 -0400 +@@ -15,7 +15,7 @@ + + #ifndef _AAA_H + #define _AAA_H +-#include "md5.h" ++#include + + #define ADDR_HASH_SIZE 256 + #define MD_SIG_SIZE 16 +@@ -34,7 +34,7 @@ + + struct challenge + { +- struct MD5Context md5; ++ MD5_CTX md5; + unsigned char ss; /* State we're sending in */ + unsigned char secret[MAXSTRLEN]; /* The shared secret */ + unsigned char *challenge; /* The original challenge */ +diff -Naur xl2tpd-1.3.14-orig/Makefile xl2tpd-1.3.14/Makefile +--- xl2tpd-1.3.14-orig/Makefile 2019-04-17 12:23:39.000000000 -0400 ++++ xl2tpd-1.3.14/Makefile 2019-09-24 20:53:02.420020643 -0400 +@@ -101,8 +101,8 @@ + IPFLAGS?= -DIP_ALLOCATION + + CFLAGS+= $(DFLAGS) -Os -Wall -Wextra -DSANITY $(OSFLAGS) $(IPFLAGS) +-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h +-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o ++HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h ++OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o + SRCS=${OBJS:.o=.c} ${HDRS} + CONTROL_SRCS=xl2tpd-control.c + #LIBS= $(OSLIBS) # -lefence # efence for malloc checking +@@ -121,7 +121,7 @@ + rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC) + + $(EXEC): $(OBJS) $(HDRS) +- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS) ++ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS) + + $(CONTROL_EXEC): $(CONTROL_SRCS) + $(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@ +diff -Naur xl2tpd-1.3.14-orig/md5.c xl2tpd-1.3.14/md5.c +--- xl2tpd-1.3.14-orig/md5.c 2019-04-17 12:23:39.000000000 -0400 ++++ xl2tpd-1.3.14/md5.c 1969-12-31 19:00:00.000000000 -0500 +@@ -1,274 +0,0 @@ +-#ifdef FREEBSD +-# include +-#elif defined(OPENBSD) || defined(NETBSD) +-# define __BSD_VISIBLE 0 +-# include +-#elif defined(LINUX) +-# include +-#elif defined(SOLARIS) +-# include +-#endif +-#if __BYTE_ORDER == __BIG_ENDIAN +-#define HIGHFIRST 1 +-#endif +- +-/* +- * This code implements the MD5 message-digest algorithm. +- * The algorithm is due to Ron Rivest. This code was +- * written by Colin Plumb in 1993, no copyright is claimed. +- * This code is in the public domain; do with it what you wish. +- * +- * Equivalent code is available from RSA Data Security, Inc. +- * This code has been tested against that, and is equivalent, +- * except that you don't need to include two pages of legalese +- * with every copy. +- * +- * To compute the message digest of a chunk of bytes, declare an +- * MD5Context structure, pass it to MD5Init, call MD5Update as +- * needed on buffers full of bytes, and then call MD5Final, which +- * will fill a supplied 16-byte array with the digest. +- */ +-#include /* for memcpy() */ +-#include "md5.h" +- +-#ifndef HIGHFIRST +-#define byteReverse(buf, len) /* Nothing */ +-#else +-void byteReverse (unsigned char *buf, unsigned longs); +- +-#ifndef ASM_MD5 +-/* +- * Note: this code is harmless on little-endian machines. +- */ +-void byteReverse (unsigned char *buf, unsigned longs) +-{ +- uint32 t; +- do +- { +- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | +- ((unsigned) buf[1] << 8 | buf[0]); +- *(uint32 *) buf = t; +- buf += 4; +- } +- while (--longs); +-} +-#endif +-#endif +- +-/* +- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious +- * initialization constants. +- */ +-void MD5Init (struct MD5Context *ctx) +-{ +- ctx->buf[0] = 0x67452301; +- ctx->buf[1] = 0xefcdab89; +- ctx->buf[2] = 0x98badcfe; +- ctx->buf[3] = 0x10325476; +- +- ctx->bits[0] = 0; +- ctx->bits[1] = 0; +-} +- +-/* +- * Update context to reflect the concatenation of another buffer full +- * of bytes. +- */ +-void MD5Update (struct MD5Context *ctx, unsigned char const *buf, +- unsigned len) +-{ +- uint32 t; +- +- /* Update bitcount */ +- +- t = ctx->bits[0]; +- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) +- ctx->bits[1]++; /* Carry from low to high */ +- ctx->bits[1] += len >> 29; +- +- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ +- +- /* Handle any leading odd-sized chunks */ +- +- if (t) +- { +- unsigned char *p = (unsigned char *) ctx->in + t; +- +- t = 64 - t; +- if (len < t) +- { +- memcpy (p, buf, len); +- return; +- } +- memcpy (p, buf, t); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- buf += t; +- len -= t; +- } +- /* Process data in 64-byte chunks */ +- +- while (len >= 64) +- { +- memcpy (ctx->in, buf, 64); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- buf += 64; +- len -= 64; +- } +- +- /* Handle any remaining bytes of data. */ +- +- memcpy (ctx->in, buf, len); +-} +- +-/* +- * Final wrapup - pad to 64-byte boundary with the bit pattern +- * 1 0* (64-bit count of bits processed, MSB-first) +- */ +-void MD5Final (unsigned char digest[16], struct MD5Context *ctx) +-{ +- unsigned count; +- unsigned char *p; +- +- /* Compute number of bytes mod 64 */ +- count = (ctx->bits[0] >> 3) & 0x3F; +- +- /* Set the first char of padding to 0x80. This is safe since there is +- always at least one byte free */ +- p = ctx->in + count; +- *p++ = 0x80; +- +- /* Bytes of padding needed to make 64 bytes */ +- count = 64 - 1 - count; +- +- /* Pad out to 56 mod 64 */ +- if (count < 8) +- { +- /* Two lots of padding: Pad the first block to 64 bytes */ +- memset (p, 0, count); +- byteReverse (ctx->in, 16); +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- +- /* Now fill the next block with 56 bytes */ +- memset (ctx->in, 0, 56); +- } +- else +- { +- /* Pad block to 56 bytes */ +- memset (p, 0, count - 8); +- } +- byteReverse (ctx->in, 14); +- +- /* Append length in bits and transform */ +- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits)); +- +- MD5Transform (ctx->buf, (uint32 *) ctx->in); +- byteReverse ((unsigned char *) ctx->buf, 4); +- memcpy (digest, ctx->buf, 16); +- memset (ctx, 0, sizeof (*ctx)); /* In case it's sensitive */ +-} +- +-#ifndef ASM_MD5 +- +-/* The four core functions - F1 is optimized somewhat */ +- +-/* #define F1(x, y, z) (x & y | ~x & z) */ +-#define F1(x, y, z) (z ^ (x & (y ^ z))) +-#define F2(x, y, z) F1(z, x, y) +-#define F3(x, y, z) (x ^ y ^ z) +-#define F4(x, y, z) (y ^ (x | ~z)) +- +-/* This is the central step in the MD5 algorithm. */ +-#define MD5STEP(f, w, x, y, z, data, s) \ +- ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) +- +-/* +- * The core of the MD5 algorithm, this alters an existing MD5 hash to +- * reflect the addition of 16 longwords of new data. MD5Update blocks +- * the data and converts bytes into longwords for this routine. +- */ +-void MD5Transform (uint32 buf[4], uint32 const in[16]) +-{ +- register uint32 a, b, c, d; +- +- a = buf[0]; +- b = buf[1]; +- c = buf[2]; +- d = buf[3]; +- +- MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7); +- MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12); +- MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17); +- MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22); +- MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7); +- MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12); +- MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17); +- MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22); +- MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7); +- MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12); +- MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17); +- MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22); +- MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7); +- MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12); +- MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17); +- MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22); +- +- MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5); +- MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9); +- MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14); +- MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); +- MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5); +- MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9); +- MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14); +- MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); +- MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5); +- MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9); +- MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14); +- MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20); +- MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5); +- MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); +- MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14); +- MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); +- +- MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4); +- MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11); +- MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16); +- MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23); +- MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4); +- MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); +- MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); +- MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23); +- MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4); +- MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11); +- MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16); +- MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23); +- MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4); +- MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11); +- MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); +- MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23); +- +- MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6); +- MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10); +- MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15); +- MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21); +- MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6); +- MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); +- MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15); +- MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21); +- MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); +- MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); +- MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15); +- MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21); +- MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6); +- MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10); +- MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); +- MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21); +- +- buf[0] += a; +- buf[1] += b; +- buf[2] += c; +- buf[3] += d; +-} +- +-#endif +diff -Naur xl2tpd-1.3.14-orig/md5.h xl2tpd-1.3.14/md5.h +--- xl2tpd-1.3.14-orig/md5.h 2019-04-17 12:23:39.000000000 -0400 ++++ xl2tpd-1.3.14/md5.h 1969-12-31 19:00:00.000000000 -0500 +@@ -1,29 +0,0 @@ +-#ifndef MD5_H +-#define MD5_H +- +-#ifdef __alpha +-typedef unsigned int uint32; +-#else +-#include +-typedef uint32_t uint32; +-#endif +- +-struct MD5Context +-{ +- uint32 buf[4]; +- uint32 bits[2]; +- unsigned char in[64]; +-}; +- +-void MD5Init (struct MD5Context *context); +-void MD5Update (struct MD5Context *context, unsigned char const *buf, +- unsigned len); +-void MD5Final (unsigned char digest[16], struct MD5Context *context); +-void MD5Transform (uint32 buf[4], uint32 const in[16]); +- +-/* +- * This is needed to make RSAREF happy on some MS-DOS compilers. +- */ +-typedef struct MD5Context MD5_CTX; +- +-#endif /* !MD5_H */ +diff -Naur xl2tpd-1.3.14-orig/xl2tpd.c xl2tpd-1.3.14/xl2tpd.c +--- xl2tpd-1.3.14-orig/xl2tpd.c 2019-04-17 12:23:39.000000000 -0400 ++++ xl2tpd-1.3.14/xl2tpd.c 2019-09-24 20:53:50.969512827 -0400 +@@ -1643,7 +1643,11 @@ + + + static void usage(void) { +- printf("\nxl2tpd version: %s\n", SERVER_VERSION); ++ printf("\nxl2tpd version: %s\n" ++"This product includes software developed by the OpenSSL Project for use\n" ++"in the OpenSSL Toolkit. (http://www.openssl.org/)\n" ++, SERVER_VERSION); ++ + printf("Usage: xl2tpd [-c ] [-s ] [-p ]\n" + " [-C ] [-D] [-l] [-q ]\n" + " [-v, --version]\n"); diff --git a/xl2tpd.spec b/xl2tpd.spec index 6880ea3..0506f6d 100644 --- a/xl2tpd.spec +++ b/xl2tpd.spec @@ -2,18 +2,17 @@ Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661) Name: xl2tpd -Version: 1.3.8 -Release: 10%{?dist} +Version: 1.3.14 +Release: 1%{?dist} License: GPL+ Url: https://github.com/xelerance/xl2tpd/ # upstream isn't using proper names, we manually rename v-VERSION.tar.gz to xl2tpd-VERSION.tar.gz Source0: https://github.com/xelerance/xl2tpd/archive/xl2tpd-%{version}.tar.gz Source1: xl2tpd.service Source2: tmpfiles-xl2tpd.conf -Patch1: xl2tpd-1.3.6-conf.patch -Patch2: xl2tpd-1.3.8-md5-fips.patch -Patch3: xl2tpd-1.3.8-saref.patch -Patch4: xl2tpd-1.3.8-kernelmode.patch +Patch1: xl2tpd-1.3.14-conf.patch +Patch2: xl2tpd-1.3.14-md5-fips.patch +Patch3: xl2tpd-1.3.14-kernelmode.patch Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko) # If you want to authenticate against a Microsoft PDC/Active Directory @@ -58,29 +57,27 @@ It was de-facto maintained by Jacco de Leeuw in 2002 and 2003. %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 %build -#make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" - export CFLAGS="$CFLAGS -fPIC -Wall -DTRUST_PPPD_TO_DIE" export DFLAGS="$RPM_OPT_FLAGS -g " export LDFLAGS="$LDFLAGS -pie -Wl,-z,relro -Wl,-z,now" -make +# if extra debugging is needed, use: +# %make_build DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH" +%make_build %install -rm -rf %{buildroot} make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install -d 0755 %{buildroot}%{_unitdir} install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/xl2tpd.service -mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d/ -install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf +mkdir -p %{buildroot}/%{_tmpfilesdir} +install -m 0644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/%{name}.conf install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample -install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd +install -p -D -m755 -d %{buildroot}%{_rundir}/xl2tpd %preun %systemd_preun xl2tpd.service @@ -101,7 +98,8 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd /bin/systemctl try-restart xl2tpd.service >/dev/null 2>&1 || : %files -%doc BUGS CHANGES CREDITS LICENSE README.* TODO +%doc BUGS CHANGES CREDITS README.* TODO +%license LICENSE %doc doc/README.patents examples/chapsecrets.sample %{_sbindir}/xl2tpd %{_sbindir}/xl2tpd-control @@ -110,12 +108,17 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd %dir %{_sysconfdir}/xl2tpd %config(noreplace) %{_sysconfdir}/xl2tpd/* %config(noreplace) %{_sysconfdir}/ppp/* -%dir %{_localstatedir}/run/xl2tpd +%dir %{_rundir}/xl2tpd %{_unitdir}/%{name}.service -%{_prefix}/lib/tmpfiles.d/%{name}.conf -%ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control +%{_tmpfilesdir}/%{name}.conf +%ghost %attr(0600,root,root) %{_rundir}/xl2tpd/l2tp-control %changelog +* Wed Sep 25 2019 Paul Wouters - 1.3.14-1 +- Resolves: rhbz#1322190 Updated to 1.3.14 +- Resolves: rhbz#1722121 Use proper /run directory +- Resolves: rhbz#1399648 Review Request: xl2tpd + * Sat Jul 27 2019 Fedora Release Engineering - 1.3.8-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild