rpms
/
xl2tpd
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into epel8

Browse Source
i8ce
Paul Wouters 5 years ago
parent bc472487cf 78cd38b616
commit 7eb1f02788
16 changed files with 2157 additions and 21 deletions
Show Stats Download Patch File Download Diff File

0
.cvsignore
Unescape View File

16
.gitignore vendored
Unescape View File

@ -0,0 +1,16 @@
xl2tpd-1.1.06.tar.gz
xl2tpd-1.1.07.tar.gz
xl2tpd-1.1.08.tar.gz
xl2tpd-1.1.09.tar.gz
xl2tpd-1.1.11.tar.gz
xl2tpd-1.1.12.tar.gz
xl2tpd-1.2.0.tar.gz
xl2tpd-1.2.4.tar.gz
xl2tpd-1.2.5.tar.gz
xl2tpd-1.2.7.tar.gz
xl2tpd-1.2.8.tar.gz
xl2tpd-1.3.0.tar.gz
xl2tpd-1.3.1.tar.gz
/xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz
/xl2tpd-1.3.8.tar.gz
/xl2tpd-1.3.14.tar.gz

21
Makefile
Unescape View File

@ -1,21 +0,0 @@
# Makefile for source rpm: xl2tpd
# $Id$
NAME := xl2tpd
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attept a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)

1
sources
Unescape View File

@ -0,0 +1 @@
SHA512 (xl2tpd-1.3.14.tar.gz) = a0c007b5a2d45f4c73d8651c8ca2525cd46b779e4b8cfabebd2c7905770d128f25edea5665c25828c53788083fda73896faccb49f4da9a38a2042b5f957a3327

1
tmpfiles-xl2tpd.conf
Unescape View File

@ -0,0 +1 @@
D /run/xl2tpd 0755 root root -

31
xl2tpd-1.3.14-conf.patch
Unescape View File

@ -0,0 +1,31 @@
diff -Naur xl2tpd-1.3.14-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.14/examples/ppp-options.xl2tpd
--- xl2tpd-1.3.14-orig/examples/ppp-options.xl2tpd 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/examples/ppp-options.xl2tpd 2019-09-24 20:47:35.056615746 -0400
@@ -1,9 +1,11 @@
ipcp-accept-local
ipcp-accept-remote
-ms-dns 192.168.1.1
-ms-dns 192.168.1.3
-ms-wins 192.168.1.2
-ms-wins 192.168.1.4
+ms-dns 8.8.8.8
+ms-dns 1.1.1.1
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.3
+# ms-wins 192.168.1.2
+# ms-wins 192.168.1.4
noccp
auth
crtscts
@@ -15,3 +17,11 @@
lock
proxyarp
connect-delay 5000
+# To allow authentication against a Windows domain EXAMPLE, and require the
+# user to be in a group "VPN Users". Requires the samba-winbind package
+# require-mschap-v2
+# plugin winbind.so
+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
+# You need to join the domain on the server, for example using samba:
+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
+

18
xl2tpd-1.3.14-kernelmode.patch
Unescape View File

@ -0,0 +1,18 @@
diff -Naur xl2tpd-1.3.14-orig/xl2tpd.c xl2tpd-1.3.14/xl2tpd.c
--- xl2tpd-1.3.14-orig/xl2tpd.c 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/xl2tpd.c 2019-09-24 21:48:49.234308626 -0400
@@ -277,14 +277,7 @@
* OK...pppd died, we can go ahead and close the pty for
* it
*/
-#ifdef USE_KERNEL
- if (!kernel_support) {
-
-#endif
close (c->fd);
-#ifdef USE_KERNEL
- }
-#endif
c->fd = -1;
/*
* terminate tunnel and call loops, returning to the

468
xl2tpd-1.3.14-md5-fips.patch
Unescape View File

@ -0,0 +1,468 @@
diff -Naur xl2tpd-1.3.14-orig/aaa.c xl2tpd-1.3.14/aaa.c
--- xl2tpd-1.3.14-orig/aaa.c 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/aaa.c 2019-09-24 20:51:39.478952494 -0400
@@ -21,6 +21,8 @@
#include <errno.h>
#include "l2tp.h"
+#include <openssl/md5.h>
+
extern void bufferDump (char *, int);
/* FIXME: Accounting? */
@@ -273,11 +275,11 @@
#endif
memset (chal->response, 0, MD_SIG_SIZE);
- MD5Init (&chal->md5);
- MD5Update (&chal->md5, &chal->ss, 1);
- MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
- MD5Update (&chal->md5, chal->challenge, chal->chal_len);
- MD5Final (chal->response, &chal->md5);
+ MD5_Init (&chal->md5);
+ MD5_Update (&chal->md5, &chal->ss, 1);
+ MD5_Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
+ MD5_Update (&chal->md5, chal->challenge, chal->chal_len);
+ MD5_Final (chal->response, &chal->md5);
#ifdef DEBUG_AUTH
l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n",
*((int *) &chal->response[0]),
@@ -392,12 +394,12 @@
buf->len += length;
/* Back to the beginning of real data, including the original length AVP */
- MD5Init (&t->chal_them.md5);
- MD5Update (&t->chal_them.md5, (void *) &attr, 2);
- MD5Update (&t->chal_them.md5, t->chal_them.secret,
+ MD5_Init (&t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, (void *) &attr, 2);
+ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
strlen ((char *)t->chal_them.secret));
- MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
- MD5Final (digest, &t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
+ MD5_Final (digest, &t->chal_them.md5);
/* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */
ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr);
@@ -421,11 +423,11 @@
#endif
if (ptr < end)
{
- MD5Init (&t->chal_them.md5);
- MD5Update (&t->chal_them.md5, t->chal_them.secret,
+ MD5_Init (&t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
strlen ((char *)t->chal_them.secret));
- MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
- MD5Final (digest, &t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
+ MD5_Final (digest, &t->chal_them.md5);
}
previous_segment = ptr;
}
@@ -458,12 +460,12 @@
that it will be padded to a 16 byte boundary, so we
have to be more careful than when encrypting */
attr = ntohs (old_hdr->attr);
- MD5Init (&t->chal_us.md5);
- MD5Update (&t->chal_us.md5, (void *) &attr, 2);
- MD5Update (&t->chal_us.md5, t->chal_us.secret,
+ MD5_Init (&t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, (void *) &attr, 2);
+ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
strlen ((char *)t->chal_us.secret));
- MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
- MD5Final (digest, &t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
+ MD5_Final (digest, &t->chal_us.md5);
#ifdef DEBUG_HIDDEN
l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr);
print_challenge (&t->chal_us);
@@ -474,11 +476,11 @@
{
if (cnt >= MD_SIG_SIZE)
{
- MD5Init (&t->chal_us.md5);
- MD5Update (&t->chal_us.md5, t->chal_us.secret,
+ MD5_Init (&t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
strlen ((char *)t->chal_us.secret));
- MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
- MD5Final (digest, &t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
+ MD5_Final (digest, &t->chal_us.md5);
cnt = 0;
}
/* at the beginning of each segment, we save the current segment (16 octets or less) of cipher
diff -Naur xl2tpd-1.3.14-orig/aaa.h xl2tpd-1.3.14/aaa.h
--- xl2tpd-1.3.14-orig/aaa.h 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/aaa.h 2019-09-24 20:52:14.179531612 -0400
@@ -15,7 +15,7 @@
#ifndef _AAA_H
#define _AAA_H
-#include "md5.h"
+#include <openssl/md5.h>
#define ADDR_HASH_SIZE 256
#define MD_SIG_SIZE 16
@@ -34,7 +34,7 @@
struct challenge
{
- struct MD5Context md5;
+ MD5_CTX md5;
unsigned char ss; /* State we're sending in */
unsigned char secret[MAXSTRLEN]; /* The shared secret */
unsigned char *challenge; /* The original challenge */
diff -Naur xl2tpd-1.3.14-orig/Makefile xl2tpd-1.3.14/Makefile
--- xl2tpd-1.3.14-orig/Makefile 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/Makefile 2019-09-24 20:53:02.420020643 -0400
@@ -101,8 +101,8 @@
IPFLAGS?= -DIP_ALLOCATION
CFLAGS+= $(DFLAGS) -Os -Wall -Wextra -DSANITY $(OSFLAGS) $(IPFLAGS)
-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
+HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h
+OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
SRCS=${OBJS:.o=.c} ${HDRS}
CONTROL_SRCS=xl2tpd-control.c
#LIBS= $(OSLIBS) # -lefence # efence for malloc checking
@@ -121,7 +121,7 @@
rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC)
$(EXEC): $(OBJS) $(HDRS)
- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS)
$(CONTROL_EXEC): $(CONTROL_SRCS)
$(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@
diff -Naur xl2tpd-1.3.14-orig/md5.c xl2tpd-1.3.14/md5.c
--- xl2tpd-1.3.14-orig/md5.c 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/md5.c 1969-12-31 19:00:00.000000000 -0500
@@ -1,274 +0,0 @@
-#ifdef FREEBSD
-# include <machine/endian.h>
-#elif defined(OPENBSD) || defined(NETBSD)
-# define __BSD_VISIBLE 0
-# include <machine/endian.h>
-#elif defined(LINUX)
-# include <endian.h>
-#elif defined(SOLARIS)
-# include <sys/isa_defs.h>
-#endif
-#if __BYTE_ORDER == __BIG_ENDIAN
-#define HIGHFIRST 1
-#endif
-
-/*
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- */
-#include <string.h> /* for memcpy() */
-#include "md5.h"
-
-#ifndef HIGHFIRST
-#define byteReverse(buf, len) /* Nothing */
-#else
-void byteReverse (unsigned char *buf, unsigned longs);
-
-#ifndef ASM_MD5
-/*
- * Note: this code is harmless on little-endian machines.
- */
-void byteReverse (unsigned char *buf, unsigned longs)
-{
- uint32 t;
- do
- {
- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
- ((unsigned) buf[1] << 8 | buf[0]);
- *(uint32 *) buf = t;
- buf += 4;
- }
- while (--longs);
-}
-#endif
-#endif
-
-/*
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void MD5Init (struct MD5Context *ctx)
-{
- ctx->buf[0] = 0x67452301;
- ctx->buf[1] = 0xefcdab89;
- ctx->buf[2] = 0x98badcfe;
- ctx->buf[3] = 0x10325476;
-
- ctx->bits[0] = 0;
- ctx->bits[1] = 0;
-}
-
-/*
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void MD5Update (struct MD5Context *ctx, unsigned char const *buf,
- unsigned len)
-{
- uint32 t;
-
- /* Update bitcount */
-
- t = ctx->bits[0];
- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
- ctx->bits[1]++; /* Carry from low to high */
- ctx->bits[1] += len >> 29;
-
- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
-
- /* Handle any leading odd-sized chunks */
-
- if (t)
- {
- unsigned char *p = (unsigned char *) ctx->in + t;
-
- t = 64 - t;
- if (len < t)
- {
- memcpy (p, buf, len);
- return;
- }
- memcpy (p, buf, t);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- buf += t;
- len -= t;
- }
- /* Process data in 64-byte chunks */
-
- while (len >= 64)
- {
- memcpy (ctx->in, buf, 64);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
-
- memcpy (ctx->in, buf, len);
-}
-
-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void MD5Final (unsigned char digest[16], struct MD5Context *ctx)
-{
- unsigned count;
- unsigned char *p;
-
- /* Compute number of bytes mod 64 */
- count = (ctx->bits[0] >> 3) & 0x3F;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
- p = ctx->in + count;
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 64 bytes */
- count = 64 - 1 - count;
-
- /* Pad out to 56 mod 64 */
- if (count < 8)
- {
- /* Two lots of padding: Pad the first block to 64 bytes */
- memset (p, 0, count);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
-
- /* Now fill the next block with 56 bytes */
- memset (ctx->in, 0, 56);
- }
- else
- {
- /* Pad block to 56 bytes */
- memset (p, 0, count - 8);
- }
- byteReverse (ctx->in, 14);
-
- /* Append length in bits and transform */
- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits));
-
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- byteReverse ((unsigned char *) ctx->buf, 4);
- memcpy (digest, ctx->buf, 16);
- memset (ctx, 0, sizeof (*ctx)); /* In case it's sensitive */
-}
-
-#ifndef ASM_MD5
-
-/* The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-/* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f, w, x, y, z, data, s) \
- ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
-
-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-void MD5Transform (uint32 buf[4], uint32 const in[16])
-{
- register uint32 a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
- MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
- MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17);
- MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
- MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
- MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
- MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17);
- MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22);
- MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7);
- MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
- MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
- MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
- MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7);
- MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12);
- MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17);
- MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
- MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
- MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9);
- MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
- MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
- MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
- MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9);
- MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
- MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
- MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
- MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
- MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
- MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
- MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
- MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
- MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
- MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
- MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
- MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11);
- MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
- MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
- MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
- MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
- MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
- MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
- MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
- MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
- MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
- MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23);
- MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
- MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
- MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
- MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
- MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6);
- MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10);
- MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
- MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
- MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
- MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
- MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
- MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
- MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
- MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
- MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15);
- MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
- MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
- MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
- MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
- MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-#endif
diff -Naur xl2tpd-1.3.14-orig/md5.h xl2tpd-1.3.14/md5.h
--- xl2tpd-1.3.14-orig/md5.h 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/md5.h 1969-12-31 19:00:00.000000000 -0500
@@ -1,29 +0,0 @@
-#ifndef MD5_H
-#define MD5_H
-
-#ifdef __alpha
-typedef unsigned int uint32;
-#else
-#include <stdint.h>
-typedef uint32_t uint32;
-#endif
-
-struct MD5Context
-{
- uint32 buf[4];
- uint32 bits[2];
- unsigned char in[64];
-};
-
-void MD5Init (struct MD5Context *context);
-void MD5Update (struct MD5Context *context, unsigned char const *buf,
- unsigned len);
-void MD5Final (unsigned char digest[16], struct MD5Context *context);
-void MD5Transform (uint32 buf[4], uint32 const in[16]);
-
-/*
- * This is needed to make RSAREF happy on some MS-DOS compilers.
- */
-typedef struct MD5Context MD5_CTX;
-
-#endif /* !MD5_H */
diff -Naur xl2tpd-1.3.14-orig/xl2tpd.c xl2tpd-1.3.14/xl2tpd.c
--- xl2tpd-1.3.14-orig/xl2tpd.c 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/xl2tpd.c 2019-09-24 20:53:50.969512827 -0400
@@ -1643,7 +1643,11 @@
static void usage(void) {
- printf("\nxl2tpd version: %s\n", SERVER_VERSION);
+ printf("\nxl2tpd version: %s\n"
+"This product includes software developed by the OpenSSL Project for use\n"
+"in the OpenSSL Toolkit. (http://www.openssl.org/)\n"
+, SERVER_VERSION);
+
printf("Usage: xl2tpd [-c <config file>] [-s <secret file>] [-p <pid file>]\n"
" [-C <control file>] [-D] [-l] [-q <tos decimal value for control>]\n"
" [-v, --version]\n");

40
xl2tpd-1.3.6-conf.patch
Unescape View File

@ -0,0 +1,40 @@
diff -Naur xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.6/examples/ppp-options.xl2tpd
--- xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/examples/ppp-options.xl2tpd 2014-05-12 14:46:24.358653357 -0400
@@ -1,9 +1,10 @@
ipcp-accept-local
ipcp-accept-remote
-ms-dns 192.168.1.1
-ms-dns 192.168.1.3
-ms-wins 192.168.1.2
-ms-wins 192.168.1.4
+ms-dns 8.8.8.8
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.3
+# ms-wins 192.168.1.2
+# ms-wins 192.168.1.4
noccp
auth
crtscts
@@ -15,3 +16,11 @@
lock
proxyarp
connect-delay 5000
+# To allow authentication against a Windows domain EXAMPLE, and require the
+# user to be in a group "VPN Users". Requires the samba-winbind package
+# require-mschap-v2
+# plugin winbind.so
+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
+# You need to join the domain on the server, for example using samba:
+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
+
diff -Naur xl2tpd-1.3.6-orig/examples/README xl2tpd-1.3.6/examples/README
--- xl2tpd-1.3.6-orig/examples/README 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/examples/README 2014-05-12 14:46:59.168476547 -0400
@@ -1,4 +1,4 @@
These are example files for use with xl2tpd.
-Openswan carries config examples for use with l2tp-over-ipsec.
-See http://www.openswan.org/
+xl2tpd is often used in combination with libreswan to offer L2TP/IPsec
+See https://libreswan.org/

466
xl2tpd-1.3.6-md5-fips.patch
Unescape View File

@ -0,0 +1,466 @@
diff -Naur xl2tpd-1.3.6-orig/aaa.c xl2tpd-1.3.6/aaa.c
--- xl2tpd-1.3.6-orig/aaa.c 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/aaa.c 2014-05-12 15:01:05.936492449 -0400
@@ -21,6 +21,8 @@
#include <errno.h>
#include "l2tp.h"
+#include <openssl/md5.h>
+
extern void bufferDump (char *, int);
/* FIXME: Accounting? */
@@ -273,11 +275,11 @@
#endif
memset (chal->response, 0, MD_SIG_SIZE);
- MD5Init (&chal->md5);
- MD5Update (&chal->md5, &chal->ss, 1);
- MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
- MD5Update (&chal->md5, chal->challenge, chal->chal_len);
- MD5Final (chal->response, &chal->md5);
+ MD5_Init (&chal->md5);
+ MD5_Update (&chal->md5, &chal->ss, 1);
+ MD5_Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
+ MD5_Update (&chal->md5, chal->challenge, chal->chal_len);
+ MD5_Final (chal->response, &chal->md5);
#ifdef DEBUG_AUTH
l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n",
*((int *) &chal->response[0]),
@@ -392,12 +394,12 @@
buf->len += length;
/* Back to the beginning of real data, including the original length AVP */
- MD5Init (&t->chal_them.md5);
- MD5Update (&t->chal_them.md5, (void *) &attr, 2);
- MD5Update (&t->chal_them.md5, t->chal_them.secret,
+ MD5_Init (&t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, (void *) &attr, 2);
+ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
strlen ((char *)t->chal_them.secret));
- MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
- MD5Final (digest, &t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
+ MD5_Final (digest, &t->chal_them.md5);
/* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */
ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr);
@@ -421,11 +423,11 @@
#endif
if (ptr < end)
{
- MD5Init (&t->chal_them.md5);
- MD5Update (&t->chal_them.md5, t->chal_them.secret,
+ MD5_Init (&t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
strlen ((char *)t->chal_them.secret));
- MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
- MD5Final (digest, &t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
+ MD5_Final (digest, &t->chal_them.md5);
}
previous_segment = ptr;
}
@@ -458,12 +460,12 @@
that it will be padded to a 16 byte boundary, so we
have to be more careful than when encrypting */
attr = ntohs (old_hdr->attr);
- MD5Init (&t->chal_us.md5);
- MD5Update (&t->chal_us.md5, (void *) &attr, 2);
- MD5Update (&t->chal_us.md5, t->chal_us.secret,
+ MD5_Init (&t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, (void *) &attr, 2);
+ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
strlen ((char *)t->chal_us.secret));
- MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
- MD5Final (digest, &t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
+ MD5_Final (digest, &t->chal_us.md5);
#ifdef DEBUG_HIDDEN
l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr);
print_challenge (&t->chal_us);
@@ -474,11 +476,11 @@
{
if (cnt >= MD_SIG_SIZE)
{
- MD5Init (&t->chal_us.md5);
- MD5Update (&t->chal_us.md5, t->chal_us.secret,
+ MD5_Init (&t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
strlen ((char *)t->chal_us.secret));
- MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
- MD5Final (digest, &t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
+ MD5_Final (digest, &t->chal_us.md5);
cnt = 0;
}
/* at the beginning of each segment, we save the current segment (16 octets or less) of cipher
diff -Naur xl2tpd-1.3.6-orig/aaa.h xl2tpd-1.3.6/aaa.h
--- xl2tpd-1.3.6-orig/aaa.h 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/aaa.h 2014-05-12 15:02:39.262697808 -0400
@@ -15,7 +15,7 @@
#ifndef _AAA_H
#define _AAA_H
-#include "md5.h"
+#include <openssl/md5.h>
#define ADDR_HASH_SIZE 256
#define MD_SIG_SIZE 16
@@ -34,7 +34,7 @@
struct challenge
{
- struct MD5Context md5;
+ MD5_CTX md5;
unsigned char ss; /* State we're sending in */
unsigned char secret[MAXSTRLEN]; /* The shared secret */
unsigned char *challenge; /* The original challenge */
diff -Naur xl2tpd-1.3.6-orig/Makefile xl2tpd-1.3.6/Makefile
--- xl2tpd-1.3.6-orig/Makefile 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/Makefile 2014-05-12 15:03:43.832223559 -0400
@@ -92,8 +92,8 @@
IPFLAGS?= -DIP_ALLOCATION
CFLAGS+= $(DFLAGS) -O2 -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS)
-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
+HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h
+OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
SRCS=${OBJS:.o=.c} ${HDRS}
CONTROL_SRCS=xl2tpd-control.c
#LIBS= $(OSLIBS) # -lefence # efence for malloc checking
@@ -112,7 +112,7 @@
rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC)
$(EXEC): $(OBJS) $(HDRS)
- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS)
$(CONTROL_EXEC): $(CONTROL_SRCS)
$(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@
diff -Naur xl2tpd-1.3.6-orig/md5.c xl2tpd-1.3.6/md5.c
--- xl2tpd-1.3.6-orig/md5.c 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/md5.c 1969-12-31 19:00:00.000000000 -0500
@@ -1,274 +0,0 @@
-#ifdef FREEBSD
-# include <machine/endian.h>
-#elif defined(OPENBSD)
-# define __BSD_VISIBLE 0
-# include <machine/endian.h>
-#elif defined(LINUX)
-# include <endian.h>
-#elif defined(SOLARIS)
-# include <sys/isa_defs.h>
-#endif
-#if __BYTE_ORDER == __BIG_ENDIAN
-#define HIGHFIRST 1
-#endif
-
-/*
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- */
-#include <string.h> /* for memcpy() */
-#include "md5.h"
-
-#ifndef HIGHFIRST
-#define byteReverse(buf, len) /* Nothing */
-#else
-void byteReverse (unsigned char *buf, unsigned longs);
-
-#ifndef ASM_MD5
-/*
- * Note: this code is harmless on little-endian machines.
- */
-void byteReverse (unsigned char *buf, unsigned longs)
-{
- uint32 t;
- do
- {
- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
- ((unsigned) buf[1] << 8 | buf[0]);
- *(uint32 *) buf = t;
- buf += 4;
- }
- while (--longs);
-}
-#endif
-#endif
-
-/*
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void MD5Init (struct MD5Context *ctx)
-{
- ctx->buf[0] = 0x67452301;
- ctx->buf[1] = 0xefcdab89;
- ctx->buf[2] = 0x98badcfe;
- ctx->buf[3] = 0x10325476;
-
- ctx->bits[0] = 0;
- ctx->bits[1] = 0;
-}
-
-/*
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void MD5Update (struct MD5Context *ctx, unsigned char const *buf,
- unsigned len)
-{
- uint32 t;
-
- /* Update bitcount */
-
- t = ctx->bits[0];
- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
- ctx->bits[1]++; /* Carry from low to high */
- ctx->bits[1] += len >> 29;
-
- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
-
- /* Handle any leading odd-sized chunks */
-
- if (t)
- {
- unsigned char *p = (unsigned char *) ctx->in + t;
-
- t = 64 - t;
- if (len < t)
- {
- memcpy (p, buf, len);
- return;
- }
- memcpy (p, buf, t);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- buf += t;
- len -= t;
- }
- /* Process data in 64-byte chunks */
-
- while (len >= 64)
- {
- memcpy (ctx->in, buf, 64);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
-
- memcpy (ctx->in, buf, len);
-}
-
-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void MD5Final (unsigned char digest[16], struct MD5Context *ctx)
-{
- unsigned count;
- unsigned char *p;
-
- /* Compute number of bytes mod 64 */
- count = (ctx->bits[0] >> 3) & 0x3F;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
- p = ctx->in + count;
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 64 bytes */
- count = 64 - 1 - count;
-
- /* Pad out to 56 mod 64 */
- if (count < 8)
- {
- /* Two lots of padding: Pad the first block to 64 bytes */
- memset (p, 0, count);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
-
- /* Now fill the next block with 56 bytes */
- memset (ctx->in, 0, 56);
- }
- else
- {
- /* Pad block to 56 bytes */
- memset (p, 0, count - 8);
- }
- byteReverse (ctx->in, 14);
-
- /* Append length in bits and transform */
- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits));
-
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- byteReverse ((unsigned char *) ctx->buf, 4);
- memcpy (digest, ctx->buf, 16);
- memset (ctx, 0, sizeof (ctx)); /* In case it's sensitive */
-}
-
-#ifndef ASM_MD5
-
-/* The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-/* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f, w, x, y, z, data, s) \
- ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
-
-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-void MD5Transform (uint32 buf[4], uint32 const in[16])
-{
- register uint32 a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
- MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
- MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17);
- MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
- MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
- MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
- MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17);
- MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22);
- MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7);
- MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
- MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
- MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
- MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7);
- MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12);
- MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17);
- MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
- MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
- MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9);
- MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
- MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
- MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
- MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9);
- MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
- MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
- MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
- MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
- MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
- MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
- MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
- MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
- MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
- MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
- MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
- MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11);
- MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
- MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
- MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
- MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
- MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
- MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
- MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
- MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
- MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
- MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23);
- MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
- MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
- MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
- MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
- MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6);
- MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10);
- MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
- MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
- MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
- MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
- MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
- MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
- MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
- MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
- MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15);
- MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
- MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
- MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
- MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
- MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-#endif
diff -Naur xl2tpd-1.3.6-orig/md5.h xl2tpd-1.3.6/md5.h
--- xl2tpd-1.3.6-orig/md5.h 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/md5.h 1969-12-31 19:00:00.000000000 -0500
@@ -1,28 +0,0 @@
-#ifndef MD5_H
-#define MD5_H
-
-#ifdef __alpha
-typedef unsigned int uint32;
-#else
-typedef unsigned long uint32;
-#endif
-
-struct MD5Context
-{
- uint32 buf[4];
- uint32 bits[2];
- unsigned char in[64];
-};
-
-void MD5Init (struct MD5Context *context);
-void MD5Update (struct MD5Context *context, unsigned char const *buf,
- unsigned len);
-void MD5Final (unsigned char digest[16], struct MD5Context *context);
-void MD5Transform (uint32 buf[4], uint32 const in[16]);
-
-/*
- * This is needed to make RSAREF happy on some MS-DOS compilers.
- */
-typedef struct MD5Context MD5_CTX;
-
-#endif /* !MD5_H */
diff -Naur xl2tpd-1.3.6-orig/xl2tpd.c xl2tpd-1.3.6/xl2tpd.c
--- xl2tpd-1.3.6-orig/xl2tpd.c 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-1.3.6/xl2tpd.c 2014-05-12 14:58:58.903490392 -0400
@@ -1310,7 +1310,10 @@
void usage(void) {
- printf("\nxl2tpd version: %s\n", SERVER_VERSION);
+ printf("\nxl2tpd version: %s\n"
+"This product includes software developed by the OpenSSL Project for use\n"
+"in the OpenSSL Toolkit. (http://www.openssl.org/)\n"
+, SERVER_VERSION);
printf("Usage: xl2tpd [-c <config file>] [-s <secret file>] [-p <pid file>]\n"
" [-C <control file>] [-D]\n"
" [-v, --version]\n");

36
xl2tpd-1.3.6-saref.patch
Unescape View File

@ -0,0 +1,36 @@
diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c
--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/file.c 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/file.c 2014-06-14 12:34:06.422355636 -0400
@@ -42,6 +42,8 @@
gconfig.port = UDP_LISTEN_PORT;
gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */
+ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */
+ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */
gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */
gconfig.debug_avp = 0;
gconfig.debug_network = 0;
diff -Naur xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c
--- xl2tpd-5619e1771048e74b729804e8602f409af0f3faea-orig/network.c 2014-01-15 15:58:37.000000000 -0500
+++ xl2tpd-5619e1771048e74b729804e8602f409af0f3faea/network.c 2014-06-14 12:37:06.953574143 -0400
@@ -78,6 +78,12 @@
* For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO
* values.
*/
+ if (!gconfig.ipsecsaref)
+ {
+ l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n");
+ }
+ else
+ {
arg=1;
if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum,
&arg, sizeof(arg)) != 0) {
@@ -85,6 +91,7 @@
gconfig.ipsecsaref=0;
}
+ }
arg=1;
if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) {

26
xl2tpd-1.3.8-kernelmode.patch
Unescape View File

@ -0,0 +1,26 @@
diff -Naur xl2tpd-1.3.8-orig/network.c xl2tpd-1.3.8/network.c
--- xl2tpd-1.3.8-orig/network.c 2016-08-24 11:56:13.438007170 -0400
+++ xl2tpd-1.3.8/network.c 2016-08-24 12:22:36.945960487 -0400
@@ -781,6 +781,9 @@
sax.pppol2tp.addr.sin_family = AF_INET;
sax.pppol2tp.s_tunnel = t->ourtid;
sax.pppol2tp.d_tunnel = t->tid;
+ sax.pppol2tp.s_session = 0;
+ sax.pppol2tp.d_session = 0;
+
if ((connect(fd2, (struct sockaddr *)&sax, sizeof(sax))) < 0) {
l2tp_log (LOG_WARNING, "%s: Unable to connect PPPoL2TP socket. %d %s\n",
__FUNCTION__, errno, strerror(errno));
diff -Naur xl2tpd-1.3.8-orig/xl2tpd.c xl2tpd-1.3.8/xl2tpd.c
--- xl2tpd-1.3.8-orig/xl2tpd.c 2016-08-24 11:56:13.436007180 -0400
+++ xl2tpd-1.3.8/xl2tpd.c 2016-08-24 12:07:47.057504872 -0400
@@ -274,9 +274,6 @@
* OK...pppd died, we can go ahead and close the pty for
* it
*/
-#ifdef USE_KERNEL
- if (!kernel_support)
-#endif
close (c->fd);
c->fd = -1;
/*

467
xl2tpd-1.3.8-md5-fips.patch
Unescape View File

@ -0,0 +1,467 @@
diff -Naur xl2tpd-1.3.8-orig/aaa.c xl2tpd-1.3.8/aaa.c
--- xl2tpd-1.3.8-orig/aaa.c 2016-08-11 20:56:53.000000000 -0400
+++ xl2tpd-1.3.8/aaa.c 2016-08-24 11:40:46.784683160 -0400
@@ -21,6 +21,8 @@
#include <errno.h>
#include "l2tp.h"
+#include <openssl/md5.h>
+
extern void bufferDump (char *, int);
/* FIXME: Accounting? */
@@ -273,11 +275,11 @@
#endif
memset (chal->response, 0, MD_SIG_SIZE);
- MD5Init (&chal->md5);
- MD5Update (&chal->md5, &chal->ss, 1);
- MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
- MD5Update (&chal->md5, chal->challenge, chal->chal_len);
- MD5Final (chal->response, &chal->md5);
+ MD5_Init (&chal->md5);
+ MD5_Update (&chal->md5, &chal->ss, 1);
+ MD5_Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
+ MD5_Update (&chal->md5, chal->challenge, chal->chal_len);
+ MD5_Final (chal->response, &chal->md5);
#ifdef DEBUG_AUTH
l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n",
*((int *) &chal->response[0]),
@@ -392,12 +394,12 @@
buf->len += length;
/* Back to the beginning of real data, including the original length AVP */
- MD5Init (&t->chal_them.md5);
- MD5Update (&t->chal_them.md5, (void *) &attr, 2);
- MD5Update (&t->chal_them.md5, t->chal_them.secret,
+ MD5_Init (&t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, (void *) &attr, 2);
+ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
strlen ((char *)t->chal_them.secret));
- MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
- MD5Final (digest, &t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
+ MD5_Final (digest, &t->chal_them.md5);
/* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */
ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr);
@@ -421,11 +423,11 @@
#endif
if (ptr < end)
{
- MD5Init (&t->chal_them.md5);
- MD5Update (&t->chal_them.md5, t->chal_them.secret,
+ MD5_Init (&t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
strlen ((char *)t->chal_them.secret));
- MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
- MD5Final (digest, &t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
+ MD5_Final (digest, &t->chal_them.md5);
}
previous_segment = ptr;
}
@@ -458,12 +460,12 @@
that it will be padded to a 16 byte boundary, so we
have to be more careful than when encrypting */
attr = ntohs (old_hdr->attr);
- MD5Init (&t->chal_us.md5);
- MD5Update (&t->chal_us.md5, (void *) &attr, 2);
- MD5Update (&t->chal_us.md5, t->chal_us.secret,
+ MD5_Init (&t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, (void *) &attr, 2);
+ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
strlen ((char *)t->chal_us.secret));
- MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
- MD5Final (digest, &t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
+ MD5_Final (digest, &t->chal_us.md5);
#ifdef DEBUG_HIDDEN
l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr);
print_challenge (&t->chal_us);
@@ -474,11 +476,11 @@
{
if (cnt >= MD_SIG_SIZE)
{
- MD5Init (&t->chal_us.md5);
- MD5Update (&t->chal_us.md5, t->chal_us.secret,
+ MD5_Init (&t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
strlen ((char *)t->chal_us.secret));
- MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
- MD5Final (digest, &t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
+ MD5_Final (digest, &t->chal_us.md5);
cnt = 0;
}
/* at the beginning of each segment, we save the current segment (16 octets or less) of cipher
diff -Naur xl2tpd-1.3.8-orig/aaa.h xl2tpd-1.3.8/aaa.h
--- xl2tpd-1.3.8-orig/aaa.h 2016-08-11 20:56:53.000000000 -0400
+++ xl2tpd-1.3.8/aaa.h 2016-08-24 11:41:21.032506562 -0400
@@ -15,7 +15,7 @@
#ifndef _AAA_H
#define _AAA_H
-#include "md5.h"
+#include <openssl/md5.h>
#define ADDR_HASH_SIZE 256
#define MD_SIG_SIZE 16
@@ -34,7 +34,7 @@
struct challenge
{
- struct MD5Context md5;
+ MD5_CTX md5;
unsigned char ss; /* State we're sending in */
unsigned char secret[MAXSTRLEN]; /* The shared secret */
unsigned char *challenge; /* The original challenge */
diff -Naur xl2tpd-1.3.8-orig/Makefile xl2tpd-1.3.8/Makefile
--- xl2tpd-1.3.8-orig/Makefile 2016-08-11 20:56:53.000000000 -0400
+++ xl2tpd-1.3.8/Makefile 2016-08-24 11:42:18.389210804 -0400
@@ -98,8 +98,8 @@
IPFLAGS?= -DIP_ALLOCATION
CFLAGS+= $(DFLAGS) -Os -Wall -DSANITY $(OSFLAGS) $(IPFLAGS)
-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
+HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h
+OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
SRCS=${OBJS:.o=.c} ${HDRS}
CONTROL_SRCS=xl2tpd-control.c
#LIBS= $(OSLIBS) # -lefence # efence for malloc checking
@@ -119,7 +119,7 @@
rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC)
$(EXEC): $(OBJS) $(HDRS)
- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS)
$(CONTROL_EXEC): $(CONTROL_SRCS)
$(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@
diff -Naur xl2tpd-1.3.8-orig/md5.c xl2tpd-1.3.8/md5.c
--- xl2tpd-1.3.8-orig/md5.c 2016-08-11 20:56:53.000000000 -0400
+++ xl2tpd-1.3.8/md5.c 2016-08-24 11:42:47.940058425 -0400
@@ -1,274 +0,0 @@
-#ifdef FREEBSD
-# include <machine/endian.h>
-#elif defined(OPENBSD) || defined(NETBSD)
-# define __BSD_VISIBLE 0
-# include <machine/endian.h>
-#elif defined(LINUX)
-# include <endian.h>
-#elif defined(SOLARIS)
-# include <sys/isa_defs.h>
-#endif
-#if __BYTE_ORDER == __BIG_ENDIAN
-#define HIGHFIRST 1
-#endif
-
-/*
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- */
-#include <string.h> /* for memcpy() */
-#include "md5.h"
-
-#ifndef HIGHFIRST
-#define byteReverse(buf, len) /* Nothing */
-#else
-void byteReverse (unsigned char *buf, unsigned longs);
-
-#ifndef ASM_MD5
-/*
- * Note: this code is harmless on little-endian machines.
- */
-void byteReverse (unsigned char *buf, unsigned longs)
-{
- uint32 t;
- do
- {
- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
- ((unsigned) buf[1] << 8 | buf[0]);
- *(uint32 *) buf = t;
- buf += 4;
- }
- while (--longs);
-}
-#endif
-#endif
-
-/*
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void MD5Init (struct MD5Context *ctx)
-{
- ctx->buf[0] = 0x67452301;
- ctx->buf[1] = 0xefcdab89;
- ctx->buf[2] = 0x98badcfe;
- ctx->buf[3] = 0x10325476;
-
- ctx->bits[0] = 0;
- ctx->bits[1] = 0;
-}
-
-/*
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void MD5Update (struct MD5Context *ctx, unsigned char const *buf,
- unsigned len)
-{
- uint32 t;
-
- /* Update bitcount */
-
- t = ctx->bits[0];
- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
- ctx->bits[1]++; /* Carry from low to high */
- ctx->bits[1] += len >> 29;
-
- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
-
- /* Handle any leading odd-sized chunks */
-
- if (t)
- {
- unsigned char *p = (unsigned char *) ctx->in + t;
-
- t = 64 - t;
- if (len < t)
- {
- memcpy (p, buf, len);
- return;
- }
- memcpy (p, buf, t);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- buf += t;
- len -= t;
- }
- /* Process data in 64-byte chunks */
-
- while (len >= 64)
- {
- memcpy (ctx->in, buf, 64);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
-
- memcpy (ctx->in, buf, len);
-}
-
-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void MD5Final (unsigned char digest[16], struct MD5Context *ctx)
-{
- unsigned count;
- unsigned char *p;
-
- /* Compute number of bytes mod 64 */
- count = (ctx->bits[0] >> 3) & 0x3F;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
- p = ctx->in + count;
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 64 bytes */
- count = 64 - 1 - count;
-
- /* Pad out to 56 mod 64 */
- if (count < 8)
- {
- /* Two lots of padding: Pad the first block to 64 bytes */
- memset (p, 0, count);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
-
- /* Now fill the next block with 56 bytes */
- memset (ctx->in, 0, 56);
- }
- else
- {
- /* Pad block to 56 bytes */
- memset (p, 0, count - 8);
- }
- byteReverse (ctx->in, 14);
-
- /* Append length in bits and transform */
- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits));
-
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- byteReverse ((unsigned char *) ctx->buf, 4);
- memcpy (digest, ctx->buf, 16);
- memset (ctx, 0, sizeof (*ctx)); /* In case it's sensitive */
-}
-
-#ifndef ASM_MD5
-
-/* The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-/* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f, w, x, y, z, data, s) \
- ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
-
-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-void MD5Transform (uint32 buf[4], uint32 const in[16])
-{
- register uint32 a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
- MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
- MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17);
- MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
- MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
- MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
- MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17);
- MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22);
- MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7);
- MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
- MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
- MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
- MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7);
- MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12);
- MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17);
- MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
- MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
- MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9);
- MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
- MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
- MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
- MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9);
- MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
- MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
- MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
- MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
- MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
- MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
- MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
- MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
- MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
- MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
- MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
- MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11);
- MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
- MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
- MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
- MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
- MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
- MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
- MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
- MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
- MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
- MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23);
- MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
- MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
- MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
- MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
- MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6);
- MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10);
- MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
- MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
- MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
- MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
- MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
- MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
- MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
- MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
- MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15);
- MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
- MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
- MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
- MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
- MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-#endif
diff -Naur xl2tpd-1.3.8-orig/md5.h xl2tpd-1.3.8/md5.h
--- xl2tpd-1.3.8-orig/md5.h 2016-08-11 20:56:53.000000000 -0400
+++ xl2tpd-1.3.8/md5.h 2016-08-24 11:42:51.182041708 -0400
@@ -1,29 +0,0 @@
-#ifndef MD5_H
-#define MD5_H
-
-#ifdef __alpha
-typedef unsigned int uint32;
-#else
-#include <stdint.h>
-typedef uint32_t uint32;
-#endif
-
-struct MD5Context
-{
- uint32 buf[4];
- uint32 bits[2];
- unsigned char in[64];
-};
-
-void MD5Init (struct MD5Context *context);
-void MD5Update (struct MD5Context *context, unsigned char const *buf,
- unsigned len);
-void MD5Final (unsigned char digest[16], struct MD5Context *context);
-void MD5Transform (uint32 buf[4], uint32 const in[16]);
-
-/*
- * This is needed to make RSAREF happy on some MS-DOS compilers.
- */
-typedef struct MD5Context MD5_CTX;
-
-#endif /* !MD5_H */
diff -Naur xl2tpd-1.3.8-orig/xl2tpd.c xl2tpd-1.3.8/xl2tpd.c
--- xl2tpd-1.3.8-orig/xl2tpd.c 2016-08-11 20:56:53.000000000 -0400
+++ xl2tpd-1.3.8/xl2tpd.c 2016-08-24 11:43:37.704807118 -0400
@@ -1630,7 +1630,10 @@
void usage(void) {
- printf("\nxl2tpd version: %s\n", SERVER_VERSION);
+ printf("\nxl2tpd version: %s\n"
+"This product includes software developed by the OpenSSL Project for use\n"
+"in the OpenSSL Toolkit. (http://www.openssl.org/)\n"
+, SERVER_VERSION);
printf("Usage: xl2tpd [-c <config file>] [-s <secret file>] [-p <pid file>]\n"
" [-C <control file>] [-D] [-l]\n"
" [-v, --version]\n");

59
xl2tpd-1.3.8-saref.patch
Unescape View File

@ -0,0 +1,59 @@
diff --git a/file.c b/file.c
index f61c221..a6362c0 100644
--- a/file.c
+++ b/file.c
@@ -42,6 +42,8 @@ int init_config ()
gconfig.port = UDP_LISTEN_PORT;
gconfig.sarefnum = IP_IPSEC_REFINFO; /* default use the latest we know */
+ gconfig.ipsecsaref = 0; /* default off - requires patched KLIPS kernel module */
+ gconfig.forceuserspace = 0; /* default off - allow kernel decap of data packets */
gconfig.listenaddr = htonl(INADDR_ANY); /* Default is to bind (listen) to all interfaces */
gconfig.debug_avp = 0;
gconfig.debug_network = 0;
diff --git a/network.c b/network.c
index 543d30e..c66d1e3 100644
--- a/network.c
+++ b/network.c
@@ -78,23 +78,27 @@ int init_network (void)
* For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO
* values.
*/
- arg=1;
- if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum,
- &arg, sizeof(arg)) != 0) {
- l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno));
-
- gconfig.ipsecsaref=0;
- }
-
- arg=1;
- if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) {
- l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno));
+ if (!gconfig.ipsecsaref)
+ {
+ l2tp_log (LOG_INFO, "Not looking for kernel SAref support.\n");
}
-#else
+ else
{
- l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n");
+ arg=1;
+ if(setsockopt(server_socket, IPPROTO_IP, gconfig.sarefnum, &arg, sizeof(arg)) != 0) {
+ l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", gconfig.sarefnum, strerror(errno));
+ gconfig.ipsecsaref=0;
+ }
+ else
+ {
+ arg=1;
+ if(setsockopt(server_socket, IPPROTO_IP, IP_PKTINFO, (char*)&arg, sizeof(arg)) != 0) {
+ l2tp_log(LOG_CRIT, "setsockopt IP_PKTINFO: %s\n", strerror(errno));
+ }
+ }
}
-
+#else
+ l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n");
#endif
#ifdef USE_KERNEL

16
xl2tpd.service
Unescape View File

@ -0,0 +1,16 @@
[Unit]
Description=Level 2 Tunnel Protocol Daemon (L2TP)
After=network.target
After=ipsec.service
# Some ISPs in Russia use l2tp without IPsec, so don't insist anymore
#Wants=ipsec.service
[Service]
Type=simple
PIDFile=/var/run/xl2tpd/xl2tpd.pid
ExecStartPre=/sbin/modprobe -q l2tp_ppp
ExecStart=/usr/sbin/xl2tpd -D
Restart=on-abort
[Install]
WantedBy=multi-user.target

512
xl2tpd.spec
Unescape View File

@ -0,0 +1,512 @@
%global commit 5619e1771048e74b729804e8602f409af0f3faea
Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
Name: xl2tpd
Version: 1.3.14
Release: 1%{?dist}
License: GPL+
Url: https://github.com/xelerance/xl2tpd/
# upstream isn't using proper names, we manually rename v-VERSION.tar.gz to xl2tpd-VERSION.tar.gz
Source0: https://github.com/xelerance/xl2tpd/archive/xl2tpd-%{version}.tar.gz
Source1: xl2tpd.service
Source2: tmpfiles-xl2tpd.conf
Patch1: xl2tpd-1.3.14-conf.patch
Patch2: xl2tpd-1.3.14-md5-fips.patch
Patch3: xl2tpd-1.3.14-kernelmode.patch
Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko)
# If you want to authenticate against a Microsoft PDC/Active Directory
# Requires: samba-winbind
BuildRequires: gcc
BuildRequires: libpcap-devel
BuildRequires: systemd-units
BuildRequires: openssl-devel
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# dnf resolving prefers kernel-debug-modules-extra over kernel-modules-extra
Suggests: kernel-modules-extra
%description
xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user
sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP
servers. Another important application is Virtual Private Networks where
the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec,
RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and
Mac OS X clients. On Linux, xl2tpd can be used in combination with IPsec
implementations such as Openswan.
Example configuration files for such a setup are included in this RPM.
xl2tpd works by opening a pseudo-tty for communicating with pppd.
It runs completely in userspace.
xl2tpd supports IPsec SA Reference tracking to enable overlapping internak
NAT'ed IP's by different clients (eg all clients connecting from their
linksys internal IP 192.168.1.101) as well as multiple clients behind
the same NAT router.
xl2tpd supports the pppol2tp kernel mode operations on 2.6.23 or higher,
or via a patch in contrib for 2.4.x kernels.
Xl2tpd is based on the 0.69 L2TP by Jeff McAdams <jeffm@iglou.com>
It was de-facto maintained by Jacco de Leeuw <jacco2@dds.nl> in 2002 and 2003.
%prep
%setup
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
export CFLAGS="$CFLAGS -fPIC -Wall -DTRUST_PPPD_TO_DIE"
export DFLAGS="$RPM_OPT_FLAGS -g "
export LDFLAGS="$LDFLAGS -pie -Wl,-z,relro -Wl,-z,now"
# if extra debugging is needed, use:
# %make_build DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH"
%make_build
%install
make DESTDIR=%{buildroot} PREFIX=%{_prefix} install
install -d 0755 %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/xl2tpd.service
mkdir -p %{buildroot}/%{_tmpfilesdir}
install -m 0644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/%{name}.conf
install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf
install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd
install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets
install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample
install -p -D -m755 -d %{buildroot}%{_rundir}/xl2tpd
%preun
%systemd_preun xl2tpd.service
%post
%systemd_post xl2tpd.service
%postun
%systemd_postun_with_restart xl2tpd.service
%triggerun -- xl2td < 1.3.1-3
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply xl2tpd
# to migrate them to systemd targets
/usr/bin/systemd-sysv-convert --save xl2tpd >/dev/null 2>&1 ||:
# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del xl2tpd >/dev/null 2>&1 || :
/bin/systemctl try-restart xl2tpd.service >/dev/null 2>&1 || :
%files
%doc BUGS CHANGES CREDITS README.* TODO
%license LICENSE
%doc doc/README.patents examples/chapsecrets.sample
%{_sbindir}/xl2tpd
%{_sbindir}/xl2tpd-control
%{_bindir}/pfc
%{_mandir}/*/*
%dir %{_sysconfdir}/xl2tpd
%config(noreplace) %{_sysconfdir}/xl2tpd/*
%config(noreplace) %{_sysconfdir}/ppp/*
%dir %{_rundir}/xl2tpd
%{_unitdir}/%{name}.service
%{_tmpfilesdir}/%{name}.conf
%ghost %attr(0600,root,root) %{_rundir}/xl2tpd/l2tp-control
%changelog
* Wed Sep 25 2019 Paul Wouters <pwouters@redhat.com> - 1.3.14-1
- Resolves: rhbz#1322190 Updated to 1.3.14
- Resolves: rhbz#1722121 Use proper /run directory
- Resolves: rhbz#1399648 Review Request: xl2tpd
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.8-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.8-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.8-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Apr 01 2018 Paul Wouters <pwouters@redhat.com> - 1.3.8-7
- Resolves: rhbz#1562512 kernels 4.15 and 4.16 break xl2tpd
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.8-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sun Jan 15 2017 Paul Wouters <pwouters@redhat.com> - 1.3.8-2
- Very reluctantly add a Suggests: tag to work around dnf/kernel bug
- Resolves: rhbz#1192189 Both kernel-debug-core and kernel-core are installed
* Wed Aug 24 2016 Paul Wouters <pwouters@redhat.com> - 1.3.8-1
- Upgraded to 1.3.8 and updated existing patches still required
- Fix kernel mode breaking the closing tunnels
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.6-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.6-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Mar 31 2015 Paul Wouters <pwouters@redhat.com> - 1.3.6-8
- Bump EVR
* Tue Mar 31 2015 Paul Wouters <pwouters@redhat.com> - 1.3.6-7
- Rebuild with -DTRUST_PPPD_TO_DIE so pppd will execute its down script
* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 1.3.6-6
- Rebuild for rpm bug 1131960
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 14 2014 Paul Wouters <pwouters@redhat.com> - 1.3.6-4
- Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 14 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Switch to using Requires on individual kernel modules
- Resolves rhbz#1056192
* Tue May 13 2014 Paul Wouters <pwouters@redhat.com> - 1.3.6-1
- Updated to 1.3.6 - using github-only monstrosity packaging
- Resolves: rhbz#1051785 (new upstream version available)
- Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address
- Revert: rhbz#929447 Incorrect "ipparam" manipulation
- Resolves: rhbz#1055196 Don't order service after syslog.target
- Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory
- Removed patches merged in upstream.
- FIPS patch updated with advertising clause for openssl in xl2tpd -V
(although the GPL code was already basically taken from openssl)
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Apr 01 2013 Paul Wouters <pwouters@redhat.com> - 1.3.1-13
- rhbz#929447 - Fix ipparam so ipv6-up does not fail (Michal Bruncko)
- rhbz#850372 - Introduce new systemd-rpm macros in xl2tpd spec file
- Use relro,pie for compiling
- rhbz#947209 - Use openssl's MD5 function instead of private copy
(so FIPS restrictions work)
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-10
- Updated comments in config files on how to authenticate against
a Windows PDC / Active Directory
* Tue Jul 03 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-9
- Rename non-existing openswan.service to ipsec.service (rhbz#836783)
- Start after ipsec.service, but do not require it
* Tue Jun 26 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-8
- The l2tp_ppp kernel module is now in kernel-module-extra
(rhbz#832149)
- Don't insist on openswan, some ISPS use L2TP without IPsec
- Don't call grantpt(), it's not needed and triggers SElinux
block (rhbz#834861)
* Fri Jun 15 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-7
- Moved modprobe code from daemon to initscript/systemd
(SElinux does not allow a daemon to do this, see rhbz#832149)
* Tue Jun 12 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-6
- Added patch for xl2tpd.conf to improve interop settings
(no longer need to say "no encryption" on Windows)
- Improved patch, more doc fixed (esp. "force userspace" option)
- don't use old version of if_pppol2tp.h
* Wed Apr 18 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-5
- Added support for CONFIG_PPPOL2TP by sigwall <fionov@gmail.com>
- Require current ppp because some old versions lacked pppol2tp.so plugin
* Thu Apr 05 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-4
- Fix parse error on lines > 80 chars, rhbz#806963
* Tue Feb 28 2012 Paul Wouters <pwouters@redhat.com> - 1.3.1-3
- Converted to systemd
- Added -Wunused patch to fix two minor warnings
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Oct 06 2011 Paul Wouters <paul@xelerance.com> - 1.3.1-1
- Upgraded to 1.3.1
- Use ghost for /var/run files
* Sat Jul 23 2011 Paul Wouters <paul@xelerance.com> - 1.3.0-1
- Upgraded to 1.3.0 with better NetworkManager support
- Compiled without DEBUG per default to gain more performance
- Added xl2tpd-control
* Wed Feb 23 2011 Paul Wouters <paul@xelerance.com> - 1.2.8-1
- Updated to 1.2.8
- Add ghosting for l2tp pipe (bz#656725)
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Nov 30 2010 Paul Wouters <paul@xelerance.com> - 1.2.7-2
- fix md5 of init script in sources
* Tue Nov 30 2010 Paul Wouters <paul@xelerance.com> - 1.2.7-1
- Updated to 1.2.7
- Added more DEBUG build options to the make command
- Minor cleanups
* Sat Jan 09 2010 Paul Wouters <paul@xelerance.com> - 1.2.5-2
- Bump for EVR
* Sat Jan 09 2010 Paul Wouters <paul@xelerance.com> - 1.2.5-1
- Upgraded to 1.2.5. (fixes interop with two Windows machines behind same NAT)
- Fix mix space/tab in spec file
- Added missing keyword Default-Stop
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sun Mar 08 2009 Paul Wouters <paul@xelerance.com> - 1.2.4-3
- Bump version for tagging mistake
* Sun Mar 08 2009 Paul Wouters <paul@xelerance.com> - 1.2.4-2
-Fix initscript for https://bugzilla.redhat.com/show_bug.cgi?id=247100
* Sun Mar 08 2009 Paul Wouters <paul@xelerance.com> - 1.2.4-1
- Upgraded to 1.2.4
- Merged spec file with upstream
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 1.2.0-1
- Updated to new upstream release
* Sat Sep 6 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.1.12-3
- fix license tag
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.1.12-2
- Autorebuild for GCC 4.3
* Fri Oct 26 2007 Paul Wouters <paul@xelerance.com> 1.1.12-1
- Upgraded to new release upstream
- Removed l2tpd to xl2tpd migration in post
* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 1.1.11-3
- Rebuild for selinux ppc32 issue.
* Sat Jul 28 2007 Paul Wouters <paul@xelerance.com> 1.1.11-2
- Upgraded to 1.1.11
- Include new split README.*
* Mon Mar 19 2007 Paul Wouters <paul@xelerance.com> 1.1.09-1
- Upgraded to 1.1.09
* Fri Feb 23 2007 Paul Wouters <paul@xelerance.com> 1.1.08-2
- Bump for EVR
* Fri Feb 23 2007 Paul Wouters <paul@xelerance.com> 1.1.08-1
- Upgraded to 1.1.08
- This works around the ppp-2.4.2-6.4 issue of not dying on SIGTERM
* Tue Feb 20 2007 Paul Wouters <paul@xelerance.com> 1.1.07-2
- Fixed version usage in source macro
* Tue Feb 20 2007 Paul Wouters <paul@xelerance.com> 1.1.07-1
- Upgraded to 1.1.07
- Added /var/run/xl2tpd to the spec file so this pacakge
owns /var/run/xl2tpd
* Thu Dec 7 2006 Paul Wouters <paul@xelerance.com> 1.1.06-5
- Changed space/tab replacing method
* Wed Dec 6 2006 Paul Wouters <paul@xelerance.com> 1.1.06-4
- Added -p to keep original timestamps
- Added temporary hack to change space/tab in init file.
- Added /sbin/service dependancy
* Tue Dec 5 2006 Paul Wouters <paul@xelerance.com> 1.1.06-3
- Added Requires(post) / Requires(preun)
- changed init file to create /var/run/xl2tpd fixed a tab/space
- changed control file to be within /var/run/xl2tpd/
* Tue Dec 5 2006 Paul Wouters <paul@xelerance.com> 1.1.06-2
- Changed Mr. Karlsen's name to not be a utf8 problem
- Fixed Obosoletes/Provides to be more specific wrt l2tpd.
- Added dist tag which accidentally got deleted.
* Mon Dec 4 2006 Paul Wouters <paul@xelerance.com> 1.1.06-1
- Rebased spec file on Fedora Extras copy, but using xl2tpd as package name
* Sun Nov 27 2005 Paul Wouters <paul@xelerance.com> 0.69.20051030
- Pulled up sourceforget.net CVS fixes.
- various debugging added, but debugging should not be on by default.
- async/sync conversion routines must be ready for possibility that the read
will block due to routing loops.
- refactor control socket handling.
- move all logic about pty usage to pty.c. Try ptmx first, if it fails try
legacy ptys
- rename log() to l2tp_log(), as "log" is a math function.
- if we aren't deamonized, then log to stderr.
- added install: and DESTDIR support.
* Thu Oct 20 2005 Paul Wouters <paul@xelerance.com> 0.69-13
- Removed suse/mandrake specifics. Comply for Fedora Extras guidelines
* Tue Jun 21 2005 Jacco de Leeuw <jacco2@dds.nl> 0.69-12jdl
- Added log() patch by Paul Wouters so that l2tpd compiles on FC4.
* Sat Jun 4 2005 Jacco de Leeuw <jacco2@dds.nl>
- l2tpd.org has been hijacked. Project moved back to SourceForge:
http://l2tpd.sourceforge.net
* Tue May 3 2005 Jacco de Leeuw <jacco2@dds.nl>
- Small Makefile fixes. Explicitly use gcc instead of cc.
Network services library was not linked on Solaris due to typo.
* Thu Mar 17 2005 Jacco de Leeuw <jacco2@dds.nl> 0.69-11jdl
- Choosing between SysV or BSD style ptys is now configurable through
a compile-time boolean "unix98pty".
* Fri Feb 4 2005 Jacco de Leeuw <jacco2@dds.nl>
- Added code from Roaring Penguin (rp-l2tp) to support SysV-style ptys.
Requires the N_HDLC kernel module.
* Fri Nov 26 2004 Jacco de Leeuw <jacco2@dds.nl>
- Updated the README.
* Wed Nov 10 2004 Jacco de Leeuw <jacco2@dds.nl> 0.69-10jdl
- Patch by Marald Klein and Roger Luethi. Fixes writing PID file.
(http://l2tpd.graffl.net/msg01790.html)
Long overdue. Rereleasing 10jdl.
* Tue Nov 9 2004 Jacco de Leeuw <jacco2@dds.nl> 0.69-10jdl
- [SECURITY FIX] Added fix from Debian because of a bss-based
buffer overflow.
(http://www.mail-archive.com/l2tpd-devel@l2tpd.org/msg01071.html)
- Mandrake's FreeS/WAN, Openswan and Strongswan RPMS use configuration
directories /etc/{freeswan,openswan,strongswan}. Install our
configuration files to /etc/ipsec.d and create symbolic links in
those directories.
* Wed Aug 18 2004 Jacco de Leeuw <jacco2@dds.nl>
- Removed 'leftnexthop=' lines. Not relevant for recent versions
of FreeS/WAN and derivates.
* Tue Jan 20 2004 Jacco de Leeuw <jacco2@dds.nl> 0.69-9jdl
- Added "noccp" because of too much MPPE/CCP messages sometimes.
* Wed Dec 31 2003 Jacco de Leeuw <jacco2@dds.nl>
- Added patch in order to prevent StopCCN messages.
* Sat Aug 23 2003 Jacco de Leeuw <jacco2@dds.nl>
- MTU/MRU 1410 seems to be the lowest possible for MSL2TP.
For Windows 2000/XP it doesn't seem to matter.
- Typo in l2tpd.conf (192.168.128/25).
* Fri Aug 8 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-8jdl
- Added MTU/MRU 1400 to options.l2tpd. I don't know the optimal
value but some apps had problems with the default value.
* Fri Aug 1 2003 Jacco de Leeuw <jacco2@dds.nl>
- Added workaround for the missing hostname bug in the MSL2TP client
('Specify your hostname', error 629: "You have been disconnected
from the computer you are dialing").
* Sun Jul 20 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-7jdl
- Added the "listen-addr" global parameter for l2tpd.conf. By
default, the daemon listens on *all* interfaces. Use
"listen-addr" if you want it to bind to one specific
IP address (interface), for security reasons. (See also:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Firewallwarning)
- Explained in l2tpd.conf that two different IP addresses should be
used for 'listen-addr' and 'local ip'.
- Modified init script. Upgrades should work better now. You
still need to start/chkconfig l2tpd manually.
- Renamed the example Openswan .conf files to better reflect
the situation. There are two variants using different portselectors.
Previously I thought Windows 2000/XP used portselector 17/0
and the rest used 17/1701. But with the release of an updated
IPsec client by Microsoft, it turns out that 17/0 must have
been a mistake: the updated client now also uses 17/1701.
* Thu Apr 10 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-6jdl
- Changed sample chap-secrets to be valid only for specific
IP addresses.
* Thu Mar 13 2003 Bernhard Thoni <tech-role@tronicplanet.de>
- Adjustments for SuSE8.x (thanks, Bernhard!)
- Added sample chap-secrets.
* Thu Mar 6 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-5jdl
- Replaced Dominique's patch by Damion de Soto's, which does not
depend on the N_HDLC kernel module.
* Wed Feb 26 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-4jdl
- Seperate example config files for Win9x (MSL2TP) and Win2K/XP
due to left/rightprotoport differences.
Fixing preun for Red Hat.
* Mon Feb 3 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-3jdl
- Mandrake uses /etc/freeswan/ instead of /etc/ipsec.d/
Error fixed: source6 was used for both PSK and CERT.
* Wed Jan 29 2003 Jacco de Leeuw <jacco2@dds.nl> 0.69-3jdl
- Added Dominique Cressatti's pty patch in another attempt to
prevent the Windows 2000 Professional "loopback detected" error.
Seems to work!
* Wed Dec 25 2002 Jacco de Leeuw <jacco2@dds.nl> 0.69-2jdl
- Added 'connect-delay' to PPP parameters in an attempt to
prevent the Windows 2000 Professional "loopback detected" error.
Didn't seem to work.
* Fri Dec 13 2002 Jacco de Leeuw <jacco2@dds.nl> 0.69-1jdl
- Did not build on Red Hat 8.0. Solved by adding comments(?!).
Bug detected in spec file: chkconfig --list l2tpd does not work
on Red Hat 8.0. Not important enough to look into yet.
* Sun Nov 17 2002 Jacco de Leeuw <jacco2@dds.nl> 0.69-1jdl
- Tested on Red Hat, required some changes. No gprintf. Used different
pty patch, otherwise wouldn't run. Added buildroot sanity check.
* Sun Nov 10 2002 Jacco de Leeuw <jacco2@dds.nl>
- Specfile adapted from Mandrake Cooker. The original RPM can be
retrieved through:
http://www.rpmfind.net/linux/rpm2html/search.php?query=l2tpd
- Config path changed from /etc/l2tp/ to /etc/l2tpd/
(Seems more logical and rp-l2tp already uses /etc/l2tp/).
- Do not run at boot or install. The original RPM uses a config file
which is completely commented out, but it still starts l2tpd on all
interfaces. Could be a security risk. This RPM does not start l2tpd,
the sysadmin has to edit the config file and start l2tpd explicitly.
- Renamed patches to start with l2tpd-
- Added dependencies for pppd, glibc-devel.
- Use %%{name} as much as possible.
- l2tp-secrets contains passwords, thus should not be world readable.
- Removed dependency on rpm-helper.
* Mon Oct 21 2002 Lenny Cartier <lenny@mandrakesoft.com> 0.69-3mdk
- from Per 0yvind Karlsen <peroyvind@delonic.no> :
- PreReq and Requires
- Fix preun_service
* Thu Oct 17 2002 Per 0yvind Karlsen <peroyvind@delonic.no> 0.69-2mdk
- Move l2tpd from /usr/bin to /usr/sbin
- Added SysV initscript
- Patch0
- Patch1
* Thu Oct 17 2002 Per 0yvind Karlsen <peroyvind@delonic.no> 0.69-1mdk
- Initial release
Write Preview
Loading…
Cancel
Save