[xl2tpd] * Tue May 13 2014 Paul Wouters <pwouters at redhat.com> - 1.3.6-1 - Updated to 1.3.6 - using github-onl
Paul Wouters
pwouters at fedoraproject.org
Tue May 13 01:59:53 UTC 2014
commit 38e97b03eac9ba54dd4610652e455436fb01a064
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon May 12 21:59:33 2014 -0400
* Tue May 13 2014 Paul Wouters <pwouters at redhat.com> - 1.3.6-1
- Updated to 1.3.6 - using github-only monstrosity packaging
- Resolves: rhbz#1051785 (new upstream version available)
- Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address
- Revert: rhbz#929447 Incorrect "ipparam" manipulation
- Resolves: rhbz#1055196 Don't order service after syslog.target
- Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory
- Removed patches merged in upstream.
- FIPS patch updated with advertising clause for openssl in xl2tpd -V
(although the GPL code was already basically taken from openssl)
.gitignore | 1 +
sources | 2 +-
xl2tpd-1.3.0-kernelmode.patch | 436 --------------------
xl2tpd-1.3.1-Makefile | 21 -
xl2tpd-1.3.1-Wunused.patch | 41 --
xl2tpd-1.3.1-conf.patch | 94 -----
xl2tpd-1.3.1-ipparam-to-remotenumber.patch | 29 --
xl2tpd-1.3.1-kernelmode.patch | 362 ----------------
xl2tpd-1.3.1-pty.patch | 19 -
xl2tpd-1.3.6-conf.patch | 40 ++
...1-md5-fips.patch => xl2tpd-1.3.6-md5-fips.patch | 59 ++-
xl2tpd-bz80693.patch | 22 -
xl2tpd.init | 101 -----
xl2tpd.service | 2 +-
xl2tpd.spec | 61 ++--
15 files changed, 105 insertions(+), 1185 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b276d35..cc9fdd7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ xl2tpd-1.2.7.tar.gz
xl2tpd-1.2.8.tar.gz
xl2tpd-1.3.0.tar.gz
xl2tpd-1.3.1.tar.gz
+/xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz
diff --git a/sources b/sources
index 568bb82..cbe85ac 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-cf61576fef5c2d6c68279a408ec1f0d5 xl2tpd-1.3.1.tar.gz
+e08e34510a97e126b324f3407c71806c xl2tpd-5619e1771048e74b729804e8602f409af0f3faea.tar.gz
diff --git a/xl2tpd-1.3.6-conf.patch b/xl2tpd-1.3.6-conf.patch
new file mode 100644
index 0000000..1976244
--- /dev/null
+++ b/xl2tpd-1.3.6-conf.patch
@@ -0,0 +1,40 @@
+diff -Naur xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.6/examples/ppp-options.xl2tpd
+--- xl2tpd-1.3.6-orig/examples/ppp-options.xl2tpd 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-1.3.6/examples/ppp-options.xl2tpd 2014-05-12 14:46:24.358653357 -0400
+@@ -1,9 +1,10 @@
+ ipcp-accept-local
+ ipcp-accept-remote
+-ms-dns 192.168.1.1
+-ms-dns 192.168.1.3
+-ms-wins 192.168.1.2
+-ms-wins 192.168.1.4
++ms-dns 8.8.8.8
++# ms-dns 192.168.1.1
++# ms-dns 192.168.1.3
++# ms-wins 192.168.1.2
++# ms-wins 192.168.1.4
+ noccp
+ auth
+ crtscts
+@@ -15,3 +16,11 @@
+ lock
+ proxyarp
+ connect-delay 5000
++# To allow authentication against a Windows domain EXAMPLE, and require the
++# user to be in a group "VPN Users". Requires the samba-winbind package
++# require-mschap-v2
++# plugin winbind.so
++# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
++# You need to join the domain on the server, for example using samba:
++# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
++
+diff -Naur xl2tpd-1.3.6-orig/examples/README xl2tpd-1.3.6/examples/README
+--- xl2tpd-1.3.6-orig/examples/README 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-1.3.6/examples/README 2014-05-12 14:46:59.168476547 -0400
+@@ -1,4 +1,4 @@
+ These are example files for use with xl2tpd.
+
+-Openswan carries config examples for use with l2tp-over-ipsec.
+-See http://www.openswan.org/
++xl2tpd is often used in combination with libreswan to offer L2TP/IPsec
++See https://libreswan.org/
diff --git a/xl2tpd-1.3.1-md5-fips.patch b/xl2tpd-1.3.6-md5-fips.patch
similarity index 89%
rename from xl2tpd-1.3.1-md5-fips.patch
rename to xl2tpd-1.3.6-md5-fips.patch
index 6ad39ec..3ee8cc9 100644
--- a/xl2tpd-1.3.1-md5-fips.patch
+++ b/xl2tpd-1.3.6-md5-fips.patch
@@ -1,6 +1,6 @@
-diff -Naur xl2tpd-1.3.1/aaa.c xl2tpd-1.3.1-fips/aaa.c
---- xl2tpd-1.3.1/aaa.c 2011-10-06 15:22:05.000000000 -0400
-+++ xl2tpd-1.3.1-fips/aaa.c 2013-04-01 16:36:40.929098507 -0400
+diff -Naur xl2tpd-1.3.6-orig/aaa.c xl2tpd-1.3.6/aaa.c
+--- xl2tpd-1.3.6-orig/aaa.c 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-1.3.6/aaa.c 2014-05-12 15:01:05.936492449 -0400
@@ -21,6 +21,8 @@
#include <errno.h>
#include "l2tp.h"
@@ -95,9 +95,9 @@ diff -Naur xl2tpd-1.3.1/aaa.c xl2tpd-1.3.1-fips/aaa.c
cnt = 0;
}
/* at the beginning of each segment, we save the current segment (16 octets or less) of cipher
-diff -Naur xl2tpd-1.3.1/aaa.h xl2tpd-1.3.1-fips/aaa.h
---- xl2tpd-1.3.1/aaa.h 2011-10-06 15:22:05.000000000 -0400
-+++ xl2tpd-1.3.1-fips/aaa.h 2013-04-01 16:46:39.532823130 -0400
+diff -Naur xl2tpd-1.3.6-orig/aaa.h xl2tpd-1.3.6/aaa.h
+--- xl2tpd-1.3.6-orig/aaa.h 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-1.3.6/aaa.h 2014-05-12 15:02:39.262697808 -0400
@@ -15,7 +15,7 @@
#ifndef _AAA_H
@@ -107,27 +107,26 @@ diff -Naur xl2tpd-1.3.1/aaa.h xl2tpd-1.3.1-fips/aaa.h
#define ADDR_HASH_SIZE 256
#define MD_SIG_SIZE 16
-@@ -34,7 +43,8 @@
+@@ -34,7 +34,7 @@
struct challenge
{
- struct MD5Context md5;
-+ /* struct MD5Context md5; */
+ MD5_CTX md5;
unsigned char ss; /* State we're sending in */
unsigned char secret[MAXSTRLEN]; /* The shared secret */
unsigned char *challenge; /* The original challenge */
-diff -Naur xl2tpd-1.3.1/Makefile xl2tpd-1.3.1-fips/Makefile
---- xl2tpd-1.3.1/Makefile 2013-04-01 16:40:44.576870296 -0400
-+++ xl2tpd-1.3.1-fips/Makefile 2013-04-01 16:48:30.405039381 -0400
-@@ -91,8 +91,8 @@
+diff -Naur xl2tpd-1.3.6-orig/Makefile xl2tpd-1.3.6/Makefile
+--- xl2tpd-1.3.6-orig/Makefile 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-1.3.6/Makefile 2014-05-12 15:03:43.832223559 -0400
+@@ -92,8 +92,8 @@
IPFLAGS?= -DIP_ALLOCATION
CFLAGS+= $(DFLAGS) -O2 -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS)
-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
+HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h
-+OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
++OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
SRCS=${OBJS:.o=.c} ${HDRS}
CONTROL_SRCS=xl2tpd-control.c
#LIBS= $(OSLIBS) # -lefence # efence for malloc checking
@@ -139,11 +138,11 @@ diff -Naur xl2tpd-1.3.1/Makefile xl2tpd-1.3.1-fips/Makefile
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS)
$(CONTROL_EXEC): $(CONTROL_SRCS)
- $(CC) $(CFLAGS) -c $(CONTROL_SRCS)
-diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c
---- xl2tpd-1.3.1/md5.c 2011-10-06 15:22:05.000000000 -0400
-+++ xl2tpd-1.3.1-fips/md5.c 1969-12-31 19:00:00.000000000 -0500
-@@ -1,275 +0,0 @@
+ $(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@
+diff -Naur xl2tpd-1.3.6-orig/md5.c xl2tpd-1.3.6/md5.c
+--- xl2tpd-1.3.6-orig/md5.c 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-1.3.6/md5.c 1969-12-31 19:00:00.000000000 -0500
+@@ -1,274 +0,0 @@
-#ifdef FREEBSD
-# include <machine/endian.h>
-#elif defined(OPENBSD)
@@ -307,8 +306,7 @@ diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c
- byteReverse (ctx->in, 14);
-
- /* Append length in bits and transform */
-- ((uint32 *) ctx->in)[14] = ctx->bits[0];
-- ((uint32 *) ctx->in)[15] = ctx->bits[1];
+- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits));
-
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- byteReverse ((unsigned char *) ctx->buf, 4);
@@ -419,9 +417,9 @@ diff -Naur xl2tpd-1.3.1/md5.c xl2tpd-1.3.1-fips/md5.c
-}
-
-#endif
-diff -Naur xl2tpd-1.3.1/md5.h xl2tpd-1.3.1-fips/md5.h
---- xl2tpd-1.3.1/md5.h 2011-10-06 15:22:05.000000000 -0400
-+++ xl2tpd-1.3.1-fips/md5.h 1969-12-31 19:00:00.000000000 -0500
+diff -Naur xl2tpd-1.3.6-orig/md5.h xl2tpd-1.3.6/md5.h
+--- xl2tpd-1.3.6-orig/md5.h 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-1.3.6/md5.h 1969-12-31 19:00:00.000000000 -0500
@@ -1,28 +0,0 @@
-#ifndef MD5_H
-#define MD5_H
@@ -451,3 +449,18 @@ diff -Naur xl2tpd-1.3.1/md5.h xl2tpd-1.3.1-fips/md5.h
-typedef struct MD5Context MD5_CTX;
-
-#endif /* !MD5_H */
+diff -Naur xl2tpd-1.3.6-orig/xl2tpd.c xl2tpd-1.3.6/xl2tpd.c
+--- xl2tpd-1.3.6-orig/xl2tpd.c 2014-01-15 15:58:37.000000000 -0500
++++ xl2tpd-1.3.6/xl2tpd.c 2014-05-12 14:58:58.903490392 -0400
+@@ -1310,7 +1310,10 @@
+
+
+ void usage(void) {
+- printf("\nxl2tpd version: %s\n", SERVER_VERSION);
++ printf("\nxl2tpd version: %s\n"
++"This product includes software developed by the OpenSSL Project for use\n"
++"in the OpenSSL Toolkit. (http://www.openssl.org/)\n"
++, SERVER_VERSION);
+ printf("Usage: xl2tpd [-c <config file>] [-s <secret file>] [-p <pid file>]\n"
+ " [-C <control file>] [-D]\n"
+ " [-v, --version]\n");
diff --git a/xl2tpd.service b/xl2tpd.service
index 38b9abb..082b4ff 100644
--- a/xl2tpd.service
+++ b/xl2tpd.service
@@ -1,6 +1,6 @@
[Unit]
Description=Level 2 Tunnel Protocol Daemon (L2TP)
-After=syslog.target network.target
+After=network.target
After=ipsec.service
# Some ISPs in Russia use l2tp without IPsec, so don't insist anymore
#Wants=ipsec.service
diff --git a/xl2tpd.spec b/xl2tpd.spec
index 8da2e63..54a9a20 100644
--- a/xl2tpd.spec
+++ b/xl2tpd.spec
@@ -1,27 +1,17 @@
-# upstream is switching to github, but has not released a new tar ball there yet
-%global commit 3be48f8b7fc0e8de8cef7675a9861484b8b68c52
-%global shortcommit %(c=%{commit}; echo ${c:0:7})
+%global commit 5619e1771048e74b729804e8602f409af0f3faea
Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
Name: xl2tpd
-Version: 1.3.1
-Release: 14%{?dist}
+Version: 1.3.6
+Release: 1%{?dist}
License: GPL+
-Url: https://github.com/xelerance/xl2tpd
+Url: https://github.com/xelerance/%{name}/
Group: System Environment/Daemons
-Source0: http://www.xelerance.com/software/xl2tpd/xl2tpd-%{version}.tar.gz
-#Source0: https://github.com/xelerance/%{name}/archive/v%{version}.tar.gz
-#Source0: https://github.com/xelerance/%{name}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz
+Source0: https://github.com/xelerance/%{name}/archive/%{commit}/%{name}-%{commit}.tar.gz
Source1: xl2tpd.service
Source2: tmpfiles-xl2tpd.conf
-Patch1: xl2tpd-1.3.1-Wunused.patch
-Patch2: xl2tpd-bz80693.patch
-Patch3: xl2tpd-1.3.1-kernelmode.patch
-Patch4: xl2tpd-1.3.1-conf.patch
-Patch5: xl2tpd-1.3.1-pty.patch
-Patch6: xl2tpd-1.3.1-ipparam-to-remotenumber.patch
-Patch7: xl2tpd-1.3.1-Makefile
-Patch8: xl2tpd-1.3.1-md5-fips.patch
+Patch1: xl2tpd-1.3.6-conf.patch
+Patch2: xl2tpd-1.3.6-md5-fips.patch
Requires: ppp >= 2.4.5-18, kernel-modules-extra
# If you want to authenticate against a Microsoft PDC/Active Directory
@@ -59,19 +49,9 @@ Xl2tpd is based on the 0.69 L2TP by Jeff McAdams <jeffm at iglou.com>
It was de-facto maintained by Jacco de Leeuw <jacco2 at dds.nl> in 2002 and 2003.
%prep
-# for git version
-#% setup -qn %{name}-%{commit}
-%setup -q
+%setup -qn %{name}-%{commit}
%patch1 -p1
%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-
-rm linux/include/linux/if_pppol2tp.h
%build
#make DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH"
@@ -86,9 +66,8 @@ rm -rf %{buildroot}
make DESTDIR=%{buildroot} PREFIX=%{_prefix} install
install -d 0755 %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/xl2tpd.service
-mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
-install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf
-
+mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d/
+install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf
install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd
@@ -98,6 +77,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
%preun
%systemd_preun xl2tpd.service
+
%post
%systemd_post xl2tpd.service
@@ -125,10 +105,21 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
%config(noreplace) %{_sysconfdir}/ppp/*
%dir %{_localstatedir}/run/xl2tpd
%{_unitdir}/%{name}.service
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
+%{_prefix}/lib/tmpfiles.d/%{name}.conf
%ghost %attr(0600,root,root) %{_localstatedir}/run/xl2tpd/l2tp-control
%changelog
+* Tue May 13 2014 Paul Wouters <pwouters at redhat.com> - 1.3.6-1
+- Updated to 1.3.6 - using github-only monstrosity packaging
+- Resolves: rhbz#1051785 (new upstream version available)
+- Resolves: rhbz#868391 xl2tpd sends response packets from wrong IP address
+- Revert: rhbz#929447 Incorrect "ipparam" manipulation
+- Resolves: rhbz#1055196 Don't order service after syslog.target
+- Resolves: rhbz#984332 xl2tpd tmpfiles configuration file in wrong directory
+- Removed patches merged in upstream.
+- FIPS patch updated with advertising clause for openssl in xl2tpd -V
+ (although the GPL code was already basically taken from openssl)
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
@@ -339,7 +330,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
configuration files to /etc/ipsec.d and create symbolic links in
those directories.
-* Tue Aug 18 2004 Jacco de Leeuw <jacco2 at dds.nl>
+* Wed Aug 18 2004 Jacco de Leeuw <jacco2 at dds.nl>
- Removed 'leftnexthop=' lines. Not relevant for recent versions
of FreeS/WAN and derivates.
@@ -363,7 +354,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
('Specify your hostname', error 629: "You have been disconnected
from the computer you are dialing").
-* Thu Jul 20 2003 Jacco de Leeuw <jacco2 at dds.nl> 0.69-7jdl
+* Sun Jul 20 2003 Jacco de Leeuw <jacco2 at dds.nl> 0.69-7jdl
- Added the "listen-addr" global parameter for l2tpd.conf. By
default, the daemon listens on *all* interfaces. Use
"listen-addr" if you want it to bind to one specific
@@ -380,7 +371,7 @@ install -p -D -m755 -d %{buildroot}%{_localstatedir}/run/xl2tpd
IPsec client by Microsoft, it turns out that 17/0 must have
been a mistake: the updated client now also uses 17/1701.
-* Mon Apr 10 2003 Jacco de Leeuw <jacco2 at dds.nl> 0.69-6jdl
+* Thu Apr 10 2003 Jacco de Leeuw <jacco2 at dds.nl> 0.69-6jdl
- Changed sample chap-secrets to be valid only for specific
IP addresses.
More information about the scm-commits
mailing list