[packages/vtun] - updated to 3.0.4 - vtun-sslauth.patch adjusted to 3.0.4 - fix build against openssl-1.1 (vtun-open

adamg adamg at pld-linux.org
Sun Sep 30 12:25:21 CEST 2018


commit b060841523310fabd9a5ca2c3373cec414f37edb
Author: Adam Gołębiowski <adamg at pld-linux.org>
Date:   Sun Sep 30 12:24:12 2018 +0200

    - updated to 3.0.4
    - vtun-sslauth.patch adjusted to 3.0.4
    - fix build against openssl-1.1 (vtun-openssl-1.1.patch)
    - dont inline clear_nat_hack_flags (vtun-dont-inline.patch)

 vtun-dont-inline.patch |  21 +++++
 vtun-openssl-1.1.patch | 217 +++++++++++++++++++++++++++++++++++++++++++++++++
 vtun-sslauth.patch     | 101 +++++++++++++++--------
 vtun.spec              |  10 ++-
 4 files changed, 313 insertions(+), 36 deletions(-)
---
diff --git a/vtun.spec b/vtun.spec
index 79eaf52..8e41635 100644
--- a/vtun.spec
+++ b/vtun.spec
@@ -5,13 +5,13 @@
 Summary:	Virtual tunnel over TCP/IP networks
 Summary(pl.UTF-8):	Wirtualne tunele poprzez sieci TCP/IP
 Name:		vtun
-Version:	3.0.3
-Release:	2
+Version:	3.0.4
+Release:	1
 Epoch:		2
 License:	GPL v2+
 Group:		Networking/Daemons
 Source0:	http://download.sourceforge.net/vtun/%{name}-%{version}.tar.gz
-# Source0-md5:	f3becf2a0270910a841060c08d1db824
+# Source0-md5:	f952c5895ae8f40235aaad9a8f41a4bd
 Source1:	%{name}.init
 Source2:	%{name}.sysconfig
 Source3:	%{name}.service
@@ -19,6 +19,8 @@ Source4:	%{name}.sh
 Patch1:		%{name}-autoheader.patch
 Patch2:		%{name}-sslauth.patch
 Patch3:		%{name}-linking.patch
+Patch4:		%{name}-openssl-1.1.patch
+Patch5:		%{name}-dont-inline.patch
 URL:		http://vtun.sourceforge.net/
 BuildRequires:	autoconf
 BuildRequires:	automake
@@ -60,6 +62,8 @@ user space, więc nie wymaga dodatkowego wsparcia w jądrze.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 %build
 cp -f /usr/share/automake/config.* .
diff --git a/vtun-dont-inline.patch b/vtun-dont-inline.patch
new file mode 100644
index 0000000..19b8ca6
--- /dev/null
+++ b/vtun-dont-inline.patch
@@ -0,0 +1,21 @@
+--- vtun-3.0.4.orig/cfg_file.y	2016-10-01 23:27:51.000000000 +0200
++++ vtun-3.0.4/cfg_file.y	2018-09-30 12:21:17.880947142 +0200
+@@ -610,7 +617,7 @@
+ }
+ 
+ /* Clear the VTUN_NAT_HACK flag which are not relevant to the current operation mode */
+-inline void clear_nat_hack_flags(int svr)
++void clear_nat_hack_flags(int svr)
+ {
+ 	if (svr)
+ 		llist_trav(&host_list,clear_nat_hack_server,NULL);
+--- vtun-3.0.4.orig/vtun.h	2016-10-01 23:27:51.000000000 +0200
++++ vtun-3.0.4/vtun.h	2018-09-30 12:21:29.038196844 +0200
+@@ -232,6 +236,6 @@
+ int  tunnel(struct vtun_host *host);
+ int  read_config(char *file);
+ struct vtun_host * find_host(char *host);
+-inline void clear_nat_hack_flags(int svr);
++void clear_nat_hack_flags(int svr);
+ 
+ #endif
diff --git a/vtun-openssl-1.1.patch b/vtun-openssl-1.1.patch
new file mode 100644
index 0000000..74dd57c
--- /dev/null
+++ b/vtun-openssl-1.1.patch
@@ -0,0 +1,217 @@
+--- vtun-3.0.4.orig/lfd_encrypt.c	2016-10-01 23:27:51.000000000 +0200
++++ vtun-3.0.4/lfd_encrypt.c	2018-09-30 12:17:00.134149092 +0200
+@@ -95,11 +95,11 @@
+ static char * pkey;
+ static char * iv_buf;
+ 
+-static EVP_CIPHER_CTX ctx_enc;	/* encrypt */
+-static EVP_CIPHER_CTX ctx_dec;	/* decrypt */
++static EVP_CIPHER_CTX *ctx_enc;	/* encrypt */
++static EVP_CIPHER_CTX *ctx_dec;	/* decrypt */
+ 
+-static EVP_CIPHER_CTX ctx_enc_ecb;	/* sideband ecb encrypt */
+-static EVP_CIPHER_CTX ctx_dec_ecb;	/* sideband ecb decrypt */
++static EVP_CIPHER_CTX *ctx_enc_ecb;	/* sideband ecb encrypt */
++static EVP_CIPHER_CTX *ctx_dec_ecb;	/* sideband ecb decrypt */
+ 
+ static int send_msg(int len, char *in, char **out);
+ static int recv_msg(int len, char *in, char **out);
+@@ -182,15 +182,15 @@
+          keysize = 32;
+          sb_init = 1;
+          cipher_type = EVP_aes_256_ecb();
+-         pctx_enc = &ctx_enc_ecb;
+-         pctx_dec = &ctx_dec_ecb;
++         pctx_enc = ctx_enc_ecb;
++         pctx_dec = ctx_dec_ecb;
+       break;
+       
+       case VTUN_ENC_AES256ECB:
+          blocksize = 16;
+          keysize = 32;
+-         pctx_enc = &ctx_enc;
+-         pctx_dec = &ctx_dec;
++         pctx_enc = ctx_enc;
++         pctx_dec = ctx_dec;
+          cipher_type = EVP_aes_256_ecb();
+          strcpy(cipher_name,"AES-256-ECB");
+       break;      
+@@ -201,14 +201,14 @@
+          keysize = 16;
+          sb_init=1;
+          cipher_type = EVP_aes_128_ecb();
+-         pctx_enc = &ctx_enc_ecb;
+-         pctx_dec = &ctx_dec_ecb;
++         pctx_enc = ctx_enc_ecb;
++         pctx_dec = ctx_dec_ecb;
+       break;
+       case VTUN_ENC_AES128ECB:
+          blocksize = 16;
+          keysize = 16;
+-         pctx_enc = &ctx_enc;
+-         pctx_dec = &ctx_dec;
++         pctx_enc = ctx_enc;
++         pctx_dec = ctx_dec;
+          cipher_type = EVP_aes_128_ecb();
+          strcpy(cipher_name,"AES-128-ECB");
+       break;
+@@ -221,16 +221,16 @@
+          var_key = 1;
+          sb_init = 1;
+          cipher_type = EVP_bf_ecb();
+-         pctx_enc = &ctx_enc_ecb;
+-         pctx_dec = &ctx_dec_ecb;
++         pctx_enc = ctx_enc_ecb;
++         pctx_dec = ctx_dec_ecb;
+       break;
+ 
+       case VTUN_ENC_BF256ECB:
+          blocksize = 8;
+          keysize = 32;
+          var_key = 1;
+-         pctx_enc = &ctx_enc;
+-         pctx_dec = &ctx_dec;
++         pctx_enc = ctx_enc;
++         pctx_dec = ctx_dec;
+          cipher_type = EVP_bf_ecb();
+          strcpy(cipher_name,"Blowfish-256-ECB");
+       break;
+@@ -243,16 +243,16 @@
+          var_key = 1;
+          sb_init = 1;
+          cipher_type = EVP_bf_ecb();
+-         pctx_enc = &ctx_enc_ecb;
+-         pctx_dec = &ctx_dec_ecb;
++         pctx_enc = ctx_enc_ecb;
++         pctx_dec = ctx_dec_ecb;
+       break;
+       case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */
+       default:
+          blocksize = 8;
+          keysize = 16;
+          var_key = 1;
+-         pctx_enc = &ctx_enc;
+-         pctx_dec = &ctx_dec;
++         pctx_enc = ctx_enc;
++         pctx_dec = ctx_dec;
+          cipher_type = EVP_bf_ecb();
+          strcpy(cipher_name,"Blowfish-128-ECB");
+       break;
+@@ -294,10 +294,10 @@
+    lfd_free(enc_buf); enc_buf = NULL;
+    lfd_free(dec_buf); dec_buf = NULL;
+ 
+-   EVP_CIPHER_CTX_cleanup(&ctx_enc);
+-   EVP_CIPHER_CTX_cleanup(&ctx_dec);
+-   EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb);
+-   EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb);
++   EVP_CIPHER_CTX_free(ctx_enc);
++   EVP_CIPHER_CTX_free(ctx_dec);
++   EVP_CIPHER_CTX_free(ctx_enc_ecb);
++   EVP_CIPHER_CTX_free(ctx_dec_ecb);
+ 
+    return 0;
+ }
+@@ -323,7 +323,7 @@
+    outlen=len+pad;
+    if (pad == blocksize)
+       RAND_bytes(in_ptr+len, blocksize-1);
+-   EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
++   EVP_EncryptUpdate(ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
+    *out = enc_buf;
+ 
+    sequence_num++;
+@@ -343,7 +343,7 @@
+ 
+    outlen=len;
+    if (!len) return 0;
+-   EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len);
++   EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len);
+    recv_ib_mesg(&outlen, &out_ptr);
+    if (!outlen) return 0;
+    tmp_ptr = out_ptr + outlen; tmp_ptr--;
+@@ -431,13 +431,13 @@
+       break;
+    } /* switch(cipher) */
+ 
+-   EVP_CIPHER_CTX_init(&ctx_enc);
+-   EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL);
++   EVP_CIPHER_CTX_init(ctx_enc);
++   EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL);
+    if (var_key)
+-      EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize);
+-   EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL);
+-   EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv);
+-   EVP_CIPHER_CTX_set_padding(&ctx_enc, 0);
++      EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize);
++   EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL);
++   EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv);
++   EVP_CIPHER_CTX_set_padding(ctx_enc, 0);
+    if (enc_init_first_time)
+    {
+       sprintf(tmpstr,"%s encryption initialized", cipher_name);
+@@ -521,13 +521,13 @@
+       break;
+    } /* switch(cipher) */
+ 
+-   EVP_CIPHER_CTX_init(&ctx_dec);
+-   EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL);
++   EVP_CIPHER_CTX_init(ctx_dec);
++   EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL);
+    if (var_key)
+-      EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize);
+-   EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL);
+-   EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv);
+-   EVP_CIPHER_CTX_set_padding(&ctx_dec, 0);
++      EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize);
++   EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL);
++   EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv);
++   EVP_CIPHER_CTX_set_padding(ctx_dec, 0);
+    if (dec_init_first_time)
+    {
+       sprintf(tmpstr,"%s decryption initialized", cipher_name);
+@@ -559,7 +559,7 @@
+ 
+          in_ptr = in - blocksize*2;
+          outlen = blocksize*2;
+-         EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr, 
++         EVP_EncryptUpdate(ctx_enc_ecb, in_ptr, 
+             &outlen, in_ptr, blocksize*2);
+          *out = in_ptr;
+          len = outlen;
+@@ -586,7 +586,7 @@
+          in_ptr = in;
+          iv = malloc(blocksize);
+          outlen = blocksize*2;
+-         EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
++         EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
+          
+          if ( !strncmp(in_ptr, "ivec", 4) )
+          {
+@@ -629,7 +629,7 @@
+                if (cipher_enc_state != CIPHER_INIT)
+                {
+                   cipher_enc_state = CIPHER_INIT;
+-                  EVP_CIPHER_CTX_cleanup(&ctx_enc);
++                  EVP_CIPHER_CTX_cleanup(ctx_enc);
+ #ifdef LFD_ENCRYPT_DEBUG
+                   vtun_syslog(LOG_INFO, 
+                      "Forcing local encryptor re-init");
+@@ -710,7 +710,7 @@
+          if (cipher_enc_state != CIPHER_INIT)
+          {
+             cipher_enc_state = CIPHER_INIT;
+-            EVP_CIPHER_CTX_cleanup(&ctx_enc);
++            EVP_CIPHER_CTX_cleanup(ctx_enc);
+          }
+ #ifdef LFD_ENCRYPT_DEBUG
+          vtun_syslog(LOG_INFO, "Remote requests encryptor re-init");
+@@ -724,7 +724,7 @@
+              cipher_enc_state != CIPHER_REQ_INIT &&
+              cipher_enc_state != CIPHER_INIT)
+          {
+-            EVP_CIPHER_CTX_cleanup (&ctx_dec);
++            EVP_CIPHER_CTX_cleanup (ctx_dec);
+             cipher_dec_state = CIPHER_INIT;
+             cipher_enc_state = CIPHER_REQ_INIT;
+          }
diff --git a/vtun-sslauth.patch b/vtun-sslauth.patch
index f700a05..0d5e2a2 100644
--- a/vtun-sslauth.patch
+++ b/vtun-sslauth.patch
@@ -1,6 +1,6 @@
-diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
---- vtun-3.0.2-orig/auth.c	2008-01-07 22:35:18.000000000 +0000
-+++ vtun-3.0.2/auth.c	2008-09-01 14:20:13.000000000 +0000
+diff -burN vtun-3.0.4.orig/auth.c vtun-3.0.4/auth.c
+--- vtun-3.0.4.orig/auth.c	2016-10-01 23:29:28.000000000 +0200
++++ vtun-3.0.4/auth.c	2018-09-30 12:02:45.799673157 +0200
 @@ -23,6 +23,10 @@
  /*
   * Challenge based authentication. 
@@ -23,6 +23,7 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
  #include <openssl/blowfish.h>
  #include <openssl/rand.h>
  
+-static void gen_chal(char *buf)
 +#endif /* HAVE_SSL */
 +
 +/* Okay, start the "blue-wire" non-ssl auth patch stuff */
@@ -45,12 +46,12 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
 +/* Encryption and Decryption of the challenge-key */
 +#ifdef HAVE_SSL
 +
- void gen_chal(char *buf)
++void gen_chal(char *buf)
  {
     RAND_bytes(buf, VTUN_CHAL_SIZE);
  }
  
--void encrypt_chal(char *chal, char *pwd)
+-static void encrypt_chal(char *chal, char *pwd)
 +void ssl_encrypt_chal(char *chal, char *pwd)
  { 
     register int i;
@@ -63,7 +64,7 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
        BF_ecb_encrypt(chal + i,  chal + i, &key, BF_ENCRYPT);
  }
  
--void decrypt_chal(char *chal, char *pwd)
+-static void decrypt_chal(char *chal, char *pwd)
 +void ssl_decrypt_chal(char *chal, char *pwd)
  { 
     register int i;
@@ -77,26 +78,13 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
  
  #else /* HAVE_SSL */
  
--void encrypt_chal(char *chal, char *pwd)
--{ 
+-static void encrypt_chal(char *chal, char *pwd)
++/* Generate PSEUDO random challenge key. */
++void gen_chal(char *buf)
+ { 
 -   char * xor_msk = pwd;
 -   register int i, xor_len = strlen(xor_msk);
--
--   for(i=0; i < VTUN_CHAL_SIZE; i++)
--      chal[i] ^= xor_msk[i%xor_len];
--}
--
--void inline decrypt_chal(char *chal, char *pwd)
--{ 
--   encrypt_chal(chal, pwd);
--}
--
- /* Generate PSEUDO random challenge key. */
- void gen_chal(char *buf)
- {
-    register int i;
-- 
--   srand(time(NULL));
++   register int i;
 +   unsigned int seed;
 +   char *pseed;
 +   int fd,cnt,len;
@@ -115,25 +103,72 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
 +   srand(seed);
  
     for(i=0; i < VTUN_CHAL_SIZE; i++)
-       buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
+-      chal[i] ^= xor_msk[i%xor_len];
++      buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
  }
-+
+ 
+-static void inline decrypt_chal(char *chal, char *pwd)
 +void ssl_encrypt_chal(char *chal, char *pwd)
-+{
+ { 
+-   encrypt_chal(chal, pwd);
 +	syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'");
 +	nonssl_encrypt_chal(chal,pwd);
-+}
-+
+ }
+ 
+-/* Generate PSEUDO random challenge key. */
+-static void gen_chal(char *buf)
 +void ssl_decrypt_chal(char *chal, char *pwd)
-+{
+ {
+-   register int i;
+- 
+-   srand(time(NULL));
+-
+-   for(i=0; i < VTUN_CHAL_SIZE; i++)
+-      buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
 +	syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'");
 +	nonssl_decrypt_chal(chal,pwd);
-+}
+ }
 +
  #endif /* HAVE_SSL */
  
  /* 
-@@ -353,7 +393,11 @@
+@@ -123,7 +163,7 @@
+  * C - compression, S - speed for shaper and so on.
+  */ 
+ 
+-static char *bf2cf(struct vtun_host *host)
++char *bf2cf(struct vtun_host *host)
+ {
+      static char str[20], *ptr = str;
+ 
+@@ -187,7 +227,7 @@
+    FLAGS: <TuE1>
+ */
+ 
+-static int cf2bf(char *str, struct vtun_host *host)
++int cf2bf(char *str, struct vtun_host *host)
+ {
+      char *ptr, *p;
+      int s;
+@@ -277,7 +317,7 @@
+  * string format:  <char_data> 
+  */ 
+ 
+-static char *cl2cs(char *chal)
++char *cl2cs(char *chal)
+ {
+      static char str[VTUN_CHAL_SIZE*2+3], *chr="abcdefghijklmnop";
+      register char *ptr = str;
+@@ -295,7 +335,7 @@
+      return str;
+ }
+ 
+-static int cs2cl(char *str, char *chal)
++int cs2cl(char *str, char *chal)
+ {
+      register char *ptr = str;
+      register int i;
+@@ -358,7 +398,11 @@
  		   if( !(h = find_host(host)) )
  		      break;
  
@@ -146,7 +181,7 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
  	
  		   if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){
  		      /* Auth successeful. */
-@@ -405,7 +449,11 @@
+@@ -410,7 +454,11 @@
  		   if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){
  		      stage = ST_CHAL;
  					
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/vtun.git/commitdiff/b060841523310fabd9a5ca2c3373cec414f37edb



More information about the pld-cvs-commit mailing list