[packages/vtun] - updated to 3.0.4 - vtun-sslauth.patch adjusted to 3.0.4 - fix build against openssl-1.1 (vtun-open
adamg
adamg at pld-linux.org
Sun Sep 30 12:25:21 CEST 2018
commit b060841523310fabd9a5ca2c3373cec414f37edb
Author: Adam Gołębiowski <adamg at pld-linux.org>
Date: Sun Sep 30 12:24:12 2018 +0200
- updated to 3.0.4
- vtun-sslauth.patch adjusted to 3.0.4
- fix build against openssl-1.1 (vtun-openssl-1.1.patch)
- dont inline clear_nat_hack_flags (vtun-dont-inline.patch)
vtun-dont-inline.patch | 21 +++++
vtun-openssl-1.1.patch | 217 +++++++++++++++++++++++++++++++++++++++++++++++++
vtun-sslauth.patch | 101 +++++++++++++++--------
vtun.spec | 10 ++-
4 files changed, 313 insertions(+), 36 deletions(-)
---
diff --git a/vtun.spec b/vtun.spec
index 79eaf52..8e41635 100644
--- a/vtun.spec
+++ b/vtun.spec
@@ -5,13 +5,13 @@
Summary: Virtual tunnel over TCP/IP networks
Summary(pl.UTF-8): Wirtualne tunele poprzez sieci TCP/IP
Name: vtun
-Version: 3.0.3
-Release: 2
+Version: 3.0.4
+Release: 1
Epoch: 2
License: GPL v2+
Group: Networking/Daemons
Source0: http://download.sourceforge.net/vtun/%{name}-%{version}.tar.gz
-# Source0-md5: f3becf2a0270910a841060c08d1db824
+# Source0-md5: f952c5895ae8f40235aaad9a8f41a4bd
Source1: %{name}.init
Source2: %{name}.sysconfig
Source3: %{name}.service
@@ -19,6 +19,8 @@ Source4: %{name}.sh
Patch1: %{name}-autoheader.patch
Patch2: %{name}-sslauth.patch
Patch3: %{name}-linking.patch
+Patch4: %{name}-openssl-1.1.patch
+Patch5: %{name}-dont-inline.patch
URL: http://vtun.sourceforge.net/
BuildRequires: autoconf
BuildRequires: automake
@@ -60,6 +62,8 @@ user space, więc nie wymaga dodatkowego wsparcia w jądrze.
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
+%patch5 -p1
%build
cp -f /usr/share/automake/config.* .
diff --git a/vtun-dont-inline.patch b/vtun-dont-inline.patch
new file mode 100644
index 0000000..19b8ca6
--- /dev/null
+++ b/vtun-dont-inline.patch
@@ -0,0 +1,21 @@
+--- vtun-3.0.4.orig/cfg_file.y 2016-10-01 23:27:51.000000000 +0200
++++ vtun-3.0.4/cfg_file.y 2018-09-30 12:21:17.880947142 +0200
+@@ -610,7 +617,7 @@
+ }
+
+ /* Clear the VTUN_NAT_HACK flag which are not relevant to the current operation mode */
+-inline void clear_nat_hack_flags(int svr)
++void clear_nat_hack_flags(int svr)
+ {
+ if (svr)
+ llist_trav(&host_list,clear_nat_hack_server,NULL);
+--- vtun-3.0.4.orig/vtun.h 2016-10-01 23:27:51.000000000 +0200
++++ vtun-3.0.4/vtun.h 2018-09-30 12:21:29.038196844 +0200
+@@ -232,6 +236,6 @@
+ int tunnel(struct vtun_host *host);
+ int read_config(char *file);
+ struct vtun_host * find_host(char *host);
+-inline void clear_nat_hack_flags(int svr);
++void clear_nat_hack_flags(int svr);
+
+ #endif
diff --git a/vtun-openssl-1.1.patch b/vtun-openssl-1.1.patch
new file mode 100644
index 0000000..74dd57c
--- /dev/null
+++ b/vtun-openssl-1.1.patch
@@ -0,0 +1,217 @@
+--- vtun-3.0.4.orig/lfd_encrypt.c 2016-10-01 23:27:51.000000000 +0200
++++ vtun-3.0.4/lfd_encrypt.c 2018-09-30 12:17:00.134149092 +0200
+@@ -95,11 +95,11 @@
+ static char * pkey;
+ static char * iv_buf;
+
+-static EVP_CIPHER_CTX ctx_enc; /* encrypt */
+-static EVP_CIPHER_CTX ctx_dec; /* decrypt */
++static EVP_CIPHER_CTX *ctx_enc; /* encrypt */
++static EVP_CIPHER_CTX *ctx_dec; /* decrypt */
+
+-static EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */
+-static EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */
++static EVP_CIPHER_CTX *ctx_enc_ecb; /* sideband ecb encrypt */
++static EVP_CIPHER_CTX *ctx_dec_ecb; /* sideband ecb decrypt */
+
+ static int send_msg(int len, char *in, char **out);
+ static int recv_msg(int len, char *in, char **out);
+@@ -182,15 +182,15 @@
+ keysize = 32;
+ sb_init = 1;
+ cipher_type = EVP_aes_256_ecb();
+- pctx_enc = &ctx_enc_ecb;
+- pctx_dec = &ctx_dec_ecb;
++ pctx_enc = ctx_enc_ecb;
++ pctx_dec = ctx_dec_ecb;
+ break;
+
+ case VTUN_ENC_AES256ECB:
+ blocksize = 16;
+ keysize = 32;
+- pctx_enc = &ctx_enc;
+- pctx_dec = &ctx_dec;
++ pctx_enc = ctx_enc;
++ pctx_dec = ctx_dec;
+ cipher_type = EVP_aes_256_ecb();
+ strcpy(cipher_name,"AES-256-ECB");
+ break;
+@@ -201,14 +201,14 @@
+ keysize = 16;
+ sb_init=1;
+ cipher_type = EVP_aes_128_ecb();
+- pctx_enc = &ctx_enc_ecb;
+- pctx_dec = &ctx_dec_ecb;
++ pctx_enc = ctx_enc_ecb;
++ pctx_dec = ctx_dec_ecb;
+ break;
+ case VTUN_ENC_AES128ECB:
+ blocksize = 16;
+ keysize = 16;
+- pctx_enc = &ctx_enc;
+- pctx_dec = &ctx_dec;
++ pctx_enc = ctx_enc;
++ pctx_dec = ctx_dec;
+ cipher_type = EVP_aes_128_ecb();
+ strcpy(cipher_name,"AES-128-ECB");
+ break;
+@@ -221,16 +221,16 @@
+ var_key = 1;
+ sb_init = 1;
+ cipher_type = EVP_bf_ecb();
+- pctx_enc = &ctx_enc_ecb;
+- pctx_dec = &ctx_dec_ecb;
++ pctx_enc = ctx_enc_ecb;
++ pctx_dec = ctx_dec_ecb;
+ break;
+
+ case VTUN_ENC_BF256ECB:
+ blocksize = 8;
+ keysize = 32;
+ var_key = 1;
+- pctx_enc = &ctx_enc;
+- pctx_dec = &ctx_dec;
++ pctx_enc = ctx_enc;
++ pctx_dec = ctx_dec;
+ cipher_type = EVP_bf_ecb();
+ strcpy(cipher_name,"Blowfish-256-ECB");
+ break;
+@@ -243,16 +243,16 @@
+ var_key = 1;
+ sb_init = 1;
+ cipher_type = EVP_bf_ecb();
+- pctx_enc = &ctx_enc_ecb;
+- pctx_dec = &ctx_dec_ecb;
++ pctx_enc = ctx_enc_ecb;
++ pctx_dec = ctx_dec_ecb;
+ break;
+ case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */
+ default:
+ blocksize = 8;
+ keysize = 16;
+ var_key = 1;
+- pctx_enc = &ctx_enc;
+- pctx_dec = &ctx_dec;
++ pctx_enc = ctx_enc;
++ pctx_dec = ctx_dec;
+ cipher_type = EVP_bf_ecb();
+ strcpy(cipher_name,"Blowfish-128-ECB");
+ break;
+@@ -294,10 +294,10 @@
+ lfd_free(enc_buf); enc_buf = NULL;
+ lfd_free(dec_buf); dec_buf = NULL;
+
+- EVP_CIPHER_CTX_cleanup(&ctx_enc);
+- EVP_CIPHER_CTX_cleanup(&ctx_dec);
+- EVP_CIPHER_CTX_cleanup(&ctx_enc_ecb);
+- EVP_CIPHER_CTX_cleanup(&ctx_dec_ecb);
++ EVP_CIPHER_CTX_free(ctx_enc);
++ EVP_CIPHER_CTX_free(ctx_dec);
++ EVP_CIPHER_CTX_free(ctx_enc_ecb);
++ EVP_CIPHER_CTX_free(ctx_dec_ecb);
+
+ return 0;
+ }
+@@ -323,7 +323,7 @@
+ outlen=len+pad;
+ if (pad == blocksize)
+ RAND_bytes(in_ptr+len, blocksize-1);
+- EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
++ EVP_EncryptUpdate(ctx_enc, out_ptr, &outlen, in_ptr, len+pad);
+ *out = enc_buf;
+
+ sequence_num++;
+@@ -343,7 +343,7 @@
+
+ outlen=len;
+ if (!len) return 0;
+- EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len);
++ EVP_DecryptUpdate(ctx_dec, out_ptr, &outlen, in_ptr, len);
+ recv_ib_mesg(&outlen, &out_ptr);
+ if (!outlen) return 0;
+ tmp_ptr = out_ptr + outlen; tmp_ptr--;
+@@ -431,13 +431,13 @@
+ break;
+ } /* switch(cipher) */
+
+- EVP_CIPHER_CTX_init(&ctx_enc);
+- EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL);
++ EVP_CIPHER_CTX_init(ctx_enc);
++ EVP_EncryptInit_ex(ctx_enc, cipher_type, NULL, NULL, NULL);
+ if (var_key)
+- EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize);
+- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL);
+- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx_enc, 0);
++ EVP_CIPHER_CTX_set_key_length(ctx_enc, keysize);
++ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, pkey, NULL);
++ EVP_EncryptInit_ex(ctx_enc, NULL, NULL, NULL, iv);
++ EVP_CIPHER_CTX_set_padding(ctx_enc, 0);
+ if (enc_init_first_time)
+ {
+ sprintf(tmpstr,"%s encryption initialized", cipher_name);
+@@ -521,13 +521,13 @@
+ break;
+ } /* switch(cipher) */
+
+- EVP_CIPHER_CTX_init(&ctx_dec);
+- EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL);
++ EVP_CIPHER_CTX_init(ctx_dec);
++ EVP_DecryptInit_ex(ctx_dec, cipher_type, NULL, NULL, NULL);
+ if (var_key)
+- EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize);
+- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL);
+- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx_dec, 0);
++ EVP_CIPHER_CTX_set_key_length(ctx_dec, keysize);
++ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, pkey, NULL);
++ EVP_DecryptInit_ex(ctx_dec, NULL, NULL, NULL, iv);
++ EVP_CIPHER_CTX_set_padding(ctx_dec, 0);
+ if (dec_init_first_time)
+ {
+ sprintf(tmpstr,"%s decryption initialized", cipher_name);
+@@ -559,7 +559,7 @@
+
+ in_ptr = in - blocksize*2;
+ outlen = blocksize*2;
+- EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr,
++ EVP_EncryptUpdate(ctx_enc_ecb, in_ptr,
+ &outlen, in_ptr, blocksize*2);
+ *out = in_ptr;
+ len = outlen;
+@@ -586,7 +586,7 @@
+ in_ptr = in;
+ iv = malloc(blocksize);
+ outlen = blocksize*2;
+- EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
++ EVP_DecryptUpdate(ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2);
+
+ if ( !strncmp(in_ptr, "ivec", 4) )
+ {
+@@ -629,7 +629,7 @@
+ if (cipher_enc_state != CIPHER_INIT)
+ {
+ cipher_enc_state = CIPHER_INIT;
+- EVP_CIPHER_CTX_cleanup(&ctx_enc);
++ EVP_CIPHER_CTX_cleanup(ctx_enc);
+ #ifdef LFD_ENCRYPT_DEBUG
+ vtun_syslog(LOG_INFO,
+ "Forcing local encryptor re-init");
+@@ -710,7 +710,7 @@
+ if (cipher_enc_state != CIPHER_INIT)
+ {
+ cipher_enc_state = CIPHER_INIT;
+- EVP_CIPHER_CTX_cleanup(&ctx_enc);
++ EVP_CIPHER_CTX_cleanup(ctx_enc);
+ }
+ #ifdef LFD_ENCRYPT_DEBUG
+ vtun_syslog(LOG_INFO, "Remote requests encryptor re-init");
+@@ -724,7 +724,7 @@
+ cipher_enc_state != CIPHER_REQ_INIT &&
+ cipher_enc_state != CIPHER_INIT)
+ {
+- EVP_CIPHER_CTX_cleanup (&ctx_dec);
++ EVP_CIPHER_CTX_cleanup (ctx_dec);
+ cipher_dec_state = CIPHER_INIT;
+ cipher_enc_state = CIPHER_REQ_INIT;
+ }
diff --git a/vtun-sslauth.patch b/vtun-sslauth.patch
index f700a05..0d5e2a2 100644
--- a/vtun-sslauth.patch
+++ b/vtun-sslauth.patch
@@ -1,6 +1,6 @@
-diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
---- vtun-3.0.2-orig/auth.c 2008-01-07 22:35:18.000000000 +0000
-+++ vtun-3.0.2/auth.c 2008-09-01 14:20:13.000000000 +0000
+diff -burN vtun-3.0.4.orig/auth.c vtun-3.0.4/auth.c
+--- vtun-3.0.4.orig/auth.c 2016-10-01 23:29:28.000000000 +0200
++++ vtun-3.0.4/auth.c 2018-09-30 12:02:45.799673157 +0200
@@ -23,6 +23,10 @@
/*
* Challenge based authentication.
@@ -23,6 +23,7 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
#include <openssl/blowfish.h>
#include <openssl/rand.h>
+-static void gen_chal(char *buf)
+#endif /* HAVE_SSL */
+
+/* Okay, start the "blue-wire" non-ssl auth patch stuff */
@@ -45,12 +46,12 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
+/* Encryption and Decryption of the challenge-key */
+#ifdef HAVE_SSL
+
- void gen_chal(char *buf)
++void gen_chal(char *buf)
{
RAND_bytes(buf, VTUN_CHAL_SIZE);
}
--void encrypt_chal(char *chal, char *pwd)
+-static void encrypt_chal(char *chal, char *pwd)
+void ssl_encrypt_chal(char *chal, char *pwd)
{
register int i;
@@ -63,7 +64,7 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT);
}
--void decrypt_chal(char *chal, char *pwd)
+-static void decrypt_chal(char *chal, char *pwd)
+void ssl_decrypt_chal(char *chal, char *pwd)
{
register int i;
@@ -77,26 +78,13 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
#else /* HAVE_SSL */
--void encrypt_chal(char *chal, char *pwd)
--{
+-static void encrypt_chal(char *chal, char *pwd)
++/* Generate PSEUDO random challenge key. */
++void gen_chal(char *buf)
+ {
- char * xor_msk = pwd;
- register int i, xor_len = strlen(xor_msk);
--
-- for(i=0; i < VTUN_CHAL_SIZE; i++)
-- chal[i] ^= xor_msk[i%xor_len];
--}
--
--void inline decrypt_chal(char *chal, char *pwd)
--{
-- encrypt_chal(chal, pwd);
--}
--
- /* Generate PSEUDO random challenge key. */
- void gen_chal(char *buf)
- {
- register int i;
--
-- srand(time(NULL));
++ register int i;
+ unsigned int seed;
+ char *pseed;
+ int fd,cnt,len;
@@ -115,25 +103,72 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
+ srand(seed);
for(i=0; i < VTUN_CHAL_SIZE; i++)
- buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
+- chal[i] ^= xor_msk[i%xor_len];
++ buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
}
-+
+
+-static void inline decrypt_chal(char *chal, char *pwd)
+void ssl_encrypt_chal(char *chal, char *pwd)
-+{
+ {
+- encrypt_chal(chal, pwd);
+ syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'");
+ nonssl_encrypt_chal(chal,pwd);
-+}
-+
+ }
+
+-/* Generate PSEUDO random challenge key. */
+-static void gen_chal(char *buf)
+void ssl_decrypt_chal(char *chal, char *pwd)
-+{
+ {
+- register int i;
+-
+- srand(time(NULL));
+-
+- for(i=0; i < VTUN_CHAL_SIZE; i++)
+- buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
+ syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'");
+ nonssl_decrypt_chal(chal,pwd);
-+}
+ }
+
#endif /* HAVE_SSL */
/*
-@@ -353,7 +393,11 @@
+@@ -123,7 +163,7 @@
+ * C - compression, S - speed for shaper and so on.
+ */
+
+-static char *bf2cf(struct vtun_host *host)
++char *bf2cf(struct vtun_host *host)
+ {
+ static char str[20], *ptr = str;
+
+@@ -187,7 +227,7 @@
+ FLAGS: <TuE1>
+ */
+
+-static int cf2bf(char *str, struct vtun_host *host)
++int cf2bf(char *str, struct vtun_host *host)
+ {
+ char *ptr, *p;
+ int s;
+@@ -277,7 +317,7 @@
+ * string format: <char_data>
+ */
+
+-static char *cl2cs(char *chal)
++char *cl2cs(char *chal)
+ {
+ static char str[VTUN_CHAL_SIZE*2+3], *chr="abcdefghijklmnop";
+ register char *ptr = str;
+@@ -295,7 +335,7 @@
+ return str;
+ }
+
+-static int cs2cl(char *str, char *chal)
++int cs2cl(char *str, char *chal)
+ {
+ register char *ptr = str;
+ register int i;
+@@ -358,7 +398,11 @@
if( !(h = find_host(host)) )
break;
@@ -146,7 +181,7 @@ diff -Nur vtun-3.0.2-orig/auth.c vtun-3.0.2/auth.c
if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){
/* Auth successeful. */
-@@ -405,7 +449,11 @@
+@@ -410,7 +454,11 @@
if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){
stage = ST_CHAL;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/vtun.git/commitdiff/b060841523310fabd9a5ca2c3373cec414f37edb
More information about the pld-cvs-commit
mailing list