Please consider unblocking vpnc_0.5.3r449-2.1

To: debian-release@lists.debian.org
Cc: Eric Warmenhoven <warmenhoven@debian.org>
Subject: Please consider unblocking vpnc_0.5.3r449-2.1
From: Reinhard Tartler <siretart@debian.org>
Date: Mon, 15 Nov 2010 10:01:28 +0100
Message-id: <[🔎] 87tyjj3qqf.fsf@faui44a.informatik.uni-erlangen.de>

Hi,

I've NMU'ed vpnc for bug #496718, which really apppears RC to me and
should go into the next release. Please consider unblocking and aging
it (as I forgot to adjust the urgency field). Debdiff follows:


>> debdiff vpnc_0.5.3r449-2.dsc vpnc_0.5.3r449-2.1.dsc
diff -u vpnc-0.5.3r449/debian/changelog vpnc-0.5.3r449/debian/changelog
--- vpnc-0.5.3r449/debian/changelog
+++ vpnc-0.5.3r449/debian/changelog
@@ -1,3 +1,12 @@
+vpnc (0.5.3r449-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Bug fix: "Disconnects after an hour and loops trying to reconnect",
+    thanks to Daniel Schepler (Closes: #496718, LP: #479632). Patch taken
+    from upstream: http://www.gossamer-threads.com/lists/vpnc/devel/3442
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 09 Nov 2010 12:03:17 +0100
+
 vpnc (0.5.3r449-2) unstable; urgency=low
 
   * Add pkg-config build-dependency. (closes: #574715)
diff -u vpnc-0.5.3r449/debian/patches/00list vpnc-0.5.3r449/debian/patches/00list
--- vpnc-0.5.3r449/debian/patches/00list
+++ vpnc-0.5.3r449/debian/patches/00list
@@ -4,0 +5 @@
+07_bug496718.dpatch
only in patch2:
unchanged:
--- vpnc-0.5.3r449.orig/debian/patches/07_bug496718.dpatch
+++ vpnc-0.5.3r449/debian/patches/07_bug496718.dpatch
@@ -0,0 +1,88 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 07_bug496718.dpatch by Reinhard Tartler <siretart@tauware.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Do no disconnect after an hour and loop trying to reconnect
+
+@DPATCH@
+
+Index: vpnc.c
+===================================================================
+--- a/vpnc.c	(revision 449)
++++ b/vpnc.c	(working copy)
+@@ -3095,9 +3097,14 @@
+ 			 */
+ 			/* FIXME: any cleanup needed??? */
+ 
+-			free_isakmp_packet(r);
+-			do_phase2_qm(s);
+-			return;
++			if (rp->u.d.num_spi >= 1 && memcmp(rp->u.d.spi[0], &s->ipsec.tx.spi, 4) == 0) {
++				free_isakmp_packet(r);
++				do_phase2_qm(s);
++				return;
++			} else {
++				DEBUG(2, printf("got isakmp delete with bogus spi, ignoring...\n"));
++				continue;
++			}
+ 		}
+ 		/* skip ipsec-esp delete */
+ 		if (rp->u.d.protocol != ISAKMP_IPSEC_PROTO_ISAKMP) {
+Index: vpnc.c
+===================================================================
+--- a/vpnc.c	(revision 449)
++++ b/vpnc.c	(working copy)
+@@ -2779,32 +2779,34 @@
+ 		free(dh_shared_secret);
+ 		free_isakmp_packet(r);
+ 
+-		if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
+-			s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port);
+-			s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
+-			s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP;
+-		} else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) {
+-			s->esp_fd = s->ike_fd;
+-		} else {
++		if (s->esp_fd == 0) {
++			if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
++				s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port);
++				s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
++				s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP;
++			} else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) {
++				s->esp_fd = s->ike_fd;
++			} else {
+ #ifdef IP_HDRINCL
+-			int hincl = 1;
++				int hincl = 1;
+ #endif
+ 
+-			s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
+-			if (s->esp_fd == -1) {
+-				close_tunnel(s);
+-				error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
+-			}
++				s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
++				if (s->esp_fd == -1) {
++					close_tunnel(s);
++					error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
++				}
+ #ifdef FD_CLOEXEC
+-			/* do not pass socket to vpnc-script, etc. */
+-			fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
++				/* do not pass socket to vpnc-script, etc. */
++				fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
+ #endif
+ #ifdef IP_HDRINCL
+-			if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
+-				close_tunnel(s);
+-				error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
++				if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
++					close_tunnel(s);
++					error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
++				}
++#endif
+ 			}
+-#endif
+ 		}
+ 
+ 		s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1;



-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Reply to:

Follow-Ups:
- Re: Please consider unblocking vpnc_0.5.3r449-2.1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Pre-approval request for dpkg sync() changes for squeeze
Next by Date: Please unblock bwa/0.5.8c-1
Previous by thread: Re: Please let sympa 6.0.1+dfsg-3 migrate from testing-proposed-updates
Next by thread: Re: Please consider unblocking vpnc_0.5.3r449-2.1
Index(es):
- Date
- Thread