Please consider unblocking vpnc_0.5.3r449-2.1
Hi,
I've NMU'ed vpnc for bug #496718, which really apppears RC to me and
should go into the next release. Please consider unblocking and aging
it (as I forgot to adjust the urgency field). Debdiff follows:
>> debdiff vpnc_0.5.3r449-2.dsc vpnc_0.5.3r449-2.1.dsc
diff -u vpnc-0.5.3r449/debian/changelog vpnc-0.5.3r449/debian/changelog
--- vpnc-0.5.3r449/debian/changelog
+++ vpnc-0.5.3r449/debian/changelog
@@ -1,3 +1,12 @@
+vpnc (0.5.3r449-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Bug fix: "Disconnects after an hour and loops trying to reconnect",
+ thanks to Daniel Schepler (Closes: #496718, LP: #479632). Patch taken
+ from upstream: http://www.gossamer-threads.com/lists/vpnc/devel/3442
+
+ -- Reinhard Tartler <siretart@tauware.de> Tue, 09 Nov 2010 12:03:17 +0100
+
vpnc (0.5.3r449-2) unstable; urgency=low
* Add pkg-config build-dependency. (closes: #574715)
diff -u vpnc-0.5.3r449/debian/patches/00list vpnc-0.5.3r449/debian/patches/00list
--- vpnc-0.5.3r449/debian/patches/00list
+++ vpnc-0.5.3r449/debian/patches/00list
@@ -4,0 +5 @@
+07_bug496718.dpatch
only in patch2:
unchanged:
--- vpnc-0.5.3r449.orig/debian/patches/07_bug496718.dpatch
+++ vpnc-0.5.3r449/debian/patches/07_bug496718.dpatch
@@ -0,0 +1,88 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 07_bug496718.dpatch by Reinhard Tartler <siretart@tauware.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Do no disconnect after an hour and loop trying to reconnect
+
+@DPATCH@
+
+Index: vpnc.c
+===================================================================
+--- a/vpnc.c (revision 449)
++++ b/vpnc.c (working copy)
+@@ -3095,9 +3097,14 @@
+ */
+ /* FIXME: any cleanup needed??? */
+
+- free_isakmp_packet(r);
+- do_phase2_qm(s);
+- return;
++ if (rp->u.d.num_spi >= 1 && memcmp(rp->u.d.spi[0], &s->ipsec.tx.spi, 4) == 0) {
++ free_isakmp_packet(r);
++ do_phase2_qm(s);
++ return;
++ } else {
++ DEBUG(2, printf("got isakmp delete with bogus spi, ignoring...\n"));
++ continue;
++ }
+ }
+ /* skip ipsec-esp delete */
+ if (rp->u.d.protocol != ISAKMP_IPSEC_PROTO_ISAKMP) {
+Index: vpnc.c
+===================================================================
+--- a/vpnc.c (revision 449)
++++ b/vpnc.c (working copy)
+@@ -2779,32 +2779,34 @@
+ free(dh_shared_secret);
+ free_isakmp_packet(r);
+
+- if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
+- s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port);
+- s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
+- s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP;
+- } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) {
+- s->esp_fd = s->ike_fd;
+- } else {
++ if (s->esp_fd == 0) {
++ if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
++ s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port);
++ s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
++ s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP;
++ } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) {
++ s->esp_fd = s->ike_fd;
++ } else {
+ #ifdef IP_HDRINCL
+- int hincl = 1;
++ int hincl = 1;
+ #endif
+
+- s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
+- if (s->esp_fd == -1) {
+- close_tunnel(s);
+- error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
+- }
++ s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
++ if (s->esp_fd == -1) {
++ close_tunnel(s);
++ error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
++ }
+ #ifdef FD_CLOEXEC
+- /* do not pass socket to vpnc-script, etc. */
+- fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
++ /* do not pass socket to vpnc-script, etc. */
++ fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
+ #endif
+ #ifdef IP_HDRINCL
+- if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
+- close_tunnel(s);
+- error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
++ if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
++ close_tunnel(s);
++ error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
++ }
++#endif
+ }
+-#endif
+ }
+
+ s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1;
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Reply to: