tags 496718 + patch tags 496718 + pending severity 496718 serious thanks Justification: Seriously impacts functionality of the package for any user
Dear maintainer, I've prepared an NMU for vpnc (versioned as 0.5.3r449-2.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Preview packages with buildlog can be downloaded here: http://wiki.tauware.de/~siretart/upload-queue/ Regards, Reinhard. diff -u vpnc-0.5.3r449/debian/changelog vpnc-0.5.3r449/debian/changelog --- vpnc-0.5.3r449/debian/changelog +++ vpnc-0.5.3r449/debian/changelog @@ -1,3 +1,12 @@ +vpnc (0.5.3r449-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Bug fix: "Disconnects after an hour and loops trying to reconnect", + thanks to Daniel Schepler (Closes: #496718, LP: #479632). Patch taken + from upstream: http://www.gossamer-threads.com/lists/vpnc/devel/3442 + + -- Reinhard Tartler <siret...@tauware.de> Tue, 09 Nov 2010 12:03:17 +0100 + vpnc (0.5.3r449-2) unstable; urgency=low * Add pkg-config build-dependency. (closes: #574715) diff -u vpnc-0.5.3r449/debian/patches/00list vpnc-0.5.3r449/debian/patches/00list --- vpnc-0.5.3r449/debian/patches/00list +++ vpnc-0.5.3r449/debian/patches/00list @@ -4,0 +5 @@ +07_bug496718.dpatch only in patch2: unchanged: --- vpnc-0.5.3r449.orig/debian/patches/07_bug496718.dpatch +++ vpnc-0.5.3r449/debian/patches/07_bug496718.dpatch @@ -0,0 +1,88 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 07_bug496718.dpatch by Reinhard Tartler <siret...@tauware.de> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Do no disconnect after an hour and loop trying to reconnect + +...@dpatch@ + +Index: vpnc.c +=================================================================== +--- a/vpnc.c (revision 449) ++++ b/vpnc.c (working copy) +@@ -3095,9 +3097,14 @@ + */ + /* FIXME: any cleanup needed??? */ + +- free_isakmp_packet(r); +- do_phase2_qm(s); +- return; ++ if (rp->u.d.num_spi >= 1 && memcmp(rp->u.d.spi[0], &s->ipsec.tx.spi, 4) == 0) { ++ free_isakmp_packet(r); ++ do_phase2_qm(s); ++ return; ++ } else { ++ DEBUG(2, printf("got isakmp delete with bogus spi, ignoring...\n")); ++ continue; ++ } + } + /* skip ipsec-esp delete */ + if (rp->u.d.protocol != ISAKMP_IPSEC_PROTO_ISAKMP) { +Index: vpnc.c +=================================================================== +--- a/vpnc.c (revision 449) ++++ b/vpnc.c (working copy) +@@ -2779,32 +2779,34 @@ + free(dh_shared_secret); + free_isakmp_packet(r); + +- if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) { +- s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port); +- s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL; +- s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP; +- } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) { +- s->esp_fd = s->ike_fd; +- } else { ++ if (s->esp_fd == 0) { ++ if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) { ++ s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port); ++ s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL; ++ s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP; ++ } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) { ++ s->esp_fd = s->ike_fd; ++ } else { + #ifdef IP_HDRINCL +- int hincl = 1; ++ int hincl = 1; + #endif + +- s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP); +- if (s->esp_fd == -1) { +- close_tunnel(s); +- error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)"); +- } ++ s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP); ++ if (s->esp_fd == -1) { ++ close_tunnel(s); ++ error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)"); ++ } + #ifdef FD_CLOEXEC +- /* do not pass socket to vpnc-script, etc. */ +- fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC); ++ /* do not pass socket to vpnc-script, etc. */ ++ fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC); + #endif + #ifdef IP_HDRINCL +- if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) { +- close_tunnel(s); +- error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)"); ++ if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) { ++ close_tunnel(s); ++ error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)"); ++ } ++#endif + } +-#endif + } + + s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1; -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
