diff --git a/srcpkgs/vpnc/patches/00-fix-fritzbox.diff b/srcpkgs/vpnc/patches/00-fix-fritzbox.diff new file mode 100644 index 00000000000..5f6c7a63cb9 --- /dev/null +++ b/srcpkgs/vpnc/patches/00-fix-fritzbox.diff @@ -0,0 +1,81 @@ +Description: Fixes AVM's FritzBoxes not being able to connect +Upstream: Yes +Index: vpnc.c +=================================================================== +--- vpnc.c (revision 466) ++++ vpnc.c (revision 469) +@@ -88,6 +88,10 @@ + 0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E, + 0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F + }; ++const unsigned char VID_NATT_03[] = { /* "draft-ietf-ipsec-nat-t-ike-03" */ ++ 0x7d, 0x94, 0x19, 0xa6, 0x53, 0x10, 0xca, 0x6f, ++ 0x2c, 0x17, 0x9d, 0x92, 0x15, 0x52, 0x9d, 0x56 ++}; + const unsigned char VID_NATT_RFC[] = { /* "RFC 3947" */ + 0x4A, 0x13, 0x1C, 0x81, 0x07, 0x03, 0x58, 0x45, + 0x5C, 0x57, 0x28, 0xF2, 0x0E, 0x95, 0x45, 0x2F +@@ -141,6 +145,7 @@ + { VID_NATT_01, sizeof(VID_NATT_01), "Nat-T 01" }, + { VID_NATT_02, sizeof(VID_NATT_02), "Nat-T 02" }, + { VID_NATT_02N, sizeof(VID_NATT_02N), "Nat-T 02N" }, ++ { VID_NATT_03, sizeof(VID_NATT_03), "Nat-T 03" }, + { VID_NATT_RFC, sizeof(VID_NATT_RFC), "Nat-T RFC" }, + { VID_DWR, sizeof(VID_DWR), "Delete With Reason" }, + { VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), "Cisco Fragmentation" }, +@@ -1156,8 +1161,11 @@ + value = a->next->u.attr_16; + else if (a->next->af == isakmp_attr_lots && a->next->u.lots.length == 4) + value = ntohl(*((uint32_t *) a->next->u.lots.data)); +- else +- assert(0); ++ else { ++ DEBUG(2, printf("got unknown ike lifetime attributes af %d len %d\n", ++ a->next->af, a->next->u.lots.length)); ++ return; ++ } + + DEBUG(2, printf("got ike lifetime attributes: %d %s\n", value, + (a->u.attr_16 == IKE_LIFE_TYPE_SECONDS) ? "seconds" : "kilobyte")); +@@ -1267,6 +1275,8 @@ + l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, + VID_NATT_RFC, sizeof(VID_NATT_RFC)); + l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, ++ VID_NATT_03, sizeof(VID_NATT_03)); ++ l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, + VID_NATT_02N, sizeof(VID_NATT_02N)); + l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID, + VID_NATT_02, sizeof(VID_NATT_02)); +@@ -1501,6 +1511,12 @@ + seen_natt_vid = 1; + if (natt_draft < 1) natt_draft = 2; + DEBUG(2, printf("peer is NAT-T capable (RFC 3947)\n")); ++ } else if (rp->u.vid.length == sizeof(VID_NATT_03) ++ && memcmp(rp->u.vid.data, VID_NATT_03, ++ sizeof(VID_NATT_03)) == 0) { ++ seen_natt_vid = 1; ++ if (natt_draft < 1) natt_draft = 2; ++ DEBUG(2, printf("peer is NAT-T capable (draft-03)\n")); + } else if (rp->u.vid.length == sizeof(VID_NATT_02N) + && memcmp(rp->u.vid.data, VID_NATT_02N, + sizeof(VID_NATT_02N)) == 0) { +@@ -1582,6 +1598,19 @@ + seen_natd_them = 1; + } + break; ++ case ISAKMP_PAYLOAD_N: ++ if (rp->u.n.type == ISAKMP_N_IPSEC_RESPONDER_LIFETIME) { ++ if (rp->u.n.protocol == ISAKMP_IPSEC_PROTO_ISAKMP) ++ lifetime_ike_process(s, rp->u.n.attributes); ++ else if (rp->u.n.protocol == ISAKMP_IPSEC_PROTO_IPSEC_ESP) ++ lifetime_ipsec_process(s, rp->u.n.attributes); ++ else ++ DEBUG(2, printf("got unknown lifetime notice, ignoring..\n")); ++ } else { ++ DEBUG(1, printf("rejecting ISAKMP_PAYLOAD_N, type is not lifetime\n")); ++ reject = ISAKMP_N_INVALID_PAYLOAD_TYPE; ++ } ++ break; + default: + DEBUG(1, printf("rejecting invalid payload type %d\n", rp->type)); + reject = ISAKMP_N_INVALID_PAYLOAD_TYPE; diff --git a/srcpkgs/vpnc/patches/0001-fix-musl.patch b/srcpkgs/vpnc/patches/2-fix-musl.patch similarity index 100% rename from srcpkgs/vpnc/patches/0001-fix-musl.patch rename to srcpkgs/vpnc/patches/2-fix-musl.patch diff --git a/srcpkgs/vpnc/template b/srcpkgs/vpnc/template index 29d6599fa8c..51e2f2998a6 100644 --- a/srcpkgs/vpnc/template +++ b/srcpkgs/vpnc/template @@ -1,7 +1,7 @@ # Template file for 'vpnc' pkgname=vpnc version=0.5.3 -revision=6 +revision=7 hostmakedepends="perl" makedepends="libgcrypt-devel" depends="net-tools"