From 3ed092f9270be58aec74c6042cac57c875713550 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Fri, 14 Apr 2017 11:32:51 +0200 Subject: [PATCH 1/1] - add various fixes from debian - rel 3 --- 02_skip-strip.patch | 20 ++++++++++++ 03_no-quiet-gcc.patch | 16 +++++++++ 05_spelling-error.patch | 46 ++++++++++++++++++++++++++ 06_syslog_openlog.patch | 20 ++++++++++++ 07_allow_tunnels.patch | 61 +++++++++++++++++++++++++++++++++++ 08_setup_script.patch | 40 +++++++++++++++++++++++ 09_binutils_gold.patch | 15 +++++++++ 10_gnutls34.patch | 35 ++++++++++++++++++++ 11_gnutls-cleanup.patch | 56 ++++++++++++++++++++++++++++++++ 12_memset-sizeof.patch | 31 ++++++++++++++++++ 13_autotest_description.patch | 16 +++++++++ aiccu.spec | 24 +++++++++++++- 12 files changed, 379 insertions(+), 1 deletion(-) create mode 100644 02_skip-strip.patch create mode 100644 03_no-quiet-gcc.patch create mode 100644 05_spelling-error.patch create mode 100644 06_syslog_openlog.patch create mode 100644 07_allow_tunnels.patch create mode 100644 08_setup_script.patch create mode 100644 09_binutils_gold.patch create mode 100644 10_gnutls34.patch create mode 100644 11_gnutls-cleanup.patch create mode 100644 12_memset-sizeof.patch create mode 100644 13_autotest_description.patch diff --git a/02_skip-strip.patch b/02_skip-strip.patch new file mode 100644 index 0000000..1873057 --- /dev/null +++ b/02_skip-strip.patch @@ -0,0 +1,20 @@ +We handle stripping of the binary through dh_strip, thus remove the +upstream code handling that, which does not care about our Debian +build options. + +Index: aiccu-20070115/unix-console/Makefile +=================================================================== +--- aiccu-20070115.orig/unix-console/Makefile 2009-10-25 22:31:57.000000000 +0100 ++++ aiccu-20070115/unix-console/Makefile 2009-10-25 22:32:04.000000000 +0100 +@@ -145,11 +145,6 @@ + + aiccu: $(OBJS) ${SRCS} ${INCS} + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) +-ifeq ($(shell echo $(CFLAGS) | grep -c "DEBUG"),0) +-ifeq ($(shell echo "$(RPM_OPT_FLAGS)" | wc -c),1) +- strip $@ +-endif +-endif + + clean: + $(RM) -f $(OBJS) aiccu diff --git a/03_no-quiet-gcc.patch b/03_no-quiet-gcc.patch new file mode 100644 index 0000000..27d14ad --- /dev/null +++ b/03_no-quiet-gcc.patch @@ -0,0 +1,16 @@ +It's better for us to see gcc output in the build log to ease debugging. +Quiet builds make that much harder. + +Index: aiccu-20070115/unix-console/Makefile +=================================================================== +--- aiccu-20070115.orig/unix-console/Makefile 2009-10-25 22:33:06.000000000 +0100 ++++ aiccu-20070115/unix-console/Makefile 2009-10-25 22:33:12.000000000 +0100 +@@ -26,7 +26,7 @@ + + #CFLAGS += $(CWARNS) -D_GNU_SOURCE -D_DEBUG -g3 -O0 + CFLAGS += $(CWARNS) -D_GNU_SOURCE +-CC = @gcc ++CC = gcc + RM = rm + + # Add -O3 when nothing is specified yet diff --git a/05_spelling-error.patch b/05_spelling-error.patch new file mode 100644 index 0000000..832dbf9 --- /dev/null +++ b/05_spelling-error.patch @@ -0,0 +1,46 @@ +Fix some spelling errors to satisfy lintian + +--- aiccu.orig/common/aiccu_test.c ++++ aiccu/common/aiccu_test.c +@@ -133,7 +133,7 @@ + printf("### This confirms the reachability of the other side of the tunnel\n"); + printf("### If it doesn't reply then check your interface and routing tables\n"); + printf("### Don't forget to check your firewall of course\n"); +- printf("### If the previous test was succesful then this could be both\n"); ++ printf("### If the previous test was successful then this could be both\n"); + printf("### a firewalling and a routing/interface problem\n"); + printf("\n"); + system_arg(PING6, PINGCOUNT, hTunnel->sIPv6_POP); +--- aiccu.orig/common/common.c ++++ aiccu/common/common.c +@@ -484,7 +484,7 @@ + return false; + } + +- dolog(LOG_DEBUG, "TLS Handshake completed succesfully\n"); ++ dolog(LOG_DEBUG, "TLS Handshake completed successfully\n"); + + sock->tls_active = true; + return true; +--- aiccu.orig/common/tic.c ++++ aiccu/common/tic.c +@@ -517,8 +517,8 @@ + struct in6_addr ipv6_ll, ipv6_local; + char ll[100]; + +- /* Log that the fetch was succesful */ +- dolog(LOG_INFO, "Succesfully retrieved tunnel information for %s\n", sId); ++ /* Log that the fetch was successful */ ++ dolog(LOG_INFO, "Successfully retrieved tunnel information for %s\n", sId); + + /* + * Some TUN/TAP devices don't have any +@@ -652,7 +652,7 @@ + /* All went okay? */ + if (buf[0] == '2' && buf[1] == '0' && buf[2] == '2') + { +- dolog(LOG_INFO, "Succesfully retrieved POP information for %s\n", sId); ++ dolog(LOG_INFO, "Successfully retrieved POP information for %s\n", sId); + return pop; + } + diff --git a/06_syslog_openlog.patch b/06_syslog_openlog.patch new file mode 100644 index 0000000..a3d1882 --- /dev/null +++ b/06_syslog_openlog.patch @@ -0,0 +1,20 @@ +commit 0f7db943bef0488644dce11c2ba2d19c180d8650 +Author: Norman Rasmussen +Date: Sun Jan 10 21:43:44 2010 +0000 + + Initialize syslog so that we log with our PID as DAEMON. + +diff --git a/common/aiccu.c b/common/aiccu.c +index 9abb334..75aadc8 100755 +--- a/common/aiccu.c ++++ b/common/aiccu.c +@@ -58,6 +58,9 @@ bool aiccu_InitConfig() + int ret; + #define CAFILE "ca.pem" + #endif ++#ifndef _WIN32 ++ openlog(NULL, LOG_PID, LOG_DAEMON); ++#endif + /* Allocate & Initialize */ + g_aiccu = (struct AICCU_conf *)malloc(sizeof(*g_aiccu)); + if (!g_aiccu) return false; diff --git a/07_allow_tunnels.patch b/07_allow_tunnels.patch new file mode 100644 index 0000000..ec1c1da --- /dev/null +++ b/07_allow_tunnels.patch @@ -0,0 +1,61 @@ +commit d7c4f7c0d34b80c188fa45228ca282fd8771a41d +Author: Norman Rasmussen +Date: Sun Jan 10 21:45:55 2010 +0000 + + Allow 'tunnels' mode when there's an already running instance. + +diff --git a/unix-console/main.c b/unix-console/main.c +index 8a4d9a9..388d988 100755 +--- a/unix-console/main.c ++++ b/unix-console/main.c +@@ -50,7 +50,7 @@ int sigrunning(int sig) + /* Close the file again */ + fclose(f); + +- /* If we can HUP it, it still runs */ ++ /* If we can signal it, it still runs */ + return (pid > 0 && kill(pid, sig) == 0 ? 1 : 0); + } + +@@ -302,20 +302,6 @@ int main(int argc, char *argv[]) + return -1; + } + +-#ifndef _WIN32 +- /* start or stop? */ +- if ( mode != A_TEST && +- mode != A_AUTOTEST) +- { +- /* Already running? */ +- if (sigrunning(mode == A_STOP ? SIGTERM : 0) == 1) +- { +- dolog(LOG_ERR, "Already running instance HUP'ed, exiting\n"); +- return 0; +- } +- } +-#endif +- + /* Verify required parameters */ + if (!g_aiccu->username || !g_aiccu->password) + { +@@ -331,6 +317,20 @@ int main(int argc, char *argv[]) + return ret == 0 ? -1 : 0; + } + ++#ifndef _WIN32 ++ /* start or stop? */ ++ if ( mode != A_TEST && ++ mode != A_AUTOTEST) ++ { ++ /* Already running? */ ++ if (sigrunning(mode == A_STOP ? SIGTERM : 0) == 1) ++ { ++ dolog(LOG_ERR, "Already running instance signaled, exiting\n"); ++ return 0; ++ } ++ } ++#endif ++ + /* Get our tunnel */ + hTunnel = get_tunnel(); + diff --git a/08_setup_script.patch b/08_setup_script.patch new file mode 100644 index 0000000..26010f8 --- /dev/null +++ b/08_setup_script.patch @@ -0,0 +1,40 @@ +Author: Norman Rasmussen + + Make setupscript work and add teardownscript setting. + +--- aiccu.orig/common/aiccu.c ++++ aiccu/common/aiccu.c +@@ -212,9 +212,6 @@ + fprintf(f, "# Try to automatically login and setup the tunnel?\n"); + fprintf(f, "automatic %s\n", g_aiccu->automatic ? "true" : "false"); + fprintf(f, "\n"); +- fprintf(f, "# Script to run after setting up the interfaces (default: none)\n"); +- fprintf(f, "%ssetupscript %s\n", g_aiccu->setupscript ? "" : "#", g_aiccu->setupscript ? g_aiccu->setupscript : ""); +- fprintf(f, "\n"); + fprintf(f, "# TLS Required?\n"); + fprintf(f, "requiretls %s\n", g_aiccu->requiretls ? "true" : "false"); + fprintf(f, "\n"); +@@ -231,6 +228,9 @@ + fprintf(f, "# PID File\n"); + fprintf(f, "pidfile %s\n", g_aiccu->pidfile); + fprintf(f, "\n"); ++ fprintf(f, "# Script to run after setting up the interfaces (default: none)\n"); ++ fprintf(f, "%ssetupscript %s\n", g_aiccu->setupscript ? "" : "#", g_aiccu->setupscript ? g_aiccu->setupscript : ""); ++ fprintf(f, "\n"); + fprintf(f, "# Make heartbeats (default true)\n"); + fprintf(f, "# In general you don't want to turn this off\n"); + fprintf(f, "# Of course only applies to AYIYA and heartbeat tunnels not to static ones\n"); +--- aiccu.orig/unix-console/main.c ++++ aiccu/unix-console/main.c +@@ -471,6 +471,11 @@ + */ + if (aiccu_setup(hTunnel, true)) + { ++ if (g_aiccu->setupscript) ++ { ++ aiccu_exec("%s", g_aiccu->setupscript); ++ } ++ + /* We need to stay running when doing Heartbeat or AYIYA */ + if ( strcasecmp(hTunnel->sType, "6in4-heartbeat") == 0 || + strcasecmp(hTunnel->sType, "ayiya") == 0) diff --git a/09_binutils_gold.patch b/09_binutils_gold.patch new file mode 100644 index 0000000..4e86fea --- /dev/null +++ b/09_binutils_gold.patch @@ -0,0 +1,15 @@ +Make aiccu compile with ld.gold + +Index: aiccu-20070115/unix-console/Makefile +=================================================================== +--- aiccu-20070115.orig/unix-console/Makefile 2011-02-27 17:43:53.872782002 +0000 ++++ aiccu-20070115/unix-console/Makefile 2011-02-27 17:44:23.372782001 +0000 +@@ -150,7 +150,7 @@ + all: aiccu + + aiccu: $(OBJS) ${SRCS} ${INCS} +- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) ++ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LDFLAGS) + + clean: + $(RM) -f $(OBJS) aiccu diff --git a/10_gnutls34.patch b/10_gnutls34.patch new file mode 100644 index 0000000..e8768ea --- /dev/null +++ b/10_gnutls34.patch @@ -0,0 +1,35 @@ +Description: GnuTLS 3.4 compat. + Use GnuTLS priority NORMAL:+CTYPE-OPENPGP instead of deprecated (and removed in GnuTLS 3.4) function gnutls_certificate_type_set_priority. +Author: Andreas Metzler +Bug-Debian: https://bugs.debian.org/624056 +Origin: vendor +Forwarded: no +Last-Update: 2015-07-25 + +--- aiccu-20070115.orig/common/common.c ++++ aiccu-20070115/common/common.c +@@ -271,8 +271,6 @@ TLSSOCKET sock_alloc(void); + TLSSOCKET sock_alloc(void) + { + #ifdef AICCU_GNUTLS +- /* Allow connections to servers that have OpenPGP keys as well */ +- const int cert_type_priority[3] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; + int ret; + #endif /* AICCU_GNUTLS*/ + +@@ -297,11 +295,10 @@ TLSSOCKET sock_alloc(void) + } + + /* Use default priorities */ +- gnutls_set_default_priority(sock->session); +- /* XXX: Return value is not documented in GNUTLS documentation! */ +- +- gnutls_certificate_type_set_priority(sock->session, cert_type_priority); +- /* XXX: Return value is not documented in GNUTLS documentation! */ ++ /* Allow connections to servers that have OpenPGP keys as well */ ++ gnutls_priority_set_direct(sock->session, ++ "NORMAL:+CTYPE-OPENPGP", ++ NULL); + + /* Configure the x509 credentials for the current session */ + gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred); diff --git a/11_gnutls-cleanup.patch b/11_gnutls-cleanup.patch new file mode 100644 index 0000000..eb2be95 --- /dev/null +++ b/11_gnutls-cleanup.patch @@ -0,0 +1,56 @@ +From: "Barak A. Pearlmutter" +Date: Fri, 17 Aug 2012 12:23:06 +0200 +Subject: gnutls cleanup + +Stop ignoring some gnutls return codes. + +Rewrite call to depricated gnutls_set_default_priority() to use +gnutls_priority_set_direct() instead. + +Remove call to deprecated routine +gnutls_certificate_type_set_priority, no changes necessary. +--- + common/common.c | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +--- a/common/common.c ++++ b/common/common.c +@@ -287,7 +287,7 @@ + + /* Initialize TLS session */ + ret = gnutls_init(&sock->session, GNUTLS_CLIENT); +- if (ret != 0) ++ if (ret != GNUTLS_E_SUCCESS) + { + dolog(LOG_ERR, "TLS Init failed: %s (%d)\n", gnutls_strerror(ret), ret); + free(sock); +@@ -296,13 +296,26 @@ + + /* Use default priorities */ + /* Allow connections to servers that have OpenPGP keys as well */ +- gnutls_priority_set_direct(sock->session, ++ ret = gnutls_priority_set_direct(sock->session, + "NORMAL:+CTYPE-OPENPGP", + NULL); ++ if (ret != GNUTLS_E_SUCCESS) ++ { ++ dolog(LOG_ERR, "TLS set default priority failed: %s (%d)\n", gnutls_strerror(ret), ret); ++ gnutls_deinit(sock->session); ++ free(sock); ++ return NULL; ++ } + + /* Configure the x509 credentials for the current session */ +- gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred); +- /* XXX: Return value is not documented in GNUTLS documentation! */ ++ ret = gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, g_aiccu->tls_cred); ++ if (ret != GNUTLS_E_SUCCESS) ++ { ++ dolog(LOG_ERR, "TLS credentials set failed: %s (%d)\n", gnutls_strerror(ret), ret); ++ gnutls_deinit(sock->session); ++ free(sock); ++ return NULL; ++ } + + #endif /* AICCU_GNUTLS*/ + diff --git a/12_memset-sizeof.patch b/12_memset-sizeof.patch new file mode 100644 index 0000000..91082ef --- /dev/null +++ b/12_memset-sizeof.patch @@ -0,0 +1,31 @@ +From: "Barak A. Pearlmutter" +Date: Sat, 22 Feb 2014 15:49:24 +0000 +Subject: memset sizeof +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Teeny little bug. + +../common/hash_md5.c: In function ‘MD5Final’: +../common/hash_md5.c:134:23: warning: argument to ‘sizeof’ in ‘memset’ call is the same expression as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess] + memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ + +Guess it isn't sensitive. Lucky a pointer takes less space than a struct MD5Context! +--- + common/hash_md5.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/common/hash_md5.c b/common/hash_md5.c +index 160b849..ca4c1b9 100755 +--- a/common/hash_md5.c ++++ b/common/hash_md5.c +@@ -131,7 +131,7 @@ MD5Final(md5byte digest[16], struct MD5Context *ctx) + + byteSwap(ctx->buf, 4); + memcpy(digest, ctx->buf, 16); +- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ ++ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ + } + + #ifndef ASM_MD5 diff --git a/13_autotest_description.patch b/13_autotest_description.patch new file mode 100644 index 0000000..fbd560d --- /dev/null +++ b/13_autotest_description.patch @@ -0,0 +1,16 @@ +Description: Add missing description for "aiccu autotest" +Author: Axel Beckert +Forwarded: not-yet + +--- a/doc/aiccu.1 ++++ b/doc/aiccu.1 +@@ -41,7 +41,8 @@ + to report this back as it should show most obvious problems. + .TP + \fBautotest\fR +-Decription here ++Same as \fBtest\fR but without interactive questions. Piping the ++output of "aiccu autotest" into a log file or "tee" is a good idea. + .TP + \fBlicense\fR + Shows the license aiccu is released under. diff --git a/aiccu.spec b/aiccu.spec index 234afa3..e511666 100644 --- a/aiccu.spec +++ b/aiccu.spec @@ -3,13 +3,24 @@ Summary(pl.UTF-8): AICCU - Klient automatycznych połączeń IPv6 z SixXS Name: aiccu Version: 2007.01.15 %define _fileversion 20070115 -Release: 2 +Release: 3 License: BSD Vendor: SixXS Group: Networking/Utilities Source0: http://www.sixxs.net/archive/sixxs/aiccu/unix/%{name}_%{_fileversion}.tar.gz # Source0-md5: c9bcc83644ed788e22a7c3f3d4021350 Patch0: %{name}-makefile.diff +Patch1: 02_skip-strip.patch +Patch2: 03_no-quiet-gcc.patch +Patch3: 05_spelling-error.patch +Patch4: 06_syslog_openlog.patch +Patch5: 07_allow_tunnels.patch +Patch6: 08_setup_script.patch +Patch7: 09_binutils_gold.patch +Patch8: 10_gnutls34.patch +Patch9: 11_gnutls-cleanup.patch +Patch10: 12_memset-sizeof.patch +Patch11: 13_autotest_description.patch URL: http://www.sixxs.net/tools/aiccu/ Requires(post,preun): /sbin/chkconfig Requires: gnutls @@ -34,6 +45,17 @@ więcej szczegółów. %prep %setup -q -n %{name} %patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 %build %{__make} \ -- 2.44.0