--- vtun-3.0.2.orig/debian/changelog +++ vtun-3.0.2/debian/changelog @@ -0,0 +1,319 @@ +vtun (3.0.2-4build1) oneiric; urgency=low + + * Rebuild for OpenSSL 1.0.0. + + -- Colin Watson Tue, 17 May 2011 11:57:18 +0100 + +vtun (3.0.2-4) unstable; urgency=high + + * Check MAKEDEV existence before invoking it; also, avoid aborting even if + MAKEDEV fails. Code snippet took from mdadm scripts. Closes: #595931. + * debian/source/format: created for compatibility. + * debian/control: bumped Standards-Version with no changes. + + -- Martín Ferrari Mon, 27 Sep 2010 04:42:18 +0200 + +vtun (3.0.2-3) unstable; urgency=low + + * Stop installing deprecated modutils conffile. (Closes: #518314). + * Acknowledging NMU. Thanks Gregor. + * debian/rules: update config.{sub,guess} before each build, closes: + #535720. + * debian/patches: added 07-64bits-segfault.patch, closes: #477707. + * debian/init.d, debian/rules: support for tmpfs in /var, thanks to Stefano + Rivera. Closes: #587342. + * debian/copyright: add exception note for OpenSSL, thanks to Stefano too. + * debian/control: add ${misc:Depends}; bump Standards-Version with no + changes. + * debian/init.d: remove run-level 1 from Default-Stop; sendsigs will take + care. + * debian/postinst: try to detect udev before calling makedev; remove the + devfs check. + * debian/control: add dependency on udev or makedev. + * debian/init.d: add status command, thanks to Stefano Rivera. + + -- Martín Ferrari Tue, 29 Jun 2010 06:25:15 +0200 + +vtun (3.0.2-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix "vtun is broken on 'testing' when IPv6 is configured": apply patch by + Mats Erik Andersson as debian/patches/06-ipv6.patch (closes: #581552). + + -- gregor herrmann Sun, 13 Jun 2010 17:30:52 +0200 + +vtun (3.0.2-2) unstable; urgency=low + + * Acknowledging NMU. Thanks Aurélien. + * Fix duplicate NEWS file (Closes: #501442). + * debian/control: bumped Standards-Version, removed unused debconf + dependency. + * debian/README.source: added to comply with 3.8.0 S-V. + * debian/copyright: s/(C)/©/. + + -- Martín Ferrari Mon, 16 Feb 2009 14:50:37 -0200 + +vtun (3.0.2-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix openpty() wrong usage. (Closes: #499036) + + -- Aurélien GÉRÔME Tue, 13 Jan 2009 19:32:10 +0100 + +vtun (3.0.2-1) unstable; urgency=low + + * New upstream release, fixes incompatibilities with older clients. + * debian/patches/05-cfgfile-bug.dpatch: removed as it was included in + upstream release. + * debian/patches/05-unix98pty.dpatch: added patch to support newer unix98 + interface (Closes: #451931). + * debian/control: + - Bumped Standards-Version (no changes needed). + - Added DM-Upload-Allowed and Vcs-Browser fields. + - Minor description improvements (capitalisation). + - Removed DMUA flag. Updated email address + * debian/rules: + - Fix debian-rules-ignores-make-clean-error. + * debian/init.d: finally make it LSB compliant, thanks Petter for the fix + (NMU'ed) (Closes: #464069). Also add dependency on $network, and avoid + stopping during reboot/shutdown for faster processing. + * debian/{patches,rules,control}: converted from dpatch to quilt, refreshed + all patches. + + -- Martín Ferrari Tue, 22 Jul 2008 20:38:49 -0300 + +vtun (3.0.1-2.1) unstable; urgency=low + + * Non-maintainer upload to solve release goal. + * Add LSB dependency header to init.d scripts (Closes: #464069). + + -- Petter Reinholdtsen Mon, 31 Mar 2008 00:30:54 +0200 + +vtun (3.0.1-2) unstable; urgency=low + + * Fix message in init.d that points to uncompressed NEWS.Debian file. + (Closes: #414502) + * Moved homepage pseudo-field to new source field in debian/control. + + -- Martín Ferrari Wed, 17 Oct 2007 15:09:17 -0300 + +vtun (3.0.1-1) unstable; urgency=low + + * New upstream release. + * Switched to liblzo2 (Closes: #434941) + + -- Martín Ferrari Tue, 31 Jul 2007 20:29:59 +0100 + +vtun (3.0.0-1) unstable; urgency=low + + * New upstream version. + * May not work with encrypted connections to 2.6 vtuns. See upstream bug + #1685781. + + -- Martín Ferrari Fri, 15 Jun 2007 18:12:54 -0300 + +vtun (2.6-7) unstable; urgency=low + + * Corrected a bug in the maintainer scripts, which were preventing correct + rc*.d links from being created, and daemon from starting on + install/upgrade. (Closes: 409247) + * Fixed start behaviour in init script, which caused it to fail when vtun + was already running (and made upgrading fail, when the previous bug was + fixed). + * Moved notice about need to manually restart to a more sensible location. + * Added script to remove configuration file in purge. + + -- Martín Ferrari Sat, 17 Feb 2007 20:18:36 -0300 + +vtun (2.6-6) unstable; urgency=low + + * Patch for correct declaration of types and functions (Closes: #400559). I + had to replace getpt with posix_openpt, because for some obscure reason + getpt was not being defined. Anyway, posix_openpt is the portable way of + doing it. + * Also added some minor fixes to shut up gcc. While doing that, a previously + unknown bug showed up and was fixed. + + -- Martín Ferrari Wed, 29 Nov 2006 18:14:00 -0300 + +vtun (2.6-5) unstable; urgency=low + + * New maintainer. (Closes: #373134: ITA) + * Acknowledge NMU. Thanks bubulle! + * Re-packaged from scratch, with up-to-date autotools, current DH version + and Standards-Version, and removing unneeded dependencies, solving some + bugs in the way. (Closes: #344784) + * Added conditional dependency on debconf-2.0. (Closes: #332139) + * Added warnings about insecure encryption. (Closes: #319449) + * New init.d uses /etc/default/vtun and can handle multiple clients and + one server. (Closes: #262416) + + -- Martín Ferrari Fri, 24 Nov 2006 11:08:26 -0300 + +vtun (2.6-4.1) unstable; urgency=low + + * Non-maintainer upload to fix longstanding l10n issues + * Remove the debconf templates that deals with upgrading from a + pre-woody version. Closes: #388980, #276829, #318155, #330616, #337553 + + -- Christian Perrier Sun, 8 Oct 2006 11:32:34 +0200 + +vtun (2.6-4) unstable; urgency=low + + * Change package from non-US to main. Crypto in main has actually + been acceptable for quite some time now, it seems. + * Add the Japanese po-debconf template translation. + Thanks, Hideki (Closes: #227423). + * Give a mention to tun-source in README.Debian (Closes: #240428). + * Only give mention that vtun needs to be restarted, don't actually + restart it. Some working aroung debhelper was needed for this + sort of thing (Closes: #203575). + * Comment the examples in /etc/vtund.conf (Closes: #262418). + * Change from deprecated dh_installmanpages to dh_installman. + + -- Morgon Kanter Fri, 1 Oct 2004 18:02:28 -0400 + +vtun (2.6-3) unstable; urgency=low + + * Updated policy to version 3.6.1, no change required. + * Removed mentions of "encryption" from the description, added a + README.Encryption file because of recent speculations (but no solid + proof yet) about vtun's security (Closes: #212357). + * Moved sslauth patch from cluster in the diff.gz to a dpatch file. + * Added po-debconf to build-depends. + * Changed "with permissions 644" to "default MAKEDEV permissions" in + postinst because in the future they may not be 644. + * Acknoledge NMU. (Closes: #198156, #208262, #202153) + + -- Morgon Kanter Fri, 26 Sep 2003 18:44:59 -0400 + +vtun (2.6-2.1) unstable; urgency=low + + * NMU + * Added french debconf translation. Thanks, Michel Grentzinger. + Closes: #198156 + * Added dutch debconf translation. Thanks, Tim Vandermeersch. + Closes: #208262 + * Corrected README.Debian about mknod. Closes: #202153 + + -- Christian Perrier Mon, 8 Sep 2003 12:09:53 +0200 + +vtun (2.6-2) unstable; urgency=low + + * Patch so clients now write their PID file as well. (Closes: #197752, #197857) + * Oops, it seems that I stuck the german debconf template in the + wrong place. Thanks to Michel Grentzinger for the patch. (Closes: #197496) + * Started using dpatch to handle patches between versions. + + -- Morgon Kanter Wed, 18 Jun 2003 01:22:35 -0400 + +vtun (2.6-1) unstable; urgency=low + * New upstream release. (Closes: #187796) + + tunnel.c fd leak fixed (Closes: #148770) + + bugs in keeping tap interface up in persist mode fixed (Closes: #148807) + * New maintainer (Closes: #194023) + * Bumped standards version to 3.5.10 + * New gettext-based debconf template translation used. + Thanks for the patch, Andre. (Closes: #190083) + * New Brazilian-Portugese debconf template translation (Thanks, Andre) + * Added a German template (Closes: #138596) + * Removed debian/copyright boilerplate left over from dh_make + * Now just grab the newest config.{sub,guess} from autotools-dev + instead of letting upstream provide them. + * Added an autogen.sh script, and regenerated configure script so + it would work with the new config.{guess,sub}. + * We now use /dev/net/tun, not /dev/net/misc/tun. No idea why we + didn't before, other than "devfs uses it". (Closes: #129968) + * Can now connect an SSL client to a non-SSL server. + Patch by Artur Czechowski. (Closes: #134271) + + -- Morgon Kanter Tue, 20 May 2002 17:33:21 -0400 + +vtun (2.5-4) unstable; urgency=low + + * Fix a broken vtun.config closes: #152689, #152927, 152589, #152886 + * Remove unused files from package closes: #152690 + + -- Greg Olszewski Sun, 14 Jul 2002 18:07:38 -0700 + +vtun (2.5-3) unstable; urgency=low + + * Apply multiple link patches from Alexander Zangerl closes: #97780 + * Fix debconf from repeating the upgrade messages closes: #137901 + * Mention tun-source package in documentation closes: #145844 + + -- Greg Olszewski Tue, 9 Jul 2002 17:39:32 -0700 + +vtun (2.5-2) unstable; urgency=low + + * make /etc/vtund.conf 600 closes: #129967 + * add creation of /dev/misc/net/tun for 2.4 kernels closes: #129968 + + -- Greg Olszewski Wed, 23 Jan 2002 00:28:33 -0800 + +vtun (2.5-1) unstable; urgency=low + + * New upstream version. closes: #102832, #92856, #108070, #109710, #113905 + * added flex, bison to Build-Depends. closes: #100787 + * added psmisc to depends. closes: #115059 + * New maintainer + + -- Greg Olszewski Thu, 17 Jan 2002 16:16:29 -0800 + +vtun (2.4b1-3) unstable; urgency=low + + * these bugs were closed some time ago...closes: #80445, #77493, #81177, #81798 + * no response from person who submitted bug. appears to be configuration error. closes: #69946 + * fixed devfs support. closes: #86388 + * CPU-eating bug with persists was fixed with 2.0b5. Closes: #58752 + + -- Craig Sanders Sat, 31 Mar 2001 12:54:34 +1000 + +vtun (2.4b1-2) unstable; urgency=low + + * added liblzo-dev, zlib1g-dev, libssl096-dev to Build-Depends + * closes Bug#80445 + + -- Craig Sanders Mon, 25 Dec 2000 12:45:47 +1100 + +vtun (2.4b1-1) unstable; urgency=low + + * new upstream version + * several fixes, adds support for tun driver in 2.4 series kernel + + -- Craig Sanders Sun, 24 Dec 2000 12:17:36 +1100 + +vtun (2.3-1) unstable; urgency=low + + * new upstream version + * compiled against libssl-095a + + -- Craig Sanders Sat, 26 Aug 2000 08:41:41 +1000 + +vtun (2.1b3-1) unstable; urgency=low + + * new upstream version + * rewrote init.d script and vtund-start script. Closes: #58449 + * bug #36512 should have been closed ages ago. Closes: #36512 + + -- Craig Sanders Sat, 25 Mar 2000 16:20:56 +1100 + +vtun (1.3-1) unstable; urgency=low + + * new upstream version + * architecture changed from i386 to any. Closes Bug#36512 + + -- Craig Sanders Mon, 26 Apr 1999 08:38:30 +1000 + +vtun (1.2-1) unstable; urgency=low + + * Initial Release. + * created vtund-start perl script to make it easy to run vtund as + as server or as a client. + * cleaned up various compiler warnings by adding "#include " + to cfg_file.l, client.c, lfd_encrypt.c, lib.c, linkfd.c, main.c, and + server.c + + + -- Craig Sanders Sat, 17 Apr 1999 08:22:39 +1000 + --- vtun-3.0.2.orig/debian/rules +++ vtun-3.0.2/debian/rules @@ -0,0 +1,107 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +include /usr/share/quilt/quilt.make + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) + confflags += --build $(DEB_HOST_GNU_TYPE) +else + confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) +endif + +config.status: $(QUILT_STAMPFN) configure + dh_testdir + [ -e orig_config ] || mkdir orig_config + [ ! -f config.sub ] || mv config.sub orig_config + [ ! -f config.guess ] || mv config.guess orig_config + cp /usr/share/misc/config.sub /usr/share/misc/config.guess . + + # Add here commands to configure the package. + ./configure $(confflags) --prefix=/usr \ + --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info \ + --localstatedir=/var \ + --sysconfdir=/etc \ + --enable-lzo CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs" + +build: build-stamp +build-stamp: config.status + dh_testdir + $(MAKE) + touch $@ + +clean: clean-patched unpatch +clean-patched: + dh_testdir + dh_testroot + rm -f build-stamp + + [ ! -f Makefile ] || $(MAKE) distclean + rm -rf $(CURDIR)/debian/tmp + dh_clean + if [ -d orig_config ]; then \ + mv orig_config/config.sub orig_config/config.guess .; \ + rmdir orig_config; \ + fi + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=$(CURDIR)/debian/vtun install + # Created in initscript: + rm -rf $(CURDIR)/debian/vtun/var/lock $(CURDIR)/debian/vtun/var/run + #install -m 755 vtund $(CURDIR)/debian/vtun/usr/sbin/ + # Those are then installed by dh_installexamples + mkdir $(CURDIR)/debian/tmp + sed -n '/#.*CUT HERE.*Server config/,/#.*CUT HERE.*End/p' vtund.conf \ + > $(CURDIR)/debian/tmp/vtund-server.conf + sed -n '/#.*CUT HERE.*Client config/,/#.*CUT HERE.*End/p' vtund.conf \ + > $(CURDIR)/debian/tmp/vtund-client.conf + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installexamples + dh_install + dh_installlogrotate + dh_installinit --no-start + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + chmod 600 $(CURDIR)/debian/vtun/etc/vtund.conf + install -m 644 debian/lintian_override \ + $(CURDIR)/debian/vtun/usr/share/lintian/overrides/vtun + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- vtun-3.0.2.orig/debian/install +++ vtun-3.0.2/debian/install @@ -0,0 +1 @@ +debian/vtund.conf /etc --- vtun-3.0.2.orig/debian/watch +++ vtun-3.0.2/debian/watch @@ -0,0 +1,4 @@ +version=3 + +http://sf.net/vtun/vtun-(.*)\.tar\.gz +#http://downloads.sourceforge.net/vtun/ .*/vtun-(\d.*)\.tar\.gz\?.* --- vtun-3.0.2.orig/debian/README.Encryption +++ vtun-3.0.2/debian/README.Encryption @@ -0,0 +1,12 @@ +This program includes an "encryption" feature intended to protect the tunneled +data as it travels across the network. However, the protocol it uses is known +to be very insecure, and you should not rely on it to deter anyone but a casual +eavesdropper. + +For more information, see: +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319449 +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212357 +http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt +http://www.mit.edu:8008/bloom-picayune/crypto/14238 + +-- Martín Ferrari --- vtun-3.0.2.orig/debian/preinst +++ vtun-3.0.2/debian/preinst @@ -0,0 +1,111 @@ +#!/bin/sh +# vim:ts=4:sw=4:et:ai:sts=4 +# preinst script for vtun + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +update_conf() { + cat < /etc/default/vtun + else + # We need to provide a default configuration + create_conf > /etc/default/vtun + fi + fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +if [ "$1" = upgrade ]; then + echo "vtun must be restarted manually for changes to take effect." +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# + +exit 0 + + --- vtun-3.0.2.orig/debian/lintian_override +++ vtun-3.0.2/debian/lintian_override @@ -0,0 +1,2 @@ +# Conffile that contains passwords and should not be world readable +vtun: non-standard-file-perm etc/vtund.conf 0600 != 0644 --- vtun-3.0.2.orig/debian/README.source +++ vtun-3.0.2/debian/README.source @@ -0,0 +1,5 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +See /usr/share/doc/quilt/README.source for a detailed explanation. --- vtun-3.0.2.orig/debian/compat +++ vtun-3.0.2/debian/compat @@ -0,0 +1 @@ +5 --- vtun-3.0.2.orig/debian/README.Debian +++ vtun-3.0.2/debian/README.Debian @@ -0,0 +1,12 @@ +vtun for Debian +--------------- + +The installed /etc/vtund.conf file is empty except for explanatory comments. + +By default, vtund doesn't start at all, you need to edit /etc/vtund.conf +and set it up for your requirements. See the docs and examples for details. + +You also need to edit /etc/default/vtun and define whether vtund is +being run as a client, as a server or both. + + -- Martín Ferrari Fri, 24 Nov 2006 03:57:22 -0300 --- vtun-3.0.2.orig/debian/init.d +++ vtun-3.0.2/debian/init.d @@ -0,0 +1,102 @@ +#!/bin/sh -e +# vim:ts=4:sw=4:et:ai:sts=4:filetype=sh +### BEGIN INIT INFO +# Provides: vtun +# Required-Start: $remote_fs $syslog $network +# Required-Stop: $remote_fs $syslog $network +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: virtual tunnel over TCP/IP networks +### END INIT INFO +# Runlevels 0 and 6 removed from Default-Stop as the script only kills the +# daemon and that can be done by sendsigs, as sugested by Peter Reinholdtsen. + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/vtund +NAME=vtun +DESC="virtual tunnel daemon" +CONFFILE=/etc/vtund.conf +PIDPREFIX=/var/run/vtund + +test -f $DAEMON || exit 0 +test -f $CONFFILE || exit 0 + +. /lib/lsb/init-functions + +# Include defaults if available +if [ -f /etc/default/$NAME ] ; then + . /etc/default/$NAME +fi + +mkdir -p /var/run/vtund /var/lock/vtund + +case "$1" in + start) + if [ -f /etc/vtund-start.conf ]; then + log_warning_msg "/etc/vtund-start.conf has been replaced!" + if [ -e /usr/share/doc/vtun/NEWS.Debian.gz ]; then + log_warning_msg "Please read /usr/share/doc/vtun/NEWS.Debian.gz" + else + log_warning_msg "Please read /usr/share/doc/vtun/NEWS.Debian" + fi + fi + SOMETHING_STARTED=0 + if [ -n "$RUN_SERVER" ] && [ "$RUN_SERVER" != no ]; then + log_daemon_msg "Starting $DESC server " "$NAME" + start-stop-daemon --start --startas $DAEMON --oknodo \ + --pidfile $PIDPREFIX.server.pid -- -s $SERVER_ARGS + log_end_msg $? + SOMETHING_STARTED=1 + fi + for i in 0 1 2 3 4 5 6 7 8 9; do + eval name=\$CLIENT${i}_NAME + eval host=\$CLIENT${i}_HOST + eval args=\$CLIENT${i}_ARGS + if [ -n "$name" ] && [ -n "$host" ]; then + log_daemon_msg "Starting $DESC client $name to $host " "$NAME" + start-stop-daemon --start --startas $DAEMON --oknodo \ + --pidfile $PIDPREFIX.$name-$host.pid -- $name $host $args + log_end_msg $? + SOMETHING_STARTED=1 + fi + done + if [ "$SOMETHING_STARTED" -eq 0 ]; then + log_failure_msg "$NAME disabled, please adjust the configuration to your needs " + log_failure_msg "and then set RUN_SERVER to 'yes' or configure a client in " + log_failure_msg "/etc/default/$NAME to enable it." + exit 0 + fi + ;; + stop) + for i in $PIDPREFIX*.pid; do + test -f "$i" || continue + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --oknodo --stop --pidfile $i + rm -f $i + done + ;; + status) + for i in 0 1 2 3 4 5 6 7 8 9; do + eval name=\$CLIENT${i}_NAME + eval host=\$CLIENT${i}_HOST + status_of_proc -p $PIDPREFIX.$name-$host.pid $DAEMON vtund && e$ + done + ;; + reload|force-reload) + echo "Reloading vtund."; + for i in $PIDPREFIX*.pid; do + test -f "$i" || continue + start-stop-daemon --oknodo --stop --signal 1 --pidfile $i; + done + ;; + restart) + $0 stop + sleep 1; + $0 start + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|status|force-reload}" >&2 + exit 1 + ;; +esac +exit 0 --- vtun-3.0.2.orig/debian/manpages +++ vtun-3.0.2/debian/manpages @@ -0,0 +1,2 @@ +vtund.8 +vtund.conf.5 --- vtun-3.0.2.orig/debian/autogen.sh +++ vtun-3.0.2/debian/autogen.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# autotools update script, patching first configure.in. Based on +# /usr/share/doc/autotools-dev/examples +# +# Requires: automake 1.9, autoconf 2.57+ +# Conflicts: autoconf 2.13 +set -e + +# Refresh GNU autotools toolchain. +echo Cleaning autotools files... +find -type d -name autom4te.cache -print0 | xargs -0 rm -rf \; +find -type f \( -name missing -o -name install-sh -o -name mkinstalldirs \ + -o -name depcomp -o -name ltmain.sh -o -name configure \ + -o -name config.sub -o -name config.guess \) -print0 | xargs -0 rm -f + +cp -f /usr/share/automake/install-sh . +cp -f /usr/share/misc/config.sub . +cp -f /usr/share/misc/config.guess . + +patch -p0 < debian/configure.in.patch + +echo Running autoreconf... +autoreconf --force --install + +find -type d -name autom4te.cache -print0 | xargs -0 rm -rf \; +rm -f config.h.in~ --- vtun-3.0.2.orig/debian/control +++ vtun-3.0.2/debian/control @@ -0,0 +1,31 @@ +Source: vtun +Section: net +Priority: optional +Maintainer: Martín Ferrari +Build-Depends: debhelper (>= 5), quilt, autotools-dev, liblzo2-dev, + zlib1g-dev, libssl-dev, bison, flex +Standards-Version: 3.9.1 +Homepage: http://vtun.sourceforge.net/ +Vcs-Browser: http://canterville.mine.nu/wsvn/debian/trunk/vtun/ + +Package: vtun +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, udev | makedev +Description: virtual tunnel over TCP/IP networks + VTun is the easiest way to create virtual tunnels over TCP/IP networks + with traffic shaping and compression. + . + It supports IP, PPP, SLIP, Ethernet and other tunnel types. + . + VTun is easily and highly configurable, it can be used for various + network tasks. + . + VTun requires the universal TUN/TAP kernel module which can be found at + http://vtun.sourceforge.net/tun/index.html or in the 2.4 and newer Linux + kernels. + . + Note: This program includes an "encryption" feature intended to protect the + tunneled data as it travels across the network. However, the protocol it uses + is known to be very insecure, and you should not rely on it to deter anyone + but a casual eavesdropper. See the included README.Encryption file for more + information. --- vtun-3.0.2.orig/debian/vtund.conf +++ vtun-3.0.2/debian/vtund.conf @@ -0,0 +1,231 @@ +# +# VTun - Virtual Tunnel over TCP/IP network. +# Copyright (C) 1998-2001 Maxim Krasnyansky +# +# Cleanup of English and spelling by +# Ted Rolle +# +# Configuration file example, please see /usr/share/doc/vtun/examples for +# other examples. +# +# Lines which begin with '#' are comments +# +# File format: +# +# XXXXX { +# option param; option param; +# option param; +# ...... +# } +# Where XXXXX: +# options - General options. +# default - default session options. +# session - Session options. +# +# Options _must_ be grouped by curly braces '{' '}'. +# Each option _must_ end with ';' +# +# ----------- +# General options: +# +# type - Server type. +# 'stand' - Stand alone server (default). +# 'inetd' - Started by inetd. +# Used only by the server. +# +# ----------- +# port - Server TCP port number. +# +# ----------- +# syslog - Syslog facility. +# +# ----------- +# timeout - General VTun timeout. +# +# ----------- +# ppp - Program for the ppp initialization. +# +# ----------- +# ifconfig - Program for the net interface initialization. +# +# ----------- +# route - Program for the routing table manipulation. +# +# ----------- +# firewall - Program for the firewall setup. +# +# ----------- +# +# Session options: +# +# passwd - Password for authentication. +# +# ----------- +# type - Tunnel type. +# 'tun' - IP tunnel (No PPP,Ether,.. headers). +# 'ether' - Ethernet tunnel. +# 'tty' - Serial tunnel, PPP, SLIP, etc. +# 'pipe' - Pipe tunnel. +# Default type is 'tty'. +# Ignored by the client. +# +# ----------- +# device - Network device. +# 'tapXX' - for 'ether' +# 'tunXX' - for 'tun' +# By default VTun will automatically select available +# device. +# +# ----------- +# proto - Protocol. +# 'tcp' - TCP protocol. +# 'udp' - UDP protocol. +# +# 'tcp' is default for all tunnel types. +# 'udp' is recommended for 'ether' and 'tun' only. +# +# This option is ignored by the client. +# +# ----------- +# persist - Persist mode. +# 'yes' - Reconnect to the server after connection +# termination. +# 'no' - Exit after connection termination (default). +# Used only by the client. +# +# ----------- +# keepalive - Enable 'yes' or disable 'no' connection +# keep-alive. Ignored by the client. +# +# ----------- +# timeout - Connect timeout. +# +# ----------- +# compress - Enable 'yes' or disable 'no' compression. +# It is also possible to specify method: +# 'zlib' - ZLIB compression +# 'lzo' - LZO compression +# and level: +# from 1(best speed) to 9(best compression) +# separated by ':'. Default method is 'zlib:1'. +# Ignored by the client. +# +# ----------- +# encrypt - Enable 'yes' or disable 'no' encryption. +# Ignored by the client. +# +# ----------- +# stat - Enable 'yes' or disable 'no' statistics. +# If enabled vtund will log statistic counters every +# 5 minutes. +# +# ----------- +# speed - Speed of the connection in kilobits/second. +# 8,16,32,64,128,256,etc. +# 0 means maximum possible speed without shaping. +# You can specify speed in form IN:OUT. +# IN - to the client, OUT - from the client. +# Single number means same speed for IN and OUT. +# Ignored by the client. +# +# ----------- +# up - List of programs to run after connection has been +# established. Used to initialize protocols, devices, +# routing and firewall. +# Format: +# up { +# option .....; +# option .....; +# }; +# +# down - List of programs to run after connection has been +# terminated. Used to reset protocols, devices, routing +# and firewall. +# Format: +# down { +# option .....; +# option .....; +# }; +# +# 'up' and 'down' options: +# +# program - Run specified program. +# Format: +# program path arguments wait; +# +# path - Full path to the program. +# '/bin/sh' will be used if path was omitted. +# +# arguments - Arguments to pass to the program. +# Must be enclosed in double quotes. +# Special characters and expansions: +# ' (single quotes) - group arguments +# \ (back slash) - escape character +# %%(double percent) - same as %d +# %d - TUN or TAP device or TTY port name +# %A - Local IP address +# %P - Local TCP or UDP port +# %a - Remote IP address +# %p - Remote TCP or UDP port +# +# wait - Wait for the program termination. +# +# ppp - Run program specified by 'ppp' statement in +# 'options' section. +# Format: +# ppp arguments; +# +# ifconfig - Run program specified by 'ifconfig' statement in +# 'options' section. +# Format: +# ifconfig arguments; +# +# route - Run program specified by 'route' statement in +# 'options' section. +# Format: +# route arguments; +# +# firewall - Run program specified by 'firewall' statement in +# 'options' section. +# Format: +# firewall arguments; +# +# ----------- +# srcaddr - Local (source) address. Used to force vtund to bind +# to the specific address and port. +# Format: +# srcaddr { +# option .....; +# option .....; +# }; +# +# 'srcaddr' options: +# +# iface - Use interface address as the Source address. +# Format: +# iface if_name; +# +# addr - Source address. +# Format: +# addr ip_address; +# addr host_name; +# +# port - Source port. +# Format: +# port port_no; +# +# ----------- +# multi - Multiple connections. +# 'yes' or 'allow' - allow multiple connections. +# 'no' or 'deny' - deny multiple connections. +# 'killold' - allow new connection and kill old one. +# Ignored by the client. +# +# ----------- +# Notes: +# Options 'Ignored by the client' are provided by server +# at the connection initialization. +# +# Option names can be abbreviated to a minimum of 4 characters. +# + --- vtun-3.0.2.orig/debian/NEWS +++ vtun-3.0.2/debian/NEWS @@ -0,0 +1,22 @@ +vtun (3.0.0-1) unstable; urgency=low + + May not work with encrypted connections to 2.6 vtuns. See upstream bug + #1685781. + + -- Martín Ferrari Sat, 26 May 2007 23:55:38 -0300 + +vtun (2.6-5) unstable; urgency=low + + Starting from 2.6-5, vtun has stopped using /etc/vtund-start.conf. + Configuration parameters about which instances to create are now stored in + /etc/default/vtun. + The installation script will try to perform an automatic upgrade, please + check that it is OK. + + Pidfiles now include the session name and hostname, so you can have more + than one instance of the same session name. + + Also, now includes a logrotate script for correct housekeeping of dump + files. + + -- Martín Ferrari Thu, 23 Nov 2006 20:34:05 -0300 --- vtun-3.0.2.orig/debian/dirs +++ vtun-3.0.2/debian/dirs @@ -0,0 +1,3 @@ +usr/sbin +var/log/vtund +usr/share/lintian/overrides --- vtun-3.0.2.orig/debian/copyright +++ vtun-3.0.2/debian/copyright @@ -0,0 +1,43 @@ +This package was debianized by Martín Ferrari on +Fri, 24 Nov 2006 03:57:22 -0300. + +It was downloaded from http://vtun.sourceforge.net/ + +Upstream Author: Maxim Krasnyansky + +Copyright © 1998-2003 Maxim Krasnyansky + +License: + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give permission + to link the code of portions of this program with the OpenSSL library under + certain conditions as described in each individual source file, and + distribute linked combinations including the two. + + You must obey the GNU General Public License in all respects for all of the + code used other than OpenSSL. If you modify file(s) with this exception, you + may extend this exception to your version of the file(s), but you are not + obligated to do so. If you do not wish to do so, delete this exception + statement from your version. If you delete this exception statement from all + source files in the program, then also delete it here. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +The Debian packaging is © 2006-2008, Martín Ferrari +and is licensed under the GPL, see above. + --- vtun-3.0.2.orig/debian/postinst +++ vtun-3.0.2/debian/postinst @@ -0,0 +1,56 @@ +#!/bin/sh +# vim:ts=4:sw=4:et:ai:sts=4 +# postinst script for vtun + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + # Make the device /dev/net/tun, which vtun uses. + # Ripped off from mdadm scripts. + MAKEDEV=/dev/MAKEDEV + if [ ! -e /dev/net/tun ] \ + && [ ! -e /dev/.static/dev/net/tun ] \ + && [ ! -e /dev/.devfsd ] \ + && [ -x $MAKEDEV ]; then + + echo -n 'Generating /dev/net/tun... ' >&2 + cd /dev + if $MAKEDEV tun >&2 >/dev/null; then + echo 'done.' >&2 + else + echo 'failed.' >&2 + fi + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- vtun-3.0.2.orig/debian/logrotate +++ vtun-3.0.2/debian/logrotate @@ -0,0 +1,8 @@ +/var/log/vtund/*.dump { + rotate 54 + daily + compress + copytruncate + missingok +} + --- vtun-3.0.2.orig/debian/configure.in.patch +++ vtun-3.0.2/debian/configure.in.patch @@ -0,0 +1,135 @@ +--- configure.in 2006-12-11 04:55:06.000000000 -0300 ++++ debian/configure.in 2007-05-26 12:22:23.000000000 -0300 +@@ -7,7 +7,8 @@ + dnl Process this file with autoconf to produce a configure script. + dnl + +-AC_INIT(lib.c) ++AC_INIT ++AC_CONFIG_SRCDIR([lib.c]) + AC_CONFIG_HEADER(config.h) + + dnl Shapper support +@@ -72,7 +73,7 @@ + + dnl Guess host type. + AC_CANONICAL_HOST +-AC_CANONICAL_SYSTEM ++AC_CANONICAL_TARGET + + dnl Check for programs. + AC_PROG_YACC +@@ -103,18 +104,18 @@ + AC_SEARCH_LIBS(nanosleep, rt posix4) + + dnl Check for setproctitle in libutil +-AC_SEARCH_LIBS(setproctitle, util bsd, AC_DEFINE(HAVE_SETPROC_TITLE) ) ++AC_SEARCH_LIBS(setproctitle, util bsd, AC_DEFINE(HAVE_SETPROC_TITLE, 1, "Check for setproctitle in libutil") ) + + if test "$SHAPER" = "yes"; then +- AC_DEFINE(HAVE_SHAPER) ++ AC_DEFINE(HAVE_SHAPER, 1, "Shaper module") + fi + + if test "$ZLIB" = "yes"; then + AC_MSG_RESULT() +- AC_CHECKING( for ZLIB Library and Header files ... ) ++ AS_MESSAGE([checking for ZLIB Library and Header files ... ...]) + AC_CHECK_LIB(z, deflate, + LIBS="$LIBS -lz" +- AC_DEFINE(HAVE_ZLIB), ++ AC_DEFINE(HAVE_ZLIB, 1, "ZLIB module"), + AC_MSG_ERROR( Zlib library not found.) + ) + fi +@@ -123,7 +124,7 @@ + if test "$LZO" = "yes"; then + LZOCHK="" + AC_MSG_RESULT() +- AC_CHECKING( for LZO Library and Header files ... ) ++ AS_MESSAGE([checking for LZO Library and Header files ... ...]) + AC_SEARCH_HEADERS(lzo_asm.h, + $LZO_HDR_DIR /usr/include/lzo "" /usr/local/include, + LZOCHK="lzo2 lzo", +@@ -141,7 +142,7 @@ + AC_CHECK_LIB($I, lzo1x_decompress, + [ + LIBS="$LIBS -l"$I +- AC_DEFINE(HAVE_LZO) ++ AC_DEFINE(HAVE_LZO, 1, "LZO module") + havelzo=1 + ] + ) +@@ -157,7 +158,7 @@ + + if test "$SSL" = "yes"; then + AC_MSG_RESULT() +- AC_CHECKING( for md5 Library and Header files ... ) ++ AS_MESSAGE([checking for md5 Library and Header files ... ...]) + AC_SEARCH_HEADERS(md5.h, + $SSL_HDR_DIR /usr/include/openssl "" /usr/include /usr/include/ssl /usr/local/include /usr/local/ssl/include /usr/include/sys, + , +@@ -167,14 +168,14 @@ + + if test "$SSL" = "yes"; then + AC_MSG_RESULT() +- AC_CHECKING( for blowfish Library and Header files ... ) ++ AS_MESSAGE([checking for blowfish Library and Header files ... ...]) + AC_SEARCH_HEADERS(blowfish.h, + $BLOWFISH_HDR_DIR /usr/include/ssl /usr/include/openssl /usr/include /usr/local/include /usr/local/ssl/include /usr/include/crypto, + AC_CHECK_LIB(crypto, BF_set_key, + [ + LIBS="$LIBS -lcrypto" +- AC_DEFINE(HAVE_SSL) +- AC_DEFINE(HAVE_SSL_BLOWFISH) ++ AC_DEFINE(HAVE_SSL, 1, "Encryption support") ++ AC_DEFINE(HAVE_SSL_BLOWFISH, 1, "Blowfish encryption support") + ], + AC_MSG_ERROR( SSL library not found. ) + ), +@@ -189,7 +190,7 @@ + $SSL_HDR_DIR /usr/include/ssl /usr/include/openssl /usr/include /usr/local/include /usr/local/ssl/include /usr/include/crypto, + AC_CHECK_LIB(crypto, AES_set_encrypt_key, + [ +- AC_DEFINE(HAVE_SSL_AES) ++ AC_DEFINE(HAVE_SSL_AES, 1, "AES encryption support") + ], + AC_MSG_ERROR( AES library not found. ) + ), +@@ -204,7 +205,7 @@ + $SSL_HDR_DIR /usr/include/ssl /usr/include/openssl /usr/include /usr/local/include /usr/local/ssl/include /usr/include/crypto, + AC_CHECK_LIB(crypto, EVP_EncryptInit, + [ +- AC_DEFINE(HAVE_SSL_EVP) ++ AC_DEFINE(HAVE_SSL_EVP, 1, "EVP encryption support") + ], + AC_MSG_ERROR( EVP library not found. ) + ), +@@ -214,7 +215,7 @@ + + if test "$SOCKS" = "yes"; then + AC_MSG_RESULT() +- AC_CHECKING( for SOCKS Library ... ) ++ AS_MESSAGE([checking for SOCKS Library ... ...]) + AC_CHECK_LIB(socks5, SOCKSconnect, + [ + CFLAGS="$CFLAGS -DVTUN_SOCKS=1" +@@ -232,7 +233,7 @@ + + AC_MSG_RESULT() + +-AC_CHECK_FUNCS([getpt grantpt unlockpt ptsname]) ++AC_CHECK_FUNCS([posix_openpt grantpt unlockpt ptsname]) + + OS_REL=`uname -r | tr -d '[A-Za-z\-\_\.]'` + case $host_os in +@@ -263,6 +264,7 @@ + REL=`echo 'BRANCH-3_X' | tr -d '$: \-' | sed 's/^[A-Za-z]*//' | sed 's/\_/\./'` + changequote([,]) + +-AC_DEFINE_UNQUOTED(VTUN_VER, "$REL `date '+%m/%d/%Y'`") ++AC_DEFINE_UNQUOTED(VTUN_VER, "$REL `date '+%m/%d/%Y'`", "VTun version") + +-AC_OUTPUT(Makefile) ++AC_CONFIG_FILES([Makefile]) ++AC_OUTPUT --- vtun-3.0.2.orig/debian/docs +++ vtun-3.0.2/debian/docs @@ -0,0 +1,5 @@ +Credits +FAQ +README.Setup +README.Shaper +debian/README.Encryption --- vtun-3.0.2.orig/debian/postrm +++ vtun-3.0.2/debian/postrm @@ -0,0 +1,42 @@ +#!/bin/sh +# postrm script for vtun +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + rm -f /etc/default/vtun + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- vtun-3.0.2.orig/debian/examples +++ vtun-3.0.2/debian/examples @@ -0,0 +1,4 @@ +scripts/reroute +vtund.conf +debian/tmp/vtund-client.conf +debian/tmp/vtund-server.conf --- vtun-3.0.2.orig/debian/source/format +++ vtun-3.0.2/debian/source/format @@ -0,0 +1 @@ +1.0 --- vtun-3.0.2.orig/debian/patches/06-ipv6.patch +++ vtun-3.0.2/debian/patches/06-ipv6.patch @@ -0,0 +1,73 @@ +Description: Replace gethostbyname() with getaddrinfo(). + In recent versions of glibc, a call to gethostbyname() + will be default return an IPv6 reference as first entry. + This completely breaks communication between the vtund + server instance and the vtund client instance. + . + The solution to this clash is to migrate the code in + 'netlib.c' to use getaddrinfo(), since this function + can easily be configured to only return IPv4 addresses. +Author: Mats Erik Andersson +Forwarded: no +Last-Update: 2010-05-13 +--- vtun-3.0.2.debian/netlib.c ++++ vtun-3.0.2/netlib.c +@@ -229,21 +229,23 @@ int local_addr(struct sockaddr_in *addr, + + int server_addr(struct sockaddr_in *addr, struct vtun_host *host) + { +- struct hostent * hent; ++ struct addrinfo hints, *aiptr; + + memset(addr,0,sizeof(struct sockaddr_in)); +- addr->sin_family = AF_INET; +- addr->sin_port = htons(vtun.bind_addr.port); ++ memset(&hints, '\0', sizeof(hints)); ++ hints.ai_family = AF_INET; + + /* Lookup server's IP address. + * We do it on every reconnect because server's IP + * address can be dynamic. + */ +- if( !(hent = gethostbyname(vtun.svr_name)) ){ ++ if( getaddrinfo(vtun.svr_name, NULL, &hints, &aiptr) ){ + vtun_syslog(LOG_ERR, "Can't resolv server address: %s", vtun.svr_name); + return -1; + } +- addr->sin_addr.s_addr = *(unsigned long *)hent->h_addr; ++ memcpy(addr, aiptr->ai_addr, aiptr->ai_addrlen); ++ addr->sin_port = htons(vtun.bind_addr.port); ++ freeaddrinfo(aiptr); + + host->sopt.raddr = strdup(inet_ntoa(addr->sin_addr)); + host->sopt.rport = vtun.bind_addr.port; +@@ -254,8 +256,11 @@ int server_addr(struct sockaddr_in *addr + /* Set address by interface name, ip address or hostname */ + int generic_addr(struct sockaddr_in *addr, struct vtun_addr *vaddr) + { +- struct hostent *hent; ++ struct addrinfo hints, *aiptr; ++ + memset(addr, 0, sizeof(struct sockaddr_in)); ++ memset(&hints, '\0', sizeof(hints)); ++ hints.ai_family = AF_INET; + + addr->sin_family = AF_INET; + +@@ -270,13 +275,14 @@ int generic_addr(struct sockaddr_in *add + } + break; + case VTUN_ADDR_NAME: +- if (!(hent = gethostbyname(vaddr->name))) { ++ if( getaddrinfo(vaddr->name, NULL, &hints, &aiptr) ){ + vtun_syslog(LOG_ERR, + "Can't resolv local address %s", + vaddr->name); + return -1; + } +- addr->sin_addr.s_addr = *(unsigned long *) hent->h_addr; ++ memcpy(addr, aiptr->ai_addr, aiptr->ai_addrlen); ++ freeaddrinfo(aiptr); + break; + default: + addr->sin_addr.s_addr = INADDR_ANY; --- vtun-3.0.2.orig/debian/patches/04-implicit-pointer-conversions.patch +++ vtun-3.0.2/debian/patches/04-implicit-pointer-conversions.patch @@ -0,0 +1,134 @@ +04-implicit-pointer-conversions.dpatch by Martín Ferrari + +http://sourceforge.net/support/tracker.php?aid=1744571 + + Patch for correct declaration of types and functions. Missing includes, + forward declarations and also I had to replace getpt with posix_openpt, + because for some obscure reason it was not being defined. Anyway, + posix_openpt is the portable way of doing it. + +@DPATCH@ +Index: vtun/generic/pty_dev.c +=================================================================== +--- vtun.orig/generic/pty_dev.c ++++ vtun/generic/pty_dev.c +@@ -19,7 +19,9 @@ + /* + * $Id: pty_dev.c,v 1.4.2.2 2008/01/07 22:36:13 mtbishop Exp $ + */ +- ++/* Althought differing from documentation, this is necessary to have ++ * posix_openpt in GNU libc */ ++#define _XOPEN_SOURCE 600 + #include "config.h" + + #include +@@ -39,10 +41,10 @@ + int pty_open(char *sl_name) + { + int mr_fd; +-#if defined (HAVE_GETPT) && defined (HAVE_GRANTPT) && defined (HAVE_UNLOCKPT) && defined (HAVE_PTSNAME) ++#if defined (HAVE_POSIX_OPENPT) && defined (HAVE_GRANTPT) && defined (HAVE_UNLOCKPT) && defined (HAVE_PTSNAME) + char *ptyname; + +- if((mr_fd=getpt()) < 0) ++ if((mr_fd=posix_openpt(O_RDWR|O_NOCTTY)) < 0) + return -1; + if(grantpt(mr_fd) != 0) + return -1; +Index: vtun/lfd_encrypt.c +=================================================================== +--- vtun.orig/lfd_encrypt.c ++++ vtun/lfd_encrypt.c +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include "vtun.h" + #include "linkfd.h" +@@ -101,6 +102,11 @@ EVP_CIPHER_CTX ctx_dec; /* decrypt */ + EVP_CIPHER_CTX ctx_enc_ecb; /* sideband ecb encrypt */ + EVP_CIPHER_CTX ctx_dec_ecb; /* sideband ecb decrypt */ + ++int send_msg(int len, char *in, char **out); ++int send_ib_mesg(int *len, char **in); ++int recv_msg(int len, char *in, char **out); ++int recv_ib_mesg(int *len, char **in); ++ + int prep_key(char **key, int size, struct vtun_host *host) + { + int tmplen, halflen; +Index: vtun/lfd_lzo.c +=================================================================== +--- vtun.orig/lfd_lzo.c ++++ vtun/lfd_lzo.c +@@ -35,6 +35,7 @@ + + #ifdef HAVE_LZO + ++#include + #include "lzo1x.h" + #include "lzoutil.h" + +Index: vtun/lfd_shaper.c +=================================================================== +--- vtun.orig/lfd_shaper.c ++++ vtun/lfd_shaper.c +@@ -31,6 +31,7 @@ + #include "vtun.h" + #include "linkfd.h" + #include "lib.h" ++#include + + /* + * Shaper module. +Index: vtun/lib.c +=================================================================== +--- vtun.orig/lib.c ++++ vtun/lib.c +@@ -38,6 +38,7 @@ + #include "vtun.h" + #include "linkfd.h" + #include "lib.h" ++#include + + volatile sig_atomic_t __io_canceled = 0; + +Index: vtun/lib.h +=================================================================== +--- vtun.orig/lib.h ++++ vtun/lib.h +@@ -23,6 +23,7 @@ + #define _VTUN_LIB_H + + #include "config.h" ++#include + #include + #include + #include +Index: vtun/lock.c +=================================================================== +--- vtun.orig/lock.c ++++ vtun/lock.c +@@ -37,6 +37,7 @@ + #include "linkfd.h" + #include "lib.h" + #include "lock.h" ++#include + + int create_lock(char * file) + { +Index: vtun/server.c +=================================================================== +--- vtun.orig/server.c ++++ vtun/server.c +@@ -49,6 +49,7 @@ + #include "auth.h" + + #include "compat.h" ++#include "netlib.h" + + static volatile sig_atomic_t server_term; + static void sig_term(int sig) --- vtun-3.0.2.orig/debian/patches/01-pidfile.patch +++ vtun-3.0.2/debian/patches/01-pidfile.patch @@ -0,0 +1,86 @@ +01-pidfile.patch by Morgon Kanter and Martín Ferrari +http://sourceforge.net/support/tracker.php?aid=762822 + + + This patch changes main.c so clients write their PID-file as + well as servers. It also allows a tag to be added to the filename. + +diff -urNad vtun-3.0.0~/Makefile.in vtun-3.0.0/Makefile.in +--- vtun-3.0.0~/Makefile.in 2006-12-11 04:55:06.000000000 -0300 ++++ vtun-3.0.0/Makefile.in 2007-05-26 12:38:24.000000000 -0300 +@@ -38,12 +38,12 @@ + ETC_DIR = @sysconfdir@ + VAR_DIR = @localstatedir@ + +-PID_FILE = ${VAR_DIR}/run/vtund.pid ++PID_DIR = ${VAR_DIR}/run + CFG_FILE = ${ETC_DIR}/vtund.conf + STAT_DIR = ${VAR_DIR}/log/vtund + LOCK_DIR = ${VAR_DIR}/lock/vtund + +-DEFS = -DVTUN_CONFIG_FILE=\"$(CFG_FILE)\" -DVTUN_PID_FILE=\"$(PID_FILE)\" \ ++DEFS = -DVTUN_CONFIG_FILE=\"$(CFG_FILE)\" -DVTUN_PID_DIR=\"$(PID_DIR)\" \ + -DVTUN_STAT_DIR=\"$(STAT_DIR)\" -DVTUN_LOCK_DIR=\"$(LOCK_DIR)\" + + OBJS = main.o cfg_file.tab.o cfg_file.lex.o server.o client.o lib.o \ +diff -urNad vtun-3.0.0~/main.c vtun-3.0.0/main.c +--- vtun-3.0.0~/main.c 2007-05-26 12:38:23.000000000 -0300 ++++ vtun-3.0.0/main.c 2007-05-26 12:38:24.000000000 -0300 +@@ -43,7 +43,7 @@ + struct vtun_opts vtun; + struct vtun_host default_host; + +-void write_pid(void); ++void write_pid(char *, char *); + void reread_config(int sig); + void usage(void); + +@@ -209,11 +209,12 @@ + init_title(argc,argv,env,"vtund[s]: "); + + if( vtun.svr_type == VTUN_STAND_ALONE ) +- write_pid(); ++ write_pid("server", NULL); + + server(sock); + } else { + init_title(argc,argv,env,"vtund[c]: "); ++ write_pid(host->host, vtun.svr_name); + client(host); + } + +@@ -224,15 +225,29 @@ + + /* + * Very simple PID file creation function. Used by server. +- * Overrides existing file. ++ * Overrides existing file. Optionally adds session name and host name to the ++ * pidfile name (this naming is very confusing, as the session is referred as ++ * host most of the time) + */ +-void write_pid(void) ++void write_pid(char *session, char *host) + { ++ char fn[1024]; + FILE *f; + +- if( !(f=fopen(VTUN_PID_FILE,"w")) ){ +- vtun_syslog(LOG_ERR,"Can't write PID file"); +- return; ++ if(session != NULL && host != NULL) { ++ snprintf(fn, sizeof(fn), "%s/vtund.%s-%s.pid", VTUN_PID_DIR, session, ++ host); ++ } else if(session != NULL) { ++ snprintf(fn, sizeof(fn), "%s/vtund.%s.pid", VTUN_PID_DIR, session); ++ } else { ++ snprintf(fn, sizeof(fn), "%s/vtund.pid", VTUN_PID_DIR); ++ } ++ /* Make sure the PID file is not there before opening it for writing. */ ++ unlink(fn); ++ ++ if( !(f = fopen(fn, "w")) ) { ++ syslog(LOG_ERR, "Can't write PID file %s: %s", fn, strerror(errno)); ++ return; + } + + fprintf(f,"%d",(int)getpid()); --- vtun-3.0.2.orig/debian/patches/05-unix98pty.patch +++ vtun-3.0.2/debian/patches/05-unix98pty.patch @@ -0,0 +1,81 @@ +05-unix98pty.patch by Christoph Thielecke + +http://sourceforge.net/tracker/index.php?func=detail&aid=1692526&group_id=2947&atid=102947 + +DP: Patch to allow the use of unix 98 pts + +Index: vtun-3.0.2/generic/pty_dev.c +=================================================================== +--- vtun-3.0.2.orig/generic/pty_dev.c 2009-01-13 19:36:05.000000000 +0100 ++++ vtun-3.0.2/generic/pty_dev.c 2009-01-13 19:36:27.000000000 +0100 +@@ -31,6 +31,8 @@ + #include + #include + ++#include ++ + #include "vtun.h" + #include "lib.h" + +@@ -57,31 +59,29 @@ + + #else + +- char ptyname[] = "/dev/ptyXY"; +- char ch[] = "pqrstuvwxyz"; +- char digit[] = "0123456789abcdefghijklmnopqrstuv"; ++ char ptyname[1024]; + int l, m; ++ int master, slave; ++ ++ /* This algorithm works for UNIX98 PTS */ + +- /* This algorithm should work for almost all standard Unices */ +- for(l=0; ch[l]; l++ ) { +- for(m=0; digit[m]; m++ ) { +- ptyname[8] = ch[l]; +- ptyname[9] = digit[m]; +- /* Open the master */ +- if( (mr_fd=open(ptyname, O_RDWR)) < 0 ) +- continue; ++ /* Open the master */ ++ mr_fd = openpty(&master, &slave, ptyname, NULL, NULL); ++ if (mr_fd == -1) ++ { ++ printf("error open pty"); ++ return -1; ++ } ++ else ++ { + /* Check the slave */ +- ptyname[5] = 't'; + if( (access(ptyname, R_OK | W_OK)) < 0 ){ +- close(mr_fd); +- ptyname[5] = 'p'; +- continue; ++ /* close(mr_fd); */ ++ return -1; + } + strcpy(sl_name,ptyname); +- return mr_fd; +- } +- } +- return -1; ++ return master; ++ } + #endif + } + +Index: vtun-3.0.2/Makefile.in +=================================================================== +--- vtun-3.0.2.orig/Makefile.in 2009-01-13 19:36:05.000000000 +0100 ++++ vtun-3.0.2/Makefile.in 2009-01-13 19:36:05.000000000 +0100 +@@ -19,7 +19,7 @@ + # + CC = @CC@ + CFLAGS = @CFLAGS@ @CPPFLAGS@ +-LDFLAGS = @LIBS@ ++LDFLAGS = @LIBS@ -lutil + + YACC = @YACC@ + YACCFLAGS = -d --- vtun-3.0.2.orig/debian/patches/02-dumpfile.patch +++ vtun-3.0.2/debian/patches/02-dumpfile.patch @@ -0,0 +1,20 @@ +02-dumpfile.patch by Martín Ferrari + +http://sourceforge.net/support/tracker.php?aid=1744569 + + Patch to add an extension to dump files, so they can be managed by + logrotate + +Index: vtun/linkfd.c +=================================================================== +--- vtun.orig/linkfd.c ++++ vtun/linkfd.c +@@ -393,7 +393,7 @@ int linkfd(struct vtun_host *host) + sa.sa_handler=sig_usr1; + sigaction(SIGUSR1,&sa,NULL); + +- sprintf(file,"%s/%.20s", VTUN_STAT_DIR, host->host); ++ sprintf(file,"%s/%.20s.dump", VTUN_STAT_DIR, host->host); + if( (host->stat.file=fopen(file, "a")) ){ + setvbuf(host->stat.file, NULL, _IOLBF, 0); + alarm(VTUN_STAT_IVAL); --- vtun-3.0.2.orig/debian/patches/00-sslauth.patch +++ vtun-3.0.2/debian/patches/00-sslauth.patch @@ -0,0 +1,272 @@ +00-sslauth.patch by Artur R. Czechowski +http://sourceforge.net/support/tracker.php?aid=1744566 + + This patch allows ssl-enabled clients to connect to + non-ssl-enabled servers and vice versa. It also enables use + of /dev/random based encryption instead of C's built-in + (and rather weak) rand() function. + +Index: vtun/auth.c +=================================================================== +--- vtun.orig/auth.c ++++ vtun/auth.c +@@ -23,6 +23,10 @@ + /* + * Challenge based authentication. + * Thanx to Chris Todd for the good idea. ++ * ++ * Artur R. Czechowski , 02/17/2002 ++ * Add support for connectin ssl to non-ssl vtuns (sslauth option) ++ * Use /dev/random in non-ssl gen_chal (if possible) + */ + + #include "config.h" +@@ -55,34 +59,57 @@ + #include "lock.h" + #include "auth.h" + +-/* Encryption and Decryption of the challenge key */ + #ifdef HAVE_SSL + + #include + #include + #include + ++#endif /* HAVE_SSL */ ++ ++/* Okay, start the "blue-wire" non-ssl auth patch stuff */ ++void nonssl_encrypt_chal(char *chal, char *pwd) ++{ ++ char *xor_msk = pwd; ++ register int i, xor_len = strlen(xor_msk); ++ ++ syslog(LOG_INFO, "Use nonSSL-aware challenge/response"); ++ for(i=0; i < VTUN_CHAL_SIZE; i++) ++ chal[i] ^= xor_msk[i%xor_len]; ++} ++ ++inline void nonssl_decrypt_chal(char *chal, char *pwd) ++{ ++ nonssl_encrypt_chal(chal, pwd); ++} ++/* Mostly ended here, other than a couple replaced #ifdefs */ ++ ++/* Encryption and Decryption of the challenge-key */ ++#ifdef HAVE_SSL ++ + void gen_chal(char *buf) + { + RAND_bytes(buf, VTUN_CHAL_SIZE); + } + +-void encrypt_chal(char *chal, char *pwd) ++void ssl_encrypt_chal(char *chal, char *pwd) + { + register int i; + BF_KEY key; + ++ syslog(LOG_INFO, "Use SSL-aware challenge/response"); + BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); + + for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) + BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT); + } + +-void decrypt_chal(char *chal, char *pwd) ++void ssl_decrypt_chal(char *chal, char *pwd) + { + register int i; + BF_KEY key; + ++ syslog(LOG_INFO, "Use SSL-aware challenge/response"); + BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); + + for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) +@@ -91,30 +118,43 @@ void decrypt_chal(char *chal, char *pwd) + + #else /* HAVE_SSL */ + +-void encrypt_chal(char *chal, char *pwd) +-{ +- char * xor_msk = pwd; +- register int i, xor_len = strlen(xor_msk); +- +- for(i=0; i < VTUN_CHAL_SIZE; i++) +- chal[i] ^= xor_msk[i%xor_len]; +-} +- +-void inline decrypt_chal(char *chal, char *pwd) +-{ +- encrypt_chal(chal, pwd); +-} +- + /* Generate PSEUDO random challenge key. */ + void gen_chal(char *buf) + { + register int i; +- +- srand(time(NULL)); ++ unsigned int seed; ++ char *pseed; ++ int fd,cnt,len; ++ ++ if((fd=open("/dev/random",O_RDONLY))!=-1) { ++ pseed=(char *)&seed; ++ len=cnt=sizeof(seed); ++ while(cnt>0) { ++ cnt=read(fd,pseed,len); ++ len=len-cnt; ++ pseed=pseed+cnt; ++ } ++ } else { ++ seed=time(NULL); ++ } ++ srand(seed); + + for(i=0; i < VTUN_CHAL_SIZE; i++) + buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX); + } ++ ++void ssl_encrypt_chal(char *chal, char *pwd) ++{ ++ syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'"); ++ nonssl_encrypt_chal(chal,pwd); ++} ++ ++void ssl_decrypt_chal(char *chal, char *pwd) ++{ ++ syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support - fallback to `sslauth no'"); ++ nonssl_decrypt_chal(chal,pwd); ++} ++ + #endif /* HAVE_SSL */ + + /* +@@ -353,7 +393,11 @@ struct vtun_host * auth_server(int fd) + if( !(h = find_host(host)) ) + break; + +- decrypt_chal(chal_res, h->passwd); ++ if (h->sslauth) { ++ ssl_decrypt_chal(chal_res, h->passwd); ++ } else { ++ nonssl_decrypt_chal(chal_res, h->passwd); ++ } + + if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){ + /* Auth successeful. */ +@@ -405,7 +449,11 @@ int auth_client(int fd, struct vtun_host + if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){ + stage = ST_CHAL; + +- encrypt_chal(chal,host->passwd); ++ if (host->sslauth) { ++ ssl_encrypt_chal(chal,host->passwd); ++ } else { ++ nonssl_encrypt_chal(chal,host->passwd); ++ } + print_p(fd,"CHAL: %s\n", cl2cs(chal)); + + continue; +Index: vtun/cfg_file.y +=================================================================== +--- vtun.orig/cfg_file.y ++++ vtun/cfg_file.y +@@ -74,7 +74,7 @@ int yyerror(char *s); + %token K_OPTIONS K_DEFAULT K_PORT K_BINDADDR K_PERSIST K_TIMEOUT + %token K_PASSWD K_PROG K_PPP K_SPEED K_IFCFG K_FWALL K_ROUTE K_DEVICE + %token K_MULTI K_SRCADDR K_IFACE K_ADDR +-%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT ++%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT K_SSLAUTH + %token K_UP K_DOWN K_SYSLOG K_IPROUTE + + %token K_HOST K_ERROR +@@ -284,6 +284,13 @@ host_option: '\n' + } + compress + ++ | K_SSLAUTH NUM { ++ parse_host->sslauth = $2; ++ ++ if(vtun.sslauth == -1) ++ vtun.sslauth = $2; ++ } ++ + | K_ENCRYPT NUM { + if( $2 ){ + parse_host->flags |= VTUN_ENCRYPT; +Index: vtun/cfg_kwords.h +=================================================================== +--- vtun.orig/cfg_kwords.h ++++ vtun/cfg_kwords.h +@@ -37,6 +37,7 @@ struct kword cfg_keyword[] = { + { "addr", K_ADDR }, + { "iface", K_IFACE }, + { "bindaddr", K_BINDADDR }, ++ { "sslauth", K_SSLAUTH }, + { "persist", K_PERSIST }, + { "multi", K_MULTI }, + { "iface", K_IFACE }, +Index: vtun/main.c +=================================================================== +--- vtun.orig/main.c ++++ vtun/main.c +@@ -63,6 +63,7 @@ int main(int argc, char *argv[], char *e + vtun.cfg_file = VTUN_CONFIG_FILE; + vtun.persist = -1; + vtun.timeout = -1; ++ vtun.sslauth = -1; + + /* Dup strings because parser will try to free them */ + vtun.ppp = strdup("/usr/sbin/pppd"); +@@ -85,6 +86,11 @@ int main(int argc, char *argv[], char *e + default_host.ka_interval = 30; + default_host.ka_failure = 4; + default_host.loc_fd = default_host.rmt_fd = -1; ++#ifdef HAVE_SSL ++ default_host.sslauth = 1; ++#else /* HAVE_SSL */ ++ default_host.sslauth = 0; ++#endif /* HAVE_SSL */ + + /* Start logging to syslog and stderr */ + openlog("vtund", LOG_PID | LOG_NDELAY | LOG_PERROR, LOG_DAEMON); +@@ -158,6 +164,16 @@ int main(int argc, char *argv[], char *e + vtun.persist = 0; + if(vtun.timeout == -1) + vtun.timeout = VTUN_TIMEOUT; ++ /* ++ * Want to save behaviour from older version: stronger authentication ++ * if compiled with --enable-ssl, weaker otherwise ++ */ ++ if(vtun.sslauth == -1) ++#ifdef HAVE_SSL ++ vtun.sslauth = 1; ++#else /* HAVE_SSL */ ++ vtun.sslauth = 0; ++#endif /* HAVE_SSL */ + + switch( vtun.svr_type ){ + case -1: +Index: vtun/vtun.h +=================================================================== +--- vtun.orig/vtun.h ++++ vtun/vtun.h +@@ -99,6 +99,9 @@ struct vtun_host { + int rmt_fd; + int loc_fd; + ++ /* SSL strong auth */ ++ int sslauth; ++ + /* Persist mode */ + int persist; + +@@ -193,6 +196,7 @@ extern llist host_list; + struct vtun_opts { + int timeout; + int persist; ++ int sslauth; + + char *cfg_file; + --- vtun-3.0.2.orig/debian/patches/07-64bits-segfault.patch +++ vtun-3.0.2/debian/patches/07-64bits-segfault.patch @@ -0,0 +1,27 @@ +Author: Bjorn Gronvall +Description: On systems (e.g FreeBSD amd64) where sizeof(unsigned int) differs + from sizeof(lzo_uint) this patch is necessary for correct operation. +Last-Update: 2010-06-29 + +Index: vtun/lfd_lzo.c +=================================================================== +--- vtun.orig/lfd_lzo.c ++++ vtun/lfd_lzo.c +@@ -104,7 +104,7 @@ int free_lzo() + */ + int comp_lzo(int len, char *in, char **out) + { +- unsigned int zlen = 0; ++ lzo_uint zlen = 0; + int err; + + if( (err=lzo1x_compress((void *)in,len,zbuf,&zlen,wmem)) != LZO_E_OK ){ +@@ -118,7 +118,7 @@ int comp_lzo(int len, char *in, char **o + + int decomp_lzo(int len, char *in, char **out) + { +- unsigned int zlen = 0; ++ lzo_uint zlen = 0; + int err; + + if( (err=lzo1x_decompress((void *)in,len,zbuf,&zlen,wmem)) != LZO_E_OK ){ --- vtun-3.0.2.orig/debian/patches/series +++ vtun-3.0.2/debian/patches/series @@ -0,0 +1,8 @@ +00-sslauth.patch +01-pidfile.patch +02-dumpfile.patch +03-signedness-warnings.patch +04-implicit-pointer-conversions.patch +05-unix98pty.patch +06-ipv6.patch +07-64bits-segfault.patch --- vtun-3.0.2.orig/debian/patches/03-signedness-warnings.patch +++ vtun-3.0.2/debian/patches/03-signedness-warnings.patch @@ -0,0 +1,217 @@ +03-signedness-warnings.dpatch by Martín Ferrari + +http://sourceforge.net/support/tracker.php?aid=1744570 + + Various explicit casts to stop gcc from complaining. It'd be better to + fix the prototypes, but that's much more intrusive. + +Index: vtun/auth.c +=================================================================== +--- vtun.orig/auth.c ++++ vtun/auth.c +@@ -89,7 +89,7 @@ inline void nonssl_decrypt_chal(char *ch + + void gen_chal(char *buf) + { +- RAND_bytes(buf, VTUN_CHAL_SIZE); ++ RAND_bytes((unsigned char *)buf, VTUN_CHAL_SIZE); + } + + void ssl_encrypt_chal(char *chal, char *pwd) +@@ -98,10 +98,10 @@ void ssl_encrypt_chal(char *chal, char * + BF_KEY key; + + syslog(LOG_INFO, "Use SSL-aware challenge/response"); +- BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); ++ BF_set_key(&key, 16, MD5((unsigned char *)pwd,strlen(pwd),NULL)); + + for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) +- BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT); ++ BF_ecb_encrypt((unsigned char *)chal + i, (unsigned char *)chal + i, &key, BF_ENCRYPT); + } + + void ssl_decrypt_chal(char *chal, char *pwd) +@@ -110,10 +110,10 @@ void ssl_decrypt_chal(char *chal, char * + BF_KEY key; + + syslog(LOG_INFO, "Use SSL-aware challenge/response"); +- BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); ++ BF_set_key(&key, 16, MD5((unsigned char *)pwd,strlen(pwd),NULL)); + + for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) +- BF_ecb_encrypt(chal + i, chal + i, &key, BF_DECRYPT); ++ BF_ecb_encrypt((unsigned char *)chal + i, (unsigned char *)chal + i, &key, BF_DECRYPT); + } + + #else /* HAVE_SSL */ +Index: vtun/lfd_encrypt.c +=================================================================== +--- vtun.orig/lfd_encrypt.c ++++ vtun/lfd_encrypt.c +@@ -118,12 +118,12 @@ int prep_key(char **key, int size, struc + tmplen = strlen(host->passwd); + if (tmplen != 0) halflen = tmplen>>1; + else halflen = 0; +- MD5(host->passwd, halflen, hashkey); +- MD5((host->passwd)+halflen, tmplen-halflen, hashkey+16); ++ MD5((unsigned char *)host->passwd, halflen, (unsigned char *)hashkey); ++ MD5((unsigned char *)(host->passwd)+halflen, tmplen-halflen, (unsigned char *)hashkey+16); + } + else if (size == 16) + { +- MD5(host->passwd,strlen(host->passwd), hashkey); ++ MD5((unsigned char *)host->passwd,strlen(host->passwd), (unsigned char *)hashkey); + } + else + { +@@ -163,7 +163,7 @@ int alloc_encrypt(struct vtun_host *host + return -1; + } + +- RAND_bytes((char *)&sequence_num, 4); ++ RAND_bytes((unsigned char *)&sequence_num, 4); + gibberish = 0; + gib_time_start = 0; + phost = host; +@@ -263,8 +263,8 @@ int alloc_encrypt(struct vtun_host *host + EVP_CIPHER_CTX_set_key_length(pctx_enc, keysize); + EVP_CIPHER_CTX_set_key_length(pctx_dec, keysize); + } +- EVP_EncryptInit_ex(pctx_enc, NULL, NULL, pkey, NULL); +- EVP_DecryptInit_ex(pctx_dec, NULL, NULL, pkey, NULL); ++ EVP_EncryptInit_ex(pctx_enc, NULL, NULL, (unsigned char *)pkey, NULL); ++ EVP_DecryptInit_ex(pctx_dec, NULL, NULL, (unsigned char *)pkey, NULL); + EVP_CIPHER_CTX_set_padding(pctx_enc, 0); + EVP_CIPHER_CTX_set_padding(pctx_dec, 0); + if (sb_init) +@@ -317,8 +317,8 @@ int encrypt_buf(int len, char *in, char + memset(in_ptr+len, pad, pad); + outlen=len+pad; + if (pad == blocksize) +- RAND_bytes(in_ptr+len, blocksize-1); +- EVP_EncryptUpdate(&ctx_enc, out_ptr, &outlen, in_ptr, len+pad); ++ RAND_bytes((unsigned char *)in_ptr+len, blocksize-1); ++ EVP_EncryptUpdate(&ctx_enc, (unsigned char *)out_ptr, &outlen, (unsigned char *)in_ptr, len+pad); + *out = enc_buf; + + sequence_num++; +@@ -338,7 +338,7 @@ int decrypt_buf(int len, char *in, char + + outlen=len; + if (!len) return 0; +- EVP_DecryptUpdate(&ctx_dec, out_ptr, &outlen, in_ptr, len); ++ EVP_DecryptUpdate(&ctx_dec, (unsigned char *)out_ptr, &outlen, (unsigned char *)in_ptr, len); + recv_ib_mesg(&outlen, &out_ptr); + if (!outlen) return 0; + tmp_ptr = out_ptr + outlen; tmp_ptr--; +@@ -430,8 +430,8 @@ int cipher_enc_init(char * iv) + EVP_EncryptInit_ex(&ctx_enc, cipher_type, NULL, NULL, NULL); + if (var_key) + EVP_CIPHER_CTX_set_key_length(&ctx_enc, keysize); +- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, pkey, NULL); +- EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, iv); ++ EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, (unsigned char *)pkey, NULL); ++ EVP_EncryptInit_ex(&ctx_enc, NULL, NULL, NULL, (unsigned char *)iv); + EVP_CIPHER_CTX_set_padding(&ctx_enc, 0); + if (enc_init_first_time) + { +@@ -520,8 +520,8 @@ int cipher_dec_init(char * iv) + EVP_DecryptInit_ex(&ctx_dec, cipher_type, NULL, NULL, NULL); + if (var_key) + EVP_CIPHER_CTX_set_key_length(&ctx_dec, keysize); +- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, pkey, NULL); +- EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, iv); ++ EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, (unsigned char *)pkey, NULL); ++ EVP_DecryptInit_ex(&ctx_dec, NULL, NULL, NULL, (unsigned char *)iv); + EVP_CIPHER_CTX_set_padding(&ctx_dec, 0); + if (dec_init_first_time) + { +@@ -542,7 +542,7 @@ int send_msg(int len, char *in, char **o + case CIPHER_INIT: + in_ptr = in - blocksize*2; + iv = malloc(blocksize); +- RAND_bytes(iv, blocksize); ++ RAND_bytes((unsigned char *)iv, blocksize); + strncpy(in_ptr,"ivec",4); + in_ptr += 4; + memcpy(in_ptr,iv,blocksize); +@@ -550,12 +550,12 @@ int send_msg(int len, char *in, char **o + cipher_enc_init(iv); + + memset(iv,0,blocksize); free(iv); iv = NULL; +- RAND_bytes(in_ptr, in - in_ptr); ++ RAND_bytes((unsigned char *)in_ptr, in - in_ptr); + + in_ptr = in - blocksize*2; + outlen = blocksize*2; +- EVP_EncryptUpdate(&ctx_enc_ecb, in_ptr, +- &outlen, in_ptr, blocksize*2); ++ EVP_EncryptUpdate(&ctx_enc_ecb, (unsigned char *)in_ptr, ++ &outlen, (unsigned char *)in_ptr, blocksize*2); + *out = in_ptr; + len = outlen; + cipher_enc_state = CIPHER_SEQUENCE; +@@ -581,7 +581,7 @@ int recv_msg(int len, char *in, char **o + in_ptr = in; + iv = malloc(blocksize); + outlen = blocksize*2; +- EVP_DecryptUpdate(&ctx_dec_ecb, in_ptr, &outlen, in_ptr, blocksize*2); ++ EVP_DecryptUpdate(&ctx_dec_ecb, (unsigned char *)in_ptr, &outlen, (unsigned char *)in_ptr, blocksize*2); + + if ( !strncmp(in_ptr, "ivec", 4) ) + { +Index: vtun/netlib.c +=================================================================== +--- vtun.orig/netlib.c ++++ vtun/netlib.c +@@ -99,7 +99,7 @@ int connect_t(int s, struct sockaddr *sv + FD_ZERO(&fdset); + FD_SET(s,&fdset); + if( select(s+1,NULL,&fdset,NULL,timeout?&tv:NULL) > 0 ){ +- int l=sizeof(errno); ++ socklen_t l=sizeof(errno); + errno=0; + getsockopt(s,SOL_SOCKET,SO_ERROR,&errno,&l); + } else +@@ -146,7 +146,8 @@ int udp_session(struct vtun_host *host) + { + struct sockaddr_in saddr; + short port; +- int s,opt; ++ int s; ++ socklen_t opt; + + if( (s=socket(AF_INET,SOCK_DGRAM,0))== -1 ){ + vtun_syslog(LOG_ERR,"Can't create socket"); +@@ -207,7 +208,7 @@ int udp_session(struct vtun_host *host) + /* Set local address */ + int local_addr(struct sockaddr_in *addr, struct vtun_host *host, int con) + { +- int opt; ++ socklen_t opt; + + if( con ){ + /* Use address of the already connected socket. */ +Index: vtun/server.c +=================================================================== +--- vtun.orig/server.c ++++ vtun/server.c +@@ -63,7 +63,7 @@ void connection(int sock) + struct vtun_host *host; + struct sigaction sa; + char *ip; +- int opt; ++ socklen_t opt; + + opt = sizeof(struct sockaddr_in); + if( getpeername(sock, (struct sockaddr *) &cl_addr, &opt) ){ +@@ -114,7 +114,8 @@ void listener(void) + { + struct sigaction sa; + struct sockaddr_in my_addr, cl_addr; +- int s, s1, opt; ++ int s, s1; ++ socklen_t opt; + + memset(&my_addr, 0, sizeof(my_addr)); + my_addr.sin_family = AF_INET;