diff options
| author | adam <adam@pkgsrc.org> | 2010-09-05 20:33:48 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2010-09-05 20:33:48 +0000 |
| commit | 4684b68432380a7a253f4089abaef3df57c325ab (patch) | |
| tree | 27f2c8287d8aec9d53584c397ba58b4fd7b8c23b | |
| parent | be958653b55a5232d581f60244b1583a74b4343c (diff) | |
| download | pkgsrc-4684b68432380a7a253f4089abaef3df57c325ab.tar.gz | |
Changes 2.1.3:
* Fixed potential local privilege escalation vulnerability in
Windows service.
* Added Python-based based alternative build system for Windows using
Visual Studio 2008 (in win directory).
* When aborting in a non-graceful way, try to execute do_close_tun in
init.c prior to daemon exit to ensure that the tun/tap interface is
closed and any added routes are deleted.
* Fixed an issue where AUTH_FAILED was not being properly delivered
to the client when a bad password is given for mid-session reauth,
causing the connection to fail without an error indication.
* Don't advance to the next connection profile on AUTH_FAILED errors.
* Fixed an issue in the Management Interface that could cause
a process hang with 100% CPU utilization in --management-client
mode if the management interface client disconnected at the
point where credentials are queried.
* Fixed an issue where if reneg-sec was set to 0 on the client,
so that the server-side value would take precedence,
the auth_deferred_expire_window function would incorrectly
return a window period of 0 seconds. In this case, the
correct window period should be the handshake window period.
* Modified ">PASSWORD:Verification Failed" management interface
notification to include a client reason string:
>PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']
* Enable exponential backoff in reliability layer retransmits.
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
socket is created rather than waiting until after connect/listen.
* Management interface performance optimizations:
1. Added env-filter MI command to perform filtering on env vars
passed through as a part of --management-client-auth
2. man_write will now try to aggregate output into larger blocks
(up to 1024 bytes) for more efficient i/o
* Fixed minor issue in Windows TAP driver DEBUG builds
where non-null-terminated unicode strings were being
printed incorrectly.
* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
was not being compiled in.
* Proxy improvements:
* Implemented http-proxy-override and http-proxy-fallback directives to make it
easier for OpenVPN client UIs to start a pre-existing client config file with
proxy options, or to adaptively fall back to a proxy connection if a direct
connection fails.
* Implemented a key/value auth channel from client to server.
* Fixed issue where bad creds provided by the management interface
for HTTP Proxy Basic Authentication would go into an infinite
retry-fail loop instead of requerying the management interface for
new creds.
| -rw-r--r-- | net/openvpn/Makefile | 29 | ||||
| -rw-r--r-- | net/openvpn/PLIST | 3 | ||||
| -rw-r--r-- | net/openvpn/distinfo | 10 | ||||
| -rw-r--r-- | net/openvpn/options.mk | 10 | ||||
| -rw-r--r-- | net/openvpn/patches/patch-ah | 2 |
5 files changed, 26 insertions, 28 deletions
diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 901a75c6a06..829fc6bfc88 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.37 2010/06/16 07:30:26 tnn Exp $ -# +# $NetBSD: Makefile,v 1.38 2010/09/05 20:33:48 adam Exp $ -DISTNAME= openvpn-2.1.1 +DISTNAME= openvpn-2.1.3 CATEGORIES= net MASTER_SITES= http://openvpn.net/release/ \ http://openvpn.net/release/old/ @@ -25,13 +24,12 @@ EGDIR= ${PREFIX}/share/examples/${PKGBASE} EASYRSADIR= ${DATADIR}/easy-rsa RCD_SCRIPTS= openvpn -CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --enable-password-save CONFIGURE_ARGS+= --disable-dependency-tracking # Pthread support is still considered very experimental, so don't enable # it for the default (production) build. -# #CONFIGURE_ARGS+= --enable-pthread INSTALLATION_DIRS= ${DATADIR}/easy-rsa ${EGDIR}/config \ @@ -41,7 +39,6 @@ INSTALLATION_DIRS= ${DATADIR}/easy-rsa ${EGDIR}/config \ # OpenVPN 2.x has a shared module "plugin" architecture that allows # inserting callbacks into the server for various tasks. -# DL_AUTO_VARS= yes .include "../../mk/dlopen.buildlink3.mk" @@ -58,25 +55,25 @@ SUBST_STAGE.pkitool= post-build SUBST_MESSAGE.pkitool= Fixing up default paths to grep & openssl in pkitool. SUBST_FILES.pkitool= easy-rsa/2.0/pkitool SUBST_SED.pkitool= -e "s|\\(GREP\\)=.*|\\1=\""${GREP:Q}"\"|" -SUBST_SED.pkitool+= -e "s|\\(OPENSSL\\)=.*|\\1=\""${SSLBASE:Q}/bin/openssl"\"|" +SUBST_SED.pkitool+= -e "s|\\(OPENSSL\\)=.*|\\1=\""${SSLBASE:Q}/bin/openssl"\"|" post-install: post-install-pam - cd ${WRKSRC:Q}/easy-rsa/2.0; for file in [a-zR]*; do \ + set -e; cd ${WRKSRC}/easy-rsa/2.0; for file in [a-zR]*; do \ case $$file in \ *.orig) ;; \ [A-Z]*|*.cnf|vars) \ - ${INSTALL_DATA} $$file ${DESTDIR}${EASYRSADIR:Q} ;; \ - *) ${INSTALL_SCRIPT} $$file ${DESTDIR}${EASYRSADIR:Q} ;; \ + ${INSTALL_DATA} $$file ${DESTDIR}${EASYRSADIR} ;; \ + *) ${INSTALL_SCRIPT} $$file ${DESTDIR}${EASYRSADIR} ;; \ esac; \ done - cd ${WRKSRC:Q}/sample-config-files; for file in *; do \ - ${INSTALL_DATA} $$file ${DESTDIR}${EGDIR:Q}/config; \ + set -e; cd ${WRKSRC}/sample-config-files; for file in *; do \ + ${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/config; \ done - cd ${WRKSRC:Q}/sample-scripts; for file in *; do \ - ${INSTALL_DATA} $$file ${DESTDIR}${EGDIR:Q}/scripts; \ + set -e; cd ${WRKSRC}/sample-scripts; for file in *; do \ + ${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/scripts; \ done - cd ${WRKSRC:Q}/sample-keys; for file in *; do \ - ${INSTALL_DATA} $$file ${DESTDIR}${EGDIR:Q}/keys; \ + set -e; cd ${WRKSRC}/sample-keys; for file in *; do \ + ${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/keys; \ done .include "options.mk" diff --git a/net/openvpn/PLIST b/net/openvpn/PLIST index 2060baf2ed0..c4300d5ea0a 100644 --- a/net/openvpn/PLIST +++ b/net/openvpn/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.10 2010/06/16 07:30:26 tnn Exp $ +@comment $NetBSD: PLIST,v 1.11 2010/09/05 20:33:48 adam Exp $ man/man8/openvpn.8 sbin/openvpn share/examples/openvpn/config/README @@ -31,7 +31,6 @@ share/examples/openvpn/keys/server.key share/examples/openvpn/scripts/auth-pam.pl share/examples/openvpn/scripts/bridge-start share/examples/openvpn/scripts/bridge-stop -share/examples/openvpn/scripts/bs share/examples/openvpn/scripts/openvpn.init share/examples/openvpn/scripts/ucn.pl share/examples/openvpn/scripts/verify-cn diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo index 78082424f01..bdd584679a3 100644 --- a/net/openvpn/distinfo +++ b/net/openvpn/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.20 2010/06/15 12:05:28 sborrill Exp $ +$NetBSD: distinfo,v 1.21 2010/09/05 20:33:48 adam Exp $ -SHA1 (openvpn-2.1.1.tar.gz) = 4b18e71b07236760f3b4defa941661e94b731a5a -RMD160 (openvpn-2.1.1.tar.gz) = a33ed8ef4ba564103c2d196bbb742dac88d30e80 -Size (openvpn-2.1.1.tar.gz) = 880115 bytes +SHA1 (openvpn-2.1.3.tar.gz) = 91058e78c58c2e66298c7132bea1ddba52baaa82 +RMD160 (openvpn-2.1.3.tar.gz) = ec0f63d63442eb3a26448747a5b0956e27b09809 +Size (openvpn-2.1.3.tar.gz) = 860672 bytes SHA1 (patch-aa) = e27e5a6411c9fb6545a1ad630f165200546b7213 SHA1 (patch-ab) = d26cdc9166a8813860f31cb5b11bc5b3643b8aa5 SHA1 (patch-ac) = f59615702208cae2a094306bc5fa7fb96234e55a @@ -10,4 +10,4 @@ SHA1 (patch-ad) = 69f5fff5105131dc05ab38a1a717e1b363f88c1c SHA1 (patch-ae) = 362c881da994608baad7b10667100c39143244b6 SHA1 (patch-af) = dc5dbca74ebbda081e4eaf9a9d5e11b6de11269f SHA1 (patch-ag) = fe8e59cf177c99c2fd001e7893df86af961e8e4e -SHA1 (patch-ah) = 4e555d0a9dfa78882bf71c1d3496df8813069656 +SHA1 (patch-ah) = c530376eb68ab8f21c9b3c73149d2c24742aa4c9 diff --git a/net/openvpn/options.mk b/net/openvpn/options.mk index 3fc9f39481d..58648d6f19d 100644 --- a/net/openvpn/options.mk +++ b/net/openvpn/options.mk @@ -1,7 +1,7 @@ -# $NetBSD: options.mk,v 1.3 2010/06/16 07:30:26 tnn Exp $ +# $NetBSD: options.mk,v 1.4 2010/09/05 20:33:48 adam Exp $ -PKG_OPTIONS_VAR= PKG_OPTIONS.openvpn -PKG_SUPPORTED_OPTIONS= pkcs11 pam +PKG_OPTIONS_VAR= PKG_OPTIONS.openvpn +PKG_SUPPORTED_OPTIONS= pkcs11 pam PKG_SUGGESTED_OPTIONS= .include "../../mk/bsd.options.mk" @@ -22,10 +22,10 @@ BUILD_DIRS+= plugin/auth-pam BUILD_TARGET= # empty INSTALL_DIRS= . INSTALL_TARGET= install +INSTALLATION_DIRS+= lib/openvpn PLIST.pam= yes post-install-pam: - ${INSTALL_LIB_DIR} ${DESTDIR}${PREFIX}/lib/openvpn && \ - cd ${WRKSRC:Q}/plugin/auth-pam && \ + cd ${WRKSRC}/plugin/auth-pam && \ ${INSTALL_LIB} openvpn-auth-pam.so \ ${DESTDIR}${PREFIX}/lib/openvpn || ${TRUE} .include "../../mk/pam.buildlink3.mk" diff --git a/net/openvpn/patches/patch-ah b/net/openvpn/patches/patch-ah index 827ea3d3065..c656109954c 100644 --- a/net/openvpn/patches/patch-ah +++ b/net/openvpn/patches/patch-ah @@ -1,3 +1,5 @@ +$NetBSD: patch-ah,v 1.2 2010/09/05 20:33:48 adam Exp $ + --- tun.c.orig 2009-11-12 09:22:19.000000000 +0100 +++ tun.c 2009-11-12 09:23:00.000000000 +0100 @@ -789,17 +789,17 @@ |