summaryrefslogtreecommitdiff
path: root/net/openvpn
diff options
context:
space:
mode:
authorjmmv <jmmv>2009-10-11 17:32:00 +0000
committerjmmv <jmmv>2009-10-11 17:32:00 +0000
commit4d26a8a9787602caf3004b401e9bc99a14d6bc8d (patch)
tree538a256659d4f1a9f833c3420e9035e7fe1a3a2f /net/openvpn
parent06d8e147a6c686d9b2518ea8fef6fef1c6d63bba (diff)
downloadpkgsrc-4d26a8a9787602caf3004b401e9bc99a14d6bc8d.tar.gz
Update to 2.1_rc20 from 2.1_rc13:
2009.10.01 -- Version 2.1_rc20 * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the redirect-gateway option by itself, without any extra parameters, would cause the option to be ignored. * Fixed build problem when ./configure --disable-server is used. * Fixed ifconfig command for "topology subnet" on FreeBSD (Stefan Bethke). * Added --remote-random-hostname option. * Added "load-stats" management interface command to get global server load statistics. * Added new ./configure flags: --disable-def-auth Disable deferred authentication --disable-pf Disable internal packet filter * Added "setcon" directive for interoperability with SELinux (Sebastien Raveau). * Optimized PUSH_REQUEST handshake sequence to shave several seconds off of a typical client connection initiation. * The maximum number of "route" directives (specified in the config file or pulled from a server) can now be configured via the new "max-routes" directive. * Eliminated the limitation on the number of options that can be pushed to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. * Added --server-poll-timeout option : when polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server. * Added the ability for the server to provide a custom reason string when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. * client-kill management interface command, when issued on server, will now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list. 2009.07.16 -- Version 2.1_rc19 * In Windows TAP driver, refactor DHCP/ARP packet injection code to use a DPC (deferred procedure call) to defer packet injection until IRQL < DISPATCH_LEVEL, rather than calling NdisMEthIndicateReceive in the context of AdapterTransmit. This is an attempt to reduce kernel stack usage, and prevent EXCEPTION_DOUBLE_FAULT BSODs that have been observed on Vista. Updated TAP driver version number to 9.6. * In configure.ac, use datadir instead of datarootdir for compatibility with <autoconf-2.60. 2009.06.07 -- Version 2.1_rc18 * Fixed compile error on ./configure --enable-small * Fixed issue introduced in r4475 (2.1-rc17) where cryptoapi.c change does not build on Windows on non-MINGW32. 2009.05.30 -- Version 2.1_rc17 * Reduce the debug level (--verb) at which received management interface commands are echoed from 7 to 3. Passwords will be filtered. * Fixed race condition in management interface recv code on Windows, where sending a set of several commands to the management interface in quick succession might cause the latter commands in the set to be ignored. * Increased management interface input command buffer size from 256 to 1024 bytes. * Minor tweaks to Windows build system. * Added "redirect-private" option which allows private subnets to be pushed to the client in such a way that they don't accidently obscure critical local addresses such as the DHCP server address and DNS server addresses. * Added new 'autolocal' redirect-gateway flag. When enabled, the OpenVPN client will examine the routing table and determine whether (a) the OpenVPN server is reachable via a locally connected interface, or (b) traffic to the server must be forwarded through the default router. Only add a special bypass route for the OpenVPN server if (b) is true. If (a) is true, behave as if the 'local' flag is specified, and do not add a bypass route. The new 'autolocal' flag depends on the non-portable test_local_addr() function in route.c, which is currently only implemented for Windows. The 'autolocal' flag will act as a no-op on platforms that have not yet defined a test_local_addr() function. * Increased TLS_CHANNEL_BUF_SIZE to 2048 from 1024 (this will allow for more option content to be pushed from server to client). * Raised D_MULTI_DROPPED debug level to 4 from 3 to filter out (at debug levels <=3) a common and usually innocuous warning. * Fixed issue of symbol conflicts interfering with Windows CryptoAPI functionality (Alon Bar-Lev). * Fixed bug where the remote_X environmental variables were not being set correctly when the 'local' option is specifed. 2009.05.17 -- Version 2.1_rc16 * Windows installer changes: 1. ifdefed out the check Windows version code which is causing problems on Windows 7 2. don't define SF_SELECTED if it is already defined 3. Use LZMA instead of BZIP2 compression for better compression 4. Upgraded OpenSSL to 0.9.8k * Added the ability to read the configuration file from stdin, when "stdin" is given as the config file name. * Allow "management-client" directive to be used with unix domain sockets. * Added errors-to-stderr option. When enabled, fatal errors that result in the termination of the daemon will be written to stderr. * Added optional "nogw" (no gateway) flag to --server-bridge to inhibit the pushing of the route-gateway parameter to clients. * Added new management interface command "pid" to show the process ID of the current OpenVPN process (Angelo Laub). * Fixed issue where SIGUSR1 restarts would fail if private key was specified as an inline file. * Added daemon_start_time and daemon_pid environmental variables. * In management interface, added new ">CLIENT:ESTABLISHED" notification. * Build fixes: 1. Fixed some issues with C++ style comments that leaked into the code. 2. Updated configure.ac to work on MinGW64. 3. Updated common.h types for _WIN64. 4. Fixed issue involving an #ifdef in a macro reference that breaks early gcc compilers. 5. In cryptoapi.c, renamed CryptAcquireCertificatePrivateKey to OpenVPNCryptAcquireCertificatePrivateKey to work around a symbol conflict in MinGW-5.1.4. 2008.11.19 -- Version 2.1_rc15 * Fixed issue introduced in 2.1_rc14 that may cause a segfault when a --plugin module is used. * Added server-side --opt-verify option: clients that connect with options that are incompatible with those of the server will be disconnected (without this option, incompatible clients would trigger a warning message in the server log but would not be disconnected). * Added --tcp-nodelay option: Macro that sets TCP_NODELAY socket flag on the server as well as pushes it to connecting clients. * Minor options check fix: --no-name-remapping is a server-only option and should therefore generate an error when used on the client. * Added --prng option to control PRNG (pseudo-random number generator) parameters. In previous OpenVPN versions, the PRNG was hardcoded to use the SHA1 hash. Now any OpenSSL hash may be used. This is part of an effort to remove hardcoded references to a specific cipher or cryptographic hash algorithm. * Cleaned up man page synopsis. 2008.11.16 -- Version 2.1_rc14 * Added AC_GNU_SOURCE to configure.ac to enable struct ucred, with the goal of fixing a build issue on Fedora 9 that was introduced in 2.1_rc13. * Added additional method parameter to --script-security to preserve backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use: script-security 3 system * Added additional warning messages about --script-security 2 or higher being required to execute user-defined scripts or executables. * Windows build system changes: Modified Windows domake-win build system to write all openvpn.nsi input files to gen, so that gen can be disconnected from the rest of the source tree and makensis openvpn.nsi will still function correctly. Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in (commented out by default). Added optional files SAMPCONF_CONF2 (second sample configuration file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows build system, and may be defined in settings.in. * Extended Management Interface "bytecount" command to work when OpenVPN is running as a server. Documented Management Interface "bytecount" command in management/management-notes.txt. * Fixed informational message in ssl.c to properly indicate deferred authentication. * Added server-side --auth-user-pass-optional directive, to allow connections by clients that do not specify a username/password, when a user-defined authentication script/module is in place (via --auth-user-pass-verify, --management-client-auth, or a plugin module). * Changes to easy-rsa/2.0/pkitool and related openssl.cnf: Calling scripts can set the KEY_NAME environmental variable to set the "name" X509 subject field in generated certificates. Modified pkitool to allow flexibility in separating the Common Name convention from the cert/key filename convention. For example: KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james will create a client certificate/key pair of james.crt/james.key having a Common Name of "James's Laptop" and a Name of "james". * Added --no-name-remapping option to allow Common Name, X509 Subject, and username strings to include any printable character including space, but excluding control characters such as tab, newline, and carriage-return (this is important for compatibility with external authentication systems). As a related change, added --status-version 3 format (and "status 3" in the management interface) which uses the version 2 format except that tabs are used as delimiters instead of commas so that there is no ambiguity when parsing a Common Name that contains a comma. Also, save X509 Subject fields to environment, using the naming convention: X509_{cert_depth}_{name}={value} This is to avoid ambiguities when parsing out the X509 subject string since "/" characters could potentially be used in the common name. * Fixed some ifconfig-pool issues that precluded it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. * Added config file option "setenv FORWARD_COMPATIBLE 1" to relax config file syntax checking to allow directives for future OpenVPN versions to be ignored.
Diffstat (limited to 'net/openvpn')
-rw-r--r--net/openvpn/Makefile5
-rw-r--r--net/openvpn/distinfo8
2 files changed, 6 insertions, 7 deletions
diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile
index f72f2877850..ee9ea80199e 100644
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.30 2009/09/21 12:33:31 spz Exp $
+# $NetBSD: Makefile,v 1.31 2009/10/11 17:32:00 jmmv Exp $
#
-DISTNAME= openvpn-2.1_rc13
+DISTNAME= openvpn-2.1_rc20
PKGNAME= ${DISTNAME:S/_//}
-PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= http://openvpn.net/release/ \
http://openvpn.net/release/old/
diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo
index d4f280a7cb1..868334c3b1e 100644
--- a/net/openvpn/distinfo
+++ b/net/openvpn/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.16 2008/12/05 08:13:35 hasso Exp $
+$NetBSD: distinfo,v 1.17 2009/10/11 17:32:00 jmmv Exp $
-SHA1 (openvpn-2.1_rc13.tar.gz) = 904d54249e62f02b6f2c7fc4a35f56babe014b7e
-RMD160 (openvpn-2.1_rc13.tar.gz) = d52261aa1992f46f890793944858f057fa239fdd
-Size (openvpn-2.1_rc13.tar.gz) = 825890 bytes
+SHA1 (openvpn-2.1_rc20.tar.gz) = ab0e928bd7d4896ddb0061bf3aba9f3cd6cefe6e
+RMD160 (openvpn-2.1_rc20.tar.gz) = 4dd7924cb41a268e76a93af66fd05f948f22e5f3
+Size (openvpn-2.1_rc20.tar.gz) = 844253 bytes
SHA1 (patch-aa) = e27e5a6411c9fb6545a1ad630f165200546b7213
SHA1 (patch-ab) = d26cdc9166a8813860f31cb5b11bc5b3643b8aa5
SHA1 (patch-ac) = f59615702208cae2a094306bc5fa7fb96234e55a