Update openvpn to 1.6.0.

While here port it properly so that the route statements in the configuration
file work.  Also add patches so that der Mouse's if_tap driver can be used.

Changes since 1.5.0:

2004.05.09 -- Version 1.6.0

* Unchanged from 1.6-rc4 except for version number
  upgrade.

2004.04.01 -- Version 1.6-rc4

* Made minor customizations to devcon and
  renamed as tapinstall.exe for Windows version.
* Fixed "storage size of `iv' isn't known" build
  problem on FreeBSD.
* OpenSSL 0.9.7d bundled with Windows self-install.

2004.03.13 -- Version 1.6-rc3

* Minor Windows fixes for --ip-win32 dynamic, relating to
  the way the TAP-Win32 driver responds to a DHCP request
  from the Windows DHCP client.
* The net_gateway environmental variable wasn't being
  set correctly for called scripts (Paul Zuber).
* Added code to determine the default gateway on FreeBSD,
  allowing the --redirect-gateway option to work
  (Juan Rodriguez Hervella).

2004.03.04 -- Version 1.6-rc2

* Fixed bug in Windows version where the NetBIOS node-type
  DHCP option might have been passed even if it was not
  specified.
* Fixed bug in Windows version introduced in 1.6-rc1, where
  DHCP timeout would be set to 0 seconds if --ifconfig option
  was used and --ip-win32 option was not explicitly specified.
* Added some new --dhcp-option types for Windows version.

2004.03.02 -- Version 1.6-rc1

* For Windows, make "--ip-win32 dynamic" the default.
* For Windows, make "--route-delay 10" the default
  unless --ip-win32 dynamic is not used or --route-delay
  is explicitly specified.
* L_TLS mutex could have been left in a locked state
  for certain kinds of TLS errors.

2004.02.22 -- Version 1.6-beta7

* Allow scheduling priority increase (--nice) together
  with UID/GID downgrade (--user/--group).
* Code that causes SIGUSR1 restart on TLS errors in TCP
  mode was not activated in pthread builds.
* Save the certificate serial number in an environmental
  variable called tls_serial_{n} prior to calling the
  --tls-verify script.  n is the current cert chain level.
* Added NetBSD IPv6 tunnel capability (also requires
  a kernel patch) (Horst Laschinsky).
* Fixed bug in checking the return value of the nice()
  function (Ian Pilcher).
* Bug fix in new FreeBSD IPv6 over TUN code which was
  originally added in 1.6-beta5 (Nathanael Rensen).
* More Socks5 fixes -- extended the struct frame
  infrastructure to accomodate proxy-based encapsulation
  overhead.
* Added --dhcp-option to Windows version for setting
  adapter properties such as WINS & DNS servers.
* Use a default route-delay of 5 seconds when
  --ip-win32 dynamic is specified (only applicable when
  --route-delay is not explicitly specified).
* Added "log_append" registry variable to control
  whether the OpenVPN service wrapper on Windows
  opens log files in append (log_append="1") or
  truncate (log_append="0") mode.  The default
  is truncate.

2004.02.05 -- Version 1.6-beta6

* UDP over Socks5 fix to accomodate Socks5 encapsulation
  overhead (Christof Meerwald).
* Minor --ip-win32 dynamic tweaks (use long lease time,
  invalidate existing lease with DHCPNAK).

2004.02.01 -- Version 1.6-beta5

* Added Socks5 proxy support (Christof Meerwald).
* IPv6 tun support for FreeBSD (Thomas Glanzmann).
* Special TAP-Win32 debug mode for Windows self-install that was
  enabled in beta4 is now turned off.
* Added some new Solaris notes to INSTALL (Koen Maris).
* More work on --ip-win32 dynamic.

2004.01.27 -- Version 1.6-beta4

* For this beta, the Windows self-install is a debug version
  and will run slower -- use only for testing.
* Reverted the --ip-win32 default back to 'ipapi'
  from 'dynamic'.
* Added the offset parameter to '--ip-win32 dynamic' which
  can be used to control the address of the masqueraded
  DHCP server which replies to Windows DHCP requests.
* Added a wait/nowait option to --inetd (nowait can only
  be used with TCP sockets, TLS authentication, and over
  a bridged configuration -- see FAQ for more info)
  (Stefan `Sec` Zehl).
* Added a build-time capability where TAP-Win32 driver
  debug messages can be output by OpenVPN at --verb 6
  or higher.

2004.01.20 -- Version 1.6-beta2

* Added ./configure --enable-iproute2 flag which
  uses iproute2 instead of route + ifconfig --
  this is necessary for the LEAF Linux distro
  (Martin Hejl).
* Added renewal-time and rebind-time to set of
  DHCP options returned by the TAP-Win32 driver when
  "--ip-win32 dynamic" is used.

2004.01.14 -- Version 1.6-beta1

* Fixed --proxy bug that sometimes caused plaintext
  control info generated by the proxy prior to http
  CONNECT method establishment to be incorrectly
  parsed as OpenVPN data.
* For Windows version, implemented the
  "--ip-win32 dynamic" method and made it the default.
  This method sets the TAP-Win32 adapter IP address
  and netmask by replying to the kernel's DHCP queries.
  See the man page for more detailed info.
* Added --connect-retry parameter which controls
  the time interval (in seconds) between connect()
  retries when --proto tcp-client is used.  Previously,
  this value was hardcoded to 5 seconds, and still
  defaults as such.
* --resolv-retry can now be used with a parameter
  of "infinite" to retry indefinitely.
* Added SSL_CTX_use_certificate_chain_file() to ssl.c
  for support of multi-level certificate chains
  (Sten Kalenda).
* Fixed --tls-auth incompatibility with 1.4.x and earlier
  versions of OpenVPN when the passphrase file is an
  OpenVPN static key file (as generated by --genkey).
* Added shell-escape support in config files using
  the backslash character ("\") so that (for example)
  double quotes can be passed to the shell.
* Added "contrib" subdirectory on tarball, source zip,
  and CVS containing user-submitted contributions.
* Added an optional patch to the Redhat init script to
  allow the configuration file directory to be a
  multi-level directory hierarchy (Farkas Levente).
  See contrib/multilevel-init.patch
* Added some scripts and documentation on using
  Linux "fwmark" iptables rules to enable
  fine-grained routing control over the VPN
  (Sean Reifschneider, <jafo@tummy.com>).
  See contrib/openvpn-fwmarkroute-1.00

5 files changed, 106 insertions, 6 deletions

diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile
index 0bf7a533be0..f24dfa192bf 100644
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2004/10/03 00:17:57 tv Exp $
+# $NetBSD: Makefile,v 1.6 2005/02/21 23:26:24 bad Exp $
 
-DISTNAME=	openvpn-1.5.0
-PKGREVISION=	2
+DISTNAME=	openvpn-1.6.0
 CATEGORIES=	net security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=openvpn/}
 
diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo
index 67a33d4d65c..05ed0472efa 100644
--- a/net/openvpn/distinfo
+++ b/net/openvpn/distinfo
@@ -1,4 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2004/02/10 12:39:17 wulf Exp $
+$NetBSD: distinfo,v 1.2 2005/02/21 23:26:24 bad Exp $
 
-SHA1 (openvpn-1.5.0.tar.gz) = 13f443adbff5c657cfd8400011e8df804b57f7ff
-Size (openvpn-1.5.0.tar.gz) = 403792 bytes
+SHA1 (openvpn-1.6.0.tar.gz) = 1a7a4e1b610564902f50b488f19254ab9a1f9c7e
+Size (openvpn-1.6.0.tar.gz) = 430324 bytes
+SHA1 (patch-aa) = 1467b3f2cacc16657e88bc292c778ef7cfc48d66
+SHA1 (patch-ab) = b32248e2d9dc6dfdf015d86873770544a214103b
+SHA1 (patch-ac) = b689cd044be21205eb4c53edd856ea2161b45cc1
diff --git a/net/openvpn/patches/patch-aa b/net/openvpn/patches/patch-aa
new file mode 100644
index 00000000000..2fbe72acbde
--- /dev/null
+++ b/net/openvpn/patches/patch-aa
@@ -0,0 +1,40 @@
+$NetBSD: patch-aa,v 1.1 2005/02/21 23:26:24 bad Exp $
+
+--- route.c.orig	Sun Mar 14 06:34:20 2004
++++ route.c	Tue Feb 22 00:02:54 2005
+@@ -626,7 +626,7 @@
+   msg (D_ROUTE, "%s", BSTR (&buf));
+   status = system_check (BSTR (&buf), "ERROR: FreeBSD route add command failed", false);
+ 
+-#elif defined(TARGET_OPENBSD)
++#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
+ 
+   buf_printf (&buf, ROUTE_PATH " add");
+ 
+@@ -641,7 +641,7 @@
+ 	      netmask);
+ 
+   msg (D_ROUTE, "%s", BSTR (&buf));
+-  status = system_check (BSTR (&buf), "ERROR: OpenBSD route add command failed", false);
++  status = system_check (BSTR (&buf), "ERROR: Net/OpenBSD route add command failed", false);
+ 
+ #else
+   msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system.  Try putting your routes in a --route-up script");
+@@ -713,7 +713,7 @@
+   msg (D_ROUTE, "%s", BSTR (&buf));
+   system_check (BSTR (&buf), "ERROR: FreeBSD route delete command failed", false);
+ 
+-#elif defined(TARGET_OPENBSD)
++#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
+ 
+   buf_printf (&buf, ROUTE_PATH " delete -net %s %s -netmask %s",
+ 	      network,
+@@ -721,7 +721,7 @@
+ 	      netmask);
+ 
+   msg (D_ROUTE, "%s", BSTR (&buf));
+-  system_check (BSTR (&buf), "ERROR: OpenBSD route delete command failed", false);
++  system_check (BSTR (&buf), "ERROR: Net/OpenBSD route delete command failed", false);
+ 
+ #else
+   msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system.  Try putting your routes in a --route-up script");
diff --git a/net/openvpn/patches/patch-ab b/net/openvpn/patches/patch-ab
new file mode 100644
index 00000000000..03ca5e6a072
--- /dev/null
+++ b/net/openvpn/patches/patch-ab
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2005/02/21 23:26:24 bad Exp $
+
+--- syshead.h.orig	Thu Apr  1 13:52:34 2004
++++ syshead.h	Tue Feb 22 00:09:49 2005
+@@ -247,6 +247,8 @@
+ #include <net/if_tun.h>
+ #endif
+ 
++#include <net/if_ether.h>
++
+ #endif /* TARGET_NETBSD */
+ 
+ #ifdef WIN32
diff --git a/net/openvpn/patches/patch-ac b/net/openvpn/patches/patch-ac
new file mode 100644
index 00000000000..908061e7b8f
--- /dev/null
+++ b/net/openvpn/patches/patch-ac
@@ -0,0 +1,45 @@
+$NetBSD: patch-ac,v 1.1 2005/02/21 23:26:24 bad Exp $
+
+--- tun.c.orig	Thu Apr  1 13:54:57 2004
++++ tun.c	Tue Feb 22 00:14:00 2005
+@@ -579,7 +579,13 @@
+ 			  tun_mtu
+ 			  );
+       else
+-	no_tap_ifconfig ();
++	openvpn_snprintf (command_line, sizeof (command_line),
++			  IFCONFIG_PATH " %s %s netmask %s mtu %d up",
++			  actual,
++			  ifconfig_local,
++			  ifconfig_remote_netmask,
++			  tun_mtu
++			  );
+       msg (M_INFO, "%s", command_line);
+       system_check (command_line, "NetBSD ifconfig failed", true);
+       tt->did_ifconfig = true;
+@@ -1263,6 +1269,25 @@
+ int
+ write_tun (struct tuntap* tt, uint8_t *buf, int len)
+ {
++  if (tt->type == DEV_TYPE_TAP)
++    {
++      /* NetBSD's /dev/tap doesn't pad ethernet frames to the minimum length. */
++      ssize_t rv;
++      struct iovec iv[2];
++      char pad[ETHER_MIN_LEN];
++
++      iv[0].iov_base = buf;
++      iv[0].iov_len = len;
++      iv[1].iov_base = &pad;
++      iv[1].iov_len = ETHER_MIN_LEN - len;
++
++      rv = writev(tt->fd, iv, (len < ETHER_MIN_LEN) ? 2 : 1);
++      if (rv > len)
++	return len;
++      else
++	return rv;
++    }
++  else
+     return write (tt->fd, buf, len);
+ }
+