diff options
| author | adam <adam@pkgsrc.org> | 2013-07-31 06:53:21 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2013-07-31 06:53:21 +0000 |
| commit | 42ca8740f793d95fbcbf6100962f81de5a4c2789 (patch) | |
| tree | 2ad08804c6074bf1708066ce13ea62b76d2599c0 /net | |
| parent | 05e386d9adf8a23ae2e6135cca92dcc72bae36d8 (diff) | |
| download | pkgsrc-42ca8740f793d95fbcbf6100962f81de5a4c2789.tar.gz | |
Changes 2.3.2:
Only print script warnings when a script is used. Remove stray mention of script-security system.
Move settings of user script into set_user_script function
Move checking of script file access into set_user_script
Provide more accurate warning message
Fix NULL-pointer crash in route_list_add_vpn_gateway().
Fix problem with UDP tunneling due to mishandled pktinfo structures.
Always push basic set of peer info values to server.
make 'explicit-exit-notify' pullable again
Fix proto tcp6 for server & non-P2MP modes
Fix Windows script execution when called from script hooks
Fixed tls-cipher translation bug in openssl-build
Fixed usage of stale define USE_SSL to ENABLE_SSL
Fix segfault when enabling pf plug-ins
Diffstat (limited to 'net')
| -rw-r--r-- | net/openvpn/Makefile | 5 | ||||
| -rw-r--r-- | net/openvpn/Makefile.common | 4 | ||||
| -rw-r--r-- | net/openvpn/PLIST | 24 | ||||
| -rw-r--r-- | net/openvpn/distinfo | 16 | ||||
| -rw-r--r-- | net/openvpn/patches/patch-ad | 16 | ||||
| -rw-r--r-- | net/openvpn/patches/patch-ae | 27 | ||||
| -rw-r--r-- | net/openvpn/patches/patch-af | 94 | ||||
| -rw-r--r-- | net/openvpn/patches/patch-src_openvpn_socket.c | 60 | ||||
| -rw-r--r-- | net/openvpn/patches/patch-src_openvpn_socket.h | 24 |
9 files changed, 224 insertions, 46 deletions
diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 3cf588480f9..552cec684c9 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.50 2013/07/12 10:45:00 jperkin Exp $ +# $NetBSD: Makefile,v 1.51 2013/07/31 06:53:21 adam Exp $ DISTNAME= ${OPENVPN_DISTNAME} -PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ${OPENVPN_MASTER_SITES} @@ -39,7 +38,7 @@ PKG_GROUPS= ${OPENVPN_GROUP} PKG_USERS= ${OPENVPN_USER}:${OPENVPN_GROUP} PKG_GECOS.${OPENVPN_USER}= OpenVPN\ server\ user -MESSAGE_SUBST+= OPENVPN_PLUGINSDIR=${PREFIX:Q}/${OPENVPN_PLUGINSDIR:Q} +MESSAGE_SUBST+= OPENVPN_PLUGINSDIR=${PREFIX}/${OPENVPN_PLUGINSDIR} post-install: set -e; cd ${WRKSRC}/sample/sample-config-files; for file in *; do \ diff --git a/net/openvpn/Makefile.common b/net/openvpn/Makefile.common index 06e28851699..3a910c1d2ee 100644 --- a/net/openvpn/Makefile.common +++ b/net/openvpn/Makefile.common @@ -1,10 +1,10 @@ -# $NetBSD: Makefile.common,v 1.1 2013/02/10 05:55:07 manu Exp $ +# $NetBSD: Makefile.common,v 1.2 2013/07/31 06:53:21 adam Exp $ # used by net/openvpn/Makefile # used by net/openvpn-acct-wtmpx/Makefile # used by net/openvpn-nagios/Makefile -OPENVPN_DISTNAME= openvpn-2.3.0 +OPENVPN_DISTNAME= openvpn-2.3.2 OPENVPN_DISTFILE= ${OPENVPN_DISTNAME}.tar.gz OPENVPN_MASTER_SITES= http://swupdate.openvpn.net/community/releases/ SITES.${OPENVPN_DISTFILE}= ${OPENVPN_MASTER_SITES} diff --git a/net/openvpn/PLIST b/net/openvpn/PLIST index be3d92028c3..96109992df1 100644 --- a/net/openvpn/PLIST +++ b/net/openvpn/PLIST @@ -1,7 +1,16 @@ -@comment $NetBSD: PLIST,v 1.15 2013/02/10 05:55:07 manu Exp $ +@comment $NetBSD: PLIST,v 1.16 2013/07/31 06:53:21 adam Exp $ +include/openvpn-plugin.h +${PLIST.pam}lib/openvpn/plugins/openvpn-plugin-auth-pam.la +lib/openvpn/plugins/openvpn-plugin-down-root.la man/man8/openvpn.8 sbin/openvpn -include/openvpn-plugin.h +share/doc/openvpn/COPYING +share/doc/openvpn/COPYRIGHT.GPL +share/doc/openvpn/README +share/doc/openvpn/README.IPv6 +${PLIST.pam}share/doc/openvpn/README.auth-pam +share/doc/openvpn/README.down-root +share/doc/openvpn/README.polarssl share/doc/openvpn/management-notes.txt share/examples/openvpn/config/README share/examples/openvpn/config/client.conf @@ -36,14 +45,3 @@ share/examples/openvpn/scripts/bridge-stop share/examples/openvpn/scripts/ucn.pl share/examples/openvpn/scripts/verify-cn share/examples/rc.d/openvpn -share/doc/openvpn/COPYING -share/doc/openvpn/COPYRIGHT.GPL -share/doc/openvpn/README -share/doc/openvpn/README.IPv6 -${PLIST.pam}share/doc/openvpn/README.auth-pam -share/doc/openvpn/README.down-root -share/doc/openvpn/README.polarssl -${PLIST.pam}lib/openvpn/plugins/openvpn-plugin-auth-pam.so -${PLIST.pam}lib/openvpn/plugins/openvpn-plugin-auth-pam.la -lib/openvpn/plugins/openvpn-plugin-down-root.so -lib/openvpn/plugins/openvpn-plugin-down-root.la diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo index c1afa6c472a..c5dc5df81cd 100644 --- a/net/openvpn/distinfo +++ b/net/openvpn/distinfo @@ -1,11 +1,13 @@ -$NetBSD: distinfo,v 1.28 2013/07/30 18:57:30 jperkin Exp $ +$NetBSD: distinfo,v 1.29 2013/07/31 06:53:21 adam Exp $ -SHA1 (openvpn-2.3.0.tar.gz) = 18b51f7ba0b9e18939451d7787c00e04165efe90 -RMD160 (openvpn-2.3.0.tar.gz) = f24ac128fcd874bf40e8ffd5161065e84170d69f -Size (openvpn-2.3.0.tar.gz) = 1130659 bytes +SHA1 (openvpn-2.3.2.tar.gz) = 23a2e0b6867c7d45f6448029b8a8e13eb299eec0 +RMD160 (openvpn-2.3.2.tar.gz) = 3fdaada730908f5130a4a7c65fac0ce32644b47a +Size (openvpn-2.3.2.tar.gz) = 1145108 bytes SHA1 (patch-aa) = e856b156656c575bfcb339eee17ed694b541872e SHA1 (patch-ac) = d1918a08f8b3dd150b44737a236da58be7fa1f8c -SHA1 (patch-ad) = c00d15ae2e6c27e3e3c01bca90ab9481e3305941 -SHA1 (patch-ae) = b3e9a47d1e5c8aecda41ac144ad2ca443f7977b3 -SHA1 (patch-af) = cb4d2b35b4373bf7b7b3f6adff9c776e15a16986 +SHA1 (patch-ad) = 1406764c57687665df34a489474255ab0c3c8179 +SHA1 (patch-ae) = e6e3e5977d1d9c09c0638d84e599c1c4956e27c8 +SHA1 (patch-af) = 6c5cbb2fcd465a8519e947532cd8b09eb3499f65 SHA1 (patch-src_compat_compat-basename.c) = 45a58ef2e05f6e0265f229da8540760e60e65143 +SHA1 (patch-src_openvpn_socket.c) = 714e3bc08f4748ea7aef8c44594a185551758034 +SHA1 (patch-src_openvpn_socket.h) = b4b952af347e0f2d0aff307a5025b3d27a2e6ee5 diff --git a/net/openvpn/patches/patch-ad b/net/openvpn/patches/patch-ad index 2a4a98da851..613416adbcc 100644 --- a/net/openvpn/patches/patch-ad +++ b/net/openvpn/patches/patch-ad @@ -1,8 +1,18 @@ -$NetBSD: patch-ad,v 1.4 2011/04/28 07:27:25 adam Exp $ +$NetBSD: patch-ad,v 1.5 2013/07/31 06:53:21 adam Exp $ ---- config.h.in.orig 2010-11-04 19:37:13.000000000 +0000 +--- config.h.in.orig 2013-05-31 12:00:59.000000000 +0000 +++ config.h.in -@@ -234,6 +234,9 @@ +@@ -277,6 +277,9 @@ + /* struct in_pktinfo needed for IP_PKTINFO support */ + #undef HAVE_IN_PKTINFO + ++/* struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support */ ++#undef HAVE_IPI_SPEC_DST ++ + /* struct iovec needed for IPv6 support */ + #undef HAVE_IOVEC + +@@ -352,6 +355,9 @@ /* Define to 1 if you have the <net/if.h> header file. */ #undef HAVE_NET_IF_H diff --git a/net/openvpn/patches/patch-ae b/net/openvpn/patches/patch-ae index 33599303d0d..ebe9722a594 100644 --- a/net/openvpn/patches/patch-ae +++ b/net/openvpn/patches/patch-ae @@ -1,9 +1,8 @@ -$NetBSD: patch-ae,v 1.6 2013/02/10 05:55:07 manu Exp $ +$NetBSD: patch-ae,v 1.7 2013/07/31 06:53:21 adam Exp $ ---- configure.ac.orig 2012-11-29 20:47:57.000000000 +0000 -+++ configure.ac 2013-01-28 09:26:04.000000000 +0000 -@@ -418,8 +418,9 @@ - sys/time.h sys/ioctl.h sys/stat.h \ +--- configure.ac.orig 2013-05-31 12:00:25.000000000 +0000 ++++ configure.ac +@@ -419,6 +419,7 @@ AC_CHECK_HEADERS([ \ sys/mman.h sys/file.h sys/wait.h \ unistd.h signal.h libgen.h stropts.h \ syslog.h pwd.h grp.h \ @@ -11,9 +10,7 @@ $NetBSD: patch-ae,v 1.6 2013/02/10 05:55:07 manu Exp $ sys/sockio.h sys/uio.h linux/sockios.h \ linux/types.h sys/poll.h sys/epoll.h err.h \ ]) - -@@ -432,8 +433,11 @@ - #endif +@@ -433,6 +434,9 @@ SOCKET_INCLUDES=" #ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> #endif @@ -23,4 +20,16 @@ $NetBSD: patch-ae,v 1.6 2013/02/10 05:55:07 manu Exp $ #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> #endif - #ifdef HAVE_WINDOWS_H +@@ -496,6 +500,12 @@ AC_CHECK_TYPE( + , + [[${SOCKET_INCLUDES}]] + ) ++AC_CHECK_MEMBER( ++ [struct in_pktinfo.ipi_spec_dst], ++ [AC_DEFINE([HAVE_IPI_SPEC_DST], [1], [struct in_pktinfo.ipi_spec_dst needed for IP_PKTINFO support])], ++ , ++ [[${SOCKET_INCLUDES}]] ++) + AC_CHECK_TYPE( + [struct sockaddr_in6], + , diff --git a/net/openvpn/patches/patch-af b/net/openvpn/patches/patch-af index a835a5a00aa..eac42589f1c 100644 --- a/net/openvpn/patches/patch-af +++ b/net/openvpn/patches/patch-af @@ -1,9 +1,72 @@ -$NetBSD: patch-af,v 1.7 2013/02/10 05:55:07 manu Exp $ +$NetBSD: patch-af,v 1.8 2013/07/31 06:53:21 adam Exp $ ---- configure.orig 2013-01-28 10:29:31.000000000 +0100 -+++ configure 2013-01-28 10:29:38.000000000 +0100 -@@ -13427,8 +13427,9 @@ - sys/time.h sys/ioctl.h sys/stat.h \ +--- configure.orig 2013-05-31 12:00:58.000000000 +0000 ++++ configure +@@ -2405,6 +2405,63 @@ rm -f conftest.val + + } # ac_fn_c_compute_int + ++# ac_fn_c_check_member LINENO AGGR MEMBER ax_cv_socklen_t_equiv INCLUDES ++# ---------------------------------------------------------------------- ++# Tries to find if the field MEMBER exists in type AGGR, after including ++# INCLUDES, setting cache variable VAR accordingly. ++ac_fn_c_check_member () ++{ ++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 ++$as_echo_n "checking for $2.$3... " >&6; } ++if eval \${$4+:} false; then : ++ $as_echo_n "(cached) " >&6 ++else ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++$5 ++int ++main () ++{ ++static $2 ac_aggr; ++if (ac_aggr.$3) ++return 0; ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_compile "$LINENO"; then : ++ eval "$4=yes" ++else ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++$5 ++int ++main () ++{ ++static $2 ac_aggr; ++if (sizeof ac_aggr.$3) ++return 0; ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_compile "$LINENO"; then : ++ eval "$4=yes" ++else ++ eval "$4=no" ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++fi ++eval ac_res=\$$4 ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 ++$as_echo "$ac_res" >&6; } ++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno ++ ++} # ac_fn_c_check_member ++ + # ac_fn_c_check_decl LINENO SYMBOL ax_cv_socklen_t_equiv INCLUDES + # --------------------------------------------------------------- + # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +@@ -14182,6 +14239,7 @@ for ac_header in \ sys/mman.h sys/file.h sys/wait.h \ unistd.h signal.h libgen.h stropts.h \ syslog.h pwd.h grp.h \ @@ -11,9 +74,7 @@ $NetBSD: patch-af,v 1.7 2013/02/10 05:55:07 manu Exp $ sys/sockio.h sys/uio.h linux/sockios.h \ linux/types.h sys/poll.h sys/epoll.h err.h \ - do : -@@ -13453,8 +13454,11 @@ - #endif +@@ -14208,6 +14266,9 @@ SOCKET_INCLUDES=" #ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> #endif @@ -23,4 +84,19 @@ $NetBSD: patch-af,v 1.7 2013/02/10 05:55:07 manu Exp $ #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> #endif - #ifdef HAVE_WINDOWS_H +@@ -14305,6 +14366,15 @@ $as_echo "#define HAVE_IN_PKTINFO 1" >>c + + fi + ++ac_fn_c_check_member "$LINENO" "struct in_pktinfo" "ipi_spec_dst" "ac_cv_member_struct_in_pktinfo_ipi_spec_dst" "${SOCKET_INCLUDES} ++ ++" ++if test "x$ac_cv_member_struct_in_pktinfo_ipi_spec_dst" = xyes; then : ++ ++$as_echo "#define HAVE_IPI_SPEC_DST 1" >>confdefs.h ++ ++fi ++ + ac_fn_c_check_type "$LINENO" "struct sockaddr_in6" "ac_cv_type_struct_sockaddr_in6" "${SOCKET_INCLUDES} + + " diff --git a/net/openvpn/patches/patch-src_openvpn_socket.c b/net/openvpn/patches/patch-src_openvpn_socket.c new file mode 100644 index 00000000000..a6adecebb28 --- /dev/null +++ b/net/openvpn/patches/patch-src_openvpn_socket.c @@ -0,0 +1,60 @@ +$NetBSD: patch-src_openvpn_socket.c,v 1.1 2013/07/31 06:53:21 adam Exp $ + +Fix for systems without ipi_spec_dst in struct in_pktinfo. + +--- src/openvpn/socket.c.orig 2013-07-31 06:14:52.000000000 +0000 ++++ src/openvpn/socket.c +@@ -652,7 +652,7 @@ create_socket_udp (const unsigned int fl + else if (flags & SF_USE_IP_PKTINFO) + { + int pad = 1; +-#ifdef IP_PKTINFO ++#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) + if (setsockopt (sd, SOL_IP, IP_PKTINFO, + (void*)&pad, sizeof(pad)) < 0) + msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO"); +@@ -2252,7 +2252,7 @@ print_link_socket_actual_ex (const struc + struct openvpn_sockaddr sa; + CLEAR (sa); + sa.addr.in4.sin_family = AF_INET; +-#ifdef IP_PKTINFO ++#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) + sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst; + if_indextoname(act->pi.in4.ipi_ifindex, ifname); + #elif defined(IP_RECVDSTADDR) +@@ -2649,7 +2649,7 @@ link_socket_read_tcp (struct link_socket + struct openvpn_in4_pktinfo + { + struct cmsghdr cmsghdr; +-#ifdef HAVE_IN_PKTINFO ++#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) + struct in_pktinfo pi4; + #elif defined(IP_RECVDSTADDR) + struct in_addr pi4; +@@ -2694,7 +2694,7 @@ link_socket_read_udp_posix_recvmsg (stru + cmsg = CMSG_FIRSTHDR (&mesg); + if (cmsg != NULL + && CMSG_NXTHDR (&mesg, cmsg) == NULL +-#ifdef IP_PKTINFO ++#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) + && cmsg->cmsg_level == SOL_IP + && cmsg->cmsg_type == IP_PKTINFO + #elif defined(IP_RECVDSTADDR) +@@ -2705,7 +2705,7 @@ link_socket_read_udp_posix_recvmsg (stru + #endif + && cmsg->cmsg_len >= sizeof (struct openvpn_in4_pktinfo)) + { +-#ifdef IP_PKTINFO ++#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) + struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA (cmsg); + from->pi.in4.ipi_ifindex = pkti->ipi_ifindex; + from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst; +@@ -2803,7 +2803,7 @@ link_socket_write_udp_posix_sendmsg (str + mesg.msg_flags = 0; + cmsg = CMSG_FIRSTHDR (&mesg); + cmsg->cmsg_len = sizeof (struct openvpn_in4_pktinfo); +-#ifdef HAVE_IN_PKTINFO ++#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) + cmsg->cmsg_level = SOL_IP; + cmsg->cmsg_type = IP_PKTINFO; + { diff --git a/net/openvpn/patches/patch-src_openvpn_socket.h b/net/openvpn/patches/patch-src_openvpn_socket.h new file mode 100644 index 00000000000..332a9f743dc --- /dev/null +++ b/net/openvpn/patches/patch-src_openvpn_socket.h @@ -0,0 +1,24 @@ +$NetBSD: patch-src_openvpn_socket.h,v 1.1 2013/07/31 06:53:21 adam Exp $ + +Fix for systems without ipi_spec_dst in struct in_pktinfo. + +--- src/openvpn/socket.h.orig 2013-07-31 06:03:30.000000000 +0000 ++++ src/openvpn/socket.h +@@ -84,7 +84,7 @@ struct link_socket_actual + struct openvpn_sockaddr dest; + #if ENABLE_IP_PKTINFO + union { +-#ifdef HAVE_IN_PKTINFO ++#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) + struct in_pktinfo in4; + #elif defined(IP_RECVDSTADDR) + struct in_addr in4; +@@ -580,7 +580,7 @@ addr_defined_ipi (const struct link_sock + #if ENABLE_IP_PKTINFO + if (!lsa) return 0; + switch (lsa->dest.addr.sa.sa_family) { +-#ifdef HAVE_IN_PKTINFO ++#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) + case AF_INET: return lsa->pi.in4.ipi_spec_dst.s_addr != 0; + #elif defined(IP_RECVDSTADDR) + case AF_INET: return lsa->pi.in4.s_addr != 0; |