diff options
| author | sborrill <sborrill@pkgsrc.org> | 2007-02-20 09:40:49 +0000 |
|---|---|---|
| committer | sborrill <sborrill@pkgsrc.org> | 2007-02-20 09:40:49 +0000 |
| commit | ef2197e057e83ecb1f8b5dc0c07b0cecbf9eb4c1 (patch) | |
| tree | df1ae6cb662ba196cc4afb903523b4fa43609e87 /net | |
| parent | 2a60f0037bdbca708b552f8db3c06945b5abdbfa (diff) | |
| download | pkgsrc-ef2197e057e83ecb1f8b5dc0c07b0cecbf9eb4c1.tar.gz | |
Update to 2.1_rc1. Many, many improvements including:
Added optional minimum-number-of-bytes parameter to --inactive directive.
Added --route-metric option to set a default route metric for --route
Added --lladdr option to specify the link layer (MAC) address
for the tap interface on non-Windows platforms
Security Vulnerability CVE-2006-1629
Extended tun device configure code to support ethernet bridging on NetBSD
Added --port-share option for allowing OpenVPN and HTTPS
server to share the same port number.
Added --management-client option to connect as a client to management GUI app
rather than be connected to as a server.
Added "bytecount" command to management interface.
Added --connect-timeout option to control the timeout on TCP client
connection attempts (doesn't work on all OSes). This patch also
makes OpenVPN signalable during TCP connection attempts.
Allow ca, cert, key, and dh files to be specified inline via XML-like syntax
without needing to reference an explicit file.
Allow plugin and push directives to have multi-line parameter lists
Added connect-retry-max option
Added a backtrack-hardened system time algorithm.
Added --remote-cert-ku, --remote-cert-eku, and
--remote-cert-tls options for verifying certificate attributes
Added PKCS#11 support
Added --bind option for TCP client connections
Made LZO setting pushable
Plus numerous bug fixes.
Diffstat (limited to 'net')
| -rw-r--r-- | net/openvpn/Makefile | 12 | ||||
| -rw-r--r-- | net/openvpn/PLIST | 7 | ||||
| -rw-r--r-- | net/openvpn/distinfo | 12 | ||||
| -rw-r--r-- | net/openvpn/patches/patch-ac | 14 | ||||
| -rw-r--r-- | net/openvpn/patches/patch-af | 12 |
5 files changed, 30 insertions, 27 deletions
diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 0f8e461ea95..4a674e2f0a0 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -1,7 +1,9 @@ -# $NetBSD: Makefile,v 1.18 2006/07/05 15:50:05 jlam Exp $ +# $NetBSD: Makefile,v 1.19 2007/02/20 09:40:49 sborrill Exp $ # -DISTNAME= openvpn-2.0.7 +DISTNAME= openvpn-2.1_rc1 +PKGNAME= openvpn-2.1rc1 + CATEGORIES= net MASTER_SITES= http://openvpn.net/release/ \ http://openvpn.net/release/old/ @@ -44,8 +46,8 @@ DL_AUTO_VARS= yes # Fix up the paths to tools in the pkitool script. post-build: for file in ${WRKSRC}/easy-rsa/2.0/pkitool; do \ - ${SED} -e "s|^\(GREP\)=.*|\1=\""${GREP}"\"|" \ - -e "s|^\(OPENSSL\)=.*|\1=\""${SSLBASE}/bin/openssl"\"|" \ + ${SED} -e "s|^\\(GREP\\)=.*|\\1=\""${GREP}"\"|" \ + -e "s|^\\(OPENSSL\\)=.*|\\1=\""${SSLBASE}/bin/openssl"\"|" \ $$file > $$file.new; \ ${MV} -f $$file.new $$file; \ ${CHMOD} +x $$file; \ @@ -57,7 +59,7 @@ post-install: ${GREP} "^$$dir/" ${PKGDIR}/PLIST | ${SED} "s|^$$dir/||" | \ while read file; do \ case $$file in \ - [A-Z]*|*.cnf) ${INSTALL_DATA} $$file ${PREFIX}/$$dir ;; \ + [A-Z]*|*.cnf|vars) ${INSTALL_DATA} $$file ${PREFIX}/$$dir ;; \ *) ${INSTALL_SCRIPT} $$file ${PREFIX}/$$dir ;; \ esac; \ done diff --git a/net/openvpn/PLIST b/net/openvpn/PLIST index fc868d0d029..1e5d112217d 100644 --- a/net/openvpn/PLIST +++ b/net/openvpn/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2005/08/17 19:55:57 jlam Exp $ +@comment $NetBSD: PLIST,v 1.3 2007/02/20 09:40:49 sborrill Exp $ man/man8/openvpn.8 sbin/openvpn share/doc/openvpn/management-notes.txt @@ -27,12 +27,13 @@ share/examples/openvpn/keys/pass.key share/examples/openvpn/keys/pkcs12.p12 share/examples/openvpn/keys/server.crt share/examples/openvpn/keys/server.key -share/examples/openvpn/keys/tmp-ca.crt -share/examples/openvpn/keys/tmp-ca.key +share/examples/openvpn/keys/ca.crt +share/examples/openvpn/keys/ca.key share/examples/openvpn/scripts/auth-pam.pl share/examples/openvpn/scripts/bridge-start share/examples/openvpn/scripts/bridge-stop share/examples/openvpn/scripts/openvpn.init +share/examples/openvpn/scripts/ucn.pl share/examples/openvpn/scripts/verify-cn share/examples/rc.d/openvpn share/openvpn/easy-rsa/README diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo index 6fd97ee8f84..f46cc402409 100644 --- a/net/openvpn/distinfo +++ b/net/openvpn/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.9 2006/07/05 15:50:05 jlam Exp $ +$NetBSD: distinfo,v 1.10 2007/02/20 09:40:49 sborrill Exp $ -SHA1 (openvpn-2.0.7.tar.gz) = 74a4d19e42ca226f50ab5bdba16aa4a130c5e431 -RMD160 (openvpn-2.0.7.tar.gz) = b89f6df5ff08326f4e07e6cd4abda633627ef9e4 -Size (openvpn-2.0.7.tar.gz) = 665129 bytes +SHA1 (openvpn-2.1_rc1.tar.gz) = 252715678c8d2c5d708267e7947cf89242209f0a +RMD160 (openvpn-2.1_rc1.tar.gz) = 751d07c3b9b40cc3c9a1649ad8b10b9d889a5690 +Size (openvpn-2.1_rc1.tar.gz) = 796620 bytes SHA1 (patch-ab) = 05c9df0a7a71cb1cfa4a2f132df02cac822ba3ba -SHA1 (patch-ac) = 7a225a0b88dcf0039cd40f72a10564c72f41b2f1 +SHA1 (patch-ac) = 2fe382042522d46f1f6fba5a3e07992b7d701460 SHA1 (patch-ad) = ee577ad5c5621bbfa05d522e85e467e937929f6e SHA1 (patch-ae) = b6f8f869b5c727120df8dd433e54ffe3537e0006 -SHA1 (patch-af) = ae697790e648c4d351c8c99e21ff79a56c572ddf +SHA1 (patch-af) = acde49f65530921940ce9e5b6fdcfb0cdd9af7c0 diff --git a/net/openvpn/patches/patch-ac b/net/openvpn/patches/patch-ac index d34f8a3fa06..1932f104499 100644 --- a/net/openvpn/patches/patch-ac +++ b/net/openvpn/patches/patch-ac @@ -1,9 +1,9 @@ -$NetBSD: patch-ac,v 1.3 2006/04/11 20:09:52 jlam Exp $ +$NetBSD: patch-ac,v 1.4 2007/02/20 09:40:49 sborrill Exp $ ---- tun.c.orig 2006-04-05 02:29:24.000000000 -0400 -+++ tun.c -@@ -877,7 +877,37 @@ open_tun_generic (const char *dev, const - if (dynamic && !has_digit(dev)) +--- tun.c.orig 2006-10-15 23:30:20.000000000 +0100 ++++ tun.c 2007-02-12 10:52:42.000000000 +0000 +@@ -945,7 +945,37 @@ + if (dynamic && !has_digit((unsigned char *)dev)) { int i; - for (i = 0; i < 256; ++i) @@ -18,7 +18,7 @@ $NetBSD: patch-ac,v 1.3 2006/04/11 20:09:52 jlam Exp $ + if ((tt->fd = open (tunname, O_RDWR)) > 0) + { + struct ifreq ifr; -+ if (ioctl (tt->fd, TAPGIFNAME, (void*)&ifr) < 0) ++ if (ioctl (tt->fd, TAPGIFNAME, (void*)&ifr) < 0) + { + msg (D_READ_WRITE | M_ERRNO, + "ioctl(,TAPGIFNAME,) failed for %s", tunname); @@ -34,7 +34,7 @@ $NetBSD: patch-ac,v 1.3 2006/04/11 20:09:52 jlam Exp $ + } + } + if (!dynamic_opened) -+ msg (D_READ_WRITE | M_ERRNO, "Tried opening %s (failed)", ++ msg (D_READ_WRITE | M_ERRNO, "Tried opening %s (failed)", + tunname); +#endif /* TAPGIFNAME */ + for (i = 0; i < 256 && !dynamic_opened; ++i) diff --git a/net/openvpn/patches/patch-af b/net/openvpn/patches/patch-af index 3bd37cf26d9..3fc933ef25d 100644 --- a/net/openvpn/patches/patch-af +++ b/net/openvpn/patches/patch-af @@ -1,13 +1,13 @@ -$NetBSD: patch-af,v 1.1 2006/04/11 20:09:52 jlam Exp $ +$NetBSD: patch-af,v 1.2 2007/02/20 09:40:49 sborrill Exp $ ---- configure.orig 2006-04-05 04:03:06.000000000 -0400 -+++ configure -@@ -4881,7 +4881,7 @@ fi +--- configure.orig 2006-10-31 22:53:55.000000000 +0000 ++++ configure 2007-02-12 11:01:39.000000000 +0000 +@@ -4929,7 +4929,7 @@ --for ac_header in sys/time.h sys/socket.h sys/ioctl.h sys/stat.h sys/mman.h fcntl.h sys/file.h stdlib.h stdint.h stdarg.h unistd.h signal.h stdio.h string.h strings.h ctype.h errno.h syslog.h pwd.h grp.h net/if_tun.h net/if.h stropts.h sys/sockio.h netinet/in.h netinet/in_systm.h netinet/ip.h netinet/if_ether.h netinet/tcp.h resolv.h arpa/inet.h netdb.h sys/uio.h linux/if_tun.h linux/sockios.h linux/types.h sys/poll.h sys/epoll.h -+for ac_header in sys/time.h sys/socket.h sys/ioctl.h sys/stat.h sys/mman.h fcntl.h sys/file.h stdlib.h stdint.h stdarg.h unistd.h signal.h stdio.h string.h strings.h ctype.h errno.h syslog.h pwd.h grp.h net/if_tap.h net/if_tun.h net/if.h stropts.h sys/sockio.h netinet/in.h netinet/in_systm.h netinet/ip.h netinet/if_ether.h netinet/tcp.h resolv.h arpa/inet.h netdb.h sys/uio.h linux/if_tun.h linux/sockios.h linux/types.h sys/poll.h sys/epoll.h +-for ac_header in sys/time.h sys/socket.h sys/ioctl.h sys/stat.h sys/mman.h fcntl.h sys/file.h stdlib.h stdint.h stdarg.h unistd.h signal.h stdio.h string.h strings.h ctype.h errno.h syslog.h pwd.h grp.h net/if_tun.h net/if.h stropts.h sys/sockio.h netinet/in.h netinet/in_systm.h netinet/ip.h netinet/if_ether.h netinet/tcp.h resolv.h arpa/inet.h netdb.h sys/uio.h linux/if_tun.h linux/sockios.h linux/types.h sys/poll.h sys/epoll.h err.h ++for ac_header in sys/time.h sys/socket.h sys/ioctl.h sys/stat.h sys/mman.h fcntl.h sys/file.h stdlib.h stdint.h stdarg.h unistd.h signal.h stdio.h string.h strings.h ctype.h errno.h syslog.h pwd.h grp.h net/if_tap.h net/if_tun.h net/if.h stropts.h sys/sockio.h netinet/in.h netinet/in_systm.h netinet/ip.h netinet/if_ether.h netinet/tcp.h resolv.h arpa/inet.h netdb.h sys/uio.h linux/if_tun.h linux/sockios.h linux/types.h sys/poll.h sys/epoll.h err.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` if eval "test \"\${$as_ac_Header+set}\" = set"; then |