cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to OpenVPN 2.1.2

Browse Source 
while here, enable dropping to _openvpn user in the sample configs.
ok and feedback ajacoutot@
This commit is contained in:
fkr 2010-08-30 18:32:20 +00:00
parent bc8dc131fe
commit 3ebadeeb9d
15 changed files with 70 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/openvpn/Makefile
View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.30 2010/07/12 22:07:39 sthen Exp $
# $OpenBSD: Makefile,v 1.31 2010/08/30 18:32:20 fkr Exp $
COMMENT= easy-to-use, robust, and highly configurable VPN
VERSION= 2.1.0
VERSION= 2.1.2
DISTNAME= openvpn-${VERSION}
REVISION= 0
CATEGORIES= net security

10
net/openvpn/distinfo
View File

@ -1,5 +1,5 @@
MD5 (openvpn-2.1.0.tar.gz) = RSqDMmrhmM+WHprgJTnI+w==
RMD160 (openvpn-2.1.0.tar.gz) = Ope52zG8SChnbEnuGKy9BttTx1o=
SHA1 (openvpn-2.1.0.tar.gz) = 3G/1saFOTtuF7JKTCxDk7l6NA7M=
SHA256 (openvpn-2.1.0.tar.gz) = ZjT4lXUECxmHoeeTtdb+2xEIgAfrFQ29q0qM/fPAaG4=
SIZE (openvpn-2.1.0.tar.gz) = 879876
MD5 (openvpn-2.1.2.tar.gz) = VDow2vze/h1nwOR7gHQXVQ==
RMD160 (openvpn-2.1.2.tar.gz) = XZYGv4sLpxbWjvE8gaPoTYtambM=
SHA1 (openvpn-2.1.2.tar.gz) = Ah+Ai7p5viOL0KOM/Li5LdBLhaM=
SHA256 (openvpn-2.1.2.tar.gz) = Nuw3uhe1Nraao0WaiRwVvmIY8coOwynfi36mO7aV4VM=
SIZE (openvpn-2.1.2.tar.gz) = 861104

8
net/openvpn/patches/patch-init_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-init_c,v 1.2 2010/07/08 09:18:25 fkr Exp $
--- init.c.orig Thu Oct 1 20:02:18 2009
+++ init.c Thu Jul 8 07:15:30 2010
@@ -2216,6 +2216,7 @@ do_init_socket_1 (struct context *c, const int mode)
$OpenBSD: patch-init_c,v 1.3 2010/08/30 18:32:20 fkr Exp $
--- init.c.orig Wed Jul 21 21:08:41 2010
+++ init.c Sun Aug 22 16:10:23 2010
@@ -2451,6 +2451,7 @@ do_init_socket_1 (struct context *c, const int mode)
c->options.mtu_discover_type,
c->options.rcvbuf,
c->options.sndbuf,

8
net/openvpn/patches/patch-openvpn_8
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-openvpn_8,v 1.2 2010/07/08 09:18:25 fkr Exp $
--- openvpn.8.orig Fri Dec 11 09:04:24 2009
+++ openvpn.8 Thu Jul 8 07:32:55 2010
@@ -1313,6 +1313,11 @@ on both client and server for maximum effect.
$OpenBSD: patch-openvpn_8,v 1.3 2010/08/30 18:32:20 fkr Exp $
--- openvpn.8.orig Tue Aug 10 19:27:02 2010
+++ openvpn.8 Sun Aug 22 16:10:23 2010
@@ -1326,6 +1326,11 @@ on both client and server for maximum effect.
Currently defaults to 100.
.\"*********************************************************
.TP

12
net/openvpn/patches/patch-options_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-options_c,v 1.2 2010/07/08 09:18:25 fkr Exp $
--- options.c.orig Fri Dec 11 09:09:39 2009
+++ options.c Thu Jul 8 07:15:14 2010
@@ -250,6 +250,7 @@ static const char usage_message[] =
$OpenBSD: patch-options_c,v 1.3 2010/08/30 18:32:20 fkr Exp $
--- options.c.orig Tue Jul 27 23:44:34 2010
+++ options.c Sun Aug 22 16:10:23 2010
@@ -254,6 +254,7 @@ static const char usage_message[] =
"--sndbuf size : Set the TCP/UDP send buffer size.\n"
"--rcvbuf size : Set the TCP/UDP receive buffer size.\n"
"--txqueuelen n : Set the tun/tap TX queue length to n (Linux only).\n"
@ -9,7 +9,7 @@ $OpenBSD: patch-options_c,v 1.2 2010/07/08 09:18:25 fkr Exp $
"--mlock : Disable Paging -- ensures key material and tunnel\n"
" data will never be written to disk.\n"
"--up cmd : Shell cmd to execute after successful tun device open.\n"
@@ -1253,6 +1254,7 @@ show_settings (const struct options *o)
@@ -1261,6 +1262,7 @@ show_settings (const struct options *o)
#endif
SHOW_INT (rcvbuf);
SHOW_INT (sndbuf);
@ -17,7 +17,7 @@ $OpenBSD: patch-options_c,v 1.2 2010/07/08 09:18:25 fkr Exp $
SHOW_INT (sockflags);
SHOW_BOOL (fast_io);
@@ -3989,6 +3991,11 @@ add_option (struct options *options,
@@ -4169,6 +4171,11 @@ add_option (struct options *options,
{
VERIFY_PERMISSION (OPT_P_SOCKBUF);
options->sndbuf = positive_atoi (p[1]);

8
net/openvpn/patches/patch-options_h
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-options_h,v 1.2 2010/07/08 09:18:25 fkr Exp $
--- options.h.orig Thu Oct 1 20:02:18 2009
+++ options.h Thu Jul 8 07:32:35 2010
@@ -285,6 +285,9 @@ struct options
$OpenBSD: patch-options_h,v 1.3 2010/08/30 18:32:20 fkr Exp $
--- options.h.orig Mon May 31 10:05:13 2010
+++ options.h Sun Aug 22 16:10:24 2010
@@ -310,6 +310,9 @@ struct options
int rcvbuf;
int sndbuf;

10
net/openvpn/patches/patch-route_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-route_c,v 1.3 2009/10/10 13:35:34 sthen Exp $
--- route.c.orig Thu Oct 1 20:02:18 2009
+++ route.c Sat Oct 10 15:33:07 2009
@@ -1919,7 +1919,7 @@ get_default_gateway (in_addr_t *ret, in_addr_t *netmas
$OpenBSD: patch-route_c,v 1.4 2010/08/30 18:32:20 fkr Exp $
--- route.c.orig Mon Jul 12 03:54:09 2010
+++ route.c Sun Aug 22 16:10:24 2010
@@ -1946,7 +1946,7 @@ get_default_gateway (in_addr_t *ret, in_addr_t *netmas
}
}
@ -10,7 +10,7 @@ $OpenBSD: patch-route_c,v 1.3 2009/10/10 13:35:34 sthen Exp $
#include <sys/types.h>
#include <sys/socket.h>
@@ -1968,6 +1968,169 @@ struct rt_msghdr {
@@ -1995,6 +1995,169 @@ struct rt_msghdr {
int rtm_errno; /* why failed */
int rtm_use; /* from rtentry */
u_long rtm_inits; /* which metrics we are initializing */

10
net/openvpn/patches/patch-sample-config-files_client_conf
View File

@ -1,14 +1,14 @@
$OpenBSD: patch-sample-config-files_client_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
--- sample-config-files/client.conf.orig Tue Nov 1 12:06:10 2005
+++ sample-config-files/client.conf Fri Dec 15 09:22:42 2006
$OpenBSD: patch-sample-config-files_client_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $
--- sample-config-files/client.conf.orig Wed Mar 31 08:47:07 2010
+++ sample-config-files/client.conf Fri Aug 27 09:03:50 2010
@@ -58,8 +58,8 @@ resolv-retry infinite
nobind
# Downgrade privileges after initialization (non-Windows only)
-;user nobody
-;group nobody
+;user _openvpn
+;group _openvpn
+user _openvpn
+group _openvpn
# Try to preserve some state across restarts.
persist-key

10
net/openvpn/patches/patch-sample-config-files_server_conf
View File

@ -1,14 +1,14 @@
$OpenBSD: patch-sample-config-files_server_conf,v 1.2 2008/10/22 05:27:07 fkr Exp $
--- sample-config-files/server.conf.orig Sun Aug 10 20:35:25 2008
+++ sample-config-files/server.conf Sun Sep 21 20:25:00 2008
$OpenBSD: patch-sample-config-files_server_conf,v 1.3 2010/08/30 18:32:20 fkr Exp $
--- sample-config-files/server.conf.orig Wed Mar 31 08:47:07 2010
+++ sample-config-files/server.conf Fri Aug 27 09:04:00 2010
@@ -259,8 +259,8 @@ comp-lzo
#
# You can uncomment this out on
# non-Windows systems.
-;user nobody
-;group nobody
+;user _openvpn
+;group _openvpn
+user _openvpn
+group _openvpn
# The persist options will try to avoid
# accessing certain resources on restart

10
net/openvpn/patches/patch-sample-config-files_static-home_conf
View File

@ -1,6 +1,6 @@
$OpenBSD: patch-sample-config-files_static-home_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
--- sample-config-files/static-home.conf.orig Tue Nov 1 12:06:10 2005
+++ sample-config-files/static-home.conf Fri Dec 15 09:22:42 2006
$OpenBSD: patch-sample-config-files_static-home_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $
--- sample-config-files/static-home.conf.orig Wed Mar 31 08:47:07 2010
+++ sample-config-files/static-home.conf Fri Aug 27 09:04:10 2010
@@ -37,10 +37,10 @@ secret static.key
; port 1194
@ -10,8 +10,8 @@ $OpenBSD: patch-sample-config-files_static-home_conf,v 1.1 2006/12/15 09:56:14 r
# for extra security.
-; user nobody
-; group nobody
+; user _openvpn
+; group _openvpn
+user _openvpn
+group _openvpn
# If you built OpenVPN with
# LZO compression, uncomment

10
net/openvpn/patches/patch-sample-config-files_static-office_conf
View File

@ -1,6 +1,6 @@
$OpenBSD: patch-sample-config-files_static-office_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
--- sample-config-files/static-office.conf.orig Tue Nov 1 12:06:10 2005
+++ sample-config-files/static-office.conf Fri Dec 15 09:22:42 2006
$OpenBSD: patch-sample-config-files_static-office_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $
--- sample-config-files/static-office.conf.orig Wed Mar 31 08:47:07 2010
+++ sample-config-files/static-office.conf Fri Aug 27 09:04:19 2010
@@ -34,10 +34,10 @@ secret static.key
; port 1194
@ -10,8 +10,8 @@ $OpenBSD: patch-sample-config-files_static-office_conf,v 1.1 2006/12/15 09:56:14
# for extra security.
-; user nobody
-; group nobody
+; user _openvpn
+; group _openvpn
+user _openvpn
+group _openvpn
# If you built OpenVPN with
# LZO compression, uncomment

10
net/openvpn/patches/patch-sample-config-files_tls-home_conf
View File

@ -1,6 +1,6 @@
$OpenBSD: patch-sample-config-files_tls-home_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
--- sample-config-files/tls-home.conf.orig Tue Nov 1 12:06:10 2005
+++ sample-config-files/tls-home.conf Fri Dec 15 09:22:42 2006
$OpenBSD: patch-sample-config-files_tls-home_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $
--- sample-config-files/tls-home.conf.orig Wed Mar 31 08:47:07 2010
+++ sample-config-files/tls-home.conf Fri Aug 27 09:04:28 2010
@@ -48,10 +48,10 @@ key home.key
; port 1194
@ -10,8 +10,8 @@ $OpenBSD: patch-sample-config-files_tls-home_conf,v 1.1 2006/12/15 09:56:14 robe
# for extra security.
-; user nobody
-; group nobody
+; user _openvpn
+; group _openvpn
+user _openvpn
+group _openvpn
# If you built OpenVPN with
# LZO compression, uncomment

10
net/openvpn/patches/patch-sample-config-files_tls-office_conf
View File

@ -1,6 +1,6 @@
$OpenBSD: patch-sample-config-files_tls-office_conf,v 1.1 2006/12/15 09:56:14 robert Exp $
--- sample-config-files/tls-office.conf.orig Tue Nov 1 12:06:10 2005
+++ sample-config-files/tls-office.conf Fri Dec 15 09:22:42 2006
$OpenBSD: patch-sample-config-files_tls-office_conf,v 1.2 2010/08/30 18:32:20 fkr Exp $
--- sample-config-files/tls-office.conf.orig Wed Mar 31 08:47:07 2010
+++ sample-config-files/tls-office.conf Fri Aug 27 09:04:39 2010
@@ -48,10 +48,10 @@ key office.key
; port 1194
@ -10,8 +10,8 @@ $OpenBSD: patch-sample-config-files_tls-office_conf,v 1.1 2006/12/15 09:56:14 ro
# for extra security.
-; user nobody
-; group nobody
+; user _openvpn
+; group _openvpn
+user _openvpn
+group _openvpn
# If you built OpenVPN with
# LZO compression, uncomment

19
net/openvpn/patches/patch-socket_c
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-socket_c,v 1.2 2010/07/08 09:18:25 fkr Exp $
--- socket.c.orig Fri Dec 11 05:59:45 2009
+++ socket.c Tue Jul 6 23:49:11 2010
@@ -503,6 +503,20 @@ socket_set_tcp_nodelay (int sd, int state)
$OpenBSD: patch-socket_c,v 1.3 2010/08/30 18:32:20 fkr Exp $
--- socket.c.orig Mon Jul 26 08:15:03 2010
+++ socket.c Sun Aug 22 16:13:58 2010
@@ -533,6 +533,20 @@ socket_set_tcp_nodelay (int sd, int state)
#endif
}
@ -22,7 +22,7 @@ $OpenBSD: patch-socket_c,v 1.2 2010/07/08 09:18:25 fkr Exp $
static bool
socket_set_flags (int sd, unsigned int sockflags)
{
@@ -1181,6 +1195,7 @@ link_socket_init_phase1 (struct link_socket *sock,
@@ -1211,6 +1225,7 @@ link_socket_init_phase1 (struct link_socket *sock,
int mtu_discover_type,
int rcvbuf,
int sndbuf,
@ -30,14 +30,13 @@ $OpenBSD: patch-socket_c,v 1.2 2010/07/08 09:18:25 fkr Exp $
unsigned int sockflags)
{
ASSERT (sock);
@@ -1291,6 +1306,10 @@ link_socket_init_phase1 (struct link_socket *sock,
@@ -1321,6 +1336,9 @@ link_socket_init_phase1 (struct link_socket *sock,
else if (mode != LS_MODE_TCP_ACCEPT_FROM)
{
create_socket (sock);
+
+ /* set the routing domain for the socket */
+ socket_set_rtable (sock->sd, rtable);
+
resolve_bind_local (sock);
resolve_remote (sock, 1, NULL, NULL);
}
/* set socket buffers based on --sndbuf and --rcvbuf options */
socket_set_buffers (sock->sd, &sock->socket_buffer_sizes);

3
net/openvpn/pkg/PLIST
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST,v 1.11 2009/11/26 22:55:28 fkr Exp $
@comment $OpenBSD: PLIST,v 1.12 2010/08/30 18:32:20 fkr Exp $
@newgroup _openvpn:577
@newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin
@man man/man8/openvpn.8
@ -79,7 +79,6 @@ share/examples/openvpn/sample-scripts/
share/examples/openvpn/sample-scripts/auth-pam.pl
share/examples/openvpn/sample-scripts/bridge-start
share/examples/openvpn/sample-scripts/bridge-stop
share/examples/openvpn/sample-scripts/bs
share/examples/openvpn/sample-scripts/openvpn.init
share/examples/openvpn/sample-scripts/ucn.pl
share/examples/openvpn/sample-scripts/verify-cn