update to 1.1.4-b4

- fixes two buffer overflows in pptpctrl - README with installation instructions added from Craig Barraclough <craigba@creative.com.au>
2003-06-05 07:53:20 +00:00 · 2003-06-05 07:53:20 +00:00 · 73a6ddf8af
commit 73a6ddf8af
parent cee5555f3a
5 changed files with 106 additions and 15 deletions
--- a/net/poptop/Makefile
+++ b/net/poptop/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2003/04/17 08:59:26 wilfried Exp $
+# $OpenBSD: Makefile,v 1.2 2003/06/05 07:53:20 sturm Exp $

 COMMENT=		"PPTP Server"

-VERSION=		1.1.4
-PKGNAME=		poptop-${VERSION}.b3
-DISTNAME=		pptpd-${VERSION}-b3
+VERSION=		1.1.4-b4
+PKGNAME=		poptop-${VERSION:S/-b/.b/}
+DISTNAME=		pptpd-${VERSION}
 CATEGORIES=		net

 HOMEPAGE=		http://www.poptop.org/
@ -22,10 +22,13 @@ MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=poptop/}
 CONFIGURE_STYLE=	gnu
 CONFIGURE_ARGS+=	--with-bsdppp --with-pppd-ip-alloc

-WRKDIST=		${WRKDIR}/poptop-${VERSION}
+WRKDIST=		${WRKDIR}/${PKGNAME:C/\.b.$//}

 post-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/poptop
-	${INSTALL_DATA} ${WRKSRC}/samples/pptpd.conf ${PREFIX}/share/examples/poptop/pptpd.conf-sample
+	${INSTALL_DATA} ${WRKSRC}/samples/pptpd.conf \
+		${PREFIX}/share/examples/poptop/pptpd.conf-sample
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/poptop/
+	${INSTALL_DATA} ${FILESDIR}/README.OpenBSD ${PREFIX}/share/doc/poptop/

 .include <bsd.port.mk>
--- a/net/poptop/distinfo
+++ b/net/poptop/distinfo
@ -1,3 +1,3 @@
-MD5 (pptpd-1.1.4-b3.tar.gz) = 4dd39d55beef23d4d3948a7df844bbbe
-RMD160 (pptpd-1.1.4-b3.tar.gz) = 9483fa21e930bb5cbd32f69023476f75b27399b8
-SHA1 (pptpd-1.1.4-b3.tar.gz) = 8090fb1dbacb23fdfee457a4e43e70e74df449a6
+MD5 (pptpd-1.1.4-b4.tar.gz) = 58603224998f22542e8d7ecb357bc006
+RMD160 (pptpd-1.1.4-b4.tar.gz) = 4824a2cdb7bd5ba7d4891ba02126700d996731ca
+SHA1 (pptpd-1.1.4-b4.tar.gz) = 0d81d9cd9be498dd442a182c33deafbe694038cd
--- a/net/poptop/files/README.OpenBSD
+++ b/net/poptop/files/README.OpenBSD
@ -0,0 +1,82 @@
+                     PoPToP - Unix PPTP Server
+                   ----------------------------
+1. Kernel
+   PoPToP requires a kernel compiled without GRE support.  See sections 5.3
+   and 5.4 of the OpenBSD FAQ for instructions on compiling a custom kernel
+   http://www.openbsd.org/faq/faq5.html#Options Essentially:
+1.1 Configuration
+   Grab a copy of the src tree (CD3 - src.tar.gz), you'll probably want to
+   sync this to -STABLE.
+        (See http://www.openbsd.org/faq/faq3.html#GetCurrent)
+   Make a copy of src/sys/conf/GENERIC (We'll call it PPTPSrv) Comment out
+   the following line:
+        pseudo-device   gre     1       # GRE encapsulation interface
+   Make a copy of src/sys/arch/`uname -m`/conf/GENERIC (We'll copy to PPTPSrv)
+   Edit the line:
+        include "../../../conf/GENERIC"
+   to point to the modified configuration file in src/sys/conf/ In our case:
+        include "../../../conf/PPTPSrv"
+1.2 Compilation
+   In the src/sys/arch/`uname -m`/conf directory, execute config with the
+   name of the modified configuration file.  (In our case PPTPSrv), then build
+   a new kernel.
+        /usr/sbin/config PPTPSrv cd ../compile/PPTPSrv make clean && make
+        depend && make
+   We now have a new kernel in src/sys/arch/`uname -m`/compile/ called 'bsd'
+   Backup old kernel
+        mv /bsd /bsd.old
+   Copy new kernel
+        cp src/sys/arch/`uname -m`/compile/PPTPSrv/bsd /bsd
+   Reboot. Note: If your source has changed (e.g. you updated to -STABLE),
+   you will most likely need to rebuild the rest of the source tree after
+   reboot.
+2. Configuration of PPTP
+   A sample configuration file is copied into your configuration directory
+   (normally /etc) as pptpd.conf. Personalise this config file to suit. At
+   least configure 'localip' and 'remoteip'.  Only 'localip' needs to be
+   configured on one of your interfaces.
+3. Configuration of PPP
+   PoPToP only handles a small part of the PPTP connection, most of the work
+   is done by PPP.
+3.1 /etc/ppp/options
+   General desired options:
+        proxyarp
+   For Microsoft clients you will want the following options:
+        +MSChap-V2 mppe-128 mppe-stateless
+   Lower cryptography level (40-bit v 128-bit) is also available, but not
+   recommended.
+        mppe-40
+   Optional for Microsoft clients (not preferred)
+        +MSChap
+3.2 /etc/ppp/ppp.conf
+   In ppp.conf create a section pptp
+        pptp: enable proxy set dns IP.Of.DNS.Server1 IP.Of.DNS.Server2 set
+        ifaddr Local.IP Remote.IP set timeout 0
+   For non-Microsoft clients chose your authentication method (one or more
+   of):
+        enable pap enable chap
+   For Microsoft clients you will also want:
+        enable MSChapV2
+   If you chose "+MSChap" in options above you can enable it with
+        enable MSChap
+   If you have a WINS server:
+        set nbns IP.Of.WINS.Server
+3.3 Users and Passwords
+   You will now need to create username/password entries for your users in
+   /etc/ppp/ppp.secret. See /etc/ppp/ppp.secret.sample for examples. If you
+   assigned a range to 'remoteip' in the above configuration files, you can
+   assign per-user IPs for accounting purposes here (third field).
+4. Firewalls
+   There are three flows you will need to create.  An inbound TCP connection
+   to port 1723 (Initial connection)
+        pass in  quick on $ext_if proto tcp from any to $ext_ip port = 1723 \
+        modulate state
+   An inbound and outbound GRE connection (The main data channel)
+        pass in  quick on $ext_if proto gre from any to $ext_ip keep state
+        pass out quick on $ext_if proto gre from $ext_ip to any keep state
+   Where $ext_ip is the externally accessable IP address ('host' in the PPTP
+   client config).
+   Also, make sure you have flows defined to allow the traffic out of your 
+   server. The traffic will appear to be from the IP address defined in
+   ppp.secret, or if not defined there, Remote.IP as defined in ppp.conf
+   (first available if this a pool).
--- a/net/poptop/pkg/INSTALL
+++ b/net/poptop/pkg/INSTALL
@ -1,5 +1,5 @@
 #!/bin/sh
-# $OpenBSD: INSTALL,v 1.1.1.1 2003/04/17 08:59:26 wilfried Exp $
+# $OpenBSD: INSTALL,v 1.2 2003/06/05 07:53:20 sturm Exp $



@ -19,8 +19,6 @@ do_notice()
    echo "| has NOT been changed.  You may want to compare it to the"
    echo "| current sample file, $SAMPLE_CONFIG_FILE,"
    echo "| and update your configuration as needed."
-    echo "+---------------"
-    echo
 }

 do_install()
@ -31,9 +29,14 @@ do_install()
    echo "| The $1 configuration file, $CONFIG_FILE,"
    echo "| has been installed.  Please view this file and change"
    echo "| the configuration to meet your needs."
-    echo "+---------------"
-    echo
+}

+do_notice2()
+{
+    echo "| "
+    echo "| Please read ${PREFIX}/share/doc/poptop/README.OpenBSD for"
+    echo "| important installation notes before running PoPToP."
+    echo "+---------------"
 }

 # verify proper execution
@ -55,6 +58,7 @@ case $2 in
 	else
 	    do_install $1
 	fi
+	do_notice2
 	;;
    *)
 	echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
--- a/net/poptop/pkg/PLIST
+++ b/net/poptop/pkg/PLIST
@ -1,8 +1,10 @@
-@comment $OpenBSD: PLIST,v 1.1.1.1 2003/04/17 08:59:26 wilfried Exp $
+@comment $OpenBSD: PLIST,v 1.2 2003/06/05 07:53:20 sturm Exp $
 man/man5/pptpd.conf.5
 man/man8/pptpctrl.8
 man/man8/pptpd.8
 sbin/pptpctrl
 sbin/pptpd
+share/doc/poptop/README.OpenBSD
 share/examples/poptop/pptpd.conf-sample
@dirrm share/examples/poptop
+@dirrm share/doc/poptop