*) add NOTE about Alcatel ADSL modem vulnerabilities

*) nicer reconnect script *) bump NEED_VERSION *) integrate COMMENT *) various cleanups (esp. for bbaa flavor)
2001-04-12 14:27:12 +00:00 · 2001-04-12 14:27:12 +00:00 · a1fce72e8b
commit a1fce72e8b
parent bfee7c55c1
5 changed files with 39 additions and 13 deletions
--- a/net/pptp/Makefile
+++ b/net/pptp/Makefile
@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.2 2001/02/04 14:57:29 reinhard Exp $
+# $OpenBSD: Makefile,v 1.3 2001/04/12 14:27:12 reinhard Exp $
 # $NetBSD: Makefile,v 1.1.1.1 2000/04/10 01:14:01 jtk Exp $

+COMMENT=	'PPTP client package for Microsoft VPN servers'
 DISTNAME=	pptp-linux-1.0.2
 PKGNAME=	pptp-1.0.2
-NEED_VERSION=	1.340
+NEED_VERSION=	1.394
 CATEGORIES=	net
 MASTER_SITES= 	http://cag.lcs.mit.edu/~cananian/Synaptics/release/

@ -16,21 +17,27 @@ PERMIT_PACKAGE_FTP=     Yes
 PERMIT_DISTFILES_CDROM= Yes 
 PERMIT_DISTFILES_FTP=   Yes

+# bbaa: workaround for buggy Alcatel ADSL 1000 modems
 FLAVORS+=	bbaa
 FLAVOR?= 

 .if ${FLAVOR:L:Mbbaa}
+# needs a slightly modified patch; backup default patch
 pre-patch:
-		@cp ${PATCHDIR}/patch-pptc_ctrl_c ${PATCHDIR}/patch-pptc_ctrl_c.orig
+		@cp -p ${PATCHDIR}/patch-pptc_ctrl_c ${PATCHDIR}/patch-pptc_ctrl_c.orig
 		@cp ${FILESDIR}/patch-pptc_ctrl_c ${PATCHDIR}/patch-pptc_ctrl_c
 .endif

 post-patch:
-		@cp files/pptp_8 files/pptp_reconnect ${WRKSRC}
 		@cd ${WRKSRC}; sed -e s,PREFIX,${PREFIX}, \
-			< pptp_8 > pptp.8
+			< ${FILESDIR}/pptp_8 > pptp.8
 		@cd ${WRKSRC}; sed -e s,PREFIX,${PREFIX}, \
-			< pptp_reconnect > pptp-reconnect
-		@rm ${WRKSRC}/pptp_8 ${WRKSRC}/pptp_reconnect
+			< ${FILESDIR}/pptp_reconnect > pptp-reconnect
+
+.if ${FLAVOR:L:Mbbaa}
+# move default patch back
+post-install:
+		@mv ${PATCHDIR}/patch-pptc_ctrl_c.orig ${PATCHDIR}/patch-pptc_ctrl_c
+.endif

 .include <bsd.port.mk>
--- a/net/pptp/files/pptp_reconnect
+++ b/net/pptp/files/pptp_reconnect
@ -1,12 +1,13 @@
 #!/bin/sh
-# $OpenBSD: pptp_reconnect,v 1.1.1.1 2000/12/21 14:02:52 reinhard Exp $ 
+# $OpenBSD: pptp_reconnect,v 1.2 2001/04/12 14:27:12 reinhard Exp $ 
 #
 # PPTP reconnect script
 #
-# sample crontab entry: 0,30 * * * * /sbin/ping -c 2 MY_REMOTE_PEER_IP >/dev/null || /usr/local/sbin/pptp-reconnect
+# sample crontab entry: 
+# 0,30 * * * * /sbin/ping -c 2 MY_REMOTE_PEER_IP >/dev/null || PREFIX/sbin/pptp-reconnect
 #
 #
-# INSTALL-INSTRUCTIONS: edit below ip and uncomment the line
+# INSTALL-INSTRUCTIONS: edit following IP and uncomment the line
 #MODEMIP=10.0.0.138
 
 PATH=/bin:/usr/bin:/sbin:/usr/sbin:PREFIX/sbin
@ -24,12 +25,14 @@ echo "Killing pptp."
 kill -9	`ps -ax|grep pptp|grep -v pptp-reconnect|grep -v grep|awk '{print $1}'`
 /bin/sleep 3

-if [ -x /var/run/pptp/$MODEMIP ]; then
+if [ -S /var/run/pptp/$MODEMIP ]; then
 	/bin/rm -f /var/run/pptp/$MODEMIP
 fi

 echo "Establishing connection."
-PREFIX/sbin/pptp $MODEMIP >/var/log/ppp.log 2>&1
+echo "=========================================================" >> /var/log/ppp.log 
+echo "Establishing connection at `date`." >> /var/log/ppp.log 
+PREFIX/sbin/pptp $MODEMIP >> /var/log/ppp.log 2>&1
 /bin/sleep 7

 echo "Flushing rulesets:"
--- a/net/pptp/pkg/COMMENT
+++ b/net/pptp/pkg/COMMENT
@ -1 +0,0 @@
-PPTP client package for Microsoft VPN servers 
--- a/net/pptp/pkg/MESSAGE
+++ b/net/pptp/pkg/MESSAGE
@ -9,3 +9,12 @@ by your ISP.
 If you get "LCP timeout sending config request" messages, build a 
 kernel without "GRE encapsulation interface" support.
 (NB: look in /usr/src/sys/conf/GENERIC for "pseudo-device   gre     1".)
+
+==========================================================================
+ATTENTION:
+Alcatel ADSL modems contain default logins with easily computed passwords.
+See http://security.sdsc.edu/self-help/alcatel/ for more information.
+==========================================================================
+
+You may want to use TCP/IP packet filter rules to prevent unauthorized 
+access to your modem (from internal net or spoofed/bounced TCP/IP packets).
--- a/net/pptp/pkg/SECURITY
+++ b/net/pptp/pkg/SECURITY
@ -0,0 +1,8 @@
+==========================================================================
+ATTENTION:
+Alcatel ADSL modems contain default logins with easily computed passwords.
+See http://security.sdsc.edu/self-help/alcatel/ for more information.
+==========================================================================
+
+You may want to use TCP/IP packet filter rules to prevent unauthorized 
+access to your modem (from internal net or spoofed/bounced TCP/IP packets).
				`@ -1 +0,0 @@`
				`PPTP client package for Microsoft VPN servers`