FreeBSD Bugzilla – Attachment 56377 Details for
Bug 85109
[MAINTAINER] security/openvpn: security update, rcNGify
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
openvpn-2.0.1.patch
openvpn-2.0.1.patch (text/plain), 11.82 KB, created by
Matthias Andree
on 2005-08-19 03:30:18 UTC
(
hide
)
Description:
openvpn-2.0.1.patch
Filename:
MIME Type:
Creator:
Matthias Andree
Created:
2005-08-19 03:30:18 UTC
Size:
11.82 KB
patch
obsolete
>diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile >--- /usr/ports/security/openvpn/Makefile Wed Jul 20 19:26:33 2005 >+++ /usr/home/emma/ports/security/openvpn/Makefile Fri Aug 19 03:57:38 2005 >@@ -1,21 +1,18 @@ > # New ports collection makefile for: openvpn > # Date created: 2002-06-23 >-# Whom: Matthias Andree <matthias.andree@web.de> >+# Whom: Matthias Andree <matthias.andree@gmx.de> > # > # $FreeBSD: ports/security/openvpn/Makefile,v 1.14 2005/07/14 13:15:47 garga Exp $ > # > > PORTNAME= openvpn >-DISTVERSION= 2.0 >-PORTREVISION= 3 >+DISTVERSION= 2.0.1 > CATEGORIES= security > MASTER_SITES= http://openvpn.net/release/ > > MAINTAINER= matthias.andree@gmx.de > COMMENT= Secure IP/Ethernet tunnel daemon > >-LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo >- > GNU_CONFIGURE= yes > USE_OPENSSL= yes > CONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL} >@@ -26,25 +23,31 @@ > > OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off > >+USE_RC_SUBR= openvpn.sh >+ >+SUB_FILES= pkg-message >+ > .include <bsd.port.pre.mk> > >+# NOTE: there is no way to explicitly specify the LZO version to OpenVPN, >+# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2. >+# So depend on LZO1 only if it's already there and LZO2 isn't. >+# PACKAGE_BUILDING will also force LZO2. >+.if exists(${LOCALBASE}/lib/liblzo2.so.2) || !exists(${LOCALBASE}/lib/liblzo.so.1) || defined(PACKAGE_BUILDING) >+LIB_DEPENDS= lzo2.2:${PORTSDIR}/archivers/lzo2 >+.else >+LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo >+.endif >+ > .if defined(WITH_PW_SAVE) > CONFIGURE_ARGS+= --enable-password-save > .endif > > # self-tests here > post-build: >- ( set -e ; cd ${WRKSRC} && \ >- ./openvpn --genkey --secret key && \ >- ./openvpn --test-crypto --secret key && ${RM} key ) >- ( set -e ; cd ${WRKSRC} && { \ >- ./openvpn --config sample-config-files/loopback-server & \ >- ./openvpn --config sample-config-files/loopback-client ; \ >- wait ; }) >+ cd ${WRKSRC} && ${MAKE} check > > post-install: >- ${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \ >- ${PREFIX}/etc/rc.d/openvpn.sh.sample > .if !defined(NOPORTDOCS) > ${MKDIR} ${DOCSDIR} > .for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \ >@@ -56,5 +59,6 @@ > | ${GREP} -v easy-rsa/Windows \ > | ${CPIO} -pdmu ${DOCSDIR} ) > .endif >+ @${CAT} ${PKGMESSAGE} > > .include <bsd.port.post.mk> >diff -ruN --exclude=CVS /usr/ports/security/openvpn/distinfo /usr/home/emma/ports/security/openvpn/distinfo >--- /usr/ports/security/openvpn/distinfo Mon May 30 13:27:16 2005 >+++ /usr/home/emma/ports/security/openvpn/distinfo Fri Aug 19 02:01:49 2005 >@@ -1,2 +1,2 @@ >-MD5 (openvpn-2.0.tar.gz) = 7401faebc6baee9add32608709c54eec >-SIZE (openvpn-2.0.tar.gz) = 639201 >+MD5 (openvpn-2.0.1.tar.gz) = fad7a08c0d68371c2c0e6428bcb98fa5 >+SIZE (openvpn-2.0.1.tar.gz) = 662428 >diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/openvpn.sh.in /usr/home/emma/ports/security/openvpn/files/openvpn.sh.in >--- /usr/ports/security/openvpn/files/openvpn.sh.in Thu Jan 1 01:00:00 1970 >+++ /usr/home/emma/ports/security/openvpn/files/openvpn.sh.in Fri Aug 19 04:06:25 2005 >@@ -0,0 +1,99 @@ >+#!/bin/sh >+# >+# openvpn.sh - load tun/tap driver and start OpenVPN daemon >+# >+# (C) Copyright 2005 by Matthias Andree >+# based on suggestions by Matthias Grimm and Dirk Gouders >+# >+# Made in Northrhine-Westphalia, Germany >+# >+# $FreeBSD$ >+# >+# This program is free software; you can redistribute it and/or modify it under >+# the terms of the GNU General Public License as published by the Free Software >+# Foundation; either version 2 of the License, or (at your option) any later >+# version. >+# >+# This program is distributed in the hope that it will be useful, but WITHOUT >+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS >+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more >+# details. >+# >+# You should have received a copy of the GNU General Public License along with >+# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin >+# Street, Fifth Floor, Boston, MA 02110-1301, USA. >+ >+# PROVIDE: openvpn >+# REQUIRE: DAEMON >+# BEFORE: >+# KEYWORD: FreeBSD shutdown >+ >+# ----------------------------------------------------------------------------- >+# >+# Add the following lines to /etc/rc.conf to enable openvpn at boot-up time: >+# >+# openvpn_enable="YES" # YES or NO >+# openvpn_if="tun" # driver(s) to load, set to "tun", "tap" or "tun tap" >+# >+# # optional: >+# openvpn_flags="" # openvpn command line flags >+# openvpn_config="%%PREFIX%%/etc/openvpn/openvpn.conf" # --config file >+# openvpn_dir="%%PREFIX%%/etc/openvpn" # --cd directory >+# >+# You also need to set openvpn_configfile and openvpn_dir, if the configuration >+# file and directory where keys and certificates reside differ from the above >+# settings. >+# >+# Note that we deliberately refrain from unloading drivers. >+# >+# For further documentation, please see openvpn(8). >+# >+ >+. %%RC_SUBR%% >+ >+name=openvpn >+rcvar=`set_rcvar` >+ >+prefix="%%PREFIX%%" >+ >+openvpn_precmd() >+{ >+ for i in $openvpn_if ; do >+ if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 ; then >+ if ! kldload if_${i} ; then >+ warn "Could not load $i module." >+ return 1 >+ fi >+ fi >+ done >+ return 0 >+} >+ >+stop_postcmd() >+{ >+ rm -f "$pidfile" || warn "Could not remove $pidfile." >+} >+ >+# support SIGHUP to reparse configuration file >+extra_commands="reload" >+ >+# pidfile >+pidfile="/var/run/${name}.pid" >+ >+# command and arguments >+command="%%PREFIX%%/sbin/${name}" >+ >+# run this first >+start_precmd="openvpn_precmd" >+# and this last >+stop_postcmd="stop_postcmd" >+ >+load_rc_config ${name} >+: ${openvpn_enable="NO"} >+: ${openvpn_flags=""} >+: ${openvpn_if=""} >+: ${openvpn_configfile="${prefix}/etc/openvpn/openvpn.conf"} >+: ${openvpn_dir="${prefix}/etc/openvpn"} >+required_files="${openvpn_configfile}" >+command_args="--cd ${openvpn_dir} --daemon --config ${openvpn_configfile} --writepid ${pidfile}" >+run_rc_command "$1" >diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/openvpn.sh.sample /usr/home/emma/ports/security/openvpn/files/openvpn.sh.sample >--- /usr/ports/security/openvpn/files/openvpn.sh.sample Fri Oct 25 22:55:29 2002 >+++ /usr/home/emma/ports/security/openvpn/files/openvpn.sh.sample Thu Jan 1 01:00:00 1970 >@@ -1,19 +0,0 @@ >-#! /bin/sh >-# (C) 2002 by Matthias Andree >- >-# This file may be redistributed according to the terms of the GNU General >-# Public License, version 2 (two). >- >-# To use this script, rename it to openvpn.sh and make sure it is >-# executable for the owner. >- >-# This file rouses a security warning at port install time. However, this >-# file itself does not start network services, but it loads a kernel driver. >-# The security of this file therefore depends on the security of kldload and >-# the if_tap driver. >- >-case x$1 in >- xstart) echo -n ' if_tap' ; exec kldload if_tap ;; >- xstop) echo -n ' if_tap' ; exec kldunload if_tap ;; >- *) echo >&2 "Usage: $0 {start|stop}" >-esac >diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/pkg-message.in /usr/home/emma/ports/security/openvpn/files/pkg-message.in >--- /usr/ports/security/openvpn/files/pkg-message.in Thu Jan 1 01:00:00 1970 >+++ /usr/home/emma/ports/security/openvpn/files/pkg-message.in Fri Aug 19 04:04:47 2005 >@@ -0,0 +1,18 @@ >+### ------------------------------------------------------------------------ >+### The OpenVPN port, since v2.0.1, uses rcNG to start OpenVPN. >+### Edit /etc/rc.conf to start OpenVPN automatically at system startup. >+### See %%PREFIX%%/etc/rc.d/openvpn.sh for details. >+### ------------------------------------------------------------------------ >+### To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to >+### edit the 1.X configuration file by adding these lines: >+### tun-mtu 1500 >+### tun-mtu-extra 32 >+### mssfix 1450 >+### key-method 2 <- this key-method line only for TLS setups >+### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >+### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194! >+### OpenVPN 1.6 and older used 5000 rather than 1194 as their default >+### port, so add the proper port options to your configuration file! >+### ------------------------------------------------------------------------ >+### For further compatibility, see <http://openvpn.net/relnotes.html> >+### ------------------------------------------------------------------------ >diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-message /usr/home/emma/ports/security/openvpn/pkg-message >--- /usr/ports/security/openvpn/pkg-message Mon May 30 13:27:16 2005 >+++ /usr/home/emma/ports/security/openvpn/pkg-message Thu Jan 1 01:00:00 1970 >@@ -1,20 +0,0 @@ >-### ---------------------------------------------------------------------- ### >-### To use the tap driver, you may need to do: kldload if_tap ### >-### See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this ### >-### automatically at system boot-up time. ### >-### ---------------------------------------------------------------------- ### >-### To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to ### >-### edit the 1.X configuration file by adding these lines: ### >-### ### >-### tun-mtu 1500 ### >-### tun-mtu-extra 32 ### >-### mssfix 1450 ### >-### ### >-### key-method 2 <- this key-method line only for TLS setups ### >-### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ### >-### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194! ### >-### OpenVPN 1.6 and older used 5000 rather than 1194 as their default ### >-### port, so add the proper port options to your configuration file! ### >-### ---------------------------------------------------------------------- ### >-### For further compatibility, see <http://openvpn.net/relnotes.html> ### >-### ---------------------------------------------------------------------- ### >diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-plist /usr/home/emma/ports/security/openvpn/pkg-plist >--- /usr/ports/security/openvpn/pkg-plist Mon May 30 13:27:16 2005 >+++ /usr/home/emma/ports/security/openvpn/pkg-plist Fri Aug 19 03:55:03 2005 >@@ -1,5 +1,4 @@ > sbin/openvpn >-etc/rc.d/openvpn.sh.sample > %%PORTDOCS%%%%DOCSDIR%%/AUTHORS > %%PORTDOCS%%%%DOCSDIR%%/COPYING > %%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL >@@ -26,6 +25,25 @@ > %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-full > %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/sign-req > %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/vars >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12 >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/scripts >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req >+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars > %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README > %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf > %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh >@@ -49,5 +67,6 @@ > %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn > %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts > %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files >+%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0 > %%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa > %%PORTDOCS%%@dirrm %%DOCSDIR%%
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=56377">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 85109
: 56377