Subject: pkg/30239: Update net/openvpn-current package
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Ian Zagorskih <ianzag@megasignal.com>
List: pkgsrc-bugs
Date: 05/16/2005 10:05:00
>Number: 30239
>Category: pkg
>Synopsis: Update net/openvpn-current package
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon May 16 10:05:00 +0000 2005
>Originator: Ian Zagorskih
>Release: NetBSD 3.99.3
>Organization:
NGEDC
>Environment:
System: NetBSD IANZAG 3.99.3 NetBSD 3.99.3 (DWL-G122) #8: Sat May 14 12:15:50
NOVST 2005 ianzag@IANZAG:/home/ianzag/NetBSD/kernel/DWL-G122 i386
Architecture: i386
Machine: i386
>Description:
Package OpenVPN now is v2.0. As a maintainer of this package, i made an update
patch. Please review it and if all is fine commit into pkgsrc.
---cut---
http://openvpn.net/changelog.html
2005.04.17 -- Version 2.0
* Fixed minor options string typo in options.c.
2005.04.10 -- Version 2.0-rc21
* Change license description from "GPL Version 2 or (at your
option) any later version" to just "GPL Version 2".
2005.04.04 -- Version 2.0-rc20
* Dag Wieers has put together an OpenVPN/LZO binary RPM set with
excellent distro/version coverage for RH/EL/Fedora, though
using his own SPEC. I modified openvpn.spec to follow some of
the same conventions such as putting sample scripts and doc
files in %doc rather than /usr/share/openvpn.
* Minor change to init scripts to run the user-defined script
/etc/openvpn/openvpn-startup (if it exists) before any OpenVPN
configs are started, and to run /etc/openvpn/openvpn-shutdown
after all OpenVPN configs have been stopped. The
openvpn-startup script can be used for stuff like
insmod tun.o, setting up firewall rules, or starting
ethernet bridges.
2005.03.29 -- Version 2.0-rc19
* Omit additions of routes where the network and
gateway are equal and the netmask is 255.255.255.255.
This can come up if you are using both
server/ifconfig-pool and client-config-dir with
ifconfig-push static addresses for some subset of clients
which directly reference the server IP address as the
remote endpoint.
2005.03.28 -- Version 2.0-rc18
* Packaged Windows installer with OpenSSL 0.9.7f.
* Built Windows installer with NSIS 2.06.
2005.03.12 -- Version 2.0-rc17
* "MANAGEMENT: CMD" log file output will now only occur
at --verb 7 or greater.
* Added an optional name/value configuration list to
the openvpn-auth-pam plugin module argument list. See
plugin/auth-pam/README for documentation. This is necessary
in order for openvpn-auth-pam to work with queries generated
by arbitrary PAM modules.
* In both auth-pam and down-root plugins, in the forked process,
a read error on the parent process socket is no longer fatal.
* MandrakeSoft liblzo1 RPM only Provides for a 'liblzo1'.
A conditional test of the vendor has been added to
Require the appropriately named 'lzo' (liblzo1 / lzo).
(Tom Walsh - http://openhardware.net)
2005.02.20 -- Version 2.0-rc16
* Fixed bug introduced in rc13 where Windows service wrapper
would be installed with a startup type of Automatic.
This fix restores the previous behavior of installing
with a startup type of Manual.
2005.02.19 -- Version 2.0-rc15
* Added warning when --keepalive is not used in a server
configuration.
* Don't include OpenSSL md4.h file if we are not building
NTLM proxy support (Waldemar Brodkorb).
* Added easy-rsa/build-key-pkcs12 and
easy-rsa/Windows/build-key-pkcs12.bat scripts
(Mathias Sundman).
2005.02.16 -- Version 2.0-rc14
* Fixed small memory leak that occurs when --crl-verify
is used.
* Upgraded Windows installer and .nsi script to NSIS 2.05
(Mathias Sundman).
* Changed #include backslash usage in cryptoapi.c to use
forward slashes instead (Gisle Vanem).
* Created easy-rsa/revoke-full to handle revocations in
a single step: (a) revoke crt, (b) regenerate CRL, and
(c) verify that revocation succeeded.
* Renamed easy-rsa/Windows/revoke-key to revoke-full so
that both *nix and Windows scripts are equivalent.
2005.02.11 -- Version 2.0-rc13
* Improve human-readability of local/remote options
diff, when inconsistencies are present.
* For Windows easy-rsa, distribute vars.bat.sample and
openssl.cnf.sample, then copy them to their normal
filenames (without the .sample) when init-config.bat
is run. This is to prevent OpenVPN upgrades from
wiping out vars.bat and openssl.cnf edits.
* Modified service wrapper (Windows) to use a
case-insensitive search when scanning for .ovpn files
in \Program Files\OpenVPN\config. Prior versions
required an all-lower-case .ovpn file extension.
* Miscellaneous service wrapper code cleanup.
* If --user/--group is used on Windows, treat it
as a no-op with a warning (this makes it easier to
distribute the same client config file to Windows
and *nix users).
* Warn if --ifconfig-pool-persist is used with
--duplicate-cn.
2005.02.05 -- Version 2.0-rc12
* Removed some debugging code inadvertently included
in rc11 which would print the --auth-user-pass
username/password provided by clients in the server
logfile.
* Client code for cycling through --remote list will
retry the last address which successfully authenticated
before moving on through the list.
* Windows installer will now install sample configuration
files in \Program Files\OpenVPN\sample-configs as well
as generate a start menu shortcut to this directory.
* Minor type change in buffer.[ch] to work around char-type
ambiguity bug. Caused management interface lock-ups on
ARM when building with armv4b-hardhat-linux-gcc 2.95.3.
2005.02.03 -- Version 2.0-rc11
* Windows installer will now install easy-rsa directory
in \Program Files\OpenVPN
* Allow syslog facility to be controlled at compile time,
e.g. -DLOG_OPENVPN=LOG_LOCAL6 (P Kern).
* Changed certain shell scripts in distribution to use
#!/bin/sh rather than #!/bin/bash for better portability.
* If --ifconfig-pool-persist seconds parameter is 0, treat
persist file as an allocation of fixed IP addresses
(previous versions took IP-to-common-name associations
from this list as hints, not mandatory static allocations).
* Fixed bug on *nix where if --auth-user-pass and --log
were used together, the username prompt would be sent to
the log file rather than /dev/tty.
* Spurious text in openvpn.8 detected by doclifter
(Eric S. Raymond).
* Call closelog later on daemon kill so that process
exit message is written to syslog.
2005.01.27 -- Version 2.0-rc10
* When ./configure is run with plugins enabled (the default),
check whether or not dlopen exists in libc before testing
for libdl. This is to fix an issue on FreeBSD and possibly
other OSes which bundle libdl functions in libc.
* On Windows, filter initial WSAEINVAL warning which occurs
on the initial read attempt of an unbound socket.
* The easy-rsa scripts build-key, build-key-pass, and
build-key-server will now chmod the .key file
to 0600. This is in addition to the fact the generated
keys directory has always been similarly protected
(Pete Harlan).
2005.01.23 -- Version 2.0-rc9
* Fixed error "ROUTE: route addition failed using
CreateIpForwardEntry ..." on Windows when --redirect-gateway
is used over a RRAS internet link.
* When using --route-method exe on Windows, include the
gateway parameter on route delete commands (Mathias Sundman).
* Try not to do a hard reset (i.e. SIGHUP) when two
SIGUSR1 signals are received in close succession.
* If the push list tries to grow beyond its buffer capacity,
the resulting error will be non-fatal.
* To increase the push list capacity (must be done on both
client and server), increase TLS_CHANNEL_BUF_SIZE in
common.h (default=1024).
2005.01.15 -- Version 2.0-rc8
* Fixed bug introduced in rc7 where options error
"--auth-user-pass requires --pull" might occur even
if --pull was correctly specified.
* Changed management interface code to bind once
to TCP socket, rather than rebinding after every
client disconnect.
* Added "disable" directive for client-config-dir
files.
* Windows binary install is now distributed with
OpenSSL 0.9.7e.
* Query the management interface for --http-proxy
username/password if authfile is set to "stdin".
* Added current OpenVPN version number to "Unrecognized
option or missing parameter" error message.
* Added "-extensions server" to "openssl req" command
in easy-rsa/build-key-server (Nir Yeffet).
2005.01.10 -- Version 2.0-rc7
* Fixed bug in management interface which could cause
100% CPU utilization in --proto tcp-server mode
on all *nix OSes except for Linux 2.6.
* --ifconfig-push now accepts DNS names as well as
IP addresses.
* Added sanity check errors when --pull or
--auth-user-pass is used in an incorrect mode.
* Updated man page entries for --client-connect and
--ifconfig-push.
* Added "String Types and Remapping" section to man
page to consisely document the way which OpenVPN
may convert certain types of characters in strings
to ('_').
* Modified bridging description in HOWTO to emphasize
the fact that bridging allows Windows file and print
sharing without a WINS server (Charles Duffy).
2004.12.20 -- Version 2.0-rc6
* Improved checking for epoll support in ./configure
to fix false positive on RH9 (Jan Just Keijser).
* Made the "MULTI TCP: I/O wait required blocking in
multi_tcp_action, action=7" error nonfatal and replaced
with "MULTI: Outgoing TUN queue full, dropped packet".
So far the issue only seems to occur on Linux 2.2
in --mode server --proto tcp mode. It occurs when
the TUN/TAP driver locks up and refuses to accept
new packet writes for a second or more.
* Fixed bug where if a --client-config-dir file tried
to include another file using "config", and if that
include failed, OpenVPN would abort with a fatal
error. Now such inclusion failures will be logged
but are no longer fatal.
* Global changes to the way that packet buffer alignment
is handled. Previously we didn't care about alignment
and took care, when handling 16 and 32 bit words
in buffers, to always use alignment-safe transfers.
This approach appears to be inadequate on some
architectures such as alpha. The new approach is
to initialize packet buffers in a way that anticipates
how component structures will be allocated within
them, to maintain correct alignment.
* Added --dhcp-option DISABLE-NBT to disable NetBIOS
over TCP (Jan Just Keijser).
* Added --http-proxy-option directive for controlling
miscellaneous HTTP proxy options.
* Management state will no longer transition to "WAIT"
during TLS renegotiations.
2004.12.16 -- Version 2.0-rc5
* The --client-config-dir option will now try to open
a default file called "DEFAULT" if no file matching
the common name of the incoming client was found.
* The --client-connect script/plugin can now veto client
authentication by returning a failure code.
* The --learn-address script/plugin can now prevent a
client-instance/address association from being learned
by returning a failure code.
* Changed RPM group in .spec file to Applications/Internet.
2004.12.14 -- Version 2.0-rc4
* SuSE only -- Fixed interaction between openvpn.spec and
suse/openvpn.init where the .spec file was writing the
OpenVPN binary to a different location than where the
.init script was referencing it (Stefan Engel).
* Solaris only -- Split Solaris ifconfig command into two
parts (Jan Just Keijser).
* Some cleanup in add_option().
* Better error checking on input dotted quad IP addresses.
* Verify that --push argument is quoted, if there is
more than one.
* More miscellaneous option sanity checks.
2004.12.13 -- Version 2.0-rc3
* On Windows, when --log or --log-append is used,
save the original stderr for username and password
prompts.
* Fixed a bug introduced in the late 2.0 betas where
if a "verb" parameter >= 16 was used, it would be
ignored and the actual verb level would remain at 1.
* Fixed a bug mostly seen on OS X where --management-hold
or --management-query-passwords would cause the management
interface to be unresponsive to incoming client connections.
* Trigger an options error if one of the management-modifying
options is used without "management" itself.
2004.12.12 -- Version 2.0-rc2
* Amplified warnings in documentation about possible
man-in-the-middle attack when clients do not properly
verify server certificate. Changes to easy-rsa README,
FAQ, HOWTO, man page, and sample client config file.
* Added a warning message if --tls-client or --client
is used without also specifying one of either
--ns-cert-type, --tls-remote, or --tls-verify.
* status_open() fixes for MSVC builds (Blaine Fleming).
* Fix attempt of "ntlm.c:55: error: `des_cblock' undeclared"
compiler error which has been reported on some platforms.
* The openvpn.spec file for rpmbuild has several
new build-time options. See comments in the file.
* Plugins are now built and packaged in the RPM and
will be saved in /usr/share/openvpn/plugin/lib.
* Added --management-hold directive to start OpenVPN
in a hibernating state until released by the
management interface. Also added "hold" command
to the management interface.
---cut---
>How-To-Repeat:
>Fix:
---cut---
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/net/openvpn-current/Makefile,v
retrieving revision 1.13
diff -u -r1.13 Makefile
--- Makefile 11 Apr 2005 21:46:53 -0000 1.13
+++ Makefile 16 May 2005 09:57:50 -0000
@@ -1,13 +1,12 @@
# $NetBSD: Makefile,v 1.13 2005/04/11 21:46:53 tv Exp $
#
-DISTNAME= openvpn-2.0_rc1
-PKGNAME= ${DISTNAME:S/_//}
+DISTNAME= openvpn-2.0
CATEGORIES= net
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openvpn/}
+MASTER_SITES= http://openvpn.net/release/
MAINTAINER= ianzag@mail.ru
-HOMEPAGE= http://openvpn.sourceforge.net/
+HOMEPAGE= http://openvpn.net/
COMMENT= Easy-to-use SSL VPN daemon
GNU_CONFIGURE= yes
@@ -26,6 +25,8 @@
CONFIGURE_ARGS+= --enable-multi
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
+REPLACE_PERL= sample-scripts/auth-pam.pl sample-scripts/verify.cn
+
.include "../../archivers/liblzo/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../mk/pthread.buildlink3.mk"
@@ -38,16 +39,16 @@
post-install:
${INSTALL_DATA_DIR} ${EGDIR}
${INSTALL_DATA_DIR} ${EGDIR}/config
- cd ${WRKSRC}/sample-config-files; for file in *; do \
- ${INSTALL_DATA} $$file ${EGDIR}/config; \
+ cd ${WRKSRC}/sample-config-files; for f in *; do \
+ ${INSTALL_DATA} $$f ${EGDIR}/config; \
done
${INSTALL_DATA_DIR} ${EGDIR}/scripts
- cd ${WRKSRC}/sample-scripts; for file in *; do \
- ${INSTALL_DATA} $$file ${EGDIR}/scripts; \
+ cd ${WRKSRC}/sample-scripts; for f in *; do \
+ ${INSTALL_DATA} $$f ${EGDIR}/scripts; \
done
${INSTALL_DATA_DIR} ${EGDIR}/keys
- cd ${WRKSRC}/sample-keys; for file in *; do \
- ${INSTALL_DATA} $$file ${EGDIR}/keys; \
+ cd ${WRKSRC}/sample-keys; for f in *; do \
+ ${INSTALL_DATA} $$f ${EGDIR}/keys; \
done
.include "../../mk/bsd.pkg.mk"
Index: PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/net/openvpn-current/PLIST,v
retrieving revision 1.3
diff -u -r1.3 PLIST
--- PLIST 2 May 2005 20:34:03 -0000 1.3
+++ PLIST 16 May 2005 09:57:50 -0000
@@ -33,7 +33,9 @@
share/examples/openvpn/scripts/openvpn.init
share/examples/openvpn/scripts/verify-cn
share/examples/rc.d/openvpn
+@comment dirrm share/examples/rc.d
@dirrm share/examples/openvpn/scripts
@dirrm share/examples/openvpn/keys
@dirrm share/examples/openvpn/config
-@dirrm share/examples/openvpn
+@exec ${MKDIR} %D/etc/openvpn
+@dirrm etc/openvpn
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/net/openvpn-current/distinfo,v
retrieving revision 1.5
diff -u -r1.5 distinfo
--- distinfo 24 Feb 2005 12:13:58 -0000 1.5
+++ distinfo 16 May 2005 09:57:50 -0000
@@ -1,5 +1,6 @@
$NetBSD: distinfo,v 1.5 2005/02/24 12:13:58 agc Exp $
-SHA1 (openvpn-2.0_rc1.tar.gz) = 7f0a6de121ee269376c09479a7d75bfd923e3668
-RMD160 (openvpn-2.0_rc1.tar.gz) = e9e5c299abb25b1c7dea333605686b77b98ce470
-Size (openvpn-2.0_rc1.tar.gz) = 637549 bytes
+SHA1 (openvpn-2.0.tar.gz) = 76f3c37681e9626cc67ab37f57dea60dd9221308
+RMD160 (openvpn-2.0.tar.gz) = 52f9137b3ef3b7d7db3f4bdf7d29e2655dfcb5a9
+Size (openvpn-2.0.tar.gz) = 639201 bytes
+SHA1 (patch-aa) = 3c57106b1ef000f2a7dbaad734e54f60bf2230a3
---cut---
New patch-aa:
---patch-aa---
$NetBSD$
--- crypto.h.orig 2005-04-11 10:43:55.000000000 +0700
+++ crypto.h
@@ -52,8 +52,12 @@
#endif
#if SSLEAY_VERSION_NUMBER >= 0x00907000L
+#ifdef __NetBSD__
+#include <openssl/des.h>
+#else
#include <openssl/des_old.h>
#endif
+#endif
#include "basic.h"
#include "buffer.h"
---patch-aa---
>Unformatted:
To: gnats-bugs@gnats.NetBSD.org
Subject: Update net/openvpn-current package
From: ianzag@megasignal.com
Reply-To: ianzag@megasignal.com
X-send-pr-version: 3.95