Changes 2.1.4:

* Fix problem with special case route targets ('remote_host') The init_route() function will leave &netlist untouched for get_special_addr() routes ("remote_host" being one of them). netlist is on stack, contains random garbage, and netlist.len will not be 0 - thus, random stack data is copied from netlist.data[] until the route_list is full.
2010-11-30 08:50:17 +00:00 · 2010-11-30 08:50:17 +00:00 · 571aacd5a9
commit 571aacd5a9
parent 21964a9977
10 changed files with 75 additions and 80 deletions
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.38 2010/09/05 20:33:48 adam Exp $
+# $NetBSD: Makefile,v 1.39 2010/11/30 08:50:17 adam Exp $

-DISTNAME=	openvpn-2.1.3
+DISTNAME=	openvpn-2.1.4
 CATEGORIES=	net
-MASTER_SITES=	http://openvpn.net/release/ \
-		http://openvpn.net/release/old/
+MASTER_SITES=	http://swupdate.openvpn.net/community/releases/

 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://openvpn.net/
--- a/net/openvpn/distinfo
+++ b/net/openvpn/distinfo
@ -1,13 +1,12 @@
-$NetBSD: distinfo,v 1.21 2010/09/05 20:33:48 adam Exp $
+$NetBSD: distinfo,v 1.22 2010/11/30 08:50:17 adam Exp $

-SHA1 (openvpn-2.1.3.tar.gz) = 91058e78c58c2e66298c7132bea1ddba52baaa82
-RMD160 (openvpn-2.1.3.tar.gz) = ec0f63d63442eb3a26448747a5b0956e27b09809
-Size (openvpn-2.1.3.tar.gz) = 860672 bytes
-SHA1 (patch-aa) = e27e5a6411c9fb6545a1ad630f165200546b7213
-SHA1 (patch-ab) = d26cdc9166a8813860f31cb5b11bc5b3643b8aa5
-SHA1 (patch-ac) = f59615702208cae2a094306bc5fa7fb96234e55a
-SHA1 (patch-ad) = 69f5fff5105131dc05ab38a1a717e1b363f88c1c
-SHA1 (patch-ae) = 362c881da994608baad7b10667100c39143244b6
-SHA1 (patch-af) = dc5dbca74ebbda081e4eaf9a9d5e11b6de11269f
-SHA1 (patch-ag) = fe8e59cf177c99c2fd001e7893df86af961e8e4e
-SHA1 (patch-ah) = c530376eb68ab8f21c9b3c73149d2c24742aa4c9
+SHA1 (openvpn-2.1.4.tar.gz) = 07c59c5b89b762761bfe1a6997ec847279f5a2da
+RMD160 (openvpn-2.1.4.tar.gz) = 3d4be2fe625883598370d74e8f7d9274eb40a636
+Size (openvpn-2.1.4.tar.gz) = 863726 bytes
+SHA1 (patch-aa) = df289c5ff2be22ff7cf54ce5f2e6a59f1cfa21dd
+SHA1 (patch-ab) = 4d6010e938c53ea903f535a061e7794f7e6b5b9d
+SHA1 (patch-ac) = 599b324cb67f80e99d18504a9bb17ef24aa601c8
+SHA1 (patch-ad) = 09d5289c922a3d60e5193f9f6b7df1e738002972
+SHA1 (patch-ae) = b6682c115d9d6fa894313416107ad275eab9e5ce
+SHA1 (patch-af) = d7e516662a84e5bb653820efd4dc761f5592c724
+SHA1 (patch-ag) = f8afd660bc5c52cc4a8986765857eef1f3c48402
--- a/net/openvpn/patches/patch-aa
+++ b/net/openvpn/patches/patch-aa
@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.4 2008/12/05 08:13:35 hasso Exp $
+$NetBSD: patch-aa,v 1.5 2010/11/30 08:50:17 adam Exp $

--- route.c.orig	2008-11-17 02:48:04 +0200
-+++ route.c	2008-12-04 23:33:09 +0200
-@@ -1557,7 +1557,11 @@ get_default_gateway (in_addr_t *gateway,
+--- route.c.orig	2010-11-04 19:29:40.000000000 +0000
+++ route.c
+@@ -1636,7 +1636,11 @@ get_default_gateway (in_addr_t *gateway,
 #define RTA_NETMASK 0x4
 
 #define RTM_GET     0x4
--- a/net/openvpn/patches/patch-ab
+++ b/net/openvpn/patches/patch-ab
@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.5 2007/06/21 21:44:42 jlam Exp $
+$NetBSD: patch-ab,v 1.6 2010/11/30 08:50:17 adam Exp $

--- syshead.h.orig	2007-04-25 17:38:46.000000000 -0400
+--- syshead.h.orig	2010-11-04 19:29:02.000000000 +0000
 +++ syshead.h
-@@ -262,6 +262,10 @@
+@@ -305,6 +305,10 @@
 
 #ifdef TARGET_NETBSD
 
--- a/net/openvpn/patches/patch-ac
+++ b/net/openvpn/patches/patch-ac
@ -1,7 +1,8 @@
-$NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
--- tun.c.orig	2008-10-06 08:22:21.000000000 +0100
-+++ tun.c	2008-10-09 10:06:50.000000000 +0100
-@@ -63,6 +63,7 @@
+$NetBSD: patch-ac,v 1.8 2010/11/30 08:50:17 adam Exp $
+
+--- tun.c.orig	2010-11-04 19:29:02.000000000 +0000
+++ tun.c
+@@ -63,6 +63,7 @@ static const char *netsh_get_id (const c
 
 #ifdef TARGET_SOLARIS
 static void solaris_error_close (struct tuntap *tt, const struct env_set *es, const char *actual);
@ -9,7 +10,7 @@ $NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
 #endif
 
 bool
-@@ -720,7 +721,12 @@
+@@ -701,7 +702,12 @@ do_ifconfig (struct tuntap *tt,
 			    );
 	}
       else
@ -23,7 +24,26 @@ $NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
 
       argv_msg (M_INFO, &argv);
       if (!openvpn_execve_check (&argv, es, 0, "Solaris ifconfig phase-2 failed"))
-@@ -1020,7 +1026,37 @@
+@@ -771,15 +777,15 @@ do_ifconfig (struct tuntap *tt,
+        * NetBSD has distinct tun and tap devices
+        * so we don't need the "link0" extra parameter to specify we want to do 
+        * tunneling at the ethernet level
+       * NB: The tun driver has no broadcast capability.
+        */
+ 		argv_printf (&argv,
+-			  "%s %s %s netmask %s mtu %d broadcast %s",
+			  "%s %s %s netmask %s mtu %d",
+ 			  IFCONFIG_PATH,
+ 			  actual,
+ 			  ifconfig_local,
+ 			  ifconfig_remote_netmask,
+-			  tun_mtu,
+-			  ifconfig_broadcast
+			  tun_mtu
+ 			  );
+       argv_msg (M_INFO, &argv);
+       openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig failed");
+@@ -1000,7 +1006,37 @@ open_tun_generic (const char *dev, const
 	  if (dynamic && !has_digit((unsigned char *)dev))
 	    {
 	      int i;
@ -62,7 +82,7 @@ $NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
 		{
 		  openvpn_snprintf (tunname, sizeof (tunname),
 				    "/dev/%s%d", dev, i);
-@@ -1403,13 +1439,16 @@
+@@ -1383,13 +1419,16 @@ read_tun (struct tuntap* tt, uint8_t *bu
 void
 open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6, struct tuntap *tt)
 {
@ -82,7 +102,7 @@ $NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
 
   ipv6_support (ipv6, false, tt);
 
-@@ -1430,9 +1469,10 @@
+@@ -1410,9 +1449,10 @@ open_tun (const char *dev, const char *d
     }
   else if (tt->type == DEV_TYPE_TAP)
     {
@ -94,7 +114,7 @@ $NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
       dev_tuntap_type = "tap";
       link_type = I_PLINK; /* was: I_LINK */
       is_tun = false;
-@@ -1459,7 +1499,11 @@
+@@ -1439,7 +1479,11 @@ open_tun (const char *dev, const char *d
     msg (M_ERR, "Can't open %s", dev_node);
 
   /* Assign a new PPA and get its unit number. */
@ -107,7 +127,7 @@ $NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
     msg (M_ERR, "Can't assign new interface");
 
   if ((if_fd = open (dev_node, O_RDWR, 0)) < 0)
-@@ -1468,27 +1512,81 @@
+@@ -1448,27 +1492,81 @@ open_tun (const char *dev, const char *d
   if (ioctl (if_fd, I_PUSH, "ip") < 0)
     msg (M_ERR, "Can't push IP module");
 
@ -174,14 +194,14 @@ $NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
 +  
 +  if ((ip_muxid = ioctl (tt->ip_fd, link_type, if_fd)) < 0)
 +    msg (M_ERR, "Can't link %s device to IP", dev_tuntap_type);
-+
+ 
+-  if (ioctl (tt->ip_fd, SIOCSIFMUXID, &ifr) < 0)
 +  if (tt->type == DEV_TYPE_TAP) {
 +    if ((arp_muxid = ioctl (tt->ip_fd, link_type, arp_fd)) < 0)
 +      msg (M_ERR, "Can't link %s device to ARP", dev_tuntap_type);
 +    close (arp_fd);
 +  }
- 
-  if (ioctl (tt->ip_fd, SIOCSIFMUXID, &ifr) < 0)
+
 +  close (if_fd);
 +
 +  CLEAR (ifr);
@ -202,7 +222,7 @@ $NetBSD: patch-ac,v 1.7 2008/10/09 10:57:23 sborrill Exp $
       msg (M_ERR, "Can't set multiplexor id");
     }
 
-@@ -1506,18 +1604,24 @@
+@@ -1486,18 +1584,24 @@ solaris_close_tun (struct tuntap *tt)
     {
       if (tt->ip_fd >= 0)
 	{
--- a/net/openvpn/patches/patch-ad
+++ b/net/openvpn/patches/patch-ad
@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.2 2007/06/21 21:44:42 jlam Exp $
+$NetBSD: patch-ad,v 1.3 2010/11/30 08:50:17 adam Exp $

--- config.h.in.orig	2007-04-25 19:54:40.000000000 -0400
+--- config.h.in.orig	2010-11-04 19:37:13.000000000 +0000
 +++ config.h.in
-@@ -216,6 +216,9 @@
+@@ -228,6 +228,9 @@
 /* Define to 1 if you have the <net/if.h> header file. */
 #undef HAVE_NET_IF_H
 
--- a/net/openvpn/patches/patch-ae
+++ b/net/openvpn/patches/patch-ae
@ -1,7 +1,8 @@
-$NetBSD: patch-ae,v 1.3 2008/10/09 10:57:23 sborrill Exp $
--- configure.ac.orig	2008-10-06 08:22:21.000000000 +0100
-+++ configure.ac	2008-10-09 10:03:55.000000000 +0100
-@@ -343,14 +343,17 @@
+$NetBSD: patch-ae,v 1.4 2010/11/30 08:50:17 adam Exp $
+
+--- configure.ac.orig	2010-11-04 19:29:02.000000000 +0000
+++ configure.ac
+@@ -362,14 +362,17 @@ if test "${WIN32}" != "yes"; then
 		 sys/mman.h fcntl.h sys/file.h stdlib.h stdint.h dnl
 		 stdarg.h unistd.h signal.h stdio.h string.h dnl
 		 strings.h ctype.h errno.h syslog.h pwd.h grp.h dnl
@ -21,7 +22,7 @@ $NetBSD: patch-ae,v 1.3 2008/10/09 10:57:23 sborrill Exp $
 		  # include <sys/socket.h>
 		  #endif
 		 ])
-@@ -372,6 +375,9 @@
+@@ -391,6 +394,9 @@ if test "${WIN32}" != "yes"; then
 		  #ifdef HAVE_SYS_SOCKET_H
 		  # include <sys/socket.h>
 		  #endif
--- a/net/openvpn/patches/patch-af
+++ b/net/openvpn/patches/patch-af
@ -1,16 +1,17 @@
-$NetBSD: patch-af,v 1.4 2008/10/09 10:57:23 sborrill Exp $
--- configure.orig	2008-10-08 06:18:00.000000000 +0100
-+++ configure	2008-10-09 10:04:56.000000000 +0100
-@@ -5970,7 +5970,7 @@
+$NetBSD: patch-af,v 1.5 2010/11/30 08:50:17 adam Exp $
+
+--- configure.orig	2010-11-04 19:37:13.000000000 +0000
+++ configure
+@@ -6814,7 +6814,7 @@ fi
 
 
 
 -for ac_header in sys/time.h sys/socket.h sys/un.h sys/ioctl.h sys/stat.h 		 sys/mman.h fcntl.h sys/file.h stdlib.h stdint.h 		 stdarg.h unistd.h signal.h stdio.h string.h 		 strings.h ctype.h errno.h syslog.h pwd.h grp.h 		 net/if_tun.h net/tun/if_tun.h stropts.h sys/sockio.h 		 netinet/in.h netinet/in_systm.h 		 netinet/tcp.h arpa/inet.h 		 netdb.h sys/uio.h linux/if_tun.h linux/sockios.h 		 linux/types.h sys/poll.h sys/epoll.h err.h
 +for ac_header in sys/time.h sys/socket.h sys/un.h sys/ioctl.h sys/stat.h 		 sys/mman.h fcntl.h sys/file.h stdlib.h stdint.h 		 stdarg.h unistd.h signal.h stdio.h string.h 		 strings.h ctype.h errno.h syslog.h pwd.h grp.h 		 net/if_tap.h net/if_tun.h net/tun/if_tun.h stropts.h sys/sockio.h 		 netinet/in.h netinet/in_systm.h 		 netinet/tcp.h arpa/inet.h 		 netdb.h sys/uio.h linux/if_tun.h linux/sockios.h 		 linux/types.h sys/poll.h sys/epoll.h err.h
 do
- as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-@@ -6129,7 +6129,10 @@
+@@ -6979,7 +6979,10 @@ _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
@ -22,7 +23,7 @@ $NetBSD: patch-af,v 1.4 2008/10/09 10:57:23 sborrill Exp $
 		  # include <sys/socket.h>
 		  #endif
 
-@@ -6263,6 +6266,9 @@
+@@ -7121,6 +7124,9 @@ cat >>conftest.$ac_ext <<_ACEOF
 		  #ifdef HAVE_SYS_SOCKET_H
 		  # include <sys/socket.h>
 		  #endif
--- a/net/openvpn/patches/patch-ag
+++ b/net/openvpn/patches/patch-ag
@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.1 2007/06/21 21:44:42 jlam Exp $
+$NetBSD: patch-ag,v 1.2 2010/11/30 08:50:17 adam Exp $

--- easy-rsa/2.0/pkitool.orig	2007-04-25 17:38:44.000000000 -0400
+--- easy-rsa/2.0/pkitool.orig	2010-11-04 19:29:02.000000000 +0000
 +++ easy-rsa/2.0/pkitool
-@@ -134,6 +134,9 @@ CA="ca"
+@@ -142,6 +142,9 @@ CA="ca"
 PKCS11_MODULE_PATH="dummy"
 PKCS11_PIN="dummy"
 
--- a/net/openvpn/patches/patch-ah
+++ b/net/openvpn/patches/patch-ah
@ -1,25 +0,0 @@
-$NetBSD: patch-ah,v 1.2 2010/09/05 20:33:48 adam Exp $
-
--- tun.c.orig	2009-11-12 09:22:19.000000000 +0100
-+++ tun.c	2009-11-12 09:23:00.000000000 +0100
-@@ -789,17 +789,17 @@
-       /*
-        * NetBSD has distinct tun and tap devices
-        * so we don't need the "link0" extra parameter to specify we want to do 
-        * tunneling at the ethernet level
-+       * NB: The tun driver has no broadcast capability.
-        */
- 		argv_printf (&argv,
-			  "%s %s %s netmask %s mtu %d broadcast %s",
-+			  "%s %s %s netmask %s mtu %d",
- 			  IFCONFIG_PATH,
- 			  actual,
- 			  ifconfig_local,
- 			  ifconfig_remote_netmask,
-			  tun_mtu,
-			  ifconfig_broadcast
-+			  tun_mtu
- 			  );
-       argv_msg (M_INFO, &argv);
-       openvpn_execve_check (&argv, es, S_FATAL, "NetBSD ifconfig failed");
-       tt->did_ifconfig = true;