8b26ff69b3
* Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
80 lines
2.4 KiB
Makefile
80 lines
2.4 KiB
Makefile
# $NetBSD: Makefile,v 1.38 2010/09/05 20:33:48 adam Exp $
|
|
|
|
DISTNAME= openvpn-2.1.3
|
|
CATEGORIES= net
|
|
MASTER_SITES= http://openvpn.net/release/ \
|
|
http://openvpn.net/release/old/
|
|
|
|
MAINTAINER= pkgsrc-users@NetBSD.org
|
|
HOMEPAGE= http://openvpn.net/
|
|
COMMENT= Easy-to-use SSL VPN daemon
|
|
LICENSE= gnu-gpl-v2
|
|
|
|
PKG_DESTDIR_SUPPORT= user-destdir
|
|
|
|
GNU_CONFIGURE= yes
|
|
USE_TOOLS+= grep:run
|
|
USE_LIBTOOL= yes
|
|
USE_OLD_DES_API= yes
|
|
TEST_TARGET= check
|
|
|
|
PKG_SYSCONFSUBDIR= openvpn
|
|
DATADIR= ${PREFIX}/share/${PKGBASE}
|
|
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
|
|
EASYRSADIR= ${DATADIR}/easy-rsa
|
|
RCD_SCRIPTS= openvpn
|
|
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
|
|
CONFIGURE_ARGS+= --enable-password-save
|
|
CONFIGURE_ARGS+= --disable-dependency-tracking
|
|
|
|
# Pthread support is still considered very experimental, so don't enable
|
|
# it for the default (production) build.
|
|
#CONFIGURE_ARGS+= --enable-pthread
|
|
|
|
INSTALLATION_DIRS= ${DATADIR}/easy-rsa ${EGDIR}/config \
|
|
${EGDIR}/keys ${EGDIR}/scripts
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
# OpenVPN 2.x has a shared module "plugin" architecture that allows
|
|
# inserting callbacks into the server for various tasks.
|
|
DL_AUTO_VARS= yes
|
|
.include "../../mk/dlopen.buildlink3.mk"
|
|
|
|
.include "../../archivers/lzo/buildlink3.mk"
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
.include "../../mk/pthread.buildlink3.mk"
|
|
.if ${OPSYS} == "SunOS"
|
|
.include "../../net/solaris-tap/buildlink3.mk"
|
|
.endif
|
|
|
|
REPLACE_SH= easy-rsa/2.0/*
|
|
SUBST_CLASSES+= pkitool
|
|
SUBST_STAGE.pkitool= post-build
|
|
SUBST_MESSAGE.pkitool= Fixing up default paths to grep & openssl in pkitool.
|
|
SUBST_FILES.pkitool= easy-rsa/2.0/pkitool
|
|
SUBST_SED.pkitool= -e "s|\\(GREP\\)=.*|\\1=\""${GREP:Q}"\"|"
|
|
SUBST_SED.pkitool+= -e "s|\\(OPENSSL\\)=.*|\\1=\""${SSLBASE:Q}/bin/openssl"\"|"
|
|
|
|
post-install: post-install-pam
|
|
set -e; cd ${WRKSRC}/easy-rsa/2.0; for file in [a-zR]*; do \
|
|
case $$file in \
|
|
*.orig) ;; \
|
|
[A-Z]*|*.cnf|vars) \
|
|
${INSTALL_DATA} $$file ${DESTDIR}${EASYRSADIR} ;; \
|
|
*) ${INSTALL_SCRIPT} $$file ${DESTDIR}${EASYRSADIR} ;; \
|
|
esac; \
|
|
done
|
|
set -e; cd ${WRKSRC}/sample-config-files; for file in *; do \
|
|
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/config; \
|
|
done
|
|
set -e; cd ${WRKSRC}/sample-scripts; for file in *; do \
|
|
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/scripts; \
|
|
done
|
|
set -e; cd ${WRKSRC}/sample-keys; for file in *; do \
|
|
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/keys; \
|
|
done
|
|
|
|
.include "options.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|