8b26ff69b3
* Fixed potential local privilege escalation vulnerability in
Windows service.
* Added Python-based based alternative build system for Windows using
Visual Studio 2008 (in win directory).
* When aborting in a non-graceful way, try to execute do_close_tun in
init.c prior to daemon exit to ensure that the tun/tap interface is
closed and any added routes are deleted.
* Fixed an issue where AUTH_FAILED was not being properly delivered
to the client when a bad password is given for mid-session reauth,
causing the connection to fail without an error indication.
* Don't advance to the next connection profile on AUTH_FAILED errors.
* Fixed an issue in the Management Interface that could cause
a process hang with 100% CPU utilization in --management-client
mode if the management interface client disconnected at the
point where credentials are queried.
* Fixed an issue where if reneg-sec was set to 0 on the client,
so that the server-side value would take precedence,
the auth_deferred_expire_window function would incorrectly
return a window period of 0 seconds. In this case, the
correct window period should be the handshake window period.
* Modified ">PASSWORD:Verification Failed" management interface
notification to include a client reason string:
>PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']
* Enable exponential backoff in reliability layer retransmits.
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
socket is created rather than waiting until after connect/listen.
* Management interface performance optimizations:
1. Added env-filter MI command to perform filtering on env vars
passed through as a part of --management-client-auth
2. man_write will now try to aggregate output into larger blocks
(up to 1024 bytes) for more efficient i/o
* Fixed minor issue in Windows TAP driver DEBUG builds
where non-null-terminated unicode strings were being
printed incorrectly.
* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
was not being compiled in.
* Proxy improvements:
* Implemented http-proxy-override and http-proxy-fallback directives to make it
easier for OpenVPN client UIs to start a pre-existing client config file with
proxy options, or to adaptively fall back to a proxy connection if a direct
connection fails.
* Implemented a key/value auth channel from client to server.
* Fixed issue where bad creds provided by the management interface
for HTTP Proxy Basic Authentication would go into an infinite
retry-fail loop instead of requerying the management interface for
new creds.
80 lines
2.4 KiB
Makefile
80 lines
2.4 KiB
Makefile
# $NetBSD: Makefile,v 1.38 2010/09/05 20:33:48 adam Exp $
|
|
|
|
DISTNAME= openvpn-2.1.3
|
|
CATEGORIES= net
|
|
MASTER_SITES= http://openvpn.net/release/ \
|
|
http://openvpn.net/release/old/
|
|
|
|
MAINTAINER= pkgsrc-users@NetBSD.org
|
|
HOMEPAGE= http://openvpn.net/
|
|
COMMENT= Easy-to-use SSL VPN daemon
|
|
LICENSE= gnu-gpl-v2
|
|
|
|
PKG_DESTDIR_SUPPORT= user-destdir
|
|
|
|
GNU_CONFIGURE= yes
|
|
USE_TOOLS+= grep:run
|
|
USE_LIBTOOL= yes
|
|
USE_OLD_DES_API= yes
|
|
TEST_TARGET= check
|
|
|
|
PKG_SYSCONFSUBDIR= openvpn
|
|
DATADIR= ${PREFIX}/share/${PKGBASE}
|
|
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
|
|
EASYRSADIR= ${DATADIR}/easy-rsa
|
|
RCD_SCRIPTS= openvpn
|
|
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
|
|
CONFIGURE_ARGS+= --enable-password-save
|
|
CONFIGURE_ARGS+= --disable-dependency-tracking
|
|
|
|
# Pthread support is still considered very experimental, so don't enable
|
|
# it for the default (production) build.
|
|
#CONFIGURE_ARGS+= --enable-pthread
|
|
|
|
INSTALLATION_DIRS= ${DATADIR}/easy-rsa ${EGDIR}/config \
|
|
${EGDIR}/keys ${EGDIR}/scripts
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
# OpenVPN 2.x has a shared module "plugin" architecture that allows
|
|
# inserting callbacks into the server for various tasks.
|
|
DL_AUTO_VARS= yes
|
|
.include "../../mk/dlopen.buildlink3.mk"
|
|
|
|
.include "../../archivers/lzo/buildlink3.mk"
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
.include "../../mk/pthread.buildlink3.mk"
|
|
.if ${OPSYS} == "SunOS"
|
|
.include "../../net/solaris-tap/buildlink3.mk"
|
|
.endif
|
|
|
|
REPLACE_SH= easy-rsa/2.0/*
|
|
SUBST_CLASSES+= pkitool
|
|
SUBST_STAGE.pkitool= post-build
|
|
SUBST_MESSAGE.pkitool= Fixing up default paths to grep & openssl in pkitool.
|
|
SUBST_FILES.pkitool= easy-rsa/2.0/pkitool
|
|
SUBST_SED.pkitool= -e "s|\\(GREP\\)=.*|\\1=\""${GREP:Q}"\"|"
|
|
SUBST_SED.pkitool+= -e "s|\\(OPENSSL\\)=.*|\\1=\""${SSLBASE:Q}/bin/openssl"\"|"
|
|
|
|
post-install: post-install-pam
|
|
set -e; cd ${WRKSRC}/easy-rsa/2.0; for file in [a-zR]*; do \
|
|
case $$file in \
|
|
*.orig) ;; \
|
|
[A-Z]*|*.cnf|vars) \
|
|
${INSTALL_DATA} $$file ${DESTDIR}${EASYRSADIR} ;; \
|
|
*) ${INSTALL_SCRIPT} $$file ${DESTDIR}${EASYRSADIR} ;; \
|
|
esac; \
|
|
done
|
|
set -e; cd ${WRKSRC}/sample-config-files; for file in *; do \
|
|
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/config; \
|
|
done
|
|
set -e; cd ${WRKSRC}/sample-scripts; for file in *; do \
|
|
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/scripts; \
|
|
done
|
|
set -e; cd ${WRKSRC}/sample-keys; for file in *; do \
|
|
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/keys; \
|
|
done
|
|
|
|
.include "options.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|