some work on 2.5.4-1

author: Jörg Frings-Fürst <debian@jff.email> 2022-02-09 16:30:31 +0100
committer: Jörg Frings-Fürst <debian@jff.email> 2022-02-09 16:30:31 +0100
commit: 1aff45d6fdfbc63a0256a831a8f8644a84708e9f (patch)
tree: d6d784212695471186f84e218566125337aca617
parent: 6e3e95a9da9458ddf0874b4bd1c8ce6b47fcef27 (diff)
7 files changed, 62 insertions, 54 deletions
diff --git a/debian/changelog b/debian/changelog
index 5718835..eab28f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-openvpn (2.5.3-1) UNRELEASED; urgency=medium
+openvpn (2.5.4-1) UNRELEASED; urgency=medium
 
   * New upstream release.
 
diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch
index 2e7e5c4..db93b90 100644
--- a/debian/patches/auth-pam_libpam_so_filename.patch
+++ b/debian/patches/auth-pam_libpam_so_filename.patch
@@ -5,8 +5,8 @@ Index: trunk/src/plugins/auth-pam/auth-pam.c
 ===================================================================
 --- trunk.orig/src/plugins/auth-pam/auth-pam.c
 +++ trunk/src/plugins/auth-pam/auth-pam.c
-@@ -716,7 +716,7 @@ pam_server(int fd, const char *service,
-     struct user_pass up;
+@@ -894,7 +894,7 @@ pam_server(int fd, const char *service,
+     char ac_file_name[PATH_MAX];
      int command;
  #ifdef USE_PAM_DLOPEN
 -    static const char pam_so[] = "libpam.so";
diff --git a/debian/patches/fix-openssl-error.patch b/debian/patches/fix-openssl-error.patch
index 566d7e6..db035ad 100644
--- a/debian/patches/fix-openssl-error.patch
+++ b/debian/patches/fix-openssl-error.patch
@@ -19,13 +19,13 @@ situation (this also clears the stack).
  src/openvpn/ssl_openssl.c | 10 ++++++++++
  1 file changed, 10 insertions(+)
 
-diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
-index 5955c6bd..555cbbdf 100644
---- a/src/openvpn/ssl_openssl.c
-+++ b/src/openvpn/ssl_openssl.c
-@@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)
-     {
-         crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
+Index: trunk/src/openvpn/ssl_openssl.c
+===================================================================
+--- trunk.orig/src/openvpn/ssl_openssl.c
++++ trunk/src/openvpn/ssl_openssl.c
+@@ -120,6 +120,11 @@ tls_ctx_server_new(struct tls_root_ctx *
+         crypto_msg(M_WARN, "Warning: TLS server context initialisation "
+                    "has warnings.");
      }
 +    if (ERR_peek_error() != 0)
 +    {
@@ -35,17 +35,15 @@ index 5955c6bd..555cbbdf 100644
  }
  
  void
-@@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx)
-     {
-         crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
+@@ -135,6 +140,11 @@ tls_ctx_client_new(struct tls_root_ctx *
      }
-+    if (ERR_peek_error() != 0)
-+    {
+     if (ERR_peek_error() != 0)
+     {
 +        crypto_msg(M_WARN, "Warning: TLS client context initialisation "
 +                   "has warnings.");
 +    }
- }
- 
- void
--- 
-2.26.0
++    if (ERR_peek_error() != 0)
++    {
+         crypto_msg(M_WARN, "Warning: TLS client context initialisation "
+                    "has warnings.");
+     }
diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch
index 4e89f32..f189079 100644
--- a/debian/patches/kfreebsd_support.patch
+++ b/debian/patches/kfreebsd_support.patch
@@ -1,9 +1,11 @@
 Description: Improve kFreeBSD support
 Author: Gonéri Le Bouder <goneri@rulezlan.org>
 Bug-Debian: http://bugs.debian.org/626062
---- a/src/openvpn/route.c
-+++ b/src/openvpn/route.c
-@@ -1693,7 +1693,7 @@
+Index: trunk/src/openvpn/route.c
+===================================================================
+--- trunk.orig/src/openvpn/route.c
++++ trunk/src/openvpn/route.c
+@@ -1721,7 +1721,7 @@ add_route(struct route_ipv4 *r,
      argv_msg(D_ROUTE, &argv);
      status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
  
@@ -12,7 +14,7 @@ Bug-Debian: http://bugs.debian.org/626062
  
      argv_printf(&argv, "%s add",
                  ROUTE_PATH);
-@@ -1879,7 +1879,7 @@
+@@ -1914,7 +1914,7 @@ add_route_ipv6(struct route_ipv6 *r6, co
      network = print_in6_addr( r6->network, 0, &gc);
      gateway = print_in6_addr( r6->gateway, 0, &gc);
  
@@ -21,7 +23,7 @@ Bug-Debian: http://bugs.debian.org/626062
      || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)    \
      || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
  
-@@ -2047,7 +2047,7 @@
+@@ -2073,7 +2073,7 @@ add_route_ipv6(struct route_ipv6 *r6, co
      argv_msg(D_ROUTE, &argv);
      status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
  
@@ -30,7 +32,7 @@ Bug-Debian: http://bugs.debian.org/626062
  
      argv_printf(&argv, "%s add -inet6 %s/%d",
                  ROUTE_PATH,
-@@ -2239,7 +2239,7 @@
+@@ -2268,7 +2268,7 @@ delete_route(struct route_ipv4 *r,
      argv_msg(D_ROUTE, &argv);
      openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
  
@@ -39,16 +41,16 @@ Bug-Debian: http://bugs.debian.org/626062
  
      argv_printf(&argv, "%s delete -net %s %s %s",
                  ROUTE_PATH,
-@@ -2346,7 +2346,7 @@
-     network = print_in6_addr( r6->network, 0, &gc);
+@@ -2385,7 +2385,7 @@ delete_route_ipv6(const struct route_ipv
      gateway = print_in6_addr( r6->gateway, 0, &gc);
+ #endif
  
 -#if defined(TARGET_DARWIN)    \
 +#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__)    \
      || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)    \
      || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
  
-@@ -2481,7 +2481,7 @@
+@@ -2503,7 +2503,7 @@ delete_route_ipv6(const struct route_ipv
      argv_msg(D_ROUTE, &argv);
      openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
  
@@ -57,7 +59,7 @@ Bug-Debian: http://bugs.debian.org/626062
  
      argv_printf(&argv, "%s delete -inet6 %s/%d",
                  ROUTE_PATH,
-@@ -3532,7 +3532,8 @@
+@@ -3405,7 +3405,8 @@ get_default_gateway_ipv6(struct route_ip
  
  #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS)    \
      || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)    \
@@ -67,9 +69,11 @@ Bug-Debian: http://bugs.debian.org/626062
  
  #include <sys/types.h>
  #include <sys/socket.h>
---- a/src/openvpn/tun.c
-+++ b/src/openvpn/tun.c
-@@ -845,7 +845,7 @@
+Index: trunk/src/openvpn/tun.c
+===================================================================
+--- trunk.orig/src/openvpn/tun.c
++++ trunk/src/openvpn/tun.c
+@@ -972,7 +972,7 @@ delete_route_connected_v6_net(const stru
  #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */
  
  #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)  \
@@ -78,16 +82,16 @@ Bug-Debian: http://bugs.debian.org/626062
  /* we can't use true subnet mode on tun on all platforms, as that
   * conflicts with IPv6 (wants to use ND then, which we don't do),
   * but the OSes want "a remote address that is different from ours"
-@@ -1429,7 +1429,7 @@
-             add_route_connected_v6_net(tt, es);
-         }
+@@ -1471,7 +1471,7 @@ do_ifconfig_ipv4(struct tuntap *tt, cons
+         add_route(&r, tt, 0, NULL, es, NULL);
+     }
  
 -#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
 +#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
  
-         in_addr_t remote_end;           /* for "virtual" subnet topology */
+     in_addr_t remote_end;           /* for "virtual" subnet topology */
  
-@@ -2785,7 +2785,7 @@
+@@ -2798,7 +2798,7 @@ read_tun(struct tuntap *tt, uint8_t *buf
      }
  }
  
@@ -96,9 +100,11 @@ Bug-Debian: http://bugs.debian.org/626062
  
  static inline int
  freebsd_modify_read_write_return(int len)
---- a/src/openvpn/lladdr.c
-+++ b/src/openvpn/lladdr.c
-@@ -50,7 +50,7 @@
+Index: trunk/src/openvpn/lladdr.c
+===================================================================
+--- trunk.orig/src/openvpn/lladdr.c
++++ trunk/src/openvpn/lladdr.c
+@@ -47,7 +47,7 @@ set_lladdr(openvpn_net_ctx_t *ctx, const
                  "%s %s lladdr %s",
                  IFCONFIG_PATH,
                  ifname, lladdr);
@@ -107,9 +113,11 @@ Bug-Debian: http://bugs.debian.org/626062
      argv_printf(&argv,
                  "%s %s ether %s",
                  IFCONFIG_PATH,
---- a/src/openvpn/syshead.h
-+++ b/src/openvpn/syshead.h
-@@ -297,7 +297,7 @@
+Index: trunk/src/openvpn/syshead.h
+===================================================================
+--- trunk.orig/src/openvpn/syshead.h
++++ trunk/src/openvpn/syshead.h
+@@ -299,7 +299,7 @@
  
  #endif /* TARGET_OPENBSD */
  
@@ -118,9 +126,11 @@ Bug-Debian: http://bugs.debian.org/626062
  
  #ifdef HAVE_SYS_UIO_H
  #include <sys/uio.h>
---- a/src/openvpn/ssl.c
-+++ b/src/openvpn/ssl.c
-@@ -2270,7 +2270,7 @@
+Index: trunk/src/openvpn/ssl.c
+===================================================================
+--- trunk.orig/src/openvpn/ssl.c
++++ trunk/src/openvpn/ssl.c
+@@ -2229,7 +2229,7 @@ push_peer_info(struct buffer *buf, struc
          buf_printf(&out, "IV_PLAT=mac\n");
  #elif defined(TARGET_NETBSD)
          buf_printf(&out, "IV_PLAT=netbsd\n");
diff --git a/debian/patches/match-manpage-and-command-help.patch b/debian/patches/match-manpage-and-command-help.patch
index 39b899c..79bc1c6 100644
--- a/debian/patches/match-manpage-and-command-help.patch
+++ b/debian/patches/match-manpage-and-command-help.patch
@@ -7,11 +7,11 @@ Subject: [PATCH] Change command help to match man page and implementation
  src/openvpn/options.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-Index: openvpn/src/openvpn/options.c
+Index: trunk/src/openvpn/options.c
 ===================================================================
---- openvpn.orig/src/openvpn/options.c	2017-06-22 13:17:12.806680520 +0200
-+++ openvpn/src/openvpn/options.c	2017-06-22 13:17:12.802680492 +0200
-@@ -197,7 +197,7 @@
+--- trunk.orig/src/openvpn/options.c
++++ trunk/src/openvpn/options.c
+@@ -196,7 +196,7 @@ static const char usage_message[] =
      "                  is established.  Multiple routes can be specified.\n"
      "                  netmask default: 255.255.255.255\n"
      "                  gateway default: taken from --route-gateway or --ifconfig\n"
diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch
index b5a255a..961d6d3 100644
--- a/debian/patches/openvpn-pkcs11warn.patch
+++ b/debian/patches/openvpn-pkcs11warn.patch
@@ -5,7 +5,7 @@ Index: trunk/src/openvpn/options.c
 ===================================================================
 --- trunk.orig/src/openvpn/options.c
 +++ trunk/src/openvpn/options.c
-@@ -6824,6 +6824,20 @@ add_option(struct options *options,
+@@ -7180,6 +7180,20 @@ add_option(struct options *options,
          options->port_share_port = p[2];
          options->port_share_journal_dir = p[3];
      }
diff --git a/debian/patches/series b/debian/patches/series
index 6ef394c..e431324 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,9 +1,9 @@
 move_log_dir.patch
 auth-pam_libpam_so_filename.patch
-debian_nogroup_for_sample_files.patch
+#debian_nogroup_for_sample_files.patch
 openvpn-pkcs11warn.patch
 kfreebsd_support.patch
 match-manpage-and-command-help.patch
-spelling_errors.patch
+#spelling_errors.patch
 systemd.patch
 fix-openssl-error.patch
author	Jörg Frings-Fürst <debian@jff.email>	2022-02-09 16:30:31 +0100
committer	Jörg Frings-Fürst <debian@jff.email>	2022-02-09 16:30:31 +0100
commit	1aff45d6fdfbc63a0256a831a8f8644a84708e9f (patch)
tree	d6d784212695471186f84e218566125337aca617
parent	6e3e95a9da9458ddf0874b4bd1c8ce6b47fcef27 (diff)