summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-08-15 21:59:32 +0200
committerBernhard Schmidt <berni@debian.org>2020-08-15 21:59:32 +0200
commit0d85c7a4b77d7841435ae1ea6f3c70640f4e974b (patch)
treef415012339b54b3d8f56a0fce644559764c5b9d3
parent7c229d538824cb679351220ad8911f7b2daa7c23 (diff)
Adjust patches for new major upstream version
-rw-r--r--debian/patches/auth-pam_libpam_so_filename.patch2
-rw-r--r--debian/patches/debian_nogroup_for_sample_files.patch26
-rw-r--r--debian/patches/fix-openssl-error.patch51
-rw-r--r--debian/patches/series4
-rw-r--r--debian/patches/spelling_errors.patch53
5 files changed, 2 insertions, 134 deletions
diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch
index 2e7e5c4..336ccd4 100644
--- a/debian/patches/auth-pam_libpam_so_filename.patch
+++ b/debian/patches/auth-pam_libpam_so_filename.patch
@@ -6,7 +6,7 @@ Index: trunk/src/plugins/auth-pam/auth-pam.c
--- trunk.orig/src/plugins/auth-pam/auth-pam.c
+++ trunk/src/plugins/auth-pam/auth-pam.c
@@ -716,7 +716,7 @@ pam_server(int fd, const char *service,
- struct user_pass up;
+ char ac_file_name[PATH_MAX];
int command;
#ifdef USE_PAM_DLOPEN
- static const char pam_so[] = "libpam.so";
diff --git a/debian/patches/debian_nogroup_for_sample_files.patch b/debian/patches/debian_nogroup_for_sample_files.patch
index f7dcaaa..3660453 100644
--- a/debian/patches/debian_nogroup_for_sample_files.patch
+++ b/debian/patches/debian_nogroup_for_sample_files.patch
@@ -27,32 +27,6 @@ Index: openvpn/sample/sample-config-files/tls-home.conf
# If you built OpenVPN with
# LZO compression, uncomment
-Index: openvpn/sample/sample-config-files/static-home.conf
-===================================================================
---- openvpn.orig/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100
-+++ openvpn/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100
-@@ -43,7 +43,7 @@
- # "nobody" after initialization
- # for extra security.
- ; user nobody
--; group nobody
-+; group nogroup
-
- # If you built OpenVPN with
- # LZO compression, uncomment
-Index: openvpn/sample/sample-config-files/static-office.conf
-===================================================================
---- openvpn.orig/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100
-+++ openvpn/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100
-@@ -40,7 +40,7 @@
- # "nobody" after initialization
- # for extra security.
- ; user nobody
--; group nobody
-+; group nogroup
-
- # If you built OpenVPN with
- # LZO compression, uncomment
Index: openvpn/sample/sample-config-files/client.conf
===================================================================
--- openvpn.orig/sample/sample-config-files/client.conf 2016-11-21 09:53:43.608863207 +0100
diff --git a/debian/patches/fix-openssl-error.patch b/debian/patches/fix-openssl-error.patch
deleted file mode 100644
index 566d7e6..0000000
--- a/debian/patches/fix-openssl-error.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-In the corner case that the global OpenSSL has an invalid command like
-
- MinProtocol = TLSv1.0
-
-(Due to OpenSSL's idiosyncrasies MinProtocol = TLSv1 would be correct)
-
-the SSL_ctx_new function leaves the errors for parsing the config file
-on the stack.
-
-OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value
-
-Since the later functions, especially the one of loading the
-certificates expected a clean error this error got reported at the
-wrong place.
-
-Print the warnings with crypto_msg when we detect that we are in this
-situation (this also clears the stack).
----
- src/openvpn/ssl_openssl.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
-index 5955c6bd..555cbbdf 100644
---- a/src/openvpn/ssl_openssl.c
-+++ b/src/openvpn/ssl_openssl.c
-@@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)
- {
- crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
- }
-+ if (ERR_peek_error() != 0)
-+ {
-+ crypto_msg(M_WARN, "Warning: TLS server context initialisation "
-+ "has warnings.");
-+ }
- }
-
- void
-@@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx)
- {
- crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
- }
-+ if (ERR_peek_error() != 0)
-+ {
-+ crypto_msg(M_WARN, "Warning: TLS client context initialisation "
-+ "has warnings.");
-+ }
- }
-
- void
---
-2.26.0
diff --git a/debian/patches/series b/debian/patches/series
index 6ef394c..55bae8e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,8 +2,6 @@ move_log_dir.patch
auth-pam_libpam_so_filename.patch
debian_nogroup_for_sample_files.patch
openvpn-pkcs11warn.patch
-kfreebsd_support.patch
+#kfreebsd_support.patch
match-manpage-and-command-help.patch
-spelling_errors.patch
systemd.patch
-fix-openssl-error.patch
diff --git a/debian/patches/spelling_errors.patch b/debian/patches/spelling_errors.patch
deleted file mode 100644
index cac36d3..0000000
--- a/debian/patches/spelling_errors.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Description: correct tspelling errors
-Author: Jörg Frings-Fürst <debian@jff.email>
-Last-Update: 2018-07-29
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/src/openvpn/buffer.c
-===================================================================
---- trunk.orig/src/openvpn/buffer.c
-+++ trunk/src/openvpn/buffer.c
-@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s
- unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra;
- if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit))
- {
-- msg(M_FATAL, "attemped allocation of excessively large array");
-+ msg(M_FATAL, "attempted allocation of excessively large array");
- }
- return (size_t) res;
- }
-Index: trunk/src/openvpn/options.c
-===================================================================
---- trunk.orig/src/openvpn/options.c
-+++ trunk/src/openvpn/options.c
-@@ -448,7 +448,7 @@ static const char usage_message[] =
- " user/pass via environment, if method='via-file', pass\n"
- " user/pass via temporary file.\n"
- "--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n"
-- " to each client, replacing the password. Usefull when\n"
-+ " to each client, replacing the password. Useful when\n"
- " OTP based two-factor auth mechanisms are in use and\n"
- " --reneg-* options are enabled. Optionally a lifetime in seconds\n"
- " for generated tokens can be set.\n"
-Index: trunk/doc/openvpn.8
-===================================================================
---- trunk.orig/doc/openvpn.8
-+++ trunk/doc/openvpn.8
-@@ -2181,7 +2181,7 @@ that
- is parsed on the command line even though
- the daemonization point occurs later. If one of the
- .B \-\-log
--options is present, it will supercede syslog
-+options is present, it will supersede syslog
- redirection.
-
- The optional
-@@ -2292,7 +2292,7 @@ If
- already exists it will be truncated.
- This option takes effect
- immediately when it is parsed in the command line
--and will supercede syslog output if
-+and will supersede syslog output if
- .B \-\-daemon
- or
- .B \-\-inetd