diff options
-rw-r--r-- | debian/patches/auth-pam_libpam_so_filename.patch | 2 | ||||
-rw-r--r-- | debian/patches/debian_nogroup_for_sample_files.patch | 26 | ||||
-rw-r--r-- | debian/patches/fix-openssl-error.patch | 51 | ||||
-rw-r--r-- | debian/patches/series | 4 | ||||
-rw-r--r-- | debian/patches/spelling_errors.patch | 53 |
5 files changed, 2 insertions, 134 deletions
diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch index 2e7e5c4..336ccd4 100644 --- a/debian/patches/auth-pam_libpam_so_filename.patch +++ b/debian/patches/auth-pam_libpam_so_filename.patch @@ -6,7 +6,7 @@ Index: trunk/src/plugins/auth-pam/auth-pam.c --- trunk.orig/src/plugins/auth-pam/auth-pam.c +++ trunk/src/plugins/auth-pam/auth-pam.c @@ -716,7 +716,7 @@ pam_server(int fd, const char *service, - struct user_pass up; + char ac_file_name[PATH_MAX]; int command; #ifdef USE_PAM_DLOPEN - static const char pam_so[] = "libpam.so"; diff --git a/debian/patches/debian_nogroup_for_sample_files.patch b/debian/patches/debian_nogroup_for_sample_files.patch index f7dcaaa..3660453 100644 --- a/debian/patches/debian_nogroup_for_sample_files.patch +++ b/debian/patches/debian_nogroup_for_sample_files.patch @@ -27,32 +27,6 @@ Index: openvpn/sample/sample-config-files/tls-home.conf # If you built OpenVPN with # LZO compression, uncomment -Index: openvpn/sample/sample-config-files/static-home.conf -=================================================================== ---- openvpn.orig/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100 -+++ openvpn/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100 -@@ -43,7 +43,7 @@ - # "nobody" after initialization - # for extra security. - ; user nobody --; group nobody -+; group nogroup - - # If you built OpenVPN with - # LZO compression, uncomment -Index: openvpn/sample/sample-config-files/static-office.conf -=================================================================== ---- openvpn.orig/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100 -+++ openvpn/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100 -@@ -40,7 +40,7 @@ - # "nobody" after initialization - # for extra security. - ; user nobody --; group nobody -+; group nogroup - - # If you built OpenVPN with - # LZO compression, uncomment Index: openvpn/sample/sample-config-files/client.conf =================================================================== --- openvpn.orig/sample/sample-config-files/client.conf 2016-11-21 09:53:43.608863207 +0100 diff --git a/debian/patches/fix-openssl-error.patch b/debian/patches/fix-openssl-error.patch deleted file mode 100644 index 566d7e6..0000000 --- a/debian/patches/fix-openssl-error.patch +++ /dev/null @@ -1,51 +0,0 @@ -In the corner case that the global OpenSSL has an invalid command like - - MinProtocol = TLSv1.0 - -(Due to OpenSSL's idiosyncrasies MinProtocol = TLSv1 would be correct) - -the SSL_ctx_new function leaves the errors for parsing the config file -on the stack. - -OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value - -Since the later functions, especially the one of loading the -certificates expected a clean error this error got reported at the -wrong place. - -Print the warnings with crypto_msg when we detect that we are in this -situation (this also clears the stack). ---- - src/openvpn/ssl_openssl.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c -index 5955c6bd..555cbbdf 100644 ---- a/src/openvpn/ssl_openssl.c -+++ b/src/openvpn/ssl_openssl.c -@@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx) - { - crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method"); - } -+ if (ERR_peek_error() != 0) -+ { -+ crypto_msg(M_WARN, "Warning: TLS server context initialisation " -+ "has warnings."); -+ } - } - - void -@@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx) - { - crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method"); - } -+ if (ERR_peek_error() != 0) -+ { -+ crypto_msg(M_WARN, "Warning: TLS client context initialisation " -+ "has warnings."); -+ } - } - - void --- -2.26.0 diff --git a/debian/patches/series b/debian/patches/series index 6ef394c..55bae8e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,8 +2,6 @@ move_log_dir.patch auth-pam_libpam_so_filename.patch debian_nogroup_for_sample_files.patch openvpn-pkcs11warn.patch -kfreebsd_support.patch +#kfreebsd_support.patch match-manpage-and-command-help.patch -spelling_errors.patch systemd.patch -fix-openssl-error.patch diff --git a/debian/patches/spelling_errors.patch b/debian/patches/spelling_errors.patch deleted file mode 100644 index cac36d3..0000000 --- a/debian/patches/spelling_errors.patch +++ /dev/null @@ -1,53 +0,0 @@ -Description: correct tspelling errors -Author: Jörg Frings-Fürst <debian@jff.email> -Last-Update: 2018-07-29 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/src/openvpn/buffer.c -=================================================================== ---- trunk.orig/src/openvpn/buffer.c -+++ trunk/src/openvpn/buffer.c -@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s - unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra; - if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit)) - { -- msg(M_FATAL, "attemped allocation of excessively large array"); -+ msg(M_FATAL, "attempted allocation of excessively large array"); - } - return (size_t) res; - } -Index: trunk/src/openvpn/options.c -=================================================================== ---- trunk.orig/src/openvpn/options.c -+++ trunk/src/openvpn/options.c -@@ -448,7 +448,7 @@ static const char usage_message[] = - " user/pass via environment, if method='via-file', pass\n" - " user/pass via temporary file.\n" - "--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n" -- " to each client, replacing the password. Usefull when\n" -+ " to each client, replacing the password. Useful when\n" - " OTP based two-factor auth mechanisms are in use and\n" - " --reneg-* options are enabled. Optionally a lifetime in seconds\n" - " for generated tokens can be set.\n" -Index: trunk/doc/openvpn.8 -=================================================================== ---- trunk.orig/doc/openvpn.8 -+++ trunk/doc/openvpn.8 -@@ -2181,7 +2181,7 @@ that - is parsed on the command line even though - the daemonization point occurs later. If one of the - .B \-\-log --options is present, it will supercede syslog -+options is present, it will supersede syslog - redirection. - - The optional -@@ -2292,7 +2292,7 @@ If - already exists it will be truncated. - This option takes effect - immediately when it is parsed in the command line --and will supercede syslog output if -+and will supersede syslog output if - .B \-\-daemon - or - .B \-\-inetd |