diff options
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/auth-pam_libpam_so_filename.patch | 16 | ||||
-rw-r--r-- | debian/patches/close_socket_before_scripts.patch | 102 | ||||
-rw-r--r-- | debian/patches/kfreebsd_support.patch | 154 | ||||
-rw-r--r-- | debian/patches/manpage_typo.patch | 13 | ||||
-rw-r--r-- | debian/patches/openvpn-pkcs11warn.patch | 14 | ||||
-rw-r--r-- | debian/patches/series | 2 |
6 files changed, 92 insertions, 209 deletions
diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch index f3f5f0c..cfa9047 100644 --- a/debian/patches/auth-pam_libpam_so_filename.patch +++ b/debian/patches/auth-pam_libpam_so_filename.patch @@ -3,14 +3,14 @@ Author: Alberto Gonzalez Iniesta <agi@inittab.org> Bug-Debian: http://bugs.debian.org/306335 Index: openvpn/src/plugins/auth-pam/auth-pam.c =================================================================== ---- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-11-21 09:53:25.512782138 +0100 -+++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-11-21 09:53:25.512782138 +0100 -@@ -632,7 +632,7 @@ - struct user_pass up; - int command; +--- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100 ++++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100 +@@ -698,7 +698,7 @@ + struct user_pass up; + int command; #ifdef USE_PAM_DLOPEN -- static const char pam_so[] = "libpam.so"; -+ static const char pam_so[] = "libpam.so.0"; +- static const char pam_so[] = "libpam.so"; ++ static const char pam_so[] = "libpam.so.0"; #endif - /* + /* diff --git a/debian/patches/close_socket_before_scripts.patch b/debian/patches/close_socket_before_scripts.patch deleted file mode 100644 index 6e00c00..0000000 --- a/debian/patches/close_socket_before_scripts.patch +++ /dev/null @@ -1,102 +0,0 @@ ---- a/src/openvpn/manage.c -+++ b/src/openvpn/manage.c -@@ -1499,7 +1499,6 @@ man_new_connection_post (struct management *man, const char *description) - struct gc_arena gc = gc_new (); - - set_nonblock (man->connection.sd_cli); -- set_cloexec (man->connection.sd_cli); - - man_connection_settings_reset (man); - -@@ -1640,7 +1639,6 @@ man_listen (struct management *man) - * Set misc socket properties - */ - set_nonblock (man->connection.sd_top); -- set_cloexec (man->connection.sd_top); - - #if UNIX_SOCK_SUPPORT - if (man->settings.flags & MF_UNIX_SOCK) ---- a/src/openvpn/socket.c -+++ b/src/openvpn/socket.c -@@ -771,6 +771,10 @@ create_socket_tcp (struct addrinfo* addrinfo) - } - #endif - -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (sd); -+ - return sd; - } - -@@ -815,6 +819,11 @@ create_socket_udp (struct addrinfo* addrinfo, const unsigned int flags) - } - } - #endif -+ -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (sd); -+ - return sd; - } - -@@ -968,6 +977,12 @@ socket_do_accept (socket_descriptor_t sd, - openvpn_close_socket (new_sd); - new_sd = SOCKET_UNDEFINED; - } -+ else -+ { -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (sd); -+ } - return new_sd; - } - -@@ -1617,6 +1632,7 @@ link_socket_init_phase1 (struct link_socket *sock, - ASSERT (sock->info.proto != PROTO_TCP_CLIENT); - ASSERT (socket_defined (inetd_socket_descriptor)); - sock->sd = inetd_socket_descriptor; -+ set_cloexec (sock->sd); /* not created by create_socket*() */ - } - else if (mode != LS_MODE_TCP_ACCEPT_FROM) - { -@@ -1677,13 +1693,6 @@ phase2_set_socket_flags (struct link_socket* sock) - /* set socket to non-blocking mode */ - set_nonblock (sock->sd); - -- /* set socket file descriptor to not pass across execs, so that -- scripts don't have access to it */ -- set_cloexec (sock->sd); -- -- if (socket_defined (sock->ctrl_sd)) -- set_cloexec (sock->ctrl_sd); -- - /* set Path MTU discovery options on the socket */ - set_mtu_discover_type (sock->sd, sock->mtu_discover_type, sock->info.af); - -@@ -3476,6 +3485,11 @@ create_socket_unix (void) - - if ((sd = socket (PF_UNIX, SOCK_STREAM, 0)) < 0) - msg (M_ERR, "Cannot create unix domain socket"); -+ -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (sd); -+ - return sd; - } - -@@ -3516,6 +3530,12 @@ socket_accept_unix (socket_descriptor_t sd, - - CLEAR (*remote); - ret = accept (sd, (struct sockaddr *) remote, &remote_len); -+ if ( ret >= 0 ) -+ { -+ /* set socket file descriptor to not pass across execs, so that -+ scripts don't have access to it */ -+ set_cloexec (ret); -+ } - return ret; - } diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch index 40db126..0c8165b 100644 --- a/debian/patches/kfreebsd_support.patch +++ b/debian/patches/kfreebsd_support.patch @@ -3,120 +3,120 @@ Author: Gonéri Le Bouder <goneri@rulezlan.org> Bug-Debian: http://bugs.debian.org/626062 Index: openvpn/src/openvpn/route.c =================================================================== ---- openvpn.orig/src/openvpn/route.c 2016-12-12 20:53:45.298787355 +0100 -+++ openvpn/src/openvpn/route.c 2016-12-12 21:03:48.380240093 +0100 -@@ -1532,7 +1532,7 @@ - argv_msg (D_ROUTE, &argv); - status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add command failed"); +--- openvpn.orig/src/openvpn/route.c 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/route.c 2016-12-27 19:08:24.717996310 +0100 +@@ -1670,7 +1670,7 @@ + argv_msg(D_ROUTE, &argv); + status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed"); -#elif defined(TARGET_FREEBSD) +#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) - argv_printf (&argv, "%s add", - ROUTE_PATH); -@@ -1698,7 +1698,7 @@ - network = print_in6_addr( r6->network, 0, &gc); - gateway = print_in6_addr( r6->gateway, 0, &gc); + argv_printf(&argv, "%s add", + ROUTE_PATH); +@@ -1856,7 +1856,7 @@ + network = print_in6_addr( r6->network, 0, &gc); + gateway = print_in6_addr( r6->gateway, 0, &gc); --#if defined(TARGET_DARWIN) || \ -+#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) || \ - defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || \ - defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) +-#if defined(TARGET_DARWIN) \ ++#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \ + || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ + || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -@@ -1856,7 +1856,7 @@ - argv_msg (D_ROUTE, &argv); - status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add -inet6 command failed"); +@@ -2032,7 +2032,7 @@ + argv_msg(D_ROUTE, &argv); + status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed"); -#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) +#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__) - argv_printf (&argv, "%s add -inet6 %s/%d", - ROUTE_PATH, -@@ -2022,7 +2022,7 @@ - argv_msg (D_ROUTE, &argv); - openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route delete command failed"); + argv_printf(&argv, "%s add -inet6 %s/%d", + ROUTE_PATH, +@@ -2216,7 +2216,7 @@ + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed"); -#elif defined(TARGET_FREEBSD) +#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) - argv_printf (&argv, "%s delete -net %s %s %s", - ROUTE_PATH, -@@ -2127,7 +2127,7 @@ - network = print_in6_addr( r6->network, 0, &gc); - gateway = print_in6_addr( r6->gateway, 0, &gc); + argv_printf(&argv, "%s delete -net %s %s %s", + ROUTE_PATH, +@@ -2323,7 +2323,7 @@ + network = print_in6_addr( r6->network, 0, &gc); + gateway = print_in6_addr( r6->gateway, 0, &gc); --#if defined(TARGET_DARWIN) || \ -+#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) || \ - defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || \ - defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) +-#if defined(TARGET_DARWIN) \ ++#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \ + || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ + || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -@@ -2248,7 +2248,7 @@ - argv_msg (D_ROUTE, &argv); - openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed"); +@@ -2458,7 +2458,7 @@ + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed"); -#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) +#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__) - argv_printf (&argv, "%s delete -inet6 %s/%d", - ROUTE_PATH, -@@ -3206,7 +3206,8 @@ + argv_printf(&argv, "%s delete -inet6 %s/%d", + ROUTE_PATH, +@@ -3499,7 +3499,8 @@ - #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) || \ - defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || \ -- defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -+ defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) || \ -+ defined(__FreeBSD_kernel__) + #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \ + || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ +- || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) ++ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ ++ || defined(__FreeBSD_kernel__) #include <sys/types.h> #include <sys/socket.h> Index: openvpn/src/openvpn/tun.c =================================================================== ---- openvpn.orig/src/openvpn/tun.c 2016-12-12 20:53:45.298787355 +0100 -+++ openvpn/src/openvpn/tun.c 2016-12-12 21:04:41.156373771 +0100 -@@ -783,7 +783,7 @@ - #endif - - #if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)||\ -- defined(TARGET_OPENBSD) -+ defined(TARGET_OPENBSD)||defined(__FreeBSD_kernel__) +--- openvpn.orig/src/openvpn/tun.c 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/tun.c 2016-12-27 19:05:14.585486719 +0100 +@@ -840,7 +840,7 @@ + #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ + + #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ +- || defined(TARGET_OPENBSD) ++ || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__) /* we can't use true subnet mode on tun on all platforms, as that * conflicts with IPv6 (wants to use ND then, which we don't do), * but the OSes want "a remote address that is different from ours" -@@ -1314,7 +1314,7 @@ - add_route_connected_v6_net(tt, es); - } +@@ -1408,7 +1408,7 @@ + add_route_connected_v6_net(tt, es); + } --#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) -+#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)||defined(__FreeBSD_kernel__) +-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) ++#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__) - in_addr_t remote_end; /* for "virtual" subnet topology */ + in_addr_t remote_end; /* for "virtual" subnet topology */ -@@ -2548,7 +2548,7 @@ - return read (tt->fd, buf, len); +@@ -2762,7 +2762,7 @@ + } } -#elif defined(TARGET_FREEBSD) +#elif defined(TARGET_FREEBSD)||defined(__FreeBSD_kernel__) static inline int - freebsd_modify_read_write_return (int len) + freebsd_modify_read_write_return(int len) Index: openvpn/src/openvpn/lladdr.c =================================================================== ---- openvpn.orig/src/openvpn/lladdr.c 2012-11-05 16:29:30.000000000 +0100 -+++ openvpn/src/openvpn/lladdr.c 2016-12-12 21:06:38.372672863 +0100 -@@ -47,7 +47,7 @@ - "%s %s lladdr %s", - IFCONFIG_PATH, - ifname, lladdr); +--- openvpn.orig/src/openvpn/lladdr.c 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/lladdr.c 2016-12-27 19:09:07.286110127 +0100 +@@ -50,7 +50,7 @@ + "%s %s lladdr %s", + IFCONFIG_PATH, + ifname, lladdr); -#elif defined(TARGET_FREEBSD) +#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) - argv_printf (&argv, - "%s %s ether %s", - IFCONFIG_PATH, + argv_printf(&argv, + "%s %s ether %s", + IFCONFIG_PATH, Index: openvpn/src/openvpn/syshead.h =================================================================== ---- openvpn.orig/src/openvpn/syshead.h 2016-12-07 13:14:25.348506036 +0100 -+++ openvpn/src/openvpn/syshead.h 2016-12-12 21:12:20.413558149 +0100 +--- openvpn.orig/src/openvpn/syshead.h 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/syshead.h 2016-12-27 19:01:52.700942705 +0100 @@ -294,7 +294,7 @@ #endif /* TARGET_OPENBSD */ @@ -128,14 +128,14 @@ Index: openvpn/src/openvpn/syshead.h #include <sys/uio.h> Index: openvpn/src/openvpn/ssl.c =================================================================== ---- openvpn.orig/src/openvpn/ssl.c 2016-12-07 13:14:25.348506036 +0100 -+++ openvpn/src/openvpn/ssl.c 2016-12-12 21:13:44.989779071 +0100 -@@ -2108,7 +2108,7 @@ - buf_printf (&out, "IV_PLAT=mac\n"); +--- openvpn.orig/src/openvpn/ssl.c 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/ssl.c 2016-12-27 19:03:13.433160691 +0100 +@@ -2247,7 +2247,7 @@ + buf_printf(&out, "IV_PLAT=mac\n"); #elif defined(TARGET_NETBSD) - buf_printf (&out, "IV_PLAT=netbsd\n"); + buf_printf(&out, "IV_PLAT=netbsd\n"); -#elif defined(TARGET_FREEBSD) +#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) - buf_printf (&out, "IV_PLAT=freebsd\n"); + buf_printf(&out, "IV_PLAT=freebsd\n"); #elif defined(TARGET_ANDROID) - buf_printf (&out, "IV_PLAT=android\n"); + buf_printf(&out, "IV_PLAT=android\n"); diff --git a/debian/patches/manpage_typo.patch b/debian/patches/manpage_typo.patch deleted file mode 100644 index 4d80341..0000000 --- a/debian/patches/manpage_typo.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: openvpn/doc/openvpn.8 -=================================================================== ---- openvpn.orig/doc/openvpn.8 2016-12-12 19:36:31.706541262 +0100 -+++ openvpn/doc/openvpn.8 2016-12-12 19:42:13.507427481 +0100 -@@ -4572,7 +4572,7 @@ - Specify the curve to use for elliptic curve Diffie Hellman. Available - curves can be listed with - .B \-\-show\-curves --. The specified curve will only be used for ECDH TLS-ciphers. -+The specified curve will only be used for ECDH TLS-ciphers. - .\"********************************************************* - .TP - .B \-\-cert file diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch index 758a555..0ec934f 100644 --- a/debian/patches/openvpn-pkcs11warn.patch +++ b/debian/patches/openvpn-pkcs11warn.patch @@ -3,11 +3,11 @@ Author: Florian Kulzer <florian.kulzer+debian@icfo.es> Bug-Debian: http://bugs.debian.org/475353 Index: openvpn/src/openvpn/options.c =================================================================== ---- openvpn.orig/src/openvpn/options.c 2016-12-07 13:18:03.856865710 +0100 -+++ openvpn/src/openvpn/options.c 2016-12-07 13:18:03.856865710 +0100 -@@ -6647,6 +6647,20 @@ - { - VERIFY_PERMISSION (OPT_P_ROUTE_EXTRAS); +--- openvpn.orig/src/openvpn/options.c 2016-12-27 18:46:18.362320774 +0100 ++++ openvpn/src/openvpn/options.c 2016-12-27 18:46:18.362320774 +0100 +@@ -6789,6 +6789,20 @@ + options->port_share_port = p[2]; + options->port_share_journal_dir = p[3]; } + else if (streq (p[0], "pkcs11-id-type") || + streq (p[0], "pkcs11-sign-mode") || @@ -24,5 +24,5 @@ Index: openvpn/src/openvpn/options.c + p[0], PACKAGE_VERSION); + } #endif - #if PASSTOS_CAPABILITY - else if (streq (p[0], "passtos") && !p[1]) + else if (streq(p[0], "client-to-client") && !p[1]) + { diff --git a/debian/patches/series b/debian/patches/series index 77c9735..ff865c2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,7 +1,5 @@ auth-pam_libpam_so_filename.patch -close_socket_before_scripts.patch debian_nogroup_for_sample_files.patch openvpn-pkcs11warn.patch route_default_nil.patch -manpage_typo.patch kfreebsd_support.patch |