diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/accommodate_typo.patch | 15 | ||||
| -rw-r--r-- | debian/patches/auth-pam_libpam_so_filename.patch | 16 | ||||
| -rw-r--r-- | debian/patches/close_socket_before_scripts.patch | 32 | ||||
| -rw-r--r-- | debian/patches/debian_nogroup_for_sample_files.patch | 81 | ||||
| -rw-r--r-- | debian/patches/kfreebsd_support.patch | 38 | ||||
| -rw-r--r-- | debian/patches/manpage_fixes.patch | 40 | ||||
| -rw-r--r-- | debian/patches/openvpn-pkcs11warn.patch | 28 | ||||
| -rw-r--r-- | debian/patches/route_default_nil.patch | 15 | ||||
| -rw-r--r-- | debian/patches/series | 8 |
9 files changed, 273 insertions, 0 deletions
diff --git a/debian/patches/accommodate_typo.patch b/debian/patches/accommodate_typo.patch new file mode 100644 index 0000000..ac6be64 --- /dev/null +++ b/debian/patches/accommodate_typo.patch @@ -0,0 +1,15 @@ +Description: Simple spelling fix +Author: Alberto Gonzalez Iniesta <agi@inittab.org> +Index: openvpn/src/openvpn/occ.c +=================================================================== +--- openvpn.orig/src/openvpn/occ.c 2014-05-14 12:58:59.805184504 +0200 ++++ openvpn/src/openvpn/occ.c 2014-05-14 12:58:59.805184504 +0200 +@@ -379,7 +379,7 @@ + && c->c2.max_send_size_local > TUN_MTU_MIN + && (c->c2.max_recv_size_remote < c->c2.max_send_size_local + || c->c2.max_recv_size_local < c->c2.max_send_size_remote)) +- msg (M_INFO, "NOTE: This connection is unable to accomodate a UDP packet size of %d. Consider using --fragment or --mssfix options as a workaround.", ++ msg (M_INFO, "NOTE: This connection is unable to accommodate a UDP packet size of %d. Consider using --fragment or --mssfix options as a workaround.", + c->c2.max_send_size_local); + } + event_timeout_clear (&c->c2.occ_mtu_load_test_interval); diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch new file mode 100644 index 0000000..479e111 --- /dev/null +++ b/debian/patches/auth-pam_libpam_so_filename.patch @@ -0,0 +1,16 @@ +Description: Fix libpam.so filename to /lib/libpam.so.0 in pam plugin +Author: Alberto Gonzalez Iniesta <agi@inittab.org> +Bug-Debian: http://bugs.debian.org/306335 +Index: openvpn/src/plugins/auth-pam/auth-pam.c +=================================================================== +--- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-05-10 17:41:09.763626389 +0200 ++++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-05-10 17:41:09.763626389 +0200 +@@ -721,7 +721,7 @@ + struct user_pass up; + int command; + #ifdef USE_PAM_DLOPEN +- static const char pam_so[] = "libpam.so"; ++ static const char pam_so[] = "libpam.so.0"; + #endif + + /* diff --git a/debian/patches/close_socket_before_scripts.patch b/debian/patches/close_socket_before_scripts.patch new file mode 100644 index 0000000..3e53a68 --- /dev/null +++ b/debian/patches/close_socket_before_scripts.patch @@ -0,0 +1,32 @@ +Description: Set socket's FD_CLOEXEC flag before calling up script + Moving the set_cloexec() call from link_socket_init_phase2() to + link_socket_init_phase1(). +Author: Julien Cristau <jcristau@debian.org> +Bug-Debian: http://bugs.debian.org/367716 + +Index: openvpn/src/openvpn/socket.c +=================================================================== +--- openvpn.orig/src/openvpn/socket.c 2016-05-10 17:41:14.575583789 +0200 ++++ openvpn/src/openvpn/socket.c 2016-05-10 17:41:14.571583824 +0200 +@@ -1502,6 +1502,10 @@ + resolve_bind_local (sock); + resolve_remote (sock, 1, NULL, NULL); + } ++ ++ /* set socket file descriptor to not pass across execs, so that ++ scripts don't have access to it */ ++ set_cloexec (sock->sd); + } + + /* finalize socket initialization */ +@@ -1732,10 +1736,6 @@ + /* set socket to non-blocking mode */ + set_nonblock (sock->sd); + +- /* set socket file descriptor to not pass across execs, so that +- scripts don't have access to it */ +- set_cloexec (sock->sd); +- + #ifdef ENABLE_SOCKS + if (socket_defined (sock->ctrl_sd)) + set_cloexec (sock->ctrl_sd); diff --git a/debian/patches/debian_nogroup_for_sample_files.patch b/debian/patches/debian_nogroup_for_sample_files.patch new file mode 100644 index 0000000..2f1fe3d --- /dev/null +++ b/debian/patches/debian_nogroup_for_sample_files.patch @@ -0,0 +1,81 @@ +Description: Unpriviledged group in Debian is called nogroup instead of nobody +Author: Alberto Gonzalez Iniesta <agi@inittab.org> +Bug-Debian: http://bugs.debian.org/317987 +Index: openvpn/sample/sample-config-files/server.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/server.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/server.conf 2015-07-01 14:10:18.543999276 +0200 +@@ -265,7 +265,7 @@ + # You can uncomment this out on + # non-Windows systems. + ;user nobody +-;group nobody ++;group nogroup + + # The persist options will try to avoid + # accessing certain resources on restart +Index: openvpn/sample/sample-config-files/tls-home.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/tls-home.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/tls-home.conf 2015-07-01 14:10:18.543999276 +0200 +@@ -51,7 +51,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn/sample/sample-config-files/static-home.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/static-home.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/static-home.conf 2015-07-01 14:10:18.543999276 +0200 +@@ -40,7 +40,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn/sample/sample-config-files/static-office.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/static-office.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/static-office.conf 2015-07-01 14:10:18.543999276 +0200 +@@ -37,7 +37,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn/sample/sample-config-files/client.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/client.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/client.conf 2015-07-01 14:10:18.543999276 +0200 +@@ -59,7 +59,7 @@ + + # Downgrade privileges after initialization (non-Windows only) + ;user nobody +-;group nobody ++;group nogroup + + # Try to preserve some state across restarts. + persist-key +Index: openvpn/sample/sample-config-files/tls-office.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/tls-office.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/tls-office.conf 2015-07-01 14:10:18.543999276 +0200 +@@ -51,7 +51,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch new file mode 100644 index 0000000..0e72c12 --- /dev/null +++ b/debian/patches/kfreebsd_support.patch @@ -0,0 +1,38 @@ +Description: Improve kFreeBSD support +Author: Gonéri Le Bouder <goneri@rulezlan.org> +Bug-Debian: http://bugs.debian.org/626062 +Index: openvpn/src/openvpn/route.c +=================================================================== +--- openvpn.orig/src/openvpn/route.c 2016-05-10 17:46:23.708838589 +0200 ++++ openvpn/src/openvpn/route.c 2016-05-10 17:46:23.704838624 +0200 +@@ -1421,7 +1421,7 @@ + argv_msg (D_ROUTE, &argv); + status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add command failed"); + +-#elif defined(TARGET_FREEBSD) ++#elif defined(TARGET_FREEBSD)||defined(__FreeBSD_kernel__) + + argv_printf (&argv, "%s add", + ROUTE_PATH); +Index: openvpn/src/openvpn/tun.c +=================================================================== +--- openvpn.orig/src/openvpn/tun.c 2016-05-10 17:46:23.708838589 +0200 ++++ openvpn/src/openvpn/tun.c 2016-05-10 17:46:39.656696603 +0200 +@@ -625,7 +625,7 @@ + } + #endif + +-#if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) ++#if defined(TARGET_FREEBSD)||defined(__FreeBSD_kernel__)||defined(TARGET_DRAGONFLY) + /* we can't use true subnet mode on tun on all platforms, as that + * conflicts with IPv6 (wants to use ND then, which we don't do), + * but the OSes want "a remote address that is different from ours" +@@ -1124,7 +1124,7 @@ + add_route_connected_v6_net(tt, es); + } + +-#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) ++#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)||defined(__FreeBSD_kernel__) + + /* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */ + if (tun) diff --git a/debian/patches/manpage_fixes.patch b/debian/patches/manpage_fixes.patch new file mode 100644 index 0000000..61f33b7 --- /dev/null +++ b/debian/patches/manpage_fixes.patch @@ -0,0 +1,40 @@ +Description: Man page fixes +Author: Alberto Gonzalez Iniesta <agi@inittab.org> +Index: openvpn/doc/openvpn.8 +=================================================================== +--- openvpn.orig/doc/openvpn.8 2016-05-10 17:41:23.135507996 +0200 ++++ openvpn/doc/openvpn.8 2016-05-10 17:41:23.131508031 +0200 +@@ -21,13 +21,13 @@ + .\" 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + .\" + .\" Manual page for openvpn +-.\ ++.\" + .\" SH section heading + .\" SS subsection heading + .\" LP paragraph + .\" IP indented paragraph + .\" TP hanging label +-.\ ++.\" + .\" .nf -- no formatting + .\" .fi -- resume formatting + .\" .ft 3 -- boldface +@@ -4006,7 +4006,7 @@ + This option is only relevant in UDP mode, i.e. + when either + .B \-\-proto udp +-is specifed, or no ++is specified, or no + .B \-\-proto + option is specified. + +@@ -5279,7 +5279,7 @@ + .B \-\-dev tun + mode, OpenVPN will cause the DHCP server to masquerade as if it were + coming from the remote endpoint. The optional offset parameter is +-an integer which is > -256 and < 256 and which defaults to 0. ++an integer which is > \-256 and < 256 and which defaults to 0. + If offset is positive, the DHCP server will masquerade as the IP + address at network address + offset. + If offset is negative, the DHCP server will masquerade as the IP diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch new file mode 100644 index 0000000..2aaea75 --- /dev/null +++ b/debian/patches/openvpn-pkcs11warn.patch @@ -0,0 +1,28 @@ +Description: Warn users about deprecated pkcs11 options +Author: Florian Kulzer <florian.kulzer+debian@icfo.es> +Bug-Debian: http://bugs.debian.org/475353 +Index: openvpn/src/openvpn/options.c +=================================================================== +--- openvpn.orig/src/openvpn/options.c 2016-01-20 12:02:32.953360525 +0100 ++++ openvpn/src/openvpn/options.c 2016-01-20 12:02:32.949360569 +0100 +@@ -6346,6 +6346,20 @@ + { + VERIFY_PERMISSION (OPT_P_ROUTE_EXTRAS); + } ++ else if (streq (p[0], "pkcs11-id-type") || ++ streq (p[0], "pkcs11-sign-mode") || ++ streq (p[0], "pkcs11-slot") || ++ streq (p[0], "pkcs11-slot-type") || ++ streq (p[0], "show-pkcs11-objects") || ++ streq (p[0], "show-pkcs11-slots")) ++ { ++ if (file) ++ msg (msglevel, "You are using an obsolete parameter in %s:%d: %s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.", ++ file, line, p[0], PACKAGE_VERSION); ++ else ++ msg (msglevel, "You are using an obsolete parameter: --%s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.", ++ p[0], PACKAGE_VERSION); ++ } + #endif + #if PASSTOS_CAPABILITY + else if (streq (p[0], "passtos")) diff --git a/debian/patches/route_default_nil.patch b/debian/patches/route_default_nil.patch new file mode 100644 index 0000000..cf17dec --- /dev/null +++ b/debian/patches/route_default_nil.patch @@ -0,0 +1,15 @@ +Description: Fix small wording in man page. +Author: Alberto Gonzalez Iniesta <agi@inittab.org> +Index: openvpn/doc/openvpn.8 +=================================================================== +--- openvpn.orig/doc/openvpn.8 2015-07-01 14:10:31.563860364 +0200 ++++ openvpn/doc/openvpn.8 2015-07-01 14:10:31.559860407 +0200 +@@ -989,7 +989,7 @@ + otherwise 0. + + The default can be specified by leaving an option blank or setting +-it to "default". ++it to "nil". + + The + .B network diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..f37465a --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,8 @@ +auth-pam_libpam_so_filename.patch +close_socket_before_scripts.patch +debian_nogroup_for_sample_files.patch +openvpn-pkcs11warn.patch +route_default_nil.patch +kfreebsd_support.patch +accommodate_typo.patch +manpage_fixes.patch |