summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog7
-rw-r--r--debian/patches/auth-pam_libpam_so_filename.patch16
-rw-r--r--debian/patches/close_socket_before_scripts.patch102
-rw-r--r--debian/patches/kfreebsd_support.patch154
-rw-r--r--debian/patches/manpage_typo.patch13
-rw-r--r--debian/patches/openvpn-pkcs11warn.patch14
-rw-r--r--debian/patches/series2
7 files changed, 99 insertions, 209 deletions
diff --git a/debian/changelog b/debian/changelog
index bfd53ee..a8755dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openvpn (2.4.0-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Refresh debian/patches to new upstream coding style.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 27 Dec 2016 18:29:43 +0100
+
openvpn (2.4~rc1-2) unstable; urgency=medium
* Make lintian happy:
diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch
index f3f5f0c..cfa9047 100644
--- a/debian/patches/auth-pam_libpam_so_filename.patch
+++ b/debian/patches/auth-pam_libpam_so_filename.patch
@@ -3,14 +3,14 @@ Author: Alberto Gonzalez Iniesta <agi@inittab.org>
Bug-Debian: http://bugs.debian.org/306335
Index: openvpn/src/plugins/auth-pam/auth-pam.c
===================================================================
---- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-11-21 09:53:25.512782138 +0100
-+++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-11-21 09:53:25.512782138 +0100
-@@ -632,7 +632,7 @@
- struct user_pass up;
- int command;
+--- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100
++++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100
+@@ -698,7 +698,7 @@
+ struct user_pass up;
+ int command;
#ifdef USE_PAM_DLOPEN
-- static const char pam_so[] = "libpam.so";
-+ static const char pam_so[] = "libpam.so.0";
+- static const char pam_so[] = "libpam.so";
++ static const char pam_so[] = "libpam.so.0";
#endif
- /*
+ /*
diff --git a/debian/patches/close_socket_before_scripts.patch b/debian/patches/close_socket_before_scripts.patch
deleted file mode 100644
index 6e00c00..0000000
--- a/debian/patches/close_socket_before_scripts.patch
+++ /dev/null
@@ -1,102 +0,0 @@
---- a/src/openvpn/manage.c
-+++ b/src/openvpn/manage.c
-@@ -1499,7 +1499,6 @@ man_new_connection_post (struct management *man, const char *description)
- struct gc_arena gc = gc_new ();
-
- set_nonblock (man->connection.sd_cli);
-- set_cloexec (man->connection.sd_cli);
-
- man_connection_settings_reset (man);
-
-@@ -1640,7 +1639,6 @@ man_listen (struct management *man)
- * Set misc socket properties
- */
- set_nonblock (man->connection.sd_top);
-- set_cloexec (man->connection.sd_top);
-
- #if UNIX_SOCK_SUPPORT
- if (man->settings.flags & MF_UNIX_SOCK)
---- a/src/openvpn/socket.c
-+++ b/src/openvpn/socket.c
-@@ -771,6 +771,10 @@ create_socket_tcp (struct addrinfo* addrinfo)
- }
- #endif
-
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (sd);
-+
- return sd;
- }
-
-@@ -815,6 +819,11 @@ create_socket_udp (struct addrinfo* addrinfo, const unsigned int flags)
- }
- }
- #endif
-+
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (sd);
-+
- return sd;
- }
-
-@@ -968,6 +977,12 @@ socket_do_accept (socket_descriptor_t sd,
- openvpn_close_socket (new_sd);
- new_sd = SOCKET_UNDEFINED;
- }
-+ else
-+ {
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (sd);
-+ }
- return new_sd;
- }
-
-@@ -1617,6 +1632,7 @@ link_socket_init_phase1 (struct link_socket *sock,
- ASSERT (sock->info.proto != PROTO_TCP_CLIENT);
- ASSERT (socket_defined (inetd_socket_descriptor));
- sock->sd = inetd_socket_descriptor;
-+ set_cloexec (sock->sd); /* not created by create_socket*() */
- }
- else if (mode != LS_MODE_TCP_ACCEPT_FROM)
- {
-@@ -1677,13 +1693,6 @@ phase2_set_socket_flags (struct link_socket* sock)
- /* set socket to non-blocking mode */
- set_nonblock (sock->sd);
-
-- /* set socket file descriptor to not pass across execs, so that
-- scripts don't have access to it */
-- set_cloexec (sock->sd);
--
-- if (socket_defined (sock->ctrl_sd))
-- set_cloexec (sock->ctrl_sd);
--
- /* set Path MTU discovery options on the socket */
- set_mtu_discover_type (sock->sd, sock->mtu_discover_type, sock->info.af);
-
-@@ -3476,6 +3485,11 @@ create_socket_unix (void)
-
- if ((sd = socket (PF_UNIX, SOCK_STREAM, 0)) < 0)
- msg (M_ERR, "Cannot create unix domain socket");
-+
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (sd);
-+
- return sd;
- }
-
-@@ -3516,6 +3530,12 @@ socket_accept_unix (socket_descriptor_t sd,
-
- CLEAR (*remote);
- ret = accept (sd, (struct sockaddr *) remote, &remote_len);
-+ if ( ret >= 0 )
-+ {
-+ /* set socket file descriptor to not pass across execs, so that
-+ scripts don't have access to it */
-+ set_cloexec (ret);
-+ }
- return ret;
- }
diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch
index 40db126..0c8165b 100644
--- a/debian/patches/kfreebsd_support.patch
+++ b/debian/patches/kfreebsd_support.patch
@@ -3,120 +3,120 @@ Author: Gonéri Le Bouder <goneri@rulezlan.org>
Bug-Debian: http://bugs.debian.org/626062
Index: openvpn/src/openvpn/route.c
===================================================================
---- openvpn.orig/src/openvpn/route.c 2016-12-12 20:53:45.298787355 +0100
-+++ openvpn/src/openvpn/route.c 2016-12-12 21:03:48.380240093 +0100
-@@ -1532,7 +1532,7 @@
- argv_msg (D_ROUTE, &argv);
- status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add command failed");
+--- openvpn.orig/src/openvpn/route.c 2016-12-27 19:01:52.704942715 +0100
++++ openvpn/src/openvpn/route.c 2016-12-27 19:08:24.717996310 +0100
+@@ -1670,7 +1670,7 @@
+ argv_msg(D_ROUTE, &argv);
+ status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
- argv_printf (&argv, "%s add",
- ROUTE_PATH);
-@@ -1698,7 +1698,7 @@
- network = print_in6_addr( r6->network, 0, &gc);
- gateway = print_in6_addr( r6->gateway, 0, &gc);
+ argv_printf(&argv, "%s add",
+ ROUTE_PATH);
+@@ -1856,7 +1856,7 @@
+ network = print_in6_addr( r6->network, 0, &gc);
+ gateway = print_in6_addr( r6->gateway, 0, &gc);
--#if defined(TARGET_DARWIN) || \
-+#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) || \
- defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || \
- defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
+-#if defined(TARGET_DARWIN) \
++#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \
+ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
+ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
-@@ -1856,7 +1856,7 @@
- argv_msg (D_ROUTE, &argv);
- status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
+@@ -2032,7 +2032,7 @@
+ argv_msg(D_ROUTE, &argv);
+ status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
- argv_printf (&argv, "%s add -inet6 %s/%d",
- ROUTE_PATH,
-@@ -2022,7 +2022,7 @@
- argv_msg (D_ROUTE, &argv);
- openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route delete command failed");
+ argv_printf(&argv, "%s add -inet6 %s/%d",
+ ROUTE_PATH,
+@@ -2216,7 +2216,7 @@
+ argv_msg(D_ROUTE, &argv);
+ openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
- argv_printf (&argv, "%s delete -net %s %s %s",
- ROUTE_PATH,
-@@ -2127,7 +2127,7 @@
- network = print_in6_addr( r6->network, 0, &gc);
- gateway = print_in6_addr( r6->gateway, 0, &gc);
+ argv_printf(&argv, "%s delete -net %s %s %s",
+ ROUTE_PATH,
+@@ -2323,7 +2323,7 @@
+ network = print_in6_addr( r6->network, 0, &gc);
+ gateway = print_in6_addr( r6->gateway, 0, &gc);
--#if defined(TARGET_DARWIN) || \
-+#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) || \
- defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || \
- defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
+-#if defined(TARGET_DARWIN) \
++#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \
+ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
+ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
-@@ -2248,7 +2248,7 @@
- argv_msg (D_ROUTE, &argv);
- openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
+@@ -2458,7 +2458,7 @@
+ argv_msg(D_ROUTE, &argv);
+ openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
- argv_printf (&argv, "%s delete -inet6 %s/%d",
- ROUTE_PATH,
-@@ -3206,7 +3206,8 @@
+ argv_printf(&argv, "%s delete -inet6 %s/%d",
+ ROUTE_PATH,
+@@ -3499,7 +3499,8 @@
- #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) || \
- defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || \
-- defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
-+ defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) || \
-+ defined(__FreeBSD_kernel__)
+ #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \
+ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
+- || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
++ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \
++ || defined(__FreeBSD_kernel__)
#include <sys/types.h>
#include <sys/socket.h>
Index: openvpn/src/openvpn/tun.c
===================================================================
---- openvpn.orig/src/openvpn/tun.c 2016-12-12 20:53:45.298787355 +0100
-+++ openvpn/src/openvpn/tun.c 2016-12-12 21:04:41.156373771 +0100
-@@ -783,7 +783,7 @@
- #endif
-
- #if defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)||\
-- defined(TARGET_OPENBSD)
-+ defined(TARGET_OPENBSD)||defined(__FreeBSD_kernel__)
+--- openvpn.orig/src/openvpn/tun.c 2016-12-27 19:01:52.704942715 +0100
++++ openvpn/src/openvpn/tun.c 2016-12-27 19:05:14.585486719 +0100
+@@ -840,7 +840,7 @@
+ #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */
+
+ #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
+- || defined(TARGET_OPENBSD)
++ || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__)
/* we can't use true subnet mode on tun on all platforms, as that
* conflicts with IPv6 (wants to use ND then, which we don't do),
* but the OSes want "a remote address that is different from ours"
-@@ -1314,7 +1314,7 @@
- add_route_connected_v6_net(tt, es);
- }
+@@ -1408,7 +1408,7 @@
+ add_route_connected_v6_net(tt, es);
+ }
--#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
-+#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)||defined(__FreeBSD_kernel__)
+-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
++#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
- in_addr_t remote_end; /* for "virtual" subnet topology */
+ in_addr_t remote_end; /* for "virtual" subnet topology */
-@@ -2548,7 +2548,7 @@
- return read (tt->fd, buf, len);
+@@ -2762,7 +2762,7 @@
+ }
}
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD)||defined(__FreeBSD_kernel__)
static inline int
- freebsd_modify_read_write_return (int len)
+ freebsd_modify_read_write_return(int len)
Index: openvpn/src/openvpn/lladdr.c
===================================================================
---- openvpn.orig/src/openvpn/lladdr.c 2012-11-05 16:29:30.000000000 +0100
-+++ openvpn/src/openvpn/lladdr.c 2016-12-12 21:06:38.372672863 +0100
-@@ -47,7 +47,7 @@
- "%s %s lladdr %s",
- IFCONFIG_PATH,
- ifname, lladdr);
+--- openvpn.orig/src/openvpn/lladdr.c 2016-12-27 19:01:52.704942715 +0100
++++ openvpn/src/openvpn/lladdr.c 2016-12-27 19:09:07.286110127 +0100
+@@ -50,7 +50,7 @@
+ "%s %s lladdr %s",
+ IFCONFIG_PATH,
+ ifname, lladdr);
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
- argv_printf (&argv,
- "%s %s ether %s",
- IFCONFIG_PATH,
+ argv_printf(&argv,
+ "%s %s ether %s",
+ IFCONFIG_PATH,
Index: openvpn/src/openvpn/syshead.h
===================================================================
---- openvpn.orig/src/openvpn/syshead.h 2016-12-07 13:14:25.348506036 +0100
-+++ openvpn/src/openvpn/syshead.h 2016-12-12 21:12:20.413558149 +0100
+--- openvpn.orig/src/openvpn/syshead.h 2016-12-27 19:01:52.704942715 +0100
++++ openvpn/src/openvpn/syshead.h 2016-12-27 19:01:52.700942705 +0100
@@ -294,7 +294,7 @@
#endif /* TARGET_OPENBSD */
@@ -128,14 +128,14 @@ Index: openvpn/src/openvpn/syshead.h
#include <sys/uio.h>
Index: openvpn/src/openvpn/ssl.c
===================================================================
---- openvpn.orig/src/openvpn/ssl.c 2016-12-07 13:14:25.348506036 +0100
-+++ openvpn/src/openvpn/ssl.c 2016-12-12 21:13:44.989779071 +0100
-@@ -2108,7 +2108,7 @@
- buf_printf (&out, "IV_PLAT=mac\n");
+--- openvpn.orig/src/openvpn/ssl.c 2016-12-27 19:01:52.704942715 +0100
++++ openvpn/src/openvpn/ssl.c 2016-12-27 19:03:13.433160691 +0100
+@@ -2247,7 +2247,7 @@
+ buf_printf(&out, "IV_PLAT=mac\n");
#elif defined(TARGET_NETBSD)
- buf_printf (&out, "IV_PLAT=netbsd\n");
+ buf_printf(&out, "IV_PLAT=netbsd\n");
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
- buf_printf (&out, "IV_PLAT=freebsd\n");
+ buf_printf(&out, "IV_PLAT=freebsd\n");
#elif defined(TARGET_ANDROID)
- buf_printf (&out, "IV_PLAT=android\n");
+ buf_printf(&out, "IV_PLAT=android\n");
diff --git a/debian/patches/manpage_typo.patch b/debian/patches/manpage_typo.patch
deleted file mode 100644
index 4d80341..0000000
--- a/debian/patches/manpage_typo.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: openvpn/doc/openvpn.8
-===================================================================
---- openvpn.orig/doc/openvpn.8 2016-12-12 19:36:31.706541262 +0100
-+++ openvpn/doc/openvpn.8 2016-12-12 19:42:13.507427481 +0100
-@@ -4572,7 +4572,7 @@
- Specify the curve to use for elliptic curve Diffie Hellman. Available
- curves can be listed with
- .B \-\-show\-curves
--. The specified curve will only be used for ECDH TLS-ciphers.
-+The specified curve will only be used for ECDH TLS-ciphers.
- .\"*********************************************************
- .TP
- .B \-\-cert file
diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch
index 758a555..0ec934f 100644
--- a/debian/patches/openvpn-pkcs11warn.patch
+++ b/debian/patches/openvpn-pkcs11warn.patch
@@ -3,11 +3,11 @@ Author: Florian Kulzer <florian.kulzer+debian@icfo.es>
Bug-Debian: http://bugs.debian.org/475353
Index: openvpn/src/openvpn/options.c
===================================================================
---- openvpn.orig/src/openvpn/options.c 2016-12-07 13:18:03.856865710 +0100
-+++ openvpn/src/openvpn/options.c 2016-12-07 13:18:03.856865710 +0100
-@@ -6647,6 +6647,20 @@
- {
- VERIFY_PERMISSION (OPT_P_ROUTE_EXTRAS);
+--- openvpn.orig/src/openvpn/options.c 2016-12-27 18:46:18.362320774 +0100
++++ openvpn/src/openvpn/options.c 2016-12-27 18:46:18.362320774 +0100
+@@ -6789,6 +6789,20 @@
+ options->port_share_port = p[2];
+ options->port_share_journal_dir = p[3];
}
+ else if (streq (p[0], "pkcs11-id-type") ||
+ streq (p[0], "pkcs11-sign-mode") ||
@@ -24,5 +24,5 @@ Index: openvpn/src/openvpn/options.c
+ p[0], PACKAGE_VERSION);
+ }
#endif
- #if PASSTOS_CAPABILITY
- else if (streq (p[0], "passtos") && !p[1])
+ else if (streq(p[0], "client-to-client") && !p[1])
+ {
diff --git a/debian/patches/series b/debian/patches/series
index 77c9735..ff865c2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,7 +1,5 @@
auth-pam_libpam_so_filename.patch
-close_socket_before_scripts.patch
debian_nogroup_for_sample_files.patch
openvpn-pkcs11warn.patch
route_default_nil.patch
-manpage_typo.patch
kfreebsd_support.patch