head 1.9; access; symbols pkgsrc-2013Q2:1.9.0.2 pkgsrc-2013Q2-base:1.9 pkgsrc-2012Q4:1.8.0.12 pkgsrc-2012Q4-base:1.8 pkgsrc-2012Q3:1.8.0.10 pkgsrc-2012Q3-base:1.8 pkgsrc-2012Q2:1.8.0.8 pkgsrc-2012Q2-base:1.8 pkgsrc-2012Q1:1.8.0.6 pkgsrc-2012Q1-base:1.8 pkgsrc-2011Q4:1.8.0.4 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q3:1.8.0.2 pkgsrc-2011Q3-base:1.8 pkgsrc-2011Q2:1.7.0.2 pkgsrc-2011Q2-base:1.7 pkgsrc-2011Q1:1.6.0.4 pkgsrc-2011Q1-base:1.6 pkgsrc-2010Q4:1.6.0.2 pkgsrc-2010Q4-base:1.6 pkgsrc-2010Q3:1.5.0.32 pkgsrc-2010Q3-base:1.5 pkgsrc-2010Q2:1.5.0.30 pkgsrc-2010Q2-base:1.5 pkgsrc-2010Q1:1.5.0.28 pkgsrc-2010Q1-base:1.5 pkgsrc-2009Q4:1.5.0.26 pkgsrc-2009Q4-base:1.5 pkgsrc-2009Q3:1.5.0.24 pkgsrc-2009Q3-base:1.5 pkgsrc-2009Q2:1.5.0.22 pkgsrc-2009Q2-base:1.5 pkgsrc-2009Q1:1.5.0.20 pkgsrc-2009Q1-base:1.5 pkgsrc-2008Q4:1.5.0.18 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.16 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.5.0.14 cube-native-xorg-base:1.5 pkgsrc-2008Q2:1.5.0.12 pkgsrc-2008Q2-base:1.5 cwrapper:1.5.0.10 pkgsrc-2008Q1:1.5.0.8 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.6 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.4 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.2 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.4.0.8 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.6 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.4 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.2 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.3.0.6 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.4 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.2 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.1.0.4 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.2 pkgsrc-2005Q1-base:1.1; locks; strict; comment @# @; 1.9 date 2013.02.14.12.53.01; author manu; state dead; branches; next 1.8; 1.8 date 2011.08.12.09.38.08; author adam; state Exp; branches; next 1.7; 1.7 date 2011.04.28.07.27.25; author adam; state Exp; branches; next 1.6; 1.6 date 2010.11.30.08.50.17; author adam; state Exp; branches; next 1.5; 1.5 date 2007.06.21.21.44.42; author jlam; state Exp; branches; next 1.4; 1.4 date 2006.04.11.20.09.52; author jlam; state Exp; branches; next 1.3; 1.3 date 2005.09.01.03.40.42; author jlam; state dead; branches 1.3.6.1; next 1.2; 1.2 date 2005.08.17.19.55.57; author jlam; state Exp; branches; next 1.1; 1.1 date 2005.02.21.23.26.24; author bad; state Exp; branches; next ; 1.3.6.1 date 2006.04.13.16.08.25; author salo; state Exp; branches; next ; desc @@ 1.9 log @I forget to remove this obsolete patch @ text @$NetBSD: patch-ab,v 1.8 2011/08/12 09:38:08 adam Exp $ --- syshead.h.orig 2010-11-04 19:29:02.000000000 +0000 +++ syshead.h @@@@ -306,6 +306,10 @@@@ #ifdef TARGET_NETBSD +#ifdef HAVE_NET_IF_TAP_H +#include +#endif + #ifdef HAVE_NET_IF_TUN_H #include #endif @@@@ -387,6 +391,9 @@@@ */ #if defined(ENABLE_MULTIHOME) && defined(HAVE_IN_PKTINFO) && defined(IP_PKTINFO) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG) #define ENABLE_IP_PKTINFO 1 +#ifndef SOL_IP +#define SOL_IP 0 +#endif #else #define ENABLE_IP_PKTINFO 0 #endif @ 1.8 log @Fix buildling on Mac OS X 10.7 @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.7 2011/04/28 07:27:25 adam Exp $ @ 1.7 log @Changes 2.2.0: * Several man-page updates * Several buildsystem fixes * Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier * Change the default --tmp-dir path to a more suitable path * Improve the mysprintf() issue in openvpnserv.c * Fixed bug in port-share that could cause port share process to crash * Fix the --client-cert-not-required feature @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.6 2010/11/30 08:50:17 adam Exp $ d16 10 @ 1.6 log @Changes 2.1.4: * Fix problem with special case route targets ('remote_host') The init_route() function will leave &netlist untouched for get_special_addr() routes ("remote_host" being one of them). netlist is on stack, contains random garbage, and netlist.len will not be 0 - thus, random stack data is copied from netlist.data[] until the route_list is full. @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 @@@@ -305,6 +305,10 @@@@ @ 1.5 log @Update net/openvpn to 2.1rc4. Changes from version 2.1rc2 include: * Fixed 64-bit portability bug in time_string function (Thomas Habets). * Clean up configure on FreeBSD for recent autotool versions that require that all .h files have to be compiled. Also, FreeBSD install does not support GNU long options which the Makefile in easy-rsa/2.0 uses (not checked the others as we don't install those on Gentoo) (Roy Marples). @ text @d3 1 a3 1 --- syshead.h.orig 2007-04-25 17:38:46.000000000 -0400 d5 1 a5 1 @@@@ -262,6 +262,10 @@@@ @ 1.4 log @Add support for NetBSD's cloning tap device to support "device tap" configurations. Changes supplied in PR pkg/32929 by Alan Barrett. Bump PKGREVISION to 1. @ text @d3 1 a3 1 --- syshead.h.orig 2005-12-08 15:57:49.000000000 -0500 d5 1 a5 1 @@@@ -254,6 +254,10 @@@@ @ 1.3 log @Update net/openvpn to 2.0.2. Changes from version 2.0.1 include: * Fixed bug in route.c in FreeBSD, Darwin, OpenBSD and NetBSD version of get_default_gateway. Allocated socket for route manipulation is never freed so number of mbufs continuously grow and exhaust system resources after a while (Jaroslav Klaus). * Fixed bug where "--proto tcp-server --mode p2p --management host port" would cause the management port to not respond until the OpenVPN peer connects. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.2 2005/08/17 19:55:57 jlam Exp $ d3 9 a11 15 --- easy-rsa/2.0/pkitool.orig 2005-07-15 14:38:14.000000000 -0400 +++ easy-rsa/2.0/pkitool @@@@ -1,4 +1,4 @@@@ -#!/bin/bash +#!/bin/sh # OpenVPN -- An application to securely tunnel IP networks # over a single TCP/UDP port, with support for SSL/TLS-based @@@@ -31,7 +31,10 @@@@ PROGNAME=pkitool VERSION=2.0 DEBUG=0 -function need_vars +GREP=grep +OPENSSL=openssl d13 3 a15 114 +need_vars() { echo ' Please edit the vars script to reflect your configuration,' echo ' then source it with "source ./vars".' @@@@ -40,7 +43,7 @@@@ function need_vars echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys." } -function usage +usage() { echo "$PROGNAME $VERSION" echo "Usage: $PROGNAME [options...] [common-name]" @@@@ -103,7 +106,7 @@@@ BATCH="-batch" CA="ca" # Process options -while [ "$1" ] && [ "${1:0:2}" = "--" ]; do +while [ $# -gt 0 ]; do case "$1" in --server ) REQ_EXT="$REQ_EXT -extensions server" CA_EXT="$CA_EXT -extensions server" ;; @@@@ -115,8 +118,9 @@@@ while [ "$1" ] && [ "${1:0:2}" = "--" ]; --csr ) DO_CA="0" ;; --sign ) DO_REQ="0" ;; --pkcs12 ) DO_P12="1" ;; - * ) echo "$PROGNAME: unknown option: $1" - exit 1 + --* ) echo "$PROGNAME: unknown option: $1" + exit 1 ;; + * ) break ;; esac shift done @@@@ -128,25 +132,25 @@@@ if [ $DO_P12 -eq 1 ]; then fi # If undefined, set default key expiration intervals -if [ -z $KEY_EXPIRE ]; then - export KEY_EXPIRE=3650 +if [ -z "$KEY_EXPIRE" ]; then + KEY_EXPIRE=3650 fi -if [ -z $CA_EXPIRE ]; then - export CA_EXPIRE=3650 +if [ -z "$CA_EXPIRE" ]; then + CA_EXPIRE=3650 fi # Set organizational unit to empty string if undefined if [ -z "$KEY_OU" ]; then - export KEY_OU="" + KEY_OU="" fi # Set KEY_CN if [ $DO_ROOT -eq 1 ]; then if [ -z "$KEY_CN" ]; then if [ "$1" ]; then - export KEY_CN="$1" + KEY_CN="$1" elif [ "$KEY_ORG" ]; then - export KEY_CN="$KEY_ORG CA" + KEY_CN="$KEY_ORG CA" fi fi if [ $BATCH ] && [ "$KEY_CN" ]; then @@@@ -159,9 +163,10 @@@@ else usage exit 1 else - export KEY_CN="$1" + KEY_CN="$1" fi fi +export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_CN # Show parameters (debugging) if [ $DEBUG -eq 1 ]; then @@@@ -186,7 +191,9 @@@@ if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" # Make sure $KEY_CONFIG points to the correct version # of openssl.cnf - if ! grep -Eqi 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" ; then + if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then + : + else echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" echo "version of openssl.cnf: $KEY_CONFIG" echo "The correct version should have a comment that says: easy-rsa version 2.x"; @@@@ -195,7 +202,7 @@@@ if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" # Build root CA if [ $DO_ROOT -eq 1 ]; then - openssl req $BATCH -days $CA_EXPIRE $NODES_REQ -new -x509 \ + $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -x509 \ -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ chmod 0600 "$CA.key" else @@@@ -209,11 +216,11 @@@@ if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" fi # Build cert/key - ( [ $DO_REQ -eq 0 ] || openssl req $BATCH -days $KEY_EXPIRE $NODES_REQ -new \ + ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new \ -keyout "$KEY_CN.key" -out "$KEY_CN.csr" $REQ_EXT -config "$KEY_CONFIG" ) && \ - ( [ $DO_CA -eq 0 ] || openssl ca $BATCH -days $KEY_EXPIRE -out "$KEY_CN.crt" \ + ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$KEY_CN.crt" \ -in "$KEY_CN.csr" $CA_EXT -config "$KEY_CONFIG" ) && \ - ( [ $DO_P12 -eq 0 ] || openssl pkcs12 -export -inkey "$KEY_CN.key" \ + ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$KEY_CN.key" \ -in "$KEY_CN.crt" -certfile "$CA.crt" -out "$KEY_CN.p12" $NODES_P12 ) && \ ( [ $DO_CA -eq 0 ] || chmod 0600 "$KEY_CN.key" ) && \ ( [ $DO_P12 -eq 0 ] || chmod 0600 "$KEY_CN.p12" ) @ 1.3.6.1 log @Pullup ticket 1364 - requested by jlam NetBSD tap(4) support for openvpn Revisions pulled up: - pkgsrc/net/openvpn/Makefile 1.17 - pkgsrc/net/openvpn/distinfo 1.8 - pkgsrc/net/openvpn/patches/patch-ab 1.4 - pkgsrc/net/openvpn/patches/patch-ac 1.3 - pkgsrc/net/openvpn/patches/patch-ad 1.1 - pkgsrc/net/openvpn/patches/patch-ae 1.1 - pkgsrc/net/openvpn/patches/patch-af 1.1 Module Name: pkgsrc Committed By: jlam Date: Tue Apr 11 20:09:52 UTC 2006 Modified Files: pkgsrc/net/openvpn: Makefile distinfo Added Files: pkgsrc/net/openvpn/patches: patch-ab patch-ac patch-ad patch-ae patch-af Log Message: Add support for NetBSD's cloning tap device to support "device tap" configurations. Changes supplied in PR pkg/32929 by Alan Barrett. Bump PKGREVISION to 1. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.4 2006/04/11 20:09:52 jlam Exp $ d3 15 a17 9 --- syshead.h.orig 2005-12-08 15:57:49.000000000 -0500 +++ syshead.h @@@@ -254,6 +254,10 @@@@ #ifdef TARGET_NETBSD +#ifdef HAVE_NET_IF_TAP_H +#include +#endif d19 114 a132 3 #ifdef HAVE_NET_IF_TUN_H #include #endif @ 1.2 log @Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Update openvpn to 1.6.0. While here port it properly so that the route statements in the configuration file work. Also add patches so that der Mouse's if_tap driver can be used. Changes since 1.5.0: 2004.05.09 -- Version 1.6.0 * Unchanged from 1.6-rc4 except for version number upgrade. 2004.04.01 -- Version 1.6-rc4 * Made minor customizations to devcon and renamed as tapinstall.exe for Windows version. * Fixed "storage size of `iv' isn't known" build problem on FreeBSD. * OpenSSL 0.9.7d bundled with Windows self-install. 2004.03.13 -- Version 1.6-rc3 * Minor Windows fixes for --ip-win32 dynamic, relating to the way the TAP-Win32 driver responds to a DHCP request from the Windows DHCP client. * The net_gateway environmental variable wasn't being set correctly for called scripts (Paul Zuber). * Added code to determine the default gateway on FreeBSD, allowing the --redirect-gateway option to work (Juan Rodriguez Hervella). 2004.03.04 -- Version 1.6-rc2 * Fixed bug in Windows version where the NetBIOS node-type DHCP option might have been passed even if it was not specified. * Fixed bug in Windows version introduced in 1.6-rc1, where DHCP timeout would be set to 0 seconds if --ifconfig option was used and --ip-win32 option was not explicitly specified. * Added some new --dhcp-option types for Windows version. 2004.03.02 -- Version 1.6-rc1 * For Windows, make "--ip-win32 dynamic" the default. * For Windows, make "--route-delay 10" the default unless --ip-win32 dynamic is not used or --route-delay is explicitly specified. * L_TLS mutex could have been left in a locked state for certain kinds of TLS errors. 2004.02.22 -- Version 1.6-beta7 * Allow scheduling priority increase (--nice) together with UID/GID downgrade (--user/--group). * Code that causes SIGUSR1 restart on TLS errors in TCP mode was not activated in pthread builds. * Save the certificate serial number in an environmental variable called tls_serial_{n} prior to calling the --tls-verify script. n is the current cert chain level. * Added NetBSD IPv6 tunnel capability (also requires a kernel patch) (Horst Laschinsky). * Fixed bug in checking the return value of the nice() function (Ian Pilcher). * Bug fix in new FreeBSD IPv6 over TUN code which was originally added in 1.6-beta5 (Nathanael Rensen). * More Socks5 fixes -- extended the struct frame infrastructure to accomodate proxy-based encapsulation overhead. * Added --dhcp-option to Windows version for setting adapter properties such as WINS & DNS servers. * Use a default route-delay of 5 seconds when --ip-win32 dynamic is specified (only applicable when --route-delay is not explicitly specified). * Added "log_append" registry variable to control whether the OpenVPN service wrapper on Windows opens log files in append (log_append="1") or truncate (log_append="0") mode. The default is truncate. 2004.02.05 -- Version 1.6-beta6 * UDP over Socks5 fix to accomodate Socks5 encapsulation overhead (Christof Meerwald). * Minor --ip-win32 dynamic tweaks (use long lease time, invalidate existing lease with DHCPNAK). 2004.02.01 -- Version 1.6-beta5 * Added Socks5 proxy support (Christof Meerwald). * IPv6 tun support for FreeBSD (Thomas Glanzmann). * Special TAP-Win32 debug mode for Windows self-install that was enabled in beta4 is now turned off. * Added some new Solaris notes to INSTALL (Koen Maris). * More work on --ip-win32 dynamic. 2004.01.27 -- Version 1.6-beta4 * For this beta, the Windows self-install is a debug version and will run slower -- use only for testing. * Reverted the --ip-win32 default back to 'ipapi' from 'dynamic'. * Added the offset parameter to '--ip-win32 dynamic' which can be used to control the address of the masqueraded DHCP server which replies to Windows DHCP requests. * Added a wait/nowait option to --inetd (nowait can only be used with TCP sockets, TLS authentication, and over a bridged configuration -- see FAQ for more info) (Stefan `Sec` Zehl). * Added a build-time capability where TAP-Win32 driver debug messages can be output by OpenVPN at --verb 6 or higher. 2004.01.20 -- Version 1.6-beta2 * Added ./configure --enable-iproute2 flag which uses iproute2 instead of route + ifconfig -- this is necessary for the LEAF Linux distro (Martin Hejl). * Added renewal-time and rebind-time to set of DHCP options returned by the TAP-Win32 driver when "--ip-win32 dynamic" is used. 2004.01.14 -- Version 1.6-beta1 * Fixed --proxy bug that sometimes caused plaintext control info generated by the proxy prior to http CONNECT method establishment to be incorrectly parsed as OpenVPN data. * For Windows version, implemented the "--ip-win32 dynamic" method and made it the default. This method sets the TAP-Win32 adapter IP address and netmask by replying to the kernel's DHCP queries. See the man page for more detailed info. * Added --connect-retry parameter which controls the time interval (in seconds) between connect() retries when --proto tcp-client is used. Previously, this value was hardcoded to 5 seconds, and still defaults as such. * --resolv-retry can now be used with a parameter of "infinite" to retry indefinitely. * Added SSL_CTX_use_certificate_chain_file() to ssl.c for support of multi-level certificate chains (Sten Kalenda). * Fixed --tls-auth incompatibility with 1.4.x and earlier versions of OpenVPN when the passphrase file is an OpenVPN static key file (as generated by --genkey). * Added shell-escape support in config files using the backslash character ("\") so that (for example) double quotes can be passed to the shell. * Added "contrib" subdirectory on tarball, source zip, and CVS containing user-submitted contributions. * Added an optional patch to the Redhat init script to allow the configuration file directory to be a multi-level directory hierarchy (Farkas Levente). See contrib/multilevel-init.patch * Added some scripts and documentation on using Linux "fwmark" iptables rules to enable fine-grained routing control over the VPN (Sean Reifschneider, ). See contrib/openvpn-fwmarkroute-1.00 @ text @d3 5 a7 5 --- syshead.h.orig Thu Apr 1 13:52:34 2004 +++ syshead.h Tue Feb 22 00:09:49 2005 @@@@ -247,6 +247,8 @@@@ #include #endif d9 9 a17 1 +#include d19 101 a119 1 #endif /* TARGET_NETBSD */ d121 12 a132 1 #ifdef WIN32 @