ports/88785: [MAINTAINER] security/openvpn: minor polishing, fix jail builds

Matthias Andree matthias.andree at gmx.de
Thu Nov 10 11:20:13 UTC 2005


>Number:         88785
>Category:       ports
>Synopsis:       [MAINTAINER] security/openvpn: minor polishing, fix jail builds
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 10 11:20:11 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 6.0-RELEASE i386
>Organization:
>Environment:
System: FreeBSD libertas.emma.line.org 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Mon Nov  7 16:10:51 CET
>Description:
- CATEGORY CHANGE: add "net" secondary category
- fix jail build on FreeBSD 4 (no security.jail.jailed oid in sysctl)
- catch jail IP misconfiguration and print clear error message
- add SHA256 checksum
- revise pkg-message and pkg-descr

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- openvpn-2.0.5_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile
--- /usr/ports/security/openvpn/Makefile	Mon Nov  7 09:09:02 2005
+++ /usr/home/emma/ports/security/openvpn/Makefile	Thu Nov 10 12:08:16 2005
@@ -8,7 +8,9 @@
 PORTNAME=	openvpn
 PORTVERSION=	2.0.5
 PORTREVISION=	1
-CATEGORIES=	security
+CATEGORIES=	security net
+# MASTER_SITES points to hosts in distinct data centers,
+# so just one MASTER_SITES entry should be OK.
 MASTER_SITES=	http://openvpn.net/release/
 
 MAINTAINER=	matthias.andree at gmx.de
diff -ruN --exclude=CVS /usr/ports/security/openvpn/distinfo /usr/home/emma/ports/security/openvpn/distinfo
--- /usr/ports/security/openvpn/distinfo	Fri Nov  4 11:43:09 2005
+++ /usr/home/emma/ports/security/openvpn/distinfo	Thu Nov 10 11:11:50 2005
@@ -1,2 +1,3 @@
 MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b
+SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f
 SIZE (openvpn-2.0.5.tar.gz) = 662647
diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/patch-tests-for-jail /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail
--- /usr/ports/security/openvpn/files/patch-tests-for-jail	Sat Nov  5 02:24:15 2005
+++ /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail	Thu Nov 10 12:00:29 2005
@@ -1,7 +1,5 @@
-Index: t_lpback.sh
-===================================================================
---- t_lpback.sh	(revision 774)
-+++ t_lpback.sh	(working copy)
+--- t_lpback.sh~
++++ t_lpback.sh
 @@ -19,11 +19,13 @@
  # 02110-1301, USA.
  
@@ -18,15 +16,12 @@
 +rm key.$$ log.$$
 +trap 0
  exit $e
-Index: t_cltsrv.sh
-===================================================================
---- t_cltsrv.sh	(revision 774)
-+++ t_cltsrv.sh	(working copy)
-@@ -20,19 +20,33 @@
+--- t_cltsrv.sh~
++++ t_cltsrv.sh
+@@ -19,20 +19,41 @@
+ # 02110-1301, USA.
  
  set -e
- echo "the following test will run about two minutes..." >&2
--trap "rm -f log.$$ ; false" 1 2 3 15
 +trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
 +trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
 +addopts=
@@ -34,11 +29,20 @@
 +    FreeBSD)
 +    # FreeBSD jails map the outgoing IP to the jail IP - we need to
 +    # allow the real IP unless we want the test to run forever.
-+    if test `sysctl -n security.jail.jailed` != 0 ; then
++    if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \
++    || `ps -ostate $$ | tail -n1 | grep >/dev/null J` ; then
 +	addopts="--float"
++	if test "x`ifconfig | grep inet`" = x ; then
++	    echo "###"
++	    echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP."
++	    echo "###"
++	    exit 1
++	fi
 +    fi
 +    ;;
 +esac
+ echo "the following test will run about two minutes..." >&2
+-trap "rm -f log.$$ ; false" 1 2 3 15
  set +e
  (
 -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/pkg-message.in /usr/home/emma/ports/security/openvpn/files/pkg-message.in
--- /usr/ports/security/openvpn/files/pkg-message.in	Fri Aug 19 20:48:34 2005
+++ /usr/home/emma/ports/security/openvpn/files/pkg-message.in	Wed Nov  9 22:23:04 2005
@@ -1,9 +1,9 @@
 ### ------------------------------------------------------------------------
-###  The OpenVPN port, since v2.0.1, uses rcNG to start OpenVPN.
+###  The OpenVPN FreeBSD port, since v2.0.1, uses rcNG to start OpenVPN.
 ###  Edit /etc/rc.conf to start OpenVPN automatically at system startup.
 ###  See %%PREFIX%%/etc/rc.d/openvpn.sh for details.
 ### ------------------------------------------------------------------------
-###  To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to
+###  To get OpenVPN 1.X to talk with the new 2.0 version, you may need to
 ###  edit the 1.X configuration file by adding these lines:
 ###    tun-mtu 1500
 ###    tun-mtu-extra 32
@@ -13,6 +13,8 @@
 ###  WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194!
 ###  OpenVPN 1.6 and older used 5000 rather than 1194 as their default
 ###  port, so add the proper port options to your configuration file!
-### ------------------------------------------------------------------------
+### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 ###  For further compatibility, see <http://openvpn.net/relnotes.html>
+### ------------------------------------------------------------------------
+###  If you want to donate to OpenVPN: <http://openvpn.net/donate.html>
 ### ------------------------------------------------------------------------
diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-descr /usr/home/emma/ports/security/openvpn/pkg-descr
--- /usr/ports/security/openvpn/pkg-descr	Mon May 30 13:27:16 2005
+++ /usr/home/emma/ports/security/openvpn/pkg-descr	Wed Nov  9 21:02:39 2005
@@ -1,10 +1,10 @@
-OpenVPN is a robust and highly configurable VPN (Virtual Private
-Network) daemon which can be used to securely link two or more private
-networks using an encrypted tunnel over the internet. It uses UDP as its
-transport, avoiding TCP-over-TCP retransmission congestion. SSL can be
-used to authenticate the sites, or they can use a pre-shared secret.
+OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private
+Network) daemon which can be used to securely link two or more private networks
+using an encrypted tunnel over the internet. It can operate over UDP or TCP,
+can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
+server can handle many clients.
 
-WWW: http://openvpn.sourceforge.net/
+WWW: http://openvpn.net/
 
 - Matthias Andree
 matthias.andree at gmx.de
--- openvpn-2.0.5_1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list