Date: Sat, 19 Oct 2002 01:26:46 +0200 (CEST) From: Matthias Andree <matthias.andree@web.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/44249: update port: security/openvpn Message-ID: <200210182326.g9INQkZt095465@libertas.emma.line.org>
next in thread | raw e-mail | index | archive | help
>Number: 44249
>Category: ports
>Synopsis: update port: security/openvpn
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 18 16:30:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 4.6-PRERELEASE i386
>Organization:
>Environment:
>Description:
This patch updates the openvpn port. It adds documentation to point towards
kldload for using the tap device.
Makefile | 3 +++
files/openvpn.sh.sample | 19 +++++++++++++++++++
pkg-message | 4 ++++
pkg-plist | 1 +
4 files changed, 27 insertions(+)
>How-To-Repeat:
>Fix:
diff -Nur /usr/ports/security/openvpn/Makefile /root/openvpn/Makefile
--- /usr/ports/security/openvpn/Makefile Thu Jul 11 18:51:06 2002
+++ /root/openvpn/Makefile Sat Oct 19 01:15:27 2002
@@ -7,6 +7,7 @@
PORTNAME= openvpn
PORTVERSION= 1.3.0
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -24,6 +25,8 @@
MAN8= openvpn.8
post-install:
+ ${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \
+ ${PREFIX}/etc/rc.d/openvpn.sh.sample
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \
diff -Nur /usr/ports/security/openvpn/files/openvpn.sh.sample /root/openvpn/files/openvpn.sh.sample
--- /usr/ports/security/openvpn/files/openvpn.sh.sample Thu Jan 1 01:00:00 1970
+++ /root/openvpn/files/openvpn.sh.sample Sat Oct 19 00:38:52 2002
@@ -0,0 +1,19 @@
+#! /bin/sh
+# (C) 2002 by Matthias Andree
+
+# This file may be redistributed according to the terms of the GNU General
+# Public License, version 2 (two).
+
+# To use this script, rename it to openvpn.sh and make sure it is
+# executable for the owner.
+
+# This file rouses a security warning at port install time. However, this
+# file itself does not start network services, but it loads a kernel driver.
+# The security of this file therefore depends on the security of kldload and
+# the if_tap driver.
+
+case x$1 in
+ xstart) echo -n ' if_tap' ; exec kldload if_tap ;;
+ xstop) echo -n ' if_tap' ; exec kldunload if_tap ;;
+ *) echo >&2 "Usage: $0 {start|stop}"
+esac
diff -Nur /usr/ports/security/openvpn/pkg-message /root/openvpn/pkg-message
--- /usr/ports/security/openvpn/pkg-message Thu Jul 11 18:51:06 2002
+++ /root/openvpn/pkg-message Sat Oct 19 01:16:58 2002
@@ -1,4 +1,8 @@
### ---------------------------------------------------------------------- ###
+### To use the tap driver, you may need to do: kldload if_tap ###
+### See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this ###
+### automatically at system boot-up time. ###
+### ---------------------------------------------------------------------- ###
### To retain backwards compatibility of OpenVPN 1.3.0 with OpenVPN peers ###
### that run older versions (back to 1.1.0), you will have to set the MTU ###
### explicitly by command line options since OpenVPN 1.3.0. ###
diff -Nur /usr/ports/security/openvpn/pkg-plist /root/openvpn/pkg-plist
--- /usr/ports/security/openvpn/pkg-plist Mon Jun 24 18:13:08 2002
+++ /root/openvpn/pkg-plist Sat Oct 19 00:33:03 2002
@@ -1,4 +1,5 @@
sbin/openvpn
+etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%share/doc/openvpn/AUTHORS
%%PORTDOCS%%share/doc/openvpn/COPYING
%%PORTDOCS%%share/doc/openvpn/COPYRIGHT.GPL
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210182326.g9INQkZt095465>