From owner-freebsd-ports Thu Oct 24 7:40: 7 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A082337B401 for ; Thu, 24 Oct 2002 07:40:03 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E113143E6E for ; Thu, 24 Oct 2002 07:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9OEe1x3078292 for ; Thu, 24 Oct 2002 07:40:01 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9OEe1Kh078291; Thu, 24 Oct 2002 07:40:01 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F4FF37B401 for ; Thu, 24 Oct 2002 07:32:17 -0700 (PDT) Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.E-Technik.Uni-Dortmund.DE [129.217.163.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E76A43E65 for ; Thu, 24 Oct 2002 07:32:16 -0700 (PDT) (envelope-from matthias.andree@web.de) Received: from m2a2.myip.org (krusty.dt.e-technik.uni-dortmund.de [129.217.163.1]) by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id 77664A3831 for ; Thu, 24 Oct 2002 16:32:10 +0200 (CEST) Received: from libertas.emma.line.org (libertas.emma.line.org [192.168.0.2]) by merlin.emma.line.org (Postfix) with ESMTP id 4ED295E3A6 for ; Thu, 24 Oct 2002 16:32:07 +0200 (CEST) Received: from libertas.emma.line.org (localhost [127.0.0.1]) by libertas.emma.line.org (8.12.6/8.12.6) with ESMTP id g9OEW6EO005344; Thu, 24 Oct 2002 16:32:06 +0200 (CEST) (envelope-from emma@libertas.emma.line.org) Received: (from emma@localhost) by libertas.emma.line.org (8.12.6/8.12.6/Submit) id g9OEW5Za005343; Thu, 24 Oct 2002 16:32:05 +0200 (CEST) Message-Id: <200210241432.g9OEW5Za005343@libertas.emma.line.org> Date: Thu, 24 Oct 2002 16:32:05 +0200 (CEST) From: Matthias Andree Reply-To: Matthias Andree To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/44436: maintainer update port: security/openvpn -> 1.3.2 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44436 >Category: ports >Synopsis: maintainer update port: security/openvpn -> 1.3.2 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Oct 24 07:40:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 4.7-STABLE i386 >Organization: >Environment: System: FreeBSD libertas.emma.line.org 4.7-STABLE FreeBSD 4.7-STABLE #0: Mon Oct 21 14:00:57 CEST 2002 toor@libertas.emma.line.org:/usr/obj/usr/src/sys/LIBERTAS i386 >Description: This PR obsoletes PR #ports/44249. This PR updates the security/openvpn port to version 1.3.2, now supporting [x]inetd start. The patch below also adds an init script to help less clueful users getting tap(4) tunnels to work. >How-To-Repeat: >Fix: Apply this patch. diff -Nur /usr/ports/security/openvpn/Makefile openvpn/Makefile --- /usr/ports/security/openvpn/Makefile Thu Jul 11 18:51:06 2002 +++ openvpn/Makefile Thu Oct 24 16:22:04 2002 @@ -6,7 +6,7 @@ # PORTNAME= openvpn -PORTVERSION= 1.3.0 +PORTVERSION= 1.3.2 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -24,6 +24,8 @@ MAN8= openvpn.8 post-install: + ${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \ + ${PREFIX}/etc/rc.d/openvpn.sh.sample .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \ diff -Nur /usr/ports/security/openvpn/distinfo openvpn/distinfo --- /usr/ports/security/openvpn/distinfo Thu Jul 11 18:51:06 2002 +++ openvpn/distinfo Thu Oct 24 16:22:14 2002 @@ -1 +1 @@ -MD5 (openvpn-1.3.0.tar.gz) = f82482f0ec8d9091876bd86133a8ff2f +MD5 (openvpn-1.3.2.tar.gz) = 57f5f92730566401797943561f7cae6e diff -Nur /usr/ports/security/openvpn/files/openvpn.sh.sample openvpn/files/openvpn.sh.sample --- /usr/ports/security/openvpn/files/openvpn.sh.sample Thu Jan 1 01:00:00 1970 +++ openvpn/files/openvpn.sh.sample Sat Oct 19 00:38:52 2002 @@ -0,0 +1,19 @@ +#! /bin/sh +# (C) 2002 by Matthias Andree + +# This file may be redistributed according to the terms of the GNU General +# Public License, version 2 (two). + +# To use this script, rename it to openvpn.sh and make sure it is +# executable for the owner. + +# This file rouses a security warning at port install time. However, this +# file itself does not start network services, but it loads a kernel driver. +# The security of this file therefore depends on the security of kldload and +# the if_tap driver. + +case x$1 in + xstart) echo -n ' if_tap' ; exec kldload if_tap ;; + xstop) echo -n ' if_tap' ; exec kldunload if_tap ;; + *) echo >&2 "Usage: $0 {start|stop}" +esac diff -Nur /usr/ports/security/openvpn/pkg-message openvpn/pkg-message --- /usr/ports/security/openvpn/pkg-message Thu Jul 11 18:51:06 2002 +++ openvpn/pkg-message Sat Oct 19 01:16:58 2002 @@ -1,4 +1,8 @@ ### ---------------------------------------------------------------------- ### +### To use the tap driver, you may need to do: kldload if_tap ### +### See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this ### +### automatically at system boot-up time. ### +### ---------------------------------------------------------------------- ### ### To retain backwards compatibility of OpenVPN 1.3.0 with OpenVPN peers ### ### that run older versions (back to 1.1.0), you will have to set the MTU ### ### explicitly by command line options since OpenVPN 1.3.0. ### diff -Nur /usr/ports/security/openvpn/pkg-plist openvpn/pkg-plist --- /usr/ports/security/openvpn/pkg-plist Mon Jun 24 18:13:08 2002 +++ openvpn/pkg-plist Thu Oct 24 16:27:19 2002 @@ -1,4 +1,5 @@ sbin/openvpn +etc/rc.d/openvpn.sh.sample %%PORTDOCS%%share/doc/openvpn/AUTHORS %%PORTDOCS%%share/doc/openvpn/COPYING %%PORTDOCS%%share/doc/openvpn/COPYRIGHT.GPL @@ -10,6 +11,7 @@ %%PORTDOCS%%share/doc/openvpn/easy-rsa/README %%PORTDOCS%%share/doc/openvpn/easy-rsa/build-ca %%PORTDOCS%%share/doc/openvpn/easy-rsa/build-dh +%%PORTDOCS%%share/doc/openvpn/easy-rsa/build-inter %%PORTDOCS%%share/doc/openvpn/easy-rsa/build-key %%PORTDOCS%%share/doc/openvpn/easy-rsa/build-key-pass %%PORTDOCS%%share/doc/openvpn/easy-rsa/build-req @@ -28,6 +30,8 @@ %%PORTDOCS%%share/doc/openvpn/sample-config-files/static-office.conf %%PORTDOCS%%share/doc/openvpn/sample-config-files/tls-home.conf %%PORTDOCS%%share/doc/openvpn/sample-config-files/tls-office.conf +%%PORTDOCS%%share/doc/openvpn/sample-config-files/xinetd-client-config +%%PORTDOCS%%share/doc/openvpn/sample-config-files/xinetd-server-config %%PORTDOCS%%share/doc/openvpn/sample-scripts/openvpn.init %%PORTDOCS%%share/doc/openvpn/sample-scripts/verify-cn %%PORTDOCS%%@dirrm share/doc/openvpn/sample-scripts >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message