diff options
author | Dirkjan Ochtman <djc@gentoo.org> | 2015-02-08 16:23:10 +0000 |
---|---|---|
committer | Dirkjan Ochtman <djc@gentoo.org> | 2015-02-08 16:23:10 +0000 |
commit | 3233b6df08e4eafd81beff0968af1b45b0354edc (patch) | |
tree | 61a104994c11c4434118f8cc19ccb36f71f522cd /net-misc | |
parent | Fix build with gcc 4.9, patch by Bernd Feige in bug #526118 (diff) | |
download | historical-3233b6df08e4eafd81beff0968af1b45b0354edc.tar.gz historical-3233b6df08e4eafd81beff0968af1b45b0354edc.tar.bz2 historical-3233b6df08e4eafd81beff0968af1b45b0354edc.zip |
Fix support for null ciphers (bug 531700; thanks to gentoo@nephros.org)
Package-Manager: portage-2.2.15/cvs/Linux x86_64
Manifest-Sign-Key: 0x30380381
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/openvpn/ChangeLog | 8 | ||||
-rw-r--r-- | net-misc/openvpn/Manifest | 30 | ||||
-rw-r--r-- | net-misc/openvpn/files/2.3.6-null-cipher.patch | 46 | ||||
-rw-r--r-- | net-misc/openvpn/openvpn-2.3.6-r1.ebuild | 135 |
4 files changed, 204 insertions, 15 deletions
diff --git a/net-misc/openvpn/ChangeLog b/net-misc/openvpn/ChangeLog index 23ee53878d4c..9c51725f988d 100644 --- a/net-misc/openvpn/ChangeLog +++ b/net-misc/openvpn/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-misc/openvpn # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/ChangeLog,v 1.318 2015/01/18 12:39:12 djc Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/ChangeLog,v 1.319 2015/02/08 16:22:58 djc Exp $ + +*openvpn-2.3.6-r1 (08 Feb 2015) + + 08 Feb 2015; Dirkjan Ochtman <djc@gentoo.org> +files/2.3.6-null-cipher.patch, + +openvpn-2.3.6-r1.ebuild: + Fix support for null ciphers (bug 531700; thanks to gentoo@nephros.org) 18 Jan 2015; Dirkjan Ochtman <djc@gentoo.org> openvpn-2.3.6.ebuild: Fix minimum version of libpkcs11-helper dependency (fixes bug 536332) diff --git a/net-misc/openvpn/Manifest b/net-misc/openvpn/Manifest index d29d780d80ca..d2e7566894e3 100644 --- a/net-misc/openvpn/Manifest +++ b/net-misc/openvpn/Manifest @@ -1,6 +1,7 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 +AUX 2.3.6-null-cipher.patch 1531 SHA256 a3f8ac3630c9887d18d21e0ac9781d615cf8dff277c070306b36c5d0faa8a1ac SHA512 0aa288af3c0b43977bf84b099ea28dbf7ab9a1096d76e8f706989570984c70a4c298430eac35b0c80eab8bc05e6072d965c20a9e3689e7448e759abb92c93fb2 WHIRLPOOL cbefb2a1b6d63373890a76d3a6153335f8d05b07e4546893e7a8871c653d39f06941615181308fbf41a07cf702b2a730dfacc6a01840efdbfbeaf301a58362bb AUX 65openvpn 45 SHA256 d5758e39fdc75dcbb5a788b1afa743c3c1f08c63c535aa32c300b965474d765c SHA512 713345092b60d1322d3fa96fd72d69ed82dbfee5031a675114bc60acfdacaf0811f6bf4530cf937ca5a86b3f2665b28951b9087ec91c2c0faf75bdaf1e25bdbb WHIRLPOOL 534e7dcf2ac953e9ec5de05810022471cb26a16806cd036f25d02550e20f8aaa91410bd005bc7a5e4a549d8a40d01ae317be1d1e1e25d91ed989bbbea7ede9d2 AUX down.sh 943 SHA256 39debebcd8c899f20e6d355cbc8eaab46e28b83a9f6c33a94c065688a4f3d2c7 SHA512 5defd61edf11cc63f3f8f60bef7fa730c4bcdd2545d664bd94666dd3aea80bd9d190263d8835a555e4287a594f6fce0f52426aed49c60233ff637a2a6164a997 WHIRLPOOL c66fd1e016656fe83d7f55b77bf232058397f9cd3054abe13ec006c227afe6746ee4ada310ff43761ec95510f736b8e542f136711d648642eecafe055975c57e AUX openvpn-2.1.conf 892 SHA256 330149a83684ddabe413d134d4c8efad4c88b18c2ab67165014deff5f7fffad2 SHA512 982ade883afbe2e656a9cbbe36c31c0e8b4f7bbbe5b63df9f7b834f02a9153032fb7445c85d3e91f62c68a7ddd13c3afbf420fb71cdd13d9c4b69f867bdd9f37 WHIRLPOOL 6ef644826e1e9e2a100e0fa20b5c9190e92c9e08a366dee28dccf3f70fa0593f3c4d271e42db3920630f03704aa2aef8e84d9efbb2b4b6a0d08e74bb340fb0a5 @@ -10,24 +11,25 @@ AUX openvpn.service 335 SHA256 a63a6e1505f2b3e20f2c82588dd0c23da9d8c750e1f36fec2 AUX openvpn.tmpfile 39 SHA256 ef3453056a26487d27908d5ced124285403d8e88deb843fccdba9f6724966826 SHA512 659713b35eee340f2b6578796f4335dda391aa635892e802e3f2531f31c9470460b4e4b3be45457f81f3b08b7d60ce15d16f8d70b968fbf24f846ef5f8611a58 WHIRLPOOL 19e4611ffda68a99851921ccaf3a99d04350cd3e0d8833136da151119c267edc383ff96162aa47a2f77171ae908ad011e4119a7a18961ed0bddcbf38d997b976 AUX up.sh 2865 SHA256 d887ee065261affd849227fa27e092cf66549d824a698f302312d15f787dd840 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd WHIRLPOOL 8d25a66d192a6710466d149aec7a1719dfe91558205e8ba7e25b93e58869c8fedc96ba4ce2aedb0595b7e0b63299e6e41be1ba82c6b93ae6bbbb26d409c9bf51 DIST openvpn-2.3.6.tar.gz 1213272 SHA256 7baed2ff39c12e1a1a289ec0b46fcc49ff094ca58b8d8d5f29b36ac649ee5b26 SHA512 70e0045ea41f6588769ab8b98d8f550b69148adbf7fedcdc36900e25950df43379950492652e243ec6e7965bf9c7dcc86a56ba5dfdc44523aaa81cfc508b1c6e WHIRLPOOL 737f2d1d69ee1c7700d5cd5a4e7d5d1b2f55d8b2229f7c2565fcb8c731ebb719ec8d6bad3b76f763f36e5c70c6e40a666db3508f3024f8e4637c0659061dba48 +EBUILD openvpn-2.3.6-r1.ebuild 4429 SHA256 8376903ad88ae5c4aa61179efe59144958cd27d1033133746e43e2530babbf7b SHA512 368d1783174fa4f0671274b1c07884b55168a816d7a5e5846f03e9b538e9757f1e1ecca64bbe617298dd0166557e5713ce1fda5847b25ea211030f6337283ec0 WHIRLPOOL a9b622e8c5efe803cb9c300995e6cfc20c419b83254918c77b7845b1d6ec71d1859d1e3f62f0b45792a6b67dbdb7af9069812b5170fcb9e436206212834134cc EBUILD openvpn-2.3.6.ebuild 4365 SHA256 c13508cb6b5d0c76f5de76e7a3945228695e320df8ea749c6afe471b8be1c785 SHA512 bbe059c39900a088020a960ce35d283efddde99efd635b2a3810c44525a9213b3205dc9b1637bad37a8c88a559f08de8d2c395c0cb2b7af0ac42d47590a29a64 WHIRLPOOL fd42f4b05922ebcf385e951b6e3c0317f4493b9e5badd55839de9f5576b5ab6e0fb8e9a9e2e8e9127e02dff4b2b718912a5a4eb0edc9b1ba06ba231fce1408d4 EBUILD openvpn-9999.ebuild 3941 SHA256 ef975ee9157e25b16aa4c59144b1fc0814c67def458a71e5166c70e7c41e5081 SHA512 7030ee666c7372b86a198f3780797a4253baed6e61e4bbb3f1bb166b95268b4ee00992c770c689ab6bb9326eb2d66a6c52cec65739e887ef39e6da1da6ce49b6 WHIRLPOOL 174bee3dc113263b7ebc24048613cc3039cd49f52cee4c9eff55d80d9436cead408d3c09cb6dad1318a4812fb00f7eb22b286f329499346240db2f38a066b2ff -MISC ChangeLog 44229 SHA256 b267623cb0bc4e9956d27a4f060b75f0ee483737ff46b8fa9597c9e7b64bbf82 SHA512 802144bca46822c960d787e7af9966ca7e326965073e1f7bbea89ffd2f8dfe3ae92d0cfaf165060602f6a125c84a34a368035f91ca9d5d4fe8c60b92c8c5f617 WHIRLPOOL 2e4f4c9673636852c3dd44e58ad818e5be65b761dbc9c40d6777a43600bf0c3576ed48b3c91bcda21ccadd4522cac832f5e340c423abbe4a66dd32f088ebe611 +MISC ChangeLog 44445 SHA256 7cd9d4fd18aa77031f8efd9426bae181fe60f4d24b3a44d99badeea4f0705428 SHA512 de78cd48691778ce99c5d388d4100e18cee3b96ff684f005c0065ea784149e32db12a9d38257d3d4206a4ba734a884eaa3ad1d02d98f2d3f45213c9c38fcc119 WHIRLPOOL e51c47f8b2d2d2dd222223e83aef63c9a6bf57b316b645b8527df478863e5b1e8cf506185da6979a94e30942c0b6ef64ffd57f9a1a6544748717b1f3811c9a37 MISC metadata.xml 937 SHA256 3dfcc28012f2c92f044882c39d56b6ef82bb80749ce688b75d526cc6c8836dd3 SHA512 ad3f218ccc64249fda19d87fe79494280eb880841f2d1e69757e7093e62b446f273fecd074ccac02c28894924b02d6a9c9fbbc1bd12ab13493f7f77e50e5b1ce WHIRLPOOL 65bf683e35f44c306c9ed3297cd954eb490f658f97a2d03af2cba0484030b1eccdf401fdc867a5c35a602bd67bf7052d555c2a48b7bebb4469158e26a530a742 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iQIcBAEBCAAGBQJUu6pLAAoJEJ+WuSkwOAOBUYkQAMy39lGej/KtzEnOLf9/R/LX -ozUF/3lT2+AxIB5UL+2xqanRcAiAR1jIDboZc8V32MOBf+vXXRNDIjWHrshOwG8P -wrwP9Jr+FbRxJEM93lk1kYFDUuSYpt4ITChL5vP8nmAlo1suExeDcyMlkDT3Nsc/ -XsmO8Scczbfj2DYTaV7eQPNXVE+vONZbH8pI1dVXtc8eJXpyKwN3mI+ThiPWeVH1 -aY7EY6K8gQYIBtrFPb521PQkcQ50CJds/VwZUTN2kMrDm9sxfdhKDvmXwsfHJJ8O -OxSgvehAyZOvymt3SJ/9PhwuFMaoaevzgPTABCeLW4BudK/p3UQz8uhAorChPQQL -II6cUapmjfLJQWBMbzidQLg3CJZ9z1S8ZwRUBfvcK2FoGyugbJ2ixjoeOoMM0jWj -O35WNwFn6chgbg2gKq/K2LHWe5FozTMJuzod4qP37eYLJe3C9rR5GXxWrlTwrrg/ -BOX6HVoap49gq05Q6QtLsK/RjnxFutqhLKP//TN+WB64aNJMIAc9vKsgVlcQcy3d -yoG72nD7D2uA6vmBj0//RaIzqq1pNy+7qjRUgRUHBUUsl6xouFHSJNiDhAMynCuf -09G2KSEtYopeC+g4+aGm5MiCH+vnXaF2y/cT++rLgOD3eGAB+gmJuxilXgum767U -RFoZjCOt91I7Hx8YmuN7 -=yxu0 +iQIcBAEBCAAGBQJU141uAAoJEJ+WuSkwOAOB97sQAMG7kPuX9b+tWwn0PxyDifGk +bPiBc1xPUpkXakK9XIh3b3j9nXoDT6QuMJ+CvKthnpQTquoO4sujm8bmm1Nda1EL +JJ3h1RZVDZVtcWw1FqI+sZoj7U4nqNOA+6OmP5T12yI5AAaNI8tZU1KTtz0nsKGe +ACEKDxB5Rs2u+As0jH/Y96+DV2E8pcowegpXkTxeTObrLY19Qj/+L0PuVoelWr5H +5FmM2GNO836APpnf2f0/n3mR9XAQZjL2LR4Jbo3MQ79m2BHTkKMiBf30U4pNNoVT +RLFc/+Bx3j9rAeRESmssij3JF6cdn3ZZ82FzuLz0/foOp7u2vxZU1XNHJdcVYxHn +cT0axRNHfuOqkCobNmMcWoc70tsnxD7M8FcGkGssAJNN3UBYPKxjTu98kmVd4BzO +sVv4VS/V43syeULlPepzBeXvzzVv6mtLNjozIehCJLaEF7lJiCehMLMEfvIuZlex +ohuxK0ktbPaKqAT7mu9pRBz/VR0bd+EysPrv7hqFLglmWNmeFwNX68UIT/DtqeP5 +aFvMDm9HCuTt5YomOr2sHACLZmCiH8tckcDA4/KwTteoJVKZaJPGA4cctR/4gq/A +7Nv1e0XKFh7pnykD52ekQ4eU5xq11XPaBjAdau5GzJLCDh0LI+Cvag/WCK49VC88 +5+ixs1B/7cqFfNiWo55g +=sXcV -----END PGP SIGNATURE----- diff --git a/net-misc/openvpn/files/2.3.6-null-cipher.patch b/net-misc/openvpn/files/2.3.6-null-cipher.patch new file mode 100644 index 000000000000..1e831cfa213a --- /dev/null +++ b/net-misc/openvpn/files/2.3.6-null-cipher.patch @@ -0,0 +1,46 @@ +The "really fix cipher none" patch has been merged to release/2.3 and master: + +commit 785838614afc20d362b64907b0212e9a779e2287 (release/2.3) +commit 98156e90e1e83133a6a6a020db8e7333ada6156b (master) + +diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h +index 8749878..4e45df0 100644 +--- a/src/openvpn/crypto_backend.h ++++ b/src/openvpn/crypto_backend.h +@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt); + * + * @return true iff the cipher is a CBC mode cipher. + */ +-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) +- __attribute__((nonnull)); ++bool cipher_kt_mode_cbc(const cipher_kt_t *cipher); + + /** + * Check if the supplied cipher is a supported OFB or CFB mode cipher. +@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) + * + * @return true iff the cipher is a OFB or CFB mode cipher. + */ +-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) +- __attribute__((nonnull)); ++bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher); + + + /** +diff --git a/tests/t_lpback.sh b/tests/t_lpback.sh +index 8f88ad9..d7792cd 100755 +--- a/tests/t_lpback.sh ++++ b/tests/t_lpback.sh +@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \ + # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) + CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) + ++# Also test cipher 'none' ++CIPHERS=${CIPHERS}$(printf "\nnone") ++ + "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ + set +e + +-- +1.9.1 + diff --git a/net-misc/openvpn/openvpn-2.3.6-r1.ebuild b/net-misc/openvpn/openvpn-2.3.6-r1.ebuild new file mode 100644 index 000000000000..e4555cfe2d6a --- /dev/null +++ b/net-misc/openvpn/openvpn-2.3.6-r1.ebuild @@ -0,0 +1,135 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/openvpn-2.3.6-r1.ebuild,v 1.1 2015/02/08 16:22:58 djc Exp $ + +EAPI=4 + +inherit multilib autotools flag-o-matic user systemd + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux" +IUSE="examples down-root iproute2 pam passwordsave pkcs11 +plugins +polarssl selinux +ssl systemd +lzo static userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + polarssl? ( ssl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root )" + +DEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !polarssl? ( >=dev-libs/openssl-0.9.7 ) polarssl? ( >=net-libs/polarssl-1.2.10 ) + ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-openvpn ) +" + +src_prepare() { + # Set correct pass to systemd-ask-password binary + sed -i "s:\(/bin/systemd-ask-password\):/usr\1:" ./src/openvpn/console.c || die + epatch "${FILESDIR}/2.3.6-null-cipher.patch" || die + eautoreconf +} + +src_configure() { + use static && LDFLAGS="${LDFLAGS} -Xcompiler -static" + local myconf + echo "DROPPY" + use polarssl && echo "FLOZZY" + use polarssl && myconf="--with-crypto-library=polarssl" + econf \ + ${myconf} \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ + $(use_enable passwordsave password-save) \ + $(use_enable ssl) \ + $(use_enable ssl crypto) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable systemd) +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi + + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf + systemd_newunit "${FILESDIR}"/${PN}.service 'openvpn@.service' +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" + fi + + einfo "" + einfo "OpenVPN 2.3.x no longer includes the easy-rsa suite of utilities." + einfo "They can now be emerged via app-crypt/easy-rsa." +} |