From f32d860b39ad625dd95d89f67be01a29743fcb04 Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Tue, 25 Jun 2024 16:55:54 +0800 Subject: openvpn: upgrade 2.6.10 -> 2.6.11 0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch refreshed for 2.6.11 Changelog: ============= - Implement server_poll_timeout for socks - Use snprintf instead of sprintf for get_ssl_library_version - Add bracket in fingerprint message and do not warn about missing verification - Replace macos11 with macos14 in github runners - Only run coverity scan in OpenVPN/OpenVPN repository - Workaround issue in LibreSSL crashing when enumerating digests/ciphers - Properly handle null bytes and invalid characters in control messages - Allow to set ifmode for existing DCO interfaces in FreeBSD - samples: Update sample configurations - documentation: make section levels consistent - phase2_tcp_server: fix Coverity issue 'Dereference after null check' - script-options.rst: Update ifconfig_* variables - LZO: do not use lzoutils.h macros - Remove "experimental" denotation for --fast-io - Implement Windows CA template match for Crypto-API selector - misc.c: remove unused code - interactive.c: Improve access control for gui<->service pipe - Only schedule_exit() once Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --- ...c-eliminate-build-path-from-openvpn-versi.patch | 9 +-- .../recipes-support/openvpn/openvpn_2.6.10.bb | 76 ---------------------- .../recipes-support/openvpn/openvpn_2.6.11.bb | 76 ++++++++++++++++++++++ 3 files changed, 79 insertions(+), 82 deletions(-) delete mode 100644 meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb create mode 100644 meta-networking/recipes-support/openvpn/openvpn_2.6.11.bb (limited to 'meta-networking') diff --git a/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch b/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch index 03b454d625..7c6ad20a42 100644 --- a/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch +++ b/meta-networking/recipes-support/openvpn/openvpn/0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch @@ -1,4 +1,4 @@ -From ea179d83b0aa62719d90748cd1fb260f40055f15 Mon Sep 17 00:00:00 2001 +From a4d4ca981433705057c73086a6f1b4ebe07e614c Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Mon, 13 Jun 2022 22:44:28 +0800 Subject: [PATCH] configure.ac: eliminate build path from openvpn --version @@ -31,10 +31,10 @@ Signed-off-by: Yi Zhao 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 2f5f6bc..eddcbc5 100644 +index f56d0cc..27ca06e 100644 --- a/configure.ac +++ b/configure.ac -@@ -1377,7 +1377,7 @@ if test "${enable_async_push}" = "yes"; then +@@ -1447,7 +1447,7 @@ if test "${enable_async_push}" = "yes"; then esac fi @@ -43,6 +43,3 @@ index 2f5f6bc..eddcbc5 100644 AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings]) TAP_WIN_COMPONENT_ID="PRODUCT_TAP_WIN_COMPONENT_ID" --- -2.25.1 - diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb b/meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb deleted file mode 100644 index ba53d40f47..0000000000 --- a/meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb +++ /dev/null @@ -1,76 +0,0 @@ -SUMMARY = "A full-featured SSL VPN solution via tun device." -HOMEPAGE = "https://openvpn.net/" -SECTION = "net" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=89196bacc47ed37a5b242a535661a049" -DEPENDS = "lzo lz4 openssl iproute2 libcap-ng ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" - -inherit autotools systemd update-rc.d pkgconfig - -SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ - file://0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch \ - file://openvpn \ - " - -UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" - -SRC_URI[sha256sum] = "1993bbb7b9edb430626eaa24573f881fd3df642f427fcb824b1aed1fca1bcc9b" - -CVE_STATUS[CVE-2020-27569] = "not-applicable-config: Applies only Aviatrix OpenVPN client, not openvpn" - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME:${PN} = "openvpn" -INITSCRIPT_PARAMS:${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ." - -CFLAGS += "-fno-inline" - -# I want openvpn to be able to read password from file (hrw) -EXTRA_OECONF += "--enable-iproute2" -EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}" - -# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host. -EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip" - -EXTRA_OECONF += "SYSTEMD_UNIT_DIR=${systemd_system_unitdir} \ - TMPFILES_DIR=${nonarch_libdir}/tmpfiles.d \ - " - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ - ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ - " - -PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd" -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" - -do_install:append() { - install -d ${D}/${sysconfdir}/init.d - install -m 755 ${UNPACKDIR}/openvpn ${D}/${sysconfdir}/init.d - - install -d ${D}/${sysconfdir}/openvpn - install -d ${D}/${sysconfdir}/openvpn/server - install -d ${D}/${sysconfdir}/openvpn/client - - install -d ${D}/${sysconfdir}/openvpn/sample - install -m 644 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf - install -m 644 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf - install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-config-files - install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys - install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-scripts - install -m 644 ${S}/sample/sample-config-files/* ${D}${sysconfdir}/openvpn/sample/sample-config-files - install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys - install -m 644 ${S}/sample/sample-scripts/* ${D}${sysconfdir}/openvpn/sample/sample-scripts - - install -d -m 710 ${D}/${localstatedir}/lib/openvpn -} - -PACKAGES =+ " ${PN}-sample " - -RRECOMMENDS:${PN} = "kernel-module-tun" - -FILES:${PN}-dbg += "${libdir}/openvpn/plugins/.debug" -FILES:${PN} += "${systemd_system_unitdir}/openvpn-server@.service \ - ${systemd_system_unitdir}/openvpn-client@.service \ - ${nonarch_libdir}/tmpfiles.d \ - " -FILES:${PN}-sample = "${sysconfdir}/openvpn/sample/ \ - " diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.6.11.bb b/meta-networking/recipes-support/openvpn/openvpn_2.6.11.bb new file mode 100644 index 0000000000..cf599666d4 --- /dev/null +++ b/meta-networking/recipes-support/openvpn/openvpn_2.6.11.bb @@ -0,0 +1,76 @@ +SUMMARY = "A full-featured SSL VPN solution via tun device." +HOMEPAGE = "https://openvpn.net/" +SECTION = "net" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=89196bacc47ed37a5b242a535661a049" +DEPENDS = "lzo lz4 openssl iproute2 libcap-ng ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +inherit autotools systemd update-rc.d pkgconfig + +SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ + file://0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch \ + file://openvpn \ + " + +UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" + +SRC_URI[sha256sum] = "d60adf413d37e11e6e63531cacf2655906756046b4edffe88a13b9e2fec40d5e" + +CVE_STATUS[CVE-2020-27569] = "not-applicable-config: Applies only Aviatrix OpenVPN client, not openvpn" + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME:${PN} = "openvpn" +INITSCRIPT_PARAMS:${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ." + +CFLAGS += "-fno-inline" + +# I want openvpn to be able to read password from file (hrw) +EXTRA_OECONF += "--enable-iproute2" +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}" + +# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host. +EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip" + +EXTRA_OECONF += "SYSTEMD_UNIT_DIR=${systemd_system_unitdir} \ + TMPFILES_DIR=${nonarch_libdir}/tmpfiles.d \ + " + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ + " + +PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" + +do_install:append() { + install -d ${D}/${sysconfdir}/init.d + install -m 755 ${UNPACKDIR}/openvpn ${D}/${sysconfdir}/init.d + + install -d ${D}/${sysconfdir}/openvpn + install -d ${D}/${sysconfdir}/openvpn/server + install -d ${D}/${sysconfdir}/openvpn/client + + install -d ${D}/${sysconfdir}/openvpn/sample + install -m 644 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf + install -m 644 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf + install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-config-files + install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys + install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-scripts + install -m 644 ${S}/sample/sample-config-files/* ${D}${sysconfdir}/openvpn/sample/sample-config-files + install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys + install -m 644 ${S}/sample/sample-scripts/* ${D}${sysconfdir}/openvpn/sample/sample-scripts + + install -d -m 710 ${D}/${localstatedir}/lib/openvpn +} + +PACKAGES =+ " ${PN}-sample " + +RRECOMMENDS:${PN} = "kernel-module-tun" + +FILES:${PN}-dbg += "${libdir}/openvpn/plugins/.debug" +FILES:${PN} += "${systemd_system_unitdir}/openvpn-server@.service \ + ${systemd_system_unitdir}/openvpn-client@.service \ + ${nonarch_libdir}/tmpfiles.d \ + " +FILES:${PN}-sample = "${sysconfdir}/openvpn/sample/ \ + " -- cgit v1.2.3-54-g00ecf