On 2014/07/29 22:14, Stuart Henderson wrote: > On 2014/07/29 19:34, Ryan O'Connor wrote: > > Hi, > > > > I notice that the version of OpenVPN available for OpenBSD 5.5 is 2.3.2 > > > > Would it be possible for the relevant maintainer to upgrade it to 2.3.4? > > The source tarball on OpenVPN's official site is already at version 2.3.4. > > > > Thanks. > > > > Ryan > > > > There's no maintainer, and we can't do anything with 5.5, but I can > update it for 5.6-current when trees are unlocked after 5.6 release is > tagged. >
Here's a diff against -current ports if anyone would like to test it. It applies and builds, but I have not done any runtime testing. Index: Makefile =================================================================== RCS file: /cvs/ports/net/openvpn/Makefile,v retrieving revision 1.51 diff -u -p -r1.51 Makefile --- Makefile 18 Apr 2014 19:08:12 -0000 1.51 +++ Makefile 30 Jul 2014 10:05:50 -0000 @@ -2,7 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.3.2 +DISTNAME= openvpn-2.3.4 CATEGORIES= net security HOMEPAGE= http://openvpn.net/ Index: distinfo =================================================================== RCS file: /cvs/ports/net/openvpn/distinfo,v retrieving revision 1.24 diff -u -p -r1.24 distinfo --- distinfo 9 Jan 2014 22:42:43 -0000 1.24 +++ distinfo 30 Jul 2014 10:05:50 -0000 @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.3.2.tar.gz) = IL2j+d67mlLbJirs3fpOgUBQqUBKkQYTa347b37zb/w= -SIZE (openvpn-2.3.2.tar.gz) = 1145108 +SHA256 (openvpn-2.3.4.tar.gz) = r1BtX0hWj6jS8kNcs/rTX5qajyY5mept87opaWDOyFo= +SIZE (openvpn-2.3.4.tar.gz) = 1191101 Index: patches/patch-Makefile_in =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-Makefile_in,v retrieving revision 1.1 diff -u -p -r1.1 patch-Makefile_in --- patches/patch-Makefile_in 20 Apr 2013 16:22:55 -0000 1.1 +++ patches/patch-Makefile_in 30 Jul 2014 10:05:50 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-Makefile_in,v 1.1 2013/04/20 16:22:55 sthen Exp $ ---- Makefile.in.orig Thu Mar 28 12:59:54 2013 -+++ Makefile.in Mon Apr 1 17:55:36 2013 -@@ -383,8 +383,7 @@ EXTRA_DIST = \ +--- Makefile.in.orig Thu May 1 12:13:12 2014 ++++ Makefile.in Tue Jul 29 22:10:23 2014 +@@ -449,8 +449,7 @@ EXTRA_DIST = \ @GIT_CHECKOUT_TRUE@ config-version.h SUBDIRS = build distro include src sample doc tests Index: patches/patch-configure =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-configure,v retrieving revision 1.5 diff -u -p -r1.5 patch-configure --- patches/patch-configure 20 Apr 2013 16:22:55 -0000 1.5 +++ patches/patch-configure 30 Jul 2014 10:05:50 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-configure,v 1.5 2013/04/20 16:22:55 sthen Exp $ ---- configure.orig Thu Mar 28 12:59:53 2013 -+++ configure Mon Apr 1 17:55:36 2013 -@@ -16308,7 +16308,7 @@ fi +--- configure.orig Thu May 1 12:13:13 2014 ++++ configure Tue Jul 29 22:10:23 2014 +@@ -16460,7 +16460,7 @@ fi plugindir="${with_plugindir}" Index: patches/patch-include_Makefile_in =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-include_Makefile_in,v retrieving revision 1.1 diff -u -p -r1.1 patch-include_Makefile_in --- patches/patch-include_Makefile_in 20 Apr 2013 16:22:55 -0000 1.1 +++ patches/patch-include_Makefile_in 30 Jul 2014 10:05:50 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-include_Makefile_in,v 1.1 2013/04/20 16:22:55 sthen Exp $ ---- include/Makefile.in.orig Thu Mar 28 12:59:54 2013 -+++ include/Makefile.in Mon Apr 1 17:55:36 2013 -@@ -249,7 +249,7 @@ host_cpu = @host_cpu@ +--- include/Makefile.in.orig Fri May 2 08:16:40 2014 ++++ include/Makefile.in Tue Jul 29 22:10:23 2014 +@@ -306,7 +306,7 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ Index: patches/patch-src_openvpn_route_c =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 21 Oct 2013 09:15:07 -0000 1.2 +++ patches/patch-src_openvpn_route_c 30 Jul 2014 10:05:50 -0000 @@ -1,169 +1,7 @@ $OpenBSD: patch-src_openvpn_route_c,v 1.2 2013/10/21 09:15:07 bluhm Exp $ ---- src/openvpn/route.c.orig Thu Mar 28 10:31:03 2013 -+++ src/openvpn/route.c Sat Oct 19 16:00:06 2013 -@@ -49,7 +49,7 @@ - #define METRIC_NOT_USED ((DWORD)-1) - #endif - --static void delete_route (struct route *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es); -+static void delete_route (struct route_base *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es); - - static void get_bypass_addresses (struct route_bypass *rb, const unsigned int flags); - -@@ -150,7 +150,7 @@ struct route_list * - new_route_list (const int max_routes, struct gc_arena *a) - { - struct route_list *ret; -- ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_list, struct route, max_routes, a); -+ ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_list, struct route_base, max_routes, a); - ret->capacity = max_routes; - return ret; - } -@@ -165,7 +165,7 @@ new_route_ipv6_list (const int max_routes, struct gc_a - } - - static const char * --route_string (const struct route *r, struct gc_arena *gc) -+route_string (const struct route_base *r, struct gc_arena *gc) - { - struct buffer out = alloc_buf_gc (256, gc); - buf_printf (&out, "ROUTE network %s netmask %s gateway %s", -@@ -267,7 +267,7 @@ is_special_addr (const char *addr_str) - } - - static bool --init_route (struct route *r, -+init_route (struct route_base *r, - struct addrinfo **network_list, - const struct route_option *ro, - const struct route_list *rl) -@@ -484,7 +484,7 @@ void - clear_route_list (struct route_list *rl) - { - const int capacity = rl->capacity; -- const size_t rl_size = array_mult_safe (sizeof(struct route), capacity, sizeof(struct route_list)); -+ const size_t rl_size = array_mult_safe (sizeof(struct route_base), capacity, sizeof(struct route_list)); - memset(rl, 0, rl_size); - rl->capacity = capacity; - } -@@ -518,7 +518,7 @@ add_block_local_item (struct route_list *rl, - && rl->rgi.gateway.netmask < 0xFFFFFFFF - && (rl->n)+2 <= rl->capacity) - { -- struct route r; -+ struct route_base r; - unsigned int l2; - - /* split a route into two smaller blocking routes, and direct them to target */ -@@ -648,7 +648,7 @@ init_route_list (struct route_list *rl, - for (i = 0; i < opt->n; ++i) - { - struct addrinfo* netlist; -- struct route r; -+ struct route_base r; - - if (!init_route (&r, - &netlist, -@@ -759,7 +759,7 @@ add_route3 (in_addr_t network, - const struct route_gateway_info *rgi, - const struct env_set *es) - { -- struct route r; -+ struct route_base r; - CLEAR (r); - r.flags = RT_DEFINED; - r.network = network; -@@ -777,7 +777,7 @@ del_route3 (in_addr_t network, - const struct route_gateway_info *rgi, - const struct env_set *es) - { -- struct route r; -+ struct route_base r; - CLEAR (r); - r.flags = RT_DEFINED|RT_ADDED; - r.network = network; -@@ -1027,7 +1027,7 @@ add_routes (struct route_list *rl, struct route_ipv6_l - - for (i = 0; i < rl->n; ++i) - { -- struct route *r = &rl->routes[i]; -+ struct route_base *r = &rl->routes[i]; - check_subnet_conflict (r->network, r->netmask, "route"); - if (flags & ROUTE_DELETE_FIRST) - delete_route (r, tt, flags, &rl->rgi, es); -@@ -1059,7 +1059,7 @@ delete_routes (struct route_list *rl, struct route_ipv - int i; - for (i = rl->n - 1; i >= 0; --i) - { -- struct route * r = &rl->routes[i]; -+ struct route_base * r = &rl->routes[i]; - delete_route (r, tt, flags, &rl->rgi, es); - } - rl->iflags &= ~RL_ROUTES_ADDED; -@@ -1153,7 +1153,7 @@ print_default_gateway(const int msglevel, const struct - #endif - - static void --print_route (const struct route *r, int level) -+print_route (const struct route_base *r, int level) - { - struct gc_arena gc = gc_new (); - if (r->flags & RT_DEFINED) -@@ -1170,7 +1170,7 @@ print_routes (const struct route_list *rl, int level) - } - - static void --setenv_route (struct env_set *es, const struct route *r, int i) -+setenv_route (struct env_set *es, const struct route_base *r, int i) - { - struct gc_arena gc = gc_new (); - if (r->flags & RT_DEFINED) -@@ -1287,7 +1287,7 @@ is_on_link (const int is_local_route, const unsigned i - } - - void --add_route (struct route *r, -+add_route (struct route_base *r, - const struct tuntap *tt, - unsigned int flags, - const struct route_gateway_info *rgi, /* may be NULL */ -@@ -1727,7 +1727,7 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tu - } - - static void --delete_route (struct route *r, -+delete_route (struct route_base *r, - const struct tuntap *tt, - unsigned int flags, - const struct route_gateway_info *rgi, -@@ -2231,7 +2231,7 @@ get_default_gateway (struct route_gateway_info *rgi) - } - - static DWORD --windows_route_find_if_index (const struct route *r, const struct tuntap *tt) -+windows_route_find_if_index (const struct route_base *r, const struct tuntap *tt) - { - struct gc_arena gc = gc_new (); - DWORD ret = TUN_ADAPTER_INDEX_INVALID; -@@ -2276,7 +2276,7 @@ windows_route_find_if_index (const struct route *r, co - } - - bool --add_route_ipapi (const struct route *r, const struct tuntap *tt, DWORD adapter_index) -+add_route_ipapi (const struct route_base *r, const struct tuntap *tt, DWORD adapter_index) - { - struct gc_arena gc = gc_new (); - bool ret = false; -@@ -2350,7 +2350,7 @@ add_route_ipapi (const struct route *r, const struct t - } - - bool --del_route_ipapi (const struct route *r, const struct tuntap *tt) -+del_route_ipapi (const struct route_base *r, const struct tuntap *tt) - { - struct gc_arena gc = gc_new (); - bool ret = false; -@@ -2957,7 +2957,7 @@ get_default_gateway (struct route_gateway_info *rgi) +--- src/openvpn/route.c.orig Thu May 1 12:12:22 2014 ++++ src/openvpn/route.c Tue Jul 29 22:10:23 2014 +@@ -2918,7 +2918,7 @@ get_default_gateway (struct route_gateway_info *rgi) #undef max @@ -172,123 +10,3 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. #include <sys/types.h> #include <sys/socket.h> -@@ -3008,6 +3008,119 @@ struct rt_msghdr { - u_long rtm_inits; /* which metrics we are initializing */ - struct rt_metrics rtm_rmx; /* metrics themselves */ - }; -+ -+struct { -+ struct rt_msghdr m_rtm; -+ char m_space[512]; -+} m_rtmsg; -+ -+#define ROUNDUP(a) \ -+ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) -+ -+/* -+ * FIXME -- add support for netmask, hwaddr, and iface -+ */ -+void -+get_default_gateway (struct route_gateway_info *rgi) -+{ -+ struct gc_arena gc = gc_new (); -+ int s, seq, l, rtm_addrs, i; -+ pid_t pid; -+ struct sockaddr so_dst, so_mask; -+ char *cp = m_rtmsg.m_space; -+ struct sockaddr *gate = NULL, *sa; -+ struct rt_msghdr *rtm_aux; -+ -+#define NEXTADDR(w, u) \ -+ if (rtm_addrs & (w)) {\ -+ l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\ -+ } -+ -+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len)) -+ -+#define rtm m_rtmsg.m_rtm -+ -+ CLEAR(*rgi); -+ -+ pid = getpid(); -+ seq = 0; -+ rtm_addrs = RTA_DST | RTA_NETMASK; -+ -+ bzero(&so_dst, sizeof(so_dst)); -+ bzero(&so_mask, sizeof(so_mask)); -+ bzero(&rtm, sizeof(struct rt_msghdr)); -+ -+ rtm.rtm_type = RTM_GET; -+ rtm.rtm_flags = RTF_UP | RTF_GATEWAY; -+ rtm.rtm_version = RTM_VERSION; -+ rtm.rtm_seq = ++seq; -+ rtm.rtm_addrs = rtm_addrs; -+ -+ so_dst.sa_family = AF_INET; -+ so_dst.sa_len = sizeof(struct sockaddr_in); -+ so_mask.sa_family = AF_INET; -+ so_mask.sa_len = sizeof(struct sockaddr_in); -+ -+ NEXTADDR(RTA_DST, so_dst); -+ NEXTADDR(RTA_NETMASK, so_mask); -+ -+ rtm.rtm_msglen = l = cp - (char *)&m_rtmsg; -+ -+ s = socket(PF_ROUTE, SOCK_RAW, 0); -+ -+ if (write(s, (char *)&m_rtmsg, l) < 0) -+ { -+ msg(M_WARN|M_ERRNO, "Could not retrieve default gateway from route socket:"); -+ gc_free (&gc); -+ close(s); -+ return; -+ } -+ -+ do { -+ l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg)); -+ } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid)); -+ -+ close(s); -+ -+ rtm_aux = &rtm; -+ -+ cp = ((char *)(rtm_aux + 1)); -+ if (rtm_aux->rtm_addrs) { -+ for (i = 1; i; i <<= 1) -+ if (i & rtm_aux->rtm_addrs) { -+ sa = (struct sockaddr *)cp; -+ if (i == RTA_GATEWAY ) -+ gate = sa; -+ ADVANCE(cp, sa); -+ } -+ } -+ else -+ { -+ gc_free (&gc); -+ return; -+ } -+ -+ -+ if (gate != NULL ) -+ { -+ rgi->gateway.addr = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr); -+ rgi->flags |= RGI_ADDR_DEFINED; -+ -+ gc_free (&gc); -+ } -+ else -+ { -+ gc_free (&gc); -+ } -+} -+ -+#elif defined(TARGET_OPENBSD) -+ -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+#include <net/route.h> - - struct { - struct rt_msghdr m_rtm; Index: patches/patch-src_openvpn_route_h =================================================================== RCS file: patches/patch-src_openvpn_route_h diff -N patches/patch-src_openvpn_route_h --- patches/patch-src_openvpn_route_h 21 Oct 2013 09:15:07 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,41 +0,0 @@ -$OpenBSD: patch-src_openvpn_route_h,v 1.1 2013/10/21 09:15:07 bluhm Exp $ ---- src/openvpn/route.h.orig Wed Mar 20 09:28:14 2013 -+++ src/openvpn/route.h Sat Oct 19 15:54:29 2013 -@@ -110,7 +110,7 @@ struct route_ipv6_option_list { - struct route_ipv6_option routes_ipv6[EMPTY_ARRAY_SIZE]; - }; - --struct route { -+struct route_base { - # define RT_DEFINED (1<<0) - # define RT_ADDED (1<<1) - # define RT_METRIC_DEFINED (1<<2) -@@ -190,7 +190,7 @@ struct route_list { - unsigned int flags; /* RG_x flags */ - int capacity; - int n; -- struct route routes[EMPTY_ARRAY_SIZE]; -+ struct route_base routes[EMPTY_ARRAY_SIZE]; - }; - - #if P2MP -@@ -223,7 +223,7 @@ struct route_ipv6_list *new_route_ipv6_list (const int - void add_route_ipv6 (struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es); - void delete_route_ipv6 (const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es); - --void add_route (struct route *r, -+void add_route (struct route_base *r, - const struct tuntap *tt, - unsigned int flags, - const struct route_gateway_info *rgi, -@@ -301,8 +301,8 @@ void print_routes (const struct route_list *rl, int le - - void show_routes (int msglev); - bool test_routes (const struct route_list *rl, const struct tuntap *tt); --bool add_route_ipapi (const struct route *r, const struct tuntap *tt, DWORD adapter_index); --bool del_route_ipapi (const struct route *r, const struct tuntap *tt); -+bool add_route_ipapi (const struct route_base *r, const struct tuntap *tt, DWORD adapter_index); -+bool del_route_ipapi (const struct route_base *r, const struct tuntap *tt); - - #else - static inline bool test_routes (const struct route_list *rl, const struct tuntap *tt) { return true; } Index: patches/patch-src_openvpn_tun_c =================================================================== RCS file: /cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_openvpn_tun_c --- patches/patch-src_openvpn_tun_c 21 Oct 2013 09:15:07 -0000 1.2 +++ patches/patch-src_openvpn_tun_c 30 Jul 2014 10:05:50 -0000 @@ -1,16 +1,7 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.2 2013/10/21 09:15:07 bluhm Exp $ ---- src/openvpn/tun.c.orig Wed Mar 20 09:28:14 2013 -+++ src/openvpn/tun.c Sat Oct 19 15:53:44 2013 -@@ -867,7 +867,7 @@ do_ifconfig (struct tuntap *tt, - if (!tun && tt->topology == TOP_SUBNET) - { - /* Add a network route for the local tun interface */ -- struct route r; -+ struct route_base r; - CLEAR (r); - r.flags = RT_DEFINED | RT_METRIC_DEFINED; - r.network = tt->local & tt->remote_netmask; -@@ -911,7 +911,19 @@ do_ifconfig (struct tuntap *tt, +--- src/openvpn/tun.c.orig Thu May 1 12:12:22 2014 ++++ src/openvpn/tun.c Tue Jul 29 22:10:23 2014 +@@ -917,7 +917,19 @@ do_ifconfig (struct tuntap *tt, ); } else @@ -31,7 +22,7 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.2 "%s %s %s netmask %s mtu %d broadcast %s link0", IFCONFIG_PATH, actual, -@@ -920,6 +932,7 @@ do_ifconfig (struct tuntap *tt, +@@ -926,6 +938,7 @@ do_ifconfig (struct tuntap *tt, tun_mtu, ifconfig_broadcast ); @@ -39,14 +30,15 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.2 argv_msg (M_INFO, &argv); openvpn_execve_check (&argv, es, S_FATAL, "OpenBSD ifconfig failed"); if ( do_ipv6 ) -@@ -939,6 +952,18 @@ do_ifconfig (struct tuntap *tt, +@@ -944,6 +957,18 @@ do_ifconfig (struct tuntap *tt, + add_route_connected_v6_net(tt, es); } tt->did_ifconfig = true; - ++ + /* Add a network route for the local tun interface */ + if (!tun && tt->topology == TOP_SUBNET) + { -+ struct route_base r; ++ struct route_ipv4 r; + CLEAR (r); + r.flags = RT_DEFINED; + r.network = tt->local & tt->remote_netmask; @@ -54,25 +46,6 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.2 + r.gateway = tt->local; + add_route (&r, tt, 0, NULL, es); + } -+ + #elif defined(TARGET_NETBSD) - /* whether or not NetBSD can do IPv6 can be seen by the availability of -@@ -1064,7 +1089,7 @@ do_ifconfig (struct tuntap *tt, - /* Add a network route for the local tun interface */ - if (!tun && tt->topology == TOP_SUBNET) - { -- struct route r; -+ struct route_base r; - CLEAR (r); - r.flags = RT_DEFINED; - r.network = tt->local & tt->remote_netmask; -@@ -1130,7 +1155,7 @@ do_ifconfig (struct tuntap *tt, - /* Add a network route for the local tun interface */ - if (!tun && tt->topology == TOP_SUBNET) - { -- struct route r; -+ struct route_base r; - CLEAR (r); - r.flags = RT_DEFINED; - r.network = tt->local & tt->remote_netmask;
