update openvpn to 2.3.15 fixes DoSses: CVE-2017-7478 CVE-2017-7479 fixes PR pkg/52044 relevant excerpt of ChangeLog: OpenVPN Change Log Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> 2017.05.11 -- Version 2.3.15 David Sommerseth (5): dev-tools: Added script for updating copyright years in files Update copyrights docs: Further improve --reneg-bytes and SWEET32 information git: Merge .gitignore files into a single file Make --cipher/--auth none more explicit on the risks Gert Doering (1): Document --proto udp6, tcp6, etc. Julien Muchembled (1): Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset Steffan Karger (6): Add missing includes in error.h cleanup: merge packet_id_alloc_outgoing() into packet_id_write() Document that OpenVPN 2.3 does not check the CRL signature Introduce and use secure_memzero() to erase secrets Drop packets instead of assert out if packet id rolls over (CVE-2017-7479) Don't assert out on receiving too-large control packets (CVE-2017-7478) 2016.12.06 -- Version 2.3.14 Christian Hesse (1): update year in copyright message David Sommerseth (1): Document the --auth-token option Gert Doering (2): Repair topology subnet on FreeBSD 11 Repair topology subnet on OpenBSD Lev Stipakov (1): Drop recursively routed packets Selva Nair (4): Support --block-outside-dns on multiple tunnels When parsing '--setenv opt xx ..' make sure a third parameter is present Map restart signals from event loop to SIGTERM during exit-notification wait Correctly state the default dhcp server address in man page Steffan Karger (1): Clean up format_hex_ex() 2016.11.02 -- Version 2.3.13 Arne Schwabe (2): Use AES ciphers in our sample configuration files and add a few modern 2.4 examples Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer David Sommerseth (4): t_client.sh: Make OpenVPN write PID file to avoid various sudo issues t_client.sh: Add support for Kerberos/ksu t_client.sh: Improve detection if the OpenVPN process did start during tests t_client.sh: Add prepare/cleanup possibilties for each test case Gert Doering (5): Do not abort t_client run if OpenVPN instance does not start. Fix t_client runs on OpenSolaris make t_client robust against sudoers misconfiguration add POSTINIT_CMD_suf to t_client.sh and sample config Fix --multihome for IPv6 on 64bit BSD systems. Ilya Shipitsin (1): skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto Lev Stipakov (2): Exclude peer-id from pulled options digest Fix compilation in pedantic mode Samuli Sepp辰nen (1): Automatically cache expected IPs for t_client.sh on the first run Steffan Karger (6): Fix unittests for out-of-source builds Make gnu89 support explicit cleanup: remove code duplication in msg_test() Update cipher-related man page text Limit --reneg-bytes to 64MB when using small block ciphers Add a revoked cert to the sample keys 2016.08.23 -- Version 2.3.12 Arne Schwabe (2): Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it. Move ASSERT so external-key with OpenSSL works again David Sommerseth (3): Only build and run cmocka unit tests if its submodule is initialized Another fix related to unit test framework Remove NOP function and callers Dorian Harmans (1): Add CHACHA20-POLY1305 ciphersuite IANA name translations. Ivo Manca (1): Plug memory leak in mbedTLS backend Jeffrey Cutter (1): Update contrib/pull-resolv-conf/client.up for no DOMAIN Jens Neuhalfen (2): Add unit testing support via cmocka Add a test for auth-pam searchandreplace Josh Cepek (1): Push an IPv6 CIDR mask used by the server, not the pool's size Leon Klingele (1): Add link to bug tracker Samuli Sepp辰nen (2): Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes Clarify the fact that build instructions in README are for release tarballs Selva Nair (4): Make error non-fatal while deleting address using netsh Make block-outside-dns work with persist-tun Ignore SIGUSR1/SIGHUP during exit notification Promptly close the netcmd_semaphore handle after use Steffan Karger (4): Fix polarssl / mbedtls builds Don't limit max incoming message size based on c2->frame Fix '--cipher none --cipher' crash Discourage using 64-bit block ciphersdiff -r1.60 -r1.61 pkgsrc/net/openvpn/Makefile
(spz)
@@ -1,17 +1,16 @@ | @@ -1,17 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.60 2016/09/19 13:04:25 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.61 2017/05/19 18:11:04 spz Exp $ | |
2 | 2 | |||
3 | DISTNAME= ${OPENVPN_DISTNAME} | 3 | DISTNAME= ${OPENVPN_DISTNAME} | |
4 | PKGREVISION= 1 | |||
5 | CATEGORIES= net | 4 | CATEGORIES= net | |
6 | MASTER_SITES= ${OPENVPN_MASTER_SITES} | 5 | MASTER_SITES= ${OPENVPN_MASTER_SITES} | |
7 | EXTRACT_SUFX= .tar.xz | 6 | EXTRACT_SUFX= .tar.xz | |
8 | 7 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://openvpn.net/ | 9 | HOMEPAGE= http://openvpn.net/ | |
11 | COMMENT= Easy-to-use SSL VPN daemon | 10 | COMMENT= Easy-to-use SSL VPN daemon | |
12 | LICENSE= gnu-gpl-v2 | 11 | LICENSE= gnu-gpl-v2 | |
13 | 12 | |||
14 | PKG_DESTDIR_SUPPORT= user-destdir | 13 | PKG_DESTDIR_SUPPORT= user-destdir | |
15 | 14 | |||
16 | USE_LIBTOOL= yes | 15 | USE_LIBTOOL= yes | |
17 | USE_TOOLS+= aclocal autoconf autom4te grep:run pkg-config | 16 | USE_TOOLS+= aclocal autoconf autom4te grep:run pkg-config |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: Makefile.common,v 1.5 2016/07/08 08:49:41 jperkin Exp $ | 1 | # $NetBSD: Makefile.common,v 1.6 2017/05/19 18:11:04 spz Exp $ | |
2 | 2 | |||
3 | # used by net/openvpn/Makefile | 3 | # used by net/openvpn/Makefile | |
4 | # used by net/openvpn-acct-wtmpx/Makefile | 4 | # used by net/openvpn-acct-wtmpx/Makefile | |
5 | # used by net/openvpn-nagios/Makefile | 5 | # used by net/openvpn-nagios/Makefile | |
6 | 6 | |||
7 | OPENVPN_DISTNAME= openvpn-2.3.11 | 7 | OPENVPN_DISTNAME= openvpn-2.3.15 | |
8 | OPENVPN_DISTFILE= ${OPENVPN_DISTNAME}.tar.xz | 8 | OPENVPN_DISTFILE= ${OPENVPN_DISTNAME}.tar.xz | |
9 | OPENVPN_MASTER_SITES= http://swupdate.openvpn.net/community/releases/ | 9 | OPENVPN_MASTER_SITES= http://swupdate.openvpn.net/community/releases/ | |
10 | SITES.${OPENVPN_DISTFILE}= ${OPENVPN_MASTER_SITES} | 10 | SITES.${OPENVPN_DISTFILE}= ${OPENVPN_MASTER_SITES} | |
11 | 11 | |||
12 | OPENVPN_USER?= openvpn | 12 | OPENVPN_USER?= openvpn | |
13 | OPENVPN_GROUP?= openvpn | 13 | OPENVPN_GROUP?= openvpn | |
14 | OPENVPN_PLUGINSDIR?= lib/openvpn/plugins | 14 | OPENVPN_PLUGINSDIR?= lib/openvpn/plugins |
@@ -1,13 +1,13 @@ | @@ -1,13 +1,13 @@ | |||
1 | $NetBSD: distinfo,v 1.33 2016/07/08 08:49:41 jperkin Exp $ | 1 | $NetBSD: distinfo,v 1.34 2017/05/19 18:11:04 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (openvpn-2.3.11.tar.xz) = 48ba3ada2da84be4cf66ffbd35a66d4ce30e0e5b | 3 | SHA1 (openvpn-2.3.15.tar.xz) = 3f74ee6baab32306c131a6e63f0d77e92d12d4ec | |
4 | RMD160 (openvpn-2.3.11.tar.xz) = cfaf087bfb9d562b6028a225c43000fbe96041ce | 4 | RMD160 (openvpn-2.3.15.tar.xz) = 5cf7f6ef9ffea3f7c804f37c851f5a693f5f869a | |
5 | SHA512 (openvpn-2.3.11.tar.xz) = 1fd2798beca074f0a094efbd4a9260f8a62d488afacb023b3f867698e6177bfc02702209e8c7f300ba8c662d292c65dc05d3f2cf615ebb91b90d4798fd3b99cd | 5 | SHA512 (openvpn-2.3.15.tar.xz) = 749f1ca86923287c7e28dcea182e98b3a78648c0df8cf831f5fe41d859a0d822ba4691eb8587c24ae5078325c87c8397921a3655b2207d5b1fecc177ad560dec | |
6 | Size (openvpn-2.3.11.tar.xz) = 833496 bytes | 6 | Size (openvpn-2.3.15.tar.xz) = 863384 bytes | |
7 | SHA1 (patch-ac) = 3071423ae978dd7d1d79cb140325bde96ba8d21b | 7 | SHA1 (patch-ac) = 3071423ae978dd7d1d79cb140325bde96ba8d21b | |
8 | SHA1 (patch-ad) = 1e2c34a37157ff9c091e0120817a8c8bae9aef4e | 8 | SHA1 (patch-ad) = 1e2c34a37157ff9c091e0120817a8c8bae9aef4e | |
9 | SHA1 (patch-ae) = fce5d2b7c8ef830cba3df4408af79301f347cafd | 9 | SHA1 (patch-ae) = fce5d2b7c8ef830cba3df4408af79301f347cafd | |
10 | SHA1 (patch-af) = 8d728c36a6eccdebf6c7e5a02d457903b255f4fb | 10 | SHA1 (patch-af) = 8d728c36a6eccdebf6c7e5a02d457903b255f4fb | |
11 | SHA1 (patch-src_compat_compat-basename.c) = 45a58ef2e05f6e0265f229da8540760e60e65143 | 11 | SHA1 (patch-src_compat_compat-basename.c) = 45a58ef2e05f6e0265f229da8540760e60e65143 | |
12 | SHA1 (patch-src_openvpn_socket.c) = 74668d39f5e6fdab64825d38d4b287c8004f5af3 | 12 | SHA1 (patch-src_openvpn_socket.c) = d091fdf614c7673755b9f1fdbdd11ce33276cfda | |
13 | SHA1 (patch-src_openvpn_socket.h) = b4b952af347e0f2d0aff307a5025b3d27a2e6ee5 | 13 | SHA1 (patch-src_openvpn_socket.h) = b4b952af347e0f2d0aff307a5025b3d27a2e6ee5 |
@@ -1,20 +1,19 @@ | @@ -1,20 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.7 2016/07/08 08:50:25 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.8 2017/05/19 18:11:04 spz Exp $ | |
2 | 2 | |||
3 | .include "../../net/openvpn/Makefile.common" | 3 | .include "../../net/openvpn/Makefile.common" | |
4 | 4 | |||
5 | DISTNAME= openvpn-acct-wtmpx-20130210 | 5 | DISTNAME= openvpn-acct-wtmpx-20130210 | |
6 | DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${OPENVPN_DISTFILE} | 6 | DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${OPENVPN_DISTFILE} | |
7 | PKGREVISION= 3 | |||
8 | CATEGORIES= net | 7 | CATEGORIES= net | |
9 | MASTER_SITES= http://ftp.espci.fr/pub/openvpn-acct-wtmpx/ | 8 | MASTER_SITES= http://ftp.espci.fr/pub/openvpn-acct-wtmpx/ | |
10 | EXTRACT_SUFX= .tgz | 9 | EXTRACT_SUFX= .tgz | |
11 | 10 | |||
12 | MAINTAINER= manu@NetBSD.org | 11 | MAINTAINER= manu@NetBSD.org | |
13 | HOMEPAGE= http://ftp.espci.fr/pub/openvpn-acct-wtmpx/ | 12 | HOMEPAGE= http://ftp.espci.fr/pub/openvpn-acct-wtmpx/ | |
14 | COMMENT= Log OpenVPN logins and logouts to wtmpx | 13 | COMMENT= Log OpenVPN logins and logouts to wtmpx | |
15 | LICENSE= 2-clause-bsd | 14 | LICENSE= 2-clause-bsd | |
16 | 15 | |||
17 | PKG_DESTDIR_SUPPORT= user-destdir | 16 | PKG_DESTDIR_SUPPORT= user-destdir | |
18 | 17 | |||
19 | USE_LIBTOOL= yes | 18 | USE_LIBTOOL= yes | |
20 | USE_TOOLS+= install | 19 | USE_TOOLS+= install |
@@ -1,11 +1,11 @@ | @@ -1,11 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.10 2016/07/08 08:50:25 jperkin Exp $ | 1 | $NetBSD: distinfo,v 1.11 2017/05/19 18:11:04 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (openvpn-2.3.11.tar.xz) = 48ba3ada2da84be4cf66ffbd35a66d4ce30e0e5b | 3 | SHA1 (openvpn-2.3.15.tar.xz) = 3f74ee6baab32306c131a6e63f0d77e92d12d4ec | |
4 | RMD160 (openvpn-2.3.11.tar.xz) = cfaf087bfb9d562b6028a225c43000fbe96041ce | 4 | RMD160 (openvpn-2.3.15.tar.xz) = 5cf7f6ef9ffea3f7c804f37c851f5a693f5f869a | |
5 | SHA512 (openvpn-2.3.11.tar.xz) = 1fd2798beca074f0a094efbd4a9260f8a62d488afacb023b3f867698e6177bfc02702209e8c7f300ba8c662d292c65dc05d3f2cf615ebb91b90d4798fd3b99cd | 5 | SHA512 (openvpn-2.3.15.tar.xz) = 749f1ca86923287c7e28dcea182e98b3a78648c0df8cf831f5fe41d859a0d822ba4691eb8587c24ae5078325c87c8397921a3655b2207d5b1fecc177ad560dec | |
6 | Size (openvpn-2.3.11.tar.xz) = 833496 bytes | 6 | Size (openvpn-2.3.15.tar.xz) = 863384 bytes | |
7 | SHA1 (openvpn-acct-wtmpx-20130210.tgz) = cf7bc26b12a65493cdf5db93b03bbb938a2f0f33 | 7 | SHA1 (openvpn-acct-wtmpx-20130210.tgz) = cf7bc26b12a65493cdf5db93b03bbb938a2f0f33 | |
8 | RMD160 (openvpn-acct-wtmpx-20130210.tgz) = d9000789f04606bfa17db1597a45a4235b1119ea | 8 | RMD160 (openvpn-acct-wtmpx-20130210.tgz) = d9000789f04606bfa17db1597a45a4235b1119ea | |
9 | SHA512 (openvpn-acct-wtmpx-20130210.tgz) = 7b8fd4929e65d8d84158f62e5a17ff3adb3b4a6cff63b29038acfb368750719f2f593786ed9b02402824c19d872b188d2a46740a5c5f853e8873a71481b13aaf | 9 | SHA512 (openvpn-acct-wtmpx-20130210.tgz) = 7b8fd4929e65d8d84158f62e5a17ff3adb3b4a6cff63b29038acfb368750719f2f593786ed9b02402824c19d872b188d2a46740a5c5f853e8873a71481b13aaf | |
10 | Size (openvpn-acct-wtmpx-20130210.tgz) = 2778 bytes | 10 | Size (openvpn-acct-wtmpx-20130210.tgz) = 2778 bytes | |
11 | SHA1 (patch-aa) = 95d9382b74d791306766433506eb0228a806dbdc | 11 | SHA1 (patch-aa) = 95d9382b74d791306766433506eb0228a806dbdc |
@@ -1,31 +1,30 @@ | @@ -1,31 +1,30 @@ | |||
1 | # $NetBSD: Makefile,v 1.6 2016/07/08 08:50:55 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.7 2017/05/19 18:11:04 spz Exp $ | |
2 | 2 | |||
3 | .include "../../net/openvpn/Makefile.common" | 3 | .include "../../net/openvpn/Makefile.common" | |
4 | 4 | |||
5 | DISTNAME= openvpn-nagios-20130210 | 5 | DISTNAME= openvpn-nagios-20130210 | |
6 | DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${OPENVPN_DISTFILE} | 6 | DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${OPENVPN_DISTFILE} | |
7 | PKGREVISION= 4 | |||
8 | CATEGORIES= net | 7 | CATEGORIES= net | |
9 | MASTER_SITES= http://ftp.espci.fr/pub/openvpn-nagios/ | 8 | MASTER_SITES= http://ftp.espci.fr/pub/openvpn-nagios/ | |
10 | EXTRACT_SUFX= .tgz | 9 | EXTRACT_SUFX= .tgz | |
11 | 10 | |||
12 | MAINTAINER= manu@NetBSD.org | 11 | MAINTAINER= manu@NetBSD.org | |
13 | HOMEPAGE= http://ftp.espci.fr/pub/openvpn-nagios/ | 12 | HOMEPAGE= http://ftp.espci.fr/pub/openvpn-nagios/ | |
14 | COMMENT= OpenVPN certificate checks for Nagios | 13 | COMMENT= OpenVPN certificate checks for Nagios | |
15 | LICENSE= 2-clause-bsd | 14 | LICENSE= 2-clause-bsd | |
16 | 15 | |||
17 | PKG_DESTDIR_SUPPORT= user-destdir | 16 | PKG_DESTDIR_SUPPORT= user-destdir | |
18 | 17 | |||
19 | USE_LIBTOOL= yes | 18 | USE_LIBTOOL= yes | |
20 | USE_TOOLS+= install | 19 | USE_TOOLS+= install | |
21 | 20 | |||
22 | MAKE_ENV+= OPENVPN_PLUGINSDIR=${PREFIX:Q}/${OPENVPN_PLUGINSDIR:Q} | 21 | MAKE_ENV+= OPENVPN_PLUGINSDIR=${PREFIX:Q}/${OPENVPN_PLUGINSDIR:Q} | |
23 | MAKE_ENV+= OPENVPN_DISTNAME=${OPENVPN_DISTNAME:Q} | 22 | MAKE_ENV+= OPENVPN_DISTNAME=${OPENVPN_DISTNAME:Q} | |
24 | 23 | |||
25 | PLIST_SUBST+= OPENVPN_PLUGINSDIR=${OPENVPN_PLUGINSDIR:Q} | 24 | PLIST_SUBST+= OPENVPN_PLUGINSDIR=${OPENVPN_PLUGINSDIR:Q} | |
26 | MESSAGE_SUBST+= OPENVPN_PLUGINSDIR=${PREFIX:Q}/${OPENVPN_PLUGINSDIR:Q} | 25 | MESSAGE_SUBST+= OPENVPN_PLUGINSDIR=${PREFIX:Q}/${OPENVPN_PLUGINSDIR:Q} | |
27 | 26 | |||
28 | DEPENDS+= openvpn>=2.3.0:../../net/openvpn | 27 | DEPENDS+= openvpn>=2.3.0<2.4:../../net/openvpn | |
29 | 28 | |||
30 | .include "../../security/openssl/buildlink3.mk" | 29 | .include "../../security/openssl/buildlink3.mk" | |
31 | .include "../../mk/bsd.pkg.mk" | 30 | .include "../../mk/bsd.pkg.mk" |
@@ -1,12 +1,12 @@ | @@ -1,12 +1,12 @@ | |||
1 | $NetBSD: distinfo,v 1.7 2016/07/08 08:50:55 jperkin Exp $ | 1 | $NetBSD: distinfo,v 1.8 2017/05/19 18:11:04 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (openvpn-2.3.11.tar.xz) = 48ba3ada2da84be4cf66ffbd35a66d4ce30e0e5b | 3 | SHA1 (openvpn-2.3.15.tar.xz) = 3f74ee6baab32306c131a6e63f0d77e92d12d4ec | |
4 | RMD160 (openvpn-2.3.11.tar.xz) = cfaf087bfb9d562b6028a225c43000fbe96041ce | 4 | RMD160 (openvpn-2.3.15.tar.xz) = 5cf7f6ef9ffea3f7c804f37c851f5a693f5f869a | |
5 | SHA512 (openvpn-2.3.11.tar.xz) = 1fd2798beca074f0a094efbd4a9260f8a62d488afacb023b3f867698e6177bfc02702209e8c7f300ba8c662d292c65dc05d3f2cf615ebb91b90d4798fd3b99cd | 5 | SHA512 (openvpn-2.3.15.tar.xz) = 749f1ca86923287c7e28dcea182e98b3a78648c0df8cf831f5fe41d859a0d822ba4691eb8587c24ae5078325c87c8397921a3655b2207d5b1fecc177ad560dec | |
6 | Size (openvpn-2.3.11.tar.xz) = 833496 bytes | 6 | Size (openvpn-2.3.15.tar.xz) = 863384 bytes | |
7 | SHA1 (openvpn-nagios-20130210.tgz) = 8a0fd4e3eba27584aa53c5589c13d4b38af43ba2 | 7 | SHA1 (openvpn-nagios-20130210.tgz) = 8a0fd4e3eba27584aa53c5589c13d4b38af43ba2 | |
8 | RMD160 (openvpn-nagios-20130210.tgz) = 2a47893ec2db2c280adc7b9fbbea97794ec1a6f4 | 8 | RMD160 (openvpn-nagios-20130210.tgz) = 2a47893ec2db2c280adc7b9fbbea97794ec1a6f4 | |
9 | SHA512 (openvpn-nagios-20130210.tgz) = 80e565f32379c39eb6c7f3b4744af221ae882ff07dce9dae5bd7feb73b0edcfc7c7ac7f70d23fdcd4f492b66f095f09833deb122449840b36ea606ce91900358 | 9 | SHA512 (openvpn-nagios-20130210.tgz) = 80e565f32379c39eb6c7f3b4744af221ae882ff07dce9dae5bd7feb73b0edcfc7c7ac7f70d23fdcd4f492b66f095f09833deb122449840b36ea606ce91900358 | |
10 | Size (openvpn-nagios-20130210.tgz) = 3034 bytes | 10 | Size (openvpn-nagios-20130210.tgz) = 3034 bytes | |
11 | SHA1 (patch-aa) = fe38ed54931c34903a1b25f387d59dc1b5e042f6 | 11 | SHA1 (patch-aa) = fe38ed54931c34903a1b25f387d59dc1b5e042f6 | |
12 | SHA1 (patch-openvpn-nagios.c) = e1700e4f648eaca87fdcedc9d9490c9badd6c33b | 12 | SHA1 (patch-openvpn-nagios.c) = e1700e4f648eaca87fdcedc9d9490c9badd6c33b |
@@ -1,60 +1,42 @@ | @@ -1,60 +1,42 @@ | |||
1 | $NetBSD: patch-src_openvpn_socket.c,v 1.2 2014/07/20 17:43:29 adam Exp $ | 1 | $NetBSD: patch-src_openvpn_socket.c,v 1.3 2017/05/19 18:11:04 spz Exp $ | |
2 | 2 | |||
3 | Fix for systems without ipi_spec_dst in struct in_pktinfo. | 3 | Fix for systems without ipi_spec_dst in struct in_pktinfo. | |
4 | 4 | |||
5 | --- src/openvpn/socket.c.orig 2014-05-01 11:12:22.000000000 +0000 | 5 | --- src/openvpn/socket.c.orig 2017-05-11 10:34:40.000000000 +0000 | |
6 | +++ src/openvpn/socket.c | 6 | +++ src/openvpn/socket.c | |
7 | @@ -654,7 +654,7 @@ create_socket_udp (const unsigned int fl | 7 | @@ -650,7 +650,7 @@ create_socket_udp (const unsigned int fl | |
8 | else if (flags & SF_USE_IP_PKTINFO) | 8 | else if (flags & SF_USE_IP_PKTINFO) | |
9 | { | 9 | { | |
10 | int pad = 1; | 10 | int pad = 1; | |
11 | -#ifdef IP_PKTINFO | 11 | -#ifdef IP_PKTINFO | |
12 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | 12 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | |
13 | if (setsockopt (sd, SOL_IP, IP_PKTINFO, | 13 | if (setsockopt (sd, SOL_IP, IP_PKTINFO, | |
14 | (void*)&pad, sizeof(pad)) < 0) | 14 | (void*)&pad, sizeof(pad)) < 0) | |
15 | msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO"); | 15 | msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO"); | |
16 | @@ -2254,7 +2254,7 @@ print_link_socket_actual_ex (const struc | 16 | @@ -2263,7 +2263,7 @@ print_link_socket_actual_ex (const struc | |
17 | struct openvpn_sockaddr sa; | 17 | struct openvpn_sockaddr sa; | |
18 | CLEAR (sa); | 18 | CLEAR (sa); | |
19 | sa.addr.in4.sin_family = AF_INET; | 19 | sa.addr.in4.sin_family = AF_INET; | |
20 | -#ifdef IP_PKTINFO | 20 | -#ifdef IP_PKTINFO | |
21 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | 21 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | |
22 | sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst; | 22 | sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst; | |
23 | if_indextoname(act->pi.in4.ipi_ifindex, ifname); | 23 | if_indextoname(act->pi.in4.ipi_ifindex, ifname); | |
24 | #elif defined(IP_RECVDSTADDR) | 24 | #elif defined(IP_RECVDSTADDR) | |
25 | @@ -2651,7 +2651,7 @@ link_socket_read_tcp (struct link_socket | 25 | @@ -2721,7 +2721,7 @@ link_socket_read_udp_posix_recvmsg (stru | |
26 | struct openvpn_in4_pktinfo | 26 | #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h) | |
27 | { | |||
28 | struct cmsghdr cmsghdr; | |||
29 | -#ifdef HAVE_IN_PKTINFO | |||
30 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | |||
31 | struct in_pktinfo pi4; | |||
32 | #elif defined(IP_RECVDSTADDR) | |||
33 | struct in_addr pi4; | |||
34 | @@ -2696,7 +2696,7 @@ link_socket_read_udp_posix_recvmsg (stru | |||
35 | cmsg = CMSG_FIRSTHDR (&mesg); | |||
36 | if (cmsg != NULL | |||
37 | && CMSG_NXTHDR (&mesg, cmsg) == NULL | |||
38 | -#ifdef IP_PKTINFO | |||
39 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | |||
40 | && cmsg->cmsg_level == SOL_IP | |||
41 | && cmsg->cmsg_type == IP_PKTINFO | |||
42 | #elif defined(IP_RECVDSTADDR) | |||
43 | @@ -2707,7 +2707,7 @@ link_socket_read_udp_posix_recvmsg (stru | |||
44 | #endif | 27 | #endif | |
45 | && cmsg->cmsg_len >= sizeof (struct openvpn_in4_pktinfo)) | |||
46 | { | 28 | { | |
47 | -#ifdef IP_PKTINFO | 29 | -#ifdef IP_PKTINFO | |
48 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | 30 | +#if defined(IP_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | |
49 | struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA (cmsg); | 31 | struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA (cmsg); | |
50 | from->pi.in4.ipi_ifindex = pkti->ipi_ifindex; | 32 | from->pi.in4.ipi_ifindex = pkti->ipi_ifindex; | |
51 | from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst; | 33 | from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst; | |
52 | @@ -2802,7 +2802,7 @@ link_socket_write_udp_posix_sendmsg (str | 34 | @@ -2814,7 +2814,7 @@ link_socket_write_udp_posix_sendmsg (str | |
53 | mesg.msg_namelen = sizeof (struct sockaddr_in); | 35 | mesg.msg_namelen = sizeof (struct sockaddr_in); | |
54 | mesg.msg_control = &opi; | 36 | mesg.msg_control = pktinfo_buf; | |
55 | mesg.msg_flags = 0; | 37 | mesg.msg_flags = 0; | |
56 | -#ifdef HAVE_IN_PKTINFO | 38 | -#ifdef HAVE_IN_PKTINFO | |
57 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | 39 | +#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) | |
58 | mesg.msg_controllen = sizeof (struct openvpn_in4_pktinfo); | 40 | mesg.msg_controllen = CMSG_SPACE(sizeof (struct in_pktinfo)); | |
59 | cmsg = CMSG_FIRSTHDR (&mesg); | 41 | cmsg = CMSG_FIRSTHDR (&mesg); | |
60 | cmsg->cmsg_len = sizeof (struct openvpn_in4_pktinfo); | 42 | cmsg->cmsg_len = CMSG_LEN(sizeof (struct in_pktinfo)); |