From 678f72c3d3a8e79b8b829cab21283e005f6d0ed5 Mon Sep 17 00:00:00 2001 From: zhengruoqin Date: Tue, 21 Dec 2021 08:06:50 +0800 Subject: openvpn: upgrade 2.5.4 -> 2.5.5 Changelog: ========= Fix error in example firewall.sh script configure: remove useless -Wno-* from default CFLAGS Add argv_insert_head__empty_argv__head_only to argv tests Move deprecation of SWEET32/64bit block size ciphers to 2.7 Include --push-remove in the output of --help. Move '--push-peer-info' documentation from 'server' to 'client options' add test case(s) to notice 'openvpn --show-cipher' crashing BUILD: enable CFG and Spectre mitigation for MSVC Fix loading PKCS12 files on Windows msvc: fix product version display msvc: add missing header to project file config-msvc.h: fix OpenSSL-related defines contrib/vcpkg-ports: remove openssl port GitHub Actions: use latest working lukka/run-vcpkg Use network address for emulated DHCP server as a default Load OpenSSL config on Windows from trusted location ring_buffer.h: fix GCC warning about unused function ssh_openssl.h: remove unused declaration vcpkg/pkcs11-helper: compatibility with latest vcpkg config-msvc.h: indicate key material export support Don't use BF-CBC in unit tests if we don't have it Define have_blowfish variable in ncp unit tests doc link-options.rst: Use free open-source dynamic-DNS provider URL Fix some more wrong defines in config-msvc.h Ensure the current common_name is in the environment for scripts Require EC key support in Windows builds resolvconf fails with -p Update IRC information in CONTRIBUTING.rst doc/man (vpn-network-options): fix foreign_option_{n} typo README.down-root: Fix plugin module name Signed-off-by: Zheng Ruoqin Signed-off-by: Khem Raj (cherry picked from commit 2867330535cd93067d1fc005f0cdf5984a4c43fb) [2.5.x is a stable branch] Signed-off-by: Armin Kuster --- .../recipes-support/openvpn/openvpn_2.5.4.bb | 75 ---------------------- .../recipes-support/openvpn/openvpn_2.5.5.bb | 75 ++++++++++++++++++++++ 2 files changed, 75 insertions(+), 75 deletions(-) delete mode 100644 meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb create mode 100644 meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb deleted file mode 100644 index 6b588a5f50..0000000000 --- a/meta-networking/recipes-support/openvpn/openvpn_2.5.4.bb +++ /dev/null @@ -1,75 +0,0 @@ -SUMMARY = "A full-featured SSL VPN solution via tun device." -HOMEPAGE = "https://openvpn.net/" -SECTION = "net" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=377a495e6f12b2a3adcee797e59540b8" -DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" - -inherit autotools systemd update-rc.d - -SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ - file://openvpn \ - file://openvpn@.service \ - file://openvpn-volatile.conf" - -UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" - -SRC_URI[sha256sum] = "f80f3c3df1b94a8892ae547df84f152583250684a24bd022ccc98ef56fa93d97" - -# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. -CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569" - -SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service" -SYSTEMD_AUTO_ENABLE = "disable" - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME:${PN} = "openvpn" -INITSCRIPT_PARAMS:${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ." - -CFLAGS += "-fno-inline" - -# I want openvpn to be able to read password from file (hrw) -EXTRA_OECONF += "--enable-iproute2" -EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}" - -# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host. -EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip" - -do_install:append() { - install -d ${D}/${sysconfdir}/init.d - install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d - - install -d ${D}/${sysconfdir}/openvpn - install -d ${D}/${sysconfdir}/openvpn/sample - install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf - install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf - install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys - install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}/${systemd_unitdir}/system - install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system - install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service - install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service - - install -d ${D}/${localstatedir} - install -d ${D}/${localstatedir}/lib - install -d -m 710 ${D}/${localstatedir}/lib/openvpn - - install -d ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf - sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf - fi -} - -PACKAGES =+ " ${PN}-sample " - -RRECOMMENDS:${PN} = "kernel-module-tun" - -FILES:${PN}-dbg += "${libdir}/openvpn/plugins/.debug" -FILES:${PN} += "${systemd_unitdir}/system/openvpn@.service \ - ${sysconfdir}/tmpfiles.d \ - " -FILES:${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \ - ${systemd_unitdir}/system/openvpn@loopback-client.service \ - ${sysconfdir}/openvpn/sample/" diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb new file mode 100644 index 0000000000..2dc3af6bf9 --- /dev/null +++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.5.bb @@ -0,0 +1,75 @@ +SUMMARY = "A full-featured SSL VPN solution via tun device." +HOMEPAGE = "https://openvpn.net/" +SECTION = "net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=377a495e6f12b2a3adcee797e59540b8" +DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +inherit autotools systemd update-rc.d + +SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ + file://openvpn \ + file://openvpn@.service \ + file://openvpn-volatile.conf" + +UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" + +SRC_URI[sha256sum] = "7500df4734173bce2e95b5039079119dacaff121650b2b6ca76d2dc68bdac1c5" + +# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. +CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569" + +SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service" +SYSTEMD_AUTO_ENABLE = "disable" + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME:${PN} = "openvpn" +INITSCRIPT_PARAMS:${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ." + +CFLAGS += "-fno-inline" + +# I want openvpn to be able to read password from file (hrw) +EXTRA_OECONF += "--enable-iproute2" +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}" + +# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host. +EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip" + +do_install:append() { + install -d ${D}/${sysconfdir}/init.d + install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d + + install -d ${D}/${sysconfdir}/openvpn + install -d ${D}/${sysconfdir}/openvpn/sample + install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf + install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf + install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys + install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service + + install -d ${D}/${localstatedir} + install -d ${D}/${localstatedir}/lib + install -d -m 710 ${D}/${localstatedir}/lib/openvpn + + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + fi +} + +PACKAGES =+ " ${PN}-sample " + +RRECOMMENDS:${PN} = "kernel-module-tun" + +FILES:${PN}-dbg += "${libdir}/openvpn/plugins/.debug" +FILES:${PN} += "${systemd_unitdir}/system/openvpn@.service \ + ${sysconfdir}/tmpfiles.d \ + " +FILES:${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \ + ${systemd_unitdir}/system/openvpn@loopback-client.service \ + ${sysconfdir}/openvpn/sample/" -- cgit 1.2.3-korg