From 3add4db0fc379ef2bb10d27f212f380411f302a5 Mon Sep 17 00:00:00 2001
From: Bian Naimeng <biannm@cn.fujitsu.com>
Date: Mon, 15 Dec 2014 14:29:00 +0800
Subject: openvpn: upgrade to 2.3.6.

The purpose of this patch as below.

 1. upgrade openvpn to 2.3.6 in order to fix CVE-2014-8104

 2. enable systemd

 3. provide new packages named ${PN}-sample to help user create config file
    easily and check whether is openvpn work.

Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
 .../openvpn/openvpn/openvpn@.service               | 12 +++++
 .../recipes-support/openvpn/openvpn_2.3.4.bb       | 33 ------------
 .../recipes-support/openvpn/openvpn_2.3.6.bb       | 63 ++++++++++++++++++++++
 3 files changed, 75 insertions(+), 33 deletions(-)
 create mode 100644 meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
 delete mode 100644 meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb
 create mode 100644 meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb

(limited to 'meta-networking')

diff --git a/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service b/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
new file mode 100644
index 0000000000..358dcb791a
--- /dev/null
+++ b/meta-networking/recipes-support/openvpn/openvpn/openvpn@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
+After=syslog.target network.target
+
+[Service]
+PrivateTmp=true
+Type=forking
+PIDFile=/var/run/openvpn/%i.pid
+ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb b/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb
deleted file mode 100644
index 1fb722a44b..0000000000
--- a/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-SUMMARY = "A full-featured SSL VPN solution via tun device."
-HOMEPAGE = "http://openvpn.sourceforge.net"
-SECTION = "console/network"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5aac200199fde47501876cba7263cb0c"
-DEPENDS = "lzo openssl iproute2 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-
-inherit autotools
-
-SRC_URI = "http://swupdate.openvpn.org/community/releases/openvpn-${PV}.tar.gz \
-           file://openvpn"
-
-SRC_URI[md5sum] = "04d47237907faabe9d046970ffe44b2e"
-SRC_URI[sha256sum] = "af506d5f48568fa8d2f2435cb3fad35f9a9a8f263999ea6df3ba296960cec85a"
-
-CFLAGS += "-fno-inline"
-
-# I want openvpn to be able to read password from file (hrw)
-EXTRA_OECONF += "--enable-password-save --enable-iproute2"
-EXTRA_OECONF += "${@base_contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}"
-
-# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
-EXTRA_OECONF += "IPROUTE=/sbin/ip"
-
-do_install_append() {
-    install -d ${D}/${sysconfdir}/init.d
-    install -d ${D}/${sysconfdir}/openvpn
-    install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
-}
-
-RRECOMMENDS_${PN} = "kernel-module-tun"
-
-FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb b/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb
new file mode 100644
index 0000000000..58ddcc813f
--- /dev/null
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.3.6.bb
@@ -0,0 +1,63 @@
+SUMMARY = "A full-featured SSL VPN solution via tun device."
+HOMEPAGE = "http://openvpn.sourceforge.net"
+SECTION = "console/network"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=5aac200199fde47501876cba7263cb0c"
+DEPENDS = "lzo openssl iproute2 ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+inherit autotools systemd
+
+SRC_URI = "http://swupdate.openvpn.org/community/releases/openvpn-${PV}.tar.gz \
+           file://openvpn \
+           file://openvpn@.service "
+
+SRC_URI[md5sum] = "6ca03fe0fd093e0d01601abee808835c"
+SRC_URI[sha256sum] = "7baed2ff39c12e1a1a289ec0b46fcc49ff094ca58b8d8d5f29b36ac649ee5b26"
+
+SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+CFLAGS += "-fno-inline"
+
+# I want openvpn to be able to read password from file (hrw)
+EXTRA_OECONF += "--enable-password-save --enable-iproute2"
+EXTRA_OECONF += "${@base_contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}"
+
+# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host.
+EXTRA_OECONF += "IPROUTE=/sbin/ip"
+
+do_install_append() {
+    install -d ${D}/${sysconfdir}/init.d
+    install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d
+
+    install -d ${D}/${sysconfdir}/openvpn
+    install -d ${D}/${sysconfdir}/openvpn/sample
+    install -m 755 ${S}/sample/sample-config-files/loopback-server  ${D}${sysconfdir}/openvpn/sample/loopback-server.conf
+    install -m 755 ${S}/sample/sample-config-files/loopback-client  ${D}${sysconfdir}/openvpn/sample/loopback-client.conf
+    install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys
+    install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys
+
+    if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}/${systemd_unitdir}/system
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service
+        install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service
+
+        install -d ${D}/${localstatedir}
+        install -d ${D}/${localstatedir}/lib
+        install -d -m 710 ${D}/${localstatedir}/lib/openvpn
+        install -d -m 755 ${D}/${localstatedir}/run/
+        install -d -m 755 ${D}/${localstatedir}/run/openvpn
+    fi
+}
+
+PACKAGES =+ " ${PN}-sample "
+
+RRECOMMENDS_${PN} = "kernel-module-tun"
+
+FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug"
+FILES_${PN} += "${systemd_unitdir}/system/openvpn@.service \
+                /run"
+FILES_${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \
+                       ${systemd_unitdir}/system/openvpn@loopback-client.service \
+                       ${sysconfdir}/openvpn/sample/"
-- 
cgit 1.2.3-korg