1 |
commit: 8c4f3aa54d28bdad0c81d689a06d3a520be8f752 |
2 |
Author: Aaron Bauman <bman <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Dec 1 10:05:36 2018 +0000 |
4 |
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Dec 1 10:05:36 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c4f3aa5 |
7 |
|
8 |
net-vpn/openvpn: drop vulnerable wrt bug #654028 |
9 |
|
10 |
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org> |
11 |
|
12 |
net-vpn/openvpn/Manifest | 2 - |
13 |
net-vpn/openvpn/openvpn-2.4.4.ebuild | 157 ---------------------------------- |
14 |
net-vpn/openvpn/openvpn-2.4.5.ebuild | 158 ----------------------------------- |
15 |
3 files changed, 317 deletions(-) |
16 |
|
17 |
diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest |
18 |
index a6cf60bfcb5..c92708270b1 100644 |
19 |
--- a/net-vpn/openvpn/Manifest |
20 |
+++ b/net-vpn/openvpn/Manifest |
21 |
@@ -1,4 +1,2 @@ |
22 |
DIST mock_msg.h 1356 BLAKE2B da7585cfeee89c0a4d3aa6326de6e2324804ed2a57a0e8bf7c2e51b25a91a8e1fcf9d29bba90fe58e40bf0197793a76fc1e83d8b6d677228cdc5e5333253b1a3 SHA512 930775a5837bc7f97a26817ea028782d555e0e71ba06b04c39941f4c01bbc3ca0a5dc63bcf19dc694e0e746b3a382f22daf6a6373a3443c5afd7398cbaaef6ea |
23 |
-DIST openvpn-2.4.4.tar.gz 1390194 BLAKE2B 52aa5b9d301b4b5a14acf685f4d4c520d5ec1aa06755262a8504a4c3bb5ee1b8435f68eb4278f25b900f9ae182f31688ef36e4e839ec7a211ad6aba0f76a897a SHA512 3c3cb77397569e21c5af52b065b081714ce53e2dd0b890c881de8e57220dc23d97cd61eaf5a6bf8e5e89186414c4c93da22a3ab65f4b61f80b04d862b4116e76 |
24 |
-DIST openvpn-2.4.5.tar.gz 1430930 BLAKE2B 3ff1324b18fdc24109085a4958401e6d5636b5dc47d30e21392c17410625215bb20473409410ed74995a1b4bb2650ed62217b64b9184805a15ac1ff64a7a8a73 SHA512 a2e3e23bb5374e26d5af393f75686af1962980838c46aee062bc65cc9ffb6f1d20c2c261d1f9abae56ff84a5d22da4a5edb21e39943b33f4a205f809190383c6 |
25 |
DIST openvpn-2.4.6.tar.gz 1431971 BLAKE2B 1ab0746a845fc56bf738c1730cc187c27f61d5bb763df149640978f0bf87450a01e3e40372265440f1aae4e1c58b6d9a1ee1f2aade970d19fd8e8813e0b487a7 SHA512 cdd70bfd03177bc6cb70d0d614e40389df00816b7097740b4cda9d7bee094d1463fdb5afeaf604c52c7b3167d1edb098a2e095e131a8b9fed0ed8b29da90cbe8 |
26 |
|
27 |
diff --git a/net-vpn/openvpn/openvpn-2.4.4.ebuild b/net-vpn/openvpn/openvpn-2.4.4.ebuild |
28 |
deleted file mode 100644 |
29 |
index cce5cb024e1..00000000000 |
30 |
--- a/net-vpn/openvpn/openvpn-2.4.4.ebuild |
31 |
+++ /dev/null |
32 |
@@ -1,157 +0,0 @@ |
33 |
-# Copyright 1999-2018 Gentoo Foundation |
34 |
-# Distributed under the terms of the GNU General Public License v2 |
35 |
- |
36 |
-EAPI=6 |
37 |
- |
38 |
-inherit autotools flag-o-matic user systemd linux-info |
39 |
- |
40 |
-DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" |
41 |
-SRC_URI="https://swupdate.openvpn.net/community/releases/${P}.tar.gz |
42 |
- test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" |
43 |
-HOMEPAGE="https://openvpn.net/" |
44 |
- |
45 |
-LICENSE="GPL-2" |
46 |
-SLOT="0" |
47 |
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" |
48 |
- |
49 |
-IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" |
50 |
-IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD" |
51 |
- |
52 |
-REQUIRED_USE="static? ( !plugins !pkcs11 ) |
53 |
- mbedtls? ( ssl !libressl ) |
54 |
- pkcs11? ( ssl ) |
55 |
- !plugins? ( !pam !down-root ) |
56 |
- inotify? ( plugins )" |
57 |
- |
58 |
-CDEPEND=" |
59 |
- kernel_linux? ( |
60 |
- iproute2? ( sys-apps/iproute2[-minimal] ) |
61 |
- !iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 ) |
62 |
- ) |
63 |
- pam? ( virtual/pam ) |
64 |
- ssl? ( |
65 |
- !mbedtls? ( |
66 |
- !libressl? ( >=dev-libs/openssl-0.9.8:* ) |
67 |
- libressl? ( dev-libs/libressl ) |
68 |
- ) |
69 |
- mbedtls? ( net-libs/mbedtls ) |
70 |
- ) |
71 |
- lz4? ( app-arch/lz4 ) |
72 |
- lzo? ( >=dev-libs/lzo-1.07 ) |
73 |
- pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) |
74 |
- systemd? ( sys-apps/systemd )" |
75 |
-DEPEND="${CDEPEND} |
76 |
- test? ( dev-util/cmocka )" |
77 |
-RDEPEND="${CDEPEND} |
78 |
- selinux? ( sec-policy/selinux-openvpn )" |
79 |
- |
80 |
-CONFIG_CHECK="~TUN" |
81 |
- |
82 |
-PATCHES=( |
83 |
- "${FILESDIR}/${PN}-external-cmocka.patch" |
84 |
-) |
85 |
- |
86 |
-pkg_setup() { |
87 |
- linux-info_pkg_setup |
88 |
-} |
89 |
- |
90 |
-src_prepare() { |
91 |
- default |
92 |
- eautoreconf |
93 |
- |
94 |
- if use test; then |
95 |
- cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die |
96 |
- fi |
97 |
-} |
98 |
- |
99 |
-src_configure() { |
100 |
- use static && append-ldflags -Xcompiler -static |
101 |
- SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ |
102 |
- TMPFILES_DIR="/usr/lib/tmpfiles.d" \ |
103 |
- IFCONFIG=/bin/ifconfig \ |
104 |
- ROUTE=/bin/route \ |
105 |
- econf \ |
106 |
- $(usex mbedtls '--with-crypto-library=mbedtls' '') \ |
107 |
- $(use_enable inotify async-push) \ |
108 |
- $(use_enable ssl crypto) \ |
109 |
- $(use_enable lz4) \ |
110 |
- $(use_enable lzo) \ |
111 |
- $(use_enable pkcs11) \ |
112 |
- $(use_enable plugins) \ |
113 |
- $(use_enable iproute2) \ |
114 |
- $(use_enable pam plugin-auth-pam) \ |
115 |
- $(use_enable down-root plugin-down-root) \ |
116 |
- $(use_enable test tests) \ |
117 |
- $(use_enable systemd) |
118 |
-} |
119 |
- |
120 |
-src_test() { |
121 |
- make check || die "top-level tests failed" |
122 |
- pushd tests/unit_tests > /dev/null || die |
123 |
- make check || die "unit tests failed" |
124 |
- popd > /dev/null || die |
125 |
-} |
126 |
- |
127 |
-src_install() { |
128 |
- default |
129 |
- find "${ED}/usr" -name '*.la' -delete |
130 |
- # install documentation |
131 |
- dodoc AUTHORS ChangeLog PORTS README README.IPv6 |
132 |
- |
133 |
- # Install some helper scripts |
134 |
- keepdir /etc/openvpn |
135 |
- exeinto /etc/openvpn |
136 |
- doexe "${FILESDIR}/up.sh" |
137 |
- doexe "${FILESDIR}/down.sh" |
138 |
- |
139 |
- # Install the init script and config file |
140 |
- newinitd "${FILESDIR}/${PN}-2.1.init" openvpn |
141 |
- newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn |
142 |
- |
143 |
- # install examples, controlled by the respective useflag |
144 |
- if use examples ; then |
145 |
- # dodoc does not supportly support directory traversal, #15193 |
146 |
- insinto /usr/share/doc/${PF}/examples |
147 |
- doins -r sample contrib |
148 |
- fi |
149 |
-} |
150 |
- |
151 |
-pkg_postinst() { |
152 |
- # Add openvpn user so openvpn servers can drop privs |
153 |
- # Clients should run as root so they can change ip addresses, |
154 |
- # dns information and other such things. |
155 |
- enewgroup openvpn |
156 |
- enewuser openvpn "" "" "" openvpn |
157 |
- |
158 |
- if use x64-macos; then |
159 |
- elog "You might want to install tuntaposx for TAP interface support:" |
160 |
- elog "http://tuntaposx.sourceforge.net" |
161 |
- fi |
162 |
- |
163 |
- elog "The openvpn init script expects to find the configuration file" |
164 |
- elog "openvpn.conf in /etc/openvpn along with any extra files it may need." |
165 |
- elog "" |
166 |
- elog "To create more VPNs, simply create a new .conf file for it and" |
167 |
- elog "then create a symlink to the openvpn init script from a link called" |
168 |
- elog "openvpn.newconfname - like so" |
169 |
- elog " cd /etc/openvpn" |
170 |
- elog " ${EDITOR##*/} foo.conf" |
171 |
- elog " cd /etc/init.d" |
172 |
- elog " ln -s openvpn openvpn.foo" |
173 |
- elog "" |
174 |
- elog "You can then treat openvpn.foo as any other service, so you can" |
175 |
- elog "stop one vpn and start another if you need to." |
176 |
- |
177 |
- if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then |
178 |
- ewarn "" |
179 |
- ewarn "WARNING: If you use the remote keyword then you are deemed to be" |
180 |
- ewarn "a client by our init script and as such we force up,down scripts." |
181 |
- ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" |
182 |
- ewarn "can move your scripts to." |
183 |
- fi |
184 |
- |
185 |
- if use plugins ; then |
186 |
- einfo "" |
187 |
- einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" |
188 |
- fi |
189 |
-} |
190 |
|
191 |
diff --git a/net-vpn/openvpn/openvpn-2.4.5.ebuild b/net-vpn/openvpn/openvpn-2.4.5.ebuild |
192 |
deleted file mode 100644 |
193 |
index 2af9fe7d179..00000000000 |
194 |
--- a/net-vpn/openvpn/openvpn-2.4.5.ebuild |
195 |
+++ /dev/null |
196 |
@@ -1,158 +0,0 @@ |
197 |
-# Copyright 1999-2018 Gentoo Foundation |
198 |
-# Distributed under the terms of the GNU General Public License v2 |
199 |
- |
200 |
-EAPI=6 |
201 |
- |
202 |
-inherit autotools flag-o-matic user systemd linux-info |
203 |
- |
204 |
-DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" |
205 |
-SRC_URI="https://swupdate.openvpn.net/community/releases/${P}.tar.gz |
206 |
- test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )" |
207 |
-HOMEPAGE="https://openvpn.net/" |
208 |
- |
209 |
-LICENSE="GPL-2" |
210 |
-SLOT="0" |
211 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" |
212 |
- |
213 |
-IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam" |
214 |
-IUSE+=" pkcs11 +plugins selinux +ssl static systemd test userland_BSD" |
215 |
- |
216 |
-REQUIRED_USE="static? ( !plugins !pkcs11 ) |
217 |
- mbedtls? ( ssl !libressl ) |
218 |
- pkcs11? ( ssl ) |
219 |
- !plugins? ( !pam !down-root ) |
220 |
- inotify? ( plugins )" |
221 |
- |
222 |
-CDEPEND=" |
223 |
- kernel_linux? ( |
224 |
- iproute2? ( sys-apps/iproute2[-minimal] ) |
225 |
- !iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 ) |
226 |
- ) |
227 |
- pam? ( virtual/pam ) |
228 |
- ssl? ( |
229 |
- !mbedtls? ( |
230 |
- !libressl? ( >=dev-libs/openssl-0.9.8:* ) |
231 |
- libressl? ( dev-libs/libressl ) |
232 |
- ) |
233 |
- mbedtls? ( net-libs/mbedtls ) |
234 |
- ) |
235 |
- lz4? ( app-arch/lz4 ) |
236 |
- lzo? ( >=dev-libs/lzo-1.07 ) |
237 |
- pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) |
238 |
- systemd? ( sys-apps/systemd )" |
239 |
-DEPEND="${CDEPEND} |
240 |
- test? ( dev-util/cmocka )" |
241 |
-RDEPEND="${CDEPEND} |
242 |
- selinux? ( sec-policy/selinux-openvpn )" |
243 |
- |
244 |
-CONFIG_CHECK="~TUN" |
245 |
- |
246 |
-PATCHES=( |
247 |
- "${FILESDIR}/${PN}-external-cmocka.patch" |
248 |
- "${FILESDIR}/${P}-libressl-macro-fix.patch" |
249 |
-) |
250 |
- |
251 |
-pkg_setup() { |
252 |
- linux-info_pkg_setup |
253 |
-} |
254 |
- |
255 |
-src_prepare() { |
256 |
- default |
257 |
- eautoreconf |
258 |
- |
259 |
- if use test; then |
260 |
- cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die |
261 |
- fi |
262 |
-} |
263 |
- |
264 |
-src_configure() { |
265 |
- use static && append-ldflags -Xcompiler -static |
266 |
- SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \ |
267 |
- TMPFILES_DIR="/usr/lib/tmpfiles.d" \ |
268 |
- IFCONFIG=/bin/ifconfig \ |
269 |
- ROUTE=/bin/route \ |
270 |
- econf \ |
271 |
- $(usex mbedtls '--with-crypto-library=mbedtls' '') \ |
272 |
- $(use_enable inotify async-push) \ |
273 |
- $(use_enable ssl crypto) \ |
274 |
- $(use_enable lz4) \ |
275 |
- $(use_enable lzo) \ |
276 |
- $(use_enable pkcs11) \ |
277 |
- $(use_enable plugins) \ |
278 |
- $(use_enable iproute2) \ |
279 |
- $(use_enable pam plugin-auth-pam) \ |
280 |
- $(use_enable down-root plugin-down-root) \ |
281 |
- $(use_enable test tests) \ |
282 |
- $(use_enable systemd) |
283 |
-} |
284 |
- |
285 |
-src_test() { |
286 |
- make check || die "top-level tests failed" |
287 |
- pushd tests/unit_tests > /dev/null || die |
288 |
- make check || die "unit tests failed" |
289 |
- popd > /dev/null || die |
290 |
-} |
291 |
- |
292 |
-src_install() { |
293 |
- default |
294 |
- find "${ED}/usr" -name '*.la' -delete |
295 |
- # install documentation |
296 |
- dodoc AUTHORS ChangeLog PORTS README README.IPv6 |
297 |
- |
298 |
- # Install some helper scripts |
299 |
- keepdir /etc/openvpn |
300 |
- exeinto /etc/openvpn |
301 |
- doexe "${FILESDIR}/up.sh" |
302 |
- doexe "${FILESDIR}/down.sh" |
303 |
- |
304 |
- # Install the init script and config file |
305 |
- newinitd "${FILESDIR}/${PN}-2.1.init" openvpn |
306 |
- newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn |
307 |
- |
308 |
- # install examples, controlled by the respective useflag |
309 |
- if use examples ; then |
310 |
- # dodoc does not supportly support directory traversal, #15193 |
311 |
- insinto /usr/share/doc/${PF}/examples |
312 |
- doins -r sample contrib |
313 |
- fi |
314 |
-} |
315 |
- |
316 |
-pkg_postinst() { |
317 |
- # Add openvpn user so openvpn servers can drop privs |
318 |
- # Clients should run as root so they can change ip addresses, |
319 |
- # dns information and other such things. |
320 |
- enewgroup openvpn |
321 |
- enewuser openvpn "" "" "" openvpn |
322 |
- |
323 |
- if use x64-macos; then |
324 |
- elog "You might want to install tuntaposx for TAP interface support:" |
325 |
- elog "http://tuntaposx.sourceforge.net" |
326 |
- fi |
327 |
- |
328 |
- elog "The openvpn init script expects to find the configuration file" |
329 |
- elog "openvpn.conf in /etc/openvpn along with any extra files it may need." |
330 |
- elog "" |
331 |
- elog "To create more VPNs, simply create a new .conf file for it and" |
332 |
- elog "then create a symlink to the openvpn init script from a link called" |
333 |
- elog "openvpn.newconfname - like so" |
334 |
- elog " cd /etc/openvpn" |
335 |
- elog " ${EDITOR##*/} foo.conf" |
336 |
- elog " cd /etc/init.d" |
337 |
- elog " ln -s openvpn openvpn.foo" |
338 |
- elog "" |
339 |
- elog "You can then treat openvpn.foo as any other service, so you can" |
340 |
- elog "stop one vpn and start another if you need to." |
341 |
- |
342 |
- if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then |
343 |
- ewarn "" |
344 |
- ewarn "WARNING: If you use the remote keyword then you are deemed to be" |
345 |
- ewarn "a client by our init script and as such we force up,down scripts." |
346 |
- ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" |
347 |
- ewarn "can move your scripts to." |
348 |
- fi |
349 |
- |
350 |
- if use plugins ; then |
351 |
- einfo "" |
352 |
- einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins" |
353 |
- fi |
354 |
-} |