OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=3

2008-01-17 23:04:41 +00:00 · 2008-01-17 23:04:41 +00:00 · 27b31a3854
commit 27b31a3854
parent abfd03898f
6 changed files with 261 additions and 41 deletions
--- a/openvpn-2.0.9-plugin-build.dif
+++ b/openvpn-2.0.9-plugin-build.dif
@ -0,0 +1,39 @@
 --- plugin/auth-pam/Makefile
 +++ plugin/auth-pam/Makefile	2008/01/17 14:23:16
@@ -4,7 +4,7 @@
 # If PAM modules are not linked against libpam.so, set DLOPEN_PAM to 1. This
 # must be done on SUSE 9.1, at least.
 -DLOPEN_PAM=1
 +DLOPEN_PAM=0
 ifeq ($(DLOPEN_PAM),1)
 	LIBPAM=-ldl
@@ -15,10 +15,10 @@
 # This directory is where we will look for openvpn-plugin.h
 INCLUDE=-I../..
 -CC_FLAGS=-O2 -Wall -DDLOPEN_PAM=$(DLOPEN_PAM)
 +CC_FLAGS=$(CFLAGS) -DDLOPEN_PAM=$(DLOPEN_PAM)
 openvpn-auth-pam.so : auth-pam.o pamdl.o
 -	gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
 +	gcc ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o pamdl.o -lc $(LIBPAM)
 auth-pam.o : auth-pam.c pamdl.h
 	gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} auth-pam.c
 --- plugin/down-root/Makefile
 +++ plugin/down-root/Makefile	2008/01/17 14:23:39
@@ -5,10 +5,10 @@
 # This directory is where we will look for openvpn-plugin.h
 INCLUDE=-I../..
 -CC_FLAGS=-O2 -Wall
 +CC_FLAGS=${CFLAGS}
 down-root.so : down-root.o
 -	gcc ${CC_FLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
 +	gcc ${LDFLAGS} -fPIC -shared -Wl,-soname,openvpn-down-root.so -o openvpn-down-root.so down-root.o -lc
 down-root.o : down-root.c
 	gcc ${CC_FLAGS} -fPIC -c ${INCLUDE} down-root.c
--- a/openvpn-2.0.9-plugin-dir.dif
+++ b/openvpn-2.0.9-plugin-dir.dif
@ -0,0 +1,30 @@
 --- plugin.c
 +++ plugin.c	2007/11/28 08:58:20
@@ -182,7 +182,26 @@ plugin_init_item (struct plugin *p, cons
   p->plugin_type_mask = plugin_supported_types ();
 #if defined(USE_LIBDL)
 -  p->handle = dlopen (p->so_pathname, RTLD_NOW);
 +  p->handle = NULL;
 +#if defined(PLUGIN_LIBDIR)
 +  if (!strchr(p->so_pathname, '/'))
 +  {
 +    char  full[PATH_MAX], *name;
 +
 +    snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname);
 +    p->handle = dlopen (full, RTLD_NOW);
 +#if defined(ENABLE_PLUGIN_SEARCH)
 +    if (!p->handle)
 +    {
 +      p->handle = dlopen (p->so_pathname, RTLD_NOW);
 +    }
 +#endif
 +  }
 +  else
 +#endif
 +  {
 +    p->handle = dlopen (p->so_pathname, RTLD_NOW);
 +  }
   if (!p->handle)
     msg (M_ERR, "PLUGIN_INIT: could not load plugin shared object %s: %s", p->so_pathname, dlerror());
   libdl_resolve_symbol (p->handle, (void*)&p->open,  "openvpn_plugin_open_v1", p->so_pathname, PLUGIN_SYMBOL_REQUIRED);
--- a/openvpn-2.0.9-plugin-man.dif
+++ b/openvpn-2.0.9-plugin-man.dif
@ -0,0 +1,18 @@
 --- openvpn.8
 +++ openvpn.8	2008/01/17 13:53:02
@@ -2117,11 +2117,10 @@
 folder of the OpenVPN source distribution.
 If you are using an RPM install of OpenVPN, see
 -/usr/share/openvpn/plugin.  The documentation is
 -in
 -.B doc
 -and the actual plugin modules are in
 -.B lib.
 +@PLUGIN_DIR@. The actual plugin modules are in
 +.B @PLUGIN_LIBDIR@
 +and the documentation is in
 +.B @PLUGIN_DOCDIR@.
 Multiple plugin modules can be cascaded, and modules can be
 used in tandem with scripts.  The modules will be called by
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,3 +1,15 @@
 -------------------------------------------------------------------
 Thu Jan 17 19:44:41 CET 2008 - mt@suse.de
 - Bug #334773: Enabled build of down-root and auth-pam plugins,
  sub-packaged as openvpn-auth-pam-plugin/down-root-plugin.
 - Added patch to load plugins from /usr/%_lib/openvpn/plugin/lib
  first, when the plugin name is specified as basename only.
 - Added patch adoptiong plugin path informations in openvpn.8.
 - Added patch to build plugins with RPM_OPT_FLAGS.
 - Fixed init script to use Should-Start/Stop LSB info tags.
 - Bug #343106: Enabled iproute2 support / usage
 -------------------------------------------------------------------
 Mon Jun  4 10:14:03 CEST 2007 - mt@suse.de
--- a/openvpn.init
+++ b/openvpn.init
@ -13,9 +13,9 @@
 ### BEGIN INIT INFO
 # Provides:			openvpn
 # Required-Start:		$local_fs $remote_fs $network 
-# X-UnitedLinux-Should-Start:	$syslog
+# Should-Start:			$syslog
 # Required-Stop:		$local_fs $remote_fs $network
-# X-UnitedLinux-Should-Stop:	$syslog 
+# Should-Stop:			$syslog 
 # Default-Start:		3 5
 # Default-Stop:			0 1 2 6
 # Short-Description:		OpenVPN tunnel
--- a/openvpn.spec
+++ b/openvpn.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openvpn (Version 2.0.9)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -11,25 +11,97 @@
 # norootforbuild
 Name:           openvpn
-BuildRequires:  lzo-devel openssl-devel
+Url:            http://openvpn.net/
-URL:            http://openvpn.sourceforge.net/
+License:        GPL v2 or later; LGPL v2.1 or later
 License:        GNU General Public License (GPL), GNU Library General Public License v. 2.0 and 2.1 (LGPL)
 Group:          Productivity/Networking/Security
-Autoreqprov:    on
+AutoReqProv:    on
 %if 0%{?suse_version}
 PreReq:         %insserv_prereq %fillup_prereq
 %endif
 Version:        2.0.9
-Release:        22
+Release:        61
-Summary:        Create VPN over Wireless and Ethernet Networks using a Tun Device
+Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 Source:         http://openvpn.net/release/openvpn-%{version}.tar.gz
 Source1:        http://openvpn.net/signatures/openvpn-%{version}.tar.gz.asc
 Source2:        openvpn.init
 Source3:        openvpn.README.SUSE
 Patch1:         %{name}-%{version}-plugin-dir.dif
 Patch2:         %{name}-%{version}-plugin-man.dif
 Patch3:         %{name}-%{version}-plugin-build.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  lzo-devel openssl-devel
 BuildRequires:  pam-devel
 %define         plugin_dir        %{_libdir}/%{name}/plugin
 %define         plugin_libdir     %{plugin_dir}/lib
 %description
-Create VPN over wireless and ethernet networks using a tun device.
+OpenVPN is a full-featured SSL VPN solution which can accomodate a wide
 range of configurations, including remote access, site-to-site VPNs,
 WiFi security, and enterprise-scale remote access solutions with load
 balancing, failover, and fine-grained access-controls.
 OpenVPN implements OSI layer 2 or 3 secure network extension using the
 industry standard SSL/TLS protocol, supports flexible client
 authentication methods based on certificates, smart cards, and/or
 2-factor authentication, and allows user or group-specific access
 control policies using firewall rules applied to the VPN virtual
 interface.
 OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD,
 NetBSD, Mac OS X, and Solaris.
 OpenVPN is not a web application proxy and does not operate through a
 web browser.
 Authors:
 --------
    James Yonan <jim@yonan.net>
 %package down-root-plugin
 Summary:        OpenVPN down-root plugin
 Group:          Productivity/Networking/Security
 AutoReqProv:    on
 Requires:       %{name} = %{version}
 %description down-root-plugin
 The OpenVPN down-root plugin allows an OpenVPN configuration to call a
 down script with root privileges, even when privileges have been
 dropped using --user/--group/--chroot.
 This module uses a split privilege execution model which will fork()
 before OpenVPN drops root privileges, at the point where the --up
 script is usually called.  The plugin will then remain in a wait state
 until it receives a message from OpenVPN via pipe to execute the down
 script.  Thus, the down script will be run in the same execution
 environment as the up script.
 Authors:
 --------
    James Yonan <jim@yonan.net>
 %package auth-pam-plugin
 Summary:        OpenVPN auth-pam plugin
 Group:          Productivity/Networking/Security
 AutoReqProv:    on
 Requires:       %{name} = %{version}
 %description auth-pam-plugin
 The OpenVPN auth-pam plugin implements username/password authentication
 via PAM, and essentially allows any authentication method supported by
 PAM (such as LDAP, RADIUS, or Linux Shadow passwords) to be used with
 OpenVPN.
 While PAM supports username/password authentication, this can be
 combined with X509 certificates to provide two indepedent levels of
 authentication.
 This plugin uses a split privilege execution model which will function
 even if you drop openvpn daemon privileges using the user, group, or
 chroot directives.
@ -38,24 +110,43 @@ Authors:
    James Yonan <jim@yonan.net>
 %prep
-%setup
+%setup -q
 %patch1 -p0
 %patch2 -p0
 %patch3 -p0
 sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \
    -e "s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g" \
    -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \
    -i openvpn.8
 %build
 autoreconf -fi
 export CFLAGS="$RPM_OPT_FLAGS -Wall"
-export LDFLAGS=
+export LDFLAGS=""
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version}%{?!suse_version:99999} > 930
 CFLAGS="$CFLAGS -fPIE"
 LDFLAGS="$LDFLAGS -pie"
 %endif
 CFLAGS="$CFLAGS -DPLUGIN_LIBDIR='\"%{_libdir}/%{name}/plugin/lib\"' -DENABLE_PLUGIN_SEARCH" \
 %configure \
-	--enable-pthread \
+	--enable-pthread --enable-iproute2 \
 	--with-lzo-headers=%_includedir/lzo
 make
 #
 # Build down-root plugin
 #
 pushd plugin/down-root
 make
 popd
 #
 # Build auth-pam plugin
 #
 pushd plugin/auth-pam
 make
 popd
 %install
 rm -rf $RPM_BUILD_ROOT
 make DESTDIR=$RPM_BUILD_ROOT install
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn
 mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn
@ -72,6 +163,16 @@ chmod +x easy-rsa/revoke-crt
 chmod +x easy-rsa/make-crl
 chmod +x easy-rsa/list-crl
 cp -a easy-rsa $RPM_BUILD_ROOT/%{_datadir}/openvpn/
 #
 # Install the plugins
 #
 install -d -m 755 $RPM_BUILD_ROOT%{plugin_libdir}/
 mv -f plugin/README README.plugins
 for pi in auth-pam down-root; do
 	mv -f plugin/$pi/README README.$pi
 	install -m 755 plugin/$pi/openvpn-$pi.so \
 		$RPM_BUILD_ROOT%{plugin_libdir}/
 done
 %clean
 if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
@ -89,7 +190,7 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
 %files
 %defattr(-,root,root)
 %doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS PORTS README
-%doc README.SUSE
+%doc README.*
 %doc contrib
 %doc management
 %doc sample-config-files
@ -104,26 +205,46 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
 %dir %{_localstatedir}/run/openvpn
 %dir %{_datadir}/openvpn
 %{_datadir}/openvpn/easy-rsa
 %dir %{_libdir}/%{name}
 %dir %{plugin_dir}
 %dir %{plugin_libdir}
 %files down-root-plugin
 %defattr(-,root,root)
 %{plugin_libdir}/openvpn-down-root.so
 %files auth-pam-plugin
 %defattr(-,root,root)
 %{plugin_libdir}/openvpn-auth-pam.so
 %changelog
-* Mon Jun 04 2007 - mt@suse.de
+* Thu Jan 17 2008 mt@suse.de
 - Bug #334773: Enabled build of down-root and auth-pam plugins,
  sub-packaged as openvpn-auth-pam-plugin/down-root-plugin.
 - Added patch to load plugins from /usr/%%_lib/openvpn/plugin/lib
  first, when the plugin name is specified as basename only.
 - Added patch adoptiong plugin path informations in openvpn.8.
 - Added patch to build plugins with RPM_OPT_FLAGS.
 - Fixed init script to use Should-Start/Stop LSB info tags.
 - Bug #343106: Enabled iproute2 support / usage
 * Mon Jun 04 2007 mt@suse.de
 - fixed easy-rsa installation (no exec in doc directory)
 - improved spec to use configure directory variables and
  cleaned up macro calls in RPM pre/post scripts.
 - fixed openvpn binary check in the init script.
-* Fri Oct 27 2006 - mt@suse.de
+* Fri Oct 27 2006 mt@suse.de
 - upstream 2.0.9, Windows related fixes only
  * Windows installer updated with OpenSSL 0.9.7l DLLs to fix
  published vulnerabilities.
  * Fixed TAP-Win32 bug that caused BSOD on Windows Vista
  (Henry Nestler).  The TAP-Win32 driver has now been
  upgraded to version 8.4.
-* Wed Sep 27 2006 - poeml@suse.de
+* Wed Sep 27 2006 poeml@suse.de
 - upstream 2.0.8
  * Windows installer updated with OpenSSL 0.9.7k DLLs to fix
  RSA Signature Forgery (CVE-2006-4339).
  * No changes to OpenVPN source code between 2.0.7 and 2.0.8.
-* Fri Jun 23 2006 - poeml@suse.de
+* Fri Jun 23 2006 poeml@suse.de
 - upstream 2.0.7, with bug fixes:
  * When deleting routes under Linux, use the route metric
  as a differentiator to ensure that the route teardown
@ -148,12 +269,12 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
  * fix for CVE-2006-1629 integrated (disallow "setenv" to be pushed
  to clients from the server)
 - build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
-* Wed Apr 19 2006 - poeml@suse.de
+* Wed Apr 19 2006 poeml@suse.de
 - security fix (CVE-2006-1629): disallow "setenv" to be pushed to
  clients from the server [#165123]
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
 - converted neededforbuild to BuildRequires
-* Thu Nov 03 2005 - poeml@suse.de
+* Thu Nov 03 2005 poeml@suse.de
 - update to 2.0.5, with two security fixes -- see below. [#132003]
  2005.11.02 -- Version 2.0.5
  * Fixed bug in Linux get_default_gateway function
@ -202,13 +323,13 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
  registered on Windows.
  * Fixed a bug where --mode server --proto tcp-server --cipher none
  operation could cause tunnel packet truncation.
-* Tue Aug 30 2005 - poeml@suse.de
+* Tue Aug 30 2005 poeml@suse.de
 - update to 2.0.2 [#106258] relevant changes:
  * Fixed bug where "--proto tcp-server --mode p2p --management
  host port" would cause the management port to not respond until
  the OpenVPN peer connects.
  * Modified pkitool script to be /bin/sh compatible (Johnny Lam).
-* Tue Aug 23 2005 - poeml@suse.de
+* Tue Aug 23 2005 poeml@suse.de
 - update to 2.0.1 [#106258]
  * Security Fix -- DoS attack against server when run with "verb 0" and
  without "tls-auth".  If a client connection to the server fails
@ -251,47 +372,47 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
  would fail to build.
  * Implement "make check" to perform loopback tests (Matthias Andree).
 - drop obsolete patch which fixed finding lzo libraries
-* Tue Jun 28 2005 - mrueckert@suse.de
+* Tue Jun 28 2005 mrueckert@suse.de
 - The previous patch didnt work with lzo1 based distros. Fixed.
-* Tue Jun 28 2005 - cthiel@suse.de
+* Tue Jun 28 2005 cthiel@suse.de
 - fixed build with lzo2 (added lzo2.diff)
-* Thu Jun 23 2005 - ro@suse.de
+* Thu Jun 23 2005 ro@suse.de
 - build with fPIE/pie
-* Thu Jun 02 2005 - hvogel@suse.de
+* Thu Jun 02 2005 hvogel@suse.de
 - lzo headers are in a subdirectory now
-* Tue Apr 19 2005 - cthiel@suse.de
+* Tue Apr 19 2005 cthiel@suse.de
 - update to 2.0
-* Thu Feb 17 2005 - poeml@suse.de
+* Thu Feb 17 2005 poeml@suse.de
 - update to 2.0_rc14
 - add README.SUSE
-* Fri Jan 28 2005 - poeml@suse.de
+* Fri Jan 28 2005 poeml@suse.de
 - update to 2.0_rc10
-* Wed Dec 29 2004 - poeml@suse.de
+* Wed Dec 29 2004 poeml@suse.de
 - update to 2.0_rc6
-* Wed Dec 29 2004 - poeml@suse.de
+* Wed Dec 29 2004 poeml@suse.de
 - update to 2.0_rc1 (closing #45979)
  IMPORTANT: OpenVPN's default port number is now 1194, based on an
  official port number assignment by IANA.  OpenVPN 2.0-beta16 and
  earlier used 5000 as the default port.
  -> see http://openvpn.net/20notes.html
 - remove lzo sources, which come in a separate package since 9.2
-* Mon Jul 26 2004 - poeml@suse.de
+* Mon Jul 26 2004 poeml@suse.de
 - update to 1.6_rc4
 - bzip2 sources
-* Sun Jan 11 2004 - adrian@suse.de
+* Sun Jan 11 2004 adrian@suse.de
 - build as user
-* Tue Dec 16 2003 - wengel@suse.de
+* Tue Dec 16 2003 wengel@suse.de
 - update to version 1.5.0
-* Sun Sep 07 2003 - poeml@suse.de
+* Sun Sep 07 2003 poeml@suse.de
 - add an init script
 - use RPM_OPT_FLAGS
 - add /var/run/openvpn directory for pid files
-* Thu Jul 31 2003 - wengel@suse.de
+* Thu Jul 31 2003 wengel@suse.de
 - update to new version -> 1.4.2
-* Tue May 27 2003 - coolo@suse.de
+* Tue May 27 2003 coolo@suse.de
 - use BuildRoot
 - package a bit more straightforward
-* Mon May 19 2003 - wengel@suse.de
+* Mon May 19 2003 wengel@suse.de
 - update to version 1.4.1
-* Mon Jan 20 2003 - wengel@suse.de
+* Mon Jan 20 2003 wengel@suse.de
 - initial package