diff --git a/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch b/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch new file mode 100644 index 0000000..874f842 --- /dev/null +++ b/0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch @@ -0,0 +1,31 @@ +From db33132094f4748ccc63aadbfa4b7446bb95b350 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Sat, 20 Aug 2011 18:12:28 -0400 +Subject: [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + +Signed-off-by: Cristian Rodríguez +--- + ssl.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/ssl.c b/ssl.c +index ea7b204..459e66c 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -2073,6 +2073,9 @@ init_ssl (const struct options *options) + } + + /* Set SSL options */ ++#ifdef SSL_MODE_RELEASE_BUFFERS ++ SSL_CTX_set_mode (ctx, SSL_MODE_RELEASE_BUFFERS); ++#endif + SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF); + SSL_CTX_set_options (ctx, SSL_OP_SINGLE_DH_USE); + +-- +1.7.4.1 + diff --git a/openvpn-2.1-systemd-passwd.patch b/openvpn-2.1-systemd-passwd.patch new file mode 100644 index 0000000..cca599a --- /dev/null +++ b/openvpn-2.1-systemd-passwd.patch @@ -0,0 +1,61 @@ +Index: openvpn-2.2.1/misc.c +=================================================================== +--- openvpn-2.2.1.orig/misc.c ++++ openvpn-2.2.1/misc.c +@@ -1333,26 +1333,49 @@ get_console_input (const char *prompt, c + ASSERT (input); + ASSERT (capacity > 0); + input[0] = '\0'; ++ bool is_systemd_running; ++ struct stat a, b; ++ ++ /* We simply test whether the systemd cgroup hierarchy is ++ * mounted */ ++ ++ is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0) ++ && (lstat("/sys/fs/cgroup/systemd", &b) == 0) ++ && (a.st_dev != b.st_dev); + + #if defined(WIN32) + return get_console_input_win32 (prompt, echo, input, capacity); + #elif defined(HAVE_GETPASS) +- if (echo) ++ if (echo || is_systemd_running) + { + FILE *fp; + +- fp = open_tty (true); +- fprintf (fp, "%s", prompt); +- fflush (fp); +- close_tty (fp); ++ if (is_systemd_running) ++ { ++ char *cmd; ++ ++ asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt); ++ fp = popen (cmd, "re"); ++ free (cmd); ++ } ++ else ++ { ++ fp = open_tty (true); ++ fprintf (fp, "%s", prompt); ++ fflush (fp); ++ close_tty (fp); + +- fp = open_tty (false); ++ fp = open_tty (false); ++ } + if (fgets (input, capacity, fp) != NULL) + { + chomp (input); + ret = true; + } +- close_tty (fp); ++ if (is_systemd_running) ++ fclose (fp); ++ else ++ close_tty (fp); + } + else + { diff --git a/openvpn-2.2.1-man-dot.diff b/openvpn-2.2.1-man-dot.diff new file mode 100644 index 0000000..9901c6c --- /dev/null +++ b/openvpn-2.2.1-man-dot.diff @@ -0,0 +1,18 @@ +--- openvpn.8 ++++ openvpn.8 2011/08/29 18:26:40 +@@ -21,13 +21,13 @@ + .\" 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + .\" + .\" Manual page for openvpn +-.\ ++.\" + .\" SH section heading + .\" SS subsection heading + .\" LP paragraph + .\" IP indented paragraph + .\" TP hanging label +-.\ ++.\" + .\" .nf -- no formatting + .\" .fi -- resume formatting + .\" .ft 3 -- boldface diff --git a/openvpn.changes b/openvpn.changes index 30fcd01..96cca6e 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Mon Aug 29 18:05:30 UTC 2011 - mt@suse.com + +- Marked /var/run/openvpn as ghost (bnc#710270), man page and + other rpmlint warning fixes + +------------------------------------------------------------------- +Tue Aug 23 15:41:00 UTC 2011 - crrodriguez@opensuse.org + +- BuildRequires libselinux-devel +- Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent + upstream as https://community.openvpn.net/openvpn/ticket/157 + +------------------------------------------------------------------- +Mon Aug 22 09:55:44 UTC 2011 - fcrozat@novell.com + +- Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to + support systemd password query (bnc#675406) + ------------------------------------------------------------------- Mon Jul 11 14:38:45 UTC 2011 - mt@suse.de diff --git a/openvpn.spec b/openvpn.spec index fc23c0a..49e47ad 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -38,9 +38,13 @@ Source4: client-netconfig.up Source5: client-netconfig.down Patch1: %{name}-2.1-plugin-man.dif Patch2: %{name}-2.1-plugin-build.dif +Patch3: openvpn-2.1-systemd-passwd.patch +Patch4: 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch +Patch5: openvpn-2.2.1-man-dot.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: lzo-devel openssl-devel BuildRequires: iproute2 pam-devel +BuildRequires: libselinux-devel %if 0%{?suse_version} > 1030 BuildRequires: pkcs11-helper-devel Requires: pkcs11-helper @@ -129,6 +133,9 @@ Authors: %setup -q -n %{name}-%{upstream_version} %patch1 -p0 %patch2 -p0 +%patch3 -p1 +%patch4 -p1 +%patch5 -p0 sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \ -e "s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g" \ -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \ @@ -187,7 +194,7 @@ for pi in auth-pam down-root; do install -m 755 plugin/$pi/openvpn-$pi.so \ $RPM_BUILD_ROOT%{plugin_libdir}/ done -# we install docs via spec into %{_defaultdocdir}/name/management-notes.txt +# we install docs via spec into _defaultdocdir/name/management-notes.txt rm $RPM_BUILD_ROOT%{_datadir}/doc/%name/management-notes.txt rmdir $RPM_BUILD_ROOT%{_datadir}/doc/%name @@ -205,7 +212,7 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %files %defattr(-,root,root) -%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS PORTS README +%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README %doc README.* %doc contrib %doc sample-config-files @@ -218,7 +225,7 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %config %{_sysconfdir}/init.d/openvpn %{_sbindir}/openvpn %{_sbindir}/rcopenvpn -%dir %{_localstatedir}/run/openvpn +%attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn %dir %{_datadir}/openvpn %{_datadir}/openvpn/easy-rsa %dir %{_libdir}/%{name}