Merge ~lvoytek/ubuntu/+source/openvpn:openvpn-merge-2.6.5 into ubuntu/+source/openvpn:ubuntu/devel
- Git
- lp:~lvoytek/ubuntu/+source/openvpn
- openvpn-merge-2.6.5
- Merge into ubuntu/devel
Proposed by
Lena Voytek
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | git-ubuntu bot | ||||
Approved revision: | not available | ||||
Merge reported by: | Lena Voytek | ||||
Merged at revision: | 81aa2326b2e0bce8d9a82d40db431b3ba4429bc9 | ||||
Proposed branch: | ~lvoytek/ubuntu/+source/openvpn:openvpn-merge-2.6.5 | ||||
Merge into: | ubuntu/+source/openvpn:ubuntu/devel | ||||
Diff against target: |
1827 lines (+414/-592) 41 files modified
COPYING (+47/-0) ChangeLog (+47/-0) Changes.rst (+70/-1) Makefile.in (+2/-2) build/msvc/msvc-generate/Makefile.am (+2/-1) build/msvc/msvc-generate/Makefile.in (+2/-1) build/msvc/msvc-generate/version.m4.in (+3/-0) configure (+13/-13) debian/changelog (+10/-0) debian/control (+2/-1) debian/patches/series (+0/-2) dev/null (+0/-463) doc/man-sections/vpn-network-options.rst (+2/-7) doc/openvpn.8 (+2/-7) doc/openvpn.8.html (+2/-7) include/openvpn-plugin.h (+1/-1) sample/sample-plugins/Makefile (+13/-13) sample/sample-plugins/client-connect/sample-client-connect.c (+6/-0) sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c (+2/-2) src/openvpn/crypto_openssl.c (+1/-1) src/openvpn/dco_freebsd.c (+8/-0) src/openvpn/dco_freebsd.h (+1/-0) src/openvpn/dco_linux.c (+6/-1) src/openvpn/error.c (+10/-5) src/openvpn/forward.c (+21/-11) src/openvpn/multi.c (+4/-0) src/openvpn/options.c (+3/-5) src/openvpn/ovpn_dco_freebsd.h (+1/-0) src/openvpn/pkcs11_openssl.c (+1/-1) src/openvpn/pool.c (+0/-2) src/openvpn/push.c (+0/-1) src/openvpn/socket.c (+1/-1) src/openvpn/ssl.c (+6/-0) src/openvpn/ssl.h (+3/-0) src/openvpn/tun.c (+2/-3) src/openvpn/win32.c (+6/-5) src/openvpnserv/interactive.c (+0/-1) src/tapctl/main.c (+105/-27) tests/Makefile.am (+3/-1) tests/Makefile.in (+4/-4) version.m4 (+2/-2) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Lucas Kanashiro (community) | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+446546@code.launchpad.net |
Commit message
Description of the change
Update OpenVPN to 2.6.5. Unfortunately Debian is still on 2.6.3 so I added upstream's source directly.
PPA: https:/
Autopkgtest results:
openvpn @ amd64:
11.07.23 17:55:38 Log 🗒️ ✅ Triggers: openvpn/
openvpn @ arm64:
11.07.23 18:01:20 Log 🗒️ ✅ Triggers: openvpn/
openvpn @ armhf:
11.07.23 17:53:15 Log 🗒️ ✅ Triggers: openvpn/
openvpn @ s390x:
11.07.23 17:56:16 Log 🗒️ ✅ Triggers: openvpn/
To post a comment you must log in.
- 81aa232... by Lena Voytek
-
changelog
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Thanks for this MP Lena! The changes LGTM, +1.
review:
Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote : | # |
Approvers: lvoytek, lucaskanashiro
Uploaders: lvoytek, lucaskanashiro
MP auto-approved
review:
Approve
Revision history for this message
Lena Voytek (lvoytek) wrote : | # |
Thanks! uploaded
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/COPYING b/COPYING |
2 | index e12c514..ab59cef 100644 |
3 | --- a/COPYING |
4 | +++ b/COPYING |
5 | @@ -31,6 +31,53 @@ OpenVPN license: |
6 | file, but you are not obligated to do so. If you do not wish to |
7 | do so, delete this exception statement from your version. |
8 | |
9 | +Apache2 linking exception: |
10 | +--------------------------- |
11 | +OpenVPN is currently undergoing a license change to add an exception for |
12 | +Apache 2 linking. The following exception is only valid for new contributions |
13 | +after 2023-05-03 and past contribution where the authors have already agreed |
14 | +to the exception. |
15 | + |
16 | + In addition, as a special exception, OpenVPN Inc and the |
17 | + contributors give permission to link the code of this program to |
18 | + libraries (the "Libraries") licensed under the Apache License |
19 | + version 2.0 (this work and any linked library the "Combined Work") |
20 | + and copy and distribute the Combined Work without an obligation to |
21 | + license the Libraries under the GNU General Public License v2 |
22 | + (GPL-2.0) as required by Section 2 of the GPL-2.0, and without an |
23 | + obligation to refrain from imposing any additional restrictions in |
24 | + the Apache License version 2 that are not in the GPL-2.0, as |
25 | + required by Section 6 of the GPL-2.0. You must comply with the |
26 | + GPL-2.0 in all other respects for the Combined Work, including |
27 | + the obligation to provide source code. If you modify this file, you |
28 | + may extend this exception to your version of the file, but you are |
29 | + not obligated to do so. If you do not wish to do so, delete this |
30 | + exception statement from your version. |
31 | + |
32 | +For better understanding, in plain non-legalese English this basically says: |
33 | + |
34 | + * The intention for this license exception is to allow OpenVPN to be |
35 | + linked against APL-2 licensed libraries, even where the GPL-2.0 and |
36 | + APL-2 licenses conflict from a legal perspective. |
37 | + |
38 | + * OpenVPN itself will stay GPL-2.0 and the code belonging to the |
39 | + OpenVPN project must comply to the GPL-2.0 license. This is NOT |
40 | + dual-licensing of the OpenVPN code base. |
41 | + |
42 | + * This license exception DOES NOT require NOR expect a license change |
43 | + of the APL-2 based library. This exception allows using the APL-2 |
44 | + library as-is. However, when distributing a compiled OpenVPN binary |
45 | + linking against APL-2 libraries ("Combined Work"), the REQUIREMENT is |
46 | + that the APL-2 library MUST also be available on similar terms as in |
47 | + GPL-2.0, like providing the source code of the library upon request, |
48 | + except in the two specific ways mentioned. |
49 | + |
50 | + * If the APL-2 based library forbids such linking and distribution, |
51 | + this license exception DOES NOT overrule the restriction of the APL-2 |
52 | + based library. If the APL-2 library cannot satisfy the requirements |
53 | + in this license exception, you CANNOT distribute an OpenVPN binary |
54 | + linked with this library. |
55 | + |
56 | LZO license: |
57 | ------------ |
58 | |
59 | diff --git a/ChangeLog b/ChangeLog |
60 | index 32e9ffc..4678c06 100644 |
61 | --- a/ChangeLog |
62 | +++ b/ChangeLog |
63 | @@ -1,6 +1,53 @@ |
64 | OpenVPN ChangeLog |
65 | Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net> |
66 | |
67 | +2023.06.13 -- Version 2.6.5 |
68 | + |
69 | +Arne Schwabe (1): |
70 | + Fix use-after-free with EVP_CIPHER_free |
71 | + |
72 | +Frank Lichtenheld (6): |
73 | + dco_linux: properly close dco version file |
74 | + DCO: fix memory leak in dco_get_peer_stats_multi for Linux |
75 | + Fix two unused assignments |
76 | + sample-plugins: Fix memleak in client-connect example plugin |
77 | + options: remove --key-method from usage message |
78 | + msvc-generate: include version.m4.in in tarball |
79 | + |
80 | +Ilya Shipitsin (1): |
81 | + src/openvpn/dco_freebsd.c: handle malloc failure |
82 | + |
83 | +Lev Stipakov (2): |
84 | + dco-win: support for --dev-node |
85 | + tapctl: generate driver-specific adapter names |
86 | + |
87 | +Selva Nair (2): |
88 | + Correctly handle Unicode names for exit event |
89 | + Interactive service: do not force a target desktop for openvpn.exe |
90 | + |
91 | + |
92 | +2023.05.11 -- Version 2.6.4 |
93 | + |
94 | +Arne Schwabe (3): |
95 | + Remove unused variable line |
96 | + Add Apache2 linking with for new commits |
97 | + Fix compile error on TARGET_ANDROID |
98 | + |
99 | +Frank Lichtenheld (2): |
100 | + man page: Remove cruft from --topology documentation |
101 | + tests: do not include t_client.sh in dist |
102 | + |
103 | +Kristof Provost (1): |
104 | + DCO: support key rotation notifications |
105 | + |
106 | +Michael Nix (1): |
107 | + fix typo in help text: --ignore-unknown-option |
108 | + |
109 | +Selva Nair (2): |
110 | + Format Windows error message in Unicode |
111 | + Bugfix: dangling pointer passed to pkcs11-helper |
112 | + |
113 | + |
114 | 2023.04.13 -- Version 2.6.3 |
115 | |
116 | Frank Lichtenheld (3): |
117 | diff --git a/Changes.rst b/Changes.rst |
118 | index f4d7487..e47d6b0 100644 |
119 | --- a/Changes.rst |
120 | +++ b/Changes.rst |
121 | @@ -1,3 +1,72 @@ |
122 | +Overview of changes in 2.6.5 |
123 | +============================ |
124 | + |
125 | +User visible changes |
126 | +-------------------- |
127 | +- tapctl (windows): generate driver-specific names (if using tapctl to |
128 | + create additional tap/wintun/dco devices, and not using --name) |
129 | + (Github #337) |
130 | + |
131 | +- interactive service (windows): do not force target desktop for |
132 | + openvpn.exe - this has no impact for normal use, but enables running |
133 | + of OpenVPN in a scripted way when no user is logged on (for example, |
134 | + via task scheduler) (Github OpenVPN/openvpn-gui#626) |
135 | + |
136 | +Bug fixes |
137 | +--------- |
138 | +- fix use-after-free with EVP_CIPHER_free |
139 | + |
140 | +- fix building with MSVC from release tarball (missing version.m4.in) |
141 | + |
142 | +- dco-win: repair use of --dev-node to select specific DCO drivers |
143 | + (Github #336) |
144 | + |
145 | +- fix missing malloc() return check in dco_freebsd.c |
146 | + |
147 | +- windows: correctly handle unicode names for "exit event" |
148 | + |
149 | +- fix memleak in client-connect example plugin |
150 | + |
151 | +- fix fortify build problem in keying-material-exporter-demo plugin |
152 | + |
153 | +- fix memleak in dco_linux.c/dco_get_peer_stats_multi() - this will |
154 | + leak a small amount of memory every 15s on DCO enabled servers, |
155 | + leading to noticeable memory waste for long-running processes. |
156 | + |
157 | +- dco_linux.c: properly close dco version file (fd leak) |
158 | + |
159 | + |
160 | +Overview of changes in 2.6.4 |
161 | +============================ |
162 | + |
163 | +User visible changes |
164 | +-------------------- |
165 | +- License amendment: all NEW commits fall under a modified license that |
166 | + explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) - |
167 | + see COPYING for details. Existing code will fall under the new license |
168 | + as soon as all contributors have agreed to the change - work ongoing. |
169 | + |
170 | +New features |
171 | +------------ |
172 | +- DCO: support kernel-triggered key rotation (avoid IV reuse after 2^32 |
173 | + packets). This is the userland side, accepting a message from kernel, |
174 | + and initiating a TLS renegotiation. As of release, only implemented in |
175 | + FreeBSD kernel. |
176 | + |
177 | +Bug fixes |
178 | +--------- |
179 | +- fix pkcs#11 usage with OpenSSL 3.x and PSS signing (Github #323) |
180 | + |
181 | +- fix compile error on TARGET_ANDROID |
182 | + |
183 | +- fix typo in help text |
184 | + |
185 | +- manpage updates (--topology) |
186 | + |
187 | +- encoding of non-ASCII windows error messages in log + management fixed |
188 | + (use UTF8 "as for everything else", not ANSI codepages) (Github #319) |
189 | + |
190 | + |
191 | Overview of changes in 2.6.3 |
192 | ============================ |
193 | |
194 | @@ -21,7 +90,7 @@ Bug fixes |
195 | |
196 | - Windows DCO driver: use correct crypto library so it loads on x86, |
197 | see GH OpenVPN/ovpn-dco-win#43 |
198 | - |
199 | + |
200 | |
201 | |
202 | Overview of changes in 2.6.2 |
203 | diff --git a/Makefile.in b/Makefile.in |
204 | index 07c5246..fc46921 100644 |
205 | --- a/Makefile.in |
206 | +++ b/Makefile.in |
207 | @@ -219,8 +219,8 @@ am__define_uniq_tagged_files = \ |
208 | DIST_SUBDIRS = $(SUBDIRS) |
209 | am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ |
210 | $(srcdir)/version.sh.in AUTHORS COPYING ChangeLog INSTALL NEWS \ |
211 | - README compile config.guess config.sub install-sh ltmain.sh \ |
212 | - missing |
213 | + README compile config.guess config.sub depcomp install-sh \ |
214 | + ltmain.sh missing |
215 | DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) |
216 | distdir = $(PACKAGE)-$(VERSION) |
217 | top_distdir = $(distdir) |
218 | diff --git a/build/msvc/msvc-generate/Makefile.am b/build/msvc/msvc-generate/Makefile.am |
219 | index aa4f0da..9d04326 100644 |
220 | --- a/build/msvc/msvc-generate/Makefile.am |
221 | +++ b/build/msvc/msvc-generate/Makefile.am |
222 | @@ -15,4 +15,5 @@ MAINTAINERCLEANFILES = \ |
223 | dist_noinst_DATA = \ |
224 | msvc-generate.vcxproj \ |
225 | Makefile.mak \ |
226 | - msvc-generate.js |
227 | + msvc-generate.js \ |
228 | + version.m4.in |
229 | diff --git a/build/msvc/msvc-generate/Makefile.in b/build/msvc/msvc-generate/Makefile.in |
230 | index 5920425..06fcf6c 100644 |
231 | --- a/build/msvc/msvc-generate/Makefile.in |
232 | +++ b/build/msvc/msvc-generate/Makefile.in |
233 | @@ -337,7 +337,8 @@ MAINTAINERCLEANFILES = \ |
234 | dist_noinst_DATA = \ |
235 | msvc-generate.vcxproj \ |
236 | Makefile.mak \ |
237 | - msvc-generate.js |
238 | + msvc-generate.js \ |
239 | + version.m4.in |
240 | |
241 | all: all-am |
242 | |
243 | diff --git a/build/msvc/msvc-generate/version.m4.in b/build/msvc/msvc-generate/version.m4.in |
244 | new file mode 100644 |
245 | index 0000000..cbb4fef |
246 | --- /dev/null |
247 | +++ b/build/msvc/msvc-generate/version.m4.in |
248 | @@ -0,0 +1,3 @@ |
249 | +define([OPENVPN_VERSION_MAJOR], [@PRODUCT_VERSION_MAJOR@]) |
250 | +define([OPENVPN_VERSION_MINOR], [@PRODUCT_VERSION_MINOR@]) |
251 | +define([OPENVPN_VERSION_PATCH], [@PRODUCT_VERSION_PATCH@]) |
252 | diff --git a/configure b/configure |
253 | index 42f8b80..ac890a3 100755 |
254 | --- a/configure |
255 | +++ b/configure |
256 | @@ -1,6 +1,6 @@ |
257 | #! /bin/sh |
258 | # Guess values for system-dependent variables and create Makefiles. |
259 | -# Generated by GNU Autoconf 2.71 for OpenVPN 2.6.3. |
260 | +# Generated by GNU Autoconf 2.71 for OpenVPN 2.6.5. |
261 | # |
262 | # Report bugs to <openvpn-users@lists.sourceforge.net>. |
263 | # |
264 | @@ -621,8 +621,8 @@ MAKEFLAGS= |
265 | # Identity of this package. |
266 | PACKAGE_NAME='OpenVPN' |
267 | PACKAGE_TARNAME='openvpn' |
268 | -PACKAGE_VERSION='2.6.3' |
269 | -PACKAGE_STRING='OpenVPN 2.6.3' |
270 | +PACKAGE_VERSION='2.6.5' |
271 | +PACKAGE_STRING='OpenVPN 2.6.5' |
272 | PACKAGE_BUGREPORT='openvpn-users@lists.sourceforge.net' |
273 | PACKAGE_URL='' |
274 | |
275 | @@ -1522,7 +1522,7 @@ if test "$ac_init_help" = "long"; then |
276 | # Omit some internal or obsolete options to make the list less imposing. |
277 | # This message is too long to be a string in the A/UX 3.1 sh. |
278 | cat <<_ACEOF |
279 | -\`configure' configures OpenVPN 2.6.3 to adapt to many kinds of systems. |
280 | +\`configure' configures OpenVPN 2.6.5 to adapt to many kinds of systems. |
281 | |
282 | Usage: $0 [OPTION]... [VAR=VALUE]... |
283 | |
284 | @@ -1593,7 +1593,7 @@ fi |
285 | |
286 | if test -n "$ac_init_help"; then |
287 | case $ac_init_help in |
288 | - short | recursive ) echo "Configuration of OpenVPN 2.6.3:";; |
289 | + short | recursive ) echo "Configuration of OpenVPN 2.6.5:";; |
290 | esac |
291 | cat <<\_ACEOF |
292 | |
293 | @@ -1830,7 +1830,7 @@ fi |
294 | test -n "$ac_init_help" && exit $ac_status |
295 | if $ac_init_version; then |
296 | cat <<\_ACEOF |
297 | -OpenVPN configure 2.6.3 |
298 | +OpenVPN configure 2.6.5 |
299 | generated by GNU Autoconf 2.71 |
300 | |
301 | Copyright (C) 2021 Free Software Foundation, Inc. |
302 | @@ -2487,7 +2487,7 @@ cat >config.log <<_ACEOF |
303 | This file contains any messages produced by compilers while |
304 | running configure, to aid debugging if configure makes a mistake. |
305 | |
306 | -It was created by OpenVPN $as_me 2.6.3, which was |
307 | +It was created by OpenVPN $as_me 2.6.5, which was |
308 | generated by GNU Autoconf 2.71. Invocation command line was |
309 | |
310 | $ $0$ac_configure_args_raw |
311 | @@ -3267,13 +3267,13 @@ if test -z "${htmldir}"; then |
312 | fi |
313 | |
314 | |
315 | -printf "%s\n" "#define OPENVPN_VERSION_RESOURCE 2,6,3,0" >>confdefs.h |
316 | +printf "%s\n" "#define OPENVPN_VERSION_RESOURCE 2,6,5,0" >>confdefs.h |
317 | |
318 | OPENVPN_VERSION_MAJOR=2 |
319 | |
320 | OPENVPN_VERSION_MINOR=6 |
321 | |
322 | -OPENVPN_VERSION_PATCH=.3 |
323 | +OPENVPN_VERSION_PATCH=.5 |
324 | |
325 | |
326 | printf "%s\n" "#define OPENVPN_VERSION_MAJOR 2" >>confdefs.h |
327 | @@ -3282,7 +3282,7 @@ printf "%s\n" "#define OPENVPN_VERSION_MAJOR 2" >>confdefs.h |
328 | printf "%s\n" "#define OPENVPN_VERSION_MINOR 6" >>confdefs.h |
329 | |
330 | |
331 | -printf "%s\n" "#define OPENVPN_VERSION_PATCH \".3\"" >>confdefs.h |
332 | +printf "%s\n" "#define OPENVPN_VERSION_PATCH \".5\"" >>confdefs.h |
333 | |
334 | |
335 | |
336 | @@ -3811,7 +3811,7 @@ fi |
337 | |
338 | # Define the identity of the package. |
339 | PACKAGE='openvpn' |
340 | - VERSION='2.6.3' |
341 | + VERSION='2.6.5' |
342 | |
343 | |
344 | printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h |
345 | @@ -20072,7 +20072,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 |
346 | # report actual input values of CONFIG_FILES etc. instead of their |
347 | # values after options handling. |
348 | ac_log=" |
349 | -This file was extended by OpenVPN $as_me 2.6.3, which was |
350 | +This file was extended by OpenVPN $as_me 2.6.5, which was |
351 | generated by GNU Autoconf 2.71. Invocation command line was |
352 | |
353 | CONFIG_FILES = $CONFIG_FILES |
354 | @@ -20140,7 +20140,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ |
355 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
356 | ac_cs_config='$ac_cs_config_escaped' |
357 | ac_cs_version="\\ |
358 | -OpenVPN config.status 2.6.3 |
359 | +OpenVPN config.status 2.6.5 |
360 | configured by $0, generated by GNU Autoconf 2.71, |
361 | with options \\"\$ac_cs_config\\" |
362 | |
363 | diff --git a/debian/changelog b/debian/changelog |
364 | index 339f1ca..b713198 100644 |
365 | --- a/debian/changelog |
366 | +++ b/debian/changelog |
367 | @@ -1,3 +1,13 @@ |
368 | +openvpn (2.6.5-0ubuntu1) mantic; urgency=medium |
369 | + |
370 | + * New Upstream release 2.6.5 (LP: #2018095) |
371 | + * d/p/fix-dangling-pointer-in-pkcs11.patch: |
372 | + Remove - fixed upstream in 2.6.4 |
373 | + * d/p/fix-memleak-in-dco_get_peer_stats_multi.patch: |
374 | + Remove - fixed upstream in 2.6.5 |
375 | + |
376 | + -- Lena Voytek <lena.voytek@canonical.com> Tue, 11 Jul 2023 09:36:08 -0700 |
377 | + |
378 | openvpn (2.6.3-2ubuntu1) mantic; urgency=low |
379 | |
380 | * Merge from Debian unstable. Remaining changes: |
381 | diff --git a/debian/control b/debian/control |
382 | index 3708bd7..4eb5de3 100644 |
383 | --- a/debian/control |
384 | +++ b/debian/control |
385 | @@ -1,7 +1,8 @@ |
386 | Source: openvpn |
387 | Section: net |
388 | Priority: optional |
389 | -Maintainer: Bernhard Schmidt <berni@debian.org> |
390 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
391 | +XSBC-Original-Maintainer: Bernhard Schmidt <berni@debian.org> |
392 | Uploaders: Jörg Frings-Fürst <debian@jff.email> |
393 | Build-Depends: |
394 | debhelper-compat (= 12), |
395 | diff --git a/debian/patches/fix-dangling-pointer-in-pkcs11.patch b/debian/patches/fix-dangling-pointer-in-pkcs11.patch |
396 | deleted file mode 100644 |
397 | index 3ca2ad5..0000000 |
398 | --- a/debian/patches/fix-dangling-pointer-in-pkcs11.patch |
399 | +++ /dev/null |
400 | @@ -1,37 +0,0 @@ |
401 | -From 7e4becb4cd8be7f0d5ff80cf80877ea152f99830 Mon Sep 17 00:00:00 2001 |
402 | -From: Selva Nair <selva.nair@gmail.com> |
403 | -Date: Tue, 9 May 2023 13:05:17 -0400 |
404 | -Subject: [PATCH] Bugfix: dangling pointer passed to pkcs11-helper |
405 | - |
406 | -Github: Fixes OpenVPN/openvpn#323 |
407 | - |
408 | -Signed-off-by: Selva Nair <selva.nair@gmail.com> |
409 | -Acked-by: Gert Doering <gert@greenie.muc.de> |
410 | -Message-Id: <20230509170517.2637245-1-selva.nair@gmail.com> |
411 | -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26640.html |
412 | -Signed-off-by: Gert Doering <gert@greenie.muc.de> |
413 | -(cherry picked from commit f4850745709c5b80ab7d09c03a86c5ceea6d10a2) |
414 | ---- |
415 | - src/openvpn/pkcs11_openssl.c | 2 +- |
416 | - 1 file changed, 1 insertion(+), 1 deletion(-) |
417 | - |
418 | -diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c |
419 | -index eee86e17b6f..9b0ab39f9cf 100644 |
420 | ---- a/src/openvpn/pkcs11_openssl.c |
421 | -+++ b/src/openvpn/pkcs11_openssl.c |
422 | -@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, |
423 | - { |
424 | - pkcs11h_certificate_t cert = handle; |
425 | - CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */ |
426 | -+ CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; |
427 | - |
428 | - unsigned char buf[EVP_MAX_MD_SIZE]; |
429 | - size_t buflen; |
430 | -@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, |
431 | - } |
432 | - else if (!strcmp(sigalg.padmode, "pss")) |
433 | - { |
434 | -- CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; |
435 | - mech.mechanism = CKM_RSA_PKCS_PSS; |
436 | - |
437 | - if (!set_pss_params(&pss_params, sigalg, cert)) |
438 | diff --git a/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch b/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch |
439 | deleted file mode 100644 |
440 | index 8f4aedf..0000000 |
441 | --- a/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch |
442 | +++ /dev/null |
443 | @@ -1,33 +0,0 @@ |
444 | -From 5e8a571af165c867ccb9c4c9e6334620f42013ac Mon Sep 17 00:00:00 2001 |
445 | -From: Frank Lichtenheld <frank@lichtenheld.com> |
446 | -Date: Mon, 15 May 2023 16:21:16 +0200 |
447 | -Subject: [PATCH] DCO: fix memory leak in dco_get_peer_stats_multi for Linux |
448 | - |
449 | -Leaks a small amount of memory every 15s. |
450 | - |
451 | -Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> |
452 | -Acked-by: Antonio Quartulli <a@unstable.cc> |
453 | -Message-Id: <20230515142116.33135-1-frank@lichtenheld.com> |
454 | -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26659.html |
455 | -Signed-off-by: Gert Doering <gert@greenie.muc.de> |
456 | -(cherry picked from commit 276f7c86d70666bc2ab4e6192ef5f1dcbd6a230f) |
457 | ---- |
458 | - src/openvpn/dco_linux.c | 5 ++++- |
459 | - 1 file changed, 4 insertions(+), 1 deletion(-) |
460 | - |
461 | -diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c |
462 | -index 796e6f25da4..2bfdf980a3a 100644 |
463 | ---- a/src/openvpn/dco_linux.c |
464 | -+++ b/src/openvpn/dco_linux.c |
465 | -@@ -925,7 +925,10 @@ dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m) |
466 | - |
467 | - nlmsg_hdr(nl_msg)->nlmsg_flags |= NLM_F_DUMP; |
468 | - |
469 | -- return ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__); |
470 | -+ int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__); |
471 | -+ |
472 | -+ nlmsg_free(nl_msg); |
473 | -+ return ret; |
474 | - } |
475 | - |
476 | - static int |
477 | diff --git a/debian/patches/series b/debian/patches/series |
478 | index dcd22e8..cd8779c 100644 |
479 | --- a/debian/patches/series |
480 | +++ b/debian/patches/series |
481 | @@ -3,5 +3,3 @@ auth-pam_libpam_so_filename.patch |
482 | #debian_nogroup_for_sample_files.patch |
483 | openvpn-pkcs11warn.patch |
484 | systemd.patch |
485 | -fix-dangling-pointer-in-pkcs11.patch |
486 | -fix-memleak-in-dco_get_peer_stats_multi.patch |
487 | diff --git a/doc/man-sections/vpn-network-options.rst b/doc/man-sections/vpn-network-options.rst |
488 | index 8e3c92e..abf9f24 100644 |
489 | --- a/doc/man-sections/vpn-network-options.rst |
490 | +++ b/doc/man-sections/vpn-network-options.rst |
491 | @@ -499,7 +499,7 @@ routing. |
492 | Use a point-to-point topology, by allocating one /30 subnet |
493 | per client. This is designed to allow point-to-point semantics when some |
494 | or all of the connecting clients might be Windows systems. This is the |
495 | - default on OpenVPN 2.0. |
496 | + default. |
497 | |
498 | :code:`p2p` |
499 | Use a point-to-point topology where the remote endpoint of |
500 | @@ -513,12 +513,7 @@ routing. |
501 | configuring the tun interface with a local IP address and subnet mask, |
502 | similar to the topology used in ``--dev tap`` and ethernet bridging |
503 | mode. This mode allocates a single IP address per connecting client and |
504 | - works on Windows as well. Only available when server and clients are |
505 | - OpenVPN 2.1 or higher, or OpenVPN 2.0.x which has been manually patched |
506 | - with the ``--topology`` directive code. When used on Windows, requires |
507 | - version 8.2 or higher of the TAP-Win32 driver. When used on \*nix, |
508 | - requires that the tun driver supports an ``ifconfig``\(8) command which |
509 | - sets a subnet instead of a remote endpoint IP address. |
510 | + works on Windows as well. |
511 | |
512 | *Note:* Using ``--topology subnet`` changes the interpretation of the |
513 | arguments of ``--ifconfig`` to mean "address netmask", no longer "local |
514 | diff --git a/doc/openvpn.8 b/doc/openvpn.8 |
515 | index 5b5ad52..c539404 100644 |
516 | --- a/doc/openvpn.8 |
517 | +++ b/doc/openvpn.8 |
518 | @@ -5234,7 +5234,7 @@ always be compatible between client and server. |
519 | Use a point\-to\-point topology, by allocating one /30 subnet |
520 | per client. This is designed to allow point\-to\-point semantics when some |
521 | or all of the connecting clients might be Windows systems. This is the |
522 | -default on OpenVPN 2.0. |
523 | +default. |
524 | .TP |
525 | .B \fBp2p\fP |
526 | Use a point\-to\-point topology where the remote endpoint of |
527 | @@ -5248,12 +5248,7 @@ Use a subnet rather than a point\-to\-point topology by |
528 | configuring the tun interface with a local IP address and subnet mask, |
529 | similar to the topology used in \fB\-\-dev tap\fP and ethernet bridging |
530 | mode. This mode allocates a single IP address per connecting client and |
531 | -works on Windows as well. Only available when server and clients are |
532 | -OpenVPN 2.1 or higher, or OpenVPN 2.0.x which has been manually patched |
533 | -with the \fB\-\-topology\fP directive code. When used on Windows, requires |
534 | -version 8.2 or higher of the TAP\-Win32 driver. When used on *nix, |
535 | -requires that the tun driver supports an \fBifconfig\fP(8) command which |
536 | -sets a subnet instead of a remote endpoint IP address. |
537 | +works on Windows as well. |
538 | .UNINDENT |
539 | .sp |
540 | \fINote:\fP Using \fB\-\-topology subnet\fP changes the interpretation of the |
541 | diff --git a/doc/openvpn.8.html b/doc/openvpn.8.html |
542 | index 91939ab..5e90af1 100644 |
543 | --- a/doc/openvpn.8.html |
544 | +++ b/doc/openvpn.8.html |
545 | @@ -4568,7 +4568,7 @@ always be compatible between client and server.</p> |
546 | <dd>Use a point-to-point topology, by allocating one /30 subnet |
547 | per client. This is designed to allow point-to-point semantics when some |
548 | or all of the connecting clients might be Windows systems. This is the |
549 | -default on OpenVPN 2.0.</dd> |
550 | +default.</dd> |
551 | <dt><code>p2p</code></dt> |
552 | <dd>Use a point-to-point topology where the remote endpoint of |
553 | the client's tun interface always points to the local endpoint of the |
554 | @@ -4580,12 +4580,7 @@ Windows systems.</dd> |
555 | configuring the tun interface with a local IP address and subnet mask, |
556 | similar to the topology used in <tt class="docutils literal"><span class="pre">--dev</span> tap</tt> and ethernet bridging |
557 | mode. This mode allocates a single IP address per connecting client and |
558 | -works on Windows as well. Only available when server and clients are |
559 | -OpenVPN 2.1 or higher, or OpenVPN 2.0.x which has been manually patched |
560 | -with the <tt class="docutils literal"><span class="pre">--topology</span></tt> directive code. When used on Windows, requires |
561 | -version 8.2 or higher of the TAP-Win32 driver. When used on *nix, |
562 | -requires that the tun driver supports an <tt class="docutils literal">ifconfig</tt>(8) command which |
563 | -sets a subnet instead of a remote endpoint IP address.</dd> |
564 | +works on Windows as well.</dd> |
565 | </dl> |
566 | <p class="last"><em>Note:</em> Using <tt class="docutils literal"><span class="pre">--topology</span> subnet</tt> changes the interpretation of the |
567 | arguments of <tt class="docutils literal"><span class="pre">--ifconfig</span></tt> to mean "address netmask", no longer "local |
568 | diff --git a/include/openvpn-plugin.h b/include/openvpn-plugin.h |
569 | index 6306d3c..64ceb06 100644 |
570 | --- a/include/openvpn-plugin.h |
571 | +++ b/include/openvpn-plugin.h |
572 | @@ -53,7 +53,7 @@ extern "C" { |
573 | */ |
574 | #define OPENVPN_VERSION_MAJOR 2 |
575 | #define OPENVPN_VERSION_MINOR 6 |
576 | -#define OPENVPN_VERSION_PATCH ".3" |
577 | +#define OPENVPN_VERSION_PATCH ".5" |
578 | |
579 | /* |
580 | * Plug-in types. These types correspond to the set of script callbacks |
581 | diff --git a/sample/sample-plugins/Makefile b/sample/sample-plugins/Makefile |
582 | index 840d929..8777cc9 100644 |
583 | --- a/sample/sample-plugins/Makefile |
584 | +++ b/sample/sample-plugins/Makefile |
585 | @@ -152,7 +152,7 @@ AUTOMAKE = ${SHELL} '/home/flichtenheld/openvpn/community/openvpn-build/src/open |
586 | AWK = gawk |
587 | CC = gcc |
588 | CCDEPMODE = depmode=gcc3 |
589 | -CFLAGS = -Wall -Wno-stringop-truncation -g -O2 -std=c99 -I/usr/include/libnl3 |
590 | +CFLAGS = -Wall -Wno-stringop-truncation -g -O2 -std=c99 |
591 | CMOCKA_CFLAGS = |
592 | CMOCKA_LIBS = -lcmocka |
593 | CPP = gcc -E |
594 | @@ -187,19 +187,19 @@ LD = /usr/bin/ld -m elf_x86_64 |
595 | LDFLAGS = |
596 | LIBCAPNG_CFLAGS = |
597 | LIBCAPNG_LIBS = -lcap-ng |
598 | -LIBNL_GENL_CFLAGS = -I/usr/include/libnl3 |
599 | -LIBNL_GENL_LIBS = -lnl-genl-3 -lnl-3 |
600 | +LIBNL_GENL_CFLAGS = |
601 | +LIBNL_GENL_LIBS = |
602 | LIBOBJS = |
603 | LIBPAM_CFLAGS = |
604 | LIBPAM_LIBS = -lpam |
605 | -LIBS = -lnl-genl-3 -lnl-3 -lcap-ng |
606 | +LIBS = -lcap-ng |
607 | LIBTOOL = $(SHELL) $(top_builddir)/libtool |
608 | LIPO = |
609 | LN_S = ln -s |
610 | LTLIBOBJS = |
611 | LT_SYS_LIBRARY_PATH = |
612 | LZ4_CFLAGS = |
613 | -LZ4_LIBS = -llz4 |
614 | +LZ4_LIBS = |
615 | LZO_CFLAGS = |
616 | LZO_LIBS = -llzo2 |
617 | MAKEINFO = ${SHELL} '/home/flichtenheld/openvpn/community/openvpn-build/src/openvpn/missing' makeinfo |
618 | @@ -216,16 +216,16 @@ OPENSSL_CFLAGS = |
619 | OPENSSL_LIBS = -lssl -lcrypto |
620 | OPENVPN_VERSION_MAJOR = 2 |
621 | OPENVPN_VERSION_MINOR = 6 |
622 | -OPENVPN_VERSION_PATCH = .3 |
623 | +OPENVPN_VERSION_PATCH = .5 |
624 | OPTIONAL_CRYPTO_CFLAGS = |
625 | OPTIONAL_CRYPTO_LIBS = -lssl -lcrypto |
626 | OPTIONAL_DL_LIBS = -ldl |
627 | OPTIONAL_INOTIFY_CFLAGS = |
628 | OPTIONAL_INOTIFY_LIBS = |
629 | OPTIONAL_LZ4_CFLAGS = |
630 | -OPTIONAL_LZ4_LIBS = -llz4 |
631 | +OPTIONAL_LZ4_LIBS = |
632 | OPTIONAL_LZO_CFLAGS = |
633 | -OPTIONAL_LZO_LIBS = -llzo2 |
634 | +OPTIONAL_LZO_LIBS = |
635 | OPTIONAL_PKCS11_HELPER_CFLAGS = |
636 | OPTIONAL_PKCS11_HELPER_LIBS = |
637 | OPTIONAL_SELINUX_LIBS = |
638 | @@ -237,10 +237,10 @@ P11KIT_LIBS = |
639 | PACKAGE = openvpn |
640 | PACKAGE_BUGREPORT = openvpn-users@lists.sourceforge.net |
641 | PACKAGE_NAME = OpenVPN |
642 | -PACKAGE_STRING = OpenVPN 2.6.3 |
643 | +PACKAGE_STRING = OpenVPN 2.6.5 |
644 | PACKAGE_TARNAME = openvpn |
645 | PACKAGE_URL = |
646 | -PACKAGE_VERSION = 2.6.3 |
647 | +PACKAGE_VERSION = 2.6.5 |
648 | PATH_SEPARATOR = : |
649 | PKCS11_HELPER_CFLAGS = |
650 | PKCS11_HELPER_LIBS = -lpthread -ldl -lcrypto -lpkcs11-helper |
651 | @@ -249,7 +249,7 @@ PKG_CONFIG_LIBDIR = |
652 | PKG_CONFIG_PATH = |
653 | PLUGINDIR = |
654 | PLUGIN_AUTH_PAM_CFLAGS = |
655 | -PLUGIN_AUTH_PAM_LIBS = -lpam |
656 | +PLUGIN_AUTH_PAM_LIBS = |
657 | RANLIB = ranlib |
658 | RC = |
659 | ROUTE = /usr/sbin/route |
660 | @@ -268,9 +268,9 @@ TAP_WIN_COMPONENT_ID = tap0901 |
661 | TAP_WIN_MIN_MAJOR = 9 |
662 | TAP_WIN_MIN_MINOR = 9 |
663 | TEST_CFLAGS = -I$(top_srcdir)/include |
664 | -TEST_LDFLAGS = -lssl -lcrypto -llzo2 -lcmocka |
665 | +TEST_LDFLAGS = -lssl -lcrypto -lcmocka |
666 | TMPFILES_DIR = |
667 | -VERSION = 2.6.3 |
668 | +VERSION = 2.6.5 |
669 | WOLFSSL_CFLAGS = |
670 | WOLFSSL_INCLUDEDIR = |
671 | WOLFSSL_LIBS = |
672 | diff --git a/sample/sample-plugins/client-connect/sample-client-connect.c b/sample/sample-plugins/client-connect/sample-client-connect.c |
673 | index 391de34..eb24212 100644 |
674 | --- a/sample/sample-plugins/client-connect/sample-client-connect.c |
675 | +++ b/sample/sample-plugins/client-connect/sample-client-connect.c |
676 | @@ -454,6 +454,9 @@ openvpn_plugin_client_connect_v2(struct plugin_context *context, |
677 | if (!rl->name || !rl->value) |
678 | { |
679 | plugin_log(PLOG_ERR, MODULE, "malloc(return_list->xx) failed"); |
680 | + free(rl->name); |
681 | + free(rl->value); |
682 | + free(rl); |
683 | return OPENVPN_PLUGIN_FUNC_ERROR; |
684 | } |
685 | |
686 | @@ -509,6 +512,9 @@ openvpn_plugin_client_connect_defer_v2(struct plugin_context *context, |
687 | if (!rl->name || !rl->value) |
688 | { |
689 | plugin_log(PLOG_ERR, MODULE, "malloc(return_list->xx) failed"); |
690 | + free(rl->name); |
691 | + free(rl->value); |
692 | + free(rl); |
693 | return OPENVPN_PLUGIN_FUNC_ERROR; |
694 | } |
695 | |
696 | diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c |
697 | index 6a0a1f6..71badf2 100644 |
698 | --- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c |
699 | +++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c |
700 | @@ -155,7 +155,7 @@ session_user_set(struct session *sess, X509 *x509) |
701 | |
702 | if (!strncasecmp(objbuf, "CN", 2)) |
703 | { |
704 | - snprintf(sess->user, sizeof(sess->user) - 1, (char *)buf); |
705 | + strncpy(sess->user, (char *)buf, sizeof(sess->user) - 1); |
706 | } |
707 | |
708 | OPENSSL_free(buf); |
709 | @@ -234,7 +234,7 @@ tls_final(struct openvpn_plugin_args_func_in const *args, |
710 | return OPENVPN_PLUGIN_FUNC_ERROR; |
711 | } |
712 | |
713 | - snprintf(sess->key, sizeof(sess->key) - 1, "%s", key); |
714 | + strncpy(sess->key, key, sizeof(sess->key) - 1); |
715 | ovpn_note("app session key: %s", sess->key); |
716 | |
717 | switch (plugin->type) |
718 | diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c |
719 | index c2ac80b..f5372f8 100644 |
720 | --- a/src/openvpn/crypto_openssl.c |
721 | +++ b/src/openvpn/crypto_openssl.c |
722 | @@ -839,9 +839,9 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, |
723 | crypto_msg(M_FATAL, "EVP cipher init #2"); |
724 | } |
725 | |
726 | - EVP_CIPHER_free(kt); |
727 | /* make sure we used a big enough key */ |
728 | ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt)); |
729 | + EVP_CIPHER_free(kt); |
730 | } |
731 | |
732 | int |
733 | diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c |
734 | index a334d5d..af7776b 100644 |
735 | --- a/src/openvpn/dco_freebsd.c |
736 | +++ b/src/openvpn/dco_freebsd.c |
737 | @@ -550,6 +550,10 @@ dco_do_read(dco_context_t *dco) |
738 | dco->dco_message_type = OVPN_CMD_DEL_PEER; |
739 | break; |
740 | |
741 | + case OVPN_NOTIF_ROTATE_KEY: |
742 | + dco->dco_message_type = OVPN_CMD_SWAP_KEYS; |
743 | + break; |
744 | + |
745 | default: |
746 | msg(M_WARN, "Unknown kernel notification %d", type); |
747 | break; |
748 | @@ -590,6 +594,10 @@ dco_available(int msglevel) |
749 | } |
750 | |
751 | buf = malloc(ifcr.ifcr_total * IFNAMSIZ); |
752 | + if (!buf) |
753 | + { |
754 | + goto out; |
755 | + } |
756 | |
757 | ifcr.ifcr_count = ifcr.ifcr_total; |
758 | ifcr.ifcr_buffer = buf; |
759 | diff --git a/src/openvpn/dco_freebsd.h b/src/openvpn/dco_freebsd.h |
760 | index a07f9b6..e1a054e 100644 |
761 | --- a/src/openvpn/dco_freebsd.h |
762 | +++ b/src/openvpn/dco_freebsd.h |
763 | @@ -35,6 +35,7 @@ typedef enum ovpn_key_cipher dco_cipher_t; |
764 | enum ovpn_message_type_t { |
765 | OVPN_CMD_DEL_PEER, |
766 | OVPN_CMD_PACKET, |
767 | + OVPN_CMD_SWAP_KEYS, |
768 | }; |
769 | |
770 | enum ovpn_del_reason_t { |
771 | diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c |
772 | index 41540c0..2bfdf98 100644 |
773 | --- a/src/openvpn/dco_linux.c |
774 | +++ b/src/openvpn/dco_linux.c |
775 | @@ -925,7 +925,10 @@ dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m) |
776 | |
777 | nlmsg_hdr(nl_msg)->nlmsg_flags |= NLM_F_DUMP; |
778 | |
779 | - return ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__); |
780 | + int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__); |
781 | + |
782 | + nlmsg_free(nl_msg); |
783 | + return ret; |
784 | } |
785 | |
786 | static int |
787 | @@ -1020,6 +1023,7 @@ dco_version_string(struct gc_arena *gc) |
788 | |
789 | if (!fgets(BSTR(&out), BCAP(&out), fp)) |
790 | { |
791 | + fclose(fp); |
792 | return "ERR"; |
793 | } |
794 | |
795 | @@ -1031,6 +1035,7 @@ dco_version_string(struct gc_arena *gc) |
796 | *nl = '\0'; |
797 | } |
798 | |
799 | + fclose(fp); |
800 | return BSTR(&out); |
801 | } |
802 | |
803 | diff --git a/src/openvpn/error.c b/src/openvpn/error.c |
804 | index a2c9aa4..9a234e6 100644 |
805 | --- a/src/openvpn/error.c |
806 | +++ b/src/openvpn/error.c |
807 | @@ -970,19 +970,24 @@ strerror_win32(DWORD errnum, struct gc_arena *gc) |
808 | |
809 | /* format a windows error message */ |
810 | { |
811 | - char message[256]; |
812 | + wchar_t wmessage[256]; |
813 | + char *message = NULL; |
814 | struct buffer out = alloc_buf_gc(256, gc); |
815 | - const int status = FormatMessage( |
816 | + const DWORD status = FormatMessageW( |
817 | FORMAT_MESSAGE_IGNORE_INSERTS |
818 | | FORMAT_MESSAGE_FROM_SYSTEM |
819 | | FORMAT_MESSAGE_ARGUMENT_ARRAY, |
820 | NULL, |
821 | errnum, |
822 | 0, |
823 | - message, |
824 | - sizeof(message), |
825 | + wmessage, |
826 | + SIZE(wmessage), |
827 | NULL); |
828 | - if (!status) |
829 | + if (status) |
830 | + { |
831 | + message = utf16to8(wmessage, gc); |
832 | + } |
833 | + if (!status || !message) |
834 | { |
835 | buf_printf(&out, "[Unknown Win32 Error]"); |
836 | } |
837 | diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c |
838 | index b3e0ba5..5bffe07 100644 |
839 | --- a/src/openvpn/forward.c |
840 | +++ b/src/openvpn/forward.c |
841 | @@ -1232,20 +1232,30 @@ process_incoming_dco(struct context *c) |
842 | return; |
843 | } |
844 | |
845 | - if (dco->dco_message_type != OVPN_CMD_DEL_PEER) |
846 | + switch (dco->dco_message_type) |
847 | { |
848 | - msg(D_DCO_DEBUG, "%s: received message of type %u - ignoring", __func__, |
849 | - dco->dco_message_type); |
850 | - return; |
851 | - } |
852 | + case OVPN_CMD_DEL_PEER: |
853 | + if (dco->dco_del_peer_reason == OVPN_DEL_PEER_REASON_EXPIRED) |
854 | + { |
855 | + msg(D_DCO_DEBUG, "%s: received peer expired notification of for peer-id " |
856 | + "%d", __func__, dco->dco_message_peer_id); |
857 | + trigger_ping_timeout_signal(c); |
858 | + return; |
859 | + } |
860 | + break; |
861 | |
862 | - if (dco->dco_del_peer_reason == OVPN_DEL_PEER_REASON_EXPIRED) |
863 | - { |
864 | - msg(D_DCO_DEBUG, "%s: received peer expired notification of for peer-id " |
865 | - "%d", __func__, dco->dco_message_peer_id); |
866 | - trigger_ping_timeout_signal(c); |
867 | - return; |
868 | + case OVPN_CMD_SWAP_KEYS: |
869 | + msg(D_DCO_DEBUG, "%s: received key rotation notification for peer-id %d", |
870 | + __func__, dco->dco_message_peer_id); |
871 | + tls_session_soft_reset(c->c2.tls_multi); |
872 | + break; |
873 | + |
874 | + default: |
875 | + msg(D_DCO_DEBUG, "%s: received message of type %u - ignoring", __func__, |
876 | + dco->dco_message_type); |
877 | + return; |
878 | } |
879 | + |
880 | #endif /* if defined(ENABLE_DCO) && (defined(TARGET_LINUX) || defined(TARGET_FREEBSD)) */ |
881 | } |
882 | |
883 | diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c |
884 | index 5444e75..6fb9cff 100644 |
885 | --- a/src/openvpn/multi.c |
886 | +++ b/src/openvpn/multi.c |
887 | @@ -3284,6 +3284,10 @@ multi_process_incoming_dco(struct multi_context *m) |
888 | { |
889 | process_incoming_del_peer(m, mi, dco); |
890 | } |
891 | + else if (dco->dco_message_type == OVPN_CMD_SWAP_KEYS) |
892 | + { |
893 | + tls_session_soft_reset(mi->context.c2.tls_multi); |
894 | + } |
895 | } |
896 | else |
897 | { |
898 | diff --git a/src/openvpn/options.c b/src/openvpn/options.c |
899 | index 2680f26..efddc58 100644 |
900 | --- a/src/openvpn/options.c |
901 | +++ b/src/openvpn/options.c |
902 | @@ -248,7 +248,7 @@ static const char usage_message[] = |
903 | "--setenv name value : Set a custom environmental variable to pass to script.\n" |
904 | "--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow\n" |
905 | " directives for future OpenVPN versions to be ignored.\n" |
906 | - "--ignore-unkown-option opt1 opt2 ...: Relax config file syntax. Allow\n" |
907 | + "--ignore-unknown-option opt1 opt2 ...: Relax config file syntax. Allow\n" |
908 | " these options to be ignored when unknown\n" |
909 | "--script-security level: Where level can be:\n" |
910 | " 0 -- strictly no calling of external programs\n" |
911 | @@ -569,8 +569,6 @@ static const char usage_message[] = |
912 | "(These options are meaningful only for TLS-mode)\n" |
913 | "--tls-server : Enable TLS and assume server role during TLS handshake.\n" |
914 | "--tls-client : Enable TLS and assume client role during TLS handshake.\n" |
915 | - "--key-method m : (DEPRECATED) Data channel key exchange method. m should be a method\n" |
916 | - " number, such as 1 (default), 2, etc.\n" |
917 | "--ca file : Certificate authority file in .pem format containing\n" |
918 | " root certificate.\n" |
919 | #ifndef ENABLE_CRYPTO_MBEDTLS |
920 | @@ -3771,14 +3769,14 @@ options_postprocess_mutate(struct options *o, struct env_set *es) |
921 | o->windows_driver = WINDOWS_DRIVER_TAP_WINDOWS6; |
922 | } |
923 | } |
924 | -#endif |
925 | - |
926 | +#else /* _WIN32 */ |
927 | if (dco_enabled(o) && o->dev_node) |
928 | { |
929 | msg(M_WARN, "Note: ignoring --dev-node as it has no effect when using " |
930 | "data channel offload"); |
931 | o->dev_node = NULL; |
932 | } |
933 | +#endif /* _WIN32 */ |
934 | |
935 | /* this depends on o->windows_driver, which is set above */ |
936 | options_postprocess_mutate_invariant(o); |
937 | diff --git a/src/openvpn/ovpn_dco_freebsd.h b/src/openvpn/ovpn_dco_freebsd.h |
938 | index fec3383..53f94df 100644 |
939 | --- a/src/openvpn/ovpn_dco_freebsd.h |
940 | +++ b/src/openvpn/ovpn_dco_freebsd.h |
941 | @@ -36,6 +36,7 @@ |
942 | |
943 | enum ovpn_notif_type { |
944 | OVPN_NOTIF_DEL_PEER, |
945 | + OVPN_NOTIF_ROTATE_KEY, |
946 | }; |
947 | |
948 | enum ovpn_del_reason { |
949 | diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c |
950 | index eee86e1..9b0ab39 100644 |
951 | --- a/src/openvpn/pkcs11_openssl.c |
952 | +++ b/src/openvpn/pkcs11_openssl.c |
953 | @@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, |
954 | { |
955 | pkcs11h_certificate_t cert = handle; |
956 | CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */ |
957 | + CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; |
958 | |
959 | unsigned char buf[EVP_MAX_MD_SIZE]; |
960 | size_t buflen; |
961 | @@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, |
962 | } |
963 | else if (!strcmp(sigalg.padmode, "pss")) |
964 | { |
965 | - CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; |
966 | mech.mechanism = CKM_RSA_PKCS_PSS; |
967 | |
968 | if (!set_pss_params(&pss_params, sigalg, cert)) |
969 | diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c |
970 | index f899b95..4af9bcb 100644 |
971 | --- a/src/openvpn/pool.c |
972 | +++ b/src/openvpn/pool.c |
973 | @@ -608,7 +608,6 @@ ifconfig_pool_read(struct ifconfig_pool_persist *persist, struct ifconfig_pool * |
974 | struct gc_arena gc = gc_new(); |
975 | struct buffer in = alloc_buf_gc(256, &gc); |
976 | char *cn_buf, *ip_buf, *ip6_buf; |
977 | - int line = 0; |
978 | |
979 | ALLOC_ARRAY_CLEAR_GC(cn_buf, char, buf_size, &gc); |
980 | ALLOC_ARRAY_CLEAR_GC(ip_buf, char, buf_size, &gc); |
981 | @@ -621,7 +620,6 @@ ifconfig_pool_read(struct ifconfig_pool_persist *persist, struct ifconfig_pool * |
982 | { |
983 | break; |
984 | } |
985 | - ++line; |
986 | if (!BLEN(&in)) |
987 | { |
988 | continue; |
989 | diff --git a/src/openvpn/push.c b/src/openvpn/push.c |
990 | index 54e53f6..8e96271 100644 |
991 | --- a/src/openvpn/push.c |
992 | +++ b/src/openvpn/push.c |
993 | @@ -713,7 +713,6 @@ send_push_options(struct context *c, struct buffer *buf, |
994 | { |
995 | struct push_entry *e = push_list->head; |
996 | |
997 | - e = push_list->head; |
998 | while (e) |
999 | { |
1000 | if (e->enable) |
1001 | diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c |
1002 | index ab8cc75..fc643c1 100644 |
1003 | --- a/src/openvpn/socket.c |
1004 | +++ b/src/openvpn/socket.c |
1005 | @@ -1165,7 +1165,7 @@ protect_fd_nonlocal(int fd, const struct sockaddr *addr) |
1006 | { |
1007 | if (!management) |
1008 | { |
1009 | - msg(M_FATAL, "Required management interface not available.") |
1010 | + msg(M_FATAL, "Required management interface not available."); |
1011 | } |
1012 | |
1013 | /* pass socket FD to management interface to pass on to VPNService API |
1014 | diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c |
1015 | index 60aaee8..8641a51 100644 |
1016 | --- a/src/openvpn/ssl.c |
1017 | +++ b/src/openvpn/ssl.c |
1018 | @@ -1918,6 +1918,12 @@ key_state_soft_reset(struct tls_session *session) |
1019 | ks->remote_addr = ks_lame->remote_addr; |
1020 | } |
1021 | |
1022 | +void |
1023 | +tls_session_soft_reset(struct tls_multi *tls_multi) |
1024 | +{ |
1025 | + key_state_soft_reset(&tls_multi->session[TM_ACTIVE]); |
1026 | +} |
1027 | + |
1028 | /* |
1029 | * Read/write strings from/to a struct buffer with a u16 length prefix. |
1030 | */ |
1031 | diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h |
1032 | index 4ed4cfa..3c40fbe 100644 |
1033 | --- a/src/openvpn/ssl.h |
1034 | +++ b/src/openvpn/ssl.h |
1035 | @@ -573,6 +573,9 @@ bool |
1036 | tls_session_generate_data_channel_keys(struct tls_multi *multi, |
1037 | struct tls_session *session); |
1038 | |
1039 | +void |
1040 | +tls_session_soft_reset(struct tls_multi *multi); |
1041 | + |
1042 | /** |
1043 | * Load ovpn.xkey provider used for external key signing |
1044 | */ |
1045 | diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c |
1046 | index 2320e8b..4ef390a 100644 |
1047 | --- a/src/openvpn/tun.c |
1048 | +++ b/src/openvpn/tun.c |
1049 | @@ -4200,7 +4200,7 @@ show_tap_win_adapters(int msglev, int warnlev) |
1050 | const struct tap_reg *tap_reg = get_tap_reg(&gc); |
1051 | const struct panel_reg *panel_reg = get_panel_reg(&gc); |
1052 | |
1053 | - msg(msglev, "Available TAP-WIN32 / Wintun adapters [name, GUID, driver]:"); |
1054 | + msg(msglev, "Available adapters [name, GUID, driver]:"); |
1055 | |
1056 | /* loop through each TAP-Windows adapter registry entry */ |
1057 | for (tr = tap_reg; tr != NULL; tr = tr->next) |
1058 | @@ -4337,7 +4337,6 @@ get_unspecified_device_guid(const int device_number, |
1059 | struct gc_arena *gc) |
1060 | { |
1061 | const struct tap_reg *tap_reg = tap_reg_src; |
1062 | - struct buffer ret = clear_buf(); |
1063 | struct buffer actual = clear_buf(); |
1064 | int i; |
1065 | |
1066 | @@ -4381,7 +4380,7 @@ get_unspecified_device_guid(const int device_number, |
1067 | } |
1068 | |
1069 | /* Save GUID for return value */ |
1070 | - ret = alloc_buf_gc(256, gc); |
1071 | + struct buffer ret = alloc_buf_gc(256, gc); |
1072 | buf_printf(&ret, "%s", tap_reg->guid); |
1073 | if (windows_driver != NULL) |
1074 | { |
1075 | diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c |
1076 | index 1ae3723..25da54a 100644 |
1077 | --- a/src/openvpn/win32.c |
1078 | +++ b/src/openvpn/win32.c |
1079 | @@ -509,19 +509,19 @@ win32_signal_open(struct win32_signal *ws, |
1080 | && !HANDLE_DEFINED(ws->in.read) && exit_event_name) |
1081 | { |
1082 | struct security_attributes sa; |
1083 | + struct gc_arena gc = gc_new(); |
1084 | + const wchar_t *exit_event_nameW = wide_string(exit_event_name, &gc); |
1085 | |
1086 | if (!init_security_attributes_allow_all(&sa)) |
1087 | { |
1088 | msg(M_ERR, "Error: win32_signal_open: init SA failed"); |
1089 | } |
1090 | |
1091 | - ws->in.read = CreateEvent(&sa.sa, |
1092 | - TRUE, |
1093 | - exit_event_initial_state ? TRUE : FALSE, |
1094 | - exit_event_name); |
1095 | + ws->in.read = CreateEventW(&sa.sa, TRUE, exit_event_initial_state ? TRUE : FALSE, |
1096 | + exit_event_nameW); |
1097 | if (ws->in.read == NULL) |
1098 | { |
1099 | - msg(M_WARN|M_ERRNO, "NOTE: CreateEvent '%s' failed", exit_event_name); |
1100 | + msg(M_WARN|M_ERRNO, "NOTE: CreateEventW '%s' failed", exit_event_name); |
1101 | } |
1102 | else |
1103 | { |
1104 | @@ -534,6 +534,7 @@ win32_signal_open(struct win32_signal *ws, |
1105 | ws->mode = WSO_MODE_SERVICE; |
1106 | } |
1107 | } |
1108 | + gc_free(&gc); |
1109 | } |
1110 | /* set the ctrl handler in both console and service modes */ |
1111 | if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE) win_ctrl_handler, true)) |
1112 | diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c |
1113 | index ec19627..d73cef0 100644 |
1114 | --- a/src/openvpnserv/interactive.c |
1115 | +++ b/src/openvpnserv/interactive.c |
1116 | @@ -1868,7 +1868,6 @@ RunOpenvpn(LPVOID p) |
1117 | } |
1118 | |
1119 | startup_info.cb = sizeof(startup_info); |
1120 | - startup_info.lpDesktop = L"winsta0\\default"; |
1121 | startup_info.dwFlags = STARTF_USESTDHANDLES; |
1122 | startup_info.hStdInput = stdin_read; |
1123 | startup_info.hStdOutput = stdout_write; |
1124 | diff --git a/src/tapctl/main.c b/src/tapctl/main.c |
1125 | index 1194036..d76d553 100644 |
1126 | --- a/src/tapctl/main.c |
1127 | +++ b/src/tapctl/main.c |
1128 | @@ -126,6 +126,85 @@ usage(void) |
1129 | title_string); |
1130 | } |
1131 | |
1132 | +/** |
1133 | + * Checks if adapter with given name doesn't already exist |
1134 | + */ |
1135 | +static BOOL |
1136 | +is_adapter_name_available(LPCTSTR name, struct tap_adapter_node *adapter_list, BOOL log) |
1137 | +{ |
1138 | + for (struct tap_adapter_node *a = adapter_list; a; a = a->pNext) |
1139 | + { |
1140 | + if (_tcsicmp(name, a->szName) == 0) |
1141 | + { |
1142 | + if (log) |
1143 | + { |
1144 | + LPOLESTR adapter_id = NULL; |
1145 | + StringFromIID((REFIID)&a->guid, &adapter_id); |
1146 | + _ftprintf(stderr, TEXT("Adapter \"%") TEXT(PRIsLPTSTR) TEXT("\" already exists (GUID %") |
1147 | + TEXT(PRIsLPOLESTR) TEXT(").\n"), a->szName, adapter_id); |
1148 | + CoTaskMemFree(adapter_id); |
1149 | + } |
1150 | + |
1151 | + return FALSE; |
1152 | + } |
1153 | + } |
1154 | + |
1155 | + return TRUE; |
1156 | +} |
1157 | + |
1158 | +/** |
1159 | + * Returns unique adapter name based on hwid or NULL if name cannot be generated. |
1160 | + * Caller is responsible for freeing it. |
1161 | + */ |
1162 | +static LPTSTR |
1163 | +get_unique_adapter_name(LPCTSTR hwid, struct tap_adapter_node *adapter_list) |
1164 | +{ |
1165 | + if (hwid == NULL) |
1166 | + { |
1167 | + return NULL; |
1168 | + } |
1169 | + |
1170 | + LPCTSTR base_name; |
1171 | + if (_tcsicmp(hwid, TEXT("ovpn-dco")) == 0) |
1172 | + { |
1173 | + base_name = TEXT("OpenVPN Data Channel Offload"); |
1174 | + } |
1175 | + else if (_tcsicmp(hwid, TEXT("wintun")) == 0) |
1176 | + { |
1177 | + base_name = TEXT("OpenVPN Wintun"); |
1178 | + } |
1179 | + else if (_tcsicmp(hwid, TEXT("root\\") TEXT(TAP_WIN_COMPONENT_ID)) == 0) |
1180 | + { |
1181 | + base_name = TEXT("OpenVPN TAP-Windows6"); |
1182 | + } |
1183 | + else |
1184 | + { |
1185 | + return NULL; |
1186 | + } |
1187 | + |
1188 | + if (is_adapter_name_available(base_name, adapter_list, FALSE)) |
1189 | + { |
1190 | + return _tcsdup(base_name); |
1191 | + } |
1192 | + |
1193 | + size_t name_len = _tcslen(base_name) + 10; |
1194 | + LPTSTR name = malloc(name_len * sizeof(TCHAR)); |
1195 | + if (name == NULL) |
1196 | + { |
1197 | + return NULL; |
1198 | + } |
1199 | + for (int i = 1; i < 100; ++i) |
1200 | + { |
1201 | + _stprintf_s(name, name_len, TEXT("%ls #%d"), base_name, i); |
1202 | + |
1203 | + if (is_adapter_name_available(name, adapter_list, FALSE)) |
1204 | + { |
1205 | + return name; |
1206 | + } |
1207 | + } |
1208 | + |
1209 | + return NULL; |
1210 | +} |
1211 | |
1212 | /** |
1213 | * Program entry point |
1214 | @@ -210,50 +289,49 @@ _tmain(int argc, LPCTSTR argv[]) |
1215 | iResult = 1; goto quit; |
1216 | } |
1217 | |
1218 | - if (szName) |
1219 | + /* Get existing network adapters. */ |
1220 | + struct tap_adapter_node *pAdapterList = NULL; |
1221 | + dwResult = tap_list_adapters(NULL, NULL, &pAdapterList); |
1222 | + if (dwResult != ERROR_SUCCESS) |
1223 | { |
1224 | - /* Get existing network adapters. */ |
1225 | - struct tap_adapter_node *pAdapterList = NULL; |
1226 | - dwResult = tap_list_adapters(NULL, NULL, &pAdapterList); |
1227 | - if (dwResult != ERROR_SUCCESS) |
1228 | - { |
1229 | - _ftprintf(stderr, TEXT("Enumerating adapters failed (error 0x%x).\n"), dwResult); |
1230 | - iResult = 1; goto create_delete_adapter; |
1231 | - } |
1232 | + _ftprintf(stderr, TEXT("Enumerating adapters failed (error 0x%x).\n"), dwResult); |
1233 | + iResult = 1; |
1234 | + goto create_delete_adapter; |
1235 | + } |
1236 | |
1237 | - /* Check for duplicates. */ |
1238 | - for (struct tap_adapter_node *pAdapter = pAdapterList; pAdapter; pAdapter = pAdapter->pNext) |
1239 | + LPTSTR adapter_name = szName ? _tcsdup(szName) : get_unique_adapter_name(szHwId, pAdapterList); |
1240 | + if (adapter_name) |
1241 | + { |
1242 | + /* Check for duplicates when name was specified, |
1243 | + * otherwise get_adapter_default_name() takes care of it */ |
1244 | + if (szName && !is_adapter_name_available(adapter_name, pAdapterList, TRUE)) |
1245 | { |
1246 | - if (_tcsicmp(szName, pAdapter->szName) == 0) |
1247 | - { |
1248 | - StringFromIID((REFIID)&pAdapter->guid, &szAdapterId); |
1249 | - _ftprintf(stderr, TEXT("Adapter \"%") TEXT(PRIsLPTSTR) TEXT("\" already exists (GUID %") |
1250 | - TEXT(PRIsLPOLESTR) TEXT(").\n"), pAdapter->szName, szAdapterId); |
1251 | - CoTaskMemFree(szAdapterId); |
1252 | - iResult = 1; goto create_cleanup_pAdapterList; |
1253 | - } |
1254 | + iResult = 1; |
1255 | + goto create_cleanup_pAdapterList; |
1256 | } |
1257 | |
1258 | /* Rename the adapter. */ |
1259 | - dwResult = tap_set_adapter_name(&guidAdapter, szName, FALSE); |
1260 | + dwResult = tap_set_adapter_name(&guidAdapter, adapter_name, FALSE); |
1261 | if (dwResult != ERROR_SUCCESS) |
1262 | { |
1263 | StringFromIID((REFIID)&guidAdapter, &szAdapterId); |
1264 | _ftprintf(stderr, TEXT("Renaming TUN/TAP adapter %") TEXT(PRIsLPOLESTR) |
1265 | TEXT(" to \"%") TEXT(PRIsLPTSTR) TEXT("\" failed (error 0x%x).\n"), |
1266 | - szAdapterId, szName, dwResult); |
1267 | + szAdapterId, adapter_name, dwResult); |
1268 | CoTaskMemFree(szAdapterId); |
1269 | iResult = 1; goto quit; |
1270 | } |
1271 | + } |
1272 | |
1273 | - iResult = 0; |
1274 | + iResult = 0; |
1275 | |
1276 | create_cleanup_pAdapterList: |
1277 | - tap_free_adapter_list(pAdapterList); |
1278 | - if (iResult) |
1279 | - { |
1280 | - goto create_delete_adapter; |
1281 | - } |
1282 | + free(adapter_name); |
1283 | + |
1284 | + tap_free_adapter_list(pAdapterList); |
1285 | + if (iResult) |
1286 | + { |
1287 | + goto create_delete_adapter; |
1288 | } |
1289 | |
1290 | /* Output adapter GUID. */ |
1291 | diff --git a/tests/Makefile.am b/tests/Makefile.am |
1292 | index a46f257..80673d5 100644 |
1293 | --- a/tests/Makefile.am |
1294 | +++ b/tests/Makefile.am |
1295 | @@ -25,8 +25,10 @@ TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)" |
1296 | TESTS = $(test_scripts) |
1297 | |
1298 | dist_noinst_SCRIPTS = \ |
1299 | - $(test_scripts) \ |
1300 | + t_cltsrv.sh \ |
1301 | t_cltsrv-down.sh \ |
1302 | + t_lpback.sh \ |
1303 | + t_net.sh \ |
1304 | update_t_client_ips.sh |
1305 | |
1306 | dist_noinst_DATA = \ |
1307 | diff --git a/tests/Makefile.in b/tests/Makefile.in |
1308 | index 969579a..5783eb7 100644 |
1309 | --- a/tests/Makefile.in |
1310 | +++ b/tests/Makefile.in |
1311 | @@ -111,15 +111,13 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_socklen_t.m4 \ |
1312 | $(top_srcdir)/configure.ac |
1313 | am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ |
1314 | $(ACLOCAL_M4) |
1315 | -DIST_COMMON = $(srcdir)/Makefile.am $(am__dist_noinst_SCRIPTS_DIST) \ |
1316 | +DIST_COMMON = $(srcdir)/Makefile.am $(dist_noinst_SCRIPTS) \ |
1317 | $(dist_noinst_DATA) $(am__DIST_COMMON) |
1318 | mkinstalldirs = $(install_sh) -d |
1319 | CONFIG_HEADER = $(top_builddir)/config.h \ |
1320 | $(top_builddir)/include/openvpn-plugin.h |
1321 | CONFIG_CLEAN_FILES = t_client.sh |
1322 | CONFIG_CLEAN_VPATH_FILES = |
1323 | -am__dist_noinst_SCRIPTS_DIST = t_client.sh t_lpback.sh t_cltsrv.sh \ |
1324 | - t_net.sh t_cltsrv-down.sh update_t_client_ips.sh |
1325 | SCRIPTS = $(dist_noinst_SCRIPTS) |
1326 | AM_V_P = $(am__v_P_@AM_V@) |
1327 | am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) |
1328 | @@ -425,8 +423,10 @@ SUBDIRS = unit_tests |
1329 | TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)" |
1330 | TESTS = $(test_scripts) |
1331 | dist_noinst_SCRIPTS = \ |
1332 | - $(test_scripts) \ |
1333 | + t_cltsrv.sh \ |
1334 | t_cltsrv-down.sh \ |
1335 | + t_lpback.sh \ |
1336 | + t_net.sh \ |
1337 | update_t_client_ips.sh |
1338 | |
1339 | dist_noinst_DATA = \ |
1340 | diff --git a/tests/t_client.sh b/tests/t_client.sh |
1341 | deleted file mode 100755 |
1342 | index 37635a1..0000000 |
1343 | --- a/tests/t_client.sh |
1344 | +++ /dev/null |
1345 | @@ -1,463 +0,0 @@ |
1346 | -#!/bin/bash |
1347 | -# |
1348 | -# run OpenVPN client against ``test reference'' server |
1349 | -# - check that ping, http, ... via tunnel works |
1350 | -# - check that interface config / routes are properly cleaned after test end |
1351 | -# |
1352 | -# prerequisites: |
1353 | -# - openvpn binary in current directory |
1354 | -# - writable current directory to create subdir for logs |
1355 | -# - t_client.rc in current directory OR source dir that specifies tests |
1356 | -# - for "ping4" checks: fping binary in $PATH |
1357 | -# - for "ping6" checks: fping (4.0+) or fping6 binary in $PATH |
1358 | -# |
1359 | - |
1360 | -# by changing this to 1 we can force automated builds to fail |
1361 | -# that are expected to have all the prerequisites |
1362 | -TCLIENT_SKIP_RC="${TCLIENT_SKIP_RC:-77}" |
1363 | - |
1364 | -srcdir="${srcdir:-.}" |
1365 | -top_builddir="${top_builddir:-..}" |
1366 | -if [ -r "${top_builddir}"/t_client.rc ] ; then |
1367 | - . "${top_builddir}"/t_client.rc |
1368 | -elif [ -r "${srcdir}"/t_client.rc ] ; then |
1369 | - . "${srcdir}"/t_client.rc |
1370 | -else |
1371 | - echo "$0: cannot find 't_client.rc' in build dir ('${top_builddir}')" >&2 |
1372 | - echo "$0: or source directory ('${srcdir}'). SKIPPING TEST." >&2 |
1373 | - exit "${TCLIENT_SKIP_RC}" |
1374 | -fi |
1375 | - |
1376 | -# Check for external dependencies |
1377 | -FPING="fping" |
1378 | -FPING6="fping6" |
1379 | -which fping > /dev/null |
1380 | -if [ $? -ne 0 ]; then |
1381 | - echo "$0: fping is not available in \$PATH" >&2 |
1382 | - exit "${TCLIENT_SKIP_RC}" |
1383 | -fi |
1384 | -which fping6 > /dev/null |
1385 | -if [ $? -ne 0 ]; then |
1386 | - echo "$0: fping6 is not available in \$PATH, assuming fping 4.0 or later" >&2 |
1387 | - FPING="fping -4" |
1388 | - FPING6="fping -6" |
1389 | -fi |
1390 | - |
1391 | -KILL_EXEC=`which kill` |
1392 | -if [ $? -ne 0 ]; then |
1393 | - echo "$0: kill not found in \$PATH" >&2 |
1394 | - exit "${TCLIENT_SKIP_RC}" |
1395 | -fi |
1396 | - |
1397 | -if [ ! -x "${top_builddir}/src/openvpn/openvpn" ] |
1398 | -then |
1399 | - echo "no (executable) openvpn binary in current build tree. FAIL." >&2 |
1400 | - exit 1 |
1401 | -fi |
1402 | - |
1403 | -if [ ! -w . ] |
1404 | -then |
1405 | - echo "current directory is not writable (required for logging). FAIL." >&2 |
1406 | - exit 1 |
1407 | -fi |
1408 | - |
1409 | -if [ -z "$CA_CERT" ] ; then |
1410 | - echo "CA_CERT not defined in 't_client.rc'. SKIP test." >&2 |
1411 | - exit "${TCLIENT_SKIP_RC}" |
1412 | -fi |
1413 | - |
1414 | -if [ -z "$TEST_RUN_LIST" ] ; then |
1415 | - echo "TEST_RUN_LIST empty, no tests defined. SKIP test." >&2 |
1416 | - exit "${TCLIENT_SKIP_RC}" |
1417 | -fi |
1418 | - |
1419 | -# Ensure PREFER_KSU is in a known state |
1420 | -PREFER_KSU="${PREFER_KSU:-0}" |
1421 | - |
1422 | -# make sure we have permissions to run ifconfig/route from OpenVPN |
1423 | -# can't use "id -u" here - doesn't work on Solaris |
1424 | -ID=`id` |
1425 | -if expr "$ID" : "uid=0" >/dev/null |
1426 | -then : |
1427 | -else |
1428 | - if [ "${PREFER_KSU}" -eq 1 ]; |
1429 | - then |
1430 | - # Check if we have a valid kerberos ticket |
1431 | - klist -l 1>/dev/null 2>/dev/null |
1432 | - if [ $? -ne 0 ]; |
1433 | - then |
1434 | - # No kerberos ticket found, skip ksu and fallback to RUN_SUDO |
1435 | - PREFER_KSU=0 |
1436 | - echo "$0: No Kerberos ticket available. Will not use ksu." |
1437 | - else |
1438 | - RUN_SUDO="ksu -q -e" |
1439 | - fi |
1440 | - fi |
1441 | - |
1442 | - if [ -z "$RUN_SUDO" ] |
1443 | - then |
1444 | - echo "$0: this test must run be as root, or RUN_SUDO=... " >&2 |
1445 | - echo " must be set correctly in 't_client.rc'. SKIP." >&2 |
1446 | - exit "${TCLIENT_SKIP_RC}" |
1447 | - else |
1448 | - # We have to use sudo. Make sure that we (hopefully) do not have |
1449 | - # to ask the users password during the test. This is done to |
1450 | - # prevent timing issues, e.g. when the waits for openvpn to start |
1451 | - if $RUN_SUDO $KILL_EXEC -0 $$ |
1452 | - then |
1453 | - echo "$0: $RUN_SUDO $KILL_EXEC -0 succeeded, good." |
1454 | - else |
1455 | - echo "$0: $RUN_SUDO $KILL_EXEC -0 failed, cannot go on. SKIP." >&2 |
1456 | - exit "${TCLIENT_SKIP_RC}" |
1457 | - fi |
1458 | - fi |
1459 | -fi |
1460 | - |
1461 | -LOGDIR=t_client-`hostname`-`date +%Y%m%d-%H%M%S` |
1462 | -if mkdir $LOGDIR |
1463 | -then : |
1464 | -else |
1465 | - echo "can't create log directory '$LOGDIR'. FAIL." >&2 |
1466 | - exit 1 |
1467 | -fi |
1468 | - |
1469 | -# verbosity, defaults to "1" |
1470 | -V="${V:-1}" |
1471 | - |
1472 | -exit_code=0 |
1473 | - |
1474 | -# ---------------------------------------------------------- |
1475 | -# helper functions |
1476 | -# ---------------------------------------------------------- |
1477 | - |
1478 | -# output progress information |
1479 | -# depending on verbosity level, collect & print only on failure |
1480 | -output_start() |
1481 | -{ |
1482 | - case $V in |
1483 | - 0) outbuf="" ;; # no per-test output at all |
1484 | - 1) echo -e "$@" # compact, details only on failure |
1485 | - outbuf="\n" ;; |
1486 | - *) echo -e "\n$@\n" ;; # print all, with a bit formatting |
1487 | - esac |
1488 | -} |
1489 | - |
1490 | -output() |
1491 | -{ |
1492 | - NO_NL=''; if [ "X$1" = "X-n" ] ; then NO_NL=$1 ; shift ; fi |
1493 | - case $V in |
1494 | - 0) ;; # no per-test output at all |
1495 | - 1) outbuf="$outbuf$@" # print details only on failure |
1496 | - test -z "$NO_NL" && outbuf="$outbuf\n" |
1497 | - ;; |
1498 | - *) echo -e $NO_NL "$@" ;; # print everything |
1499 | - esac |
1500 | -} |
1501 | - |
1502 | -# print failure message, increase FAIL counter |
1503 | -fail() |
1504 | -{ |
1505 | - output "FAIL: $@\n" |
1506 | - fail_count=$(( $fail_count + 1 )) |
1507 | -} |
1508 | - |
1509 | -# print "all interface IP addresses" + "all routes" |
1510 | -# this is higly system dependent... |
1511 | -get_ifconfig_route() |
1512 | -{ |
1513 | - # linux / iproute2? (-> if configure got a path) |
1514 | - if [ -n "/usr/sbin/ip" ] |
1515 | - then |
1516 | - echo "-- linux iproute2 --" |
1517 | - /usr/sbin/ip addr show | grep -v valid_lft |
1518 | - /usr/sbin/ip route show |
1519 | - /usr/sbin/ip -o -6 route show | grep -v ' cache' | sed -E -e 's/ expires [0-9]*sec//' -e 's/ (mtu|hoplimit|cwnd|ssthresh) [0-9]+//g' -e 's/ (rtt|rttvar) [0-9]+ms//g' |
1520 | - return |
1521 | - fi |
1522 | - |
1523 | - # try uname |
1524 | - case `uname -s` in |
1525 | - Linux) |
1526 | - echo "-- linux / ifconfig --" |
1527 | - LANG=C /usr/sbin/ifconfig -a |egrep "( addr:|encap:)" |
1528 | - LANG=C netstat -rn -4 -6 |
1529 | - return |
1530 | - ;; |
1531 | - FreeBSD|NetBSD|Darwin) |
1532 | - echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --" |
1533 | - /usr/sbin/ifconfig -a | egrep "(flags=|inet)" |
1534 | - netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' |
1535 | - return |
1536 | - ;; |
1537 | - OpenBSD) |
1538 | - echo "-- OpenBSD --" |
1539 | - /usr/sbin/ifconfig -a | egrep "(flags=|inet)" | \ |
1540 | - sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//' |
1541 | - netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' |
1542 | - return |
1543 | - ;; |
1544 | - SunOS) |
1545 | - echo "-- Solaris --" |
1546 | - /usr/sbin/ifconfig -a | egrep "(flags=|inet)" |
1547 | - netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' |
1548 | - return |
1549 | - ;; |
1550 | - AIX) |
1551 | - echo "-- AIX --" |
1552 | - /usr/sbin/ifconfig -a | egrep "(flags=|inet)" |
1553 | - netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' |
1554 | - return |
1555 | - ;; |
1556 | - esac |
1557 | - |
1558 | - echo "get_ifconfig_route(): no idea how to get info on your OS. FAIL." >&2 |
1559 | - exit 20 |
1560 | -} |
1561 | - |
1562 | -# ---------------------------------------------------------- |
1563 | -# check ifconfig |
1564 | -# arg1: "4" or "6" -> for message |
1565 | -# arg2: IPv4/IPv6 address that must show up in out of "get_ifconfig_route" |
1566 | -check_ifconfig() |
1567 | -{ |
1568 | - proto=$1 ; shift |
1569 | - expect_list="$@" |
1570 | - |
1571 | - if [ -z "$expect_list" ] ; then return ; fi |
1572 | - |
1573 | - for expect in $expect_list |
1574 | - do |
1575 | - if get_ifconfig_route | fgrep "$expect" >/dev/null |
1576 | - then : |
1577 | - else |
1578 | - fail "check_ifconfig(): expected IPv$proto address '$expect' not found in ifconfig output." |
1579 | - fi |
1580 | - done |
1581 | -} |
1582 | - |
1583 | -# ---------------------------------------------------------- |
1584 | -# run pings |
1585 | -# arg1: "4" or "6" -> fping/fing6 |
1586 | -# arg2: "want_ok" or "want_fail" (expected ping result) |
1587 | -# arg3... -> fping arguments (host list) |
1588 | -run_ping_tests() |
1589 | -{ |
1590 | - proto=$1 ; want=$2 ; shift ; shift |
1591 | - targetlist="$@" |
1592 | - |
1593 | - # "no targets" is fine |
1594 | - if [ -z "$targetlist" ] ; then return ; fi |
1595 | - |
1596 | - case $proto in |
1597 | - 4) cmd="$FPING" ;; |
1598 | - 6) cmd="$FPING6" ;; |
1599 | - *) echo "internal error in run_ping_tests arg 1: '$proto'" >&2 |
1600 | - exit 1 ;; |
1601 | - esac |
1602 | - |
1603 | - case $want in |
1604 | - want_ok) sizes_list="64 1440 3000" ;; |
1605 | - want_fail) sizes_list="64" ;; |
1606 | - esac |
1607 | - |
1608 | - for bytes in $sizes_list |
1609 | - do |
1610 | - output "run IPv$proto ping tests ($want), $bytes byte packets..." |
1611 | - |
1612 | - echo "$cmd -b $bytes -C 20 -p 250 -q $fping_args $targetlist" >>$LOGDIR/$SUF:fping.out |
1613 | - $cmd -b $bytes -C 20 -p 250 -q $fping_args $targetlist >>$LOGDIR/$SUF:fping.out 2>&1 |
1614 | - |
1615 | - # while OpenVPN is running, pings must succeed (want='want_ok') |
1616 | - # before OpenVPN is up, pings must NOT succeed (want='want_fail') |
1617 | - |
1618 | - rc=$? |
1619 | - if [ $rc = 0 ] # all ping OK |
1620 | - then |
1621 | - if [ $want = "want_fail" ] # not what we want |
1622 | - then |
1623 | - fail "IPv$proto ping test succeeded, but needs to *fail*." |
1624 | - fi |
1625 | - else # ping failed |
1626 | - if [ $want = "want_ok" ] # not what we wanted |
1627 | - then |
1628 | - fail "IPv$proto ping test ($bytes bytes) failed, but should succeed." |
1629 | - fi |
1630 | - fi |
1631 | - done |
1632 | -} |
1633 | - |
1634 | -# ---------------------------------------------------------- |
1635 | -# main test loop |
1636 | -# ---------------------------------------------------------- |
1637 | -SUMMARY_OK= |
1638 | -SUMMARY_FAIL= |
1639 | - |
1640 | -for SUF in $TEST_RUN_LIST |
1641 | -do |
1642 | - # get config variables |
1643 | - eval test_prep=\"\$PREPARE_$SUF\" |
1644 | - eval test_postinit=\"\$POSTINIT_CMD_$SUF\" |
1645 | - eval test_cleanup=\"\$CLEANUP_$SUF\" |
1646 | - eval test_run_title=\"\$RUN_TITLE_$SUF\" |
1647 | - eval openvpn_conf=\"\$OPENVPN_CONF_$SUF\" |
1648 | - eval expect_ifconfig4=\"\$EXPECT_IFCONFIG4_$SUF\" |
1649 | - eval expect_ifconfig6=\"\$EXPECT_IFCONFIG6_$SUF\" |
1650 | - eval ping4_hosts=\"\$PING4_HOSTS_$SUF\" |
1651 | - eval ping6_hosts=\"\$PING6_HOSTS_$SUF\" |
1652 | - eval fping_args=\"\$FPING_EXTRA_ARGS \$FPING_ARGS_$SUF\" |
1653 | - |
1654 | - # If EXCEPT_IFCONFIG* variables for this test are missing, run an --up |
1655 | - # script to generate them dynamically. |
1656 | - if [ -z "$expect_ifconfig4" ] || [ -z "$expect_ifconfig6" ]; then |
1657 | - up="--setenv TESTNUM $SUF --setenv TOP_BUILDDIR ${top_builddir} --script-security 2 --up ${srcdir}/update_t_client_ips.sh" |
1658 | - else |
1659 | - up="" |
1660 | - fi |
1661 | - |
1662 | - output_start "### test run $SUF: '$test_run_title' ###" |
1663 | - fail_count=0 |
1664 | - |
1665 | - if [ -n "$test_prep" ]; then |
1666 | - output "running preparation: '$test_prep'" |
1667 | - eval $test_prep |
1668 | - fi |
1669 | - |
1670 | - output "save pre-openvpn ifconfig + route" |
1671 | - get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_pre.txt |
1672 | - |
1673 | - output "\nrun pre-openvpn ping tests - targets must not be reachable..." |
1674 | - run_ping_tests 4 want_fail "$ping4_hosts" |
1675 | - run_ping_tests 6 want_fail "$ping6_hosts" |
1676 | - if [ "$fail_count" = 0 ] ; then |
1677 | - output "OK.\n" |
1678 | - else |
1679 | - fail "make sure that ping hosts are ONLY reachable via VPN, SKIP test $SUF." |
1680 | - SUMMARY_FAIL="$SUMMARY_FAIL $SUF" |
1681 | - exit_code=31 |
1682 | - echo -e "$outbuf" ; continue |
1683 | - fi |
1684 | - |
1685 | - pidfile="${top_builddir}/tests/$LOGDIR/openvpn-$SUF.pid" |
1686 | - openvpn_conf="$openvpn_conf --writepid $pidfile $up" |
1687 | - output " run openvpn $openvpn_conf" |
1688 | - echo "# src/openvpn/openvpn $openvpn_conf" >$LOGDIR/$SUF:openvpn.log |
1689 | - umask 022 |
1690 | - $RUN_SUDO "${top_builddir}/src/openvpn/openvpn" $openvpn_conf >>$LOGDIR/$SUF:openvpn.log & |
1691 | - sudopid=$! |
1692 | - |
1693 | - # Check if OpenVPN has initialized before continuing. It will check every 3rd second up |
1694 | - # to $ovpn_init_check times. |
1695 | - ovpn_init_check=10 |
1696 | - ovpn_init_success=0 |
1697 | - while [ $ovpn_init_check -gt 0 ]; |
1698 | - do |
1699 | - sleep 3 # Wait for OpenVPN to initialize and have had time to write the pid file |
1700 | - grep "Initialization Sequence Completed" $LOGDIR/$SUF:openvpn.log >/dev/null |
1701 | - if [ $? -eq 0 ]; then |
1702 | - ovpn_init_check=0 |
1703 | - ovpn_init_success=1 |
1704 | - fi |
1705 | - ovpn_init_check=$(( $ovpn_init_check - 1 )) |
1706 | - done |
1707 | - |
1708 | - opid=`cat $pidfile` |
1709 | - if [ -n "$opid" ]; then |
1710 | - output " OpenVPN running with PID $opid" |
1711 | - else |
1712 | - output " Could not read OpenVPN PID file" |
1713 | - fi |
1714 | - |
1715 | - # If OpenVPN did not start |
1716 | - if [ $ovpn_init_success -ne 1 -o -z "$opid" ]; then |
1717 | - output "$0: OpenVPN did not initialize in a reasonable time" |
1718 | - if [ -n "$opid" ]; then |
1719 | - $RUN_SUDO $KILL_EXEC $opid |
1720 | - fi |
1721 | - $RUN_SUDO $KILL_EXEC $sudopid |
1722 | - output "tail -5 $SUF:openvpn.log" |
1723 | - output "`tail -5 $LOGDIR/$SUF:openvpn.log`" |
1724 | - fail "skip rest of sub-tests for test run $SUF." |
1725 | - trap - 0 1 2 3 15 |
1726 | - SUMMARY_FAIL="$SUMMARY_FAIL $SUF" |
1727 | - exit_code=30 |
1728 | - echo -e "$outbuf" ; continue |
1729 | - fi |
1730 | - |
1731 | - # make sure openvpn client is terminated in case shell exits |
1732 | - trap "$RUN_SUDO $KILL_EXEC $opid" 0 |
1733 | - trap "$RUN_SUDO $KILL_EXEC $opid ; trap - 0 ; exit 1" 1 2 3 15 |
1734 | - |
1735 | - # compare whether anything changed in ifconfig/route setup? |
1736 | - output "save ifconfig+route" |
1737 | - get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route.txt |
1738 | - |
1739 | - output -n "compare pre-openvpn ifconfig+route with current values..." |
1740 | - if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \ |
1741 | - $LOGDIR/$SUF:ifconfig_route.txt >/dev/null |
1742 | - then |
1743 | - fail "no differences between ifconfig/route before OpenVPN start and now." |
1744 | - else |
1745 | - output " OK!\n" |
1746 | - fi |
1747 | - |
1748 | - # post init script needed? |
1749 | - if [ -n "$test_postinit" ]; then |
1750 | - output "running post-init cmd: '$test_postinit'" |
1751 | - eval $test_postinit |
1752 | - fi |
1753 | - |
1754 | - # expected ifconfig values in there? |
1755 | - check_ifconfig 4 "$expect_ifconfig4" |
1756 | - check_ifconfig 6 "$expect_ifconfig6" |
1757 | - |
1758 | - run_ping_tests 4 want_ok "$ping4_hosts" |
1759 | - run_ping_tests 6 want_ok "$ping6_hosts" |
1760 | - output "ping tests done.\n" |
1761 | - |
1762 | - output "stopping OpenVPN" |
1763 | - $RUN_SUDO $KILL_EXEC $opid |
1764 | - wait $! |
1765 | - rc=$? |
1766 | - if [ $rc != 0 ] ; then |
1767 | - fail "OpenVPN return code $rc, expect 0" |
1768 | - fi |
1769 | - |
1770 | - output "\nsave post-openvpn ifconfig + route..." |
1771 | - get_ifconfig_route >$LOGDIR/$SUF:ifconfig_route_post.txt |
1772 | - |
1773 | - output -n "compare pre- and post-openvpn ifconfig + route..." |
1774 | - if diff $LOGDIR/$SUF:ifconfig_route_pre.txt \ |
1775 | - $LOGDIR/$SUF:ifconfig_route_post.txt >$LOGDIR/$SUF:ifconfig_route_diff.txt |
1776 | - then |
1777 | - output " OK.\n" |
1778 | - else |
1779 | - output "\n\n" "`cat $LOGDIR/$SUF:ifconfig_route_diff.txt`" "\n" |
1780 | - fail "differences between pre- and post-ifconfig/route." |
1781 | - fi |
1782 | - if [ "$fail_count" = 0 ] ; then |
1783 | - output "test run $SUF: all tests OK.\n" |
1784 | - SUMMARY_OK="$SUMMARY_OK $SUF" |
1785 | - else |
1786 | - if [ "$V" -gt 0 ] ; then |
1787 | - echo -e -n "$outbuf" |
1788 | - echo -e "test run $SUF: $fail_count test failures. FAIL.\n" |
1789 | - fi |
1790 | - SUMMARY_FAIL="$SUMMARY_FAIL $SUF" |
1791 | - exit_code=30 |
1792 | - fi |
1793 | - |
1794 | - if [ -n "$test_cleanup" ]; then |
1795 | - echo -e "cleaning up: '$test_cleanup'" |
1796 | - eval $test_cleanup |
1797 | - fi |
1798 | - |
1799 | -done |
1800 | - |
1801 | -if [ -z "$SUMMARY_OK" ] ; then SUMMARY_OK=" none"; fi |
1802 | -if [ -z "$SUMMARY_FAIL" ] ; then SUMMARY_FAIL=" none"; fi |
1803 | -echo "Test sets succeeded:$SUMMARY_OK." |
1804 | -echo "Test sets failed:$SUMMARY_FAIL." |
1805 | - |
1806 | -# remove trap handler |
1807 | -trap - 0 1 2 3 15 |
1808 | -exit $exit_code |
1809 | diff --git a/version.m4 b/version.m4 |
1810 | index 2776b82..fd6aab3 100644 |
1811 | --- a/version.m4 |
1812 | +++ b/version.m4 |
1813 | @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) |
1814 | define([PRODUCT_TARNAME], [openvpn]) |
1815 | define([PRODUCT_VERSION_MAJOR], [2]) |
1816 | define([PRODUCT_VERSION_MINOR], [6]) |
1817 | -define([PRODUCT_VERSION_PATCH], [.3]) |
1818 | +define([PRODUCT_VERSION_PATCH], [.5]) |
1819 | m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) |
1820 | m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) |
1821 | m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) |
1822 | define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) |
1823 | -define([PRODUCT_VERSION_RESOURCE], [2,6,3,0]) |
1824 | +define([PRODUCT_VERSION_RESOURCE], [2,6,5,0]) |
1825 | dnl define the TAP version |
1826 | define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) |
1827 | define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |
I am going to review this MP.