Paul Irofti <p...@irofti.net> writes: > The following fixes 4 remote holes. OK? :)
Nope, please don't blindly delete patches that don't apply. ;) My take: Index: Makefile =================================================================== RCS file: /d/cvs/ports/net/openvpn/Makefile,v retrieving revision 1.78 diff -u -p -r1.78 Makefile --- Makefile 11 Jun 2017 12:15:50 -0000 1.78 +++ Makefile 21 Jun 2017 11:50:44 -0000 @@ -2,8 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.4.2 -REVISION= 2 +DISTNAME= openvpn-2.4.3 CATEGORIES= net security HOMEPAGE= https://openvpn.net/index.php/open-source/ Index: distinfo =================================================================== RCS file: /d/cvs/ports/net/openvpn/distinfo,v retrieving revision 1.37 diff -u -p -r1.37 distinfo --- distinfo 14 May 2017 16:43:33 -0000 1.37 +++ distinfo 21 Jun 2017 11:50:44 -0000 @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.4.2.tar.gz) = skdAydRKgeryvvxIRtUURaUgEEMh4yqvDBNe0uCYpiQ= -SIZE (openvpn-2.4.2.tar.gz) = 1402516 +SHA256 (openvpn-2.4.3.tar.gz) = hKAao98MEqNVLKO6qjnXABN7W85LbeaD/of7eb+l3ws= +SIZE (openvpn-2.4.3.tar.gz) = 1397306 Index: patches/patch-configure =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-configure,v retrieving revision 1.16 diff -u -p -r1.16 patch-configure --- patches/patch-configure 14 May 2017 16:43:33 -0000 1.16 +++ patches/patch-configure 21 Jun 2017 11:50:44 -0000 @@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.16 2017/05 Index: configure --- configure.orig +++ configure -@@ -17187,7 +17187,7 @@ else +@@ -17318,7 +17318,7 @@ else fi Index: patches/patch-include_openvpn-plugin_h_in =================================================================== RCS file: patches/patch-include_openvpn-plugin_h_in diff -N patches/patch-include_openvpn-plugin_h_in --- patches/patch-include_openvpn-plugin_h_in 15 May 2017 14:30:56 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-include_openvpn-plugin_h_in,v 1.1 2017/05/15 14:30:56 jca Exp $ - -Include stddef.h for size_t. - -Index: include/openvpn-plugin.h.in ---- include/openvpn-plugin.h.in.orig -+++ include/openvpn-plugin.h.in -@@ -44,6 +44,7 @@ typedef X509 openvpn_x509_cert_t; - #endif - - #include <stdarg.h> -+#include <stddef.h> - - #ifdef __cplusplus - extern "C" { Index: patches/patch-src_openvpn_route_c =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v retrieving revision 1.10 diff -u -p -r1.10 patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 11 Jun 2017 12:15:50 -0000 1.10 +++ patches/patch-src_openvpn_route_c 21 Jun 2017 11:50:44 -0000 @@ -2,12 +2,10 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. - add support for on-link routes -- add support for non-0 routing tables - https://github.com/OpenVPN/openvpn/commit/3dd30bfe5fdf9f34afe7f847b4e30156982d9ff0 - ---- src/openvpn/route.c.orig Thu Mar 23 02:34:21 2017 -+++ src/openvpn/route.c Wed Apr 12 18:06:40 2017 -@@ -1778,12 +1778,17 @@ add_route(struct route_ipv4 *r, +Index: src/openvpn/route.c +--- src/openvpn/route.c.orig ++++ src/openvpn/route.c +@@ -1777,12 +1777,17 @@ add_route(struct route_ipv4 *r, } #endif @@ -28,23 +26,3 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed"); -@@ -3597,6 +3602,9 @@ get_default_gateway(struct route_gateway_info *rgi) - rtm.rtm_flags = RTF_UP | RTF_GATEWAY; - rtm.rtm_version = RTM_VERSION; - rtm.rtm_seq = ++seq; -+#ifdef TARGET_OPENBSD -+ rtm.rtm_tableid = getrtable(); -+#endif - rtm.rtm_addrs = rtm_addrs; - - so_dst.sa_family = AF_INET; -@@ -3812,6 +3820,9 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf - rtm.rtm_flags = RTF_UP; - rtm.rtm_version = RTM_VERSION; - rtm.rtm_seq = ++seq; -+#ifdef TARGET_OPENBSD -+ rtm.rtm_tableid = getrtable(); -+#endif - - so_dst.sin6_family = AF_INET6; - so_mask.sin6_family = AF_INET6; Index: patches/patch-src_openvpn_syshead_h =================================================================== RCS file: patches/patch-src_openvpn_syshead_h diff -N patches/patch-src_openvpn_syshead_h --- patches/patch-src_openvpn_syshead_h 11 Jun 2017 12:15:50 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,18 +0,0 @@ -$OpenBSD: patch-src_openvpn_syshead_h,v 1.4 2017/06/11 12:15:50 jca Exp $ - -- missing include - https://github.com/OpenVPN/openvpn/commit/e5b236eaba4512f86da917a0a63dd0f84e1b02db - ---- src/openvpn/syshead.h.orig Wed Feb 15 11:34:39 2017 -+++ src/openvpn/syshead.h Wed Feb 15 11:35:49 2017 -@@ -288,6 +288,10 @@ - #include <netinet/ip.h> - #endif - -+#ifdef HAVE_NETINET_TCP_H -+#include <netinet/tcp.h> -+#endif -+ - #ifdef HAVE_NET_IF_TUN_H - #include <net/if_tun.h> - #endif Index: patches/patch-src_openvpn_tun_c =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v retrieving revision 1.14 diff -u -p -r1.14 patch-src_openvpn_tun_c --- patches/patch-src_openvpn_tun_c 11 Jun 2017 12:15:50 -0000 1.14 +++ patches/patch-src_openvpn_tun_c 21 Jun 2017 11:50:44 -0000 @@ -2,13 +2,10 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.14 - no need for link0 any more, we have separate tap interfaces -- fix bus error in write_tun_header() due to misaligned access - https://github.com/OpenVPN/openvpn/commit/3e4e300d6c5ea9c320e62def79e5b70f8e255248 - Index: src/openvpn/tun.c --- src/openvpn/tun.c.orig +++ src/openvpn/tun.c -@@ -1201,7 +1201,7 @@ do_ifconfig(struct tuntap *tt, +@@ -1200,7 +1200,7 @@ do_ifconfig(struct tuntap *tt, if (tun) { argv_printf(&argv, @@ -17,7 +14,7 @@ Index: src/openvpn/tun.c IFCONFIG_PATH, actual, ifconfig_local, -@@ -1213,7 +1213,7 @@ do_ifconfig(struct tuntap *tt, +@@ -1212,7 +1212,7 @@ do_ifconfig(struct tuntap *tt, { remote_end = create_arbitrary_remote( tt ); argv_printf(&argv, @@ -26,7 +23,7 @@ Index: src/openvpn/tun.c IFCONFIG_PATH, actual, ifconfig_local, -@@ -1224,8 +1224,13 @@ do_ifconfig(struct tuntap *tt, +@@ -1223,8 +1223,13 @@ do_ifconfig(struct tuntap *tt, } else { @@ -41,18 +38,3 @@ Index: src/openvpn/tun.c IFCONFIG_PATH, actual, ifconfig_local, -@@ -1654,11 +1659,11 @@ write_tun_header(struct tuntap *tt, uint8_t *buf, int - { - u_int32_t type; - struct iovec iv[2]; -- struct ip *iph; -+ struct openvpn_iphdr *iph; - -- iph = (struct ip *) buf; -+ iph = (struct openvpn_iphdr *) buf; - -- if (iph->ip_v == 6) -+ if (OPENVPN_IPH_GET_VER(iph->version_len) == 6) - { - type = htonl(AF_INET6); - } -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE