diff options
Diffstat (limited to 'net-vpn/peervpn')
| -rw-r--r-- | net-vpn/peervpn/Manifest | 7 | ||||
| -rw-r--r-- | net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch | 91 | ||||
| -rw-r--r-- | net-vpn/peervpn/files/peervpn.initd | 21 | ||||
| -rw-r--r-- | net-vpn/peervpn/files/peervpn.logrotated | 7 | ||||
| -rw-r--r-- | net-vpn/peervpn/files/peervpn.service | 12 | ||||
| -rw-r--r-- | net-vpn/peervpn/metadata.xml | 10 | ||||
| -rw-r--r-- | net-vpn/peervpn/peervpn-0.044-r4.ebuild | 67 |
7 files changed, 215 insertions, 0 deletions
diff --git a/net-vpn/peervpn/Manifest b/net-vpn/peervpn/Manifest new file mode 100644 index 000000000000..3cc3746fdea1 --- /dev/null +++ b/net-vpn/peervpn/Manifest @@ -0,0 +1,7 @@ +AUX peervpn-0.044-strncpy-null-terminator.patch 3556 SHA256 f655877a8071c55f430e0317044e0cb1ed06f9b3c33ab03d12964cff7632d3a7 SHA512 d09686271ead53a5433a60b7b6551fea23661d5a76f55f7c6c2d94b1c8946c83d51990388d5e77049ccce2ad64292ce8ab815ffec94eacb53738be34584370c6 WHIRLPOOL 3f5290f54d2d605a0240cc89ca3cffe1ce9e7a2f309df6b3d4e361ffcfc113a15dd22bc7c2111b44522d68ab27983e73313f24e4bee6fc5426e752d9c0337745 +AUX peervpn.initd 590 SHA256 0fa85626d4ed95f41ec19c03d358786d723313a1fa77fb328377a1be3d376175 SHA512 68ef4c4de590ff6be19135f86fb9cbac88f80dac7a5094d262281404d8fa3aac2b22f532f65834a6d2da95818d55eb2a451d4724e1c4c783be60fb410bfbaa33 WHIRLPOOL 67b18afe5bf2f34bd3ec811b4e304bc5ac058a6534cf84281c855bdcd122ad1b57db14db2e79256165961f5e2d26f9a0da4893ff4834c8e163a079318b7cabe5 +AUX peervpn.logrotated 87 SHA256 ab24b611fb91b1deafa420a796c48f3d479541d76c9fbbec278d51bcd7b5ade7 SHA512 474d2cd0c92786d5b7b45604a235a9102197e9e3520c812db86c1183bc0ab0963dbbb538ff684a44bc47184eb3e87d77e6b2ddab72c52fccca529cc16f56f515 WHIRLPOOL 3ccd8a8dc643b3d18b686d585b18b4f9c0966fa980ea198d4cd60361ddd4851adc4f2d10f85cab1a88e31648326b106ebd53fc23c6436ba80467a3e551bbd862 +AUX peervpn.service 256 SHA256 a9d8ec1d57833892040e03e95e62bea9d95493d8a2e27441cf9dadbd9b598b15 SHA512 d2d7336ed77324f30d3a4d83fe47b43bbafc3340525eac862bd7637e3a72a70dba1dc9ea21ed59e1606c8d1c03c3ee5ab9da73b49e71cf70e536369ae9ecf01c WHIRLPOOL 40080c5c89bd15fc5fc2d65920e1fe60ab91d3dfa2475b068e2af19315ef702844cfe96e72ff343c58b7f60061d3eecb429ffa1d4a437fefd684185322527cbb +DIST peervpn-0.044.tar.gz 81948 SHA256 9d2afc4b5b2b456dee386c80c5d37c32cd7c91d72c3a784d6d99f3d0f28d21d8 SHA512 5dd8e056287a905f3aaddf93d6dad917047e6f7da30942f412ff7b2846afd26fb9f4e500cfcb76966b4045db2a37096f1aa43b87e777ff31c2e467aa0415cdba WHIRLPOOL 7935a7826ec632d0b378099fccce6bf5cb08bc5a8d3ce5d3e102075bc81eed963386f823f42a67b175d7df393a7dd5c0136807f6a5b580371d96fdbee0723bd7 +EBUILD peervpn-0.044-r4.ebuild 1558 SHA256 c38166d6ba6c073e8e7534ea97145b3ce79f41d6abff8fc233ff010bbeda0393 SHA512 0e01fc7243e8e72bf0b5c5b302393f4f94df658ace1fdd3b30263a7d12ca2392264d8d4d89c3c8540a72cf71531156340e924ce65ee04c0a792d3fbf593854a8 WHIRLPOOL fe8310a1a3da9906d3c7a545e982e7e17e9e2ea4d412debf908cf5b08ef5bc0fe5401a5d57a393a51857b2a71823f16b2ee462fe13f2d9e0d263606de2e391f3 +MISC metadata.xml 306 SHA256 c67c4c3518c058ceb302f0e973691a6e0c9e53037c87430fe29bf0dd6b6eea50 SHA512 29286f5271bd2e6cb8aa39d626bc581cdfce7206e3a76e964418b460c20ab844e096a009db6c3ef1f3bc09f56622a2e388bce8aeeedd3be65d936e244915a7db WHIRLPOOL a39f8e3c13a00e416cf28568e53061cb59c9832b9e7cea62bc0d6ab2f04b0274e2224c011dc61e7366fe1a322e02a6aaa50dcb26703f51c07c83d38712a1f901 diff --git a/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch b/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch new file mode 100644 index 000000000000..e16d0ef80239 --- /dev/null +++ b/net-vpn/peervpn/files/peervpn-0.044-strncpy-null-terminator.patch @@ -0,0 +1,91 @@ +From 5dda3477ed31888b86792ed05c17d80a77fe0b03 Mon Sep 17 00:00:00 2001 +From: Zac Medico <zmedico@gentoo.org> +Date: Thu, 30 Mar 2017 16:03:27 -0700 +Subject: [PATCH] config.ic: fix strncpy calls to copy null terminator for 512 + byte strings + +This problem caused a 512 byte psk setting to trigger authentication +failure, since the strlen call used to set password_len would return +an unpredictable result on each peer. + +https://github.com/peervpn/peervpn/pull/20 +--- + config.ic | 26 +++++++++++++------------- + 1 file changed, 13 insertions(+), 13 deletions(-) + +diff --git a/config.ic b/config.ic +index e0eba35..405e9de 100644 +--- a/config.ic ++++ b/config.ic +@@ -147,55 +147,55 @@ static int parseConfigLine(char *line, int len, struct s_initconfig *cs) { + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"local",&vpos)) { +- strncpy(cs->sourceip,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->sourceip,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"port",&vpos)) { +- strncpy(cs->sourceport,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->sourceport,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"user",&vpos)) { +- strncpy(cs->userstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->userstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"group",&vpos)) { +- strncpy(cs->groupstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->groupstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"chroot",&vpos)) { +- strncpy(cs->chrootstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->chrootstr,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"networkname",&vpos)) { +- strncpy(cs->networkname,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->networkname,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"interface",&vpos)) { +- strncpy(cs->tapname,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->tapname,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"ifconfig4",&vpos)) { +- strncpy(cs->ifconfig4,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->ifconfig4,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"ifconfig6",&vpos)) { +- strncpy(cs->ifconfig6,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->ifconfig6,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"upcmd",&vpos)) { +- strncpy(cs->upcmd,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->upcmd,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"initpeers",&vpos)) { +- strncpy(cs->initpeers,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->initpeers,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"engine",&vpos)) { +- strncpy(cs->engines,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->engines,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + return 1; + } + else if(parseConfigLineCheckCommand(line,len,"psk",&vpos)) { +- strncpy(cs->password,&line[vpos],CONFPARSER_NAMEBUF_SIZE); ++ strncpy(cs->password,&line[vpos],CONFPARSER_NAMEBUF_SIZE+1); + cs->password_len = strlen(cs->password); + return 1; + } +-- +2.10.2 + diff --git a/net-vpn/peervpn/files/peervpn.initd b/net-vpn/peervpn/files/peervpn.initd new file mode 100644 index 000000000000..77d98a9558b0 --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.initd @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 2016-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="peervpn server" +pidfile=${pidfile:-"/run/${RC_SVCNAME}.pid"} +logfile=${logfile:-"/var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"} +user=${RC_SVCNAME} +group=${RC_SVCNAME} + +command="/usr/sbin/${RC_SVCNAME}" +command_args="${command_args:-/etc/peervpn/peervpn.conf}" +command_background="true" +# peervpn will drop privileges based on user and group config file settings +start_stop_daemon_args=" + --stdout ${logfile} + --stderr ${logfile}" + +depend() { + need net +} diff --git a/net-vpn/peervpn/files/peervpn.logrotated b/net-vpn/peervpn/files/peervpn.logrotated new file mode 100644 index 000000000000..e99669c91358 --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.logrotated @@ -0,0 +1,7 @@ +/var/log/peervpn/peervpn.log { + missingok + size 5M + rotate 3 + compress + copytruncate +} diff --git a/net-vpn/peervpn/files/peervpn.service b/net-vpn/peervpn/files/peervpn.service new file mode 100644 index 000000000000..13c5310f517b --- /dev/null +++ b/net-vpn/peervpn/files/peervpn.service @@ -0,0 +1,12 @@ +[Unit] +Description=peervpn server +Requires=network-online.target +After=network-online.target + +[Service] +Environment=PEERVPN_OPTS="/etc/peervpn/peervpn.conf" +ExecStart=/usr/sbin/peervpn $PEERVPN_OPTS +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/peervpn/metadata.xml b/net-vpn/peervpn/metadata.xml new file mode 100644 index 000000000000..d4216eaa7140 --- /dev/null +++ b/net-vpn/peervpn/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>zmedico@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="github">peervpn/peervpn</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-vpn/peervpn/peervpn-0.044-r4.ebuild b/net-vpn/peervpn/peervpn-0.044-r4.ebuild new file mode 100644 index 000000000000..27b19165e236 --- /dev/null +++ b/net-vpn/peervpn/peervpn-0.044-r4.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs user + +DESCRIPTION="P2P mesh VPN" +HOMEPAGE="https://github.com/peervpn/peervpn" +EGIT_COMMIT="eb35174277fbf745c5ee0d5875d659dad819adfc" +SRC_URI="https://github.com/peervpn/peervpn/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" +RDEPEND="dev-libs/openssl:0=" +DEPEND="${RDEPEND}" + +S=${WORKDIR}/${PN}-${EGIT_COMMIT} + +PATCHES=( + "${FILESDIR}/${P}-strncpy-null-terminator.patch" +) + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 -1 ${PN} +} + +src_prepare() { + default + sed -e 's|^CFLAGS+=-O2||' -i Makefile || die +} + +src_compile() { + emake CC=$(tc-getCC) || die +} + +src_install() { + dosbin ${PN} + + insinto /etc/${PN} + newins peervpn.conf peervpn.conf.example + # read-only group access for bug 629418 + fowners root:${PN} /etc/${PN} + fperms 0750 /etc/${PN} + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + systemd_dounit "${FILESDIR}/${PN}.service" + + keepdir /var/log/${PN} + insinto /etc/logrotate.d + newins "${FILESDIR}/${PN}.logrotated" "${PN}" +} + +pkg_preinst() { + if ! has_version '>=net-vpn/peervpn-0.044-r4' && \ + [[ -d ${EROOT}etc/${PN} && + $(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print) ]]; then + ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 629418" + while read -r -d ''; do + chown root:${PN} "${REPLY}" || die + chmod g+rX-w,o-rwx "${REPLY}" || die + done < <(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print0) + fi +} |