diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2024-03-13 19:46:48 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2024-03-13 21:30:19 +0100 |
| commit | 47e3f5d9c3c5d0832b83f12782ded63fdcb11bd1 (patch) | |
| tree | 84be9b35d40057667e2d7616b8b9adef6f68c093 /source/n/openvpn | |
| parent | e4d752ef5069af2d0502827a03aaadfe36d3bb04 (diff) | |
| download | current-47e3f5d9c3c5d0832b83f12782ded63fdcb11bd1.tar.gz current-47e3f5d9c3c5d0832b83f12782ded63fdcb11bd1.tar.xz | |
Wed Mar 13 19:46:48 UTC 202420240313194648
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Thanks to opty for encouraging us to think about nobody.
d/meson-1.4.0-x86_64-1.txz: Upgraded.
d/python-setuptools-69.2.0-x86_64-1.txz: Upgraded.
l/expat-2.6.2-x86_64-1.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:
https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb693746854aa8
https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
l/pipewire-1.0.4-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.0-x86_64-1.txz: Upgraded.
n/openvpn-2.6.9-x86_64-2.txz: Rebuilt.
Run as openvpn:openvpn. Thanks to rkelsen.
n/proftpd-1.3.8b-x86_64-2.txz: Rebuilt.
Run as proftpd:proftpd.
x/libva-2.21.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.21.0-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-2.txz: Rebuilt.
Run as nm-openvpn:nm-openvpn. Thanks to Markus Wiesner.
Diffstat (limited to 'source/n/openvpn')
| -rw-r--r-- | source/n/openvpn/README | 10 | ||||
| -rwxr-xr-x | source/n/openvpn/openvpn.SlackBuild | 6 | ||||
| -rw-r--r-- | source/n/openvpn/rc.openvpn | 8 |
3 files changed, 12 insertions, 12 deletions
diff --git a/source/n/openvpn/README b/source/n/openvpn/README index cf2c6602f..46d8e00b4 100644 --- a/source/n/openvpn/README +++ b/source/n/openvpn/README @@ -16,11 +16,11 @@ openssl-solibs) and lzo installed on your computer. Please note that there is no default config file for OpenVPN. This is by design. OpenVPN can technically use any config file in any location. However, this script does create an /etc/openvpn/ directory with certs/ -and keys/ subdirectories. Feel free to place config files, keys, and +and keys/ subdirectories. Feel free to place config files, keys, and certificates in these directories. certs/ and keys/ are owned by user -root and group nobody and are not world readable nor writable. -Additionally, they are not writable by group nobody. It is recommended -that you run openvpn nobody:nobody, but you may use another -non-privilaged user and group at your option. Just change the +root and group openvpn and are not world readable nor writable. +Additionally, they are not writable by group openvpn. It is recommended +that you run openvpn openvpn:openvpn, but you may use another +non-privileged user and group at your option. Just change the permissions on these permissions to reflect that if you do. diff --git a/source/n/openvpn/openvpn.SlackBuild b/source/n/openvpn/openvpn.SlackBuild index 21406b8b4..06c96254a 100755 --- a/source/n/openvpn/openvpn.SlackBuild +++ b/source/n/openvpn/openvpn.SlackBuild @@ -1,7 +1,7 @@ #!/bin/bash # Copyright 2006, Alan Hicks, Lizella, GA -# Copyright 2008, 2009, 2010, 2011, 2013, 2016, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2013, 2016, 2018, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=openvpn VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -124,7 +124,7 @@ fi # Create a decent config directory. openvpn doesn't have one by # default, nor does it have a single config file. mkdir -p $PKG/etc/openvpn/{certs,keys} -chown root:nobody $PKG/etc/openvpn/{certs,keys} +chown root:openvpn $PKG/etc/openvpn/{certs,keys} chmod 750 $PKG/etc/openvpn/{certs,keys} # Install a startup script: diff --git a/source/n/openvpn/rc.openvpn b/source/n/openvpn/rc.openvpn index 86f319225..8494ce329 100644 --- a/source/n/openvpn/rc.openvpn +++ b/source/n/openvpn/rc.openvpn @@ -22,16 +22,16 @@ ovpn_start() { if [ -z "$1" ]; then # start OpenVPN for all config files: if /bin/ls /etc/openvpn/*.conf 1> /dev/null 2> /dev/null ; then for config in /etc/openvpn/*.conf ; do - echo "Starting OpenVPN: /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $config).pid --user nobody --group nobody --config $config" - /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $config).pid --user nobody --group nobody --config $config + echo "Starting OpenVPN: /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $config).pid --user openvpn --group openvpn --config $config" + /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $config).pid --user openvpn --group openvpn --config $config done else echo "Unable to start OpenVPN - no .conf files found in /etc/openvpn/." fi else # start OpenVPN for one config file: if [ -r "$1" ]; then - echo "Starting OpenVPN: /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $1).pid --user nobody --group nobody --config $1" - /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $1).pid --user nobody --group nobody --config $1 + echo "Starting OpenVPN: /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $1).pid --user openvpn --group openvpn --config $1" + /usr/sbin/openvpn --daemon --writepid /run/openvpn/$(basename $1).pid --user openvpn --group openvpn --config $1 else # config file is missing: echo "Error starting OpenVPN: config file $1 is missing." fi |