From ba547216ffdbd19863248282085789880c33f179 Mon Sep 17 00:00:00 2001 From: mandree Date: Fri, 11 Jan 2013 23:09:37 +0000 Subject: OpenVPN changes, upgrades and fixes: - Upgrade security/openvpn to v2.3.0 (changes installed layout a bit), splitting and re-diffing patches. - Retain v2.2.2 as security/openvpn22 - Mark security/openvpn20 as deprecated and to expire 6 months from now - Fix TCP_NODELAY option (openvpn 2.3, 2.2), see - Fix PassTOS option (openvpn 2.2, 2.0), see http://community.openvpn.net/openvpn/ticket/135 --- security/Makefile | 1 + security/openvpn/Makefile | 31 ++--- security/openvpn/distinfo | 4 +- ...ch-sample__sample-config-files__loopback-client | 13 +++ ...ch-sample__sample-config-files__loopback-server | 13 +++ security/openvpn/files/patch-selftest-ports | 26 ----- .../openvpn/files/patch-src__openvpn__syshead.h | 16 +++ security/openvpn/files/patch-t_cltsrv.sh | 21 ---- security/openvpn/pkg-plist | 110 ++++++------------ security/openvpn20/Makefile | 5 +- security/openvpn20/files/patch-socket.h | 11 ++ security/openvpn22/Makefile | 122 ++++++++++++++++++++ security/openvpn22/distinfo | 2 + security/openvpn22/files/openvpn.in | 125 +++++++++++++++++++++ security/openvpn22/files/patch-selftest-ports | 26 +++++ security/openvpn22/files/patch-socket.h | 11 ++ security/openvpn22/files/patch-syshead.h | 16 +++ security/openvpn22/files/patch-t_cltsrv.sh | 21 ++++ security/openvpn22/files/pkg-message.in | 7 ++ security/openvpn22/pkg-descr | 7 ++ security/openvpn22/pkg-plist | 81 +++++++++++++ 21 files changed, 525 insertions(+), 144 deletions(-) create mode 100644 security/openvpn/files/patch-sample__sample-config-files__loopback-client create mode 100644 security/openvpn/files/patch-sample__sample-config-files__loopback-server delete mode 100644 security/openvpn/files/patch-selftest-ports create mode 100644 security/openvpn/files/patch-src__openvpn__syshead.h delete mode 100644 security/openvpn/files/patch-t_cltsrv.sh create mode 100644 security/openvpn20/files/patch-socket.h create mode 100644 security/openvpn22/Makefile create mode 100644 security/openvpn22/distinfo create mode 100644 security/openvpn22/files/openvpn.in create mode 100644 security/openvpn22/files/patch-selftest-ports create mode 100644 security/openvpn22/files/patch-socket.h create mode 100644 security/openvpn22/files/patch-syshead.h create mode 100644 security/openvpn22/files/patch-t_cltsrv.sh create mode 100644 security/openvpn22/files/pkg-message.in create mode 100644 security/openvpn22/pkg-descr create mode 100644 security/openvpn22/pkg-plist diff --git a/security/Makefile b/security/Makefile index 018dd87c3f7b..f7a6dba49ce3 100644 --- a/security/Makefile +++ b/security/Makefile @@ -363,6 +363,7 @@ SUBDIR += openvpn-beta SUBDIR += openvpn-devel SUBDIR += openvpn20 + SUBDIR += openvpn22 SUBDIR += ophcrack SUBDIR += opieprint SUBDIR += osiris diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index 516ccf0e902a..dfcf0d0f2fff 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openvpn -DISTVERSION= 2.2.2 +DISTVERSION= 2.3.0 CATEGORIES= security net # MASTER_SITES points to hosts in distinct data centers, # so just one MASTER_SITES entry should be OK. @@ -14,15 +14,17 @@ COMMENT= Secure IP/Ethernet tunnel daemon LICENSE= GPLv2 -CONFLICTS_INSTALL= openvpn-devel-[0-9]* openvpn-2.0* openvpn-beta-[0-9]* +CONFLICTS_INSTALL= openvpn-2.[!3].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* GNU_CONFIGURE= yes USE_OPENSSL= yes USE_XZ= yes -CONFIGURE_ARGS= --with-lzo-lib=${LOCALBASE}/lib \ - --with-lzo-headers=${LOCALBASE}/include +# let OpenVPN's configure script pick up the libraries +CPPFLAGS+= -I${LOCALBASE}/include +LDFLAGS+= -L${LOCALBASE}/lib -OPTIONS_DEFINE= PW_SAVE PKCS11 +# PolarSSL missing: OpenVPN does not currently compile with PolarSSL 1.2.0+ +OPTIONS_DEFINE= PW_SAVE PKCS11 PW_SAVE_DESC= Interactive passwords may be read from a file PKCS11_DESC= Use security/pkcs11-helper @@ -63,14 +65,6 @@ LIB_DEPENDS+= pkcs11-helper:${PORTSDIR}/security/pkcs11-helper CONFIGURE_ARGS+= --disable-pkcs11 .endif -post-patch: - @${FIND} ${WRKSRC}/easy-rsa/?.0 -type f \ - -exec ${REINPLACE_CMD} -e 's;#!/bin/bash;#!/bin/sh;' \ - -e 's,source ./vars,. ./vars,' \{\} + - @${FIND} ${WRKSRC}/plugin -name Makefile \ - -exec ${REINPLACE_CMD} -e 's;gcc;${CC};g' '{}' + - @${FIND} ${WRKSRC} \( -name \*.orig -o -name \*.bak \) -delete - pre-configure: .ifdef (LOG_OPENVPN) @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" @@ -84,8 +78,6 @@ pre-configure: .endif post-build: - cd ${WRKSRC}/plugin/down-root && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} ${MAKE_ARGS} - cd ${WRKSRC}/plugin/auth-pam && ${CC} ${CPPFLAGS} -I../.. -DDLOPEN_PAM=0 ${CFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.c pamdl.c -lc -lpam @# self-tests here .if !defined(WITHOUT_CHECK) @${ECHO} ; ${ECHO} "### Note that you can skip these lengthy selftests with WITHOUT_CHECK=yes ###" ; ${ECHO} @@ -94,21 +86,18 @@ post-build: post-install: ${MKDIR} ${PREFIX}/lib - ${INSTALL_PROGRAM} ${WRKSRC}/plugin/down-root/openvpn-down-root.so ${PREFIX}/lib/ - ${INSTALL_PROGRAM} ${WRKSRC}/plugin/auth-pam/openvpn-auth-pam.so ${PREFIX}/lib/ .if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/plugin/down-root/README ${DOCSDIR}/README.openvpn-down-root - ${INSTALL_DATA} ${WRKSRC}/plugin/auth-pam/README ${DOCSDIR}/README.openvpn-auth-pam .for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL \ PORTS README ${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}/ .endfor -.for dir in easy-rsa easy-rsa/1.0 easy-rsa/2.0 sample-config-files +.for dir in sample/sample-config-files + ${RM} -f ${WRKSRC}/${dir}/*.orig ${MKDIR} ${DOCSDIR}/${dir} ${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_DATA} \{\} ${DOCSDIR}/${dir} \; .endfor -.for dir in sample-scripts +.for dir in sample/sample-scripts ${MKDIR} ${DOCSDIR}/${dir} ${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_SCRIPT} \{\} ${DOCSDIR}/${dir} \; .endfor diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo index a9bca63e4151..0a0ff0d9b6fe 100644 --- a/security/openvpn/distinfo +++ b/security/openvpn/distinfo @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.2.2.tar.xz) = a694b9f661a0db30c048c94a4b4fc63d1460aea4dbc504a4f233f3c15997f4cd -SIZE (openvpn-2.2.2.tar.xz) = 649356 +SHA256 (openvpn-2.3.0.tar.xz) = a9fcf7bc1c1cd88cd8867ff567e8f8df5e695f0e983bd0aed3a3e1f6ae14d107 +SIZE (openvpn-2.3.0.tar.xz) = 762052 diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-client b/security/openvpn/files/patch-sample__sample-config-files__loopback-client new file mode 100644 index 000000000000..47cac942e0b9 --- /dev/null +++ b/security/openvpn/files/patch-sample__sample-config-files__loopback-client @@ -0,0 +1,13 @@ +--- ./sample/sample-config-files/loopback-client.orig 2012-09-10 17:01:08.000000000 +0200 ++++ ./sample/sample-config-files/loopback-client 2013-01-11 21:30:07.000000000 +0100 +@@ -9,8 +9,8 @@ + # ./openvpn --config sample-config-files/loopback-client (In one window) + # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) + +-rport 16000 +-lport 16001 ++rport 16100 ++lport 16101 + remote localhost + local localhost + dev null diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-server b/security/openvpn/files/patch-sample__sample-config-files__loopback-server new file mode 100644 index 000000000000..cd55ac640678 --- /dev/null +++ b/security/openvpn/files/patch-sample__sample-config-files__loopback-server @@ -0,0 +1,13 @@ +--- ./sample/sample-config-files/loopback-server.orig 2012-09-10 17:01:08.000000000 +0200 ++++ ./sample/sample-config-files/loopback-server 2013-01-11 21:30:07.000000000 +0100 +@@ -9,8 +9,8 @@ + # ./openvpn --config sample-config-files/loopback-client (In one window) + # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) + +-rport 16001 +-lport 16000 ++rport 16101 ++lport 16100 + remote localhost + local localhost + dev null diff --git a/security/openvpn/files/patch-selftest-ports b/security/openvpn/files/patch-selftest-ports deleted file mode 100644 index 5e195261eecb..000000000000 --- a/security/openvpn/files/patch-selftest-ports +++ /dev/null @@ -1,26 +0,0 @@ ---- sample-config-files/loopback-client.orig Mon Oct 16 00:30:20 2006 -+++ sample-config-files/loopback-client Wed Apr 4 00:51:31 2007 -@@ -9,8 +9,8 @@ - # ./openvpn --config sample-config-files/loopback-client (In one window) - # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - --rport 16000 --lport 16001 -+rport 16100 -+lport 16101 - remote localhost - local localhost - dev null ---- sample-config-files/loopback-server.orig Mon Oct 16 00:30:20 2006 -+++ sample-config-files/loopback-server Wed Apr 4 00:51:31 2007 -@@ -9,8 +9,8 @@ - # ./openvpn --config sample-config-files/loopback-client (In one window) - # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - --rport 16001 --lport 16000 -+rport 16101 -+lport 16100 - remote localhost - local localhost - dev null diff --git a/security/openvpn/files/patch-src__openvpn__syshead.h b/security/openvpn/files/patch-src__openvpn__syshead.h new file mode 100644 index 000000000000..a30a7c95765f --- /dev/null +++ b/security/openvpn/files/patch-src__openvpn__syshead.h @@ -0,0 +1,16 @@ +Work around "missing" TCP_NODELAY, +obtained from: http://community.openvpn.net/openvpn/ticket/158 + +--- ./src/openvpn/syshead.h.orig 2012-11-22 13:07:51.000000000 +0100 ++++ ./src/openvpn/syshead.h 2013-01-11 21:30:07.000000000 +0100 +@@ -307,6 +307,10 @@ + #include + #endif + ++#ifdef HAVE_NETINET_TCP_H ++#include ++#endif ++ + #ifdef HAVE_NET_IF_TUN_H + #include + #endif diff --git a/security/openvpn/files/patch-t_cltsrv.sh b/security/openvpn/files/patch-t_cltsrv.sh deleted file mode 100644 index fbb05b3bd162..000000000000 --- a/security/openvpn/files/patch-t_cltsrv.sh +++ /dev/null @@ -1,21 +0,0 @@ ---- ./t_cltsrv.sh.orig 2011-05-16 14:21:55.000000000 +0200 -+++ ./t_cltsrv.sh 2011-08-17 00:25:49.000000000 +0200 -@@ -26,14 +26,14 @@ - FreeBSD) - # FreeBSD jails map the outgoing IP to the jail IP - we need to - # allow the real IP unless we want the test to run forever. -- if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \ -- || ps -ostate= -p $$ | grep -q J; then -+ if true ; then - addopts="--float" - if test "x`ifconfig | grep inet`" = x ; then - echo "###" -- echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP." -+ echo "### To run this test, it needs an inet/IP address. Skipping." - echo "###" -- exit 1 -+ trap 0 -+ exit 77 - fi - fi - ;; diff --git a/security/openvpn/pkg-plist b/security/openvpn/pkg-plist index 7200816ad93e..1e13653e3e26 100644 --- a/security/openvpn/pkg-plist +++ b/security/openvpn/pkg-plist @@ -1,81 +1,45 @@ +include/openvpn-plugin.h +lib/openvpn/plugins/openvpn-plugin-auth-pam.la +lib/openvpn/plugins/openvpn-plugin-auth-pam.so +lib/openvpn/plugins/openvpn-plugin-down-root.la +lib/openvpn/plugins/openvpn-plugin-down-root.so sbin/openvpn -lib/openvpn-auth-pam.so -lib/openvpn-down-root.so %%PORTDOCS%%%%DOCSDIR%%/AUTHORS +%%PORTDOCS%%%%DOCSDIR%%/ChangeLog %%PORTDOCS%%%%DOCSDIR%%/COPYING %%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL -%%PORTDOCS%%%%DOCSDIR%%/ChangeLog %%PORTDOCS%%%%DOCSDIR%%/INSTALL +%%PORTDOCS%%%%DOCSDIR%%/management-notes.txt %%PORTDOCS%%%%DOCSDIR%%/PORTS %%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/README.openvpn-auth-pam -%%PORTDOCS%%%%DOCSDIR%%/README.openvpn-down-root -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/README -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-ca -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-dh -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-inter -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pass -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pkcs12 -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-server -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req-pass -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/clean-all -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/list-crl -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/make-crl -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/openssl.cnf -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-crt -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-full -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/sign-req -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/vars -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/Makefile -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12 -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-0.9.6.cnf -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-0.9.8.cnf -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-1.0.0.cnf -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/whichopensslcnf -%%PORTDOCS%%%%DOCSDIR%%/management-notes.txt -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/home.up -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-client -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-server -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/office.up -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-shutdown.sh -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-startup.sh -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/server.conf -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-home.conf -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-office.conf -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-home.conf -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-office.conf -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-client-config -%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-server-config -%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/auth-pam.pl -%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-start -%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-stop -%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/openvpn.init -%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/ucn.pl -%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn -%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts -%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files -%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0 -%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/1.0 -%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa +%%PORTDOCS%%%%DOCSDIR%%/README.auth-pam +%%PORTDOCS%%%%DOCSDIR%%/README.down-root +%%PORTDOCS%%%%DOCSDIR%%/README.IPv6 +%%PORTDOCS%%%%DOCSDIR%%/README.polarssl +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/README +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/client.conf +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/firewall.sh +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/home.up +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/loopback-client +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/loopback-server +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/office.up +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/openvpn-shutdown.sh +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/openvpn-startup.sh +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/server.conf +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/static-home.conf +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/static-office.conf +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/tls-home.conf +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/tls-office.conf +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/xinetd-client-config +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-config-files/xinetd-server-config +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-scripts/auth-pam.pl +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-scripts/bridge-start +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-scripts/bridge-stop +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-scripts/ucn.pl +%%PORTDOCS%%%%DOCSDIR%%/sample/sample-scripts/verify-cn +%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample/sample-scripts +%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample/sample-config-files +%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample %%PORTDOCS%%@dirrm %%DOCSDIR%% +@dirrm lib/openvpn/plugins +@dirrm lib/openvpn diff --git a/security/openvpn20/Makefile b/security/openvpn20/Makefile index 9a75381a1b8d..6d3b0cdcb587 100644 --- a/security/openvpn20/Makefile +++ b/security/openvpn20/Makefile @@ -3,7 +3,7 @@ PORTNAME= openvpn PORTVERSION= 2.0.9 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security net # MASTER_SITES points to hosts in distinct data centers, # so just one MASTER_SITES entry should be OK. @@ -12,6 +12,9 @@ MASTER_SITES= http://openvpn.net/release/ MAINTAINER= mandree@FreeBSD.org COMMENT= Secure IP/Ethernet tunnel daemon +DEPRECATED= Please migrate to a newer OpenVPN version +EXPIRATION_DATE= 2013-07-11 + LATEST_LINK= openvpn20 CONFLICTS_INSTALL= openvpn-2.[!0]* openvpn-beta-[0-9]* openvpn-devel-[0-9]* diff --git a/security/openvpn20/files/patch-socket.h b/security/openvpn20/files/patch-socket.h new file mode 100644 index 000000000000..3030077c8ca2 --- /dev/null +++ b/security/openvpn20/files/patch-socket.h @@ -0,0 +1,11 @@ +--- ./socket.h.orig 2005-11-01 12:06:11.000000000 +0100 ++++ ./socket.h 2013-01-11 21:51:45.000000000 +0100 +@@ -204,7 +204,7 @@ + + #if PASSTOS_CAPABILITY + /* used to get/set TOS. */ +- uint8_t ptos; ++ int ptos; + bool ptos_defined; + #endif + diff --git a/security/openvpn22/Makefile b/security/openvpn22/Makefile new file mode 100644 index 000000000000..291440df6901 --- /dev/null +++ b/security/openvpn22/Makefile @@ -0,0 +1,122 @@ +# Created by: Matthias Andree +# $FreeBSD$ + +PORTNAME= openvpn +DISTVERSION= 2.2.2 +PORTREVISION= 1 +CATEGORIES= security net +# MASTER_SITES points to hosts in distinct data centers, +# so just one MASTER_SITES entry should be OK. +MASTER_SITES= http://swupdate.openvpn.net/community/releases/ \ + ${MASTER_SITE_LOCAL:S,$,mandree/,} + +MAINTAINER= mandree@FreeBSD.org +COMMENT= Secure IP/Ethernet tunnel daemon + +LICENSE= GPLv2 + +LATEST_LINK= openvpn22 +CONFLICTS_INSTALL= openvpn-devel-[0-9]* openvpn-2.[!2]* openvpn-beta-[0-9]* + +GNU_CONFIGURE= yes +USE_OPENSSL= yes +USE_XZ= yes +CONFIGURE_ARGS= --with-lzo-lib=${LOCALBASE}/lib \ + --with-lzo-headers=${LOCALBASE}/include + +OPTIONS_DEFINE= PW_SAVE PKCS11 +PW_SAVE_DESC= Interactive passwords may be read from a file +PKCS11_DESC= Use security/pkcs11-helper + +.include + +.if ${PORT_OPTIONS:MDOCS} +INSTALL_TARGET= install +.else +INSTALL_TARGET= install-exec install-man +.endif + +INSTALL_TARGET+= mandir=${MANPREFIX}/man +MAN8= openvpn.8 + +USE_RC_SUBR= openvpn +USE_LDCONFIG= ${PREFIX}/lib + +SUB_FILES= pkg-message +SUB_LIST+= OSVERSION=${OSVERSION} + +.include + +.ifdef (LOG_OPENVPN) +CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} +.endif + +LIB_DEPENDS+= lzo2:${PORTSDIR}/archivers/lzo2 + +.if ${PORT_OPTIONS:MPW_SAVE} +CONFIGURE_ARGS+= --enable-password-save +.else +CONFIGURE_ARGS+= --disable-password-save +.endif + +.if ${PORT_OPTIONS:MPKCS11} +LIB_DEPENDS+= pkcs11-helper:${PORTSDIR}/security/pkcs11-helper +.else +CONFIGURE_ARGS+= --disable-pkcs11 +.endif + +post-patch: + @${FIND} ${WRKSRC}/easy-rsa/?.0 -type f \ + -exec ${REINPLACE_CMD} -e 's;#!/bin/bash;#!/bin/sh;' \ + -e 's,source ./vars,. ./vars,' \{\} + + @${FIND} ${WRKSRC}/plugin -name Makefile \ + -exec ${REINPLACE_CMD} -e 's;gcc;${CC};g' '{}' + + @${FIND} ${WRKSRC} \( -name \*.orig -o -name \*.bak \) -delete + +pre-configure: +.ifdef (LOG_OPENVPN) + @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" +.else + @${ECHO} "" + @${ECHO} "You may use the following build options:" + @${ECHO} "" + @${ECHO} " LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}" + @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_DAEMON" + @${ECHO} "" +.endif + +post-build: + cd ${WRKSRC}/plugin/down-root && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} ${MAKE_ARGS} + cd ${WRKSRC}/plugin/auth-pam && ${CC} ${CPPFLAGS} -I../.. -DDLOPEN_PAM=0 ${CFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.c pamdl.c -lc -lpam + @# self-tests here +.if !defined(WITHOUT_CHECK) + @${ECHO} ; ${ECHO} "### Note that you can skip these lengthy selftests with WITHOUT_CHECK=yes ###" ; ${ECHO} + cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} ${MAKE_ARGS} check +.endif + +post-install: + ${MKDIR} ${PREFIX}/lib + ${INSTALL_PROGRAM} ${WRKSRC}/plugin/down-root/openvpn-down-root.so ${PREFIX}/lib/ + ${INSTALL_PROGRAM} ${WRKSRC}/plugin/auth-pam/openvpn-auth-pam.so ${PREFIX}/lib/ +.if ${PORT_OPTIONS:MDOCS} + ${MKDIR} ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/plugin/down-root/README ${DOCSDIR}/README.openvpn-down-root + ${INSTALL_DATA} ${WRKSRC}/plugin/auth-pam/README ${DOCSDIR}/README.openvpn-auth-pam +.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL \ + PORTS README + ${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}/ +.endfor +.for dir in easy-rsa easy-rsa/1.0 easy-rsa/2.0 sample-config-files + ${MKDIR} ${DOCSDIR}/${dir} + ${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_DATA} \{\} ${DOCSDIR}/${dir} \; +.endfor +.for dir in sample-scripts + ${MKDIR} ${DOCSDIR}/${dir} + ${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_SCRIPT} \{\} ${DOCSDIR}/${dir} \; +.endfor +.else + -@${RMDIR} ${DOCSDIR} +.endif + @${CAT} ${PKGMESSAGE} + +.include diff --git a/security/openvpn22/distinfo b/security/openvpn22/distinfo new file mode 100644 index 000000000000..a9bca63e4151 --- /dev/null +++ b/security/openvpn22/distinfo @@ -0,0 +1,2 @@ +SHA256 (openvpn-2.2.2.tar.xz) = a694b9f661a0db30c048c94a4b4fc63d1460aea4dbc504a4f233f3c15997f4cd +SIZE (openvpn-2.2.2.tar.xz) = 649356 diff --git a/security/openvpn22/files/openvpn.in b/security/openvpn22/files/openvpn.in new file mode 100644 index 000000000000..f4f1dbdbb7ad --- /dev/null +++ b/security/openvpn22/files/openvpn.in @@ -0,0 +1,125 @@ +#!/bin/sh +# +# openvpn.sh - load tun/tap driver and start OpenVPN daemon +# +# (C) Copyright 2005 - 2008, 2010 by Matthias Andree +# based on suggestions by Matthias Grimm and Dirk Gouders +# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev +# and Vasil Dimov +# softrestart feature suggested by Nick Hibma +# +# $FreeBSD$ +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +# Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# PROVIDE: openvpn +# REQUIRE: DAEMON +# KEYWORD: shutdown + +# ----------------------------------------------------------------------------- +# +# This script supports running multiple instances of openvpn. +# To run additional instances link this script to something like +# % ln -s openvpn openvpn_foo +# and define additional openvpn_foo_* variables in one of +# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo +# +# Below NAME should be substituted with the name of this script. By default +# it is openvpn, so read as openvpn_enable. If you linked the script to +# openvpn_foo, then read as openvpn_foo_enable etc. +# +# The following variables are supported (defaults are shown). +# You can place them in any of +# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME +# +# NAME_enable="NO" # set to YES to enable openvpn +# NAME_if= # driver(s) to load, set to "tun", "tap" or "tun tap" +# # it is OK to specify the if_ prefix. +# +# # optional: +# NAME_flags= # additional command line arguments +# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf" # --config file +# NAME_dir="%%PREFIX%%/etc/openvpn" # --cd directory +# +# You also need to set NAME_configfile and NAME_dir, if the configuration +# file and directory where keys and certificates reside differ from the above +# settings. +# +# Note that we deliberately refrain from unloading drivers. +# +# For further documentation, please see openvpn(8). +# + +. /etc/rc.subr + +case "$0" in +/etc/rc*) + # during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown), + # so get the name of the script from $_file + name="$_file" + ;; +*) + name="$0" + ;; +esac + +name="${name##*/}" +rcvar=${name}_enable + +stop_postcmd() +{ + rm -f "$pidfile" || warn "Could not remove $pidfile." +} + +softrestart() +{ + sig_reload=USR1 run_rc_command reload + exit $? +} + +# reload: support SIGHUP to reparse configuration file +# softrestart: support SIGUSR1 to reconnect without superuser privileges +extra_commands="reload softrestart" +softrestart_cmd="softrestart" + +# pidfile +pidfile="/var/run/${name}.pid" + +# command and arguments +command="%%PREFIX%%/sbin/openvpn" + +# run this last +stop_postcmd="stop_postcmd" + +load_rc_config ${name} + +eval ": \${${name}_enable:=\"NO\"}" +eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}" +eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}" + +configfile="$(eval echo \${${name}_configfile})" +dir="$(eval echo \${${name}_dir})" +interfaces="$(eval echo \${${name}_if})" + +required_modules= +for i in $interfaces ; do + required_modules="$required_modules${required_modules:+" "}if_${i#if_}" +done + +required_files=${configfile} + +command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile}" + +run_rc_command "$1" diff --git a/security/openvpn22/files/patch-selftest-ports b/security/openvpn22/files/patch-selftest-ports new file mode 100644 index 000000000000..5e195261eecb --- /dev/null +++ b/security/openvpn22/files/patch-selftest-ports @@ -0,0 +1,26 @@ +--- sample-config-files/loopback-client.orig Mon Oct 16 00:30:20 2006 ++++ sample-config-files/loopback-client Wed Apr 4 00:51:31 2007 +@@ -9,8 +9,8 @@ + # ./openvpn --config sample-config-files/loopback-client (In one window) + # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) + +-rport 16000 +-lport 16001 ++rport 16100 ++lport 16101 + remote localhost + local localhost + dev null +--- sample-config-files/loopback-server.orig Mon Oct 16 00:30:20 2006 ++++ sample-config-files/loopback-server Wed Apr 4 00:51:31 2007 +@@ -9,8 +9,8 @@ + # ./openvpn --config sample-config-files/loopback-client (In one window) + # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) + +-rport 16001 +-lport 16000 ++rport 16101 ++lport 16100 + remote localhost + local localhost + dev null diff --git a/security/openvpn22/files/patch-socket.h b/security/openvpn22/files/patch-socket.h new file mode 100644 index 000000000000..657069e17c3c --- /dev/null +++ b/security/openvpn22/files/patch-socket.h @@ -0,0 +1,11 @@ +--- ./socket.h.orig 2011-12-13 17:58:56.000000000 +0100 ++++ ./socket.h 2013-01-11 21:50:11.000000000 +0100 +@@ -225,7 +225,7 @@ + + #if PASSTOS_CAPABILITY + /* used to get/set TOS. */ +- uint8_t ptos; ++ int ptos; + bool ptos_defined; + #endif + diff --git a/security/openvpn22/files/patch-syshead.h b/security/openvpn22/files/patch-syshead.h new file mode 100644 index 000000000000..8f050287569f --- /dev/null +++ b/security/openvpn22/files/patch-syshead.h @@ -0,0 +1,16 @@ +Work around "missing" TCP_NODELAY, +obtained from: http://community.openvpn.net/openvpn/ticket/158 + +--- ./syshead.h.orig 2012-11-22 13:07:51.000000000 +0100 ++++ ./syshead.h 2013-01-11 21:30:07.000000000 +0100 +@@ -298,6 +298,10 @@ + #include + #endif + ++#ifdef HAVE_NETINET_TCP_H ++#include ++#endif ++ + #ifdef HAVE_NET_IF_TUN_H + #include + #endif diff --git a/security/openvpn22/files/patch-t_cltsrv.sh b/security/openvpn22/files/patch-t_cltsrv.sh new file mode 100644 index 000000000000..fbb05b3bd162 --- /dev/null +++ b/security/openvpn22/files/patch-t_cltsrv.sh @@ -0,0 +1,21 @@ +--- ./t_cltsrv.sh.orig 2011-05-16 14:21:55.000000000 +0200 ++++ ./t_cltsrv.sh 2011-08-17 00:25:49.000000000 +0200 +@@ -26,14 +26,14 @@ + FreeBSD) + # FreeBSD jails map the outgoing IP to the jail IP - we need to + # allow the real IP unless we want the test to run forever. +- if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \ +- || ps -ostate= -p $$ | grep -q J; then ++ if true ; then + addopts="--float" + if test "x`ifconfig | grep inet`" = x ; then + echo "###" +- echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP." ++ echo "### To run this test, it needs an inet/IP address. Skipping." + echo "###" +- exit 1 ++ trap 0 ++ exit 77 + fi + fi + ;; diff --git a/security/openvpn22/files/pkg-message.in b/security/openvpn22/files/pkg-message.in new file mode 100644 index 000000000000..57da107dbe67 --- /dev/null +++ b/security/openvpn22/files/pkg-message.in @@ -0,0 +1,7 @@ +### ------------------------------------------------------------------------ +### Edit /etc/rc.conf[.local] to start OpenVPN automatically at system +### startup. See %%PREFIX%%/etc/rc.d/openvpn for details. +### ------------------------------------------------------------------------ +### For compatibility notes when interoperating with older OpenVPN +### versions, please, see +### ------------------------------------------------------------------------ diff --git a/security/openvpn22/pkg-descr b/security/openvpn22/pkg-descr new file mode 100644 index 000000000000..751e62d362d1 --- /dev/null +++ b/security/openvpn22/pkg-descr @@ -0,0 +1,7 @@ +OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private +Network) daemon which can be used to securely link two or more private networks +using an encrypted tunnel over the internet. It can operate over UDP or TCP, +can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one +server can handle many clients. + +WWW: http://openvpn.net/index.php/open-source.html diff --git a/security/openvpn22/pkg-plist b/security/openvpn22/pkg-plist new file mode 100644 index 000000000000..7200816ad93e --- /dev/null +++ b/security/openvpn22/pkg-plist @@ -0,0 +1,81 @@ +sbin/openvpn +lib/openvpn-auth-pam.so +lib/openvpn-down-root.so +%%PORTDOCS%%%%DOCSDIR%%/AUTHORS +%%PORTDOCS%%%%DOCSDIR%%/COPYING +%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL +%%PORTDOCS%%%%DOCSDIR%%/ChangeLog +%%PORTDOCS%%%%DOCSDIR%%/INSTALL +%%PORTDOCS%%%%DOCSDIR%%/PORTS +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/README.openvpn-auth-pam +%%PORTDOCS%%%%DOCSDIR%%/README.openvpn-down-root +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/README +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-ca +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-dh +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-inter +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pass +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pkcs12 +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-server +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req-pass +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/clean-all +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/list-crl +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/make-crl +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/openssl.cnf +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-crt +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-full +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/sign-req +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/vars +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/Makefile +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12 +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-0.9.6.cnf +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-0.9.8.cnf +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-1.0.0.cnf +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars +%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/whichopensslcnf +%%PORTDOCS%%%%DOCSDIR%%/management-notes.txt +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/home.up +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-client +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-server +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/office.up +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-shutdown.sh +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-startup.sh +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/server.conf +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-home.conf +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-office.conf +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-home.conf +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-office.conf +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-client-config +%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-server-config +%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/auth-pam.pl +%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-start +%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-stop +%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/openvpn.init +%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/ucn.pl +%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn +%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts +%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files +%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0 +%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/1.0 +%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa +%%PORTDOCS%%@dirrm %%DOCSDIR%% -- cgit