From: Clemens Hopfer Date: Tue, 2 Jul 2024 20:49:02 +0000 (+0200) Subject: openvpn: fix startup with script-security lower than 2 X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=1cf592503b42956a422804d8b84ab25ea7e16d10;p=openwrt-packages.git openvpn: fix startup with script-security lower than 2 External scripts may only be specified with script-security 2 or higher, otherwise OpenVPN fails at tunnel startup with an error. This changes the previously hardcoded hotplug scripts to only be added if script-security is 2 or higher is used. Signed-off-by: Clemens Hopfer --- diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index a6a44b48b..fe035ea42 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn PKG_VERSION:=2.6.11 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ diff --git a/net/openvpn/files/openvpn.init b/net/openvpn/files/openvpn.init index 5c1beb0e3..bb9794a6b 100644 --- a/net/openvpn/files/openvpn.init +++ b/net/openvpn/files/openvpn.init @@ -155,17 +155,24 @@ openvpn_add_instance() { --syslog "openvpn($name)" \ --status "/var/run/openvpn.$name.status" \ --cd "$dir" \ - --config "$conf" \ - --up "/usr/libexec/openvpn-hotplug up $name" \ - --down "/usr/libexec/openvpn-hotplug down $name" \ - --route-up "/usr/libexec/openvpn-hotplug route-up $name" \ - --route-pre-down "/usr/libexec/openvpn-hotplug route-pre-down $name" \ - ${client:+--ipchange "/usr/libexec/openvpn-hotplug ipchange $name"} \ - ${up:+--setenv user_up "$up"} \ - ${down:+--setenv user_down "$down"} \ - ${route_up:+--setenv user_route_up "$route_up"} \ - ${route_pre_down:+--setenv user_route_pre_down "$route_pre_down"} \ - ${client:+${ipchange:+--setenv user_ipchange "$ipchange"}} \ + --config "$conf" + # external scripts can only be called on script-security 2 or higher + if [ "${security:-2}" -lt 2 ]; then + logger -t "openvpn(${name})" "not adding hotplug scripts due to script-security ${security:-2}" + else + procd_append_param command \ + --up "/usr/libexec/openvpn-hotplug up $name" \ + --down "/usr/libexec/openvpn-hotplug down $name" \ + --route-up "/usr/libexec/openvpn-hotplug route-up $name" \ + --route-pre-down "/usr/libexec/openvpn-hotplug route-pre-down $name" \ + ${client:+--ipchange "/usr/libexec/openvpn-hotplug ipchange $name"} \ + ${up:+--setenv user_up "$up"} \ + ${down:+--setenv user_down "$down"} \ + ${route_up:+--setenv user_route_up "$route_up"} \ + ${route_pre_down:+--setenv user_route_pre_down "$route_pre_down"} \ + ${client:+${ipchange:+--setenv user_ipchange "$ipchange"}} + fi + procd_append_param command \ --script-security "${security:-2}" \ $(openvpn_get_dev "$name" "$conf") \ $(openvpn_get_credentials "$name" "$conf")