diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2019-09-07 07:37:58 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2019-09-07 07:37:58 +0000 |
| commit | 89d48aabafeedf8cd9058877f83bbde924481ef9 (patch) | |
| tree | eeeb23f208e057115f1280d02135df795cb76530 | |
| parent | 08790eea5e794fc17ad0df3c0fff5e594dcd0170 (diff) | |
| download | ports-89d48aabafeedf8cd9058877f83bbde924481ef9.tar.gz ports-89d48aabafeedf8cd9058877f83bbde924481ef9.zip | |
Notes
| -rw-r--r-- | security/openvpn-devel/Makefile | 24 | ||||
| -rw-r--r-- | security/openvpn-devel/distinfo | 6 | ||||
| -rw-r--r-- | security/openvpn-devel/files/patch-configure | 11 | ||||
| -rw-r--r-- | security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h | 20 | ||||
| -rw-r--r-- | security/openvpn-devel/pkg-descr | 2 | ||||
| -rw-r--r-- | security/openvpn-devel/pkg-help | 10 |
6 files changed, 42 insertions, 31 deletions
diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile index bc89487807cd..b03136674601 100644 --- a/security/openvpn-devel/Makefile +++ b/security/openvpn-devel/Makefile @@ -2,18 +2,22 @@ # $FreeBSD$ PORTNAME= openvpn -DISTVERSION= 201907 +DISTVERSION= 201935 CATEGORIES= security net net-vpn MASTER_SITES= https://secure-computing.net/files/openvpn/ \ ftp://ftp2.secure-computing.net/pub/FreeBSD/openvpn-devel/ PKGNAMESUFFIX= -devel MAINTAINER= ecrist@secure-computing.net +# let's use ?= in spite of portlint WARNings because this might become +# security/openvpn one day which would then have a slave port: COMMENT?= Secure IP/Ethernet tunnel daemon LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL +IGNORE_SSL= libressl libressl-devel + USES= cpe libtool pkgconfig shebangfix tar:xz CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]* @@ -41,7 +45,7 @@ OPTIONS_SINGLE= SSL OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS PKCS11_DESC= Use security/pkcs11-helper EASYRSA_DESC= Install security/easy-rsa RSA helper package -MBEDTLS_DESC= SSL/TLS via mbedTLS +MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) SMALL_DESC= Build a smaller executable with fewer features @@ -71,7 +75,6 @@ MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls USE_RC_SUBR= openvpn -USE_LDCONFIG= ${PREFIX}/lib SUB_FILES= pkg-message openvpn-client @@ -115,22 +118,11 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto _tlslibs=libssl libcrypto .endif -.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS) -pre-everything:: - @${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL." - @${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS." - @${ECHO_CMD} "You may wish to change your default SSL library" - @${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort." -. if !(defined(PACKAGE_BUILDING) || defined(BATCH)) - @sleep 10 -. endif -.endif - # sanity check that we don't inherit incompatible SSL libs through, # for instance, pkcs11-helper: post-build: - @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \ - | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\ + @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \ + | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\ if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi post-install: diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo index 54ac2c92d6cd..62ae5f2d2719 100644 --- a/security/openvpn-devel/distinfo +++ b/security/openvpn-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1550580278 -SHA256 (openvpn-201907.tar.xz) = 1e2394ca6582877c90fc3d9948cfb1b1c1aaa2383c02af62410d5a51f812ff68 -SIZE (openvpn-201907.tar.xz) = 995288 +TIMESTAMP = 1567798649 +SHA256 (openvpn-201935.tar.xz) = a34dc87188ae38f148e99cc129db2ed05e33c7b41237373b34b5d711481cfc5f +SIZE (openvpn-201935.tar.xz) = 1002220 diff --git a/security/openvpn-devel/files/patch-configure b/security/openvpn-devel/files/patch-configure deleted file mode 100644 index 226436314279..000000000000 --- a/security/openvpn-devel/files/patch-configure +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.orig 2016-08-23 14:19:07 UTC -+++ configure -@@ -17160,8 +17160,6 @@ fi - $as_echo "!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed." >&6; } - fi - else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: !! WARNING !! CMake is NOT available. Unit testing cannot be performed." >&5 --$as_echo "!! WARNING !! CMake is NOT available. Unit testing cannot be performed." >&6; } - if false; then - CMOCKA_INITIALIZED_TRUE= - CMOCKA_INITIALIZED_FALSE='#' diff --git a/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h b/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h new file mode 100644 index 000000000000..4f72e79ef421 --- /dev/null +++ b/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h @@ -0,0 +1,20 @@ +--- src/openvpn/openssl_compat.h.orig 2019-02-20 12:28:23 UTC ++++ src/openvpn/openssl_compat.h +@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx) + } + #endif /* SSL_CTX_get_max_proto_version */ + +-#ifndef SSL_CTX_set_min_proto_version ++#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) + /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ + static inline int + SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) +@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v + } + #endif /* SSL_CTX_set_min_proto_version */ + +-#ifndef SSL_CTX_set_max_proto_version ++#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) + /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */ + static inline int + SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) diff --git a/security/openvpn-devel/pkg-descr b/security/openvpn-devel/pkg-descr index 6c45b3e18a45..983b0a980f5d 100644 --- a/security/openvpn-devel/pkg-descr +++ b/security/openvpn-devel/pkg-descr @@ -10,4 +10,4 @@ there is a good chance this program will not run. DO NOT USE IN PRODUCTION WITHOUT CAUTION -WWW: http://openvpn.net/ +WWW: http://openvpn.net/index.php/open-source.html diff --git a/security/openvpn-devel/pkg-help b/security/openvpn-devel/pkg-help new file mode 100644 index 000000000000..9fd1cd9567bd --- /dev/null +++ b/security/openvpn-devel/pkg-help @@ -0,0 +1,10 @@ +Note that "Tunnelblick" is a controversial option. +It is included for compatibility, not enabled by default, +and should only be used with due consideration, and it should not +replace proper cryptography use in OpenVPN. + +Note that this patch does NOT add documentation for the new --scramble +option, neither to the --help output, nor the manual page. + +Please see this website for a more detailed discussion: +https://tunnelblick.net/cOpenvpn_xorpatch.html |