diff options
author | Matthias Andree <mandree@FreeBSD.org> | 2021-12-12 10:55:48 +0000 |
---|---|---|
committer | Matthias Andree <mandree@FreeBSD.org> | 2021-12-12 11:29:23 +0000 |
commit | 0a512a27a18872541a55fa9b0bf87787a4d14a3d (patch) | |
tree | 0feb9ea639c994bbf9f77e017c03f41fc6984a3b /security | |
parent | a34084d590bbd0c46ca1509c17914d5865daaa81 (diff) | |
download | ports-0a512a27a18872541a55fa9b0bf87787a4d14a3d.tar.gz ports-0a512a27a18872541a55fa9b0bf87787a4d14a3d.zip |
security/openvpn: deprecate tunnelblick
While here, shorten LZO_DESC to fit 80x24 dialogs.
(cherry picked from commit bedfd042b988444cb311f477d5cf1e4457ead29f)
Diffstat (limited to 'security')
-rw-r--r-- | security/openvpn/Makefile | 12 | ||||
-rw-r--r-- | security/openvpn/pkg-help | 17 |
2 files changed, 23 insertions, 6 deletions
diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index 62b50ea7cc1c..4bb6b3093932 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -43,11 +43,11 @@ OPTIONS_SINGLE= SSL OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS ASYNC_PUSH_DESC= Enable async-push support EASYRSA_DESC= Install security/easy-rsa RSA helper package -LZO_DESC= LZO compression support (incompatible with LibreSSL) +LZO_DESC= LZO compression (incompatible with LibreSSL) MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) PKCS11_DESC= Use security/pkcs11-helper (OpenSSL only) SMALL_DESC= Build a smaller executable with fewer features -TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) +TUNNELBLICK_DESC= XOR scrambling patch - DEPRECATED! UNITTESTS_DESC= Enable unit tests X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) @@ -119,11 +119,11 @@ pre-everything:: @${SHELL} -c 'exit 1' .endif -.if !empty(PORT_OPTIONS:MMBEDTLS) +.if !empty(PORT_OPTIONS:MMBEDTLS) || !empty(PORT_OPTIONS:MTUNNELBLICK) pre-everything:: - @${ECHO_CMD} >&2 "=====================================================" - @${ECHO_CMD} >&2 "Note that the mbedTLS option will go away 2022-03-31." - @${ECHO_CMD} >&2 "=====================================================" + @${ECHO_CMD} >&2 "======================================================================" + @${ECHO_CMD} >&2 "Note that the mbedTLS and Tunnelblick options will go away 2022-03-31." + @${ECHO_CMD} >&2 "======================================================================" .endif post-patch: diff --git a/security/openvpn/pkg-help b/security/openvpn/pkg-help index 9fd1cd9567bd..f770021373b2 100644 --- a/security/openvpn/pkg-help +++ b/security/openvpn/pkg-help @@ -1,3 +1,5 @@ +DEPRECATED FEATURE - TO BE REMOVED END OF 2022-03-31 LATEST + Note that "Tunnelblick" is a controversial option. It is included for compatibility, not enabled by default, and should only be used with due consideration, and it should not @@ -8,3 +10,18 @@ option, neither to the --help output, nor the manual page. Please see this website for a more detailed discussion: https://tunnelblick.net/cOpenvpn_xorpatch.html + +The essence is that there are alternatives proposed that can avoid +this patch: + +The OpenVPN developers "do not encourage people building their own +versions of OpenVPN changing the wire-protocol like this, without the +patch being through a proper patch review and having evaluated possible +security risks related to such a change. + And we especially discourage using such an approach when there exists +a far better solution, used by the TOR community. It is called obfsproxy +and can be used together with OpenVPN without needing any re-compilation +of OpenVPN." + +https://community.openvpn.net/openvpn/wiki/TrafficObfuscation +https://2019.www.torproject.org/docs/pluggable-transports |