aboutsummaryrefslogtreecommitdiff
path: root/security/openvpn/distinfo
Commit message (Collapse)AuthorAgeFilesLines
* security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8Matthias Andree2019-11-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This upstream release integrated two FreeBSD patches by Kyle Evans and me, which are herewith dropped from the port. Upstream release banner "This is primarily a maintenance release with minor bugfixes and improvements." High-level changes: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248> Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8: - mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free() [Antonio Quartulli] - openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev] - Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert Doering] - Ignore --pull-filter for --mode server [Richard Bonhomme] - Fix typo in NTLM proxy debug message [Mykola Baibuz] - tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex. [Kyle Evans] - Handle PSS padding in cryptoapicert [Selva Nair] - Fix regression, reinstate LibreSSL support. [Matthias Andree] - Increase listen() backlog queue to 32 [Gert Doering] - Wrong FILETYPE in .rc files [Gisle Vanem] - Do not set pkcs11-helper 'safe fork mode' [Hilko Bengen] - man: correct the description of --capath and --crl-verify regarding CRLs [Michal Soltys] - Fix various compiler warnings [Lev Stipakov] - build: Package missing mock_msg.h [David Sommerseth] - cmocka: use relative paths [Steffan Karger] - docs: Update INSTALL [David Sommerseth] - Better error message when script fails due to script-security setting [Selva Nair] - Fix documentation of tls-verify script argument [Thomas Quinot] Detailed changes: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8> Build tests in poudriere and in a live system succeeded on: 11.2-RELEASE 1102000 arm64.aarch64 11.2-RELEASE 1102000 mips.mips64 11.2-RELEASE-p14 i386 11.3-RELEASE-p3 amd64 12.0-RELEASE-p10 i386 12.0-RELEASE-p6 amd64 12.0-RELEASE-p10 amd64 (live) MFH: 2019Q4 Notes: svn path=/head/; revision=516218
* security/openvpn[-mbedtls] update to OpenVPN 2.4.7Matthias Andree2019-02-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | Upstream release announcement: "This is primarily a maintenance release with bugfixes and improvements. One of the big things is enhanced TLS 1.3 support Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that." Move USES up to please portlint. Change summary: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-247> Detailed change list: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.7> Notes: svn path=/head/; revision=493524
* Update to new upstream bugfix release 2.4.6.Matthias Andree2018-04-251-3/+3
| | | | | | | | | | | | | | | | | While here, warn and sleep for 10 s when building against LibreSSL. Remove some cruft. Change summary: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-246> Changelog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.6> Reported by: portscout Notes: svn path=/head/; revision=468306
* Update to new upstream bugfix release 2.4.5.Matthias Andree2018-03-131-3/+3
| | | | | | | | | | | | | | | Change summary: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245> Changelog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.5> While here, add a sanity check that traps inconsistent linkage, if, for instance, the PKCS#11 helper has been built with a different OPENSSL library version than OpenVPN. Notes: svn path=/head/; revision=464331
* OpenVPN[-mbedtls] security update to 2.4.4Matthias Andree2017-09-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Upstream maintainers write: "This release includes a large number of small fixes and enhancements. There is also an important security fix for legacy setups that may still be using key-method 1. As that option was deprecated 12 years ago we estimate that not many production setups are affected in practice." Security information: <https://community.openvpn.net/openvpn/wiki/CVE-2017-12166> Change Summary: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-244> Changes as Git shortlog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.4> Given the low impact, let's forget about MFHing this three days before 2017Q3 becomes EOL and relieved by 2017Q4. Reported by: portscout Security: CVE-2017-12166 Security: 3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8 Notes: svn path=/head/; revision=450792
* OpenVPN security update to 2.4.3Matthias Andree2017-06-211-3/+3
| | | | | | | | | | | | | | | | | | | | OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In the process several vulnerabilities were found, some of which are remotely exploitable in certain circumstances. Compared to OpenVPN 2.4.2 there are several bugfixes and one major feature: support for building with OpenSSL 1.1. MFH: 2017Q3 (preapproved by Xin Li) Security: 9f65d382-56a4-11e7-83e3-080027ef73ec Security: CVE-2017-7508 Security: CVE-2017-7512 Security: CVE-2017-7520 Security: CVE-2017-7521 Security: CVE-2017-7522 Notes: svn path=/head/; revision=444043
* OpenVPN update to 2.4.2 (security fixes)Matthias Andree2017-05-111-3/+3
| | | | | | | | | | | | | | | | | | | | ChangeLog: <https://github.com/OpenVPN/openvpn/blob/v2.4.2/Changes.rst#version-242> Details: <https://github.com/OpenVPN/openvpn/releases/tag/v2.4.2> Security Announcement: <https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits> Reported by: Samuli Seppänen Security: 04cc7bd2-3686-11e7-aa64-080027ef73ec Security: CVE-2017-7478 Security: CVE-2017-7479 MFH: 2017Q2 Notes: svn path=/head/; revision=440667
* Update to openvpn release 2.4.1Matthias Andree2017-03-231-3/+3
| | | | | | | | | | | | | | This contains predominently bugfixes and compatibility with newer OpenSSL/LibreSSL. Remove one patch that had been cherry-picked from upstream, no longer needed. Summary: https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-241 Changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 Notes: svn path=/head/; revision=436782
* OpenVPN update to v2.4.0, old version in openvpn23*.Matthias Andree2016-12-271-3/+3
| | | | | | | | | | | | | | OpenVPN has been updated to v2.4.0. Changes: <https://github.com/OpenVPN/openvpn/blob/v2.4.0/Changes.rst> openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS library's change of name. The prior versions of the openvpn ports have been preserved in openvpn23 and openvpn23-polarssl, respectively, and are set to expire 2017-03-31. Notes: svn path=/head/; revision=429678
* Upgrade to new upstream bugfix release 2.3.14.Matthias Andree2016-12-081-3/+3
| | | | | | | | | | Drop files/extra-patch-fix-subnet and corresponding OPTION, since this is now part of the upstream release. Changelog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.14> Notes: svn path=/head/; revision=428095
* Upgrade to upstream bugfix release 2.3.13.Matthias Andree2016-11-041-3/+3
| | | | | | | | ChangeLog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13> Notes: svn path=/head/; revision=425304
* Update to new upstream bugfix release 2.3.12, add "stats" to rc script.Matthias Andree2016-08-241-2/+3
| | | | | | | | | | | | | | | * Upstream changes: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12> * The cmocka-based unit tests are currently disabled, too much hassle and deps to get them running. * Add patch-configure to drop the unit-test related warnings. * Extend run control script to understand the "stats" argument, to send SIGUSR2 to the process, contributed by Anton Yuzhaninov (with one additional line fold). * Drop patch-629baad8, no longer needed. * Refresh other patches with make clean extract do-patch makepatch Notes: svn path=/head/; revision=420825
* Security upgrade to OpenVPN 2.3.11, breaking POLARSSL option.Matthias Andree2016-05-121-2/+2
| | | | | | | | | | | | | | | | | | Quoting upstream maintainers' release notes: "This release fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication. In addition a number of small fixes and improvements are included." WARNING: this upgrade breaks the PolarSSL-based build due to an oversight in the cipher suite selection hardening, crashing PolarSSL-based builds with a 0-pointer deferences. Marking port BROKEN if POLARSSL is set. Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 Notes: svn path=/head/; revision=415093
* Upgrade to new upstream release 2.3.10.Matthias Andree2016-01-081-2/+2
| | | | | | | | | | | | Now requires PolarSSL/mbedTLS 1.3.X with X >= 8, PolarSSL 1.2 is EOL. Match help text to the change. Make sure the build uses the local unpacked includes before the system includes, such that portmaster/portupgrade upgrades for PolarSSL work if 2.3.9 or older is pre-installed on the build system. Notes: svn path=/head/; revision=405536
* Update to new upstream release 2.3.9.Matthias Andree2015-12-201-2/+2
| | | | | | | | | | Removes the PW_SAVE option, the upstream code always permits saving passwords to files now (so the feature is always enabled). ChangeLog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.9> Notes: svn path=/head/; revision=404054
* Bugfix upgrade to new upstream release 2.3.8.Matthias Andree2015-08-051-2/+2
| | | | | | | | ChangeLog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.8 Notes: svn path=/head/; revision=393606
* Update to new upstream release 2.3.7.Matthias Andree2015-06-101-2/+2
| | | | | | | | Fixes PR: 194745 Notes: svn path=/head/; revision=389128
* Security Update to 2.3.6.Xin LI2014-12-021-2/+2
| | | | | | | | | Approved by: so MFH: 2014Q4 Security: 23ab5c3e-79c3-11e4-8b1e-d050992ecde8 Notes: svn path=/head/; revision=373752
* Upgrade to new upstream release 2.3.5.Matthias Andree2014-10-291-2/+2
| | | | | | | | | Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 While here, drop @dirrm from pkg-plist. Notes: svn path=/head/; revision=371694
* Update to new upstream release 2.3.4.Matthias Andree2014-05-101-2/+2
| | | | | | | | | | Changes: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.4> Add USES=libtool and drop .la files. Notes: svn path=/head/; revision=353631
* Upgrade to new upstream 2.3.3 release. Misc bugfixes.Matthias Andree2014-04-101-2/+2
| | | | | | | | | | | Changes: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.3> Note that PKCS#11 helper support requires a pkcs11-helper upgrade from <http://www.freebsd.org/cgi/query-pr.cgi?pr=188442> to be committed. Notes: svn path=/head/; revision=350847
* Update to new upstream releaseMatthias Andree2013-05-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2013.05.31 -- Version 2.3.2 Arne Schwabe (3): Only print script warnings when a script is used. Remove stray mention of script-security system. Move settings of user script into set_user_script function Move checking of script file access into set_user_script Davide Brini (1): Provide more accurate warning message Gert Doering (2): Fix NULL-pointer crash in route_list_add_vpn_gateway(). Fix problem with UDP tunneling due to mishandled pktinfo structures. James Yonan (1): Always push basic set of peer info values to server. Jan Just Keijser (1): make 'explicit-exit-notify' pullable again Josh Cepek (2): Fix proto tcp6 for server & non-P2MP modes Fix Windows script execution when called from script hooks Steffan Karger (2): Fixed tls-cipher translation bug in openssl-build Fixed usage of stale define USE_SSL to ENABLE_SSL svimik (1): Fix segfault when enabling pf plug-ins Notes: svn path=/head/; revision=319549
* security upgrade to OpenVPN 2.3.1; upstream release notes areMatthias Andree2013-03-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | "This release adds supports for PolarSSL 1.2. It also adds a fix to prevent potential side-channel attacks by switching to a constant-time memcmp when comparing HMACs in the openvpn_decrypt function. In addition, it contains several bugfixes and documentation updates, as well as some minor enhancements." Full ChangeLog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23> The port upgrade also offers an option to use the GPLv2+-licensed PolarSSL instead of OpenSSL (which brings in a license mix). PR: ports/177517 Reviewed by: miwi Approved by: portmgr (miwi) Security: 92f30415-9935-11e2-ad4c-080027ef73ec Notes: svn path=/head/; revision=315640
* OpenVPN changes, upgrades and fixes:Matthias Andree2013-01-111-2/+2
| | | | | | | | | | | | | | - Upgrade security/openvpn to v2.3.0 (changes installed layout a bit), splitting and re-diffing patches. - Retain v2.2.2 as security/openvpn22 - Mark security/openvpn20 as deprecated and to expire 6 months from now - Fix TCP_NODELAY option (openvpn 2.3, 2.2), see <http://community.openvpn.net/openvpn/ticket/158> - Fix PassTOS option (openvpn 2.2, 2.0), see http://community.openvpn.net/openvpn/ticket/135 Notes: svn path=/head/; revision=310252
* Update to new upstream release v2.2.2.Matthias Andree2011-12-281-2/+2
| | | | | | | Changelog: http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html Notes: svn path=/head/; revision=288199
* Update to upstream release 2.2.1.Matthias Andree2011-07-071-2/+2
| | | | | | | | | | | NOTE: the easy-rsa/2.0 openssl.cnf file has been removed and replaced by an openssl-0.9.8.cnf and an openssl-1.0.0.cnf file. Changelog URL: http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html Notes: svn path=/head/; revision=277199
* Update to 2.2.0. Add LICENSE (GPLv2). Add a local mirror of the distfile (fileMatthias Andree2011-05-031-2/+2
| | | | | | | | | has been uploaded and will propagate soonish). Changelog: http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html Notes: svn path=/head/; revision=273590
* Switch to XZ distribution format.Matthias Andree2010-11-091-2/+2
| | | | Notes: svn path=/head/; revision=264321
* Update to new upstream release 2.1.4.Matthias Andree2010-11-091-3/+2
| | | | | | | | | | Update MASTER_SITES. Submitted by: Eric F. Crist <ecrist@secure-computing.net> PR: ports/151962 Notes: svn path=/head/; revision=264317
* Update to 2.1.3Matthias Andree2010-08-271-3/+3
| | | | | | | | No functional changes, but avoids 'have you seen new release' type mail flood. :) Notes: svn path=/head/; revision=260098
* Update to new upstream version 2.1.2.Matthias Andree2010-08-171-3/+3
| | | | | | | Contains various bugfixes and improvements. Notes: svn path=/head/; revision=259441
* Move security/openvpn to security/openvpn20 (after previous repocopy).Matthias Andree2010-01-071-3/+3
| | | | | | | | | | | | | | | | | | | | | Update security/openvpn20 to 2.0.9, revising pkg-message. Move security/openvpn-devel to security/openvpn and update security/openvpn to 2.1.1. Remove security/openvpn-devel, adding a MOVED entry. Update security/Makefile to remove openvpn-devel and add openvpn20 to SUBDIRS. Add a UPDATING entry for this shuffle. Currently without upgrade instructions since neither portupgrade nor portmaster are up to the task (because of the CONFLICTS). Approved by: garga@ (mentor) Notes: svn path=/head/; revision=247340
* - Update to 2.0.6Renato Botelho2006-04-051-3/+3
| | | | | | | | | | | | | | | | * security fix for client LD_PRELOAD code injection vulnerability through compromised upstream servers (FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c, filed in separate PR) CVE id not known yet * 2 other changes only relevant for Linux and NetBSD, not detailed here. PR: ports/95345 Submitted by: maintainer Security: VuXML be4ccb7b-c48b-11da-ae12-0002b3b60e4c Notes: svn path=/head/; revision=158868
* - CATEGORY CHANGE: add "net" secondary categoryRenato Botelho2005-11-101-0/+1
| | | | | | | | | | | | | - fix jail build on FreeBSD 4 (no security.jail.jailed oid in sysctl) - catch jail IP misconfiguration and print clear error message - add SHA256 checksum - revise pkg-message and pkg-descr PR: ports/88785 Submitted by: maintainer Notes: svn path=/head/; revision=147838
* - Update to 2.0.5Renato Botelho2005-11-031-2/+2
| | | | | | | | PR: ports/88437 Submitted by: maintainer Notes: svn path=/head/; revision=147131
* Update to 2.0.4Marcus Alves Grando2005-11-021-2/+2
| | | | | | | | | PR: 88379 Submitted by: Matthias Andree <matthias.andree@gmx.de> (maintainer) Security: CVE-2005-3393, CVE-2005-3409 Notes: svn path=/head/; revision=146982
* - Update to 2.0.2 that brings these upstream changes:Renato Botelho2005-08-291-2/+2
| | | | | | | | | | | | | - fix bug that would exhaust file descriptors as the routing table was modified (this had already been part of the port previously) - fix bug that would block the management socket until the peer connected - fix pkitool sh incompatibilities (from NetBSD) PR: ports/85299 Submitted by: maintainer Notes: svn path=/head/; revision=141367
* - Security update to version 2.0.1, fixing four denial of service bugs,Renato Botelho2005-08-191-2/+2
| | | | | | | | | | | | | | | | | | | | CAN-2005-2531, CAN-2005-2532, CAN-2005-2533, CAN-2005-2534 - Drop old init script and add a modern rcNG script in its place, requested by Matthias Grimm and Dirk Gouders (although the script below is one I, Matthias Andree, wrote). It can automatically load tun/tap drivers. - move pkg-message to files/pkg-message.in, revise it, list it in SUB_FILES to expand ${PREFIX}. - print pkg-message after installation from port - switch to official "make check" as smoke-test, rather than wiring our own. - prefer LZO2 in most situations, as OpenVPN will pick up LZO2 rather than LZO1 if both are installed. PR: ports/85109 Submitted by: maintainer Approved by: portmgr (krion) Notes: svn path=/head/; revision=140936
* Update to 2.0Jean-Yves Lefort2005-04-211-2/+2
| | | | | | | | | PR: ports/80082 Submitted by: Matthias Andree <matthias.andree@gmx.de> (maintainer) Approved by: adamw (mentor, implicit) Notes: svn path=/head/; revision=133852
* Update to latest stable version.Volker Stolz2004-05-101-2/+2
| | | | | | | | PR: ports/66473 Submitted by: Matthias Andree (maintainer) Notes: svn path=/head/; revision=108853
* Add size data.Trevor Johnson2004-03-181-0/+1
| | | | | | | Approved by: maintainers Notes: svn path=/head/; revision=104360
* - Support for TCP as the tunnel transport was addedKirill Ponomarev2003-11-211-1/+1
| | | | | | | | | | - Change maintainer email PR: 59543 Submitted by: maintainer Notes: svn path=/head/; revision=94635
* updates the OpenVPN port from 1.4.0 to 1.4.2.Yen-Ming Lee2003-07-181-1/+1
| | | | | | | | PR: 54597 Submitted by: Matthias Andree <matthias.andree@gmx.de> Notes: svn path=/head/; revision=85072
* upgrade to 1.4.0Ying-Chieh Liao2003-05-091-1/+1
| | | | | | | | PR: 51956 Submitted by: maintainer Notes: svn path=/head/; revision=80532
* * Upgrade to 1.3.2.Oliver Braun2002-10-251-1/+1
| | | | | | | | | | * Add init script. PR: 44436 Submitted by: maintainer Notes: svn path=/head/; revision=68821
* upgrade to 1.3.0Ying-Chieh Liao2002-07-111-1/+1
| | | | | | | | PR: 40424 Submitted by: maintainer Notes: svn path=/head/; revision=62820
* Add new port openvpn: Secure IP/Ethernet tunnel daemonPatrick Li2002-06-241-0/+1
PR: ports/39750 Submitted by: Matthias Andree <matthias.andree@web.de> Notes: svn path=/head/; revision=61883
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-13 18:16:55 +0000