aboutsummaryrefslogtreecommitdiff
path: root/security/openvpn
Commit message (Collapse)AuthorAgeFilesLines
* security/openvpn: update to new upstream release 2.6.2Matthias Andree2023-03-282-4/+4
| | | | | | | Changes: https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-262 Note that --inactive does not yet work on FreeBSD.
* security/openvpn: remove leftover commentMatthias Andree2023-03-121-1/+0
|
* security/openvpn: remove header file that now ships with 2.6.1 tarballMatthias Andree2023-03-082-73/+1
| | | | | Since this is identical to what's in the tarball, no PORTREVISION bump is required.
* security/openvpn: update to v2.6.1Matthias Andree2023-03-082-4/+4
| | | | Changelog: https://github.com/OpenVPN/openvpn/blob/v2.6.1/Changes.rst
* security/openvpn: default-enable DCOMatthias Andree2023-03-041-1/+1
| | | | | | | (on FreeBSD but not 12 and 13, because the relevant if_ovpn module is to appear in FreeBSD 14.) Reported by: Kristof Provost (kp@)
* security/openvpn*: update to 2.6.0, keep openvpn25Matthias Andree2023-01-277-73/+105
| | | | | | | | | | | | | | | | | | | | | - copy openvpn to openvpn25, mark as deprecated and to expire March 31 - update openvpn to openvpn 2.6.0, highlights from Frank Lichtenheld's release announcement e-mail, slightly edited: * Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD [14]. * OpenSSL 3 support * Improved handling of tunnel MTU, including support for pushable MTU. * Outdated cryptographic algorithms disabled by default, but there are options to override if necessary. * Reworked TLS handshake, making OpenVPN immune to replay-packet state exhaustion attacks. * Added --peer-fingerprint mode for a more simplistic certificate setup and verification. * Improved protocol negotiation, leading to faster connection setup. ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst
* security/openvpn: update to 2.5.8Matthias Andree2022-10-282-9/+13
| | | | Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-258
* security/openvpn: fix up ${name}_flags optionVVD2022-10-042-2/+2
| | | | | | was broken in previous commit; bumping PORTREVISION again PR: 266796
* security/openvpn: support ${name}_FLAGS0x1eef2022-10-032-2/+3
| | | | | | and bump PORTREVISION. PR: 266796
* Remove WWW entries moved into port MakefilesStefan Eßer2022-09-071-2/+0
| | | | | | | | | | Commit b7f05445c00f has added WWW entries to port Makefiles based on WWW: lines in pkg-descr files. This commit removes the WWW: lines of moved-over URLs from these pkg-descr files. Approved by: portmgr (tcberner)
* Add WWW entries to port MakefilesStefan Eßer2022-09-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It has been common practice to have one or more URLs at the end of the ports' pkg-descr files, one per line and prefixed with "WWW:". These URLs should point at a project website or other relevant resources. Access to these URLs required processing of the pkg-descr files, and they have often become stale over time. If more than one such URL was present in a pkg-descr file, only the first one was tarnsfered into the port INDEX, but for many ports only the last line did contain the port specific URL to further information. There have been several proposals to make a project URL available as a macro in the ports' Makefiles, over time. This commit implements such a proposal and moves one of the WWW: entries of each pkg-descr file into the respective port's Makefile. A heuristic attempts to identify the most relevant URL in case there is more than one WWW: entry in some pkg-descr file. URLs that are not moved into the Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr files in order to preserve them. There are 1256 ports that had no WWW: entries in pkg-descr files. These ports will not be touched in this commit. The portlint port has been adjusted to expect a WWW entry in each port Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as deprecated. Approved by: portmgr (tcberner)
* security/openvpn: remove obsolete pkg-helpMatthias Andree2022-08-211-27/+0
|
* security: remove 'Created by' linesTobias C. Berner2022-07-201-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A big Thank You to the original contributors of these ports: * <ports@c0decafe.net> * Aaron Dalton <aaron@FreeBSD.org> * Adam Weinberger <adamw@FreeBSD.org> * Ade Lovett <ade@FreeBSD.org> * Aldis Berjoza <aldis@bsdroot.lv> * Alex Dupre <ale@FreeBSD.org> * Alex Kapranoff <kappa@rambler-co.ru> * Alex Samorukov <samm@freebsd.org> * Alexander Botero-Lowry <alex@foxybanana.com> * Alexander Kriventsov <avk@vl.ru> * Alexander Leidinger <netchild@FreeBSD.org> * Alexander Logvinov <ports@logvinov.com> * Alexander Y. Grigoryev <alexander.4mail@gmail.com> * Alexey Dokuchaev <danfe@FreeBSD.org> * Alfred Perlstein * Alfred Perlstein <alfred@FreeBSD.org> * Anders Nordby <anders@FreeBSD.org> * Anders Nordby <anders@fix.no> * Andreas Klemm <andreas@klemm.gtn.com> * Andrew Lewis <freeghb@gmail.com> * Andrew Pantyukhin <infofarmer@FreeBSD.org> * Andrew St. Jean <andrew@arda.homeunix.net> * Anes Mukhametov <anes@anes.su> * Antoine Brodin <antoine@FreeBSD.org> * Anton Berezin <tobez@FreeBSD.org> * Antonio Carlos Venancio Junior (<antonio@inf.ufsc.br>) * Antonio Carlos Venancio Junior <antonio@inf.ufsc.br> * Ashish SHUKLA <ashish@FreeBSD.org> * Attila Nagy <bra@fsn.hu> * Autrijus Tang <autrijus@autrijus.org> * Axel Rau <axel.rau@chaos1.de> * Babak Farrokhi <farrokhi@FreeBSD.org> * Ben Woods <woodsb02@FreeBSD.org> * Bernard Spil <brnrd@FreeBSD.org> * Bernard Spil <brnrd@freebsd.org> * Blaz Zupan <blaz@si.FreeBSD.org> * Bob Hockney <zeus@ix.netcom.com> * Boris Kochergin <spawk@acm.poly.edu> * Brendan Molloy <brendan+freebsd@bbqsrc.net> * Bruce M Simpson * Bruce M Simpson <bms@FreeBSD.org> * Bruce M. Simpson <bms@FreeBSD.org> * Carlo Strub * Carlo Strub <cs@FreeBSD.org> * Carlos J Puga Medina <cpm@FreeBSD.org> * Carlos J Puga Medina <cpm@fbsd.es> * Charlie Root <se@FreeBSD.org> * Cheng-Lung Sung <clsung@FreeBSD.org> * Cheng-Lung Sung <clsung@dragon2.net> * Chie Taguchi <taguchi.ch@gmail.com> * Chris Cowart <ccowart@rescomp.berkeley.edu> * Chris D. Faulhaber <jedgar@FreeBSD.org> * Christer Edwards <christer.edwards@gmail.com> * Christian Lackas * Christopher Hall <hsw@bitmark.com> * Clement Laforet <sheepkiller@cultdeadsheep.org> * Clive Lin <clive@CirX.ORG> * Colin Percival * Cory McIntire (loon@noncensored.com) * Craig Leres <leres@FreeBSD.org> * Cristiano Deana <cris@gufi.org> * Cy Schubert (Cy.Schubert@uumail.gov.bc.ca) * Cy Schubert <Cy.Schubert@uumail.gov.bc.ca> * Cy Schubert <cy@FreeBSD.org> * Damian Gerow <dgerow@afflictions.org> * Damien Bobillot * Dan Langille * Dan Langille <dan@freebsddiary.org> * Dan Langille <dvl@FreeBSD.org> * Dan Langille <dvl@freebsd.org> * Dan Langille <dvl@sourcefire.com> * Daniel Kahn Gillmor <dkg@fifthhorseman.net> * Daniel Roethlisberger <daniel@roe.ch> * Danilo Egea Gondolfo <danilo@FreeBSD.org> * Danton Dorati <urisso@bsd.com.br> * Dave McKay <dave@mu.org> * David E. Thiel <lx@FreeBSD.org> * David O'Brien (obrien@NUXI.com) * David O'Brien <obrien@FreeBSD.org> * David Thiel <lx@redundancy.redundancy.org> * Dean Hollister <dean@odyssey.apana.org.au> * Denis Shaposhnikov <dsh@vlink.ru> * Dereckson <dereckson@gmail.com> * Dirk Froemberg <dirk@FreeBSD.org> * Ditesh Shashikant Gathani <ditesh@gathani.org> * Dom Mitchell <dom@happygiraffe.net> * Dominic Marks <dominic.marks@btinternet.com> * Don Croyle <croyle@gelemna.org> * Douglas Thrift <douglas@douglasthrift.net> * Edson Brandi <ebrandi@fugspbr.org> * Edwin Groothuis <edwin@mavetju.org> * Ekkehard 'Ekki' Gehm <gehm@physik.tu-berlin.de> * Emanuel Haupt <ehaupt@FreeBSD.org> * Emanuel Haupt <ehaupt@critical.ch> * Eric Crist <ecrist@secure-computing.net> * Erwin Lansing <erwin@FreeBSD.org> * Eugene Grosbein <eugen@FreeBSD.org> * Fabian Keil <fk@fabiankeil.de> * Felix Palmen <felix@palmen-it.de> * Florent Thoumie <flz@xbsd.org> * Foxfair Hu <foxfair@FreeBSD.org> * Frank Laszlo <laszlof@vonostingroup.com> * Frank Wall <fw@moov.de> * Franz Bettag <franz@bett.ag> * Gabor Kovesdan * Gabor Kovesdan <gabor@FreeBSD.org> * Gabriel M. Dutra <0xdutra@gmail.com> * Gary Hayers <Gary@Hayers.net> * Gasol Wu <gasol.wu@gmail.com> * Gea-Suan Lin <gslin@gslin.org> * George Reid <greid@ukug.uk.freebsd.org> * George Reid <services@nevernet.net> * Greg Larkin <glarkin@FreeBSD.org> * Greg V <greg@unrelenting.technology> * Gregory Neil Shapiro <gshapiro@FreeBSD.org> * Grzegorz Blach <gblach@FreeBSD.org> * Guangyuan Yang <ygy@FreeBSD.org> * Hakisho Nukama <nukama@gmail.com> * Hammurabi Mendes <hmendes@brturbo.com> * Henk van Oers <hvo.pm@xs4all.nl> * Horia Racoviceanu <horia@racoviceanu.com> * Hung-Yi Chen <gaod@hychen.org> * Jaap Akkerhuis <jaap@NLnetLabs.nl> * Jaap Boender <jaapb@kerguelen.org> * Jacek Serwatynski <tutus@trynet.eu.org> * James FitzGibbon <jfitz@FreeBSD.org> * James Thomason <james@divide.org> * Jan-Peter Koopmann <Jan-Peter.Koopmann@seceidos.de> * Janky Jay <ek@purplehat.org> * Janos Mohacsi * Janos Mohacsi <janos.mohacsi@bsd.hu> * Jean-Yves Lefort <jylefort@brutele.be> * Jim Geovedi <jim@corebsd.or.id> * Jim Ohlstein <jim@ohlste.in> * Joe Clarke <marcus@marcuscom.com> * Joe Marcus Clarke <marcus@FreeBSD.org> * Johann Visagie <johann@egenetics.com> * Johann Visagie <wjv@FreeBSD.org> * John Ferrell <jdferrell3@yahoo.com> * John Hixson <jhixson@gmail.com> * John Polstra <jdp@polstra.com> * John W. O'Brien <john@saltant.com> * John-Mark Gurney <jmg@FreeBSD.org> * Jose Alonso Cardenas Marquez <acardenas@bsd.org.pe> * Joseph Benden <joe@thrallingpenguin.com> * Joshua D. Abraham <jabra@ccs.neu.edu> * Jov <amutu@amutu.com> * Jui-Nan Lin <jnlin@freebsd.cs.nctu.edu.tw> * Ka Ho Ng <khng300@gmail.com> * Kay Lehmann <kay_lehmann@web.de> * Keith J. Jones <kjones@antihackertoolkit.com> * Kevin Zheng <kevinz5000@gmail.com> * Kimura Fuyuki <fuyuki@hadaly.org> * Kimura Fuyuki <fuyuki@mj.0038.net> * Klayton Monroe <klm@uidzero.org> * Konstantin Menshikov <kostjnspb@yandex.ru> * Koop Mast <kwm@FreeBSD.org> * Kris Kennaway <kris@FreeBSD.org> * Kubilay Kocak <koobs@FreeBSD.org> * Kurt Jaeger <fbsd-ports@opsec.eu> * LEVAI Daniel <leva@ecentrum.hu> * Lars Engels <lme@FreeBSD.org> * Lars Thegler <lth@FreeBSD.org> * Laurent LEVIER <llevier@argosnet.com> * Luiz Eduardo R. Cordeiro * Lukas Slebodnik <lukas.slebodnik@intrak.sk> * Lukasz Komsta * Mageirias Anastasios <anastmag@gmail.com> * Marcel Prisi <marcel.prisi@virtua.ch> * Marcello Coutinho * Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org> * Mark Felder <feld@FreeBSD.org> * Mark Hannon <markhannon@optusnet.com.au> * Mark Murray <markm@FreeBSD.org> * Mark Pulford <mark@kyne.com.au> * Marko Njezic <sf@maxempire.com> * Martin Matuska <martin@tradex.sk> * Martin Matuska <mm@FreeBSD.org> * Martin Mersberger * Martin Wilke <miwi@FreeBSD.org> * Martti Kuparinen <martti.kuparinen@ericsson.com> * Mateusz Piotrowski <0mp@FreeBSD.org> * Matt <matt@xtaz.net> * Matt Behrens <matt@zigg.com> * Matthias Andree <mandree@FreeBSD.org> * Matthias Fechner <mfechner@FreeBSD.org> * Matthieu BOUTHORS <matthieu@labs.fr> * Maxim Sobolev <sobomax@FreeBSD.org> * Meno Abels <meno.abels@adviser.com> * Michael Haro <mharo@FreeBSD.org> * Michael Johnson <ahze@FreeBSD.org> * Michael Nottebrock <lofi@FreeBSD.org> * Michael Reifenberger <mr@FreeBSD.org> * Michael Schout <mschout@gkg.net> * Michal Bielicki <m.bielicki@llizardfs.com> * Michiel van Baak <michiel@vanbaak.eu * Mij <mij@bitchx.it> * Mike Heffner <mheffner@vt.edu> * Mikhail T. <m.tsatsenko@gmail.com> * Mikhail Teterin <mi@aldan.algebra.com> * Milan Obuch * Mosconi <mosconi.rmg@gmail.com> * Muhammad Moinur Rahman <5u623l20@gmail.com> * Mustafa Arif <ma499@doc.ic.ac.uk> * Neil Booth * Neil Booth <kyuupichan@gmail.com> * Nick Barkas <snb@threerings.net> * Nicola Vitale <nivit@FreeBSD.org> * Niels Heinen * Nikola Kolev <koue@chaosophia.net> * Nobutaka Mantani <nobutaka@FreeBSD.org> * Oliver Lehmann * Oliver Lehmann <oliver@FreeBSD.org> * Olivier Duchateau * Olivier Duchateau <duchateau.olivier@gmail.com> * Olli Hauer * Patrick Li <pat@databits.net> * Paul Chvostek <paul@it.ca> * Paul Schmehl <pauls@utdallas.edu> * Pavel I Volkov <pavelivolkov@googlemail.com> * Pete Fritchman <petef@databits.net> * Peter Ankerstal <peter@pean.org> * Peter Haight <peterh@sapros.com> * Peter Johnson <johnson.peter@gmail.com> * Peter Pentchev <roam@FreeBSD.org> * Petr Rehor <rx@rx.cz> * Philippe Audeoud <jadawin@tuxaco.net> * Philippe Rocques <phil@teaser.fr> * Piotr Kubaj <pkubaj@FreeBSD.org> * Piotr Kubaj <pkubaj@anongoth.pl> * Po-Chuan Hsieh <sunpoet@FreeBSD.org> * RaRa Rasputin <rasputin@submonkey.net> * Radim Kolar * Ralf Meister * Remington Lang <MrL0Lz@gmail.com> * Renaud Chaput <renchap@cocoa-x.com> * Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl> * Roland van Laar <roland@micite.net> * Romain Tartiere <romain@blogreen.org> * Roman Bogorodskiy * Roman Bogorodskiy <novel@FreeBSD.org> * Roman Shterenzon <roman@xpert.com> * Rong-En Fan <rafan@FreeBSD.org> * Ryan Steinmetz <zi@FreeBSD.org> * Sahil Tandon <sahil@tandon.net> * Sascha Holzleiter <sascha@root-login.org> * SeaD * Seamus Venasse <svenasse@polaris.ca> * Sean Greven <sean.greven@gmail.com> * Sebastian Schuetz <sschuetz@fhm.edu> * Sergei Kolobov <sergei@FreeBSD.org> * Sergei Kolobov <sergei@kolobov.com> * Sergei Vyshenski * Sergei Vyshenski <svysh.fbsd@gmail.com> * Sergey Skvortsov <skv@protey.ru> * Seth Kingsley <sethk@meowfishies.com> * Shaun Amott <shaun@inerd.com> * Simeon Simeonov <sgs@pichove.org> * Simon Dick <simond@irrelevant.org> * Sofian Brabez <sbrabez@gmail.com> * Stanislav Sedov <ssedov@mbsd.msk.ru> * Stefan Esser <se@FreeBSD.org> * Stefan Grundmann * Stefan Walter <sw@gegenunendlich.de> * Stephon Chen <stephon@gmail.com> * Steve Wills <steve@mouf.net> * Steve Wills <swills@FreeBSD.org> * Steven Kreuzer * Steven Kreuzer <skreuzer@exit2shell.com> * Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> * TAKAHASHI Kaoru <kaoru@kaisei.org> * TAKATSU Tomonari <tota@FreeBSD.org> * Tatsuki Makino <tatsuki_makino@hotmail.com> * Thibault Payet <monwarez@mailoo.org> * Thierry Thomas (<thierry@pompo.net>) * Thierry Thomas <thierry@pompo.net> * Thomas Hurst <tom@hur.st> * Thomas Quinot <thomas@cuivre.fr.eu.org> * Thomas Zander <riggs@FreeBSD.org> * Thomas von Dein <freebsd@daemon.de> * Tilman Linneweh <arved@FreeBSD.org> * Tim Bishop <tim@bishnet.net> * Tom Judge <tom@tomjudge.com> * Tomoyuki Sakurai <cherry@trombik.org> * Toni Viemerö <toni.viemero@iki.fi> * Tony Maher * Torsten Zuhlsdorff <ports@toco-domains.de> * Travis Campbell <hcoyote@ghostar.org> * Tsung-Han Yeh <snowfly@yuntech.edu.tw> * Ulf Lilleengen * Vaida Bogdan <vaida.bogdan@gmail.com> * Valentin Zahariev <curly@e-card.bg> * Valerio Daelli <valerio.daelli@gmail.com> * Veniamin Gvozdikov <vg@FreeBSD.org> * Victor Popov * Victor Popov <v.a.popov@gmail.com> * Vsevolod Stakhov * Vsevolod Stakhov <vsevolod@FreeBSD.org> * Wen Heping <wen@FreeBSD.org> * Wen Heping <wenheping@gmail.com> * Yarodin <yarodin@gmail.com> * Yen-Ming Lee <leeym@FreeBSD.org> * Yen-Ming Lee <leeym@cae.ce.ntu.edu.tw> * Yen-Ming Lee <leeym@leeym.com> * Ying-Chieh Liao <ijliao@FreeBSD.org> * Yonatan <Yonatan@Xpert.com> * Yonatan <onatan@gmail.com> * Yoshisato YANAGISAWA * Yuri Victorovich * Yuri Victorovich <yuri@rawbw.com> * Zach Thompson <hideo@lastamericanempire.com> * Zane C. Bowers <vvelox@vvelox.net> * Zeus Panchenko <zeus@gnu.org.ua> * ache * adamw * ajk@iu.edu * alex@FreeBSD.org * allan@saddi.com * alm * andrej@ebert.su * andrew@scoop.co.nz * andy@fud.org.nz * antoine@FreeBSD.org * arved * barner * brix@FreeBSD.org * buganini@gmail.com * chinsan * chris@still.whet.org * clement * clsung * crow * cy@FreeBSD.org * dominik karczmarski <dominik@karczmarski.com> * dwcjr@inethouston.net * eivind * erich@rrnet.com * erwin@FreeBSD.org * girgen@FreeBSD.org * glen.j.barber@gmail.com * hbo@egbok.com * ijliao * jesper * jfitz * johans * joris * kftseng@iyard.org * kris@FreeBSD.org * lx * markm * mharo@FreeBSD.org * michaelnottebrock@gmx.net * mnag@FreeBSD.org * mp39590@gmail.com * nbm * nectar@FreeBSD.org * nork@FreeBSD.org * nork@cityfujisawa.ne.jp * nsayer@FreeBSD.org * nsayer@quack.kfu.com * ntarmos@cs.uoi.gr * oly * onatan@gmail.com * pandzilla * patrick@mindstep.com * pauls * perl@FreeBSD.org * petef@FreeBSD.org * peter.thoenen@yahoo.com * ports@c0decafe.net * ports@rbt.ca * roam@FreeBSD.org * rokaz * sada@FreeBSD.org * scrappy * se * shane@freebsdhackers.net aka modsix@gmail.com * snb@threerings.net * sumikawa * sviat * teramoto@comm.eng.osaka-u.ac.jp * thierry@pompo.net * tobez@FreeBSD.org * torstenb@FreeBSD.org * trasz <trasz@pin.if.uz.zgora.pl> * trevor * truckman * vanhu * vanilla@ * wen@FreeBSD.org * will With hat: portmgr
* security/openvpn: Bump PORTREVISION to be newer than on quarterly.Matthias Andree2022-05-311-1/+1
| | | | | | This is to make sure that with 2022Q3 branching off of this version, the package will look newer and flush out the old package, with MBEDTLS and TUNNELBLICK options now removed.
* security/openvpn: update to v2.5.7Matthias Andree2022-05-312-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | FreeBSD-related changes from Changes.rst: - Limited OpenSSL 3.0 support OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies on the compatiblity layer and full OpenSSL 3.0 support is coming with OpenVPN 2.6. Only features that impact usage directly have been backported: ``--tls-cert-profile insecure`` has been added to allow selecting the lowest OpenSSL security level (not recommended, use only if you must). OpenSSL 3.0 no longer supports the Blowfish (and other deprecated) algorithm by default and the new option ``--providers`` allows loading the legacy provider to renable these algorithms. Most notably, reading of many PKCS#12 files encrypted with the RC2 algorithm fails unless ``--providers legacy default`` is configured. The OpenSSL engine feature ``--engine`` is not enabled by default anymore if OpenSSL 3.0 is detected. - print OpenSSL error stack if decoding PKCS12 file fails - fix PATH_MAX build failure in auth-pam.c - fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface detailed changes: https://github.com/OpenVPN/openvpn/releases/tag/v2.5.7
* security/openvpn: drop man source patchMatthias Andree2022-04-261-11/+0
| | | | | | | | | | | | | | | | There has been a report of sporadic man-page rebuilds on OpenZFS. While the patch order is correct, we do not intend to rebuild the manpage (after a nobody -> openvpn change, for instance), and we also patch the output files. So just remove the source patch. This should go without any functional changes, so ships without bumping PORTREVISION. There is an upstream ticket reporting a missing source file in the tarball. https://community.openvpn.net/openvpn/ticket/1461 Reported by: Jan Martin Mikkelsen PR: 263116
* security/openvpn: bump PORTREVISIONMatthias Andree2022-04-031-1/+1
| | | | ...forgotten in previous commit.
* security/openvpn: remove MBEDTLS and TUNNELBLICK options.Matthias Andree2022-04-032-339/+7
|
* security/openvpn: security update to 2.5.6Matthias Andree2022-03-172-5/+5
| | | | | | | | | | | | Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256 Somewhat related to and obsoletes: PR: 262626 Security: 45a72180-a640-11ec-a08b-85298243e224 Security: CVE-2022-0547 Security: https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 MFH: 2022Q1
* security/mbedtls: Update to 2.28.0 and fix make testTijl Coosemans2022-01-281-1/+1
| | | | | | Also bump dependent ports for library version change. PR: 255084
* security/openvpn: bugfix update to 2.5.5Matthias Andree2021-12-152-5/+5
| | | | | | | | | | | | | | | | | | Bugfixes (FreeBSD-specific): * improve "make check" to notice if "openvpn --show-cipher" crashes * improve argv unit tests * ensure unit tests work with mbedTLS builds without BF-CBC ciphers * include "--push-remove" in the output of "openvpn --help" * fix "resolvconf -p" invocation in example "up" script * fix "common_name" environment for script calls when "--username-as-common-name" is in effect (Trac #1434) Documentation: * move "push-peer-info" documentation from "server options" to "client" (where it belongs) * correct "foreign_option_{n}" typo in manpage * update IRC information in CONTRIBUTING.rst (libera.chat) * README.down-root: fix plugin module name
* security/openvpn: Default-enable PKCS#11 optionMatthias Andree2021-12-121-2/+2
| | | | | | | Bump PORTREVISION. PR: 260352 Reported by: Marcin Wojtas
* security/openvpn: sort OPTIONS_{DEFAULT|DEFINE}Matthias Andree2021-12-121-3/+3
|
* security/openvpn: deprecate tunnelblickMatthias Andree2021-12-122-6/+23
| | | | While here, shorten LZO_DESC to fit 80x24 dialogs.
* security/openvpn: re-enable mbedTLS buildMatthias Andree2021-12-111-4/+4
| | | | | | | | | ...now that mbedTLS metadata was fixed to show the actual situation for mbedTLS 2.x.y, that it's either Apache License 2.0, or GNU General Public License 2.0 or any later version. While here, also mark the main port with mbedTLS option enabled to record it's going to lose the mbedTLS option end of March 2022.
* security/openvpn: license incompat mbedTLS, LZO+LibreSSLMatthias Andree2021-12-111-3/+25
| | | | | | | | | | | | | | | | | | | After reviewing licenses again, - mark mbedTLS broken for now, since it uses the Apache License 2.0, which is incompatible with the GPLv2 (OpenVPN does not employ the "or any later version" escape hatch). This will be handed to the OpenVPN-devel mailing list for review. - block out the combination of LZO with LibreSSL, since OpenVPN only has a linking exception for OpenSSL itself. Remedy is to either forgo LibreSSL, or to disable the LZO option, which requires proper configuration on either end. The maintainer's recommendation is to compile with OpenSSL instead. Bump PORTREVISION in spite of unchanged contents to flush out old packages. MFH: 2021Q4
* security/openvpn-mbedtls: sunset port.Matthias Andree2021-12-041-0/+1
| | | | | | mbedTLS is obsolete through its lack of TLS v1.3 support OpenVPN-mbedtls does not work on 14-CURRENT. => remove this port and the MBEDTLS option end 2022Q1.
* */*: Remove redundant '-[0-9]*' from CONFLICTS_INSTALLStefan Eßer2021-11-231-1/+1
| | | | | | | | | The conflict checks compare the patterns first against the package names without version (as reported by "pkg query "%n"), then - if there was no match - agsinst the full package names including the version (as reported by "pkg query "%n-%v"). Approved by: portmgr (blanket)
* security/openvpn{,-devel}: Update WWWLi-Wen Hsu2021-11-151-1/+1
| | | | | for security/openvpn-devel: Approved by: Gert Doering (maintainer)
* security/openvpn: rearrange MakefileMatthias Andree2021-11-011-10/+10
| | | | to portclippy-reported standard ordering
* security/openvpn: create and use dedicated openvpn userMatthias Andree2021-11-015-9/+87
| | | | PR: 259384
* security/openvpn: bugfix update to 2.5.4Matthias Andree2021-10-053-5/+6
| | | | | | | adds openvpn-examples(5) manual page Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-254
* security/openvpn: fix missing include for PATH_MAXMatthias Andree2021-06-222-3/+17
| | | | | | | | | While here, add a warning banner about libressl support status, and clean up a leftover INSTALL_DATA workaround no longer needed. Patch suggested and Reported by: Franco Fichtner <franco@opnsense.org> PR: 256744
* security/openvpn: update to v2.5.3Matthias Andree2021-06-183-16/+5
| | | | | | | | | | | | | | | | | | Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst FreeBSD relevant changes: Bugfixes * disable connect-retry backoff for p2p (--secret) instances (Trac #1010, #1384) * fix build with mbedtls w/o SSL renegotiation support * fix small memory leak in free_key_ctx for auth_token * Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409) - -> in FreeBSD ports, already fixed in 2.5.2_2 (PORTREVISION 2). User-visible Changes * update copyright messages in files and --version output New features * add --auth-token-user option (for --auth-token deployments without --auth-user-pass in client config)
* security/openvpn: band-aid fix for SIGSEGV on push echoMatthias Andree2021-06-032-1/+12
| | | | | PR: 256331 Reported by: peo@nethead.se
* security/openvpn: do not package .orig leftovers from patchMatthias Andree2021-05-171-1/+2
| | | | | | | | | Bump PORTREVISION as we change the pkg-plist. (Includes -mbedtls port variant.) PR: 255946 Based on a patch by and Reported by: Mikael Urankar (mikael@)
* security/openvpn: security update to v2.5.2Matthias Andree2021-04-212-8/+9
| | | | | | | | Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252 Security: CVE-2020-15078 Security: efb965be-a2c0-11eb-8956-1951a8617e30 MFH: 2021Q2
* all: Remove all other $FreeBSD keywords.Mathieu Arnold2021-04-061-2/+0
|
* Remove # $FreeBSD$ from Makefiles.Mathieu Arnold2021-04-061-1/+0
|
* security/openvpn: run ldd -a when multi-link of "same" library foundMatthias Andree2021-03-161-1/+1
| | | | | | | | | | | | | The build runs a sanity to check that libssl and libcrypto are linked only once, to catch mismatches in SSL providers to libpkcs11-helper and openvpn itself. In order to assist the operator to find out which libraries pull in differing versions of libcrypto or libssl, run ldd -a in the error path. (Not run normally, not PORTREVISION bump.) PR: 254323 (related) Notes: svn path=/head/; revision=568617
* security/openvpn: Bugfix update to v2.5.1Matthias Andree2021-02-242-4/+4
| | | | | | | | | Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-251 MFH: 2021Q1 (point-level bugfix update) Notes: svn path=/head/; revision=566502
* Update security/openvpn 2.5. For 2.3 peers, update your configuration,Matthias Andree2020-10-3011-721/+163
| | | | | | | | | | | | ...see ports/UPDATING or the ChangeLog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25 Avoid LibreSSL (IGNORE_SSL). INSTALL_DATA -> INSTALL_MAN for documentation. Rearrange Makefile according to portclippy. Notes: svn path=/head/; revision=553713
* security/openvpn: fix test suite when ifconfig emits ::1/128 address formatMatthias Andree2020-10-061-1/+1
| | | | | | | | | | | | | | | Some systems apparently format output of ifconfig lo0 similar to "inet6 ::1/128" instead of 12.1's "inet6 ::1 prefixlen 128". This confuses the test script, so strip the slash and trailing prefixlen off. Since that bug affects the build-time test suite and its occurrence breaks the build, no PORTREVISION bump needed. Reported by: des@ Notes: svn path=/head/; revision=551609
* openvpn: Add one TODO marker (no functional change).Matthias Andree2020-07-171-0/+3
| | | | Notes: svn path=/head/; revision=542434
* security/openvpn: future proofing, PLUGINDIR now ...Matthias Andree2020-07-171-4/+4
| | | | | | | | ...configured the official way, not hacky (which failed in openvpn-devel because it broke some configure tests). Notes: svn path=/head/; revision=542426
* security/openvpn: cherry-pick fixes from git repoMatthias Andree2020-05-314-1/+226
| | | | | | | | | | | * 098edbb1 2020-05-20 | Switch assertion failure to returning false [Jeremy Evans] * fc029714 2020-05-30 | pool: prevent IPv6 pools to be larger than 2^16 addresses [Antonio Quartulli] * 38b46e6b 2020-02-20 | Persist management-query-remote and proxy prompts [Selva Nair] MFH: 2020Q2 (blanket approval for stability fixes) Notes: svn path=/head/; revision=537129
* security/openvpn: reliability fixes cherry-picked from upstreamMatthias Andree2020-05-076-6/+329
| | | | | | | | | | | | | | | | | | | Arne Schwabe's OpenSSL fix for Debian Bug#958296 "Fix tls_ctx_client/server_new leaving error on OpenSSL error stack" <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958296> [1] Selva Nair's auth-pam fixes "Parse static challenge response in auth-pam plugin" "Accept empty password and/or response in auth-pam plugin" Re-diff (with make makepatch) older patches. Reported by: Jonas Andradas via Debian BTS Obtained from: Arne Schwabe, Selva Nair <https://github.com/OpenVPN/openvpn/tree/release/2.4> MFH: 2020Q2 (blanket for backporting reliability fixes) Notes: svn path=/head/; revision=534272
* security/openvpn: update to 2.4.9 (also for -mbedtls slave port)Matthias Andree2020-04-174-268/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the same time, remove ASYNC_PUSH_LIBS workaround from [1]. Changelog (high-level): https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249 Git changelog, marking the three fixes that were already in 2.4.8_3 as cherry-picks with a 1, 2, or 3 instead of "*" to correspond with the PORTREVISION, and those with "-" that are specific to other systems, say, Windows. * 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4, Changes.rst) (tag: v2.4.9) [Gert Doering] 3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov] * 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov] - 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option [Selva Nair] - 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store [Selva Nair] * df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva Nair] * 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in GetOpenvpnSettings() [Selva Nair] * 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve selection [Arne Schwabe] * ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in one file [Maxim Plotnikov] * 2fe84732 2020-03-30 | When auth-user-pass file has no password query the management interface (if available). [Selva Nair] * 908eae5c 2020-04-03 | Move querying username/password from management interface to a function [Selva Nair] * 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of tls_ctx_add_extra_certs [Arne Schwabe] * 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne Schwabe] * 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van Leeuwen] * 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH] * 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu Lakkala] 2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev Stipakov] * 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive service user [Selva Nair] * 0ba4f916 2019-11-09 | socks: use the right function when printing struct openvpn_sockaddr [Antonio Quartulli] 1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev Stipakov] PR: 244286 [1] MFH: 2020Q2 (patchlevel bugfix release) Notes: svn path=/head/; revision=531957
* security/openvpn: Fix illegal client float (CVE-2020-11810)Matthias Andree2020-04-162-1/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | There is a time frame between allocating peer-id and initializing data channel key (which is performed on receiving push request or on async push-reply) in which the existing peer-id float checks do not work right. If a "rogue" data channel packet arrives during that time frame from another address and with same peer-id, this would cause client to float to that new address. The net effect of this behaviour is that the VPN session for the "victim client" is broken. Since the "attacker client" does not have suitable keys, it can not inject or steal VPN traffic from the other session. The time window is small and it can not be used to attack a specific client's session, unless some other way is found to make it disconnect and reconnect first. This fix is inherited by the openvpn-mbedtls slave port. Obtained from: Lev Stipakov (OpenVPN) MFH: 2020Q2 (blanket security patch) Security: CVE-2020-11810 Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f Notes: svn path=/head/; revision=531837
* security/openvpn: Add a FIXME marker to clean up a local workaround that was ↵Matthias Andree2020-03-161-0/+2
| | | | | | | | | upstreamed for 2.4.9. [info: Lev Stipakov] PR: 244286 Notes: svn path=/head/; revision=528550
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-01 15:14:29 +0000