From owner-svn-ports-head@freebsd.org Tue Dec 27 23:16:59 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94C75C93AAD; Tue, 27 Dec 2016 23:16:59 +0000 (UTC) (envelope-from mandree@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5D2A41A81; Tue, 27 Dec 2016 23:16:59 +0000 (UTC) (envelope-from mandree@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uBRNGwx6053357; Tue, 27 Dec 2016 23:16:58 GMT (envelope-from mandree@FreeBSD.org) Received: (from mandree@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uBRNGv8T053346; Tue, 27 Dec 2016 23:16:57 GMT (envelope-from mandree@FreeBSD.org) Message-Id: <201612272316.uBRNGv8T053346@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mandree set sender to mandree@FreeBSD.org using -f From: Matthias Andree Date: Tue, 27 Dec 2016 23:16:57 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r429678 - in head: . security security/openvpn security/openvpn-mbedtls security/openvpn-polarssl security/openvpn/files security/openvpn23 security/openvpn23-polarssl X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Dec 2016 23:16:59 -0000 Author: mandree Date: Tue Dec 27 23:16:57 2016 New Revision: 429678 URL: https://svnweb.freebsd.org/changeset/ports/429678 Log: OpenVPN update to v2.4.0, old version in openvpn23*. OpenVPN has been updated to v2.4.0. Changes: openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS library's change of name. The prior versions of the openvpn ports have been preserved in openvpn23 and openvpn23-polarssl, respectively, and are set to expire 2017-03-31. Added: head/security/openvpn-mbedtls/ - copied from r429677, head/security/openvpn-polarssl/ head/security/openvpn23/ - copied from r428693, head/security/openvpn/ head/security/openvpn23-polarssl/ - copied from r428693, head/security/openvpn-polarssl/ Deleted: head/security/openvpn-polarssl/ Modified: head/MOVED head/UPDATING head/security/Makefile head/security/openvpn-mbedtls/Makefile head/security/openvpn/Makefile head/security/openvpn/distinfo head/security/openvpn/files/extra-tunnelblick-openvpn_xorpatch head/security/openvpn/pkg-plist head/security/openvpn23-polarssl/Makefile head/security/openvpn23/Makefile Modified: head/MOVED ============================================================================== --- head/MOVED Tue Dec 27 22:34:36 2016 (r429677) +++ head/MOVED Tue Dec 27 23:16:57 2016 (r429678) @@ -8852,3 +8852,4 @@ net-mgmt/ccnet|net-mgmt/ccnet-client|201 net-mgmt/seafile|net-mgmt/seafile-client|2016-12-26|Split into -client and -server parts comms/libcodec2|audio/codec2|2016-12-26|Removed: Duplicate port use `audio/codec2` instead databases/py-sqlalchemy07|databases/py-sqlalchemy10|2016-12-27|Has expired: Upstream has declared this version EoL: please migrate to databases/py-sqlalchemy10 +security/openvpn-polarssl|security/openvpn-mbedtls|2016-12-27|Slave port renamed to match the TLS library's new name. Modified: head/UPDATING ============================================================================== --- head/UPDATING Tue Dec 27 22:34:36 2016 (r429677) +++ head/UPDATING Tue Dec 27 23:16:57 2016 (r429678) @@ -5,6 +5,16 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20161227: + AFFECTS: users of security/openvpn, security/openvpn-polarssl + AUTHOR: Matthias Andree + + The OpenVPN ports have been updated to the new upstream release v2.4, + and their predecessors preserved as openvpn23 and openvpn23-polarssl, + respectively. Note that for the new v2.4 release, the + openvpn-polarssl port has been renamed to openvpn-mbedtls to match the + upstream library's new name. + 20161218: AFFECTS: users of www/nghttp2 AUTHOR: sunpoet@FreeBSD.org Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Tue Dec 27 22:34:36 2016 (r429677) +++ head/security/Makefile Tue Dec 27 23:16:57 2016 (r429678) @@ -436,7 +436,9 @@ SUBDIR += openvpn-auth-ldap SUBDIR += openvpn-auth-radius SUBDIR += openvpn-devel - SUBDIR += openvpn-polarssl + SUBDIR += openvpn-mbedtls + SUBDIR += openvpn23 + SUBDIR += openvpn23-polarssl SUBDIR += ophcrack SUBDIR += orthrus SUBDIR += osiris Modified: head/security/openvpn-mbedtls/Makefile ============================================================================== --- head/security/openvpn-polarssl/Makefile Tue Dec 27 22:34:36 2016 (r429677) +++ head/security/openvpn-mbedtls/Makefile Tue Dec 27 23:16:57 2016 (r429678) @@ -1,12 +1,12 @@ # Created by: Matthias Andree # $FreeBSD$ -PKGNAMESUFFIX= -polarssl +PKGNAMESUFFIX= -mbedtls -COMMENT= Secure IP/Ethernet tunnel daemon, PolarSSL-based build +COMMENT= Secure IP/Ethernet tunnel daemon, mbedTLS-based build OPTIONS_EXCLUDE= OPENSSL PKCS11 X509ALTUSERNAME -OPTIONS_SLAVE= POLARSSL +OPTIONS_SLAVE= MBEDTLS MASTERDIR= ${.CURDIR}/../../security/openvpn Modified: head/security/openvpn/Makefile ============================================================================== --- head/security/openvpn/Makefile Tue Dec 27 22:34:36 2016 (r429677) +++ head/security/openvpn/Makefile Tue Dec 27 23:16:57 2016 (r429678) @@ -2,7 +2,8 @@ # $FreeBSD$ PORTNAME= openvpn -DISTVERSION= 2.3.14 +DISTVERSION= 2.4.0 +PORTREVISION?= 0 CATEGORIES= security net MASTER_SITES= http://swupdate.openvpn.net/community/releases/ \ http://build.openvpn.net/downloads/releases/ @@ -12,14 +13,15 @@ COMMENT?= Secure IP/Ethernet tunnel dae LICENSE= GPLv2 -CONFLICTS_INSTALL= openvpn-2.[!3].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* +CONFLICTS_INSTALL= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* GNU_CONFIGURE= yes USES= cpe libtool pkgconfig shebangfix tar:xz SHEBANG_FILES= sample/sample-scripts/verify-cn \ sample/sample-scripts/auth-pam.pl \ sample/sample-scripts/ucn.pl -# avoid picking up CMAKE, we don't have cmocka anyways. +CONFIGURE_ARGS+= --enable-strict +# avoid picking up CMAKE, we don't have cmocka in the tarballs.. CONFIGURE_ENV+= ac_cv_prog_CMAKE= CMAKE= # let OpenVPN's configure script pick up the requisite libraries, @@ -31,17 +33,16 @@ LDFLAGS+= -L${LOCALBASE}/lib CPPFLAGS+= -DPLUGIN_LIBDIR=\\\"${PREFIX}/lib/openvpn/plugins\\\" OPTIONS_DEFINE= PKCS11 EASYRSA DOCS EXAMPLES X509ALTUSERNAME \ - TUNNELBLICK TEST -OPTIONS_DEFAULT= EASYRSA OPENSSL TEST + TEST LZ4 SMALL TUNNELBLICK +OPTIONS_DEFAULT= EASYRSA OPENSSL TEST LZ4 OPTIONS_SINGLE= SSL -OPTIONS_SINGLE_SSL= OPENSSL POLARSSL -# The following feature is always enabled since 2.3.9 and no longer optional. -# PW_SAVE_DESC= Interactive passwords may be read from a file +OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS PKCS11_DESC= Use security/pkcs11-helper EASYRSA_DESC= Install security/easy-rsa RSA helper package -POLARSSL_DESC= SSL/TLS via mbedTLS 1.3.X (not 2.x) +MBEDTLS_DESC= SSL/TLS via mbedTLS TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) +SMALL_DESC= Build a smaller executable with fewer features EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa @@ -52,17 +53,18 @@ TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/e X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username -X509ALTUSERNAME_PREVENTS= POLARSSL -X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with PolarSSL. Disable X509ALTUSERNAME, or use OpenSSL instead +X509ALTUSERNAME_PREVENTS= MBEDTLS +X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with mbedTLS. Disable X509ALTUSERNAME, or use OpenSSL instead OPENSSL_USES= ssl OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl -# Pin the libmbedtls version because the 2.3.x port can't work with .so.10 or -# newer from the security/mbedtls package. Upstream works in progress -# for OpenVPN 2.4 to use mbedTLS 2.X. -POLARSSL_LIB_DEPENDS= libmbedtls.so.9:security/polarssl13 -POLARSSL_CONFIGURE_ON= --with-crypto-library=polarssl +LZ4_CONFIGURE_OFF= --disable-lz4 + +SMALL_CONFIGURE_ON= --enable-small + +MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls +MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls USE_RC_SUBR= openvpn USE_LDCONFIG= ${PREFIX}/lib @@ -75,6 +77,8 @@ CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} LIB_DEPENDS+= liblzo2.so:archivers/lzo2 +LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 + PORTDOCS= * PORTEXAMPLES= * Modified: head/security/openvpn/distinfo ============================================================================== --- head/security/openvpn/distinfo Tue Dec 27 22:34:36 2016 (r429677) +++ head/security/openvpn/distinfo Tue Dec 27 23:16:57 2016 (r429678) @@ -1,3 +1,3 @@ -TIMESTAMP = 1481159357 -SHA256 (openvpn-2.3.14.tar.xz) = f3a0d0eaf8d544409f76a9f2a238a0cd3dde9e1a9c1f98ac732a8b572bcdee98 -SIZE (openvpn-2.3.14.tar.xz) = 831404 +TIMESTAMP = 1482879037 +SHA256 (openvpn-2.4.0.tar.xz) = 6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e +SIZE (openvpn-2.4.0.tar.xz) = 930948 Modified: head/security/openvpn/files/extra-tunnelblick-openvpn_xorpatch ============================================================================== --- head/security/openvpn/files/extra-tunnelblick-openvpn_xorpatch Tue Dec 27 22:34:36 2016 (r429677) +++ head/security/openvpn/files/extra-tunnelblick-openvpn_xorpatch Tue Dec 27 23:16:57 2016 (r429678) @@ -10,128 +10,129 @@ detail on the following wiki page: https://tunnelblick.net/cOpenvpn_xorpatch.html +The patch was ported to OpenVPN 2.4 by OPNsense. ---- src/openvpn/forward.c.orig 2016-08-23 14:16:28 UTC +--- src/openvpn/forward.c.orig 2016-12-22 07:25:18 UTC +++ src/openvpn/forward.c -@@ -674,7 +674,10 @@ read_incoming_link (struct context *c) +@@ -730,7 +730,10 @@ read_incoming_link(struct context *c) - status = link_socket_read (c->c2.link_socket, - &c->c2.buf, -- &c->c2.from); -+ &c->c2.from, -+ c->options.ce.xormethod, -+ c->options.ce.xormask, -+ c->options.ce.xormasklen); + status = link_socket_read(c->c2.link_socket, + &c->c2.buf, +- &c->c2.from); ++ &c->c2.from, ++ c->options.ce.xormethod, ++ c->options.ce.xormask, ++ c->options.ce.xormasklen); - if (socket_connection_reset (c->c2.link_socket, status)) + if (socket_connection_reset(c->c2.link_socket, status)) { -@@ -1151,7 +1154,10 @@ process_outgoing_link (struct context *c - /* Send packet */ - size = link_socket_write (c->c2.link_socket, - &c->c2.to_link, -- to_addr); -+ to_addr, -+ c->options.ce.xormethod, -+ c->options.ce.xormask, -+ c->options.ce.xormasklen); +@@ -1368,7 +1371,10 @@ process_outgoing_link(struct context *c) + /* Send packet */ + size = link_socket_write(c->c2.link_socket, + &c->c2.to_link, +- to_addr); ++ to_addr, ++ c->options.ce.xormethod, ++ c->options.ce.xormask, ++ c->options.ce.xormasklen); - #ifdef ENABLE_SOCKS - /* Undo effect of prepend */ ---- src/openvpn/options.c.orig 2016-08-23 14:16:22 UTC + /* Undo effect of prepend */ + link_socket_write_post_size_adjust(&size, size_delta, &c->c2.to_link); +--- src/openvpn/options.c.orig 2016-12-22 07:25:18 UTC +++ src/openvpn/options.c -@@ -792,6 +792,9 @@ init_options (struct options *o, const b - o->max_routes = MAX_ROUTES_DEFAULT; - o->resolve_retry_seconds = RESOLV_RETRY_INFINITE; - o->proto_force = -1; -+ o->ce.xormethod = 0; -+ o->ce.xormask = "\0"; -+ o->ce.xormasklen = 0; +@@ -811,6 +811,9 @@ init_options(struct options *o, const bo + o->resolve_retry_seconds = RESOLV_RETRY_INFINITE; + o->resolve_in_advance = false; + o->proto_force = -1; ++ o->ce.xormethod = 0; ++ o->ce.xormask = "\0"; ++ o->ce.xormasklen = 0; #ifdef ENABLE_OCC - o->occ = true; + o->occ = true; #endif -@@ -907,6 +910,9 @@ setenv_connection_entry (struct env_set - setenv_int_i (es, "local_port", e->local_port, i); - setenv_str_i (es, "remote", e->remote, i); - setenv_int_i (es, "remote_port", e->remote_port, i); -+ setenv_int_i (es, "xormethod", e->xormethod, i); -+ setenv_str_i (es, "xormask", e->xormask, i); -+ setenv_int_i (es, "xormasklen", e->xormasklen, i); +@@ -972,6 +975,9 @@ setenv_connection_entry(struct env_set * + setenv_str_i(es, "local_port", e->local_port, i); + setenv_str_i(es, "remote", e->remote, i); + setenv_str_i(es, "remote_port", e->remote_port, i); ++ setenv_int_i(es, "xormethod", e->xormethod, i); ++ setenv_str_i(es, "xormask", e->xormask, i); ++ setenv_int_i(es, "xormasklen", e->xormasklen, i); - #ifdef ENABLE_HTTP_PROXY - if (e->http_proxy_options) -@@ -1366,6 +1372,9 @@ show_connection_entry (const struct conn - SHOW_INT (connect_retry_seconds); - SHOW_INT (connect_timeout); - SHOW_INT (connect_retry_max); -+ SHOW_INT (xormethod); -+ SHOW_STR (xormask); -+ SHOW_INT (xormasklen); + if (e->http_proxy_options) + { +@@ -1474,6 +1480,9 @@ show_connection_entry(const struct conne + SHOW_BOOL(bind_ipv6_only); + SHOW_INT(connect_retry_seconds); + SHOW_INT(connect_timeout); ++ SHOW_INT(xormethod); ++ SHOW_STR(xormask); ++ SHOW_INT(xormasklen); - #ifdef ENABLE_HTTP_PROXY - if (o->http_proxy_options) -@@ -5131,6 +5140,46 @@ add_option (struct options *options, - options->proto_force = proto_force; - options->force_connection_list = true; + if (o->http_proxy_options) + { +@@ -5915,6 +5924,46 @@ add_option(struct options *options, + } + options->proto_force = proto_force; } -+ else if (streq (p[0], "scramble") && p[1]) ++ else if (streq (p[0], "scramble") && p[1]) + { -+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); -+ if (streq (p[1], "xormask") && p[2] && (!p[3])) -+ { -+ options->ce.xormethod = 1; -+ options->ce.xormask = p[2]; -+ options->ce.xormasklen = strlen(options->ce.xormask); -+ } -+ else if (streq (p[1], "xorptrpos") && (!p[2])) -+ { -+ options->ce.xormethod = 2; -+ options->ce.xormask = NULL; -+ options->ce.xormasklen = 0; -+ } -+ else if (streq (p[1], "reverse") && (!p[2])) -+ { -+ options->ce.xormethod = 3; -+ options->ce.xormask = NULL; -+ options->ce.xormasklen = 0; -+ } -+ else if (streq (p[1], "obfuscate") && p[2] && (!p[3])) -+ { -+ options->ce.xormethod = 4; -+ options->ce.xormask = p[2]; -+ options->ce.xormasklen = strlen(options->ce.xormask); -+ } -+ else if (!p[2]) -+ { -+ msg (M_WARN, "WARNING: No recognized 'scramble' method specified; using 'scramble xormask \"%s\"'", p[1]); -+ options->ce.xormethod = 1; -+ options->ce.xormask = p[1]; -+ options->ce.xormasklen = strlen(options->ce.xormask); -+ } -+ else -+ { -+ msg (msglevel, "No recognized 'scramble' method specified or extra parameters for 'scramble'"); -+ goto err; -+ } ++ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); ++ if (streq (p[1], "xormask") && p[2] && (!p[3])) ++ { ++ options->ce.xormethod = 1; ++ options->ce.xormask = p[2]; ++ options->ce.xormasklen = strlen(options->ce.xormask); ++ } ++ else if (streq (p[1], "xorptrpos") && (!p[2])) ++ { ++ options->ce.xormethod = 2; ++ options->ce.xormask = NULL; ++ options->ce.xormasklen = 0; ++ } ++ else if (streq (p[1], "reverse") && (!p[2])) ++ { ++ options->ce.xormethod = 3; ++ options->ce.xormask = NULL; ++ options->ce.xormasklen = 0; ++ } ++ else if (streq (p[1], "obfuscate") && p[2] && (!p[3])) ++ { ++ options->ce.xormethod = 4; ++ options->ce.xormask = p[2]; ++ options->ce.xormasklen = strlen(options->ce.xormask); ++ } ++ else if (!p[2]) ++ { ++ msg(M_WARN, "WARNING: No recognized 'scramble' method specified; using 'scramble xormask \"%s\"'", p[1]); ++ options->ce.xormethod = 1; ++ options->ce.xormask = p[1]; ++ options->ce.xormasklen = strlen(options->ce.xormask); ++ } ++ else ++ { ++ msg(msglevel, "No recognized 'scramble' method specified or extra parameters for 'scramble'"); ++ goto err; ++ } + } - #ifdef ENABLE_HTTP_PROXY - else if (streq (p[0], "http-proxy") && p[1]) + else if (streq(p[0], "http-proxy") && p[1] && !p[5]) { ---- src/openvpn/options.h.orig 2016-08-23 14:16:22 UTC + struct http_proxy_options *ho; +--- src/openvpn/options.h.orig 2016-12-22 07:25:18 UTC +++ src/openvpn/options.h -@@ -100,6 +100,9 @@ struct connection_entry - int connect_retry_max; - int connect_timeout; - bool connect_timeout_defined; -+ int xormethod; -+ const char *xormask; -+ int xormasklen; - #ifdef ENABLE_HTTP_PROXY - struct http_proxy_options *http_proxy_options; - #endif ---- src/openvpn/socket.c.orig 2016-08-23 14:16:22 UTC +@@ -98,6 +98,9 @@ struct connection_entry + int connect_retry_seconds; + int connect_retry_seconds_max; + int connect_timeout; ++ int xormethod; ++ const char *xormask; ++ int xormasklen; + struct http_proxy_options *http_proxy_options; + const char *socks_proxy_server; + const char *socks_proxy_port; +--- src/openvpn/socket.c.orig 2016-12-22 07:25:18 UTC +++ src/openvpn/socket.c -@@ -52,6 +52,53 @@ const int proto_overhead[] = { /* indexe - IPv6_TCP_HEADER_SIZE, +@@ -55,6 +55,53 @@ const int proto_overhead[] = { /* indexe + IPv6_TCP_HEADER_SIZE, }; +int buffer_mask (struct buffer *buf, const char *mask, int xormasklen) { @@ -184,9 +185,9 @@ https://tunnelblick.net/cOpenvpn_xorpatc /* * Convert sockflags/getaddr_flags into getaddr_flags */ ---- src/openvpn/socket.h.orig 2016-08-23 14:16:22 UTC +--- src/openvpn/socket.h.orig 2016-12-22 07:25:18 UTC +++ src/openvpn/socket.h -@@ -245,6 +245,10 @@ struct link_socket +@@ -249,6 +249,10 @@ struct link_socket #endif }; @@ -197,100 +198,99 @@ https://tunnelblick.net/cOpenvpn_xorpatc /* * Some Posix/Win32 differences. */ -@@ -873,30 +877,56 @@ int link_socket_read_udp_posix (struct l +@@ -1046,30 +1050,55 @@ int link_socket_read_udp_posix(struct li static inline int - link_socket_read (struct link_socket *sock, - struct buffer *buf, -- struct link_socket_actual *from) -+ struct link_socket_actual *from, -+ int xormethod, -+ const char *xormask, -+ int xormasklen) + link_socket_read(struct link_socket *sock, + struct buffer *buf, +- struct link_socket_actual *from) ++ struct link_socket_actual *from, ++ int xormethod, ++ const char *xormask, ++ int xormasklen) { -+ int res; - if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ ++ int res; ++ + if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ { -- int res; - - #ifdef WIN32 - res = link_socket_read_udp_win32 (sock, buf, from); +- int res; +- + #ifdef _WIN32 + res = link_socket_read_udp_win32(sock, buf, from); #else - res = link_socket_read_udp_posix (sock, buf, from); + res = link_socket_read_udp_posix(sock, buf, from); #endif -- return res; +- return res; } - else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */ + else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */ { - /* from address was returned by accept */ - addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest); -- return link_socket_read_tcp (sock, buf); -+ res = link_socket_read_tcp (sock, buf); + /* from address was returned by accept */ + addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest); +- return link_socket_read_tcp(sock, buf); ++ res = link_socket_read_tcp(sock, buf); } - else + else { - ASSERT (0); - return -1; /* NOTREACHED */ + ASSERT(0); + return -1; /* NOTREACHED */ } -+ switch(xormethod) -+ { -+ case 0: -+ break; -+ case 1: -+ buffer_mask(buf,xormask,xormasklen); -+ break; -+ case 2: -+ buffer_xorptrpos(buf); -+ break; -+ case 3: -+ buffer_reverse(buf); -+ break; -+ case 4: -+ buffer_mask(buf,xormask,xormasklen); -+ buffer_xorptrpos(buf); -+ buffer_reverse(buf); -+ buffer_xorptrpos(buf); -+ break; -+ default: -+ ASSERT (0); -+ return -1; /* NOTREACHED */ ++ switch (xormethod) { ++ case 0: ++ break; ++ case 1: ++ buffer_mask(buf,xormask,xormasklen); ++ break; ++ case 2: ++ buffer_xorptrpos(buf); ++ break; ++ case 3: ++ buffer_reverse(buf); ++ break; ++ case 4: ++ buffer_mask(buf,xormask,xormasklen); ++ buffer_xorptrpos(buf); ++ buffer_reverse(buf); ++ buffer_xorptrpos(buf); ++ break; ++ default: ++ ASSERT (0); ++ return -1; /* NOTREACHED */ + } -+ return res; ++ return res; } /* -@@ -980,8 +1010,34 @@ link_socket_write_udp (struct link_socke +@@ -1159,8 +1188,33 @@ link_socket_write_udp(struct link_socket static inline int - link_socket_write (struct link_socket *sock, - struct buffer *buf, -- struct link_socket_actual *to) -+ struct link_socket_actual *to, -+ int xormethod, -+ const char *xormask, -+ int xormasklen) + link_socket_write(struct link_socket *sock, + struct buffer *buf, +- struct link_socket_actual *to) ++ struct link_socket_actual *to, ++ int xormethod, ++ const char *xormask, ++ int xormasklen) { -+ switch(xormethod) -+ { -+ case 0: -+ break; -+ case 1: -+ buffer_mask(buf,xormask,xormasklen); -+ break; -+ case 2: -+ buffer_xorptrpos(buf); -+ break; -+ case 3: -+ buffer_reverse(buf); -+ break; -+ case 4: -+ buffer_xorptrpos(buf); -+ buffer_reverse(buf); -+ buffer_xorptrpos(buf); -+ buffer_mask(buf,xormask,xormasklen); -+ break; -+ default: -+ ASSERT (0); -+ return -1; /* NOTREACHED */ ++ switch (xormethod) { ++ case 0: ++ break; ++ case 1: ++ buffer_mask(buf,xormask,xormasklen); ++ break; ++ case 2: ++ buffer_xorptrpos(buf); ++ break; ++ case 3: ++ buffer_reverse(buf); ++ break; ++ case 4: ++ buffer_xorptrpos(buf); ++ buffer_reverse(buf); ++ buffer_xorptrpos(buf); ++ buffer_mask(buf,xormask,xormasklen); ++ break; ++ default: ++ ASSERT (0); ++ return -1; /* NOTREACHED */ + } - if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ + if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ { - return link_socket_write_udp (sock, buf, to); + return link_socket_write_udp(sock, buf, to); Modified: head/security/openvpn/pkg-plist ============================================================================== --- head/security/openvpn/pkg-plist Tue Dec 27 22:34:36 2016 (r429677) +++ head/security/openvpn/pkg-plist Tue Dec 27 23:16:57 2016 (r429678) @@ -1,4 +1,5 @@ include/openvpn-plugin.h +include/openvpn-msg.h lib/openvpn/plugins/openvpn-plugin-auth-pam.so lib/openvpn/plugins/openvpn-plugin-down-root.so man/man8/openvpn.8.gz Modified: head/security/openvpn23-polarssl/Makefile ============================================================================== --- head/security/openvpn-polarssl/Makefile Fri Dec 16 19:14:57 2016 (r428693) +++ head/security/openvpn23-polarssl/Makefile Tue Dec 27 23:16:57 2016 (r429678) @@ -8,6 +8,6 @@ COMMENT= Secure IP/Ethernet tunnel daem OPTIONS_EXCLUDE= OPENSSL PKCS11 X509ALTUSERNAME OPTIONS_SLAVE= POLARSSL -MASTERDIR= ${.CURDIR}/../../security/openvpn +MASTERDIR= ${.CURDIR}/../../security/openvpn23 .include "${MASTERDIR}/Makefile" Modified: head/security/openvpn23/Makefile ============================================================================== --- head/security/openvpn/Makefile Fri Dec 16 19:14:57 2016 (r428693) +++ head/security/openvpn23/Makefile Tue Dec 27 23:16:57 2016 (r429678) @@ -10,6 +10,9 @@ MASTER_SITES= http://swupdate.openvpn.n MAINTAINER= mandree@FreeBSD.org COMMENT?= Secure IP/Ethernet tunnel daemon +DEPRECATED= Replaced by new upstream relesae 2.4.x +EXPIRATION_DATE= 2017-03-31 + LICENSE= GPLv2 CONFLICTS_INSTALL= openvpn-2.[!3].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]*