From owner-dev-commits-ports-all@freebsd.org Sat May 29 10:55:56 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3F3E163E420; Sat, 29 May 2021 10:55:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fsdl011BTz4hLk; Sat, 29 May 2021 10:55:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 06DB2CAD; Sat, 29 May 2021 10:55:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14TAttOj037575; Sat, 29 May 2021 10:55:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14TAttfD037574; Sat, 29 May 2021 10:55:55 GMT (envelope-from git) Date: Sat, 29 May 2021 10:55:55 GMT Message-Id: <202105291055.14TAttfD037574@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Matthias Andree Subject: git: e29840cb4261 - 2021Q2 - security/openvpn-devel: switch to Gitlab and new maintainer MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/2021Q2 X-Git-Reftype: branch X-Git-Commit: e29840cb4261abfd9a5aaeda433466f23d920636 Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 May 2021 10:55:56 -0000 The branch 2021Q2 has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=e29840cb4261abfd9a5aaeda433466f23d920636 commit e29840cb4261abfd9a5aaeda433466f23d920636 Author: Matthias Andree AuthorDate: 2021-05-29 09:48:46 +0000 Commit: Matthias Andree CommitDate: 2021-05-29 10:55:23 +0000 security/openvpn-devel: switch to Gitlab and new maintainer The previous maintainer asked that the port be removed, but we seem to have found a better solution. Gert Doering volunteered to take over the port and reference Git directly. Import security/openvpn fix for leftover .orig files. PR: 256209 Maintainer change implicitly Approved by: ecrist@secure-computing.net (removal request) New contents reviewed and Approved by: gert@greenie.muc.de (new maintainer, by IRC/mail) MFH because original port no longer fetchable, Eric F. Crist removed his download files. (cherry picked from commit 9364842b3b08f9eaa49bf80c7c14550c2689ab7f) --- security/openvpn-devel/Makefile | 122 +++++++++++---------- security/openvpn-devel/distinfo | 6 +- .../files/patch-src_openvpn_openssl__compat.h | 20 ---- 3 files changed, 68 insertions(+), 80 deletions(-) diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile index f942b69ff7e6..842e7f77fe82 100644 --- a/security/openvpn-devel/Makefile +++ b/security/openvpn-devel/Makefile @@ -1,94 +1,101 @@ # Created by: Matthias Andree -PORTNAME= openvpn -DISTVERSION= 202113 -CATEGORIES= security net net-vpn -MASTER_SITES= https://secure-computing.net/files/openvpn/ -PKGNAMESUFFIX= -devel +PORTNAME= openvpn +DISTVERSION= g20210527 +PORTEPOCH= 1 +CATEGORIES= security net net-vpn +PKGNAMESUFFIX= -devel -MAINTAINER= ecrist@secure-computing.net +MAINTAINER= gert@greenie.muc.de # let's use ?= in spite of portlint WARNings because this might become # security/openvpn one day which would then have a slave port: -COMMENT?= Secure IP/Ethernet tunnel daemon +COMMENT?= Secure IP/Ethernet tunnel daemon -LICENSE= GPLv2 +LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL -IGNORE_SSL= libressl libressl-devel +BUILD_DEPENDS+= cmocka>=0:sysutils/cmocka \ + rst2man:textproc/py-docutils +LIB_DEPENDS+= liblzo2.so:archivers/lzo2 -USES= cpe libtool pkgconfig shebangfix tar:xz +USES= autoreconf cpe libtool pkgconfig shebangfix tar:xz +IGNORE_SSL= libressl libressl-devel +USE_GITLAB= yes +GL_COMMIT= 890225c1783d0f11b2092495ff902a46d7d0d4cd +USE_RC_SUBR= openvpn + +SHEBANG_FILES= sample/sample-scripts/auth-pam.pl sample/sample-scripts/ucn.pl \ + sample/sample-scripts/verify-cn -CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]* GNU_CONFIGURE= yes -WRKSRC= ${WRKDIR}/${PORTNAME}${PKGNAMESUFFIX} -SHEBANG_FILES= sample/sample-scripts/verify-cn \ - sample/sample-scripts/auth-pam.pl \ - sample/sample-scripts/ucn.pl CONFIGURE_ARGS+= --enable-strict # set PLUGIN_LIBDIR so that unqualified plugin paths are found: CONFIGURE_ENV+= PLUGINDIR="${PREFIX}/lib/openvpn/plugins" # let OpenVPN's configure script pick up the requisite libraries, # but do not break the plugin build if an older version is installed -CPPFLAGS+= -I${WRKSRC}/include -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib - -OPTIONS_DEFINE= PKCS11 EASYRSA DOCS EXAMPLES X509ALTUSERNAME \ - TEST LZ4 SMALL TUNNELBLICK -OPTIONS_DEFAULT= EASYRSA OPENSSL TEST LZ4 -OPTIONS_SINGLE= SSL -OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS -PKCS11_DESC= Use security/pkcs11-helper -EASYRSA_DESC= Install security/easy-rsa RSA helper package -MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) -TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) -X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) -SMALL_DESC= Build a smaller executable with fewer features +.ifdef (LOG_OPENVPN) +CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} +.endif -EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa +CPPFLAGS+= -I${WRKSRC}/include -I${LOCALBASE}/include -DCONFIGURE_GIT_REVISION='\"${GL_COMMIT}\"' -DCONFIGURE_GIT_FLAGS= +LDFLAGS+= -L${LOCALBASE}/lib -PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper -PKCS11_CONFIGURE_ENABLE= pkcs11 -PKCS11_PREVENTS= MBEDTLS -PKCS11_PREVENTS_MSG= OpenVPN cannot use pkcs11-helper with mbedTLS. Disable PKCS11, or use OpenSSL instead +CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* \ + openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]* -TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/extra-tunnelblick-openvpn_xorpatch +SUB_FILES= openvpn-client pkg-message -X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username +PORTDOCS= * +PORTEXAMPLES= * +OPTIONS_DEFINE= DOCS EASYRSA EXAMPLES LZ4 PKCS11 SMALL TEST TUNNELBLICK \ + X509ALTUSERNAME +OPTIONS_DEFAULT= EASYRSA LZ4 OPENSSL TEST +OPTIONS_SINGLE= SSL +OPTIONS_SINGLE_SSL= MBEDTLS OPENSSL + +# option descriptions and interdependencies + +EASYRSA_DESC= Install security/easy-rsa RSA helper package +MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) +PKCS11_DESC= Use security/pkcs11-helper +PKCS11_PREVENTS= MBEDTLS +PKCS11_PREVENTS_MSG= OpenVPN cannot use pkcs11-helper with mbedTLS. \ + Disable PKCS11, or use OpenSSL instead +SMALL_DESC= Build a smaller executable with fewer features +TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) +X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) X509ALTUSERNAME_PREVENTS= MBEDTLS -X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with mbedTLS. Disable X509ALTUSERNAME, or use OpenSSL instead +X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use \ + --x509-username-field with mbedTLS. Disable \ + X509ALTUSERNAME, or use OpenSSL instead -OPENSSL_USES= ssl -OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl +# option implementations -LZ4_CONFIGURE_OFF= --disable-lz4 +EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa -SMALL_CONFIGURE_ON= --enable-small +LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 +LZ4_CONFIGURE_OFF= --disable-lz4 MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls -USE_RC_SUBR= openvpn - -SUB_FILES= pkg-message openvpn-client - -.ifdef (LOG_OPENVPN) -CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} -.endif - -BUILD_DEPENDS+= cmocka>=0:sysutils/cmocka \ - rst2man:textproc/py-docutils -LIB_DEPENDS+= liblzo2.so:archivers/lzo2 +OPENSSL_USES= ssl +OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl -LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 +PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper +PKCS11_CONFIGURE_ENABLE= pkcs11 -PORTDOCS= * -PORTEXAMPLES= * +SMALL_CONFIGURE_ON= --enable-small TEST_ALL_TARGET= check TEST_TEST_TARGET_OFF= check +TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/extra-tunnelblick-openvpn_xorpatch + +X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username + pre-configure: .ifdef (LOG_OPENVPN) @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" @@ -109,10 +116,10 @@ post-configure: .include .if ${PORT_OPTIONS:MMBEDTLS} -_tlslibs=libmbedtls libmbedx509 libmbedcrypto +_tlslibs= libmbedtls libmbedx509 libmbedcrypto .else # OpenSSL -_tlslibs=libssl libcrypto +_tlslibs= libssl libcrypto .endif # sanity check that we don't inherit incompatible SSL libs through, @@ -140,5 +147,6 @@ post-install-DOCS-on: post-install-EXAMPLES-on: (cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/) ${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/* + ${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig .include diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo index a811b8535a88..8b9af1ac43cb 100644 --- a/security/openvpn-devel/distinfo +++ b/security/openvpn-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1617626192 -SHA256 (openvpn-202113.tar.xz) = 54e5b6870855138fdc92e19354fb03665dde4dd7b899b1672a8fbd85d9b926e5 -SIZE (openvpn-202113.tar.xz) = 1065804 +TIMESTAMP = 1622278095 +SHA256 (openvpn-openvpn-890225c1783d0f11b2092495ff902a46d7d0d4cd_GL0.tar.gz) = 0677e95122f96634ad8b8215052f5cd51ccd554bbd70ab53a05f33c157b27554 +SIZE (openvpn-openvpn-890225c1783d0f11b2092495ff902a46d7d0d4cd_GL0.tar.gz) = 1133002 diff --git a/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h b/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h deleted file mode 100644 index 4f72e79ef421..000000000000 --- a/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h +++ /dev/null @@ -1,20 +0,0 @@ ---- src/openvpn/openssl_compat.h.orig 2019-02-20 12:28:23 UTC -+++ src/openvpn/openssl_compat.h -@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx) - } - #endif /* SSL_CTX_get_max_proto_version */ - --#ifndef SSL_CTX_set_min_proto_version -+#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) - /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ - static inline int - SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) -@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v - } - #endif /* SSL_CTX_set_min_proto_version */ - --#ifndef SSL_CTX_set_max_proto_version -+#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) - /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */ - static inline int - SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)