Date: Sat, 7 Sep 2019 07:37:58 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r511396 - in head/security/openvpn-devel: . files Message-ID: <201909070737.x877bw8b099437@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Sat Sep 7 07:37:58 2019 New Revision: 511396 URL: https://svnweb.freebsd.org/changeset/ports/511396 Log: security/openvpn-devel: Maintainer update to 201935 This commit updates the port to the latest development snapshot. Additional changes over PR: - leave CATEGORIES alone (leaving net-vpn in) - move IGNORE_SSL upwards and remove USE_LDCONFIG to please portlint -CA PR: 240376 Submitted by: ecrist@secure-computing.net (maintainer) Added: head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h (contents, props changed) head/security/openvpn-devel/pkg-help (contents, props changed) Deleted: head/security/openvpn-devel/files/patch-configure Modified: head/security/openvpn-devel/Makefile head/security/openvpn-devel/distinfo head/security/openvpn-devel/pkg-descr Modified: head/security/openvpn-devel/Makefile ============================================================================== --- head/security/openvpn-devel/Makefile Sat Sep 7 06:57:05 2019 (r511395) +++ head/security/openvpn-devel/Makefile Sat Sep 7 07:37:58 2019 (r511396) @@ -2,18 +2,22 @@ # $FreeBSD$ PORTNAME= openvpn -DISTVERSION= 201907 +DISTVERSION= 201935 CATEGORIES= security net net-vpn MASTER_SITES= https://secure-computing.net/files/openvpn/ \ ftp://ftp2.secure-computing.net/pub/FreeBSD/openvpn-devel/ PKGNAMESUFFIX= -devel MAINTAINER= ecrist@secure-computing.net +# let's use ?= in spite of portlint WARNings because this might become +# security/openvpn one day which would then have a slave port: COMMENT?= Secure IP/Ethernet tunnel daemon LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL +IGNORE_SSL= libressl libressl-devel + USES= cpe libtool pkgconfig shebangfix tar:xz CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]* @@ -41,7 +45,7 @@ OPTIONS_SINGLE= SSL OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS PKCS11_DESC= Use security/pkcs11-helper EASYRSA_DESC= Install security/easy-rsa RSA helper package -MBEDTLS_DESC= SSL/TLS via mbedTLS +MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) SMALL_DESC= Build a smaller executable with fewer features @@ -71,7 +75,6 @@ MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls USE_RC_SUBR= openvpn -USE_LDCONFIG= ${PREFIX}/lib SUB_FILES= pkg-message openvpn-client @@ -115,22 +118,11 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto _tlslibs=libssl libcrypto .endif -.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS) -pre-everything:: - @${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL." - @${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS." - @${ECHO_CMD} "You may wish to change your default SSL library" - @${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort." -. if !(defined(PACKAGE_BUILDING) || defined(BATCH)) - @sleep 10 -. endif -.endif - # sanity check that we don't inherit incompatible SSL libs through, # for instance, pkcs11-helper: post-build: - @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \ - | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\ + @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \ + | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\ if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi post-install: Modified: head/security/openvpn-devel/distinfo ============================================================================== --- head/security/openvpn-devel/distinfo Sat Sep 7 06:57:05 2019 (r511395) +++ head/security/openvpn-devel/distinfo Sat Sep 7 07:37:58 2019 (r511396) @@ -1,3 +1,3 @@ -TIMESTAMP = 1550580278 -SHA256 (openvpn-201907.tar.xz) = 1e2394ca6582877c90fc3d9948cfb1b1c1aaa2383c02af62410d5a51f812ff68 -SIZE (openvpn-201907.tar.xz) = 995288 +TIMESTAMP = 1567798649 +SHA256 (openvpn-201935.tar.xz) = a34dc87188ae38f148e99cc129db2ed05e33c7b41237373b34b5d711481cfc5f +SIZE (openvpn-201935.tar.xz) = 1002220 Added: head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h Sat Sep 7 07:37:58 2019 (r511396) @@ -0,0 +1,20 @@ +--- src/openvpn/openssl_compat.h.orig 2019-02-20 12:28:23 UTC ++++ src/openvpn/openssl_compat.h +@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx) + } + #endif /* SSL_CTX_get_max_proto_version */ + +-#ifndef SSL_CTX_set_min_proto_version ++#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) + /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ + static inline int + SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) +@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v + } + #endif /* SSL_CTX_set_min_proto_version */ + +-#ifndef SSL_CTX_set_max_proto_version ++#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) + /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */ + static inline int + SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) Modified: head/security/openvpn-devel/pkg-descr ============================================================================== --- head/security/openvpn-devel/pkg-descr Sat Sep 7 06:57:05 2019 (r511395) +++ head/security/openvpn-devel/pkg-descr Sat Sep 7 07:37:58 2019 (r511396) @@ -10,4 +10,4 @@ there is a good chance this program will not run. DO NOT USE IN PRODUCTION WITHOUT CAUTION -WWW: http://openvpn.net/ +WWW: http://openvpn.net/index.php/open-source.html Added: head/security/openvpn-devel/pkg-help ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openvpn-devel/pkg-help Sat Sep 7 07:37:58 2019 (r511396) @@ -0,0 +1,10 @@ +Note that "Tunnelblick" is a controversial option. +It is included for compatibility, not enabled by default, +and should only be used with due consideration, and it should not +replace proper cryptography use in OpenVPN. + +Note that this patch does NOT add documentation for the new --scramble +option, neither to the --help output, nor the manual page. + +Please see this website for a more detailed discussion: +https://tunnelblick.net/cOpenvpn_xorpatch.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909070737.x877bw8b099437>