From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Jun 15 16:40:04 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DCCD1106564A for ; Mon, 15 Jun 2009 16:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B5FE28FC12 for ; Mon, 15 Jun 2009 16:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5FGe4Ft041177 for ; Mon, 15 Jun 2009 16:40:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5FGe4wm041176; Mon, 15 Jun 2009 16:40:04 GMT (envelope-from gnats) Resent-Date: Mon, 15 Jun 2009 16:40:04 GMT Resent-Message-Id: <200906151640.n5FGe4wm041176@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Damian Gerow Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6E77106568B for ; Mon, 15 Jun 2009 16:33:19 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 913868FC14 for ; Mon, 15 Jun 2009 16:33:19 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n5FGXJTN027717 for ; Mon, 15 Jun 2009 16:33:19 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n5FGXJB5027716; Mon, 15 Jun 2009 16:33:19 GMT (envelope-from nobody) Message-Id: <200906151633.n5FGXJB5027716@www.freebsd.org> Date: Mon, 15 Jun 2009 16:33:19 GMT From: Damian Gerow To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/135596: Update pkg-message to reflect new OpenSSL in -CURRENT (and make it more generic) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2009 16:40:05 -0000 >Number: 135596 >Category: ports >Synopsis: Update pkg-message to reflect new OpenSSL in -CURRENT (and make it more generic) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 15 16:40:04 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Damian Gerow >Release: 8.0-CURRENT >Organization: >Environment: FreeBSD plebeian.afflictions.org 8.0-CURRENT FreeBSD 8.0-CURRENT #1: Fri Jun 12 09:14:59 EDT 2009 dgerow@plebeian.afflictions.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: I've updated the wording in pkg-message to be a little more generic, and to specifically address the fact that OpenSSL 0.9.8k was just imported into -CURRENT. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -ruN openconnect.orig/pkg-descr openconnect/pkg-descr --- openconnect.orig/pkg-descr 2009-06-06 15:48:49.000000000 -0700 +++ openconnect/pkg-descr 2009-06-15 09:30:49.000000000 -0700 @@ -1,9 +1,13 @@ -OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is -supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, -1800, 2800, 3800, 7200 Series and Cisco 7301 Routers. +Cisco's implementation of the DTLS protocol unfortunately does not +comply with the relevant standards, and the OpenSSL in FreeBSD's +base requires a patch to provide full interoperability. You will +still be able to establish a tunnel, but all traffic will be +transmitted via an HTTPS connection. This means that any packet +loss on your link will result in a significant detriment to the +speed of your VPN connection. -Like vpnc, OpenConnect is not officially supported by, or -associated in any way with, Cisco Systems. It just happens to -interoperate with their equipment. +Note that versions of FreeBSD older than 8.0 will require a small +number of additional patches, due to the older version of OpenSSL +included in their base. -WWW: http://www.infradead.org/openconnect.html +More information is included in README.DTLS. diff -ruN openconnect.orig/pkg-message openconnect/pkg-message --- openconnect.orig/pkg-message 2009-06-06 15:48:49.000000000 -0700 +++ openconnect/pkg-message 2009-06-15 09:29:10.128304574 -0700 @@ -1,10 +1,9 @@ Cisco's implementation of the DTLS protocol unfortunately does not -comply with the relevant standards. OpenSSL must be patched to -provide full compliance with their implementation, and due to the -older release of OpenSSL in the FreeBSD base, there are additional -patches that must be applied to achieve the same goal. Though -OpenConnect will still function, all traffic will be passed over -an HTTPS connection. Should there be any packet loss on your -link, your VPN connection will suffer greatly. +comply with the relevant standards, and the OpenSSL in FreeBSD's +base requires a patch to provide full interoperability. You will +still be able to establish a tunnel, but all traffic will be +transmitted via an HTTPS connection. This means that any packet +loss on your link will result in a significant detriment to the +speed of your VPN connection. More information is included in README.DTLS. >Release-Note: >Audit-Trail: >Unformatted: