Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 31 Mar 2023 00:01:57 GMT
From:      Muhammad Moinur Rahman <bofh@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 2bfed05f70c7 - main - security/openvpn25: Remove expired port:
Message-ID:  <202303310001.32V01vSu014443@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by bofh:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2bfed05f70c7bf3a4f95bf3ef824a1a259936898

commit 2bfed05f70c7bf3a4f95bf3ef824a1a259936898
Author:     Muhammad Moinur Rahman <bofh@FreeBSD.org>
AuthorDate: 2023-03-25 15:03:54 +0000
Commit:     Muhammad Moinur Rahman <bofh@FreeBSD.org>
CommitDate: 2023-03-30 23:59:43 +0000

    security/openvpn25: Remove expired port:
    
    2023-03-31 security/openvpn25: replaced by new upstream release 2.6.0
---
 MOVED                                              |   1 +
 security/Makefile                                  |   1 -
 security/openvpn25/Makefile                        | 166 ---------------------
 security/openvpn25/distinfo                        |   3 -
 security/openvpn25/files/openvpn-client.in         |   6 -
 security/openvpn25/files/openvpn.in                | 144 ------------------
 security/openvpn25/files/patch-doc_openvpn.8       |  20 ---
 security/openvpn25/files/patch-doc_openvpn.8.html  |  20 ---
 ...ch-sample__sample-config-files__loopback-client |  13 --
 ...ch-sample__sample-config-files__loopback-server |  13 --
 .../files/patch-src_openvpn_openssl__compat.h      |  20 ---
 .../files/patch-src_plugins_auth-pam_auth-pam.c    |  10 --
 security/openvpn25/files/patch-tests__t_cltsrv.sh  |  65 --------
 security/openvpn25/files/pkg-message.in            |  34 -----
 security/openvpn25/files/up-script.sample          |  27 ----
 security/openvpn25/pkg-descr                       |   5 -
 security/openvpn25/pkg-plist                       |  10 --
 17 files changed, 1 insertion(+), 557 deletions(-)

diff --git a/MOVED b/MOVED
index 193fc4506031..6d220ef5a429 100644
--- a/MOVED
+++ b/MOVED
@@ -17864,3 +17864,4 @@ ports-mgmt/p5-FreeBSD-Portindex||2023-03-31|Has expired: Not working, and no fix
 print/ghostscript9-x11||2023-03-31|Has expired: Released over 10 years ago and unsupported by upstream, consider print/ghostscript9-agpl-x11
 print/ghostscript9-base||2023-03-31|Has expired: Released over 10 years ago and unsupported by upstream, consider print/ghostscript9-agpl-base
 security/openscep||2023-03-31|Has expired: Do not support recent RFC 8894
+security/openvpn25|security/openvpn|2023-03-31|Has expired: replaced by new upstream release 2.6.0
diff --git a/security/Makefile b/security/Makefile
index 01c174d4e633..1eb8308d4dbe 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -422,7 +422,6 @@
     SUBDIR += openvpn-auth-radius
     SUBDIR += openvpn-auth-script
     SUBDIR += openvpn-devel
-    SUBDIR += openvpn25
     SUBDIR += ophcrack
     SUBDIR += opie
     SUBDIR += ossec-hids
diff --git a/security/openvpn25/Makefile b/security/openvpn25/Makefile
deleted file mode 100644
index 7b3da13b1437..000000000000
--- a/security/openvpn25/Makefile
+++ /dev/null
@@ -1,166 +0,0 @@
-PORTNAME=		openvpn
-DISTVERSION=		2.5.9
-PORTREVISION?=		0
-CATEGORIES=		security net net-vpn
-MASTER_SITES=		https://swupdate.openvpn.org/community/releases/ \
-			https://build.openvpn.net/downloads/releases/ \
-			LOCAL/mandree
-PKGNAMESUFFIX=		25
-
-MAINTAINER=		mandree@FreeBSD.org
-COMMENT?=		Secure IP/Ethernet tunnel daemon
-WWW=		https://openvpn.net/community/
-
-LICENSE=		GPLv2
-LICENSE_FILE=		${WRKSRC}/COPYRIGHT.GPL
-
-DEPRECATED=		replaced by new upstream release 2.6.0
-EXPIRATION_DATE=	2023-03-31
-
-USES=			cpe libtool localbase:ldflags pkgconfig shebangfix ssl
-USE_RC_SUBR=		openvpn
-
-SHEBANG_FILES=		sample/sample-scripts/verify-cn \
-			sample/sample-scripts/auth-pam.pl \
-			sample/sample-scripts/ucn.pl
-
-GNU_CONFIGURE=		yes
-CONFIGURE_ARGS+=	--enable-strict --with-crypto-library=openssl
-# set PLUGIN_LIBDIR so that unqualified plugin paths are found:
-CONFIGURE_ENV+=		PLUGINDIR="${PREFIX}/lib/openvpn/plugins"
-
-CONFLICTS_INSTALL?=	openvpn-2* openvpn-devel openvpn-mbedtls
-
-PORTSCOUT=		limit:^2\.5\.
-
-SUB_FILES=		pkg-message openvpn-client
-
-USERS=			openvpn
-GROUPS=			openvpn
-
-PORTDOCS=		*
-PORTEXAMPLES=		*
-
-OPTIONS_DEFINE=		ASYNC_PUSH DOCS EASYRSA EXAMPLES LZ4 LZO PKCS11 SMALL \
-			TEST UNITTESTS X509ALTUSERNAME
-OPTIONS_DEFAULT=	EASYRSA LZ4 LZO PKCS11 TEST
-ASYNC_PUSH_DESC=	Enable async-push support
-EASYRSA_DESC=		Install security/easy-rsa RSA helper package
-LZO_DESC=		LZO compression (incompatible with LibreSSL)
-PKCS11_DESC=		Use security/pkcs11-helper, needs same SSL lib!
-SMALL_DESC=		Build a smaller executable with fewer features
-UNITTESTS_DESC=		Enable unit tests
-X509ALTUSERNAME_DESC=	Enable --x509-username-field
-
-ASYNC_PUSH_LIB_DEPENDS=	libinotify.so:devel/libinotify
-ASYNC_PUSH_CONFIGURE_ENABLE=	async-push
-
-EASYRSA_RUN_DEPENDS=	easy-rsa>=0:security/easy-rsa
-
-LZ4_LIB_DEPENDS+=	liblz4.so:archivers/liblz4
-LZ4_CONFIGURE_ENABLE=	lz4
-
-LZO_LIB_DEPENDS+=	liblzo2.so:archivers/lzo2
-LZO_CONFIGURE_ENABLE=	lzo
-
-PKCS11_LIB_DEPENDS=	libpkcs11-helper.so:security/pkcs11-helper
-PKCS11_CONFIGURE_ENABLE=	pkcs11
-
-SMALL_CONFIGURE_ENABLE=	small
-
-TEST_ALL_TARGET=	check
-TEST_TEST_TARGET_OFF=	check
-
-UNITTESTS_BUILD_DEPENDS=	cmocka>=0:sysutils/cmocka
-UNITTESTS_CONFIGURE_ENABLE=	unit-tests
-
-X509ALTUSERNAME_CONFIGURE_ENABLE=	x509-alt-username
-
-.ifdef (LOG_OPENVPN)
-CFLAGS+=		-DLOG_OPENVPN=${LOG_OPENVPN}
-.endif
-
-.include <bsd.port.options.mk>
-
-.if ${PORT_OPTIONS:MLZO}
-IGNORE_SSL=libressl libressl-devel
-IGNORE_SSL_REASON=OpenVPN does not have permission to include LZO with LibreSSL. Compile against OpenSSL, or if your setups support it, disable LZO support
-.endif
-
-.if ! ${PORT_OPTIONS:MLZ4} && ! ${PORT_OPTIONS:MLZO}
-CONFIGURE_ARGS+=	--enable-comp-stub
-.endif
-
-.include <bsd.port.pre.mk>
-
-.if !empty(PORT_OPTIONS:MLZO) && !empty(SSL_DEFAULT:Nbase:Nopenssl*)
-# in-depth security net if Mk/Uses/ssl.mk changes
-pre-everything::
-	@${ECHO_CMD} >&2 "ERROR: OpenVPN is not licensed to combine LZO with other OpenSSL-licensed libraries than OpenSSL. Compile against OpenSSL, or if your setups support it, disable LZO support."
-	@${SHELL} -c 'exit 1'
-.endif
-
-post-patch:
-	${REINPLACE_CMD} -E -i '' -e 's/(user|group) nobody/\1 openvpn/' \
-		-e 's/"nobody"( after init)/"openvpn" \1/' \
-		${WRKSRC}/sample/sample-config-files/*.conf \
-		${WRKSRC}/sample/sample-config-files/xinetd-*-config \
-		${WRKSRC}/doc/man-sections/generic-options.rst
-
-pre-configure:
-	# just too many of sign-compare; bitwise-instead-of-logical was audited and is intentional,
-	# and unused-function affects test---these are developer-side warnings, not relevant on end systems
-	${REINPLACE_CMD} 's/-Wsign-compare/-Wno-unknown-warning-option -Wno-sign-compare -Wno-bitwise-instead-of-logical -Wno-unused-function/' ${WRKSRC}/configure
-.ifdef (LOG_OPENVPN)
-	@${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}"
-.else
-	@${ECHO} ""
-	@${ECHO} "You may use the following build options:"
-	@${ECHO} ""
-	@${ECHO} "      LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}"
-	@${ECHO} "      EXAMPLE:  make LOG_OPENVPN=LOG_LOCAL6"
-	@${ECHO} ""
-.endif
-.if !empty(SSL_DEFAULT:Mlibressl*)
-	@${ECHO} "### --------------------------------------------------------- ###"
-	@${ECHO} "### NOTE that libressl is not primarily supported by OpenVPN  ###"
-	@${ECHO} "### Do not report bugs without fixes/patches unless the issue ###"
-	@${ECHO} "### can be reproduced with a released OpenSSL version.        ###"
-	@${ECHO} "### --------------------------------------------------------- ###"
-	@sleep 10
-.endif
-
-post-configure:
-	${REINPLACE_CMD} '/^CFLAGS =/s/$$/ -fPIC/' \
-	 	${WRKSRC}/src/plugins/auth-pam/Makefile \
-	 	${WRKSRC}/src/plugins/down-root/Makefile
-
-# sanity check that we don't inherit incompatible SSL libs through,
-# for instance, pkcs11-helper:
-_tlslibs=libssl libcrypto
-post-build:
-	@a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
-	|	${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
-	if test "$$*" != "1" ; then ( set -x ; ldd -a ${WRKSRC}/src/openvpn/openvpn ) ; ${PRINTF} '%s\n' "$$a" ; ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi
-
-post-install:
-	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
-	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so
-	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
-	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down
-	@${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
-	${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client
-	${MKDIR} ${STAGEDIR}${PREFIX}/include
-
-post-install-DOCS-on:
-	${MKDIR} ${STAGEDIR}${DOCSDIR}/
-.for i in AUTHORS ChangeLog PORTS
-	${INSTALL_MAN} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/
-.endfor
-
-post-install-EXAMPLES-on:
-	(cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/)
-	${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/*
-	${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig
-
-.include <bsd.port.post.mk>
diff --git a/security/openvpn25/distinfo b/security/openvpn25/distinfo
deleted file mode 100644
index d9e09d1d66cf..000000000000
--- a/security/openvpn25/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-TIMESTAMP = 1676264862
-SHA256 (openvpn-2.5.9.tar.gz) = 8794b7125998c68f30de654267a702b9581454ca1e7061511fcc5f99fea4bd32
-SIZE (openvpn-2.5.9.tar.gz) = 1840560
diff --git a/security/openvpn25/files/openvpn-client.in b/security/openvpn25/files/openvpn-client.in
deleted file mode 100644
index 471757811795..000000000000
--- a/security/openvpn25/files/openvpn-client.in
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-exec %%PREFIX%%/sbin/openvpn --script-security 2 \
-    --up %%PREFIX%%/libexec/openvpn-client.up \
-    --plugin openvpn-plugin-down-root.so %%PREFIX%%/libexec/openvpn-client.down \
-    --config "$@"
diff --git a/security/openvpn25/files/openvpn.in b/security/openvpn25/files/openvpn.in
deleted file mode 100644
index 9a59ed6f011e..000000000000
--- a/security/openvpn25/files/openvpn.in
+++ /dev/null
@@ -1,144 +0,0 @@
-#!/bin/sh
-#
-# openvpn.sh - load tun/tap driver and start OpenVPN daemon
-#
-# (C) Copyright 2005 - 2008, 2010 by Matthias Andree
-# based on suggestions by Matthias Grimm and Dirk Gouders
-# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev
-# and Vasil Dimov
-# softrestart feature suggested by Nick Hibma
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-# details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
-# Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-# PROVIDE: openvpn
-# REQUIRE: DAEMON
-# KEYWORD: shutdown
-
-# -----------------------------------------------------------------------------
-#
-# This script supports running multiple instances of openvpn.
-# To run additional instances link this script to something like
-# % ln -s openvpn openvpn_foo
-# and define additional openvpn_foo_* variables in one of
-# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo
-#
-# Below NAME should be substituted with the name of this script. By default
-# it is openvpn, so read as openvpn_enable. If you linked the script to
-# openvpn_foo, then read as openvpn_foo_enable etc.
-#
-# The following variables are supported (defaults are shown).
-# You can place them in any of
-# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME
-#
-# NAME_enable="NO"	# set to YES to enable openvpn
-# NAME_if=		# driver(s) to load, set to "tun", "tap" or "tun tap"
-#			# it is OK to specify the if_ prefix.
-#
-# # optional:
-# NAME_flags=				# additional command line arguments
-# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf"	# --config file
-# NAME_dir="%%PREFIX%%/etc/openvpn"	# --cd directory
-#
-# You also need to set NAME_configfile and NAME_dir, if the configuration
-# file and directory where keys and certificates reside differ from the above
-# settings.
-#
-# Note that we deliberately refrain from unloading drivers.
-#
-# For further documentation, please see openvpn(8).
-#
-
-. /etc/rc.subr
-
-# service(8) does not create an authentic environment, try to guess,
-# and as of 10.3-RELEASE-p0, it will not find the indented name=
-# assignments below. So give it a default.
-# Trailing semicolon also for service(8)'s benefit:
-name="$file" ;
-
-case "$0" in
-/etc/rc*)
-	# during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown),
-	# so get the name of the script from $_file
-	name="$_file"
-	;;
-*/service)
-	# do not use this as $0
-	;;
-*)
-	name="$0"
-	;;
-esac
-
-# default name to "openvpn" if guessing failed
-# Trailing semicolon also for service(8)'s benefit:
-name="${name:-openvpn}" ;
-name="${name##*/}"
-rcvar=${name}_enable
-
-stop_postcmd()
-{
-	rm -f "$pidfile" || warn "Could not remove $pidfile."
-}
-
-softrestart()
-{
-    sig_reload=USR1 run_rc_command reload
-    exit $?
-}
-
-openvpn_stats()
-{
-	sig_reload=USR2
-	run_rc_command ${rc_prefix}reload $rc_extra_args
-}
-
-# reload: support SIGHUP to reparse configuration file
-# softrestart: support SIGUSR1 to reconnect without superuser privileges
-# stats: support SIGUSR2 to write statistics to the syslog
-extra_commands="reload softrestart stats"
-softrestart_cmd="softrestart"
-stats_cmd="openvpn_stats"
-
-# pidfile
-pidfile="/var/run/${name}.pid"
-
-# command and arguments
-command="%%PREFIX%%/sbin/openvpn"
-
-# run this last
-stop_postcmd="stop_postcmd"
-
-load_rc_config ${name}
-
-eval ": \${${name}_enable:=\"NO\"}"
-eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}"
-eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}"
-
-configfile="$(eval echo \${${name}_configfile})"
-dir="$(eval echo \${${name}_dir})"
-interfaces="$(eval echo \${${name}_if})"
-flags="$(eval echo \${${name}_flags})"
-
-required_modules=
-for i in $interfaces ; do
-    required_modules="$required_modules${required_modules:+" "}if_${i#if_}"
-done
-
-required_files=${configfile}
-
-command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile} ${flags}"
-
-run_rc_command "$1"
diff --git a/security/openvpn25/files/patch-doc_openvpn.8 b/security/openvpn25/files/patch-doc_openvpn.8
deleted file mode 100644
index a536dae76755..000000000000
--- a/security/openvpn25/files/patch-doc_openvpn.8
+++ /dev/null
@@ -1,20 +0,0 @@
---- doc/openvpn.8.orig	2021-10-05 05:57:01 UTC
-+++ doc/openvpn.8
-@@ -358,7 +358,7 @@ lower priority, \fBn\fP less than zero is higher prior
- .B \-\-persist\-key
- Don\(aqt re\-read key files across \fBSIGUSR1\fP or \fB\-\-ping\-restart\fP\&.
- .sp
--This option can be combined with \fB\-\-user nobody\fP to allow restarts
-+This option can be combined with \fB\-\-user openvpn\fP to allow restarts
- triggered by the \fBSIGUSR1\fP signal. Normally if you drop root
- privileges in OpenVPN, the daemon cannot be restarted since it will now
- be unable to re\-read protected key files.
-@@ -577,7 +577,7 @@ useful to protect the system in the event that some ho
- able to gain control of an OpenVPN session. Though OpenVPN\(aqs security
- features make this unlikely, it is provided as a second line of defense.
- .sp
--By setting \fBuser\fP to \fBnobody\fP or somebody similarly unprivileged,
-+By setting \fBuser\fP to \fBopenvpn\fP or somebody similarly unprivileged,
- the hostile party would be limited in what damage they could cause. Of
- course once you take away privileges, you cannot return them to an
- OpenVPN session. This means, for example, that if you want to reset an
diff --git a/security/openvpn25/files/patch-doc_openvpn.8.html b/security/openvpn25/files/patch-doc_openvpn.8.html
deleted file mode 100644
index 5b1e8e805e13..000000000000
--- a/security/openvpn25/files/patch-doc_openvpn.8.html
+++ /dev/null
@@ -1,20 +0,0 @@
---- doc/openvpn.8.html.orig	2021-10-05 05:57:01 UTC
-+++ doc/openvpn.8.html
-@@ -650,7 +650,7 @@ lower priority, <tt class="docutils literal">n</tt> le
- <tr><td class="option-group">
- <kbd><span class="option">--persist-key</span></kbd></td>
- <td><p class="first">Don't re-read key files across <code>SIGUSR1</code> or <tt class="docutils literal"><span class="pre">--ping-restart</span></tt>.</p>
--<p>This option can be combined with <tt class="docutils literal"><span class="pre">--user</span> nobody</tt> to allow restarts
-+<p>This option can be combined with <tt class="docutils literal"><span class="pre">--user</span> openvpn</tt> to allow restarts
- triggered by the <code>SIGUSR1</code> signal. Normally if you drop root
- privileges in OpenVPN, the daemon cannot be restarted since it will now
- be unable to re-read protected key files.</p>
-@@ -824,7 +824,7 @@ initialization, dropping privileges in the process. Th
- useful to protect the system in the event that some hostile party was
- able to gain control of an OpenVPN session. Though OpenVPN's security
- features make this unlikely, it is provided as a second line of defense.</p>
--<p class="last">By setting <tt class="docutils literal">user</tt> to <code>nobody</code> or somebody similarly unprivileged,
-+<p class="last">By setting <tt class="docutils literal">user</tt> to <code>openvpn</code> or somebody similarly unprivileged,
- the hostile party would be limited in what damage they could cause. Of
- course once you take away privileges, you cannot return them to an
- OpenVPN session. This means, for example, that if you want to reset an
diff --git a/security/openvpn25/files/patch-sample__sample-config-files__loopback-client b/security/openvpn25/files/patch-sample__sample-config-files__loopback-client
deleted file mode 100644
index 0b485a641d8a..000000000000
--- a/security/openvpn25/files/patch-sample__sample-config-files__loopback-client
+++ /dev/null
@@ -1,13 +0,0 @@
---- sample/sample-config-files/loopback-client.orig	2016-08-23 14:16:22 UTC
-+++ sample/sample-config-files/loopback-client
-@@ -9,8 +9,8 @@
- #  ./openvpn --config sample-config-files/loopback-client  (In one window) 
- #  ./openvpn --config sample-config-files/loopback-server  (Simultaneously in another window) 
- 
--rport 16000
--lport 16001
-+rport 16100
-+lport 16101
- remote localhost
- local localhost
- dev null
diff --git a/security/openvpn25/files/patch-sample__sample-config-files__loopback-server b/security/openvpn25/files/patch-sample__sample-config-files__loopback-server
deleted file mode 100644
index 58691b133de7..000000000000
--- a/security/openvpn25/files/patch-sample__sample-config-files__loopback-server
+++ /dev/null
@@ -1,13 +0,0 @@
---- sample/sample-config-files/loopback-server.orig	2016-08-23 14:16:22 UTC
-+++ sample/sample-config-files/loopback-server
-@@ -9,8 +9,8 @@
- #  ./openvpn --config sample-config-files/loopback-client  (In one window) 
- #  ./openvpn --config sample-config-files/loopback-server  (Simultaneously in another window) 
- 
--rport 16001
--lport 16000
-+rport 16101
-+lport 16100
- remote localhost
- local localhost
- dev null
diff --git a/security/openvpn25/files/patch-src_openvpn_openssl__compat.h b/security/openvpn25/files/patch-src_openvpn_openssl__compat.h
deleted file mode 100644
index 2d68b96e8580..000000000000
--- a/security/openvpn25/files/patch-src_openvpn_openssl__compat.h
+++ /dev/null
@@ -1,20 +0,0 @@
---- src/openvpn/openssl_compat.h.orig	2020-04-16 13:26:45 UTC
-+++ src/openvpn/openssl_compat.h
-@@ -747,7 +747,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
- }
- #endif /* SSL_CTX_get_max_proto_version */
- 
--#ifndef SSL_CTX_set_min_proto_version
-+#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
- /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
- static inline int
- SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
-@@ -776,7 +776,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v
- }
- #endif /* SSL_CTX_set_min_proto_version */
- 
--#ifndef SSL_CTX_set_max_proto_version
-+#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
- /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
- static inline int
- SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
diff --git a/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c b/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c
deleted file mode 100644
index 633bc0f0204d..000000000000
--- a/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c
+++ /dev/null
@@ -1,10 +0,0 @@
---- src/plugins/auth-pam/auth-pam.c.orig	2021-06-21 04:44:39 UTC
-+++ src/plugins/auth-pam/auth-pam.c
-@@ -39,6 +39,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <ctype.h>
-+#include <limits.h>
- #include <unistd.h>
- #include <stdlib.h>
- #include <sys/types.h>
diff --git a/security/openvpn25/files/patch-tests__t_cltsrv.sh b/security/openvpn25/files/patch-tests__t_cltsrv.sh
deleted file mode 100644
index 9d0af3691c87..000000000000
--- a/security/openvpn25/files/patch-tests__t_cltsrv.sh
+++ /dev/null
@@ -1,65 +0,0 @@
---- tests/t_cltsrv.sh.orig	2016-08-23 13:10:22 UTC
-+++ tests/t_cltsrv.sh
-@@ -1,7 +1,7 @@
- #! /bin/sh
- #
- # t_cltsrv.sh - script to test OpenVPN's crypto loopback
--# Copyright (C) 2005, 2006, 2008  Matthias Andree
-+# Copyright (C) 2005 - 2014  Matthias Andree
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
-@@ -22,8 +22,9 @@ set -e
- srcdir="${srcdir:-.}"
- top_srcdir="${top_srcdir:-..}"
- top_builddir="${top_builddir:-..}"
--trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
--trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
-+root="${top_srcdir}/sample"
-+trap "rm -f ${root}/sample-config-files/loopback-*.test log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
-+trap "a=\$? ; rm -f ${root}/sample-config-files/loopback-*.test log.$$ log.$$.signal ; test \$a = 0 && exit 1 || exit \$a" 0 3
- addopts=
- case `uname -s` in
-     FreeBSD)
-@@ -45,18 +46,38 @@ esac
- # make sure that the --down script is executable -- fail (rather than
- # skip) test if it isn't.
- downscript="../tests/t_cltsrv-down.sh"
--root="${top_srcdir}/sample"
- test -x "${root}/${downscript}" || chmod +x "${root}/${downscript}" || { echo >&2 "${root}/${downscript} is not executable, failing." ; exit 1 ; }
- echo "The following test will take about two minutes." >&2
- echo "If the addresses are in use, this test will retry up to two times." >&2
- 
-+set -- $(ifconfig lo0 | grep -E '\<inet' | head -n1)
-+add=
-+if [ "x$1$2" = "x" ] ; then
-+    echo >&2 "### NO ADDRESSES ON LOOPBACK INTERFACE lo0, SKIPPING TEST ###"
-+    exit 77
-+fi
-+if [ "inet6" = "$1" ] ; then
-+    add='proto udp6 '
-+fi
-+for i in server client ; do
-+    sed -e "s|localhost|${2%/*}|" -e "/^remote /a\\
-+$add" ${root}/sample-config-files/loopback-$i \
-+    >${root}/sample-config-files/loopback-$i.test
-+done
-+
- # go
- success=0
- for i in 1 2 3 ; do
-   set +e
-   (
--  "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" &
--  "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client"
-+  "${top_builddir}/src/openvpn/openvpn" --script-security 2 \
-+      --cd "${root}" ${addopts} --setenv role srv \
-+      --down "${downscript}" --tls-exit --ping-exit 180 \
-+      --config "sample-config-files/loopback-server.test" &
-+  "${top_builddir}/src/openvpn/openvpn" --script-security 2 \
-+      --cd "${top_srcdir}/sample" ${addopts} --setenv role clt \
-+      --down "${downscript}" --tls-exit --ping-exit 180 \
-+      --config "sample-config-files/loopback-client.test"
-   ) 3>log.$$.signal >log.$$ 2>&1
-   e1=$?
-   wait $!
diff --git a/security/openvpn25/files/pkg-message.in b/security/openvpn25/files/pkg-message.in
deleted file mode 100644
index c527aec28683..000000000000
--- a/security/openvpn25/files/pkg-message.in
+++ /dev/null
@@ -1,34 +0,0 @@
-[
-{ type: install
-  message: <<EOM
-Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
-startup. See %%PREFIX%%/etc/rc.d/openvpn for details.
-
-Connect to VPN server as a client with this command to include
-the client.up/down scripts in the initialization:
-openvpn-client <spec>.ovpn
-
-For compatibility notes when interoperating with older OpenVPN
-versions, please see <http://openvpn.net/relnotes.html>;
-
-Note that OpenVPN does not officially support LibreSSL.
-
-Note that OpenVPN configures a separate user and group "openvpn",
-which should be used instead of the NFS user "nobody"
-when an unprivileged user account is desired.
-
-You may want to add user openvpn and group openvpn when creating your
-configuration files, the example configuration shows this only as comments.
-EOM
-}
-{ type: upgrade
-  message: <<EOM
-Note that OpenVPN now configures a separate user and group "openvpn",
-which should be used instead of the NFS user "nobody"
-when an unprivileged user account is desired.
-
-It is advisable to review existing configuration files and
-to consider adding/changing user openvpn and group openvpn.
-EOM
-}
-]
diff --git a/security/openvpn25/files/up-script.sample b/security/openvpn25/files/up-script.sample
deleted file mode 100644
index 2b9acee3dc85..000000000000
--- a/security/openvpn25/files/up-script.sample
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-# OpenVPN simple up/down script for openresolvconf integration.
-# (C) Copyright 2016 Baptiste Daroussin
-# BSD 2-clause license.
-
-set -e +u
-: ${script_type:=down}
-case "${script_type}" in
-up)
-        i=1
-        while :; do
-                eval option=\"\$foreign_option_${i}\" || break
-                [ "${option}" ] || break
-                set -- ${option}
-                i=$((i + 1))
-                [ "$1" = "dhcp-option" ] || continue
-                case "$2" in
-                DNS)           echo "nameserver ${3}" ;;
-                DOMAIN)        echo "domain ${3}" ;;
-                DOMAIN-SEARCH) echo "search ${3}" ;;
-                esac
-        done | /sbin/resolvconf -a "${dev}"
-        ;;
-down)
-        /sbin/resolvconf -d "${dev}" -f
-        ;;
-esac
diff --git a/security/openvpn25/pkg-descr b/security/openvpn25/pkg-descr
deleted file mode 100644
index 716b69051b64..000000000000
--- a/security/openvpn25/pkg-descr
+++ /dev/null
@@ -1,5 +0,0 @@
-OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private
-Network) daemon which can be used to securely link two or more private networks
-using an encrypted tunnel over the internet. It can operate over UDP or TCP,
-can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
-server can handle many clients.
diff --git a/security/openvpn25/pkg-plist b/security/openvpn25/pkg-plist
deleted file mode 100644
index d247b39c1eed..000000000000
--- a/security/openvpn25/pkg-plist
+++ /dev/null
@@ -1,10 +0,0 @@
-include/openvpn-msg.h
-include/openvpn-plugin.h
-lib/openvpn/plugins/openvpn-plugin-auth-pam.so
-lib/openvpn/plugins/openvpn-plugin-down-root.so
-libexec/openvpn-client.down
-libexec/openvpn-client.up
-man/man5/openvpn-examples.5.gz
-man/man8/openvpn.8.gz
-sbin/openvpn
-sbin/openvpn-client



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303310001.32V01vSu014443>