From nobody Sun Apr 5 20:02:34 2026 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fpjzt3pwSz6Y2Km for ; Sun, 05 Apr 2026 20:02:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fpjzt1G4mz40Sb for ; Sun, 05 Apr 2026 20:02:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775419354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tZsKodpaWUpMacEn4tDy1jzTXp4g7i52N5T1V8Hla5E=; b=LTmV/phCICa7rny3CNWFEHhTRpGE0QjCxIaV/0mzD6H9DOTBakSv0RAPRHsXDu04tBbukU EIc0/eEwu8TbWxQdSQFqX4LliHlc9YLsyufk0ttL/GFUmqhHYxjQOh3P+PNikz2BsO6EAM quR/qSOzQL8DoHgyzCV7npfp1uHrPYwDDADD077d9DQSglZ0YhTUg5UfdzcuYJLVmBcdqd PFU1NwbL9Lpm4ec1itOU92bkKtH+2Xa8bfuVI9vWh79h5ZF22BU4n51wrvpFsPViGpwIkN Aj3Zz8QOBrg0kjdmSwrjJlhhqZ2CMcZT9j/5GC/RDap2uPtgmmtCBMAYAv0uEA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1775419354; a=rsa-sha256; cv=none; b=xqhFNU04khZ5182uBjvUYFH9gVgRIqmt8KSdjf1dD3+6WxZO4J6QnqzmvS66nHFHgP7f1e yq35nu2pYKc485/DXSxua+68jH2nm9y2kUxVherDPGoeU/lzW00J9xalWevU80RkjVNpI/ 3MSx70yd7Xmjj19ac5j94l6y6jOg+ZzOMnqsc7DYMlh3BBxIyD4EwCgEuMp0rd7rP47sed HZUjzCMwZtRNu1KCHAMOFASbL98uLzv8RwigFdY8ptOCFHKm4SxlyBWIiSvzkuKdr7xF4B MvD/GWUe+Z7RIv0JScJO5tG55K7l88KR4eXjNdVC1s4veHrID7TQCCbLW0HoLg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775419354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tZsKodpaWUpMacEn4tDy1jzTXp4g7i52N5T1V8Hla5E=; b=n0tHTebwkCZKI8cF5hz2EXcBwznLm0Xi5yBh0WE2EsW3cAUOsakxy/dQLMwNhIg0YaExJ+ SGeQML5DBXFt2C8edHpALOST9owcnmmJ34Dq5m++CfmXcCW361q/w3KhxVrBnOo7hdqVGL D0WPvYD68HMzYio2y3qk6GpeWbLPJa8DU+U7K0EahKG71bo5hJGemltItKUx7ZDLUwFUqw yHr2+2pEbhNib+D5am97Cg7Xs6gWsOXjB8LLvqoNwGSzUgHTVGq573Txf7SIJI3E5Rk7v/ bXqWiTdO+5z1v/OIKIJna5g2wsY5HGhf0BqQNjgrLoEucrp0IGsOeJ+9qY6RGQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fpjzt0SK7z53D for ; Sun, 05 Apr 2026 20:02:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 374e9 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sun, 05 Apr 2026 20:02:34 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Cc: Matthias Andree From: Daniel Engberg Subject: git: 51f1036a0750 - main - security/openvpn: Update to 2.7.1 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: diizzy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 51f1036a07509a1e3eb50cf6e7904a88f55bb451 Auto-Submitted: auto-generated Date: Sun, 05 Apr 2026 20:02:34 +0000 Message-Id: <69d2bfda.374e9.4593a461@gitrepo.freebsd.org> The branch main has been updated by diizzy: URL: https://cgit.FreeBSD.org/ports/commit/?id=51f1036a07509a1e3eb50cf6e7904a88f55bb451 commit 51f1036a07509a1e3eb50cf6e7904a88f55bb451 Author: Matthias Andree AuthorDate: 2026-04-01 09:36:40 +0000 Commit: Daniel Engberg CommitDate: 2026-04-05 20:00:05 +0000 security/openvpn: Update to 2.7.1 This changes installed scripts, openvpn-client.up and .down scripts are no longer installed into libexec/, but instead a dns-updown script is placed into libexec/openvpn/ (all under $PREFIX). Based on a patch provided by Marek Zarychta. Changelog: https://github.com/OpenVPN/openvpn/releases/tag/v2.7.1 PR: 293138, 286263 --- UPDATING | 9 +++++++++ security/openvpn/Makefile | 4 +--- security/openvpn/distinfo | 6 +++--- security/openvpn/files/openvpn-client.in | 5 ++--- security/openvpn/files/patch-inotify | 11 ----------- security/openvpn/files/pkg-message.in | 17 ++++++++++++++--- security/openvpn/pkg-plist | 3 +-- 7 files changed, 30 insertions(+), 25 deletions(-) diff --git a/UPDATING b/UPDATING index 2568f3b029ee..bf07357a41a0 100644 --- a/UPDATING +++ b/UPDATING @@ -5,6 +5,15 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20260401: + AFFECTS: users of security/openvpn + AUTHOR: mandree@FreeBSD.org + + The openvpn 2.7 port update no longer installs the openvpn-client.up + and openvpn-client.down scripts into libexec/, but instead a + dns-updown script into libexec/openvpn/. + Review your configuration, and the openvpn man page for --dns-updown. + 20260329: AFFECTS: users of java/openjdk25 and java/openjdk26 with the jre flavor AUTHOR: jrm@FreeBSD.org diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index 24de0901da9b..b267e810c066 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -1,5 +1,5 @@ PORTNAME= openvpn -DISTVERSION= 2.6.19 +DISTVERSION= 2.7.1 PORTREVISION?= 0 CATEGORIES= security net net-vpn MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \ @@ -157,8 +157,6 @@ post-build: post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so - ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up - ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down ${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client ${MKDIR} ${STAGEDIR}${PREFIX}/include diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo index 0bc3904718f4..076472f98da7 100644 --- a/security/openvpn/distinfo +++ b/security/openvpn/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1770232344 -SHA256 (openvpn-2.6.19.tar.gz) = 13702526f687c18b2540c1a3f2e189187baaa65211edcf7ff6772fa69f0536cf -SIZE (openvpn-2.6.19.tar.gz) = 1926557 +TIMESTAMP = 1774966723 +SHA256 (openvpn-2.7.1.tar.gz) = 9858477ec2894a8a672974d8650dcb1af2eeffb468981a2b619f0fa387081167 +SIZE (openvpn-2.7.1.tar.gz) = 2088230 diff --git a/security/openvpn/files/openvpn-client.in b/security/openvpn/files/openvpn-client.in index 471757811795..20f806fd7a9c 100644 --- a/security/openvpn/files/openvpn-client.in +++ b/security/openvpn/files/openvpn-client.in @@ -1,6 +1,5 @@ #!/bin/sh -exec %%PREFIX%%/sbin/openvpn --script-security 2 \ - --up %%PREFIX%%/libexec/openvpn-client.up \ - --plugin openvpn-plugin-down-root.so %%PREFIX%%/libexec/openvpn-client.down \ +exec %%PREFIX%%/sbin/openvpn \ + --dns-updown force \ --config "$@" diff --git a/security/openvpn/files/patch-inotify b/security/openvpn/files/patch-inotify deleted file mode 100644 index 0f4a7fb66134..000000000000 --- a/security/openvpn/files/patch-inotify +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.orig 2026-02-14 15:09:42.270539000 +0100 -+++ configure 2026-02-14 15:14:09.452731000 +0100 -@@ -19732,7 +19732,7 @@ - - if test "${enable_async_push}" = "yes"; then - case "$host" in -- *-*-freebsd*) -+ *-*-freebsd1[3-4]*) - - pkg_failed=no - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libinotify" >&5 diff --git a/security/openvpn/files/pkg-message.in b/security/openvpn/files/pkg-message.in index c527aec28683..770c343816b8 100644 --- a/security/openvpn/files/pkg-message.in +++ b/security/openvpn/files/pkg-message.in @@ -4,12 +4,13 @@ Edit /etc/rc.conf[.local] to start OpenVPN automatically at system startup. See %%PREFIX%%/etc/rc.d/openvpn for details. -Connect to VPN server as a client with this command to include -the client.up/down scripts in the initialization: +Connect to VPN server as a client with this command to include the +%%PREFIX%%/libexec/openvpn/dns-updown script in the initialization: openvpn-client .ovpn For compatibility notes when interoperating with older OpenVPN -versions, please see +versions, please see online documentation at + Note that OpenVPN does not officially support LibreSSL. @@ -29,6 +30,16 @@ when an unprivileged user account is desired. It is advisable to review existing configuration files and to consider adding/changing user openvpn and group openvpn. + +For compatibility notes when interoperating with older OpenVPN +versions, please see online documentation at + + +Note that the 2.7 version of the port replaced the +libexec/openvpn-client.down and .up scripts with a shared +%%PREFIX%%/libexec/openvpn/dns-updown script +(the sbin/openvpn-client script has been updated accordingly). + EOM } ] diff --git a/security/openvpn/pkg-plist b/security/openvpn/pkg-plist index a91ef85f2ee3..aaa55c692b28 100644 --- a/security/openvpn/pkg-plist +++ b/security/openvpn/pkg-plist @@ -2,8 +2,7 @@ include/openvpn-msg.h include/openvpn-plugin.h lib/openvpn/plugins/openvpn-plugin-auth-pam.so lib/openvpn/plugins/openvpn-plugin-down-root.so -libexec/openvpn-client.down -libexec/openvpn-client.up +libexec/openvpn/dns-updown share/man/man5/openvpn-examples.5.gz share/man/man8/openvpn.8.gz sbin/openvpn