notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Ukraine
Port details
openvpn Secure IP/Ethernet tunnel daemon
2.5.7_1 security on this many watch lists=130 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 2.5.7Version of this port present on the latest quarterly branch.
Maintainer: mandree@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2002-06-24 16:19:12
Last Update: 2022-05-31 16:42:13
Commit Hash: 1dc25fd
People watching this port, also watch:: sudo, unzip, libiconv, nmap, rsync
Also Listed In: net net-vpn
License: GPLv2
Description:
SVNWeb : git : Homepage
pkg-plist: as obtained via: make generate-plist
Expand this list (16 items)
Collapse this list.
  1. /usr/local/share/licenses/openvpn-2.5.7_1/catalog.mk
  2. /usr/local/share/licenses/openvpn-2.5.7_1/LICENSE
  3. /usr/local/share/licenses/openvpn-2.5.7_1/GPLv2
  4. include/openvpn-msg.h
  5. include/openvpn-plugin.h
  6. lib/openvpn/plugins/openvpn-plugin-auth-pam.so
  7. lib/openvpn/plugins/openvpn-plugin-down-root.so
  8. libexec/openvpn-client.down
  9. libexec/openvpn-client.up
  10. man/man5/openvpn-examples.5.gz
  11. man/man8/openvpn.8.gz
  12. sbin/openvpn
  13. sbin/openvpn-client
  14. @owner
  15. @group
  16. @mode
Collapse this list.
Dependency lines:
  • openvpn>0:security/openvpn
Conflicts:
CONFLICTS_INSTALL:
  • openvpn-2.[!5].*
  • openvpn-devel
  • openvpn-mbedtls
Conflicts Matches:
There are no Conflicts Matches for this port. This is usually an error.
To install the port:
cd /usr/ports/security/openvpn/ && make install clean
To add the package, run one of these commands:
  • pkg install security/openvpn
  • pkg install openvpn
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: openvpn
Flavors: there is no flavor information for this port.
distinfo:
Packages (timestamps in pop-ups are UTC):
openvpn
ABIlatestquarterly
FreeBSD:11:aarch642.4.6_32.4.9_2
FreeBSD:11:amd642.5.32.5.3
FreeBSD:11:armv62.3.112.4.9_2
FreeBSD:11:i3862.5.32.5.3
FreeBSD:11:mips--
FreeBSD:11:mips642.3.112.4.9_2
FreeBSD:12:aarch642.4.6_32.5.7
FreeBSD:12:amd642.5.7_12.5.7
FreeBSD:12:armv62.4.6_32.4.9_3
FreeBSD:12:armv72.4.6_32.4.9_3
FreeBSD:12:i3862.5.7_12.5.7
FreeBSD:12:mips--
FreeBSD:12:mips642.4.6_32.4.9_2
FreeBSD:12:powerpc64-2.5.2
FreeBSD:13:aarch642.5.7_12.5.7
FreeBSD:13:amd642.5.7_12.5.7
FreeBSD:13:armv62.5.02.5.7
FreeBSD:13:armv72.5.02.5.7
FreeBSD:13:i3862.5.7_12.5.7
FreeBSD:13:mips--
FreeBSD:13:mips64--
FreeBSD:13:powerpc642.5.02.5.3
FreeBSD:14:aarch642.5.7_1-
FreeBSD:14:amd642.5.7_1-
FreeBSD:14:armv62.5.7_1-
FreeBSD:14:armv72.5.6_1-
FreeBSD:14:i3862.5.7_1-
FreeBSD:14:mips--
FreeBSD:14:mips64--
FreeBSD:14:powerpc642.5.1-
 

Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. pkgconf>=1.3.0_1 : devel/pkgconf
Runtime dependencies:
  1. easy-rsa>=0 : security/easy-rsa
Library dependencies:
  1. liblz4.so : archivers/liblz4
  2. liblzo2.so : archivers/lzo2
  3. libpkcs11-helper.so : security/pkcs11-helper
This port is required by:
for Build
  1. security/openvpn-auth-ldap
  2. security/openvpn-auth-script
for Run
  1. security/duo_openvpn
  2. security/openvpn-admin
  3. security/openvpn-auth-radius
  4. security/protonvpn-cli

Deleted ports which required this port:

Expand this list of 1 deleted port
  1. security/kovpn*
  2. Collapse this list of deleted ports.
* - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

Configuration Options:
Options name:

USES:

pkg-message:
For install:
If upgrading
Master Sites:
Expand this list (6 items)
Collapse this list.
  1. http://distcache.FreeBSD.org/local-distfiles/mandree/
  2. http://distcache.eu.FreeBSD.org/local-distfiles/mandree/
  3. http://distcache.us-east.FreeBSD.org/local-distfiles/mandree/
  4. http://distcache.us-west.FreeBSD.org/local-distfiles/mandree/
  5. https://build.openvpn.net/downloads/releases/
  6. https://swupdate.openvpn.org/community/releases/
Collapse this list.
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2020-10-30
    Affects: users of security/openvpn
    Author: mandree@FreeBSD.org
    Reason: 
      The security/openvpn port has been updated to v2.5.0, which brings a
      change to the default ciphersuite, which no longer contains BF-CBC.
    
      Some options have been removed. Also, if you need to support very old (v2.3)
      and unsupported clients or servers, you will need to adjust the
      configuration. For details, see:
      https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25
    
    
Expand this list (1 items)
  • 2016-12-27
    Affects: users of security/openvpn, security/openvpn-polarssl
    Author: Matthias Andree <mandree@FreeBSD.org>
    Reason: 
      The OpenVPN ports have been updated to the new upstream release v2.4,
      and their predecessors preserved as openvpn23 and openvpn23-polarssl,
      respectively.  Note that for the new v2.4 release, the
      openvpn-polarssl port has been renamed to openvpn-mbedtls to match the
      upstream library's new name.
    
    
  • Collapse this list.
Port Moves
  • port moved here from security/openvpn23 on 2017-04-10
    REASON: Has expired: Replaced by new upstream release 2.4.x

  • port moved here from security/openvpn20 on 2013-07-11
    REASON: Has expired: Superseded by security/openvpn

Number of commits found: 189 (showing only 100 on this page)

1 | 2  »  

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
31 May 2022 16:42:13
 files touched by this commit commit hash:1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02a  2.5.7_1
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: Bump PORTREVISION to be newer than on quarterly.

This is to make sure that with 2022Q3 branching off of this
version, the package will look newer and flush out the old
package, with MBEDTLS and TUNNELBLICK options now removed.
31 May 2022 16:33:26
 files touched by this commit commit hash:9acfd1b4afebdf57366dff963ddc70d962994d1d  2.5.7
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.5.7

FreeBSD-related changes from Changes.rst:

- Limited OpenSSL 3.0 support
    OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies
    on the compatiblity layer and full OpenSSL 3.0 support is coming with
    OpenVPN 2.6. Only features that impact usage directly have been
    backported:

    ``--tls-cert-profile insecure``  has been added to allow selecting the
    lowest  OpenSSL security level (not recommended, use only if you must).

    OpenSSL 3.0 no longer supports the Blowfish (and other deprecated)
    algorithm by default and the new option ``--providers`` allows loading
(Only the first 15 lines of the commit message are shown above View all of this commit message)
26 Apr 2022 21:59:42
 files touched by this commit commit hash:5f10d01ce1d79fed8456d454b7cb24afea1a4ae3  2.5.6_1
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: drop man source patch

There has been a report of sporadic man-page rebuilds on OpenZFS.
While the patch order is correct, we do not intend to rebuild the
manpage (after a nobody -> openvpn change, for instance), and
we also patch the output files.  So just remove the source patch.

This should go without any functional changes, so ships without
bumping PORTREVISION.

There is an upstream ticket reporting a missing source file
in the tarball. https://community.openvpn.net/openvpn/ticket/1461

Reported by:    Jan Martin Mikkelsen
PR:             263116
03 Apr 2022 11:18:14
 files touched by this commit commit hash:641a5f758779426305916b4666674795bc8822a4  2.5.6_1
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bump PORTREVISION

...forgotten in previous commit.
03 Apr 2022 11:15:57
 files touched by this commit commit hash:69cd4e114c005a94137adade08306e574fb20382  2.5.6
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: remove MBEDTLS and TUNNELBLICK options.
17 Mar 2022 22:27:50
 files touched by this commit commit hash:2e150241fbafae40eaaae496c58c1e77306b73ae  2.5.6
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: security update to 2.5.6

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256

Somewhat related to and obsoletes:
PR:		262626
Security:	45a72180-a640-11ec-a08b-85298243e224
Security:	CVE-2022-0547
Security:	https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
MFH:		2022Q1
28 Jan 2022 12:14:09
 files touched by this commit commit hash:b93e64d3c3240d1e4a8fc510b14aa2175e5be012  2.5.5_1 This port version is marked as vulnerable.
Tijl Coosemans (tijl) search for other commits by this committer
security/mbedtls: Update to 2.28.0 and fix make test

Also bump dependent ports for library version change.

PR:		255084
15 Dec 2021 17:31:52
 files touched by this commit commit hash:6a5dfca9f56080a45627bb4ba0b02039abd36aa5  2.5.5 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.5.5

Bugfixes (FreeBSD-specific):
* improve "make check" to notice if "openvpn --show-cipher" crashes
* improve argv unit tests
* ensure unit tests work with mbedTLS builds without BF-CBC ciphers
* include "--push-remove" in the output of "openvpn --help"
* fix "resolvconf -p" invocation in example "up" script
* fix "common_name" environment for script calls when
  "--username-as-common-name" is in effect (Trac #1434)

Documentation:
* move "push-peer-info" documentation from "server options" to "client"
  (where it belongs)
* correct "foreign_option_{n}" typo in manpage
* update IRC information in CONTRIBUTING.rst (libera.chat)
* README.down-root: fix plugin module name
12 Dec 2021 11:00:22
 files touched by this commit commit hash:f77789f296dd797bf008a895ed71abcc603c0374  2.5.4_3 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: Default-enable PKCS#11 option

Bump PORTREVISION.

PR:		260352
Reported by:	Marcin Wojtas
12 Dec 2021 11:00:21
 files touched by this commit commit hash:42d73509241dbede9fb29d56683188fa4a1b2872  2.5.4_2 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: sort OPTIONS_{DEFAULT|DEFINE}
12 Dec 2021 11:00:20
 files touched by this commit commit hash:bedfd042b988444cb311f477d5cf1e4457ead29f  2.5.4_2 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: deprecate tunnelblick

While here, shorten LZO_DESC to fit 80x24 dialogs.
11 Dec 2021 23:16:20
 files touched by this commit commit hash:d02b0675d0630a9ac66617becd9f9cfbbca9c524  2.5.4_2 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: re-enable mbedTLS build

...now that mbedTLS metadata was fixed to show the actual situation
for mbedTLS 2.x.y, that it's either Apache License 2.0, or
GNU General Public License 2.0 or any later version.

While here, also mark the main port with mbedTLS option enabled to
record it's going to lose the mbedTLS option end of March 2022.
11 Dec 2021 12:42:31
 files touched by this commit commit hash:5cc978dcfe58a52b9a163e080d855b022ac22545  2.5.4_2 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: license incompat mbedTLS, LZO+LibreSSL

After reviewing licenses again,
- mark mbedTLS broken for now, since it uses the Apache License 2.0,
  which is incompatible with the GPLv2 (OpenVPN does not employ the
  "or any later version" escape hatch). This will be handed to the
  OpenVPN-devel mailing list for review.

- block out the combination of LZO with LibreSSL, since OpenVPN
  only has a linking exception for OpenSSL itself. Remedy is
  to either forgo LibreSSL, or to disable the LZO option, which
  requires proper configuration on either end. The maintainer's
  recommendation is to compile with OpenSSL instead.

Bump PORTREVISION in spite of unchanged contents to flush out old
packages.

MFH:		2021Q4
04 Dec 2021 18:38:41
 files touched by this commit commit hash:b66f0654e7db4c15e0973c3c9064331019f2712d  2.5.4_1 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn-mbedtls: sunset port.

mbedTLS is obsolete through its lack of TLS v1.3 support
OpenVPN-mbedtls does not work on 14-CURRENT.
=> remove this port and the MBEDTLS option end 2022Q1.
23 Nov 2021 22:11:40
 files touched by this commit commit hash:5933ac0b099d61d98eb531d373cf57a8927bc7af  2.5.4_1 This port version is marked as vulnerable.
Stefan E├čer (se) search for other commits by this committer
*/*: Remove redundant '-[0-9]*' from CONFLICTS_INSTALL

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)
15 Nov 2021 22:38:08
 files touched by this commit commit hash:cf68fe10513a223715d6bfe7740478d60cb77321  2.5.4_1 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
Author: Li-Wen Hsu
security/openvpn{,-devel}: Update WWW

for security/openvpn-devel:
Approved by: Gert Doering (maintainer)
01 Nov 2021 12:16:37
 files touched by this commit commit hash:89d9e9320aff2d4c61be4c7dfa1b6829717bd034  2.5.4_1 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: rearrange Makefile

to portclippy-reported standard ordering
01 Nov 2021 12:04:24
 files touched by this commit commit hash:bb6ec079c50dc6f45700dd5897b35f66a19ee51c  2.5.4_1 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: create and use dedicated openvpn user

PR:		259384
05 Oct 2021 19:55:28
 files touched by this commit commit hash:cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96  2.5.4 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.5.4

adds openvpn-examples(5) manual page

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-254
22 Jun 2021 19:25:44
 files touched by this commit commit hash:159c6c7314095a10121155f501c093ad6f18c3c4  2.5.3 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: fix missing include for PATH_MAX

While here, add a warning banner about libressl support status,
and clean up a leftover INSTALL_DATA workaround no longer needed.

Patch suggested and
Reported by:	Franco Fichtner <franco@opnsense.org>
PR:		256744
18 Jun 2021 21:58:29
 files touched by this commit commit hash:24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3  2.5.3 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.5.3

Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst

FreeBSD relevant changes:
Bugfixes
*   disable connect-retry backoff for p2p (--secret) instances (Trac #1010,
#1384)
*   fix build with mbedtls w/o SSL renegotiation support
*   fix small memory leak in free_key_ctx for auth_token
*   Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409) -
    -> in FreeBSD ports, already fixed in 2.5.2_2 (PORTREVISION 2).

User-visible Changes
*   update copyright messages in files and --version output

New features
*   add --auth-token-user option (for --auth-token deployments without
--auth-user-pass in client config)
03 Jun 2021 10:47:25
 files touched by this commit commit hash:6c20c4906a3b0f805c932f4e74ef7f62086e704d  2.5.2_2 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: band-aid fix for SIGSEGV on push echo

PR:		256331
Reported by:	peo@nethead.se
17 May 2021 17:56:12
 files touched by this commit commit hash:42101271373865d49753e8d7b1fb66dfce325dd0  2.5.2_1 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: do not package .orig leftovers from patch

Bump PORTREVISION as we change the pkg-plist.
(Includes -mbedtls port variant.)

PR:		255946
Based on a patch by and
Reported by:	Mikael Urankar (mikael@)
21 Apr 2021 17:48:54
 files touched by this commit commit hash:47340329e7b677aabf7caae900878c61c04f3b73  2.5.2 This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: security update to v2.5.2

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252

Security:       CVE-2020-15078
Security:       efb965be-a2c0-11eb-8956-1951a8617e30
MFH:		2021Q2
06 Apr 2021 14:31:13
 files touched by this commit commit hash:135fdeebb99c3569e42d8162b265e15d29bd937d  2.5.1 This port version is marked as vulnerable.
Mathieu Arnold (mat) search for other commits by this committer
all: Remove all other $FreeBSD keywords.
06 Apr 2021 14:31:07
 files touched by this commit commit hash:305f148f482daf30dcf728039d03d019f88344eb  2.5.1 This port version is marked as vulnerable.
Mathieu Arnold (mat) search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
16 Mar 2021 21:45:50
Original commit files touched by this commit Revision:568617  2.5.1 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: run ldd -a when multi-link of "same" library found

The build runs a sanity to check that libssl and libcrypto are linked
only once, to catch mismatches in SSL providers to libpkcs11-helper
and openvpn itself.  In order to assist the operator to find out
which libraries pull in differing versions of libcrypto or libssl,
run ldd -a in the error path. (Not run normally, not PORTREVISION bump.)

PR:		254323 (related)
24 Feb 2021 19:04:01
Original commit files touched by this commit Revision:566502  2.5.1 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: Bugfix update to v2.5.1

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-251

MFH:		2021Q1 (point-level bugfix update)
30 Oct 2020 20:36:01
Original commit files touched by this commit Revision:553713  2.5.0 This port version is marked as vulnerable.
mandree search for other commits by this committer
Update security/openvpn 2.5. For 2.3 peers, update your configuration,

...see ports/UPDATING or the
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25

Avoid LibreSSL (IGNORE_SSL).
INSTALL_DATA -> INSTALL_MAN for documentation.
Rearrange Makefile according to portclippy.
06 Oct 2020 23:28:13
Original commit files touched by this commit Revision:551609  2.4.9_3 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: fix test suite when ifconfig emits ::1/128 address format

Some systems apparently format output of ifconfig lo0 similar to
"inet6 ::1/128" instead of 12.1's "inet6 ::1 prefixlen 128". This
confuses the test script, so strip the slash and trailing prefixlen
off.

Since that bug affects the build-time test suite and its occurrence
breaks the build, no PORTREVISION bump needed.

Reported by:	des@
17 Jul 2020 13:58:35
Original commit files touched by this commit Revision:542434  2.4.9_3 This port version is marked as vulnerable.
mandree search for other commits by this committer
openvpn: Add one TODO marker (no functional change).
17 Jul 2020 10:30:37
Original commit files touched by this commit Revision:542426  2.4.9_3 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: future proofing, PLUGINDIR now ...

...configured the official way, not hacky (which failed in openvpn-devel
because it broke some configure tests).
31 May 2020 08:40:03
Original commit files touched by this commit Revision:537129  2.4.9_2 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: cherry-pick fixes from git repo

* 098edbb1 2020-05-20 | Switch assertion failure to returning false [Jeremy
Evans]
* fc029714 2020-05-30 | pool: prevent IPv6 pools to be larger than 2^16
addresses [Antonio Quartulli]
* 38b46e6b 2020-02-20 | Persist management-query-remote and proxy prompts [Selva
Nair]

MFH:		2020Q2 (blanket approval for stability fixes)
07 May 2020 16:28:42
Original commit files touched by this commit Revision:534272  2.4.9_1 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: reliability fixes cherry-picked from upstream

Arne Schwabe's OpenSSL fix for Debian Bug#958296
"Fix tls_ctx_client/server_new leaving error on OpenSSL error stack"
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958296> [1]

Selva Nair's auth-pam fixes
"Parse static challenge response in auth-pam plugin"
"Accept empty password and/or response in auth-pam plugin"

Re-diff (with make makepatch) older patches.

Reported by:	Jonas Andradas via Debian BTS
Obtained from:	Arne Schwabe, Selva Nair
<https://github.com/OpenVPN/openvpn/tree/release/2.4>
MFH:		2020Q2 (blanket for backporting reliability fixes)
17 Apr 2020 18:38:45
Original commit files touched by this commit Revision:531957  2.4.9 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: update to 2.4.9 (also for -mbedtls slave port)

At the same time, remove ASYNC_PUSH_LIBS workaround from [1].

Changelog (high-level):
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249

Git changelog, marking the three fixes that were already in 2.4.8_3
as cherry-picks with a 1, 2, or 3 instead of "*" to correspond
with the PORTREVISION, and those with "-" that are specific to other systems,
say, Windows.

* 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4,
Changes.rst) (tag: v2.4.9) [Gert Doering]
3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
(Only the first 15 lines of the commit message are shown above View all of this commit message)
16 Apr 2020 09:46:16
Original commit files touched by this commit Revision:531837  2.4.8_3 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: Fix illegal client float (CVE-2020-11810)

There is a time frame between allocating peer-id and initializing data
channel key (which is performed on receiving push request or on async
push-reply) in which the existing peer-id float checks do not work right.

If a "rogue" data channel packet arrives during that time frame from another
address and with same peer-id, this would cause client to float to that new
address.

The net effect of this behaviour is that the VPN session for the "victim
client" is broken. Since the "attacker client" does not have suitable keys,
it can not inject or steal VPN traffic from the other session. The time
window is small and it can not be used to attack a specific client's session,
unless some other way is found to make it disconnect and reconnect first.

This fix is inherited by the openvpn-mbedtls slave port.

Obtained from:	Lev Stipakov (OpenVPN)
MFH:		2020Q2 (blanket security patch)
Security:	CVE-2020-11810
Security:	8604121c-7fc2-11ea-bcac-7781e90b0c8f
16 Mar 2020 22:58:27
Original commit files touched by this commit Revision:528550  2.4.8_2 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: Add a FIXME marker to clean up a local workaround that was
upstreamed for 2.4.9. [info: Lev Stipakov]
PR: 244286
21 Feb 2020 20:15:50
Original commit files touched by this commit Revision:526692  2.4.8_2 This port version is marked as vulnerable.
mandree search for other commits by this committer
openvpn: Add default-off ASYNC_PUSH option.

When enabled, pulls in devel/libinotify, and
adds --enable-async-push to configure.

In contrast to garga@'s proposal, uses
ASYNC_PUSH_LIBS instead of a patch file.

PR:		244286
Submitted by:	garga@
26 Jan 2020 15:04:38
Original commit files touched by this commit Revision:524180  2.4.8_1 This port version is marked as vulnerable.
mandree search for other commits by this committer
Reduce fragmentation when using ncp-ciphers

URL:
openvpn-devel@lists.sourceforge.net/msg18975.html" REL="NOFOLLOW">https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18975.html
26 Jan 2020 14:40:32
Original commit files touched by this commit Revision:524178  2.4.8 This port version is marked as vulnerable.
mandree search for other commits by this committer
Allow build without compression libs.

In that situation, add ./configure --enable-compression-stub.

While here, rearrange Makefile and use _ENABLE rather than _OFF
tags for the options.

Submitted by:	Daniel Engberg
Differential Revision:	https://reviews.freebsd.org/D23190
01 Nov 2019 11:54:44
Original commit files touched by this commit Revision:516218  2.4.8 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8

This upstream release integrated two FreeBSD patches by Kyle Evans and me,
which are herewith dropped from the port.

Upstream release banner
"This is primarily a maintenance release with minor bugfixes and improvements."

High-level changes:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248>

Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8:
-  mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
[Antonio Quartulli]
-  openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev]
-  Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert
Doering]
(Only the first 15 lines of the commit message are shown above View all of this commit message)
07 Sep 2019 08:04:53
Original commit files touched by this commit Revision:511397  2.4.7 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: regression fix, support LibreSSL again.

(I use a different patch than what was submitted by pizzamig@,
and have sent our patch upstream.)

Remove IGNORE_SSL.

While here, remove USE_LDCONFIG to fix a portlint complaint,
and fix a typo in a Makefile comment.

PR:		238382
Reported by:	pizzamig@
06 Sep 2019 18:16:53
Original commit files touched by this commit Revision:511348  2.4.7 This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix a sed regexp from GNUism to POSIX.

Thanks!

Also sent upstream for inclusion today,
https://sourceforge.net/p/openvpn/mailman/message/36757480/ and
https://sourceforge.net/p/openvpn/mailman/message/36757481/

PR:		240306
Submitted by:	kevans@
14 Aug 2019 12:16:13
Original commit files touched by this commit Revision:508909  2.4.7 This port version is marked as vulnerable.
mat search for other commits by this committer
Convert to UCL & cleanup pkg-message (categories s)
14 Aug 2019 03:26:09
Original commit files touched by this commit Revision:508887  2.4.7 This port version is marked as vulnerable.
meta search for other commits by this committer
Implement new virtual category: net-vpn for VPN related ports

based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html

PR:		239395
Submitted by:	myself
Approved by:	portmgr (mat)
Differential Revision:	https://reviews.freebsd.org/D21174
13 Jul 2019 08:31:14
Original commit files touched by this commit Revision:506516  2.4.7 This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN won't compile with LibreSSL, mark IGNORE.

Upstream maintainers are massively pushing back against patches
offered so far with valid and concrete technical reasons and unsuitability
of the LibreSSL version API that will create a maintenance nightmare.
(And LibreSSL abusing the OpenSSL API.)

PR:		238382
Submitted by:	pizzamig
21 Feb 2019 19:30:52
Original commit files touched by this commit Revision:493524  2.4.7 This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn[-mbedtls] update to OpenVPN 2.4.7

Upstream release announcement:
"This is primarily a maintenance release with bugfixes and improvements.
One of the big things is enhanced TLS 1.3 support

Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that."

Move USES up to please portlint.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-247>

Detailed change list:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.7>
05 Nov 2018 09:30:18
Original commit files touched by this commit Revision:484182  2.4.6_3 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Add LICENSE_FILE
- Update WWW

Approved by:	portmgr blanket
14 Sep 2018 12:04:53
Original commit files touched by this commit Revision:479770  2.4.6_3 This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.13.0 and bump dependent ports.
10 Aug 2018 14:23:16
Original commit files touched by this commit Revision:476834  2.4.6_2 This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.12.0 and bump dependent ports.

MFH:		2018Q3
Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
07 Jun 2018 12:16:47
Original commit files touched by this commit Revision:471909  2.4.6_1 This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.9.0 and bump dependent ports.
25 Apr 2018 22:00:04
Original commit files touched by this commit Revision:468307  2.4.6 This port version is marked as vulnerable.
mat search for other commits by this committer
Only sleep in ports if BATCH/PACKAGE_BUILDING are not defined.

Sponsored by:	Absolight
25 Apr 2018 21:09:11
Original commit files touched by this commit Revision:468306  2.4.6 This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to new upstream bugfix release 2.4.6.

While here, warn and sleep for 10 s when building against LibreSSL.

Remove some cruft.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-246>

Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.6>

Reported by:	portscout
23 Apr 2018 19:26:32
Original commit files touched by this commit Revision:468134  2.4.5_1 This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.8.0 and bump dependent ports.

MFH:		2018Q2
Security:	https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
13 Mar 2018 22:50:33
Original commit files touched by this commit Revision:464440  2.4.5 This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix build with LibreSSL 2.4.6

PR:		226568
Reported by:	Ralf van der Enden
Obtained from:	faminebadger <https://community.openvpn.net/openvpn/ticket/1038>
13 Mar 2018 00:10:33
Original commit files touched by this commit Revision:464331  2.4.5 This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to new upstream bugfix release 2.4.5.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245>

Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.5>

While here, add a sanity check that traps inconsistent linkage,
if, for instance, the PKCS#11 helper has been built with a different
OPENSSL library version than OpenVPN.
12 Mar 2018 13:01:53
Original commit files touched by this commit Revision:464247  2.4.4_2 This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.7.1.

PR:		226550
MFH:		2018Q1
10 Mar 2018 18:49:04
Original commit files touched by this commit Revision:464085  2.4.4_1 This port version is marked as vulnerable.
tijl search for other commits by this committer
- Update security/polarssl13 to 1.3.22.
- Update security/mbedtls to 2.7.0 and bump dependent ports.

MFH:		2018Q1
Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
11 Jan 2018 14:18:01
Original commit files touched by this commit Revision:458739  2.4.4 This port version is marked as vulnerable.
danfe search for other commits by this committer
Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).
08 Oct 2017 09:46:27
Original commit files touched by this commit Revision:451515  2.4.4 This port version is marked as vulnerable.
mandree search for other commits by this committer
Add missing conflicts
27 Sep 2017 21:27:15
Original commit files touched by this commit Revision:450792  2.4.4 This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN[-mbedtls] security update to 2.4.4

Upstream maintainers write: "This release includes a large number of small
fixes and enhancements. There is also an important security fix for legacy
setups that may still be using key-method 1. As that option was deprecated
12 years ago we estimate that not many production setups are affected in
practice."

Security information:
<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>

Change Summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-244>

Changes as Git shortlog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.4>

Given the low impact, let's forget about MFHing this three days before
2017Q3 becomes EOL and relieved by 2017Q4.

Reported by:	portscout
Security:	CVE-2017-12166
Security:	3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8
21 Jun 2017 17:22:38
Original commit files touched by this commit Revision:444043  2.4.3 This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN security update to 2.4.3

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In
the process several vulnerabilities were found, some of which are
remotely exploitable in certain circumstances.

Compared to OpenVPN 2.4.2 there are several bugfixes and one major
feature: support for building with OpenSSL 1.1.

MFH:		2017Q3 (preapproved by Xin Li)
Security:	9f65d382-56a4-11e7-83e3-080027ef73ec
Security:	CVE-2017-7508
Security:	CVE-2017-7512
Security:	CVE-2017-7520
Security:	CVE-2017-7521
Security:	CVE-2017-7522
19 May 2017 21:20:19
Original commit files touched by this commit Revision:441273  2.4.2 This port version is marked as vulnerable.
mandree search for other commits by this committer
Switch MASTER_SITES from http to https URI scheme.
11 May 2017 21:19:20
Original commit files touched by this commit Revision:440667  2.4.2 This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN update to 2.4.2 (security fixes)

ChangeLog:
<https://github.com/OpenVPN/openvpn/blob/v2.4.2/Changes.rst#version-242>

Details:
<https://github.com/OpenVPN/openvpn/releases/tag/v2.4.2>

Security Announcement:
<https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits>

Reported by:	Samuli Seppanen
Security:	04cc7bd2-3686-11e7-aa64-080027ef73ec
Security:	CVE-2017-7478
Security:	CVE-2017-7479
MFH:		2017Q2
23 Mar 2017 21:53:58
Original commit files touched by this commit Revision:436782  2.4.1 This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to openvpn release 2.4.1

This contains predominently bugfixes and compatibility with
newer OpenSSL/LibreSSL.

Remove one patch that had been cherry-picked from upstream, no longer
needed.

Summary:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-241
Changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
21 Mar 2017 23:04:59
Original commit files touched by this commit Revision:436663  2.4.0 This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix build with LibreSSL 2.5.1.

PR:		217140
Submitted by:	brnrd@
Obtained from:	Olivier Wahrenberger, via upstream maintainers review
05 Jan 2017 08:38:30
Original commit files touched by this commit Revision:430622  2.4.0 This port version is marked as vulnerable.
mandree search for other commits by this committer
Flag conflict between PKCS11 and MBEDTLS in OPTIONS.
27 Dec 2016 23:16:57
Original commit files touched by this commit Revision:429678  2.4.0 This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN update to v2.4.0, old version in openvpn23*.

OpenVPN has been updated to v2.4.0.
Changes: <https://github.com/OpenVPN/openvpn/blob/v2.4.0/Changes.rst>

openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS
library's change of name.

The prior versions of the openvpn ports have been preserved in openvpn23
and openvpn23-polarssl, respectively, and are set to expire 2017-03-31.
08 Dec 2016 03:01:18
Original commit files touched by this commit Revision:428095  2.3.14 This port version is marked as vulnerable.
mandree search for other commits by this committer
Upgrade to new upstream bugfix release 2.3.14.

Drop files/extra-patch-fix-subnet and corresponding OPTION, since this
is now part of the upstream release.

Changelog:	<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.14>
09 Nov 2016 22:06:26
Original commit files touched by this commit Revision:425811  2.3.13_1 This port version is marked as vulnerable.
mandree search for other commits by this committer
Experimental patch for topology subnet.

Added as an extra patch behind an option that defaults to ON so people
can still opt out, this is slated for an upcoming 2.3.14 release that
is, however, not yet scheduled.

PR:		207831 (related)
Obtained from:	Gert Doering, via upstream Git repository 446ef5bda4cdc75d
04 Nov 2016 08:42:24
Original commit files touched by this commit Revision:425304  2.3.13 This port version is marked as vulnerable.
mandree search for other commits by this committer
Upgrade to upstream bugfix release 2.3.13.

ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13>
27 Aug 2016 12:23:58
Original commit files touched by this commit Revision:420973  2.3.12_1 This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix self-tests in poudriere, make them more robust [1].

The self-tests used to fail in poudriere with dependency cycles in
Makefile that weren't visible earlier. Conditionally change ALL_TARGET
to check (do not use all check, that would require gmake) if the TEST
option is set (default), or set TEST_TARGET if the TEST option is unset.

While I am unable to reproduce 212146 claiming the self-tests fail on an
IPv6-disabled host, and I believe it's a red herring masking a local
configuration issue, doubt sed(1) and add blanks, and be sure to add the
"proto" earlier. The reporter didn't mention his OS version.

No PORTREVISION bump since the default build is unaffected.

PR:		212146 [1]
27 Aug 2016 09:32:30
Original commit files touched by this commit Revision:420966  2.3.12_1 This port version is marked as vulnerable.
mandree search for other commits by this committer
Make self-test the TEST option, support make test. Enabled by default.

NB: This is a critical port with many users, and the test is low on
resources, it takes two minutes idling, waiting for timers to expire.

Replace former ".if ... post-build:" by "post-build-TEST-on: test".
Replace former post-build by "TEST_TARGET=check".

Add a temporary (9 months or so-ish) compatibility wrapper to move
people from the prior port-specific WITHOUT_CHECK to WITHOUT=TEST or
OPTIONS_UNSET=TEST. Uses WARNING+= to make user aware of the change.

While here, shorten the POLARSSL_DESC help message.

Requested by:	brnrd@
Differential Revision:	D7507 (sort-of)
27 Aug 2016 01:17:24
Original commit files touched by this commit Revision:420956  2.3.12_1 This port version is marked as vulnerable.
mandree search for other commits by this committer
Update Tunnelblick XOR patch.

PR:		212136
Submitted by:	Franco Fichtner
25 Aug 2016 12:58:16
Original commit files touched by this commit Revision:420844  2.3.12 This port version is marked as vulnerable.
mat search for other commits by this committer
Fix build with tunnelblick patch.

Sponsored by:	Absolight
24 Aug 2016 22:33:26
Original commit files touched by this commit Revision:420825  2.3.12 This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to new upstream bugfix release 2.3.12, add "stats" to rc script.

* Upstream changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12>
* The cmocka-based unit tests are currently disabled, too much hassle
  and deps to get them running.
* Add patch-configure to drop the unit-test related warnings.
* Extend run control script to understand the "stats" argument, to send
  SIGUSR2 to the process, contributed by Anton Yuzhaninov (with one
  additional line fold).
* Drop patch-629baad8, no longer needed.
* Refresh other patches with make clean extract do-patch makepatch
13 May 2016 16:07:26
Original commit files touched by this commit Revision:415116  2.3.11 This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix PolarSSL-based builds.

The upstream backported a change from the master branch that fixes the
PolarSSL-based builds to go with the PolarSSL 1.3.X built-in defaults.

Add a patch picked from the upstream's release/2.3 branch.
Remove the BROKEN= line and conditional.

No PORTREVISION bump because the patch only affects an option that was
formerly marked BROKEN.

(TRYBROKEN users need to force a rebuild and reinstallation manually.)
12 May 2016 23:38:15
Original commit files touched by this commit Revision:415093  2.3.11 This port version is marked as vulnerable.
mandree search for other commits by this committer
Security upgrade to OpenVPN 2.3.11, breaking POLARSSL option.

Quoting upstream maintainers' release notes:
"This release fixes two vulnerabilities: a port-share bug with DoS
potential and a buffer overflow by user supplied data when using pam
authentication. In addition a number of small fixes and improvements are
included."

WARNING: this upgrade breaks the PolarSSL-based build due to an
oversight in the cipher suite selection hardening, crashing
PolarSSL-based builds with a 0-pointer deferences.
Marking port BROKEN if POLARSSL is set.

Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
05 Apr 2016 02:17:40
Original commit files touched by this commit Revision:412541  2.3.10_2 This port version is marked as vulnerable.
mandree search for other commits by this committer
One more fix for /usr/sbin/service -R.
05 Apr 2016 02:08:04
Original commit files touched by this commit Revision:412540  2.3.10_1 This port version is marked as vulnerable.
mandree search for other commits by this committer
Work around 10.3-RELEASE's service(8) shortcomings

PR:		208534
Reported by:	allan@saddi.com
01 Apr 2016 14:25:18
Original commit files touched by this commit Revision:412349  2.3.10 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight
12 Jan 2016 09:07:45
Original commit files touched by this commit Revision:405841  2.3.10 This port version is marked as vulnerable.
mandree search for other commits by this committer
Add an 'up' script for resolvconf integration, ...

contributed by Bapt@, but not yet touched up.
Needs proper license notice and documentation.
Therefore not yet linked to the build/install.
08 Jan 2016 09:03:49
Original commit files touched by this commit Revision:405536  2.3.10 This port version is marked as vulnerable.
mandree search for other commits by this committer
Upgrade to new upstream release 2.3.10.

Now requires PolarSSL/mbedTLS 1.3.X with X >= 8, PolarSSL 1.2 is EOL.
Match help text to the change.

Make sure the build uses the local unpacked includes before the system
includes, such that portmaster/portupgrade upgrades for PolarSSL work if
2.3.9 or older is pre-installed on the build system.
20 Dec 2015 14:35:13
Original commit files touched by this commit Revision:404054  2.3.9 This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to new upstream release 2.3.9.

Removes the PW_SAVE option, the upstream code always permits saving
passwords to files now (so the feature is always enabled).

ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.9>
20 Nov 2015 18:41:15
Original commit files touched by this commit Revision:402095  2.3.8 This port version is marked as vulnerable.
mandree search for other commits by this committer
Add optional extra patch for Tunnelblick obfuscation.

Adds a --scramble method to the executable but not documentation.
Requires careful review of implications before enabling, and has not
been accepted upstream.  https://tunnelblick.net/cOpenvpn_xorpatch.html

PR:		200215
Submitted by:	Franco Fichtner
24 Oct 2015 11:18:04
Original commit files touched by this commit Revision:400118  2.3.8 This port version is marked as vulnerable.
mandree search for other commits by this committer
Handle OpenSSL/PolarSSL options in the right way,

such that it is maintainable if we add more SSL libs in the future.

To fix fall-out from r399858 and r399982.
22 Oct 2015 14:07:10
Original commit files touched by this commit Revision:399982  2.3.8 This port version is marked as vulnerable.
mat search for other commits by this committer
Fix build without POLARSSL.

Pointy hat to:	mat
Sponsored by:	Absolight
20 Oct 2015 15:03:44
Original commit files touched by this commit Revision:399858  2.3.8 This port version is marked as vulnerable.
mat search for other commits by this committer
Use options helpers.

Sponsored by:	Absolight
05 Aug 2015 19:10:16
Original commit files touched by this commit Revision:393606  2.3.8 This port version is marked as vulnerable.
mandree search for other commits by this committer
Bugfix upgrade to new upstream release 2.3.8.

ChangeLog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.8
02 Aug 2015 15:03:20
Original commit files touched by this commit Revision:393429  2.3.7_1 This port version is marked as vulnerable.
tijl search for other commits by this committer
By default libtool replaces -export-symbols <file> with -retain-symbols-file
<file> on ELF systems, but this doesn't really do what -export-symbols is
meant to do.  On GNU ELF systems it converts <file> to a simple version
script first and then uses -version-script instead of -retain-symbols-file.
Let USES=libtool patch libtool scripts to do this on all systems with GNU
ld(1).

Bump PORTREVISION on all ports where the build log contains -export-symbols.

audio/calf: This port builds a module that now exports only one function,
but it also builds a number of executables that link to this module and
expect to see other functions.  Because it's already a bit dodgy to link to
a module (libtool warns about this) let the module continue to export only
one function and instead build an ordinary library from the same source that
the executables can link to.  Fix a number of other issues in the same
(Only the first 15 lines of the commit message are shown above View all of this commit message)
15 Jul 2015 00:11:00
Original commit files touched by this commit Revision:392112  2.3.7 This port version is marked as vulnerable.
mandree search for other commits by this committer
Add an openvpn-polarssl that selects PolarSSL for its default TLS provider.
10 Jun 2015 19:18:57
Original commit files touched by this commit Revision:389128  2.3.7 This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to new upstream release 2.3.7.

Fixes
PR:		194745
22 May 2015 21:39:38
Original commit files touched by this commit Revision:387083  2.3.6_5 This port version is marked as vulnerable.
mandree search for other commits by this committer
Add experimental patch by Gert Doring to fix PR #194745.
Must be enabled through the options framework ("make config").

PR:		194745
04 May 2015 23:08:03
Original commit files touched by this commit Revision:385432  2.3.6_4 This port version is marked as vulnerable.
mandree search for other commits by this committer
+ Update patch set for crypto engine fix [1].
  Change option name so it is presented anew, default disabled.

+ Add openvpn-client wrapper script and up/down scripts to trigger
  resolvconf, with minor edits. [2]

+ Set proper PLUGIN_LIBDIR so that plugins in the default directory can
  be found with relative paths.

+ Compile shipped plugins with -fPIC.

PR:		195004 [1]
PR:		199529 [2]
Submitted by:	yuri@rawbw.com [2]
Obtained from:	https://community.openvpn.net/openvpn/ticket/480#comment:21
17 Apr 2015 13:37:37
Original commit files touched by this commit Revision:384160  2.3.6_3 This port version is marked as vulnerable.
tijl search for other commits by this committer
Specify library version when depending on libpolarssl and switch ports to
PolarSSL 1.3 when they fail to build with 1.2.
30 Mar 2015 18:37:24
Original commit files touched by this commit Revision:382705  2.3.6_3 This port version is marked as vulnerable.
mandree search for other commits by this committer
Add an experimental patch for bug #195004.
Needs to be enabled through a port option.

PR: 195004
25 Mar 2015 20:06:21
Original commit files touched by this commit Revision:382265  2.3.6_2 This port version is marked as vulnerable.
mandree search for other commits by this committer
Add a X509ALTUSERNAME port option to enable the --x509-username-field
run-time option.

Bump PORTREVISION.

PR:		198896
Submitted by:	bastian+freebsd.org@waldi.eu.org
02 Dec 2014 18:53:39
Original commit files touched by this commit Revision:373780  2.3.6_1 This port version is marked as vulnerable.
delphij search for other commits by this committer
Add CPE data.

Requested by:	des
02 Dec 2014 05:54:07
Original commit files touched by this commit Revision:373752  2.3.6 This port version is marked as vulnerable.
delphij search for other commits by this committer
Security Update to 2.3.6.

Approved by:	so
MFH:		2014Q4
Security:	23ab5c3e-79c3-11e4-8b1e-d050992ecde8
24 Nov 2014 18:26:24
Original commit files touched by this commit Revision:373256  2.3.5_1 This port version is marked as vulnerable.
mandree search for other commits by this committer
Add three patches from Git to unwedge the build after certs expired,
and two other fixes (bumping PORTREVISION):

44294568 Fix assertion error when using --cipher none
e9b07dc9 Fix to --shaper documentation on the man-page
b77c27a1 Modernize sample keys and sample configs

Number of commits found: 189 (showing only 100 on this page)

1 | 2  »