notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.
New feature planned: get notified when the package is available. Now is the time to contribute ideas/suggestions.
non port: security/openvpn/Makefile

Number of commits found: 187 (showing only 100 on this page)

1 | 2  »  

Tuesday, 13 Feb 2024
07:09 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.9 bug-fix release

ChangeLog:	https://github.com/OpenVPN/openvpn/blob/v2.6.9/Changes.rst#overview-of-changes-in-269
MFH:		2024Q1
commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 a84abd0
Tuesday, 30 Jan 2024
17:26 Gleb Popov (arrowd) search for other commits by this committer Author: Helge Oldach
*: Move manpages to share/man

Approved by:	portmgr (blanket)
commit hash: f139e51116d4b6b17d6641d39ad8650309322840 commit hash: f139e51116d4b6b17d6641d39ad8650309322840 commit hash: f139e51116d4b6b17d6641d39ad8650309322840 commit hash: f139e51116d4b6b17d6641d39ad8650309322840 f139e51
Sunday, 31 Dec 2023
00:37 Muhammad Moinur Rahman (bofh) search for other commits by this committer
*/*: Sunset 12.4-RELEASE/12-STABLE from ports tree

- Remove all references to defunct ARCH arm
- Remove all references to defunct ARCH sparc64
- Remove x11-drivers/xf86-video-sunffb which requires defunct sparc64
  ARCH
- Remove sysutils/afbinit requires defunct sparc64 ARCH
- Remove all references to bktr driver
- Remove all references to defunct FreeBSD_12
- Remove all references to OSVERSION/OSREL corresponding to 12
- Remove conditionals in Mk/Uses/cabal.mk
- Remove sparc reference from Mk/Uses/qt-dist.mk
- Remove BROKEN_sparc64/NOT_FOR_ARCH=sparc64
- Remove BROKEN_FreeBSD_12* from:
- Remove OpenSSL patches from:
- Remove conditional flags for OSVERSION >= 1300000 to fixed flags.
  Also move conditional flags for non sparc64/arm ARCH to fixed flags.

Reviewed by:	brooks, jbeich, rene, salvadore
Differential Revision: https://reviews.freebsd.org/D42068
commit hash: bbab7f59e9630416397189df70ec133bdd690e38 commit hash: bbab7f59e9630416397189df70ec133bdd690e38 commit hash: bbab7f59e9630416397189df70ec133bdd690e38 commit hash: bbab7f59e9630416397189df70ec133bdd690e38 bbab7f5
Wednesday, 22 Nov 2023
22:42 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: add missing 2.6.x documentation,

...for instance, README.dco.md but also others.

Update DCO help text to refer to this .md file.

Found while debugging
PR:		275206
MFH:		2023Q4
commit hash: d67975600c84a139dea0cc29490273c79eccb564 commit hash: d67975600c84a139dea0cc29490273c79eccb564 commit hash: d67975600c84a139dea0cc29490273c79eccb564 commit hash: d67975600c84a139dea0cc29490273c79eccb564 d679756
Tuesday, 21 Nov 2023
17:03 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.8 bug-fix release

hopefully fixes...

PR:		275206
Changelog:	https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst#overview-of-changes-in-268
MFH:		2023Q4
commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c f6ef067
Wednesday, 15 Nov 2023
21:21 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: fix regressions and some documentation bits

Add two patches cherry-picked from upstream Git repository:

OpenVPN 2.6.7 regressed and experienced crashes in some situations,
https://github.com/OpenVPN/openvpn/issues/449
Reported by:	Vladimir Druzenko (vvd@)
Reported by:	Patrick Cable (upstream)
Obtained
from:	https://github.com/openvpn/openvpn/commit/b90ec6dabfb151dd93ef00081bbc3f55e7d3450f

Also, some typos in the documentation are fixed,
Obtained
from:	https://github.com/OpenVPN/openvpn/commit/457f468a76f324a14b1236988cc5f5a95f14abf5

Bump PORTREVISION.
PR:		275055
MFH:		2023Q4
commit hash: 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89 commit hash: 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89 commit hash: 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89 commit hash: 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89 8d2e9d9
Monday, 13 Nov 2023
23:05 Matthias Andree (mandree) search for other commits by this committer Author: Brad Davis
security/openvpn: security update to 2.6.7

PR:		275055
Changelog:	https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267
Security:	CVE-2023-46849
Security:	CVE-2023-46850
MFH:		2023Q4
commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac 03b2c67
Tuesday, 15 Aug 2023
20:28 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update → 2.6.6

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-266
commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f 128360b
Friday, 16 Jun 2023
19:15 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.6.5

ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-265
commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 e4bef35
Tuesday, 16 May 2023
18:54 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.4

https://github.com/OpenVPN/openvpn/blob/v2.6.4/Changes.rst#overview-of-changes-in-264

MFH:		2023Q2
commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 0512092
Saturday, 15 Apr 2023
08:05 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to v2.6.3

I separately verified the OpenVPN signature and ran more tests,
which the PR did not announce if it did.

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-263
PR:		270831
MFH:		2023Q2
commit hash: 9152aca61800588efe5ebd43398f23704e325028 commit hash: 9152aca61800588efe5ebd43398f23704e325028 commit hash: 9152aca61800588efe5ebd43398f23704e325028 commit hash: 9152aca61800588efe5ebd43398f23704e325028 9152aca
Tuesday, 28 Mar 2023
14:19 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to new upstream release 2.6.2

Changes:
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-262

Note that --inactive does not yet work on FreeBSD.
commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 ff146af
Sunday, 12 Mar 2023
14:03 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: remove leftover comment
commit hash: 17fb7fd94ef213cabb4793b621d1a7cb3cfeef2f commit hash: 17fb7fd94ef213cabb4793b621d1a7cb3cfeef2f commit hash: 17fb7fd94ef213cabb4793b621d1a7cb3cfeef2f commit hash: 17fb7fd94ef213cabb4793b621d1a7cb3cfeef2f 17fb7fd
Wednesday, 8 Mar 2023
20:52 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: remove header file that now ships with 2.6.1 tarball

Since this is identical to what's in the tarball, no PORTREVISION
bump is required.
commit hash: 50d615894fb6551a1265c9dec9e5e407c4ea8ce0 commit hash: 50d615894fb6551a1265c9dec9e5e407c4ea8ce0 commit hash: 50d615894fb6551a1265c9dec9e5e407c4ea8ce0 commit hash: 50d615894fb6551a1265c9dec9e5e407c4ea8ce0 50d6158
20:45 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.6.1

Changelog: https://github.com/OpenVPN/openvpn/blob/v2.6.1/Changes.rst
commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 bc733df
Saturday, 4 Mar 2023
10:41 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: default-enable DCO

(on FreeBSD but not 12 and 13, because the relevant if_ovpn module
is to appear in FreeBSD 14.)

Reported by:	Kristof Provost (kp@)
commit hash: 118eb978b4e00bf5a2c82ba64492c5561f66739f commit hash: 118eb978b4e00bf5a2c82ba64492c5561f66739f commit hash: 118eb978b4e00bf5a2c82ba64492c5561f66739f commit hash: 118eb978b4e00bf5a2c82ba64492c5561f66739f 118eb97
Friday, 27 Jan 2023
21:32 Matthias Andree (mandree) search for other commits by this committer
security/openvpn*: update to 2.6.0, keep openvpn25

- copy openvpn to openvpn25, mark as deprecated and to expire March 31

- update openvpn to openvpn 2.6.0, highlights from Frank Lichtenheld's
  release announcement e-mail, slightly edited:

 * Data Channel Offload (DCO) kernel acceleration support for Windows,
   Linux, and FreeBSD [14].
 * OpenSSL 3 support
 * Improved handling of tunnel MTU, including support for pushable MTU.
 * Outdated cryptographic algorithms disabled by default, but there are
   options to override if necessary.
 * Reworked TLS handshake, making OpenVPN immune to replay-packet state
   exhaustion attacks.
 * Added --peer-fingerprint mode for a more simplistic certificate setup
   and verification.
 * Improved protocol negotiation, leading to faster connection setup.

ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst
commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 6853ab1
Friday, 28 Oct 2022
18:24 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.5.8

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-258
commit hash: ae33c30fb0de4184a0987616465273db11eabe5e commit hash: ae33c30fb0de4184a0987616465273db11eabe5e commit hash: ae33c30fb0de4184a0987616465273db11eabe5e commit hash: ae33c30fb0de4184a0987616465273db11eabe5e ae33c30
Tuesday, 4 Oct 2022
06:20 Matthias Andree (mandree) search for other commits by this committer Author: VVD
security/openvpn: fix up ${name}_flags option

was broken in previous commit; bumping PORTREVISION again

PR:		266796
commit hash: ae6cc1b955c9ece4d45071ce6a80d6a8ff01c524 commit hash: ae6cc1b955c9ece4d45071ce6a80d6a8ff01c524 commit hash: ae6cc1b955c9ece4d45071ce6a80d6a8ff01c524 commit hash: ae6cc1b955c9ece4d45071ce6a80d6a8ff01c524 ae6cc1b
Monday, 3 Oct 2022
20:15 Matthias Andree (mandree) search for other commits by this committer Author: 0x1eef
security/openvpn: support ${name}_FLAGS

and bump PORTREVISION.

PR:		266796
commit hash: 29d16aeb4442994cf93d26084e4b79ff55d3feba commit hash: 29d16aeb4442994cf93d26084e4b79ff55d3feba commit hash: 29d16aeb4442994cf93d26084e4b79ff55d3feba commit hash: 29d16aeb4442994cf93d26084e4b79ff55d3feba 29d16ae
Wednesday, 7 Sep 2022
21:10 Stefan Eßer (se) search for other commits by this committer
Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.

There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.

The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.

Approved by:		portmgr (tcberner)
commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 b7f0544
Wednesday, 20 Jul 2022
14:22 Tobias C. Berner (tcberner) search for other commits by this committer
security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Kapranoff <kappa@rambler-co.ru>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexander Botero-Lowry <alex@foxybanana.com>
  *  Alexander Kriventsov <avk@vl.ru>
  *  Alexander Leidinger <netchild@FreeBSD.org>
  *  Alexander Logvinov <ports@logvinov.com>
  *  Alexander Y. Grigoryev <alexander.4mail@gmail.com>
  *  Alexey Dokuchaev <danfe@FreeBSD.org>
  *  Alfred Perlstein
  *  Alfred Perlstein <alfred@FreeBSD.org>
  *  Anders Nordby <anders@FreeBSD.org>
  *  Anders Nordby <anders@fix.no>
  *  Andreas Klemm <andreas@klemm.gtn.com>
  *  Andrew Lewis <freeghb@gmail.com>
  *  Andrew Pantyukhin <infofarmer@FreeBSD.org>
  *  Andrew St. Jean <andrew@arda.homeunix.net>
  *  Anes Mukhametov <anes@anes.su>
  *  Antoine Brodin <antoine@FreeBSD.org>
  *  Anton Berezin <tobez@FreeBSD.org>
  *  Antonio Carlos Venancio Junior (<antonio@inf.ufsc.br>)
  *  Antonio Carlos Venancio Junior <antonio@inf.ufsc.br>
  *  Ashish SHUKLA <ashish@FreeBSD.org>
  *  Attila Nagy <bra@fsn.hu>
  *  Autrijus Tang <autrijus@autrijus.org>
  *  Axel Rau <axel.rau@chaos1.de>
  *  Babak Farrokhi <farrokhi@FreeBSD.org>
  *  Ben Woods <woodsb02@FreeBSD.org>
  *  Bernard Spil <brnrd@FreeBSD.org>
  *  Bernard Spil <brnrd@freebsd.org>
  *  Blaz Zupan <blaz@si.FreeBSD.org>
  *  Bob Hockney <zeus@ix.netcom.com>
  *  Boris Kochergin <spawk@acm.poly.edu>
  *  Brendan Molloy <brendan+freebsd@bbqsrc.net>
  *  Bruce M Simpson
  *  Bruce M Simpson <bms@FreeBSD.org>
  *  Bruce M. Simpson <bms@FreeBSD.org>
  *  Carlo Strub
  *  Carlo Strub <cs@FreeBSD.org>
  *  Carlos J Puga Medina <cpm@FreeBSD.org>
  *  Carlos J Puga Medina <cpm@fbsd.es>
  *  Charlie Root <se@FreeBSD.org>
  *  Cheng-Lung Sung <clsung@FreeBSD.org>
  *  Cheng-Lung Sung <clsung@dragon2.net>
  *  Chie Taguchi <taguchi.ch@gmail.com>
  *  Chris Cowart <ccowart@rescomp.berkeley.edu>
  *  Chris D. Faulhaber <jedgar@FreeBSD.org>
  *  Christer Edwards <christer.edwards@gmail.com>
  *  Christian Lackas
  *  Christopher Hall <hsw@bitmark.com>
  *  Clement Laforet <sheepkiller@cultdeadsheep.org>
  *  Clive Lin <clive@CirX.ORG>
  *  Colin Percival
  *  Cory McIntire (loon@noncensored.com)
  *  Craig Leres <leres@FreeBSD.org>
  *  Cristiano Deana <cris@gufi.org>
  *  Cy Schubert (Cy.Schubert@uumail.gov.bc.ca)
  *  Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
  *  Cy Schubert <cy@FreeBSD.org>
  *  Damian Gerow <dgerow@afflictions.org>
  *  Damien Bobillot
  *  Dan Langille
  *  Dan Langille <dan@freebsddiary.org>
  *  Dan Langille <dvl@FreeBSD.org>
  *  Dan Langille <dvl@freebsd.org>
  *  Dan Langille <dvl@sourcefire.com>
  *  Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  *  Daniel Roethlisberger <daniel@roe.ch>
  *  Danilo Egea Gondolfo <danilo@FreeBSD.org>
  *  Danton Dorati <urisso@bsd.com.br>
  *  Dave McKay <dave@mu.org>
  *  David E. Thiel <lx@FreeBSD.org>
  *  David O'Brien (obrien@NUXI.com)
  *  David O'Brien <obrien@FreeBSD.org>
  *  David Thiel <lx@redundancy.redundancy.org>
  *  Dean Hollister <dean@odyssey.apana.org.au>
  *  Denis Shaposhnikov <dsh@vlink.ru>
  *  Dereckson <dereckson@gmail.com>
  *  Dirk Froemberg <dirk@FreeBSD.org>
  *  Ditesh Shashikant Gathani <ditesh@gathani.org>
  *  Dom Mitchell <dom@happygiraffe.net>
  *  Dominic Marks <dominic.marks@btinternet.com>
  *  Don Croyle <croyle@gelemna.org>
  *  Douglas Thrift <douglas@douglasthrift.net>
  *  Edson Brandi <ebrandi@fugspbr.org>
  *  Edwin Groothuis <edwin@mavetju.org>
  *  Ekkehard 'Ekki' Gehm <gehm@physik.tu-berlin.de>
  *  Emanuel Haupt <ehaupt@FreeBSD.org>
  *  Emanuel Haupt <ehaupt@critical.ch>
  *  Eric Crist <ecrist@secure-computing.net>
  *  Erwin Lansing <erwin@FreeBSD.org>
  *  Eugene Grosbein <eugen@FreeBSD.org>
  *  Fabian Keil <fk@fabiankeil.de>
  *  Felix Palmen <felix@palmen-it.de>
  *  Florent Thoumie <flz@xbsd.org>
  *  Foxfair Hu <foxfair@FreeBSD.org>
  *  Frank Laszlo <laszlof@vonostingroup.com>
  *  Frank Wall <fw@moov.de>
  *  Franz Bettag <franz@bett.ag>
  *  Gabor Kovesdan
  *  Gabor Kovesdan <gabor@FreeBSD.org>
  *  Gabriel M. Dutra <0xdutra@gmail.com>
  *  Gary Hayers <Gary@Hayers.net>
  *  Gasol Wu <gasol.wu@gmail.com>
  *  Gea-Suan Lin <gslin@gslin.org>
  *  George Reid <greid@ukug.uk.freebsd.org>
  *  George Reid <services@nevernet.net>
  *  Greg Larkin <glarkin@FreeBSD.org>
  *  Greg V <greg@unrelenting.technology>
  *  Gregory Neil Shapiro <gshapiro@FreeBSD.org>
  *  Grzegorz Blach <gblach@FreeBSD.org>
  *  Guangyuan Yang <ygy@FreeBSD.org>
  *  Hakisho Nukama <nukama@gmail.com>
  *  Hammurabi Mendes <hmendes@brturbo.com>
  *  Henk van Oers <hvo.pm@xs4all.nl>
  *  Horia Racoviceanu <horia@racoviceanu.com>
  *  Hung-Yi Chen <gaod@hychen.org>
  *  Jaap Akkerhuis <jaap@NLnetLabs.nl>
  *  Jaap Boender <jaapb@kerguelen.org>
  *  Jacek Serwatynski <tutus@trynet.eu.org>
  *  James FitzGibbon <jfitz@FreeBSD.org>
  *  James Thomason <james@divide.org>
  *  Jan-Peter Koopmann <Jan-Peter.Koopmann@seceidos.de>
  *  Janky Jay <ek@purplehat.org>
  *  Janos Mohacsi
  *  Janos Mohacsi <janos.mohacsi@bsd.hu>
  *  Jean-Yves Lefort <jylefort@brutele.be>
  *  Jim Geovedi <jim@corebsd.or.id>
  *  Jim Ohlstein <jim@ohlste.in>
  *  Joe Clarke <marcus@marcuscom.com>
  *  Joe Marcus Clarke <marcus@FreeBSD.org>
  *  Johann Visagie <johann@egenetics.com>
  *  Johann Visagie <wjv@FreeBSD.org>
  *  John Ferrell <jdferrell3@yahoo.com>
  *  John Hixson <jhixson@gmail.com>
  *  John Polstra <jdp@polstra.com>
  *  John W. O'Brien <john@saltant.com>
  *  John-Mark Gurney <jmg@FreeBSD.org>
  *  Jose Alonso Cardenas Marquez <acardenas@bsd.org.pe>
  *  Joseph Benden <joe@thrallingpenguin.com>
  *  Joshua D. Abraham <jabra@ccs.neu.edu>
  *  Jov <amutu@amutu.com>
  *  Jui-Nan Lin <jnlin@freebsd.cs.nctu.edu.tw>
  *  Ka Ho Ng <khng300@gmail.com>
  *  Kay Lehmann <kay_lehmann@web.de>
  *  Keith J. Jones <kjones@antihackertoolkit.com>
  *  Kevin Zheng <kevinz5000@gmail.com>
  *  Kimura Fuyuki <fuyuki@hadaly.org>
  *  Kimura Fuyuki <fuyuki@mj.0038.net>
  *  Klayton Monroe <klm@uidzero.org>
  *  Konstantin Menshikov <kostjnspb@yandex.ru>
  *  Koop Mast <kwm@FreeBSD.org>
  *  Kris Kennaway <kris@FreeBSD.org>
  *  Kubilay Kocak <koobs@FreeBSD.org>
  *  Kurt Jaeger <fbsd-ports@opsec.eu>
  *  LEVAI Daniel <leva@ecentrum.hu>
  *  Lars Engels <lme@FreeBSD.org>
  *  Lars Thegler <lth@FreeBSD.org>
  *  Laurent LEVIER <llevier@argosnet.com>
  *  Luiz Eduardo R. Cordeiro
  *  Lukas Slebodnik <lukas.slebodnik@intrak.sk>
  *  Lukasz Komsta
  *  Mageirias Anastasios <anastmag@gmail.com>
  *  Marcel Prisi <marcel.prisi@virtua.ch>
  *  Marcello Coutinho
  *  Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org>
  *  Mark Felder <feld@FreeBSD.org>
  *  Mark Hannon <markhannon@optusnet.com.au>
  *  Mark Murray <markm@FreeBSD.org>
  *  Mark Pulford <mark@kyne.com.au>
  *  Marko Njezic <sf@maxempire.com>
  *  Martin Matuska <martin@tradex.sk>
  *  Martin Matuska <mm@FreeBSD.org>
  *  Martin Mersberger
  *  Martin Wilke <miwi@FreeBSD.org>
  *  Martti Kuparinen <martti.kuparinen@ericsson.com>
  *  Mateusz Piotrowski <0mp@FreeBSD.org>
  *  Matt <matt@xtaz.net>
  *  Matt Behrens <matt@zigg.com>
  *  Matthias Andree <mandree@FreeBSD.org>
  *  Matthias Fechner <mfechner@FreeBSD.org>
  *  Matthieu BOUTHORS <matthieu@labs.fr>
  *  Maxim Sobolev <sobomax@FreeBSD.org>
  *  Meno Abels <meno.abels@adviser.com>
  *  Michael Haro <mharo@FreeBSD.org>
  *  Michael Johnson <ahze@FreeBSD.org>
  *  Michael Nottebrock <lofi@FreeBSD.org>
  *  Michael Reifenberger <mr@FreeBSD.org>
  *  Michael Schout <mschout@gkg.net>
  *  Michal Bielicki <m.bielicki@llizardfs.com>
  *  Michiel van Baak <michiel@vanbaak.eu
  *  Mij <mij@bitchx.it>
  *  Mike Heffner <mheffner@vt.edu>
  *  Mikhail T. <m.tsatsenko@gmail.com>
  *  Mikhail Teterin <mi@aldan.algebra.com>
  *  Milan Obuch
  *  Mosconi <mosconi.rmg@gmail.com>
  *  Muhammad Moinur Rahman <5u623l20@gmail.com>
  *  Mustafa Arif <ma499@doc.ic.ac.uk>
  *  Neil Booth
  *  Neil Booth <kyuupichan@gmail.com>
  *  Nick Barkas <snb@threerings.net>
  *  Nicola Vitale <nivit@FreeBSD.org>
  *  Niels Heinen
  *  Nikola Kolev <koue@chaosophia.net>
  *  Nobutaka Mantani <nobutaka@FreeBSD.org>
  *  Oliver Lehmann
  *  Oliver Lehmann <oliver@FreeBSD.org>
  *  Olivier Duchateau
  *  Olivier Duchateau <duchateau.olivier@gmail.com>
  *  Olli Hauer
  *  Patrick Li <pat@databits.net>
  *  Paul Chvostek <paul@it.ca>
  *  Paul Schmehl <pauls@utdallas.edu>
  *  Pavel I Volkov <pavelivolkov@googlemail.com>
  *  Pete Fritchman <petef@databits.net>
  *  Peter Ankerstal <peter@pean.org>
  *  Peter Haight <peterh@sapros.com>
  *  Peter Johnson <johnson.peter@gmail.com>
  *  Peter Pentchev <roam@FreeBSD.org>
  *  Petr Rehor <rx@rx.cz>
  *  Philippe Audeoud <jadawin@tuxaco.net>
  *  Philippe Rocques <phil@teaser.fr>
  *  Piotr Kubaj <pkubaj@FreeBSD.org>
  *  Piotr Kubaj <pkubaj@anongoth.pl>
  *  Po-Chuan Hsieh <sunpoet@FreeBSD.org>
  *  RaRa Rasputin <rasputin@submonkey.net>
  *  Radim Kolar
  *  Ralf Meister
  *  Remington Lang <MrL0Lz@gmail.com>
  *  Renaud Chaput <renchap@cocoa-x.com>
  *  Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl>
  *  Roland van Laar <roland@micite.net>
  *  Romain Tartiere <romain@blogreen.org>
  *  Roman Bogorodskiy
  *  Roman Bogorodskiy <novel@FreeBSD.org>
  *  Roman Shterenzon <roman@xpert.com>
  *  Rong-En Fan <rafan@FreeBSD.org>
  *  Ryan Steinmetz <zi@FreeBSD.org>
  *  Sahil Tandon <sahil@tandon.net>
  *  Sascha Holzleiter <sascha@root-login.org>
  *  SeaD
  *  Seamus Venasse <svenasse@polaris.ca>
  *  Sean Greven <sean.greven@gmail.com>
  *  Sebastian Schuetz <sschuetz@fhm.edu>
  *  Sergei Kolobov <sergei@FreeBSD.org>
  *  Sergei Kolobov <sergei@kolobov.com>
  *  Sergei Vyshenski
  *  Sergei Vyshenski <svysh.fbsd@gmail.com>
  *  Sergey Skvortsov <skv@protey.ru>
  *  Seth Kingsley <sethk@meowfishies.com>
  *  Shaun Amott <shaun@inerd.com>
  *  Simeon Simeonov <sgs@pichove.org>
  *  Simon Dick <simond@irrelevant.org>
  *  Sofian Brabez <sbrabez@gmail.com>
  *  Stanislav Sedov <ssedov@mbsd.msk.ru>
  *  Stefan Esser <se@FreeBSD.org>
  *  Stefan Grundmann
  *  Stefan Walter <sw@gegenunendlich.de>
  *  Stephon Chen <stephon@gmail.com>
  *  Steve Wills <steve@mouf.net>
  *  Steve Wills <swills@FreeBSD.org>
  *  Steven Kreuzer
  *  Steven Kreuzer <skreuzer@exit2shell.com>
  *  Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
  *  TAKAHASHI Kaoru <kaoru@kaisei.org>
  *  TAKATSU Tomonari <tota@FreeBSD.org>
  *  Tatsuki Makino <tatsuki_makino@hotmail.com>
  *  Thibault Payet <monwarez@mailoo.org>
  *  Thierry Thomas (<thierry@pompo.net>)
  *  Thierry Thomas <thierry@pompo.net>
  *  Thomas Hurst <tom@hur.st>
  *  Thomas Quinot <thomas@cuivre.fr.eu.org>
  *  Thomas Zander <riggs@FreeBSD.org>
  *  Thomas von Dein <freebsd@daemon.de>
  *  Tilman Linneweh <arved@FreeBSD.org>
  *  Tim Bishop <tim@bishnet.net>
  *  Tom Judge <tom@tomjudge.com>
  *  Tomoyuki Sakurai <cherry@trombik.org>
  *  Toni Viemerö <toni.viemero@iki.fi>
  *  Tony Maher
  *  Torsten Zuhlsdorff <ports@toco-domains.de>
  *  Travis Campbell <hcoyote@ghostar.org>
  *  Tsung-Han Yeh <snowfly@yuntech.edu.tw>
  *  Ulf Lilleengen
  *  Vaida Bogdan <vaida.bogdan@gmail.com>
  *  Valentin Zahariev <curly@e-card.bg>
  *  Valerio Daelli <valerio.daelli@gmail.com>
  *  Veniamin Gvozdikov <vg@FreeBSD.org>
  *  Victor Popov
  *  Victor Popov <v.a.popov@gmail.com>
  *  Vsevolod Stakhov
  *  Vsevolod Stakhov <vsevolod@FreeBSD.org>
  *  Wen Heping <wen@FreeBSD.org>
  *  Wen Heping <wenheping@gmail.com>
  *  Yarodin <yarodin@gmail.com>
  *  Yen-Ming Lee <leeym@FreeBSD.org>
  *  Yen-Ming Lee <leeym@cae.ce.ntu.edu.tw>
  *  Yen-Ming Lee <leeym@leeym.com>
  *  Ying-Chieh Liao <ijliao@FreeBSD.org>
  *  Yonatan <Yonatan@Xpert.com>
  *  Yonatan <onatan@gmail.com>
  *  Yoshisato YANAGISAWA
  *  Yuri Victorovich
  *  Yuri Victorovich <yuri@rawbw.com>
  *  Zach Thompson <hideo@lastamericanempire.com>
  *  Zane C. Bowers <vvelox@vvelox.net>
  *  Zeus Panchenko <zeus@gnu.org.ua>
  *  ache
  *  adamw
  *  ajk@iu.edu
  *  alex@FreeBSD.org
  *  allan@saddi.com
  *  alm
  *  andrej@ebert.su
  *  andrew@scoop.co.nz
  *  andy@fud.org.nz
  *  antoine@FreeBSD.org
  *  arved
  *  barner
  *  brix@FreeBSD.org
  *  buganini@gmail.com
  *  chinsan
  *  chris@still.whet.org
  *  clement
  *  clsung
  *  crow
  *  cy@FreeBSD.org
  *  dominik karczmarski <dominik@karczmarski.com>
  *  dwcjr@inethouston.net
  *  eivind
  *  erich@rrnet.com
  *  erwin@FreeBSD.org
  *  girgen@FreeBSD.org
  *  glen.j.barber@gmail.com
  *  hbo@egbok.com
  *  ijliao
  *  jesper
  *  jfitz
  *  johans
  *  joris
  *  kftseng@iyard.org
  *  kris@FreeBSD.org
  *  lx
  *  markm
  *  mharo@FreeBSD.org
  *  michaelnottebrock@gmx.net
  *  mnag@FreeBSD.org
  *  mp39590@gmail.com
  *  nbm
  *  nectar@FreeBSD.org
  *  nork@FreeBSD.org
  *  nork@cityfujisawa.ne.jp
  *  nsayer@FreeBSD.org
  *  nsayer@quack.kfu.com
  *  ntarmos@cs.uoi.gr
  *  oly
  *  onatan@gmail.com
  *  pandzilla
  *  patrick@mindstep.com
  *  pauls
  *  perl@FreeBSD.org
  *  petef@FreeBSD.org
  *  peter.thoenen@yahoo.com
  *  ports@c0decafe.net
  *  ports@rbt.ca
  *  roam@FreeBSD.org
  *  rokaz
  *  sada@FreeBSD.org
  *  scrappy
  *  se
  *  shane@freebsdhackers.net aka modsix@gmail.com
  *  snb@threerings.net
  *  sumikawa
  *  sviat
  *  teramoto@comm.eng.osaka-u.ac.jp
  *  thierry@pompo.net
  *  tobez@FreeBSD.org
  *  torstenb@FreeBSD.org
  *  trasz <trasz@pin.if.uz.zgora.pl>
  *  trevor
  *  truckman
  *  vanhu
  *  vanilla@
  *  wen@FreeBSD.org
  *  will

With hat:	portmgr
commit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fe commit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fe commit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fe commit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fe 857c05f
Tuesday, 31 May 2022
16:42 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: Bump PORTREVISION to be newer than on quarterly.

This is to make sure that with 2022Q3 branching off of this
version, the package will look newer and flush out the old
package, with MBEDTLS and TUNNELBLICK options now removed.
commit hash: 1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02a commit hash: 1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02a commit hash: 1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02a commit hash: 1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02a 1dc25fd
16:33 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.5.7

FreeBSD-related changes from Changes.rst:

- Limited OpenSSL 3.0 support
    OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies
    on the compatiblity layer and full OpenSSL 3.0 support is coming with
    OpenVPN 2.6. Only features that impact usage directly have been
    backported:

    ``--tls-cert-profile insecure``  has been added to allow selecting the
    lowest  OpenSSL security level (not recommended, use only if you must).

    OpenSSL 3.0 no longer supports the Blowfish (and other deprecated)
    algorithm by default and the new option ``--providers`` allows loading
    the legacy provider to renable these algorithms.  Most notably,
    reading of many PKCS#12 files encrypted with the RC2 algorithm fails
    unless ``--providers legacy default`` is configured.

    The OpenSSL engine feature ``--engine`` is not enabled by default
    anymore if OpenSSL 3.0 is detected.

- print OpenSSL error stack if decoding PKCS12 file fails

- fix PATH_MAX build failure in auth-pam.c

- fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface

detailed changes: https://github.com/OpenVPN/openvpn/releases/tag/v2.5.7
commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d 9acfd1b
Sunday, 3 Apr 2022
11:18 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bump PORTREVISION

...forgotten in previous commit.
commit hash: 641a5f758779426305916b4666674795bc8822a4 commit hash: 641a5f758779426305916b4666674795bc8822a4 commit hash: 641a5f758779426305916b4666674795bc8822a4 commit hash: 641a5f758779426305916b4666674795bc8822a4 641a5f7
11:15 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: remove MBEDTLS and TUNNELBLICK options.
commit hash: 69cd4e114c005a94137adade08306e574fb20382 commit hash: 69cd4e114c005a94137adade08306e574fb20382 commit hash: 69cd4e114c005a94137adade08306e574fb20382 commit hash: 69cd4e114c005a94137adade08306e574fb20382 69cd4e1
Thursday, 17 Mar 2022
22:27 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: security update to 2.5.6

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256

Somewhat related to and obsoletes:
PR:		262626
Security:	45a72180-a640-11ec-a08b-85298243e224
Security:	CVE-2022-0547
Security:	https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
MFH:		2022Q1
commit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae commit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae commit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae commit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae 2e15024
Friday, 28 Jan 2022
12:14 Tijl Coosemans (tijl) search for other commits by this committer
security/mbedtls: Update to 2.28.0 and fix make test

Also bump dependent ports for library version change.

PR:		255084
commit hash: b93e64d3c3240d1e4a8fc510b14aa2175e5be012 commit hash: b93e64d3c3240d1e4a8fc510b14aa2175e5be012 commit hash: b93e64d3c3240d1e4a8fc510b14aa2175e5be012 commit hash: b93e64d3c3240d1e4a8fc510b14aa2175e5be012 b93e64d
Wednesday, 15 Dec 2021
17:31 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.5.5

Bugfixes (FreeBSD-specific):
* improve "make check" to notice if "openvpn --show-cipher" crashes
* improve argv unit tests
* ensure unit tests work with mbedTLS builds without BF-CBC ciphers
* include "--push-remove" in the output of "openvpn --help"
* fix "resolvconf -p" invocation in example "up" script
* fix "common_name" environment for script calls when
  "--username-as-common-name" is in effect (Trac #1434)

Documentation:
* move "push-peer-info" documentation from "server options" to "client"
  (where it belongs)
* correct "foreign_option_{n}" typo in manpage
* update IRC information in CONTRIBUTING.rst (libera.chat)
* README.down-root: fix plugin module name
commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 6a5dfca
Sunday, 12 Dec 2021
11:00 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: Default-enable PKCS#11 option

Bump PORTREVISION.

PR:		260352
Reported by:	Marcin Wojtas
commit hash: f77789f296dd797bf008a895ed71abcc603c0374 commit hash: f77789f296dd797bf008a895ed71abcc603c0374 commit hash: f77789f296dd797bf008a895ed71abcc603c0374 commit hash: f77789f296dd797bf008a895ed71abcc603c0374 f77789f
11:00 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: sort OPTIONS_{DEFAULT|DEFINE}
commit hash: 42d73509241dbede9fb29d56683188fa4a1b2872 commit hash: 42d73509241dbede9fb29d56683188fa4a1b2872 commit hash: 42d73509241dbede9fb29d56683188fa4a1b2872 commit hash: 42d73509241dbede9fb29d56683188fa4a1b2872 42d7350
11:00 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: deprecate tunnelblick

While here, shorten LZO_DESC to fit 80x24 dialogs.
commit hash: bedfd042b988444cb311f477d5cf1e4457ead29f commit hash: bedfd042b988444cb311f477d5cf1e4457ead29f commit hash: bedfd042b988444cb311f477d5cf1e4457ead29f commit hash: bedfd042b988444cb311f477d5cf1e4457ead29f bedfd04
Saturday, 11 Dec 2021
23:16 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: re-enable mbedTLS build

...now that mbedTLS metadata was fixed to show the actual situation
for mbedTLS 2.x.y, that it's either Apache License 2.0, or
GNU General Public License 2.0 or any later version.

While here, also mark the main port with mbedTLS option enabled to
record it's going to lose the mbedTLS option end of March 2022.
commit hash: d02b0675d0630a9ac66617becd9f9cfbbca9c524 commit hash: d02b0675d0630a9ac66617becd9f9cfbbca9c524 commit hash: d02b0675d0630a9ac66617becd9f9cfbbca9c524 commit hash: d02b0675d0630a9ac66617becd9f9cfbbca9c524 d02b067
12:42 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: license incompat mbedTLS, LZO+LibreSSL

After reviewing licenses again,
- mark mbedTLS broken for now, since it uses the Apache License 2.0,
  which is incompatible with the GPLv2 (OpenVPN does not employ the
  "or any later version" escape hatch). This will be handed to the
  OpenVPN-devel mailing list for review.

- block out the combination of LZO with LibreSSL, since OpenVPN
  only has a linking exception for OpenSSL itself. Remedy is
  to either forgo LibreSSL, or to disable the LZO option, which
  requires proper configuration on either end. The maintainer's
  recommendation is to compile with OpenSSL instead.

Bump PORTREVISION in spite of unchanged contents to flush out old
packages.

MFH:		2021Q4
commit hash: 5cc978dcfe58a52b9a163e080d855b022ac22545 commit hash: 5cc978dcfe58a52b9a163e080d855b022ac22545 commit hash: 5cc978dcfe58a52b9a163e080d855b022ac22545 commit hash: 5cc978dcfe58a52b9a163e080d855b022ac22545 5cc978d
Saturday, 4 Dec 2021
18:38 Matthias Andree (mandree) search for other commits by this committer
security/openvpn-mbedtls: sunset port.

mbedTLS is obsolete through its lack of TLS v1.3 support
OpenVPN-mbedtls does not work on 14-CURRENT.
=> remove this port and the MBEDTLS option end 2022Q1.
commit hash: b66f0654e7db4c15e0973c3c9064331019f2712d commit hash: b66f0654e7db4c15e0973c3c9064331019f2712d commit hash: b66f0654e7db4c15e0973c3c9064331019f2712d commit hash: b66f0654e7db4c15e0973c3c9064331019f2712d b66f065
Tuesday, 23 Nov 2021
22:11 Stefan Eßer (se) search for other commits by this committer
*/*: Remove redundant '-[0-9]*' from CONFLICTS_INSTALL

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)
commit hash: 5933ac0b099d61d98eb531d373cf57a8927bc7af commit hash: 5933ac0b099d61d98eb531d373cf57a8927bc7af commit hash: 5933ac0b099d61d98eb531d373cf57a8927bc7af commit hash: 5933ac0b099d61d98eb531d373cf57a8927bc7af 5933ac0
Monday, 1 Nov 2021
12:16 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: rearrange Makefile

to portclippy-reported standard ordering
commit hash: 89d9e9320aff2d4c61be4c7dfa1b6829717bd034 commit hash: 89d9e9320aff2d4c61be4c7dfa1b6829717bd034 commit hash: 89d9e9320aff2d4c61be4c7dfa1b6829717bd034 commit hash: 89d9e9320aff2d4c61be4c7dfa1b6829717bd034 89d9e93
12:04 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: create and use dedicated openvpn user

PR:		259384
commit hash: bb6ec079c50dc6f45700dd5897b35f66a19ee51c commit hash: bb6ec079c50dc6f45700dd5897b35f66a19ee51c commit hash: bb6ec079c50dc6f45700dd5897b35f66a19ee51c commit hash: bb6ec079c50dc6f45700dd5897b35f66a19ee51c bb6ec07
Tuesday, 5 Oct 2021
19:55 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.5.4

adds openvpn-examples(5) manual page

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-254
commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 cf4dd6b
Tuesday, 22 Jun 2021
19:25 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: fix missing include for PATH_MAX

While here, add a warning banner about libressl support status,
and clean up a leftover INSTALL_DATA workaround no longer needed.

Patch suggested and
Reported by:	Franco Fichtner <franco@opnsense.org>
PR:		256744
commit hash: 159c6c7314095a10121155f501c093ad6f18c3c4 commit hash: 159c6c7314095a10121155f501c093ad6f18c3c4 commit hash: 159c6c7314095a10121155f501c093ad6f18c3c4 commit hash: 159c6c7314095a10121155f501c093ad6f18c3c4 159c6c7
Friday, 18 Jun 2021
21:58 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.5.3

Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst

FreeBSD relevant changes:
Bugfixes
*   disable connect-retry backoff for p2p (--secret) instances (Trac #1010,
#1384)
*   fix build with mbedtls w/o SSL renegotiation support
*   fix small memory leak in free_key_ctx for auth_token
*   Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409) -
    -> in FreeBSD ports, already fixed in 2.5.2_2 (PORTREVISION 2).

User-visible Changes
*   update copyright messages in files and --version output

New features
*   add --auth-token-user option (for --auth-token deployments without
--auth-user-pass in client config)
commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 24b0c58
Thursday, 3 Jun 2021
10:47 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: band-aid fix for SIGSEGV on push echo

PR:		256331
Reported by:	peo@nethead.se
commit hash: 6c20c4906a3b0f805c932f4e74ef7f62086e704d commit hash: 6c20c4906a3b0f805c932f4e74ef7f62086e704d commit hash: 6c20c4906a3b0f805c932f4e74ef7f62086e704d commit hash: 6c20c4906a3b0f805c932f4e74ef7f62086e704d 6c20c49
Monday, 17 May 2021
17:56 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: do not package .orig leftovers from patch

Bump PORTREVISION as we change the pkg-plist.
(Includes -mbedtls port variant.)

PR:		255946
Based on a patch by and
Reported by:	Mikael Urankar (mikael@)
commit hash: 42101271373865d49753e8d7b1fb66dfce325dd0 commit hash: 42101271373865d49753e8d7b1fb66dfce325dd0 commit hash: 42101271373865d49753e8d7b1fb66dfce325dd0 commit hash: 42101271373865d49753e8d7b1fb66dfce325dd0 4210127
Wednesday, 21 Apr 2021
17:48 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: security update to v2.5.2

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252

Security:       CVE-2020-15078
Security:       efb965be-a2c0-11eb-8956-1951a8617e30
MFH:		2021Q2
commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 4734032
Tuesday, 6 Apr 2021
14:31 Mathieu Arnold (mat) search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb 305f148
Tuesday, 16 Mar 2021
21:45 mandree search for other commits by this committer
security/openvpn: run ldd -a when multi-link of "same" library found

The build runs a sanity to check that libssl and libcrypto are linked
only once, to catch mismatches in SSL providers to libpkcs11-helper
and openvpn itself.  In order to assist the operator to find out
which libraries pull in differing versions of libcrypto or libssl,
run ldd -a in the error path. (Not run normally, not PORTREVISION bump.)

PR:		254323 (related)
Original commitRevision:568617 
Wednesday, 24 Feb 2021
19:04 mandree search for other commits by this committer
security/openvpn: Bugfix update to v2.5.1

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-251

MFH:		2021Q1 (point-level bugfix update)
Original commitRevision:566502 
Friday, 30 Oct 2020
20:36 mandree search for other commits by this committer
Update security/openvpn 2.5. For 2.3 peers, update your configuration,

...see ports/UPDATING or the
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25

Avoid LibreSSL (IGNORE_SSL).
INSTALL_DATA -> INSTALL_MAN for documentation.
Rearrange Makefile according to portclippy.
Original commitRevision:553713 
Friday, 17 Jul 2020
13:58 mandree search for other commits by this committer
openvpn: Add one TODO marker (no functional change).
Original commitRevision:542434 
10:30 mandree search for other commits by this committer
security/openvpn: future proofing, PLUGINDIR now ...

...configured the official way, not hacky (which failed in openvpn-devel
because it broke some configure tests).
Original commitRevision:542426 
Sunday, 31 May 2020
08:40 mandree search for other commits by this committer
security/openvpn: cherry-pick fixes from git repo

* 098edbb1 2020-05-20 | Switch assertion failure to returning false [Jeremy
Evans]
* fc029714 2020-05-30 | pool: prevent IPv6 pools to be larger than 2^16
addresses [Antonio Quartulli]
* 38b46e6b 2020-02-20 | Persist management-query-remote and proxy prompts [Selva
Nair]

MFH:		2020Q2 (blanket approval for stability fixes)
Original commitRevision:537129 
Thursday, 7 May 2020
16:28 mandree search for other commits by this committer
security/openvpn: reliability fixes cherry-picked from upstream

Arne Schwabe's OpenSSL fix for Debian Bug#958296
"Fix tls_ctx_client/server_new leaving error on OpenSSL error stack"
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958296> [1]

Selva Nair's auth-pam fixes
"Parse static challenge response in auth-pam plugin"
"Accept empty password and/or response in auth-pam plugin"

Re-diff (with make makepatch) older patches.

Reported by:	Jonas Andradas via Debian BTS
Obtained from:	Arne Schwabe, Selva Nair
<https://github.com/OpenVPN/openvpn/tree/release/2.4>
MFH:		2020Q2 (blanket for backporting reliability fixes)
Original commitRevision:534272 
Friday, 17 Apr 2020
18:38 mandree search for other commits by this committer
security/openvpn: update to 2.4.9 (also for -mbedtls slave port)

At the same time, remove ASYNC_PUSH_LIBS workaround from [1].

Changelog (high-level):
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249

Git changelog, marking the three fixes that were already in 2.4.8_3
as cherry-picks with a 1, 2, or 3 instead of "*" to correspond
with the PORTREVISION, and those with "-" that are specific to other systems,
say, Windows.

* 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4,
Changes.rst) (tag: v2.4.9) [Gert Doering]
3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
- 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option
[Selva Nair]
- 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store
[Selva Nair]
* df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva
Nair]
* 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in
GetOpenvpnSettings() [Selva Nair]
* 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve
selection [Arne Schwabe]
* ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in
one file [Maxim Plotnikov]
* 2fe84732 2020-03-30 | When auth-user-pass file has no password query the
management interface (if available). [Selva Nair]
* 908eae5c 2020-04-03 | Move querying username/password from management
interface to a function [Selva Nair]
* 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of
tls_ctx_add_extra_certs [Arne Schwabe]
* 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne
Schwabe]
* 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van
Leeuwen]
* 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH]
* 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu
Lakkala]
2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev
Stipakov]
* 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive
service user [Selva Nair]
* 0ba4f916 2019-11-09 | socks: use the right function when printing struct
openvpn_sockaddr [Antonio Quartulli]
1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev
Stipakov]

PR:		244286 [1]
MFH:		2020Q2 (patchlevel bugfix release)
Original commitRevision:531957 
Thursday, 16 Apr 2020
09:46 mandree search for other commits by this committer
security/openvpn: Fix illegal client float (CVE-2020-11810)

There is a time frame between allocating peer-id and initializing data
channel key (which is performed on receiving push request or on async
push-reply) in which the existing peer-id float checks do not work right.

If a "rogue" data channel packet arrives during that time frame from another
address and with same peer-id, this would cause client to float to that new
address.

The net effect of this behaviour is that the VPN session for the "victim
client" is broken. Since the "attacker client" does not have suitable keys,
it can not inject or steal VPN traffic from the other session. The time
window is small and it can not be used to attack a specific client's session,
unless some other way is found to make it disconnect and reconnect first.

This fix is inherited by the openvpn-mbedtls slave port.

Obtained from:	Lev Stipakov (OpenVPN)
MFH:		2020Q2 (blanket security patch)
Security:	CVE-2020-11810
Security:	8604121c-7fc2-11ea-bcac-7781e90b0c8f
Original commitRevision:531837 
Monday, 16 Mar 2020
22:58 mandree search for other commits by this committer
security/openvpn: Add a FIXME marker to clean up a local workaround that was
upstreamed for 2.4.9. [info: Lev Stipakov]
PR: 244286
Original commitRevision:528550 
Friday, 21 Feb 2020
20:15 mandree search for other commits by this committer
openvpn: Add default-off ASYNC_PUSH option.

When enabled, pulls in devel/libinotify, and
adds --enable-async-push to configure.

In contrast to garga@'s proposal, uses
ASYNC_PUSH_LIBS instead of a patch file.

PR:		244286
Submitted by:	garga@
Original commitRevision:526692 
Sunday, 26 Jan 2020
15:04 mandree search for other commits by this committer
Reduce fragmentation when using ncp-ciphers

URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18975.html
Original commitRevision:524180 
14:40 mandree search for other commits by this committer
Allow build without compression libs.

In that situation, add ./configure --enable-compression-stub.

While here, rearrange Makefile and use _ENABLE rather than _OFF
tags for the options.

Submitted by:	Daniel Engberg
Differential Revision:	https://reviews.freebsd.org/D23190
Original commitRevision:524178 
Friday, 1 Nov 2019
11:54 mandree search for other commits by this committer
security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8

This upstream release integrated two FreeBSD patches by Kyle Evans and me,
which are herewith dropped from the port.

Upstream release banner
"This is primarily a maintenance release with minor bugfixes and improvements."

High-level changes:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248>

Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8:
-  mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
[Antonio Quartulli]
-  openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev]
-  Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert
Doering]
-  Ignore --pull-filter for --mode server [Richard Bonhomme]
-  Fix typo in NTLM proxy debug message [Mykola Baibuz]
-  tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex. [Kyle Evans]
-  Handle PSS padding in cryptoapicert [Selva Nair]
-  Fix regression, reinstate LibreSSL support. [Matthias Andree]
-  Increase listen() backlog queue to 32 [Gert Doering]
-  Wrong FILETYPE in .rc files [Gisle Vanem]
-  Do not set pkcs11-helper 'safe fork mode' [Hilko Bengen]
-  man: correct the description of --capath and --crl-verify regarding CRLs
[Michal Soltys]
-  Fix various compiler warnings [Lev Stipakov]
-  build: Package missing mock_msg.h [David Sommerseth]
-  cmocka: use relative paths [Steffan Karger]
-  docs: Update INSTALL [David Sommerseth]
-  Better error message when script fails due to script-security setting [Selva
Nair]
-  Fix documentation of tls-verify script argument [Thomas Quinot]

Detailed changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8>

Build tests in poudriere and in a live system succeeded on:
11.2-RELEASE 1102000 arm64.aarch64
11.2-RELEASE 1102000 mips.mips64
11.2-RELEASE-p14     i386
11.3-RELEASE-p3      amd64
12.0-RELEASE-p10     i386
12.0-RELEASE-p6      amd64
12.0-RELEASE-p10     amd64 (live)

MFH:		2019Q4
Original commitRevision:516218 
Saturday, 7 Sep 2019
08:04 mandree search for other commits by this committer
security/openvpn: regression fix, support LibreSSL again.

(I use a different patch than what was submitted by pizzamig@,
and have sent our patch upstream.)

Remove IGNORE_SSL.

While here, remove USE_LDCONFIG to fix a portlint complaint,
and fix a typo in a Makefile comment.

PR:		238382
Reported by:	pizzamig@
Original commitRevision:511397 
Wednesday, 14 Aug 2019
03:26 meta search for other commits by this committer
Implement new virtual category: net-vpn for VPN related ports

based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html

PR:		239395
Submitted by:	myself
Approved by:	portmgr (mat)
Differential Revision:	https://reviews.freebsd.org/D21174
Original commitRevision:508887 
Saturday, 13 Jul 2019
08:31 mandree search for other commits by this committer
OpenVPN won't compile with LibreSSL, mark IGNORE.

Upstream maintainers are massively pushing back against patches
offered so far with valid and concrete technical reasons and unsuitability
of the LibreSSL version API that will create a maintenance nightmare.
(And LibreSSL abusing the OpenSSL API.)

PR:		238382
Submitted by:	pizzamig
Original commitRevision:506516 
Thursday, 21 Feb 2019
19:30 mandree search for other commits by this committer
security/openvpn[-mbedtls] update to OpenVPN 2.4.7

Upstream release announcement:
"This is primarily a maintenance release with bugfixes and improvements.
One of the big things is enhanced TLS 1.3 support

Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that."

Move USES up to please portlint.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-247>

Detailed change list:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.7>
Original commitRevision:493524 
Monday, 5 Nov 2018
09:30 amdmi3 search for other commits by this committer
- Add LICENSE_FILE
- Update WWW

Approved by:	portmgr blanket
Original commitRevision:484182 
Friday, 14 Sep 2018
12:04 tijl search for other commits by this committer
Update security/mbedtls to 2.13.0 and bump dependent ports.
Original commitRevision:479770 
Friday, 10 Aug 2018
14:23 tijl search for other commits by this committer
Update security/mbedtls to 2.12.0 and bump dependent ports.

MFH:		2018Q3
Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
Original commitRevision:476834 
Thursday, 7 Jun 2018
12:16 tijl search for other commits by this committer
Update security/mbedtls to 2.9.0 and bump dependent ports.
Original commitRevision:471909 
Wednesday, 25 Apr 2018
22:00 mat search for other commits by this committer
Only sleep in ports if BATCH/PACKAGE_BUILDING are not defined.

Sponsored by:	Absolight
Original commitRevision:468307 
21:09 mandree search for other commits by this committer
Update to new upstream bugfix release 2.4.6.

While here, warn and sleep for 10 s when building against LibreSSL.

Remove some cruft.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-246>

Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.6>

Reported by:	portscout
Original commitRevision:468306 
Monday, 23 Apr 2018
19:26 tijl search for other commits by this committer
Update security/mbedtls to 2.8.0 and bump dependent ports.

MFH:		2018Q2
Security:	https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
Original commitRevision:468134 
Tuesday, 13 Mar 2018
00:10 mandree search for other commits by this committer
Update to new upstream bugfix release 2.4.5.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245>

Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.5>

While here, add a sanity check that traps inconsistent linkage,
if, for instance, the PKCS#11 helper has been built with a different
OPENSSL library version than OpenVPN.
Original commitRevision:464331 
Monday, 12 Mar 2018
13:01 tijl search for other commits by this committer
Update security/mbedtls to 2.7.1.

PR:		226550
MFH:		2018Q1
Original commitRevision:464247 
Saturday, 10 Mar 2018
18:49 tijl search for other commits by this committer
- Update security/polarssl13 to 1.3.22.
- Update security/mbedtls to 2.7.0 and bump dependent ports.

MFH:		2018Q1
Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Original commitRevision:464085 
Thursday, 11 Jan 2018
14:18 danfe search for other commits by this committer
Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).
Original commitRevision:458739 
Sunday, 8 Oct 2017
09:46 mandree search for other commits by this committer
Add missing conflicts
Original commitRevision:451515 
Wednesday, 27 Sep 2017
21:27 mandree search for other commits by this committer
OpenVPN[-mbedtls] security update to 2.4.4

Upstream maintainers write: "This release includes a large number of small
fixes and enhancements. There is also an important security fix for legacy
setups that may still be using key-method 1. As that option was deprecated
12 years ago we estimate that not many production setups are affected in
practice."

Security information:
<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>

Change Summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-244>

Changes as Git shortlog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.4>

Given the low impact, let's forget about MFHing this three days before
2017Q3 becomes EOL and relieved by 2017Q4.

Reported by:	portscout
Security:	CVE-2017-12166
Security:	3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8
Original commitRevision:450792 
Wednesday, 21 Jun 2017
17:22 mandree search for other commits by this committer
OpenVPN security update to 2.4.3

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In
the process several vulnerabilities were found, some of which are
remotely exploitable in certain circumstances.

Compared to OpenVPN 2.4.2 there are several bugfixes and one major
feature: support for building with OpenSSL 1.1.

MFH:		2017Q3 (preapproved by Xin Li)
Security:	9f65d382-56a4-11e7-83e3-080027ef73ec
Security:	CVE-2017-7508
Security:	CVE-2017-7512
Security:	CVE-2017-7520
Security:	CVE-2017-7521
Security:	CVE-2017-7522
Original commitRevision:444043 
Friday, 19 May 2017
21:20 mandree search for other commits by this committer
Switch MASTER_SITES from http to https URI scheme.
Original commitRevision:441273 
Thursday, 11 May 2017
21:19 mandree search for other commits by this committer
OpenVPN update to 2.4.2 (security fixes)

ChangeLog:
<https://github.com/OpenVPN/openvpn/blob/v2.4.2/Changes.rst#version-242>

Details:
<https://github.com/OpenVPN/openvpn/releases/tag/v2.4.2>

Security Announcement:
<https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits>

Reported by:	Samuli Seppanen
Security:	04cc7bd2-3686-11e7-aa64-080027ef73ec
Security:	CVE-2017-7478
Security:	CVE-2017-7479
MFH:		2017Q2
Original commitRevision:440667 
Thursday, 23 Mar 2017
21:53 mandree search for other commits by this committer
Update to openvpn release 2.4.1

This contains predominently bugfixes and compatibility with
newer OpenSSL/LibreSSL.

Remove one patch that had been cherry-picked from upstream, no longer
needed.

Summary:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-241
Changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
Original commitRevision:436782 
Thursday, 5 Jan 2017
08:38 mandree search for other commits by this committer
Flag conflict between PKCS11 and MBEDTLS in OPTIONS.
Original commitRevision:430622 
Tuesday, 27 Dec 2016
23:16 mandree search for other commits by this committer
OpenVPN update to v2.4.0, old version in openvpn23*.

OpenVPN has been updated to v2.4.0.
Changes: <https://github.com/OpenVPN/openvpn/blob/v2.4.0/Changes.rst>

openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS
library's change of name.

The prior versions of the openvpn ports have been preserved in openvpn23
and openvpn23-polarssl, respectively, and are set to expire 2017-03-31.
Original commitRevision:429678 
Thursday, 8 Dec 2016
03:01 mandree search for other commits by this committer
Upgrade to new upstream bugfix release 2.3.14.

Drop files/extra-patch-fix-subnet and corresponding OPTION, since this
is now part of the upstream release.

Changelog:	<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.14>
Original commitRevision:428095 
Wednesday, 9 Nov 2016
22:06 mandree search for other commits by this committer
Experimental patch for topology subnet.

Added as an extra patch behind an option that defaults to ON so people
can still opt out, this is slated for an upcoming 2.3.14 release that
is, however, not yet scheduled.

PR:		207831 (related)
Obtained from:	Gert Doering, via upstream Git repository 446ef5bda4cdc75d
Original commitRevision:425811 
Friday, 4 Nov 2016
08:42 mandree search for other commits by this committer
Upgrade to upstream bugfix release 2.3.13.

ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13>
Original commitRevision:425304 
Saturday, 27 Aug 2016
12:23 mandree search for other commits by this committer
Fix self-tests in poudriere, make them more robust [1].

The self-tests used to fail in poudriere with dependency cycles in
Makefile that weren't visible earlier. Conditionally change ALL_TARGET
to check (do not use all check, that would require gmake) if the TEST
option is set (default), or set TEST_TARGET if the TEST option is unset.

While I am unable to reproduce 212146 claiming the self-tests fail on an
IPv6-disabled host, and I believe it's a red herring masking a local
configuration issue, doubt sed(1) and add blanks, and be sure to add the
"proto" earlier. The reporter didn't mention his OS version.

No PORTREVISION bump since the default build is unaffected.

PR:		212146 [1]
Original commitRevision:420973 
09:32 mandree search for other commits by this committer
Make self-test the TEST option, support make test. Enabled by default.

NB: This is a critical port with many users, and the test is low on
resources, it takes two minutes idling, waiting for timers to expire.

Replace former ".if ... post-build:" by "post-build-TEST-on: test".
Replace former post-build by "TEST_TARGET=check".

Add a temporary (9 months or so-ish) compatibility wrapper to move
people from the prior port-specific WITHOUT_CHECK to WITHOUT=TEST or
OPTIONS_UNSET=TEST. Uses WARNING+= to make user aware of the change.

While here, shorten the POLARSSL_DESC help message.

Requested by:	brnrd@
Differential Revision:	D7507 (sort-of)
Original commitRevision:420966 
01:17 mandree search for other commits by this committer
Update Tunnelblick XOR patch.

PR:		212136
Submitted by:	Franco Fichtner
Original commitRevision:420956 
Wednesday, 24 Aug 2016
22:33 mandree search for other commits by this committer
Update to new upstream bugfix release 2.3.12, add "stats" to rc script.

* Upstream changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12>
* The cmocka-based unit tests are currently disabled, too much hassle
  and deps to get them running.
* Add patch-configure to drop the unit-test related warnings.
* Extend run control script to understand the "stats" argument, to send
  SIGUSR2 to the process, contributed by Anton Yuzhaninov (with one
  additional line fold).
* Drop patch-629baad8, no longer needed.
* Refresh other patches with make clean extract do-patch makepatch
Original commitRevision:420825 
Friday, 13 May 2016
16:07 mandree search for other commits by this committer
Fix PolarSSL-based builds.

The upstream backported a change from the master branch that fixes the
PolarSSL-based builds to go with the PolarSSL 1.3.X built-in defaults.

Add a patch picked from the upstream's release/2.3 branch.
Remove the BROKEN= line and conditional.

No PORTREVISION bump because the patch only affects an option that was
formerly marked BROKEN.

(TRYBROKEN users need to force a rebuild and reinstallation manually.)
Original commitRevision:415116 
Thursday, 12 May 2016
23:38 mandree search for other commits by this committer
Security upgrade to OpenVPN 2.3.11, breaking POLARSSL option.

Quoting upstream maintainers' release notes:
"This release fixes two vulnerabilities: a port-share bug with DoS
potential and a buffer overflow by user supplied data when using pam
authentication. In addition a number of small fixes and improvements are
included."

WARNING: this upgrade breaks the PolarSSL-based build due to an
oversight in the cipher suite selection hardening, crashing
PolarSSL-based builds with a 0-pointer deferences.
Marking port BROKEN if POLARSSL is set.

Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
Original commitRevision:415093 
Tuesday, 5 Apr 2016
02:17 mandree search for other commits by this committer
One more fix for /usr/sbin/service -R.
Original commitRevision:412541 
02:08 mandree search for other commits by this committer
Work around 10.3-RELEASE's service(8) shortcomings

PR:		208534
Reported by:	allan@saddi.com
Original commitRevision:412540 
Friday, 1 Apr 2016
14:25 mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight
Original commitRevision:412349 
Friday, 8 Jan 2016
09:03 mandree search for other commits by this committer
Upgrade to new upstream release 2.3.10.

Now requires PolarSSL/mbedTLS 1.3.X with X >= 8, PolarSSL 1.2 is EOL.
Match help text to the change.

Make sure the build uses the local unpacked includes before the system
includes, such that portmaster/portupgrade upgrades for PolarSSL work if
2.3.9 or older is pre-installed on the build system.
Original commitRevision:405536 
Sunday, 20 Dec 2015
14:35 mandree search for other commits by this committer
Update to new upstream release 2.3.9.

Removes the PW_SAVE option, the upstream code always permits saving
passwords to files now (so the feature is always enabled).

ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.9>
Original commitRevision:404054 
Friday, 20 Nov 2015
18:41 mandree search for other commits by this committer
Add optional extra patch for Tunnelblick obfuscation.

Adds a --scramble method to the executable but not documentation.
Requires careful review of implications before enabling, and has not
been accepted upstream.  https://tunnelblick.net/cOpenvpn_xorpatch.html

PR:		200215
Submitted by:	Franco Fichtner
Original commitRevision:402095 
Saturday, 24 Oct 2015
11:18 mandree search for other commits by this committer
Handle OpenSSL/PolarSSL options in the right way,

such that it is maintainable if we add more SSL libs in the future.

To fix fall-out from r399858 and r399982.
Original commitRevision:400118 
Thursday, 22 Oct 2015
14:07 mat search for other commits by this committer
Fix build without POLARSSL.

Pointy hat to:	mat
Sponsored by:	Absolight
Original commitRevision:399982 
Tuesday, 20 Oct 2015
15:03 mat search for other commits by this committer
Use options helpers.

Sponsored by:	Absolight
Original commitRevision:399858 

Number of commits found: 187 (showing only 100 on this page)

1 | 2  »