15:03 mat 

Use options helpers.

Sponsored by:	Absolight

 

19:10 mandree 

Bugfix upgrade to new upstream release 2.3.8.

ChangeLog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.8

 

15:03 tijl 

By default libtool replaces -export-symbols <file> with -retain-symbols-file
<file> on ELF systems, but this doesn't really do what -export-symbols is
meant to do.  On GNU ELF systems it converts <file> to a simple version
script first and then uses -version-script instead of -retain-symbols-file.
Let USES=libtool patch libtool scripts to do this on all systems with GNU
ld(1).

Bump PORTREVISION on all ports where the build log contains -export-symbols.

audio/calf: This port builds a module that now exports only one function,
but it also builds a number of executables that link to this module and
expect to see other functions.  Because it's already a bit dodgy to link to
a module (libtool warns about this) let the module continue to export only
one function and instead build an ordinary library from the same source that
the executables can link to.  Fix a number of other issues in the same
Makefile.am and clean up the port Makefile.

japanese/scim-honoka: Tries to hide all symbols that start with an
underscore, but because this library is written in C++ all symbols start
with _Z so it ends up hiding everything.  Just don't hide anything at all
like the textproc/scim configure script does.

multimedia/schroedinger: Apply an upstream patch.

textproc/scim-input-pad: Same as japanese/scim-honoka.

PR:		201922
Approved by:	portmgr (antoine)
Exp-run by:	antoine

 

00:11 mandree 

Add an openvpn-polarssl that selects PolarSSL for its default TLS provider.

 

19:18 mandree 

Update to new upstream release 2.3.7.

Fixes
PR:		194745

 

21:39 mandree 

Add experimental patch by Gert Doring to fix PR #194745.
Must be enabled through the options framework ("make config").

PR:		194745

 

23:08 mandree 

+ Update patch set for crypto engine fix [1].
  Change option name so it is presented anew, default disabled.

+ Add openvpn-client wrapper script and up/down scripts to trigger
  resolvconf, with minor edits. [2]

+ Set proper PLUGIN_LIBDIR so that plugins in the default directory can
  be found with relative paths.

+ Compile shipped plugins with -fPIC.

PR:		195004 [1]
PR:		199529 [2]
Submitted by:	yuri@rawbw.com [2]
Obtained from:	https://community.openvpn.net/openvpn/ticket/480#comment:21

 

13:37 tijl 

Specify library version when depending on libpolarssl and switch ports to
PolarSSL 1.3 when they fail to build with 1.2.

 

18:37 mandree 

Add an experimental patch for bug #195004.
Needs to be enabled through a port option.

PR: 195004

 

20:06 mandree 

Add a X509ALTUSERNAME port option to enable the --x509-username-field
run-time option.

Bump PORTREVISION.

PR:		198896
Submitted by:	bastian+freebsd.org@waldi.eu.org

 

18:53 delphij 

Add CPE data.

Requested by:	des

 

05:54 delphij 

Security Update to 2.3.6.

Approved by:	so
MFH:		2014Q4
Security:	23ab5c3e-79c3-11e4-8b1e-d050992ecde8

 

18:26 mandree 

Add three patches from Git to unwedge the build after certs expired,
and two other fixes (bumping PORTREVISION):

44294568 Fix assertion error when using --cipher none
e9b07dc9 Fix to --shaper documentation on the man-page
b77c27a1 Modernize sample keys and sample configs

 

18:30 mandree 

Upgrade to new upstream release 2.3.5.

Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

While here, drop @dirrm from pkg-plist.

 

16:57 adamw 

Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.

 

23:35 mandree 

Update to new upstream release 2.3.4.
Changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.4>

Add USES=libtool and drop .la files.

 

20:20 mandree 

Upgrade to new upstream 2.3.3 release. Misc bugfixes.

Changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.3>

Note that PKCS#11 helper support requires a pkcs11-helper upgrade from
<http://www.freebsd.org/cgi/query-pr.cgi?pr=188442> to be committed.

 

16:24 mandree 

Fix several compilation issues where the upstream's configure script
required pkg-config, for instance, the PKCS11 option.

Submitted by:	mat@

 

09:03 mandree 

- Repair PKCS11 option [1].
- Use the opportunity to simplify Makefile: leverage some of the
  OptionsNG and Staging features, removing our homebrew predecessors.
- QA: Strip .so libraries, fix shebang paths in samples.

Obtained from:	<https://forums.freebsd.org/viewtopic.php?f=7&t=44866> [1]

 

14:43 mandree 

Convert from port-specific to official STAGEDIR support.

 

22:55 bapt 

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

 

23:06 mandree 

Update to new upstream release

2013.05.31 -- Version 2.3.2
Arne Schwabe (3):
      Only print script warnings when a script is used. Remove stray mention of
script-security system.
      Move settings of user script into set_user_script function
      Move checking of script file access into set_user_script

Davide Brini (1):
      Provide more accurate warning message

Gert Doering (2):
      Fix NULL-pointer crash in route_list_add_vpn_gateway().
      Fix problem with UDP tunneling due to mishandled pktinfo structures.

James Yonan (1):
      Always push basic set of peer info values to server.

Jan Just Keijser (1):
      make 'explicit-exit-notify' pullable again

Josh Cepek (2):
      Fix proto tcp6 for server & non-P2MP modes
      Fix Windows script execution when called from script hooks

Steffan Karger (2):
      Fixed tls-cipher translation bug in openssl-build
      Fixed usage of stale define USE_SSL to ENABLE_SSL

svimik (1):
      Fix segfault when enabling pf plug-ins

 

16:00 mandree 

security upgrade to OpenVPN 2.3.1; upstream release notes are

  "This release adds supports for PolarSSL 1.2. It also adds a fix to
  prevent potential side-channel attacks by switching to a constant-time
  memcmp when comparing HMACs in the openvpn_decrypt function. In
  addition, it contains several bugfixes and documentation updates, as
  well as some minor enhancements."

Full ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The port upgrade also offers an option to use the GPLv2+-licensed
PolarSSL instead of OpenSSL (which brings in a license mix).

PR:		ports/177517
Reviewed by:	miwi
Approved by:	portmgr (miwi)
Security:	92f30415-9935-11e2-ad4c-080027ef73ec

 

02:55 mandree 

- When installing from port, do not tamper with permissions of other files
  in ${PREFIX}/sbin and ${PREFIX}/lib. [1]

- Do not install plugin .la/.so files with the executable bit set, they
  are not executable.

PR:		ports/175434 [1]
Submitted by:	Benjamin Lorenz [1]

 

23:12 mandree 

- Fix NOPORTDOCS regression [1], by installing to DESTDIR= and then installing
from
  there, rather than tweaking the Makefiles.
- Move examples to EXAMPLESDIR, and heed NOPORTEXAMPLES
- Remove a leftover SUB_LIST addition.
- Switch comment to my FreeBSD e-mail address.
- Use PORTDOCS=* and PORTEXAMPLES=* to remove pkg-plist cruft
- Sort PORT_OPTIONS .ifs and stuff.

PR:		ports/175283 [1]
Submitted by:	Alexey Markov [1]

 

21:35 mandree 

Add a new security/easy-rsa package that contains the bits that got
split out of OpenVPN prior to the current 2.3.0 release, and make that
security/openvpn RUN_DEPENDS on it. Also update UPDATING record.

 

23:09 mandree 

OpenVPN changes, upgrades and fixes:

- Upgrade security/openvpn to v2.3.0 (changes installed layout a bit),
  splitting and re-diffing patches.
- Retain v2.2.2 as security/openvpn22
- Mark security/openvpn20 as deprecated and to expire 6 months from now
- Fix TCP_NODELAY option (openvpn 2.3, 2.2), see
  <http://community.openvpn.net/openvpn/ticket/158>
- Fix PassTOS option (openvpn 2.2, 2.0), see
  http://community.openvpn.net/openvpn/ticket/135

 

11:29 mandree 

- Convert to OptionsNG
- Strip Makefile header
- Drop LIB_DEPENDS ABI versions

 

23:19 dougb 

Move the rc.d scripts of the form *.sh.in to *.in

Where necessary add $FreeBSD$ to the file

No PORTREVISION bump necessary because this is a no-op

20:43 mandree 

Update to new upstream release v2.2.2.

Changelog:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html

21:58 mandree 

Update and demote CONFLICTS to CONFLICTS_INSTALL.

17:11 mandree 

Use required_modules rather than _precmd.

To fix failures with 'restart'.

Reported by: Miroslav Lachman

22:38 mandree 

Fix NOPORTDOCS support, though differently than suggested

Reported by: pgollucci
PR:          ports/159610

18:05 mandree 

Skip self-test more readily without addresses.

17:23 pav 

- Turn off self-tests on pointyhat, they fail

Reported by:    pointyhat

00:16 mandree 

Update to upstream release 2.2.1.

NOTE: the easy-rsa/2.0 openssl.cnf file has been removed and replaced by
an openssl-0.9.8.cnf and an openssl-1.0.0.cnf file.

Changelog URL:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html

21:14 mandree 

Patch hardwired gcc to ${CC}, fixing clang-ports builds [1].
Use full ${MAKE} environment from do-build, for consistency.

Found by: -exp run [1].

09:20 mandree 

Remove support for lzo-1.

19:24 mandree 

Update to 2.2.0. Add LICENSE (GPLv2). Add a local mirror of the distfile (file
has been uploaded and will propagate soonish).

Changelog:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html

10:04 mandree 

Streamline a bit:
- remove subshell to use basename, and use ## substitution [1]
- remove FreeBSD 5.X compatibility comment [1]
- remove FreeBSD 5.X compatibility code

The parts marked with [1] above were
Submitted by: dougb (Doug Barton)

20:25 mandree 

Switch to XZ distribution format.

18:55 mandree 

Update to new upstream release 2.1.4.
Update MASTER_SITES.

Submitted by: Eric F. Crist <ecrist@secure-computing.net>
PR: ports/151962

20:03 mandree 

Update to 2.1.3

No functional changes, but avoids 'have you seen new release'
type mail flood. :)

19:19 mandree 

Update to new upstream version 2.1.2.

Contains various bugfixes and improvements.

15:49 mandree 

Add openvpn-beta-[0-9]* to CONFLICTS variable.

Submitted by: Eric F. Crist
PR: ports/149617

19:53 mandree 

Support /etc/rc.d/openvpn softrestart
to send SIGUSR1 (rather than SIGHUP) to OpenVPN processes.

Suggested by: Nick Hibma (in private email)

14:12 mandree 

Fix bashisms (source FILE -> . FILE)
replace shebang-lines /bin/bash -> /bin/sh
bump portrevision (changed files)

based on:
PR: ports/147472
Submitted by: Olli Hauer <ohauer@gmx.de>

Approved by: miwi (mentor)

06:14 dougb 

RC_SUBR_SUFFIX has not been needed for a long time now, all supported
versions of FreeBSD now use /etc/rc.subr and rc.d scripts without .sh
appended to the script name.

16:28 mandree 

Move security/openvpn to security/openvpn20 (after previous repocopy).
Update security/openvpn20 to 2.0.9, revising pkg-message.

Move security/openvpn-devel to security/openvpn and
update security/openvpn to 2.1.1.

Remove security/openvpn-devel, adding a MOVED entry.

Update security/Makefile to remove openvpn-devel and add openvpn20 to
SUBDIRS.

Add a UPDATING entry for this shuffle.  Currently without upgrade
instructions since neither portupgrade nor portmaster are up to the
task (because of the CONFLICTS).

Approved by:  garga@ (mentor)

08:10 beech 

- Add logging knob

PR:             ports/130893
Submitted by:   Michael Scheidell <scheidell@secnap.net>
Approved by:    Matthias Andree <matthias.andree@gmx.de> (maintainer)

06:18 rafan 

Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk
 - Remove CONFIGURE_TARGET hack in various bsd.*.mk
 - USE_GNOME=gnometarget is now an no-op

Changes to individual ports, other than removing the CONFIGURE_TARGET hack:

= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
  - comms/gnuradio
  - science/abinit
  - science/elmer-fem
  - science/elmer-matc
  - science/elmer-meshgen2d
  - science/elmerfront
  - science/elmerpost

= use x86_64 as ARCH
  - devel/g-wrap

= other changes
  - print/magicfilter
    GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf

Total # of ports modified:  1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)

PR:             126524 (obsoletes 52917)
Submitted by:   rafan
Tested on:      two pointyhat 7-amd64 exp runs (by pav)
Approved by:    portmgr (pav)

12:16 miwi 

- Force commit to correct the previous commit log:

Correct permissions/owner of DOCSDIR-installed files

PR:             125726 / 125727
Request by:     maintainer via im

10:49 miwi 

- Respect NOPORTDOCS

PR:             125726
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)

01:15 rafan 

- Run opensvn with --daemon ${name} in order to get distinguishable and
  useful syslog tags

PR:             ports/120862
Submitted by:   Matthias Andree <matthias.andree at gmx.de> (maintainer)

19:12 nox 

rcfile:
- fix for FreeBSD releases before rcorder integration
- update copyright notice
- replace shell backticks by $().

Port:
- bump revision
- reformat comment

PR:             ports/109856
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)
Approved by:    miwi (mentor)

19:42 vd 

Fix a bug I introduced with last commit which resulted in openvpn not
being started during boot. The reason for this is that at boot $0 is not
/usr/local/etc/rc.d/openvpn but /etc/rc. The fix is a bit hackish because
it retrieves the script name from $_file - variable used in run_rc_script().

Reported by:    bazzoola <bazzoola@gmail.com>

08:38 vd 

* Add support for running multiple instances of openvpn to the startup script
  Inspired by [1]
* Bump PORTREVISION
* Update the comment which says not to send notices about 2.0.8 to 2.0.9 since
  2.0.9 also introduces only Windows changes. Remove maintainer's name from
  this comment since he did not explicitly state this.

PR:             ports/108371 [1]
Submitted by:   Denis Shaposhnikov <dsh@vlink.ru>, Gleb Kozyrev
<gkozyrev@gmail.com> [1]
Approved by:    matthias.andree@gmx.de (maintainer timeout, 28 days)

19:14 rafan 

- Use newly added RC_SUBR_SUFFIX

Approved by:    Matthias Andree <matthias.andree at gmx.de> (maintainer)

17:47 alepulver 

- Fix build failures that arose from an accidentally omitted -fPIC.
- Portrevision bumped since the change affects all architectures,
  not just those that were failing.

PR:             ports/103863
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)
Reported by:    pointyhat

07:48 rafan 

- Install additional auth-pam plugin

PR:             ports/103833
Submitted by:   Matthias Andree <matthias.andree at gmx.de> (maintainer)
Suggested by:   Michael Helmeste
Tested by:      Michael Helmeste

01:22 rafan 

- Update comments for OpenVPN 2.0.8

PR:             ports/103243
Submitted by:   Matthias Andree <matthias.andree at gmx.de> (maintainer)

07:06 itetcu 

- conflicts with openvpn-devel-[0-9]*
- bump PORTREVISION

PR:             ports/102301
Submitted by:   Matthias Andree (maintainer)

09:56 itetcu 

1 - build and install lib/openvpn-down-root.so plugin (see --plugin option in
    the man page) and README.openvpn-down-root
2 - match rc.d filename as printed post install in pkg-message to actual file
    name on newer systems (which use openvpn rather than openvpn.sh)
Reported by:    Jean-Baptiste Quenot (Bcc'd)
The maintainer wishes to thank Jean-Baptiste for his report and patience.
3 - add a pkg-req script to prevent installation of 6.1 packages on older
    machines, which is a frequent source of "rc.d script doesn't work"
    complaints.

Added file(s):
- files/pkg-req.in

PR:             ports/100917
Submitted by:   Matthias Andree (maintainer)

12:53 garga 

Add a message explaining why it won't be upgraded to 2.0.7 version, to
prevent a lot of people asking maintainer about it:

# -----------------------------------------------------
# DO NOT BOTHER TO SEND NOTICES ABOUT 2.0.7 AS IT FIXES
# A WINDOWS-ONLY BUG THAT DOESN'T AFFECT *BSD AND THUS
# DOES NOT WARRANT A PORT UPGRADE! AND UPGRADE REQUESTS
# WILL BE DROPPED.       -- Matthias Andree, 2006-04-26
# -----------------------------------------------------

PR:             ports/96383
Submitted by:   maintainer

14:57 garga 

- Update to 2.0.6
  * security fix for client LD_PRELOAD code injection vulnerability
    through compromised upstream servers
    (FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c,
     filed in separate PR)
    CVE id not known yet
  * 2 other changes only relevant for Linux and NetBSD, not detailed here.

PR:             ports/95345
Submitted by:   maintainer
Security:       VuXML be4ccb7b-c48b-11da-ae12-0002b3b60e4c

15:05 garga 

- CATEGORY CHANGE: add "net" secondary category
- fix jail build on FreeBSD 4 (no security.jail.jailed oid in sysctl)
- catch jail IP misconfiguration and print clear error message
- add SHA256 checksum
- revise pkg-message and pkg-descr

PR:             ports/88785
Submitted by:   maintainer

01:24 mnag 

Enables self-tests with WITH_JAIL
Bump PORTREVISION

PR:             88488
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)

15:22 garga 

- Update to 2.0.5

PR:             ports/88437
Submitted by:   maintainer

01:52 mnag 

Update to 2.0.4

PR:             88379
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)
Security:       CVE-2005-3393, CVE-2005-3409

08:03 dinoex 

- fix build in jail

maintainer emailed 2005-10-04
Approved by:    (maintainer timeout)

12:01 vs 

FreeBSD 6 no longer adds debug.if_* sysctl variables in its default kernel
(according to the release notes), so our heuristic assumes the module is
missing and tries to load it, which fails as the module already exists.

PR:             ports/86286
Submitted by:   maintainer

18:52 garga 

- Update to 2.0.2 that brings these upstream changes:

  - fix bug that would exhaust file descriptors as the routing table was
modified
    (this had already been part of the port previously)
  - fix bug that would block the management socket until the peer connected
  - fix pkitool sh incompatibilities (from NetBSD)

PR:             ports/85299
Submitted by:   maintainer

10:31 garga 

Fix a typo in the new rc file, where documentation didn't match the
actual variables.

PR:             ports/85156
Submitted by:   maintainer
Reported by:    Benjamin Lutz <benlutz@datacomm.ch>
Approved by:    portmgr (krion)

18:48 garga 

- Security update to version 2.0.1, fixing four denial of service bugs,
  CAN-2005-2531, CAN-2005-2532, CAN-2005-2533, CAN-2005-2534
- Drop old init script and add a modern rcNG script in its place,
  requested by Matthias Grimm and Dirk Gouders (although the script below is
  one I, Matthias Andree, wrote). It can automatically load tun/tap drivers.
- move pkg-message to files/pkg-message.in, revise it, list it in SUB_FILES
  to expand ${PREFIX}.
- print pkg-message after installation from port
- switch to official "make check" as smoke-test, rather than wiring our own.
- prefer LZO2 in most situations, as OpenVPN will pick up LZO2 rather than
  LZO1 if both are installed.

PR:             ports/85109
Submitted by:   maintainer
Approved by:    portmgr (krion)

13:15 garga 

Add PW_PASS option to compile with --enable-pass-save

PR:             82494
Submitted by:   Landon Fuller <landonf@threerings.net>
Reviewed by:    Matthias Andree <matthias.andree@gmx.de> (maintainer)
Approved by:    mantainer, flz (mentor)

19:58 flz 

- Backout latest commit, it needs a repocopy due to API change.

Noticed by:     Matthias Andree <matthias.andree@gmx.de>

17:57 flz 

- Bump lzo lib version.
- Bump PORTREVISION.

16:22 vs 

Plug socket (file descriptor) leak.

PR:             ports/81267
Submitted by:   Jaroslav Klaus via maintainer

14:04 jylefort 

Update to 2.0

PR:             ports/80082
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)
Approved by:    adamw (mentor, implicit)

16:17 vs 

Add CONFLICTS with openvpn-devel

PR:             ports/71337
Submitted by:   maintainer

15:51 vs 

Update to latest stable version.

PR:             ports/66473
Submitted by:   Matthias Andree (maintainer)

12:19 krion 

- Support for TCP as the tunnel transport was added
- Change maintainer email

PR:             59543
Submitted by:   maintainer

00:16 leeym 

updates the OpenVPN port from 1.4.0 to 1.4.2.

PR:             54597
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

07:34 ijliao 

upgrade to 1.4.0

PR:             51956
Submitted by:   maintainer

13:26 knu 

De-pkg-comment.

20:55 obraun 

* Upgrade to 1.3.2.
* Add init script.

PR:             44436
Submitted by:   maintainer

16:51 ijliao 

upgrade to 1.3.0

PR:             40424
Submitted by:   maintainer

16:13 pat 

Add new port openvpn: Secure IP/Ethernet tunnel daemon

PR:             ports/39750
Submitted by:   Matthias Andree <matthias.andree@web.de>