notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.
New feature planned: get notified when the package is available. Now is the time to contribute ideas/suggestions.
non port: security/openvpn/distinfo

Number of commits found: 68

Tuesday, 13 Feb 2024
07:09 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.9 bug-fix release

ChangeLog:	https://github.com/OpenVPN/openvpn/blob/v2.6.9/Changes.rst#overview-of-changes-in-269
MFH:		2024Q1
commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 a84abd0
Tuesday, 21 Nov 2023
17:03 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.8 bug-fix release

hopefully fixes...

PR:		275206
Changelog:	https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst#overview-of-changes-in-268
MFH:		2023Q4
commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c f6ef067
Monday, 13 Nov 2023
23:05 Matthias Andree (mandree) search for other commits by this committer Author: Brad Davis
security/openvpn: security update to 2.6.7

PR:		275055
Changelog:	https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267
Security:	CVE-2023-46849
Security:	CVE-2023-46850
MFH:		2023Q4
commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac 03b2c67
Tuesday, 15 Aug 2023
20:28 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update → 2.6.6

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-266
commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f 128360b
Friday, 16 Jun 2023
19:15 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.6.5

ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-265
commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 e4bef35
Tuesday, 16 May 2023
18:54 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.4

https://github.com/OpenVPN/openvpn/blob/v2.6.4/Changes.rst#overview-of-changes-in-264

MFH:		2023Q2
commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 0512092
Saturday, 15 Apr 2023
08:05 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to v2.6.3

I separately verified the OpenVPN signature and ran more tests,
which the PR did not announce if it did.

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-263
PR:		270831
MFH:		2023Q2
commit hash: 9152aca61800588efe5ebd43398f23704e325028 commit hash: 9152aca61800588efe5ebd43398f23704e325028 commit hash: 9152aca61800588efe5ebd43398f23704e325028 commit hash: 9152aca61800588efe5ebd43398f23704e325028 9152aca
Tuesday, 28 Mar 2023
14:19 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to new upstream release 2.6.2

Changes:
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-262

Note that --inactive does not yet work on FreeBSD.
commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 ff146af
Wednesday, 8 Mar 2023
20:45 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.6.1

Changelog: https://github.com/OpenVPN/openvpn/blob/v2.6.1/Changes.rst
commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 bc733df
Friday, 27 Jan 2023
21:32 Matthias Andree (mandree) search for other commits by this committer
security/openvpn*: update to 2.6.0, keep openvpn25

- copy openvpn to openvpn25, mark as deprecated and to expire March 31

- update openvpn to openvpn 2.6.0, highlights from Frank Lichtenheld's
  release announcement e-mail, slightly edited:

 * Data Channel Offload (DCO) kernel acceleration support for Windows,
   Linux, and FreeBSD [14].
 * OpenSSL 3 support
 * Improved handling of tunnel MTU, including support for pushable MTU.
 * Outdated cryptographic algorithms disabled by default, but there are
   options to override if necessary.
 * Reworked TLS handshake, making OpenVPN immune to replay-packet state
   exhaustion attacks.
 * Added --peer-fingerprint mode for a more simplistic certificate setup
   and verification.
 * Improved protocol negotiation, leading to faster connection setup.

ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst
commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 6853ab1
Friday, 28 Oct 2022
18:24 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.5.8

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-258
commit hash: ae33c30fb0de4184a0987616465273db11eabe5e commit hash: ae33c30fb0de4184a0987616465273db11eabe5e commit hash: ae33c30fb0de4184a0987616465273db11eabe5e commit hash: ae33c30fb0de4184a0987616465273db11eabe5e ae33c30
Tuesday, 31 May 2022
16:33 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.5.7

FreeBSD-related changes from Changes.rst:

- Limited OpenSSL 3.0 support
    OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies
    on the compatiblity layer and full OpenSSL 3.0 support is coming with
    OpenVPN 2.6. Only features that impact usage directly have been
    backported:

    ``--tls-cert-profile insecure``  has been added to allow selecting the
    lowest  OpenSSL security level (not recommended, use only if you must).

    OpenSSL 3.0 no longer supports the Blowfish (and other deprecated)
    algorithm by default and the new option ``--providers`` allows loading
    the legacy provider to renable these algorithms.  Most notably,
    reading of many PKCS#12 files encrypted with the RC2 algorithm fails
    unless ``--providers legacy default`` is configured.

    The OpenSSL engine feature ``--engine`` is not enabled by default
    anymore if OpenSSL 3.0 is detected.

- print OpenSSL error stack if decoding PKCS12 file fails

- fix PATH_MAX build failure in auth-pam.c

- fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface

detailed changes: https://github.com/OpenVPN/openvpn/releases/tag/v2.5.7
commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d 9acfd1b
Thursday, 17 Mar 2022
22:27 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: security update to 2.5.6

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256

Somewhat related to and obsoletes:
PR:		262626
Security:	45a72180-a640-11ec-a08b-85298243e224
Security:	CVE-2022-0547
Security:	https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
MFH:		2022Q1
commit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae commit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae commit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae commit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae 2e15024
Wednesday, 15 Dec 2021
17:31 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.5.5

Bugfixes (FreeBSD-specific):
* improve "make check" to notice if "openvpn --show-cipher" crashes
* improve argv unit tests
* ensure unit tests work with mbedTLS builds without BF-CBC ciphers
* include "--push-remove" in the output of "openvpn --help"
* fix "resolvconf -p" invocation in example "up" script
* fix "common_name" environment for script calls when
  "--username-as-common-name" is in effect (Trac #1434)

Documentation:
* move "push-peer-info" documentation from "server options" to "client"
  (where it belongs)
* correct "foreign_option_{n}" typo in manpage
* update IRC information in CONTRIBUTING.rst (libera.chat)
* README.down-root: fix plugin module name
commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 6a5dfca
Tuesday, 5 Oct 2021
19:55 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.5.4

adds openvpn-examples(5) manual page

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-254
commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 cf4dd6b
Friday, 18 Jun 2021
21:58 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.5.3

Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst

FreeBSD relevant changes:
Bugfixes
*   disable connect-retry backoff for p2p (--secret) instances (Trac #1010,
#1384)
*   fix build with mbedtls w/o SSL renegotiation support
*   fix small memory leak in free_key_ctx for auth_token
*   Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409) -
    -> in FreeBSD ports, already fixed in 2.5.2_2 (PORTREVISION 2).

User-visible Changes
*   update copyright messages in files and --version output

New features
*   add --auth-token-user option (for --auth-token deployments without
--auth-user-pass in client config)
commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 24b0c58
Wednesday, 21 Apr 2021
17:48 Matthias Andree (mandree) search for other commits by this committer
security/openvpn: security update to v2.5.2

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252

Security:       CVE-2020-15078
Security:       efb965be-a2c0-11eb-8956-1951a8617e30
MFH:		2021Q2
commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 4734032
Wednesday, 24 Feb 2021
19:04 mandree search for other commits by this committer
security/openvpn: Bugfix update to v2.5.1

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-251

MFH:		2021Q1 (point-level bugfix update)
Original commitRevision:566502 
Friday, 30 Oct 2020
20:36 mandree search for other commits by this committer
Update security/openvpn 2.5. For 2.3 peers, update your configuration,

...see ports/UPDATING or the
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25

Avoid LibreSSL (IGNORE_SSL).
INSTALL_DATA -> INSTALL_MAN for documentation.
Rearrange Makefile according to portclippy.
Original commitRevision:553713 
Friday, 17 Apr 2020
18:38 mandree search for other commits by this committer
security/openvpn: update to 2.4.9 (also for -mbedtls slave port)

At the same time, remove ASYNC_PUSH_LIBS workaround from [1].

Changelog (high-level):
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249

Git changelog, marking the three fixes that were already in 2.4.8_3
as cherry-picks with a 1, 2, or 3 instead of "*" to correspond
with the PORTREVISION, and those with "-" that are specific to other systems,
say, Windows.

* 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4,
Changes.rst) (tag: v2.4.9) [Gert Doering]
3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
- 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option
[Selva Nair]
- 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store
[Selva Nair]
* df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva
Nair]
* 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in
GetOpenvpnSettings() [Selva Nair]
* 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve
selection [Arne Schwabe]
* ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in
one file [Maxim Plotnikov]
* 2fe84732 2020-03-30 | When auth-user-pass file has no password query the
management interface (if available). [Selva Nair]
* 908eae5c 2020-04-03 | Move querying username/password from management
interface to a function [Selva Nair]
* 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of
tls_ctx_add_extra_certs [Arne Schwabe]
* 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne
Schwabe]
* 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van
Leeuwen]
* 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH]
* 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu
Lakkala]
2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev
Stipakov]
* 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive
service user [Selva Nair]
* 0ba4f916 2019-11-09 | socks: use the right function when printing struct
openvpn_sockaddr [Antonio Quartulli]
1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev
Stipakov]

PR:		244286 [1]
MFH:		2020Q2 (patchlevel bugfix release)
Original commitRevision:531957 
Friday, 1 Nov 2019
11:54 mandree search for other commits by this committer
security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8

This upstream release integrated two FreeBSD patches by Kyle Evans and me,
which are herewith dropped from the port.

Upstream release banner
"This is primarily a maintenance release with minor bugfixes and improvements."

High-level changes:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248>

Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8:
-  mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
[Antonio Quartulli]
-  openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev]
-  Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert
Doering]
-  Ignore --pull-filter for --mode server [Richard Bonhomme]
-  Fix typo in NTLM proxy debug message [Mykola Baibuz]
-  tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex. [Kyle Evans]
-  Handle PSS padding in cryptoapicert [Selva Nair]
-  Fix regression, reinstate LibreSSL support. [Matthias Andree]
-  Increase listen() backlog queue to 32 [Gert Doering]
-  Wrong FILETYPE in .rc files [Gisle Vanem]
-  Do not set pkcs11-helper 'safe fork mode' [Hilko Bengen]
-  man: correct the description of --capath and --crl-verify regarding CRLs
[Michal Soltys]
-  Fix various compiler warnings [Lev Stipakov]
-  build: Package missing mock_msg.h [David Sommerseth]
-  cmocka: use relative paths [Steffan Karger]
-  docs: Update INSTALL [David Sommerseth]
-  Better error message when script fails due to script-security setting [Selva
Nair]
-  Fix documentation of tls-verify script argument [Thomas Quinot]

Detailed changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8>

Build tests in poudriere and in a live system succeeded on:
11.2-RELEASE 1102000 arm64.aarch64
11.2-RELEASE 1102000 mips.mips64
11.2-RELEASE-p14     i386
11.3-RELEASE-p3      amd64
12.0-RELEASE-p10     i386
12.0-RELEASE-p6      amd64
12.0-RELEASE-p10     amd64 (live)

MFH:		2019Q4
Original commitRevision:516218 
Thursday, 21 Feb 2019
19:30 mandree search for other commits by this committer
security/openvpn[-mbedtls] update to OpenVPN 2.4.7

Upstream release announcement:
"This is primarily a maintenance release with bugfixes and improvements.
One of the big things is enhanced TLS 1.3 support

Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that."

Move USES up to please portlint.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-247>

Detailed change list:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.7>
Original commitRevision:493524 
Wednesday, 25 Apr 2018
21:09 mandree search for other commits by this committer
Update to new upstream bugfix release 2.4.6.

While here, warn and sleep for 10 s when building against LibreSSL.

Remove some cruft.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-246>

Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.6>

Reported by:	portscout
Original commitRevision:468306 
Tuesday, 13 Mar 2018
00:10 mandree search for other commits by this committer
Update to new upstream bugfix release 2.4.5.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245>

Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.5>

While here, add a sanity check that traps inconsistent linkage,
if, for instance, the PKCS#11 helper has been built with a different
OPENSSL library version than OpenVPN.
Original commitRevision:464331 
Wednesday, 27 Sep 2017
21:27 mandree search for other commits by this committer
OpenVPN[-mbedtls] security update to 2.4.4

Upstream maintainers write: "This release includes a large number of small
fixes and enhancements. There is also an important security fix for legacy
setups that may still be using key-method 1. As that option was deprecated
12 years ago we estimate that not many production setups are affected in
practice."

Security information:
<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>

Change Summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-244>

Changes as Git shortlog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.4>

Given the low impact, let's forget about MFHing this three days before
2017Q3 becomes EOL and relieved by 2017Q4.

Reported by:	portscout
Security:	CVE-2017-12166
Security:	3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8
Original commitRevision:450792 
Wednesday, 21 Jun 2017
17:22 mandree search for other commits by this committer
OpenVPN security update to 2.4.3

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In
the process several vulnerabilities were found, some of which are
remotely exploitable in certain circumstances.

Compared to OpenVPN 2.4.2 there are several bugfixes and one major
feature: support for building with OpenSSL 1.1.

MFH:		2017Q3 (preapproved by Xin Li)
Security:	9f65d382-56a4-11e7-83e3-080027ef73ec
Security:	CVE-2017-7508
Security:	CVE-2017-7512
Security:	CVE-2017-7520
Security:	CVE-2017-7521
Security:	CVE-2017-7522
Original commitRevision:444043 
Thursday, 11 May 2017
21:19 mandree search for other commits by this committer
OpenVPN update to 2.4.2 (security fixes)

ChangeLog:
<https://github.com/OpenVPN/openvpn/blob/v2.4.2/Changes.rst#version-242>

Details:
<https://github.com/OpenVPN/openvpn/releases/tag/v2.4.2>

Security Announcement:
<https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits>

Reported by:	Samuli Seppanen
Security:	04cc7bd2-3686-11e7-aa64-080027ef73ec
Security:	CVE-2017-7478
Security:	CVE-2017-7479
MFH:		2017Q2
Original commitRevision:440667 
Thursday, 23 Mar 2017
21:53 mandree search for other commits by this committer
Update to openvpn release 2.4.1

This contains predominently bugfixes and compatibility with
newer OpenSSL/LibreSSL.

Remove one patch that had been cherry-picked from upstream, no longer
needed.

Summary:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-241
Changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
Original commitRevision:436782 
Tuesday, 27 Dec 2016
23:16 mandree search for other commits by this committer
OpenVPN update to v2.4.0, old version in openvpn23*.

OpenVPN has been updated to v2.4.0.
Changes: <https://github.com/OpenVPN/openvpn/blob/v2.4.0/Changes.rst>

openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS
library's change of name.

The prior versions of the openvpn ports have been preserved in openvpn23
and openvpn23-polarssl, respectively, and are set to expire 2017-03-31.
Original commitRevision:429678 
Thursday, 8 Dec 2016
03:01 mandree search for other commits by this committer
Upgrade to new upstream bugfix release 2.3.14.

Drop files/extra-patch-fix-subnet and corresponding OPTION, since this
is now part of the upstream release.

Changelog:	<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.14>
Original commitRevision:428095 
Friday, 4 Nov 2016
08:42 mandree search for other commits by this committer
Upgrade to upstream bugfix release 2.3.13.

ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13>
Original commitRevision:425304 
Wednesday, 24 Aug 2016
22:33 mandree search for other commits by this committer
Update to new upstream bugfix release 2.3.12, add "stats" to rc script.

* Upstream changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12>
* The cmocka-based unit tests are currently disabled, too much hassle
  and deps to get them running.
* Add patch-configure to drop the unit-test related warnings.
* Extend run control script to understand the "stats" argument, to send
  SIGUSR2 to the process, contributed by Anton Yuzhaninov (with one
  additional line fold).
* Drop patch-629baad8, no longer needed.
* Refresh other patches with make clean extract do-patch makepatch
Original commitRevision:420825 
Thursday, 12 May 2016
23:38 mandree search for other commits by this committer
Security upgrade to OpenVPN 2.3.11, breaking POLARSSL option.

Quoting upstream maintainers' release notes:
"This release fixes two vulnerabilities: a port-share bug with DoS
potential and a buffer overflow by user supplied data when using pam
authentication. In addition a number of small fixes and improvements are
included."

WARNING: this upgrade breaks the PolarSSL-based build due to an
oversight in the cipher suite selection hardening, crashing
PolarSSL-based builds with a 0-pointer deferences.
Marking port BROKEN if POLARSSL is set.

Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
Original commitRevision:415093 
Friday, 8 Jan 2016
09:03 mandree search for other commits by this committer
Upgrade to new upstream release 2.3.10.

Now requires PolarSSL/mbedTLS 1.3.X with X >= 8, PolarSSL 1.2 is EOL.
Match help text to the change.

Make sure the build uses the local unpacked includes before the system
includes, such that portmaster/portupgrade upgrades for PolarSSL work if
2.3.9 or older is pre-installed on the build system.
Original commitRevision:405536 
Sunday, 20 Dec 2015
14:35 mandree search for other commits by this committer
Update to new upstream release 2.3.9.

Removes the PW_SAVE option, the upstream code always permits saving
passwords to files now (so the feature is always enabled).

ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.9>
Original commitRevision:404054 
Wednesday, 5 Aug 2015
19:10 mandree search for other commits by this committer
Bugfix upgrade to new upstream release 2.3.8.

ChangeLog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.8
Original commitRevision:393606 
Wednesday, 10 Jun 2015
19:18 mandree search for other commits by this committer
Update to new upstream release 2.3.7.

Fixes
PR:		194745
Original commitRevision:389128 
Tuesday, 2 Dec 2014
05:54 delphij search for other commits by this committer
Security Update to 2.3.6.

Approved by:	so
MFH:		2014Q4
Security:	23ab5c3e-79c3-11e4-8b1e-d050992ecde8
Original commitRevision:373752 
Wednesday, 29 Oct 2014
18:30 mandree search for other commits by this committer
Upgrade to new upstream release 2.3.5.

Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

While here, drop @dirrm from pkg-plist.
Original commitRevision:371694 
Saturday, 10 May 2014
23:35 mandree search for other commits by this committer
Update to new upstream release 2.3.4.
Changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.4>

Add USES=libtool and drop .la files.
Original commitRevision:353631 
Thursday, 10 Apr 2014
20:20 mandree search for other commits by this committer
Upgrade to new upstream 2.3.3 release. Misc bugfixes.

Changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.3>

Note that PKCS#11 helper support requires a pkcs11-helper upgrade from
<http://www.freebsd.org/cgi/query-pr.cgi?pr=188442> to be committed.
Original commitRevision:350847 
Friday, 31 May 2013
23:06 mandree search for other commits by this committer
Update to new upstream release

2013.05.31 -- Version 2.3.2
Arne Schwabe (3):
      Only print script warnings when a script is used. Remove stray mention of
script-security system.
      Move settings of user script into set_user_script function
      Move checking of script file access into set_user_script

Davide Brini (1):
      Provide more accurate warning message

Gert Doering (2):
      Fix NULL-pointer crash in route_list_add_vpn_gateway().
      Fix problem with UDP tunneling due to mishandled pktinfo structures.

James Yonan (1):
      Always push basic set of peer info values to server.

Jan Just Keijser (1):
      make 'explicit-exit-notify' pullable again

Josh Cepek (2):
      Fix proto tcp6 for server & non-P2MP modes
      Fix Windows script execution when called from script hooks

Steffan Karger (2):
      Fixed tls-cipher translation bug in openssl-build
      Fixed usage of stale define USE_SSL to ENABLE_SSL

svimik (1):
      Fix segfault when enabling pf plug-ins
Original commitRevision:319549 
Sunday, 31 Mar 2013
16:00 mandree search for other commits by this committer
security upgrade to OpenVPN 2.3.1; upstream release notes are

  "This release adds supports for PolarSSL 1.2. It also adds a fix to
  prevent potential side-channel attacks by switching to a constant-time
  memcmp when comparing HMACs in the openvpn_decrypt function. In
  addition, it contains several bugfixes and documentation updates, as
  well as some minor enhancements."

Full ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>

The port upgrade also offers an option to use the GPLv2+-licensed
PolarSSL instead of OpenSSL (which brings in a license mix).

PR:		ports/177517
Reviewed by:	miwi
Approved by:	portmgr (miwi)
Security:	92f30415-9935-11e2-ad4c-080027ef73ec
Original commitRevision:315640 
Friday, 11 Jan 2013
23:09 mandree search for other commits by this committer
OpenVPN changes, upgrades and fixes:

- Upgrade security/openvpn to v2.3.0 (changes installed layout a bit),
  splitting and re-diffing patches.
- Retain v2.2.2 as security/openvpn22
- Mark security/openvpn20 as deprecated and to expire 6 months from now
- Fix TCP_NODELAY option (openvpn 2.3, 2.2), see
  <http://community.openvpn.net/openvpn/ticket/158>
- Fix PassTOS option (openvpn 2.2, 2.0), see
  http://community.openvpn.net/openvpn/ticket/135
Original commitRevision:310252 
Wednesday, 28 Dec 2011
20:43 mandree search for other commits by this committer
Update to new upstream release v2.2.2.

Changelog:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html
Original commit
Thursday, 7 Jul 2011
00:16 mandree search for other commits by this committer
Update to upstream release 2.2.1.

NOTE: the easy-rsa/2.0 openssl.cnf file has been removed and replaced by
an openssl-0.9.8.cnf and an openssl-1.0.0.cnf file.

Changelog URL:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html
Original commit
Tuesday, 3 May 2011
19:24 mandree search for other commits by this committer
Update to 2.2.0. Add LICENSE (GPLv2). Add a local mirror of the distfile (file
has been uploaded and will propagate soonish).

Changelog:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html
Original commit
Tuesday, 9 Nov 2010
20:25 mandree search for other commits by this committer
Switch to XZ distribution format.
Original commit
18:55 mandree search for other commits by this committer
Update to new upstream release 2.1.4.
Update MASTER_SITES.

Submitted by: Eric F. Crist <ecrist@secure-computing.net>
PR: ports/151962
Original commit
Friday, 27 Aug 2010
20:03 mandree search for other commits by this committer
Update to 2.1.3

No functional changes, but avoids 'have you seen new release'
type mail flood. :)
Original commit
Tuesday, 17 Aug 2010
19:19 mandree search for other commits by this committer
Update to new upstream version 2.1.2.

Contains various bugfixes and improvements.
Original commit
Thursday, 7 Jan 2010
16:28 mandree search for other commits by this committer
Move security/openvpn to security/openvpn20 (after previous repocopy).
Update security/openvpn20 to 2.0.9, revising pkg-message.

Move security/openvpn-devel to security/openvpn and
update security/openvpn to 2.1.1.

Remove security/openvpn-devel, adding a MOVED entry.

Update security/Makefile to remove openvpn-devel and add openvpn20 to
SUBDIRS.

Add a UPDATING entry for this shuffle.  Currently without upgrade
instructions since neither portupgrade nor portmaster are up to the
task (because of the CONFLICTS).

Approved by:  garga@ (mentor)
Original commit
Friday, 18 Jul 2008
12:16 miwi search for other commits by this committer
- Force commit to correct the previous commit log:

Correct permissions/owner of DOCSDIR-installed files

PR:             125726 / 125727
Request by:     maintainer via im
Original commit
Wednesday, 5 Apr 2006
14:57 garga search for other commits by this committer
- Update to 2.0.6
  * security fix for client LD_PRELOAD code injection vulnerability
    through compromised upstream servers
    (FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c,
     filed in separate PR)
    CVE id not known yet
  * 2 other changes only relevant for Linux and NetBSD, not detailed here.

PR:             ports/95345
Submitted by:   maintainer
Security:       VuXML be4ccb7b-c48b-11da-ae12-0002b3b60e4c
Original commit
Thursday, 10 Nov 2005
15:05 garga search for other commits by this committer
- CATEGORY CHANGE: add "net" secondary category
- fix jail build on FreeBSD 4 (no security.jail.jailed oid in sysctl)
- catch jail IP misconfiguration and print clear error message
- add SHA256 checksum
- revise pkg-message and pkg-descr

PR:             ports/88785
Submitted by:   maintainer
Original commit
Thursday, 3 Nov 2005
15:22 garga search for other commits by this committer
- Update to 2.0.5

PR:             ports/88437
Submitted by:   maintainer
Original commit
Wednesday, 2 Nov 2005
01:52 mnag search for other commits by this committer
Update to 2.0.4

PR:             88379
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)
Security:       CVE-2005-3393, CVE-2005-3409
Original commit
Monday, 29 Aug 2005
18:52 garga search for other commits by this committer
- Update to 2.0.2 that brings these upstream changes:

  - fix bug that would exhaust file descriptors as the routing table was
modified
    (this had already been part of the port previously)
  - fix bug that would block the management socket until the peer connected
  - fix pkitool sh incompatibilities (from NetBSD)

PR:             ports/85299
Submitted by:   maintainer
Original commit
Friday, 19 Aug 2005
18:48 garga search for other commits by this committer
- Security update to version 2.0.1, fixing four denial of service bugs,
  CAN-2005-2531, CAN-2005-2532, CAN-2005-2533, CAN-2005-2534
- Drop old init script and add a modern rcNG script in its place,
  requested by Matthias Grimm and Dirk Gouders (although the script below is
  one I, Matthias Andree, wrote). It can automatically load tun/tap drivers.
- move pkg-message to files/pkg-message.in, revise it, list it in SUB_FILES
  to expand ${PREFIX}.
- print pkg-message after installation from port
- switch to official "make check" as smoke-test, rather than wiring our own.
- prefer LZO2 in most situations, as OpenVPN will pick up LZO2 rather than
  LZO1 if both are installed.

PR:             ports/85109
Submitted by:   maintainer
Approved by:    portmgr (krion)
Original commit
Thursday, 21 Apr 2005
14:04 jylefort search for other commits by this committer
Update to 2.0

PR:             ports/80082
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)
Approved by:    adamw (mentor, implicit)
Original commit
Monday, 10 May 2004
15:51 vs search for other commits by this committer
Update to latest stable version.

PR:             ports/66473
Submitted by:   Matthias Andree (maintainer)
Original commit
Thursday, 18 Mar 2004
02:27 trevor search for other commits by this committer
Add size data.

Approved by:    maintainers
Original commit
Friday, 21 Nov 2003
12:19 krion search for other commits by this committer
- Support for TCP as the tunnel transport was added
- Change maintainer email

PR:             59543
Submitted by:   maintainer
Original commit
Friday, 18 Jul 2003
00:16 leeym search for other commits by this committer
updates the OpenVPN port from 1.4.0 to 1.4.2.

PR:             54597
Submitted by:   Matthias Andree <matthias.andree@gmx.de>
Original commit
Friday, 9 May 2003
07:34 ijliao search for other commits by this committer
upgrade to 1.4.0

PR:             51956
Submitted by:   maintainer
Original commit
Friday, 25 Oct 2002
20:55 obraun search for other commits by this committer
* Upgrade to 1.3.2.
* Add init script.

PR:             44436
Submitted by:   maintainer
Original commit
Thursday, 11 Jul 2002
16:51 ijliao search for other commits by this committer
upgrade to 1.3.0

PR:             40424
Submitted by:   maintainer
Original commit
Monday, 24 Jun 2002
16:13 pat search for other commits by this committer
Add new port openvpn: Secure IP/Ethernet tunnel daemon

PR:             ports/39750
Submitted by:   Matthias Andree <matthias.andree@web.de>
Original commit

Number of commits found: 68