non port: security/openvpn/distinfo |
Number of commits found: 69 |
Saturday, 30 Mar 2024
|
14:12 Matthias Andree (mandree)
security/openvpn: update to bugfix release 2.6.10
Changelog:
https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst#overview-of-changes-in-2610
Note that the security-related fixes only pertain to the Windows
operating system.
c2fc14b |
Tuesday, 13 Feb 2024
|
07:09 Matthias Andree (mandree)
security/openvpn: update to 2.6.9 bug-fix release
ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.9/Changes.rst#overview-of-changes-in-269
MFH: 2024Q1
a84abd0 |
Tuesday, 21 Nov 2023
|
17:03 Matthias Andree (mandree)
security/openvpn: update to 2.6.8 bug-fix release
hopefully fixes...
PR: 275206
Changelog: https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst#overview-of-changes-in-268
MFH: 2023Q4
f6ef067 |
Monday, 13 Nov 2023
|
23:05 Matthias Andree (mandree) Author: Brad Davis
security/openvpn: security update to 2.6.7
PR: 275055
Changelog: https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267
Security: CVE-2023-46849
Security: CVE-2023-46850
MFH: 2023Q4
03b2c67 |
Tuesday, 15 Aug 2023
|
20:28 Matthias Andree (mandree)
security/openvpn: bugfix update → 2.6.6
Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-266
128360b |
Friday, 16 Jun 2023
|
19:15 Matthias Andree (mandree)
security/openvpn: bugfix update to 2.6.5
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-265
e4bef35 |
Tuesday, 16 May 2023
|
18:54 Matthias Andree (mandree)
security/openvpn: update to 2.6.4
https://github.com/OpenVPN/openvpn/blob/v2.6.4/Changes.rst#overview-of-changes-in-264
MFH: 2023Q2
0512092 |
Saturday, 15 Apr 2023
|
08:05 Matthias Andree (mandree)
security/openvpn: bugfix update to v2.6.3
I separately verified the OpenVPN signature and ran more tests,
which the PR did not announce if it did.
Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-263
PR: 270831
MFH: 2023Q2
9152aca |
Tuesday, 28 Mar 2023
|
14:19 Matthias Andree (mandree)
security/openvpn: update to new upstream release 2.6.2
Changes:
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-262
Note that --inactive does not yet work on FreeBSD.
ff146af |
Wednesday, 8 Mar 2023
|
20:45 Matthias Andree (mandree)
security/openvpn: update to v2.6.1
Changelog: https://github.com/OpenVPN/openvpn/blob/v2.6.1/Changes.rst
bc733df |
Friday, 27 Jan 2023
|
21:32 Matthias Andree (mandree)
security/openvpn*: update to 2.6.0, keep openvpn25
- copy openvpn to openvpn25, mark as deprecated and to expire March 31
- update openvpn to openvpn 2.6.0, highlights from Frank Lichtenheld's
release announcement e-mail, slightly edited:
* Data Channel Offload (DCO) kernel acceleration support for Windows,
Linux, and FreeBSD [14].
* OpenSSL 3 support
* Improved handling of tunnel MTU, including support for pushable MTU.
* Outdated cryptographic algorithms disabled by default, but there are
options to override if necessary.
* Reworked TLS handshake, making OpenVPN immune to replay-packet state
exhaustion attacks.
* Added --peer-fingerprint mode for a more simplistic certificate setup
and verification.
* Improved protocol negotiation, leading to faster connection setup.
ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst
6853ab1 |
Friday, 28 Oct 2022
|
18:24 Matthias Andree (mandree)
security/openvpn: update to 2.5.8
Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-258
ae33c30 |
Tuesday, 31 May 2022
|
16:33 Matthias Andree (mandree)
security/openvpn: update to v2.5.7
FreeBSD-related changes from Changes.rst:
- Limited OpenSSL 3.0 support
OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies
on the compatiblity layer and full OpenSSL 3.0 support is coming with
OpenVPN 2.6. Only features that impact usage directly have been
backported:
``--tls-cert-profile insecure`` has been added to allow selecting the
lowest OpenSSL security level (not recommended, use only if you must).
OpenSSL 3.0 no longer supports the Blowfish (and other deprecated)
algorithm by default and the new option ``--providers`` allows loading
the legacy provider to renable these algorithms. Most notably,
reading of many PKCS#12 files encrypted with the RC2 algorithm fails
unless ``--providers legacy default`` is configured.
The OpenSSL engine feature ``--engine`` is not enabled by default
anymore if OpenSSL 3.0 is detected.
- print OpenSSL error stack if decoding PKCS12 file fails
- fix PATH_MAX build failure in auth-pam.c
- fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface
detailed changes: https://github.com/OpenVPN/openvpn/releases/tag/v2.5.7
9acfd1b |
Thursday, 17 Mar 2022
|
22:27 Matthias Andree (mandree)
security/openvpn: security update to 2.5.6
Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256
Somewhat related to and obsoletes:
PR: 262626
Security: 45a72180-a640-11ec-a08b-85298243e224
Security: CVE-2022-0547
Security: https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
MFH: 2022Q1
2e15024 |
Wednesday, 15 Dec 2021
|
17:31 Matthias Andree (mandree)
security/openvpn: bugfix update to 2.5.5
Bugfixes (FreeBSD-specific):
* improve "make check" to notice if "openvpn --show-cipher" crashes
* improve argv unit tests
* ensure unit tests work with mbedTLS builds without BF-CBC ciphers
* include "--push-remove" in the output of "openvpn --help"
* fix "resolvconf -p" invocation in example "up" script
* fix "common_name" environment for script calls when
"--username-as-common-name" is in effect (Trac #1434)
Documentation:
* move "push-peer-info" documentation from "server options" to "client"
(where it belongs)
* correct "foreign_option_{n}" typo in manpage
* update IRC information in CONTRIBUTING.rst (libera.chat)
* README.down-root: fix plugin module name
6a5dfca |
Tuesday, 5 Oct 2021
|
19:55 Matthias Andree (mandree)
security/openvpn: bugfix update to 2.5.4
adds openvpn-examples(5) manual page
Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-254
cf4dd6b |
Friday, 18 Jun 2021
|
21:58 Matthias Andree (mandree)
security/openvpn: update to v2.5.3
Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
FreeBSD relevant changes:
Bugfixes
* disable connect-retry backoff for p2p (--secret) instances (Trac #1010,
#1384)
* fix build with mbedtls w/o SSL renegotiation support
* fix small memory leak in free_key_ctx for auth_token
* Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409) -
-> in FreeBSD ports, already fixed in 2.5.2_2 (PORTREVISION 2).
User-visible Changes
* update copyright messages in files and --version output
New features
* add --auth-token-user option (for --auth-token deployments without
--auth-user-pass in client config)
24b0c58 |
Wednesday, 21 Apr 2021
|
17:48 Matthias Andree (mandree)
security/openvpn: security update to v2.5.2
Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252
Security: CVE-2020-15078
Security: efb965be-a2c0-11eb-8956-1951a8617e30
MFH: 2021Q2
4734032 |
Wednesday, 24 Feb 2021
|
19:04 mandree
security/openvpn: Bugfix update to v2.5.1
Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-251
MFH: 2021Q1 (point-level bugfix update)
|
Friday, 30 Oct 2020
|
20:36 mandree
Update security/openvpn 2.5. For 2.3 peers, update your configuration,
...see ports/UPDATING or the
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25
Avoid LibreSSL (IGNORE_SSL).
INSTALL_DATA -> INSTALL_MAN for documentation.
Rearrange Makefile according to portclippy.
|
Friday, 17 Apr 2020
|
18:38 mandree
security/openvpn: update to 2.4.9 (also for -mbedtls slave port)
At the same time, remove ASYNC_PUSH_LIBS workaround from [1].
Changelog (high-level):
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249
Git changelog, marking the three fixes that were already in 2.4.8_3
as cherry-picks with a 1, 2, or 3 instead of "*" to correspond
with the PORTREVISION, and those with "-" that are specific to other systems,
say, Windows.
* 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4,
Changes.rst) (tag: v2.4.9) [Gert Doering]
3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
- 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option
[Selva Nair]
- 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store
[Selva Nair]
* df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva
Nair]
* 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in
GetOpenvpnSettings() [Selva Nair]
* 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve
selection [Arne Schwabe]
* ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in
one file [Maxim Plotnikov]
* 2fe84732 2020-03-30 | When auth-user-pass file has no password query the
management interface (if available). [Selva Nair]
* 908eae5c 2020-04-03 | Move querying username/password from management
interface to a function [Selva Nair]
* 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of
tls_ctx_add_extra_certs [Arne Schwabe]
* 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne
Schwabe]
* 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van
Leeuwen]
* 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH]
* 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu
Lakkala]
2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev
Stipakov]
* 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive
service user [Selva Nair]
* 0ba4f916 2019-11-09 | socks: use the right function when printing struct
openvpn_sockaddr [Antonio Quartulli]
1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev
Stipakov]
PR: 244286 [1]
MFH: 2020Q2 (patchlevel bugfix release)
|
Friday, 1 Nov 2019
|
11:54 mandree
security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8
This upstream release integrated two FreeBSD patches by Kyle Evans and me,
which are herewith dropped from the port.
Upstream release banner
"This is primarily a maintenance release with minor bugfixes and improvements."
High-level changes:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248>
Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8:
- mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
[Antonio Quartulli]
- openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev]
- Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert
Doering]
- Ignore --pull-filter for --mode server [Richard Bonhomme]
- Fix typo in NTLM proxy debug message [Mykola Baibuz]
- tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex. [Kyle Evans]
- Handle PSS padding in cryptoapicert [Selva Nair]
- Fix regression, reinstate LibreSSL support. [Matthias Andree]
- Increase listen() backlog queue to 32 [Gert Doering]
- Wrong FILETYPE in .rc files [Gisle Vanem]
- Do not set pkcs11-helper 'safe fork mode' [Hilko Bengen]
- man: correct the description of --capath and --crl-verify regarding CRLs
[Michal Soltys]
- Fix various compiler warnings [Lev Stipakov]
- build: Package missing mock_msg.h [David Sommerseth]
- cmocka: use relative paths [Steffan Karger]
- docs: Update INSTALL [David Sommerseth]
- Better error message when script fails due to script-security setting [Selva
Nair]
- Fix documentation of tls-verify script argument [Thomas Quinot]
Detailed changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8>
Build tests in poudriere and in a live system succeeded on:
11.2-RELEASE 1102000 arm64.aarch64
11.2-RELEASE 1102000 mips.mips64
11.2-RELEASE-p14 i386
11.3-RELEASE-p3 amd64
12.0-RELEASE-p10 i386
12.0-RELEASE-p6 amd64
12.0-RELEASE-p10 amd64 (live)
MFH: 2019Q4
|
Thursday, 21 Feb 2019
|
19:30 mandree
security/openvpn[-mbedtls] update to OpenVPN 2.4.7
Upstream release announcement:
"This is primarily a maintenance release with bugfixes and improvements.
One of the big things is enhanced TLS 1.3 support
Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that."
Move USES up to please portlint.
Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-247>
Detailed change list:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.7>
|
Wednesday, 25 Apr 2018
|
21:09 mandree
Update to new upstream bugfix release 2.4.6.
While here, warn and sleep for 10 s when building against LibreSSL.
Remove some cruft.
Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-246>
Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.6>
Reported by: portscout
|
Tuesday, 13 Mar 2018
|
00:10 mandree
Update to new upstream bugfix release 2.4.5.
Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245>
Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.5>
While here, add a sanity check that traps inconsistent linkage,
if, for instance, the PKCS#11 helper has been built with a different
OPENSSL library version than OpenVPN.
|
Wednesday, 27 Sep 2017
|
21:27 mandree
OpenVPN[-mbedtls] security update to 2.4.4
Upstream maintainers write: "This release includes a large number of small
fixes and enhancements. There is also an important security fix for legacy
setups that may still be using key-method 1. As that option was deprecated
12 years ago we estimate that not many production setups are affected in
practice."
Security information:
<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>
Change Summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-244>
Changes as Git shortlog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.4>
Given the low impact, let's forget about MFHing this three days before
2017Q3 becomes EOL and relieved by 2017Q4.
Reported by: portscout
Security: CVE-2017-12166
Security: 3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8
|
Wednesday, 21 Jun 2017
|
17:22 mandree
OpenVPN security update to 2.4.3
OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In
the process several vulnerabilities were found, some of which are
remotely exploitable in certain circumstances.
Compared to OpenVPN 2.4.2 there are several bugfixes and one major
feature: support for building with OpenSSL 1.1.
MFH: 2017Q3 (preapproved by Xin Li)
Security: 9f65d382-56a4-11e7-83e3-080027ef73ec
Security: CVE-2017-7508
Security: CVE-2017-7512
Security: CVE-2017-7520
Security: CVE-2017-7521
Security: CVE-2017-7522
|
Thursday, 11 May 2017
|
21:19 mandree
OpenVPN update to 2.4.2 (security fixes)
ChangeLog:
<https://github.com/OpenVPN/openvpn/blob/v2.4.2/Changes.rst#version-242>
Details:
<https://github.com/OpenVPN/openvpn/releases/tag/v2.4.2>
Security Announcement:
<https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits>
Reported by: Samuli Seppanen
Security: 04cc7bd2-3686-11e7-aa64-080027ef73ec
Security: CVE-2017-7478
Security: CVE-2017-7479
MFH: 2017Q2
|
Thursday, 23 Mar 2017
|
21:53 mandree
Update to openvpn release 2.4.1
This contains predominently bugfixes and compatibility with
newer OpenSSL/LibreSSL.
Remove one patch that had been cherry-picked from upstream, no longer
needed.
Summary:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-241
Changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
|
Tuesday, 27 Dec 2016
|
23:16 mandree
OpenVPN update to v2.4.0, old version in openvpn23*.
OpenVPN has been updated to v2.4.0.
Changes: <https://github.com/OpenVPN/openvpn/blob/v2.4.0/Changes.rst>
openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS
library's change of name.
The prior versions of the openvpn ports have been preserved in openvpn23
and openvpn23-polarssl, respectively, and are set to expire 2017-03-31.
|
Thursday, 8 Dec 2016
|
03:01 mandree
Upgrade to new upstream bugfix release 2.3.14.
Drop files/extra-patch-fix-subnet and corresponding OPTION, since this
is now part of the upstream release.
Changelog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.14>
|
Friday, 4 Nov 2016
|
08:42 mandree
Upgrade to upstream bugfix release 2.3.13.
ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13>
|
Wednesday, 24 Aug 2016
|
22:33 mandree
Update to new upstream bugfix release 2.3.12, add "stats" to rc script.
* Upstream changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12>
* The cmocka-based unit tests are currently disabled, too much hassle
and deps to get them running.
* Add patch-configure to drop the unit-test related warnings.
* Extend run control script to understand the "stats" argument, to send
SIGUSR2 to the process, contributed by Anton Yuzhaninov (with one
additional line fold).
* Drop patch-629baad8, no longer needed.
* Refresh other patches with make clean extract do-patch makepatch
|
Thursday, 12 May 2016
|
23:38 mandree
Security upgrade to OpenVPN 2.3.11, breaking POLARSSL option.
Quoting upstream maintainers' release notes:
"This release fixes two vulnerabilities: a port-share bug with DoS
potential and a buffer overflow by user supplied data when using pam
authentication. In addition a number of small fixes and improvements are
included."
WARNING: this upgrade breaks the PolarSSL-based build due to an
oversight in the cipher suite selection hardening, crashing
PolarSSL-based builds with a 0-pointer deferences.
Marking port BROKEN if POLARSSL is set.
Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
|
Friday, 8 Jan 2016
|
09:03 mandree
Upgrade to new upstream release 2.3.10.
Now requires PolarSSL/mbedTLS 1.3.X with X >= 8, PolarSSL 1.2 is EOL.
Match help text to the change.
Make sure the build uses the local unpacked includes before the system
includes, such that portmaster/portupgrade upgrades for PolarSSL work if
2.3.9 or older is pre-installed on the build system.
|
Sunday, 20 Dec 2015
|
14:35 mandree
Update to new upstream release 2.3.9.
Removes the PW_SAVE option, the upstream code always permits saving
passwords to files now (so the feature is always enabled).
ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.9>
|
Wednesday, 5 Aug 2015
|
19:10 mandree
Bugfix upgrade to new upstream release 2.3.8.
ChangeLog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.8
|
Wednesday, 10 Jun 2015
|
19:18 mandree
Update to new upstream release 2.3.7.
Fixes
PR: 194745
|
Tuesday, 2 Dec 2014
|
05:54 delphij
Security Update to 2.3.6.
Approved by: so
MFH: 2014Q4
Security: 23ab5c3e-79c3-11e4-8b1e-d050992ecde8
|
Wednesday, 29 Oct 2014
|
18:30 mandree
Upgrade to new upstream release 2.3.5.
Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
While here, drop @dirrm from pkg-plist.
|
Saturday, 10 May 2014
|
23:35 mandree
Update to new upstream release 2.3.4.
Changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.4>
Add USES=libtool and drop .la files.
|
Thursday, 10 Apr 2014
|
20:20 mandree
Upgrade to new upstream 2.3.3 release. Misc bugfixes.
Changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.3>
Note that PKCS#11 helper support requires a pkcs11-helper upgrade from
<http://www.freebsd.org/cgi/query-pr.cgi?pr=188442> to be committed.
|
Friday, 31 May 2013
|
23:06 mandree
Update to new upstream release
2013.05.31 -- Version 2.3.2
Arne Schwabe (3):
Only print script warnings when a script is used. Remove stray mention of
script-security system.
Move settings of user script into set_user_script function
Move checking of script file access into set_user_script
Davide Brini (1):
Provide more accurate warning message
Gert Doering (2):
Fix NULL-pointer crash in route_list_add_vpn_gateway().
Fix problem with UDP tunneling due to mishandled pktinfo structures.
James Yonan (1):
Always push basic set of peer info values to server.
Jan Just Keijser (1):
make 'explicit-exit-notify' pullable again
Josh Cepek (2):
Fix proto tcp6 for server & non-P2MP modes
Fix Windows script execution when called from script hooks
Steffan Karger (2):
Fixed tls-cipher translation bug in openssl-build
Fixed usage of stale define USE_SSL to ENABLE_SSL
svimik (1):
Fix segfault when enabling pf plug-ins
|
Sunday, 31 Mar 2013
|
16:00 mandree
security upgrade to OpenVPN 2.3.1; upstream release notes are
"This release adds supports for PolarSSL 1.2. It also adds a fix to
prevent potential side-channel attacks by switching to a constant-time
memcmp when comparing HMACs in the openvpn_decrypt function. In
addition, it contains several bugfixes and documentation updates, as
well as some minor enhancements."
Full ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>
The port upgrade also offers an option to use the GPLv2+-licensed
PolarSSL instead of OpenSSL (which brings in a license mix).
PR: ports/177517
Reviewed by: miwi
Approved by: portmgr (miwi)
Security: 92f30415-9935-11e2-ad4c-080027ef73ec
|
Friday, 11 Jan 2013
|
23:09 mandree
OpenVPN changes, upgrades and fixes:
- Upgrade security/openvpn to v2.3.0 (changes installed layout a bit),
splitting and re-diffing patches.
- Retain v2.2.2 as security/openvpn22
- Mark security/openvpn20 as deprecated and to expire 6 months from now
- Fix TCP_NODELAY option (openvpn 2.3, 2.2), see
<http://community.openvpn.net/openvpn/ticket/158>
- Fix PassTOS option (openvpn 2.2, 2.0), see
http://community.openvpn.net/openvpn/ticket/135
|
Wednesday, 28 Dec 2011
|
20:43 mandree
Update to new upstream release v2.2.2.
Changelog:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html
|
Thursday, 7 Jul 2011
|
00:16 mandree
Update to upstream release 2.2.1.
NOTE: the easy-rsa/2.0 openssl.cnf file has been removed and replaced by
an openssl-0.9.8.cnf and an openssl-1.0.0.cnf file.
Changelog URL:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html
|
Tuesday, 3 May 2011
|
19:24 mandree
Update to 2.2.0. Add LICENSE (GPLv2). Add a local mirror of the distfile (file
has been uploaded and will propagate soonish).
Changelog:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html
|
Tuesday, 9 Nov 2010
|
20:25 mandree
Switch to XZ distribution format.
|
18:55 mandree
Update to new upstream release 2.1.4.
Update MASTER_SITES.
Submitted by: Eric F. Crist <ecrist@secure-computing.net>
PR: ports/151962
|
Friday, 27 Aug 2010
|
20:03 mandree
Update to 2.1.3
No functional changes, but avoids 'have you seen new release'
type mail flood. :)
|
Tuesday, 17 Aug 2010
|
19:19 mandree
Update to new upstream version 2.1.2.
Contains various bugfixes and improvements.
|
Thursday, 7 Jan 2010
|
16:28 mandree
Move security/openvpn to security/openvpn20 (after previous repocopy).
Update security/openvpn20 to 2.0.9, revising pkg-message.
Move security/openvpn-devel to security/openvpn and
update security/openvpn to 2.1.1.
Remove security/openvpn-devel, adding a MOVED entry.
Update security/Makefile to remove openvpn-devel and add openvpn20 to
SUBDIRS.
Add a UPDATING entry for this shuffle. Currently without upgrade
instructions since neither portupgrade nor portmaster are up to the
task (because of the CONFLICTS).
Approved by: garga@ (mentor)
|
Friday, 18 Jul 2008
|
12:16 miwi
- Force commit to correct the previous commit log:
Correct permissions/owner of DOCSDIR-installed files
PR: 125726 / 125727
Request by: maintainer via im
|
Wednesday, 5 Apr 2006
|
14:57 garga
- Update to 2.0.6
* security fix for client LD_PRELOAD code injection vulnerability
through compromised upstream servers
(FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c,
filed in separate PR)
CVE id not known yet
* 2 other changes only relevant for Linux and NetBSD, not detailed here.
PR: ports/95345
Submitted by: maintainer
Security: VuXML be4ccb7b-c48b-11da-ae12-0002b3b60e4c
|
Thursday, 10 Nov 2005
|
15:05 garga
- CATEGORY CHANGE: add "net" secondary category
- fix jail build on FreeBSD 4 (no security.jail.jailed oid in sysctl)
- catch jail IP misconfiguration and print clear error message
- add SHA256 checksum
- revise pkg-message and pkg-descr
PR: ports/88785
Submitted by: maintainer
|
Thursday, 3 Nov 2005
|
15:22 garga
- Update to 2.0.5
PR: ports/88437
Submitted by: maintainer
|
Wednesday, 2 Nov 2005
|
01:52 mnag
Update to 2.0.4
PR: 88379
Submitted by: Matthias Andree <matthias.andree@gmx.de> (maintainer)
Security: CVE-2005-3393, CVE-2005-3409
|
Monday, 29 Aug 2005
|
18:52 garga
- Update to 2.0.2 that brings these upstream changes:
- fix bug that would exhaust file descriptors as the routing table was
modified
(this had already been part of the port previously)
- fix bug that would block the management socket until the peer connected
- fix pkitool sh incompatibilities (from NetBSD)
PR: ports/85299
Submitted by: maintainer
|
Friday, 19 Aug 2005
|
18:48 garga
- Security update to version 2.0.1, fixing four denial of service bugs,
CAN-2005-2531, CAN-2005-2532, CAN-2005-2533, CAN-2005-2534
- Drop old init script and add a modern rcNG script in its place,
requested by Matthias Grimm and Dirk Gouders (although the script below is
one I, Matthias Andree, wrote). It can automatically load tun/tap drivers.
- move pkg-message to files/pkg-message.in, revise it, list it in SUB_FILES
to expand ${PREFIX}.
- print pkg-message after installation from port
- switch to official "make check" as smoke-test, rather than wiring our own.
- prefer LZO2 in most situations, as OpenVPN will pick up LZO2 rather than
LZO1 if both are installed.
PR: ports/85109
Submitted by: maintainer
Approved by: portmgr (krion)
|
Thursday, 21 Apr 2005
|
14:04 jylefort
Update to 2.0
PR: ports/80082
Submitted by: Matthias Andree <matthias.andree@gmx.de> (maintainer)
Approved by: adamw (mentor, implicit)
|
Monday, 10 May 2004
|
15:51 vs
Update to latest stable version.
PR: ports/66473
Submitted by: Matthias Andree (maintainer)
|
Thursday, 18 Mar 2004
|
02:27 trevor
Add size data.
Approved by: maintainers
|
Friday, 21 Nov 2003
|
12:19 krion
- Support for TCP as the tunnel transport was added
- Change maintainer email
PR: 59543
Submitted by: maintainer
|
Friday, 18 Jul 2003
|
00:16 leeym
updates the OpenVPN port from 1.4.0 to 1.4.2.
PR: 54597
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
Friday, 9 May 2003
|
07:34 ijliao
upgrade to 1.4.0
PR: 51956
Submitted by: maintainer
|
Friday, 25 Oct 2002
|
20:55 obraun
* Upgrade to 1.3.2.
* Add init script.
PR: 44436
Submitted by: maintainer
|
Thursday, 11 Jul 2002
|
16:51 ijliao
upgrade to 1.3.0
PR: 40424
Submitted by: maintainer
|
Monday, 24 Jun 2002
|
16:13 pat
Add new port openvpn: Secure IP/Ethernet tunnel daemon
PR: ports/39750
Submitted by: Matthias Andree <matthias.andree@web.de>
|
Number of commits found: 69 |