svn commit: r506327 - in head/security/softether-devel: . files
Koichiro Iwao
meta at FreeBSD.org
Wed Jul 10 01:10:04 UTC 2019
Author: meta
Date: Wed Jul 10 01:10:02 2019
New Revision: 506327
URL: https://svnweb.freebsd.org/changeset/ports/506327
Log:
security/softether-devel: Update to v4.30-9696-beta
The biggest topics of this version are JSON-RPC API and HTML5 based admin console.
Here's the summary of changes:
* Added the SoftEther VPN Server JSON-RPC API Suite implementation
* Added the Embedded HTML5-based Modern Admin Console
* Fixed the problem occurs when RPC messages between Cluster Members exceed 64Kbytes
* Fixed the RADIUS PEAP client to use the standard TLS versioning
* Added the support of ChaCha20-Poly1305-IETF AEAD for RUDP
* Added the function to display the protocol details about the VPN session
* Fixed the bug that the language switching function was disabled. (Build 9695 -> Build 9696)
Relnotes: https://www.softether.org/5-download/history
Sponsored by: HAW International, Inc.
Deleted:
head/security/softether-devel/files/patch-src__Mayaqua__Network.c
Modified:
head/security/softether-devel/Makefile
head/security/softether-devel/distinfo
head/security/softether-devel/files/patch-fix-build-openssl111
Modified: head/security/softether-devel/Makefile
==============================================================================
--- head/security/softether-devel/Makefile Wed Jul 10 00:46:30 2019 (r506326)
+++ head/security/softether-devel/Makefile Wed Jul 10 01:10:02 2019 (r506327)
@@ -1,22 +1,22 @@
# $FreeBSD$
PORTNAME= softether
-DISTVERSION= 4.28-9669-beta
-PORTREVISION= 2
+DISTVERSION= 4.30-9696-beta
+#PORTREVISION= 0
CATEGORIES= security
-MASTER_SITES= https://www.softether-download.com/files/softether/v${DISTVERSION}-2018.09.11-tree/Source_Code/
+MASTER_SITES= https://www.softether-download.com/files/softether/v${DISTVERSION}-2019.07.08-tree/Source_Code/
PKGNAMESUFFIX= -devel
DISTNAME= ${PORTNAME}-src-v${DISTVERSION}
MAINTAINER= meta at FreeBSD.org
COMMENT= Softether VPN 4 (stable beta version)
-LICENSE= GPLv2
+LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE
ONLY_FOR_ARCHS= amd64 i386
ONLY_FOR_ARCHS_REASON= Upstream only supports amd64 and i386: https://www.softether.org/3-spec
-IGNORE= no beta version available right now, use security/softether instead
+#IGNORE= no beta version available right now, use security/softether instead
USES= dos2unix gmake iconv:wchar_t localbase:ldflags ncurses \
readline ssl
Modified: head/security/softether-devel/distinfo
==============================================================================
--- head/security/softether-devel/distinfo Wed Jul 10 00:46:30 2019 (r506326)
+++ head/security/softether-devel/distinfo Wed Jul 10 01:10:02 2019 (r506327)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1542201488
-SHA256 (softether-src-v4.28-9669-beta.tar.gz) = 1e641fa227a732b3eec3fe8bdcf4d4fd2b1d0b0a5084119126c1216d2ec1b545
-SIZE (softether-src-v4.28-9669-beta.tar.gz) = 33795085
+TIMESTAMP = 1562582908
+SHA256 (softether-src-v4.30-9696-beta.tar.gz) = 07b6fb3a677ab9eef42fc5a6abee414904552bcdc66baa56ebd3896bf2a8b490
+SIZE (softether-src-v4.30-9696-beta.tar.gz) = 34687742
Modified: head/security/softether-devel/files/patch-fix-build-openssl111
==============================================================================
--- head/security/softether-devel/files/patch-fix-build-openssl111 Wed Jul 10 00:46:30 2019 (r506326)
+++ head/security/softether-devel/files/patch-fix-build-openssl111 Wed Jul 10 01:10:02 2019 (r506327)
@@ -1,22 +1,47 @@
---- src/Mayaqua/Encrypt.c.orig 2018-11-06 08:15:31 UTC
-+++ src/Mayaqua/Encrypt.c
-@@ -2684,7 +2684,7 @@ bool RsaCheck()
- BIO *bio;
- char errbuf[MAX_SIZE];
- UINT size = 0;
-- UINT bit = 32;
-+ UINT bit = RSA_KEY_SIZE;
- // Validate arguments
+--- src/Mayaqua/Network.c.orig 2019-07-09 22:00:31.540606000 +0900
++++ src/Mayaqua/Network.c 2019-07-09 22:00:37.550748000 +0900
+@@ -5946,6 +5946,10 @@
+ return 1;
+ }
- // Key generation
---- src/Mayaqua/Encrypt.h.orig 2018-11-06 08:15:31 UTC
-+++ src/Mayaqua/Encrypt.h
-@@ -128,7 +128,7 @@ void RAND_Free_For_SoftEther();
- #define DES_IV_SIZE 8 // DES IV size
- #define DES_BLOCK_SIZE 8 // DES block size
- #define DES3_KEY_SIZE (8 * 3) // 3DES key size
--#define RSA_KEY_SIZE 128 // RSA key size
-+#define RSA_KEY_SIZE 4096 // RSA key size
- #define DH_KEY_SIZE 128 // DH key size
- #define RSA_MIN_SIGN_HASH_SIZE (15 + SHA1_HASH_SIZE) // Minimum RSA hash size
- #define RSA_SIGN_HASH_SIZE (RSA_MIN_SIGN_HASH_SIZE) // RSA hash size
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define X509_STORE_CTX_get0_cert(o) ((o)->cert)
++#endif
++
+ // Verify client SSL certificate during TLS handshake.
+ //
+ // (actually, only save the certificate for later authentication in Protocol.c)
+@@ -5953,27 +5957,27 @@
+ {
+ SSL *ssl;
+ struct SslClientCertInfo *clientcert;
++ X509 *cert;
+
+ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+ clientcert = SSL_get_ex_data(ssl, GetSslClientCertIndex());
+
+ if (clientcert != NULL)
+ {
+- clientcert->PreverifyErr = 0;
++ clientcert->PreverifyErr = X509_STORE_CTX_get_error(ctx);
+ clientcert->PreverifyErrMessage[0] = '\0';
+ if (!preverify_ok)
+ {
+- char *msg;
+- clientcert->PreverifyErr = X509_STORE_CTX_get_error(ctx);
+- msg = (char *)X509_verify_cert_error_string(clientcert->PreverifyErr);
++ const char *msg = X509_verify_cert_error_string(clientcert->PreverifyErr);
+ StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, msg);
+ Debug("SslCertVerifyCallback preverify error: '%s'\n", msg);
+ }
+ else
+ {
+- if (ctx->cert != NULL)
++ cert = X509_STORE_CTX_get0_cert(ctx);
++ if (cert != NULL)
+ {
+- X *tmpX = X509ToX(ctx->cert); // this only wraps ctx->cert, but we need to make a copy
++ X *tmpX = X509ToX(cert); // this only wraps cert, but we need to make a copy
+ X *copyX = CloneX(tmpX);
+ tmpX->do_not_free = true; // do not release inner X509 object
+ FreeX(tmpX);
More information about the svn-ports-all
mailing list