svn commit: r511396 - in head/security/openvpn-devel: . files
Matthias Andree
mandree at FreeBSD.org
Sat Sep 7 07:37:59 UTC 2019
Author: mandree
Date: Sat Sep 7 07:37:58 2019
New Revision: 511396
URL: https://svnweb.freebsd.org/changeset/ports/511396
Log:
security/openvpn-devel: Maintainer update to 201935
This commit updates the port to the latest development snapshot.
Additional changes over PR:
- leave CATEGORIES alone (leaving net-vpn in)
- move IGNORE_SSL upwards and remove USE_LDCONFIG to please portlint -CA
PR: 240376
Submitted by: ecrist at secure-computing.net (maintainer)
Added:
head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h (contents, props changed)
head/security/openvpn-devel/pkg-help (contents, props changed)
Deleted:
head/security/openvpn-devel/files/patch-configure
Modified:
head/security/openvpn-devel/Makefile
head/security/openvpn-devel/distinfo
head/security/openvpn-devel/pkg-descr
Modified: head/security/openvpn-devel/Makefile
==============================================================================
--- head/security/openvpn-devel/Makefile Sat Sep 7 06:57:05 2019 (r511395)
+++ head/security/openvpn-devel/Makefile Sat Sep 7 07:37:58 2019 (r511396)
@@ -2,18 +2,22 @@
# $FreeBSD$
PORTNAME= openvpn
-DISTVERSION= 201907
+DISTVERSION= 201935
CATEGORIES= security net net-vpn
MASTER_SITES= https://secure-computing.net/files/openvpn/ \
ftp://ftp2.secure-computing.net/pub/FreeBSD/openvpn-devel/
PKGNAMESUFFIX= -devel
MAINTAINER= ecrist at secure-computing.net
+# let's use ?= in spite of portlint WARNings because this might become
+# security/openvpn one day which would then have a slave port:
COMMENT?= Secure IP/Ethernet tunnel daemon
LICENSE= GPLv2
LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL
+IGNORE_SSL= libressl libressl-devel
+
USES= cpe libtool pkgconfig shebangfix tar:xz
CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]*
@@ -41,7 +45,7 @@ OPTIONS_SINGLE= SSL
OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS
PKCS11_DESC= Use security/pkcs11-helper
EASYRSA_DESC= Install security/easy-rsa RSA helper package
-MBEDTLS_DESC= SSL/TLS via mbedTLS
+MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3)
TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!)
X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only)
SMALL_DESC= Build a smaller executable with fewer features
@@ -71,7 +75,6 @@ MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls
MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls
USE_RC_SUBR= openvpn
-USE_LDCONFIG= ${PREFIX}/lib
SUB_FILES= pkg-message openvpn-client
@@ -115,22 +118,11 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto
_tlslibs=libssl libcrypto
.endif
-.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS)
-pre-everything::
- @${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL."
- @${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS."
- @${ECHO_CMD} "You may wish to change your default SSL library"
- @${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort."
-. if !(defined(PACKAGE_BUILDING) || defined(BATCH))
- @sleep 10
-. endif
-.endif
-
# sanity check that we don't inherit incompatible SSL libs through,
# for instance, pkcs11-helper:
post-build:
- @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
- | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
+ @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
+ | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi
post-install:
Modified: head/security/openvpn-devel/distinfo
==============================================================================
--- head/security/openvpn-devel/distinfo Sat Sep 7 06:57:05 2019 (r511395)
+++ head/security/openvpn-devel/distinfo Sat Sep 7 07:37:58 2019 (r511396)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1550580278
-SHA256 (openvpn-201907.tar.xz) = 1e2394ca6582877c90fc3d9948cfb1b1c1aaa2383c02af62410d5a51f812ff68
-SIZE (openvpn-201907.tar.xz) = 995288
+TIMESTAMP = 1567798649
+SHA256 (openvpn-201935.tar.xz) = a34dc87188ae38f148e99cc129db2ed05e33c7b41237373b34b5d711481cfc5f
+SIZE (openvpn-201935.tar.xz) = 1002220
Added: head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h Sat Sep 7 07:37:58 2019 (r511396)
@@ -0,0 +1,20 @@
+--- src/openvpn/openssl_compat.h.orig 2019-02-20 12:28:23 UTC
++++ src/openvpn/openssl_compat.h
+@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
+ }
+ #endif /* SSL_CTX_get_max_proto_version */
+
+-#ifndef SSL_CTX_set_min_proto_version
++#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
+ /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
+ static inline int
+ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
+@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v
+ }
+ #endif /* SSL_CTX_set_min_proto_version */
+
+-#ifndef SSL_CTX_set_max_proto_version
++#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
+ /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
+ static inline int
+ SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
Modified: head/security/openvpn-devel/pkg-descr
==============================================================================
--- head/security/openvpn-devel/pkg-descr Sat Sep 7 06:57:05 2019 (r511395)
+++ head/security/openvpn-devel/pkg-descr Sat Sep 7 07:37:58 2019 (r511396)
@@ -10,4 +10,4 @@ there is a good chance this program will not run.
DO NOT USE IN PRODUCTION WITHOUT CAUTION
-WWW: http://openvpn.net/
+WWW: http://openvpn.net/index.php/open-source.html
Added: head/security/openvpn-devel/pkg-help
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openvpn-devel/pkg-help Sat Sep 7 07:37:58 2019 (r511396)
@@ -0,0 +1,10 @@
+Note that "Tunnelblick" is a controversial option.
+It is included for compatibility, not enabled by default,
+and should only be used with due consideration, and it should not
+replace proper cryptography use in OpenVPN.
+
+Note that this patch does NOT add documentation for the new --scramble
+option, neither to the --help output, nor the manual page.
+
+Please see this website for a more detailed discussion:
+https://tunnelblick.net/cOpenvpn_xorpatch.html
More information about the svn-ports-all
mailing list