svn commit: r511396 - in head/security/openvpn-devel: . files

Matthias Andree mandree at FreeBSD.org
Sat Sep 7 07:37:59 UTC 2019 

Author: mandree
Date: Sat Sep  7 07:37:58 2019
New Revision: 511396
URL: https://svnweb.freebsd.org/changeset/ports/511396

Log:
  security/openvpn-devel: Maintainer update to 201935
  
  This commit updates the port to the latest development snapshot.
  
  Additional changes over PR:
  - leave CATEGORIES alone (leaving net-vpn in)
  - move IGNORE_SSL upwards and remove USE_LDCONFIG to please portlint -CA
  
  PR:		240376
  Submitted by:	ecrist at secure-computing.net (maintainer)

Added:
  head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h   (contents, props changed)
  head/security/openvpn-devel/pkg-help   (contents, props changed)
Deleted:
  head/security/openvpn-devel/files/patch-configure
Modified:
  head/security/openvpn-devel/Makefile
  head/security/openvpn-devel/distinfo
  head/security/openvpn-devel/pkg-descr

Modified: head/security/openvpn-devel/Makefile
==============================================================================
--- head/security/openvpn-devel/Makefile	Sat Sep  7 06:57:05 2019	(r511395)
+++ head/security/openvpn-devel/Makefile	Sat Sep  7 07:37:58 2019	(r511396)
@@ -2,18 +2,22 @@
 # $FreeBSD$
 
 PORTNAME=		openvpn
-DISTVERSION=		201907
+DISTVERSION=		201935
 CATEGORIES=		security net net-vpn
 MASTER_SITES=		https://secure-computing.net/files/openvpn/ \
 			ftp://ftp2.secure-computing.net/pub/FreeBSD/openvpn-devel/
 PKGNAMESUFFIX=		-devel
 
 MAINTAINER=		ecrist at secure-computing.net
+# let's use ?= in spite of portlint WARNings because this might become
+# security/openvpn one day which would then have a slave port:
 COMMENT?=		Secure IP/Ethernet tunnel daemon
 
 LICENSE=		GPLv2
 LICENSE_FILE=	${WRKSRC}/COPYRIGHT.GPL
 
+IGNORE_SSL=		libressl libressl-devel
+
 USES=			cpe libtool pkgconfig shebangfix tar:xz
 
 CONFLICTS_INSTALL?=	openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]*
@@ -41,7 +45,7 @@ OPTIONS_SINGLE=		SSL
 OPTIONS_SINGLE_SSL=	OPENSSL MBEDTLS
 PKCS11_DESC=		Use security/pkcs11-helper
 EASYRSA_DESC=		Install security/easy-rsa RSA helper package
-MBEDTLS_DESC=		SSL/TLS via mbedTLS
+MBEDTLS_DESC=		SSL/TLS via mbedTLS (lacks TLS v1.3)
 TUNNELBLICK_DESC=	Tunnelblick XOR scramble patch (READ HELP!)
 X509ALTUSERNAME_DESC=	Enable --x509-username-field (OpenSSL only)
 SMALL_DESC=		Build a smaller executable with fewer features
@@ -71,7 +75,6 @@ MBEDTLS_LIB_DEPENDS=	libmbedtls.so:security/mbedtls
 MBEDTLS_CONFIGURE_ON=	--with-crypto-library=mbedtls
 
 USE_RC_SUBR=		openvpn
-USE_LDCONFIG=		${PREFIX}/lib
 
 SUB_FILES=		pkg-message openvpn-client
 
@@ -115,22 +118,11 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto
 _tlslibs=libssl libcrypto
 .endif
 
-.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS)
-pre-everything::
-	@${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL."
-	@${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS."
-	@${ECHO_CMD} "You may wish to change your default SSL library"
-	@${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort."
-.  if !(defined(PACKAGE_BUILDING) || defined(BATCH))
-	@sleep 10
-.  endif
-.endif
-
 # sanity check that we don't inherit incompatible SSL libs through,
 # for instance, pkcs11-helper:
 post-build:
-	   @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
-	| ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
+	@a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
+	|	${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
 	if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi
 
 post-install:

Modified: head/security/openvpn-devel/distinfo
==============================================================================
--- head/security/openvpn-devel/distinfo	Sat Sep  7 06:57:05 2019	(r511395)
+++ head/security/openvpn-devel/distinfo	Sat Sep  7 07:37:58 2019	(r511396)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1550580278
-SHA256 (openvpn-201907.tar.xz) = 1e2394ca6582877c90fc3d9948cfb1b1c1aaa2383c02af62410d5a51f812ff68
-SIZE (openvpn-201907.tar.xz) = 995288
+TIMESTAMP = 1567798649
+SHA256 (openvpn-201935.tar.xz) = a34dc87188ae38f148e99cc129db2ed05e33c7b41237373b34b5d711481cfc5f
+SIZE (openvpn-201935.tar.xz) = 1002220

Added: head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h	Sat Sep  7 07:37:58 2019	(r511396)
@@ -0,0 +1,20 @@
+--- src/openvpn/openssl_compat.h.orig	2019-02-20 12:28:23 UTC
++++ src/openvpn/openssl_compat.h
+@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
+ }
+ #endif /* SSL_CTX_get_max_proto_version */
+ 
+-#ifndef SSL_CTX_set_min_proto_version
++#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
+ /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
+ static inline int
+ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
+@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v
+ }
+ #endif /* SSL_CTX_set_min_proto_version */
+ 
+-#ifndef SSL_CTX_set_max_proto_version
++#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
+ /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
+ static inline int
+ SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)

Modified: head/security/openvpn-devel/pkg-descr
==============================================================================
--- head/security/openvpn-devel/pkg-descr	Sat Sep  7 06:57:05 2019	(r511395)
+++ head/security/openvpn-devel/pkg-descr	Sat Sep  7 07:37:58 2019	(r511396)
@@ -10,4 +10,4 @@ there is a good chance this program will not run.
 
 DO NOT USE IN PRODUCTION WITHOUT CAUTION
 
-WWW: http://openvpn.net/
+WWW: http://openvpn.net/index.php/open-source.html

Added: head/security/openvpn-devel/pkg-help
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/openvpn-devel/pkg-help	Sat Sep  7 07:37:58 2019	(r511396)
@@ -0,0 +1,10 @@
+Note that "Tunnelblick" is a controversial option.
+It is included for compatibility, not enabled by default,
+and should only be used with due consideration, and it should not
+replace proper cryptography use in OpenVPN.
+
+Note that this patch does NOT add documentation for the new --scramble
+option, neither to the --help output, nor the manual page.
+
+Please see this website for a more detailed discussion:
+https://tunnelblick.net/cOpenvpn_xorpatch.html

More information about the svn-ports-all mailing list