git: 2bfed05f70c7 - main - security/openvpn25: Remove expired port:
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 31 Mar 2023 00:01:57 UTC
The branch main has been updated by bofh:
URL: https://cgit.FreeBSD.org/ports/commit/?id=2bfed05f70c7bf3a4f95bf3ef824a1a259936898
commit 2bfed05f70c7bf3a4f95bf3ef824a1a259936898
Author: Muhammad Moinur Rahman <bofh@FreeBSD.org>
AuthorDate: 2023-03-25 15:03:54 +0000
Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org>
CommitDate: 2023-03-30 23:59:43 +0000
security/openvpn25: Remove expired port:
2023-03-31 security/openvpn25: replaced by new upstream release 2.6.0
---
MOVED | 1 +
security/Makefile | 1 -
security/openvpn25/Makefile | 166 ---------------------
security/openvpn25/distinfo | 3 -
security/openvpn25/files/openvpn-client.in | 6 -
security/openvpn25/files/openvpn.in | 144 ------------------
security/openvpn25/files/patch-doc_openvpn.8 | 20 ---
security/openvpn25/files/patch-doc_openvpn.8.html | 20 ---
...ch-sample__sample-config-files__loopback-client | 13 --
...ch-sample__sample-config-files__loopback-server | 13 --
.../files/patch-src_openvpn_openssl__compat.h | 20 ---
.../files/patch-src_plugins_auth-pam_auth-pam.c | 10 --
security/openvpn25/files/patch-tests__t_cltsrv.sh | 65 --------
security/openvpn25/files/pkg-message.in | 34 -----
security/openvpn25/files/up-script.sample | 27 ----
security/openvpn25/pkg-descr | 5 -
security/openvpn25/pkg-plist | 10 --
17 files changed, 1 insertion(+), 557 deletions(-)
diff --git a/MOVED b/MOVED
index 193fc4506031..6d220ef5a429 100644
--- a/MOVED
+++ b/MOVED
@@ -17864,3 +17864,4 @@ ports-mgmt/p5-FreeBSD-Portindex||2023-03-31|Has expired: Not working, and no fix
print/ghostscript9-x11||2023-03-31|Has expired: Released over 10 years ago and unsupported by upstream, consider print/ghostscript9-agpl-x11
print/ghostscript9-base||2023-03-31|Has expired: Released over 10 years ago and unsupported by upstream, consider print/ghostscript9-agpl-base
security/openscep||2023-03-31|Has expired: Do not support recent RFC 8894
+security/openvpn25|security/openvpn|2023-03-31|Has expired: replaced by new upstream release 2.6.0
diff --git a/security/Makefile b/security/Makefile
index 01c174d4e633..1eb8308d4dbe 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -422,7 +422,6 @@
SUBDIR += openvpn-auth-radius
SUBDIR += openvpn-auth-script
SUBDIR += openvpn-devel
- SUBDIR += openvpn25
SUBDIR += ophcrack
SUBDIR += opie
SUBDIR += ossec-hids
diff --git a/security/openvpn25/Makefile b/security/openvpn25/Makefile
deleted file mode 100644
index 7b3da13b1437..000000000000
--- a/security/openvpn25/Makefile
+++ /dev/null
@@ -1,166 +0,0 @@
-PORTNAME= openvpn
-DISTVERSION= 2.5.9
-PORTREVISION?= 0
-CATEGORIES= security net net-vpn
-MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \
- https://build.openvpn.net/downloads/releases/ \
- LOCAL/mandree
-PKGNAMESUFFIX= 25
-
-MAINTAINER= mandree@FreeBSD.org
-COMMENT?= Secure IP/Ethernet tunnel daemon
-WWW= https://openvpn.net/community/
-
-LICENSE= GPLv2
-LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL
-
-DEPRECATED= replaced by new upstream release 2.6.0
-EXPIRATION_DATE= 2023-03-31
-
-USES= cpe libtool localbase:ldflags pkgconfig shebangfix ssl
-USE_RC_SUBR= openvpn
-
-SHEBANG_FILES= sample/sample-scripts/verify-cn \
- sample/sample-scripts/auth-pam.pl \
- sample/sample-scripts/ucn.pl
-
-GNU_CONFIGURE= yes
-CONFIGURE_ARGS+= --enable-strict --with-crypto-library=openssl
-# set PLUGIN_LIBDIR so that unqualified plugin paths are found:
-CONFIGURE_ENV+= PLUGINDIR="${PREFIX}/lib/openvpn/plugins"
-
-CONFLICTS_INSTALL?= openvpn-2* openvpn-devel openvpn-mbedtls
-
-PORTSCOUT= limit:^2\.5\.
-
-SUB_FILES= pkg-message openvpn-client
-
-USERS= openvpn
-GROUPS= openvpn
-
-PORTDOCS= *
-PORTEXAMPLES= *
-
-OPTIONS_DEFINE= ASYNC_PUSH DOCS EASYRSA EXAMPLES LZ4 LZO PKCS11 SMALL \
- TEST UNITTESTS X509ALTUSERNAME
-OPTIONS_DEFAULT= EASYRSA LZ4 LZO PKCS11 TEST
-ASYNC_PUSH_DESC= Enable async-push support
-EASYRSA_DESC= Install security/easy-rsa RSA helper package
-LZO_DESC= LZO compression (incompatible with LibreSSL)
-PKCS11_DESC= Use security/pkcs11-helper, needs same SSL lib!
-SMALL_DESC= Build a smaller executable with fewer features
-UNITTESTS_DESC= Enable unit tests
-X509ALTUSERNAME_DESC= Enable --x509-username-field
-
-ASYNC_PUSH_LIB_DEPENDS= libinotify.so:devel/libinotify
-ASYNC_PUSH_CONFIGURE_ENABLE= async-push
-
-EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa
-
-LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4
-LZ4_CONFIGURE_ENABLE= lz4
-
-LZO_LIB_DEPENDS+= liblzo2.so:archivers/lzo2
-LZO_CONFIGURE_ENABLE= lzo
-
-PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper
-PKCS11_CONFIGURE_ENABLE= pkcs11
-
-SMALL_CONFIGURE_ENABLE= small
-
-TEST_ALL_TARGET= check
-TEST_TEST_TARGET_OFF= check
-
-UNITTESTS_BUILD_DEPENDS= cmocka>=0:sysutils/cmocka
-UNITTESTS_CONFIGURE_ENABLE= unit-tests
-
-X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username
-
-.ifdef (LOG_OPENVPN)
-CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN}
-.endif
-
-.include <bsd.port.options.mk>
-
-.if ${PORT_OPTIONS:MLZO}
-IGNORE_SSL=libressl libressl-devel
-IGNORE_SSL_REASON=OpenVPN does not have permission to include LZO with LibreSSL. Compile against OpenSSL, or if your setups support it, disable LZO support
-.endif
-
-.if ! ${PORT_OPTIONS:MLZ4} && ! ${PORT_OPTIONS:MLZO}
-CONFIGURE_ARGS+= --enable-comp-stub
-.endif
-
-.include <bsd.port.pre.mk>
-
-.if !empty(PORT_OPTIONS:MLZO) && !empty(SSL_DEFAULT:Nbase:Nopenssl*)
-# in-depth security net if Mk/Uses/ssl.mk changes
-pre-everything::
- @${ECHO_CMD} >&2 "ERROR: OpenVPN is not licensed to combine LZO with other OpenSSL-licensed libraries than OpenSSL. Compile against OpenSSL, or if your setups support it, disable LZO support."
- @${SHELL} -c 'exit 1'
-.endif
-
-post-patch:
- ${REINPLACE_CMD} -E -i '' -e 's/(user|group) nobody/\1 openvpn/' \
- -e 's/"nobody"( after init)/"openvpn" \1/' \
- ${WRKSRC}/sample/sample-config-files/*.conf \
- ${WRKSRC}/sample/sample-config-files/xinetd-*-config \
- ${WRKSRC}/doc/man-sections/generic-options.rst
-
-pre-configure:
- # just too many of sign-compare; bitwise-instead-of-logical was audited and is intentional,
- # and unused-function affects test---these are developer-side warnings, not relevant on end systems
- ${REINPLACE_CMD} 's/-Wsign-compare/-Wno-unknown-warning-option -Wno-sign-compare -Wno-bitwise-instead-of-logical -Wno-unused-function/' ${WRKSRC}/configure
-.ifdef (LOG_OPENVPN)
- @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}"
-.else
- @${ECHO} ""
- @${ECHO} "You may use the following build options:"
- @${ECHO} ""
- @${ECHO} " LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}"
- @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_LOCAL6"
- @${ECHO} ""
-.endif
-.if !empty(SSL_DEFAULT:Mlibressl*)
- @${ECHO} "### --------------------------------------------------------- ###"
- @${ECHO} "### NOTE that libressl is not primarily supported by OpenVPN ###"
- @${ECHO} "### Do not report bugs without fixes/patches unless the issue ###"
- @${ECHO} "### can be reproduced with a released OpenSSL version. ###"
- @${ECHO} "### --------------------------------------------------------- ###"
- @sleep 10
-.endif
-
-post-configure:
- ${REINPLACE_CMD} '/^CFLAGS =/s/$$/ -fPIC/' \
- ${WRKSRC}/src/plugins/auth-pam/Makefile \
- ${WRKSRC}/src/plugins/down-root/Makefile
-
-# sanity check that we don't inherit incompatible SSL libs through,
-# for instance, pkcs11-helper:
-_tlslibs=libssl libcrypto
-post-build:
- @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
- | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
- if test "$$*" != "1" ; then ( set -x ; ldd -a ${WRKSRC}/src/openvpn/openvpn ) ; ${PRINTF} '%s\n' "$$a" ; ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi
-
-post-install:
- ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
- ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so
- ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
- ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down
- @${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
- ${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client
- ${MKDIR} ${STAGEDIR}${PREFIX}/include
-
-post-install-DOCS-on:
- ${MKDIR} ${STAGEDIR}${DOCSDIR}/
-.for i in AUTHORS ChangeLog PORTS
- ${INSTALL_MAN} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/
-.endfor
-
-post-install-EXAMPLES-on:
- (cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/)
- ${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/*
- ${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig
-
-.include <bsd.port.post.mk>
diff --git a/security/openvpn25/distinfo b/security/openvpn25/distinfo
deleted file mode 100644
index d9e09d1d66cf..000000000000
--- a/security/openvpn25/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-TIMESTAMP = 1676264862
-SHA256 (openvpn-2.5.9.tar.gz) = 8794b7125998c68f30de654267a702b9581454ca1e7061511fcc5f99fea4bd32
-SIZE (openvpn-2.5.9.tar.gz) = 1840560
diff --git a/security/openvpn25/files/openvpn-client.in b/security/openvpn25/files/openvpn-client.in
deleted file mode 100644
index 471757811795..000000000000
--- a/security/openvpn25/files/openvpn-client.in
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-exec %%PREFIX%%/sbin/openvpn --script-security 2 \
- --up %%PREFIX%%/libexec/openvpn-client.up \
- --plugin openvpn-plugin-down-root.so %%PREFIX%%/libexec/openvpn-client.down \
- --config "$@"
diff --git a/security/openvpn25/files/openvpn.in b/security/openvpn25/files/openvpn.in
deleted file mode 100644
index 9a59ed6f011e..000000000000
--- a/security/openvpn25/files/openvpn.in
+++ /dev/null
@@ -1,144 +0,0 @@
-#!/bin/sh
-#
-# openvpn.sh - load tun/tap driver and start OpenVPN daemon
-#
-# (C) Copyright 2005 - 2008, 2010 by Matthias Andree
-# based on suggestions by Matthias Grimm and Dirk Gouders
-# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev
-# and Vasil Dimov
-# softrestart feature suggested by Nick Hibma
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
-# details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
-# Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-# PROVIDE: openvpn
-# REQUIRE: DAEMON
-# KEYWORD: shutdown
-
-# -----------------------------------------------------------------------------
-#
-# This script supports running multiple instances of openvpn.
-# To run additional instances link this script to something like
-# % ln -s openvpn openvpn_foo
-# and define additional openvpn_foo_* variables in one of
-# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo
-#
-# Below NAME should be substituted with the name of this script. By default
-# it is openvpn, so read as openvpn_enable. If you linked the script to
-# openvpn_foo, then read as openvpn_foo_enable etc.
-#
-# The following variables are supported (defaults are shown).
-# You can place them in any of
-# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME
-#
-# NAME_enable="NO" # set to YES to enable openvpn
-# NAME_if= # driver(s) to load, set to "tun", "tap" or "tun tap"
-# # it is OK to specify the if_ prefix.
-#
-# # optional:
-# NAME_flags= # additional command line arguments
-# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf" # --config file
-# NAME_dir="%%PREFIX%%/etc/openvpn" # --cd directory
-#
-# You also need to set NAME_configfile and NAME_dir, if the configuration
-# file and directory where keys and certificates reside differ from the above
-# settings.
-#
-# Note that we deliberately refrain from unloading drivers.
-#
-# For further documentation, please see openvpn(8).
-#
-
-. /etc/rc.subr
-
-# service(8) does not create an authentic environment, try to guess,
-# and as of 10.3-RELEASE-p0, it will not find the indented name=
-# assignments below. So give it a default.
-# Trailing semicolon also for service(8)'s benefit:
-name="$file" ;
-
-case "$0" in
-/etc/rc*)
- # during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown),
- # so get the name of the script from $_file
- name="$_file"
- ;;
-*/service)
- # do not use this as $0
- ;;
-*)
- name="$0"
- ;;
-esac
-
-# default name to "openvpn" if guessing failed
-# Trailing semicolon also for service(8)'s benefit:
-name="${name:-openvpn}" ;
-name="${name##*/}"
-rcvar=${name}_enable
-
-stop_postcmd()
-{
- rm -f "$pidfile" || warn "Could not remove $pidfile."
-}
-
-softrestart()
-{
- sig_reload=USR1 run_rc_command reload
- exit $?
-}
-
-openvpn_stats()
-{
- sig_reload=USR2
- run_rc_command ${rc_prefix}reload $rc_extra_args
-}
-
-# reload: support SIGHUP to reparse configuration file
-# softrestart: support SIGUSR1 to reconnect without superuser privileges
-# stats: support SIGUSR2 to write statistics to the syslog
-extra_commands="reload softrestart stats"
-softrestart_cmd="softrestart"
-stats_cmd="openvpn_stats"
-
-# pidfile
-pidfile="/var/run/${name}.pid"
-
-# command and arguments
-command="%%PREFIX%%/sbin/openvpn"
-
-# run this last
-stop_postcmd="stop_postcmd"
-
-load_rc_config ${name}
-
-eval ": \${${name}_enable:=\"NO\"}"
-eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}"
-eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}"
-
-configfile="$(eval echo \${${name}_configfile})"
-dir="$(eval echo \${${name}_dir})"
-interfaces="$(eval echo \${${name}_if})"
-flags="$(eval echo \${${name}_flags})"
-
-required_modules=
-for i in $interfaces ; do
- required_modules="$required_modules${required_modules:+" "}if_${i#if_}"
-done
-
-required_files=${configfile}
-
-command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile} ${flags}"
-
-run_rc_command "$1"
diff --git a/security/openvpn25/files/patch-doc_openvpn.8 b/security/openvpn25/files/patch-doc_openvpn.8
deleted file mode 100644
index a536dae76755..000000000000
--- a/security/openvpn25/files/patch-doc_openvpn.8
+++ /dev/null
@@ -1,20 +0,0 @@
---- doc/openvpn.8.orig 2021-10-05 05:57:01 UTC
-+++ doc/openvpn.8
-@@ -358,7 +358,7 @@ lower priority, \fBn\fP less than zero is higher prior
- .B \-\-persist\-key
- Don\(aqt re\-read key files across \fBSIGUSR1\fP or \fB\-\-ping\-restart\fP\&.
- .sp
--This option can be combined with \fB\-\-user nobody\fP to allow restarts
-+This option can be combined with \fB\-\-user openvpn\fP to allow restarts
- triggered by the \fBSIGUSR1\fP signal. Normally if you drop root
- privileges in OpenVPN, the daemon cannot be restarted since it will now
- be unable to re\-read protected key files.
-@@ -577,7 +577,7 @@ useful to protect the system in the event that some ho
- able to gain control of an OpenVPN session. Though OpenVPN\(aqs security
- features make this unlikely, it is provided as a second line of defense.
- .sp
--By setting \fBuser\fP to \fBnobody\fP or somebody similarly unprivileged,
-+By setting \fBuser\fP to \fBopenvpn\fP or somebody similarly unprivileged,
- the hostile party would be limited in what damage they could cause. Of
- course once you take away privileges, you cannot return them to an
- OpenVPN session. This means, for example, that if you want to reset an
diff --git a/security/openvpn25/files/patch-doc_openvpn.8.html b/security/openvpn25/files/patch-doc_openvpn.8.html
deleted file mode 100644
index 5b1e8e805e13..000000000000
--- a/security/openvpn25/files/patch-doc_openvpn.8.html
+++ /dev/null
@@ -1,20 +0,0 @@
---- doc/openvpn.8.html.orig 2021-10-05 05:57:01 UTC
-+++ doc/openvpn.8.html
-@@ -650,7 +650,7 @@ lower priority, <tt class="docutils literal">n</tt> le
- <tr><td class="option-group">
- <kbd><span class="option">--persist-key</span></kbd></td>
- <td><p class="first">Don't re-read key files across <code>SIGUSR1</code> or <tt class="docutils literal"><span class="pre">--ping-restart</span></tt>.</p>
--<p>This option can be combined with <tt class="docutils literal"><span class="pre">--user</span> nobody</tt> to allow restarts
-+<p>This option can be combined with <tt class="docutils literal"><span class="pre">--user</span> openvpn</tt> to allow restarts
- triggered by the <code>SIGUSR1</code> signal. Normally if you drop root
- privileges in OpenVPN, the daemon cannot be restarted since it will now
- be unable to re-read protected key files.</p>
-@@ -824,7 +824,7 @@ initialization, dropping privileges in the process. Th
- useful to protect the system in the event that some hostile party was
- able to gain control of an OpenVPN session. Though OpenVPN's security
- features make this unlikely, it is provided as a second line of defense.</p>
--<p class="last">By setting <tt class="docutils literal">user</tt> to <code>nobody</code> or somebody similarly unprivileged,
-+<p class="last">By setting <tt class="docutils literal">user</tt> to <code>openvpn</code> or somebody similarly unprivileged,
- the hostile party would be limited in what damage they could cause. Of
- course once you take away privileges, you cannot return them to an
- OpenVPN session. This means, for example, that if you want to reset an
diff --git a/security/openvpn25/files/patch-sample__sample-config-files__loopback-client b/security/openvpn25/files/patch-sample__sample-config-files__loopback-client
deleted file mode 100644
index 0b485a641d8a..000000000000
--- a/security/openvpn25/files/patch-sample__sample-config-files__loopback-client
+++ /dev/null
@@ -1,13 +0,0 @@
---- sample/sample-config-files/loopback-client.orig 2016-08-23 14:16:22 UTC
-+++ sample/sample-config-files/loopback-client
-@@ -9,8 +9,8 @@
- # ./openvpn --config sample-config-files/loopback-client (In one window)
- # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
-
--rport 16000
--lport 16001
-+rport 16100
-+lport 16101
- remote localhost
- local localhost
- dev null
diff --git a/security/openvpn25/files/patch-sample__sample-config-files__loopback-server b/security/openvpn25/files/patch-sample__sample-config-files__loopback-server
deleted file mode 100644
index 58691b133de7..000000000000
--- a/security/openvpn25/files/patch-sample__sample-config-files__loopback-server
+++ /dev/null
@@ -1,13 +0,0 @@
---- sample/sample-config-files/loopback-server.orig 2016-08-23 14:16:22 UTC
-+++ sample/sample-config-files/loopback-server
-@@ -9,8 +9,8 @@
- # ./openvpn --config sample-config-files/loopback-client (In one window)
- # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
-
--rport 16001
--lport 16000
-+rport 16101
-+lport 16100
- remote localhost
- local localhost
- dev null
diff --git a/security/openvpn25/files/patch-src_openvpn_openssl__compat.h b/security/openvpn25/files/patch-src_openvpn_openssl__compat.h
deleted file mode 100644
index 2d68b96e8580..000000000000
--- a/security/openvpn25/files/patch-src_openvpn_openssl__compat.h
+++ /dev/null
@@ -1,20 +0,0 @@
---- src/openvpn/openssl_compat.h.orig 2020-04-16 13:26:45 UTC
-+++ src/openvpn/openssl_compat.h
-@@ -747,7 +747,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
- }
- #endif /* SSL_CTX_get_max_proto_version */
-
--#ifndef SSL_CTX_set_min_proto_version
-+#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
- /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
- static inline int
- SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
-@@ -776,7 +776,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v
- }
- #endif /* SSL_CTX_set_min_proto_version */
-
--#ifndef SSL_CTX_set_max_proto_version
-+#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
- /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
- static inline int
- SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
diff --git a/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c b/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c
deleted file mode 100644
index 633bc0f0204d..000000000000
--- a/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c
+++ /dev/null
@@ -1,10 +0,0 @@
---- src/plugins/auth-pam/auth-pam.c.orig 2021-06-21 04:44:39 UTC
-+++ src/plugins/auth-pam/auth-pam.c
-@@ -39,6 +39,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <ctype.h>
-+#include <limits.h>
- #include <unistd.h>
- #include <stdlib.h>
- #include <sys/types.h>
diff --git a/security/openvpn25/files/patch-tests__t_cltsrv.sh b/security/openvpn25/files/patch-tests__t_cltsrv.sh
deleted file mode 100644
index 9d0af3691c87..000000000000
--- a/security/openvpn25/files/patch-tests__t_cltsrv.sh
+++ /dev/null
@@ -1,65 +0,0 @@
---- tests/t_cltsrv.sh.orig 2016-08-23 13:10:22 UTC
-+++ tests/t_cltsrv.sh
-@@ -1,7 +1,7 @@
- #! /bin/sh
- #
- # t_cltsrv.sh - script to test OpenVPN's crypto loopback
--# Copyright (C) 2005, 2006, 2008 Matthias Andree
-+# Copyright (C) 2005 - 2014 Matthias Andree
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
-@@ -22,8 +22,9 @@ set -e
- srcdir="${srcdir:-.}"
- top_srcdir="${top_srcdir:-..}"
- top_builddir="${top_builddir:-..}"
--trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
--trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
-+root="${top_srcdir}/sample"
-+trap "rm -f ${root}/sample-config-files/loopback-*.test log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
-+trap "a=\$? ; rm -f ${root}/sample-config-files/loopback-*.test log.$$ log.$$.signal ; test \$a = 0 && exit 1 || exit \$a" 0 3
- addopts=
- case `uname -s` in
- FreeBSD)
-@@ -45,18 +46,38 @@ esac
- # make sure that the --down script is executable -- fail (rather than
- # skip) test if it isn't.
- downscript="../tests/t_cltsrv-down.sh"
--root="${top_srcdir}/sample"
- test -x "${root}/${downscript}" || chmod +x "${root}/${downscript}" || { echo >&2 "${root}/${downscript} is not executable, failing." ; exit 1 ; }
- echo "The following test will take about two minutes." >&2
- echo "If the addresses are in use, this test will retry up to two times." >&2
-
-+set -- $(ifconfig lo0 | grep -E '\<inet' | head -n1)
-+add=
-+if [ "x$1$2" = "x" ] ; then
-+ echo >&2 "### NO ADDRESSES ON LOOPBACK INTERFACE lo0, SKIPPING TEST ###"
-+ exit 77
-+fi
-+if [ "inet6" = "$1" ] ; then
-+ add='proto udp6 '
-+fi
-+for i in server client ; do
-+ sed -e "s|localhost|${2%/*}|" -e "/^remote /a\\
-+$add" ${root}/sample-config-files/loopback-$i \
-+ >${root}/sample-config-files/loopback-$i.test
-+done
-+
- # go
- success=0
- for i in 1 2 3 ; do
- set +e
- (
-- "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" &
-- "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client"
-+ "${top_builddir}/src/openvpn/openvpn" --script-security 2 \
-+ --cd "${root}" ${addopts} --setenv role srv \
-+ --down "${downscript}" --tls-exit --ping-exit 180 \
-+ --config "sample-config-files/loopback-server.test" &
-+ "${top_builddir}/src/openvpn/openvpn" --script-security 2 \
-+ --cd "${top_srcdir}/sample" ${addopts} --setenv role clt \
-+ --down "${downscript}" --tls-exit --ping-exit 180 \
-+ --config "sample-config-files/loopback-client.test"
- ) 3>log.$$.signal >log.$$ 2>&1
- e1=$?
- wait $!
diff --git a/security/openvpn25/files/pkg-message.in b/security/openvpn25/files/pkg-message.in
deleted file mode 100644
index c527aec28683..000000000000
--- a/security/openvpn25/files/pkg-message.in
+++ /dev/null
@@ -1,34 +0,0 @@
-[
-{ type: install
- message: <<EOM
-Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
-startup. See %%PREFIX%%/etc/rc.d/openvpn for details.
-
-Connect to VPN server as a client with this command to include
-the client.up/down scripts in the initialization:
-openvpn-client <spec>.ovpn
-
-For compatibility notes when interoperating with older OpenVPN
-versions, please see <http://openvpn.net/relnotes.html>
-
-Note that OpenVPN does not officially support LibreSSL.
-
-Note that OpenVPN configures a separate user and group "openvpn",
-which should be used instead of the NFS user "nobody"
-when an unprivileged user account is desired.
-
-You may want to add user openvpn and group openvpn when creating your
-configuration files, the example configuration shows this only as comments.
-EOM
-}
-{ type: upgrade
- message: <<EOM
-Note that OpenVPN now configures a separate user and group "openvpn",
-which should be used instead of the NFS user "nobody"
-when an unprivileged user account is desired.
-
-It is advisable to review existing configuration files and
-to consider adding/changing user openvpn and group openvpn.
-EOM
-}
-]
diff --git a/security/openvpn25/files/up-script.sample b/security/openvpn25/files/up-script.sample
deleted file mode 100644
index 2b9acee3dc85..000000000000
--- a/security/openvpn25/files/up-script.sample
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-# OpenVPN simple up/down script for openresolvconf integration.
-# (C) Copyright 2016 Baptiste Daroussin
-# BSD 2-clause license.
-
-set -e +u
-: ${script_type:=down}
-case "${script_type}" in
-up)
- i=1
- while :; do
- eval option=\"\$foreign_option_${i}\" || break
- [ "${option}" ] || break
- set -- ${option}
- i=$((i + 1))
- [ "$1" = "dhcp-option" ] || continue
- case "$2" in
- DNS) echo "nameserver ${3}" ;;
- DOMAIN) echo "domain ${3}" ;;
- DOMAIN-SEARCH) echo "search ${3}" ;;
- esac
- done | /sbin/resolvconf -a "${dev}"
- ;;
-down)
- /sbin/resolvconf -d "${dev}" -f
- ;;
-esac
diff --git a/security/openvpn25/pkg-descr b/security/openvpn25/pkg-descr
deleted file mode 100644
index 716b69051b64..000000000000
--- a/security/openvpn25/pkg-descr
+++ /dev/null
@@ -1,5 +0,0 @@
-OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private
-Network) daemon which can be used to securely link two or more private networks
-using an encrypted tunnel over the internet. It can operate over UDP or TCP,
-can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
-server can handle many clients.
diff --git a/security/openvpn25/pkg-plist b/security/openvpn25/pkg-plist
deleted file mode 100644
index d247b39c1eed..000000000000
--- a/security/openvpn25/pkg-plist
+++ /dev/null
@@ -1,10 +0,0 @@
-include/openvpn-msg.h
-include/openvpn-plugin.h
-lib/openvpn/plugins/openvpn-plugin-auth-pam.so
-lib/openvpn/plugins/openvpn-plugin-down-root.so
-libexec/openvpn-client.down
-libexec/openvpn-client.up
-man/man5/openvpn-examples.5.gz
-man/man8/openvpn.8.gz
-sbin/openvpn
-sbin/openvpn-client