From nobody Fri Mar 31 00:01:57 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PngSj4svVz42Yx0; Fri, 31 Mar 2023 00:01:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PngSj2r1mz4P87; Fri, 31 Mar 2023 00:01:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1680220917; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WEY98PQkV4e3OAK1NOGTkk6lpRwrP2Y294GjTv4T6kE=; b=AQ4j+0nqFkY4waz+F3WctXrKP89Mn5ci78nzBi/H6D0+NcGneEEoLDzFYkq2GcFKiF1zxG UFjFSYZvq2HCDvoZ7+HYYtzDTREPuPia+kE+k6HxQyFOsnFe6PURQal/OakNyRe/tRTeBJ fxTdZflNoIU576sb1sa4K1jcOyrFeEf3D/GyR8ncEswfWvi0MAAURWTwp4k3XqocN3OKT7 w+3LsU91+pMTYKohgWRtxR0+hiHc6fZmeA1qzodFiLZZzsv7+c7vKN2xaUMeYj0cp3IQa9 MhsQaXhmREzXcwsUv/qC5w+ehijoDnSsBnetw4Fqz5OuLt+dJCjbrr4MqPZjvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1680220917; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WEY98PQkV4e3OAK1NOGTkk6lpRwrP2Y294GjTv4T6kE=; b=cJrmU6q9MqmbKq1i+TdULNMfIYFz79+7iPsuMq0nOS6iP8wVcKhdEDZHSuZUD/kzUZ7yWZ NVL1C49aBel+fkL4sWmNQHDTIqtbbEcipSte4qmFXo1BWvZZZPVIwtnUrGPPYK2Y02pIpr xLRtukKfoqBg/yS0+PjYyfdwIlMaCpg/RL43vj7yhZ4HP896jcfzXOR8rqxG25DLk3ucsg 0Xipjg5khbYmbUlEa5dRnZqT4WEgJ6KZKNAqh7SknUSSRj98dcQ824ACHjDNOQpZHTxt1I ksZ2uMuVSPYsY7fGzDL9tJPVT+sqsAtNzOWU2D1CBL7vlGf4oM5doUBCvbIEGQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1680220917; a=rsa-sha256; cv=none; b=E/Kj97wPrEdw2x/4C+Q2E+CG9Ao3ecwbzvNn432161Izk1EGSh/Bdbsfpv/e2jh8RM8wtu ulxnzVipmbcG9TqnVaOhcZYa7eBVr9oPQdZ5QVL2zSdML6W8XXZfKHkyT852PtL4mBiydC BZ2ZzXaCllrVZ6LYsXGUAhLFHzmEiFtUjq9wY497XYE+v70b13K1OgYUuhh/NqKnHXjebm MhqJOIurGRGSS++pQHMM+OLuD0ofwAkBEzG4bi/qcYdBY8ZPQW3uvrqHpj+L9gjA73CclU qjdQj7/w1ffzxi2yVJ7iBD1Ar0A07bYokkcVY3AsccBQT0nBZjNeMTmZtxzkeg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PngSj1wWJzWkB; Fri, 31 Mar 2023 00:01:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32V01vIs014444; Fri, 31 Mar 2023 00:01:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32V01vSu014443; Fri, 31 Mar 2023 00:01:57 GMT (envelope-from git) Date: Fri, 31 Mar 2023 00:01:57 GMT Message-Id: <202303310001.32V01vSu014443@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Muhammad Moinur Rahman Subject: git: 2bfed05f70c7 - main - security/openvpn25: Remove expired port: List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bofh X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2bfed05f70c7bf3a4f95bf3ef824a1a259936898 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by bofh: URL: https://cgit.FreeBSD.org/ports/commit/?id=2bfed05f70c7bf3a4f95bf3ef824a1a259936898 commit 2bfed05f70c7bf3a4f95bf3ef824a1a259936898 Author: Muhammad Moinur Rahman AuthorDate: 2023-03-25 15:03:54 +0000 Commit: Muhammad Moinur Rahman CommitDate: 2023-03-30 23:59:43 +0000 security/openvpn25: Remove expired port: 2023-03-31 security/openvpn25: replaced by new upstream release 2.6.0 --- MOVED | 1 + security/Makefile | 1 - security/openvpn25/Makefile | 166 --------------------- security/openvpn25/distinfo | 3 - security/openvpn25/files/openvpn-client.in | 6 - security/openvpn25/files/openvpn.in | 144 ------------------ security/openvpn25/files/patch-doc_openvpn.8 | 20 --- security/openvpn25/files/patch-doc_openvpn.8.html | 20 --- ...ch-sample__sample-config-files__loopback-client | 13 -- ...ch-sample__sample-config-files__loopback-server | 13 -- .../files/patch-src_openvpn_openssl__compat.h | 20 --- .../files/patch-src_plugins_auth-pam_auth-pam.c | 10 -- security/openvpn25/files/patch-tests__t_cltsrv.sh | 65 -------- security/openvpn25/files/pkg-message.in | 34 ----- security/openvpn25/files/up-script.sample | 27 ---- security/openvpn25/pkg-descr | 5 - security/openvpn25/pkg-plist | 10 -- 17 files changed, 1 insertion(+), 557 deletions(-) diff --git a/MOVED b/MOVED index 193fc4506031..6d220ef5a429 100644 --- a/MOVED +++ b/MOVED @@ -17864,3 +17864,4 @@ ports-mgmt/p5-FreeBSD-Portindex||2023-03-31|Has expired: Not working, and no fix print/ghostscript9-x11||2023-03-31|Has expired: Released over 10 years ago and unsupported by upstream, consider print/ghostscript9-agpl-x11 print/ghostscript9-base||2023-03-31|Has expired: Released over 10 years ago and unsupported by upstream, consider print/ghostscript9-agpl-base security/openscep||2023-03-31|Has expired: Do not support recent RFC 8894 +security/openvpn25|security/openvpn|2023-03-31|Has expired: replaced by new upstream release 2.6.0 diff --git a/security/Makefile b/security/Makefile index 01c174d4e633..1eb8308d4dbe 100644 --- a/security/Makefile +++ b/security/Makefile @@ -422,7 +422,6 @@ SUBDIR += openvpn-auth-radius SUBDIR += openvpn-auth-script SUBDIR += openvpn-devel - SUBDIR += openvpn25 SUBDIR += ophcrack SUBDIR += opie SUBDIR += ossec-hids diff --git a/security/openvpn25/Makefile b/security/openvpn25/Makefile deleted file mode 100644 index 7b3da13b1437..000000000000 --- a/security/openvpn25/Makefile +++ /dev/null @@ -1,166 +0,0 @@ -PORTNAME= openvpn -DISTVERSION= 2.5.9 -PORTREVISION?= 0 -CATEGORIES= security net net-vpn -MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \ - https://build.openvpn.net/downloads/releases/ \ - LOCAL/mandree -PKGNAMESUFFIX= 25 - -MAINTAINER= mandree@FreeBSD.org -COMMENT?= Secure IP/Ethernet tunnel daemon -WWW= https://openvpn.net/community/ - -LICENSE= GPLv2 -LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL - -DEPRECATED= replaced by new upstream release 2.6.0 -EXPIRATION_DATE= 2023-03-31 - -USES= cpe libtool localbase:ldflags pkgconfig shebangfix ssl -USE_RC_SUBR= openvpn - -SHEBANG_FILES= sample/sample-scripts/verify-cn \ - sample/sample-scripts/auth-pam.pl \ - sample/sample-scripts/ucn.pl - -GNU_CONFIGURE= yes -CONFIGURE_ARGS+= --enable-strict --with-crypto-library=openssl -# set PLUGIN_LIBDIR so that unqualified plugin paths are found: -CONFIGURE_ENV+= PLUGINDIR="${PREFIX}/lib/openvpn/plugins" - -CONFLICTS_INSTALL?= openvpn-2* openvpn-devel openvpn-mbedtls - -PORTSCOUT= limit:^2\.5\. - -SUB_FILES= pkg-message openvpn-client - -USERS= openvpn -GROUPS= openvpn - -PORTDOCS= * -PORTEXAMPLES= * - -OPTIONS_DEFINE= ASYNC_PUSH DOCS EASYRSA EXAMPLES LZ4 LZO PKCS11 SMALL \ - TEST UNITTESTS X509ALTUSERNAME -OPTIONS_DEFAULT= EASYRSA LZ4 LZO PKCS11 TEST -ASYNC_PUSH_DESC= Enable async-push support -EASYRSA_DESC= Install security/easy-rsa RSA helper package -LZO_DESC= LZO compression (incompatible with LibreSSL) -PKCS11_DESC= Use security/pkcs11-helper, needs same SSL lib! -SMALL_DESC= Build a smaller executable with fewer features -UNITTESTS_DESC= Enable unit tests -X509ALTUSERNAME_DESC= Enable --x509-username-field - -ASYNC_PUSH_LIB_DEPENDS= libinotify.so:devel/libinotify -ASYNC_PUSH_CONFIGURE_ENABLE= async-push - -EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa - -LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 -LZ4_CONFIGURE_ENABLE= lz4 - -LZO_LIB_DEPENDS+= liblzo2.so:archivers/lzo2 -LZO_CONFIGURE_ENABLE= lzo - -PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper -PKCS11_CONFIGURE_ENABLE= pkcs11 - -SMALL_CONFIGURE_ENABLE= small - -TEST_ALL_TARGET= check -TEST_TEST_TARGET_OFF= check - -UNITTESTS_BUILD_DEPENDS= cmocka>=0:sysutils/cmocka -UNITTESTS_CONFIGURE_ENABLE= unit-tests - -X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username - -.ifdef (LOG_OPENVPN) -CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} -.endif - -.include - -.if ${PORT_OPTIONS:MLZO} -IGNORE_SSL=libressl libressl-devel -IGNORE_SSL_REASON=OpenVPN does not have permission to include LZO with LibreSSL. Compile against OpenSSL, or if your setups support it, disable LZO support -.endif - -.if ! ${PORT_OPTIONS:MLZ4} && ! ${PORT_OPTIONS:MLZO} -CONFIGURE_ARGS+= --enable-comp-stub -.endif - -.include - -.if !empty(PORT_OPTIONS:MLZO) && !empty(SSL_DEFAULT:Nbase:Nopenssl*) -# in-depth security net if Mk/Uses/ssl.mk changes -pre-everything:: - @${ECHO_CMD} >&2 "ERROR: OpenVPN is not licensed to combine LZO with other OpenSSL-licensed libraries than OpenSSL. Compile against OpenSSL, or if your setups support it, disable LZO support." - @${SHELL} -c 'exit 1' -.endif - -post-patch: - ${REINPLACE_CMD} -E -i '' -e 's/(user|group) nobody/\1 openvpn/' \ - -e 's/"nobody"( after init)/"openvpn" \1/' \ - ${WRKSRC}/sample/sample-config-files/*.conf \ - ${WRKSRC}/sample/sample-config-files/xinetd-*-config \ - ${WRKSRC}/doc/man-sections/generic-options.rst - -pre-configure: - # just too many of sign-compare; bitwise-instead-of-logical was audited and is intentional, - # and unused-function affects test---these are developer-side warnings, not relevant on end systems - ${REINPLACE_CMD} 's/-Wsign-compare/-Wno-unknown-warning-option -Wno-sign-compare -Wno-bitwise-instead-of-logical -Wno-unused-function/' ${WRKSRC}/configure -.ifdef (LOG_OPENVPN) - @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" -.else - @${ECHO} "" - @${ECHO} "You may use the following build options:" - @${ECHO} "" - @${ECHO} " LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}" - @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_LOCAL6" - @${ECHO} "" -.endif -.if !empty(SSL_DEFAULT:Mlibressl*) - @${ECHO} "### --------------------------------------------------------- ###" - @${ECHO} "### NOTE that libressl is not primarily supported by OpenVPN ###" - @${ECHO} "### Do not report bugs without fixes/patches unless the issue ###" - @${ECHO} "### can be reproduced with a released OpenSSL version. ###" - @${ECHO} "### --------------------------------------------------------- ###" - @sleep 10 -.endif - -post-configure: - ${REINPLACE_CMD} '/^CFLAGS =/s/$$/ -fPIC/' \ - ${WRKSRC}/src/plugins/auth-pam/Makefile \ - ${WRKSRC}/src/plugins/down-root/Makefile - -# sanity check that we don't inherit incompatible SSL libs through, -# for instance, pkcs11-helper: -_tlslibs=libssl libcrypto -post-build: - @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \ - | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\ - if test "$$*" != "1" ; then ( set -x ; ldd -a ${WRKSRC}/src/openvpn/openvpn ) ; ${PRINTF} '%s\n' "$$a" ; ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi - -post-install: - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so - ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up - ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down - @${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up - ${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client - ${MKDIR} ${STAGEDIR}${PREFIX}/include - -post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR}/ -.for i in AUTHORS ChangeLog PORTS - ${INSTALL_MAN} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/ -.endfor - -post-install-EXAMPLES-on: - (cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/) - ${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/* - ${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig - -.include diff --git a/security/openvpn25/distinfo b/security/openvpn25/distinfo deleted file mode 100644 index d9e09d1d66cf..000000000000 --- a/security/openvpn25/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1676264862 -SHA256 (openvpn-2.5.9.tar.gz) = 8794b7125998c68f30de654267a702b9581454ca1e7061511fcc5f99fea4bd32 -SIZE (openvpn-2.5.9.tar.gz) = 1840560 diff --git a/security/openvpn25/files/openvpn-client.in b/security/openvpn25/files/openvpn-client.in deleted file mode 100644 index 471757811795..000000000000 --- a/security/openvpn25/files/openvpn-client.in +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -exec %%PREFIX%%/sbin/openvpn --script-security 2 \ - --up %%PREFIX%%/libexec/openvpn-client.up \ - --plugin openvpn-plugin-down-root.so %%PREFIX%%/libexec/openvpn-client.down \ - --config "$@" diff --git a/security/openvpn25/files/openvpn.in b/security/openvpn25/files/openvpn.in deleted file mode 100644 index 9a59ed6f011e..000000000000 --- a/security/openvpn25/files/openvpn.in +++ /dev/null @@ -1,144 +0,0 @@ -#!/bin/sh -# -# openvpn.sh - load tun/tap driver and start OpenVPN daemon -# -# (C) Copyright 2005 - 2008, 2010 by Matthias Andree -# based on suggestions by Matthias Grimm and Dirk Gouders -# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev -# and Vasil Dimov -# softrestart feature suggested by Nick Hibma -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more -# details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin -# Street, Fifth Floor, Boston, MA 02110-1301, USA. - -# PROVIDE: openvpn -# REQUIRE: DAEMON -# KEYWORD: shutdown - -# ----------------------------------------------------------------------------- -# -# This script supports running multiple instances of openvpn. -# To run additional instances link this script to something like -# % ln -s openvpn openvpn_foo -# and define additional openvpn_foo_* variables in one of -# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/openvpn_foo -# -# Below NAME should be substituted with the name of this script. By default -# it is openvpn, so read as openvpn_enable. If you linked the script to -# openvpn_foo, then read as openvpn_foo_enable etc. -# -# The following variables are supported (defaults are shown). -# You can place them in any of -# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME -# -# NAME_enable="NO" # set to YES to enable openvpn -# NAME_if= # driver(s) to load, set to "tun", "tap" or "tun tap" -# # it is OK to specify the if_ prefix. -# -# # optional: -# NAME_flags= # additional command line arguments -# NAME_configfile="%%PREFIX%%/etc/openvpn/NAME.conf" # --config file -# NAME_dir="%%PREFIX%%/etc/openvpn" # --cd directory -# -# You also need to set NAME_configfile and NAME_dir, if the configuration -# file and directory where keys and certificates reside differ from the above -# settings. -# -# Note that we deliberately refrain from unloading drivers. -# -# For further documentation, please see openvpn(8). -# - -. /etc/rc.subr - -# service(8) does not create an authentic environment, try to guess, -# and as of 10.3-RELEASE-p0, it will not find the indented name= -# assignments below. So give it a default. -# Trailing semicolon also for service(8)'s benefit: -name="$file" ; - -case "$0" in -/etc/rc*) - # during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown), - # so get the name of the script from $_file - name="$_file" - ;; -*/service) - # do not use this as $0 - ;; -*) - name="$0" - ;; -esac - -# default name to "openvpn" if guessing failed -# Trailing semicolon also for service(8)'s benefit: -name="${name:-openvpn}" ; -name="${name##*/}" -rcvar=${name}_enable - -stop_postcmd() -{ - rm -f "$pidfile" || warn "Could not remove $pidfile." -} - -softrestart() -{ - sig_reload=USR1 run_rc_command reload - exit $? -} - -openvpn_stats() -{ - sig_reload=USR2 - run_rc_command ${rc_prefix}reload $rc_extra_args -} - -# reload: support SIGHUP to reparse configuration file -# softrestart: support SIGUSR1 to reconnect without superuser privileges -# stats: support SIGUSR2 to write statistics to the syslog -extra_commands="reload softrestart stats" -softrestart_cmd="softrestart" -stats_cmd="openvpn_stats" - -# pidfile -pidfile="/var/run/${name}.pid" - -# command and arguments -command="%%PREFIX%%/sbin/openvpn" - -# run this last -stop_postcmd="stop_postcmd" - -load_rc_config ${name} - -eval ": \${${name}_enable:=\"NO\"}" -eval ": \${${name}_configfile:=\"%%PREFIX%%/etc/openvpn/${name}.conf\"}" -eval ": \${${name}_dir:=\"%%PREFIX%%/etc/openvpn\"}" - -configfile="$(eval echo \${${name}_configfile})" -dir="$(eval echo \${${name}_dir})" -interfaces="$(eval echo \${${name}_if})" -flags="$(eval echo \${${name}_flags})" - -required_modules= -for i in $interfaces ; do - required_modules="$required_modules${required_modules:+" "}if_${i#if_}" -done - -required_files=${configfile} - -command_args="--cd ${dir} --daemon ${name} --config ${configfile} --writepid ${pidfile} ${flags}" - -run_rc_command "$1" diff --git a/security/openvpn25/files/patch-doc_openvpn.8 b/security/openvpn25/files/patch-doc_openvpn.8 deleted file mode 100644 index a536dae76755..000000000000 --- a/security/openvpn25/files/patch-doc_openvpn.8 +++ /dev/null @@ -1,20 +0,0 @@ ---- doc/openvpn.8.orig 2021-10-05 05:57:01 UTC -+++ doc/openvpn.8 -@@ -358,7 +358,7 @@ lower priority, \fBn\fP less than zero is higher prior - .B \-\-persist\-key - Don\(aqt re\-read key files across \fBSIGUSR1\fP or \fB\-\-ping\-restart\fP\&. - .sp --This option can be combined with \fB\-\-user nobody\fP to allow restarts -+This option can be combined with \fB\-\-user openvpn\fP to allow restarts - triggered by the \fBSIGUSR1\fP signal. Normally if you drop root - privileges in OpenVPN, the daemon cannot be restarted since it will now - be unable to re\-read protected key files. -@@ -577,7 +577,7 @@ useful to protect the system in the event that some ho - able to gain control of an OpenVPN session. Though OpenVPN\(aqs security - features make this unlikely, it is provided as a second line of defense. - .sp --By setting \fBuser\fP to \fBnobody\fP or somebody similarly unprivileged, -+By setting \fBuser\fP to \fBopenvpn\fP or somebody similarly unprivileged, - the hostile party would be limited in what damage they could cause. Of - course once you take away privileges, you cannot return them to an - OpenVPN session. This means, for example, that if you want to reset an diff --git a/security/openvpn25/files/patch-doc_openvpn.8.html b/security/openvpn25/files/patch-doc_openvpn.8.html deleted file mode 100644 index 5b1e8e805e13..000000000000 --- a/security/openvpn25/files/patch-doc_openvpn.8.html +++ /dev/null @@ -1,20 +0,0 @@ ---- doc/openvpn.8.html.orig 2021-10-05 05:57:01 UTC -+++ doc/openvpn.8.html -@@ -650,7 +650,7 @@ lower priority, n le - - --persist-key -

Don't re-read key files across SIGUSR1 or --ping-restart.

--

This option can be combined with --user nobody to allow restarts -+

This option can be combined with --user openvpn to allow restarts - triggered by the SIGUSR1 signal. Normally if you drop root - privileges in OpenVPN, the daemon cannot be restarted since it will now - be unable to re-read protected key files.

-@@ -824,7 +824,7 @@ initialization, dropping privileges in the process. Th - useful to protect the system in the event that some hostile party was - able to gain control of an OpenVPN session. Though OpenVPN's security - features make this unlikely, it is provided as a second line of defense.

--

By setting user to nobody or somebody similarly unprivileged, -+

By setting user to openvpn or somebody similarly unprivileged, - the hostile party would be limited in what damage they could cause. Of - course once you take away privileges, you cannot return them to an - OpenVPN session. This means, for example, that if you want to reset an diff --git a/security/openvpn25/files/patch-sample__sample-config-files__loopback-client b/security/openvpn25/files/patch-sample__sample-config-files__loopback-client deleted file mode 100644 index 0b485a641d8a..000000000000 --- a/security/openvpn25/files/patch-sample__sample-config-files__loopback-client +++ /dev/null @@ -1,13 +0,0 @@ ---- sample/sample-config-files/loopback-client.orig 2016-08-23 14:16:22 UTC -+++ sample/sample-config-files/loopback-client -@@ -9,8 +9,8 @@ - # ./openvpn --config sample-config-files/loopback-client (In one window) - # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - --rport 16000 --lport 16001 -+rport 16100 -+lport 16101 - remote localhost - local localhost - dev null diff --git a/security/openvpn25/files/patch-sample__sample-config-files__loopback-server b/security/openvpn25/files/patch-sample__sample-config-files__loopback-server deleted file mode 100644 index 58691b133de7..000000000000 --- a/security/openvpn25/files/patch-sample__sample-config-files__loopback-server +++ /dev/null @@ -1,13 +0,0 @@ ---- sample/sample-config-files/loopback-server.orig 2016-08-23 14:16:22 UTC -+++ sample/sample-config-files/loopback-server -@@ -9,8 +9,8 @@ - # ./openvpn --config sample-config-files/loopback-client (In one window) - # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - --rport 16001 --lport 16000 -+rport 16101 -+lport 16100 - remote localhost - local localhost - dev null diff --git a/security/openvpn25/files/patch-src_openvpn_openssl__compat.h b/security/openvpn25/files/patch-src_openvpn_openssl__compat.h deleted file mode 100644 index 2d68b96e8580..000000000000 --- a/security/openvpn25/files/patch-src_openvpn_openssl__compat.h +++ /dev/null @@ -1,20 +0,0 @@ ---- src/openvpn/openssl_compat.h.orig 2020-04-16 13:26:45 UTC -+++ src/openvpn/openssl_compat.h -@@ -747,7 +747,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx) - } - #endif /* SSL_CTX_get_max_proto_version */ - --#ifndef SSL_CTX_set_min_proto_version -+#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) - /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ - static inline int - SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) -@@ -776,7 +776,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v - } - #endif /* SSL_CTX_set_min_proto_version */ - --#ifndef SSL_CTX_set_max_proto_version -+#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) - /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */ - static inline int - SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) diff --git a/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c b/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c deleted file mode 100644 index 633bc0f0204d..000000000000 --- a/security/openvpn25/files/patch-src_plugins_auth-pam_auth-pam.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/plugins/auth-pam/auth-pam.c.orig 2021-06-21 04:44:39 UTC -+++ src/plugins/auth-pam/auth-pam.c -@@ -39,6 +39,7 @@ - #include - #include - #include -+#include - #include - #include - #include diff --git a/security/openvpn25/files/patch-tests__t_cltsrv.sh b/security/openvpn25/files/patch-tests__t_cltsrv.sh deleted file mode 100644 index 9d0af3691c87..000000000000 --- a/security/openvpn25/files/patch-tests__t_cltsrv.sh +++ /dev/null @@ -1,65 +0,0 @@ ---- tests/t_cltsrv.sh.orig 2016-08-23 13:10:22 UTC -+++ tests/t_cltsrv.sh -@@ -1,7 +1,7 @@ - #! /bin/sh - # - # t_cltsrv.sh - script to test OpenVPN's crypto loopback --# Copyright (C) 2005, 2006, 2008 Matthias Andree -+# Copyright (C) 2005 - 2014 Matthias Andree - # - # This program is free software; you can redistribute it and/or - # modify it under the terms of the GNU General Public License -@@ -22,8 +22,9 @@ set -e - srcdir="${srcdir:-.}" - top_srcdir="${top_srcdir:-..}" - top_builddir="${top_builddir:-..}" --trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15 --trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3 -+root="${top_srcdir}/sample" -+trap "rm -f ${root}/sample-config-files/loopback-*.test log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15 -+trap "a=\$? ; rm -f ${root}/sample-config-files/loopback-*.test log.$$ log.$$.signal ; test \$a = 0 && exit 1 || exit \$a" 0 3 - addopts= - case `uname -s` in - FreeBSD) -@@ -45,18 +46,38 @@ esac - # make sure that the --down script is executable -- fail (rather than - # skip) test if it isn't. - downscript="../tests/t_cltsrv-down.sh" --root="${top_srcdir}/sample" - test -x "${root}/${downscript}" || chmod +x "${root}/${downscript}" || { echo >&2 "${root}/${downscript} is not executable, failing." ; exit 1 ; } - echo "The following test will take about two minutes." >&2 - echo "If the addresses are in use, this test will retry up to two times." >&2 - -+set -- $(ifconfig lo0 | grep -E '\&2 "### NO ADDRESSES ON LOOPBACK INTERFACE lo0, SKIPPING TEST ###" -+ exit 77 -+fi -+if [ "inet6" = "$1" ] ; then -+ add='proto udp6 ' -+fi -+for i in server client ; do -+ sed -e "s|localhost|${2%/*}|" -e "/^remote /a\\ -+$add" ${root}/sample-config-files/loopback-$i \ -+ >${root}/sample-config-files/loopback-$i.test -+done -+ - # go - success=0 - for i in 1 2 3 ; do - set +e - ( -- "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" & -- "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client" -+ "${top_builddir}/src/openvpn/openvpn" --script-security 2 \ -+ --cd "${root}" ${addopts} --setenv role srv \ -+ --down "${downscript}" --tls-exit --ping-exit 180 \ -+ --config "sample-config-files/loopback-server.test" & -+ "${top_builddir}/src/openvpn/openvpn" --script-security 2 \ -+ --cd "${top_srcdir}/sample" ${addopts} --setenv role clt \ -+ --down "${downscript}" --tls-exit --ping-exit 180 \ -+ --config "sample-config-files/loopback-client.test" - ) 3>log.$$.signal >log.$$ 2>&1 - e1=$? - wait $! diff --git a/security/openvpn25/files/pkg-message.in b/security/openvpn25/files/pkg-message.in deleted file mode 100644 index c527aec28683..000000000000 --- a/security/openvpn25/files/pkg-message.in +++ /dev/null @@ -1,34 +0,0 @@ -[ -{ type: install - message: <.ovpn - -For compatibility notes when interoperating with older OpenVPN -versions, please see - -Note that OpenVPN does not officially support LibreSSL. - -Note that OpenVPN configures a separate user and group "openvpn", -which should be used instead of the NFS user "nobody" -when an unprivileged user account is desired. - -You may want to add user openvpn and group openvpn when creating your -configuration files, the example configuration shows this only as comments. -EOM -} -{ type: upgrade - message: <