git: 2c97a9151eb1 - main - security/openvpn-devel: upgrade port to git commit df4863aa0e (2025-06-27)

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Matthias Andree <mandree_at_FreeBSD.org>
Date: Sun, 29 Jun 2025 08:44:26 UTC
The branch main has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2c97a9151eb1c2d6af8dad1db442a4aa02e4f9c0

commit 2c97a9151eb1c2d6af8dad1db442a4aa02e4f9c0
Author:     Gert Doering <gert@greenie.muc.de>
AuthorDate: 2025-06-29 07:48:16 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2025-06-29 08:43:57 +0000

    security/openvpn-devel: upgrade port to git commit df4863aa0e (2025-06-27)
    
    This commit brings the port to "openvpn 2.7_alpha2" with a few extra
    bugfixes.
    
    There is one significant change here: the "old way" to update DNS
    config via "--up contrib/pull-resolv-conf/client.up" and plugin-down-root.sh
    has been replaced by a built-in mechanism (--dns-updown $script),
    which is no loger "contributed" but maintained upstream, and brings
    its own privilege separation / down-root mechanism.  The old
    contrib/pull-resolv-conf scripts have been removed from the upstream
    distribution.
    
    The port-specific "openvpn-client" script has been adjusted to do
    the same thing ("run a client config with DNS setup") with the new
    mechanism.
    
    Besides this, this update has a number of minor bugfixes and improvements
    to documentation, logging and testing infrastructure.
    
    PR:             287892
---
 security/openvpn-devel/Makefile                | 6 ++----
 security/openvpn-devel/distinfo                | 6 +++---
 security/openvpn-devel/files/openvpn-client.in | 5 ++---
 security/openvpn-devel/pkg-descr               | 8 ++++----
 security/openvpn-devel/pkg-plist               | 3 +--
 5 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile
index 0390cc0542f7..d41e0dba4a73 100644
--- a/security/openvpn-devel/Makefile
+++ b/security/openvpn-devel/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	openvpn
-DISTVERSION=	g20250402
+DISTVERSION=	g20250629
 PORTREVISION=	0  # leave in even if 0 to avoid accidental PORTEPOCH bumps
 PORTEPOCH=	1
 CATEGORIES=	security net net-vpn
@@ -21,7 +21,7 @@ LIB_DEPENDS+=	liblzo2.so:archivers/lzo2
 USES=		autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz
 IGNORE_SSL=	libressl libressl-devel
 USE_GITLAB=	yes
-GL_TAGNAME=	b75849ba36433331227ff66430ea06423fab8148
+GL_TAGNAME=	df4863aa0e43544ea82ab9d98966a03a95c62334
 USE_RC_SUBR=	openvpn
 
 SHEBANG_FILES=	sample/sample-scripts/auth-pam.pl \
@@ -137,8 +137,6 @@ post-build:
 post-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so
-	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
-	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down
 	${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client
 	${MKDIR} ${STAGEDIR}${PREFIX}/include
 
diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo
index f00b4905ceee..415d52c355ea 100644
--- a/security/openvpn-devel/distinfo
+++ b/security/openvpn-devel/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1743619255
-SHA256 (openvpn-openvpn-b75849ba36433331227ff66430ea06423fab8148_GL0.tar.gz) = 402e312f3d6be0a881ae068e3a52b96dece7d49cdddb0fd876ea7f06e4cff5dd
-SIZE (openvpn-openvpn-b75849ba36433331227ff66430ea06423fab8148_GL0.tar.gz) = 1292100
+TIMESTAMP = 1751182633
+SHA256 (openvpn-openvpn-df4863aa0e43544ea82ab9d98966a03a95c62334_GL0.tar.gz) = a1f756efc7aba2fdb79231a9eede327ce4242a777c88e7eaad3cb11d9197157c
+SIZE (openvpn-openvpn-df4863aa0e43544ea82ab9d98966a03a95c62334_GL0.tar.gz) = 1319214
diff --git a/security/openvpn-devel/files/openvpn-client.in b/security/openvpn-devel/files/openvpn-client.in
index 471757811795..20f806fd7a9c 100644
--- a/security/openvpn-devel/files/openvpn-client.in
+++ b/security/openvpn-devel/files/openvpn-client.in
@@ -1,6 +1,5 @@
 #!/bin/sh
 
-exec %%PREFIX%%/sbin/openvpn --script-security 2 \
-    --up %%PREFIX%%/libexec/openvpn-client.up \
-    --plugin openvpn-plugin-down-root.so %%PREFIX%%/libexec/openvpn-client.down \
+exec %%PREFIX%%/sbin/openvpn \
+    --dns-updown force \
     --config "$@"
diff --git a/security/openvpn-devel/pkg-descr b/security/openvpn-devel/pkg-descr
index f8b73ab4bde0..8f49325a652c 100644
--- a/security/openvpn-devel/pkg-descr
+++ b/security/openvpn-devel/pkg-descr
@@ -4,8 +4,8 @@ using an encrypted tunnel over the internet. It can operate over UDP or TCP,
 can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
 server can handle many clients.
 
-This development port is updated frequently and is likely NOT STABLE.  This is
-an untested tar of the source tree.  We attempt to omit inoperable states, but
-there is a good chance this program will not run.
+This development port is updated frequently and is much less well tested
+than the formal releases, and functionality and APIs may change without
+warning.
 
-DO NOT USE IN PRODUCTION WITHOUT CAUTION
+DO NOT USE IN PRODUCTION WITHOUT PRIOR TESTING FOR YOUR USE CASE.
diff --git a/security/openvpn-devel/pkg-plist b/security/openvpn-devel/pkg-plist
index 0f61a65b38a2..c21f84811403 100644
--- a/security/openvpn-devel/pkg-plist
+++ b/security/openvpn-devel/pkg-plist
@@ -5,6 +5,5 @@ lib/openvpn/plugins/openvpn-plugin-down-root.so
 share/man/man5/openvpn-examples.5.gz
 share/man/man8/openvpn.8.gz
 sbin/openvpn
-libexec/openvpn-client.down
-libexec/openvpn-client.up
 sbin/openvpn-client
+libexec/openvpn/dns-updown