svn commit: r429678 - in head: . security security/openvpn security/openvpn-mbedtls security/openvpn-polarssl security/openvpn/files security/openvpn23 security/openvpn23-polarssl
Matthias Andree
mandree at FreeBSD.org
Tue Dec 27 23:16:59 UTC 2016
Author: mandree
Date: Tue Dec 27 23:16:57 2016
New Revision: 429678
URL: https://svnweb.freebsd.org/changeset/ports/429678
Log:
OpenVPN update to v2.4.0, old version in openvpn23*.
OpenVPN has been updated to v2.4.0.
Changes: <https://github.com/OpenVPN/openvpn/blob/v2.4.0/Changes.rst>
openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS
library's change of name.
The prior versions of the openvpn ports have been preserved in openvpn23
and openvpn23-polarssl, respectively, and are set to expire 2017-03-31.
Added:
head/security/openvpn-mbedtls/
- copied from r429677, head/security/openvpn-polarssl/
head/security/openvpn23/
- copied from r428693, head/security/openvpn/
head/security/openvpn23-polarssl/
- copied from r428693, head/security/openvpn-polarssl/
Deleted:
head/security/openvpn-polarssl/
Modified:
head/MOVED
head/UPDATING
head/security/Makefile
head/security/openvpn-mbedtls/Makefile
head/security/openvpn/Makefile
head/security/openvpn/distinfo
head/security/openvpn/files/extra-tunnelblick-openvpn_xorpatch
head/security/openvpn/pkg-plist
head/security/openvpn23-polarssl/Makefile
head/security/openvpn23/Makefile
Modified: head/MOVED
==============================================================================
--- head/MOVED Tue Dec 27 22:34:36 2016 (r429677)
+++ head/MOVED Tue Dec 27 23:16:57 2016 (r429678)
@@ -8852,3 +8852,4 @@ net-mgmt/ccnet|net-mgmt/ccnet-client|201
net-mgmt/seafile|net-mgmt/seafile-client|2016-12-26|Split into -client and -server parts
comms/libcodec2|audio/codec2|2016-12-26|Removed: Duplicate port use `audio/codec2` instead
databases/py-sqlalchemy07|databases/py-sqlalchemy10|2016-12-27|Has expired: Upstream has declared this version EoL: please migrate to databases/py-sqlalchemy10
+security/openvpn-polarssl|security/openvpn-mbedtls|2016-12-27|Slave port renamed to match the TLS library's new name.
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Tue Dec 27 22:34:36 2016 (r429677)
+++ head/UPDATING Tue Dec 27 23:16:57 2016 (r429678)
@@ -5,6 +5,16 @@ they are unavoidable.
You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.
+20161227:
+ AFFECTS: users of security/openvpn, security/openvpn-polarssl
+ AUTHOR: Matthias Andree <mandree at FreeBSD.org>
+
+ The OpenVPN ports have been updated to the new upstream release v2.4,
+ and their predecessors preserved as openvpn23 and openvpn23-polarssl,
+ respectively. Note that for the new v2.4 release, the
+ openvpn-polarssl port has been renamed to openvpn-mbedtls to match the
+ upstream library's new name.
+
20161218:
AFFECTS: users of www/nghttp2
AUTHOR: sunpoet at FreeBSD.org
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Tue Dec 27 22:34:36 2016 (r429677)
+++ head/security/Makefile Tue Dec 27 23:16:57 2016 (r429678)
@@ -436,7 +436,9 @@
SUBDIR += openvpn-auth-ldap
SUBDIR += openvpn-auth-radius
SUBDIR += openvpn-devel
- SUBDIR += openvpn-polarssl
+ SUBDIR += openvpn-mbedtls
+ SUBDIR += openvpn23
+ SUBDIR += openvpn23-polarssl
SUBDIR += ophcrack
SUBDIR += orthrus
SUBDIR += osiris
Modified: head/security/openvpn-mbedtls/Makefile
==============================================================================
--- head/security/openvpn-polarssl/Makefile Tue Dec 27 22:34:36 2016 (r429677)
+++ head/security/openvpn-mbedtls/Makefile Tue Dec 27 23:16:57 2016 (r429678)
@@ -1,12 +1,12 @@
# Created by: Matthias Andree <mandree at FreeBSD.org>
# $FreeBSD$
-PKGNAMESUFFIX= -polarssl
+PKGNAMESUFFIX= -mbedtls
-COMMENT= Secure IP/Ethernet tunnel daemon, PolarSSL-based build
+COMMENT= Secure IP/Ethernet tunnel daemon, mbedTLS-based build
OPTIONS_EXCLUDE= OPENSSL PKCS11 X509ALTUSERNAME
-OPTIONS_SLAVE= POLARSSL
+OPTIONS_SLAVE= MBEDTLS
MASTERDIR= ${.CURDIR}/../../security/openvpn
Modified: head/security/openvpn/Makefile
==============================================================================
--- head/security/openvpn/Makefile Tue Dec 27 22:34:36 2016 (r429677)
+++ head/security/openvpn/Makefile Tue Dec 27 23:16:57 2016 (r429678)
@@ -2,7 +2,8 @@
# $FreeBSD$
PORTNAME= openvpn
-DISTVERSION= 2.3.14
+DISTVERSION= 2.4.0
+PORTREVISION?= 0
CATEGORIES= security net
MASTER_SITES= http://swupdate.openvpn.net/community/releases/ \
http://build.openvpn.net/downloads/releases/
@@ -12,14 +13,15 @@ COMMENT?= Secure IP/Ethernet tunnel dae
LICENSE= GPLv2
-CONFLICTS_INSTALL= openvpn-2.[!3].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]*
+CONFLICTS_INSTALL= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]*
GNU_CONFIGURE= yes
USES= cpe libtool pkgconfig shebangfix tar:xz
SHEBANG_FILES= sample/sample-scripts/verify-cn \
sample/sample-scripts/auth-pam.pl \
sample/sample-scripts/ucn.pl
-# avoid picking up CMAKE, we don't have cmocka anyways.
+CONFIGURE_ARGS+= --enable-strict
+# avoid picking up CMAKE, we don't have cmocka in the tarballs..
CONFIGURE_ENV+= ac_cv_prog_CMAKE= CMAKE=
# let OpenVPN's configure script pick up the requisite libraries,
@@ -31,17 +33,16 @@ LDFLAGS+= -L${LOCALBASE}/lib
CPPFLAGS+= -DPLUGIN_LIBDIR=\\\"${PREFIX}/lib/openvpn/plugins\\\"
OPTIONS_DEFINE= PKCS11 EASYRSA DOCS EXAMPLES X509ALTUSERNAME \
- TUNNELBLICK TEST
-OPTIONS_DEFAULT= EASYRSA OPENSSL TEST
+ TEST LZ4 SMALL TUNNELBLICK
+OPTIONS_DEFAULT= EASYRSA OPENSSL TEST LZ4
OPTIONS_SINGLE= SSL
-OPTIONS_SINGLE_SSL= OPENSSL POLARSSL
-# The following feature is always enabled since 2.3.9 and no longer optional.
-# PW_SAVE_DESC= Interactive passwords may be read from a file
+OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS
PKCS11_DESC= Use security/pkcs11-helper
EASYRSA_DESC= Install security/easy-rsa RSA helper package
-POLARSSL_DESC= SSL/TLS via mbedTLS 1.3.X (not 2.x)
+MBEDTLS_DESC= SSL/TLS via mbedTLS
TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!)
X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only)
+SMALL_DESC= Build a smaller executable with fewer features
EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa
@@ -52,17 +53,18 @@ TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/e
X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username
-X509ALTUSERNAME_PREVENTS= POLARSSL
-X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with PolarSSL. Disable X509ALTUSERNAME, or use OpenSSL instead
+X509ALTUSERNAME_PREVENTS= MBEDTLS
+X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with mbedTLS. Disable X509ALTUSERNAME, or use OpenSSL instead
OPENSSL_USES= ssl
OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl
-# Pin the libmbedtls version because the 2.3.x port can't work with .so.10 or
-# newer from the security/mbedtls package. Upstream works in progress
-# for OpenVPN 2.4 to use mbedTLS 2.X.
-POLARSSL_LIB_DEPENDS= libmbedtls.so.9:security/polarssl13
-POLARSSL_CONFIGURE_ON= --with-crypto-library=polarssl
+LZ4_CONFIGURE_OFF= --disable-lz4
+
+SMALL_CONFIGURE_ON= --enable-small
+
+MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls
+MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls
USE_RC_SUBR= openvpn
USE_LDCONFIG= ${PREFIX}/lib
@@ -75,6 +77,8 @@ CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN}
LIB_DEPENDS+= liblzo2.so:archivers/lzo2
+LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4
+
PORTDOCS= *
PORTEXAMPLES= *
Modified: head/security/openvpn/distinfo
==============================================================================
--- head/security/openvpn/distinfo Tue Dec 27 22:34:36 2016 (r429677)
+++ head/security/openvpn/distinfo Tue Dec 27 23:16:57 2016 (r429678)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1481159357
-SHA256 (openvpn-2.3.14.tar.xz) = f3a0d0eaf8d544409f76a9f2a238a0cd3dde9e1a9c1f98ac732a8b572bcdee98
-SIZE (openvpn-2.3.14.tar.xz) = 831404
+TIMESTAMP = 1482879037
+SHA256 (openvpn-2.4.0.tar.xz) = 6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e
+SIZE (openvpn-2.4.0.tar.xz) = 930948
Modified: head/security/openvpn/files/extra-tunnelblick-openvpn_xorpatch
==============================================================================
--- head/security/openvpn/files/extra-tunnelblick-openvpn_xorpatch Tue Dec 27 22:34:36 2016 (r429677)
+++ head/security/openvpn/files/extra-tunnelblick-openvpn_xorpatch Tue Dec 27 23:16:57 2016 (r429678)
@@ -10,128 +10,129 @@ detail on the following wiki page:
https://tunnelblick.net/cOpenvpn_xorpatch.html
+The patch was ported to OpenVPN 2.4 by OPNsense.
---- src/openvpn/forward.c.orig 2016-08-23 14:16:28 UTC
+--- src/openvpn/forward.c.orig 2016-12-22 07:25:18 UTC
+++ src/openvpn/forward.c
-@@ -674,7 +674,10 @@ read_incoming_link (struct context *c)
+@@ -730,7 +730,10 @@ read_incoming_link(struct context *c)
- status = link_socket_read (c->c2.link_socket,
- &c->c2.buf,
-- &c->c2.from);
-+ &c->c2.from,
-+ c->options.ce.xormethod,
-+ c->options.ce.xormask,
-+ c->options.ce.xormasklen);
+ status = link_socket_read(c->c2.link_socket,
+ &c->c2.buf,
+- &c->c2.from);
++ &c->c2.from,
++ c->options.ce.xormethod,
++ c->options.ce.xormask,
++ c->options.ce.xormasklen);
- if (socket_connection_reset (c->c2.link_socket, status))
+ if (socket_connection_reset(c->c2.link_socket, status))
{
-@@ -1151,7 +1154,10 @@ process_outgoing_link (struct context *c
- /* Send packet */
- size = link_socket_write (c->c2.link_socket,
- &c->c2.to_link,
-- to_addr);
-+ to_addr,
-+ c->options.ce.xormethod,
-+ c->options.ce.xormask,
-+ c->options.ce.xormasklen);
+@@ -1368,7 +1371,10 @@ process_outgoing_link(struct context *c)
+ /* Send packet */
+ size = link_socket_write(c->c2.link_socket,
+ &c->c2.to_link,
+- to_addr);
++ to_addr,
++ c->options.ce.xormethod,
++ c->options.ce.xormask,
++ c->options.ce.xormasklen);
- #ifdef ENABLE_SOCKS
- /* Undo effect of prepend */
---- src/openvpn/options.c.orig 2016-08-23 14:16:22 UTC
+ /* Undo effect of prepend */
+ link_socket_write_post_size_adjust(&size, size_delta, &c->c2.to_link);
+--- src/openvpn/options.c.orig 2016-12-22 07:25:18 UTC
+++ src/openvpn/options.c
-@@ -792,6 +792,9 @@ init_options (struct options *o, const b
- o->max_routes = MAX_ROUTES_DEFAULT;
- o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
- o->proto_force = -1;
-+ o->ce.xormethod = 0;
-+ o->ce.xormask = "\0";
-+ o->ce.xormasklen = 0;
+@@ -811,6 +811,9 @@ init_options(struct options *o, const bo
+ o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
+ o->resolve_in_advance = false;
+ o->proto_force = -1;
++ o->ce.xormethod = 0;
++ o->ce.xormask = "\0";
++ o->ce.xormasklen = 0;
#ifdef ENABLE_OCC
- o->occ = true;
+ o->occ = true;
#endif
-@@ -907,6 +910,9 @@ setenv_connection_entry (struct env_set
- setenv_int_i (es, "local_port", e->local_port, i);
- setenv_str_i (es, "remote", e->remote, i);
- setenv_int_i (es, "remote_port", e->remote_port, i);
-+ setenv_int_i (es, "xormethod", e->xormethod, i);
-+ setenv_str_i (es, "xormask", e->xormask, i);
-+ setenv_int_i (es, "xormasklen", e->xormasklen, i);
+@@ -972,6 +975,9 @@ setenv_connection_entry(struct env_set *
+ setenv_str_i(es, "local_port", e->local_port, i);
+ setenv_str_i(es, "remote", e->remote, i);
+ setenv_str_i(es, "remote_port", e->remote_port, i);
++ setenv_int_i(es, "xormethod", e->xormethod, i);
++ setenv_str_i(es, "xormask", e->xormask, i);
++ setenv_int_i(es, "xormasklen", e->xormasklen, i);
- #ifdef ENABLE_HTTP_PROXY
- if (e->http_proxy_options)
-@@ -1366,6 +1372,9 @@ show_connection_entry (const struct conn
- SHOW_INT (connect_retry_seconds);
- SHOW_INT (connect_timeout);
- SHOW_INT (connect_retry_max);
-+ SHOW_INT (xormethod);
-+ SHOW_STR (xormask);
-+ SHOW_INT (xormasklen);
+ if (e->http_proxy_options)
+ {
+@@ -1474,6 +1480,9 @@ show_connection_entry(const struct conne
+ SHOW_BOOL(bind_ipv6_only);
+ SHOW_INT(connect_retry_seconds);
+ SHOW_INT(connect_timeout);
++ SHOW_INT(xormethod);
++ SHOW_STR(xormask);
++ SHOW_INT(xormasklen);
- #ifdef ENABLE_HTTP_PROXY
- if (o->http_proxy_options)
-@@ -5131,6 +5140,46 @@ add_option (struct options *options,
- options->proto_force = proto_force;
- options->force_connection_list = true;
+ if (o->http_proxy_options)
+ {
+@@ -5915,6 +5924,46 @@ add_option(struct options *options,
+ }
+ options->proto_force = proto_force;
}
-+ else if (streq (p[0], "scramble") && p[1])
++ else if (streq (p[0], "scramble") && p[1])
+ {
-+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
-+ if (streq (p[1], "xormask") && p[2] && (!p[3]))
-+ {
-+ options->ce.xormethod = 1;
-+ options->ce.xormask = p[2];
-+ options->ce.xormasklen = strlen(options->ce.xormask);
-+ }
-+ else if (streq (p[1], "xorptrpos") && (!p[2]))
-+ {
-+ options->ce.xormethod = 2;
-+ options->ce.xormask = NULL;
-+ options->ce.xormasklen = 0;
-+ }
-+ else if (streq (p[1], "reverse") && (!p[2]))
-+ {
-+ options->ce.xormethod = 3;
-+ options->ce.xormask = NULL;
-+ options->ce.xormasklen = 0;
-+ }
-+ else if (streq (p[1], "obfuscate") && p[2] && (!p[3]))
-+ {
-+ options->ce.xormethod = 4;
-+ options->ce.xormask = p[2];
-+ options->ce.xormasklen = strlen(options->ce.xormask);
-+ }
-+ else if (!p[2])
-+ {
-+ msg (M_WARN, "WARNING: No recognized 'scramble' method specified; using 'scramble xormask \"%s\"'", p[1]);
-+ options->ce.xormethod = 1;
-+ options->ce.xormask = p[1];
-+ options->ce.xormasklen = strlen(options->ce.xormask);
-+ }
-+ else
-+ {
-+ msg (msglevel, "No recognized 'scramble' method specified or extra parameters for 'scramble'");
-+ goto err;
-+ }
++ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
++ if (streq (p[1], "xormask") && p[2] && (!p[3]))
++ {
++ options->ce.xormethod = 1;
++ options->ce.xormask = p[2];
++ options->ce.xormasklen = strlen(options->ce.xormask);
++ }
++ else if (streq (p[1], "xorptrpos") && (!p[2]))
++ {
++ options->ce.xormethod = 2;
++ options->ce.xormask = NULL;
++ options->ce.xormasklen = 0;
++ }
++ else if (streq (p[1], "reverse") && (!p[2]))
++ {
++ options->ce.xormethod = 3;
++ options->ce.xormask = NULL;
++ options->ce.xormasklen = 0;
++ }
++ else if (streq (p[1], "obfuscate") && p[2] && (!p[3]))
++ {
++ options->ce.xormethod = 4;
++ options->ce.xormask = p[2];
++ options->ce.xormasklen = strlen(options->ce.xormask);
++ }
++ else if (!p[2])
++ {
++ msg(M_WARN, "WARNING: No recognized 'scramble' method specified; using 'scramble xormask \"%s\"'", p[1]);
++ options->ce.xormethod = 1;
++ options->ce.xormask = p[1];
++ options->ce.xormasklen = strlen(options->ce.xormask);
++ }
++ else
++ {
++ msg(msglevel, "No recognized 'scramble' method specified or extra parameters for 'scramble'");
++ goto err;
++ }
+ }
- #ifdef ENABLE_HTTP_PROXY
- else if (streq (p[0], "http-proxy") && p[1])
+ else if (streq(p[0], "http-proxy") && p[1] && !p[5])
{
---- src/openvpn/options.h.orig 2016-08-23 14:16:22 UTC
+ struct http_proxy_options *ho;
+--- src/openvpn/options.h.orig 2016-12-22 07:25:18 UTC
+++ src/openvpn/options.h
-@@ -100,6 +100,9 @@ struct connection_entry
- int connect_retry_max;
- int connect_timeout;
- bool connect_timeout_defined;
-+ int xormethod;
-+ const char *xormask;
-+ int xormasklen;
- #ifdef ENABLE_HTTP_PROXY
- struct http_proxy_options *http_proxy_options;
- #endif
---- src/openvpn/socket.c.orig 2016-08-23 14:16:22 UTC
+@@ -98,6 +98,9 @@ struct connection_entry
+ int connect_retry_seconds;
+ int connect_retry_seconds_max;
+ int connect_timeout;
++ int xormethod;
++ const char *xormask;
++ int xormasklen;
+ struct http_proxy_options *http_proxy_options;
+ const char *socks_proxy_server;
+ const char *socks_proxy_port;
+--- src/openvpn/socket.c.orig 2016-12-22 07:25:18 UTC
+++ src/openvpn/socket.c
-@@ -52,6 +52,53 @@ const int proto_overhead[] = { /* indexe
- IPv6_TCP_HEADER_SIZE,
+@@ -55,6 +55,53 @@ const int proto_overhead[] = { /* indexe
+ IPv6_TCP_HEADER_SIZE,
};
+int buffer_mask (struct buffer *buf, const char *mask, int xormasklen) {
@@ -184,9 +185,9 @@ https://tunnelblick.net/cOpenvpn_xorpatc
/*
* Convert sockflags/getaddr_flags into getaddr_flags
*/
---- src/openvpn/socket.h.orig 2016-08-23 14:16:22 UTC
+--- src/openvpn/socket.h.orig 2016-12-22 07:25:18 UTC
+++ src/openvpn/socket.h
-@@ -245,6 +245,10 @@ struct link_socket
+@@ -249,6 +249,10 @@ struct link_socket
#endif
};
@@ -197,100 +198,99 @@ https://tunnelblick.net/cOpenvpn_xorpatc
/*
* Some Posix/Win32 differences.
*/
-@@ -873,30 +877,56 @@ int link_socket_read_udp_posix (struct l
+@@ -1046,30 +1050,55 @@ int link_socket_read_udp_posix(struct li
static inline int
- link_socket_read (struct link_socket *sock,
- struct buffer *buf,
-- struct link_socket_actual *from)
-+ struct link_socket_actual *from,
-+ int xormethod,
-+ const char *xormask,
-+ int xormasklen)
+ link_socket_read(struct link_socket *sock,
+ struct buffer *buf,
+- struct link_socket_actual *from)
++ struct link_socket_actual *from,
++ int xormethod,
++ const char *xormask,
++ int xormasklen)
{
-+ int res;
- if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
++ int res;
++
+ if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
{
-- int res;
-
- #ifdef WIN32
- res = link_socket_read_udp_win32 (sock, buf, from);
+- int res;
+-
+ #ifdef _WIN32
+ res = link_socket_read_udp_win32(sock, buf, from);
#else
- res = link_socket_read_udp_posix (sock, buf, from);
+ res = link_socket_read_udp_posix(sock, buf, from);
#endif
-- return res;
+- return res;
}
- else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
+ else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
{
- /* from address was returned by accept */
- addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest);
-- return link_socket_read_tcp (sock, buf);
-+ res = link_socket_read_tcp (sock, buf);
+ /* from address was returned by accept */
+ addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest);
+- return link_socket_read_tcp(sock, buf);
++ res = link_socket_read_tcp(sock, buf);
}
- else
+ else
{
- ASSERT (0);
- return -1; /* NOTREACHED */
+ ASSERT(0);
+ return -1; /* NOTREACHED */
}
-+ switch(xormethod)
-+ {
-+ case 0:
-+ break;
-+ case 1:
-+ buffer_mask(buf,xormask,xormasklen);
-+ break;
-+ case 2:
-+ buffer_xorptrpos(buf);
-+ break;
-+ case 3:
-+ buffer_reverse(buf);
-+ break;
-+ case 4:
-+ buffer_mask(buf,xormask,xormasklen);
-+ buffer_xorptrpos(buf);
-+ buffer_reverse(buf);
-+ buffer_xorptrpos(buf);
-+ break;
-+ default:
-+ ASSERT (0);
-+ return -1; /* NOTREACHED */
++ switch (xormethod) {
++ case 0:
++ break;
++ case 1:
++ buffer_mask(buf,xormask,xormasklen);
++ break;
++ case 2:
++ buffer_xorptrpos(buf);
++ break;
++ case 3:
++ buffer_reverse(buf);
++ break;
++ case 4:
++ buffer_mask(buf,xormask,xormasklen);
++ buffer_xorptrpos(buf);
++ buffer_reverse(buf);
++ buffer_xorptrpos(buf);
++ break;
++ default:
++ ASSERT (0);
++ return -1; /* NOTREACHED */
+ }
-+ return res;
++ return res;
}
/*
-@@ -980,8 +1010,34 @@ link_socket_write_udp (struct link_socke
+@@ -1159,8 +1188,33 @@ link_socket_write_udp(struct link_socket
static inline int
- link_socket_write (struct link_socket *sock,
- struct buffer *buf,
-- struct link_socket_actual *to)
-+ struct link_socket_actual *to,
-+ int xormethod,
-+ const char *xormask,
-+ int xormasklen)
+ link_socket_write(struct link_socket *sock,
+ struct buffer *buf,
+- struct link_socket_actual *to)
++ struct link_socket_actual *to,
++ int xormethod,
++ const char *xormask,
++ int xormasklen)
{
-+ switch(xormethod)
-+ {
-+ case 0:
-+ break;
-+ case 1:
-+ buffer_mask(buf,xormask,xormasklen);
-+ break;
-+ case 2:
-+ buffer_xorptrpos(buf);
-+ break;
-+ case 3:
-+ buffer_reverse(buf);
-+ break;
-+ case 4:
-+ buffer_xorptrpos(buf);
-+ buffer_reverse(buf);
-+ buffer_xorptrpos(buf);
-+ buffer_mask(buf,xormask,xormasklen);
-+ break;
-+ default:
-+ ASSERT (0);
-+ return -1; /* NOTREACHED */
++ switch (xormethod) {
++ case 0:
++ break;
++ case 1:
++ buffer_mask(buf,xormask,xormasklen);
++ break;
++ case 2:
++ buffer_xorptrpos(buf);
++ break;
++ case 3:
++ buffer_reverse(buf);
++ break;
++ case 4:
++ buffer_xorptrpos(buf);
++ buffer_reverse(buf);
++ buffer_xorptrpos(buf);
++ buffer_mask(buf,xormask,xormasklen);
++ break;
++ default:
++ ASSERT (0);
++ return -1; /* NOTREACHED */
+ }
- if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
+ if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
{
- return link_socket_write_udp (sock, buf, to);
+ return link_socket_write_udp(sock, buf, to);
Modified: head/security/openvpn/pkg-plist
==============================================================================
--- head/security/openvpn/pkg-plist Tue Dec 27 22:34:36 2016 (r429677)
+++ head/security/openvpn/pkg-plist Tue Dec 27 23:16:57 2016 (r429678)
@@ -1,4 +1,5 @@
include/openvpn-plugin.h
+include/openvpn-msg.h
lib/openvpn/plugins/openvpn-plugin-auth-pam.so
lib/openvpn/plugins/openvpn-plugin-down-root.so
man/man8/openvpn.8.gz
Modified: head/security/openvpn23-polarssl/Makefile
==============================================================================
--- head/security/openvpn-polarssl/Makefile Fri Dec 16 19:14:57 2016 (r428693)
+++ head/security/openvpn23-polarssl/Makefile Tue Dec 27 23:16:57 2016 (r429678)
@@ -8,6 +8,6 @@ COMMENT= Secure IP/Ethernet tunnel daem
OPTIONS_EXCLUDE= OPENSSL PKCS11 X509ALTUSERNAME
OPTIONS_SLAVE= POLARSSL
-MASTERDIR= ${.CURDIR}/../../security/openvpn
+MASTERDIR= ${.CURDIR}/../../security/openvpn23
.include "${MASTERDIR}/Makefile"
Modified: head/security/openvpn23/Makefile
==============================================================================
--- head/security/openvpn/Makefile Fri Dec 16 19:14:57 2016 (r428693)
+++ head/security/openvpn23/Makefile Tue Dec 27 23:16:57 2016 (r429678)
@@ -10,6 +10,9 @@ MASTER_SITES= http://swupdate.openvpn.n
MAINTAINER= mandree at FreeBSD.org
COMMENT?= Secure IP/Ethernet tunnel daemon
+DEPRECATED= Replaced by new upstream relesae 2.4.x
+EXPIRATION_DATE= 2017-03-31
+
LICENSE= GPLv2
CONFLICTS_INSTALL= openvpn-2.[!3].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]*
More information about the svn-ports-head
mailing list