svn commit: r415116 - in head/security/openvpn: . files
Matthias Andree
mandree at FreeBSD.org
Fri May 13 16:07:28 UTC 2016
Author: mandree
Date: Fri May 13 16:07:26 2016
New Revision: 415116
URL: https://svnweb.freebsd.org/changeset/ports/415116
Log:
Fix PolarSSL-based builds.
The upstream backported a change from the master branch that fixes the
PolarSSL-based builds to go with the PolarSSL 1.3.X built-in defaults.
Add a patch picked from the upstream's release/2.3 branch.
Remove the BROKEN= line and conditional.
No PORTREVISION bump because the patch only affects an option that was
formerly marked BROKEN.
(TRYBROKEN users need to force a rebuild and reinstallation manually.)
Added:
head/security/openvpn/files/patch-629baad8 (contents, props changed)
Modified:
head/security/openvpn/Makefile
Modified: head/security/openvpn/Makefile
==============================================================================
--- head/security/openvpn/Makefile Fri May 13 14:25:21 2016 (r415115)
+++ head/security/openvpn/Makefile Fri May 13 16:07:26 2016 (r415116)
@@ -119,10 +119,4 @@ post-install-EXAMPLES-on:
(cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/)
${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/*
-.include <bsd.port.pre.mk>
-
-.if ${PORT_OPTIONS:MPOLARSSL}
-BROKEN=OpenVPN 2.3.11 with PolarSSL crashes on start unless TLS ciphers specified explicitly
-.endif
-
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Added: head/security/openvpn/files/patch-629baad8
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openvpn/files/patch-629baad8 Fri May 13 16:07:26 2016 (r415116)
@@ -0,0 +1,37 @@
+commit 629baad8f89af261445a2ace03694601f8e476f9
+Author: Steffan Karger <steffan at karger.me>
+Date: Fri May 13 08:54:52 2016 +0200
+
+ Fix polarssl / mbedtls builds
+
+ Commit 8a399cd3 hardened the OpenSSL default cipher list,
+ but also introduced a change in shared code that causes
+ polarssl / mbedtls builds to break when no --tls-cipher is
+ specified.
+
+ This fix is backported code from the master branch.
+
+ Signed-off-by: Steffan Karger <steffan at karger.me>
+ Acked-by: Gert Doering <gert at greenie.muc.de>
+ Message-Id: <1463122492-701-1-git-send-email-steffan at karger.me>
+ URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
+ Signed-off-by: Gert Doering <gert at greenie.muc.de>
+
+diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
+index 1f58369..9263698 100644
+--- ./src/openvpn/ssl_polarssl.c
++++ ./src/openvpn/ssl_polarssl.c
+@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
+ {
+ char *tmp_ciphers, *tmp_ciphers_orig, *token;
+ int i, cipher_count;
+- int ciphers_len = strlen (ciphers);
++ int ciphers_len;
++
++ if (NULL == ciphers)
++ return; /* Nothing to do */
++
++ ciphers_len = strlen (ciphers);
+
+ ASSERT (NULL != ctx);
+ ASSERT (0 != ciphers_len);
More information about the svn-ports-head
mailing list