notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Port details
ocserv Server implementing the AnyConnect SSL VPN protocol
0.12.4_2 net on this many watch lists=3 search for ports that depend on this port Find issues related to this port Report an issue related to this port 0.12.4_2Version of this port present on the latest quarterly branch.
Maintainer: cpm@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2015-08-16 21:48:28
Last Update: 2019-10-03 15:46:00
SVN Revision: 513668
Also Listed In: -vpn security
License: GPLv2+
Description:
SVNWeb : Homepage
pkg-plist: as obtained via: make generate-plist
Expand this list (12 items)
  1. /usr/local/share/licenses/ocserv-0.12.4_2/catalog.mk
  2. /usr/local/share/licenses/ocserv-0.12.4_2/LICENSE
  3. /usr/local/share/licenses/ocserv-0.12.4_2/GPLv2+
  4. bin/occtl
  5. bin/ocpasswd
  6. bin/ocserv-fw
  7. man/man8/occtl.8.gz
  8. man/man8/ocpasswd.8.gz
  9. man/man8/ocserv.8.gz
  10. @sample etc/ocserv/conf.sample
  11. sbin/ocserv
  12. @dir(_ocserv,_ocserv,750) /var/run/ocserv
Collapse this list.
Dependency lines:
  • ocserv>0:net/ocserv
To install the port: cd /usr/ports/net/ocserv/ && make install clean
To add the package: pkg install ocserv
PKGNAME: ocserv
Flavors: there is no flavor information for this port.
distinfo:

Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. bash : shells/bash
  2. gsed : textproc/gsed
  3. gperf : devel/gperf
  4. pkgconf>=1.3.0_1 : devel/pkgconf
  5. autoconf>=2.69 : devel/autoconf
  6. automake>=1.16.1 : devel/automake
  7. libtoolize : devel/libtool
Library dependencies:
  1. liblz4.so : archivers/liblz4
  2. libiconv.so : converters/libiconv
  3. libev.so : devel/libev
  4. libtalloc.so : devel/talloc
  5. libprotobuf-c.so : devel/protobuf-c
  6. libgnutls.so : security/gnutls
  7. libtasn1.so : security/libtasn1
  8. libnettle.so : security/nettle
  9. liboath.so : security/oath-toolkit
  10. libpcl.so : devel/libpcl
  11. libreadline.so.8 : devel/readline
There are no ports dependent upon this port

Configuration Options

USES:

Master Sites:
  1. ftp://ftp.infradead.org/pub/ocserv/

Number of commits found: 35

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
03 Oct 2019 14:46:00
Original commit files touched by this commit  0.12.4_2
Revision:513668
kevans search for other commits by this committer
net/ocserv: fix tun handoff between parent and worker process

ocserv hands off a tun fd to a worker process, but the worker process never
claims the tun with TUNSIFPID. The parent then closes the tunnel and leaves
it in a nasty state.

Bump PORTREVISION, as this is runtime breakage.

PR:		238500
Approved by:	bapt (ports), cpm (maintainer, e-mail)
MFH:		2019Q4 (blanket, runtime fix)
14 Aug 2019 03:26:09
Original commit files touched by this commit  0.12.4_1
Revision:508887
meta search for other commits by this committer
Implement new virtual category: net-vpn for VPN related ports

based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html

PR:		239395
Submitted by:	myself
Approved by:	portmgr (mat)
Differential Revision:	https://reviews.freebsd.org/D21174
12 Aug 2019 10:52:00
Original commit files touched by this commit  0.12.4_1
Revision:508723
cpm search for other commits by this committer
net/ocserv: Fix typos in pkg-descr

PR:		239577
Submitted by:	Mikael Urankar <mikael.urankar@gmail.com>
09 Jul 2019 17:13:07
Original commit files touched by this commit  0.12.4_1
Revision:506289
sunpoet search for other commits by this committer
Update security/nettle to 3.5.1

- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]

Changes:	https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR:		238991
Exp-run by:	antoine
Thanks to:	tobik [1]
08 Jul 2019 14:36:01
Original commit files touched by this commit  0.12.4
Revision:506230
cpm search for other commits by this committer
net/ocserv: Update to 0.12.4

Noteworthy changes in 0.12.4

- Added support for radius access-challenge (multifactor) authentication.
- Fixed race condition when connect-script and disconnect-script are set, which
could potentially cause a crash (#208).
- Perform quicker cleanup of sessions which their user explicitly disconnected
(#210).

MFH:		2019Q3
26 Apr 2019 16:14:45
Original commit files touched by this commit  0.12.3_1
Revision:500117
pkubaj search for other commits by this committer
net/ocserv: fix build with base GCC

-Wno-implicit-fallthrough is not supported by GCC 4.2

PR:		237558
Approved by:	tcberner (mentor), cpm (maintainer)
Differential Revision:	https://reviews.freebsd.org/D20075
09 Apr 2019 14:04:50
Original commit files touched by this commit  0.12.3_1
Revision:498476
sunpoet search for other commits by this committer
Update devel/readline to 8.0

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://tiswww.case.edu/php/chet/readline/CHANGES
PR:		236156
Exp-run by:	antoine
13 Mar 2019 22:06:36
Original commit files touched by this commit  0.12.3
Revision:495663
cpm search for other commits by this committer
net/ocserv: Update to 0.12.3

- Remove LOCAL MASTER_SITES

Noteworthy changes in 0.12.3

- Fixed crash when no DTLS ciphersuite is negotiated.
- Fixed crash happening arbitrarily depending on handled string sizes (#197).
- Fixed compatibility issue with GnuTLS 3.3.x (#201).
- occtl: print the TLS session information, even if the DTLS channel is not
established.

MFH:		2019Q1
11 Jan 2019 16:20:19
Original commit files touched by this commit  0.12.2
Revision:489983
cpm search for other commits by this committer
net/ocserv: update to 0.12.2

Noteworthy changes in 0.12.2

- Added support for AES256-SHA legacy cipher. This allows the anyconnect clients
to use AES256.
- Added support for the DTLS1.2 protocol hack used by new anyconnect client.

While I'm here pet portlint.

MFH:		2019Q1
30 Oct 2018 04:45:20
Original commit files touched by this commit  0.12.1_1
Revision:483447
yuri search for other commits by this committer
net/ocserv: Use devel/libpcl as a dependency

PR:		232771
Approved by:	Carlos J. Puga Medina <cpm@freebsd.org> (maintainer)
14 May 2018 18:23:23
Original commit files touched by this commit  0.12.1
Revision:469943
cpm search for other commits by this committer
net/ocserv: update to 0.12.1

Changelog: https://gitlab.com/ocserv/ocserv/blob/master/NEWS

Tested by:	Jov <amutu@amutu.com>
07 Mar 2018 18:14:18
Original commit files touched by this commit  0.11.11
Revision:463819
cpm search for other commits by this committer
net/ocserv: Update to 0.11.11

Changelog:
http://lists.infradead.org/pipermail/openconnect-devel/2018-March/004766.html
08 Jan 2018 18:48:12
Original commit files touched by this commit  0.11.10
Revision:458468
cpm search for other commits by this committer
net/ocserv: Update to 0.11.10

- Pet portlint, the port doesn't install any shared libraries, so there is no
point in USE_LDCONFIG

Changelog:
http://lists.infradead.org/pipermail/openconnect-devel/2018-January/004655.html
14 Oct 2017 02:03:05
Original commit files touched by this commit  0.11.9
Revision:452040
cpm search for other commits by this committer
- Update to 0.11.9
- Update WWW in pkg-descr

Noteworthy changes in 0.11.9

- Fixed bug which caused the acceptable of invalid IPv4 address as valid.
- Fixed compatibility with gnutls 3.3.8 by avoiding the use of the 'VERS-ALL'
  priority string which was introduced in 3.3.24.
- Fixed null pointer dereference when parsing locked accounts in plain password
  authentication.
- Add support for RSA-PSS and Ed25519 private keys when used with GnuTLS 3.6.0.
- ocpasswd: when locking an account multiple times, add the '!' character only
once.
  Based on patch by Frank Huang.

Changes:
http://lists.infradead.org/pipermail/openconnect-devel/2017-October/004529.html

MFH:		2017Q4
27 Jun 2017 13:46:53
Original commit files touched by this commit  0.11.8_3
Revision:444463
sunpoet search for other commits by this committer
Update devel/readline to 7.0 patch 3

- Bump PORTREVISION for shlib change

Changes:	https://cnswww.cns.cwru.edu/php/chet/readline/CHANGES
		https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html
		https://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html
Differential Revision:	https://reviews.freebsd.org/D11172
PR:		219947
Exp-run by:	antoine
19 May 2017 12:11:55
Original commit files touched by this commit  0.11.8_2
Revision:441221
cpm search for other commits by this committer
- Make RADIUS auth backend optional
- Bump PORTREVISION

PR:		219393
Submitted by:	Jov <amutu@amutu.com>
18 May 2017 22:11:54
Original commit files touched by this commit  0.11.8_1
Revision:441202
cpm search for other commits by this committer
- Add security/oath-toolkit to LIB_DEPENDS
- Sort BUILD_DEPENDS and LIB_DEPENDS
- Enable radius support
- Bump PORTREVISION
05 May 2017 11:26:21
Original commit files touched by this commit  0.11.8
Revision:440147
cpm search for other commits by this committer
net/ocserv: update to 0.11.8

- Update to 0.11.8
- Add my LOCAL to MASTER_SITES

Changes:
http://lists.infradead.org/pipermail/openconnect-devel/2017-May/004293.html
05 May 2017 10:08:34
Original commit files touched by this commit  0.11.7_1
Revision:440146
cpm search for other commits by this committer
- Fix ownership and permissions in /var/run/ocserv
- Bump PORTREVISION

PR:		219054
Reported by:	Joy <amutu@amutu.com>
13 Feb 2017 18:38:22
Original commit files touched by this commit  0.11.7
Revision:434013
cpm search for other commits by this committer
net/ocserv: update to 0.11.7

- Update PORTVERSION and distinfo checksum (0.11.7)
- Regenerate some patches to apply cleanly
- Remove MAKE_JOBS_UNSAFE=yes

Changelog:
http://lists.infradead.org/pipermail/openconnect-devel/2017-February/004204.html
22 Nov 2016 18:35:35
Original commit files touched by this commit  0.11.6
Revision:426841
cpm search for other commits by this committer
net/ocserv: Update to 0.11.6

- Update PORTVERSION and distinfo checksum (0.11.6)
- Add LICENSE_FILE
- Cosmetic fixes
- Remove STRIP_CMD target since all binaries are installed with --strip (-s)
option by default
- Silence two explicitly called commands

Changelog:
  
http://lists.infradead.org/pipermail/openconnect-devel/2016-November/004066.html

Reviewed by:	amdmi3 (mentor)
Approved by:	amdmi3 (mentor)
Differential Revision:	D8538
07 Oct 2016 22:34:04
Original commit files touched by this commit  0.11.5
Revision:423487
cpm search for other commits by this committer
- Update ocserv to 0.11.5 release

Changelog:
 
http://lists.infradead.org/pipermail/openconnect-devel/2016-September/003972.html

Reviewed by:	pi, feld (mentor)
Approved by:	feld (mentor)
Differential Revision:	D8024
30 Sep 2016 19:24:30
Original commit files touched by this commit  0.11.4_1
Revision:423014
tijl search for other commits by this committer
Let USES=localbase add -L${LOCALBASE}/lib to LIBS instead of LDFLAGS.
USES=localbase:ldflags can be used to set LDFLAGS.  Normally LDFLAGS
appears too early on the command line causing some ports to link with
their own libraries in LOCALBASE (if installed) instead of WRKSRC.

Also make use of _USES_POST so -L${LOCALBASE}/lib is added as late as
possible after anything a port Makefile might set.  Use _USES_POST
instead of .include in libedit.mk and libarchive.mk so things like
'USES=libedit localbase:ldflags' work correctly.

Fix some issues with LIBS in some ports.

Switch ports that don't support LIBS to localbase:ldflags.

PR:		212987
Exp-run by:	antoine
Approved by:	portmgr (antoine)
09 Aug 2016 02:00:38
Original commit files touched by this commit  0.11.4
Revision:419896
cpm search for other commits by this committer
- Update to 0.11.4

Changelog:
  http://lists.infradead.org/pipermail/openconnect-devel/2016-August/003817.html

Reviewed by:	junovitch (mentor)
Approved by:	junovitch (mentor)
Differential Revision:	D7441
20 Jun 2016 10:04:38
Original commit files touched by this commit  0.11.3
Revision:417147
cpm search for other commits by this committer
- Update to 0.11.3
- Add LIB_DEPENDS for security/nettle
- Switch to USES=localbase framework

ChangeLog:
  http://lists.infradead.org/pipermail/openconnect-devel/2016-June/003720.html

Reviewed by:	amdmi3, junovitch (mentors)
Approved by:	amdmi3, junovitch (mentors)
Differential Revision:	D6890
28 Apr 2016 20:27:15
Original commit files touched by this commit  0.11.2
Revision:414238
cpm search for other commits by this committer
- Update to 0.11.2 release
- Remove unneeded patch (applied upstream)

Changelog: http://www.infradead.org/ocserv/changelog.html

Approved by:	junovitch (mentor)
Differential Revision:	D6122
18 Apr 2016 15:17:09
Original commit files touched by this commit  0.11.1
Revision:413584
cpm search for other commits by this committer
- Update to 0.11.1 release
- Convert LICENSE= "GPLxx# or later" to "GPLxx+"
- Add dependency on libev
- Regenerate patches
- Add MAKE_JOBS_UNSAFE; port attempts to modify man page before generation
  sed: ocpasswd.8: No such file or directory

Changelog:	http://lists.infradead.org/pipermail/openconnect-devel/2016-March/003551.html

Approved by:	junovitch (mentor)
Differential Revision:	D5890
01 Apr 2016 14:16:20
Original commit files touched by this commit  0.10.12_1
Revision:412348
mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories m, n, o, and p.

With hat:	portmgr
Sponsored by:	Absolight
27 Mar 2016 14:58:00
Original commit files touched by this commit  0.10.12_1
Revision:411990
tijl search for other commits by this committer
- Update security/gnutls to 3.4.10.
- Rename the LIBDANE option DANE because that's the name of the protocol
  supported by libgnutls-dane and gnutls-cli.  Also clarify the option
  description.
- Add an IDN option.
- libgnutls-openssl has been removed in 3.4.  Some ports used this library
  in their LIB_DEPENDS but no port actually required it.
- Some old API functions have been removed.  Ports that used these have been
  updated or patched to use the new API.
- Add a patch to print/cups to prevent overlinking of libgnutls.so.
- Bump PORTREVISION on dependent ports.

net-im/jabber: This port used the old API to give users fine grained
control over which crypto algorithms were used via a configuration file.
It's not immediately obvious how to port this to the new API so the port
always uses the defaults now.

www/hydra: Mark BROKEN.  This uses more removed calls than the other ports,
is said to be alpha quality and not fully functional and has been abandoned
10 years ago.

PR:		207768
Exp-run by:	antoine
Approved by:	portmgr (antoine)
17 Mar 2016 10:32:06
Original commit files touched by this commit  0.10.12
Revision:411268
cpm search for other commits by this committer
- Update to 0.10.12
- Update MAINTAINER to my @FreeBSD.org address

PR:		207824
Approved by:	junovitch (mentor)
27 Jan 2016 10:31:11
Original commit files touched by this commit  0.10.11
Revision:407350
cpm search for other commits by this committer
- Update to 0.10.11

Changes:
  
http://lists.infradead.org/pipermail/openconnect-devel/2016-January/003362.html

PR:		205244
Submitted by:	Carlos J. Puga Medina <cpm@fbsd.es>
Approved by:	junovitch (mentor)
13 Oct 2015 12:13:15
Original commit files touched by this commit  0.10.9
Revision:399187
pi search for other commits by this committer
net/ocserv: 0.10.8 -> 0.10.9

Changes: http://www.infradead.org/ocserv/changelog.html

PR:		203739
Submitted by:	Carlos J Puga Medina <cpm@fbsd.es> (maintainer)
07 Oct 2015 01:36:22
Original commit files touched by this commit  0.10.8
Revision:398733
amdmi3 search for other commits by this committer
- Switch to options helpers
- Pet portlint

Approved by:	portmgr blanket
06 Sep 2015 20:24:11
Original commit files touched by this commit  0.10.8
Revision:396231
pi search for other commits by this committer
net/ocserv: 0.10.7 -> 0.10.8

- Update to 0.10.8 release
- Add libtasn1 dependency
- Fix patches

PR:		202936
Submitted by:	Carlos J Puga Medina <cpm@fbsd.es> (maintainer)
16 Aug 2015 21:48:16
Original commit files touched by this commit  0.10.7
Revision:394422
pi search for other commits by this committer
New port: net/ocserv: server implementing the AnyConnect SSL VPN protocol

OpenConnect server (ocserv) is an SSL VPN server. Its purpose is
to be a secure, small, fast and configurable VPN server. It implements
the OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol.
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
uses the standard IETF security protocols to secure it. Both IPv4
and IPv6 are supported.

Ocserv's main features are security through provilege separation
and sandboxing, accounting, and resilience due to a combined use
of TCP and UDP.  Authentication occurs in an isolated security
module process, and each user is assigned an unprivileged worker
process, and a networking (tun) device. That not only eases the
(Only the first 15 lines of the commit message are shown above View all of this commit message)

Number of commits found: 35

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
python37Oct 19
py-pillowOct 15
mod_perl2Oct 09
xpdfOct 06
xpdf3Oct 06
xpdf4Oct 06
unboundOct 03
cactiOct 02
gitlab-ceOct 02
gitlab-ceOct 02
ruby24Oct 02
ruby25Oct 02
mongodb34Sep 30
mongodb34Sep 30
mongodb36Sep 30

4 vulnerabilities affecting 12 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last updated:
2019-10-19 10:52:46


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 37702
Broken 75
Deprecated 99
Ignore 340
Forbidden 3
Restricted 156
No CDROM 73
Vulnerable 26
Expired 15
Set to expire 70
Interactive 0
new 24 hours 2
new 48 hours2
new 7 days17
new fortnight44
new month159

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2019 Dan Langille. All rights reserved.