notbugIf you buy from Amazon USA, please support us by using this link.
Port details
ocserv Server implementing the AnyConnect SSL VPN protocol
0.12.2 net on this many watch lists=3 search for ports that depend on this port Find issues related to this port Report an issue related to this port
Maintainer: cpm@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2015-08-16 21:48:28
Last Update: 2019-01-11 16:20:19
SVN Revision: 489983
Also Listed In: security
License: GPLv2+
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is
to be a secure, small, fast and configurable VPN server. It implements
the OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol.
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
uses the standard IETF security protocols to secure it. Both IPv4
and IPv6 are supported.

Ocserv's main features are security through provilege separation
and sandboxing, accounting, and resilience due to a combined use
of TCP and UDP.  Authentication occurs in an isolated security
module process, and each user is assigned an unprivileged worker
process, and a networking (tun) device. That not only eases the
control of the resources of each user or group of users, but also
prevents data leak (e.g., heartbleed-style attacks), and privilege
escalation due to any bug on the VPN handling (worker) process. A
management interface allows for viewing and querying logged-in
users.

WWW: https://ocserv.gitlab.io/www/index.html
SVNWeb : Homepage : PortsMon
    Pseudo-pkg-plist information, but much better, from make generate-plist
    Expand this list (12 items)
  1. /usr/local/share/licenses/ocserv-0.12.2/catalog.mk
  2. /usr/local/share/licenses/ocserv-0.12.2/LICENSE
  3. /usr/local/share/licenses/ocserv-0.12.2/GPLv2+
  4. bin/occtl
  5. bin/ocpasswd
  6. bin/ocserv-fw
  7. man/man8/occtl.8.gz
  8. man/man8/ocpasswd.8.gz
  9. man/man8/ocserv.8.gz
  10. @sample etc/ocserv/conf.sample
  11. sbin/ocserv
  12. @dir(_ocserv,_ocserv,750) /var/run/ocserv
  13. Collapse this list.

Dependency line: ocserv>0:net/ocserv


To install the port: cd /usr/ports/net/ocserv/ && make install clean
To add the package: pkg install ocserv

PKGNAME: ocserv

There is no flavor information for this port.

distinfo:

TIMESTAMP = 1547221519
SHA256 (ocserv-0.12.2.tar.xz) = 71ccf1dfe9e13a05d9dc1104256cad6ff91e7b7d8c07a02398842ce018a3897d
SIZE (ocserv-0.12.2.tar.xz) = 682272


NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. bash : shells/bash
  2. gsed : textproc/gsed
  3. autoconf>=2.69 : devel/autoconf
  4. automake>=1.16.1 : devel/automake
  5. libtoolize : devel/libtool
  6. gperf : devel/gperf
  7. pkgconf>=1.3.0_1 : devel/pkgconf
Library dependencies:
  1. liblz4.so : archivers/liblz4
  2. libiconv.so : converters/libiconv
  3. libev.so : devel/libev
  4. libtalloc.so : devel/talloc
  5. libprotobuf-c.so : devel/protobuf-c
  6. libgnutls.so : security/gnutls
  7. libtasn1.so : security/libtasn1
  8. libnettle.so : security/nettle
  9. liboath.so : security/oath-toolkit
  10. libpcl.so : devel/libpcl
  11. libreadline.so.7 : devel/readline
There are no ports dependent upon this port

Configuration Options
===> The following configuration options are available for ocserv-0.12.2:
     DOCS=on: Build and/or install documentation
     EXAMPLES=on: Build and/or install examples
     GSSAPI=off: GSSAPI Security API support
     RADIUS=off: RADIUS protocol support
===> Use 'make config' to modify these settings

USES:
autoreconf cpe gperf libtool localbase ncurses  pathfix pkgconfig readline tar:xz

Master Sites:
  1. ftp://ftp.infradead.org/pub/ocserv/
  2. http://distcache.FreeBSD.org/local-distfiles/cpm/
  3. http://distcache.eu.FreeBSD.org/local-distfiles/cpm/
  4. http://distcache.us-east.FreeBSD.org/local-distfiles/cpm/
  5. http://distcache.us-west.FreeBSD.org/local-distfiles/cpm/

Number of commits found: 27

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
11 Jan 2019 16:20:19
Original commit files touched by this commit  0.12.2
Revision:489983
cpm search for other commits by this committer
net/ocserv: update to 0.12.2

Noteworthy changes in 0.12.2

- Added support for AES256-SHA legacy cipher. This allows the anyconnect clients
to use AES256.
- Added support for the DTLS1.2 protocol hack used by new anyconnect client.

While I'm here pet portlint.

MFH:		2019Q1
30 Oct 2018 04:45:20
Original commit files touched by this commit  0.12.1_1
Revision:483447
yuri search for other commits by this committer
net/ocserv: Use devel/libpcl as a dependency

PR:		232771
Approved by:	Carlos J. Puga Medina <cpm@freebsd.org> (maintainer)
14 May 2018 18:23:23
Original commit files touched by this commit  0.12.1
Revision:469943
cpm search for other commits by this committer
net/ocserv: update to 0.12.1

Changelog: https://gitlab.com/ocserv/ocserv/blob/master/NEWS

Tested by:	Jov <amutu@amutu.com>
07 Mar 2018 18:14:18
Original commit files touched by this commit  0.11.11
Revision:463819
cpm search for other commits by this committer
net/ocserv: Update to 0.11.11

Changelog:
http://lists.infradead.org/pipermail/openconnect-devel/2018-March/004766.html
08 Jan 2018 18:48:12
Original commit files touched by this commit  0.11.10
Revision:458468
cpm search for other commits by this committer
net/ocserv: Update to 0.11.10

- Pet portlint, the port doesn't install any shared libraries, so there is no
point in USE_LDCONFIG

Changelog:
http://lists.infradead.org/pipermail/openconnect-devel/2018-January/004655.html
14 Oct 2017 02:03:05
Original commit files touched by this commit  0.11.9
Revision:452040
cpm search for other commits by this committer
- Update to 0.11.9
- Update WWW in pkg-descr

Noteworthy changes in 0.11.9

- Fixed bug which caused the acceptable of invalid IPv4 address as valid.
- Fixed compatibility with gnutls 3.3.8 by avoiding the use of the 'VERS-ALL'
  priority string which was introduced in 3.3.24.
- Fixed null pointer dereference when parsing locked accounts in plain password
  authentication.
- Add support for RSA-PSS and Ed25519 private keys when used with GnuTLS 3.6.0.
- ocpasswd: when locking an account multiple times, add the '!' character only
once.
  Based on patch by Frank Huang.

Changes:
http://lists.infradead.org/pipermail/openconnect-devel/2017-October/004529.html

MFH:		2017Q4
27 Jun 2017 13:46:53
Original commit files touched by this commit  0.11.8_3
Revision:444463
sunpoet search for other commits by this committer
Update devel/readline to 7.0 patch 3

- Bump PORTREVISION for shlib change

Changes:	https://cnswww.cns.cwru.edu/php/chet/readline/CHANGES
		https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html
		https://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html
Differential Revision:	https://reviews.freebsd.org/D11172
PR:		219947
Exp-run by:	antoine
19 May 2017 12:11:55
Original commit files touched by this commit  0.11.8_2
Revision:441221
cpm search for other commits by this committer
- Make RADIUS auth backend optional
- Bump PORTREVISION

PR:		219393
Submitted by:	Jov <amutu@amutu.com>
18 May 2017 22:11:54
Original commit files touched by this commit  0.11.8_1
Revision:441202
cpm search for other commits by this committer
- Add security/oath-toolkit to LIB_DEPENDS
- Sort BUILD_DEPENDS and LIB_DEPENDS
- Enable radius support
- Bump PORTREVISION
05 May 2017 11:26:21
Original commit files touched by this commit  0.11.8
Revision:440147
cpm search for other commits by this committer
net/ocserv: update to 0.11.8

- Update to 0.11.8
- Add my LOCAL to MASTER_SITES

Changes:
http://lists.infradead.org/pipermail/openconnect-devel/2017-May/004293.html
05 May 2017 10:08:34
Original commit files touched by this commit  0.11.7_1
Revision:440146
cpm search for other commits by this committer
- Fix ownership and permissions in /var/run/ocserv
- Bump PORTREVISION

PR:		219054
Reported by:	Joy <amutu@amutu.com>
13 Feb 2017 18:38:22
Original commit files touched by this commit  0.11.7
Revision:434013
cpm search for other commits by this committer
net/ocserv: update to 0.11.7

- Update PORTVERSION and distinfo checksum (0.11.7)
- Regenerate some patches to apply cleanly
- Remove MAKE_JOBS_UNSAFE=yes

Changelog:
http://lists.infradead.org/pipermail/openconnect-devel/2017-February/004204.html
22 Nov 2016 18:35:35
Original commit files touched by this commit  0.11.6
Revision:426841
cpm search for other commits by this committer
net/ocserv: Update to 0.11.6

- Update PORTVERSION and distinfo checksum (0.11.6)
- Add LICENSE_FILE
- Cosmetic fixes
- Remove STRIP_CMD target since all binaries are installed with --strip (-s)
option by default
- Silence two explicitly called commands

Changelog:
  
http://lists.infradead.org/pipermail/openconnect-devel/2016-November/004066.html

Reviewed by:	amdmi3 (mentor)
Approved by:	amdmi3 (mentor)
Differential Revision:	D8538
07 Oct 2016 22:34:04
Original commit files touched by this commit  0.11.5
Revision:423487
cpm search for other commits by this committer
- Update ocserv to 0.11.5 release

Changelog:
 
http://lists.infradead.org/pipermail/openconnect-devel/2016-September/003972.html

Reviewed by:	pi, feld (mentor)
Approved by:	feld (mentor)
Differential Revision:	D8024
30 Sep 2016 19:24:30
Original commit files touched by this commit  0.11.4_1
Revision:423014
tijl search for other commits by this committer
Let USES=localbase add -L${LOCALBASE}/lib to LIBS instead of LDFLAGS.
USES=localbase:ldflags can be used to set LDFLAGS.  Normally LDFLAGS
appears too early on the command line causing some ports to link with
their own libraries in LOCALBASE (if installed) instead of WRKSRC.

Also make use of _USES_POST so -L${LOCALBASE}/lib is added as late as
possible after anything a port Makefile might set.  Use _USES_POST
instead of .include in libedit.mk and libarchive.mk so things like
'USES=libedit localbase:ldflags' work correctly.

Fix some issues with LIBS in some ports.

Switch ports that don't support LIBS to localbase:ldflags.

PR:		212987
Exp-run by:	antoine
Approved by:	portmgr (antoine)
09 Aug 2016 02:00:38
Original commit files touched by this commit  0.11.4
Revision:419896
cpm search for other commits by this committer
- Update to 0.11.4

Changelog:
  http://lists.infradead.org/pipermail/openconnect-devel/2016-August/003817.html

Reviewed by:	junovitch (mentor)
Approved by:	junovitch (mentor)
Differential Revision:	D7441
20 Jun 2016 10:04:38
Original commit files touched by this commit  0.11.3
Revision:417147
cpm search for other commits by this committer
- Update to 0.11.3
- Add LIB_DEPENDS for security/nettle
- Switch to USES=localbase framework

ChangeLog:
  http://lists.infradead.org/pipermail/openconnect-devel/2016-June/003720.html

Reviewed by:	amdmi3, junovitch (mentors)
Approved by:	amdmi3, junovitch (mentors)
Differential Revision:	D6890
28 Apr 2016 20:27:15
Original commit files touched by this commit  0.11.2
Revision:414238
cpm search for other commits by this committer
- Update to 0.11.2 release
- Remove unneeded patch (applied upstream)

Changelog: http://www.infradead.org/ocserv/changelog.html

Approved by:	junovitch (mentor)
Differential Revision:	D6122
18 Apr 2016 15:17:09
Original commit files touched by this commit  0.11.1
Revision:413584
cpm search for other commits by this committer
- Update to 0.11.1 release
- Convert LICENSE= "GPLxx# or later" to "GPLxx+"
- Add dependency on libev
- Regenerate patches
- Add MAKE_JOBS_UNSAFE; port attempts to modify man page before generation
  sed: ocpasswd.8: No such file or directory

Changelog:	http://lists.infradead.org/pipermail/openconnect-devel/2016-March/003551.html

Approved by:	junovitch (mentor)
Differential Revision:	D5890
01 Apr 2016 14:16:20
Original commit files touched by this commit  0.10.12_1
Revision:412348
mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories m, n, o, and p.

With hat:	portmgr
Sponsored by:	Absolight
27 Mar 2016 14:58:00
Original commit files touched by this commit  0.10.12_1
Revision:411990
tijl search for other commits by this committer
- Update security/gnutls to 3.4.10.
- Rename the LIBDANE option DANE because that's the name of the protocol
  supported by libgnutls-dane and gnutls-cli.  Also clarify the option
  description.
- Add an IDN option.
- libgnutls-openssl has been removed in 3.4.  Some ports used this library
  in their LIB_DEPENDS but no port actually required it.
- Some old API functions have been removed.  Ports that used these have been
  updated or patched to use the new API.
- Add a patch to print/cups to prevent overlinking of libgnutls.so.
- Bump PORTREVISION on dependent ports.

net-im/jabber: This port used the old API to give users fine grained
control over which crypto algorithms were used via a configuration file.
It's not immediately obvious how to port this to the new API so the port
always uses the defaults now.

www/hydra: Mark BROKEN.  This uses more removed calls than the other ports,
is said to be alpha quality and not fully functional and has been abandoned
10 years ago.

PR:		207768
Exp-run by:	antoine
Approved by:	portmgr (antoine)
17 Mar 2016 10:32:06
Original commit files touched by this commit  0.10.12
Revision:411268
cpm search for other commits by this committer
- Update to 0.10.12
- Update MAINTAINER to my @FreeBSD.org address

PR:		207824
Approved by:	junovitch (mentor)
27 Jan 2016 10:31:11
Original commit files touched by this commit  0.10.11
Revision:407350
cpm search for other commits by this committer
- Update to 0.10.11

Changes:
  
http://lists.infradead.org/pipermail/openconnect-devel/2016-January/003362.html

PR:		205244
Submitted by:	Carlos J. Puga Medina <cpm@fbsd.es>
Approved by:	junovitch (mentor)
13 Oct 2015 12:13:15
Original commit files touched by this commit  0.10.9
Revision:399187
pi search for other commits by this committer
net/ocserv: 0.10.8 -> 0.10.9

Changes: http://www.infradead.org/ocserv/changelog.html

PR:		203739
Submitted by:	Carlos J Puga Medina <cpm@fbsd.es> (maintainer)
07 Oct 2015 01:36:22
Original commit files touched by this commit  0.10.8
Revision:398733
amdmi3 search for other commits by this committer
- Switch to options helpers
- Pet portlint

Approved by:	portmgr blanket
06 Sep 2015 20:24:11
Original commit files touched by this commit  0.10.8
Revision:396231
pi search for other commits by this committer
net/ocserv: 0.10.7 -> 0.10.8

- Update to 0.10.8 release
- Add libtasn1 dependency
- Fix patches

PR:		202936
Submitted by:	Carlos J Puga Medina <cpm@fbsd.es> (maintainer)
16 Aug 2015 21:48:16
Original commit files touched by this commit  0.10.7
Revision:394422
pi search for other commits by this committer
New port: net/ocserv: server implementing the AnyConnect SSL VPN protocol

OpenConnect server (ocserv) is an SSL VPN server. Its purpose is
to be a secure, small, fast and configurable VPN server. It implements
the OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol.
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
uses the standard IETF security protocols to secure it. Both IPv4
and IPv6 are supported.

Ocserv's main features are security through provilege separation
and sandboxing, accounting, and resilience due to a combined use
of TCP and UDP.  Authentication occurs in an isolated security
module process, and each user is assigned an unprivileged worker
process, and a networking (tun) device. That not only eases the
(Only the first 15 lines of the commit message are shown above View all of this commit message)

Number of commits found: 27

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
gitlab-ceJan 17
jenkinsJan 16
jenkins-ltsJan 16
py-matrix-synapseJan 15
irssiJan 10
giteaJan 06
uriparserJan 06
chromiumJan 05
chromiumJan 05
openjpeg*Jan 05
py-django111Jan 05
py-django20Jan 05
py-django21Jan 05
gitlab-ceJan 02
rpm4Dec 26

10 vulnerabilities affecting 55 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last updated:
2019-01-17 00:14:50


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 36003
Broken 113
Deprecated 412
Ignore 326
Forbidden 3
Restricted 162
No CDROM 74
Vulnerable 33
Expired 5
Set to expire 385
Interactive 0
new 24 hours 9
new 48 hours15
new 7 days39
new fortnight91
new month157

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2019 Dan Langille. All rights reserved.