Commit History - (may be incomplete: see SVNWeb link above for full details) |
Date | By | Description |
30 Oct 2020 20:36:01
2.5.0

|
mandree  |
Update security/openvpn 2.5. For 2.3 peers, update your configuration,
...see ports/UPDATING or the
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25
Avoid LibreSSL (IGNORE_SSL).
INSTALL_DATA -> INSTALL_MAN for documentation.
Rearrange Makefile according to portclippy. |
06 Oct 2020 23:28:13
2.4.9_3

|
mandree  |
security/openvpn: fix test suite when ifconfig emits ::1/128 address format
Some systems apparently format output of ifconfig lo0 similar to
"inet6 ::1/128" instead of 12.1's "inet6 ::1 prefixlen 128". This
confuses the test script, so strip the slash and trailing prefixlen
off.
Since that bug affects the build-time test suite and its occurrence
breaks the build, no PORTREVISION bump needed.
Reported by: des@ |
17 Jul 2020 13:58:35
2.4.9_3

|
mandree  |
openvpn: Add one TODO marker (no functional change). |
17 Jul 2020 10:30:37
2.4.9_3

|
mandree  |
security/openvpn: future proofing, PLUGINDIR now ...
...configured the official way, not hacky (which failed in openvpn-devel
because it broke some configure tests). |
31 May 2020 08:40:03
2.4.9_2

|
mandree  |
security/openvpn: cherry-pick fixes from git repo
* 098edbb1 2020-05-20 | Switch assertion failure to returning false [Jeremy
Evans]
* fc029714 2020-05-30 | pool: prevent IPv6 pools to be larger than 2^16
addresses [Antonio Quartulli]
* 38b46e6b 2020-02-20 | Persist management-query-remote and proxy prompts [Selva
Nair]
MFH: 2020Q2 (blanket approval for stability fixes) |
07 May 2020 16:28:42
2.4.9_1

|
mandree  |
security/openvpn: reliability fixes cherry-picked from upstream
Arne Schwabe's OpenSSL fix for Debian Bug#958296
"Fix tls_ctx_client/server_new leaving error on OpenSSL error stack"
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958296> [1]
Selva Nair's auth-pam fixes
"Parse static challenge response in auth-pam plugin"
"Accept empty password and/or response in auth-pam plugin"
Re-diff (with make makepatch) older patches.
Reported by: Jonas Andradas via Debian BTS
Obtained from: Arne Schwabe, Selva Nair
<https://github.com/OpenVPN/openvpn/tree/release/2.4>
MFH: 2020Q2 (blanket for backporting reliability fixes) |
17 Apr 2020 18:38:45
2.4.9

|
mandree  |
security/openvpn: update to 2.4.9 (also for -mbedtls slave port)
At the same time, remove ASYNC_PUSH_LIBS workaround from [1].
Changelog (high-level):
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249
Git changelog, marking the three fixes that were already in 2.4.8_3
as cherry-picks with a 1, 2, or 3 instead of "*" to correspond
with the PORTREVISION, and those with "-" that are specific to other systems,
say, Windows.
* 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4,
Changes.rst) (tag: v2.4.9) [Gert Doering]
3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov] (Only the first 15 lines of the commit message are shown above ) |
16 Apr 2020 09:46:16
2.4.8_3

|
mandree  |
security/openvpn: Fix illegal client float (CVE-2020-11810)
There is a time frame between allocating peer-id and initializing data
channel key (which is performed on receiving push request or on async
push-reply) in which the existing peer-id float checks do not work right.
If a "rogue" data channel packet arrives during that time frame from another
address and with same peer-id, this would cause client to float to that new
address.
The net effect of this behaviour is that the VPN session for the "victim
client" is broken. Since the "attacker client" does not have suitable keys,
it can not inject or steal VPN traffic from the other session. The time
window is small and it can not be used to attack a specific client's session,
unless some other way is found to make it disconnect and reconnect first.
This fix is inherited by the openvpn-mbedtls slave port.
Obtained from: Lev Stipakov (OpenVPN)
MFH: 2020Q2 (blanket security patch)
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f |
16 Mar 2020 22:58:27
2.4.8_2

|
mandree  |
security/openvpn: Add a FIXME marker to clean up a local workaround that was
upstreamed for 2.4.9. [info: Lev Stipakov]
PR: 244286 |
21 Feb 2020 20:15:50
2.4.8_2

|
mandree  |
openvpn: Add default-off ASYNC_PUSH option.
When enabled, pulls in devel/libinotify, and
adds --enable-async-push to configure.
In contrast to garga@'s proposal, uses
ASYNC_PUSH_LIBS instead of a patch file.
PR: 244286
Submitted by: garga@ |
26 Jan 2020 15:04:38
2.4.8_1

|
mandree  |
Reduce fragmentation when using ncp-ciphers
URL:
openvpn-devel@lists.sourceforge.net/msg18975.html" REL="NOFOLLOW">https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18975.html |
26 Jan 2020 14:40:32
2.4.8

|
mandree  |
Allow build without compression libs.
In that situation, add ./configure --enable-compression-stub.
While here, rearrange Makefile and use _ENABLE rather than _OFF
tags for the options.
Submitted by: Daniel Engberg
Differential Revision: https://reviews.freebsd.org/D23190 |
01 Nov 2019 11:54:44
2.4.8

|
mandree  |
security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8
This upstream release integrated two FreeBSD patches by Kyle Evans and me,
which are herewith dropped from the port.
Upstream release banner
"This is primarily a maintenance release with minor bugfixes and improvements."
High-level changes:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248>
Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8:
- mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
[Antonio Quartulli]
- openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev]
- Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert
Doering] (Only the first 15 lines of the commit message are shown above ) |
07 Sep 2019 08:04:53
2.4.7

|
mandree  |
security/openvpn: regression fix, support LibreSSL again.
(I use a different patch than what was submitted by pizzamig@,
and have sent our patch upstream.)
Remove IGNORE_SSL.
While here, remove USE_LDCONFIG to fix a portlint complaint,
and fix a typo in a Makefile comment.
PR: 238382
Reported by: pizzamig@ |
06 Sep 2019 18:16:53
2.4.7

|
mandree  |
Fix a sed regexp from GNUism to POSIX.
Thanks!
Also sent upstream for inclusion today,
https://sourceforge.net/p/openvpn/mailman/message/36757480/ and
https://sourceforge.net/p/openvpn/mailman/message/36757481/
PR: 240306
Submitted by: kevans@ |
14 Aug 2019 12:16:13
2.4.7

|
mat  |
Convert to UCL & cleanup pkg-message (categories s) |
14 Aug 2019 03:26:09
2.4.7

|
meta  |
Implement new virtual category: net-vpn for VPN related ports
based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.
[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html
PR: 239395
Submitted by: myself
Approved by: portmgr (mat)
Differential Revision: https://reviews.freebsd.org/D21174 |
13 Jul 2019 08:31:14
2.4.7

|
mandree  |
OpenVPN won't compile with LibreSSL, mark IGNORE.
Upstream maintainers are massively pushing back against patches
offered so far with valid and concrete technical reasons and unsuitability
of the LibreSSL version API that will create a maintenance nightmare.
(And LibreSSL abusing the OpenSSL API.)
PR: 238382
Submitted by: pizzamig |
21 Feb 2019 19:30:52
2.4.7

|
mandree  |
security/openvpn[-mbedtls] update to OpenVPN 2.4.7
Upstream release announcement:
"This is primarily a maintenance release with bugfixes and improvements.
One of the big things is enhanced TLS 1.3 support
Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that."
Move USES up to please portlint.
Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-247>
Detailed change list:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.7> |
05 Nov 2018 09:30:18
2.4.6_3

|
amdmi3  |
- Add LICENSE_FILE
- Update WWW
Approved by: portmgr blanket |
14 Sep 2018 12:04:53
2.4.6_3

|
tijl  |
Update security/mbedtls to 2.13.0 and bump dependent ports. |
10 Aug 2018 14:23:16
2.4.6_2

|
tijl  |
Update security/mbedtls to 2.12.0 and bump dependent ports.
MFH: 2018Q3
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 |
07 Jun 2018 12:16:47
2.4.6_1

|
tijl  |
Update security/mbedtls to 2.9.0 and bump dependent ports. |
25 Apr 2018 22:00:04
2.4.6

|
mat  |
Only sleep in ports if BATCH/PACKAGE_BUILDING are not defined.
Sponsored by: Absolight |
25 Apr 2018 21:09:11
2.4.6

|
mandree  |
Update to new upstream bugfix release 2.4.6.
While here, warn and sleep for 10 s when building against LibreSSL.
Remove some cruft.
Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-246>
Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.6>
Reported by: portscout |
23 Apr 2018 19:26:32
2.4.5_1

|
tijl  |
Update security/mbedtls to 2.8.0 and bump dependent ports.
MFH: 2018Q2
Security: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released |
13 Mar 2018 22:50:33
2.4.5

|
mandree  |
Fix build with LibreSSL 2.4.6
PR: 226568
Reported by: Ralf van der Enden
Obtained from: faminebadger <https://community.openvpn.net/openvpn/ticket/1038> |
13 Mar 2018 00:10:33
2.4.5

|
mandree  |
Update to new upstream bugfix release 2.4.5.
Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245>
Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.5>
While here, add a sanity check that traps inconsistent linkage,
if, for instance, the PKCS#11 helper has been built with a different
OPENSSL library version than OpenVPN. |
12 Mar 2018 13:01:53
2.4.4_2

|
tijl  |
Update security/mbedtls to 2.7.1.
PR: 226550
MFH: 2018Q1 |
10 Mar 2018 18:49:04
2.4.4_1

|
tijl  |
- Update security/polarssl13 to 1.3.22.
- Update security/mbedtls to 2.7.0 and bump dependent ports.
MFH: 2018Q1
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01 |
11 Jan 2018 14:18:01
2.4.4

|
danfe  |
Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2). |
08 Oct 2017 09:46:27
2.4.4

|
mandree  |
Add missing conflicts |
27 Sep 2017 21:27:15
2.4.4

|
mandree  |
OpenVPN[-mbedtls] security update to 2.4.4
Upstream maintainers write: "This release includes a large number of small
fixes and enhancements. There is also an important security fix for legacy
setups that may still be using key-method 1. As that option was deprecated
12 years ago we estimate that not many production setups are affected in
practice."
Security information:
<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>
Change Summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-244>
Changes as Git shortlog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.4>
Given the low impact, let's forget about MFHing this three days before
2017Q3 becomes EOL and relieved by 2017Q4.
Reported by: portscout
Security: CVE-2017-12166
Security: 3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8 |
21 Jun 2017 17:22:38
2.4.3

|
mandree  |
OpenVPN security update to 2.4.3
OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In
the process several vulnerabilities were found, some of which are
remotely exploitable in certain circumstances.
Compared to OpenVPN 2.4.2 there are several bugfixes and one major
feature: support for building with OpenSSL 1.1.
MFH: 2017Q3 (preapproved by Xin Li)
Security: 9f65d382-56a4-11e7-83e3-080027ef73ec
Security: CVE-2017-7508
Security: CVE-2017-7512
Security: CVE-2017-7520
Security: CVE-2017-7521
Security: CVE-2017-7522 |
19 May 2017 21:20:19
2.4.2

|
mandree  |
Switch MASTER_SITES from http to https URI scheme. |
11 May 2017 21:19:20
2.4.2

|
mandree  |
OpenVPN update to 2.4.2 (security fixes)
ChangeLog:
<https://github.com/OpenVPN/openvpn/blob/v2.4.2/Changes.rst#version-242>
Details:
<https://github.com/OpenVPN/openvpn/releases/tag/v2.4.2>
Security Announcement:
<https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits>
Reported by: Samuli Seppanen
Security: 04cc7bd2-3686-11e7-aa64-080027ef73ec
Security: CVE-2017-7478
Security: CVE-2017-7479
MFH: 2017Q2 |
23 Mar 2017 21:53:58
2.4.1

|
mandree  |
Update to openvpn release 2.4.1
This contains predominently bugfixes and compatibility with
newer OpenSSL/LibreSSL.
Remove one patch that had been cherry-picked from upstream, no longer
needed.
Summary:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-241
Changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 |
21 Mar 2017 23:04:59
2.4.0

|
mandree  |
Fix build with LibreSSL 2.5.1.
PR: 217140
Submitted by: brnrd@
Obtained from: Olivier Wahrenberger, via upstream maintainers review |
05 Jan 2017 08:38:30
2.4.0

|
mandree  |
Flag conflict between PKCS11 and MBEDTLS in OPTIONS. |
27 Dec 2016 23:16:57
2.4.0

|
mandree  |
OpenVPN update to v2.4.0, old version in openvpn23*.
OpenVPN has been updated to v2.4.0.
Changes: <https://github.com/OpenVPN/openvpn/blob/v2.4.0/Changes.rst>
openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS
library's change of name.
The prior versions of the openvpn ports have been preserved in openvpn23
and openvpn23-polarssl, respectively, and are set to expire 2017-03-31. |
08 Dec 2016 03:01:18
2.3.14

|
mandree  |
Upgrade to new upstream bugfix release 2.3.14.
Drop files/extra-patch-fix-subnet and corresponding OPTION, since this
is now part of the upstream release.
Changelog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.14> |
09 Nov 2016 22:06:26
2.3.13_1

|
mandree  |
Experimental patch for topology subnet.
Added as an extra patch behind an option that defaults to ON so people
can still opt out, this is slated for an upcoming 2.3.14 release that
is, however, not yet scheduled.
PR: 207831 (related)
Obtained from: Gert Doering, via upstream Git repository 446ef5bda4cdc75d |
04 Nov 2016 08:42:24
2.3.13

|
mandree  |
Upgrade to upstream bugfix release 2.3.13.
ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13> |
27 Aug 2016 12:23:58
2.3.12_1

|
mandree  |
Fix self-tests in poudriere, make them more robust [1].
The self-tests used to fail in poudriere with dependency cycles in
Makefile that weren't visible earlier. Conditionally change ALL_TARGET
to check (do not use all check, that would require gmake) if the TEST
option is set (default), or set TEST_TARGET if the TEST option is unset.
While I am unable to reproduce 212146 claiming the self-tests fail on an
IPv6-disabled host, and I believe it's a red herring masking a local
configuration issue, doubt sed(1) and add blanks, and be sure to add the
"proto" earlier. The reporter didn't mention his OS version.
No PORTREVISION bump since the default build is unaffected.
PR: 212146 [1] |
27 Aug 2016 09:32:30
2.3.12_1

|
mandree  |
Make self-test the TEST option, support make test. Enabled by default.
NB: This is a critical port with many users, and the test is low on
resources, it takes two minutes idling, waiting for timers to expire.
Replace former ".if ... post-build:" by "post-build-TEST-on: test".
Replace former post-build by "TEST_TARGET=check".
Add a temporary (9 months or so-ish) compatibility wrapper to move
people from the prior port-specific WITHOUT_CHECK to WITHOUT=TEST or
OPTIONS_UNSET=TEST. Uses WARNING+= to make user aware of the change.
While here, shorten the POLARSSL_DESC help message.
Requested by: brnrd@
Differential Revision: D7507 (sort-of) |
27 Aug 2016 01:17:24
2.3.12_1

|
mandree  |
Update Tunnelblick XOR patch.
PR: 212136
Submitted by: Franco Fichtner |
25 Aug 2016 12:58:16
2.3.12

|
mat  |
Fix build with tunnelblick patch.
Sponsored by: Absolight |
24 Aug 2016 22:33:26
2.3.12

|
mandree  |
Update to new upstream bugfix release 2.3.12, add "stats" to rc script.
* Upstream changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12>
* The cmocka-based unit tests are currently disabled, too much hassle
and deps to get them running.
* Add patch-configure to drop the unit-test related warnings.
* Extend run control script to understand the "stats" argument, to send
SIGUSR2 to the process, contributed by Anton Yuzhaninov (with one
additional line fold).
* Drop patch-629baad8, no longer needed.
* Refresh other patches with make clean extract do-patch makepatch |
13 May 2016 16:07:26
2.3.11

|
mandree  |
Fix PolarSSL-based builds.
The upstream backported a change from the master branch that fixes the
PolarSSL-based builds to go with the PolarSSL 1.3.X built-in defaults.
Add a patch picked from the upstream's release/2.3 branch.
Remove the BROKEN= line and conditional.
No PORTREVISION bump because the patch only affects an option that was
formerly marked BROKEN.
(TRYBROKEN users need to force a rebuild and reinstallation manually.) |
12 May 2016 23:38:15
2.3.11

|
mandree  |
Security upgrade to OpenVPN 2.3.11, breaking POLARSSL option.
Quoting upstream maintainers' release notes:
"This release fixes two vulnerabilities: a port-share bug with DoS
potential and a buffer overflow by user supplied data when using pam
authentication. In addition a number of small fixes and improvements are
included."
WARNING: this upgrade breaks the PolarSSL-based build due to an
oversight in the cipher suite selection hardening, crashing
PolarSSL-based builds with a 0-pointer deferences.
Marking port BROKEN if POLARSSL is set.
Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 |
05 Apr 2016 02:17:40
2.3.10_2

|
mandree  |
One more fix for /usr/sbin/service -R. |
05 Apr 2016 02:08:04
2.3.10_1

|
mandree  |
Work around 10.3-RELEASE's service(8) shortcomings
PR: 208534
Reported by: allan@saddi.com |
01 Apr 2016 14:25:18
2.3.10

|
mat  |
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.
With hat: portmgr
Sponsored by: Absolight |
12 Jan 2016 09:07:45
2.3.10

|
mandree  |
Add an 'up' script for resolvconf integration, ...
contributed by Bapt@, but not yet touched up.
Needs proper license notice and documentation.
Therefore not yet linked to the build/install. |
08 Jan 2016 09:03:49
2.3.10

|
mandree  |
Upgrade to new upstream release 2.3.10.
Now requires PolarSSL/mbedTLS 1.3.X with X >= 8, PolarSSL 1.2 is EOL.
Match help text to the change.
Make sure the build uses the local unpacked includes before the system
includes, such that portmaster/portupgrade upgrades for PolarSSL work if
2.3.9 or older is pre-installed on the build system. |
20 Dec 2015 14:35:13
2.3.9

|
mandree  |
Update to new upstream release 2.3.9.
Removes the PW_SAVE option, the upstream code always permits saving
passwords to files now (so the feature is always enabled).
ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.9> |
20 Nov 2015 18:41:15
2.3.8

|
mandree  |
Add optional extra patch for Tunnelblick obfuscation.
Adds a --scramble method to the executable but not documentation.
Requires careful review of implications before enabling, and has not
been accepted upstream. https://tunnelblick.net/cOpenvpn_xorpatch.html
PR: 200215
Submitted by: Franco Fichtner |
24 Oct 2015 11:18:04
2.3.8

|
mandree  |
Handle OpenSSL/PolarSSL options in the right way,
such that it is maintainable if we add more SSL libs in the future.
To fix fall-out from r399858 and r399982. |
22 Oct 2015 14:07:10
2.3.8

|
mat  |
Fix build without POLARSSL.
Pointy hat to: mat
Sponsored by: Absolight |
20 Oct 2015 15:03:44
2.3.8

|
mat  |
Use options helpers.
Sponsored by: Absolight |
05 Aug 2015 19:10:16
2.3.8

|
mandree  |
Bugfix upgrade to new upstream release 2.3.8.
ChangeLog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.8 |
02 Aug 2015 15:03:20
2.3.7_1

|
tijl  |
By default libtool replaces -export-symbols <file> with -retain-symbols-file
<file> on ELF systems, but this doesn't really do what -export-symbols is
meant to do. On GNU ELF systems it converts <file> to a simple version
script first and then uses -version-script instead of -retain-symbols-file.
Let USES=libtool patch libtool scripts to do this on all systems with GNU
ld(1).
Bump PORTREVISION on all ports where the build log contains -export-symbols.
audio/calf: This port builds a module that now exports only one function,
but it also builds a number of executables that link to this module and
expect to see other functions. Because it's already a bit dodgy to link to
a module (libtool warns about this) let the module continue to export only
one function and instead build an ordinary library from the same source that
the executables can link to. Fix a number of other issues in the same (Only the first 15 lines of the commit message are shown above ) |
15 Jul 2015 00:11:00
2.3.7

|
mandree  |
Add an openvpn-polarssl that selects PolarSSL for its default TLS provider. |
10 Jun 2015 19:18:57
2.3.7

|
mandree  |
Update to new upstream release 2.3.7.
Fixes
PR: 194745 |
22 May 2015 21:39:38
2.3.6_5

|
mandree  |
Add experimental patch by Gert Doring to fix PR #194745.
Must be enabled through the options framework ("make config").
PR: 194745 |
04 May 2015 23:08:03
2.3.6_4

|
mandree  |
+ Update patch set for crypto engine fix [1].
Change option name so it is presented anew, default disabled.
+ Add openvpn-client wrapper script and up/down scripts to trigger
resolvconf, with minor edits. [2]
+ Set proper PLUGIN_LIBDIR so that plugins in the default directory can
be found with relative paths.
+ Compile shipped plugins with -fPIC.
PR: 195004 [1]
PR: 199529 [2]
Submitted by: yuri@rawbw.com [2]
Obtained from: https://community.openvpn.net/openvpn/ticket/480#comment:21 |
17 Apr 2015 13:37:37
2.3.6_3

|
tijl  |
Specify library version when depending on libpolarssl and switch ports to
PolarSSL 1.3 when they fail to build with 1.2. |
30 Mar 2015 18:37:24
2.3.6_3

|
mandree  |
Add an experimental patch for bug #195004.
Needs to be enabled through a port option.
PR: 195004 |
25 Mar 2015 20:06:21
2.3.6_2

|
mandree  |
Add a X509ALTUSERNAME port option to enable the --x509-username-field
run-time option.
Bump PORTREVISION.
PR: 198896
Submitted by: bastian+freebsd.org@waldi.eu.org |
02 Dec 2014 18:53:39
2.3.6_1

|
delphij  |
Add CPE data.
Requested by: des |
02 Dec 2014 05:54:07
2.3.6

|
delphij  |
Security Update to 2.3.6.
Approved by: so
MFH: 2014Q4
Security: 23ab5c3e-79c3-11e4-8b1e-d050992ecde8 |
24 Nov 2014 18:26:24
2.3.5_1

|
mandree  |
Add three patches from Git to unwedge the build after certs expired,
and two other fixes (bumping PORTREVISION):
44294568 Fix assertion error when using --cipher none
e9b07dc9 Fix to --shaper documentation on the man-page
b77c27a1 Modernize sample keys and sample configs |
29 Oct 2014 18:30:54
2.3.5

|
mandree  |
Upgrade to new upstream release 2.3.5.
Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
While here, drop @dirrm from pkg-plist. |
15 Jul 2014 16:57:39
2.3.4

|
adamw  |
Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS. |
10 May 2014 23:35:00
2.3.4

|
mandree  |
Update to new upstream release 2.3.4.
Changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.4>
Add USES=libtool and drop .la files. |
10 Apr 2014 20:20:35
2.3.3

|
mandree  |
Upgrade to new upstream 2.3.3 release. Misc bugfixes.
Changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.3>
Note that PKCS#11 helper support requires a pkcs11-helper upgrade from
<http://www.freebsd.org/cgi/query-pr.cgi?pr=188442> to be committed. |
28 Feb 2014 16:24:41
2.3.2_1

|
mandree  |
Fix several compilation issues where the upstream's configure script
required pkg-config, for instance, the PKCS11 option.
Submitted by: mat@ |
18 Feb 2014 09:03:59
2.3.2_1

|
mandree  |
- Repair PKCS11 option [1].
- Use the opportunity to simplify Makefile: leverage some of the
OptionsNG and Staging features, removing our homebrew predecessors.
- QA: Strip .so libraries, fix shebang paths in samples.
Obtained from: <https://forums.freebsd.org/viewtopic.php?f=7&t=44866> [1] |
27 Jan 2014 19:00:08
2.3.2

|
mandree  |
Fix self-tests and their non-fatal auto-skip on RedPorts.
Add patch-tests__t_cltsrv.sh to properly skip self-tests when no
inet/inet6 addresses are available, and to properly use udp6 when only
inet6 is available (for instance, on RedPorts).
Drop patch-src__openvpn__syshead.h, had already been integrated upstream.
PR: ports/185439 (related) |
01 Oct 2013 14:43:26
2.3.2

|
mandree  |
Convert from port-specific to official STAGEDIR support. |
20 Sep 2013 22:55:26
2.3.2

|
bapt  |
Add NO_STAGE all over the place in preparation for the staging support (cat:
security) |
31 May 2013 23:06:39
2.3.2

|
mandree  |
Update to new upstream release
2013.05.31 -- Version 2.3.2
Arne Schwabe (3):
Only print script warnings when a script is used. Remove stray mention of
script-security system.
Move settings of user script into set_user_script function
Move checking of script file access into set_user_script
Davide Brini (1):
Provide more accurate warning message
Gert Doering (2):
Fix NULL-pointer crash in route_list_add_vpn_gateway().
Fix problem with UDP tunneling due to mishandled pktinfo structures.
(Only the first 15 lines of the commit message are shown above ) |
31 Mar 2013 16:00:02
2.3.1

|
mandree  |
security upgrade to OpenVPN 2.3.1; upstream release notes are
"This release adds supports for PolarSSL 1.2. It also adds a fix to
prevent potential side-channel attacks by switching to a constant-time
memcmp when comparing HMACs in the openvpn_decrypt function. In
addition, it contains several bugfixes and documentation updates, as
well as some minor enhancements."
Full ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>
The port upgrade also offers an option to use the GPLv2+-licensed
PolarSSL instead of OpenSSL (which brings in a license mix).
PR: ports/177517
Reviewed by: miwi
Approved by: portmgr (miwi)
Security: 92f30415-9935-11e2-ad4c-080027ef73ec |
20 Jan 2013 02:55:49
2.3.0_3

|
mandree  |
- When installing from port, do not tamper with permissions of other files
in ${PREFIX}/sbin and ${PREFIX}/lib. [1]
- Do not install plugin .la/.so files with the executable bit set, they
are not executable.
PR: ports/175434 [1]
Submitted by: Benjamin Lorenz [1] |
17 Jan 2013 23:12:24
2.3.0_2

|
mandree  |
- Fix NOPORTDOCS regression [1], by installing to DESTDIR= and then installing
from
there, rather than tweaking the Makefiles.
- Move examples to EXAMPLESDIR, and heed NOPORTEXAMPLES
- Remove a leftover SUB_LIST addition.
- Switch comment to my FreeBSD e-mail address.
- Use PORTDOCS=* and PORTEXAMPLES=* to remove pkg-plist cruft
- Sort PORT_OPTIONS .ifs and stuff.
PR: ports/175283 [1]
Submitted by: Alexey Markov [1] |
13 Jan 2013 21:35:06
2.3.0_1

|
mandree  |
Add a new security/easy-rsa package that contains the bits that got
split out of OpenVPN prior to the current 2.3.0 release, and make that
security/openvpn RUN_DEPENDS on it. Also update UPDATING record. |
11 Jan 2013 23:09:37
2.3.0

|
mandree  |
OpenVPN changes, upgrades and fixes:
- Upgrade security/openvpn to v2.3.0 (changes installed layout a bit),
splitting and re-diffing patches.
- Retain v2.2.2 as security/openvpn22
- Mark security/openvpn20 as deprecated and to expire 6 months from now
- Fix TCP_NODELAY option (openvpn 2.3, 2.2), see
<http://community.openvpn.net/openvpn/ticket/158>
- Fix PassTOS option (openvpn 2.2, 2.0), see
http://community.openvpn.net/openvpn/ticket/135 |
06 Jan 2013 11:29:44
2.2.2

|
mandree  |
- Convert to OptionsNG
- Strip Makefile header
- Drop LIB_DEPENDS ABI versions |
05 Aug 2012 23:19:40
2.2.2 
|
dougb  |
Move the rc.d scripts of the form *.sh.in to *.in
Where necessary add $FreeBSD$ to the file
No PORTREVISION bump necessary because this is a no-op |
14 Jan 2012 08:57:23
2.2.2 
|
dougb  |
In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().
In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other. |
28 Dec 2011 20:43:49
2.2.2 
|
mandree  |
Update to new upstream release v2.2.2.
Changelog:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html |
24 Oct 2011 04:17:38
2.2.1_1 
|
dougb  |
Remove more tags from pkg-descr files fo the form:
- Name
em@i.l
or variations thereof. While I'm here also fix some whitespace and other
formatting errors, including moving WWW: to the last line in the file. |
04 Oct 2011 21:58:09
2.2.1_1 
|
mandree  |
Update and demote CONFLICTS to CONFLICTS_INSTALL. |
30 Aug 2011 17:11:57
2.2.1_1 
|
mandree  |
Use required_modules rather than _precmd.
To fix failures with 'restart'.
Reported by: Miroslav Lachman |
16 Aug 2011 22:33:30
2.2.1 
|
mandree  |
Fix skipping t_cltsrv when IP missing. Really this time.
Cause was a trap "... ; exit 1" 0 shell construct that needs to be
cancelled for the exit 77 to take effect. trap 0 inserted to that end. |
08 Aug 2011 22:38:44
2.2.1 
|
mandree  |
Fix NOPORTDOCS support, though differently than suggested
Reported by: pgollucci
PR: ports/159610 |
07 Aug 2011 18:05:35
2.2.1 
|
mandree  |
Skip self-test more readily without addresses. |
07 Aug 2011 17:23:40
2.2.1 
|
pav  |
- Turn off self-tests on pointyhat, they fail
Reported by: pointyhat |
20 Jul 2011 20:37:43
2.2.1 
|
mandree  |
Avoid jamming the build if the jail is without address, skip self-test. |
07 Jul 2011 00:16:57
2.2.1 
|
mandree  |
Update to upstream release 2.2.1.
NOTE: the easy-rsa/2.0 openssl.cnf file has been removed and replaced by
an openssl-0.9.8.cnf and an openssl-1.0.0.cnf file.
Changelog URL:
http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html |