notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

FInally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combinatio for a given watch list. This is what FreshPorts will look for.

Port details
openvpn Secure IP/Ethernet tunnel daemon
2.6.9 security on this many watch lists=130 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 2.6.9Version of this port present on the latest quarterly branch.
Maintainer: mandree@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2002-06-24 16:19:12
Last Update: 2024-02-13 07:09:05
Commit Hash: a84abd0
People watching this port, also watch:: sudo, unzip, nmap, rsync, wget
Also Listed In: net net-vpn
License: GPLv2
WWW:
https://openvpn.net/community/
Description:
OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the internet. It can operate over UDP or TCP, can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one server can handle many clients.
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
Expand this list (16 items)
Collapse this list.
  1. /usr/local/share/licenses/openvpn-2.6.9/catalog.mk
  2. /usr/local/share/licenses/openvpn-2.6.9/LICENSE
  3. /usr/local/share/licenses/openvpn-2.6.9/GPLv2
  4. include/openvpn-msg.h
  5. include/openvpn-plugin.h
  6. lib/openvpn/plugins/openvpn-plugin-auth-pam.so
  7. lib/openvpn/plugins/openvpn-plugin-down-root.so
  8. libexec/openvpn-client.down
  9. libexec/openvpn-client.up
  10. share/man/man5/openvpn-examples.5.gz
  11. share/man/man8/openvpn.8.gz
  12. sbin/openvpn
  13. sbin/openvpn-client
  14. @owner
  15. @group
  16. @mode
Collapse this list.
Dependency lines:
  • openvpn>0:security/openvpn
Conflicts:
CONFLICTS_INSTALL:
  • openvpn-2*
  • openvpn-devel
  • openvpn-mbedtls
Conflicts Matches:
There are no Conflicts Matches for this port. This is usually an error.
To install the port:
cd /usr/ports/security/openvpn/ && make install clean
To add the package, run one of these commands:
  • pkg install security/openvpn
  • pkg install openvpn
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: openvpn
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1707807057 SHA256 (openvpn-2.6.9.tar.gz) = e08d147e15b4508dfcd1d6618a1f21f1495f9817a8dadc1eddf0532fa116d7e3 SIZE (openvpn-2.6.9.tar.gz) = 1901193

Packages (timestamps in pop-ups are UTC):
openvpn
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest2.6.92.6.92.5.02.6.92.6.9-2.5.0-
FreeBSD:13:quarterly2.6.92.6.92.6.52.6.92.6.92.6.8_12.6.8_12.6.9
FreeBSD:14:latest2.6.92.6.92.5.82.6.92.6.92.6.5-2.6.5
FreeBSD:14:quarterly2.6.92.6.9-2.6.92.6.92.6.8_12.6.8_12.6.9
FreeBSD:15:latest2.6.92.6.9n/a2.6.8_2n/a2.6.8_22.6.8_22.6.9
FreeBSD:15:quarterly--n/a-n/a---
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. cmocka>=0 : sysutils/cmocka
  2. rst2man : textproc/py-docutils@py39
  3. pkgconf>=1.3.0_1 : devel/pkgconf
  4. python3.9 : lang/python39
Runtime dependencies:
  1. easy-rsa>=0 : security/easy-rsa
Library dependencies:
  1. liblz4.so : archivers/liblz4
  2. liblzo2.so : archivers/lzo2
  3. libpkcs11-helper.so : security/pkcs11-helper
This port is required by:
for Build
  1. security/openvpn-auth-ldap
  2. security/openvpn-auth-script
for Run
  1. security/duo_openvpn
  2. security/openvpn-admin
  3. security/openvpn-auth-radius

Deleted ports which required this port:

Expand this list of 2 deleted ports
  1. security/kovpn*
  2. security/protonvpn-cli*
  3. Collapse this list of deleted ports.
* - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

Configuration Options:
===> The following configuration options are available for openvpn-2.6.9: ASYNC_PUSH=off: Enable async-push support DCO=on: Data Channel Offload/ovpn(4) support->README.dco.md DOCS=on: Build and/or install documentation EASYRSA=on: Install security/easy-rsa RSA helper package EXAMPLES=on: Build and/or install examples LZ4=on: LZ4 compression support LZO=on: LZO compression (incompatible with LibreSSL) PKCS11=on: Use security/pkcs11-helper, needs same SSL lib! SMALL=off: Build a smaller executable with fewer features TEST=on: Build and/or run tests UNITTESTS=off: Enable unit tests X509ALTUSERNAME=off: Enable --x509-username-field ===> Use 'make config' to modify these settings
Options name:
security_openvpn
USES:
cpe libtool localbase:ldflags pkgconfig python:build shebangfix ssl
FreshPorts was unable to extract/find any pkg message
Master Sites:
Expand this list (6 items)
Collapse this list.
  1. http://distcache.FreeBSD.org/local-distfiles/mandree/
  2. http://distcache.eu.FreeBSD.org/local-distfiles/mandree/
  3. http://distcache.us-east.FreeBSD.org/local-distfiles/mandree/
  4. http://distcache.us-west.FreeBSD.org/local-distfiles/mandree/
  5. https://build.openvpn.net/downloads/releases/
  6. https://swupdate.openvpn.org/community/releases/
Collapse this list.
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2023-01-27
    Affects: users of security/openvpn
    Author: mandree@freebsd.org
    Reason: 
      OpenVPN has been updated to the new upstream release v2.6.0, which
      is quite compatible with v2.5 versions.
    
      A copy of the latest v2.5.8 port is being kept as security/openvpn25 (or
      openvpn25 package) until end of March 2023.
    
    
Port Moves
  • port moved here from security/openvpn25 on 2023-03-31
    REASON: Has expired: replaced by new upstream release 2.6.0

Number of commits found: 213 (showing only 100 on this page)

1 | 2 | 3  »  

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
2.6.9
13 Feb 2024 07:09:05
commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55commit hash: a84abd0caacf67e3963e45abf2211dd2fb13af55 files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.9 bug-fix release

ChangeLog:	https://github.com/OpenVPN/openvpn/blob/v2.6.9/Changes.rst#overview-of-changes-in-269
MFH:		2024Q1
2.6.8_2
30 Jan 2024 17:26:53
commit hash: f139e51116d4b6b17d6641d39ad8650309322840commit hash: f139e51116d4b6b17d6641d39ad8650309322840commit hash: f139e51116d4b6b17d6641d39ad8650309322840commit hash: f139e51116d4b6b17d6641d39ad8650309322840 files touched by this commit
Gleb Popov (arrowd) search for other commits by this committer
Author: Helge Oldach
*: Move manpages to share/man

Approved by:	portmgr (blanket)
2.6.8_1
31 Dec 2023 00:37:05
commit hash: bbab7f59e9630416397189df70ec133bdd690e38commit hash: bbab7f59e9630416397189df70ec133bdd690e38commit hash: bbab7f59e9630416397189df70ec133bdd690e38commit hash: bbab7f59e9630416397189df70ec133bdd690e38 files touched by this commit
Muhammad Moinur Rahman (bofh) search for other commits by this committer
*/*: Sunset 12.4-RELEASE/12-STABLE from ports tree

- Remove all references to defunct ARCH arm
- Remove all references to defunct ARCH sparc64
- Remove x11-drivers/xf86-video-sunffb which requires defunct sparc64
  ARCH
- Remove sysutils/afbinit requires defunct sparc64 ARCH
- Remove all references to bktr driver
- Remove all references to defunct FreeBSD_12
- Remove all references to OSVERSION/OSREL corresponding to 12
- Remove conditionals in Mk/Uses/cabal.mk
- Remove sparc reference from Mk/Uses/qt-dist.mk
- Remove BROKEN_sparc64/NOT_FOR_ARCH=sparc64
- Remove BROKEN_FreeBSD_12* from:
- Remove OpenSSL patches from:
- Remove conditional flags for OSVERSION >= 1300000 to fixed flags.
  Also move conditional flags for non sparc64/arm ARCH to fixed flags.

Reviewed by:	brooks, jbeich, rene, salvadore
Differential Revision: https://reviews.freebsd.org/D42068
2.6.8_1
22 Nov 2023 22:42:36
commit hash: d67975600c84a139dea0cc29490273c79eccb564commit hash: d67975600c84a139dea0cc29490273c79eccb564commit hash: d67975600c84a139dea0cc29490273c79eccb564commit hash: d67975600c84a139dea0cc29490273c79eccb564 files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: add missing 2.6.x documentation,

...for instance, README.dco.md but also others.

Update DCO help text to refer to this .md file.

Found while debugging
PR:		275206
MFH:		2023Q4
2.6.8
21 Nov 2023 17:03:09
commit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3ccommit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3ccommit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3ccommit hash: f6ef06771b5a341e91ea38b0d758c4cf614f1b3c files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.8 bug-fix release

hopefully fixes...

PR:		275206
Changelog:	https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst#overview-of-changes-in-268
MFH:		2023Q4
2.6.7_1
15 Nov 2023 21:21:33
commit hash: 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89commit hash: 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89commit hash: 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89commit hash: 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89 files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: fix regressions and some documentation bits

Add two patches cherry-picked from upstream Git repository:

OpenVPN 2.6.7 regressed and experienced crashes in some situations,
https://github.com/OpenVPN/openvpn/issues/449
Reported by:	Vladimir Druzenko (vvd@)
Reported by:	Patrick Cable (upstream)
Obtained
from:	https://github.com/openvpn/openvpn/commit/b90ec6dabfb151dd93ef00081bbc3f55e7d3450f

Also, some typos in the documentation are fixed,
Obtained
from:	https://github.com/OpenVPN/openvpn/commit/457f468a76f324a14b1236988cc5f5a95f14abf5

Bump PORTREVISION.
PR:		275055
MFH:		2023Q4
2.6.7
13 Nov 2023 23:05:59
commit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48accommit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48accommit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48accommit hash: 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
Author: Brad Davis
security/openvpn: security update to 2.6.7

PR:		275055
Changelog:	https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267
Security:	CVE-2023-46849
Security:	CVE-2023-46850
MFH:		2023Q4
2.6.6
15 Aug 2023 20:28:12
commit hash: 128360b8e87c1518531f72031f3ac9aea3dab31fcommit hash: 128360b8e87c1518531f72031f3ac9aea3dab31fcommit hash: 128360b8e87c1518531f72031f3ac9aea3dab31fcommit hash: 128360b8e87c1518531f72031f3ac9aea3dab31f files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update → 2.6.6

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-266
2.6.5
16 Jun 2023 19:15:09
commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5commit hash: e4bef358911ada2a01e528591bf8d3566ca4c7e5 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.6.5

ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-265
2.6.4
16 May 2023 18:54:48
commit hash: 0512092a1f6233361edd411ad314ffa398a81c95commit hash: 0512092a1f6233361edd411ad314ffa398a81c95commit hash: 0512092a1f6233361edd411ad314ffa398a81c95commit hash: 0512092a1f6233361edd411ad314ffa398a81c95 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.6.4

https://github.com/OpenVPN/openvpn/blob/v2.6.4/Changes.rst#overview-of-changes-in-264

MFH:		2023Q2
2.6.3
15 Apr 2023 08:05:51
commit hash: 9152aca61800588efe5ebd43398f23704e325028commit hash: 9152aca61800588efe5ebd43398f23704e325028commit hash: 9152aca61800588efe5ebd43398f23704e325028commit hash: 9152aca61800588efe5ebd43398f23704e325028 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to v2.6.3

I separately verified the OpenVPN signature and ran more tests,
which the PR did not announce if it did.

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-263
PR:		270831
MFH:		2023Q2
2.6.2
28 Mar 2023 14:19:33
commit hash: ff146af9498c0a439aa959ff49f351c6c903d414commit hash: ff146af9498c0a439aa959ff49f351c6c903d414commit hash: ff146af9498c0a439aa959ff49f351c6c903d414commit hash: ff146af9498c0a439aa959ff49f351c6c903d414 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to new upstream release 2.6.2

Changes:
https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst#overview-of-changes-in-262

Note that --inactive does not yet work on FreeBSD.
2.6.1
12 Mar 2023 14:03:21
commit hash: 17fb7fd94ef213cabb4793b621d1a7cb3cfeef2fcommit hash: 17fb7fd94ef213cabb4793b621d1a7cb3cfeef2fcommit hash: 17fb7fd94ef213cabb4793b621d1a7cb3cfeef2fcommit hash: 17fb7fd94ef213cabb4793b621d1a7cb3cfeef2f files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: remove leftover comment
2.6.1
08 Mar 2023 20:52:24
commit hash: 50d615894fb6551a1265c9dec9e5e407c4ea8ce0commit hash: 50d615894fb6551a1265c9dec9e5e407c4ea8ce0commit hash: 50d615894fb6551a1265c9dec9e5e407c4ea8ce0commit hash: 50d615894fb6551a1265c9dec9e5e407c4ea8ce0 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: remove header file that now ships with 2.6.1 tarball

Since this is identical to what's in the tarball, no PORTREVISION
bump is required.
2.6.1
08 Mar 2023 20:45:44
commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474commit hash: bc733dffe09ceb5c4e8c158f80b647bb0dbed474 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.6.1

Changelog: https://github.com/OpenVPN/openvpn/blob/v2.6.1/Changes.rst
2.6.0
04 Mar 2023 10:41:17
commit hash: 118eb978b4e00bf5a2c82ba64492c5561f66739fcommit hash: 118eb978b4e00bf5a2c82ba64492c5561f66739fcommit hash: 118eb978b4e00bf5a2c82ba64492c5561f66739fcommit hash: 118eb978b4e00bf5a2c82ba64492c5561f66739f files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: default-enable DCO

(on FreeBSD but not 12 and 13, because the relevant if_ovpn module
is to appear in FreeBSD 14.)

Reported by:	Kristof Provost (kp@)
2.6.0
27 Jan 2023 21:32:22
commit hash: 6853ab171eff406db8b2451117bae397f926f4d2commit hash: 6853ab171eff406db8b2451117bae397f926f4d2commit hash: 6853ab171eff406db8b2451117bae397f926f4d2commit hash: 6853ab171eff406db8b2451117bae397f926f4d2 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn*: update to 2.6.0, keep openvpn25

- copy openvpn to openvpn25, mark as deprecated and to expire March 31

- update openvpn to openvpn 2.6.0, highlights from Frank Lichtenheld's
  release announcement e-mail, slightly edited:

 * Data Channel Offload (DCO) kernel acceleration support for Windows,
   Linux, and FreeBSD [14].
 * OpenSSL 3 support
 * Improved handling of tunnel MTU, including support for pushable MTU.
 * Outdated cryptographic algorithms disabled by default, but there are
   options to override if necessary.
 * Reworked TLS handshake, making OpenVPN immune to replay-packet state
   exhaustion attacks.
 * Added --peer-fingerprint mode for a more simplistic certificate setup
   and verification.
 * Improved protocol negotiation, leading to faster connection setup.

ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst
2.5.8
28 Oct 2022 18:24:56
commit hash: ae33c30fb0de4184a0987616465273db11eabe5ecommit hash: ae33c30fb0de4184a0987616465273db11eabe5ecommit hash: ae33c30fb0de4184a0987616465273db11eabe5ecommit hash: ae33c30fb0de4184a0987616465273db11eabe5e files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to 2.5.8

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-258
2.5.7_3
04 Oct 2022 06:20:50
commit hash: ae6cc1b955c9ece4d45071ce6a80d6a8ff01c524commit hash: ae6cc1b955c9ece4d45071ce6a80d6a8ff01c524commit hash: ae6cc1b955c9ece4d45071ce6a80d6a8ff01c524commit hash: ae6cc1b955c9ece4d45071ce6a80d6a8ff01c524 files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
Author: VVD
security/openvpn: fix up ${name}_flags option

was broken in previous commit; bumping PORTREVISION again

PR:		266796
2.5.7_2
03 Oct 2022 20:15:41
commit hash: 29d16aeb4442994cf93d26084e4b79ff55d3febacommit hash: 29d16aeb4442994cf93d26084e4b79ff55d3febacommit hash: 29d16aeb4442994cf93d26084e4b79ff55d3febacommit hash: 29d16aeb4442994cf93d26084e4b79ff55d3feba files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
Author: 0x1eef
security/openvpn: support ${name}_FLAGS

and bump PORTREVISION.

PR:		266796
07 Sep 2022 21:58:51
commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4 files touched by this commit
Stefan Eßer (se) search for other commits by this committer
Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)
2.5.7_1
07 Sep 2022 21:10:59
commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 files touched by this commit
Stefan Eßer (se) search for other commits by this committer
Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
2.5.7_1
21 Aug 2022 09:14:14
commit hash: b351c098c402409e6223c5c764de439a2c0249d5commit hash: b351c098c402409e6223c5c764de439a2c0249d5commit hash: b351c098c402409e6223c5c764de439a2c0249d5commit hash: b351c098c402409e6223c5c764de439a2c0249d5 files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: remove obsolete pkg-help
2.5.7_1
20 Jul 2022 14:22:56
commit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fe files touched by this commit
Tobias C. Berner (tcberner) search for other commits by this committer
security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Kapranoff <kappa@rambler-co.ru>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexander Botero-Lowry <alex@foxybanana.com>
  *  Alexander Kriventsov <avk@vl.ru>
  *  Alexander Leidinger <netchild@FreeBSD.org>
(Only the first 15 lines of the commit message are shown above View all of this commit message)
2.5.7_1
31 May 2022 16:42:13
commit hash: 1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02acommit hash: 1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02acommit hash: 1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02acommit hash: 1dc25fd358a4b48ecc5bb498127ef0fa5fc9f02a files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: Bump PORTREVISION to be newer than on quarterly.

This is to make sure that with 2022Q3 branching off of this
version, the package will look newer and flush out the old
package, with MBEDTLS and TUNNELBLICK options now removed.
2.5.7
31 May 2022 16:33:26
commit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1dcommit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1dcommit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1dcommit hash: 9acfd1b4afebdf57366dff963ddc70d962994d1d files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.5.7

FreeBSD-related changes from Changes.rst:

- Limited OpenSSL 3.0 support
    OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies
    on the compatiblity layer and full OpenSSL 3.0 support is coming with
    OpenVPN 2.6. Only features that impact usage directly have been
    backported:

    ``--tls-cert-profile insecure``  has been added to allow selecting the
    lowest  OpenSSL security level (not recommended, use only if you must).

    OpenSSL 3.0 no longer supports the Blowfish (and other deprecated)
    algorithm by default and the new option ``--providers`` allows loading
(Only the first 15 lines of the commit message are shown above View all of this commit message)
2.5.6_1
26 Apr 2022 21:59:42
commit hash: 5f10d01ce1d79fed8456d454b7cb24afea1a4ae3commit hash: 5f10d01ce1d79fed8456d454b7cb24afea1a4ae3commit hash: 5f10d01ce1d79fed8456d454b7cb24afea1a4ae3commit hash: 5f10d01ce1d79fed8456d454b7cb24afea1a4ae3 files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: drop man source patch

There has been a report of sporadic man-page rebuilds on OpenZFS.
While the patch order is correct, we do not intend to rebuild the
manpage (after a nobody -> openvpn change, for instance), and
we also patch the output files.  So just remove the source patch.

This should go without any functional changes, so ships without
bumping PORTREVISION.

There is an upstream ticket reporting a missing source file
in the tarball. https://community.openvpn.net/openvpn/ticket/1461

Reported by:    Jan Martin Mikkelsen
PR:             263116
2.5.6_1
03 Apr 2022 11:18:14
commit hash: 641a5f758779426305916b4666674795bc8822a4commit hash: 641a5f758779426305916b4666674795bc8822a4commit hash: 641a5f758779426305916b4666674795bc8822a4commit hash: 641a5f758779426305916b4666674795bc8822a4 files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bump PORTREVISION

...forgotten in previous commit.
2.5.6
03 Apr 2022 11:15:57
commit hash: 69cd4e114c005a94137adade08306e574fb20382commit hash: 69cd4e114c005a94137adade08306e574fb20382commit hash: 69cd4e114c005a94137adade08306e574fb20382commit hash: 69cd4e114c005a94137adade08306e574fb20382 files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: remove MBEDTLS and TUNNELBLICK options.
2.5.6
17 Mar 2022 22:27:50
commit hash: 2e150241fbafae40eaaae496c58c1e77306b73aecommit hash: 2e150241fbafae40eaaae496c58c1e77306b73aecommit hash: 2e150241fbafae40eaaae496c58c1e77306b73aecommit hash: 2e150241fbafae40eaaae496c58c1e77306b73ae files touched by this commit
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: security update to 2.5.6

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256

Somewhat related to and obsoletes:
PR:		262626
Security:	45a72180-a640-11ec-a08b-85298243e224
Security:	CVE-2022-0547
Security:	https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
MFH:		2022Q1
2.5.5_1
28 Jan 2022 12:14:09
commit hash: b93e64d3c3240d1e4a8fc510b14aa2175e5be012commit hash: b93e64d3c3240d1e4a8fc510b14aa2175e5be012commit hash: b93e64d3c3240d1e4a8fc510b14aa2175e5be012commit hash: b93e64d3c3240d1e4a8fc510b14aa2175e5be012 files touched by this commit This port version is marked as vulnerable.
Tijl Coosemans (tijl) search for other commits by this committer
security/mbedtls: Update to 2.28.0 and fix make test

Also bump dependent ports for library version change.

PR:		255084
2.5.5
15 Dec 2021 17:31:52
commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5commit hash: 6a5dfca9f56080a45627bb4ba0b02039abd36aa5 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.5.5

Bugfixes (FreeBSD-specific):
* improve "make check" to notice if "openvpn --show-cipher" crashes
* improve argv unit tests
* ensure unit tests work with mbedTLS builds without BF-CBC ciphers
* include "--push-remove" in the output of "openvpn --help"
* fix "resolvconf -p" invocation in example "up" script
* fix "common_name" environment for script calls when
  "--username-as-common-name" is in effect (Trac #1434)

Documentation:
* move "push-peer-info" documentation from "server options" to "client"
  (where it belongs)
* correct "foreign_option_{n}" typo in manpage
* update IRC information in CONTRIBUTING.rst (libera.chat)
* README.down-root: fix plugin module name
2.5.4_3
12 Dec 2021 11:00:22
commit hash: f77789f296dd797bf008a895ed71abcc603c0374commit hash: f77789f296dd797bf008a895ed71abcc603c0374commit hash: f77789f296dd797bf008a895ed71abcc603c0374commit hash: f77789f296dd797bf008a895ed71abcc603c0374 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: Default-enable PKCS#11 option

Bump PORTREVISION.

PR:		260352
Reported by:	Marcin Wojtas
2.5.4_2
12 Dec 2021 11:00:21
commit hash: 42d73509241dbede9fb29d56683188fa4a1b2872commit hash: 42d73509241dbede9fb29d56683188fa4a1b2872commit hash: 42d73509241dbede9fb29d56683188fa4a1b2872commit hash: 42d73509241dbede9fb29d56683188fa4a1b2872 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: sort OPTIONS_{DEFAULT|DEFINE}
2.5.4_2
12 Dec 2021 11:00:20
commit hash: bedfd042b988444cb311f477d5cf1e4457ead29fcommit hash: bedfd042b988444cb311f477d5cf1e4457ead29fcommit hash: bedfd042b988444cb311f477d5cf1e4457ead29fcommit hash: bedfd042b988444cb311f477d5cf1e4457ead29f files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: deprecate tunnelblick

While here, shorten LZO_DESC to fit 80x24 dialogs.
2.5.4_2
11 Dec 2021 23:16:20
commit hash: d02b0675d0630a9ac66617becd9f9cfbbca9c524commit hash: d02b0675d0630a9ac66617becd9f9cfbbca9c524commit hash: d02b0675d0630a9ac66617becd9f9cfbbca9c524commit hash: d02b0675d0630a9ac66617becd9f9cfbbca9c524 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: re-enable mbedTLS build

...now that mbedTLS metadata was fixed to show the actual situation
for mbedTLS 2.x.y, that it's either Apache License 2.0, or
GNU General Public License 2.0 or any later version.

While here, also mark the main port with mbedTLS option enabled to
record it's going to lose the mbedTLS option end of March 2022.
2.5.4_2
11 Dec 2021 12:42:31
commit hash: 5cc978dcfe58a52b9a163e080d855b022ac22545commit hash: 5cc978dcfe58a52b9a163e080d855b022ac22545commit hash: 5cc978dcfe58a52b9a163e080d855b022ac22545commit hash: 5cc978dcfe58a52b9a163e080d855b022ac22545 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: license incompat mbedTLS, LZO+LibreSSL

After reviewing licenses again,
- mark mbedTLS broken for now, since it uses the Apache License 2.0,
  which is incompatible with the GPLv2 (OpenVPN does not employ the
  "or any later version" escape hatch). This will be handed to the
  OpenVPN-devel mailing list for review.

- block out the combination of LZO with LibreSSL, since OpenVPN
  only has a linking exception for OpenSSL itself. Remedy is
  to either forgo LibreSSL, or to disable the LZO option, which
  requires proper configuration on either end. The maintainer's
  recommendation is to compile with OpenSSL instead.

Bump PORTREVISION in spite of unchanged contents to flush out old
packages.

MFH:		2021Q4
2.5.4_1
04 Dec 2021 18:38:41
commit hash: b66f0654e7db4c15e0973c3c9064331019f2712dcommit hash: b66f0654e7db4c15e0973c3c9064331019f2712dcommit hash: b66f0654e7db4c15e0973c3c9064331019f2712dcommit hash: b66f0654e7db4c15e0973c3c9064331019f2712d files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn-mbedtls: sunset port.

mbedTLS is obsolete through its lack of TLS v1.3 support
OpenVPN-mbedtls does not work on 14-CURRENT.
=> remove this port and the MBEDTLS option end 2022Q1.
2.5.4_1
23 Nov 2021 22:11:40
commit hash: 5933ac0b099d61d98eb531d373cf57a8927bc7afcommit hash: 5933ac0b099d61d98eb531d373cf57a8927bc7afcommit hash: 5933ac0b099d61d98eb531d373cf57a8927bc7afcommit hash: 5933ac0b099d61d98eb531d373cf57a8927bc7af files touched by this commit This port version is marked as vulnerable.
Stefan Eßer (se) search for other commits by this committer
*/*: Remove redundant '-[0-9]*' from CONFLICTS_INSTALL

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)
2.5.4_1
15 Nov 2021 22:38:08
commit hash: cf68fe10513a223715d6bfe7740478d60cb77321commit hash: cf68fe10513a223715d6bfe7740478d60cb77321commit hash: cf68fe10513a223715d6bfe7740478d60cb77321commit hash: cf68fe10513a223715d6bfe7740478d60cb77321 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
Author: Li-Wen Hsu
security/openvpn{,-devel}: Update WWW

for security/openvpn-devel:
Approved by: Gert Doering (maintainer)
2.5.4_1
01 Nov 2021 12:16:37
commit hash: 89d9e9320aff2d4c61be4c7dfa1b6829717bd034commit hash: 89d9e9320aff2d4c61be4c7dfa1b6829717bd034commit hash: 89d9e9320aff2d4c61be4c7dfa1b6829717bd034commit hash: 89d9e9320aff2d4c61be4c7dfa1b6829717bd034 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: rearrange Makefile

to portclippy-reported standard ordering
2.5.4_1
01 Nov 2021 12:04:24
commit hash: bb6ec079c50dc6f45700dd5897b35f66a19ee51ccommit hash: bb6ec079c50dc6f45700dd5897b35f66a19ee51ccommit hash: bb6ec079c50dc6f45700dd5897b35f66a19ee51ccommit hash: bb6ec079c50dc6f45700dd5897b35f66a19ee51c files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: create and use dedicated openvpn user

PR:		259384
2.5.4
05 Oct 2021 19:55:28
commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96commit hash: cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: bugfix update to 2.5.4

adds openvpn-examples(5) manual page

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-254
2.5.3
22 Jun 2021 19:25:44
commit hash: 159c6c7314095a10121155f501c093ad6f18c3c4commit hash: 159c6c7314095a10121155f501c093ad6f18c3c4commit hash: 159c6c7314095a10121155f501c093ad6f18c3c4commit hash: 159c6c7314095a10121155f501c093ad6f18c3c4 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: fix missing include for PATH_MAX

While here, add a warning banner about libressl support status,
and clean up a leftover INSTALL_DATA workaround no longer needed.

Patch suggested and
Reported by:	Franco Fichtner <franco@opnsense.org>
PR:		256744
2.5.3
18 Jun 2021 21:58:29
commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3commit hash: 24b0c58ea4e8f9562f6c260cc567aba9e1f63ed3 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: update to v2.5.3

Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst

FreeBSD relevant changes:
Bugfixes
*   disable connect-retry backoff for p2p (--secret) instances (Trac #1010,
#1384)
*   fix build with mbedtls w/o SSL renegotiation support
*   fix small memory leak in free_key_ctx for auth_token
*   Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409) -
    -> in FreeBSD ports, already fixed in 2.5.2_2 (PORTREVISION 2).

User-visible Changes
*   update copyright messages in files and --version output

New features
*   add --auth-token-user option (for --auth-token deployments without
--auth-user-pass in client config)
2.5.2_2
03 Jun 2021 10:47:25
commit hash: 6c20c4906a3b0f805c932f4e74ef7f62086e704dcommit hash: 6c20c4906a3b0f805c932f4e74ef7f62086e704dcommit hash: 6c20c4906a3b0f805c932f4e74ef7f62086e704dcommit hash: 6c20c4906a3b0f805c932f4e74ef7f62086e704d files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: band-aid fix for SIGSEGV on push echo

PR:		256331
Reported by:	peo@nethead.se
2.5.2_1
17 May 2021 17:56:12
commit hash: 42101271373865d49753e8d7b1fb66dfce325dd0commit hash: 42101271373865d49753e8d7b1fb66dfce325dd0commit hash: 42101271373865d49753e8d7b1fb66dfce325dd0commit hash: 42101271373865d49753e8d7b1fb66dfce325dd0 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: do not package .orig leftovers from patch

Bump PORTREVISION as we change the pkg-plist.
(Includes -mbedtls port variant.)

PR:		255946
Based on a patch by and
Reported by:	Mikael Urankar (mikael@)
2.5.2
21 Apr 2021 17:48:54
commit hash: 47340329e7b677aabf7caae900878c61c04f3b73commit hash: 47340329e7b677aabf7caae900878c61c04f3b73commit hash: 47340329e7b677aabf7caae900878c61c04f3b73commit hash: 47340329e7b677aabf7caae900878c61c04f3b73 files touched by this commit This port version is marked as vulnerable.
Matthias Andree (mandree) search for other commits by this committer
security/openvpn: security update to v2.5.2

Changelog:	https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252

Security:       CVE-2020-15078
Security:       efb965be-a2c0-11eb-8956-1951a8617e30
MFH:		2021Q2
2.5.1
06 Apr 2021 14:31:13
commit hash: 135fdeebb99c3569e42d8162b265e15d29bd937dcommit hash: 135fdeebb99c3569e42d8162b265e15d29bd937dcommit hash: 135fdeebb99c3569e42d8162b265e15d29bd937dcommit hash: 135fdeebb99c3569e42d8162b265e15d29bd937d files touched by this commit This port version is marked as vulnerable.
Mathieu Arnold (mat) search for other commits by this committer
all: Remove all other $FreeBSD keywords.
2.5.1
06 Apr 2021 14:31:07
commit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344eb files touched by this commit This port version is marked as vulnerable.
Mathieu Arnold (mat) search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
2.5.1
16 Mar 2021 21:45:50
Revision:568617Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: run ldd -a when multi-link of "same" library found

The build runs a sanity to check that libssl and libcrypto are linked
only once, to catch mismatches in SSL providers to libpkcs11-helper
and openvpn itself.  In order to assist the operator to find out
which libraries pull in differing versions of libcrypto or libssl,
run ldd -a in the error path. (Not run normally, not PORTREVISION bump.)

PR:		254323 (related)
2.5.1
24 Feb 2021 19:04:01
Revision:566502Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: Bugfix update to v2.5.1

Changelog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-251

MFH:		2021Q1 (point-level bugfix update)
2.5.0
30 Oct 2020 20:36:01
Revision:553713Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Update security/openvpn 2.5. For 2.3 peers, update your configuration,

...see ports/UPDATING or the
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-25

Avoid LibreSSL (IGNORE_SSL).
INSTALL_DATA -> INSTALL_MAN for documentation.
Rearrange Makefile according to portclippy.
2.4.9_3
06 Oct 2020 23:28:13
Revision:551609Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: fix test suite when ifconfig emits ::1/128 address format

Some systems apparently format output of ifconfig lo0 similar to
"inet6 ::1/128" instead of 12.1's "inet6 ::1 prefixlen 128". This
confuses the test script, so strip the slash and trailing prefixlen
off.

Since that bug affects the build-time test suite and its occurrence
breaks the build, no PORTREVISION bump needed.

Reported by:	des@
2.4.9_3
17 Jul 2020 13:58:35
Revision:542434Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
openvpn: Add one TODO marker (no functional change).
2.4.9_3
17 Jul 2020 10:30:37
Revision:542426Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: future proofing, PLUGINDIR now ...

...configured the official way, not hacky (which failed in openvpn-devel
because it broke some configure tests).
2.4.9_2
31 May 2020 08:40:03
Revision:537129Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: cherry-pick fixes from git repo

* 098edbb1 2020-05-20 | Switch assertion failure to returning false [Jeremy
Evans]
* fc029714 2020-05-30 | pool: prevent IPv6 pools to be larger than 2^16
addresses [Antonio Quartulli]
* 38b46e6b 2020-02-20 | Persist management-query-remote and proxy prompts [Selva
Nair]

MFH:		2020Q2 (blanket approval for stability fixes)
2.4.9_1
07 May 2020 16:28:42
Revision:534272Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: reliability fixes cherry-picked from upstream

Arne Schwabe's OpenSSL fix for Debian Bug#958296
"Fix tls_ctx_client/server_new leaving error on OpenSSL error stack"
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958296> [1]

Selva Nair's auth-pam fixes
"Parse static challenge response in auth-pam plugin"
"Accept empty password and/or response in auth-pam plugin"

Re-diff (with make makepatch) older patches.

Reported by:	Jonas Andradas via Debian BTS
Obtained from:	Arne Schwabe, Selva Nair
<https://github.com/OpenVPN/openvpn/tree/release/2.4>
MFH:		2020Q2 (blanket for backporting reliability fixes)
2.4.9
17 Apr 2020 18:38:45
Revision:531957Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: update to 2.4.9 (also for -mbedtls slave port)

At the same time, remove ASYNC_PUSH_LIBS workaround from [1].

Changelog (high-level):
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249

Git changelog, marking the three fixes that were already in 2.4.8_3
as cherry-picks with a 1, 2, or 3 instead of "*" to correspond
with the PORTREVISION, and those with "-" that are specific to other systems,
say, Windows.

* 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4,
Changes.rst) (tag: v2.4.9) [Gert Doering]
3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
(Only the first 15 lines of the commit message are shown above View all of this commit message)
2.4.8_3
16 Apr 2020 09:46:16
Revision:531837Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: Fix illegal client float (CVE-2020-11810)

There is a time frame between allocating peer-id and initializing data
channel key (which is performed on receiving push request or on async
push-reply) in which the existing peer-id float checks do not work right.

If a "rogue" data channel packet arrives during that time frame from another
address and with same peer-id, this would cause client to float to that new
address.

The net effect of this behaviour is that the VPN session for the "victim
client" is broken. Since the "attacker client" does not have suitable keys,
it can not inject or steal VPN traffic from the other session. The time
window is small and it can not be used to attack a specific client's session,
unless some other way is found to make it disconnect and reconnect first.

This fix is inherited by the openvpn-mbedtls slave port.

Obtained from:	Lev Stipakov (OpenVPN)
MFH:		2020Q2 (blanket security patch)
Security:	CVE-2020-11810
Security:	8604121c-7fc2-11ea-bcac-7781e90b0c8f
2.4.8_2
16 Mar 2020 22:58:27
Revision:528550Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: Add a FIXME marker to clean up a local workaround that was
upstreamed for 2.4.9. [info: Lev Stipakov]
PR: 244286
2.4.8_2
21 Feb 2020 20:15:50
Revision:526692Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
openvpn: Add default-off ASYNC_PUSH option.

When enabled, pulls in devel/libinotify, and
adds --enable-async-push to configure.

In contrast to garga@'s proposal, uses
ASYNC_PUSH_LIBS instead of a patch file.

PR:		244286
Submitted by:	garga@
2.4.8_1
26 Jan 2020 15:04:38
Revision:524180Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Reduce fragmentation when using ncp-ciphers

URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18975.html
2.4.8
26 Jan 2020 14:40:32
Revision:524178Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Allow build without compression libs.

In that situation, add ./configure --enable-compression-stub.

While here, rearrange Makefile and use _ENABLE rather than _OFF
tags for the options.

Submitted by:	Daniel Engberg
Differential Revision:	https://reviews.freebsd.org/D23190
2.4.8
01 Nov 2019 11:54:44
Revision:516218Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8

This upstream release integrated two FreeBSD patches by Kyle Evans and me,
which are herewith dropped from the port.

Upstream release banner
"This is primarily a maintenance release with minor bugfixes and improvements."

High-level changes:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248>

Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8:
-  mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
[Antonio Quartulli]
-  openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev]
-  Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert
Doering]
(Only the first 15 lines of the commit message are shown above View all of this commit message)
2.4.7
07 Sep 2019 08:04:53
Revision:511397Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn: regression fix, support LibreSSL again.

(I use a different patch than what was submitted by pizzamig@,
and have sent our patch upstream.)

Remove IGNORE_SSL.

While here, remove USE_LDCONFIG to fix a portlint complaint,
and fix a typo in a Makefile comment.

PR:		238382
Reported by:	pizzamig@
2.4.7
06 Sep 2019 18:16:53
Revision:511348Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix a sed regexp from GNUism to POSIX.

Thanks!

Also sent upstream for inclusion today,
https://sourceforge.net/p/openvpn/mailman/message/36757480/ and
https://sourceforge.net/p/openvpn/mailman/message/36757481/

PR:		240306
Submitted by:	kevans@
2.4.7
14 Aug 2019 12:16:13
Revision:508909Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
Convert to UCL & cleanup pkg-message (categories s)
2.4.7
14 Aug 2019 03:26:09
Revision:508887Original commit files touched by this commit This port version is marked as vulnerable.
meta search for other commits by this committer
Implement new virtual category: net-vpn for VPN related ports

based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html

PR:		239395
Submitted by:	myself
Approved by:	portmgr (mat)
Differential Revision:	https://reviews.freebsd.org/D21174
2.4.7
13 Jul 2019 08:31:14
Revision:506516Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN won't compile with LibreSSL, mark IGNORE.

Upstream maintainers are massively pushing back against patches
offered so far with valid and concrete technical reasons and unsuitability
of the LibreSSL version API that will create a maintenance nightmare.
(And LibreSSL abusing the OpenSSL API.)

PR:		238382
Submitted by:	pizzamig
2.4.7
21 Feb 2019 19:30:52
Revision:493524Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
security/openvpn[-mbedtls] update to OpenVPN 2.4.7

Upstream release announcement:
"This is primarily a maintenance release with bugfixes and improvements.
One of the big things is enhanced TLS 1.3 support

Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that."

Move USES up to please portlint.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-247>

Detailed change list:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.7>
2.4.6_3
05 Nov 2018 09:30:18
Revision:484182Original commit files touched by this commit This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Add LICENSE_FILE
- Update WWW

Approved by:	portmgr blanket
2.4.6_3
14 Sep 2018 12:04:53
Revision:479770Original commit files touched by this commit This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.13.0 and bump dependent ports.
2.4.6_2
10 Aug 2018 14:23:16
Revision:476834Original commit files touched by this commit This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.12.0 and bump dependent ports.

MFH:		2018Q3
Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
2.4.6_1
07 Jun 2018 12:16:47
Revision:471909Original commit files touched by this commit This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.9.0 and bump dependent ports.
2.4.6
25 Apr 2018 22:00:04
Revision:468307Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
Only sleep in ports if BATCH/PACKAGE_BUILDING are not defined.

Sponsored by:	Absolight
2.4.6
25 Apr 2018 21:09:11
Revision:468306Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to new upstream bugfix release 2.4.6.

While here, warn and sleep for 10 s when building against LibreSSL.

Remove some cruft.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-246>

Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.6>

Reported by:	portscout
2.4.5_1
23 Apr 2018 19:26:32
Revision:468134Original commit files touched by this commit This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.8.0 and bump dependent ports.

MFH:		2018Q2
Security:	https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
2.4.5
13 Mar 2018 22:50:33
Revision:464440Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix build with LibreSSL 2.4.6

PR:		226568
Reported by:	Ralf van der Enden
Obtained from:	faminebadger <https://community.openvpn.net/openvpn/ticket/1038>
2.4.5
13 Mar 2018 00:10:33
Revision:464331Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to new upstream bugfix release 2.4.5.

Change summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245>

Changelog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.5>

While here, add a sanity check that traps inconsistent linkage,
if, for instance, the PKCS#11 helper has been built with a different
OPENSSL library version than OpenVPN.
2.4.4_2
12 Mar 2018 13:01:53
Revision:464247Original commit files touched by this commit This port version is marked as vulnerable.
tijl search for other commits by this committer
Update security/mbedtls to 2.7.1.

PR:		226550
MFH:		2018Q1
2.4.4_1
10 Mar 2018 18:49:04
Revision:464085Original commit files touched by this commit This port version is marked as vulnerable.
tijl search for other commits by this committer
- Update security/polarssl13 to 1.3.22.
- Update security/mbedtls to 2.7.0 and bump dependent ports.

MFH:		2018Q1
Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
2.4.4
11 Jan 2018 14:18:01
Revision:458739Original commit files touched by this commit This port version is marked as vulnerable.
danfe search for other commits by this committer
Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).
2.4.4
08 Oct 2017 09:46:27
Revision:451515Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Add missing conflicts
2.4.4
27 Sep 2017 21:27:15
Revision:450792Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN[-mbedtls] security update to 2.4.4

Upstream maintainers write: "This release includes a large number of small
fixes and enhancements. There is also an important security fix for legacy
setups that may still be using key-method 1. As that option was deprecated
12 years ago we estimate that not many production setups are affected in
practice."

Security information:
<https://community.openvpn.net/openvpn/wiki/CVE-2017-12166>

Change Summary:
<https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-244>

Changes as Git shortlog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.4>

Given the low impact, let's forget about MFHing this three days before
2017Q3 becomes EOL and relieved by 2017Q4.

Reported by:	portscout
Security:	CVE-2017-12166
Security:	3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8
2.4.3
21 Jun 2017 17:22:38
Revision:444043Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN security update to 2.4.3

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In
the process several vulnerabilities were found, some of which are
remotely exploitable in certain circumstances.

Compared to OpenVPN 2.4.2 there are several bugfixes and one major
feature: support for building with OpenSSL 1.1.

MFH:		2017Q3 (preapproved by Xin Li)
Security:	9f65d382-56a4-11e7-83e3-080027ef73ec
Security:	CVE-2017-7508
Security:	CVE-2017-7512
Security:	CVE-2017-7520
Security:	CVE-2017-7521
Security:	CVE-2017-7522
2.4.2
19 May 2017 21:20:19
Revision:441273Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Switch MASTER_SITES from http to https URI scheme.
2.4.2
11 May 2017 21:19:20
Revision:440667Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN update to 2.4.2 (security fixes)

ChangeLog:
<https://github.com/OpenVPN/openvpn/blob/v2.4.2/Changes.rst#version-242>

Details:
<https://github.com/OpenVPN/openvpn/releases/tag/v2.4.2>

Security Announcement:
<https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits>

Reported by:	Samuli Seppanen
Security:	04cc7bd2-3686-11e7-aa64-080027ef73ec
Security:	CVE-2017-7478
Security:	CVE-2017-7479
MFH:		2017Q2
2.4.1
23 Mar 2017 21:53:58
Revision:436782Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to openvpn release 2.4.1

This contains predominently bugfixes and compatibility with
newer OpenSSL/LibreSSL.

Remove one patch that had been cherry-picked from upstream, no longer
needed.

Summary:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-241
Changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
2.4.0
21 Mar 2017 23:04:59
Revision:436663Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix build with LibreSSL 2.5.1.

PR:		217140
Submitted by:	brnrd@
Obtained from:	Olivier Wahrenberger, via upstream maintainers review
2.4.0
05 Jan 2017 08:38:30
Revision:430622Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Flag conflict between PKCS11 and MBEDTLS in OPTIONS.
2.4.0
27 Dec 2016 23:16:57
Revision:429678Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
OpenVPN update to v2.4.0, old version in openvpn23*.

OpenVPN has been updated to v2.4.0.
Changes: <https://github.com/OpenVPN/openvpn/blob/v2.4.0/Changes.rst>

openvpn-polarssl has been renamed to openvpn-mbedtls to match the TLS
library's change of name.

The prior versions of the openvpn ports have been preserved in openvpn23
and openvpn23-polarssl, respectively, and are set to expire 2017-03-31.
2.3.14
08 Dec 2016 03:01:18
Revision:428095Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Upgrade to new upstream bugfix release 2.3.14.

Drop files/extra-patch-fix-subnet and corresponding OPTION, since this
is now part of the upstream release.

Changelog:	<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.14>
2.3.13_1
09 Nov 2016 22:06:26
Revision:425811Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Experimental patch for topology subnet.

Added as an extra patch behind an option that defaults to ON so people
can still opt out, this is slated for an upcoming 2.3.14 release that
is, however, not yet scheduled.

PR:		207831 (related)
Obtained from:	Gert Doering, via upstream Git repository 446ef5bda4cdc75d
2.3.13
04 Nov 2016 08:42:24
Revision:425304Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Upgrade to upstream bugfix release 2.3.13.

ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13>
2.3.12_1
27 Aug 2016 12:23:58
Revision:420973Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Fix self-tests in poudriere, make them more robust [1].

The self-tests used to fail in poudriere with dependency cycles in
Makefile that weren't visible earlier. Conditionally change ALL_TARGET
to check (do not use all check, that would require gmake) if the TEST
option is set (default), or set TEST_TARGET if the TEST option is unset.

While I am unable to reproduce 212146 claiming the self-tests fail on an
IPv6-disabled host, and I believe it's a red herring masking a local
configuration issue, doubt sed(1) and add blanks, and be sure to add the
"proto" earlier. The reporter didn't mention his OS version.

No PORTREVISION bump since the default build is unaffected.

PR:		212146 [1]
2.3.12_1
27 Aug 2016 09:32:30
Revision:420966Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Make self-test the TEST option, support make test. Enabled by default.

NB: This is a critical port with many users, and the test is low on
resources, it takes two minutes idling, waiting for timers to expire.

Replace former ".if ... post-build:" by "post-build-TEST-on: test".
Replace former post-build by "TEST_TARGET=check".

Add a temporary (9 months or so-ish) compatibility wrapper to move
people from the prior port-specific WITHOUT_CHECK to WITHOUT=TEST or
OPTIONS_UNSET=TEST. Uses WARNING+= to make user aware of the change.

While here, shorten the POLARSSL_DESC help message.

Requested by:	brnrd@
Differential Revision:	D7507 (sort-of)
2.3.12_1
27 Aug 2016 01:17:24
Revision:420956Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Update Tunnelblick XOR patch.

PR:		212136
Submitted by:	Franco Fichtner
2.3.12
25 Aug 2016 12:58:16
Revision:420844Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
Fix build with tunnelblick patch.

Sponsored by:	Absolight
2.3.12
24 Aug 2016 22:33:26
Revision:420825Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Update to new upstream bugfix release 2.3.12, add "stats" to rc script.

* Upstream changes:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12>
* The cmocka-based unit tests are currently disabled, too much hassle
  and deps to get them running.
* Add patch-configure to drop the unit-test related warnings.
* Extend run control script to understand the "stats" argument, to send
  SIGUSR2 to the process, contributed by Anton Yuzhaninov (with one
  additional line fold).
* Drop patch-629baad8, no longer needed.
* Refresh other patches with make clean extract do-patch makepatch

Number of commits found: 213 (showing only 100 on this page)

1 | 2 | 3  »