diff options
| -rw-r--r-- | security/openvpn/Makefile | 6 | ||||
| -rw-r--r-- | security/openvpn/distinfo | 5 | ||||
| -rw-r--r-- | security/openvpn/files/openvpn.in | 10 | ||||
| -rw-r--r-- | security/openvpn/files/patch-629baad8 | 37 | ||||
| -rw-r--r-- | security/openvpn/files/patch-configure | 11 | ||||
| -rw-r--r-- | security/openvpn/files/patch-sample__sample-config-files__loopback-client | 2 | ||||
| -rw-r--r-- | security/openvpn/files/patch-sample__sample-config-files__loopback-server | 2 | ||||
| -rw-r--r-- | security/openvpn/files/patch-tests__t_cltsrv.sh | 2 |
8 files changed, 30 insertions, 45 deletions
diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index 3fa4c0dd8ecb..fef9011c7c5b 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openvpn -DISTVERSION= 2.3.11 +DISTVERSION= 2.3.12 CATEGORIES= security net MASTER_SITES= http://swupdate.openvpn.net/community/releases/ \ http://build.openvpn.net/downloads/releases/ @@ -19,6 +19,8 @@ USES= cpe libtool pkgconfig shebangfix tar:xz SHEBANG_FILES= sample/sample-scripts/verify-cn \ sample/sample-scripts/auth-pam.pl \ sample/sample-scripts/ucn.pl +# avoid picking up CMAKE, we don't have cmocka anyways. +CONFIGURE_ARGS+= CMAKE="" # let OpenVPN's configure script pick up the requisite libraries, # but do not break the plugin build if an older version is installed @@ -53,7 +55,7 @@ X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username X509ALTUSERNAME_PREVENTS= POLARSSL X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with PolarSSL. Disable X509ALTUSERNAME, or use OpenSSL instead -OPENSSL_USE= openssl=yes +OPENSSL_USES= ssl OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl # Pin the libmbedtls version because the 2.3.x port can't work with .so.10 or diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo index 9c89160bf730..4f3149edd3b6 100644 --- a/security/openvpn/distinfo +++ b/security/openvpn/distinfo @@ -1,2 +1,3 @@ -SHA256 (openvpn-2.3.11.tar.xz) = 0f5f1ca1dc5743fa166d93dd4ec952f014b5f33bafd88f0ea34b455cae1434a7 -SIZE (openvpn-2.3.11.tar.xz) = 833496 +TIMESTAMP = 1472073931 +SHA256 (openvpn-2.3.12.tar.xz) = 13b963414e2430215981868c77b9795d93653ee535a2d73576f7bb2c28200abc +SIZE (openvpn-2.3.12.tar.xz) = 827756 diff --git a/security/openvpn/files/openvpn.in b/security/openvpn/files/openvpn.in index ff21fad80898..6eab55e69ea6 100644 --- a/security/openvpn/files/openvpn.in +++ b/security/openvpn/files/openvpn.in @@ -101,10 +101,18 @@ softrestart() exit $? } +openvpn_stats() +{ + sig_reload=USR2 + run_rc_command ${rc_prefix}reload $rc_extra_args +} + # reload: support SIGHUP to reparse configuration file # softrestart: support SIGUSR1 to reconnect without superuser privileges -extra_commands="reload softrestart" +# stats: support SIGUSR2 to write statistics to the syslog +extra_commands="reload softrestart stats" softrestart_cmd="softrestart" +stats_cmd="openvpn_stats" # pidfile pidfile="/var/run/${name}.pid" diff --git a/security/openvpn/files/patch-629baad8 b/security/openvpn/files/patch-629baad8 deleted file mode 100644 index 13b574b44cfe..000000000000 --- a/security/openvpn/files/patch-629baad8 +++ /dev/null @@ -1,37 +0,0 @@ -commit 629baad8f89af261445a2ace03694601f8e476f9 -Author: Steffan Karger <steffan@karger.me> -Date: Fri May 13 08:54:52 2016 +0200 - - Fix polarssl / mbedtls builds - - Commit 8a399cd3 hardened the OpenSSL default cipher list, - but also introduced a change in shared code that causes - polarssl / mbedtls builds to break when no --tls-cipher is - specified. - - This fix is backported code from the master branch. - - Signed-off-by: Steffan Karger <steffan@karger.me> - Acked-by: Gert Doering <gert@greenie.muc.de> - Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me> - URL: http://article.gmane.org/gmane.network.openvpn.devel/11647 - Signed-off-by: Gert Doering <gert@greenie.muc.de> - -diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c -index 1f58369..9263698 100644 ---- ./src/openvpn/ssl_polarssl.c -+++ ./src/openvpn/ssl_polarssl.c -@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) - { - char *tmp_ciphers, *tmp_ciphers_orig, *token; - int i, cipher_count; -- int ciphers_len = strlen (ciphers); -+ int ciphers_len; -+ -+ if (NULL == ciphers) -+ return; /* Nothing to do */ -+ -+ ciphers_len = strlen (ciphers); - - ASSERT (NULL != ctx); - ASSERT (0 != ciphers_len); diff --git a/security/openvpn/files/patch-configure b/security/openvpn/files/patch-configure new file mode 100644 index 000000000000..226436314279 --- /dev/null +++ b/security/openvpn/files/patch-configure @@ -0,0 +1,11 @@ +--- configure.orig 2016-08-23 14:19:07 UTC ++++ configure +@@ -17160,8 +17160,6 @@ fi + $as_echo "!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed." >&6; } + fi + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: !! WARNING !! CMake is NOT available. Unit testing cannot be performed." >&5 +-$as_echo "!! WARNING !! CMake is NOT available. Unit testing cannot be performed." >&6; } + if false; then + CMOCKA_INITIALIZED_TRUE= + CMOCKA_INITIALIZED_FALSE='#' diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-client b/security/openvpn/files/patch-sample__sample-config-files__loopback-client index 4a0fb8d4594f..0b485a641d8a 100644 --- a/security/openvpn/files/patch-sample__sample-config-files__loopback-client +++ b/security/openvpn/files/patch-sample__sample-config-files__loopback-client @@ -1,4 +1,4 @@ ---- sample/sample-config-files/loopback-client.orig 2014-11-29 14:59:45 UTC +--- sample/sample-config-files/loopback-client.orig 2016-08-23 14:16:22 UTC +++ sample/sample-config-files/loopback-client @@ -9,8 +9,8 @@ # ./openvpn --config sample-config-files/loopback-client (In one window) diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-server b/security/openvpn/files/patch-sample__sample-config-files__loopback-server index b085d7605482..58691b133de7 100644 --- a/security/openvpn/files/patch-sample__sample-config-files__loopback-server +++ b/security/openvpn/files/patch-sample__sample-config-files__loopback-server @@ -1,4 +1,4 @@ ---- sample/sample-config-files/loopback-server.orig 2014-11-29 14:59:45 UTC +--- sample/sample-config-files/loopback-server.orig 2016-08-23 14:16:22 UTC +++ sample/sample-config-files/loopback-server @@ -9,8 +9,8 @@ # ./openvpn --config sample-config-files/loopback-client (In one window) diff --git a/security/openvpn/files/patch-tests__t_cltsrv.sh b/security/openvpn/files/patch-tests__t_cltsrv.sh index 390c2134a0ac..57359c6e8b89 100644 --- a/security/openvpn/files/patch-tests__t_cltsrv.sh +++ b/security/openvpn/files/patch-tests__t_cltsrv.sh @@ -1,4 +1,4 @@ ---- tests/t_cltsrv.sh.orig 2014-11-29 14:59:46 UTC +--- tests/t_cltsrv.sh.orig 2016-08-23 13:10:22 UTC +++ tests/t_cltsrv.sh @@ -1,7 +1,7 @@ #! /bin/sh |