summaryrefslogtreecommitdiff
path: root/security/openvpn
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--security/openvpn-auth-oauth2/Makefile2
-rw-r--r--security/openvpn-auth-oauth2/distinfo10
-rw-r--r--security/openvpn-devel/Makefile6
-rw-r--r--security/openvpn-devel/distinfo6
-rw-r--r--security/openvpn-devel/files/openvpn-client.in5
-rw-r--r--security/openvpn-devel/pkg-descr8
-rw-r--r--security/openvpn-devel/pkg-plist3
-rw-r--r--security/openvpn/Makefile3
-rw-r--r--security/openvpn/files/patch-doc_man-sections_generic-options.rst4
-rw-r--r--security/openvpn/files/patch-doc_tests_authentication-plugins.md11
-rw-r--r--security/openvpn/files/patch-sample__sample-config-files__loopback-client13
-rw-r--r--security/openvpn/files/patch-sample__sample-config-files__loopback-server12
-rw-r--r--security/openvpn/files/patch-sample_sample-config-files_loopback-client13
-rw-r--r--security/openvpn/files/patch-sample_sample-config-files_server.conf21
-rw-r--r--security/openvpn/files/patch-sample_sample-plugins_keying-material-exporter-demo_server.ovpn11
-rw-r--r--security/openvpn/files/patch-src_plugins_auth-pam_auth-pam.c10
16 files changed, 88 insertions, 50 deletions
diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile
index 86911fad6d08..444fc1962136 100644
--- a/security/openvpn-auth-oauth2/Makefile
+++ b/security/openvpn-auth-oauth2/Makefile
@@ -1,6 +1,6 @@
PORTNAME= openvpn-auth-oauth2
DISTVERSIONPREFIX= v
-DISTVERSION= 1.24.0
+DISTVERSION= 1.25.2
CATEGORIES= security net net-vpn
MAINTAINER= otis@FreeBSD.org
diff --git a/security/openvpn-auth-oauth2/distinfo b/security/openvpn-auth-oauth2/distinfo
index 65bdf59a48f1..ef958b0b6d12 100644
--- a/security/openvpn-auth-oauth2/distinfo
+++ b/security/openvpn-auth-oauth2/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1750538779
-SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.24.0/v1.24.0.mod) = cf3d2994878a3a111e074a20790a0601c70c68202c2a54702aa09fb62dd5d9dd
-SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.24.0/v1.24.0.mod) = 1329
-SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.24.0/v1.24.0.zip) = bb420b79a1ca9fc94ecc859c0663eb00b6672ee9aacfad0367c319954f1b047e
-SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.24.0/v1.24.0.zip) = 1869608
+TIMESTAMP = 1754885003
+SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = d0f750c04d64d7442d246f72b825d2f9fc0ed4210e066ea5f6787b9eb877f963
+SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = 1370
+SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 0ac1f121f8eb6842a65e67e4b2a16a52c6c2f2cc068e79b06a5f90b04cce0a4e
+SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 1875487
diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile
index 0390cc0542f7..bf3005b49f02 100644
--- a/security/openvpn-devel/Makefile
+++ b/security/openvpn-devel/Makefile
@@ -1,5 +1,5 @@
PORTNAME= openvpn
-DISTVERSION= g20250402
+DISTVERSION= g20250801
PORTREVISION= 0 # leave in even if 0 to avoid accidental PORTEPOCH bumps
PORTEPOCH= 1
CATEGORIES= security net net-vpn
@@ -21,7 +21,7 @@ LIB_DEPENDS+= liblzo2.so:archivers/lzo2
USES= autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz
IGNORE_SSL= libressl libressl-devel
USE_GITLAB= yes
-GL_TAGNAME= b75849ba36433331227ff66430ea06423fab8148
+GL_TAGNAME= 7b1b283478ec008fad163c8a54659a1ed97ed727
USE_RC_SUBR= openvpn
SHEBANG_FILES= sample/sample-scripts/auth-pam.pl \
@@ -137,8 +137,6 @@ post-build:
post-install:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so
- ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
- ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down
${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client
${MKDIR} ${STAGEDIR}${PREFIX}/include
diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo
index f00b4905ceee..642485f91297 100644
--- a/security/openvpn-devel/distinfo
+++ b/security/openvpn-devel/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1743619255
-SHA256 (openvpn-openvpn-b75849ba36433331227ff66430ea06423fab8148_GL0.tar.gz) = 402e312f3d6be0a881ae068e3a52b96dece7d49cdddb0fd876ea7f06e4cff5dd
-SIZE (openvpn-openvpn-b75849ba36433331227ff66430ea06423fab8148_GL0.tar.gz) = 1292100
+TIMESTAMP = 1754042576
+SHA256 (openvpn-openvpn-7b1b283478ec008fad163c8a54659a1ed97ed727_GL0.tar.gz) = 6aae8dff746465fa30cfebece17aee8b5c8b18def9d1f44385403d9a5a17d942
+SIZE (openvpn-openvpn-7b1b283478ec008fad163c8a54659a1ed97ed727_GL0.tar.gz) = 1330547
diff --git a/security/openvpn-devel/files/openvpn-client.in b/security/openvpn-devel/files/openvpn-client.in
index 471757811795..20f806fd7a9c 100644
--- a/security/openvpn-devel/files/openvpn-client.in
+++ b/security/openvpn-devel/files/openvpn-client.in
@@ -1,6 +1,5 @@
#!/bin/sh
-exec %%PREFIX%%/sbin/openvpn --script-security 2 \
- --up %%PREFIX%%/libexec/openvpn-client.up \
- --plugin openvpn-plugin-down-root.so %%PREFIX%%/libexec/openvpn-client.down \
+exec %%PREFIX%%/sbin/openvpn \
+ --dns-updown force \
--config "$@"
diff --git a/security/openvpn-devel/pkg-descr b/security/openvpn-devel/pkg-descr
index f8b73ab4bde0..8f49325a652c 100644
--- a/security/openvpn-devel/pkg-descr
+++ b/security/openvpn-devel/pkg-descr
@@ -4,8 +4,8 @@ using an encrypted tunnel over the internet. It can operate over UDP or TCP,
can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
server can handle many clients.
-This development port is updated frequently and is likely NOT STABLE. This is
-an untested tar of the source tree. We attempt to omit inoperable states, but
-there is a good chance this program will not run.
+This development port is updated frequently and is much less well tested
+than the formal releases, and functionality and APIs may change without
+warning.
-DO NOT USE IN PRODUCTION WITHOUT CAUTION
+DO NOT USE IN PRODUCTION WITHOUT PRIOR TESTING FOR YOUR USE CASE.
diff --git a/security/openvpn-devel/pkg-plist b/security/openvpn-devel/pkg-plist
index 0f61a65b38a2..c21f84811403 100644
--- a/security/openvpn-devel/pkg-plist
+++ b/security/openvpn-devel/pkg-plist
@@ -5,6 +5,5 @@ lib/openvpn/plugins/openvpn-plugin-down-root.so
share/man/man5/openvpn-examples.5.gz
share/man/man8/openvpn.8.gz
sbin/openvpn
-libexec/openvpn-client.down
-libexec/openvpn-client.up
sbin/openvpn-client
+libexec/openvpn/dns-updown
diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile
index c771eea03b22..7c44e64f7dba 100644
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@@ -1,6 +1,6 @@
PORTNAME= openvpn
DISTVERSION= 2.6.14
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES= security net net-vpn
MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \
https://build.openvpn.net/downloads/releases/ \
@@ -105,6 +105,7 @@ pre-everything::
.endif
post-patch:
+ ${RM} sample/sample-keys/dh2048.pem # no longer needed
${REINPLACE_CMD} -E -i '' -e 's/(user|group) nobody/\1 openvpn/' \
-e 's/"nobody"( after init)/"openvpn" \1/' \
${WRKSRC}/sample/sample-config-files/*.conf \
diff --git a/security/openvpn/files/patch-doc_man-sections_generic-options.rst b/security/openvpn/files/patch-doc_man-sections_generic-options.rst
index 295f20cd7f1f..28c93860b329 100644
--- a/security/openvpn/files/patch-doc_man-sections_generic-options.rst
+++ b/security/openvpn/files/patch-doc_man-sections_generic-options.rst
@@ -1,6 +1,6 @@
---- doc/man-sections/generic-options.rst.orig 2023-01-25 10:00:58 UTC
+--- doc/man-sections/generic-options.rst.orig 2025-04-02 06:53:10 UTC
+++ doc/man-sections/generic-options.rst
-@@ -507,5 +507,8 @@ which mode OpenVPN is configured as.
+@@ -514,5 +514,8 @@ --user user
since it is usually used by other system services already. Always
create a dedicated user for openvpn.
diff --git a/security/openvpn/files/patch-doc_tests_authentication-plugins.md b/security/openvpn/files/patch-doc_tests_authentication-plugins.md
new file mode 100644
index 000000000000..d680c64019f7
--- /dev/null
+++ b/security/openvpn/files/patch-doc_tests_authentication-plugins.md
@@ -0,0 +1,11 @@
+--- doc/tests/authentication-plugins.md.orig 2025-04-02 06:53:10 UTC
++++ doc/tests/authentication-plugins.md
+@@ -36,7 +36,7 @@ To build the needed authentication plug-in, run:
+ verb 4
+ dev tun
+ server 10.8.0.0 255.255.255.0
+- dh sample/sample-keys/dh2048.pem
++ dh none
+ ca sample/sample-keys/ca.crt
+ cert sample/sample-keys/server.crt
+ key sample/sample-keys/server.key
diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-client b/security/openvpn/files/patch-sample__sample-config-files__loopback-client
deleted file mode 100644
index 0b485a641d8a..000000000000
--- a/security/openvpn/files/patch-sample__sample-config-files__loopback-client
+++ /dev/null
@@ -1,13 +0,0 @@
---- sample/sample-config-files/loopback-client.orig 2016-08-23 14:16:22 UTC
-+++ sample/sample-config-files/loopback-client
-@@ -9,8 +9,8 @@
- # ./openvpn --config sample-config-files/loopback-client (In one window)
- # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
-
--rport 16000
--lport 16001
-+rport 16100
-+lport 16101
- remote localhost
- local localhost
- dev null
diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-server b/security/openvpn/files/patch-sample__sample-config-files__loopback-server
index 58691b133de7..3eac712d9054 100644
--- a/security/openvpn/files/patch-sample__sample-config-files__loopback-server
+++ b/security/openvpn/files/patch-sample__sample-config-files__loopback-server
@@ -1,6 +1,6 @@
---- sample/sample-config-files/loopback-server.orig 2016-08-23 14:16:22 UTC
+--- sample/sample-config-files/loopback-server.orig 2025-04-02 06:53:10 UTC
+++ sample/sample-config-files/loopback-server
-@@ -9,8 +9,8 @@
+@@ -9,15 +9,15 @@
# ./openvpn --config sample-config-files/loopback-client (In one window)
# ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window)
@@ -11,3 +11,11 @@
remote localhost
local localhost
dev null
+ verb 3
+ reneg-sec 10
+ tls-server
+-dh sample-keys/dh2048.pem
++dh none
+ ca sample-keys/ca.crt
+ key sample-keys/server.key
+ cert sample-keys/server.crt
diff --git a/security/openvpn/files/patch-sample_sample-config-files_loopback-client b/security/openvpn/files/patch-sample_sample-config-files_loopback-client
new file mode 100644
index 000000000000..5726f12af605
--- /dev/null
+++ b/security/openvpn/files/patch-sample_sample-config-files_loopback-client
@@ -0,0 +1,13 @@
+--- sample/sample-config-files/loopback-client.orig 2025-04-02 06:53:10 UTC
++++ sample/sample-config-files/loopback-client
+@@ -12,8 +12,8 @@
+ # this config file has the crypto material (cert, key, ..) "inlined",
+ # while the "server" config has it as external reference - test both paths
+
+-rport 16000
+-lport 16001
++rport 16100
++lport 16101
+ remote localhost
+ local localhost
+ dev null
diff --git a/security/openvpn/files/patch-sample_sample-config-files_server.conf b/security/openvpn/files/patch-sample_sample-config-files_server.conf
new file mode 100644
index 000000000000..ba2194589405
--- /dev/null
+++ b/security/openvpn/files/patch-sample_sample-config-files_server.conf
@@ -0,0 +1,21 @@
+--- sample/sample-config-files/server.conf.orig 2025-04-02 06:53:10 UTC
++++ sample/sample-config-files/server.conf
+@@ -87,11 +87,6 @@ key server.key # This file should be kept secret
+ cert server.crt
+ key server.key # This file should be kept secret
+
+-# Diffie hellman parameters.
+-# Generate your own with:
+-# openssl dhparam -out dh2048.pem 2048
+-dh dh2048.pem
+-
+ # Allow to connect to really old OpenVPN versions
+ # without AEAD support (OpenVPN 2.3.x or older)
+ # This adds AES-256-CBC as fallback cipher and
+@@ -307,4 +302,4 @@ verb 3
+
+ # Notify the client that when the server restarts so it
+ # can automatically reconnect.
+-explicit-exit-notify 1
+\ No newline at end of file
++explicit-exit-notify 1
diff --git a/security/openvpn/files/patch-sample_sample-plugins_keying-material-exporter-demo_server.ovpn b/security/openvpn/files/patch-sample_sample-plugins_keying-material-exporter-demo_server.ovpn
new file mode 100644
index 000000000000..2ff14e611905
--- /dev/null
+++ b/security/openvpn/files/patch-sample_sample-plugins_keying-material-exporter-demo_server.ovpn
@@ -0,0 +1,11 @@
+--- sample/sample-plugins/keying-material-exporter-demo/server.ovpn.orig 2025-04-02 06:53:10 UTC
++++ sample/sample-plugins/keying-material-exporter-demo/server.ovpn
+@@ -8,7 +8,7 @@ key ../../sample-keys/server.key
+ ca ../../sample-keys/ca.crt
+ cert ../../sample-keys/server.crt
+ key ../../sample-keys/server.key
+-dh ../../sample-keys/dh2048.pem
++dh none
+
+ server 10.8.0.0 255.255.255.0
+ port 1194
diff --git a/security/openvpn/files/patch-src_plugins_auth-pam_auth-pam.c b/security/openvpn/files/patch-src_plugins_auth-pam_auth-pam.c
deleted file mode 100644
index 633bc0f0204d..000000000000
--- a/security/openvpn/files/patch-src_plugins_auth-pam_auth-pam.c
+++ /dev/null
@@ -1,10 +0,0 @@
---- src/plugins/auth-pam/auth-pam.c.orig 2021-06-21 04:44:39 UTC
-+++ src/plugins/auth-pam/auth-pam.c
-@@ -39,6 +39,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <ctype.h>
-+#include <limits.h>
- #include <unistd.h>
- #include <stdlib.h>
- #include <sys/types.h>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-04 06:53:44 +0000