diff options
Diffstat (limited to 'security/openvpn')
9 files changed, 70 insertions, 28 deletions
diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index c771eea03b22..7c44e64f7dba 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -1,6 +1,6 @@ PORTNAME= openvpn DISTVERSION= 2.6.14 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES= security net net-vpn MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \ https://build.openvpn.net/downloads/releases/ \ @@ -105,6 +105,7 @@ pre-everything:: .endif post-patch: + ${RM} sample/sample-keys/dh2048.pem # no longer needed ${REINPLACE_CMD} -E -i '' -e 's/(user|group) nobody/\1 openvpn/' \ -e 's/"nobody"( after init)/"openvpn" \1/' \ ${WRKSRC}/sample/sample-config-files/*.conf \ diff --git a/security/openvpn/files/patch-doc_man-sections_generic-options.rst b/security/openvpn/files/patch-doc_man-sections_generic-options.rst index 295f20cd7f1f..28c93860b329 100644 --- a/security/openvpn/files/patch-doc_man-sections_generic-options.rst +++ b/security/openvpn/files/patch-doc_man-sections_generic-options.rst @@ -1,6 +1,6 @@ ---- doc/man-sections/generic-options.rst.orig 2023-01-25 10:00:58 UTC +--- doc/man-sections/generic-options.rst.orig 2025-04-02 06:53:10 UTC +++ doc/man-sections/generic-options.rst -@@ -507,5 +507,8 @@ which mode OpenVPN is configured as. +@@ -514,5 +514,8 @@ --user user since it is usually used by other system services already. Always create a dedicated user for openvpn. diff --git a/security/openvpn/files/patch-doc_tests_authentication-plugins.md b/security/openvpn/files/patch-doc_tests_authentication-plugins.md new file mode 100644 index 000000000000..d680c64019f7 --- /dev/null +++ b/security/openvpn/files/patch-doc_tests_authentication-plugins.md @@ -0,0 +1,11 @@ +--- doc/tests/authentication-plugins.md.orig 2025-04-02 06:53:10 UTC ++++ doc/tests/authentication-plugins.md +@@ -36,7 +36,7 @@ To build the needed authentication plug-in, run: + verb 4 + dev tun + server 10.8.0.0 255.255.255.0 +- dh sample/sample-keys/dh2048.pem ++ dh none + ca sample/sample-keys/ca.crt + cert sample/sample-keys/server.crt + key sample/sample-keys/server.key diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-client b/security/openvpn/files/patch-sample__sample-config-files__loopback-client deleted file mode 100644 index 0b485a641d8a..000000000000 --- a/security/openvpn/files/patch-sample__sample-config-files__loopback-client +++ /dev/null @@ -1,13 +0,0 @@ ---- sample/sample-config-files/loopback-client.orig 2016-08-23 14:16:22 UTC -+++ sample/sample-config-files/loopback-client -@@ -9,8 +9,8 @@ - # ./openvpn --config sample-config-files/loopback-client (In one window) - # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) - --rport 16000 --lport 16001 -+rport 16100 -+lport 16101 - remote localhost - local localhost - dev null diff --git a/security/openvpn/files/patch-sample__sample-config-files__loopback-server b/security/openvpn/files/patch-sample__sample-config-files__loopback-server index 58691b133de7..3eac712d9054 100644 --- a/security/openvpn/files/patch-sample__sample-config-files__loopback-server +++ b/security/openvpn/files/patch-sample__sample-config-files__loopback-server @@ -1,6 +1,6 @@ ---- sample/sample-config-files/loopback-server.orig 2016-08-23 14:16:22 UTC +--- sample/sample-config-files/loopback-server.orig 2025-04-02 06:53:10 UTC +++ sample/sample-config-files/loopback-server -@@ -9,8 +9,8 @@ +@@ -9,15 +9,15 @@ # ./openvpn --config sample-config-files/loopback-client (In one window) # ./openvpn --config sample-config-files/loopback-server (Simultaneously in another window) @@ -11,3 +11,11 @@ remote localhost local localhost dev null + verb 3 + reneg-sec 10 + tls-server +-dh sample-keys/dh2048.pem ++dh none + ca sample-keys/ca.crt + key sample-keys/server.key + cert sample-keys/server.crt diff --git a/security/openvpn/files/patch-sample_sample-config-files_loopback-client b/security/openvpn/files/patch-sample_sample-config-files_loopback-client new file mode 100644 index 000000000000..5726f12af605 --- /dev/null +++ b/security/openvpn/files/patch-sample_sample-config-files_loopback-client @@ -0,0 +1,13 @@ +--- sample/sample-config-files/loopback-client.orig 2025-04-02 06:53:10 UTC ++++ sample/sample-config-files/loopback-client +@@ -12,8 +12,8 @@ + # this config file has the crypto material (cert, key, ..) "inlined", + # while the "server" config has it as external reference - test both paths + +-rport 16000 +-lport 16001 ++rport 16100 ++lport 16101 + remote localhost + local localhost + dev null diff --git a/security/openvpn/files/patch-sample_sample-config-files_server.conf b/security/openvpn/files/patch-sample_sample-config-files_server.conf new file mode 100644 index 000000000000..ba2194589405 --- /dev/null +++ b/security/openvpn/files/patch-sample_sample-config-files_server.conf @@ -0,0 +1,21 @@ +--- sample/sample-config-files/server.conf.orig 2025-04-02 06:53:10 UTC ++++ sample/sample-config-files/server.conf +@@ -87,11 +87,6 @@ key server.key # This file should be kept secret + cert server.crt + key server.key # This file should be kept secret + +-# Diffie hellman parameters. +-# Generate your own with: +-# openssl dhparam -out dh2048.pem 2048 +-dh dh2048.pem +- + # Allow to connect to really old OpenVPN versions + # without AEAD support (OpenVPN 2.3.x or older) + # This adds AES-256-CBC as fallback cipher and +@@ -307,4 +302,4 @@ verb 3 + + # Notify the client that when the server restarts so it + # can automatically reconnect. +-explicit-exit-notify 1 +\ No newline at end of file ++explicit-exit-notify 1 diff --git a/security/openvpn/files/patch-sample_sample-plugins_keying-material-exporter-demo_server.ovpn b/security/openvpn/files/patch-sample_sample-plugins_keying-material-exporter-demo_server.ovpn new file mode 100644 index 000000000000..2ff14e611905 --- /dev/null +++ b/security/openvpn/files/patch-sample_sample-plugins_keying-material-exporter-demo_server.ovpn @@ -0,0 +1,11 @@ +--- sample/sample-plugins/keying-material-exporter-demo/server.ovpn.orig 2025-04-02 06:53:10 UTC ++++ sample/sample-plugins/keying-material-exporter-demo/server.ovpn +@@ -8,7 +8,7 @@ key ../../sample-keys/server.key + ca ../../sample-keys/ca.crt + cert ../../sample-keys/server.crt + key ../../sample-keys/server.key +-dh ../../sample-keys/dh2048.pem ++dh none + + server 10.8.0.0 255.255.255.0 + port 1194 diff --git a/security/openvpn/files/patch-src_plugins_auth-pam_auth-pam.c b/security/openvpn/files/patch-src_plugins_auth-pam_auth-pam.c deleted file mode 100644 index 633bc0f0204d..000000000000 --- a/security/openvpn/files/patch-src_plugins_auth-pam_auth-pam.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/plugins/auth-pam/auth-pam.c.orig 2021-06-21 04:44:39 UTC -+++ src/plugins/auth-pam/auth-pam.c -@@ -39,6 +39,7 @@ - #include <stdio.h> - #include <string.h> - #include <ctype.h> -+#include <limits.h> - #include <unistd.h> - #include <stdlib.h> - #include <sys/types.h> |