security/openvpn: license incompat mbedTLS, LZO+LibreSSL
After reviewing licenses again,
- mark mbedTLS broken for now, since it uses the Apache License 2.0,
which is incompatible with the GPLv2 (OpenVPN does not employ the
"or any later version" escape hatch). This will be handed to the
OpenVPN-devel mailing list for review.
- block out the combination of LZO with LibreSSL, since OpenVPN
only has a linking exception for OpenSSL itself. Remedy is
to either forgo LibreSSL, or to disable the LZO option, which
requires proper configuration on either end. The maintainer's
recommendation is to compile with OpenSSL instead.
Bump PORTREVISION in spite of unchanged contents to flush out old
packages.
MFH: 2021Q4
(cherry picked from commit 5cc978dcfe
)
This commit is contained in:
parent
10bad1f47d
commit
7cbf21ebf8
|
@ -2,7 +2,7 @@
|
|||
|
||||
PORTNAME= openvpn
|
||||
DISTVERSION= 2.5.4
|
||||
PORTREVISION?= 1
|
||||
PORTREVISION?= 2
|
||||
CATEGORIES= security net net-vpn
|
||||
MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \
|
||||
https://build.openvpn.net/downloads/releases/ \
|
||||
|
@ -43,7 +43,8 @@ OPTIONS_SINGLE= SSL
|
|||
OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS
|
||||
ASYNC_PUSH_DESC= Enable async-push support
|
||||
EASYRSA_DESC= Install security/easy-rsa RSA helper package
|
||||
MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3)
|
||||
LZO_DESC= LZO compression support (incompatible with LibreSSL)
|
||||
MBEDTLS_DESC= LICENSE BROKEN - SSL/TLS via mbedTLS (lacks TLS v1.3)
|
||||
PKCS11_DESC= Use security/pkcs11-helper (OpenSSL only)
|
||||
SMALL_DESC= Build a smaller executable with fewer features
|
||||
TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!)
|
||||
|
@ -93,16 +94,38 @@ CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN}
|
|||
.include <bsd.port.options.mk>
|
||||
|
||||
.if ${PORT_OPTIONS:MMBEDTLS}
|
||||
BROKEN_FreeBSD_14= OpenVPN-mbedTLS fails on FreeBSD 14
|
||||
BROKEN= License under clarification, OpenVPN is GPLv2-only and mbedTLS under Apache License 2.0, which are incompatible
|
||||
_tlslibs=libmbedtls libmbedx509 libmbedcrypto
|
||||
.else
|
||||
# OpenSSL
|
||||
_tlslibs=libssl libcrypto
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MLZO}
|
||||
IGNORE_SSL=libressl libressl-devel
|
||||
IGNORE_SSL_REASON=OpenVPN does not have permission to include LZO with LibreSSL. Compile against OpenSSL, or if your setups support it, disable LZO support
|
||||
.endif
|
||||
|
||||
.if ! ${PORT_OPTIONS:MLZ4} && ! ${PORT_OPTIONS:MLZO}
|
||||
CONFIGURE_ARGS+= --enable-comp-stub
|
||||
.endif
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if !empty(PORT_OPTIONS:MLZO) && !empty(SSL_DEFAULT:Nbase:Nopenssl*)
|
||||
# in-depth security net if Mk/Uses/ssl.mk changes
|
||||
pre-everything::
|
||||
@${ECHO_CMD} >&2 "ERROR: OpenVPN is not licensed to combine LZO with other OpenSSL-licensed libraries than OpenSSL. Compile against OpenSSL, or if your setups support it, disable LZO support."
|
||||
@${SHELL} -c 'exit 1'
|
||||
.endif
|
||||
|
||||
.if !empty(PORT_OPTIONS:MMBEDTLS)
|
||||
pre-everything::
|
||||
@${ECHO_CMD} >&2 "License under clarification, OpenVPN is GPLv2-only and mbedTLS under Apache License 2.0, which are incompatible."
|
||||
@${SHELL} -c 'exit 1'
|
||||
.endif
|
||||
|
||||
post-patch:
|
||||
${REINPLACE_CMD} -E -i '' -e 's/(user|group) nobody/\1 openvpn/' \
|
||||
-e 's/"nobody"( after init)/"openvpn" \1/' \
|
||||
|
@ -161,4 +184,4 @@ post-install-EXAMPLES-on:
|
|||
${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/*
|
||||
${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig
|
||||
|
||||
.include <bsd.port.mk>
|
||||
.include <bsd.port.post.mk>
|
||||
|
|
Loading…
Reference in New Issue
Block a user