cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
156,970 Commits 1 Branch 0 Tags 544 MiB
27b777bc92
Commit Graph

110 Commits

Author SHA1 Message Date
jca
68ac92db3b SECURITY update to openvpn-2.5.2 
Release notes:
https://openvpn.net/community-downloads/
Fixes for
https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
 2021-04-24 00:28:47 +00:00
jca
f07623d8aa Update to openvpn-2.5.1 2021-03-02 10:39:38 +00:00
jca
473ea931dc Update to openvpn-2.5.0 
This update drops the default fallback to BF-CBC with older clients.
See https://openvpn.net/community-downloads/ for a list of details.

2.5.0-rcN test reports from gonzalo@
 2020-11-02 22:49:17 +00:00
jca
4fa9faa879 Mention mbedTLS FLAVOR 
Suggested by kn@
 2020-05-17 08:53:27 +00:00
jca
19867e48cf SECURITY update to openvpn-2.4.9 
Fix for CVE-2020-11810

Changes:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9
 2020-04-21 23:43:55 +00:00
jca
b6aaf26b17 ${BUILD_PACKAGES} instead of - 2019-11-10 21:50:23 +00:00
jca
f25ebe7b90 Provide debug-openvpn 2019-11-10 17:50:00 +00:00
jca
27ba9cabc4 Update to openvpn-2.4.8 
Release notes:
https://openvpn.net/download/openvpn-2-4-8-released-on-2019-10-31/

Successful test report from gonzalo@ aside from my own testing.
 2019-11-05 17:53:17 +00:00
jca
bcf347998a Move the ports I maintain to PERMIT_PACKAGE 2019-06-22 22:44:06 +00:00
sthen
49adee401a OpenVPN announced that it was sending three addresses in the route socket 
messages to lookup the default gateway (RTA_DST | RTA_NETMASK | RTA_IFP),
but did not actually send RTA_IFP. This is caught by the recently added
check in sys/net/rtsock.c r1.284 causing a failure. Remove RTA_IFP from
rtm_addrs to unbreak. Help/ok bluhm@, ok jca@.
 2019-04-05 06:56:00 +00:00
jca
c35744bdca Fix memory leak, unused variable pointed out by the compiler 2019-02-21 23:41:12 +00:00
jca
b1ebcec12a Update to openvpn-2.4.7 
Adds TLSv1.3 support, not supported by LibreSSL yet.
#ifdef OPENSSL_DEFINES_MAZE proofread by and ok tb@
 2019-02-21 23:32:23 +00:00
danj
3121eb60a0 Remove "Upgrading from OpenBSD 5.8 or earlier" 
ok jca@ (maintainer)
 2018-12-07 18:31:33 +00:00
espie
f4b7f81318 convert to PKGSTEM 2018-09-04 12:46:09 +00:00
jca
29fb757b18 Update to openvpn-2.4.6 
ok gonzalo@
 2018-04-24 17:32:43 +00:00
jca
d4cb88a62f Add an openvpn rc script 
This script doesn't set any default flag, usage is documented in README
as suggested by sthen@ and ajacoutot@.  ok remi@ danj@ sthen@ ajacoutot@
 2018-03-09 12:37:12 +00:00
jca
cb2f3855cd Document LD_LIBRARY_PATH workaround for hostname.if openvpn setups 
It appears that after upgrading from snaps, openvpn can't find
liblzo2.so/liblz4.so when started from hostname.if.  Probably because
ldconfig is run later during boot, as noted by sthen@.  Forcing
LD_LIBRARY_PATH works around the problem as long as /usr is mounted.

Reported by Atanas Vladimirov, sthen@ helped with the debugging.
 2018-03-06 12:44:29 +00:00
jca
2fd0de64d8 Add a temporary workaround, snaps don't ship the latest ssl.h yet. 2018-03-05 22:45:24 +00:00
jca
5dba73d084 Update to openvpn-2.4.5 
Tested by Jiri B. and myself.

NB: this needs a recent ssl.h
 2018-03-04 19:03:00 +00:00
jca
9b9ee90826 Pushed upstream 2017-11-05 01:09:28 +00:00
jca
ce24cf2b43 Uncomment and hook up the mbedtls FLAVOR 
Seems to work well light testing.  Requested earlier by sthen@ and
ajacoutot@
 2017-10-26 08:22:36 +00:00
jca
f007244af6 Re-disable the mbedtls flavor by default 
sthen@ and ajacoutot@ suggested to hook up this flavor, but I'd feel
better is we first updated our mbedtls port (mbedtls-2.6.0 doesn't
build out of the box).
 2017-10-19 00:55:02 +00:00
jca
0af9eed525 --enable-password-save is ignored (it is now the default) 2017-10-18 19:26:22 +00:00
jca
af9dec8e72 Uncomment mbedtls (formerly polarssl) FLAVOR 2017-10-18 19:24:44 +00:00
jca
18a679f3df Correctly print time_t, fixes a crash on arm (and probably i386) 2017-10-18 18:41:45 +00:00
jca
9ba97f6bee SECURITY update to openvpn-2.4.4 
Among other changes, fix for

o CVE-2017-12166: out of bounds write in key-method 1
  https://community.openvpn.net/openvpn/wiki/CVE-2017-12166

ok sthen@
 2017-09-29 16:36:23 +00:00
jca
b4c7ab72a1 Switch to self-hosted tarballs 
Upstream seems to serve two versions of the 2.4.3 tarball (issues with
cloudflare ?).
 2017-06-21 19:01:23 +00:00
jca
a2403ca8e7 SECURITY update to openvpn-2.4.3 
Fixes for:
- CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet
- CVE-2017-7520 Pre-authentication remote crash/information disclosure
  for clients
- CVE-2017-7521 Potential double-free in --x509-alt-username
- CVE-2017-7512 Remote-triggerable memory leaks
- CVE-2017-7522 Post-authentication remote DoS when using
  the --x509-track option
- Null-pointer dereference in establish_http_proxy_passthru()

Full description at
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

This update kills some of our patches that were committed upstream.
Similar diff proposed by pirofti@, ok pirofti@ stsp@
 2017-06-21 12:51:08 +00:00
jca
acedfd1692 Pushed upstream. 2017-06-11 12:15:50 +00:00
jca
d372ba1d90 Add support for non-0 routing tables 
Patch from Steven McDonald, already committed upstream.
 2017-05-21 16:12:43 +00:00
jca
c750a780c9 openvpn-plugin.h now makes use of size_t, so include stddef.h 
Unbreaks openvpn-auth-ldap.  Reported by naddy@
 2017-05-15 14:30:56 +00:00
danj
8528c2492a Security update to openvpn-2.4.2 
OK gonzalo@ jca@ (maitainer)
 2017-05-14 16:43:33 +00:00
stsp
63ba77727a Fix unaligned access in openvpn to unbreak it on sparc64 and such platforms. 
ok jca@ uwe@
 2017-04-16 20:14:17 +00:00
jca
db7b1ffac3 Update to openvpn-2.4.1 
ok danj@
 2017-03-28 22:16:37 +00:00
kurt
ff1a692232 Add missing header to fix this message in the log: 
NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)
okay jca@
 2017-02-16 21:16:55 +00:00
jca
0720b0eab1 Update to openvpn-2.4.0 
Lots of new features and changes, see

  https://github.com/OpenVPN/openvpn/blob/master/Changes.rst

Tests by danj@ and Bryan Linton, ok danj@
 2017-02-06 10:22:35 +00:00
jca
458f27b328 Update to openvpn-2.3.14 
Kill most of our tun patches go away in the process.
 2016-12-18 18:58:01 +00:00
jca
a76ebfb541 Take maintainership 
Discussed with sthen@
 2016-11-29 10:10:44 +00:00
jca
5acccec629 Update to openvpn-2.3.13 
ChangeLog at https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

ok sthen@ (maintainer)
 2016-11-29 09:22:02 +00:00
jca
147a8db288 Add a hack for topology subnet setups and bump REVISION. 
Previously route insertion failed with ELOOP because the gateway wasn't
directly connected.

ok sthen@
 2016-11-18 16:21:44 +00:00
jca
df79334763 More useful HOMEPAGE 
ok sthen@
 2016-11-18 16:19:29 +00:00
jca
6da368ecef Add support for on-link routes. 
ok sthen@
 2016-11-18 16:18:52 +00:00
jca
090e506629 We have gcc >= 3 on all platforms now. 2016-11-18 16:17:58 +00:00
sthen
402475cd62 update to openvpn-2.3.11 2016-05-14 13:14:46 +00:00
sthen
c2e2dca563 mention tap in openvpn readme 2016-04-25 18:21:09 +00:00
sthen
3a90f883c0 remove a couple of PFRAG.shared 2016-03-17 11:44:56 +00:00
sthen
3bd9321a86 update to openvpn-2.3.10 
patch for OPENSSL_VERSION_NUMBER check
 2016-01-06 11:03:21 +00:00
sthen
6d6b942d3e update to openvpn-2.3.9 2015-12-18 02:17:45 +00:00
sthen
24848258fb Adjust OpenVPN following the split of tun(4)'s "link0" mode into tap(4). 2015-10-23 15:10:36 +00:00
sthen
748fa28250 fix mis-merge in previous, had a link0 which should have been -link0 2015-09-16 09:07:30 +00:00