security/openvpn-devel: Maintainer update to 201935
This commit updates the port to the latest development snapshot. Additional changes over PR: - leave CATEGORIES alone (leaving net-vpn in) - move IGNORE_SSL upwards and remove USE_LDCONFIG to please portlint -CA PR: 240376 Submitted by: ecrist@secure-computing.net (maintainer)
This commit is contained in:
parent
08790eea5e
commit
89d48aabaf
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=511396
6 changed files with 42 additions and 31 deletions
|
@ -2,18 +2,22 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= openvpn
|
||||
DISTVERSION= 201907
|
||||
DISTVERSION= 201935
|
||||
CATEGORIES= security net net-vpn
|
||||
MASTER_SITES= https://secure-computing.net/files/openvpn/ \
|
||||
ftp://ftp2.secure-computing.net/pub/FreeBSD/openvpn-devel/
|
||||
PKGNAMESUFFIX= -devel
|
||||
|
||||
MAINTAINER= ecrist@secure-computing.net
|
||||
# let's use ?= in spite of portlint WARNings because this might become
|
||||
# security/openvpn one day which would then have a slave port:
|
||||
COMMENT?= Secure IP/Ethernet tunnel daemon
|
||||
|
||||
LICENSE= GPLv2
|
||||
LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL
|
||||
|
||||
IGNORE_SSL= libressl libressl-devel
|
||||
|
||||
USES= cpe libtool pkgconfig shebangfix tar:xz
|
||||
|
||||
CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]*
|
||||
|
@ -41,7 +45,7 @@ OPTIONS_SINGLE= SSL
|
|||
OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS
|
||||
PKCS11_DESC= Use security/pkcs11-helper
|
||||
EASYRSA_DESC= Install security/easy-rsa RSA helper package
|
||||
MBEDTLS_DESC= SSL/TLS via mbedTLS
|
||||
MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3)
|
||||
TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!)
|
||||
X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only)
|
||||
SMALL_DESC= Build a smaller executable with fewer features
|
||||
|
@ -71,7 +75,6 @@ MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls
|
|||
MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls
|
||||
|
||||
USE_RC_SUBR= openvpn
|
||||
USE_LDCONFIG= ${PREFIX}/lib
|
||||
|
||||
SUB_FILES= pkg-message openvpn-client
|
||||
|
||||
|
@ -115,22 +118,11 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto
|
|||
_tlslibs=libssl libcrypto
|
||||
.endif
|
||||
|
||||
.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS)
|
||||
pre-everything::
|
||||
@${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL."
|
||||
@${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS."
|
||||
@${ECHO_CMD} "You may wish to change your default SSL library"
|
||||
@${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort."
|
||||
. if !(defined(PACKAGE_BUILDING) || defined(BATCH))
|
||||
@sleep 10
|
||||
. endif
|
||||
.endif
|
||||
|
||||
# sanity check that we don't inherit incompatible SSL libs through,
|
||||
# for instance, pkcs11-helper:
|
||||
post-build:
|
||||
@a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
|
||||
| ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
|
||||
@a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
|
||||
| ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
|
||||
if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi
|
||||
|
||||
post-install:
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1550580278
|
||||
SHA256 (openvpn-201907.tar.xz) = 1e2394ca6582877c90fc3d9948cfb1b1c1aaa2383c02af62410d5a51f812ff68
|
||||
SIZE (openvpn-201907.tar.xz) = 995288
|
||||
TIMESTAMP = 1567798649
|
||||
SHA256 (openvpn-201935.tar.xz) = a34dc87188ae38f148e99cc129db2ed05e33c7b41237373b34b5d711481cfc5f
|
||||
SIZE (openvpn-201935.tar.xz) = 1002220
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
--- configure.orig 2016-08-23 14:19:07 UTC
|
||||
+++ configure
|
||||
@@ -17160,8 +17160,6 @@ fi
|
||||
$as_echo "!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed." >&6; }
|
||||
fi
|
||||
else
|
||||
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: !! WARNING !! CMake is NOT available. Unit testing cannot be performed." >&5
|
||||
-$as_echo "!! WARNING !! CMake is NOT available. Unit testing cannot be performed." >&6; }
|
||||
if false; then
|
||||
CMOCKA_INITIALIZED_TRUE=
|
||||
CMOCKA_INITIALIZED_FALSE='#'
|
|
@ -0,0 +1,20 @@
|
|||
--- src/openvpn/openssl_compat.h.orig 2019-02-20 12:28:23 UTC
|
||||
+++ src/openvpn/openssl_compat.h
|
||||
@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
|
||||
}
|
||||
#endif /* SSL_CTX_get_max_proto_version */
|
||||
|
||||
-#ifndef SSL_CTX_set_min_proto_version
|
||||
+#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
/** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
|
||||
static inline int
|
||||
SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
|
||||
@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v
|
||||
}
|
||||
#endif /* SSL_CTX_set_min_proto_version */
|
||||
|
||||
-#ifndef SSL_CTX_set_max_proto_version
|
||||
+#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
/** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
|
||||
static inline int
|
||||
SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
|
|
@ -10,4 +10,4 @@ there is a good chance this program will not run.
|
|||
|
||||
DO NOT USE IN PRODUCTION WITHOUT CAUTION
|
||||
|
||||
WWW: http://openvpn.net/
|
||||
WWW: http://openvpn.net/index.php/open-source.html
|
||||
|
|
10
security/openvpn-devel/pkg-help
Normal file
10
security/openvpn-devel/pkg-help
Normal file
|
@ -0,0 +1,10 @@
|
|||
Note that "Tunnelblick" is a controversial option.
|
||||
It is included for compatibility, not enabled by default,
|
||||
and should only be used with due consideration, and it should not
|
||||
replace proper cryptography use in OpenVPN.
|
||||
|
||||
Note that this patch does NOT add documentation for the new --scramble
|
||||
option, neither to the --help output, nor the manual page.
|
||||
|
||||
Please see this website for a more detailed discussion:
|
||||
https://tunnelblick.net/cOpenvpn_xorpatch.html
|
Loading…
Reference in a new issue