security/openvpn-devel: Maintainer update to 201935

This commit updates the port to the latest development snapshot.

Additional changes over PR:
- leave CATEGORIES alone (leaving net-vpn in)
- move IGNORE_SSL upwards and remove USE_LDCONFIG to please portlint -CA

PR:		240376
Submitted by:	ecrist@secure-computing.net (maintainer)
This commit is contained in:
Matthias Andree 2019-09-07 07:37:58 +00:00
parent 08790eea5e
commit 89d48aabaf
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=511396
6 changed files with 42 additions and 31 deletions

View file

@ -2,18 +2,22 @@
# $FreeBSD$
PORTNAME= openvpn
DISTVERSION= 201907
DISTVERSION= 201935
CATEGORIES= security net net-vpn
MASTER_SITES= https://secure-computing.net/files/openvpn/ \
ftp://ftp2.secure-computing.net/pub/FreeBSD/openvpn-devel/
PKGNAMESUFFIX= -devel
MAINTAINER= ecrist@secure-computing.net
# let's use ?= in spite of portlint WARNings because this might become
# security/openvpn one day which would then have a slave port:
COMMENT?= Secure IP/Ethernet tunnel daemon
LICENSE= GPLv2
LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL
IGNORE_SSL= libressl libressl-devel
USES= cpe libtool pkgconfig shebangfix tar:xz
CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]*
@ -41,7 +45,7 @@ OPTIONS_SINGLE= SSL
OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS
PKCS11_DESC= Use security/pkcs11-helper
EASYRSA_DESC= Install security/easy-rsa RSA helper package
MBEDTLS_DESC= SSL/TLS via mbedTLS
MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3)
TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!)
X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only)
SMALL_DESC= Build a smaller executable with fewer features
@ -71,7 +75,6 @@ MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls
MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls
USE_RC_SUBR= openvpn
USE_LDCONFIG= ${PREFIX}/lib
SUB_FILES= pkg-message openvpn-client
@ -115,22 +118,11 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto
_tlslibs=libssl libcrypto
.endif
.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS)
pre-everything::
@${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL."
@${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS."
@${ECHO_CMD} "You may wish to change your default SSL library"
@${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort."
. if !(defined(PACKAGE_BUILDING) || defined(BATCH))
@sleep 10
. endif
.endif
# sanity check that we don't inherit incompatible SSL libs through,
# for instance, pkcs11-helper:
post-build:
@a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
| ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
@a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \
| ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\
if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi
post-install:

View file

@ -1,3 +1,3 @@
TIMESTAMP = 1550580278
SHA256 (openvpn-201907.tar.xz) = 1e2394ca6582877c90fc3d9948cfb1b1c1aaa2383c02af62410d5a51f812ff68
SIZE (openvpn-201907.tar.xz) = 995288
TIMESTAMP = 1567798649
SHA256 (openvpn-201935.tar.xz) = a34dc87188ae38f148e99cc129db2ed05e33c7b41237373b34b5d711481cfc5f
SIZE (openvpn-201935.tar.xz) = 1002220

View file

@ -1,11 +0,0 @@
--- configure.orig 2016-08-23 14:19:07 UTC
+++ configure
@@ -17160,8 +17160,6 @@ fi
$as_echo "!! WARNING !! The cmoka git submodule has not been initialized or updated. Unit testing cannot be performed." >&6; }
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: !! WARNING !! CMake is NOT available. Unit testing cannot be performed." >&5
-$as_echo "!! WARNING !! CMake is NOT available. Unit testing cannot be performed." >&6; }
if false; then
CMOCKA_INITIALIZED_TRUE=
CMOCKA_INITIALIZED_FALSE='#'

View file

@ -0,0 +1,20 @@
--- src/openvpn/openssl_compat.h.orig 2019-02-20 12:28:23 UTC
+++ src/openvpn/openssl_compat.h
@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
}
#endif /* SSL_CTX_get_max_proto_version */
-#ifndef SSL_CTX_set_min_proto_version
+#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
/** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
static inline int
SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v
}
#endif /* SSL_CTX_set_min_proto_version */
-#ifndef SSL_CTX_set_max_proto_version
+#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER)
/** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
static inline int
SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)

View file

@ -10,4 +10,4 @@ there is a good chance this program will not run.
DO NOT USE IN PRODUCTION WITHOUT CAUTION
WWW: http://openvpn.net/
WWW: http://openvpn.net/index.php/open-source.html

View file

@ -0,0 +1,10 @@
Note that "Tunnelblick" is a controversial option.
It is included for compatibility, not enabled by default,
and should only be used with due consideration, and it should not
replace proper cryptography use in OpenVPN.
Note that this patch does NOT add documentation for the new --scramble
option, neither to the --help output, nor the manual page.
Please see this website for a more detailed discussion:
https://tunnelblick.net/cOpenvpn_xorpatch.html