NOTE that the port is more of a development snapshot than it used to be,
so it should be used SOLELY for testing and development, NOT IN PRODUCTION.
PR: ports/144115
Approved by: mandree@ (previous maintainer)
Approved by: garga@ (mentor)
Feature safe: yes
Update security/openvpn20 to 2.0.9, revising pkg-message.
Move security/openvpn-devel to security/openvpn and
update security/openvpn to 2.1.1.
Remove security/openvpn-devel, adding a MOVED entry.
Update security/Makefile to remove openvpn-devel and add openvpn20 to
SUBDIRS.
Add a UPDATING entry for this shuffle. Currently without upgrade
instructions since neither portupgrade nor portmaster are up to the
task (because of the CONFLICTS).
Approved by: garga@ (mentor)
propogated by copy and paste.
1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).
No PORTREVISION bumps because all of these changes are noops.
Changelog:
This release fixes a serious (though not security-related) bug in the
SSL/TLS negotiation over UDP that can cause SSL/TLS handshake failures.
PR: 127392
Submitted by: Matthias Andree <matthias.andree@gmx.de> (maintainer)
Approved by: portmgr (pav)
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
(arbitrary code execution).
- VulnDB update was submitted in a previous PR.
- Add PKCS#11 option which explicitly disables PKCS11 at
build time if not desired to avoid invisible pkcs11-helper
dependency, else openvpn would silently pick up security/pkcs11-helper.
PR: 126356
Submitted by: Matthias Andree <matthias.andree@gmx.de> (maintainer)
same time. Rearrange the ports used in self-test to different ones.
PR: ports/111207
Submitted by: Matthias Andree <matthias.andree at gmx.de> (maintainer)
- Port rc script changes from security/openvpn 2.0.6_7 to support multiple
instances
PR: ports/109909
Submitted by: Matthias Andree <matthias.andree at gmx.de> (maintainer)
OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private
Network) daemon which can be used to securely link two or more private networks
using an encrypted tunnel over the internet. It can operate over UDP or TCP,
can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
server can handle many clients.
PR: ports/101802
Submitted by: Matthias Andree <matthias.andree@gmx.de> (openvpn maintainer)
the man page) and README.openvpn-down-root
2 - match rc.d filename as printed post install in pkg-message to actual file
name on newer systems (which use openvpn rather than openvpn.sh)
Reported by: Jean-Baptiste Quenot (Bcc'd)
The maintainer wishes to thank Jean-Baptiste for his report and patience.
3 - add a pkg-req script to prevent installation of 6.1 packages on older
machines, which is a frequent source of "rc.d script doesn't work"
complaints.
Added file(s):
- files/pkg-req.in
PR: ports/100917
Submitted by: Matthias Andree (maintainer)
prevent a lot of people asking maintainer about it:
# -----------------------------------------------------
# DO NOT BOTHER TO SEND NOTICES ABOUT 2.0.7 AS IT FIXES
# A WINDOWS-ONLY BUG THAT DOESN'T AFFECT *BSD AND THUS
# DOES NOT WARRANT A PORT UPGRADE! AND UPGRADE REQUESTS
# WILL BE DROPPED. -- Matthias Andree, 2006-04-26
# -----------------------------------------------------
PR: ports/96383
Submitted by: maintainer
* security fix for client LD_PRELOAD code injection vulnerability
through compromised upstream servers
(FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c,
filed in separate PR)
CVE id not known yet
* 2 other changes only relevant for Linux and NetBSD, not detailed here.
PR: ports/95345
Submitted by: maintainer
Security: VuXML be4ccb7b-c48b-11da-ae12-0002b3b60e4c
We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.
