git: c450cf43cc7a - 2022Q2 - security/openvpn: update to v2.5.7
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 31 May 2022 16:41:59 UTC
The branch 2022Q2 has been updated by mandree:
URL: https://cgit.FreeBSD.org/ports/commit/?id=c450cf43cc7a22ee2ac08e55345ebf49992f8a19
commit c450cf43cc7a22ee2ac08e55345ebf49992f8a19
Author: Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2022-05-28 18:37:05 +0000
Commit: Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2022-05-31 16:41:34 +0000
security/openvpn: update to v2.5.7
FreeBSD-related changes from Changes.rst:
- Limited OpenSSL 3.0 support
OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies
on the compatiblity layer and full OpenSSL 3.0 support is coming with
OpenVPN 2.6. Only features that impact usage directly have been
backported:
``--tls-cert-profile insecure`` has been added to allow selecting the
lowest OpenSSL security level (not recommended, use only if you must).
OpenSSL 3.0 no longer supports the Blowfish (and other deprecated)
algorithm by default and the new option ``--providers`` allows loading
the legacy provider to renable these algorithms. Most notably,
reading of many PKCS#12 files encrypted with the RC2 algorithm fails
unless ``--providers legacy default`` is configured.
The OpenSSL engine feature ``--engine`` is not enabled by default
anymore if OpenSSL 3.0 is detected.
- print OpenSSL error stack if decoding PKCS12 file fails
- fix PATH_MAX build failure in auth-pam.c
- fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface
detailed changes: https://github.com/OpenVPN/openvpn/releases/tag/v2.5.7
(cherry picked from commit 9acfd1b4afebdf57366dff963ddc70d962994d1d)
While here, deprecate MBEDTLS.
---
security/openvpn/Makefile | 4 ++--
security/openvpn/distinfo | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile
index 680e92e82fde..2e4abfe023c4 100644
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@@ -1,7 +1,7 @@
# Created by: Matthias Andree <mandree@FreeBSD.org>
PORTNAME= openvpn
-DISTVERSION= 2.5.6
+DISTVERSION= 2.5.7
PORTREVISION?= 0
CATEGORIES= security net net-vpn
MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \
@@ -44,7 +44,7 @@ OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS
ASYNC_PUSH_DESC= Enable async-push support
EASYRSA_DESC= Install security/easy-rsa RSA helper package
LZO_DESC= LZO compression (incompatible with LibreSSL)
-MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3)
+MBEDTLS_DESC= SSL/TLS via mbedTLS (DEPRECATED)
PKCS11_DESC= Use security/pkcs11-helper (OpenSSL only)
SMALL_DESC= Build a smaller executable with fewer features
TUNNELBLICK_DESC= XOR scrambling patch - DEPRECATED!
diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo
index da8a61fc1dbd..c0b63a7bfe5e 100644
--- a/security/openvpn/distinfo
+++ b/security/openvpn/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1647545752
-SHA256 (openvpn-2.5.6.tar.xz) = 13c7c3dc399d1b571cabf189c4d34ae34656ee72b6bde2a8059c1e9bc61574ed
-SIZE (openvpn-2.5.6.tar.xz) = 1150352
+TIMESTAMP = 1653761260
+SHA256 (openvpn-2.5.7.tar.xz) = 313bca7e996a4f59ef9940dd87c6c4b9168064db9be6cabebd37cd65f13759ed
+SIZE (openvpn-2.5.7.tar.xz) = 1150476