Received: by mail.netbsd.org (Postfix, from userid 605) id 0E13B84D36; Tue, 14 Mar 2023 06:31:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 3F91C84D1C for ; Tue, 14 Mar 2023 06:31:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id zufqp62ovJ-A for ; Tue, 14 Mar 2023 06:31:39 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 24EAF84CFF for ; Tue, 14 Mar 2023 06:31:39 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 21D33FA90; Tue, 14 Mar 2023 06:31:39 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1678775499168410" MIME-Version: 1.0 Date: Tue, 14 Mar 2023 06:31:39 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/net To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20230314063139.21D33FA90@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1678775499168410 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: adam Date: Tue Mar 14 06:31:39 UTC 2023 Modified Files: pkgsrc/net/openvpn: Makefile.common PLIST distinfo pkgsrc/net/openvpn-acct-wtmpx: Makefile distinfo pkgsrc/net/openvpn-nagios: distinfo Log Message: openvpn: updated to 2.6.1 Overview of changes in 2.6.1 New features Dynamic TLS Crypt When both peers are OpenVPN 2.6.1+, OpenVPN will dynamically create a tls-crypt key that is used for renegotiation. This ensure that only the previously authenticated peer can do trigger renegotiation and complete renegotiations. CryptoAPI (Windows): support issuer name as a selector. Certificate selection string can now specify a partial issuer name string as "--cryptoapicert ISSUER:" where is matched as a substring of the issuer (CA) name in the certificate. User visible changes on crypto initialization, move old "quite verbose" messages to --verb 4 and only print a more compact summary about crypto and timing parameters by default configure now enables DCO build by default on FreeBSD and Linux, which brings in a default dependency for libnl-genl (for Linux distributions that are too old to have this library, use "configure --disable-dco") make "configure --help" output more consistent CryptoAPI (Windows): remove support code for OpenSSL before 3.0.1 (this will not affect official OpenVPN for Windows installers, as they will always be built with OpenSSL 3.0.x) CryptoAPI (Windows): log the selected certificate's name "configure" now uses "subdir-objects", for automake >= 1.16 (less warnings for recent-enough automake versions, will change the way .o files are created) Bugfixes / minor improvements fixed old IPv6 ifconfig race condition for FreeBSD 12.4 fix compile-time breakage related to DCO defines on FreeBSD 14 enforce minimum packet size for "--fragment" (avoid division by zero) some alignment fixes to avoid unaligned memory accesses, which will bring problems on some architectures (Sparc64, some ARM versions) - found by USAN clang checker windows source code fixes to reduce number of compile time warnings (eventual goal is to be able to compile with -Werror on MinGW), mostly related to signed/unsigned char * conversions, printf() format specifiers and unused variables. avoid endless loop on logging with --management + --verb 6+ build (but not run) unit tests on MinGW cross compiles, and run them when building with GitHub Actions. add unit test for parts of cryptoapi.c add debug logging to help with diagnosing windows driver selection disable DCO if proxy config is set via management interface do not crash on Android if run without --management improve documentation about cipher negotiation and OpenVPN3 for x86 windows builds, use proper calling conventions for dco-win (__stdcall) differentiate "dhcp-option ..." options into "needs an interface with true DHCP service" (tap-windows) and "can also be installed by IPAPI or service, and can be used on non-DHCP interfaces" (wintun, dco-win) windows interactive service: fix possible double-free if "--block-dns" installation fails due to "security products" interfering "make dist": package ovpn_dco_freebsd.h to permit building from tarballs on FreeBSD 14 To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/openvpn/Makefile.common cvs rdiff -u -r1.24 -r1.25 pkgsrc/net/openvpn/PLIST cvs rdiff -u -r1.58 -r1.59 pkgsrc/net/openvpn/distinfo cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/openvpn-acct-wtmpx/Makefile cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/openvpn-acct-wtmpx/distinfo cvs rdiff -u -r1.30 -r1.31 pkgsrc/net/openvpn-nagios/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1678775499168410 Content-Disposition: inline Content-Length: 6662 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/openvpn/Makefile.common diff -u pkgsrc/net/openvpn/Makefile.common:1.27 pkgsrc/net/openvpn/Makefile.common:1.28 --- pkgsrc/net/openvpn/Makefile.common:1.27 Wed Nov 23 08:02:57 2022 +++ pkgsrc/net/openvpn/Makefile.common Tue Mar 14 06:31:38 2023 @@ -1,9 +1,9 @@ -# $NetBSD: Makefile.common,v 1.27 2022/11/23 08:02:57 adam Exp $ +# $NetBSD: Makefile.common,v 1.28 2023/03/14 06:31:38 adam Exp $ # used by net/openvpn/Makefile # used by net/openvpn-acct-wtmpx/Makefile # used by net/openvpn-nagios/Makefile -OPENVPN_DISTNAME= openvpn-2.5.8 +OPENVPN_DISTNAME= openvpn-2.6.1 OPENVPN_DISTFILE= ${OPENVPN_DISTNAME}.tar.gz OPENVPN_MASTER_SITES= https://swupdate.openvpn.org/community/releases/ SITES.${OPENVPN_DISTFILE}= ${OPENVPN_MASTER_SITES} Index: pkgsrc/net/openvpn/PLIST diff -u pkgsrc/net/openvpn/PLIST:1.24 pkgsrc/net/openvpn/PLIST:1.25 --- pkgsrc/net/openvpn/PLIST:1.24 Tue Oct 5 19:25:41 2021 +++ pkgsrc/net/openvpn/PLIST Tue Mar 14 06:31:38 2023 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.24 2021/10/05 19:25:41 adam Exp $ +@comment $NetBSD: PLIST,v 1.25 2023/03/14 06:31:38 adam Exp $ include/openvpn-msg.h include/openvpn-plugin.h ${PLIST.pam}lib/openvpn/plugins/openvpn-plugin-auth-pam.la @@ -10,7 +10,6 @@ share/doc/openvpn/COPYING share/doc/openvpn/COPYRIGHT.GPL share/doc/openvpn/Changes.rst share/doc/openvpn/README -share/doc/openvpn/README.IPv6 ${PLIST.pam}share/doc/openvpn/README.auth-pam share/doc/openvpn/README.down-root share/doc/openvpn/README.mbedtls @@ -28,8 +27,6 @@ share/examples/openvpn/config/openvpn-st share/examples/openvpn/config/server.conf share/examples/openvpn/config/tls-home.conf share/examples/openvpn/config/tls-office.conf -share/examples/openvpn/config/xinetd-client-config -share/examples/openvpn/config/xinetd-server-config share/examples/openvpn/keys/README share/examples/openvpn/keys/ca.crt share/examples/openvpn/keys/ca.key @@ -50,5 +47,6 @@ share/examples/openvpn/keys/ta.key share/examples/openvpn/scripts/auth-pam.pl share/examples/openvpn/scripts/bridge-start share/examples/openvpn/scripts/bridge-stop +share/examples/openvpn/scripts/totpauth.py share/examples/openvpn/scripts/ucn.pl share/examples/openvpn/scripts/verify-cn Index: pkgsrc/net/openvpn/distinfo diff -u pkgsrc/net/openvpn/distinfo:1.58 pkgsrc/net/openvpn/distinfo:1.59 --- pkgsrc/net/openvpn/distinfo:1.58 Wed Nov 23 08:02:57 2022 +++ pkgsrc/net/openvpn/distinfo Tue Mar 14 06:31:38 2023 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.58 2022/11/23 08:02:57 adam Exp $ +$NetBSD: distinfo,v 1.59 2023/03/14 06:31:38 adam Exp $ -BLAKE2s (openvpn-2.5.8.tar.gz) = 7af26d7da32f771a6b34a5c25e4c0ffc6084a776c0c9f5dbd920f05a47810224 -SHA512 (openvpn-2.5.8.tar.gz) = 9cb0e79f26e7021141213d241fffaaa899575fa1640cb02d5f2a7b71f1ae12faac762ac26c2e4ddc4822550aa12cb81bab7a5b259d81230983e9b098e0f14091 -Size (openvpn-2.5.8.tar.gz) = 1875551 bytes +BLAKE2s (openvpn-2.6.1.tar.gz) = 8645f53378fadbfdb0106e95c5375995e7f7557acd28c0de248fbdf555cae40c +SHA512 (openvpn-2.6.1.tar.gz) = f848abc1d3ab99111b852fa52d12cb93734137acf3319b704c65cf8d1ef8abbf3cd3dbbe32b59687945e7dbd7ac7e8fc97bee57667f97700ba03d1ced4b40c31 +Size (openvpn-2.6.1.tar.gz) = 1852147 bytes SHA1 (patch-src_compat_compat-basename.c) = 45a58ef2e05f6e0265f229da8540760e60e65143 Index: pkgsrc/net/openvpn-acct-wtmpx/Makefile diff -u pkgsrc/net/openvpn-acct-wtmpx/Makefile:1.10 pkgsrc/net/openvpn-acct-wtmpx/Makefile:1.11 --- pkgsrc/net/openvpn-acct-wtmpx/Makefile:1.10 Sun Jan 26 17:31:53 2020 +++ pkgsrc/net/openvpn-acct-wtmpx/Makefile Tue Mar 14 06:31:38 2023 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.10 2020/01/26 17:31:53 rillig Exp $ +# $NetBSD: Makefile,v 1.11 2023/03/14 06:31:38 adam Exp $ .include "../../net/openvpn/Makefile.common" @@ -28,4 +28,5 @@ SPECIAL_PERMS+= bin/logwtmpx ${SETUID_RO DEPENDS+= openvpn>=2.4.2:../../net/openvpn +.include "../../security/openssl/buildlink3.mk" .include "../../mk/bsd.pkg.mk" Index: pkgsrc/net/openvpn-acct-wtmpx/distinfo diff -u pkgsrc/net/openvpn-acct-wtmpx/distinfo:1.33 pkgsrc/net/openvpn-acct-wtmpx/distinfo:1.34 --- pkgsrc/net/openvpn-acct-wtmpx/distinfo:1.33 Wed Nov 23 08:02:57 2022 +++ pkgsrc/net/openvpn-acct-wtmpx/distinfo Tue Mar 14 06:31:38 2023 @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.33 2022/11/23 08:02:57 adam Exp $ +$NetBSD: distinfo,v 1.34 2023/03/14 06:31:38 adam Exp $ -BLAKE2s (openvpn-2.5.8.tar.gz) = 7af26d7da32f771a6b34a5c25e4c0ffc6084a776c0c9f5dbd920f05a47810224 -SHA512 (openvpn-2.5.8.tar.gz) = 9cb0e79f26e7021141213d241fffaaa899575fa1640cb02d5f2a7b71f1ae12faac762ac26c2e4ddc4822550aa12cb81bab7a5b259d81230983e9b098e0f14091 -Size (openvpn-2.5.8.tar.gz) = 1875551 bytes +BLAKE2s (openvpn-2.6.1.tar.gz) = 8645f53378fadbfdb0106e95c5375995e7f7557acd28c0de248fbdf555cae40c +SHA512 (openvpn-2.6.1.tar.gz) = f848abc1d3ab99111b852fa52d12cb93734137acf3319b704c65cf8d1ef8abbf3cd3dbbe32b59687945e7dbd7ac7e8fc97bee57667f97700ba03d1ced4b40c31 +Size (openvpn-2.6.1.tar.gz) = 1852147 bytes BLAKE2s (openvpn-acct-wtmpx-20130210.tgz) = 2bb02a4e6adb7ce1d189271a6fbb6cbffd6a37d7b5e75cccebfc8dfac6dbaddd SHA512 (openvpn-acct-wtmpx-20130210.tgz) = 7b8fd4929e65d8d84158f62e5a17ff3adb3b4a6cff63b29038acfb368750719f2f593786ed9b02402824c19d872b188d2a46740a5c5f853e8873a71481b13aaf Size (openvpn-acct-wtmpx-20130210.tgz) = 2778 bytes Index: pkgsrc/net/openvpn-nagios/distinfo diff -u pkgsrc/net/openvpn-nagios/distinfo:1.30 pkgsrc/net/openvpn-nagios/distinfo:1.31 --- pkgsrc/net/openvpn-nagios/distinfo:1.30 Wed Nov 23 08:02:58 2022 +++ pkgsrc/net/openvpn-nagios/distinfo Tue Mar 14 06:31:38 2023 @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.30 2022/11/23 08:02:58 adam Exp $ +$NetBSD: distinfo,v 1.31 2023/03/14 06:31:38 adam Exp $ -BLAKE2s (openvpn-2.5.8.tar.gz) = 7af26d7da32f771a6b34a5c25e4c0ffc6084a776c0c9f5dbd920f05a47810224 -SHA512 (openvpn-2.5.8.tar.gz) = 9cb0e79f26e7021141213d241fffaaa899575fa1640cb02d5f2a7b71f1ae12faac762ac26c2e4ddc4822550aa12cb81bab7a5b259d81230983e9b098e0f14091 -Size (openvpn-2.5.8.tar.gz) = 1875551 bytes +BLAKE2s (openvpn-2.6.1.tar.gz) = 8645f53378fadbfdb0106e95c5375995e7f7557acd28c0de248fbdf555cae40c +SHA512 (openvpn-2.6.1.tar.gz) = f848abc1d3ab99111b852fa52d12cb93734137acf3319b704c65cf8d1ef8abbf3cd3dbbe32b59687945e7dbd7ac7e8fc97bee57667f97700ba03d1ced4b40c31 +Size (openvpn-2.6.1.tar.gz) = 1852147 bytes BLAKE2s (openvpn-nagios-20130210.tgz) = 713b55e865350c44a314aa3b48694695f4d82b50883d1fae919f01e9545c7c34 SHA512 (openvpn-nagios-20130210.tgz) = 80e565f32379c39eb6c7f3b4744af221ae882ff07dce9dae5bd7feb73b0edcfc7c7ac7f70d23fdcd4f492b66f095f09833deb122449840b36ea606ce91900358 Size (openvpn-nagios-20130210.tgz) = 3034 bytes --_----------=_1678775499168410--