It's time again to bump the openvpn-devel port to a newer upstream version - qui te a bit of code polishing, new unit tests, and especially one major new feature, 64 bit AEAD tags & epoch keys (following the TLS model for key rollover at very high speed transfers).
Created attachment 257447 [details] patch to ports tree, bringing openvpn-devel to 9f4670fc71
cc: mandree@freebsd.org - you asked me last time to assign this to you, but "assignee" is not an editable field for me...
Thank you for the submission! It looks like a duplicate of bug 284765. Could you close either of them?
*** Bug 284765 has been marked as a duplicate of this bug. ***
(In reply to Marek Zarychta from comment #3) Uh, sorry for that, and thanks for pointing it out. My browser hickuped upon submission...
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1947727ca9ed733f9126203d9dbbe1d987579cad commit 1947727ca9ed733f9126203d9dbbe1d987579cad Author: Gert Doering <gert@greenie.muc.de> AuthorDate: 2025-02-12 16:53:36 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2025-02-13 21:44:08 +0000 security/openvpn-devel: upgrade port to git commit 9f4670fc71 (2025-02-12) Contains a number of bugfixes and minor improvements, especially adding more unit tests and cleaning up code all over the place. The most important new feature in here is the "epoch data format", which is a suitable data channel format & rekeying strategy for 10G+ links where regular AES rekeying starts to become a limiting factor. When using FreeBSD DCO, epoch data format is not yet being used, because this needs kernel changes in ovpn(4). This is on the roadmap. -- Additional edits by mandree@: -- reset PORTREVISION PR: 284766 security/openvpn-devel/Makefile | 6 +++--- security/openvpn-devel/distinfo | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-)
Gert, thank you for your submission. Please compile the upstream source code with -Wsign-compare in CFLAGS and review warnings, there are many type signedness issues such as comparing ints against size_t or similar. Some of them are also type width issues. Committed with modified commit message and PORTREVISION reset, and there's a followup commit to clean up the Makefile, pushed in the same action but that does not reference this PR (I forgot): commit 850363d0d334a6c539561e05165c39806c26ab7a Author: Matthias Andree <mandree@FreeBSD.org> Date: Thu Feb 13 22:39:02 2025 +0100 security/openvpn-devel: clean up Makefile fixing portfmt, portlint and portclippy findings
https://cgit.freebsd.org/ports/commit/security/openvpn-devel?id=850363d0d334a6c539561e05165c39806c26ab7a is the URI of the Makefile cleanup commit.
Thanks for the Makefile cleanup, and for the PORTREVISION reset (d'oh). Will have a look at the sign-compare warnings and why we see them on FreeBSD while the code is -Wall -Werror clean on other platforms - I guess it's inside platform specific parts that my co-maintainers did not see...