Bug 254785
| Summary: | security/openvpn-devel: Update to 2021-W13 development snapshot | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Eric F Crist <ecrist> | ||||
| Component: | Individual Port(s) | Assignee: | Matthias Andree <mandree> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | mandree | ||||
| Priority: | --- | Flags: | ecrist:
maintainer-feedback+
|
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
$ LANG=en LC_ALL=C svn commit -F /usr/ports.svn/security/svn-commit.tmp Sending Makefile Sending distinfo Transmitting file data ..done Committing transaction... svn: E000030: Commit failed (details follow): svn: E000030: Can't open file '/s/svn/ports/db/txn-current-lock': Read-only file system https://wiki.freebsd.org/git - so commit is stalled for the moment. testport passes on 11.4 i386 and 12.2 amd64 for me. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e098d24a5aceebd6924b41a980ebb135a1dec0ed commit e098d24a5aceebd6924b41a980ebb135a1dec0ed Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2021-04-06 15:52:59 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2021-04-06 17:33:24 +0000 security/openvpn-devel: Update to 2021-W13 development snapshot Commit history from 202049 to 202113: 5ac8c3c7 Fix async push broken after auth deferred refactor 8ccce69d log file descriptor in more socket related error messages c5fec838 Move auth deferred related members into its own struct 6ea62d50 Remove deprecated option '--keysize' 60f5889a Deprecate non TLS mode in OpenVPN 79ff3f79 Allow running a default configuration with TLS libraries without BF-CBC 9e702a5d Always disable TLS renegotiations 203afbe9 reliable: retransmit if 3 follow-up ACKs are received 343b6119 Remove do_init_socket_2 and do_init_socket_1 wrapper function 9fe0b2c2 Extract multi_assign_peer_id into its own function 18b4a838 Remove thread_mode field of multi_context aba8776e Fix 'compress migrate' for 2.2 clients. 8fa8a175 Implement '--compress migrate' to migrate to non-compression setup 72e1ecb5 Move is_proto function to the socket.h header 9eb285f4 Remove unused variable pass_config_info c0b36e9f Remove unused function tls_test_auth_deferred_interval 3667df1d Remove unused field txqueuelen from struct tuntap 14061e3e Remove pointless tun_adjust_frame_parameters function 137eb670 Remove code for aligning non-swapped compression bdc11ae4 Rename tunnel_server_udp_single_threaded to tunnel_server_udp 213fd3ee Remove superflous ifdefs around enum like defines 997b006a Get rid of last PLUGIN_DEF_AUTH #ifdef 76ccc62d Stop using deprecated getpass() 2d5c437f Remove automatic service d11c273b Fix #elif TARGET_LINUX missing defined() call f91e2116 Remove support for non ISO C99 vararg support 7975e33b Remove flexible array member autoconf check ca570706 Cleanup print_details and add signature/ED certificate print 467b16dc Use correct types for OpenSSL and Windows APIs e756e12a Fix socket related functions using int instead of socket_descriptor_t 7fc608da Make buffer related function conversion explicit when narrowing 5a2ed714 Restore also ping related options on a reconnect 7064ccb9 Move NCP saving and restore to the prepush restore code 528a78fb Move restoring pre pull options to initialising of c2 context 1e938c50 openvpnserv: Cache last error before it is overridden 1b71f859 Remove empty dummy functions 5b8a1231 Deprecate the --verify-hash option 26117a82 Document the simple self-signed certificate setup in examples 423ced96 Support fingerprint authentication without CA certificate e5e9a07e tapctl: Resolve MSVC C4996 warnings c3a7065d Implement peer-fingerprint to check fingerprint of peer certificate d1fe6d52 Extend verify-hash to allow multiple hashes df471f4d iservice: Resolve MSVC C4996 warnings 709c3810 interactive.c: Resolve MSVC C4996 warning 26540310 tun.c: Remove dead code 6eb28f7c Wipe Socks5 credentials after use f9d9fe55 Move extract_iv_proto to ssl_util.c/h 45e7d412 Fix multiple problems when compiling with LLVM/Windows (clang-cl) 1480903e README.wolfssl Update 9b2e8034 Remove compat-lz4 references from VS project files 60c18b45 build: Add support for pkg-config < 0.28 for old autoconf versions f38819b7 Add README.wolfssl documentating the state of WolfSSL in OpenVPN f6dca235 Support for wolfSSL in OpenVPN 4524feb2 Avoid generating unecessary mbed debug messages 24596b25 build: Remove compat-lz4 4170da07 Do not print Diffie Hellman parameters file to log file 476990d4 EVP_DigestSignFinal siglen parameter correction b0bff559 Require at least 100MB of mlock()-able memory if --mlock is used. fdb4f276 Allow pending auth to be send from a auth plugin d8ed5932 Change parameter of send_auth_pending_messages from context to tls_multi 88664aba Refactor extract_var_peer_info into standalone function and add ssl_util.c 53229047 Implement server side of AUTH_PENDING with extending timeout 4cf01c8e Fix EVP_PKEY_CTX_... compilation with LibreSSL 06f6cf3f Prefer TLS libraries TLS PRF function, fix OpenVPN in FIPS mode 3338f2d5 Quote the domain name argument passed to the wmic command 04876274 Add S_EXITCODE flag for openvpn_run_script to report exit code b29f7dff Introduce management client state for AUTH_PENDING notifications 3f8fb2b2 Implement client side handling of AUTH_PENDING message 0714ed80 Check return values in md_ctx_init and hmac_ctx_init fdfbd444 Explain structver usage in sample defer plugin. 413580b6 Change pull request timeout use a timeout rather than a number ce652e7d Remove inetd support from OpenVPN a385a3e8 More explicit versioning compatibility in sample-plugins/defer/simple.c 7d1361c1 Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c 595be121 Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in 2d7e1954 Fix naming error in sample-plugins/defer/simple.c 452e016c clean up / rewrite sample-plugins/defer/simple.c 6a0c51ba Make OPENVPN_PLUGIN_ENABLE_PF failures FATAL ef2405a6 Document common uses of 'echo' directive, re-enable logging for 'echo'. 15daa988 Fix tls-auth mismatch OCC message when tls-cryptv2 is used. 3b1ded39 Man page sections corrections e0e7625c Skip DHCP renew with Wintun adapter b1a8213e Remove 1 second delay before running netsh 8a8ee283 Clarify --block-ipv6 intent and direction. aa58035a Zero initialise msghdr prior to calling sendmesg 86d7e990 ssl_common.h: fix 'not all control paths return a value' msvc warning ab4688e3 Fix too early argv freeing when registering DNS a686f7e2 Fix line number reporting on config file errors after <inline> segments PR: 254785 Submitted by: Eric F. Crist (maintainer) -- Diese und die folgenden Zeilen werden ignoriert -- > Description of fields to fill in above: 76 columns --| > PR: If and which Problem Report is related. > Submitted by: If someone else sent in the change. > Reported by: If someone else reported the issue. > Reviewed by: If someone else reviewed your modification. > Approved by: If you needed approval for this commit. > Obtained from: If the change is from a third party. > MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email. > MFH: Ports tree branch name. Request approval for merge. > Relnotes: Set to 'yes' for mention in release notes. > Security: Vulnerability reference (one per line) or description. > Sponsored by: If the change was sponsored by an organization (each collaborator). > Differential Revision: https://reviews.freebsd.org/D### (*full* phabric URL needed). > Empty fields above will be automatically removed. M openvpn-devel/Makefile M openvpn-devel/distinfo security/openvpn-devel/Makefile | 2 +- security/openvpn-devel/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) Whoops. Sorry for not setting the Author properly. |
Created attachment 223825 [details] Week 202113 diff file Commit history from 202049 to 202113: 5ac8c3c7 Fix async push broken after auth deferred refactor 8ccce69d log file descriptor in more socket related error messages c5fec838 Move auth deferred related members into its own struct 6ea62d50 Remove deprecated option '--keysize' 60f5889a Deprecate non TLS mode in OpenVPN 79ff3f79 Allow running a default configuration with TLS libraries without BF-CBC 9e702a5d Always disable TLS renegotiations 203afbe9 reliable: retransmit if 3 follow-up ACKs are received 343b6119 Remove do_init_socket_2 and do_init_socket_1 wrapper function 9fe0b2c2 Extract multi_assign_peer_id into its own function 18b4a838 Remove thread_mode field of multi_context aba8776e Fix 'compress migrate' for 2.2 clients. 8fa8a175 Implement '--compress migrate' to migrate to non-compression setup 72e1ecb5 Move is_proto function to the socket.h header 9eb285f4 Remove unused variable pass_config_info c0b36e9f Remove unused function tls_test_auth_deferred_interval 3667df1d Remove unused field txqueuelen from struct tuntap 14061e3e Remove pointless tun_adjust_frame_parameters function 137eb670 Remove code for aligning non-swapped compression bdc11ae4 Rename tunnel_server_udp_single_threaded to tunnel_server_udp 213fd3ee Remove superflous ifdefs around enum like defines 997b006a Get rid of last PLUGIN_DEF_AUTH #ifdef 76ccc62d Stop using deprecated getpass() 2d5c437f Remove automatic service d11c273b Fix #elif TARGET_LINUX missing defined() call f91e2116 Remove support for non ISO C99 vararg support 7975e33b Remove flexible array member autoconf check ca570706 Cleanup print_details and add signature/ED certificate print 467b16dc Use correct types for OpenSSL and Windows APIs e756e12a Fix socket related functions using int instead of socket_descriptor_t 7fc608da Make buffer related function conversion explicit when narrowing 5a2ed714 Restore also ping related options on a reconnect 7064ccb9 Move NCP saving and restore to the prepush restore code 528a78fb Move restoring pre pull options to initialising of c2 context 1e938c50 openvpnserv: Cache last error before it is overridden 1b71f859 Remove empty dummy functions 5b8a1231 Deprecate the --verify-hash option 26117a82 Document the simple self-signed certificate setup in examples 423ced96 Support fingerprint authentication without CA certificate e5e9a07e tapctl: Resolve MSVC C4996 warnings c3a7065d Implement peer-fingerprint to check fingerprint of peer certificate d1fe6d52 Extend verify-hash to allow multiple hashes df471f4d iservice: Resolve MSVC C4996 warnings 709c3810 interactive.c: Resolve MSVC C4996 warning 26540310 tun.c: Remove dead code 6eb28f7c Wipe Socks5 credentials after use f9d9fe55 Move extract_iv_proto to ssl_util.c/h 45e7d412 Fix multiple problems when compiling with LLVM/Windows (clang-cl) 1480903e README.wolfssl Update 9b2e8034 Remove compat-lz4 references from VS project files 60c18b45 build: Add support for pkg-config < 0.28 for old autoconf versions f38819b7 Add README.wolfssl documentating the state of WolfSSL in OpenVPN f6dca235 Support for wolfSSL in OpenVPN 4524feb2 Avoid generating unecessary mbed debug messages 24596b25 build: Remove compat-lz4 4170da07 Do not print Diffie Hellman parameters file to log file 476990d4 EVP_DigestSignFinal siglen parameter correction b0bff559 Require at least 100MB of mlock()-able memory if --mlock is used. fdb4f276 Allow pending auth to be send from a auth plugin d8ed5932 Change parameter of send_auth_pending_messages from context to tls_multi 88664aba Refactor extract_var_peer_info into standalone function and add ssl_util.c 53229047 Implement server side of AUTH_PENDING with extending timeout 4cf01c8e Fix EVP_PKEY_CTX_... compilation with LibreSSL 06f6cf3f Prefer TLS libraries TLS PRF function, fix OpenVPN in FIPS mode 3338f2d5 Quote the domain name argument passed to the wmic command 04876274 Add S_EXITCODE flag for openvpn_run_script to report exit code b29f7dff Introduce management client state for AUTH_PENDING notifications 3f8fb2b2 Implement client side handling of AUTH_PENDING message 0714ed80 Check return values in md_ctx_init and hmac_ctx_init fdfbd444 Explain structver usage in sample defer plugin. 413580b6 Change pull request timeout use a timeout rather than a number ce652e7d Remove inetd support from OpenVPN a385a3e8 More explicit versioning compatibility in sample-plugins/defer/simple.c 7d1361c1 Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c 595be121 Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in 2d7e1954 Fix naming error in sample-plugins/defer/simple.c 452e016c clean up / rewrite sample-plugins/defer/simple.c 6a0c51ba Make OPENVPN_PLUGIN_ENABLE_PF failures FATAL ef2405a6 Document common uses of 'echo' directive, re-enable logging for 'echo'. 15daa988 Fix tls-auth mismatch OCC message when tls-cryptv2 is used. 3b1ded39 Man page sections corrections e0e7625c Skip DHCP renew with Wintun adapter b1a8213e Remove 1 second delay before running netsh 8a8ee283 Clarify --block-ipv6 intent and direction. aa58035a Zero initialise msghdr prior to calling sendmesg 86d7e990 ssl_common.h: fix 'not all control paths return a value' msvc warning ab4688e3 Fix too early argv freeing when registering DNS a686f7e2 Fix line number reporting on config file errors after <inline> segments