Created attachment 211804 [details] patch Added a new option ASYNC_PUSH, disabled by default, to build it with --enable-async-push. When this option is enabled it fails to build due to lack of -linotify, so I added it to patch-configure and submitted a bug upstream: https://community.openvpn.net/openvpn/ticket/1256#ticket
Why don't we just add LIBS+=-Wl,--as-needed -linotify?
(In reply to Matthias Andree from comment #1) OK. Let me try that and update patch
No need, I have it
A commit references this bug: Author: mandree Date: Fri Feb 21 20:15:50 UTC 2020 New revision: 526692 URL: https://svnweb.freebsd.org/changeset/ports/526692 Log: openvpn: Add default-off ASYNC_PUSH option. When enabled, pulls in devel/libinotify, and adds --enable-async-push to configure. In contrast to garga@'s proposal, uses ASYNC_PUSH_LIBS instead of a patch file. PR: 244286 Submitted by: garga@ Changes: head/security/openvpn/Makefile
Hi, Please be aware that a fix for this issue has been committed to openvpn master branch: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19566.html
Fixed also in release/2.4 https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19568.html
OK, thanks for driving this with the upstream maintainers - we can possibly drop the ASYNC_PUSH_LIBS line after the next release from the upstream (which might be called 2.4.9).
A commit references this bug: Author: mandree Date: Mon Mar 16 22:58:27 UTC 2020 New revision: 528550 URL: https://svnweb.freebsd.org/changeset/ports/528550 Log: security/openvpn: Add a FIXME marker to clean up a local workaround that was upstreamed for 2.4.9. [info: Lev Stipakov] PR: 244286 Changes: head/security/openvpn/Makefile
A commit references this bug: Author: mandree Date: Fri Apr 17 18:38:45 UTC 2020 New revision: 531957 URL: https://svnweb.freebsd.org/changeset/ports/531957 Log: security/openvpn: update to 2.4.9 (also for -mbedtls slave port) At the same time, remove ASYNC_PUSH_LIBS workaround from [1]. Changelog (high-level): https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249 Git changelog, marking the three fixes that were already in 2.4.8_3 as cherry-picks with a 1, 2, or 3 instead of "*" to correspond with the PORTREVISION, and those with "-" that are specific to other systems, say, Windows. * 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4, Changes.rst) (tag: v2.4.9) [Gert Doering] 3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov] * 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov] - 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option [Selva Nair] - 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store [Selva Nair] * df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva Nair] * 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in GetOpenvpnSettings() [Selva Nair] * 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve selection [Arne Schwabe] * ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in one file [Maxim Plotnikov] * 2fe84732 2020-03-30 | When auth-user-pass file has no password query the management interface (if available). [Selva Nair] * 908eae5c 2020-04-03 | Move querying username/password from management interface to a function [Selva Nair] * 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of tls_ctx_add_extra_certs [Arne Schwabe] * 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne Schwabe] * 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van Leeuwen] * 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH] * 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu Lakkala] 2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev Stipakov] * 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive service user [Selva Nair] * 0ba4f916 2019-11-09 | socks: use the right function when printing struct openvpn_sockaddr [Antonio Quartulli] 1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev Stipakov] PR: 244286 [1] MFH: 2020Q2 (patchlevel bugfix release) Changes: head/security/openvpn/Makefile head/security/openvpn/distinfo head/security/openvpn/files/patch-CVE-2020-11810 head/security/openvpn/files/patch-g3bd91cd-Fix-broken-fragmentation-logic-when-using-NCP
A commit references this bug: Author: mandree Date: Fri Apr 17 19:16:53 UTC 2020 New revision: 531963 URL: https://svnweb.freebsd.org/changeset/ports/531963 Log: MFH: r531957 security/openvpn: update to 2.4.9 (also for -mbedtls slave port) At the same time, remove ASYNC_PUSH_LIBS workaround from [1]. Changelog (high-level): https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249 Git changelog, marking the three fixes that were already in 2.4.8_3 as cherry-picks with a 1, 2, or 3 instead of "*" to correspond with the PORTREVISION, and those with "-" that are specific to other systems, say, Windows. * 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4, Changes.rst) (tag: v2.4.9) [Gert Doering] 3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov] * 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov] - 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option [Selva Nair] - 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store [Selva Nair] * df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva Nair] * 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in GetOpenvpnSettings() [Selva Nair] * 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve selection [Arne Schwabe] * ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in one file [Maxim Plotnikov] * 2fe84732 2020-03-30 | When auth-user-pass file has no password query the management interface (if available). [Selva Nair] * 908eae5c 2020-04-03 | Move querying username/password from management interface to a function [Selva Nair] * 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of tls_ctx_add_extra_certs [Arne Schwabe] * 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne Schwabe] * 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van Leeuwen] * 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH] * 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu Lakkala] 2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev Stipakov] * 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive service user [Selva Nair] * 0ba4f916 2019-11-09 | socks: use the right function when printing struct openvpn_sockaddr [Antonio Quartulli] 1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev Stipakov] PR: 244286 [1] Approved by: ports-secteam (joneum@) Changes: _U branches/2020Q2/ branches/2020Q2/security/openvpn/Makefile branches/2020Q2/security/openvpn/distinfo branches/2020Q2/security/openvpn/files/patch-CVE-2020-11810 branches/2020Q2/security/openvpn/files/patch-g3bd91cd-Fix-broken-fragmentation-logic-when-using-NCP