Date: Sat, 22 Nov 2008 03:44:55 +0100 (CET) From: Matthias Andree <matthias.andree@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/129062: [MAINTAINER] security/openvpn-devel: update to -rc15 Message-ID: <20081122024455.B48D35C4E@rho.emma.line.org> Resent-Message-ID: <200811220320.mAM3K1OU076011@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129062
>Category: ports
>Synopsis: [MAINTAINER] security/openvpn-devel: update to -rc15
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 22 03:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 7.0-RELEASE-p5 i386
>Organization:
>Environment:
System: FreeBSD rho.emma.line.org 7.0-RELEASE-p5 FreeBSD 7.0-RELEASE-p5 #10: Thu Nov 6 02:12:42 CET
>Description:
update to -rc15. Upstream changelog:
-------------------------------------------------------
2008.11.19 -- Version 2.1_rc15
* Fixed issue introduced in 2.1_rc14 that may cause a
segfault when a --plugin module is used.
* Added server-side --opt-verify option: clients that connect
with options that are incompatible with those of the server
will be disconnected (without this option, incompatible
clients would trigger a warning message in the server log
but would not be disconnected).
* Added --tcp-nodelay option: Macro that sets TCP_NODELAY socket
flag on the server as well as pushes it to connecting clients.
* Minor options check fix: --no-name-remapping is a
server-only option and should therefore generate an
error when used on the client.
* Added --prng option to control PRNG (pseudo-random
number generator) parameters. In previous OpenVPN
versions, the PRNG was hardcoded to use the SHA1
hash. Now any OpenSSL hash may be used. This is
part of an effort to remove hardcoded references to
a specific cipher or cryptographic hash algorithm.
* Cleaned up man page synopsis.
2008.11.16 -- Version 2.1_rc14
* Added AC_GNU_SOURCE to configure.ac to enable struct ucred,
with the goal of fixing a build issue on Fedora 9 that was
introduced in 2.1_rc13.
* Added additional method parameter to --script-security to preserve
backward compatibility with system() call semantics used in OpenVPN
2.1_rc8 and earlier. To preserve backward compatibility use:
script-security 3 system
* Added additional warning messages about --script-security 2
or higher being required to execute user-defined scripts or
executables.
* Windows build system changes:
(...)
* Extended Management Interface "bytecount" command
to work when OpenVPN is running as a server.
Documented Management Interface "bytecount" command in
management/management-notes.txt.
* Fixed informational message in ssl.c to properly indicate
deferred authentication.
* Added server-side --auth-user-pass-optional directive, to allow
connections by clients that do not specify a username/password, when a
user-defined authentication script/module is in place (via
--auth-user-pass-verify, --management-client-auth, or a plugin module).
* Changes to easy-rsa/2.0/pkitool and related openssl.cnf:
Calling scripts can set the KEY_NAME environmental variable to set
the "name" X509 subject field in generated certificates.
Modified pkitool to allow flexibility in separating the Common Name
convention from the cert/key filename convention.
For example:
KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james
will create a client certificate/key pair of james.crt/james.key
having a Common Name of "James's Laptop" and a Name of "james".
* Added --no-name-remapping option to allow Common Name, X509 Subject,
and username strings to include any printable character including
space, but excluding control characters such as tab, newline, and
carriage-return (this is important for compatibility with external
authentication systems).
As a related change, added --status-version 3 format (and "status 3"
in the management interface) which uses the version 2 format except
that tabs are used as delimiters instead of commas so that there
is no ambiguity when parsing a Common Name that contains a comma.
Also, save X509 Subject fields to environment, using the naming
convention:
X509_{cert_depth}_{name}={value}
This is to avoid ambiguities when parsing out the X509 subject string
since "/" characters could potentially be used in the common name.
* Fixed some ifconfig-pool issues that precluded it from being combined
with --server directive.
Now, for example, we can configure thusly:
server 10.8.0.0 255.255.255.0 nopool
ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0
to have ifconfig-pool manage only a subset
of the VPN subnet.
* Added config file option "setenv FORWARD_COMPATIBLE 1" to relax
config file syntax checking to allow directives for future OpenVPN
versions to be ignored.
-------------------------------------------------------
Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:
--- openvpn-devel-2.1.r15.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/openvpn-devel/Makefile /usr/home/emma/ports/security/openvpn-devel/Makefile
--- /usr/ports/security/openvpn-devel/Makefile 2008-10-11 16:00:52.000000000 +0200
+++ /usr/home/emma/ports/security/openvpn-devel/Makefile 2008-11-22 03:33:59.000000000 +0100
@@ -6,7 +6,7 @@
#
PORTNAME= openvpn
-DISTVERSION= 2.1_rc13
+DISTVERSION= 2.1_rc15
CATEGORIES= security net
MASTER_SITES= http://openvpn.net/release/
PKGNAMESUFFIX= -devel
diff -ruN --exclude=CVS /usr/ports/security/openvpn-devel/distinfo /usr/home/emma/ports/security/openvpn-devel/distinfo
--- /usr/ports/security/openvpn-devel/distinfo 2008-10-11 16:00:52.000000000 +0200
+++ /usr/home/emma/ports/security/openvpn-devel/distinfo 2008-11-22 03:34:52.000000000 +0100
@@ -1,3 +1,3 @@
-MD5 (openvpn-2.1_rc13.tar.gz) = 7f9637cab862579e99666d4cb98d853b
-SHA256 (openvpn-2.1_rc13.tar.gz) = d8c1e7c9b04ca2577d90048d723f6613744f818c75eaeb66d47ba1158f20b993
-SIZE (openvpn-2.1_rc13.tar.gz) = 825890
+MD5 (openvpn-2.1_rc15.tar.gz) = 14a35b05c5a16292d149592d1dad0302
+SHA256 (openvpn-2.1_rc15.tar.gz) = 66cfe347da6ab29ae39c80527714079cdb5699fdf453f7e031dd2ec0172d13a5
+SIZE (openvpn-2.1_rc15.tar.gz) = 833429
--- openvpn-devel-2.1.r15.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081122024455.B48D35C4E>