diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile index f942b69ff7e6..842e7f77fe82 100644 --- a/security/openvpn-devel/Makefile +++ b/security/openvpn-devel/Makefile @@ -1,144 +1,152 @@ # Created by: Matthias Andree -PORTNAME= openvpn -DISTVERSION= 202113 -CATEGORIES= security net net-vpn -MASTER_SITES= https://secure-computing.net/files/openvpn/ -PKGNAMESUFFIX= -devel +PORTNAME= openvpn +DISTVERSION= g20210527 +PORTEPOCH= 1 +CATEGORIES= security net net-vpn +PKGNAMESUFFIX= -devel -MAINTAINER= ecrist@secure-computing.net +MAINTAINER= gert@greenie.muc.de # let's use ?= in spite of portlint WARNings because this might become # security/openvpn one day which would then have a slave port: -COMMENT?= Secure IP/Ethernet tunnel daemon +COMMENT?= Secure IP/Ethernet tunnel daemon -LICENSE= GPLv2 +LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYRIGHT.GPL -IGNORE_SSL= libressl libressl-devel +BUILD_DEPENDS+= cmocka>=0:sysutils/cmocka \ + rst2man:textproc/py-docutils +LIB_DEPENDS+= liblzo2.so:archivers/lzo2 -USES= cpe libtool pkgconfig shebangfix tar:xz +USES= autoreconf cpe libtool pkgconfig shebangfix tar:xz +IGNORE_SSL= libressl libressl-devel +USE_GITLAB= yes +GL_COMMIT= 890225c1783d0f11b2092495ff902a46d7d0d4cd +USE_RC_SUBR= openvpn + +SHEBANG_FILES= sample/sample-scripts/auth-pam.pl sample/sample-scripts/ucn.pl \ + sample/sample-scripts/verify-cn -CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]* GNU_CONFIGURE= yes -WRKSRC= ${WRKDIR}/${PORTNAME}${PKGNAMESUFFIX} -SHEBANG_FILES= sample/sample-scripts/verify-cn \ - sample/sample-scripts/auth-pam.pl \ - sample/sample-scripts/ucn.pl CONFIGURE_ARGS+= --enable-strict # set PLUGIN_LIBDIR so that unqualified plugin paths are found: CONFIGURE_ENV+= PLUGINDIR="${PREFIX}/lib/openvpn/plugins" # let OpenVPN's configure script pick up the requisite libraries, # but do not break the plugin build if an older version is installed -CPPFLAGS+= -I${WRKSRC}/include -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib - -OPTIONS_DEFINE= PKCS11 EASYRSA DOCS EXAMPLES X509ALTUSERNAME \ - TEST LZ4 SMALL TUNNELBLICK -OPTIONS_DEFAULT= EASYRSA OPENSSL TEST LZ4 -OPTIONS_SINGLE= SSL -OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS -PKCS11_DESC= Use security/pkcs11-helper -EASYRSA_DESC= Install security/easy-rsa RSA helper package -MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) -TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) -X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) -SMALL_DESC= Build a smaller executable with fewer features +.ifdef (LOG_OPENVPN) +CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} +.endif -EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa +CPPFLAGS+= -I${WRKSRC}/include -I${LOCALBASE}/include -DCONFIGURE_GIT_REVISION='\"${GL_COMMIT}\"' -DCONFIGURE_GIT_FLAGS= +LDFLAGS+= -L${LOCALBASE}/lib -PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper -PKCS11_CONFIGURE_ENABLE= pkcs11 -PKCS11_PREVENTS= MBEDTLS -PKCS11_PREVENTS_MSG= OpenVPN cannot use pkcs11-helper with mbedTLS. Disable PKCS11, or use OpenSSL instead +CONFLICTS_INSTALL?= openvpn-2.[!4].* openvpn-[!2].* openvpn-beta-[0-9]* \ + openvpn-devel-[0-9]* openvpn-mbedtls-[0-9]* -TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/extra-tunnelblick-openvpn_xorpatch +SUB_FILES= openvpn-client pkg-message -X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username +PORTDOCS= * +PORTEXAMPLES= * +OPTIONS_DEFINE= DOCS EASYRSA EXAMPLES LZ4 PKCS11 SMALL TEST TUNNELBLICK \ + X509ALTUSERNAME +OPTIONS_DEFAULT= EASYRSA LZ4 OPENSSL TEST +OPTIONS_SINGLE= SSL +OPTIONS_SINGLE_SSL= MBEDTLS OPENSSL + +# option descriptions and interdependencies + +EASYRSA_DESC= Install security/easy-rsa RSA helper package +MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) +PKCS11_DESC= Use security/pkcs11-helper +PKCS11_PREVENTS= MBEDTLS +PKCS11_PREVENTS_MSG= OpenVPN cannot use pkcs11-helper with mbedTLS. \ + Disable PKCS11, or use OpenSSL instead +SMALL_DESC= Build a smaller executable with fewer features +TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!) +X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) X509ALTUSERNAME_PREVENTS= MBEDTLS -X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use --x509-username-field with mbedTLS. Disable X509ALTUSERNAME, or use OpenSSL instead +X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} cannot use \ + --x509-username-field with mbedTLS. Disable \ + X509ALTUSERNAME, or use OpenSSL instead -OPENSSL_USES= ssl -OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl +# option implementations -LZ4_CONFIGURE_OFF= --disable-lz4 +EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa -SMALL_CONFIGURE_ON= --enable-small +LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 +LZ4_CONFIGURE_OFF= --disable-lz4 MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls -USE_RC_SUBR= openvpn - -SUB_FILES= pkg-message openvpn-client - -.ifdef (LOG_OPENVPN) -CFLAGS+= -DLOG_OPENVPN=${LOG_OPENVPN} -.endif - -BUILD_DEPENDS+= cmocka>=0:sysutils/cmocka \ - rst2man:textproc/py-docutils -LIB_DEPENDS+= liblzo2.so:archivers/lzo2 +OPENSSL_USES= ssl +OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl -LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 +PKCS11_LIB_DEPENDS= libpkcs11-helper.so:security/pkcs11-helper +PKCS11_CONFIGURE_ENABLE= pkcs11 -PORTDOCS= * -PORTEXAMPLES= * +SMALL_CONFIGURE_ON= --enable-small TEST_ALL_TARGET= check TEST_TEST_TARGET_OFF= check +TUNNELBLICK_EXTRA_PATCHES= ${FILESDIR}/extra-tunnelblick-openvpn_xorpatch + +X509ALTUSERNAME_CONFIGURE_ENABLE= x509-alt-username + pre-configure: .ifdef (LOG_OPENVPN) @${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}" .else @${ECHO} "" @${ECHO} "You may use the following build options:" @${ECHO} "" @${ECHO} " LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}" @${ECHO} " EXAMPLE: make LOG_OPENVPN=LOG_LOCAL6" @${ECHO} "" .endif post-configure: ${REINPLACE_CMD} '/^CFLAGS =/s/$$/ -fPIC/' \ ${WRKSRC}/src/plugins/auth-pam/Makefile \ ${WRKSRC}/src/plugins/down-root/Makefile .include .if ${PORT_OPTIONS:MMBEDTLS} -_tlslibs=libmbedtls libmbedx509 libmbedcrypto +_tlslibs= libmbedtls libmbedx509 libmbedcrypto .else # OpenSSL -_tlslibs=libssl libcrypto +_tlslibs= libssl libcrypto .endif # sanity check that we don't inherit incompatible SSL libs through, # for instance, pkcs11-helper: post-build: @a=$$(LC_ALL=C ldd -f '%o\n' ${WRKSRC}/src/openvpn/openvpn \ | ${SORT} -u) ; set -- $$(for i in ${_tlslibs} ; do ${PRINTF} '%s\n' "$$a" | ${GREP} $${i}.so | wc -l ; done | ${SORT} -u) ;\ if test "$$*" != "1" ; then ${ECHO_CMD} >&2 "${.CURDIR} FAILED: either of ${_tlslibs} libraries linked multiple times" ; ${PRINTF} '%s\n' "$$a"; ${RM} ${BUILD_COOKIE} ; exit 1 ; fi post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up ${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down @${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up ${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client ${MKDIR} ${STAGEDIR}${PREFIX}/include post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/ .for i in AUTHORS ChangeLog PORTS ${INSTALL_DATA} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/ .endfor post-install-EXAMPLES-on: (cd ${WRKSRC}/sample && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}/) ${CHMOD} ${BINMODE} ${STAGEDIR}${EXAMPLESDIR}/sample-scripts/* + ${RM} ${STAGEDIR}${EXAMPLESDIR}/sample-config-files/*.orig .include diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo index a811b8535a88..8b9af1ac43cb 100644 --- a/security/openvpn-devel/distinfo +++ b/security/openvpn-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1617626192 -SHA256 (openvpn-202113.tar.xz) = 54e5b6870855138fdc92e19354fb03665dde4dd7b899b1672a8fbd85d9b926e5 -SIZE (openvpn-202113.tar.xz) = 1065804 +TIMESTAMP = 1622278095 +SHA256 (openvpn-openvpn-890225c1783d0f11b2092495ff902a46d7d0d4cd_GL0.tar.gz) = 0677e95122f96634ad8b8215052f5cd51ccd554bbd70ab53a05f33c157b27554 +SIZE (openvpn-openvpn-890225c1783d0f11b2092495ff902a46d7d0d4cd_GL0.tar.gz) = 1133002 diff --git a/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h b/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h deleted file mode 100644 index 4f72e79ef421..000000000000 --- a/security/openvpn-devel/files/patch-src_openvpn_openssl__compat.h +++ /dev/null @@ -1,20 +0,0 @@ ---- src/openvpn/openssl_compat.h.orig 2019-02-20 12:28:23 UTC -+++ src/openvpn/openssl_compat.h -@@ -735,7 +735,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx) - } - #endif /* SSL_CTX_get_max_proto_version */ - --#ifndef SSL_CTX_set_min_proto_version -+#if !defined(SSL_CTX_set_min_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) - /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ - static inline int - SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) -@@ -764,7 +764,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_v - } - #endif /* SSL_CTX_set_min_proto_version */ - --#ifndef SSL_CTX_set_max_proto_version -+#if !defined(SSL_CTX_set_max_proto_version) && !defined(LIBRESSL_VERSION_NUMBER) - /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */ - static inline int - SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)