./net/openvpn, Easy-to-use SSL VPN daemon

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.8, Package name: openvpn-2.4.8, Maintainer: pkgsrc-users

OpenVPN is a robust and highly flexible tunneling application
that uses all of the encryption, authentication, and certification
features of the OpenSSL library to securely tunnel IP networks over
a single TCP/UDP port.

Required to run:
[archivers/lzo] [archivers/lz4]

Required to build:

Master sites:

SHA1: 7cb3422641928b9433b08046ddc6474feb6792a7
RMD160: fddabf2acc71901f52dff771ad1246735f008297
Filesize: 930.121 KB

Version history: (Expand)

CVS history: (Expand)

   2019-11-04 13:52:14 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
openvpn: updated to 2.4.8

Version 2.4.8

This is primarily a maintenance release with minor bugfixes and improvements.

New features
Support compiling with OpenSSL 1.1 without deprecated APIs
handle PSS padding in cryptoapicert (necessary for TLS >= 1.2)

User visible changes
do not abort when hitting the combination of "--pull-filter" and \ 
"--mode server" (this got hit when starting OpenVPN servers using the \ 
windows GUI which installs a pull-filter to force ip-win32)
increase listen() backlog queue to 32 (improve response behaviour on openvpn \ 
servers using TCP that get portscanned)
fix and enhance documentation (INSTALL, man page, ...)

Bug fixes
the combination "IPv6 and proto UDP and SOCKS proxy" did not work - as \ 
a workaround, force IPv4 in this case until a full implementation for \ 
IPv6-UDP-SOCKS can be made.
fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
fix building with LibreSSL
do not set pkcs11-helper 'safe fork mode' (should fix PIN querying in systemd \ 
repair windows builds
repair Darwin builds (remove -no-cpp-precomp flag)
   2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255)
Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-07-21 00:46:59 by Thomas Klausner | Files touched by this commit (595)
Log message:
*: recursive bump for nettle 3.5.1
   2019-05-06 00:49:54 by Ryo ONODERA | Files touched by this commit (104)
Log message:
Recursive rebvump from devel/nss
   2019-02-21 17:22:54 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
openvpn: updated to 2.4.7

OpenVPN 2.4.7
- Fix subnet topology on NetBSD (2.4).
- add support for %lu in argv_printf and prevent ASSERT
- buffer_list: add functions documentation
- ifconfig-ipv6(-push): allow using hostnames
- Properly free tuntap struct on android when emulating persist-tun
- Add OpenSSL compat definition for RSA_meth_set_sign
- Add support for tls-ciphersuites for TLS 1.3
- Add better support for showing TLS 1.3 ciphersuites in --show-tls
- Use right function to set TLS1.3 restrictions in show-tls
- Add message explaining early TLS client hello failure
- Fallback to password authentication when auth-token fails
- systemd: extend CapabilityBoundingSet for auth_pam
- plugin: Export base64 encode and decode functions
- Add %d, %u and %lu tests to test_argv unit tests.
- Fix combination of --dev tap and --topology subnet across multiple platforms.
- Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
- preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
- Minor reliability layer documentation fixes
- Resolves small IV_GUI_VER typo in the documentation.
- Clarify and expand management interface documentation
- Refactor NCP-negotiable options handling
- init.c: refine functions names and description
- interactive.c: fix usage of potentially uninitialized variable
- options.c: fix broken unary minus usage
- Remove extra token after #endif
- Fix error message when using RHEL init script
- man: correct a --redirection-gateway option flag
- Replace M_DEBUG with D_LOW as the former is too verbose
- Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
- Bump version of openvpn plugin argument structs to 5
- Move get system directory to a separate function
- Enable dhcp on tap adapter using interactive service
- Pass the hash without the DigestInfo header to NCryptSignHash()
- White-list pull-filter and script-security in interactive service
- Add Interactive Service developer documentation
- Detect TAP interfaces with root-enumerated hardware ID
- man: add security considerations to --compress section
- mbedtls: print warning if random personalisation fails
- Fix memory leak after sighup
- travis: add OpenSSL 1.1 Windows build
- Fix --disable-crypto build
- Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
- buffer_list_aggregate_separator(): simplify code
   2018-06-24 11:26:12 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
openvpn: fix for NetBSD with subnet topology; remove empty DIST_SUBDIR
   2018-04-27 08:40:28 by Adam Ciarcinski | Files touched by this commit (5)
Log message:
openvpn: 2.4.6

OpenVPN 2.4.6
management: Warn if TCP port is used without password

Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
Fix potential double-free() in Interactive Service (CVE-2018-9336)
preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)

manpage: improve description of --status and --status-version

Make return code external tls key match docs

Delete the IPv6 route to the "connected" network on tun close
Management: warn about password only when the option is in use
Avoid overflow in wakeup time computation

Add missing #ifdef SSL_OP_NO_TLSv1_1/2

Check for more data in control channel
   2018-04-18 00:29:53 by Thomas Klausner | Files touched by this commit (286)
Log message:
Add p11-kit to gnutls/bl3.mk and bump dependencies.