./net/openvpn-nagios, OpenVPN certificate checks for Nagios

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 20130210, Package name: openvpn-nagios-20130210, Maintainer: manu

This OpenVPN plugin check certificate expiration for Nagios


Required to run:
[net/openvpn]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 8a0fd4e3eba27584aa53c5589c13d4b38af43ba2
RMD160: 2a47893ec2db2c280adc7b9fbbea97794ec1a6f4
Filesize: 2.963 KB

Version history: (Expand)


CVS history: (Expand)


   2017-06-23 08:46:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
Updated openvpn to 2.4.3
   2017-05-24 22:35:12 by Adam Ciarcinski | Files touched by this commit (20) | Package updated
Log message:
OpenVPN 2.4.2

Compared to OpenVPN 2.3 this is a major update with a large number of new \ 
features, improvements and fixes. Some of the major features are AEAD (GCM) \ 
cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack \ 
support and more seamless connection migration when client's IP address changes \ 
(Peer-ID). Also, the new --tls-crypt feature can be used to increase users' \ 
connection privacy.

Compared to OpenVPN 2.4.1 there are several bugfixes and small enhancements. A \ 
summary of the changes is available in Changes.rst.
   2017-05-22 08:25:19 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Version 2.3.16:
* fix redirect-gateway behaviour when an IPv4 default route does not exist
* Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
* Check for errors in the return value of GetModuleFileNameW()
* Fix gateway detection with OpenBSD routing domains
   2017-05-19 20:11:04 by S.P.Zeidler | Files touched by this commit (8) | Package updated
Log message:
update openvpn to 2.3.15
fixes DoSses: CVE-2017-7478 CVE-2017-7479
fixes PR pkg/52044

relevant excerpt of ChangeLog:
OpenVPN Change Log
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>

2017.05.11 -- Version 2.3.15
David Sommerseth (5):
      dev-tools: Added script for updating copyright years in files
      Update copyrights
      docs: Further improve --reneg-bytes and SWEET32 information
      git: Merge .gitignore files into a single file
      Make --cipher/--auth none more explicit on the risks

Gert Doering (1):
      Document --proto udp6, tcp6, etc.

Julien Muchembled (1):
      Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset

Steffan Karger (6):
      Add missing includes in error.h
      cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
      Document that OpenVPN 2.3 does not check the CRL signature
      Introduce and use secure_memzero() to erase secrets
      Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
      Don't assert out on receiving too-large control packets (CVE-2017-7478)

2016.12.06 -- Version 2.3.14
Christian Hesse (1):
      update year in copyright message

David Sommerseth (1):
      Document the --auth-token option

Gert Doering (2):
      Repair topology subnet on FreeBSD 11
      Repair topology subnet on OpenBSD

Lev Stipakov (1):
      Drop recursively routed packets

Selva Nair (4):
      Support --block-outside-dns on multiple tunnels
      When parsing '--setenv opt xx ..' make sure a third parameter is present
      Map restart signals from event loop to SIGTERM during exit-notification wait
      Correctly state the default dhcp server address in man page

Steffan Karger (1):
      Clean up format_hex_ex()

2016.11.02 -- Version 2.3.13
Arne Schwabe (2):
      Use AES ciphers in our sample configuration files and add a few modern 2.4 \ 
examples
      Incorporate the Debian typo fixes where appropriate and make show_opt \ 
default message clearer

David Sommerseth (4):
      t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
      t_client.sh: Add support for Kerberos/ksu
      t_client.sh: Improve detection if the OpenVPN process did start during tests
      t_client.sh: Add prepare/cleanup possibilties for each test case

Gert Doering (5):
      Do not abort t_client run if OpenVPN instance does not start.
      Fix t_client runs on OpenSolaris
      make t_client robust against sudoers misconfiguration
      add POSTINIT_CMD_suf to t_client.sh and sample config
      Fix --multihome for IPv6 on 64bit BSD systems.

Ilya Shipitsin (1):
      skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto

Lev Stipakov (2):
      Exclude peer-id from pulled options digest
      Fix compilation in pedantic mode

Samuli Seppänen (1):
      Automatically cache expected IPs for t_client.sh on the first run

Steffan Karger (6):
      Fix unittests for out-of-source builds
      Make gnu89 support explicit
      cleanup: remove code duplication in msg_test()
      Update cipher-related man page text
      Limit --reneg-bytes to 64MB when using small block ciphers
      Add a revoked cert to the sample keys

2016.08.23 -- Version 2.3.12
Arne Schwabe (2):
      Complete push-peer-info documentation and allow IV_PLAT_VER for other \ 
platforms than Windows if the client UI supplies it.
      Move ASSERT so external-key with OpenSSL works again

David Sommerseth (3):
      Only build and run cmocka unit tests if its submodule is initialized
      Another fix related to unit test framework
      Remove NOP function and callers

Dorian Harmans (1):
      Add CHACHA20-POLY1305 ciphersuite IANA name translations.

Ivo Manca (1):
      Plug memory leak in mbedTLS backend

Jeffrey Cutter (1):
      Update contrib/pull-resolv-conf/client.up for no DOMAIN

Jens Neuhalfen (2):
      Add unit testing support via cmocka
      Add a test for auth-pam searchandreplace

Josh Cepek (1):
      Push an IPv6 CIDR mask used by the server, not the pool's size

Leon Klingele (1):
      Add link to bug tracker

Samuli Seppänen (2):
      Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
      Clarify the fact that build instructions in README are for release tarballs

Selva Nair (4):
      Make error non-fatal while deleting address using netsh
      Make block-outside-dns work with persist-tun
      Ignore SIGUSR1/SIGHUP during exit notification
      Promptly close the netcmd_semaphore handle after use

Steffan Karger (4):
      Fix polarssl / mbedtls builds
      Don't limit max incoming message size based on c2->frame
      Fix '--cipher none --cipher' crash
      Discourage using 64-bit block ciphers
   2016-07-08 10:50:55 by Jonathan Perkin | Files touched by this commit (2) | Package updated
Log message:
Update openvpn distfile.  Bump PKGREVISION.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-01-18 17:01:37 by Sebastian Wiedenroth | Files touched by this commit (1)
Log message:
bulk build wants openssl