Navigation:
Browse pkgsrc
(this page) 2022-11-23 09:02:58 by Adam Ciarcinski | Files touched by this commit (6) |  |
Log message:
openvpn: updated to 2.5.8
Overview of changes in 2.5.8
New features
allow running a default configuration with TLS libraries without BF-CBC (even if \
TLS cipher negotiation would not actually use BF-CBC, the long-term \
compatibility "default cipher BF-CBC" would trigger an error on such \
TLS libraries)
User-visible Changes
add git branch name + commit ID to OpenVPN version string on MSVC builds (windows)
Testing Enhancements
t_client.sh: if fping is found and fping6 is not, assume we have fping 4.0 and \
up, and call "fping -6" for IPv6 ping tests
t_client.sh: allow to force FAIL on prerequisite fails, so a CI environment will \
no longer "silently skip" t_client runs if fping (etc) can not be \
found, but will error out
Bugfixes
``--auth-nocache'' was not always correctly clearing username+password after a \
renegotiation
ensure that auth-token received from server is cleared if requested by the \
management interface ("forget password" or automatically via \
``--management-forget-disconnect'')
in a setup without username+password, but with auth-token and \
auth-token-username pushed by the server, OpenVPN would start asking for \
username+password on token expiry. Fix.
using --auth-token together with --management-client-auth (on the server) would \
lead to TLS keys getting out of sync and client being disconnected. Fix.
management interface would sometimes get stuck if client and server try to write \
something simultaneously. Fix by allowing a limited level of recursion in \
virtual_output_callback()
fix management interface not returning ERROR:/SUCCESS: response on "signal \
SIGxxx" commands when in HOLD state
tls-crypt-v2: abort connection if client-key is too short
make man page agree with actual code on replay-window backtrag log message
remove useless empty line from CR_RESPONSE message
|
| 2022-10-26 12:32:08 by Thomas Klausner | Files touched by this commit (687) |
Log message: *: bump PKGREVISION for libunistring shlib major bump |
| 2022-08-11 08:41:58 by Thomas Klausner | Files touched by this commit (13) |
Log message: *: recursive PKGREVISION bump for mbedtls shlib major increases |
| 2022-05-31 20:03:41 by Greg Troxel | Files touched by this commit (4) |
Log message: openvpn*: Update to 2.5.7 Upstream changes: bugfixes |
| 2022-03-17 08:50:18 by Adam Ciarcinski | Files touched by this commit (6) | |
Log message:
openvpn: updated to 2.5.6
OpenVPN 2.5.6.
This is mostly a bugfix release including one security fix ("Disallow \
multiple deferred authentication plug-ins.", CVE: 2022-0547).
|
| 2021-12-15 21:11:51 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message:
openvpn: updated to 2.5.5
Overview of changes in 2.5.5
============================
User-visible Changes
--------------------
- SWEET32/64bit cipher deprecation change was postponed to 2.7
- Windows: use network address for emulated DHCP server as default
this enables use of a /30 subnet, which is needed when connecting
to OpenVPN Cloud.
- require EC support in windows builds
(this means it's no longer possible to build a Windows OpenVPN binary
with an OpenSSL lib without EC support)
New features
------------
- Windows build: use CFG and Spectre mitigations on MSVC builds
- bring back OpenSSL config loading to Windows builds.
OpenSSL config is loaded from %installdir%\SSL\openssl.cfg
(typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists.
This is important for some hardware tokens which need special
OpenSSL config for correct operation.
Bugfixes
--------
- Windows build: enable EKM
- Windows build: improve various vcpkg related build issues
- Windows build: fix regression related to non-writeable status files
- Windows build: fix regression that broke OpenSSL EC support
- Windows build: fix "product version" display (2.5..4 -> 2.5.4)
- Windows build: fix regression preventing use of PKCS12 files
- improve "make check" to notice if "openvpn --show-cipher" \
crashes
- improve argv unit tests
- ensure unit tests work with mbedTLS builds without BF-CBC ciphers
- include "--push-remove" in the output of "openvpn --help"
- fix error in iptables syntax in example firewall.sh script
- fix "resolvconf -p" invocation in example "up" script
- fix "common_name" environment for script calls when
"--username-as-common-name" is in effect
Documentation
-------------
- move "push-peer-info" documentation from "server options" \
to "client"
(where it belongs)
- correct "foreign_option_{n}" typo in manpage
- update IRC information in CONTRIBUTING.rst (libera.chat)
- README.down-root: fix plugin module name
|
| 2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063) |
Log message: revbump for icu and libffi |
| 2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message: net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch |
| 2021-10-08 19:58:05 by Leonardo Taccari | Files touched by this commit (1) |
Log message: openvpn: Avoid to accidentally build HTML man pages rst2html.py and rst2man.py are accidentally recognized if installed and used leading to generation of HTML man pages and PLIST mismatch. |
| 2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message: net: Remove SHA1 hashes for distfiles |
New packages: