./net/openvpn-nagios, OpenVPN certificate checks for Nagios

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 20130210, Package name: openvpn-nagios-20130210, Maintainer: manu

This OpenVPN plugin check certificate expiration for Nagios


Required to run:
[net/openvpn] [security/openssl]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 8a0fd4e3eba27584aa53c5589c13d4b38af43ba2
RMD160: 2a47893ec2db2c280adc7b9fbbea97794ec1a6f4
Filesize: 2.963 KB

Version history: (Expand)


CVS history: (Expand)


   2021-04-22 15:53:16 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
openvpn: updated to 2.5.2

The OpenVPN community project team is proud to release OpenVPN 2.5.2. It fixes \ 
two related security vulnerabilities (CVE-2020-15078) which under very specific \ 
circumstances allow tricking a server using delayed authentication (plugin or \ 
management) into returning a PUSH_REPLY before the AUTH_FAILED message, which \ 
can possibly be used to gather information about a VPN setup. In combination \ 
with “–auth-gen-token” or a user-specific token auth solution it can be \ 
possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 \ 
also includes other bug fixes and improvements. Updated OpenSSL and OpenVPN GUI \ 
are included in Windows installers.
   2021-02-24 20:13:51 by Adam Ciarcinski | Files touched by this commit (7) | Package updated
Log message:
openvpn: updated to 2.5.1

Version 2.5.1
* Fix auth-token not being updated if auth-nocache is set
* Remove auth_user_pass.wait_for_push variable
* Fix port-share option with TLS-Crypt v2
* Zero initialise msghdr prior to calling sendmesg
* Fix tls-auth mismatch OCC message when tls-cryptv2 is used.
* build: Fix missing install of man page in certain environments
* Fix too early argv freeing when registering DNS
* Remove 1 second delay before running netsh
* Skip DHCP renew with Wintun adapter
* Change travis build scripts to use https when fetching prerequisites.
* Fix line number reporting on config file errors after <inline> segments
* Clarify --block-ipv6 intent and direction.
* Document common uses of 'echo' directive, re-enable logging for 'echo'.
* Make OPENVPN_PLUGIN_ENABLE_PF failures FATAL
* clean up / rewrite sample-plugins/defer/simple.c
* Fix naming error in sample-plugins/defer/simple.c
* Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in
* Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c
* More explicit versioning compatibility in sample-plugins/defer/simple.c
* Explain structver usage in sample defer plugin.
* Man page sections corrections
* Quote the domain name argument passed to the wmic command
* tls-crypt-v2: fix server memory leak
* tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key)
   2020-11-29 03:24:20 by Makoto Fujiwara | Files touched by this commit (1)
Log message:
(net/openvpn-nagios) regend distinfo
   2020-04-17 22:14:22 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
openvpn: updated to 2.4.9

OpenVPN 2.4.9
* socks: use the right function when printing struct openvpn_sockaddr
* Fetch OpenSSL versions via source/old links
* Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
* Fix OpenSSL 1.1.1 not using auto elliptic curve selection
* Fix broken fragmentation logic when using NCP
* Fix building with --enable-async-push in FreeBSD
* Fix broken async push with NCP is used
* Fix illegal client float (CVE-2020-11810)
* OpenSSL: Fix --crl-verify not loading multiple CRLs in one file
* Fix OpenSSL private key passphrase notices
* Swap the order of checks for validating interactive service user
* Move querying username/password from management interface to a function
* When auth-user-pass file has no password query the management interface (if \ 
available).
* Fix possibly uninitialized return value in GetOpenvpnSettings()
* Fix possible access of uninitialized pipe handles
* Skip expired certificates in Windows certificate store
* Allow unicode search string in --cryptoapicert option
* mbedTLS: Make sure TLS session survives move
* docs: Add reference to X509_LOOKUP_hash_dir(3)
   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-11-04 13:52:14 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
openvpn: updated to 2.4.8

Version 2.4.8

This is primarily a maintenance release with minor bugfixes and improvements.

New features
Support compiling with OpenSSL 1.1 without deprecated APIs
handle PSS padding in cryptoapicert (necessary for TLS >= 1.2)

User visible changes
do not abort when hitting the combination of "--pull-filter" and \ 
"--mode server" (this got hit when starting OpenVPN servers using the \ 
windows GUI which installs a pull-filter to force ip-win32)
increase listen() backlog queue to 32 (improve response behaviour on openvpn \ 
servers using TCP that get portscanned)
fix and enhance documentation (INSTALL, man page, ...)

Bug fixes
the combination "IPv6 and proto UDP and SOCKS proxy" did not work - as \ 
a workaround, force IPv4 in this case until a full implementation for \ 
IPv6-UDP-SOCKS can be made.
fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
fix building with LibreSSL
do not set pkcs11-helper 'safe fork mode' (should fix PIN querying in systemd \ 
environments)
repair windows builds
repair Darwin builds (remove -no-cpp-precomp flag)
   2019-02-21 17:22:54 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
openvpn: updated to 2.4.7

OpenVPN 2.4.7
- Fix subnet topology on NetBSD (2.4).
- add support for %lu in argv_printf and prevent ASSERT
- buffer_list: add functions documentation
- ifconfig-ipv6(-push): allow using hostnames
- Properly free tuntap struct on android when emulating persist-tun
- Add OpenSSL compat definition for RSA_meth_set_sign
- Add support for tls-ciphersuites for TLS 1.3
- Add better support for showing TLS 1.3 ciphersuites in --show-tls
- Use right function to set TLS1.3 restrictions in show-tls
- Add message explaining early TLS client hello failure
- Fallback to password authentication when auth-token fails
- systemd: extend CapabilityBoundingSet for auth_pam
- plugin: Export base64 encode and decode functions
- Add %d, %u and %lu tests to test_argv unit tests.
- Fix combination of --dev tap and --topology subnet across multiple platforms.
- Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
- preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
- Minor reliability layer documentation fixes
- Resolves small IV_GUI_VER typo in the documentation.
- Clarify and expand management interface documentation
- Refactor NCP-negotiable options handling
- init.c: refine functions names and description
- interactive.c: fix usage of potentially uninitialized variable
- options.c: fix broken unary minus usage
- Remove extra token after #endif
- Fix error message when using RHEL init script
- man: correct a --redirection-gateway option flag
- Replace M_DEBUG with D_LOW as the former is too verbose
- Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
- Bump version of openvpn plugin argument structs to 5
- Move get system directory to a separate function
- Enable dhcp on tap adapter using interactive service
- Pass the hash without the DigestInfo header to NCryptSignHash()
- White-list pull-filter and script-security in interactive service
- Add Interactive Service developer documentation
- Detect TAP interfaces with root-enumerated hardware ID
- man: add security considerations to --compress section
- mbedtls: print warning if random personalisation fails
- Fix memory leak after sighup
- travis: add OpenSSL 1.1 Windows build
- Fix --disable-crypto build
- Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
- buffer_list_aggregate_separator(): simplify code