The NetBSD Project

CVS log for pkgsrc/net/openvpn-acct-wtmpx/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / openvpn-acct-wtmpx

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.45: download - view: text, markup, annotated - select for diffs
Thu Jul 18 13:00:07 2024 UTC (4 months, 3 weeks ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, HEAD
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +4 -4 lines
openvpn: updated to 2.6.12

v2.6.12

Bug fixes:

the fix for CVE-2024-5594 (refuse control channel messages with
nonprintable characters) was too strict, breaking user configurations
with AUTH_FAIL messages having trailing CR/NL characters. This often
happens if the AUTH_FAIL reason is set by a script. Strip those before
testing the command buffer. Also, add unit test.
Http-proxy: fix bug preventing proxy credentials caching.

Revision 1.44: download - view: text, markup, annotated - select for diffs
Fri Jun 21 03:36:33 2024 UTC (5 months, 3 weeks ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2024Q2-base, pkgsrc-2024Q2
Diff to: previous 1.43: preferred, colored
Changes since revision 1.43: +4 -4 lines
openvpn: updated to 2.6.11

v2.6.11

Security fixes:

CVE-2024-4877: Windows: harden interactive service pipe.
Security scope: a malicious process with "some" elevated privileges
(SeImpersonatePrivilege) could open the pipe a second time, tricking
openvn GUI into providing user credentials (tokens), getting full
access to the account openvpn-gui.exe runs as.
(Zeze with TeamT5)
CVE-2024-5594: control channel: refuse control channel messages with
nonprintable characters in them. Security scope: a malicious openvpn
peer can send garbage to openvpn log, or cause high CPU load.
(Reynir Björnsson)
CVE-2024-28882: only call schedule_exit() once (on a given peer).
Security scope: an authenticated client can make the server "keep the
session" even when the server has been told to disconnect this client
(Reynir Björnsson)

New features:

Windows Crypto-API: Implement Windows CA template match for searching
certificates in windows crypto store.
Support pre-created DCO interface on FreeBSD (OpenVPN would fail to
set ifmode p2p/subnet otherwise)

Bug fixes:

Fix connect timeout when using SOCKS proxies
Work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers
Add bracket in fingerprint message and do not warn about missing
verification

Documentation:

Remove "experimental" denotation for --fast-io
Correctly document ifconfig_* variables passed to scripts
Documentation: make section levels consistent
Samples: Update sample configurations (remove compression & old cipher settings, add more informative comments)

Revision 1.43: download - view: text, markup, annotated - select for diffs
Wed Mar 20 19:24:02 2024 UTC (8 months, 3 weeks ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2024Q1-base, pkgsrc-2024Q1
Diff to: previous 1.42: preferred, colored
Changes since revision 1.42: +4 -4 lines
openvpn: updated to 2.6.10

Version 2.6.10

Christoph Schug (1):
      Update documentation references in systemd unit files

Frank Lichtenheld (6):
      Fix typo --data-cipher-fallback
      samples: Remove tls-*.conf
      check_compression_settings_valid: Do not test for LZ4 in LZO check
      t_client.sh: Allow to skip tests
      Update Copyright statements to 2024
      GHA: general update March 2024

Lev Stipakov (4):
      win32: Enforce loading of plugins from a trusted directory
      interactive.c: disable remote access to the service pipe
      interactive.c: Fix potential stack overflow issue
      Disable DCO if proxy is set via management

Martin Rys (1):
      openvpn-[client|server].service: Remove syslog.target

Max Fillinger (1):
      Remove license warning from README.mbedtls

Selva Nair (1):
      Document that auth-user-pass may be inlined

wellweek (1):
      remove repetitive words in documentation and comments

Revision 1.42: download - view: text, markup, annotated - select for diffs
Sun Feb 18 14:01:05 2024 UTC (9 months, 3 weeks ago) by adam
Branches: MAIN
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +4 -4 lines
regen distinfo

Revision 1.41: download - view: text, markup, annotated - select for diffs
Sat Nov 18 12:51:19 2023 UTC (12 months, 3 weeks ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +4 -4 lines
net/openvpn: Update to 2.6.8

upstream NEWS: bugfixes

Revision 1.40: download - view: text, markup, annotated - select for diffs
Fri Nov 10 00:17:47 2023 UTC (13 months ago) by gdt
Branches: MAIN
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +4 -4 lines
net/openvpn: Update to 2.6.7

Upstream NEWS:

Security Fixes:

* CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after
 it has been free()d in some circumstances, causing some free()d memory to be sent to the peer.
 All configurations using TLS (e.g. not using --secret) are affected by this issue.
 (found while tracking down CVE-2023-46849 / Github #400, #417)
* CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration
 in some circumstances, leading to a division by zero when --fragment is used. On platforms where
 division by zero is fatal, this will cause an OpenVPN crash.(Github #400, #417).

User visible changes:

* DCO: warn if DATA_V1 packets are sent by the other side - this a hard incompatibility between
 a 2.6.x client connecting to a 2.4.0-2.4.4 server, and the only fix is to use --disable-dco.
* Remove OpenSSL Engine method for loading a key. This had to be removed because the original author
 did not agree to relicensing the code with the new linking exception added. This was a somewhat
 obsolete feature anyway as it only worked with OpenSSL 1.x, which is end-of-support.
* add warning if p2p NCP client connects to a p2mp server - this is a combination that used to work
 without cipher negotiation (pre 2.6 on both ends), but would fail in non-obvious ways with 2.6 to 2.6.
* add warning to --show-groups that not all supported groups are listed (this is
 due the internal enumeration in OpenSSL being a bit weird, omitting X448 and X25519 curves).
* --dns: remove support for exclude-domains argument (this was a new 2.6 option,
 with no backend support implemented yet on any platform, and it turns out that
 no platform supported it at all - so remove option again)
* warn user if INFO control message too long, do not forward to management client
 (safeguard against protocol-violating server implementations)

New features:

* DCO-WIN: get and log driver version (for easier debugging).
* print "peer temporary key details" in TLS handshake
* log OpenSSL errors on failure to set certificate, for example if the algorithms used
 are in acceptable to OpenSSL (misleading message would be printed in cryptoapi / pkcs11 scenarios)
* add CMake build system for MinGW and MSVC builds
* remove old MSVC build system
* improve cmocka unit test building for Windows

Revision 1.39: download - view: text, markup, annotated - select for diffs
Sat Aug 26 14:23:09 2023 UTC (15 months, 2 weeks ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +4 -4 lines
net/openvpn-*: revbump and regen distinfo for openvpn update

Revision 1.38: download - view: text, markup, annotated - select for diffs
Sat Jun 17 09:59:40 2023 UTC (17 months, 4 weeks ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +4 -4 lines
net/openvpn-acct-wtmpx: revbump/distinfo for openvpn update

Revision 1.37: download - view: text, markup, annotated - select for diffs
Wed May 17 17:00:39 2023 UTC (18 months, 4 weeks ago) by adam
Branches: MAIN
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +4 -4 lines
openvpn: updated to 2.6.4

Overview of changes in 2.6.4

User visible changes

License amendment: all NEW commits fall under a modified license that explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) - see COPYING for details. Existing code will fall under the new license as soon as all contributors have agreed to the change - work ongoing.

New features

DCO: support kernel-triggered key rotation (avoid IV reuse after 2^32 packets). This is the userland side, accepting a message from kernel, and initiating a TLS renegotiation. As of release, only implemented in FreeBSD kernel.

Bug fixes

fix pkcs#11 usage with OpenSSL 3.x and PSS signing
fix compile error on TARGET_ANDROID
fix typo in help text
manpage updates (--topology)
encoding of non-ASCII windows error messages in log + management fixed (use UTF8 "as for everything else", not ANSI codepages)

Revision 1.36: download - view: text, markup, annotated - select for diffs
Tue Apr 25 07:02:27 2023 UTC (19 months, 2 weeks ago) by adam
Branches: MAIN
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +4 -4 lines
openvpn: updated to 2.6.3

Version 2.6.3

GHA: remove Ubuntu 18.04 builds
vcpkg: request "tools" feature of openssl for MSVC build
doc: run rst2* with --strict to catch warnings
Support of DNS domain for DHCP-less drivers
Bug-fix: segfault in dco_get_peer_stats()

Revision 1.35: download - view: text, markup, annotated - select for diffs
Wed Mar 29 10:43:54 2023 UTC (20 months, 2 weeks ago) by adam
Branches: MAIN
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +4 -4 lines
openvpn: updated to 2.6.2

Overview of changes in 2.6.2

New features

implement byte counter statistics for DCO Linux (p2mp server and client)
implement byte counter statistics for DCO Windows (client only)
'--dns server <n> address ...' now permits up to 8 v4 or v6 addresses
fix a few cases of possibly undefined behaviour detected by ASAN
add more unit tests for Windows cryptoapi interface

Bug fixes

sending of AUTH_PENDING and INFO_PRE messages fixed
Windows: do not treat "setting IPv6 interface metric failed" as fatal error on "block-dns" install - this can happen if IPv6 is disabled on the interface and is not harmful in itself
fix '--inactive' if DCO is in use NOTE: on FreeBSD, this is not working yet (missing per-peer stats)
DCO-Linux: do not print errno on netlink errors (errno is not set by NL)
SOCKS client: improve error reporting on server disconnects
DCO-Linux: fix lockups due to netlink buffer overflows on high client connect/disconnect activity. See "User visible changes" for more details of this.
fix some uses of the OpenSSL3 API for non-default providers (enable use of quantum-crypto OpenSSL provider)
fix memory leak of approx. 1600 bytes per incoming initial TLS packet
fix bug when using ECDSA signatures with OpenSSL 3.0.x and pkcs11-helper (data format conversion was not done properly)
fix 'make distcheck' - unexpected side effect of 'subdir-objects'
fix ASSERT() with dynamic tls-crypt and --tls-crypt-v2

User visible changes

print (kernel) DCO version on startup - helpful for getting a more complete picture of the environment in use.
New control packets flow for data channel offloading on Linux. 2.6.2+ changes the way OpenVPN control packets are handled on Linux when DCO is active, fixing the lockups observed with 2.6.0/2.6.1 under high client connect/disconnect activity. This is an INCOMPATIBLE change and therefore an ovpn-dco kernel module older than v0.2.20230323 (commit ID 726fdfe0fa21) will not work anymore and must be upgraded. The kernel module was renamed to "ovpn-dco-v2.ko" in order to highlight this change and ensure that users and userspace software could easily understand which version is loaded. Attempting to use the old ovpn-dco with 2.6.2+ will lead to disabling DCO at runtime.
The client-pending-auth management command now requires also the key id. The management version has been changed to 5 to indicate this change.
A client will now refuse a connection if pushed compression settings will contradict the setting of allow-compression as this almost always results in a non-working connection.

Revision 1.34: download - view: text, markup, annotated - select for diffs
Tue Mar 14 06:31:38 2023 UTC (21 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +4 -4 lines
openvpn: updated to 2.6.1

Overview of changes in 2.6.1

New features

Dynamic TLS Crypt When both peers are OpenVPN 2.6.1+, OpenVPN will dynamically create a tls-crypt key that is used for renegotiation. This ensure that only the previously authenticated peer can do trigger renegotiation and complete renegotiations.
CryptoAPI (Windows): support issuer name as a selector. Certificate selection string can now specify a partial issuer name string as "--cryptoapicert ISSUER:<string>" where <string> is matched as a substring of the issuer (CA) name in the certificate.

User visible changes

on crypto initialization, move old "quite verbose" messages to --verb 4 and only print a more compact summary about crypto and timing parameters by default
configure now enables DCO build by default on FreeBSD and Linux, which brings in a default dependency for libnl-genl (for Linux distributions that are too old to have this library, use "configure --disable-dco")
make "configure --help" output more consistent
CryptoAPI (Windows): remove support code for OpenSSL before 3.0.1 (this will not affect official OpenVPN for Windows installers, as they will always be built with OpenSSL 3.0.x)
CryptoAPI (Windows): log the selected certificate's name
"configure" now uses "subdir-objects", for automake >= 1.16 (less warnings for recent-enough automake versions, will change the way .o files are created)

Bugfixes / minor improvements

fixed old IPv6 ifconfig race condition for FreeBSD 12.4
fix compile-time breakage related to DCO defines on FreeBSD 14
enforce minimum packet size for "--fragment" (avoid division by zero)
some alignment fixes to avoid unaligned memory accesses, which will bring problems on some architectures (Sparc64, some ARM versions) - found by USAN clang checker
windows source code fixes to reduce number of compile time warnings (eventual goal is to be able to compile with -Werror on MinGW), mostly related to signed/unsigned char * conversions, printf() format specifiers and unused variables.
avoid endless loop on logging with --management + --verb 6+
build (but not run) unit tests on MinGW cross compiles, and run them when building with GitHub Actions.
add unit test for parts of cryptoapi.c
add debug logging to help with diagnosing windows driver selection
disable DCO if proxy config is set via management interface
do not crash on Android if run without --management
improve documentation about cipher negotiation and OpenVPN3
for x86 windows builds, use proper calling conventions for dco-win (__stdcall)
differentiate "dhcp-option ..." options into "needs an interface with true DHCP service" (tap-windows) and "can also be installed by IPAPI or service, and can be used on non-DHCP interfaces" (wintun, dco-win)
windows interactive service: fix possible double-free if "--block-dns" installation fails due to "security products" interfering
"make dist": package ovpn_dco_freebsd.h to permit building from tarballs on FreeBSD 14

Revision 1.33: download - view: text, markup, annotated - select for diffs
Wed Nov 23 08:02:57 2022 UTC (2 years ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +4 -4 lines
openvpn: updated to 2.5.8

Overview of changes in 2.5.8

New features

allow running a default configuration with TLS libraries without BF-CBC (even if TLS cipher negotiation would not actually use BF-CBC, the long-term compatibility "default cipher BF-CBC" would trigger an error on such TLS libraries)

User-visible Changes

add git branch name + commit ID to OpenVPN version string on MSVC builds (windows)

Testing Enhancements

t_client.sh: if fping is found and fping6 is not, assume we have fping 4.0 and up, and call "fping -6" for IPv6 ping tests
t_client.sh: allow to force FAIL on prerequisite fails, so a CI environment will no longer "silently skip" t_client runs if fping (etc) can not be found, but will error out

Bugfixes

``--auth-nocache'' was not always correctly clearing username+password after a renegotiation
ensure that auth-token received from server is cleared if requested by the management interface ("forget password" or automatically via ``--management-forget-disconnect'')
in a setup without username+password, but with auth-token and auth-token-username pushed by the server, OpenVPN would start asking for username+password on token expiry. Fix.
using --auth-token together with --management-client-auth (on the server) would lead to TLS keys getting out of sync and client being disconnected. Fix.
management interface would sometimes get stuck if client and server try to write something simultaneously. Fix by allowing a limited level of recursion in virtual_output_callback()
fix management interface not returning ERROR:/SUCCESS: response on "signal SIGxxx" commands when in HOLD state
tls-crypt-v2: abort connection if client-key is too short
make man page agree with actual code on replay-window backtrag log message
remove useless empty line from CR_RESPONSE message

Revision 1.32: download - view: text, markup, annotated - select for diffs
Tue May 31 18:03:41 2022 UTC (2 years, 6 months ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +4 -4 lines
openvpn*: Update to 2.5.7

Upstream changes: bugfixes

Revision 1.31: download - view: text, markup, annotated - select for diffs
Thu Mar 17 07:50:17 2022 UTC (2 years, 8 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +4 -4 lines
openvpn: updated to 2.5.6

OpenVPN 2.5.6.
This is mostly a bugfix release including one security fix ("Disallow multiple deferred authentication plug-ins.", CVE: 2022-0547).

Revision 1.30: download - view: text, markup, annotated - select for diffs
Wed Dec 15 20:11:51 2021 UTC (2 years, 11 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +4 -4 lines
openvpn: updated to 2.5.5

Overview of changes in 2.5.5
============================

User-visible Changes
--------------------
- SWEET32/64bit cipher deprecation change was postponed to 2.7

- Windows: use network address for emulated DHCP server as default
  this enables use of a /30 subnet, which is needed when connecting
  to OpenVPN Cloud.

- require EC support in windows builds
  (this means it's no longer possible to build a Windows OpenVPN binary
  with an OpenSSL lib without EC support)

New features
------------
- Windows build: use CFG and Spectre mitigations on MSVC builds

- bring back OpenSSL config loading to Windows builds.
  OpenSSL config is loaded from %installdir%\SSL\openssl.cfg
  (typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists.

  This is important for some hardware tokens which need special
  OpenSSL config for correct operation.

Bugfixes
--------
- Windows build: enable EKM

- Windows build: improve various vcpkg related build issues

- Windows build: fix regression related to non-writeable status files

- Windows build: fix regression that broke OpenSSL EC support

- Windows build: fix "product version" display (2.5..4 -> 2.5.4)

- Windows build: fix regression preventing use of PKCS12 files

- improve "make check" to notice if "openvpn --show-cipher" crashes

- improve argv unit tests

- ensure unit tests work with mbedTLS builds without BF-CBC ciphers

- include "--push-remove" in the output of "openvpn --help"

- fix error in iptables syntax in example firewall.sh script

- fix "resolvconf -p" invocation in example "up" script

- fix "common_name" environment for script calls when
  "--username-as-common-name" is in effect

Documentation
-------------
- move "push-peer-info" documentation from "server options" to "client"
  (where it belongs)

- correct "foreign_option_{n}" typo in manpage

- update IRC information in CONTRIBUTING.rst (libera.chat)

- README.down-root: fix plugin module name

Revision 1.29: download - view: text, markup, annotated - select for diffs
Tue Oct 26 11:06:13 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +3 -3 lines

net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch

Revision 1.28: download - view: text, markup, annotated - select for diffs
Thu Oct 7 14:42:03 2021 UTC (3 years, 2 months ago) by nia
Branches: MAIN
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +1 -3 lines
net: Remove SHA1 hashes for distfiles

Revision 1.27: download - view: text, markup, annotated - select for diffs
Tue Oct 5 19:25:42 2021 UTC (3 years, 2 months ago) by adam
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +5 -5 lines
openvpn: updated to 2.5.4

Overview of changes in 2.5.4
============================
Bugfixes
--------
- fix prompting for password on windows console if stderr redirection
  is in use - this breaks 2.5.x on Win11/ARM, and might also break
  on Win11/adm64 when released.

- fix setting MAC address on TAP adapters (--lladdr) to use sitnl
  (was overlooked, and still used "ifconfig" calls)

- various improvements for man page building (rst2man/rst2html etc)

- minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
  at least one platform strictly checking this)

- fix minor memory leak under certain conditions in add_route() and
  add_route_ipv6()

User-visible Changes
--------------------
- documentation improvements

- copyright updates where needed

- better error reporting when win32 console access fails

New features
------------
- also build man page on Windows builds

Revision 1.26: download - view: text, markup, annotated - select for diffs
Tue Jul 27 07:35:05 2021 UTC (3 years, 4 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +5 -5 lines
openvpn: updated to 2.5.3

Version 2.5.3
* Add missing free_key_ctx for auth_token
* Add github actions
* Implement auth-token-user
* Update copyrights
* openvpnmsica: properly schedule reboot in the end of installation
* msvc: add ARM64 configuration
* msvc: standalone building
* contrib/vcpkg-ports: add pkcs11-helper port
* vcpkg-ports: restore trailing whitespaces in .patch files
* GitHub actions: add MSVC build
* crypto_openssl.c: disable explicit initialization on Windows (CVE-2121-3606)
* contrib/vcpkg-ports: add openssl port with --no-autoload-config option set (CVE-2121-3606)
* Fix SIGSEGV (NULL deref) receiving push "echo"
* Fix build with mbedtls w/o SSL renegotiation support
* Improve documentation of AUTH_PENDING related directives
* Apply the connect-retry backoff to only one side of a connection

Revision 1.25: download - view: text, markup, annotated - select for diffs
Thu Apr 22 13:53:16 2021 UTC (3 years, 7 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +5 -5 lines
openvpn: updated to 2.5.2

The OpenVPN community project team is proud to release OpenVPN 2.5.2. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with “–auth-gen-token” or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Updated OpenSSL and OpenVPN GUI are included in Windows installers.

Revision 1.24: download - view: text, markup, annotated - select for diffs
Wed Feb 24 19:13:50 2021 UTC (3 years, 9 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +5 -5 lines
openvpn: updated to 2.5.1

Version 2.5.1
* Fix auth-token not being updated if auth-nocache is set
* Remove auth_user_pass.wait_for_push variable
* Fix port-share option with TLS-Crypt v2
* Zero initialise msghdr prior to calling sendmesg
* Fix tls-auth mismatch OCC message when tls-cryptv2 is used.
* build: Fix missing install of man page in certain environments
* Fix too early argv freeing when registering DNS
* Remove 1 second delay before running netsh
* Skip DHCP renew with Wintun adapter
* Change travis build scripts to use https when fetching prerequisites.
* Fix line number reporting on config file errors after <inline> segments
* Clarify --block-ipv6 intent and direction.
* Document common uses of 'echo' directive, re-enable logging for 'echo'.
* Make OPENVPN_PLUGIN_ENABLE_PF failures FATAL
* clean up / rewrite sample-plugins/defer/simple.c
* Fix naming error in sample-plugins/defer/simple.c
* Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in
* Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c
* More explicit versioning compatibility in sample-plugins/defer/simple.c
* Explain structver usage in sample defer plugin.
* Man page sections corrections
* Quote the domain name argument passed to the wmic command
* tls-crypt-v2: fix server memory leak
* tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key)

Revision 1.23: download - view: text, markup, annotated - select for diffs
Sun Nov 29 02:22:58 2020 UTC (4 years ago) by mef
Branches: MAIN
CVS tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +5 -5 lines
(net/openvpn-acct-wtmpx) regend distinfo

Revision 1.22: download - view: text, markup, annotated - select for diffs
Fri Apr 17 20:14:22 2020 UTC (4 years, 7 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +5 -5 lines
openvpn: updated to 2.4.9

OpenVPN 2.4.9
* socks: use the right function when printing struct openvpn_sockaddr
* Fetch OpenSSL versions via source/old links
* Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
* Fix OpenSSL 1.1.1 not using auto elliptic curve selection
* Fix broken fragmentation logic when using NCP
* Fix building with --enable-async-push in FreeBSD
* Fix broken async push with NCP is used
* Fix illegal client float (CVE-2020-11810)
* OpenSSL: Fix --crl-verify not loading multiple CRLs in one file
* Fix OpenSSL private key passphrase notices
* Swap the order of checks for validating interactive service user
* Move querying username/password from management interface to a function
* When auth-user-pass file has no password query the management interface (if available).
* Fix possibly uninitialized return value in GetOpenvpnSettings()
* Fix possible access of uninitialized pipe handles
* Skip expired certificates in Windows certificate store
* Allow unicode search string in --cryptoapicert option
* mbedTLS: Make sure TLS session survives move
* docs: Add reference to X509_LOOKUP_hash_dir(3)

Revision 1.21: download - view: text, markup, annotated - select for diffs
Mon Nov 4 12:52:13 2019 UTC (5 years, 1 month ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +5 -5 lines
openvpn: updated to 2.4.8

Version 2.4.8

This is primarily a maintenance release with minor bugfixes and improvements.

New features
Support compiling with OpenSSL 1.1 without deprecated APIs
handle PSS padding in cryptoapicert (necessary for TLS >= 1.2)

User visible changes
do not abort when hitting the combination of "--pull-filter" and "--mode server" (this got hit when starting OpenVPN servers using the windows GUI which installs a pull-filter to force ip-win32)
increase listen() backlog queue to 32 (improve response behaviour on openvpn servers using TCP that get portscanned)
fix and enhance documentation (INSTALL, man page, ...)

Bug fixes
the combination "IPv6 and proto UDP and SOCKS proxy" did not work - as a workaround, force IPv4 in this case until a full implementation for IPv6-UDP-SOCKS can be made.
fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
fix building with LibreSSL
do not set pkcs11-helper 'safe fork mode' (should fix PIN querying in systemd environments)
repair windows builds
repair Darwin builds (remove -no-cpp-precomp flag)

Revision 1.20: download - view: text, markup, annotated - select for diffs
Thu Feb 21 16:22:54 2019 UTC (5 years, 9 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +5 -5 lines
openvpn: updated to 2.4.7

OpenVPN 2.4.7
- Fix subnet topology on NetBSD (2.4).
- add support for %lu in argv_printf and prevent ASSERT
- buffer_list: add functions documentation
- ifconfig-ipv6(-push): allow using hostnames
- Properly free tuntap struct on android when emulating persist-tun
- Add OpenSSL compat definition for RSA_meth_set_sign
- Add support for tls-ciphersuites for TLS 1.3
- Add better support for showing TLS 1.3 ciphersuites in --show-tls
- Use right function to set TLS1.3 restrictions in show-tls
- Add message explaining early TLS client hello failure
- Fallback to password authentication when auth-token fails
- systemd: extend CapabilityBoundingSet for auth_pam
- plugin: Export base64 encode and decode functions
- Add %d, %u and %lu tests to test_argv unit tests.
- Fix combination of --dev tap and --topology subnet across multiple platforms.
- Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
- preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
- Minor reliability layer documentation fixes
- Resolves small IV_GUI_VER typo in the documentation.
- Clarify and expand management interface documentation
- Refactor NCP-negotiable options handling
- init.c: refine functions names and description
- interactive.c: fix usage of potentially uninitialized variable
- options.c: fix broken unary minus usage
- Remove extra token after #endif
- Fix error message when using RHEL init script
- man: correct a --redirection-gateway option flag
- Replace M_DEBUG with D_LOW as the former is too verbose
- Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
- Bump version of openvpn plugin argument structs to 5
- Move get system directory to a separate function
- Enable dhcp on tap adapter using interactive service
- Pass the hash without the DigestInfo header to NCryptSignHash()
- White-list pull-filter and script-security in interactive service
- Add Interactive Service developer documentation
- Detect TAP interfaces with root-enumerated hardware ID
- man: add security considerations to --compress section
- mbedtls: print warning if random personalisation fails
- Fix memory leak after sighup
- travis: add OpenSSL 1.1 Windows build
- Fix --disable-crypto build
- Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
- buffer_list_aggregate_separator(): simplify code

Revision 1.19: download - view: text, markup, annotated - select for diffs
Fri Apr 27 06:40:28 2018 UTC (6 years, 7 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +5 -5 lines
openvpn: 2.4.6

OpenVPN 2.4.6
management: Warn if TCP port is used without password

Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
Fix potential double-free() in Interactive Service (CVE-2018-9336)
preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)

manpage: improve description of --status and --status-version

Make return code external tls key match docs

Delete the IPv6 route to the "connected" network on tun close
Management: warn about password only when the option is in use
Avoid overflow in wakeup time computation

Add missing #ifdef SSL_OP_NO_TLSv1_1/2

Check for more data in control channel

Revision 1.18: download - view: text, markup, annotated - select for diffs
Tue Mar 13 18:12:50 2018 UTC (6 years, 9 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +9 -9 lines
openvpn: updated to 2.4.5

OpenVPN 2.4.5:
reload HTTP proxy credentials when moving to the next connection profile
Allow learning iroutes with network made up of all 0s (only if netbits < 8)
mbedtls: fix typ0 in comment
manpage: fix simple typ0
Treat dhcp-option DNS6 and DNS identical
show the right string for key-direction
Fix typo in error message: "optione" -> "option"
lz4: Fix confused version check
lz4: Fix broken builds when pkg-config is not present but system library is
Remove references to keychain-mcd in Changes.rst
lz4: Rebase compat-lz4 against upstream v1.7.5
systemd: Add and ship README.systemd
Update copyright to include 2018 plus company name change
man: Add .TQ groff support macro
man: Reword --management to prefer unix sockets over TCP
OpenSSL: check EVP_PKEY key types before returning the pkey
Remove warning on pushed tun-ipv6 option.
Fix removal of on-link prefix on windows with netsh
travis-ci: add brew cache, remove ccache
travis-ci: modify openssl build script to support openssl-1.1.0
autoconf: Fix engine checks for openssl 1.1
Cast time_t to long long in order to print it.
Fix build with LibreSSL
Check whether in pull_mode before warning about previous connection blocks
Avoid illegal memory access when malformed data is read from the pipe
Fix missing check for return value of malloc'd buffer
Return NULL if GetAdaptersInfo fails
Use RSA_meth_free instead of free
Bring cryptoapi.c upto speed with openssl 1.1
Add SSL_CTX_get_max_proto_version() not in openssl 1.0
TLS v1.2 support for cryptoapicert -- RSA only
Refactor get_interface_metric to return metric and auto flag separately
Ensure strings read from registry are null-terminated
Make most registry values optional
Use lowest metric interface when multiple interfaces match a route
Adapt to RegGetValue brokenness in Windows 7
Fix format spec errors in Windows builds
Local functions are not supported in MSVC. Bummer.
Mixing wide and regular strings in concatenations is not allowed in MSVC.
RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h
Simplify iphlpapi.dll API calls
Fix local #include to use quoted form
Document ">PASSWORD:Auth-Token" real-time message
Fix typo in "verb" command examples
Uniform swprintf() across MinGW and MSVC compilers
MSVC meta files added to .gitignore list
openvpnserv: Add support for multi-instances
Document missing OpenVPN states
make struct key * argument of init_key_ctx const
buffer_list_aggregate_separator(): add unit tests
Add --tls-cert-profile option.
Use P_DATA_V2 for server->client packets too
Fix memory leak in buffer unit tests
buffer_list_aggregate_separator(): update list size after aggregating
buffer_list_aggregate_separator(): don't exceed max_len
buffer_list_aggregate_separator(): prevent 0-byte malloc
Fix types around buffer_list_push(_data)
ssl_openssl: fix compiler warning by removing getbio() wrapper
travis: use clang's -fsanitize=address to catch more bugs
Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
Add support for TLS 1.3 in --tls-version-{min, max}
Plug memory leak if push is interrupted
Fix format errors when cross-compiling for Windows
Log pre-handshake packet drops using D_MULTI_DROPPED
Enable stricter compiler warnings by default
Get rid of ax_check_compile_flag.m4
mbedtls: don't use API deprecated in mbed 2.7
Warn if tls-version-max < tls-version-min
Don't throw fatal errors from create_temp_file()
Fix '--bind ipv6only'

Revision 1.17: download - view: text, markup, annotated - select for diffs
Mon Oct 2 15:54:23 2017 UTC (7 years, 2 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +5 -5 lines
openvpn: update to 2.4.4

Version 2.4.4
=============
This is primarily a maintenance release, with further improved OpenSSL 1.1
integration, several minor bug fixes and other minor improvements.

Bug fixes
---------
- Fix issues when a pushed cipher via the Negotiable Crypto Parameters (NCP) is
  rejected by the remote side

- Ignore ``--keysize`` when NCP have resulted in a changed cipher.

- Configurations using ``--auth-nocache`` and the management interface to provide
  user credentials (like NetworkManager on Linux) on client side with servers
  implementing authentication tokens (for example, using ``--auth-gen-token``)
  will now behave correctly and not query the user for an, to them, unknown
  authentication token on renegotiations of the tunnel.

- Fix bug causing invalid or corrupt SOCKS port number when changing the
  proxy via the management interface.

- The man page should now have proper escaping of hyphens/minus characters
  and have seen some minor corrections.

User-visible Changes
--------------------
- Linux servers with systemd which uses the ``openvpn-server@.service`` unit
  file for server configurations will now utilize the automatic restart feature
  in systemd.  If the OpenVPN server process dies unexpectedly, systemd will
  ensure the OpenVPN configuration will be restarted without any user interaction.

Deprecated features
-------------------
- ``--no-replay`` is deprecated and will be removed in OpenVPN 2.5.
- ``--keysize`` is deprecated in OpenVPN 2.4 and will be removed in v2.6

Security
--------
- CVE-2017-12166: Fix bounds check for configurations using ``--key-method 1``.
  Before this fix, it could allow an attacker to send a malformed packet to
  trigger a stack overflow.  This is considered to be a low risk issue, as
  ``--key-method 2`` has been the default since OpenVPN 2.0 (released on
  2005-04-17).  This option is already deprecated in v2.4 and will be
  completely removed in v2.5.

Revision 1.16: download - view: text, markup, annotated - select for diffs
Sat Jul 1 22:12:53 2017 UTC (7 years, 5 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +5 -5 lines
Use DIST_SUBDIR properly.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Mon Jun 26 07:21:21 2017 UTC (7 years, 5 months ago) by adam
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +5 -5 lines
Distfile has been changed upstream

Revision 1.14: download - view: text, markup, annotated - select for diffs
Fri Jun 23 06:46:06 2017 UTC (7 years, 5 months ago) by adam
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +5 -5 lines
Updated openvpn to 2.4.3

Revision 1.13: download - view: text, markup, annotated - select for diffs
Wed May 24 20:35:12 2017 UTC (7 years, 6 months ago) by adam
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +6 -6 lines
OpenVPN 2.4.2

Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.

Compared to OpenVPN 2.4.1 there are several bugfixes and small enhancements. A summary of the changes is available in Changes.rst.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Mon May 22 06:25:19 2017 UTC (7 years, 6 months ago) by adam
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +5 -5 lines
Version 2.3.16:
* fix redirect-gateway behaviour when an IPv4 default route does not exist
* Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
* Check for errors in the return value of GetModuleFileNameW()
* Fix gateway detection with OpenBSD routing domains

Revision 1.11: download - view: text, markup, annotated - select for diffs
Fri May 19 18:11:04 2017 UTC (7 years, 6 months ago) by spz
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +5 -5 lines
update openvpn to 2.3.15
fixes DoSses: CVE-2017-7478 CVE-2017-7479
fixes PR pkg/52044

relevant excerpt of ChangeLog:
OpenVPN Change Log
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>

2017.05.11 -- Version 2.3.15
David Sommerseth (5):
      dev-tools: Added script for updating copyright years in files
      Update copyrights
      docs: Further improve --reneg-bytes and SWEET32 information
      git: Merge .gitignore files into a single file
      Make --cipher/--auth none more explicit on the risks

Gert Doering (1):
      Document --proto udp6, tcp6, etc.

Julien Muchembled (1):
      Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset

Steffan Karger (6):
      Add missing includes in error.h
      cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
      Document that OpenVPN 2.3 does not check the CRL signature
      Introduce and use secure_memzero() to erase secrets
      Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
      Don't assert out on receiving too-large control packets (CVE-2017-7478)


2016.12.06 -- Version 2.3.14
Christian Hesse (1):
      update year in copyright message

David Sommerseth (1):
      Document the --auth-token option

Gert Doering (2):
      Repair topology subnet on FreeBSD 11
      Repair topology subnet on OpenBSD

Lev Stipakov (1):
      Drop recursively routed packets

Selva Nair (4):
      Support --block-outside-dns on multiple tunnels
      When parsing '--setenv opt xx ..' make sure a third parameter is present
      Map restart signals from event loop to SIGTERM during exit-notification wait
      Correctly state the default dhcp server address in man page

Steffan Karger (1):
      Clean up format_hex_ex()


2016.11.02 -- Version 2.3.13
Arne Schwabe (2):
      Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
      Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer

David Sommerseth (4):
      t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
      t_client.sh: Add support for Kerberos/ksu
      t_client.sh: Improve detection if the OpenVPN process did start during tests
      t_client.sh: Add prepare/cleanup possibilties for each test case

Gert Doering (5):
      Do not abort t_client run if OpenVPN instance does not start.
      Fix t_client runs on OpenSolaris
      make t_client robust against sudoers misconfiguration
      add POSTINIT_CMD_suf to t_client.sh and sample config
      Fix --multihome for IPv6 on 64bit BSD systems.

Ilya Shipitsin (1):
      skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto

Lev Stipakov (2):
      Exclude peer-id from pulled options digest
      Fix compilation in pedantic mode

Samuli Seppänen (1):
      Automatically cache expected IPs for t_client.sh on the first run

Steffan Karger (6):
      Fix unittests for out-of-source builds
      Make gnu89 support explicit
      cleanup: remove code duplication in msg_test()
      Update cipher-related man page text
      Limit --reneg-bytes to 64MB when using small block ciphers
      Add a revoked cert to the sample keys


2016.08.23 -- Version 2.3.12
Arne Schwabe (2):
      Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
      Move ASSERT so external-key with OpenSSL works again

David Sommerseth (3):
      Only build and run cmocka unit tests if its submodule is initialized
      Another fix related to unit test framework
      Remove NOP function and callers

Dorian Harmans (1):
      Add CHACHA20-POLY1305 ciphersuite IANA name translations.

Ivo Manca (1):
      Plug memory leak in mbedTLS backend

Jeffrey Cutter (1):
      Update contrib/pull-resolv-conf/client.up for no DOMAIN

Jens Neuhalfen (2):
      Add unit testing support via cmocka
      Add a test for auth-pam searchandreplace

Josh Cepek (1):
      Push an IPv6 CIDR mask used by the server, not the pool's size

Leon Klingele (1):
      Add link to bug tracker

Samuli Seppänen (2):
      Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
      Clarify the fact that build instructions in README are for release tarballs

Selva Nair (4):
      Make error non-fatal while deleting address using netsh
      Make block-outside-dns work with persist-tun
      Ignore SIGUSR1/SIGHUP during exit notification
      Promptly close the netcmd_semaphore handle after use

Steffan Karger (4):
      Fix polarssl / mbedtls builds
      Don't limit max incoming message size based on c2->frame
      Fix '--cipher none --cipher' crash
      Discourage using 64-bit block ciphers

Revision 1.10: download - view: text, markup, annotated - select for diffs
Fri Jul 8 08:50:25 2016 UTC (8 years, 5 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +5 -5 lines
Update openvpn distfile.  Bump PKGREVISION.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Wed Nov 4 00:35:18 2015 UTC (9 years, 1 month ago) by agc
Branches: MAIN
CVS tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +3 -1 lines
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Wed Dec 3 10:09:33 2014 UTC (10 years ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +4 -4 lines
Update checksums for openvpn update.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sun Jul 20 17:43:29 2014 UTC (10 years, 4 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +4 -4 lines
Changes 2.3.4:
The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Fri Aug 30 22:38:14 2013 UTC (11 years, 3 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +4 -4 lines
Keep distinfo in sync with openvpn main package. Bump revision.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Tue Mar 26 23:31:48 2013 UTC (11 years, 8 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -2 lines
Don't call libtool --mode=finish without argument, this will be fatal
with the next version.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Sun Feb 10 05:55:08 2013 UTC (11 years, 10 months ago) by manu
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +8 -10 lines
Upgrade OpenVPN to 2.3.0
Bump openvpn-acct-wtmpx to add its licence and to take into account the
new location of plugin directory

Significant changes since 2.2.x:
 * Full IPv6 support
 * SSL layer modularised, enabling easier implementation for other SSL
   libraries
 * PolarSSL support as a drop-in replacement for OpenSSL
 * New plug-in API providing direct certificate access, improved logging API
   and easier to extend in the future
 * Added 'dev_type' environment variable to scripts and plug-ins - which
   is set to 'TUN' or 'TAP'
 * New feature: --management-external-key - to provide access to the
   encryption keys via the management interface
 * New feature: --x509-track option, more fine grained access to X.509
   fields in scripts and plug-ins
 * New feature: --client-nat support
 * New feature: --mark which can mark encrypted packets from the tunnel,
   suitable for more advanced routing and firewalling
 * New feature: --management-query-proxy - manage proxy settings via the
   management interface (supercedes --http-proxy-fallback)
 * New feature: --stale-routes-check, which cleans up the internal
   routing table
 * New feature: --x509-username-field, where other X.509v3 fields can be
   used for the authentication instead of Common Name
 * Improved client-kill management interface command
 * Improved UTF-8 support - and added --compat-names to provide backwards
   compatibility with older scripts/plug-ins
 * Improved auth-pam with COMMONNAME support, passing the certificate's
   common name in the PAM conversation
 * More options can now be used inside <connection> blocks
 * Completely new build system, enabling easier cross-compilation and
   Windows builds
 * Much of the code has been better documented
 * Many documentation updates
 * Plenty of bug fixes and other code clean-ups

Revision 1.3: download - view: text, markup, annotated - select for diffs
Fri Jan 11 13:32:58 2013 UTC (11 years, 11 months ago) by joerg
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +3 -1 lines
Explicitly include utmpx.h for NetBSD/current.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Wed Nov 23 23:31:22 2011 UTC (13 years ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -2 lines
Fix unprivileged build. Use SPECIAL_PERMS. Sort PLIST. Bump revision.

Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Wed Jul 14 04:46:18 2010 UTC (14 years, 5 months ago) by manu
Branches: TNF
CVS tags: pkgsrc-base, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
This OpenVPN plugin logs VPN logins and logouts in the wtmpx file.
Using it, you can have a look of OpenPVN usage by the last(1) command.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Wed Jul 14 04:46:18 2010 UTC (14 years, 5 months ago) by manu
Branches: MAIN
Initial revision

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>