The NetBSD Project

CVS log for pkgsrc/net/openvpn-nagios/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / openvpn-nagios

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.17: download - view: text, markup, annotated - select for diffs
Tue Feb 13 19:34:38 2024 UTC (9 months, 2 weeks ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, HEAD
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +2 -2 lines
net/openvpn-*: PKGREVISION++ (these build something else with openvpn also)

Revision 1.16: download - view: text, markup, annotated - select for diffs
Sat Nov 18 12:51:20 2023 UTC (12 months, 2 weeks ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -2 lines
net/openvpn: Update to 2.6.8

upstream NEWS: bugfixes

Revision 1.15: download - view: text, markup, annotated - select for diffs
Fri Nov 10 00:17:47 2023 UTC (12 months, 3 weeks ago) by gdt
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -2 lines
net/openvpn: Update to 2.6.7

Upstream NEWS:

Security Fixes:

* CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after
 it has been free()d in some circumstances, causing some free()d memory to be sent to the peer.
 All configurations using TLS (e.g. not using --secret) are affected by this issue.
 (found while tracking down CVE-2023-46849 / Github #400, #417)
* CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration
 in some circumstances, leading to a division by zero when --fragment is used. On platforms where
 division by zero is fatal, this will cause an OpenVPN crash.(Github #400, #417).

User visible changes:

* DCO: warn if DATA_V1 packets are sent by the other side - this a hard incompatibility between
 a 2.6.x client connecting to a 2.4.0-2.4.4 server, and the only fix is to use --disable-dco.
* Remove OpenSSL Engine method for loading a key. This had to be removed because the original author
 did not agree to relicensing the code with the new linking exception added. This was a somewhat
 obsolete feature anyway as it only worked with OpenSSL 1.x, which is end-of-support.
* add warning if p2p NCP client connects to a p2mp server - this is a combination that used to work
 without cipher negotiation (pre 2.6 on both ends), but would fail in non-obvious ways with 2.6 to 2.6.
* add warning to --show-groups that not all supported groups are listed (this is
 due the internal enumeration in OpenSSL being a bit weird, omitting X448 and X25519 curves).
* --dns: remove support for exclude-domains argument (this was a new 2.6 option,
 with no backend support implemented yet on any platform, and it turns out that
 no platform supported it at all - so remove option again)
* warn user if INFO control message too long, do not forward to management client
 (safeguard against protocol-violating server implementations)

New features:

* DCO-WIN: get and log driver version (for easier debugging).
* print "peer temporary key details" in TLS handshake
* log OpenSSL errors on failure to set certificate, for example if the algorithms used
 are in acceptable to OpenSSL (misleading message would be printed in cryptoapi / pkcs11 scenarios)
* add CMake build system for MinGW and MSVC builds
* remove old MSVC build system
* improve cmocka unit test building for Windows

Revision 1.14: download - view: text, markup, annotated - select for diffs
Tue Oct 24 22:10:29 2023 UTC (13 months, 1 week ago) by wiz
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -2 lines
*: bump for openssl 3

Revision 1.13: download - view: text, markup, annotated - select for diffs
Sat Aug 26 14:23:09 2023 UTC (15 months, 1 week ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +2 -2 lines
net/openvpn-*: revbump and regen distinfo for openvpn update

Revision 1.12: download - view: text, markup, annotated - select for diffs
Sat Jun 17 10:01:25 2023 UTC (17 months, 2 weeks ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -1 lines
net/openvpn-nagios: Revbump/distinfo for openvpn update

Revision 1.11: download - view: text, markup, annotated - select for diffs
Thu Apr 22 13:53:16 2021 UTC (3 years, 7 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +1 -2 lines
openvpn: updated to 2.5.2

The OpenVPN community project team is proud to release OpenVPN 2.5.2. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with “–auth-gen-token” or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Updated OpenSSL and OpenVPN GUI are included in Windows installers.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Sun Jan 26 17:31:53 2020 UTC (4 years, 10 months ago) by rillig
Branches: MAIN
CVS tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +2 -2 lines
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sat Jan 18 21:50:22 2020 UTC (4 years, 10 months ago) by jperkin
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -1 lines
*: Recursive revision bump for openssl 1.1.1.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Wed May 24 20:35:12 2017 UTC (7 years, 6 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +6 -6 lines
OpenVPN 2.4.2

Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.

Compared to OpenVPN 2.4.1 there are several bugfixes and small enhancements. A summary of the changes is available in Changes.rst.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Fri May 19 18:11:04 2017 UTC (7 years, 6 months ago) by spz
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -3 lines
update openvpn to 2.3.15
fixes DoSses: CVE-2017-7478 CVE-2017-7479
fixes PR pkg/52044

relevant excerpt of ChangeLog:
OpenVPN Change Log
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>

2017.05.11 -- Version 2.3.15
David Sommerseth (5):
      dev-tools: Added script for updating copyright years in files
      Update copyrights
      docs: Further improve --reneg-bytes and SWEET32 information
      git: Merge .gitignore files into a single file
      Make --cipher/--auth none more explicit on the risks

Gert Doering (1):
      Document --proto udp6, tcp6, etc.

Julien Muchembled (1):
      Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset

Steffan Karger (6):
      Add missing includes in error.h
      cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
      Document that OpenVPN 2.3 does not check the CRL signature
      Introduce and use secure_memzero() to erase secrets
      Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
      Don't assert out on receiving too-large control packets (CVE-2017-7478)


2016.12.06 -- Version 2.3.14
Christian Hesse (1):
      update year in copyright message

David Sommerseth (1):
      Document the --auth-token option

Gert Doering (2):
      Repair topology subnet on FreeBSD 11
      Repair topology subnet on OpenBSD

Lev Stipakov (1):
      Drop recursively routed packets

Selva Nair (4):
      Support --block-outside-dns on multiple tunnels
      When parsing '--setenv opt xx ..' make sure a third parameter is present
      Map restart signals from event loop to SIGTERM during exit-notification wait
      Correctly state the default dhcp server address in man page

Steffan Karger (1):
      Clean up format_hex_ex()


2016.11.02 -- Version 2.3.13
Arne Schwabe (2):
      Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
      Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer

David Sommerseth (4):
      t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
      t_client.sh: Add support for Kerberos/ksu
      t_client.sh: Improve detection if the OpenVPN process did start during tests
      t_client.sh: Add prepare/cleanup possibilties for each test case

Gert Doering (5):
      Do not abort t_client run if OpenVPN instance does not start.
      Fix t_client runs on OpenSolaris
      make t_client robust against sudoers misconfiguration
      add POSTINIT_CMD_suf to t_client.sh and sample config
      Fix --multihome for IPv6 on 64bit BSD systems.

Ilya Shipitsin (1):
      skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto

Lev Stipakov (2):
      Exclude peer-id from pulled options digest
      Fix compilation in pedantic mode

Samuli Seppänen (1):
      Automatically cache expected IPs for t_client.sh on the first run

Steffan Karger (6):
      Fix unittests for out-of-source builds
      Make gnu89 support explicit
      cleanup: remove code duplication in msg_test()
      Update cipher-related man page text
      Limit --reneg-bytes to 64MB when using small block ciphers
      Add a revoked cert to the sample keys


2016.08.23 -- Version 2.3.12
Arne Schwabe (2):
      Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
      Move ASSERT so external-key with OpenSSL works again

David Sommerseth (3):
      Only build and run cmocka unit tests if its submodule is initialized
      Another fix related to unit test framework
      Remove NOP function and callers

Dorian Harmans (1):
      Add CHACHA20-POLY1305 ciphersuite IANA name translations.

Ivo Manca (1):
      Plug memory leak in mbedTLS backend

Jeffrey Cutter (1):
      Update contrib/pull-resolv-conf/client.up for no DOMAIN

Jens Neuhalfen (2):
      Add unit testing support via cmocka
      Add a test for auth-pam searchandreplace

Josh Cepek (1):
      Push an IPv6 CIDR mask used by the server, not the pool's size

Leon Klingele (1):
      Add link to bug tracker

Samuli Seppänen (2):
      Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
      Clarify the fact that build instructions in README are for release tarballs

Selva Nair (4):
      Make error non-fatal while deleting address using netsh
      Make block-outside-dns work with persist-tun
      Ignore SIGUSR1/SIGHUP during exit notification
      Promptly close the netcmd_semaphore handle after use

Steffan Karger (4):
      Fix polarssl / mbedtls builds
      Don't limit max incoming message size based on c2->frame
      Fix '--cipher none --cipher' crash
      Discourage using 64-bit block ciphers

Revision 1.6: download - view: text, markup, annotated - select for diffs
Fri Jul 8 08:50:55 2016 UTC (8 years, 4 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -2 lines
Update openvpn distfile.  Bump PKGREVISION.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Sat Mar 5 11:29:09 2016 UTC (8 years, 9 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -2 lines
Bump PKGREVISION for security/openssl ABI bump.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Sun Jan 18 16:01:37 2015 UTC (9 years, 10 months ago) by wiedi
Branches: MAIN
CVS tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -1 lines
bulk build wants openssl

Revision 1.3: download - view: text, markup, annotated - select for diffs
Sun Jul 20 17:43:29 2014 UTC (10 years, 4 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +2 -3 lines
Changes 2.3.4:
The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Fri Aug 30 22:38:47 2013 UTC (11 years, 3 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -1 lines
Keep in sync with the openvpn main package. Bump revision.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Sun Feb 10 05:57:41 2013 UTC (11 years, 9 months ago) by manu
Branches: MAIN
CVS tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1
Add openvpn-nagios, an OpenVPN certificate monitoring plugin to be used
in nagios

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>