security/openvpn-devel: upgrade port to git commit 91b057a2b5 (2024-02-11)

contains a number of bugfixes and minor improvements, especially adding
more unit tests.

There is one FreeBSD relevant bugfix for servers with DCO, where reporting
of kernel peer statistics to userland failed due to static buffers sized
too small (ENOSPC).  Buffer handling here has been made dynamic.

PR:		276973

*: Move manpages to share/man

Approved by:	portmgr (blanket)

security/openvpn-devel: upgrade port to git commit efad93d049 (2023-11-17)

contains a number of bugfixes and minor improvements, plus fixes
for two bugs that have been assigned CVEs:

- CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use
  a send buffer after it has been free()d in some circumstances, causing
  some free()d memory to be sent to the peer.  All configurations using TLS
  (e.g. not using --secret) are affected by this issue.
  (found while tracking down CVE-2023-46849 / Github #400, #417)

- CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
  restore "--fragment" configuration in some circumstances, leading to
  a division by zero when "--fragment" is used.  On platforms where
  division by zero is fatal, this will cause an OpenVPN crash.

see also https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements

Also adjust files/patch-tests__t_cltsrv.sh because upstream commit
d623aa6c29 conflicts with this patch.

Security:	2fe004f5-83fd-11ee-9f5d-31909fb2f495
Security:	CVE-2023-46849
Security:	CVE-2023-46850

*/*: Sunset 12.4-RELEASE/12-STABLE from ports tree

- Remove all references to defunct ARCH arm
- Remove all references to defunct ARCH sparc64
- Remove x11-drivers/xf86-video-sunffb which requires defunct sparc64
  ARCH
- Remove sysutils/afbinit requires defunct sparc64 ARCH
- Remove all references to bktr driver
- Remove all references to defunct FreeBSD_12
- Remove all references to OSVERSION/OSREL corresponding to 12
- Remove conditionals in Mk/Uses/cabal.mk
- Remove sparc reference from Mk/Uses/qt-dist.mk
- Remove BROKEN_sparc64/NOT_FOR_ARCH=sparc64
- Remove BROKEN_FreeBSD_12* from:
- Remove OpenSSL patches from:
- Remove conditional flags for OSVERSION >= 1300000 to fixed flags.
  Also move conditional flags for non sparc64/arm ARCH to fixed flags.

Reviewed by:	brooks, jbeich, rene, salvadore
Differential Revision: https://reviews.freebsd.org/D42068

bsd.sites.mk: Update all ports using USE_GITLAB

Replace GL_COMMIT by GL_TAGNAME in all ports. The new GL_TAGNAME is
backwards-compatible (accepting any commit hash as before), but also
understands an actual tag name. Moving to tag names where appropriate is
left to individual ports' maintainers.

Approved by:		portmgr (tcberner, mentor)
Differential Revision:	https://reviews.freebsd.org/D37077

security/openvpn-devel: upgrade port to git commit fafb05f6f3 (2023-03-31)

This brings openvpn-devel to the current HEAD of the development tree,
which is still very close to OpenVPN 2.6.3.

Adjust config handling of option "DCO" to match upstream changes - that
is, DCO is enabled by default, so we pass "--disable-dco" to configure
now if the option is unchecked.

security/openvpn-devel: upgrade port to git commit 480ad2a84e (2023-01-13)

this commit is also 2.6_rc2 (+ a freebsd/linux build fix).

contains a number of bugfixes and minor improvements, see
https://github.com/OpenVPN/openvpn/blob/v2.6_rc2/Changes.rst

Most notable improvement: this contains a default-enabled ratelimiter
for initial TLS handshake packets (100 per 10s), significantly reducing
the usefulness of abusing an OpenVPN server as a DDoS reflection engine.

Use '--connect-freq-initial' to tune parameters if needed.

security/openvpn-devel: upgrade port to git commit 84e70c479e (2022-12-28)

this commit is also 2.6_rc1.

contains a number of bugfixes and minor improvements, see
https://github.com/OpenVPN/openvpn/blob/v2.6_rc1/Changes.rst

security/openvpn-devel: upgrade port to git commit 566c0791ca (2022-12-15)

this commit is also 2.6_beta2.

contains a number of bugfixes and minor improvements

user visible changes since last port upgrade
 - freebsd + DCO now has working byte counters in DCO mode
 - server no longer accepts new inbound client connections
   while in "explicit-exit-notify" shutdown phase
 - logging improvements for DCO key handling

security/openvpn-devel: upgrade port to git commit e778a6fd26d (2022-12-01)

this commit is also 2.6_beta1.

contains a good number of bugfixes and minor improvements

user visible changes since last port upgrade
 - binary identifies itself as "2.6_beta1"
 - client reconnect in p2p TLS mode works now with DCO enabled (on FreeBSD 14)
 - more robust handling of cipher negotiation issues in p2p TLS mode
 - supports server-pushable "tun-mtu" now
 - support DCO with AES-192-GCM on sufficiently-new FreeBSD 14 kernels

security/openvpn-devel: fix up shebang of totpauth.py script

...and we also need to add USES+=python:build to fix
stage-qa complaints of the following kind:

Error: '/usr/local/bin/python' is an invalid shebang you need
USES=shebangfix for 'share/examples/openvpn/sample-scripts/totpauth.py'

ALTHOUGH the shebangfix has worked and replaced /usr/bin/python3
by /usr/local/bin/python (with /usr/local from LOCALBASE apparently).

security/openvpn-devel: upgrade port to git commit ecad4839ca (2022-10-27)

contains a good number of bugfixes and minor improvements, no new features.

user visible changes:
  - "topology subnet" tun interfaces will now use IFF_POINTOPOINT
  - DCO option on FreeBSD 14 will default to "on" now
  - DCO on FreeBSD now requires  a FreeBSD kernel after
    commit 2e797555f701c38d9d to get kernel-side ovpn(4)
    improvements, necessary for proper subnet + iroute support

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

security/openvpn-devel: options cleanup

- Drop TUNNELBLICK option and patch, which fails PATCH and if your force
  it, build. security/openvpn removed the option earlier this year.
  Drop pkg-help along with it
- Exclude DCO-option on FreeBSD 12 and 13. It requires FreeBSD 14
  kernel features, and FreeBSD 11 and older are no longer supported.

Approved by: portmgr (blanket)

security/openvpn-devel: Upgrade to current git revision, add DCO option

commits up to 734de8f9aa2df bring a number new developments, especially
inclusion of the "Data Channel Offload" (OpenVPN in kernel space)
feature.

Since this is still considered not very well tested and needs a
very recent FreeBSD 14 kernel, this is off by default, and a new option
  [ ] DCO
has been added to enable it.

security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Kapranoff <kappa@rambler-co.ru>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexander Botero-Lowry <alex@foxybanana.com>
  *  Alexander Kriventsov <avk@vl.ru>
  *  Alexander Leidinger <netchild@FreeBSD.org>

security/openvpn-devel: really clean up REINPLACE_CMD

security/openvpn-devel: integration improvements

fixing quirks
- PORTREVISION cannot be empty
- complete pkg-plist
- remove dead REINPLACE_CMD

Approved by:	portmgr@ (blanket, fix broken port)
Related to:
PR:		263818

security/openvpn-devel: Upgrade to current git revision

commits up to 413877f522e  bring a number new developments, especially
hardening the server against TLS state exhaustion and being abused
for reflection/amplification attacks, a full MTU/MSS handling rehaul,
and proper OpenSSL 3.0.x support.

PR:		263818

security/mbedtls: Update to 2.28.0 and fix make test

Also bump dependent ports for library version change.

PR:		255084

*/*: Remove redundant '-[0-9]*' from CONFLICTS_INSTALL

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)

security/openvpn{,-devel}: Update WWW

for security/openvpn-devel:
Approved by: Gert Doering (maintainer)

security/openvpn-devel: bugfix update to 0033811e

Changes:
* 0033811e 2021-06-03 | Fix SIGSEGV (NULL deref) receiving push "echo" [Matthias
Andree]
* b7fe49c2 2021-05-24 | Do not require CA when peer-fingerprint is used [Selva
Nair]
* 28240c4a 2021-06-01 | Fix parsing of IV_SSO string [Selva Nair]

Approved by: Gert Doering (maintainer, by IRC)

security/openvpn-devel: switch to Gitlab and new maintainer

The previous maintainer asked that the port be removed, but
we seem to have found a better solution. Gert Doering volunteered
to take over the port and reference Git directly.

Import security/openvpn fix for leftover .orig files.

PR:		256209
Maintainer change implicitly
Approved by:	ecrist@secure-computing.net (removal request)
New contents reviewed and
Approved by:	gert@greenie.muc.de (new maintainer, by IRC/mail)

security/openvpn-devel: Update to 2021-W13 development snapshot

Commit history from 202049 to 202113:

5ac8c3c7 Fix async push broken after auth deferred refactor
8ccce69d log file descriptor in more socket related error messages
c5fec838 Move auth deferred related members into its own struct
6ea62d50 Remove deprecated option '--keysize'
60f5889a Deprecate non TLS mode in OpenVPN
79ff3f79 Allow running a default configuration with TLS libraries without BF-CBC
9e702a5d Always disable TLS renegotiations
203afbe9 reliable: retransmit if 3 follow-up ACKs are received
343b6119 Remove do_init_socket_2 and do_init_socket_1 wrapper function
9fe0b2c2 Extract multi_assign_peer_id into its own function
18b4a838 Remove thread_mode field of multi_context

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

security/openvpn-devel: Update to 2020-W49 snapshot

Update port to 2020-W49 development snapshot.

1387f526 Fix port-share option with TLS-Crypt v2
4d307ed4 tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key)
fb169c3b tls-crypt-v2: fix server memory leak
dfd624b5 Remove auth_user_pass.wait_for_push variable
fb789947 Fix auth-token not being updated if auth-nocache is set
88dc4276 Make any auth failure tls_authentication_status return auth failed
55d5eaa3 Send AUTH_FAILED message to clients on renegotiation failures
3ac8e592 Rename DECRYPT_KEY_ENABLED to TLS_AUTHENTICATED
f9d3fbf9 Clean up tls_authentication_status and document it
f1f0f074 Improve keys out of sync message
8292102b Add more documentation about our internal TLS functions
cc5a7163 Replace key_scan array of static pointers with inline function
fc25ca3a build: Fix missing install of man page in certain environments
0d4069e4 Change travis build scripts to use https when fetching prerequisites.

PR:		251761
Submitted by:	Eric F. Crist (maintainer)

openvpn-devel Update to post 2.5 release development snapshot.

=== Commit Notes ===
99d217b2 Remove --disable-def-auth configure argument
0d4ca79d Remove explicit setting of peer_id to false
cb70cf51 Remove NULL checks before calling free
2c8a9877 Align reliable_free with other free methods to accept NULL
0d5aab88 Inline function tls_get_peer_info
bbcada8a Avoid passing NULL to argv_printf_cat() in temp_file error case.
a4eeef17 Add function for common env setting of verify user/pass calls
a480eaae Ignore deprecation warning for daemon on macOS
14bd92b7 Fix compilation on pre-EKM mbedTLS libraries.
f0734e49 Simplify key material exporter backend API
6dc09d0d Implement generating data channel keys via EKM/RFC 5705
1e6e083e networking_iproute2: fix memory leak in net_iface_mtu_set()

security/openvpn-devel: Update to 2020-W35 snapshot (take 2 + 1/2)

This also adds a fix to the optional TUNNELBLICK extra-patch that removes
context now gone from the upstream code.

Here are the changes in the W35 snapshot:

136c5f01 Fix compilation with older mbed TLS versions (mbedtls_tls_prf_types
undefined)
5e19cc2c Workaround FreeBSD 12+ race condition on tun/tap open with IPv6.
10abd656 Refactor key_state_export_keying_material functions
62560e2a Fixes a bug in management_callback_send_cc_message, should be strlen
instead of sizeof
2ab0a924 Fix client's poor man NCP fallback
ed47c097 tun.c: enable using wintun driver under SYSTEM
2da29362 Improve the documentation for --dhcp-option
bf911882 Changes.rst: fix mistyped option names

security/openvpn-devel: Update to 2020-W33 snapshot

Update to Week 33 snapshot:

e02616d8 Document comp-lzo no and compress being incompatible
c13d20fa Remove S_OP_NORMAL key state.
4b4f5fe2 Move parsing IV_PROTO to separate function
4edcf571 Skip existing interfaces on opening the first available utun on macOS
42b39e98 Merge check_coarse_timers and check_coarse_timers_dowork
cd88d947 Eliminate check_tls wrapper function
eed645b3 Eliminate check_incoming_control_channel wrapper function
b7aebba2 Eliminate check_fragment function
76ea0859 Rename check_ping_restart_dowork to trigger_ping_timeout_signal
ce7ddaaf Split pf_check_reload check and check timer in process_coarse_timers
feacd01c travis: don't run t_net.sh test

security/openvpn-devel: update to 2020-W30 snapshot

This is from the PR, with the addition of
BUILD_DEPENDS+=rst2man:textproc/py-docutils
such that the manpage gets built (it doesn't ship with
snapshots - which are from Git - any longer).

changes:

08469ca1 Remove --client-cert-not-required
2d5facaa Remove --ifconfig-pool-linear
94edc7c5 Require AEAD support in the crypto library
ec7d0e8e Drop support for OpenSSL 1.0.1
df85950a travis: Fix make distcheck failure
aad16b6c client-connect: Implement deferred connect support for plugin API v2

security/openvpn-devel: Update to 202028 (2020-W28 snapshot)

ChangeLog:
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247974#c0>

While here:
* add cmocka as build-time requisite to include the engine test.
* use PLUGINDIR rather than hacking CPPFLAGS for PLUGIN_LIBDIR,
  the latter breaks -fPIC detection by configure (breaking the
  shared lib build for the engine unit tests)

PR:		247974
Submitted by:	Eric F. Crist (maintainer)

Update to new snapshot 202016.

Git changes since 202015:

* 37bc691e 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 3b06b57d 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
* d8ac887c 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve
selection [Arne Schwabe]

Approved by:	ecrist@secure-computing.net (via IRC #openvpn-devel)
Security:	CVE-2020-11810
Security:	8604121c-7fc2-11ea-bcac-7781e90b0c8f

security/openvpn-devel: update to 2020-W15 snapshot

Update openvpn-devel port to the 2020-W15 snapshot
(Changes from upstream's Git):

* 05229fb5 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple
			CRLs in one file [Maxim Plotnikov]
* e23fb6b8 2020-04-03 | Fix off-by-one in tls-crypt-v2 client wrapping
			with custom metadata [Arne Schwabe]

PR:		245573
Submitted by:	ecrist@secure-computing.net (maintainer)

security/openvpn-devel: update to 2020-W14 snapshot

update to the 2020-W14 snapshot, Git log:

* 57578310 2020-03-30 | When auth-user-pass file has no password query the
management interface (if available). (HEAD -> master-2020-14, origin/master,
origin/HEAD, master) [Selva Nair]
* 8e5d30cf 2020-03-30 | Move querying username/password from management to a
function [Selva Nair]
* 3608d890 2020-04-02 | Fix OpenSSL error stack handling of
tls_ctx_add_extra_certs [Arne Schwabe]
* 09ae6280 2020-03-14 | tun.c: revise the IPv4 ifconfig flow on Windows [Simon
Rozman]
* 3e0e1692 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne
Schwabe]
* a59e0754 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van
Leeuwen]
* a2a2132c 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH]
* e8106537 2020-03-10 | tapctl: Support multiple hardware IDs [Simon Rozman]
* c6f8d1a7 2020-03-09 | openvpnmsica: Merge FindTUNTAPAdapters into
FindSystemInfo [Simon Rozman]

PR:		245373
Submitted by:	ecrist@secure-computing.net (maintainer)

security/openvpn-devel: update to 2020-W13 snapshot

Changes since the 2020-W12 snapshot:

* be453156 2020-03-12 | Normalise ncp-ciphers option and restrict it to 127
bytes (HEAD -> master-2020-13, origin/master, origin/HEAD, master) [Arne
Schwabe]
* f67efa94 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu
Lakkala]
* 072f7d35 2020-03-22 | travis-ci: add arm64, s390x builds. [Ilya Shipitsin]
* 50d68142 2020-03-09 | openvpnmsica, tapctl: Revise default hardware ID
management [Simon Rozman]
* d263e4f3 2020-03-09 | openvpnmsica: Extend to support arbitrary HWID network
adapters [Simon Rozman]
* 8c487854 2020-03-09 | openvpnmsica: "TAP" => "TUN/TAP" [Simon Rozman]
* 52b2414d 2020-03-09 | openvpnmsica, tapctl: "interface" => "adapter" [Simon
Rozman]
* c8de3ddb 2020-03-09 | openvpnmsica: Simplify static function names [Simon
Rozman]
* e24049d5 2020-03-09 | openvpnmsica: Revise MSI custom actions interop [Simon
Rozman]
* d15bc3ad 2020-03-09 | tapctl: Add functions for enabling/disabling adapters
[Simon Rozman]

PR:		245192
Submitted by:	ecrist@secure-computing.net (maintainer)

security/openvpn-devel: Update to new 2020-W12 snapshot.

Git history since 202010:
* e1eb630d 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev
Stipakov]
* f3ef6ced 2020-03-10 | tun.c: reorder IPv6 ifconfig on Windows [Simon Rozman]
* 5d28b47c 2020-03-12 | tun.c: fix 'use after free' error [Lev Stipakov]
* 04f4b4fe 2020-02-05 | Skip DNS address validation [Domagoj Pensa]
* 089fbe65 2020-02-05 | wintun: upgrade error message in case of ring
registration failure [Simon Rozman]
* 57fe5a26 2020-03-09 | tapctl: Update documentation [Simon Rozman]
* 36493bf6 2020-03-09 | openvpnmsica: Fix TAPInterface.DisplayName field
interpretation [Simon Rozman]
* 026cf3e5 2020-03-09 | openvpnmsica: Remove required Windows driver
certification detection [Simon Rozman]
* 1828f9c1 2020-02-21 | Move NCP related function into a seperate file and add
unit tests [Arne Schwabe]
* 53e7d8db 2020-02-05 | wintun: check for conflicting options [Simon Rozman]
* baef44fc 2020-02-05 | tun.c: uncrustify [Simon Rozman]
* 4c71a647 2020-02-05 | tun.c: refactor driver detection and make it
case-insensitive [Simon Rozman]
* b111aa80 2020-02-29 | interactive.c: remove unused function [Lev Stipakov]

PR:		245098
Submitted by:	ecrist@secure-computing.net

security/openvpn-devel update to snapshot 202010

PR:		244632
Submitted by:	ecrist@secure-computing.net (maintainer)

security/openvpn-devel: Maintainer update to 201935

This commit updates the port to the latest development snapshot.

Additional changes over PR:
- leave CATEGORIES alone (leaving net-vpn in)
- move IGNORE_SSL upwards and remove USE_LDCONFIG to please portlint -CA

PR:		240376
Submitted by:	ecrist@secure-computing.net (maintainer)

Patch sed(1) regexp in self-test script from GNU to POSIX syntax.

PR:		240307
Submitted by:	kevans@
Approved by:	ecrist@secure-computing.net (maintainer)

Convert to UCL & cleanup pkg-message (categories s)

Implement new virtual category: net-vpn for VPN related ports

based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html

PR:		239395
Submitted by:	myself
Approved by:	portmgr (mat)
Differential Revision:	https://reviews.freebsd.org/D21174

security/openvpn-devel: fix whitespace from r494062

Reported by:	Peter Jeremy <peter@rulingia.com>
Pointyhat to:	swills

security/openvpn-devel: Update to 201907 development snapshot

PR:		235859
Submitted by:	ecrist@secure-computing.net (maintainer)

Update security/mbedtls to 2.13.0 and bump dependent ports.

Update security/mbedtls to 2.12.0 and bump dependent ports.

MFH:		2018Q3
Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02

Update security/mbedtls to 2.9.0 and bump dependent ports.

security/openvpn-devel: Update to 201821

PR:		228589
Submitted by:	ecrist@secure-computing.net (maintainer)

security/openvpn-devel: Update to 201815

PR:		227567
Submitted by:	ecrist@secure-computing.net (maintainer)
Approved by:	pi (mentor)

Update security/mbedtls to 2.8.0 and bump dependent ports.

MFH:		2018Q2
Security:	https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released

security/openvpn-devel: update to latest 2018-11 snapshot

PR:		226588
Submitted by:	ecrist@secure-computing.net (maintainer)

Update security/mbedtls to 2.7.1.

PR:		226550
MFH:		2018Q1

- Update security/polarssl13 to 1.3.22.
- Update security/mbedtls to 2.7.0 and bump dependent ports.

MFH:		2018Q1
Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01

Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).

Update to latest version

PR:	220183
Submitted by:	ecrist@secure-computing.net

Update to new snapshot.

Note I didn't take the original patch because it needed to NOT conflict
with itself, and I had to fix indentation - be sure to use TAB, not
blanks, after the VARIABLE= part.

PR:		219305
Submitted by:	ecrist@secure-computing.net (maintainer)

Update openvpn-devel to 2016-52 snapshot.

Align with security/openvpn for RC script improvements, dropping the
TUNNELBLICK patch (integrated upstream) and pkg-help file (no longer
required).

Note that pkcs11* and mbedTLS currently do not mix (I randomly checked
different option sets), an issue this port shares with security/openvpn.
"checking mbedtls pkcs11 support...
configure: error: mbedtls has no pkcs11 wrapper compiled in"

PR:		215734
Submitted by:	Eric F. Crist (maintainer)

Update to 2016-W47 snapshot (2.4 beta).

PR:		214930
Submitted by:	ecrist@secure-computing.net (maintainer)

Update to latest snapshot (week 43)

PR:		213982
Submitted by:	ecrist@secure-computing.net (maintainer)

security/openvpn-devel: 201607 -> 201623

Port Changes:
- password-save option is always on now, no longer optional
- LibreSSL has been renamed mbed TLS

Upstream Changes:
- Implement --push-remove option to remove options pushed by server
- Use mbedTLS 2.x now, instead of PolarSSL 1.x

PR:		210259
Submitted by:	ecrist@secure-computing.net (maintainer)

- Fix trailing whitespace in pkg-messages

Approved by:	portmgr blanket

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

security/openvpn-devel: 201548 -> 201607

- update to the latest development snapshot

PR:		207489
Submitted by:	ecrist@secure-computing.net (maintainer)

- Update to 2015-48

PR:		        204805
Submitted by:	ecrist@secure-computing.net (maintainer)
Approved by:	mat (mentor)

Update to 201541. [1]

Convert to options helpers.

PR:		203823 [1]
Submitted by:	maintainer
Sponsored by:	Absolight

By default libtool replaces -export-symbols <file> with -retain-symbols-file
<file> on ELF systems, but this doesn't really do what -export-symbols is
meant to do.  On GNU ELF systems it converts <file> to a simple version
script first and then uses -version-script instead of -retain-symbols-file.
Let USES=libtool patch libtool scripts to do this on all systems with GNU
ld(1).

Bump PORTREVISION on all ports where the build log contains -export-symbols.

audio/calf: This port builds a module that now exports only one function,
but it also builds a number of executables that link to this module and
expect to see other functions.  Because it's already a bit dodgy to link to
a module (libtool warns about this) let the module continue to export only
one function and instead build an ordinary library from the same source that
the executables can link to.  Fix a number of other issues in the same

- Drop @dirrm* from plist

Approved by:	portmgr blanket

Update to 201523.

PR:		200774
Submitted by:	maintainer

- Update security/polarssl13 to 1.3.11
- Patch a Makefile so regular make install works
- Replace a patch with MAKE_ENV
- Bump dependent ports

PR:		200816

Update to 201516 development snapshot

PR:	199580
Submitted by:	ecrist@secure-computing.net

Specify library version when depending on libpolarssl and switch ports to
PolarSSL 1.3 when they fail to build with 1.2.

Update to the 201449 snapshot

PR:		195651
Submitted by:	ecrist (maintainer)

Update to the 201425 snapshot.

PR:		192006
Submitted by:	ecrist@secure-computing.net (maintainer)

Fix some non default LIB_DEPENDS

With hat:	portmgr

Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.

- Add missing USES=libtool to archivers/snappy
- Bump dependent ports as .so version has changed

Approved by:	portmgr blanket

Remove all space characters from Makefile assignments.

No functional changes included.

CR:		D193 (except math/sedumi)
Approved by:	portmgr (bapt)

- Update to latest snapshot 201421
- Support staging
- Sync more with security/openvpn

PR:		190312
Submitted by:	ecrist@secure-computing.net (maintainer)

Upgrade snappy to 1.1.1, and bump all related PORTREVISION to chase shared
library version.

PR:		ports/190409
Submitted by:	ports at robakdesign.com
Approved by:	portmgr@ (for NO_STAGE)

Fix old makeplist bug.

Pointy hat to:	people who blindly use makeplist
Sponsored by:	Absolight

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

Update to version 201326

PR:		ports/180167
Submitted by:	maintainer

Update to latest snapshot

PR:	ports/178814
Submitted by:	Eric F Crist <ecrist@secure-computing.net>
Sponsored by:	Claimlynx

Update to 201250 snapshot

PR:	ports/174520
Submitted by:	Eric F. Crist <ecrist@secure-computing.net>

- Update to latest snapshot [1]
- Properly install symlinks for auth-pam and down-root plugins [1]
- Fix pkg-message description of locations of these plugins [1]
- Fix plist for nonexistent DOCSDIR/openvpn and DOCSDIRS/sample

PR:		ports/172587 [1]
Submitted by:	Eric F Crist <ecrist@secure-computing.net> (maintainer) [1]
Feature safe:	yes

- Fix header to proper format

Reported by:	danfe

- Update to 201237 snapshot [1]
- Convert to new options framework
- Remove ABI versions from LIB_DEPENDS
- Update to new header

PR:		ports/171743 [1]
Submitted by:	Eric F Crist <ecrist@secure-computing.net> (maintainer) [1]

Move the rc.d scripts of the form *.sh.in to *.in

Where necessary add $FreeBSD$ to the file

No PORTREVISION bump necessary because this is a no-op

- Update to latest snapshot

PR:		ports/170111
Submitted by:	Eric F Crist <ecrist@secure-computing.net> (maintainer)

- Update to 201208 snapshot
- while here use INSTALL_LIB for library installation

PR:     ports/165504
Submitted by:   maintainer, ecrist@secure-computing.net

- update to DISTVERSION 201204
- sort pkg-plist with help from ports-mgmt/genplist

PR:             164407
Submitted by:   Eric F Crist <ecrist@secure-computing.net> (maintainer)

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

Update to new snapshot 201139, removing files/patch-t_cltsrv.sh [1].

Remove files/pkg-req.in and references in SUB_FILES and pre-install,
it was a (now obsolete) workaround to warn users that installed newer
6.X packages on older 6.X systems and ended up with the new rc world
order scripts unfound and openvpn not running. [2]

Fix version number in CONFLICTS to encompass openvpn (not just
openvpn20), and demote to CONFLICTS_INSTALL. Neither port installs
headers or libraries that might get in the way.

PR:           ports/161285
Submitted by: Eric F. Crist (maintainer) [1]
Approved by:  Eric F. Crist (maintainer) [2]

- Turn off self-tests on pointyhat, they fail

Reported by:    pointyhat

Move LICENSE= up into a block of its own to silence portlint.

Remove the lzo/lzo2 version switch now that we only have lzo2.

Approved by: ecrist@secure-computing.net (maintainer)

Fix Pointyhat build failures by skipping (not failing) network-based tests.

Approved by: ecrist@secure-computing.net (maintainer)

Unbreak port by adjusting plist to match reality of new version.

Update to week 26 snapshot.

PR:     ports/158568
Submitted by:   Eric F Crist <ecrist@secure-computing.net>
Sponsored by:   ClaimLynx, Inc