From matthias.andree@gmx.de  Mon Apr 18 22:22:25 2005
Return-Path: <matthias.andree@gmx.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BD9EB16A4CF
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 18 Apr 2005 22:22:25 +0000 (GMT)
Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.e-technik.Uni-Dortmund.DE [129.217.163.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 553FD43D31
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 18 Apr 2005 22:22:20 +0000 (GMT)
	(envelope-from matthias.andree@gmx.de)
Received: from localhost (localhost [127.0.0.1])
	by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id 3E14544004
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 Apr 2005 00:22:19 +0200 (CEST)
Received: from mail.dt.e-technik.uni-dortmund.de ([127.0.0.1])
 by localhost (krusty [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 04841-04 for <FreeBSD-gnats-submit@freebsd.org>;
 Tue, 19 Apr 2005 00:22:15 +0200 (CEST)
Received: from m2a2.dyndns.org (p509155C6.dip.t-dialin.net [80.145.85.198])
	by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id 4DED044003
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 Apr 2005 00:22:14 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by merlin.emma.line.org (Postfix) with ESMTP id 4BEF679462;
	Tue, 19 Apr 2005 00:22:13 +0200 (CEST)
Received: from merlin.emma.line.org ([127.0.0.1])
 by localhost (m2a2.dyndns.org [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 19346-05; Tue, 19 Apr 2005 00:22:12 +0200 (CEST)
Received: from libertas.emma.line.org (libertas.emma.line.org [192.168.0.2])
	by merlin.emma.line.org (Postfix) with ESMTP id DE253793BD;
	Tue, 19 Apr 2005 00:22:11 +0200 (CEST)
Received: from emma by libertas.emma.line.org with local (Exim 4.50 (FreeBSD))
	id 1DNed9-000Ikq-A5; Tue, 19 Apr 2005 00:22:11 +0200
Message-Id: <E1DNed9-000Ikq-A5@libertas.emma.line.org>
Date: Tue, 19 Apr 2005 00:22:11 +0200
From: Matthias Andree <matthias.andree@gmx.de>
Sender: Matthias Andree <matthias.andree@gmx.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [MAINTAINER] security/openvpn: update to 2.0
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         80082
>Category:       ports
>Synopsis:       [MAINTAINER] security/openvpn: update to 2.0
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    jylefort
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 18 22:30:12 GMT 2005
>Closed-Date:    Thu Apr 21 14:05:03 GMT 2005
>Last-Modified:  Thu Apr 21 14:05:03 GMT 2005
>Originator:     Matthias Andree
>Release:        FreeBSD 4.11-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD libertas.emma.line.org 4.11-RELEASE-p3 FreeBSD 4.11-RELEASE-p3 #20: Sat Apr 16 10:25:44 CEST 2005
>Description:
Update the OpenVPN port to 2.0, which brings heaps of new features, too
many to list them here. OpenVPN 2.0 is more scalable and manageable than
its predecessor. For details, please see <http://openvpn.net/relnotes.html>

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- openvpn-2.0.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /root/ports/security/openvpn/Makefile
--- /usr/ports/security/openvpn/Makefile	Tue Sep  7 11:58:46 2004
+++ /root/ports/security/openvpn/Makefile	Tue Apr 19 00:18:55 2005
@@ -6,19 +6,15 @@
 #
 
 PORTNAME=	openvpn
-PORTVERSION=	1.6.0
+DISTVERSION=	2.0
 CATEGORIES=	security
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE} \
-		http://osdn.dl.sourceforge.net/sourceforge/${PORTNAME}/
-MASTER_SITE_SUBDIR=	${PORTNAME}
+MASTER_SITES=	http://openvpn.net/release/
 
 MAINTAINER=	matthias.andree@gmx.de
 COMMENT=	Secure IP/Ethernet tunnel daemon
 
 LIB_DEPENDS=	lzo.1:${PORTSDIR}/archivers/lzo
 
-CONFLICTS=	openvpn-devel-*
-
 GNU_CONFIGURE=	yes
 USE_OPENSSL=	yes
 CONFIGURE_TARGET=	--build=${ARCH}-portbld-freebsd${OSREL}
@@ -28,20 +24,29 @@
 
 MAN8=		openvpn.8
 
+# self-tests here
+post-build:
+	( set -e ; cd ${WRKSRC} && \
+	./openvpn --genkey --secret key && \
+	./openvpn --test-crypto --secret key && ${RM} key )
+	( set -e ; cd ${WRKSRC} && { \
+	./openvpn --config sample-config-files/loopback-server & \
+	./openvpn --config sample-config-files/loopback-client ; \
+	wait ; })
+
 post-install:
 	${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \
 		${PREFIX}/etc/rc.d/openvpn.sh.sample
 .if !defined(NOPORTDOCS)
-	@${MKDIR} ${DOCSDIR}
+	${MKDIR} ${DOCSDIR}
 .for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \
 	PORTS README
-	@${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}
-.endfor
-.for dirs in easy-rsa sample-config-files sample-scripts
-	@${MKDIR} ${DOCSDIR}/${dirs}
-	@${INSTALL_DATA} ${WRKSRC}/${dirs}/* ${DOCSDIR}/${dirs}
+	${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}
 .endfor
-	@${CAT} ${PKGMESSAGE}
+	( cd ${WRKSRC} \
+	&& ${FIND} easy-rsa sample-config-files sample-scripts -depth \
+	| ${GREP} -v easy-rsa/Windows \
+	| ${CPIO} -pdmu ${DOCSDIR} )
 .endif
 
 .include <bsd.port.mk>
diff -ruN --exclude=CVS /usr/ports/security/openvpn/distinfo /root/ports/security/openvpn/distinfo
--- /usr/ports/security/openvpn/distinfo	Fri May 14 11:09:59 2004
+++ /root/ports/security/openvpn/distinfo	Mon Apr 18 12:54:16 2005
@@ -1,2 +1,2 @@
-MD5 (openvpn-1.6.0.tar.gz) = 9eab3719b280a12d19ef1fda286cc363
-SIZE (openvpn-1.6.0.tar.gz) = 430324
+MD5 (openvpn-2.0.tar.gz) = 7401faebc6baee9add32608709c54eec
+SIZE (openvpn-2.0.tar.gz) = 639201
diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-descr /root/ports/security/openvpn/pkg-descr
--- /usr/ports/security/openvpn/pkg-descr	Mon Jun 24 18:13:08 2002
+++ /root/ports/security/openvpn/pkg-descr	Mon Feb 28 14:08:05 2005
@@ -7,4 +7,4 @@
 WWW: http://openvpn.sourceforge.net/
 
 - Matthias Andree
-matthias.andree@web.de
+matthias.andree@gmx.de
diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-message /root/ports/security/openvpn/pkg-message
--- /usr/ports/security/openvpn/pkg-message	Sun Nov 23 18:53:10 2003
+++ /root/ports/security/openvpn/pkg-message	Tue Apr 19 00:18:04 2005
@@ -3,12 +3,21 @@
 ###  See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this  	   ###
 ###  automatically at system boot-up time.                                 ###
 ### ---------------------------------------------------------------------- ###
-###  To retain backwards compatibility of OpenVPN 1.3.0 with OpenVPN peers ###
-###  that run older versions (back to 1.1.0), you will have to set the MTU ###
-###  explicitly by command line options since OpenVPN 1.3.0.               ###
+###  To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to ###
+###  edit the 1.X configuration file by adding these lines:                ###
+###                                                                        ###
+###    tun-mtu 1500							   ###
+###    tun-mtu-extra 32							   ###
+###    mssfix 1450							   ###
 ###                                                                        ###
+###    key-method 2       <- this key-method line only for TLS setups	   ###
+### ---------------------------------------------------------------------- ###
 ###  When connecting to 1.4.X or older peers with a TAP-style tunnel, set  ###
 ###  --tun-mtu 1500 --tun-mtu-extra 32 on the peer.			   ###
+###                                                                        ###
+###  To retain backwards compatibility of OpenVPN 1.3.0 with OpenVPN peers ###
+###  that run older versions (back to 1.1.0), you will have to set the MTU ###
+###  explicitly by command line options since OpenVPN 1.3.0.               ###
 ###                                                                        ###
 ###  When using TLS security and your peer runs OpenVPN 1.3.X, the PEER    ###
 ###  must use --disable-occ.  This version of OpenVPN cannot use TLS mode  ###
diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-plist /root/ports/security/openvpn/pkg-plist
--- /usr/ports/security/openvpn/pkg-plist	Mon May 19 16:49:03 2003
+++ /root/ports/security/openvpn/pkg-plist	Mon Feb 28 13:39:40 2005
@@ -14,13 +14,20 @@
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-inter
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-key
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-key-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-key-pkcs12
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-key-server
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-req
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-req-pass
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/clean-all
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/list-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/make-crl
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/openssl.cnf
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-crt
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-full
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/sign-req
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/vars
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/home.up
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/loopback-client
@@ -28,12 +35,16 @@
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/office.up
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-shutdown.sh
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/openvpn-startup.sh
+%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/server.conf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-home.conf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/static-office.conf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-home.conf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/tls-office.conf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-client-config
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/xinetd-server-config
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/auth-pam.pl
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-start
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-stop
 %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/openvpn.init
 %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts
--- openvpn-2.0.patch ends here ---

>Release-Note:
>Audit-Trail:

From: Vasil Dimov <vd@datamax.bg>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: ports/80082: [MAINTAINER] security/openvpn: update to 2.0
Date: Tue, 19 Apr 2005 08:42:49 +0300

 --9amGYk9869ThD9tj
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Please do not update openvpn port from 1.6 to 2.0.
 
 Instead new port should be added as requested in ports/80034.
 
 --9amGYk9869ThD9tj
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 
 iD8DBQFCZJpZFw6SP/bBpCARAraVAJ4lhn8nR3oU1mML1kiRtON8m0Lr1ACfQwbZ
 DZypWvce7ESqUD9olWPMFVU=
 =1T9U
 -----END PGP SIGNATURE-----
 
 --9amGYk9869ThD9tj--
Responsible-Changed-From-To: freebsd-ports-bugs->jylefort 
Responsible-Changed-By: jylefort 
Responsible-Changed-When: Tue Apr 19 23:25:18 GMT 2005 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=80082 
State-Changed-From-To: open->feedback 
State-Changed-By: jylefort 
State-Changed-When: Wed Apr 20 17:31:14 GMT 2005 
State-Changed-Why:  
Maintainer: should I update security/openvpn to 2.0, or create 
security/openvpn2 as requested above? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=80082 
State-Changed-From-To: feedback->closed 
State-Changed-By: jylefort 
State-Changed-When: Thu Apr 21 14:04:47 GMT 2005 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=80082 
>Unformatted:
