HomeFreeBSD

security/openvpn: update to v2.5.7

Description

security/openvpn: update to v2.5.7

FreeBSD-related changes from Changes.rst:

  • Limited OpenSSL 3.0 support OpenSSL 3.0 support has been added. OpenSSL 3.0 support in 2.5 relies on the compatiblity layer and full OpenSSL 3.0 support is coming with OpenVPN 2.6. Only features that impact usage directly have been backported:

    `--tls-cert-profile insecure` has been added to allow selecting the lowest OpenSSL security level (not recommended, use only if you must).

    OpenSSL 3.0 no longer supports the Blowfish (and other deprecated) algorithm by default and the new option `--providers allows loading the legacy provider to renable these algorithms. Most notably, reading of many PKCS#12 files encrypted with the RC2 algorithm fails unless --providers legacy default` is configured.

    The OpenSSL engine feature `--engine` is not enabled by default anymore if OpenSSL 3.0 is detected.
  • print OpenSSL error stack if decoding PKCS12 file fails
  • fix PATH_MAX build failure in auth-pam.c
  • fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface

detailed changes: https://github.com/OpenVPN/openvpn/releases/tag/v2.5.7

(cherry picked from commit 9acfd1b4afebdf57366dff963ddc70d962994d1d)

While here, deprecate MBEDTLS.

Details

Provenance
mandreeAuthored on May 28 2022, 6:37 PM
Parents
R11:a8a97c6bb20e: emulators/virtualbox-ose-legacy: Mark as BROKEN on recent head
Branches
Unknown
Tags
Unknown