[pkgsrc/trunk]: pkgsrc/net openvpn: update to 2.4.4

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f578888f9978
branches:  trunk
changeset: 369671:f578888f9978
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Mon Oct 02 15:54:23 2017 +0000

description:
openvpn: update to 2.4.4

Version 2.4.4
=============
This is primarily a maintenance release, with further improved OpenSSL 1.1
integration, several minor bug fixes and other minor improvements.

Bug fixes
---------
- Fix issues when a pushed cipher via the Negotiable Crypto Parameters (NCP) is
  rejected by the remote side

- Ignore ``--keysize`` when NCP have resulted in a changed cipher.

- Configurations using ``--auth-nocache`` and the management interface to provide
  user credentials (like NetworkManager on Linux) on client side with servers
  implementing authentication tokens (for example, using ``--auth-gen-token``)
  will now behave correctly and not query the user for an, to them, unknown
  authentication token on renegotiations of the tunnel.

- Fix bug causing invalid or corrupt SOCKS port number when changing the
  proxy via the management interface.

- The man page should now have proper escaping of hyphens/minus characters
  and have seen some minor corrections.

User-visible Changes
--------------------
- Linux servers with systemd which uses the ``openvpn-server@.service`` unit
  file for server configurations will now utilize the automatic restart feature
  in systemd.  If the OpenVPN server process dies unexpectedly, systemd will
  ensure the OpenVPN configuration will be restarted without any user interaction.

Deprecated features
-------------------
- ``--no-replay`` is deprecated and will be removed in OpenVPN 2.5.
- ``--keysize`` is deprecated in OpenVPN 2.4 and will be removed in v2.6

Security
--------
- CVE-2017-12166: Fix bounds check for configurations using ``--key-method 1``.
  Before this fix, it could allow an attacker to send a malformed packet to
  trigger a stack overflow.  This is considered to be a low risk issue, as
  ``--key-method 2`` has been the default since OpenVPN 2.0 (released on
  2005-04-17).  This option is already deprecated in v2.4 and will be
  completely removed in v2.5.

diffstat:

 net/openvpn-acct-wtmpx/distinfo |  10 +++++-----
 net/openvpn-nagios/distinfo     |  10 +++++-----
 net/openvpn/Makefile.common     |   4 ++--
 net/openvpn/PLIST               |   4 ++--
 net/openvpn/distinfo            |  10 +++++-----
 5 files changed, 19 insertions(+), 19 deletions(-)

diffs (91 lines):

diff -r 2be5b55fc211 -r f578888f9978 net/openvpn-acct-wtmpx/distinfo
--- a/net/openvpn-acct-wtmpx/distinfo   Mon Oct 02 15:51:04 2017 +0000
+++ b/net/openvpn-acct-wtmpx/distinfo   Mon Oct 02 15:54:23 2017 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.16 2017/07/01 22:12:53 joerg Exp $
+$NetBSD: distinfo,v 1.17 2017/10/02 15:54:23 wiz Exp $
 
+SHA1 (openvpn/openvpn-2.4.4.tar.xz) = 23f614a2087ad0136a836537ecfd47af09f27276
+RMD160 (openvpn/openvpn-2.4.4.tar.xz) = 945ef4521dcbaf0bc03964fa6d62583af5d87d92
+SHA512 (openvpn/openvpn-2.4.4.tar.xz) = c171d1243ab739310247f076483592758e71f810f7b29b507d3a67b86b3b87e1e854d240d25a3428a7b31b7cf2958ad17987d32151da6ed7ec27d698837d3273
+Size (openvpn/openvpn-2.4.4.tar.xz) = 924172 bytes
 SHA1 (openvpn/openvpn-acct-wtmpx-20130210.tgz) = cf7bc26b12a65493cdf5db93b03bbb938a2f0f33
 RMD160 (openvpn/openvpn-acct-wtmpx-20130210.tgz) = d9000789f04606bfa17db1597a45a4235b1119ea
 SHA512 (openvpn/openvpn-acct-wtmpx-20130210.tgz) = 7b8fd4929e65d8d84158f62e5a17ff3adb3b4a6cff63b29038acfb368750719f2f593786ed9b02402824c19d872b188d2a46740a5c5f853e8873a71481b13aaf
 Size (openvpn/openvpn-acct-wtmpx-20130210.tgz) = 2778 bytes
-SHA1 (openvpn/openvpn-2.4.3.tar.xz) = b3adaf06225c13ab55b88a0edd3df71278860c20
-RMD160 (openvpn/openvpn-2.4.3.tar.xz) = 110f2879222c6a0a076af10fbce4deff2a0ff4b0
-SHA512 (openvpn/openvpn-2.4.3.tar.xz) = b92ec769f672fa7c7a70985535754c566891f94774e4bc3aeb2141b3c168783aebeb82341635d3708978dd3254708221e2ddaae9919d4cf398318fff7d01c926
-Size (openvpn/openvpn-2.4.3.tar.xz) = 938440 bytes
 SHA1 (patch-Makefile) = 4ed829df8d43a6e6b9b0242c749630079a41f5e4
diff -r 2be5b55fc211 -r f578888f9978 net/openvpn-nagios/distinfo
--- a/net/openvpn-nagios/distinfo       Mon Oct 02 15:51:04 2017 +0000
+++ b/net/openvpn-nagios/distinfo       Mon Oct 02 15:54:23 2017 +0000
@@ -1,12 +1,12 @@
-$NetBSD: distinfo,v 1.13 2017/07/01 22:12:53 joerg Exp $
+$NetBSD: distinfo,v 1.14 2017/10/02 15:54:24 wiz Exp $
 
+SHA1 (openvpn/openvpn-2.4.4.tar.xz) = 23f614a2087ad0136a836537ecfd47af09f27276
+RMD160 (openvpn/openvpn-2.4.4.tar.xz) = 945ef4521dcbaf0bc03964fa6d62583af5d87d92
+SHA512 (openvpn/openvpn-2.4.4.tar.xz) = c171d1243ab739310247f076483592758e71f810f7b29b507d3a67b86b3b87e1e854d240d25a3428a7b31b7cf2958ad17987d32151da6ed7ec27d698837d3273
+Size (openvpn/openvpn-2.4.4.tar.xz) = 924172 bytes
 SHA1 (openvpn/openvpn-nagios-20130210.tgz) = 8a0fd4e3eba27584aa53c5589c13d4b38af43ba2
 RMD160 (openvpn/openvpn-nagios-20130210.tgz) = 2a47893ec2db2c280adc7b9fbbea97794ec1a6f4
 SHA512 (openvpn/openvpn-nagios-20130210.tgz) = 80e565f32379c39eb6c7f3b4744af221ae882ff07dce9dae5bd7feb73b0edcfc7c7ac7f70d23fdcd4f492b66f095f09833deb122449840b36ea606ce91900358
 Size (openvpn/openvpn-nagios-20130210.tgz) = 3034 bytes
-SHA1 (openvpn/openvpn-2.4.3.tar.xz) = b3adaf06225c13ab55b88a0edd3df71278860c20
-RMD160 (openvpn/openvpn-2.4.3.tar.xz) = 110f2879222c6a0a076af10fbce4deff2a0ff4b0
-SHA512 (openvpn/openvpn-2.4.3.tar.xz) = b92ec769f672fa7c7a70985535754c566891f94774e4bc3aeb2141b3c168783aebeb82341635d3708978dd3254708221e2ddaae9919d4cf398318fff7d01c926
-Size (openvpn/openvpn-2.4.3.tar.xz) = 938440 bytes
 SHA1 (patch-Makefile) = accc6a2a49530a504897451f2a2f45c528b7b131
 SHA1 (patch-openvpn-nagios.c) = 36e9ee6e652051b3b047710666998052bef637db
diff -r 2be5b55fc211 -r f578888f9978 net/openvpn/Makefile.common
--- a/net/openvpn/Makefile.common       Mon Oct 02 15:51:04 2017 +0000
+++ b/net/openvpn/Makefile.common       Mon Oct 02 15:54:23 2017 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.11 2017/07/01 22:12:53 joerg Exp $
+# $NetBSD: Makefile.common,v 1.12 2017/10/02 15:54:23 wiz Exp $
 # used by net/openvpn/Makefile
 # used by net/openvpn-acct-wtmpx/Makefile
 # used by net/openvpn-nagios/Makefile
 
-OPENVPN_DISTNAME=      openvpn-2.4.3
+OPENVPN_DISTNAME=      openvpn-2.4.4
 # Remove DIST_SUBDIR on next update, update distinfo of depending packages
 DIST_SUBDIR=           openvpn
 OPENVPN_DISTFILE=      ${OPENVPN_DISTNAME}.tar.xz
diff -r 2be5b55fc211 -r f578888f9978 net/openvpn/PLIST
--- a/net/openvpn/PLIST Mon Oct 02 15:51:04 2017 +0000
+++ b/net/openvpn/PLIST Mon Oct 02 15:54:23 2017 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.19 2017/05/24 20:35:12 adam Exp $
+@comment $NetBSD: PLIST,v 1.20 2017/10/02 15:54:23 wiz Exp $
 include/openvpn-msg.h
 include/openvpn-plugin.h
 ${PLIST.pam}lib/openvpn/plugins/openvpn-plugin-auth-pam.la
@@ -12,7 +12,7 @@
 share/doc/openvpn/README.IPv6
 ${PLIST.pam}share/doc/openvpn/README.auth-pam
 share/doc/openvpn/README.down-root
-share/doc/openvpn/README.polarssl
+share/doc/openvpn/README.mbedtls
 share/doc/openvpn/management-notes.txt
 share/examples/openvpn/config/README
 share/examples/openvpn/config/client.conf
diff -r 2be5b55fc211 -r f578888f9978 net/openvpn/distinfo
--- a/net/openvpn/distinfo      Mon Oct 02 15:51:04 2017 +0000
+++ b/net/openvpn/distinfo      Mon Oct 02 15:54:23 2017 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.38 2017/06/26 07:21:21 adam Exp $
+$NetBSD: distinfo,v 1.39 2017/10/02 15:54:23 wiz Exp $
 
-SHA1 (openvpn/openvpn-2.4.3.tar.xz) = b3adaf06225c13ab55b88a0edd3df71278860c20
-RMD160 (openvpn/openvpn-2.4.3.tar.xz) = 110f2879222c6a0a076af10fbce4deff2a0ff4b0
-SHA512 (openvpn/openvpn-2.4.3.tar.xz) = b92ec769f672fa7c7a70985535754c566891f94774e4bc3aeb2141b3c168783aebeb82341635d3708978dd3254708221e2ddaae9919d4cf398318fff7d01c926
-Size (openvpn/openvpn-2.4.3.tar.xz) = 938440 bytes
+SHA1 (openvpn/openvpn-2.4.4.tar.xz) = 23f614a2087ad0136a836537ecfd47af09f27276
+RMD160 (openvpn/openvpn-2.4.4.tar.xz) = 945ef4521dcbaf0bc03964fa6d62583af5d87d92
+SHA512 (openvpn/openvpn-2.4.4.tar.xz) = c171d1243ab739310247f076483592758e71f810f7b29b507d3a67b86b3b87e1e854d240d25a3428a7b31b7cf2958ad17987d32151da6ed7ec27d698837d3273
+Size (openvpn/openvpn-2.4.4.tar.xz) = 924172 bytes
 SHA1 (patch-configure) = 240342a88baed7642dfd63ed0a2ab4c0a75adbd4
 SHA1 (patch-src_compat_compat-basename.c) = 45a58ef2e05f6e0265f229da8540760e60e65143