1 files changed, 20 insertions, 10 deletions

diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile
index e14df3d594dc..409693652e0b 100644
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=		openvpn
-DISTVERSION=		2.5.8
+DISTVERSION=		2.6.0
 PORTREVISION?=		0
 CATEGORIES=		security net net-vpn
 MASTER_SITES=		https://swupdate.openvpn.org/community/releases/ \
@@ -8,24 +8,28 @@ MASTER_SITES=		https://swupdate.openvpn.org/community/releases/ \
 
 MAINTAINER=		mandree@FreeBSD.org
 COMMENT?=		Secure IP/Ethernet tunnel daemon
-WWW=		https://openvpn.net/community/
+WWW=			https://openvpn.net/community/
 
 LICENSE=		GPLv2
 LICENSE_FILE=		${WRKSRC}/COPYRIGHT.GPL
 
-USES=			cpe libtool localbase:ldflags pkgconfig shebangfix ssl tar:xz
+BUILD_DEPENDS+=		cmocka>=0:sysutils/cmocka \
+			rst2man:textproc/py-docutils@${PY_FLAVOR}
+
+USES=			cpe libtool localbase:ldflags pkgconfig python:build shebangfix ssl
 USE_RC_SUBR=		openvpn
 
-SHEBANG_FILES=		sample/sample-scripts/verify-cn \
-			sample/sample-scripts/auth-pam.pl \
-			sample/sample-scripts/ucn.pl
+SHEBANG_FILES=		sample/sample-scripts/auth-pam.pl \
+			sample/sample-scripts/totpauth.py \
+			sample/sample-scripts/ucn.pl \
+			sample/sample-scripts/verify-cn
 
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--enable-strict --with-crypto-library=openssl
 # set PLUGIN_LIBDIR so that unqualified plugin paths are found:
 CONFIGURE_ENV+=		PLUGINDIR="${PREFIX}/lib/openvpn/plugins"
 
-CONFLICTS_INSTALL?=	openvpn-2.[!5].* openvpn-devel openvpn-mbedtls
+CONFLICTS_INSTALL?=	openvpn-2* openvpn-devel openvpn-mbedtls
 
 SUB_FILES=		pkg-message openvpn-client
 
@@ -35,10 +39,14 @@ GROUPS=			openvpn
 PORTDOCS=		*
 PORTEXAMPLES=		*
 
-OPTIONS_DEFINE=		ASYNC_PUSH DOCS EASYRSA EXAMPLES LZ4 LZO PKCS11 SMALL \
+OPTIONS_DEFINE=		ASYNC_PUSH DCO DOCS EASYRSA EXAMPLES LZ4 LZO PKCS11 SMALL \
 			TEST UNITTESTS X509ALTUSERNAME
 OPTIONS_DEFAULT=	EASYRSA LZ4 LZO PKCS11 TEST
+OPTIONS_EXCLUDE_FreeBSD_12=	DCO # FreeBSD 14 only
+OPTIONS_EXCLUDE_FreeBSD_13=	DCO # FreeBSD 14 only
+
 ASYNC_PUSH_DESC=	Enable async-push support
+DCO_DESC=			Build with Data Channel Offload (ovpn(4)) support
 EASYRSA_DESC=		Install security/easy-rsa RSA helper package
 LZO_DESC=		LZO compression (incompatible with LibreSSL)
 PKCS11_DESC=		Use security/pkcs11-helper, needs same SSL lib!
@@ -49,6 +57,8 @@ X509ALTUSERNAME_DESC=	Enable --x509-username-field
 ASYNC_PUSH_LIB_DEPENDS=	libinotify.so:devel/libinotify
 ASYNC_PUSH_CONFIGURE_ENABLE=	async-push
 
+DCO_CONFIGURE_ENABLE=	dco
+
 EASYRSA_RUN_DEPENDS=	easy-rsa>=0:security/easy-rsa
 
 LZ4_LIB_DEPENDS+=	liblz4.so:archivers/liblz4
@@ -98,8 +108,9 @@ post-patch:
 	${REINPLACE_CMD} -E -i '' -e 's/(user|group) nobody/\1 openvpn/' \
 		-e 's/"nobody"( after init)/"openvpn" \1/' \
 		${WRKSRC}/sample/sample-config-files/*.conf \
-		${WRKSRC}/sample/sample-config-files/xinetd-*-config \
 		${WRKSRC}/doc/man-sections/generic-options.rst
+	# this header file was missed from the 2.6.0 tarball
+	${CP} ${FILESDIR}/ovpn_dco_freebsd.h ${WRKSRC}/src/openvpn/ # FIXME remove for 2.6.1
 
 pre-configure:
 	# just too many of sign-compare; bitwise-instead-of-logical was audited and is intentional,
@@ -142,7 +153,6 @@ post-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so
 	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
 	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down
-	@${REINPLACE_CMD} 's|resolvconf -p -a|resolvconf -a|' ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
 	${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client
 	${MKDIR} ${STAGEDIR}${PREFIX}/include