From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1695971-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id E728B1581F3
	for <garchives@archives.gentoo.org>; Sun,  1 Dec 2024 12:42:35 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6B7F9E085B;
	Sun,  1 Dec 2024 12:42:34 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 4D46CE085B
	for <gentoo-commits@lists.gentoo.org>; Sun,  1 Dec 2024 12:42:34 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 69795342FF9
	for <gentoo-commits@lists.gentoo.org>; Sun,  1 Dec 2024 12:42:33 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 1FFF72191
	for <gentoo-commits@lists.gentoo.org>; Sun,  1 Dec 2024 12:42:30 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1733056942.314bc94029d37d3ad6ed566d1a46b7b4711cc426.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-vpn/openvpn/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-vpn/openvpn/Manifest net-vpn/openvpn/openvpn-2.6.12.ebuild
X-VCS-Directories: net-vpn/openvpn/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 314bc94029d37d3ad6ed566d1a46b7b4711cc426
X-VCS-Branch: master
Date: Sun,  1 Dec 2024 12:42:30 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: b6a4caf7-b84a-4800-b283-d56b5514e8f9
X-Archives-Hash: 3a5492749d67215c8cdb8528f0ddd2c9

commit:     314bc94029d37d3ad6ed566d1a46b7b4711cc426
Author:     Christopher Fore <csfore <AT> posteo <DOT> net>
AuthorDate: Tue Oct 15 19:44:41 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Dec  1 12:42:22 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=314bc940

net-vpn/openvpn: add 2.6.12, security bump

- Tests pass

Bug: https://bugs.gentoo.org/938533
Signed-off-by: Christopher Fore <csfore <AT> posteo.net>
Closes: https://github.com/gentoo/gentoo/pull/39004
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-vpn/openvpn/Manifest              |   1 +
 net-vpn/openvpn/openvpn-2.6.12.ebuild | 199 ++++++++++++++++++++++++++++++++++
 2 files changed, 200 insertions(+)

diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest
index 08e1a80758dc..2a57553a53b1 100644
--- a/net-vpn/openvpn/Manifest
+++ b/net-vpn/openvpn/Manifest
@@ -1,6 +1,7 @@
 DIST openvpn-2.5.2.tar.xz 1134644 BLAKE2B 59aa0c540894de4cfb37ad4c3139eb69a35d317e3de490f71b185a979989c1253221091a30bfb2ee5243fcfae190605e9787051de079eee79e57bd63392c42d5 SHA512 ae2cac00ae4b9e06e7e70b268ed47d36bbb45409650175e507d5bfa12b0a4f24bccc64f2494d1563f9269c8076d0f753a492f01ea33ce376ba00b7cdcb5c7bd0
 DIST openvpn-2.5.6.tar.xz 1150352 BLAKE2B 509821eca9d40c5579700e05e560b906ddee5abb0c51a9a210e2e998cdd9606f734d43d3bec8c473cc4f0aaa1e265e7f05202aa606247ebde8844c0243165fac SHA512 f0f0600df013431af804ace70ea86ac064917acdeaad3759b5d5eaa4a8dc3738d6da6df4c16bbb23443e3493487541cb8b10b89f9f0b40a17caa6e6fc46e0adb
 DIST openvpn-2.5.7.tar.xz 1150476 BLAKE2B e8d24a8be8ff97072ef3b76dbec15cd6e7097ebe99f680d759f213cb5643d7b4a29664d2a96e6efe1d6ee858a6d6b3f23c6d12cf74f202fbe8cc48642f18dba6 SHA512 9a3234b479f5bab12b8c3af7691f175f8cd32f2929dd27efc16e96e14dbb8e07421e623869ad5ffc2d7e65f2266817d1583723033f3646b9913b10ec6d014b44
+DIST openvpn-2.6.12.tar.gz 1912400 BLAKE2B 5e40c61cb4aea3db27eff8ae7f49dafaa6e47c8a19fee5fa8802956fc976be490e9b558397741bc2e4447129f174176f9fbbfce16478d96b27a39ecb08a9da86 SHA512 92f548186d9375d6ae47b1387dd191241b8a45aed82294523b3771bdd5e699b94265e1a3bbf3ef2638da0d54c19c783f54c456cbd755c846849bf67913cad6db
 DIST openvpn-2.6.4.tar.gz 1861178 BLAKE2B 584fc3950732d6a1db417811f6e330a154537207f6c9543ab03b1c1a886a98a0aee7d1649055a9f7944555ae8865602be15fd8e23b67258917f1adebde050099 SHA512 903ac41691c26e8e4ad65c9b6fb5e75db2caf2e4079d3c4cb61a44e51be9991508f53a1dd8b4b863b4ac86088ad1a705d22131df1e25612560c9f4276d8190ec
 DIST openvpn-2.6.8.tar.gz 1896563 BLAKE2B 70373bcfa29bbec17a94c3129ea030539a165be9626201e1f2827f8f37f114835f9a42a42adffd86e675977ac35076660de36ad76724b0f3cadaaba476a929fc SHA512 deff168f6c4988091eb8ab4d1ab525b5d0e94c4b9ce5cfec00fa9a1a87da338a198067d6386ccc3a7c84761a9e4250804cb3602fb4a2b1f016ba6102db86cfe7
 DIST openvpn-2.6.9.tar.gz 1901193 BLAKE2B 22289b32f2b9afc2aed59f6fc66dc25b3043b8c82858b7857e4f904a25c6cf0f21a41551ed4f8d8869c0e7248e4e060779f760dd606e99cdc02203fbff886536 SHA512 095508b98b76f4bdf4e4dc8832dcff6ba8a2ddaadb5a8e65cd56f28d6f5694ee394210f991f5301e436fcc1b7880a7c8b59d27089d21a5672eeb79cabc243b21

diff --git a/net-vpn/openvpn/openvpn-2.6.12.ebuild b/net-vpn/openvpn/openvpn-2.6.12.ebuild
new file mode 100644
index 000000000000..ebad808e6e1f
--- /dev/null
+++ b/net-vpn/openvpn/openvpn-2.6.12.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools systemd linux-info tmpfiles
+
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
+HOMEPAGE="https://openvpn.net/"
+
+if [[ ${PV} == "9999" ]]; then
+	EGIT_REPO_URI="https://github.com/OpenVPN/${PN}.git"
+	inherit git-r3
+else
+	SRC_URI="https://build.openvpn.net/downloads/releases/${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+
+IUSE="dco down-root examples inotify iproute2 +lz4 +lzo mbedtls +openssl"
+IUSE+=" pam pkcs11 +plugins selinux systemd test"
+
+RESTRICT="!test? ( test )"
+REQUIRED_USE="
+	^^ ( openssl mbedtls )
+	pkcs11? ( !mbedtls )
+	!plugins? ( !pam !down-root )
+	inotify? ( plugins )
+	dco? ( !iproute2 )
+"
+
+COMMON_DEPEND="
+	kernel_linux? (
+		iproute2? ( sys-apps/iproute2[-minimal] )
+	)
+	lz4? ( app-arch/lz4 )
+	lzo? ( >=dev-libs/lzo-1.07 )
+	mbedtls? ( net-libs/mbedtls:= )
+	openssl? ( >=dev-libs/openssl-1.0.2:0= )
+	pam? ( sys-libs/pam )
+	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
+	systemd? ( sys-apps/systemd )
+	dco? ( >=net-vpn/ovpn-dco-0.2 >=dev-libs/libnl-3.2.29:= )
+	sys-libs/libcap-ng:=
+"
+
+BDEPEND="
+	virtual/pkgconfig
+"
+
+DEPEND="
+	${COMMON_DEPEND}
+	test? ( dev-util/cmocka )
+"
+RDEPEND="
+	${COMMON_DEPEND}
+	acct-group/openvpn
+	acct-user/openvpn
+	selinux? ( sec-policy/selinux-openvpn )
+"
+
+if [[ ${PV} = "9999" ]]; then
+	BDEPEND+=" dev-python/docutils"
+fi
+
+pkg_setup() {
+	local CONFIG_CHECK="~TUN"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	local -a myeconfargs
+
+	if ! use mbedtls; then
+		myeconfargs+=(
+			$(use_enable pkcs11)
+		)
+	fi
+
+	myeconfargs+=(
+		$(use_enable inotify async-push)
+		--with-crypto-library=$(usex mbedtls mbedtls openssl)
+		$(use_enable lz4)
+		$(use_enable lzo)
+		$(use_enable plugins)
+		$(use_enable iproute2)
+		$(use_enable pam plugin-auth-pam)
+		$(use_enable down-root plugin-down-root)
+		$(use_enable systemd)
+		$(use_enable dco)
+	)
+
+	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
+		TMPFILES_DIR="/usr/lib/tmpfiles.d" \
+		IPROUTE=$(usex iproute2 '/bin/ip' '') \
+		econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	local -x RUN_SUDO=false
+
+	elog "Running top-level tests"
+	emake check
+
+	pushd tests/unit_tests &>/dev/null || die
+	elog "Running unit tests"
+	emake check
+	popd &>/dev/null || die
+}
+
+src_install() {
+	default
+
+	find "${ED}/usr" -name '*.la' -delete || die
+
+	# install documentation
+	dodoc AUTHORS ChangeLog PORTS README
+
+	# Install some helper scripts
+	keepdir /etc/openvpn
+	exeinto /etc/openvpn
+	doexe "${FILESDIR}/up.sh"
+	doexe "${FILESDIR}/down.sh"
+
+	# Install the init script and config file
+	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
+	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
+
+	# install examples, controlled by the respective useflag
+	if use examples ; then
+		# (is the below comment relevant anymore?)
+		## dodoc does not supportly support directory traversal, #15193
+		docinto examples
+		dodoc -r sample contrib
+	fi
+
+	# https://bugs.gentoo.org/755680#c3
+	doman doc/openvpn.8
+}
+
+pkg_postinst() {
+	tmpfiles_process openvpn.conf
+
+	if use x64-macos ; then
+		elog "You might want to install tuntaposx for TAP interface support:"
+		elog "http://tuntaposx.sourceforge.net"
+	fi
+
+	if systemd_is_booted || has_version sys-apps/systemd ; then
+		elog "In order to use OpenVPN with systemd please use the correct systemd service file."
+		elog  ""
+		elog "server:"
+		elog ""
+		elog "- Place your server configuration file in /etc/openvpn/server"
+		elog "- Use the openvpn-server@.service like so"
+		elog "systemctl start openvpn-server@{Server-config}"
+		elog ""
+		elog "client:"
+		elog ""
+		elog "- Place your client configuration file in /etc/openvpn/client"
+		elog "- Use the openvpn-client@.service like so:"
+		elog "systemctl start openvpn-client@{Client-config}"
+	else
+		elog "The openvpn init script expects to find the configuration file"
+		elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
+		elog ""
+		elog "To create more VPNs, simply create a new .conf file for it and"
+		elog "then create a symlink to the openvpn init script from a link called"
+		elog "openvpn.newconfname - like so"
+		elog "	 cd /etc/openvpn"
+		elog "	 ${EDITOR##*/} foo.conf"
+		elog "	 cd /etc/init.d"
+		elog "	 ln -s openvpn openvpn.foo"
+		elog ""
+		elog "You can then treat openvpn.foo as any other service, so you can"
+		elog "stop one vpn and start another if you need to."
+	fi
+
+	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
+		ewarn ""
+		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
+		ewarn "a client by our init script and as such we force up,down scripts."
+		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
+		ewarn "can move your scripts to."
+	fi
+
+	if use plugins ; then
+		einfo ""
+		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins"
+	fi
+}