Move security/openvpn to security/openvpn20 (after previous repocopy).

Update security/openvpn20 to 2.0.9, revising pkg-message.

Move security/openvpn-devel to security/openvpn and
update security/openvpn to 2.1.1.

Remove security/openvpn-devel, adding a MOVED entry.

Update security/Makefile to remove openvpn-devel and add openvpn20 to
SUBDIRS.

Add a UPDATING entry for this shuffle.  Currently without upgrade
instructions since neither portupgrade nor portmaster are up to the
task (because of the CONFLICTS).

Approved by:  garga@ (mentor)

7 files changed, 85 insertions, 92 deletions

diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile
index 152f2075947b..f1c5cf8d0007 100644
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@@ -6,37 +6,32 @@
 #
 
 PORTNAME=	openvpn
-# -----------------------------------------------------
-# DO NOT BOTHER TO SEND NOTICES ABOUT OPENVPN 2.0.9
-# AS IT FIXES WINDOWS-ONLY BUGS THAT DON'T AFFECT *BSD
-# AND THUS DOES NOT WARRANT A PORT UPGRADE!
-# UPGRADE REQUESTS WILL BE DROPPED UNLESS BSD-RELATED.
-# -----------------------------------------------------
-PORTVERSION=	2.0.6
-PORTREVISION=	9
+DISTVERSION=	2.1.1
 CATEGORIES=	security net
 # MASTER_SITES points to hosts in distinct data centers,
 # so just one MASTER_SITES entry should be OK.
 MASTER_SITES=	http://openvpn.net/release/
 
-MAINTAINER=	matthias.andree@gmx.de
+MAINTAINER=	mandree@FreeBSD.org
 COMMENT=	Secure IP/Ethernet tunnel daemon
 
-CONFLICTS=	openvpn-devel-[0-9]*
+CONFLICTS=	openvpn-devel-[0-9]* openvpn-2.0*
 
 GNU_CONFIGURE=	yes
 USE_OPENSSL=	yes
 CONFIGURE_ARGS=	--with-lzo-lib=${LOCALBASE}/lib \
 		--with-lzo-headers=${LOCALBASE}/include
+INSTALL_TARGET=	install mandir=${MANPREFIX}/man
 
 MAN8=		openvpn.8
 
-OPTIONS=	PW_SAVE "Interactive passwords may be read from a file" off
+OPTIONS=	PW_SAVE "Interactive passwords may be read from a file" off \
+		PKCS11  "Use security/pkcs11-helper" off
 
 USE_RC_SUBR=	openvpn.sh
 USE_LDCONFIG=	${PREFIX}/lib
 
-SUB_FILES=	pkg-message pkg-req
+SUB_FILES=	pkg-message
 SUB_LIST+=	OSVERSION=${OSVERSION}
 
 .include <bsd.port.pre.mk>
@@ -47,14 +42,14 @@ SUB_LIST+=	RCSFX=${RC_SUBR_SUFFIX}
 CFLAGS+=	-DLOG_OPENVPN=${LOG_OPENVPN}
 .endif
 
-pre-fetch:
+pre-configure:
 .ifdef (LOG_OPENVPN)
 	@${ECHO} "Building with LOG_OPENVPN=${LOG_OPENVPN}"
 .else
 	@${ECHO} ""
 	@${ECHO} "You may use the following build options:"
 	@${ECHO} ""
-	@${ECHO} "      LOG_OPENVPN={Valid syslog facility}"
+	@${ECHO} "      LOG_OPENVPN={Valid syslog facility, default LOG_DAEMON}"
 	@${ECHO} "      EXAMPLE:  make LOG_OPENVPN=LOG_DAEMON"
 	@${ECHO} ""
 .endif
@@ -73,6 +68,16 @@ LIB_DEPENDS+=	lzo.1:${PORTSDIR}/archivers/lzo
 CONFIGURE_ARGS+=	--enable-password-save
 .endif
 
+.if defined(WITH_PKCS11)
+LIB_DEPENDS+=	pkcs11-helper.1:${PORTSDIR}/security/pkcs11-helper
+.else
+CONFIGURE_ARGS+=	--disable-pkcs11
+.endif
+
+post-patch:
+	@${FIND} ${WRKSRC} -name \*.orig -delete
+	@${FIND} ${WRKSRC} -name \*.bak -delete
+
 post-build:
 	cd ${WRKSRC}/plugin/down-root && ${MAKE}
 	cd ${WRKSRC}/plugin/auth-pam && ${CC} ${CPPFLAGS} -I../.. -DDLOPEN_PAM=0 ${CFLAGS} -fPIC -shared -Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.c pamdl.c -lc -lpam
@@ -81,22 +86,19 @@ post-build:
 	cd ${WRKSRC} && ${MAKE} check
 .endif
 
-pre-install:
-	PKG_PREFIX=${PREFIX} ${SH} ${PKGREQ} ${PKGNAME} INSTALL
-
 post-install:
 	${MKDIR} ${PREFIX}/lib
-	${INSTALL_PROGRAM} ${WRKSRC}/plugin/down-root/openvpn-down-root.so ${PREFIX}/lib
-	${INSTALL_PROGRAM} ${WRKSRC}/plugin/auth-pam/openvpn-auth-pam.so ${PREFIX}/lib
+	${INSTALL_PROGRAM} ${WRKSRC}/plugin/down-root/openvpn-down-root.so ${PREFIX}/lib/
+	${INSTALL_PROGRAM} ${WRKSRC}/plugin/auth-pam/openvpn-auth-pam.so ${PREFIX}/lib/
 .if !defined(NOPORTDOCS)
 	${MKDIR} ${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/plugin/down-root/README ${DOCSDIR}/README.openvpn-down-root
 	${INSTALL_DATA} ${WRKSRC}/plugin/auth-pam/README ${DOCSDIR}/README.openvpn-auth-pam
-.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \
+.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL \
 	PORTS README
-	${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}/
 .endfor
-.for dir in easy-rsa easy-rsa/2.0 sample-config-files
+.for dir in easy-rsa easy-rsa/1.0 easy-rsa/2.0 sample-config-files
 	${MKDIR} ${DOCSDIR}/${dir}
 	${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_DATA} \{\} ${DOCSDIR}/${dir} \;
 .endfor
@@ -104,6 +106,8 @@ post-install:
 	${MKDIR} ${DOCSDIR}/${dir}
 	${FIND} ${WRKSRC}/${dir}/ -maxdepth 1 -type f -exec ${INSTALL_SCRIPT} \{\} ${DOCSDIR}/${dir} \;
 .endfor
+.else
+	-@${RMDIR} ${DOCSDIR}
 .endif
 	@${CAT} ${PKGMESSAGE}
 
diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo
index e36e6e490d74..6a79158b81da 100644
--- a/security/openvpn/distinfo
+++ b/security/openvpn/distinfo
@@ -1,3 +1,3 @@
-MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7
-SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003
-SIZE (openvpn-2.0.6.tar.gz) = 664816
+MD5 (openvpn-2.1.1.tar.gz) = b273ed2b5ec8616fb9834cde8634bce7
+SHA256 (openvpn-2.1.1.tar.gz) = a3180d7af5ff7b05196b2a26bad263291c1987f67e116ebbdcdaf5f678634842
+SIZE (openvpn-2.1.1.tar.gz) = 880115
diff --git a/security/openvpn/files/patch-selftest-ports b/security/openvpn/files/patch-selftest-ports
new file mode 100644
index 000000000000..5e195261eecb
--- /dev/null
+++ b/security/openvpn/files/patch-selftest-ports
@@ -0,0 +1,26 @@
+--- sample-config-files/loopback-client.orig	Mon Oct 16 00:30:20 2006
++++ sample-config-files/loopback-client	Wed Apr  4 00:51:31 2007
+@@ -9,8 +9,8 @@
+ #  ./openvpn --config sample-config-files/loopback-client  (In one window) 
+ #  ./openvpn --config sample-config-files/loopback-server  (Simultaneously in another window) 
+ 
+-rport 16000
+-lport 16001
++rport 16100
++lport 16101
+ remote localhost
+ local localhost
+ dev null
+--- sample-config-files/loopback-server.orig	Mon Oct 16 00:30:20 2006
++++ sample-config-files/loopback-server	Wed Apr  4 00:51:31 2007
+@@ -9,8 +9,8 @@
+ #  ./openvpn --config sample-config-files/loopback-client  (In one window) 
+ #  ./openvpn --config sample-config-files/loopback-server  (Simultaneously in another window) 
+ 
+-rport 16001
+-lport 16000
++rport 16101
++lport 16100
+ remote localhost
+ local localhost
+ dev null
diff --git a/security/openvpn/files/pkg-message.in b/security/openvpn/files/pkg-message.in
index 64494e4d6a85..f79da215e039 100644
--- a/security/openvpn/files/pkg-message.in
+++ b/security/openvpn/files/pkg-message.in
@@ -1,20 +1,7 @@
 ### ------------------------------------------------------------------------
-###  The OpenVPN FreeBSD port, since v2.0.1, uses rcNG to start OpenVPN.
-###  Edit /etc/rc.conf to start OpenVPN automatically at system startup.
-###  See %%PREFIX%%/etc/rc.d/openvpn%%RCSFX%% for details.
+###  Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
+###  startup. See %%PREFIX%%/etc/rc.d/openvpn%%RCSFX%% for details.
 ### ------------------------------------------------------------------------
-###  To get OpenVPN 1.X to talk with the new 2.0 version, you may need to
-###  edit the 1.X configuration file by adding these lines:
-###    tun-mtu 1500
-###    tun-mtu-extra 32
-###    mssfix 1450
-###    key-method 2       <- this key-method line only for TLS setups
-### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-###  WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194!
-###  OpenVPN 1.6 and older used 5000 rather than 1194 as their default
-###  port, so add the proper port options to your configuration file!
-### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-###  For further compatibility, see <http://openvpn.net/relnotes.html>
-### ------------------------------------------------------------------------
-###  If you want to donate to OpenVPN: <http://openvpn.net/donate.html>
+###  For compatibility notes when interoperating with older OpenVPN
+###  versions, please, see <http://openvpn.net/relnotes.html>
 ### ------------------------------------------------------------------------
diff --git a/security/openvpn/files/pkg-req.in b/security/openvpn/files/pkg-req.in
deleted file mode 100644
index 15c8242d8724..000000000000
--- a/security/openvpn/files/pkg-req.in
+++ /dev/null
@@ -1,29 +0,0 @@
-set -e
-
-rcvers() {
-	# determine if we have "old" or "new" (rcorder integration) scheme
-	# for %%PREFIX%%/etc/rc.d/* files
-	if test $1 -ge 700007 || test $1 -lt 700000 -a $1 -ge 600101 ; then
-		echo 2
-	else
-		echo 1
-	fi
-}
-
-if [ "$2" = INSTALL ] ; then
-	# check if the base system is new enough for us,
-	# which should only matter for package installs.
-	buildrc=$(rcvers %%OSVERSION%%)
-	execrc=$(rcvers $(sysctl -n kern.osreldate) )
-	if test $buildrc -gt $execrc ; then
-		cat <<EOF
-
-Error:   this package, $1, was compiled for a newer FreeBSD
-======   version that uses different boot scripts.
-         Therefore, the rc.d script WILL NOT WORK.
-         Please update your ports tree and install security/openvpn from there.
-
-EOF
-		exit 1
-	fi
-fi
diff --git a/security/openvpn/pkg-descr b/security/openvpn/pkg-descr
index b527fa8fa75e..54cd393b84b5 100644
--- a/security/openvpn/pkg-descr
+++ b/security/openvpn/pkg-descr
@@ -4,7 +4,7 @@ using an encrypted tunnel over the internet. It can operate over UDP or TCP,
 can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
 server can handle many clients.
 
-WWW: http://openvpn.net/
+WWW: http://openvpn.net/index.php/open-source.html
 
 - Matthias Andree
-matthias.andree@gmx.de
+mandree@FreeBSD.org
diff --git a/security/openvpn/pkg-plist b/security/openvpn/pkg-plist
index 4df2203dbd05..66f1ebc6b701 100644
--- a/security/openvpn/pkg-plist
+++ b/security/openvpn/pkg-plist
@@ -6,29 +6,29 @@ lib/openvpn-down-root.so
 %%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL
 %%PORTDOCS%%%%DOCSDIR%%/ChangeLog
 %%PORTDOCS%%%%DOCSDIR%%/INSTALL
-%%PORTDOCS%%%%DOCSDIR%%/NEWS
 %%PORTDOCS%%%%DOCSDIR%%/PORTS
 %%PORTDOCS%%%%DOCSDIR%%/README
 %%PORTDOCS%%%%DOCSDIR%%/README.openvpn-auth-pam
 %%PORTDOCS%%%%DOCSDIR%%/README.openvpn-down-root
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/README
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-ca
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-dh
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-inter
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-key
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-key-pass
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-key-pkcs12
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-key-server
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-req
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/build-req-pass
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/clean-all
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/list-crl
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/make-crl
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/openssl.cnf
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-crt
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-full
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/sign-req
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/vars
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/README
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-ca
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-dh
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-inter
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-pkcs12
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-key-server
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/build-req-pass
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/clean-all
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/list-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/make-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/openssl.cnf
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-crt
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/revoke-full
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/sign-req
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/1.0/vars
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/Makefile
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh
@@ -42,11 +42,13 @@ lib/openvpn-down-root.so
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl-0.9.6.cnf
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars
+%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/whichopensslcnf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh
@@ -66,10 +68,13 @@ lib/openvpn-down-root.so
 %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/auth-pam.pl
 %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-start
 %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bridge-stop
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/bs
 %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/openvpn.init
+%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/ucn.pl
 %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/1.0
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa
 %%PORTDOCS%%@dirrm %%DOCSDIR%%