pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2005Q3]: pkgsrc/net/openvpn Pullup ticket 884 - requested by L...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a0940e8b92aa
branches:  pkgsrc-2005Q3
changeset: 499672:a0940e8b92aa
user:      seb <seb%pkgsrc.org@localhost>
date:      Sat Nov 05 20:17:18 2005 +0000

description:
Pullup ticket 884 - requested by Lubomir Sedlacik
security update of net/openvpn

Revisions pulled up:
- pkgsrc/net/openvpn/Makefile                                 1.11
- pkgsrc/net/openvpn/distinfo                                 1.6
- pkgsrc/net/openvpn/files/openvpn.sh                         1.3

   Module Name: pkgsrc
   Committed By:        salo
   Date:                Thu Nov  3 14:31:19 UTC 2005

   Modified Files:
        pkgsrc/net/openvpn: Makefile distinfo
        pkgsrc/net/openvpn/files: openvpn.sh

   Log Message:
   Security update to version 2.0.5.

   Changes:

   2.0.5:
   ======
   - Fixed bug in Linux get_default_gateway function
     introduced in 2.0.4, which would cause redirect-gateway
     on Linux clients to fail.
   - Restored easy-rsa/2.0 tree (backported from 2.1 beta
     series) which accidentally disappeared in
     2.0.2 -> 2.0.4 transition.

   2.0.4:
   ======
   - Security fix -- Affects non-Windows OpenVPN clients of
     version 2.0 or higher which connect to a malicious or
     compromised server.  A format string vulnerability
     in the foreign_option function in options.c could
     potentially allow a malicious or compromised server
     to execute arbitrary code on the client.  Only
     non-Windows clients are affected.  The vulnerability
     only exists if (a) the client's TLS negotiation with
     the server succeeds, (b) the server is malicious or
     has been compromised such that it is configured to
     push a maliciously crafted options string to the client,
     and (c) the client indicates its willingness to accept
     pushed options from the server by having "pull" or
     "client" in its configuration file (Credit: Vade79).
     CVE-2005-3393
   - Security fix -- Potential DoS vulnerability on the
     server in TCP mode.  If the TCP server accept() call
     returns an error status, the resulting exception handler
     may attempt to indirect through a NULL pointer, causing
     a segfault.  Affects all OpenVPN 2.0 versions.
     CVE-2005-3409
   - Fix attempt of assertion at multi.c:1586 (note that
     this precise line number will vary across different
     versions of OpenVPN).
   - Added ".PHONY: plugin" to Makefile.am to work around
     "make dist" issue.
   - Fixed double fork issue that occurs when --management-hold
     is used.
   - Moved TUN/TAP read/write log messages from --verb 8 to 6.
   - Warn when multiple clients having the same common name or
     username usurp each other when --duplicate-cn is not used.
   - Modified Windows and Linux versions of get_default_gateway
     to return the route with the smallest metric
     if multiple 0.0.0.0/0.0.0.0 entries are present.

   2.0.3:
   ======
   - openvpn_plugin_abort_v1 function wasn't being properly
     registered on Windows.
   - Fixed a bug where --mode server --proto tcp-server --cipher none
     operation could cause tunnel packet truncation.

diffstat:

 net/openvpn/Makefile         |  6 ++----
 net/openvpn/distinfo         |  8 ++++----
 net/openvpn/files/openvpn.sh |  3 ++-
 3 files changed, 8 insertions(+), 9 deletions(-)

diffs (47 lines):

diff -r 0ae3b65fea6a -r a0940e8b92aa net/openvpn/Makefile
--- a/net/openvpn/Makefile      Sat Nov 05 17:37:56 2005 +0000
+++ b/net/openvpn/Makefile      Sat Nov 05 20:17:18 2005 +0000
@@ -1,9 +1,7 @@
-# $NetBSD: Makefile,v 1.10 2005/09/18 03:11:39 jlam Exp $
+# $NetBSD: Makefile,v 1.10.2.1 2005/11/05 20:17:18 seb Exp $
 #
 
-DISTNAME=      openvpn-2.0.2
-PKGNAME=       ${DISTNAME:S/_//}
-PKGREVISION=   1
+DISTNAME=      openvpn-2.0.5
 CATEGORIES=    net
 MASTER_SITES=  http://openvpn.net/release/ \
                http://openvpn.net/release/old/
diff -r 0ae3b65fea6a -r a0940e8b92aa net/openvpn/distinfo
--- a/net/openvpn/distinfo      Sat Nov 05 17:37:56 2005 +0000
+++ b/net/openvpn/distinfo      Sat Nov 05 20:17:18 2005 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.5 2005/09/01 03:40:42 jlam Exp $
+$NetBSD: distinfo,v 1.5.2.1 2005/11/05 20:17:18 seb Exp $
 
-SHA1 (openvpn-2.0.2.tar.gz) = b1a86e189007dccb969da7e39b18c32819faa9cf
-RMD160 (openvpn-2.0.2.tar.gz) = 0a7a5d73ffda93862d71dd4d61d4e29a0a5d99e3
-Size (openvpn-2.0.2.tar.gz) = 663246 bytes
+SHA1 (openvpn-2.0.5.tar.gz) = ba65a29e528e8e5f0978e89ef766c43d1d2a25aa
+RMD160 (openvpn-2.0.5.tar.gz) = add5c84c56b8a95d18e70ffa072bf9c42166074d
+Size (openvpn-2.0.5.tar.gz) = 662647 bytes
diff -r 0ae3b65fea6a -r a0940e8b92aa net/openvpn/files/openvpn.sh
--- a/net/openvpn/files/openvpn.sh      Sat Nov 05 17:37:56 2005 +0000
+++ b/net/openvpn/files/openvpn.sh      Sat Nov 05 20:17:18 2005 +0000
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: openvpn.sh,v 1.2 2005/09/18 03:11:40 jlam Exp $
+# $NetBSD: openvpn.sh,v 1.2.2.1 2005/11/05 20:17:18 seb Exp $
 #
 # PROVIDE: openvpn
 # REQUIRE: NETWORKING
@@ -65,6 +65,7 @@
                        return 1
                fi
        done
+       echo "Starting ${name}."
        for f in $openvpn_cfg; do
                doit="$command $command_args --config $f"
                if ! eval $doit; then



Home | Main Index | Thread Index | Old Index