pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/52044 CVS commit: pkgsrc/net



The following reply was made to PR pkg/52044; it has been noted by GNATS.

From: "S.P.Zeidler" <spz%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/52044 CVS commit: pkgsrc/net
Date: Fri, 19 May 2017 18:11:04 +0000

 Module Name:	pkgsrc
 Committed By:	spz
 Date:		Fri May 19 18:11:04 UTC 2017
 
 Modified Files:
 	pkgsrc/net/openvpn: Makefile Makefile.common distinfo
 	pkgsrc/net/openvpn-acct-wtmpx: Makefile distinfo
 	pkgsrc/net/openvpn-nagios: Makefile distinfo
 	pkgsrc/net/openvpn/patches: patch-src_openvpn_socket.c
 
 Log Message:
 update openvpn to 2.3.15
 fixes DoSses: CVE-2017-7478 CVE-2017-7479
 fixes PR pkg/52044
 
 relevant excerpt of ChangeLog:
 OpenVPN Change Log
 Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales%openvpn.net@localhost>
 
 2017.05.11 -- Version 2.3.15
 David Sommerseth (5):
       dev-tools: Added script for updating copyright years in files
       Update copyrights
       docs: Further improve --reneg-bytes and SWEET32 information
       git: Merge .gitignore files into a single file
       Make --cipher/--auth none more explicit on the risks
 
 Gert Doering (1):
       Document --proto udp6, tcp6, etc.
 
 Julien Muchembled (1):
       Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset
 
 Steffan Karger (6):
       Add missing includes in error.h
       cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
       Document that OpenVPN 2.3 does not check the CRL signature
       Introduce and use secure_memzero() to erase secrets
       Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
       Don't assert out on receiving too-large control packets (CVE-2017-7478)
 
 2016.12.06 -- Version 2.3.14
 Christian Hesse (1):
       update year in copyright message
 
 David Sommerseth (1):
       Document the --auth-token option
 
 Gert Doering (2):
       Repair topology subnet on FreeBSD 11
       Repair topology subnet on OpenBSD
 
 Lev Stipakov (1):
       Drop recursively routed packets
 
 Selva Nair (4):
       Support --block-outside-dns on multiple tunnels
       When parsing '--setenv opt xx ..' make sure a third parameter is present
       Map restart signals from event loop to SIGTERM during exit-notification wait
       Correctly state the default dhcp server address in man page
 
 Steffan Karger (1):
       Clean up format_hex_ex()
 
 2016.11.02 -- Version 2.3.13
 Arne Schwabe (2):
       Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
       Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer
 
 David Sommerseth (4):
       t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
       t_client.sh: Add support for Kerberos/ksu
       t_client.sh: Improve detection if the OpenVPN process did start during tests
       t_client.sh: Add prepare/cleanup possibilties for each test case
 
 Gert Doering (5):
       Do not abort t_client run if OpenVPN instance does not start.
       Fix t_client runs on OpenSolaris
       make t_client robust against sudoers misconfiguration
       add POSTINIT_CMD_suf to t_client.sh and sample config
       Fix --multihome for IPv6 on 64bit BSD systems.
 
 Ilya Shipitsin (1):
       skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto
 
 Lev Stipakov (2):
       Exclude peer-id from pulled options digest
       Fix compilation in pedantic mode
 
 Samuli Seppänen (1):
       Automatically cache expected IPs for t_client.sh on the first run
 
 Steffan Karger (6):
       Fix unittests for out-of-source builds
       Make gnu89 support explicit
       cleanup: remove code duplication in msg_test()
       Update cipher-related man page text
       Limit --reneg-bytes to 64MB when using small block ciphers
       Add a revoked cert to the sample keys
 
 2016.08.23 -- Version 2.3.12
 Arne Schwabe (2):
       Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
       Move ASSERT so external-key with OpenSSL works again
 
 David Sommerseth (3):
       Only build and run cmocka unit tests if its submodule is initialized
       Another fix related to unit test framework
       Remove NOP function and callers
 
 Dorian Harmans (1):
       Add CHACHA20-POLY1305 ciphersuite IANA name translations.
 
 Ivo Manca (1):
       Plug memory leak in mbedTLS backend
 
 Jeffrey Cutter (1):
       Update contrib/pull-resolv-conf/client.up for no DOMAIN
 
 Jens Neuhalfen (2):
       Add unit testing support via cmocka
       Add a test for auth-pam searchandreplace
 
 Josh Cepek (1):
       Push an IPv6 CIDR mask used by the server, not the pool's size
 
 Leon Klingele (1):
       Add link to bug tracker
 
 Samuli Seppänen (2):
       Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
       Clarify the fact that build instructions in README are for release tarballs
 
 Selva Nair (4):
       Make error non-fatal while deleting address using netsh
       Make block-outside-dns work with persist-tun
       Ignore SIGUSR1/SIGHUP during exit notification
       Promptly close the netcmd_semaphore handle after use
 
 Steffan Karger (4):
       Fix polarssl / mbedtls builds
       Don't limit max incoming message size based on c2->frame
       Fix '--cipher none --cipher' crash
       Discourage using 64-bit block ciphers
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.60 -r1.61 pkgsrc/net/openvpn/Makefile
 cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/openvpn/Makefile.common
 cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/openvpn/distinfo
 cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/openvpn-acct-wtmpx/Makefile
 cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/openvpn-acct-wtmpx/distinfo
 cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/openvpn-nagios/Makefile
 cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/openvpn-nagios/distinfo
 cvs rdiff -u -r1.2 -r1.3 \
     pkgsrc/net/openvpn/patches/patch-src_openvpn_socket.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 


Home | Main Index | Thread Index | Old Index