[pkgsrc/trunk]: pkgsrc/net/openvpn Security update to version 2.0.5.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/net/openvpn Security update to version 2.0.5.
From: salo <salo%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 02:32:13 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/57144c6e4deb
branches:  trunk
changeset: 502240:57144c6e4deb
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu Nov 03 14:31:19 2005 +0000

description:
Security update to version 2.0.5.

Changes:

2.0.5:
======
- Fixed bug in Linux get_default_gateway function
  introduced in 2.0.4, which would cause redirect-gateway
  on Linux clients to fail.
- Restored easy-rsa/2.0 tree (backported from 2.1 beta
  series) which accidentally disappeared in
  2.0.2 -> 2.0.4 transition.

2.0.4:
======
- Security fix -- Affects non-Windows OpenVPN clients of
  version 2.0 or higher which connect to a malicious or
  compromised server.  A format string vulnerability
  in the foreign_option function in options.c could
  potentially allow a malicious or compromised server
  to execute arbitrary code on the client.  Only
  non-Windows clients are affected.  The vulnerability
  only exists if (a) the client's TLS negotiation with
  the server succeeds, (b) the server is malicious or
  has been compromised such that it is configured to
  push a maliciously crafted options string to the client,
  and (c) the client indicates its willingness to accept
  pushed options from the server by having "pull" or
  "client" in its configuration file (Credit: Vade79).
  CVE-2005-3393
- Security fix -- Potential DoS vulnerability on the
  server in TCP mode.  If the TCP server accept() call
  returns an error status, the resulting exception handler
  may attempt to indirect through a NULL pointer, causing
  a segfault.  Affects all OpenVPN 2.0 versions.
  CVE-2005-3409
- Fix attempt of assertion at multi.c:1586 (note that
  this precise line number will vary across different
  versions of OpenVPN).
- Added ".PHONY: plugin" to Makefile.am to work around
  "make dist" issue.
- Fixed double fork issue that occurs when --management-hold
  is used.
- Moved TUN/TAP read/write log messages from --verb 8 to 6.
- Warn when multiple clients having the same common name or
  username usurp each other when --duplicate-cn is not used.
- Modified Windows and Linux versions of get_default_gateway
  to return the route with the smallest metric
  if multiple 0.0.0.0/0.0.0.0 entries are present.

2.0.3:
======
- openvpn_plugin_abort_v1 function wasn't being properly
  registered on Windows.
- Fixed a bug where --mode server --proto tcp-server --cipher none
  operation could cause tunnel packet truncation.

diffstat:

 net/openvpn/Makefile         |  6 ++----
 net/openvpn/distinfo         |  8 ++++----
 net/openvpn/files/openvpn.sh |  3 ++-
 3 files changed, 8 insertions(+), 9 deletions(-)

diffs (47 lines):

diff -r b66646266e8b -r 57144c6e4deb net/openvpn/Makefile
--- a/net/openvpn/Makefile      Thu Nov 03 13:50:58 2005 +0000
+++ b/net/openvpn/Makefile      Thu Nov 03 14:31:19 2005 +0000
@@ -1,9 +1,7 @@
-# $NetBSD: Makefile,v 1.10 2005/09/18 03:11:39 jlam Exp $
+# $NetBSD: Makefile,v 1.11 2005/11/03 14:31:19 salo Exp $
 #
 
-DISTNAME=      openvpn-2.0.2
-PKGNAME=       ${DISTNAME:S/_//}
-PKGREVISION=   1
+DISTNAME=      openvpn-2.0.5
 CATEGORIES=    net
 MASTER_SITES=  http://openvpn.net/release/ \
                http://openvpn.net/release/old/
diff -r b66646266e8b -r 57144c6e4deb net/openvpn/distinfo
--- a/net/openvpn/distinfo      Thu Nov 03 13:50:58 2005 +0000
+++ b/net/openvpn/distinfo      Thu Nov 03 14:31:19 2005 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.5 2005/09/01 03:40:42 jlam Exp $
+$NetBSD: distinfo,v 1.6 2005/11/03 14:31:19 salo Exp $
 
-SHA1 (openvpn-2.0.2.tar.gz) = b1a86e189007dccb969da7e39b18c32819faa9cf
-RMD160 (openvpn-2.0.2.tar.gz) = 0a7a5d73ffda93862d71dd4d61d4e29a0a5d99e3
-Size (openvpn-2.0.2.tar.gz) = 663246 bytes
+SHA1 (openvpn-2.0.5.tar.gz) = ba65a29e528e8e5f0978e89ef766c43d1d2a25aa
+RMD160 (openvpn-2.0.5.tar.gz) = add5c84c56b8a95d18e70ffa072bf9c42166074d
+Size (openvpn-2.0.5.tar.gz) = 662647 bytes
diff -r b66646266e8b -r 57144c6e4deb net/openvpn/files/openvpn.sh
--- a/net/openvpn/files/openvpn.sh      Thu Nov 03 13:50:58 2005 +0000
+++ b/net/openvpn/files/openvpn.sh      Thu Nov 03 14:31:19 2005 +0000
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: openvpn.sh,v 1.2 2005/09/18 03:11:40 jlam Exp $
+# $NetBSD: openvpn.sh,v 1.3 2005/11/03 14:31:19 salo Exp $
 #
 # PROVIDE: openvpn
 # REQUIRE: NETWORKING
@@ -65,6 +65,7 @@
                        return 1
                fi
        done
+       echo "Starting ${name}."
        for f in $openvpn_cfg; do
                doit="$command $command_args --config $f"
                if ! eval $doit; then

Prev by Date: [pkgsrc/trunk]: pkgsrc/editors/heme Fixed the HOMEPAGE.
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Note www/libwww PKGREVISION bump: security fix.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/editors/heme Fixed the HOMEPAGE.
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Note www/libwww PKGREVISION bump: security fix.
Indexes:

Home | Main Index | Thread Index | Old Index