pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/net/openvpn

Module Name:    pkgsrc
Committed By:   manu
Date:           Wed Nov 18 08:10:16 UTC 2009

Modified Files:
        pkgsrc/net/openvpn: Makefile distinfo

Log Message:
Update to 2.1rc21. From Changelog:
* Rebuilt OpenVPN Windows installer with OpenSSL 0.9.8l to address
  CVE-2009-3555.  Note that OpenVPN has never relied on the session
  renegotiation capabilities that are built into the SSL/TLS protocol,
  therefore the fix in OpenSSL 0.9.8l (disable SSL/TLS renegotiation
  completely) will not adversely affect OpenVPN mid-session SSL/TLS
  renegotation or any other OpenVPN capabilities.

* Added additional session renegotiation hardening.  OpenVPN has always
  required that mid-session renegotiations build up a new SSL/TLS
  session from scratch.  While the client certificate common name is
  already locked against changes in mid-session TLS renegotiations, we
  now extend this locking to the auth-user-pass username as well as all
  certificate content in the full client certificate chain.

To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/openvpn/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/net/openvpn/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index