Module Name:	pkgsrc
Committed By:	jlam
Date:		Wed Apr  5 13:49:26 UTC 2006

Modified Files:
	pkgsrc/net/openvpn: Makefile distinfo

Log Message:
Update net/openvpn to 2.0.6.  Changes from version 2.0.5 include:

* [security] An OpenVPN client connecting to a malicious or compromised
  server could potentially receive "setenv" configuration directives
  from the server which could cause arbitrary code execution on the
  client via a LD_PRELOAD attack.  A successful attack appears to
  require that (a) the client has agreed to allow the server to push
  configuration directives to it by including "pull" or the macro
  "client" in its configuration file, (b) the client configuration
  file uses a scripting directive such as "up" or "down", (c) the
  client succesfully authenticates the server, (d) the server is
  malicious or has been compromised and is under the control of the
  attacker, and (e) the attacker has at least some level of pre-existing
  control over files on the client (this might be accomplished by
  having the server respond to a client web request with a specially
  crafted file).  The fix is to disallow "setenv" to be pushed to
  clients from the server.  For those who need this capability, OpenVPN
  2.1 supports a new "setenv-safe" directive which is free of this
  vulnerability.

* When deleting routes under Linux, use the route metric as a
  differentiator to ensure that the route teardown process only deletes
  the identical route which was originally added via the "route"
  directive (Roy Marples).

* Fix the t_cltsrv.sh file in FreeBSD 4 jails (Matthias Andree, Dirk
  Meyer, Vasil Dimov).

* Extended tun device configure code to support ethernet bridging on
  NetBSD (Emmanuel Kasper).


To generate a diff of this commit:
cvs rdiff -r1.15 -r1.16 pkgsrc/net/openvpn/Makefile
cvs rdiff -r1.6 -r1.7 pkgsrc/net/openvpn/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.