pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/net
Module Name: pkgsrc
Committed By: gdt
Date: Fri Nov 10 00:17:47 UTC 2023
Modified Files:
pkgsrc/net/openvpn: Makefile Makefile.common distinfo
pkgsrc/net/openvpn-acct-wtmpx: Makefile distinfo
pkgsrc/net/openvpn-nagios: Makefile distinfo
pkgsrc/net/openvpn/patches: patch-src_compat_compat-basename.c
Log Message:
net/openvpn: Update to 2.6.7
Upstream NEWS:
Security Fixes:
* CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after
it has been free()d in some circumstances, causing some free()d memory to be sent to the peer.
All configurations using TLS (e.g. not using --secret) are affected by this issue.
(found while tracking down CVE-2023-46849 / Github #400, #417)
* CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration
in some circumstances, leading to a division by zero when --fragment is used. On platforms where
division by zero is fatal, this will cause an OpenVPN crash.(Github #400, #417).
User visible changes:
* DCO: warn if DATA_V1 packets are sent by the other side - this a hard incompatibility between
a 2.6.x client connecting to a 2.4.0-2.4.4 server, and the only fix is to use --disable-dco.
* Remove OpenSSL Engine method for loading a key. This had to be removed because the original author
did not agree to relicensing the code with the new linking exception added. This was a somewhat
obsolete feature anyway as it only worked with OpenSSL 1.x, which is end-of-support.
* add warning if p2p NCP client connects to a p2mp server - this is a combination that used to work
without cipher negotiation (pre 2.6 on both ends), but would fail in non-obvious ways with 2.6 to 2.6.
* add warning to --show-groups that not all supported groups are listed (this is
due the internal enumeration in OpenSSL being a bit weird, omitting X448 and X25519 curves).
* --dns: remove support for exclude-domains argument (this was a new 2.6 option,
with no backend support implemented yet on any platform, and it turns out that
no platform supported it at all - so remove option again)
* warn user if INFO control message too long, do not forward to management client
(safeguard against protocol-violating server implementations)
New features:
* DCO-WIN: get and log driver version (for easier debugging).
* print "peer temporary key details" in TLS handshake
* log OpenSSL errors on failure to set certificate, for example if the algorithms used
are in acceptable to OpenSSL (misleading message would be printed in cryptoapi / pkcs11 scenarios)
* add CMake build system for MinGW and MSVC builds
* remove old MSVC build system
* improve cmocka unit test building for Windows
To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 pkgsrc/net/openvpn/Makefile
cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/openvpn/Makefile.common
cvs rdiff -u -r1.64 -r1.65 pkgsrc/net/openvpn/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/net/openvpn-acct-wtmpx/Makefile
cvs rdiff -u -r1.39 -r1.40 pkgsrc/net/openvpn-acct-wtmpx/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/net/openvpn-nagios/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/net/openvpn-nagios/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/net/openvpn/patches/patch-src_compat_compat-basename.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/openvpn/Makefile
diff -u pkgsrc/net/openvpn/Makefile:1.101 pkgsrc/net/openvpn/Makefile:1.102
--- pkgsrc/net/openvpn/Makefile:1.101 Wed Nov 8 13:20:33 2023
+++ pkgsrc/net/openvpn/Makefile Fri Nov 10 00:17:47 2023
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.101 2023/11/08 13:20:33 wiz Exp $
+# $NetBSD: Makefile,v 1.102 2023/11/10 00:17:47 gdt Exp $
DISTNAME= ${OPENVPN_DISTNAME}
-PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= ${OPENVPN_MASTER_SITES}
Index: pkgsrc/net/openvpn/Makefile.common
diff -u pkgsrc/net/openvpn/Makefile.common:1.33 pkgsrc/net/openvpn/Makefile.common:1.34
--- pkgsrc/net/openvpn/Makefile.common:1.33 Sat Aug 26 14:21:42 2023
+++ pkgsrc/net/openvpn/Makefile.common Fri Nov 10 00:17:47 2023
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.33 2023/08/26 14:21:42 gdt Exp $
+# $NetBSD: Makefile.common,v 1.34 2023/11/10 00:17:47 gdt Exp $
# used by net/openvpn/Makefile
# used by net/openvpn-acct-wtmpx/Makefile
# used by net/openvpn-nagios/Makefile
-OPENVPN_DISTNAME= openvpn-2.6.6
+OPENVPN_DISTNAME= openvpn-2.6.7
OPENVPN_DISTFILE= ${OPENVPN_DISTNAME}.tar.gz
OPENVPN_MASTER_SITES= https://swupdate.openvpn.org/community/releases/
SITES.${OPENVPN_DISTFILE}= ${OPENVPN_MASTER_SITES}
Index: pkgsrc/net/openvpn/distinfo
diff -u pkgsrc/net/openvpn/distinfo:1.64 pkgsrc/net/openvpn/distinfo:1.65
--- pkgsrc/net/openvpn/distinfo:1.64 Sat Aug 26 14:21:42 2023
+++ pkgsrc/net/openvpn/distinfo Fri Nov 10 00:17:47 2023
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.64 2023/08/26 14:21:42 gdt Exp $
+$NetBSD: distinfo,v 1.65 2023/11/10 00:17:47 gdt Exp $
-BLAKE2s (openvpn-2.6.6.tar.gz) = 2467b9aac468ae089192e23c3447ad783412cd11db124891161225e9803c45dd
-SHA512 (openvpn-2.6.6.tar.gz) = f4c528fff6ed130d135d3d5d95dd73b1a9c8eb780b8fbfa30e12107795c1d01a6aaf8940e5b92f4968ddc59a2deb59905ff714632e512444a2f5b0df0dde3cba
-Size (openvpn-2.6.6.tar.gz) = 1901689 bytes
-SHA1 (patch-src_compat_compat-basename.c) = 45a58ef2e05f6e0265f229da8540760e60e65143
+BLAKE2s (openvpn-2.6.7.tar.gz) = 30ba20fb2e45782d0982dbaca522340bc6f42898085f98ec3b2d7ae57623b8c0
+SHA512 (openvpn-2.6.7.tar.gz) = 759a2ba1d14425cab202b9c050b8f4452da61776d213de4c64c4f6e0b07313756865d97c152b26fcd334d238684ffdbf60ef28131df463f37fa318b9c8cb10b0
+Size (openvpn-2.6.7.tar.gz) = 1895682 bytes
+SHA1 (patch-src_compat_compat-basename.c) = c5cd48db40279a956ada044a81e6dfab015d70b6
Index: pkgsrc/net/openvpn-acct-wtmpx/Makefile
diff -u pkgsrc/net/openvpn-acct-wtmpx/Makefile:1.14 pkgsrc/net/openvpn-acct-wtmpx/Makefile:1.15
--- pkgsrc/net/openvpn-acct-wtmpx/Makefile:1.14 Tue Oct 24 22:10:28 2023
+++ pkgsrc/net/openvpn-acct-wtmpx/Makefile Fri Nov 10 00:17:47 2023
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.14 2023/10/24 22:10:28 wiz Exp $
+# $NetBSD: Makefile,v 1.15 2023/11/10 00:17:47 gdt Exp $
.include "../../net/openvpn/Makefile.common"
DISTNAME= openvpn-acct-wtmpx-20130210
-PKGREVISION= 3
+PKGREVISION= 4
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${OPENVPN_DISTFILE}
CATEGORIES= net
MASTER_SITES= http://ftp.espci.fr/pub/openvpn-acct-wtmpx/
Index: pkgsrc/net/openvpn-acct-wtmpx/distinfo
diff -u pkgsrc/net/openvpn-acct-wtmpx/distinfo:1.39 pkgsrc/net/openvpn-acct-wtmpx/distinfo:1.40
--- pkgsrc/net/openvpn-acct-wtmpx/distinfo:1.39 Sat Aug 26 14:23:09 2023
+++ pkgsrc/net/openvpn-acct-wtmpx/distinfo Fri Nov 10 00:17:47 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.39 2023/08/26 14:23:09 gdt Exp $
+$NetBSD: distinfo,v 1.40 2023/11/10 00:17:47 gdt Exp $
-BLAKE2s (openvpn-2.6.6.tar.gz) = 2467b9aac468ae089192e23c3447ad783412cd11db124891161225e9803c45dd
-SHA512 (openvpn-2.6.6.tar.gz) = f4c528fff6ed130d135d3d5d95dd73b1a9c8eb780b8fbfa30e12107795c1d01a6aaf8940e5b92f4968ddc59a2deb59905ff714632e512444a2f5b0df0dde3cba
-Size (openvpn-2.6.6.tar.gz) = 1901689 bytes
+BLAKE2s (openvpn-2.6.7.tar.gz) = 30ba20fb2e45782d0982dbaca522340bc6f42898085f98ec3b2d7ae57623b8c0
+SHA512 (openvpn-2.6.7.tar.gz) = 759a2ba1d14425cab202b9c050b8f4452da61776d213de4c64c4f6e0b07313756865d97c152b26fcd334d238684ffdbf60ef28131df463f37fa318b9c8cb10b0
+Size (openvpn-2.6.7.tar.gz) = 1895682 bytes
BLAKE2s (openvpn-acct-wtmpx-20130210.tgz) = 2bb02a4e6adb7ce1d189271a6fbb6cbffd6a37d7b5e75cccebfc8dfac6dbaddd
SHA512 (openvpn-acct-wtmpx-20130210.tgz) = 7b8fd4929e65d8d84158f62e5a17ff3adb3b4a6cff63b29038acfb368750719f2f593786ed9b02402824c19d872b188d2a46740a5c5f853e8873a71481b13aaf
Size (openvpn-acct-wtmpx-20130210.tgz) = 2778 bytes
Index: pkgsrc/net/openvpn-nagios/Makefile
diff -u pkgsrc/net/openvpn-nagios/Makefile:1.14 pkgsrc/net/openvpn-nagios/Makefile:1.15
--- pkgsrc/net/openvpn-nagios/Makefile:1.14 Tue Oct 24 22:10:29 2023
+++ pkgsrc/net/openvpn-nagios/Makefile Fri Nov 10 00:17:47 2023
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.14 2023/10/24 22:10:29 wiz Exp $
+# $NetBSD: Makefile,v 1.15 2023/11/10 00:17:47 gdt Exp $
.include "../../net/openvpn/Makefile.common"
DISTNAME= openvpn-nagios-20130210
-PKGREVISION= 3
+PKGREVISION= 4
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${OPENVPN_DISTFILE}
CATEGORIES= net
MASTER_SITES= http://ftp.espci.fr/pub/openvpn-nagios/
Index: pkgsrc/net/openvpn-nagios/distinfo
diff -u pkgsrc/net/openvpn-nagios/distinfo:1.36 pkgsrc/net/openvpn-nagios/distinfo:1.37
--- pkgsrc/net/openvpn-nagios/distinfo:1.36 Sat Aug 26 14:23:09 2023
+++ pkgsrc/net/openvpn-nagios/distinfo Fri Nov 10 00:17:47 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.36 2023/08/26 14:23:09 gdt Exp $
+$NetBSD: distinfo,v 1.37 2023/11/10 00:17:47 gdt Exp $
-BLAKE2s (openvpn-2.6.6.tar.gz) = 2467b9aac468ae089192e23c3447ad783412cd11db124891161225e9803c45dd
-SHA512 (openvpn-2.6.6.tar.gz) = f4c528fff6ed130d135d3d5d95dd73b1a9c8eb780b8fbfa30e12107795c1d01a6aaf8940e5b92f4968ddc59a2deb59905ff714632e512444a2f5b0df0dde3cba
-Size (openvpn-2.6.6.tar.gz) = 1901689 bytes
+BLAKE2s (openvpn-2.6.7.tar.gz) = 30ba20fb2e45782d0982dbaca522340bc6f42898085f98ec3b2d7ae57623b8c0
+SHA512 (openvpn-2.6.7.tar.gz) = 759a2ba1d14425cab202b9c050b8f4452da61776d213de4c64c4f6e0b07313756865d97c152b26fcd334d238684ffdbf60ef28131df463f37fa318b9c8cb10b0
+Size (openvpn-2.6.7.tar.gz) = 1895682 bytes
BLAKE2s (openvpn-nagios-20130210.tgz) = 713b55e865350c44a314aa3b48694695f4d82b50883d1fae919f01e9545c7c34
SHA512 (openvpn-nagios-20130210.tgz) = 80e565f32379c39eb6c7f3b4744af221ae882ff07dce9dae5bd7feb73b0edcfc7c7ac7f70d23fdcd4f492b66f095f09833deb122449840b36ea606ce91900358
Size (openvpn-nagios-20130210.tgz) = 3034 bytes
Index: pkgsrc/net/openvpn/patches/patch-src_compat_compat-basename.c
diff -u pkgsrc/net/openvpn/patches/patch-src_compat_compat-basename.c:1.1 pkgsrc/net/openvpn/patches/patch-src_compat_compat-basename.c:1.2
--- pkgsrc/net/openvpn/patches/patch-src_compat_compat-basename.c:1.1 Tue Jul 30 18:57:30 2013
+++ pkgsrc/net/openvpn/patches/patch-src_compat_compat-basename.c Fri Nov 10 00:17:47 2023
@@ -1,12 +1,14 @@
-$NetBSD: patch-src_compat_compat-basename.c,v 1.1 2013/07/30 18:57:30 jperkin Exp $
+$NetBSD: patch-src_compat_compat-basename.c,v 1.2 2023/11/10 00:17:47 gdt Exp $
Sun ld needs at least one symbol. This is as good a place to put
one as any..
---- src/compat/compat-basename.c.orig 2012-09-10 15:01:08.000000000 +0000
+\todo File this upstream.
+
+--- src/compat/compat-basename.c.orig 2023-11-08 15:49:40.000000000 +0000
+++ src/compat/compat-basename.c
-@@ -28,6 +28,10 @@
- #include "config-msvc.h"
+@@ -25,6 +25,10 @@
+ #include "config.h"
#endif
+#ifdef __sun
Home |
Main Index |
Thread Index |
Old Index