From owner-svn-ports-all@freebsd.org Thu May 18 07:17:00 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 270DDD6CDDD; Thu, 18 May 2017 07:17:00 +0000 (UTC) (envelope-from mandree@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E793C13BB; Thu, 18 May 2017 07:16:59 +0000 (UTC) (envelope-from mandree@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4I7GwEw082930; Thu, 18 May 2017 07:16:58 GMT (envelope-from mandree@FreeBSD.org) Received: (from mandree@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4I7Gwdv082929; Thu, 18 May 2017 07:16:58 GMT (envelope-from mandree@FreeBSD.org) Message-Id: <201705180716.v4I7Gwdv082929@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mandree set sender to mandree@FreeBSD.org using -f From: Matthias Andree Date: Thu, 18 May 2017 07:16:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r441129 - branches/2017Q2/security/openvpn23 X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 May 2017 07:17:00 -0000 Author: mandree Date: Thu May 18 07:16:58 2017 New Revision: 441129 URL: https://svnweb.freebsd.org/changeset/ports/441129 Log: Disable download site carrying botched tarball. The smaller tarball at build.openvpn.net is a pre-release version that somehow escaped to the public and would not carry the fix for CVE-2017-7478. I had grabbed the bigger tarball from swupdate.openvpn.net that does carry the fix, so we're safe. The bigger tarball does carry garbage files (pre-compiled .so files, which we do not install or use in the build, and *~ backup files) which do not end up in our build. The issue has been reported upstream. If someone gets download failures due to the size differences, "make distclean" should fix things. This commit invokes the "Fixes that do not result in a change in contents of the resulting package." blanket approval per , checked today. Reported by: garga@ Approved by: ports-secteam@ (blanket) Modified: branches/2017Q2/security/openvpn23/Makefile Modified: branches/2017Q2/security/openvpn23/Makefile ============================================================================== --- branches/2017Q2/security/openvpn23/Makefile Thu May 18 07:09:17 2017 (r441128) +++ branches/2017Q2/security/openvpn23/Makefile Thu May 18 07:16:58 2017 (r441129) @@ -4,8 +4,7 @@ PORTNAME= openvpn DISTVERSION= 2.3.15 CATEGORIES= security net -MASTER_SITES= http://swupdate.openvpn.net/community/releases/ \ - http://build.openvpn.net/downloads/releases/ +MASTER_SITES= http://swupdate.openvpn.net/community/releases/ PKGNAMESUFFIX?= 23 MAINTAINER= mandree@FreeBSD.org