Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 01 Nov 2005 23:11:19 +0100
From:      Matthias Andree <matthias.andree@gmx.de>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/88379: [MAINTAINER] security/openvpn: SECURITY update to 2.0.4
Message-ID:  <E1EX4Lf-000Lea-Ci@libertas.emma.line.org>
Resent-Message-ID: <200511012210.jA1MAJjD070540@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         88379
>Category:       ports
>Synopsis:       [MAINTAINER] security/openvpn: SECURITY update to 2.0.4
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 01 22:10:19 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 4.11-RELEASE-p13 i386
>Organization:
>Environment:
System: FreeBSD libertas.emma.line.org 4.11-RELEASE-p13 FreeBSD 4.11-RELEASE-p13 #2: Mon Oct 24 12:35:08 CEST 2005
>Description:
This upstream update fixes two security bugs:

CVE-2005-3393 - arbitrary code execution on client w/ "pull" or "client" option
		when server compromised or malicious

CVE-2005-3409 - Denial of Service against server in TCP mode (null dereference)

Other changes (summarized from ChangeLog): assertion at multi.c:1586 (or other
lines) fixed, double fork with --management-hold fixed, TUN/TAP read/write log
messages moved from --verb 8 to --verb 6, warn when multiple clients with same
common name usurp each other when --duplicate-cn is not used, picks default
gateway with smallest metric, fixed a bug where --mode server --proto
tcp-server --cipher none caused packet truncation.

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- openvpn-2.0.4.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile
--- /usr/ports/security/openvpn/Makefile	Wed Oct 26 21:44:59 2005
+++ /usr/home/emma/ports/security/openvpn/Makefile	Tue Nov  1 22:34:36 2005
@@ -6,8 +6,8 @@
 #
 
 PORTNAME=	openvpn
-DISTVERSION=	2.0.2
-PORTREVISION=	1
+DISTVERSION=	2.0.4
+PORTREVISION=	0
 CATEGORIES=	security
 MASTER_SITES=	http://openvpn.net/release/
 
diff -ruN --exclude=CVS /usr/ports/security/openvpn/distinfo /usr/home/emma/ports/security/openvpn/distinfo
--- /usr/ports/security/openvpn/distinfo	Fri Sep 16 00:04:52 2005
+++ /usr/home/emma/ports/security/openvpn/distinfo	Tue Nov  1 22:40:49 2005
@@ -1,2 +1,2 @@
-MD5 (openvpn-2.0.2.tar.gz) = 862f8788f080f669b1ae00a74ef68001
-SIZE (openvpn-2.0.2.tar.gz) = 663246
+MD5 (openvpn-2.0.4.tar.gz) = de32775b88e6bcd737ae93b9a365494c
+SIZE (openvpn-2.0.4.tar.gz) = 653156
diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-plist /usr/home/emma/ports/security/openvpn/pkg-plist
--- /usr/ports/security/openvpn/pkg-plist	Sat Aug 20 14:59:19 2005
+++ /usr/home/emma/ports/security/openvpn/pkg-plist	Tue Nov  1 22:53:08 2005
@@ -25,25 +25,6 @@
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-full
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/sign-req
 %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/vars
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/scripts
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req
-%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf
 %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh
@@ -67,6 +48,5 @@
 %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files
-%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa
 %%PORTDOCS%%@dirrm %%DOCSDIR%%
--- openvpn-2.0.4.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1EX4Lf-000Lea-Ci>