Date: Sat, 30 Mar 2013 13:25:39 +0100 From: Matthias Andree <mandree@FreeBSD.org> To: FreeBSD-gnats-submit@freebsd.org Cc: portmgr@FreeBSD.org Subject: ports/177517: [PATCH] security/openvpn: security maintainer upgrade to 2.3.1 Message-ID: <E1ULuqp-000C1h-PI@apollo.emma.line.org> Resent-Message-ID: <201303311000.r2VA000v070510@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 177517 >Category: ports >Synopsis: [PATCH] security/openvpn: security maintainer upgrade to 2.3.1 >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Mar 31 10:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 9.1-RELEASE amd64 >Organization: >Environment: System: FreeBSD apollo.emma.line.org 9.1-RELEASE FreeBSD 9.1-RELEASE #2 r244869: Sun Dec 30 22:05:16 CET >Description: Request ports freeze override authorization for security upgrade to OpenVPN to 2.3.1; upstream release notes are "OpenVPN 2.3.1 -- released on 2013.03.29 (Change Log) This release adds supports for PolarSSL 1.2. It also adds a fix to prevent potential side-channel attacks by switching to a constant-time memcmp when comparing HMACs in the openvpn_decrypt function. In addition, it contains several bugfixes and documentation updates, as well as some minor enhancements." Full ChangeLog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>; The port upgrade also offers an option to use the GPLv2+-licensed PolarSSL instead of OpenSSL (which brings in a license mix). Generated with FreeBSD Port Tools 0.99_7 (mode: change, diff: ports) >How-To-Repeat: >Fix: --- openvpn-2.3.1.patch begins here --- diff -ruN /usr/ports/security/openvpn/Makefile ./Makefile --- /usr/ports/security/openvpn/Makefile 2013-01-20 04:54:24.000000000 +0100 +++ ./Makefile 2013-03-30 13:20:12.000000000 +0100 @@ -1,9 +1,8 @@ # Created by: Matthias Andree <mandree@FreeBSD.org> -# $FreeBSD: ports/security/openvpn/Makefile,v 1.66 2013/01/20 03:54:24 svnexp Exp $ +# $FreeBSD: head/security/openvpn/Makefile 310670 2013-01-20 02:55:48Z mandree $ PORTNAME= openvpn -DISTVERSION= 2.3.0 -PORTREVISION= 3 +DISTVERSION= 2.3.1 CATEGORIES= security net MASTER_SITES= http://swupdate.openvpn.net/community/releases/ \ http://build.openvpn.net/downloads/releases/ @@ -16,18 +15,19 @@ CONFLICTS_INSTALL= openvpn-2.[!3].* openvpn-[!2].* openvpn-beta-[0-9]* openvpn-devel-[0-9]* GNU_CONFIGURE= yes -USE_OPENSSL= yes USE_XZ= yes # let OpenVPN's configure script pick up the requisite libraries: CPPFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib -# PolarSSL is not provided; OpenVPN does not currently compile with PolarSSL 1.2.0+ OPTIONS_DEFINE= PW_SAVE PKCS11 EASYRSA -OPTIONS_DEFAULT= EASYRSA +OPTIONS_DEFAULT= EASYRSA OPENSSL +OPTIONS_SINGLE= SSL +OPTIONS_SINGLE_SSL= OPENSSL POLARSSL PW_SAVE_DESC= Interactive passwords may be read from a file PKCS11_DESC= Use security/pkcs11-helper EASYRSA_DESC= Install security/easy-rsa RSA helper package +POLARSSL_DESC= SSL/TLS support via PolarSSL .include <bsd.port.options.mk> @@ -40,7 +40,15 @@ RUN_DEPENDS+= easy-rsa>=0:${PORTSDIR}/security/easy-rsa .endif -INSTALL_TARGET+= mandir=${MANPREFIX}/man +.if ${PORT_OPTIONS:MPOLARSSL} +LIB_DEPENDS+= polarssl:${PORTSDIR}/security/polarssl +CONFIGURE_ARGS+= --with-crypto-library=polarssl +.else +USE_OPENSSL= yes +CONFIGURE_ARGS+= --with-crypto-library=openssl +.endif + +.INSTALL_TARGET+= mandir=${MANPREFIX}/man MAN8= openvpn.8 USE_RC_SUBR= openvpn @@ -98,7 +106,6 @@ ${INSTALL_DATA} ${_stagedir}${PREFIX}/include/* ${PREFIX}/include/ ${INSTALL_MAN} ${_stagedir}${PREFIX}/man/man8/* ${MAN8PREFIX}/man/man8/ .if ${PORT_OPTIONS:MDOCS} - -${RMDIR} ${_stagedir}${DOCSDIR}/sample (cd ${_stagedir}${DOCSDIR} && ${COPYTREE_SHARE} \* ${DOCSDIR}/) .for i in AUTHORS ChangeLog PORTS ${INSTALL_MAN} ${WRKSRC}/${i} ${DOCSDIR}/ diff -ruN /usr/ports/security/openvpn/distinfo ./distinfo --- /usr/ports/security/openvpn/distinfo 2013-01-12 00:43:25.000000000 +0100 +++ ./distinfo 2013-03-30 12:51:03.000000000 +0100 @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.3.0.tar.xz) = a9fcf7bc1c1cd88cd8867ff567e8f8df5e695f0e983bd0aed3a3e1f6ae14d107 -SIZE (openvpn-2.3.0.tar.xz) = 762052 +SHA256 (openvpn-2.3.1.tar.xz) = 9d7723ea83cdc0c78b32005f4b9c1f7ca1cc9e53e90b77bd643a203e6189884b +SIZE (openvpn-2.3.1.tar.xz) = 776076 diff -ruN /usr/ports/security/openvpn/files/openvpn.in ./files/openvpn.in --- /usr/ports/security/openvpn/files/openvpn.in 2012-11-17 07:01:09.000000000 +0100 +++ ./files/openvpn.in 2012-10-08 23:21:26.000000000 +0200 @@ -8,7 +8,7 @@ # and Vasil Dimov # softrestart feature suggested by Nick Hibma # -# $FreeBSD: ports/security/openvpn/files/openvpn.in,v 1.2 2012/11/17 06:01:09 svnexp Exp $ +# $FreeBSD: head/security/openvpn/files/openvpn.in 302141 2012-08-05 23:19:36Z dougb $ # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software --- openvpn-2.3.1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1ULuqp-000C1h-PI>