Date: Sat, 8 Apr 2006 10:50:15 GMT From: Matthias Andree <matthias.andree@gmx.de> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/95500: security/openvpn - init script installed with wrong name?! Message-ID: <200604081050.k38AoFTM085082@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/95500; it has been noted by GNATS. From: Matthias Andree <matthias.andree@gmx.de> To: bug-followup@FreeBSD.org, none@FreeBSD.org Cc: Subject: Re: ports/95500: security/openvpn - init script installed with wrong name?! Date: Sat, 08 Apr 2006 12:41:58 +0200 Greetings, This bug report is invalid and the problem caused by improper use of packages, please close this report. A. Why this report is invalid: ------------------------------ 1. System and package versions are inconsistent and incompatible. Submitter tried to install a 6.1 package (see the URL mentioned, packages-6-stable) onto his 6.0-SECURITY system. The port expects to have its start script run with rcorder(8), which is new behavior in FreeBSD 6.1. 2. The decision if .sh is to be added or not is made by /usr/ports/Mk/bsd.port.mk anyways, rather than the ports themselves. The port just uses USE_RC_SUBR=openvpn.sh. 3. openvpn-2.0.5_1 is outdated and the client side is vulnerable to code injection, see http://www.vuxml.org/freebsd/be4ccb7b-c48b-11da-ae12-0002b3b60e4c.html B. Suggested remedy: -------------------- Execute all steps on the submitter's machine in this order: 1. Update ports tree, for instance, with portsnap. 2. Install portaudit: cd /usr/ports/security/portaudit make all install clean This also helps with identifying vulnerable ports and packages before they are installed. 3. Regularly (for instance, daily) run "portaudit -Fda" to identify vulnerable ports and update them. 4. Rebuild the OpenVPN-2.0.6 or newer port, DO NOT USE THE 6-STABLE PACKAGE! cd /usr/ports/security/openvpn make all deinstall install clean HTH, -- Matthias Andree <matthias.andree@gmx.de>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604081050.k38AoFTM085082>