Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Apr 2006 10:50:15 GMT
From:      Matthias Andree <matthias.andree@gmx.de>
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/95500: security/openvpn - init script installed with wrong name?!
Message-ID:  <200604081050.k38AoFTM085082@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR ports/95500; it has been noted by GNATS.

From: Matthias Andree <matthias.andree@gmx.de>
To: bug-followup@FreeBSD.org, none@FreeBSD.org
Cc:  
Subject: Re: ports/95500: security/openvpn - init script installed with
	wrong name?!
Date: Sat, 08 Apr 2006 12:41:58 +0200

 Greetings,
 
 This bug report is invalid and the problem caused by improper use of
 packages, please close this report.
 
 A. Why this report is invalid:
 ------------------------------
 
 1. System and package versions are inconsistent and incompatible.
    Submitter tried to install a 6.1 package (see the URL mentioned,
    packages-6-stable) onto his 6.0-SECURITY system. The port expects to
    have its start script run with rcorder(8), which is new behavior
    in FreeBSD 6.1.
 
 2. The decision if .sh is to be added or not is made by 
    /usr/ports/Mk/bsd.port.mk anyways, rather than the ports themselves.
    The port just uses USE_RC_SUBR=openvpn.sh.
 
 3. openvpn-2.0.5_1 is outdated and the client side is vulnerable to code
    injection, see
 http://www.vuxml.org/freebsd/be4ccb7b-c48b-11da-ae12-0002b3b60e4c.html
 
 
 B. Suggested remedy:
 --------------------
 
 Execute all steps on the submitter's machine in this order:
 
 1. Update ports tree, for instance, with portsnap.
 
 2. Install portaudit:
 
    cd /usr/ports/security/portaudit
    make all install clean
 
    This also helps with identifying vulnerable ports and packages before
    they are installed.
 
 3. Regularly (for instance, daily) run "portaudit -Fda" to identify
    vulnerable ports and update them.
 
 4. Rebuild the OpenVPN-2.0.6 or newer port,
    DO NOT USE THE 6-STABLE PACKAGE!
 
    cd /usr/ports/security/openvpn
    make all deinstall install clean
 
 HTH,
 
 -- 
 Matthias Andree <matthias.andree@gmx.de>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604081050.k38AoFTM085082>