ports/95345: [MAINTAINER] security/openvpn: SECURITY UPDATE to 2.0.6

Matthias Andree matthias.andree at gmx.de
Wed Apr 5 10:30:18 UTC 2006 

>Number:         95345
>Category:       ports
>Synopsis:       [MAINTAINER] security/openvpn: SECURITY UPDATE to 2.0.6
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 05 10:30:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 6.1-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD libertas.emma.line.org 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #19: Sat Apr  1 13:04:50 CEST
>Description:
- Update to 2.0.6
  - security fix for client LD_PRELOAD code injection vulnerability
    through compromised upstream servers
    (FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c,
     filed in separate PR)
    CVE id not known yet
  - 2 other changes only relevant for Linux and NetBSD, not detailed here.

Removed file(s):
- files/patch-tests-for-jail
  (merged upstream)

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- openvpn-2.0.6.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile
--- /usr/ports/security/openvpn/Makefile	Thu Nov 10 16:05:42 2005
+++ /usr/home/emma/ports/security/openvpn/Makefile	Wed Apr  5 12:25:56 2006
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	openvpn
-PORTVERSION=	2.0.5
-PORTREVISION=	1
+PORTVERSION=	2.0.6
 CATEGORIES=	security net
 # MASTER_SITES points to hosts in distinct data centers,
 # so just one MASTER_SITES entry should be OK.
diff -ruN --exclude=CVS /usr/ports/security/openvpn/distinfo /usr/home/emma/ports/security/openvpn/distinfo
--- /usr/ports/security/openvpn/distinfo	Thu Nov 10 16:05:42 2005
+++ /usr/home/emma/ports/security/openvpn/distinfo	Wed Apr  5 12:04:59 2006
@@ -1,3 +1,3 @@
-MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b
-SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f
-SIZE (openvpn-2.0.5.tar.gz) = 662647
+MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7
+SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003
+SIZE (openvpn-2.0.6.tar.gz) = 664816
diff -ruN --exclude=CVS /usr/ports/security/openvpn/files/patch-tests-for-jail /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail
--- /usr/ports/security/openvpn/files/patch-tests-for-jail	Tue Feb 28 17:25:43 2006
+++ /usr/home/emma/ports/security/openvpn/files/patch-tests-for-jail	Thu Jan  1 01:00:00 1970
@@ -1,67 +0,0 @@
---- t_lpback.sh~
-+++ t_lpback.sh
-@@ -19,11 +19,13 @@
- # 02110-1301, USA.
- 
- set -e
--trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
-+trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
-+trap "rm -f key.$$ log.$$ ; exit 1" 0 3
- ./openvpn --genkey --secret key.$$
- set +e
- ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
- e=$?
- if [ $e != 0 ] ; then cat log.$$ ; fi
--rm key.$$
-+rm key.$$ log.$$
-+trap 0
- exit $e
---- t_cltsrv.sh~
-+++ t_cltsrv.sh
-@@ -19,20 +19,41 @@
- # 02110-1301, USA.
- 
- set -e
-+trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
-+trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
-+addopts=
-+case `uname -s` in
-+    FreeBSD)
-+    # FreeBSD jails map the outgoing IP to the jail IP - we need to
-+    # allow the real IP unless we want the test to run forever.
-+    if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \
-+    || ps -ostate= -p $$ | grep -q J; then
-+	addopts="--float"
-+	if test "x`ifconfig | grep inet`" = x ; then
-+	    echo "###"
-+	    echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP."
-+	    echo "###"
-+	    exit 1
-+	fi
-+    fi
-+    ;;
-+esac
- echo "the following test will run about two minutes..." >&2
--trap "rm -f log.$$ ; false" 1 2 3 15
- set +e
- (
--./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
--./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
--) >log.$$ 2>&1
-+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
-+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
-+) 3>log.$$.signal >log.$$ 2>&1
- e1=$?
- wait $!
- e2=$?
-+grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
-+
- set -e
- 
- if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
-     cat log.$$
-     exit 1
- fi
--rm log.$$
-+rm log.$$ log.$$.signal
-+trap 0
--- openvpn-2.0.6.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list