From nobody Sun Dec 31 14:31:18 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T31kt6qcZz55sQ8;
	Sun, 31 Dec 2023 14:31:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4T31kt5TMpz4KJR;
	Sun, 31 Dec 2023 14:31:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1704033078;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HwY5sl/X9+VSP+jEkHa14LT8tIsy1+PlVMORLZnnZEg=;
	b=RHqxhFFlozSrWCHP2rD8YEqr8Y0914ntfxEfZ+AbSGWA93878OpzPDSf7dj/TtmZdL3otx
	YWbOFIy/Jk1PueG2SFUHAdYa1mMECmpxoDbPzfjPEdzt9piZZ3H0hbZPITfMVzAxS8q6P1
	lpdd7d21XiDy4TvklGcqIAaVDdrTtbFEVkk1yc4TeaNYRaWX2bpNNgK8LwcgD5aN96jvlO
	QkfvwyVUrzCjQX+pPhVuqcbMgGIS1bei50SGjDnKNixcFk3iIzFTnaFfADmcBSCVoS+Fuw
	2EEHy6oWiLanSRAnSFzEjMQmdf6YQ1x+zh1vJsQtSwJDN+VOiZZMuhhG7sHwzQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704033078; a=rsa-sha256; cv=none;
	b=OHDZJ0pt4tZ8CF029NOj0/JpQaf8pjuAT7BkQfPN+jxH1JI34O8K1UagqagB6bqEewCSsE
	SO6KcaPKBgtf6u/F1zLVJKYoI61qwmew9PPqQh2GATWojZccAsOhfhbPDTS7IZpTo2J/Bg
	ufT3G3yewbp/pdZ8I2rr2MTywFoytyH9QDa9hh173FwU84KfuTnolDbENyPd6QlDJM1yIM
	8cCdG2eqXu0RVyKPzF6AwQS5HYeJXGKzvhqg121C1HO/+EwRnbFmemW9N1k1bwboIHtiXv
	tJ3QEXNx4Tv99g/ISEV49lmdfdrOJLRY+g7P6CSh+rAkdzEuvb4hZgd/Dr+tcw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1704033078;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HwY5sl/X9+VSP+jEkHa14LT8tIsy1+PlVMORLZnnZEg=;
	b=i6NgSZpj/GFhHYEJ4HCE7VY7NNpIGWGxn4PGzsC5SPWS/pxw2ZCxU939yAJfU1PjX8N5m+
	wRUSC3iE9VjUEQnXZfdObwtq6qAlDcQStkqX8Yh0s2mM3A4gDDl/81z8IaDInuboSRmLGN
	gWXQOkrwx6t/gylPSbFT8rzbotoi+NYxzzi++v60oZy1lLl85fmlJRrMlZI6YsudmEeboo
	O6Fc0YDQ3ld7tAYrHd9aB5oCJAQuUEKvvcBaaR6vvzwfeygXyixx3sql1PzURfLwO8F3F/
	66+dyUqunvM4YZL8602gdiRjveM4Y8n++k+GjtHx89vJ4PCHySvfhKVnGZcMgQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T31kt4YXJzcfS;
	Sun, 31 Dec 2023 14:31:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BVEVI4B052786;
	Sun, 31 Dec 2023 14:31:18 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BVEVIas052783;
	Sun, 31 Dec 2023 14:31:18 GMT
	(envelope-from git)
Date: Sun, 31 Dec 2023 14:31:18 GMT
Message-Id: <202312311431.3BVEVIas052783@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-branches@FreeBSD.org
From: Matthias Andree <mandree@FreeBSD.org>
Subject: git: b185a32f717e - 2023Q4 - security/openvpn-devel: upgrade
  port to git commit efad93d049 (2023-11-17)
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: mandree
X-Git-Repository: ports
X-Git-Refname: refs/heads/2023Q4
X-Git-Reftype: branch
X-Git-Commit: b185a32f717e323c27cb0394d177ac4c78547b35
Auto-Submitted: auto-generated

The branch 2023Q4 has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b185a32f717e323c27cb0394d177ac4c78547b35

commit b185a32f717e323c27cb0394d177ac4c78547b35
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2023-12-31 06:16:28 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-12-31 06:27:34 +0000

    security/openvpn-devel: upgrade port to git commit efad93d049 (2023-11-17)
    
    contains a number of bugfixes and minor improvements, plus fixes
    for two bugs that have been assigned CVEs:
    
    - CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use
      a send buffer after it has been free()d in some circumstances, causing
      some free()d memory to be sent to the peer.  All configurations using TLS
      (e.g. not using --secret) are affected by this issue.
      (found while tracking down CVE-2023-46849 / Github #400, #417)
    
    - CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
      restore "--fragment" configuration in some circumstances, leading to
      a division by zero when "--fragment" is used.  On platforms where
      division by zero is fatal, this will cause an OpenVPN crash.
    
    see also https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
    
    Also adjust files/patch-tests__t_cltsrv.sh because upstream commit
    d623aa6c29 conflicts with this patch.
    
    Security:       2fe004f5-83fd-11ee-9f5d-31909fb2f495
    Security:       CVE-2023-46849
    Security:       CVE-2023-46850
    (cherry picked from commit 110af6a7bee600b9382fd568beecb28593378df4)
---
 security/openvpn-devel/Makefile                       |  4 ++--
 security/openvpn-devel/distinfo                       |  6 +++---
 security/openvpn-devel/files/patch-tests__t_cltsrv.sh | 10 +++++-----
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile
index 698b157e175b..72a4ded1bc2f 100644
--- a/security/openvpn-devel/Makefile
+++ b/security/openvpn-devel/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	openvpn
-DISTVERSION=	g20230331
+DISTVERSION=	g20231109
 PORTREVISION=	0
 PORTEPOCH=	1
 CATEGORIES=	security net net-vpn
@@ -21,7 +21,7 @@ LIB_DEPENDS+=	liblzo2.so:archivers/lzo2
 USES=		autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz
 IGNORE_SSL=	libressl libressl-devel
 USE_GITLAB=	yes
-GL_TAGNAME=	fafb05f6f3a7a1b46c278961ec8d2d8970f01096
+GL_TAGNAME=	efad93d049c318a3bd9ea5956c6ac8237b8d6d70
 USE_RC_SUBR=	openvpn
 
 SHEBANG_FILES=	sample/sample-scripts/auth-pam.pl \
diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo
index f11905448075..39a54917535b 100644
--- a/security/openvpn-devel/distinfo
+++ b/security/openvpn-devel/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1681369376
-SHA256 (openvpn-openvpn-fafb05f6f3a7a1b46c278961ec8d2d8970f01096_GL0.tar.gz) = d6a45c44e4dce1827f94c1d4d3bd70100bbc1a3b830f6800f279759c5b8cc62b
-SIZE (openvpn-openvpn-fafb05f6f3a7a1b46c278961ec8d2d8970f01096_GL0.tar.gz) = 1194345
+TIMESTAMP = 1700206030
+SHA256 (openvpn-openvpn-efad93d049c318a3bd9ea5956c6ac8237b8d6d70_GL0.tar.gz) = db885c742d8753942fdff960bc3a997cbad235790b29a2751cbf691f88cd20e7
+SIZE (openvpn-openvpn-efad93d049c318a3bd9ea5956c6ac8237b8d6d70_GL0.tar.gz) = 1194056
diff --git a/security/openvpn-devel/files/patch-tests__t_cltsrv.sh b/security/openvpn-devel/files/patch-tests__t_cltsrv.sh
index e1dcb3cab046..17ca5be84a17 100644
--- a/security/openvpn-devel/files/patch-tests__t_cltsrv.sh
+++ b/security/openvpn-devel/files/patch-tests__t_cltsrv.sh
@@ -10,9 +10,9 @@
  # This program is free software; you can redistribute it and/or
  # modify it under the terms of the GNU General Public License
 @@ -22,8 +22,9 @@ set -e
- srcdir="${srcdir:-.}"
  top_srcdir="${top_srcdir:-..}"
  top_builddir="${top_builddir:-..}"
+ openvpn="${openvpn:-${top_builddir}/src/openvpn/openvpn}"
 -trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
 -trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
 +root="${top_srcdir}/sample"
@@ -50,13 +50,13 @@
  for i in 1 2 3 ; do
    set +e
    (
--  "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" &
--  "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client"
-+  "${top_builddir}/src/openvpn/openvpn" --script-security 2 \
+-  "${openvpn}" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" &
+-  "${openvpn}" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client"
++  "${openvpn}" --script-security 2 \
 +      --cd "${root}" ${addopts} --setenv role srv \
 +      --down "${downscript}" --tls-exit --ping-exit 180 \
 +      --config "sample-config-files/loopback-server.test" &
-+  "${top_builddir}/src/openvpn/openvpn" --script-security 2 \
++  "${openvpn}" --script-security 2 \
 +      --cd "${top_srcdir}/sample" ${addopts} --setenv role clt \
 +      --down "${downscript}" --tls-exit --ping-exit 180 \
 +      --config "sample-config-files/loopback-client.test"