git: 4c75982ca9f2 - 2025Q2 - security/openvpn: security update to 2.6.14

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Matthias Andree <mandree_at_FreeBSD.org>
Date: Wed, 02 Apr 2025 19:35:12 UTC
The branch 2025Q2 has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4c75982ca9f2ddd0db5c07dfd60fd76f79f98104

commit 4c75982ca9f2ddd0db5c07dfd60fd76f79f98104
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2025-04-02 19:26:30 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2025-04-02 19:34:41 +0000

    security/openvpn: security update to 2.6.14
    
    "Fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2
    
    Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using
    --tls-crypt-v2 can be made to abort with an ASSERT() message by sending
    a particular combination of authenticated and malformed packets.
    
    To trigger the bug, a valid tls-crypt-v2 client key is needed, or
    network observation of a handshake with a valid tls-crypt-v2 client key
    
    No crypto integrity is violated, no data is leaked, and no remote code
    execution is possible.
    
    This bug does not affect OpenVPN clients."
    
    clean up CONFLICTS_INSTALL
    
    ChangeLog:      https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614
    Security:       2cad4541-0f5b-11f0-89f8-411aefea0df9
    Security:       CVE-2025-2704
    MFH:            2025Q2
    (cherry picked from commit 70a3176764f09cfeb26bc8d4c9463e7497a299c0)
    (cherry picked from commit e20a69e3dce88c98be4aa4354c94ffa21bca0b17)
---
 security/openvpn/Makefile | 4 ++--
 security/openvpn/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile
index e48256c0a03b..c771eea03b22 100644
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=		openvpn
-DISTVERSION=		2.6.13
+DISTVERSION=		2.6.14
 PORTREVISION?=		0
 CATEGORIES=		security net net-vpn
 MASTER_SITES=		https://swupdate.openvpn.org/community/releases/ \
@@ -30,7 +30,7 @@ CONFIGURE_ARGS+=	--enable-strict --with-crypto-library=openssl
 # set PLUGIN_LIBDIR so that unqualified plugin paths are found:
 CONFIGURE_ENV+=		PLUGINDIR="${PREFIX}/lib/openvpn/plugins"
 
-CONFLICTS_INSTALL?=	openvpn-2* openvpn-devel openvpn-mbedtls
+CONFLICTS_INSTALL?=	openvpn-devel
 
 SUB_FILES=		pkg-message openvpn-client
 
diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo
index d9ee1ee81458..9274b1ed493c 100644
--- a/security/openvpn/distinfo
+++ b/security/openvpn/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1737076293
-SHA256 (openvpn-2.6.13.tar.gz) = 1af10b86922bd7c99827cc0f151dfe9684337b8e5ebdb397539172841ac24a6a
-SIZE (openvpn-2.6.13.tar.gz) = 1911719
+TIMESTAMP = 1743554391
+SHA256 (openvpn-2.6.14.tar.gz) = 9eb6a6618352f9e7b771a9d38ae1631b5edfeed6d40233e243e602ddf2195e7a
+SIZE (openvpn-2.6.14.tar.gz) = 1926343