From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Nov 1 22:10:28 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42D4816A435 for ; Tue, 1 Nov 2005 22:10:27 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1F0743D5A for ; Tue, 1 Nov 2005 22:10:19 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jA1MAJ9Q070541 for ; Tue, 1 Nov 2005 22:10:19 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jA1MAJjD070540; Tue, 1 Nov 2005 22:10:19 GMT (envelope-from gnats) Resent-Date: Tue, 1 Nov 2005 22:10:19 GMT Resent-Message-Id: <200511012210.jA1MAJjD070540@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthias Andree Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 501DD16A41F for ; Tue, 1 Nov 2005 22:08:23 +0000 (GMT) (envelope-from matthias.andree@gmx.de) Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.E-Technik.Uni-Dortmund.DE [129.217.163.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8456A43D46 for ; Tue, 1 Nov 2005 22:08:22 +0000 (GMT) (envelope-from matthias.andree@gmx.de) Received: from localhost (localhost [127.0.0.1]) by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id 0E94444561 for ; Tue, 1 Nov 2005 23:08:21 +0100 (CET) Received: from mail.dt.e-technik.uni-dortmund.de ([127.0.0.1]) by localhost (krusty [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09065-02 for ; Tue, 1 Nov 2005 23:08:19 +0100 (CET) Received: from m2a2.dyndns.org (p509111BB.dip0.t-ipconnect.de [80.145.17.187]) by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id 23D7144093 for ; Tue, 1 Nov 2005 23:08:18 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by merlin.emma.line.org (Postfix) with ESMTP id 7A352201DC6; Tue, 1 Nov 2005 23:08:17 +0100 (CET) Received: from m2a2.dyndns.org ([127.0.0.1]) by localhost (m2a2.dyndns.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12956-13; Tue, 1 Nov 2005 23:08:16 +0100 (CET) Received: from libertas.emma.line.org (libertas.emma.line.org [192.168.1.2]) by merlin.emma.line.org (Postfix) with ESMTP id 7E1FD201DA7; Tue, 1 Nov 2005 23:08:16 +0100 (CET) Received: from emma by libertas.emma.line.org with local (Exim 4.54 (FreeBSD)) id 1EX4Lf-000Lea-Ci; Tue, 01 Nov 2005 23:11:19 +0100 Message-Id: Date: Tue, 01 Nov 2005 23:11:19 +0100 From: Matthias Andree Sender: Matthias Andree To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/88379: [MAINTAINER] security/openvpn: SECURITY update to 2.0.4 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Nov 2005 22:10:28 -0000 >Number: 88379 >Category: ports >Synopsis: [MAINTAINER] security/openvpn: SECURITY update to 2.0.4 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Nov 01 22:10:19 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 4.11-RELEASE-p13 i386 >Organization: >Environment: System: FreeBSD libertas.emma.line.org 4.11-RELEASE-p13 FreeBSD 4.11-RELEASE-p13 #2: Mon Oct 24 12:35:08 CEST 2005 >Description: This upstream update fixes two security bugs: CVE-2005-3393 - arbitrary code execution on client w/ "pull" or "client" option when server compromised or malicious CVE-2005-3409 - Denial of Service against server in TCP mode (null dereference) Other changes (summarized from ChangeLog): assertion at multi.c:1586 (or other lines) fixed, double fork with --management-hold fixed, TUN/TAP read/write log messages moved from --verb 8 to --verb 6, warn when multiple clients with same common name usurp each other when --duplicate-cn is not used, picks default gateway with smallest metric, fixed a bug where --mode server --proto tcp-server --cipher none caused packet truncation. Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- openvpn-2.0.4.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/openvpn/Makefile /usr/home/emma/ports/security/openvpn/Makefile --- /usr/ports/security/openvpn/Makefile Wed Oct 26 21:44:59 2005 +++ /usr/home/emma/ports/security/openvpn/Makefile Tue Nov 1 22:34:36 2005 @@ -6,8 +6,8 @@ # PORTNAME= openvpn -DISTVERSION= 2.0.2 -PORTREVISION= 1 +DISTVERSION= 2.0.4 +PORTREVISION= 0 CATEGORIES= security MASTER_SITES= http://openvpn.net/release/ diff -ruN --exclude=CVS /usr/ports/security/openvpn/distinfo /usr/home/emma/ports/security/openvpn/distinfo --- /usr/ports/security/openvpn/distinfo Fri Sep 16 00:04:52 2005 +++ /usr/home/emma/ports/security/openvpn/distinfo Tue Nov 1 22:40:49 2005 @@ -1,2 +1,2 @@ -MD5 (openvpn-2.0.2.tar.gz) = 862f8788f080f669b1ae00a74ef68001 -SIZE (openvpn-2.0.2.tar.gz) = 663246 +MD5 (openvpn-2.0.4.tar.gz) = de32775b88e6bcd737ae93b9a365494c +SIZE (openvpn-2.0.4.tar.gz) = 653156 diff -ruN --exclude=CVS /usr/ports/security/openvpn/pkg-plist /usr/home/emma/ports/security/openvpn/pkg-plist --- /usr/ports/security/openvpn/pkg-plist Sat Aug 20 14:59:19 2005 +++ /usr/home/emma/ports/security/openvpn/pkg-plist Tue Nov 1 22:53:08 2005 @@ -25,25 +25,6 @@ %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-full %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/sign-req %%PORTDOCS%%%%DOCSDIR%%/easy-rsa/vars -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12 -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/scripts -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req -%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf %%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh @@ -67,6 +48,5 @@ %%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts %%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files -%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0 %%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa %%PORTDOCS%%@dirrm %%DOCSDIR%% --- openvpn-2.0.4.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: