diff options
author | Renato Botelho <garga@FreeBSD.org> | 2006-04-05 14:57:25 +0000 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2006-04-05 14:57:25 +0000 |
commit | c11a9e9f81d0e414a2160b231beaf264fd314f95 (patch) | |
tree | dcb70b14e389a7f55dcc46439f670d5515ef3a89 /security/openvpn | |
parent | 63f021492e186421158d7e2beecbd74e37699717 (diff) | |
download | ports-c11a9e9f81d0e414a2160b231beaf264fd314f95.tar.gz ports-c11a9e9f81d0e414a2160b231beaf264fd314f95.zip |
- Update to 2.0.6
* security fix for client LD_PRELOAD code injection vulnerability
through compromised upstream servers
(FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c,
filed in separate PR)
CVE id not known yet
* 2 other changes only relevant for Linux and NetBSD, not detailed here.
PR: ports/95345
Submitted by: maintainer
Security: VuXML be4ccb7b-c48b-11da-ae12-0002b3b60e4c
Notes
Notes:
svn path=/head/; revision=158868
Diffstat (limited to 'security/openvpn')
-rw-r--r-- | security/openvpn/Makefile | 3 | ||||
-rw-r--r-- | security/openvpn/distinfo | 6 | ||||
-rw-r--r-- | security/openvpn/files/patch-tests-for-jail | 67 |
3 files changed, 4 insertions, 72 deletions
diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index 0133e3ae349b..ce7f0c6b88fa 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openvpn -PORTVERSION= 2.0.5 -PORTREVISION= 1 +PORTVERSION= 2.0.6 CATEGORIES= security net # MASTER_SITES points to hosts in distinct data centers, # so just one MASTER_SITES entry should be OK. diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo index 6c8c6c6314f3..e36e6e490d74 100644 --- a/security/openvpn/distinfo +++ b/security/openvpn/distinfo @@ -1,3 +1,3 @@ -MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b -SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f -SIZE (openvpn-2.0.5.tar.gz) = 662647 +MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7 +SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003 +SIZE (openvpn-2.0.6.tar.gz) = 664816 diff --git a/security/openvpn/files/patch-tests-for-jail b/security/openvpn/files/patch-tests-for-jail deleted file mode 100644 index 6a0e72746ab6..000000000000 --- a/security/openvpn/files/patch-tests-for-jail +++ /dev/null @@ -1,67 +0,0 @@ ---- t_lpback.sh~ -+++ t_lpback.sh -@@ -19,11 +19,13 @@ - # 02110-1301, USA. - - set -e --trap "rm -f key.$$ log.$$ ; false" 1 2 3 15 -+trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15 -+trap "rm -f key.$$ log.$$ ; exit 1" 0 3 - ./openvpn --genkey --secret key.$$ - set +e - ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1 - e=$? - if [ $e != 0 ] ; then cat log.$$ ; fi --rm key.$$ -+rm key.$$ log.$$ -+trap 0 - exit $e ---- t_cltsrv.sh~ -+++ t_cltsrv.sh -@@ -19,20 +19,41 @@ - # 02110-1301, USA. - - set -e -+trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15 -+trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3 -+addopts= -+case `uname -s` in -+ FreeBSD) -+ # FreeBSD jails map the outgoing IP to the jail IP - we need to -+ # allow the real IP unless we want the test to run forever. -+ if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \ -+ || ps -ostate= -p $$ | grep -q J; then -+ addopts="--float" -+ if test "x`ifconfig | grep inet`" = x ; then -+ echo "###" -+ echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP." -+ echo "###" -+ exit 1 -+ fi -+ fi -+ ;; -+esac - echo "the following test will run about two minutes..." >&2 --trap "rm -f log.$$ ; false" 1 2 3 15 - set +e - ( --./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server & --./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client --) >log.$$ 2>&1 -+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server & -+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client -+) 3>log.$$.signal >log.$$ 2>&1 - e1=$? - wait $! - e2=$? -+grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; } -+ - set -e - - if [ $e1 != 0 ] || [ $e2 != 0 ] ; then - cat log.$$ - exit 1 - fi --rm log.$$ -+rm log.$$ log.$$.signal -+trap 0 |