diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2023-12-31 06:16:28 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2023-12-31 06:27:34 +0000 |
| commit | b185a32f717e323c27cb0394d177ac4c78547b35 (patch) | |
| tree | b45860be904652c4ae023c699560a768eb06c25d | |
| parent | 8825cdc06261b1f66ddc4c56b60b6e2360441d17 (diff) | |
| download | ports-b185a32f717e323c27cb0394d177ac4c78547b35.tar.gz ports-b185a32f717e323c27cb0394d177ac4c78547b35.zip | |
security/openvpn-devel: upgrade port to git commit efad93d049 (2023-11-17)
contains a number of bugfixes and minor improvements, plus fixes
for two bugs that have been assigned CVEs:
- CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use
a send buffer after it has been free()d in some circumstances, causing
some free()d memory to be sent to the peer. All configurations using TLS
(e.g. not using --secret) are affected by this issue.
(found while tracking down CVE-2023-46849 / Github #400, #417)
- CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
restore "--fragment" configuration in some circumstances, leading to
a division by zero when "--fragment" is used. On platforms where
division by zero is fatal, this will cause an OpenVPN crash.
see also https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
Also adjust files/patch-tests__t_cltsrv.sh because upstream commit
d623aa6c29 conflicts with this patch.
Security: 2fe004f5-83fd-11ee-9f5d-31909fb2f495
Security: CVE-2023-46849
Security: CVE-2023-46850
(cherry picked from commit 110af6a7bee600b9382fd568beecb28593378df4)
| -rw-r--r-- | security/openvpn-devel/Makefile | 4 | ||||
| -rw-r--r-- | security/openvpn-devel/distinfo | 6 | ||||
| -rw-r--r-- | security/openvpn-devel/files/patch-tests__t_cltsrv.sh | 10 |
3 files changed, 10 insertions, 10 deletions
diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile index 698b157e175b..72a4ded1bc2f 100644 --- a/security/openvpn-devel/Makefile +++ b/security/openvpn-devel/Makefile @@ -1,5 +1,5 @@ PORTNAME= openvpn -DISTVERSION= g20230331 +DISTVERSION= g20231109 PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security net net-vpn @@ -21,7 +21,7 @@ LIB_DEPENDS+= liblzo2.so:archivers/lzo2 USES= autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz IGNORE_SSL= libressl libressl-devel USE_GITLAB= yes -GL_TAGNAME= fafb05f6f3a7a1b46c278961ec8d2d8970f01096 +GL_TAGNAME= efad93d049c318a3bd9ea5956c6ac8237b8d6d70 USE_RC_SUBR= openvpn SHEBANG_FILES= sample/sample-scripts/auth-pam.pl \ diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo index f11905448075..39a54917535b 100644 --- a/security/openvpn-devel/distinfo +++ b/security/openvpn-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1681369376 -SHA256 (openvpn-openvpn-fafb05f6f3a7a1b46c278961ec8d2d8970f01096_GL0.tar.gz) = d6a45c44e4dce1827f94c1d4d3bd70100bbc1a3b830f6800f279759c5b8cc62b -SIZE (openvpn-openvpn-fafb05f6f3a7a1b46c278961ec8d2d8970f01096_GL0.tar.gz) = 1194345 +TIMESTAMP = 1700206030 +SHA256 (openvpn-openvpn-efad93d049c318a3bd9ea5956c6ac8237b8d6d70_GL0.tar.gz) = db885c742d8753942fdff960bc3a997cbad235790b29a2751cbf691f88cd20e7 +SIZE (openvpn-openvpn-efad93d049c318a3bd9ea5956c6ac8237b8d6d70_GL0.tar.gz) = 1194056 diff --git a/security/openvpn-devel/files/patch-tests__t_cltsrv.sh b/security/openvpn-devel/files/patch-tests__t_cltsrv.sh index e1dcb3cab046..17ca5be84a17 100644 --- a/security/openvpn-devel/files/patch-tests__t_cltsrv.sh +++ b/security/openvpn-devel/files/patch-tests__t_cltsrv.sh @@ -10,9 +10,9 @@ # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -22,8 +22,9 @@ set -e - srcdir="${srcdir:-.}" top_srcdir="${top_srcdir:-..}" top_builddir="${top_builddir:-..}" + openvpn="${openvpn:-${top_builddir}/src/openvpn/openvpn}" -trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15 -trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3 +root="${top_srcdir}/sample" @@ -50,13 +50,13 @@ for i in 1 2 3 ; do set +e ( -- "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" & -- "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client" -+ "${top_builddir}/src/openvpn/openvpn" --script-security 2 \ +- "${openvpn}" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" & +- "${openvpn}" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client" ++ "${openvpn}" --script-security 2 \ + --cd "${root}" ${addopts} --setenv role srv \ + --down "${downscript}" --tls-exit --ping-exit 180 \ + --config "sample-config-files/loopback-server.test" & -+ "${top_builddir}/src/openvpn/openvpn" --script-security 2 \ ++ "${openvpn}" --script-security 2 \ + --cd "${top_srcdir}/sample" ${addopts} --setenv role clt \ + --down "${downscript}" --tls-exit --ping-exit 180 \ + --config "sample-config-files/loopback-client.test" |