diff options
author | wiz <wiz@pkgsrc.org> | 2017-10-02 15:54:23 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2017-10-02 15:54:23 +0000 |
commit | 2abaffb79e689b49b5ac0074db498536d3241f89 (patch) | |
tree | a5909570d54009998a4a01685852731771bfe8f3 /net/openvpn | |
parent | e72fa377040529d5a15a576cfcdfeaadb841c791 (diff) | |
download | pkgsrc-2abaffb79e689b49b5ac0074db498536d3241f89.tar.gz |
openvpn: update to 2.4.4
Version 2.4.4
=============
This is primarily a maintenance release, with further improved OpenSSL 1.1
integration, several minor bug fixes and other minor improvements.
Bug fixes
---------
- Fix issues when a pushed cipher via the Negotiable Crypto Parameters (NCP) is
rejected by the remote side
- Ignore ``--keysize`` when NCP have resulted in a changed cipher.
- Configurations using ``--auth-nocache`` and the management interface to provide
user credentials (like NetworkManager on Linux) on client side with servers
implementing authentication tokens (for example, using ``--auth-gen-token``)
will now behave correctly and not query the user for an, to them, unknown
authentication token on renegotiations of the tunnel.
- Fix bug causing invalid or corrupt SOCKS port number when changing the
proxy via the management interface.
- The man page should now have proper escaping of hyphens/minus characters
and have seen some minor corrections.
User-visible Changes
--------------------
- Linux servers with systemd which uses the ``openvpn-server@.service`` unit
file for server configurations will now utilize the automatic restart feature
in systemd. If the OpenVPN server process dies unexpectedly, systemd will
ensure the OpenVPN configuration will be restarted without any user interaction.
Deprecated features
-------------------
- ``--no-replay`` is deprecated and will be removed in OpenVPN 2.5.
- ``--keysize`` is deprecated in OpenVPN 2.4 and will be removed in v2.6
Security
--------
- CVE-2017-12166: Fix bounds check for configurations using ``--key-method 1``.
Before this fix, it could allow an attacker to send a malformed packet to
trigger a stack overflow. This is considered to be a low risk issue, as
``--key-method 2`` has been the default since OpenVPN 2.0 (released on
2005-04-17). This option is already deprecated in v2.4 and will be
completely removed in v2.5.
Diffstat (limited to 'net/openvpn')
-rw-r--r-- | net/openvpn/Makefile.common | 4 | ||||
-rw-r--r-- | net/openvpn/PLIST | 4 | ||||
-rw-r--r-- | net/openvpn/distinfo | 10 |
3 files changed, 9 insertions, 9 deletions
diff --git a/net/openvpn/Makefile.common b/net/openvpn/Makefile.common index 41ccf4eb08d..9d998342221 100644 --- a/net/openvpn/Makefile.common +++ b/net/openvpn/Makefile.common @@ -1,9 +1,9 @@ -# $NetBSD: Makefile.common,v 1.11 2017/07/01 22:12:53 joerg Exp $ +# $NetBSD: Makefile.common,v 1.12 2017/10/02 15:54:23 wiz Exp $ # used by net/openvpn/Makefile # used by net/openvpn-acct-wtmpx/Makefile # used by net/openvpn-nagios/Makefile -OPENVPN_DISTNAME= openvpn-2.4.3 +OPENVPN_DISTNAME= openvpn-2.4.4 # Remove DIST_SUBDIR on next update, update distinfo of depending packages DIST_SUBDIR= openvpn OPENVPN_DISTFILE= ${OPENVPN_DISTNAME}.tar.xz diff --git a/net/openvpn/PLIST b/net/openvpn/PLIST index 207702758b9..cc4d2050f49 100644 --- a/net/openvpn/PLIST +++ b/net/openvpn/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.19 2017/05/24 20:35:12 adam Exp $ +@comment $NetBSD: PLIST,v 1.20 2017/10/02 15:54:23 wiz Exp $ include/openvpn-msg.h include/openvpn-plugin.h ${PLIST.pam}lib/openvpn/plugins/openvpn-plugin-auth-pam.la @@ -12,7 +12,7 @@ share/doc/openvpn/README share/doc/openvpn/README.IPv6 ${PLIST.pam}share/doc/openvpn/README.auth-pam share/doc/openvpn/README.down-root -share/doc/openvpn/README.polarssl +share/doc/openvpn/README.mbedtls share/doc/openvpn/management-notes.txt share/examples/openvpn/config/README share/examples/openvpn/config/client.conf diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo index 89ce499be94..cb5c6017015 100644 --- a/net/openvpn/distinfo +++ b/net/openvpn/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.38 2017/06/26 07:21:21 adam Exp $ +$NetBSD: distinfo,v 1.39 2017/10/02 15:54:23 wiz Exp $ -SHA1 (openvpn/openvpn-2.4.3.tar.xz) = b3adaf06225c13ab55b88a0edd3df71278860c20 -RMD160 (openvpn/openvpn-2.4.3.tar.xz) = 110f2879222c6a0a076af10fbce4deff2a0ff4b0 -SHA512 (openvpn/openvpn-2.4.3.tar.xz) = b92ec769f672fa7c7a70985535754c566891f94774e4bc3aeb2141b3c168783aebeb82341635d3708978dd3254708221e2ddaae9919d4cf398318fff7d01c926 -Size (openvpn/openvpn-2.4.3.tar.xz) = 938440 bytes +SHA1 (openvpn/openvpn-2.4.4.tar.xz) = 23f614a2087ad0136a836537ecfd47af09f27276 +RMD160 (openvpn/openvpn-2.4.4.tar.xz) = 945ef4521dcbaf0bc03964fa6d62583af5d87d92 +SHA512 (openvpn/openvpn-2.4.4.tar.xz) = c171d1243ab739310247f076483592758e71f810f7b29b507d3a67b86b3b87e1e854d240d25a3428a7b31b7cf2958ad17987d32151da6ed7ec27d698837d3273 +Size (openvpn/openvpn-2.4.4.tar.xz) = 924172 bytes SHA1 (patch-configure) = 240342a88baed7642dfd63ed0a2ab4c0a75adbd4 SHA1 (patch-src_compat_compat-basename.c) = 45a58ef2e05f6e0265f229da8540760e60e65143 |