diff options
| author | salo <salo> | 2006-04-05 14:09:36 +0000 |
|---|---|---|
| committer | salo <salo> | 2006-04-05 14:09:36 +0000 |
| commit | f69c43dae341828c2c32855cda3c614c5032760f (patch) | |
| tree | 61192ba09b29bb12cf333d637b280f6930d6f42f /net | |
| parent | 23ee34ae89d1fb9e5ff7a2b937f29594dbac442f (diff) | |
| download | pkgsrc-f69c43dae341828c2c32855cda3c614c5032760f.tar.gz | |
Pullup ticket 1327 - requested by jlam
Security update for openvpn
Revisions pulled up:
- pkgsrc/net/openvpn/Makefile 1.16
- pkgsrc/net/openvpn/distinfo 1.7
Module Name: pkgsrc
Committed By: jlam
Date: Wed Apr 5 13:49:26 UTC 2006
Modified Files:
pkgsrc/net/openvpn: Makefile distinfo
Log Message:
Update net/openvpn to 2.0.6. Changes from version 2.0.5 include:
* [security] An OpenVPN client connecting to a malicious or compromised
server could potentially receive "setenv" configuration directives
from the server which could cause arbitrary code execution on the
client via a LD_PRELOAD attack. A successful attack appears to
require that (a) the client has agreed to allow the server to push
configuration directives to it by including "pull" or the macro
"client" in its configuration file, (b) the client configuration
file uses a scripting directive such as "up" or "down", (c) the
client succesfully authenticates the server, (d) the server is
malicious or has been compromised and is under the control of the
attacker, and (e) the attacker has at least some level of pre-existing
control over files on the client (this might be accomplished by
having the server respond to a client web request with a specially
crafted file). The fix is to disallow "setenv" to be pushed to
clients from the server. For those who need this capability, OpenVPN
2.1 supports a new "setenv-safe" directive which is free of this
vulnerability.
* When deleting routes under Linux, use the route metric as a
differentiator to ensure that the route teardown process only deletes
the identical route which was originally added via the "route"
directive (Roy Marples).
* Fix the t_cltsrv.sh file in FreeBSD 4 jails (Matthias Andree, Dirk
Meyer, Vasil Dimov).
* Extended tun device configure code to support ethernet bridging on
NetBSD (Emmanuel Kasper).
Diffstat (limited to 'net')
| -rw-r--r-- | net/openvpn/Makefile | 16 | ||||
| -rw-r--r-- | net/openvpn/distinfo | 8 |
2 files changed, 11 insertions, 13 deletions
diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 69e33f39c7b..accb74c8c2c 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.15 2006/03/04 21:30:22 jlam Exp $ +# $NetBSD: Makefile,v 1.15.2.1 2006/04/05 14:09:36 salo Exp $ # -DISTNAME= openvpn-2.0.5 +DISTNAME= openvpn-2.0.6 CATEGORIES= net MASTER_SITES= http://openvpn.net/release/ \ http://openvpn.net/release/old/ @@ -27,6 +27,10 @@ CONFIGURE_ARGS+= --enable-pthread CONFIGURE_ARGS+= --enable-password-save CONFIGURE_ARGS+= --disable-dependency-tracking +INSTALLATION_DIRS= ${DATADIR}/easy-rsa ${EGDIR}/config \ + ${DOCDIR} ${EGDIR}/keys \ + ${EGDIR}/scripts + # OpenVPN 2.x has a shared module "plugin" architecture that allows # inserting callbacks into the server for various tasks. # @@ -37,6 +41,7 @@ DL_AUTO_VARS= yes .include "../../security/openssl/buildlink3.mk" .include "../../mk/pthread.buildlink3.mk" +# Fix up the paths to tools in the pkitool script. post-build: for file in ${WRKSRC}/easy-rsa/2.0/pkitool; do \ ${SED} -e "s|^\(GREP\)=.*|\1=\""${GREP}"\"|" \ @@ -47,7 +52,6 @@ post-build: done post-install: - ${INSTALL_DATA_DIR} ${DATADIR}/easy-rsa dir=${DATADIR:S/^${PREFIX}\///}/easy-rsa; \ cd ${WRKSRC}/easy-rsa/2.0; \ ${GREP} "^$$dir/" ${PKGDIR}/PLIST | ${SED} "s|^$$dir/||" | \ @@ -57,21 +61,15 @@ post-install: *) ${INSTALL_SCRIPT} $$file ${PREFIX}/$$dir ;; \ esac; \ done - ${INSTALL_DATA_DIR} ${DOCDIR} ${INSTALL_DATA} ${WRKSRC}/management/management-notes.txt ${DOCDIR} - ${INSTALL_DATA_DIR} ${EGDIR} - ${INSTALL_DATA_DIR} ${EGDIR}/config cd ${WRKSRC}/sample-config-files; for file in *; do \ ${INSTALL_DATA} $$file ${EGDIR}/config; \ done - ${INSTALL_DATA_DIR} ${EGDIR}/scripts cd ${WRKSRC}/sample-scripts; for file in *; do \ ${INSTALL_DATA} $$file ${EGDIR}/scripts; \ done - ${INSTALL_DATA_DIR} ${EGDIR}/keys cd ${WRKSRC}/sample-keys; for file in *; do \ ${INSTALL_DATA} $$file ${EGDIR}/keys; \ done - .include "../../mk/bsd.pkg.mk" diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo index 7fb5352e6a1..e89f4ca4e4a 100644 --- a/net/openvpn/distinfo +++ b/net/openvpn/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.6 2005/11/03 14:31:19 salo Exp $ +$NetBSD: distinfo,v 1.6.4.1 2006/04/05 14:09:36 salo Exp $ -SHA1 (openvpn-2.0.5.tar.gz) = ba65a29e528e8e5f0978e89ef766c43d1d2a25aa -RMD160 (openvpn-2.0.5.tar.gz) = add5c84c56b8a95d18e70ffa072bf9c42166074d -Size (openvpn-2.0.5.tar.gz) = 662647 bytes +SHA1 (openvpn-2.0.6.tar.gz) = 046f3811831a06e4fbc9c64544faaecf04547ae5 +RMD160 (openvpn-2.0.6.tar.gz) = cf3cd807bb657baf317e896b57900958cf442a63 +Size (openvpn-2.0.6.tar.gz) = 664816 bytes |