| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
${WRKSRC}/.. to ${WRKDIR}. As this instance refers to a file that comes
from an archive which is unpacked in ${WRKDIR}, this is aesthetically
ok. While here, sorted the PLIST.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
http://www.security.nnov.ru/Jdocument889.html
Patch from me, reviewed by Adrian Portelli
Bump pkgrevision.
|
|
|
|
package build with gcc-4.
|
|
|
|
|
|
no need to keep DIST_SUBDIR. Also fixed the misuse of WRKSRC to define
BUILD_DIRS.
|
|
|
|
|
|
|
|
description to have the same structure as the ``configure'' phase
description.
|
|
|
|
A lot of changes and bug fixes, including fix for the following
security problem:
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
|
|
diagnostic that need this explanation.
|
|
Fixed undefined behavior when reading a file that ends in a continuation
line. Any use of ${WRKSRC}/.. is considered an error, as ${WRKSRC} is
meant to point to the top of the build directories. A proper combination
of WRKSRC, CONFIGURE_DIRS and BUILD_DIRS should be used instead. Sorted
the makevars.map file and added SUBST_CLASSES.
|
|
|
|
|
|
|
|
|
|
|
|
it still uses AF_INET6, sockaddr_in6, and getaddrinfo().)
|
|
|
|
process. More will follow.
|
|
|
|
|
|
|
|
|
|
is somewhat nontrivial. To make this build on a gcc3 system without one
of the functions in snprintf.c, also allow __STDC__ to be a flag indicating
availability of <stdarg.h>.
|
|
|
|
Use traditional recv loop over a stream socket rather than depending on
MSG_WAITALL to be available. (Interix doesn't have MSG_WAITALL.)
|
|
into sections. These sections are still very incomplete.
|
|
|
|
|
|
|
|
|
|
"A vulnerability was found in W3C Libwww, which potentially can be exploited
by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a boundary error in the
"HTBoundary_put_block()" function when processing multipart MIME data. This
may be exploited to cause an illegal memory access past the end of the input
buffer via specially crafted multipart MIME data.
Successful exploitation can potentially cause an application that uses Libwww
to crash."
http://secunia.com/advisories/17119/
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597
Bump PKGREVISION.
Patch from RedHat.
|
|
|
|
|
|
|
|
Changes:
2.0.5:
======
- Fixed bug in Linux get_default_gateway function
introduced in 2.0.4, which would cause redirect-gateway
on Linux clients to fail.
- Restored easy-rsa/2.0 tree (backported from 2.1 beta
series) which accidentally disappeared in
2.0.2 -> 2.0.4 transition.
2.0.4:
======
- Security fix -- Affects non-Windows OpenVPN clients of
version 2.0 or higher which connect to a malicious or
compromised server. A format string vulnerability
in the foreign_option function in options.c could
potentially allow a malicious or compromised server
to execute arbitrary code on the client. Only
non-Windows clients are affected. The vulnerability
only exists if (a) the client's TLS negotiation with
the server succeeds, (b) the server is malicious or
has been compromised such that it is configured to
push a maliciously crafted options string to the client,
and (c) the client indicates its willingness to accept
pushed options from the server by having "pull" or
"client" in its configuration file (Credit: Vade79).
CVE-2005-3393
- Security fix -- Potential DoS vulnerability on the
server in TCP mode. If the TCP server accept() call
returns an error status, the resulting exception handler
may attempt to indirect through a NULL pointer, causing
a segfault. Affects all OpenVPN 2.0 versions.
CVE-2005-3409
- Fix attempt of assertion at multi.c:1586 (note that
this precise line number will vary across different
versions of OpenVPN).
- Added ".PHONY: plugin" to Makefile.am to work around
"make dist" issue.
- Fixed double fork issue that occurs when --management-hold
is used.
- Moved TUN/TAP read/write log messages from --verb 8 to 6.
- Warn when multiple clients having the same common name or
username usurp each other when --duplicate-cn is not used.
- Modified Windows and Linux versions of get_default_gateway
to return the route with the smallest metric
if multiple 0.0.0.0/0.0.0.0 entries are present.
2.0.3:
======
- openvpn_plugin_abort_v1 function wasn't being properly
registered on Windows.
- Fixed a bug where --mode server --proto tcp-server --cipher none
operation could cause tunnel packet truncation.
|
