- Update to 2.0.6

* security fix for client LD_PRELOAD code injection vulnerability through compromised upstream servers (FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c, filed in separate PR) CVE id not known yet * 2 other changes only relevant for Linux and NetBSD, not detailed here. PR: ports/95345 Submitted by: maintainer Security: VuXML be4ccb7b-c48b-11da-ae12-0002b3b60e4c
svn path=/head/; revision=158868
2025-07-18 09:49:18 -04:00 · 2006-04-05 14:57:25 +00:00 · 2006-04-05 14:57:25 +00:00 · c11a9e9f81 · 2021-03-31 03:12:20 +00:00
commit c11a9e9f81
parent 63f021492e
9 changed files with 12 additions and 216 deletions
--- a/security/openvpn-devel/Makefile
+++ b/security/openvpn-devel/Makefile
@ -6,8 +6,7 @@
 #
 PORTNAME=	openvpn
-PORTVERSION=	2.0.5
+PORTVERSION=	2.0.6
 PORTREVISION=	1
 CATEGORIES=	security net
 # MASTER_SITES points to hosts in distinct data centers,
 # so just one MASTER_SITES entry should be OK.
--- a/security/openvpn-devel/distinfo
+++ b/security/openvpn-devel/distinfo
@ -1,3 +1,3 @@
-MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b
+MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7
-SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f
+SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003
-SIZE (openvpn-2.0.5.tar.gz) = 662647
+SIZE (openvpn-2.0.6.tar.gz) = 664816
--- a/security/openvpn-devel/files/patch-tests-for-jail
+++ b/security/openvpn-devel/files/patch-tests-for-jail
@ -1,67 +0,0 @@
 --- t_lpback.sh~
 +++ t_lpback.sh
@@ -19,11 +19,13 @@
 # 02110-1301, USA.
 set -e
 -trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
 +trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
 +trap "rm -f key.$$ log.$$ ; exit 1" 0 3
 ./openvpn --genkey --secret key.$$
 set +e
 ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
 e=$?
 if [ $e != 0 ] ; then cat log.$$ ; fi
 -rm key.$$
 +rm key.$$ log.$$
 +trap 0
 exit $e
 --- t_cltsrv.sh~
 +++ t_cltsrv.sh
@@ -19,20 +19,41 @@
 # 02110-1301, USA.
 set -e
 +trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
 +trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
 +addopts=
 +case `uname -s` in
 +    FreeBSD)
 +    # FreeBSD jails map the outgoing IP to the jail IP - we need to
 +    # allow the real IP unless we want the test to run forever.
 +    if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \
 +    || ps -ostate= -p $$ | grep -q J; then
 +	addopts="--float"
 +	if test "x`ifconfig | grep inet`" = x ; then
 +	    echo "###"
 +	    echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP."
 +	    echo "###"
 +	    exit 1
 +	fi
 +    fi
 +    ;;
 +esac
 echo "the following test will run about two minutes..." >&2
 -trap "rm -f log.$$ ; false" 1 2 3 15
 set +e
 (
 -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
 -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
 -) >log.$$ 2>&1
 +./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
 +./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
 +) 3>log.$$.signal >log.$$ 2>&1
 e1=$?
 wait $!
 e2=$?
 +grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
 +
 set -e
 if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
     cat log.$$
     exit 1
 fi
 -rm log.$$
 +rm log.$$ log.$$.signal
 +trap 0
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@ -6,8 +6,7 @@
 #
 PORTNAME=	openvpn
-PORTVERSION=	2.0.5
+PORTVERSION=	2.0.6
 PORTREVISION=	1
 CATEGORIES=	security net
 # MASTER_SITES points to hosts in distinct data centers,
 # so just one MASTER_SITES entry should be OK.
--- a/security/openvpn/distinfo
+++ b/security/openvpn/distinfo
@ -1,3 +1,3 @@
-MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b
+MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7
-SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f
+SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003
-SIZE (openvpn-2.0.5.tar.gz) = 662647
+SIZE (openvpn-2.0.6.tar.gz) = 664816
--- a/security/openvpn/files/patch-tests-for-jail
+++ b/security/openvpn/files/patch-tests-for-jail
@ -1,67 +0,0 @@
 --- t_lpback.sh~
 +++ t_lpback.sh
@@ -19,11 +19,13 @@
 # 02110-1301, USA.
 set -e
 -trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
 +trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
 +trap "rm -f key.$$ log.$$ ; exit 1" 0 3
 ./openvpn --genkey --secret key.$$
 set +e
 ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
 e=$?
 if [ $e != 0 ] ; then cat log.$$ ; fi
 -rm key.$$
 +rm key.$$ log.$$
 +trap 0
 exit $e
 --- t_cltsrv.sh~
 +++ t_cltsrv.sh
@@ -19,20 +19,41 @@
 # 02110-1301, USA.
 set -e
 +trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
 +trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
 +addopts=
 +case `uname -s` in
 +    FreeBSD)
 +    # FreeBSD jails map the outgoing IP to the jail IP - we need to
 +    # allow the real IP unless we want the test to run forever.
 +    if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \
 +    || ps -ostate= -p $$ | grep -q J; then
 +	addopts="--float"
 +	if test "x`ifconfig | grep inet`" = x ; then
 +	    echo "###"
 +	    echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP."
 +	    echo "###"
 +	    exit 1
 +	fi
 +    fi
 +    ;;
 +esac
 echo "the following test will run about two minutes..." >&2
 -trap "rm -f log.$$ ; false" 1 2 3 15
 set +e
 (
 -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
 -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
 -) >log.$$ 2>&1
 +./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
 +./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
 +) 3>log.$$.signal >log.$$ 2>&1
 e1=$?
 wait $!
 e2=$?
 +grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
 +
 set -e
 if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
     cat log.$$
     exit 1
 fi
 -rm log.$$
 +rm log.$$ log.$$.signal
 +trap 0
--- a/security/openvpn20/Makefile
+++ b/security/openvpn20/Makefile
@ -6,8 +6,7 @@
 #
 PORTNAME=	openvpn
-PORTVERSION=	2.0.5
+PORTVERSION=	2.0.6
 PORTREVISION=	1
 CATEGORIES=	security net
 # MASTER_SITES points to hosts in distinct data centers,
 # so just one MASTER_SITES entry should be OK.
--- a/security/openvpn20/distinfo
+++ b/security/openvpn20/distinfo
@ -1,3 +1,3 @@
-MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b
+MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7
-SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f
+SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003
-SIZE (openvpn-2.0.5.tar.gz) = 662647
+SIZE (openvpn-2.0.6.tar.gz) = 664816
--- a/security/openvpn20/files/patch-tests-for-jail
+++ b/security/openvpn20/files/patch-tests-for-jail
@ -1,67 +0,0 @@
 --- t_lpback.sh~
 +++ t_lpback.sh
@@ -19,11 +19,13 @@
 # 02110-1301, USA.
 set -e
 -trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
 +trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
 +trap "rm -f key.$$ log.$$ ; exit 1" 0 3
 ./openvpn --genkey --secret key.$$
 set +e
 ( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
 e=$?
 if [ $e != 0 ] ; then cat log.$$ ; fi
 -rm key.$$
 +rm key.$$ log.$$
 +trap 0
 exit $e
 --- t_cltsrv.sh~
 +++ t_cltsrv.sh
@@ -19,20 +19,41 @@
 # 02110-1301, USA.
 set -e
 +trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
 +trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
 +addopts=
 +case `uname -s` in
 +    FreeBSD)
 +    # FreeBSD jails map the outgoing IP to the jail IP - we need to
 +    # allow the real IP unless we want the test to run forever.
 +    if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \
 +    || ps -ostate= -p $$ | grep -q J; then
 +	addopts="--float"
 +	if test "x`ifconfig | grep inet`" = x ; then
 +	    echo "###"
 +	    echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP."
 +	    echo "###"
 +	    exit 1
 +	fi
 +    fi
 +    ;;
 +esac
 echo "the following test will run about two minutes..." >&2
 -trap "rm -f log.$$ ; false" 1 2 3 15
 set +e
 (
 -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
 -./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
 -) >log.$$ 2>&1
 +./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
 +./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
 +) 3>log.$$.signal >log.$$ 2>&1
 e1=$?
 wait $!
 e2=$?
 +grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
 +
 set -e
 if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
     cat log.$$
     exit 1
 fi
 -rm log.$$
 +rm log.$$ log.$$.signal
 +trap 0