mirror of
https://git.freebsd.org/ports.git
synced 2025-07-18 01:39:16 -04:00
- Update to 2.0.6
* security fix for client LD_PRELOAD code injection vulnerability
through compromised upstream servers
(FreeBSD VuXML Vuln VID be4ccb7b-c48b-11da-ae12-0002b3b60e4c,
filed in separate PR)
CVE id not known yet
* 2 other changes only relevant for Linux and NetBSD, not detailed here.
PR: ports/95345
Submitted by: maintainer
Security: VuXML be4ccb7b-c48b-11da-ae12-0002b3b60e4c
This commit is contained in:
Renato Botelho
parent
63f021492e
commit
c11a9e9f81
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=158868
9 changed files with 12 additions and 216 deletions
|
|
@ -6,8 +6,7 @@
|
|||
#
|
||||
|
||||
PORTNAME= openvpn
|
||||
PORTVERSION= 2.0.5
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.0.6
|
||||
CATEGORIES= security net
|
||||
# MASTER_SITES points to hosts in distinct data centers,
|
||||
# so just one MASTER_SITES entry should be OK.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b
|
||||
SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f
|
||||
SIZE (openvpn-2.0.5.tar.gz) = 662647
|
||||
MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7
|
||||
SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003
|
||||
SIZE (openvpn-2.0.6.tar.gz) = 664816
|
||||
|
|
|
|||
|
|
@ -1,67 +0,0 @@
|
|||
--- t_lpback.sh~
|
||||
+++ t_lpback.sh
|
||||
@@ -19,11 +19,13 @@
|
||||
# 02110-1301, USA.
|
||||
|
||||
set -e
|
||||
-trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
|
||||
+trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
|
||||
+trap "rm -f key.$$ log.$$ ; exit 1" 0 3
|
||||
./openvpn --genkey --secret key.$$
|
||||
set +e
|
||||
( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
|
||||
e=$?
|
||||
if [ $e != 0 ] ; then cat log.$$ ; fi
|
||||
-rm key.$$
|
||||
+rm key.$$ log.$$
|
||||
+trap 0
|
||||
exit $e
|
||||
--- t_cltsrv.sh~
|
||||
+++ t_cltsrv.sh
|
||||
@@ -19,20 +19,41 @@
|
||||
# 02110-1301, USA.
|
||||
|
||||
set -e
|
||||
+trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
|
||||
+trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
|
||||
+addopts=
|
||||
+case `uname -s` in
|
||||
+ FreeBSD)
|
||||
+ # FreeBSD jails map the outgoing IP to the jail IP - we need to
|
||||
+ # allow the real IP unless we want the test to run forever.
|
||||
+ if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \
|
||||
+ || ps -ostate= -p $$ | grep -q J; then
|
||||
+ addopts="--float"
|
||||
+ if test "x`ifconfig | grep inet`" = x ; then
|
||||
+ echo "###"
|
||||
+ echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP."
|
||||
+ echo "###"
|
||||
+ exit 1
|
||||
+ fi
|
||||
+ fi
|
||||
+ ;;
|
||||
+esac
|
||||
echo "the following test will run about two minutes..." >&2
|
||||
-trap "rm -f log.$$ ; false" 1 2 3 15
|
||||
set +e
|
||||
(
|
||||
-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
|
||||
-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
|
||||
-) >log.$$ 2>&1
|
||||
+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
|
||||
+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
|
||||
+) 3>log.$$.signal >log.$$ 2>&1
|
||||
e1=$?
|
||||
wait $!
|
||||
e2=$?
|
||||
+grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
|
||||
+
|
||||
set -e
|
||||
|
||||
if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
|
||||
cat log.$$
|
||||
exit 1
|
||||
fi
|
||||
-rm log.$$
|
||||
+rm log.$$ log.$$.signal
|
||||
+trap 0
|
||||
|
|
@ -6,8 +6,7 @@
|
|||
#
|
||||
|
||||
PORTNAME= openvpn
|
||||
PORTVERSION= 2.0.5
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.0.6
|
||||
CATEGORIES= security net
|
||||
# MASTER_SITES points to hosts in distinct data centers,
|
||||
# so just one MASTER_SITES entry should be OK.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b
|
||||
SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f
|
||||
SIZE (openvpn-2.0.5.tar.gz) = 662647
|
||||
MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7
|
||||
SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003
|
||||
SIZE (openvpn-2.0.6.tar.gz) = 664816
|
||||
|
|
|
|||
|
|
@ -1,67 +0,0 @@
|
|||
--- t_lpback.sh~
|
||||
+++ t_lpback.sh
|
||||
@@ -19,11 +19,13 @@
|
||||
# 02110-1301, USA.
|
||||
|
||||
set -e
|
||||
-trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
|
||||
+trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
|
||||
+trap "rm -f key.$$ log.$$ ; exit 1" 0 3
|
||||
./openvpn --genkey --secret key.$$
|
||||
set +e
|
||||
( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
|
||||
e=$?
|
||||
if [ $e != 0 ] ; then cat log.$$ ; fi
|
||||
-rm key.$$
|
||||
+rm key.$$ log.$$
|
||||
+trap 0
|
||||
exit $e
|
||||
--- t_cltsrv.sh~
|
||||
+++ t_cltsrv.sh
|
||||
@@ -19,20 +19,41 @@
|
||||
# 02110-1301, USA.
|
||||
|
||||
set -e
|
||||
+trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
|
||||
+trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
|
||||
+addopts=
|
||||
+case `uname -s` in
|
||||
+ FreeBSD)
|
||||
+ # FreeBSD jails map the outgoing IP to the jail IP - we need to
|
||||
+ # allow the real IP unless we want the test to run forever.
|
||||
+ if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \
|
||||
+ || ps -ostate= -p $$ | grep -q J; then
|
||||
+ addopts="--float"
|
||||
+ if test "x`ifconfig | grep inet`" = x ; then
|
||||
+ echo "###"
|
||||
+ echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP."
|
||||
+ echo "###"
|
||||
+ exit 1
|
||||
+ fi
|
||||
+ fi
|
||||
+ ;;
|
||||
+esac
|
||||
echo "the following test will run about two minutes..." >&2
|
||||
-trap "rm -f log.$$ ; false" 1 2 3 15
|
||||
set +e
|
||||
(
|
||||
-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
|
||||
-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
|
||||
-) >log.$$ 2>&1
|
||||
+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
|
||||
+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
|
||||
+) 3>log.$$.signal >log.$$ 2>&1
|
||||
e1=$?
|
||||
wait $!
|
||||
e2=$?
|
||||
+grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
|
||||
+
|
||||
set -e
|
||||
|
||||
if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
|
||||
cat log.$$
|
||||
exit 1
|
||||
fi
|
||||
-rm log.$$
|
||||
+rm log.$$ log.$$.signal
|
||||
+trap 0
|
||||
|
|
@ -6,8 +6,7 @@
|
|||
#
|
||||
|
||||
PORTNAME= openvpn
|
||||
PORTVERSION= 2.0.5
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.0.6
|
||||
CATEGORIES= security net
|
||||
# MASTER_SITES points to hosts in distinct data centers,
|
||||
# so just one MASTER_SITES entry should be OK.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
MD5 (openvpn-2.0.5.tar.gz) = 4bd7a42991c93db23842a0992debe53b
|
||||
SHA256 (openvpn-2.0.5.tar.gz) = d72d90ff9e915c3376c834ce33a0349de0a8eacb3f2b80be49696b72a1840a9f
|
||||
SIZE (openvpn-2.0.5.tar.gz) = 662647
|
||||
MD5 (openvpn-2.0.6.tar.gz) = 8d2f95fa825e58363a676b25d4815aa7
|
||||
SHA256 (openvpn-2.0.6.tar.gz) = 1074c9fb5a7881e6d4ff0b125cf1e44a9fb650beef187f061785698522453003
|
||||
SIZE (openvpn-2.0.6.tar.gz) = 664816
|
||||
|
|
|
|||
|
|
@ -1,67 +0,0 @@
|
|||
--- t_lpback.sh~
|
||||
+++ t_lpback.sh
|
||||
@@ -19,11 +19,13 @@
|
||||
# 02110-1301, USA.
|
||||
|
||||
set -e
|
||||
-trap "rm -f key.$$ log.$$ ; false" 1 2 3 15
|
||||
+trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
|
||||
+trap "rm -f key.$$ log.$$ ; exit 1" 0 3
|
||||
./openvpn --genkey --secret key.$$
|
||||
set +e
|
||||
( ./openvpn --test-crypto --secret key.$$ ) >log.$$ 2>&1
|
||||
e=$?
|
||||
if [ $e != 0 ] ; then cat log.$$ ; fi
|
||||
-rm key.$$
|
||||
+rm key.$$ log.$$
|
||||
+trap 0
|
||||
exit $e
|
||||
--- t_cltsrv.sh~
|
||||
+++ t_cltsrv.sh
|
||||
@@ -19,20 +19,41 @@
|
||||
# 02110-1301, USA.
|
||||
|
||||
set -e
|
||||
+trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
|
||||
+trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
|
||||
+addopts=
|
||||
+case `uname -s` in
|
||||
+ FreeBSD)
|
||||
+ # FreeBSD jails map the outgoing IP to the jail IP - we need to
|
||||
+ # allow the real IP unless we want the test to run forever.
|
||||
+ if test "`sysctl 2>/dev/null -n security.jail.jailed`" = 1 \
|
||||
+ || ps -ostate= -p $$ | grep -q J; then
|
||||
+ addopts="--float"
|
||||
+ if test "x`ifconfig | grep inet`" = x ; then
|
||||
+ echo "###"
|
||||
+ echo "### To run the test in a FreeBSD jail, you MUST add an IP alias for the jail's IP."
|
||||
+ echo "###"
|
||||
+ exit 1
|
||||
+ fi
|
||||
+ fi
|
||||
+ ;;
|
||||
+esac
|
||||
echo "the following test will run about two minutes..." >&2
|
||||
-trap "rm -f log.$$ ; false" 1 2 3 15
|
||||
set +e
|
||||
(
|
||||
-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-server &
|
||||
-./openvpn --cd "${srcdir}" --config sample-config-files/loopback-client
|
||||
-) >log.$$ 2>&1
|
||||
+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "srv:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-server &
|
||||
+./openvpn --cd "${srcdir}" ${addopts} --down 'echo "clt:${signal}" >&3 ; : #' --tls-exit --ping-exit 180 --config sample-config-files/loopback-client
|
||||
+) 3>log.$$.signal >log.$$ 2>&1
|
||||
e1=$?
|
||||
wait $!
|
||||
e2=$?
|
||||
+grep -v ":inactive$" log.$$.signal >/dev/null && { cat log.$$.signal ; echo ; cat log.$$ ; exit 1 ; }
|
||||
+
|
||||
set -e
|
||||
|
||||
if [ $e1 != 0 ] || [ $e2 != 0 ] ; then
|
||||
cat log.$$
|
||||
exit 1
|
||||
fi
|
||||
-rm log.$$
|
||||
+rm log.$$ log.$$.signal
|
||||
+trap 0
|
||||
Loading…
Add table
Reference in a new issue