mirror of
https://git.freebsd.org/ports.git
synced 2025-05-08 03:40:46 -04:00
110af6a7be
contains a number of bugfixes and minor improvements, plus fixes for two bugs that have been assigned CVEs: - CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. (found while tracking down CVE-2023-46849 / Github #400, #417) - CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore "--fragment" configuration in some circumstances, leading to a division by zero when "--fragment" is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. see also https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements Also adjust files/patch-tests__t_cltsrv.sh because upstream commit d623aa6c29 conflicts with this patch. Security: 2fe004f5-83fd-11ee-9f5d-31909fb2f495 Security: CVE-2023-46849 Security: CVE-2023-46850
3 lines
252 B
Text
3 lines
252 B
Text
TIMESTAMP = 1700206030
|
|
SHA256 (openvpn-openvpn-efad93d049c318a3bd9ea5956c6ac8237b8d6d70_GL0.tar.gz) = db885c742d8753942fdff960bc3a997cbad235790b29a2751cbf691f88cd20e7
|
|
SIZE (openvpn-openvpn-efad93d049c318a3bd9ea5956c6ac8237b8d6d70_GL0.tar.gz) = 1194056
|