kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

security/openvpn-devel: upgrade port to git commit efad93d049 (2023-11-17)

Browse source 
contains a number of bugfixes and minor improvements, plus fixes
for two bugs that have been assigned CVEs:

- CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use
  a send buffer after it has been free()d in some circumstances, causing
  some free()d memory to be sent to the peer.  All configurations using TLS
  (e.g. not using --secret) are affected by this issue.
  (found while tracking down CVE-2023-46849 / Github #400, #417)

- CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
  restore "--fragment" configuration in some circumstances, leading to
  a division by zero when "--fragment" is used.  On platforms where
  division by zero is fatal, this will cause an OpenVPN crash.

see also https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements

Also adjust files/patch-tests__t_cltsrv.sh because upstream commit
d623aa6c29 conflicts with this patch.

Security:	2fe004f5-83fd-11ee-9f5d-31909fb2f495
Security:	CVE-2023-46849
Security:	CVE-2023-46850
This commit is contained in:
Matthias Andree 2023-12-31 07:16:28 +01:00
parent 652b2993e5
commit 110af6a7be
3 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
security/openvpn-devel/Makefile
View file

@ -1,5 +1,5 @@
PORTNAME= openvpn
DISTVERSION= g20230331
DISTVERSION= g20231109
PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security net net-vpn
@ -21,7 +21,7 @@ LIB_DEPENDS+= liblzo2.so:archivers/lzo2
USES= autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz
IGNORE_SSL= libressl libressl-devel
USE_GITLAB= yes
GL_TAGNAME= fafb05f6f3a7a1b46c278961ec8d2d8970f01096
GL_TAGNAME= efad93d049c318a3bd9ea5956c6ac8237b8d6d70
USE_RC_SUBR= openvpn
SHEBANG_FILES= sample/sample-scripts/auth-pam.pl \

6
security/openvpn-devel/distinfo
View file

@ -1,3 +1,3 @@
TIMESTAMP = 1681369376
SHA256 (openvpn-openvpn-fafb05f6f3a7a1b46c278961ec8d2d8970f01096_GL0.tar.gz) = d6a45c44e4dce1827f94c1d4d3bd70100bbc1a3b830f6800f279759c5b8cc62b
SIZE (openvpn-openvpn-fafb05f6f3a7a1b46c278961ec8d2d8970f01096_GL0.tar.gz) = 1194345
TIMESTAMP = 1700206030
SHA256 (openvpn-openvpn-efad93d049c318a3bd9ea5956c6ac8237b8d6d70_GL0.tar.gz) = db885c742d8753942fdff960bc3a997cbad235790b29a2751cbf691f88cd20e7
SIZE (openvpn-openvpn-efad93d049c318a3bd9ea5956c6ac8237b8d6d70_GL0.tar.gz) = 1194056

10
security/openvpn-devel/files/patch-tests__t_cltsrv.sh
View file

@ -10,9 +10,9 @@
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -22,8 +22,9 @@ set -e
srcdir="${srcdir:-.}"
top_srcdir="${top_srcdir:-..}"
top_builddir="${top_builddir:-..}"
openvpn="${openvpn:-${top_builddir}/src/openvpn/openvpn}"
-trap "rm -f log.$$ log.$$.signal ; trap 0 ; exit 77" 1 2 15
-trap "rm -f log.$$ log.$$.signal ; exit 1" 0 3
+root="${top_srcdir}/sample"
@ -50,13 +50,13 @@
for i in 1 2 3 ; do
set +e
(
- "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" &
- "${top_builddir}/src/openvpn/openvpn" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client"
+ "${top_builddir}/src/openvpn/openvpn" --script-security 2 \
- "${openvpn}" --script-security 2 --cd "${root}" ${addopts} --setenv role srv --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-server" &
- "${openvpn}" --script-security 2 --cd "${top_srcdir}/sample" ${addopts} --setenv role clt --down "${downscript}" --tls-exit --ping-exit 180 --config "sample-config-files/loopback-client"
+ "${openvpn}" --script-security 2 \
+ --cd "${root}" ${addopts} --setenv role srv \
+ --down "${downscript}" --tls-exit --ping-exit 180 \
+ --config "sample-config-files/loopback-server.test" &
+ "${top_builddir}/src/openvpn/openvpn" --script-security 2 \
+ "${openvpn}" --script-security 2 \
+ --cd "${top_srcdir}/sample" ${addopts} --setenv role clt \
+ --down "${downscript}" --tls-exit --ping-exit 180 \
+ --config "sample-config-files/loopback-client.test"