To anyone with a 6.8 build machine, please build-test this and report back.
To the folks using an openvpn server on 6.8: make sure you build and test this upgrade, and report back. Details: https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 Index: Makefile =================================================================== RCS file: /d/cvs/ports/net/openvpn/Makefile,v retrieving revision 1.101 diff -u -p -r1.101 Makefile --- Makefile 17 May 2020 08:53:27 -0000 1.101 +++ Makefile 22 Apr 2021 06:50:21 -0000 @@ -2,8 +2,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.4.9 -REVISION= 0 +DISTNAME= openvpn-2.4.11 CATEGORIES= net security Index: distinfo =================================================================== RCS file: /d/cvs/ports/net/openvpn/distinfo,v retrieving revision 1.44 diff -u -p -r1.44 distinfo --- distinfo 21 Apr 2020 23:43:55 -0000 1.44 +++ distinfo 22 Apr 2021 06:50:30 -0000 @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.4.9.tar.gz) = RrJo74jmfKbeLp8ZlD655ayFROVfXB869ncpjQPmS24= -SIZE (openvpn-2.4.9.tar.gz) = 1455736 +SHA256 (openvpn-2.4.11.tar.gz) = yTXAQw5WFLkLyDKaBx+Z0s3ZrGlPWehmojIOtKaZZEA= +SIZE (openvpn-2.4.11.tar.gz) = 1476173 Index: patches/patch-src_openvpn_route_c =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v retrieving revision 1.13 diff -u -p -r1.13 patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 5 Apr 2019 06:56:00 -0000 1.13 +++ patches/patch-src_openvpn_route_c 22 Apr 2021 06:50:38 -0000 @@ -7,7 +7,7 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. Index: src/openvpn/route.c --- src/openvpn/route.c.orig +++ src/openvpn/route.c -@@ -1781,12 +1781,17 @@ add_route(struct route_ipv4 *r, +@@ -1786,12 +1786,17 @@ add_route(struct route_ipv4 *r, } #endif @@ -28,7 +28,7 @@ Index: src/openvpn/route.c argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed"); -@@ -3603,7 +3608,7 @@ get_default_gateway(struct route_gateway_info *rgi) +@@ -3614,7 +3619,7 @@ get_default_gateway(struct route_gateway_info *rgi) /* setup data to send to routing socket */ pid = getpid(); seq = 0; @@ -37,7 +37,7 @@ Index: src/openvpn/route.c bzero(&m_rtmsg, sizeof(m_rtmsg)); bzero(&so_dst, sizeof(so_dst)); -@@ -3821,7 +3826,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf +@@ -3832,7 +3837,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf /* setup data to send to routing socket */ pid = getpid(); seq = 0; Index: patches/patch-src_openvpn_tun_c =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v retrieving revision 1.17 diff -u -p -r1.17 patch-src_openvpn_tun_c --- patches/patch-src_openvpn_tun_c 21 Feb 2019 23:41:12 -0000 1.17 +++ patches/patch-src_openvpn_tun_c 22 Apr 2021 06:50:38 -0000 @@ -39,7 +39,7 @@ Index: src/openvpn/tun.c IFCONFIG_PATH, actual, ifconfig_local, -@@ -2615,7 +2620,6 @@ close_tun(struct tuntap *tt) +@@ -2620,7 +2625,6 @@ close_tun(struct tuntap *tt) } else if (tt) { -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
