On Sat, Apr 24, 2021 at 02:10:08AM +0200, Jeremie Courreges-Anglas wrote: > > To anyone with a 6.8 build machine, please build-test this and report > back.
Builds fine on an amd64/6.8-stable box here. > > To the folks using an openvpn server on 6.8: make sure you build and > test this upgrade, and report back. > > Details: > https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 > > > Index: Makefile > =================================================================== > RCS file: /d/cvs/ports/net/openvpn/Makefile,v > retrieving revision 1.101 > diff -u -p -r1.101 Makefile > --- Makefile 17 May 2020 08:53:27 -0000 1.101 > +++ Makefile 22 Apr 2021 06:50:21 -0000 > @@ -2,8 +2,7 @@ > > COMMENT= easy-to-use, robust, and highly configurable VPN > > -DISTNAME= openvpn-2.4.9 > -REVISION= 0 > +DISTNAME= openvpn-2.4.11 > > CATEGORIES= net security > > Index: distinfo > =================================================================== > RCS file: /d/cvs/ports/net/openvpn/distinfo,v > retrieving revision 1.44 > diff -u -p -r1.44 distinfo > --- distinfo 21 Apr 2020 23:43:55 -0000 1.44 > +++ distinfo 22 Apr 2021 06:50:30 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (openvpn-2.4.9.tar.gz) = RrJo74jmfKbeLp8ZlD655ayFROVfXB869ncpjQPmS24= > -SIZE (openvpn-2.4.9.tar.gz) = 1455736 > +SHA256 (openvpn-2.4.11.tar.gz) = yTXAQw5WFLkLyDKaBx+Z0s3ZrGlPWehmojIOtKaZZEA= > +SIZE (openvpn-2.4.11.tar.gz) = 1476173 > Index: patches/patch-src_openvpn_route_c > =================================================================== > RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v > retrieving revision 1.13 > diff -u -p -r1.13 patch-src_openvpn_route_c > --- patches/patch-src_openvpn_route_c 5 Apr 2019 06:56:00 -0000 1.13 > +++ patches/patch-src_openvpn_route_c 22 Apr 2021 06:50:38 -0000 > @@ -7,7 +7,7 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. > Index: src/openvpn/route.c > --- src/openvpn/route.c.orig > +++ src/openvpn/route.c > -@@ -1781,12 +1781,17 @@ add_route(struct route_ipv4 *r, > +@@ -1786,12 +1786,17 @@ add_route(struct route_ipv4 *r, > } > #endif > > @@ -28,7 +28,7 @@ Index: src/openvpn/route.c > > argv_msg(D_ROUTE, &argv); > status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD > route add command failed"); > -@@ -3603,7 +3608,7 @@ get_default_gateway(struct route_gateway_info *rgi) > +@@ -3614,7 +3619,7 @@ get_default_gateway(struct route_gateway_info *rgi) > /* setup data to send to routing socket */ > pid = getpid(); > seq = 0; > @@ -37,7 +37,7 @@ Index: src/openvpn/route.c > > bzero(&m_rtmsg, sizeof(m_rtmsg)); > bzero(&so_dst, sizeof(so_dst)); > -@@ -3821,7 +3826,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf > +@@ -3832,7 +3837,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf > /* setup data to send to routing socket */ > pid = getpid(); > seq = 0; > Index: patches/patch-src_openvpn_tun_c > =================================================================== > RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v > retrieving revision 1.17 > diff -u -p -r1.17 patch-src_openvpn_tun_c > --- patches/patch-src_openvpn_tun_c 21 Feb 2019 23:41:12 -0000 1.17 > +++ patches/patch-src_openvpn_tun_c 22 Apr 2021 06:50:38 -0000 > @@ -39,7 +39,7 @@ Index: src/openvpn/tun.c > IFCONFIG_PATH, > actual, > ifconfig_local, > -@@ -2615,7 +2620,6 @@ close_tun(struct tuntap *tt) > +@@ -2620,7 +2625,6 @@ close_tun(struct tuntap *tt) > } > else if (tt) > { > > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE >
