OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 02-Nov-2005 17:46:02
Branch: OPENPKG_2_4_SOLID Handle: 2005110216455801
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/openvpn openvpn.patch openvpn.spec
Log:
apply security fixes (CVE-2005-3393, CVE-2005-3409)
Summary:
Revision Changes Path
1.2.2.1 +71 -0 openpkg-src/openvpn/openvpn.patch
1.46.2.2 +1 -1 openpkg-src/openvpn/openvpn.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openvpn/openvpn.patch
============================================================================
$ cvs diff -u -r1.2 -r1.2.2.1 openvpn.patch
--- openpkg-src/openvpn/openvpn.patch 22 May 2005 08:59:59 -0000 1.2
+++ openpkg-src/openvpn/openvpn.patch 2 Nov 2005 16:45:58 -0000 1.2.2.1
@@ -62,3 +62,74 @@
exit 0;
}
}
+
+-----------------------------------------------------------------------------
+
+Security fix (CVE-2005-3393)
+
+Affects non-Windows OpenVPN clients of version 2.0 or higher which
+connect to a malicious or compromised server. A format string
+vulnerability in the foreign_option function in options.c could
+potentially allow a malicious or compromised server to execute arbitrary
+code on the client. Only non-Windows clients are affected. The
+vulnerability only exists if (a) the client's TLS negotiation with the
+server succeeds, (b) the server is malicious or has been compromised
+such that it is configured to push a maliciously crafted options string
+to the client, and (c) the client indicates its willingness to accept
+pushed options from the server by having "pull" or "client" in its
+configuration file.
+
+Index: options.c
+--- options.c 2005-08-04 09:16:27 +0200
++++ options.c 2005-11-01 12:06:11 +0100
+@@ -2108,7 +2108,7 @@
+ {
+ if (!first)
+ buf_printf (&value, " ");
+- buf_printf (&value, argv[i]);
++ buf_printf (&value, "%s", argv[i]);
+ first = false;
+ }
+ }
+
+-----------------------------------------------------------------------------
+
+Security fix (CVE-2005-3409)
+
+Potential DoS vulnerability on the server in TCP mode. If the TCP server
+accept() call returns an error status, the resulting exception handler
+may attempt to indirect through a NULL pointer, causing a segfault.
+Affects all OpenVPN 2.0 versions.
+
+Index: socket.c
+--- socket.c 2005-08-21 09:06:36 +0200
++++ socket.c 2005-11-01 20:28:32 +0100
+@@ -1029,9 +1029,16 @@
+ struct gc_arena gc = gc_new ();
+ const char *remote_dynamic = NULL;
+ bool remote_changed = false;
++ int sig_save = 0;
+
+ ASSERT (sock);
+
++ if (signal_received && *signal_received)
++ {
++ sig_save = *signal_received;
++ *signal_received = 0;
++ }
++
+ /* initialize buffers */
+ socket_frame_init (frame, sock);
+
+@@ -1223,6 +1230,11 @@
+ print_sockaddr_ex (&sock->info.lsa->actual, addr_defined
(&sock->info.lsa->actual), ":", &gc));
+
+ done:
++ if (sig_save && signal_received)
++ {
++ if (!*signal_received)
++ *signal_received = sig_save;
++ }
+ gc_free (&gc);
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openvpn/openvpn.spec
============================================================================
$ cvs diff -u -r1.46.2.1 -r1.46.2.2 openvpn.spec
--- openpkg-src/openvpn/openvpn.spec 15 Jun 2005 19:01:25 -0000 1.46.2.1
+++ openpkg-src/openvpn/openvpn.spec 2 Nov 2005 16:45:59 -0000 1.46.2.2
@@ -37,7 +37,7 @@
Group: Network
License: GPL
Version: %{V_opkg}
-Release: 2.4.0
+Release: 2.4.1
# package options
%option with_fsl yes
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
