CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2017/06/21 06:51:09
Modified files:
net/openvpn : Makefile distinfo
net/openvpn/patches: patch-configure patch-src_openvpn_route_c
patch-src_openvpn_tun_c
Removed files:
net/openvpn/patches: patch-include_openvpn-plugin_h_in
patch-src_openvpn_syshead_h
Log message:
SECURITY update to openvpn-2.4.3
Fixes for:
- CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet
- CVE-2017-7520 Pre-authentication remote crash/information disclosure
for clients
- CVE-2017-7521 Potential double-free in --x509-alt-username
- CVE-2017-7512 Remote-triggerable memory leaks
- CVE-2017-7522 Post-authentication remote DoS when using
the --x509-track option
- Null-pointer dereference in establish_http_proxy_passthru()
Full description at
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
This update kills some of our patches that were committed upstream.
Similar diff proposed by pirofti@, ok pirofti@ stsp@
