Update to 2.1rc21. From Changelog: * Rebuilt OpenVPN Windows installer with OpenSSL 0.9.8l to address CVE-2009-3555. Note that OpenVPN has never relied on the session renegotiation capabilities that are built into the SSL/TLS protocol, therefore the fix in OpenSSL 0.9.8l (disable SSL/TLS renegotiation completely) will not adversely affect OpenVPN mid-session SSL/TLS renegotation or any other OpenVPN capabilities. * Added additional session renegotiation hardening. OpenVPN has always required that mid-session renegotiations build up a new SSL/TLS session from scratch. While the client certificate common name is already locked against changes in mid-session TLS renegotiations, we now extend this locking to the auth-user-pass username as well as all certificate content in the full client certificate chain.diff -r1.33 -r1.34 pkgsrc/net/openvpn/Makefile
(manu)
| @@ -1,19 +1,18 @@ | @@ -1,19 +1,18 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.33 2009/11/12 08:41:10 manu Exp $ | 1 | # $NetBSD: Makefile,v 1.34 2009/11/18 08:10:15 manu Exp $ | |
| 2 | # | 2 | # | |
| 3 | 3 | |||
| 4 | DISTNAME= openvpn-2.1_rc20 | 4 | DISTNAME= openvpn-2.1_rc21 | |
| 5 | PKGNAME= ${DISTNAME:S/_//} | 5 | PKGNAME= ${DISTNAME:S/_//} | |
| 6 | PKGREVISION= 4 | |||
| 7 | CATEGORIES= net | 6 | CATEGORIES= net | |
| 8 | MASTER_SITES= http://openvpn.net/release/ \ | 7 | MASTER_SITES= http://openvpn.net/release/ \ | |
| 9 | http://openvpn.net/release/old/ | 8 | http://openvpn.net/release/old/ | |
| 10 | 9 | |||
| 11 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 12 | HOMEPAGE= http://openvpn.net/ | 11 | HOMEPAGE= http://openvpn.net/ | |
| 13 | COMMENT= Easy-to-use SSL VPN daemon | 12 | COMMENT= Easy-to-use SSL VPN daemon | |
| 14 | LICENSE= gnu-gpl-v2 | 13 | LICENSE= gnu-gpl-v2 | |
| 15 | 14 | |||
| 16 | PKG_DESTDIR_SUPPORT= user-destdir | 15 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 17 | 16 | |||
| 18 | GNU_CONFIGURE= yes | 17 | GNU_CONFIGURE= yes | |
| 19 | USE_TOOLS+= grep:run | 18 | USE_TOOLS+= grep:run |
| @@ -1,13 +1,13 @@ | @@ -1,13 +1,13 @@ | |||
| 1 | $NetBSD: distinfo,v 1.18 2009/11/12 08:41:10 manu Exp $ | 1 | $NetBSD: distinfo,v 1.19 2009/11/18 08:10:15 manu Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (openvpn-2.1_rc20.tar.gz) = ab0e928bd7d4896ddb0061bf3aba9f3cd6cefe6e | 3 | SHA1 (openvpn-2.1_rc21.tar.gz) = b9a6a6a637fab4b419b8e038d12a42c021d9e34e | |
| 4 | RMD160 (openvpn-2.1_rc20.tar.gz) = 4dd7924cb41a268e76a93af66fd05f948f22e5f3 | 4 | RMD160 (openvpn-2.1_rc21.tar.gz) = 2ba73bc6367fa849eb19126dd3bd8bdec9775f9e | |
| 5 | Size (openvpn-2.1_rc20.tar.gz) = 844253 bytes | 5 | Size (openvpn-2.1_rc21.tar.gz) = 845711 bytes | |
| 6 | SHA1 (patch-aa) = e27e5a6411c9fb6545a1ad630f165200546b7213 | 6 | SHA1 (patch-aa) = e27e5a6411c9fb6545a1ad630f165200546b7213 | |
| 7 | SHA1 (patch-ab) = d26cdc9166a8813860f31cb5b11bc5b3643b8aa5 | 7 | SHA1 (patch-ab) = d26cdc9166a8813860f31cb5b11bc5b3643b8aa5 | |
| 8 | SHA1 (patch-ac) = f59615702208cae2a094306bc5fa7fb96234e55a | 8 | SHA1 (patch-ac) = f59615702208cae2a094306bc5fa7fb96234e55a | |
| 9 | SHA1 (patch-ad) = 69f5fff5105131dc05ab38a1a717e1b363f88c1c | 9 | SHA1 (patch-ad) = 69f5fff5105131dc05ab38a1a717e1b363f88c1c | |
| 10 | SHA1 (patch-ae) = 362c881da994608baad7b10667100c39143244b6 | 10 | SHA1 (patch-ae) = 362c881da994608baad7b10667100c39143244b6 | |
| 11 | SHA1 (patch-af) = dc5dbca74ebbda081e4eaf9a9d5e11b6de11269f | 11 | SHA1 (patch-af) = dc5dbca74ebbda081e4eaf9a9d5e11b6de11269f | |
| 12 | SHA1 (patch-ag) = fe8e59cf177c99c2fd001e7893df86af961e8e4e | 12 | SHA1 (patch-ag) = fe8e59cf177c99c2fd001e7893df86af961e8e4e | |
| 13 | SHA1 (patch-ah) = 4e555d0a9dfa78882bf71c1d3496df8813069656 | 13 | SHA1 (patch-ah) = 4e555d0a9dfa78882bf71c1d3496df8813069656 |