head	1.4;
access;
symbols
	OPENPKG_E1_MP_HEAD:1.4
	OPENPKG_E1_MP:1.4
	OPENPKG_E1_MP_2_STABLE:1.4
	OPENPKG_E1_FP:1.4
	OPENPKG_2_STABLE_MP:1.4
	OPENPKG_2_STABLE_20061018:1.4
	OPENPKG_2_STABLE_20060622:1.4
	OPENPKG_2_STABLE:1.4.0.4
	OPENPKG_2_STABLE_BP:1.4
	OPENPKG_2_5_RELEASE:1.4
	OPENPKG_2_5_SOLID:1.4.0.2
	OPENPKG_2_5_SOLID_BP:1.4
	OPENPKG_2_4_RELEASE:1.2
	OPENPKG_2_4_SOLID:1.2.0.2
	OPENPKG_2_4_SOLID_BP:1.2;
locks; strict;
comment	@# @;


1.4
date	2005.09.28.18.34.59;	author rse;	state Exp;
branches
	1.4.2.1;
next	1.3;

1.3
date	2005.08.25.17.38.22;	author rse;	state Exp;
branches;
next	1.2;

1.2
date	2005.05.22.08.59.59;	author rse;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	2005.05.08.18.15.16;	author rse;	state Exp;
branches;
next	;

1.4.2.1
date	2005.11.02.16.43.59;	author rse;	state Exp;
branches;
next	;
commitid	9DzdIX745HxmPc8r;

1.2.2.1
date	2005.11.02.16.45.58;	author rse;	state Exp;
branches;
next	;
commitid	omGwCY9qFKlXPc8r;


desc
@@


1.4
log
@shameless hack to allow OpenVPN to build under a plain Solaris box (as we have in our build farm) where no TUN device driver is installed
@
text
@Index: sample-scripts/verify-cn
--- sample-scripts/verify-cn.orig	2005-02-07 03:08:16 +0100
+++ sample-scripts/verify-cn	2005-08-25 19:37:04 +0200
@@@@ -36,7 +36,8 @@@@
     if ($x509 =~ /\/CN=([^\/]+)/) {
 	# Accept the connection if the X509 common name
 	# string matches the passed cn argument.
-	if ($cn eq $1) {
+	my $x509_cn = $1;
+	if ($x509_cn =~ m/^${cn}$/s) {
 	    exit 0;
 	}
     }
Index: tun.c
--- tun.c.orig	2005-08-04 06:46:17.000000000 +0200
+++ tun.c	2005-09-28 20:31:17.062344594 +0200
@@@@ -1168,7 +1168,8 @@@@
 #elif defined(TARGET_SOLARIS)
 
 #ifndef TUNNEWPPA
-#error I need the symbol TUNNEWPPA from net/if_tun.h
+#warning I usually need the symbol TUNNEWPPA from net/if_tun.h -- using a shameless local copy taken from TUN 1.1
+#define TUNNEWPPA   (('T'<<16) | 0x0001)
 #endif
 
 void
@


1.4.2.1
log
@apply security fixes (CVE-2005-3393, CVE-2005-3409)
@
text
@a26 71

-----------------------------------------------------------------------------

Security fix (CVE-2005-3393)

Affects non-Windows OpenVPN clients of version 2.0 or higher which
connect to a malicious or compromised server. A format string
vulnerability in the foreign_option function in options.c could
potentially allow a malicious or compromised server to execute arbitrary
code on the client. Only non-Windows clients are affected. The
vulnerability only exists if (a) the client's TLS negotiation with the
server succeeds, (b) the server is malicious or has been compromised
such that it is configured to push a maliciously crafted options string
to the client, and (c) the client indicates its willingness to accept
pushed options from the server by having "pull" or "client" in its
configuration file.

Index: options.c
--- options.c	2005-08-04 09:16:27 +0200
+++ options.c	2005-11-01 12:06:11 +0100
@@@@ -2108,7 +2108,7 @@@@
 	    {
 	      if (!first)
 		buf_printf (&value, " ");
-	      buf_printf (&value, argv[i]);
+	      buf_printf (&value, "%s", argv[i]);
 	      first = false;
 	    }
 	}

-----------------------------------------------------------------------------

Security fix (CVE-2005-3409)

Potential DoS vulnerability on the server in TCP mode. If the TCP server
accept() call returns an error status, the resulting exception handler
may attempt to indirect through a NULL pointer, causing a segfault.
Affects all OpenVPN 2.0 versions.

Index: socket.c
--- socket.c	2005-08-21 09:06:36 +0200
+++ socket.c	2005-11-01 20:28:32 +0100
@@@@ -1029,9 +1029,16 @@@@
   struct gc_arena gc = gc_new ();
   const char *remote_dynamic = NULL;
   bool remote_changed = false;
+  int sig_save = 0;
 
   ASSERT (sock);
 
+  if (signal_received && *signal_received)
+    {
+      sig_save = *signal_received;
+      *signal_received = 0;
+    }
+
   /* initialize buffers */
   socket_frame_init (frame, sock);
 
@@@@ -1223,6 +1230,11 @@@@
        print_sockaddr_ex (&sock->info.lsa->actual, addr_defined (&sock->info.lsa->actual), ":", &gc));
 
  done:
+  if (sig_save && signal_received)
+    {
+      if (!*signal_received)
+	*signal_received = sig_save;
+    }
   gc_free (&gc);
 }
 
@


1.3
log
@upgrading package: openvpn 2.0.1 -> 2.0.2
@
text
@d14 13
@


1.2
log
@apply patch from FreeBSD port to fix file descriptor leak
@
text
@a0 51
Index: route.c
--- route.c.orig	2005-04-11 05:43:56 +0200
+++ route.c	2005-05-22 10:58:23 +0200
@@@@ -1380,6 +1380,7 @@@@
     {
       warn("writing to routing socket");
       gc_free (&gc);
+      close(s);
       return false;
     }
 
@@@@ -1387,6 +1388,7 @@@@
     l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
   } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
                         
+  close(s);
 
   rtm_aux = &rtm;
 
@@@@ -1535,6 +1537,7 @@@@
     {
       msg (M_WARN, "ROUTE: problem writing to routing socket");
       gc_free (&gc);
+      close(s);
       return false;
     }
 
@@@@ -1542,6 +1545,7 @@@@
     l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
   } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
                         
+  close(s);
 
   rtm_aux = &rtm;
 
@@@@ -1690,6 +1694,7 @@@@
     {
       warn("writing to routing socket");
       gc_free (&gc);
+      close(s);
       return false;
     }
 
@@@@ -1697,6 +1702,7 @@@@
     l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
   } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
                         
+  close(s);
 
   rtm_aux = &rtm;
 
d3 1
a3 1
+++ sample-scripts/verify-cn	2005-05-22 10:58:23 +0200
@


1.2.2.1
log
@apply security fixes (CVE-2005-3393, CVE-2005-3409)
@
text
@a64 71

-----------------------------------------------------------------------------

Security fix (CVE-2005-3393)

Affects non-Windows OpenVPN clients of version 2.0 or higher which
connect to a malicious or compromised server. A format string
vulnerability in the foreign_option function in options.c could
potentially allow a malicious or compromised server to execute arbitrary
code on the client. Only non-Windows clients are affected. The
vulnerability only exists if (a) the client's TLS negotiation with the
server succeeds, (b) the server is malicious or has been compromised
such that it is configured to push a maliciously crafted options string
to the client, and (c) the client indicates its willingness to accept
pushed options from the server by having "pull" or "client" in its
configuration file.

Index: options.c
--- options.c	2005-08-04 09:16:27 +0200
+++ options.c	2005-11-01 12:06:11 +0100
@@@@ -2108,7 +2108,7 @@@@
 	    {
 	      if (!first)
 		buf_printf (&value, " ");
-	      buf_printf (&value, argv[i]);
+	      buf_printf (&value, "%s", argv[i]);
 	      first = false;
 	    }
 	}

-----------------------------------------------------------------------------

Security fix (CVE-2005-3409)

Potential DoS vulnerability on the server in TCP mode. If the TCP server
accept() call returns an error status, the resulting exception handler
may attempt to indirect through a NULL pointer, causing a segfault.
Affects all OpenVPN 2.0 versions.

Index: socket.c
--- socket.c	2005-08-21 09:06:36 +0200
+++ socket.c	2005-11-01 20:28:32 +0100
@@@@ -1029,9 +1029,16 @@@@
   struct gc_arena gc = gc_new ();
   const char *remote_dynamic = NULL;
   bool remote_changed = false;
+  int sig_save = 0;
 
   ASSERT (sock);
 
+  if (signal_received && *signal_received)
+    {
+      sig_save = *signal_received;
+      *signal_received = 0;
+    }
+
   /* initialize buffers */
   socket_frame_init (frame, sock);
 
@@@@ -1223,6 +1230,11 @@@@
        print_sockaddr_ex (&sock->info.lsa->actual, addr_defined (&sock->info.lsa->actual), ":", &gc));
 
  done:
+  if (sig_save && signal_received)
+    {
+      if (!*signal_received)
+	*signal_received = sig_save;
+    }
   gc_free (&gc);
 }
 
@


1.1
log
@further improve packaging by taking over some ideas from the upstream author contrib scripts
@
text
@d1 51
d54 1
a54 1
+++ sample-scripts/verify-cn	2005-05-08 19:23:11 +0200
@