Bug 275055 - security/openvpn: Update to 2.6.7
Summary: security/openvpn: Update to 2.6.7
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Matthias Andree
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-11-13 16:34 UTC by Brad Davis
Modified: 2023-11-19 12:31 UTC (History)
2 users (show)

See Also:
mandree: maintainer-feedback+
mandree: merge-quarterly+

Attachments
patch (871 bytes, patch)
2023-11-13 16:34 UTC, Brad Davis 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brad Davis freebsd_committer freebsd_triage 2023-11-13 16:34:51 UTC 
Created attachment 246273 [details]
patch
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-11-13 23:06:57 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac

commit 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac
Author:     Brad Davis <brd@FreeBSD.org>
AuthorDate: 2023-11-13 23:01:18 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-11-13 23:05:59 +0000

    security/openvpn: security update to 2.6.7

    PR:             275055
    Changelog:      https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267
    Security:       CVE-2023-46849
    Security:       CVE-2023-46850
    MFH:            2023Q4

 security/openvpn/Makefile | 2 +-
 security/openvpn/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 2 Matthias Andree freebsd_committer freebsd_triage 2023-11-13 23:07:24 UTC 
vulnerability database entry needs to be written still, and some more testing needs to be done before the MFH
Comment 3 Vladimir Druzenko freebsd_committer freebsd_triage 2023-11-14 11:51:02 UTC 
It have regression: https://github.com/OpenVPN/openvpn/issues/449
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-11-15 21:23:14 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89

commit 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2023-11-15 20:40:37 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-11-15 21:21:33 +0000

    security/openvpn: fix regressions and some documentation bits

    Add two patches cherry-picked from upstream Git repository:

    OpenVPN 2.6.7 regressed and experienced crashes in some situations,
    https://github.com/OpenVPN/openvpn/issues/449
    Reported by:    Vladimir Druzenko (vvd@)
    Reported by:    Patrick Cable (upstream)
    Obtained from:  https://github.com/openvpn/openvpn/commit/b90ec6dabfb151dd93ef00081bbc3f55e7d3450f

    Also, some typos in the documentation are fixed,
    Obtained from:  https://github.com/OpenVPN/openvpn/commit/457f468a76f324a14b1236988cc5f5a95f14abf5

    Bump PORTREVISION.
    PR:             275055
    MFH:            2023Q4

 security/openvpn/Makefile                          |  2 +-
 ...-457f468a76f324a14b1236988cc5f5a95f14abf5 (new) | 89 ++++++++++++++++++++++
 ...-a903ebe9361d451daee71c225e141f4e1b67107d (new) | 48 ++++++++++++
 3 files changed, 138 insertions(+), 1 deletion(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2023-11-15 21:50:21 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=10625d13ea28a20d23e52972af8198b48528a1cd

commit 10625d13ea28a20d23e52972af8198b48528a1cd
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2023-11-15 21:43:37 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-11-15 21:49:26 +0000

    security/vuxml: 2.6.0 <= openvpn < 2.6.7 vulnerabilities

    Related to:

    PR:             275055
    Security:       2fe004f5-83fd-11ee-9f5d-31909fb2f495
    Security:       CVE-2023-46849
    Security:       CVE-2023-46850

    This specifically documents < 2.6.7_1 in order to collect the
    regression fix for https://github.com/OpenVPN/openvpn/issues/449
    which was a bug newly introduced into 2.6.7.

 security/vuxml/vuln/2023.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 6 commit-hook freebsd_committer freebsd_triage 2023-11-15 21:56:24 UTC 
A commit in branch 2023Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e1e9a05be79d47884cdfd6f831b4f591a1bf7ea7

commit e1e9a05be79d47884cdfd6f831b4f591a1bf7ea7
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2023-11-15 20:40:37 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-11-15 21:50:34 +0000

    security/openvpn: fix regressions and some documentation bits

    Add two patches cherry-picked from upstream Git repository:

    OpenVPN 2.6.7 regressed and experienced crashes in some situations,
    https://github.com/OpenVPN/openvpn/issues/449
    Reported by:    Vladimir Druzenko (vvd@)
    Reported by:    Patrick Cable (upstream)
    Obtained from:  https://github.com/openvpn/openvpn/commit/b90ec6dabfb151dd93ef00081bbc3f55e7d3450f

    Also, some typos in the documentation are fixed,
    Obtained from:  https://github.com/OpenVPN/openvpn/commit/457f468a76f324a14b1236988cc5f5a95f14abf5

    Bump PORTREVISION.
    PR:             275055
    MFH:            2023Q4

    (cherry picked from commit 8d2e9d99db3d6c0d1f988feaca0cdb7c0e7dca89)

 security/openvpn/Makefile                          |  2 +-
 ...-457f468a76f324a14b1236988cc5f5a95f14abf5 (new) | 89 ++++++++++++++++++++++
 ...-a903ebe9361d451daee71c225e141f4e1b67107d (new) | 48 ++++++++++++
 3 files changed, 138 insertions(+), 1 deletion(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2023-11-15 21:56:25 UTC 
A commit in branch 2023Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b2cf35ae6ce09ac732349a61e3b0328162c8a747

commit b2cf35ae6ce09ac732349a61e3b0328162c8a747
Author:     Brad Davis <brd@FreeBSD.org>
AuthorDate: 2023-11-13 23:01:18 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-11-15 21:50:34 +0000

    security/openvpn: security update to 2.6.7

    PR:             275055
    Changelog:      https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267
    Security:       CVE-2023-46849
    Security:       CVE-2023-46850
    MFH:            2023Q4
    (cherry picked from commit 03b2c6723f872fdfe5f0ea88bc97e6a7374c48ac)

 security/openvpn/Makefile | 2 +-
 security/openvpn/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 8 Matthias Andree freebsd_committer freebsd_triage 2023-11-15 21:57:27 UTC 
Thanks Brad and Vladimir!
Comment 9 Brad Davis freebsd_committer freebsd_triage 2023-11-16 23:59:34 UTC 
Thank you for the prompt attention!
Comment 10 Vladimir Druzenko freebsd_committer freebsd_triage 2023-11-19 12:31:24 UTC 
(In reply to Brad Davis from comment #9)
2.6.8 released.