Package: openvpn / 2.2.1-8+deb7u3

Metadata

Package Version Patches format
openvpn 2.2.1-8+deb7u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Drop too short control channel packets instead of as.patch | (download)

ssl.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 
 [patch] drop too-short control channel packets instead of asserting
 out.

This fixes a denial-of-service vulnerability where an authenticated client
could stop the server by triggering a server-side ASSERT().

OpenVPN would previously ASSERT() that control channel packets have a
payload of at least 4 bytes. An authenticated client could trigger this
assert by sending a too-short control channel packet to the server.

Thanks to Dragana Damjanovic for reporting the issue.

This bug has been assigned CVE-2014-8104.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
auth pam_libpam_so_filename.patch | (download)

plugin/auth-pam/auth-pam.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fix libpam.so filename to /lib/libpam.so.0 in pam plugin
close_socket_before_scripts.patch | (download)

socket.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 
 set socket's fd_cloexec flag before calling up script
 Moving the set_cloexec() call from link_socket_init_phase2() to
 link_socket_init_phase1().
debian_nogroup_for_sample_files.patch | (download)

sample-config-files/client.conf | 2 1 + 1 - 0 !
sample-config-files/server.conf | 2 1 + 1 - 0 !
sample-config-files/static-home.conf | 2 1 + 1 - 0 !
sample-config-files/static-office.conf | 2 1 + 1 - 0 !
sample-config-files/tls-home.conf | 2 1 + 1 - 0 !
sample-config-files/tls-office.conf | 2 1 + 1 - 0 !
6 files changed, 6 insertions(+), 6 deletions(-)

 
 unpriviledged group in debian is called nogroup instead of nobody
openvpn pkcs11warn.patch | (download)

options.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 
 warn users about deprecated pkcs11 options
jjo ipv6 support.patch | (download)

README.ipv6 | 81 81 + 0 - 0 !
TODO.ipv6 | 30 30 + 0 - 0 !
acinclude.m4 | 6 5 + 1 - 0 !
aclocal.m4 | 4 2 + 2 - 0 !
buffer.c | 17 17 + 0 - 0 !
buffer.h | 5 5 + 0 - 0 !
config.h.in | 3 3 + 0 - 0 !
configure | 392 210 + 182 - 0 !
configure.ac | 16 16 + 0 - 0 !
init.c | 43 26 + 17 - 0 !
manage.c | 10 5 + 5 - 0 !
mroute.c | 30 26 + 4 - 0 !
mtcp.c | 5 5 + 0 - 0 !
multi.c | 38 23 + 15 - 0 !
occ.c | 2 1 + 1 - 0 !
openvpn.8 | 10 8 + 2 - 0 !
options.c | 102 83 + 19 - 0 !
ps.c | 6 3 + 3 - 0 !
route.c | 24 17 + 7 - 0 !
socket.c | 1062 929 + 133 - 0 !
socket.h | 245 214 + 31 - 0 !
socks.c | 18 9 + 9 - 0 !
syshead.h | 12 10 + 2 - 0 !
tun.c | 2 2 + 0 - 0 !
win32.h | 5 4 + 1 - 0 !
25 files changed, 1734 insertions(+), 434 deletions(-)

 
 openvpn over udp6/tcp6 patch
route_default_nil.patch | (download)

openvpn.8 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fix small wording in man page.
ipv6 payload.patch | (download)

ChangeLog.IPv6 | 394 394 + 0 - 0 !
README.IPv6 | 8 8 + 0 - 0 !
TODO.IPv6 | 149 149 + 0 - 0 !
forward.c | 3 2 + 1 - 0 !
helper.c | 49 49 + 0 - 0 !
init.c | 65 58 + 7 - 0 !
init.h | 1 1 + 0 - 0 !
misc.c | 4 3 + 1 - 0 !
mroute.c | 139 121 + 18 - 0 !
mroute.h | 4 3 + 1 - 0 !
multi.c | 149 129 + 20 - 0 !
openvpn.8 | 53 53 + 0 - 0 !
openvpn.h | 8 8 + 0 - 0 !
options.c | 269 269 + 0 - 0 !
options.h | 21 21 + 0 - 0 !
pool.c | 75 66 + 9 - 0 !
pool.h | 7 5 + 2 - 0 !
proto.h | 15 15 + 0 - 0 !
push.c | 18 18 + 0 - 0 !
route.c | 559 552 + 7 - 0 !
route.h | 61 61 + 0 - 0 !
socket.c | 119 119 + 0 - 0 !
socket.h | 3 3 + 0 - 0 !
tun.c | 552 487 + 65 - 0 !
tun.h | 11 9 + 2 - 0 !
win32.c | 16 16 + 0 - 0 !
win32.h | 2 2 + 0 - 0 !
27 files changed, 2621 insertions(+), 133 deletions(-)

 
 ipv6 payload support
kfreebsd_support.patch | (download)

route.c | 2 1 + 1 - 0 !
tun.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 
 improve kfreebsd support
accommodate_typo.patch | (download)

occ.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 simple spelling fix
manpage_fixes.patch | (download)

openvpn.8 | 44 22 + 22 - 0 !
1 file changed, 22 insertions(+), 22 deletions(-)

 
 man page fixes
use dpkg buildflags.patch | (download)

plugin/auth-pam/Makefile | 6 3 + 3 - 0 !
plugin/down-root/Makefile | 4 2 + 2 - 0 !
2 files changed, 5 insertions(+), 5 deletions(-)

 
 use build flags from environment for plugins (dpkg-buildflags).
 Necessary for hardening flags.
cve 2013 2061.patch | (download)

buffer.h | 8 8 + 0 - 0 !
crypto.c | 20 19 + 1 - 0 !
2 files changed, 27 insertions(+), 1 deletion(-)

 
---
openvpn 2.3.1 udp send.patch | (download)

socket.c | 11 5 + 6 - 0 !
1 file changed, 5 insertions(+), 6 deletions(-)

 
---
update_sample_certs.patch | (download)

sample-keys/ca.crt | 48 32 + 16 - 0 !
sample-keys/ca.key | 67 52 + 15 - 0 !
sample-keys/client.crt | 126 82 + 44 - 0 !
sample-keys/client.key | 43 28 + 15 - 0 !
sample-keys/server.crt | 130 88 + 42 - 0 !
sample-keys/server.key | 43 28 + 15 - 0 !
6 files changed, 310 insertions(+), 147 deletions(-)

 
---