Package: openvpn / 2.3.2-7~bpo70+2

Metadata

Package Version Patches format
openvpn 2.3.2-7~bpo70+2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
auth pam_libpam_so_filename.patch | (download)

src/plugins/auth-pam/auth-pam.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fix libpam.so filename to /lib/libpam.so.0 in pam plugin
close_socket_before_scripts.patch | (download)

src/openvpn/socket.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 
 set socket's fd_cloexec flag before calling up script
 Moving the set_cloexec() call from link_socket_init_phase2() to
 link_socket_init_phase1().
debian_nogroup_for_sample_files.patch | (download)

sample/sample-config-files/client.conf | 2 1 + 1 - 0 !
sample/sample-config-files/server.conf | 2 1 + 1 - 0 !
sample/sample-config-files/static-home.conf | 2 1 + 1 - 0 !
sample/sample-config-files/static-office.conf | 2 1 + 1 - 0 !
sample/sample-config-files/tls-home.conf | 2 1 + 1 - 0 !
sample/sample-config-files/tls-office.conf | 2 1 + 1 - 0 !
6 files changed, 6 insertions(+), 6 deletions(-)

 
 unpriviledged group in debian is called nogroup instead of nobody
openvpn pkcs11warn.patch | (download)

src/openvpn/options.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 
 warn users about deprecated pkcs11 options
route_default_nil.patch | (download)

doc/openvpn.8 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fix small wording in man page.
kfreebsd_support.patch | (download)

src/openvpn/route.c | 2 1 + 1 - 0 !
src/openvpn/tun.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 
 improve kfreebsd support
accommodate_typo.patch | (download)

src/openvpn/occ.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 simple spelling fix
manpage_fixes.patch | (download)

doc/openvpn.8 | 44 22 + 22 - 0 !
1 file changed, 22 insertions(+), 22 deletions(-)

 
 man page fixes
0001 Drop too short control channel packets instead of as.patch | (download)

src/openvpn/ssl.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 
 [patch] drop too-short control channel packets instead of asserting
 out.

This fixes a denial-of-service vulnerability where an authenticated client
could stop the server by triggering a server-side ASSERT().

OpenVPN would previously ASSERT() that control channel packets have a
payload of at least 4 bytes. An authenticated client could trigger this
assert by sending a too-short control channel packet to the server.

Thanks to Dragana Damjanovic for reporting the issue.

This bug has been assigned CVE-2014-8104.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
update_sample_certs.patch | (download)

sample/sample-keys/ca.crt | 48 32 + 16 - 0 !
sample/sample-keys/ca.key | 67 52 + 15 - 0 !
sample/sample-keys/client.crt | 126 82 + 44 - 0 !
sample/sample-keys/client.key | 43 28 + 15 - 0 !
sample/sample-keys/server.crt | 130 88 + 42 - 0 !
sample/sample-keys/server.key | 43 28 + 15 - 0 !
6 files changed, 310 insertions(+), 147 deletions(-)

 
---