Subject: CVS commit: pkgsrc/net/openvpn
From: Adam Ciarcinski
Date: 2017-06-21 21:00:47
Message id: 20170621190047.3F6D9FAE8@cvs.NetBSD.org
Log Message:
OpenVPN 2.4.3
Ignore auth-nocache for auth-user-pass if auth-token is pushed
crypto: Enable SHA256 fingerprint checking in --verify-hash
copyright: Update GPLv2 license texts
auth-token with auth-nocache fix broke --disable-crypto builds
OpenSSL: don't use direct access to the internal of X509
OpenSSL: don't use direct access to the internal of EVP_PKEY
OpenSSL: don't use direct access to the internal of RSA
OpenSSL: don't use direct access to the internal of DSA
OpenSSL: force meth->name as non-const when we free() it
OpenSSL: don't use direct access to the internal of EVP_MD_CTX
OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
OpenSSL: don't use direct access to the internal of HMAC_CTX
Fix NCP behaviour on TLS reconnect.
Remove erroneous limitation on max number of args for --plugin
Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
Fix potential 1-byte overread in TCP option parsing.
Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
refactor my_strupr
Fix 2 memory leaks in proxy authentication routine
Fix memory leak in add_option() for option 'connection'
Ensure option array p[] is always NULL-terminated
Fix a null-pointer dereference in establish_http_proxy_passthru()
Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
Fix an unaligned access on OpenBSD/sparc64
Missing include for socket-flags TCP_NODELAY on OpenBSD
Make openvpn-plugin.h self-contained again.
Pass correct buffer size to GetModuleFileNameW()
Log the negotiated (NCP) cipher
Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
Skip tls-crypt unit tests if required crypto mode not supported
openssl: fix overflow check for long --tls-cipher option
Add a DSA test key/cert pair to sample-keys
Fix mbedtls fingerprint calculation
mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
mbedtls: require C-string compatible types for --x509-username-field
Fix remote-triggerable memory leaks (CVE-2017-7521)
Restrict --x509-alt-username extension types
Fix potential double-free in --x509-alt-username (CVE-2017-7521)
Fix gateway detection with OpenBSD routing domains
Files:
RevisionActionfile
1.9modifypkgsrc/net/openvpn/Makefile.common
1.37modifypkgsrc/net/openvpn/distinfo