Subject: CVS commit: pkgsrc/net
From: Adam Ciarcinski
Date: 2021-04-22 15:53:16
Message id: 20210422135316.58E09FA95@cvs.NetBSD.org

Log Message:
openvpn: updated to 2.5.2

The OpenVPN community project team is proud to release OpenVPN 2.5.2. It fixes \ 
two related security vulnerabilities (CVE-2020-15078) which under very specific \ 
circumstances allow tricking a server using delayed authentication (plugin or \ 
management) into returning a PUSH_REPLY before the AUTH_FAILED message, which \ 
can possibly be used to gather information about a VPN setup. In combination \ 
with “–auth-gen-token” or a user-specific token auth solution it can be \ 
possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 \ 
also includes other bug fixes and improvements. Updated OpenSSL and OpenVPN GUI \ 
are included in Windows installers.

Files:
RevisionActionfile
1.84modifypkgsrc/net/openvpn/Makefile
1.21modifypkgsrc/net/openvpn/Makefile.common
1.50modifypkgsrc/net/openvpn/distinfo
1.25modifypkgsrc/net/openvpn-acct-wtmpx/distinfo
1.11modifypkgsrc/net/openvpn-nagios/Makefile
1.22modifypkgsrc/net/openvpn-nagios/distinfo