ports/95500: security/openvpn - init script installed with wrong name?!
Matthias Andree
matthias.andree at gmx.de
Sat Apr 8 10:50:16 UTC 2006
The following reply was made to PR ports/95500; it has been noted by GNATS.
From: Matthias Andree <matthias.andree at gmx.de>
To: bug-followup at FreeBSD.org, none at FreeBSD.org
Cc:
Subject: Re: ports/95500: security/openvpn - init script installed with
wrong name?!
Date: Sat, 08 Apr 2006 12:41:58 +0200
Greetings,
This bug report is invalid and the problem caused by improper use of
packages, please close this report.
A. Why this report is invalid:
------------------------------
1. System and package versions are inconsistent and incompatible.
Submitter tried to install a 6.1 package (see the URL mentioned,
packages-6-stable) onto his 6.0-SECURITY system. The port expects to
have its start script run with rcorder(8), which is new behavior
in FreeBSD 6.1.
2. The decision if .sh is to be added or not is made by
/usr/ports/Mk/bsd.port.mk anyways, rather than the ports themselves.
The port just uses USE_RC_SUBR=openvpn.sh.
3. openvpn-2.0.5_1 is outdated and the client side is vulnerable to code
injection, see
http://www.vuxml.org/freebsd/be4ccb7b-c48b-11da-ae12-0002b3b60e4c.html
B. Suggested remedy:
--------------------
Execute all steps on the submitter's machine in this order:
1. Update ports tree, for instance, with portsnap.
2. Install portaudit:
cd /usr/ports/security/portaudit
make all install clean
This also helps with identifying vulnerable ports and packages before
they are installed.
3. Regularly (for instance, daily) run "portaudit -Fda" to identify
vulnerable ports and update them.
4. Rebuild the OpenVPN-2.0.6 or newer port,
DO NOT USE THE 6-STABLE PACKAGE!
cd /usr/ports/security/openvpn
make all deinstall install clean
HTH,
--
Matthias Andree <matthias.andree at gmx.de>
More information about the freebsd-ports-bugs
mailing list