diff options
author | Jo-Philipp Wich <jo@mein.io> | 2016-06-28 10:47:22 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2016-06-28 10:47:22 +0200 |
commit | f98f4601de762251c4644047786affd34d5fb10c (patch) | |
tree | 9399190f2f51929cc3e8114955365437ef3cd6c1 | |
parent | 4a3b8e05966e9883227eb0b6780c1bd9fe008d95 (diff) | |
download | upstream-f98f4601de762251c4644047786affd34d5fb10c.tar.gz upstream-f98f4601de762251c4644047786affd34d5fb10c.tar.bz2 upstream-f98f4601de762251c4644047786affd34d5fb10c.zip |
openvpn: fix missing cipher list for polarssl in v2.3.11
Upstream OpenSSL hardening work introduced a change in shared code that
causes polarssl / mbedtls builds to break when no --tls-cipher is specified.
Import the upstream fix commit as patch until the next OpenVPN release gets
released and packaged.
Reported-by: Sebastian Koch <seb@metafly.info>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r-- | package/network/services/openvpn/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch | 42 |
2 files changed, 43 insertions, 1 deletions
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index 19f78bc508..54a540f4f6 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn PKG_VERSION:=2.3.11 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz diff --git a/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch b/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch new file mode 100644 index 0000000000..0a5c49c791 --- /dev/null +++ b/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch @@ -0,0 +1,42 @@ +From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001 +From: Steffan Karger <steffan@karger.me> +Date: Fri, 13 May 2016 08:54:52 +0200 +Subject: [PATCH] Fix polarssl / mbedtls builds + +Commit 8a399cd3 hardened the OpenSSL default cipher list, +but also introduced a change in shared code that causes +polarssl / mbedtls builds to break when no --tls-cipher is +specified. + +This fix is backported code from the master branch. + +Signed-off-by: Steffan Karger <steffan@karger.me> +Acked-by: Gert Doering <gert@greenie.muc.de> +Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me> +URL: http://article.gmane.org/gmane.network.openvpn.devel/11647 +Signed-off-by: Gert Doering <gert@greenie.muc.de> +--- + src/openvpn/ssl_polarssl.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c +index 1f58369..9263698 100644 +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) + { + char *tmp_ciphers, *tmp_ciphers_orig, *token; + int i, cipher_count; +- int ciphers_len = strlen (ciphers); ++ int ciphers_len; ++ ++ if (NULL == ciphers) ++ return; /* Nothing to do */ ++ ++ ciphers_len = strlen (ciphers); + + ASSERT (NULL != ctx); + ASSERT (0 != ciphers_len); +-- +2.8.1 + |