From a9a37526a9df3b565f5242857d17887cb492afab Mon Sep 17 00:00:00 2001 From: Magnus Kroken Date: Wed, 27 Sep 2017 19:45:32 +0200 Subject: openvpn: update to 2.4.4 Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken --- .../210-build_always_use_internal_lz4.patch | 83 ++++++++++++++-------- 1 file changed, 54 insertions(+), 29 deletions(-) (limited to 'package/network/services/openvpn/patches') diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch index b0fe00df9b..d49e0bf9ec 100644 --- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch +++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch @@ -1,43 +1,68 @@ --- a/configure.ac +++ b/configure.ac -@@ -1076,37 +1076,14 @@ dnl +@@ -1068,62 +1068,15 @@ dnl AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4]) AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4]) if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then -- AC_CHECKING([for LZ4 Library and Header files]) -- havelz4lib=1 - +- if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then +- # if the user did not explicitly specify flags, try to autodetect +- PKG_CHECK_MODULES([LZ4], +- [liblz4 >= 1.7.1], +- [have_lz4="yes"], +- [] # If this fails, we will do another test next +- ) +- fi + + saved_CFLAGS="${CFLAGS}" + saved_LIBS="${LIBS}" + CFLAGS="${CFLAGS} ${LZ4_CFLAGS}" + LIBS="${LIBS} ${LZ4_LIBS}" + +- # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars +- # are used, check the version directly in the LZ4 include file +- if test "${have_lz4}" != "yes"; then +- AC_CHECK_HEADERS([lz4.h], +- [have_lz4h="yes"], +- []) +- +- if test "${have_lz4h}" = "yes" ; then +- AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1]) +- AC_COMPILE_IFELSE( +- [AC_LANG_PROGRAM([[ +-#include +- ]], +- [[ +-/* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */ +-#if LZ4_VERSION_NUMBER < 10701L +-#error LZ4 is too old +-#endif +- ]] +- )], +- [ +- AC_MSG_RESULT([ok]) +- have_lz4="yes" +- ], +- [AC_MSG_RESULT([system LZ4 library is too old])] +- ) +- fi +- fi +- - # if LZ4_LIBS is set, we assume it will work, otherwise test - if test -z "${LZ4_LIBS}"; then -- AC_CHECK_LIB(lz4, LZ4_compress, -- [ LZ4_LIBS="-llz4" ], -- [ -- AC_MSG_RESULT([LZ4 library not found.]) -- havelz4lib=0 -- ]) +- AC_CHECK_LIB([lz4], +- [LZ4_compress], +- [LZ4_LIBS="-llz4"], +- [have_lz4="no"]) - fi -+ AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*]) -+ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) -+ LZ4_LIBS="" - -- saved_CFLAGS="${CFLAGS}" -- CFLAGS="${CFLAGS} ${LZ4_CFLAGS}" -- AC_CHECK_HEADERS(lz4.h, -- , -- [ -- AC_MSG_RESULT([LZ4 headers not found.]) -- havelz4lib=0 -- ]) - -- if test $havelz4lib = 0 ; then -- AC_MSG_RESULT([LZ4 library or header not found, using version in src/compat/compat-lz4.*]) +- if test "${have_lz4}" != "yes" ; then +- AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) - AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) - LZ4_LIBS="" - fi ++ AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) ++ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) ++ LZ4_LIBS="" OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}" OPTIONAL_LZ4_LIBS="${LZ4_LIBS}" - AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library]) -- CFLAGS="${saved_CFLAGS}" - fi - - + AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library]) -- cgit v1.2.3