diff options
author | Magnus Kroken <mkroken@gmail.com> | 2016-06-21 15:45:49 +0200 |
---|---|---|
committer | Zoltan HERPAI <wigyori@uid0.hu> | 2016-06-21 15:45:49 +0200 |
commit | fca949b897613735108de29c82ea547c03287708 (patch) | |
tree | aec0152480d2340f90be1764f18aced87dcc5a13 | |
parent | bb5a6118b8921f36a8705b88c9e159f0ae58f02f (diff) | |
download | master-187ad058-fca949b897613735108de29c82ea547c03287708.tar.gz master-187ad058-fca949b897613735108de29c82ea547c03287708.tar.bz2 master-187ad058-fca949b897613735108de29c82ea547c03287708.zip |
openvpn: update to 2.3.11
Security fixes:
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data
Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
3 files changed, 25 insertions, 4 deletions
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index e0e1b124c3..19f78bc508 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn -PKG_VERSION:=2.3.10 -PKG_RELEASE:=2 +PKG_VERSION:=2.3.11 +PKG_RELEASE:=1 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_MD5SUM:=8831ded42db4317e287157b6b8cba74c +PKG_MD5SUM:=0f5f1ca1dc5743fa166d93dd4ec952f014b5f33bafd88f0ea34b455cae1434a7 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch index 73ab40649d..bd8e5b780d 100644 --- a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch +++ b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch @@ -1,6 +1,6 @@ --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c -@@ -1153,7 +1153,7 @@ const char * +@@ -1151,7 +1151,7 @@ const char * get_ssl_library_version(void) { static char polar_version[30]; diff --git a/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch new file mode 100644 index 0000000000..3cef32395e --- /dev/null +++ b/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch @@ -0,0 +1,21 @@ +openvpn: remove call to PolarSSL debug function + +OpenVPN >=2.3.11 uses PolarSSL debug functions for improved logging. +This requires that PolarSSL is built with POLARSSL_DEBUG_C, which increases +its size significantly. + +This change does not impact OpenVPN operation, see: +https://sourceforge.net/p/openvpn/mailman/message/35153943/ + +Signed-off-by: Magnus Kroken <mkroken@gmail.com> + +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -742,7 +742,7 @@ void key_state_ssl_init(struct key_state + if (polar_ok(ssl_init(ks_ssl->ctx))) + { + /* Initialise SSL context */ +- debug_set_threshold(3); ++ /*debug_set_threshold(3);*/ + ssl_set_dbg (ks_ssl->ctx, my_debug, NULL); + ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint); |