aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMagnus Kroken <mkroken@gmail.com>2016-06-21 15:45:49 +0200
committerZoltan HERPAI <wigyori@uid0.hu>2016-06-21 15:45:49 +0200
commitfca949b897613735108de29c82ea547c03287708 (patch)
treeaec0152480d2340f90be1764f18aced87dcc5a13
parentbb5a6118b8921f36a8705b88c9e159f0ae58f02f (diff)
downloadmaster-187ad058-fca949b897613735108de29c82ea547c03287708.tar.gz
master-187ad058-fca949b897613735108de29c82ea547c03287708.tar.bz2
master-187ad058-fca949b897613735108de29c82ea547c03287708.zip
openvpn: update to 2.3.11
Security fixes: * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
-rw-r--r--package/network/services/openvpn/Makefile6
-rw-r--r--package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch2
-rw-r--r--package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch21
3 files changed, 25 insertions, 4 deletions
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index e0e1b124c3..19f78bc508 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn
-PKG_VERSION:=2.3.10
-PKG_RELEASE:=2
+PKG_VERSION:=2.3.11
+PKG_RELEASE:=1
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_MD5SUM:=8831ded42db4317e287157b6b8cba74c
+PKG_MD5SUM:=0f5f1ca1dc5743fa166d93dd4ec952f014b5f33bafd88f0ea34b455cae1434a7
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
diff --git a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch
index 73ab40649d..bd8e5b780d 100644
--- a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch
+++ b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch
@@ -1,6 +1,6 @@
--- a/src/openvpn/ssl_polarssl.c
+++ b/src/openvpn/ssl_polarssl.c
-@@ -1153,7 +1153,7 @@ const char *
+@@ -1151,7 +1151,7 @@ const char *
get_ssl_library_version(void)
{
static char polar_version[30];
diff --git a/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch
new file mode 100644
index 0000000000..3cef32395e
--- /dev/null
+++ b/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch
@@ -0,0 +1,21 @@
+openvpn: remove call to PolarSSL debug function
+
+OpenVPN >=2.3.11 uses PolarSSL debug functions for improved logging.
+This requires that PolarSSL is built with POLARSSL_DEBUG_C, which increases
+its size significantly.
+
+This change does not impact OpenVPN operation, see:
+https://sourceforge.net/p/openvpn/mailman/message/35153943/
+
+Signed-off-by: Magnus Kroken <mkroken@gmail.com>
+
+--- a/src/openvpn/ssl_polarssl.c
++++ b/src/openvpn/ssl_polarssl.c
+@@ -742,7 +742,7 @@ void key_state_ssl_init(struct key_state
+ if (polar_ok(ssl_init(ks_ssl->ctx)))
+ {
+ /* Initialise SSL context */
+- debug_set_threshold(3);
++ /*debug_set_threshold(3);*/
+ ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
+ ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);