openvpn: update to 2.4.9
authorMagnus Kroken <mkroken@gmail.com>
Fri, 17 Apr 2020 15:34:42 +0000 (17:34 +0200)
committerHans Dedecker <dedeckeh@gmail.com>
Sat, 18 Apr 2020 18:34:08 +0000 (20:34 +0200)
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
package/network/services/openvpn/Makefile
package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch

index baa8c1d07e7608de0e4c8880bb696737368d6ed8..5f102d967d9f7ccc46fe5b901f7122d9f97060ad 100644 (file)
@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.4.8
+PKG_VERSION:=2.4.9
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=\
        https://build.openvpn.net/downloads/releases/ \
        https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=fb8ca66bb7807fff595fbdf2a0afd085c02a6aa47715c9aa3171002f9f1a3f91
+PKG_HASH:=641f3add8694b2ccc39fd4fd92554e4f089ad16a8db6d2b473ec284839a5ebe2
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
index 7fc0089000e1c0ef83b9263c452cb3ad21cb2a50..cb16a906fe0c4b7bb959cec484ca9cfa6ed6d529 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_mbedtls.c
 +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1406,7 +1406,7 @@ const char *
+@@ -1415,7 +1415,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char mbedtls_version[30];
index 7e9931f0f385505c488217f76881c89a3e24de5c..c7faf7c0c09ce831493ddea6d38b73ecd843fd44 100644 (file)
@@ -47,7 +47,7 @@ Signed-off-by: Gert Doering <gert@greenie.muc.de>
  #endif
 --- a/src/openvpn/ssl_openssl.c
 +++ b/src/openvpn/ssl_openssl.c
-@@ -1977,7 +1977,7 @@ get_highest_preference_tls_cipher(char *
+@@ -2008,7 +2008,7 @@ get_highest_preference_tls_cipher(char *
  const char *
  get_ssl_library_version(void)
  {