From d7e98bd7c5316f95cc11635371a39c6c0e18b9a7 Mon Sep 17 00:00:00 2001 From: Magnus Kroken Date: Fri, 17 Apr 2020 17:34:42 +0200 Subject: [PATCH] openvpn: update to 2.4.9 This is primarily a maintenance release with bugfixes and improvements. This release also fixes a security issue (CVE-2020-11810) which allows disrupting service of a freshly connected client that has not yet negotiated session keys. The vulnerability cannot be used to inject or steal VPN traffic. Release announcement: https://openvpn.net/community-downloads/#heading-13812 Full list of changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9 Signed-off-by: Magnus Kroken --- package/network/services/openvpn/Makefile | 4 ++-- .../patches/100-mbedtls-disable-runtime-version-check.patch | 2 +- .../110-openssl-dont-use-deprecated-ssleay-symbols.patch | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index baa8c1d07e7..5f102d967d9 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn -PKG_VERSION:=2.4.8 +PKG_VERSION:=2.4.9 PKG_RELEASE:=1 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ https://swupdate.openvpn.net/community/releases/ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_HASH:=fb8ca66bb7807fff595fbdf2a0afd085c02a6aa47715c9aa3171002f9f1a3f91 +PKG_HASH:=641f3add8694b2ccc39fd4fd92554e4f089ad16a8db6d2b473ec284839a5ebe2 PKG_MAINTAINER:=Felix Fietkau diff --git a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch index 7fc0089000e..cb16a906fe0 100644 --- a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch +++ b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch @@ -1,6 +1,6 @@ --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c -@@ -1406,7 +1406,7 @@ const char * +@@ -1415,7 +1415,7 @@ const char * get_ssl_library_version(void) { static char mbedtls_version[30]; diff --git a/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch b/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch index 7e9931f0f38..c7faf7c0c09 100644 --- a/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch +++ b/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch @@ -47,7 +47,7 @@ Signed-off-by: Gert Doering #endif --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c -@@ -1977,7 +1977,7 @@ get_highest_preference_tls_cipher(char * +@@ -2008,7 +2008,7 @@ get_highest_preference_tls_cipher(char * const char * get_ssl_library_version(void) { -- 2.30.2