[LEDE-DEV] [PATCH] openvpn: update to 2.4.4
Magnus Kroken
mkroken at gmail.com
Wed Sep 27 10:45:32 PDT 2017
Fixes CVE-2017-12166: out of bounds write in key-method 1.
Remove the mirror that was temporarily added during the
2.4.3 release.
Signed-off-by: Magnus Kroken <mkroken at gmail.com>
---
Compile-tested all variants on powerpc, runtime-tested mbedTLS variant as server.
package/network/services/openvpn/Makefile | 9 ++-
.../210-build_always_use_internal_lz4.patch | 83 ++++++++++++++--------
2 files changed, 58 insertions(+), 34 deletions(-)
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index a1aa196fad..9d8f047613 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -9,15 +9,14 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn
-PKG_VERSION:=2.4.3
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.4
+PKG_RELEASE:=1
PKG_SOURCE_URL:=\
https://build.openvpn.net/downloads/releases/ \
- https://swupdate.openvpn.net/community/releases/ \
- http://www.eurephia.net/openvpn/
+ https://swupdate.openvpn.net/community/releases/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=7aa86167a5b8923e54e8795b814ed77288c793671f59fd830d9ab76d4b480571
+PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Felix Fietkau <nbd at nbd.name>
diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
index b0fe00df9b..d49e0bf9ec 100644
--- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
+++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
@@ -1,43 +1,68 @@
--- a/configure.ac
+++ b/configure.ac
-@@ -1076,37 +1076,14 @@ dnl
+@@ -1068,62 +1068,15 @@ dnl
AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
-- AC_CHECKING([for LZ4 Library and Header files])
-- havelz4lib=1
-
+- if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
+- # if the user did not explicitly specify flags, try to autodetect
+- PKG_CHECK_MODULES([LZ4],
+- [liblz4 >= 1.7.1],
+- [have_lz4="yes"],
+- [] # If this fails, we will do another test next
+- )
+- fi
+
+ saved_CFLAGS="${CFLAGS}"
+ saved_LIBS="${LIBS}"
+ CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
+ LIBS="${LIBS} ${LZ4_LIBS}"
+
+- # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
+- # are used, check the version directly in the LZ4 include file
+- if test "${have_lz4}" != "yes"; then
+- AC_CHECK_HEADERS([lz4.h],
+- [have_lz4h="yes"],
+- [])
+-
+- if test "${have_lz4h}" = "yes" ; then
+- AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
+- AC_COMPILE_IFELSE(
+- [AC_LANG_PROGRAM([[
+-#include <lz4.h>
+- ]],
+- [[
+-/* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
+-#if LZ4_VERSION_NUMBER < 10701L
+-#error LZ4 is too old
+-#endif
+- ]]
+- )],
+- [
+- AC_MSG_RESULT([ok])
+- have_lz4="yes"
+- ],
+- [AC_MSG_RESULT([system LZ4 library is too old])]
+- )
+- fi
+- fi
+-
- # if LZ4_LIBS is set, we assume it will work, otherwise test
- if test -z "${LZ4_LIBS}"; then
-- AC_CHECK_LIB(lz4, LZ4_compress,
-- [ LZ4_LIBS="-llz4" ],
-- [
-- AC_MSG_RESULT([LZ4 library not found.])
-- havelz4lib=0
-- ])
+- AC_CHECK_LIB([lz4],
+- [LZ4_compress],
+- [LZ4_LIBS="-llz4"],
+- [have_lz4="no"])
- fi
-+ AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*])
-+ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
-+ LZ4_LIBS=""
-
-- saved_CFLAGS="${CFLAGS}"
-- CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
-- AC_CHECK_HEADERS(lz4.h,
-- ,
-- [
-- AC_MSG_RESULT([LZ4 headers not found.])
-- havelz4lib=0
-- ])
-
-- if test $havelz4lib = 0 ; then
-- AC_MSG_RESULT([LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+- if test "${have_lz4}" != "yes" ; then
+- AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
- AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
- LZ4_LIBS=""
- fi
++ AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
++ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
++ LZ4_LIBS=""
OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
- AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library])
-- CFLAGS="${saved_CFLAGS}"
- fi
-
-
+ AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])
--
2.11.0
More information about the Lede-dev
mailing list