forked from openwrt/openwrt
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken <[email protected]>
- Loading branch information
Showing
2 changed files
with
58 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,15 +9,14 @@ include $(TOPDIR)/rules.mk | |
|
|
||
| PKG_NAME:=openvpn | ||
|
|
||
| PKG_VERSION:=2.4.3 | ||
| PKG_RELEASE:=2 | ||
| PKG_VERSION:=2.4.4 | ||
| PKG_RELEASE:=1 | ||
|
|
||
| PKG_SOURCE_URL:=\ | ||
| https://build.openvpn.net/downloads/releases/ \ | ||
| https://swupdate.openvpn.net/community/releases/ \ | ||
| http://www.eurephia.net/openvpn/ | ||
| https://swupdate.openvpn.net/community/releases/ | ||
| PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz | ||
| PKG_HASH:=7aa86167a5b8923e54e8795b814ed77288c793671f59fd830d9ab76d4b480571 | ||
| PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80 | ||
|
|
||
| PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) | ||
| PKG_MAINTAINER:=Felix Fietkau <[email protected]> | ||
|
|
||
83 changes: 54 additions & 29 deletions
83
package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,43 +1,68 @@ | ||
| --- a/configure.ac | ||
| +++ b/configure.ac | ||
| @@ -1076,37 +1076,14 @@ dnl | ||
| @@ -1068,62 +1068,15 @@ dnl | ||
| AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4]) | ||
| AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4]) | ||
| if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then | ||
| - AC_CHECKING([for LZ4 Library and Header files]) | ||
| - havelz4lib=1 | ||
|
|
||
| - if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then | ||
| - # if the user did not explicitly specify flags, try to autodetect | ||
| - PKG_CHECK_MODULES([LZ4], | ||
| - [liblz4 >= 1.7.1], | ||
| - [have_lz4="yes"], | ||
| - [] # If this fails, we will do another test next | ||
| - ) | ||
| - fi | ||
|
|
||
| saved_CFLAGS="${CFLAGS}" | ||
| saved_LIBS="${LIBS}" | ||
| CFLAGS="${CFLAGS} ${LZ4_CFLAGS}" | ||
| LIBS="${LIBS} ${LZ4_LIBS}" | ||
|
|
||
| - # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars | ||
| - # are used, check the version directly in the LZ4 include file | ||
| - if test "${have_lz4}" != "yes"; then | ||
| - AC_CHECK_HEADERS([lz4.h], | ||
| - [have_lz4h="yes"], | ||
| - []) | ||
| - | ||
| - if test "${have_lz4h}" = "yes" ; then | ||
| - AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1]) | ||
| - AC_COMPILE_IFELSE( | ||
| - [AC_LANG_PROGRAM([[ | ||
| -#include <lz4.h> | ||
| - ]], | ||
| - [[ | ||
| -/* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */ | ||
| -#if LZ4_VERSION_NUMBER < 10701L | ||
| -#error LZ4 is too old | ||
| -#endif | ||
| - ]] | ||
| - )], | ||
| - [ | ||
| - AC_MSG_RESULT([ok]) | ||
| - have_lz4="yes" | ||
| - ], | ||
| - [AC_MSG_RESULT([system LZ4 library is too old])] | ||
| - ) | ||
| - fi | ||
| - fi | ||
| - | ||
| - # if LZ4_LIBS is set, we assume it will work, otherwise test | ||
| - if test -z "${LZ4_LIBS}"; then | ||
| - AC_CHECK_LIB(lz4, LZ4_compress, | ||
| - [ LZ4_LIBS="-llz4" ], | ||
| - [ | ||
| - AC_MSG_RESULT([LZ4 library not found.]) | ||
| - havelz4lib=0 | ||
| - ]) | ||
| - AC_CHECK_LIB([lz4], | ||
| - [LZ4_compress], | ||
| - [LZ4_LIBS="-llz4"], | ||
| - [have_lz4="no"]) | ||
| - fi | ||
| + AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*]) | ||
| + AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) | ||
| + LZ4_LIBS="" | ||
|
|
||
| - saved_CFLAGS="${CFLAGS}" | ||
| - CFLAGS="${CFLAGS} ${LZ4_CFLAGS}" | ||
| - AC_CHECK_HEADERS(lz4.h, | ||
| - , | ||
| - [ | ||
| - AC_MSG_RESULT([LZ4 headers not found.]) | ||
| - havelz4lib=0 | ||
| - ]) | ||
| - | ||
| - if test $havelz4lib = 0 ; then | ||
| - AC_MSG_RESULT([LZ4 library or header not found, using version in src/compat/compat-lz4.*]) | ||
| - if test "${have_lz4}" != "yes" ; then | ||
| - AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) | ||
| - AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) | ||
| - LZ4_LIBS="" | ||
| - fi | ||
| + AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) | ||
| + AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) | ||
| + LZ4_LIBS="" | ||
| OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}" | ||
| OPTIONAL_LZ4_LIBS="${LZ4_LIBS}" | ||
| AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library]) | ||
| - CFLAGS="${saved_CFLAGS}" | ||
| fi | ||
|
|
||
|
|
||
| AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library]) |