From: Ivan Pavlov Date: Fri, 4 Apr 2025 05:51:00 +0000 (+0300) Subject: openvpn: update to 2.6.14 X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=74a66189f123bd1bca3171612327c5863761af26;p=openwrt-packages.git openvpn: update to 2.6.14 Security fixes: ​CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message by sending a particular combination of authenticated and malformed packets. No crypto integrity is violated, no data is leaked, and no remote code execution is possible. This bug does not affect OpenVPN clients. For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst Signed-off-by: Ivan Pavlov --- diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index c7026ad2b..f1301d89a 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn -PKG_VERSION:=2.6.13 +PKG_VERSION:=2.6.14 PKG_RELEASE:=1 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ https://swupdate.openvpn.net/community/releases/ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_HASH:=1af10b86922bd7c99827cc0f151dfe9684337b8e5ebdb397539172841ac24a6a +PKG_HASH:=9eb6a6618352f9e7b771a9d38ae1631b5edfeed6d40233e243e602ddf2195e7a PKG_MAINTAINER:= diff --git a/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch index c327166ab..59d805ad3 100644 --- a/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch +++ b/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch @@ -1,6 +1,6 @@ --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c -@@ -1612,7 +1612,7 @@ const char * +@@ -1616,7 +1616,7 @@ const char * get_ssl_library_version(void) { static char mbedtls_version[30];