From 8f9b4e04b156e64f68171bf1ce5eeeb82ca2a9b0 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Thu, 21 Mar 2024 20:00:42 +0800 Subject: [PATCH] openvpn: upgrade 2.6.9 -> 2.6.10 License-Update: Update copyright years to 2024 ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst Security fixes: CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation. CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers. CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir. CVE-2024-1305: Windows TAP driver: Fix potential integer overflow in !TapSharedSendPacket. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --- .../openvpn/{openvpn_2.6.9.bb => openvpn_2.6.10.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/openvpn/{openvpn_2.6.9.bb => openvpn_2.6.10.bb} (95%) diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.6.9.bb b/meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb similarity index 95% rename from meta-networking/recipes-support/openvpn/openvpn_2.6.9.bb rename to meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb index 3af6b30a70..f8de78ff74 100644 --- a/meta-networking/recipes-support/openvpn/openvpn_2.6.9.bb +++ b/meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb @@ -2,7 +2,7 @@ SUMMARY = "A full-featured SSL VPN solution via tun device." HOMEPAGE = "https://openvpn.net/" SECTION = "net" LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=4b34e946059f80dcfd811e8dd471b5ed" +LIC_FILES_CHKSUM = "file://COPYING;md5=89196bacc47ed37a5b242a535661a049" DEPENDS = "lzo lz4 openssl iproute2 libcap-ng ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" inherit autotools systemd update-rc.d pkgconfig @@ -14,7 +14,7 @@ SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" -SRC_URI[sha256sum] = "e08d147e15b4508dfcd1d6618a1f21f1495f9817a8dadc1eddf0532fa116d7e3" +SRC_URI[sha256sum] = "1993bbb7b9edb430626eaa24573f881fd3df642f427fcb824b1aed1fca1bcc9b" CVE_STATUS[CVE-2020-27569] = "not-applicable-config: Applies only Aviatrix OpenVPN client, not openvpn"