openvpn: update to 2.4.4

Fixes CVE-2017-12166: out of bounds write in key-method 1.

Remove the mirror that was temporarily added during the
2.4.3 release.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit a9a37526a9df3b565f5242857d17887cb492afab)

diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index a1aa196fad7303ab95d9610d7ad3e24213d77983..9d8f047613ddd41a954c49d12dc544fbb05188e7 100644 (file)
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -9,15 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.4.3
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.4
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=\
        https://build.openvpn.net/downloads/releases/ \
-       https://swupdate.openvpn.net/community/releases/ \
-       http://www.eurephia.net/openvpn/
+       https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=7aa86167a5b8923e54e8795b814ed77288c793671f59fd830d9ab76d4b480571
+PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>

diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
index b0fe00df9b390cec2b36cf001cbec9309b3a8d50..d49e0bf9ec9f46df6a041a494059ea92cbdb8727 100644 (file)
--- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
+++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
@@ -1,43 +1,68 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1076,37 +1076,14 @@ dnl
+@@ -1068,62 +1068,15 @@ dnl
  AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
  AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
  if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
--    AC_CHECKING([for LZ4 Library and Header files])
--    havelz4lib=1
- 
+-    if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
+-      # if the user did not explicitly specify flags, try to autodetect
+-      PKG_CHECK_MODULES([LZ4],
+-                        [liblz4 >= 1.7.1],
+-                        [have_lz4="yes"],
+-                        [] # If this fails, we will do another test next
+-      )
+-    fi
+
+     saved_CFLAGS="${CFLAGS}"
+     saved_LIBS="${LIBS}"
+     CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
+     LIBS="${LIBS} ${LZ4_LIBS}"
+
+-    # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
+-    # are used, check the version directly in the LZ4 include file
+-    if test "${have_lz4}" != "yes"; then
+-      AC_CHECK_HEADERS([lz4.h],
+-                       [have_lz4h="yes"],
+-                       [])
+-
+-      if test "${have_lz4h}" = "yes" ; then
+-          AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
+-          AC_COMPILE_IFELSE(
+-              [AC_LANG_PROGRAM([[
+-#include <lz4.h>
+-                               ]],
+-                               [[
+-/* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
+-#if LZ4_VERSION_NUMBER < 10701L
+-#error LZ4 is too old
+-#endif
+-                               ]]
+-                              )],
+-              [
+-                  AC_MSG_RESULT([ok])
+-                  have_lz4="yes"
+-              ],
+-              [AC_MSG_RESULT([system LZ4 library is too old])]
+-          )
+-      fi
+-    fi
+-
 -    # if LZ4_LIBS is set, we assume it will work, otherwise test
 -    if test -z "${LZ4_LIBS}"; then
--      AC_CHECK_LIB(lz4, LZ4_compress,
--          [ LZ4_LIBS="-llz4" ],
--          [
--              AC_MSG_RESULT([LZ4 library not found.])
--              havelz4lib=0
--          ])
+-      AC_CHECK_LIB([lz4],
+-                   [LZ4_compress],
+-                   [LZ4_LIBS="-llz4"],
+-                   [have_lz4="no"])
 -    fi
-+    AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*])
-+    AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
-+    LZ4_LIBS=""
- 
--    saved_CFLAGS="${CFLAGS}"
--    CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
--    AC_CHECK_HEADERS(lz4.h,
--       ,
--       [
--         AC_MSG_RESULT([LZ4 headers not found.])
--         havelz4lib=0
--       ])
 -
--    if test $havelz4lib = 0 ; then
--      AC_MSG_RESULT([LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+-    if test "${have_lz4}" != "yes" ; then
+-      AC_MSG_RESULT([         usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 -      AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 -      LZ4_LIBS=""
 -    fi
++    AC_MSG_RESULT([           usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
++    AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
++    LZ4_LIBS=""
      OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
      OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
-     AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library])
--    CFLAGS="${saved_CFLAGS}"
- fi
- 
- 
+     AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])