packages/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
Ivan Pavlov f52f437070 openvpn: update to 2.6.8
This is a bugfix release containing security fixes.

Security Fixes (included in 2.6.7):

CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer
after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer.
All configurations using TLS (e.g. not using --secret) are affected by this issue.

CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration
in some circumstances, leading to a division by zero when --fragment is used.
On platforms where division by zero is fatal, this will cause an OpenVPN crash.

For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2023-11-19 12:24:11 -08:00

11 lines
412 B
Diff

--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -1533,7 +1533,7 @@ const char *
get_ssl_library_version(void)
{
static char mbedtls_version[30];
- unsigned int pv = mbedtls_version_get_number();
+ unsigned int pv = MBEDTLS_VERSION_NUMBER;
sprintf( mbedtls_version, "mbed TLS %d.%d.%d",
(pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
return mbedtls_version;