[meta-networking][dunfell][PATCH 2/2] openvpn: upgrade 2.4.9 -> 2.4.12

[meta-networking][dunfell][PATCH 2/2] openvpn: upgrade 2.4.9 -> 2.4.12

[Hugo SIMELIERE]

[-- Attachment #1: Type: text/plain, Size: 1414 bytes --]

Fixes below CVEs:
* CVE-2022-0547
* CVE-2020-15078

Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
---
 .../openvpn/{openvpn_2.4.9.bb => openvpn_2.4.12.bb}           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-networking/recipes-support/openvpn/{openvpn_2.4.9.bb => openvpn_2.4.12.bb} (95%)

diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb b/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
similarity index 95%
rename from meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb
rename to meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
index 4820d3d96..55e66036b 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
@@ -14,8 +14,8 @@ SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \

 UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"

-SRC_URI[md5sum] = "52863fa9b98e5a3d7f8bec1d5785a2ba"
-SRC_URI[sha256sum] = "46b268ef88e67ca6de2e9f19943eb9e5ac8544e55f5c1f3af677298d03e64b6e"
+SRC_URI[md5sum] = "e83d430947fb7c9ad1a174987317d1dc"
+SRC_URI[sha256sum] = "66952d9c95490e5875f04c9f8fa313b5e816d1b7b4d6cda3fb2ff749ad405dee"

 # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn.
 CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569"
--
2.39.2


[-- Attachment #2: Type: text/html, Size: 2163 bytes --]

Re: [oe] [meta-networking][dunfell][PATCH 2/2] openvpn: upgrade 2.4.9 -> 2.4.12

[akuster808]

Hugo,

On 2/22/23 4:39 AM, Hugo Simeliere via lists.openembedded.org wrote:
> Fixes below CVEs:
> * CVE-2022-0547
> * CVE-2020-15078

Do these CVE's affect the version in Master?

-armin
>
> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
> ---
>  .../openvpn/{openvpn_2.4.9.bb => openvpn_2.4.12.bb}       | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  rename meta-networking/recipes-support/openvpn/{openvpn_2.4.9.bb => 
> openvpn_2.4.12.bb} (95%)
>
> diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb 
> b/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
> similarity index 95%
> rename from meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb
> rename to meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
> index 4820d3d96..55e66036b 100644
> --- a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb
> +++ b/meta-networking/recipes-support/openvpn/openvpn_2.4.12.bb
> @@ -14,8 +14,8 @@ SRC_URI = 
> "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
>  UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads"
> -SRC_URI[md5sum] = "52863fa9b98e5a3d7f8bec1d5785a2ba"
> -SRC_URI[sha256sum] = 
> "46b268ef88e67ca6de2e9f19943eb9e5ac8544e55f5c1f3af677298d03e64b6e"
> +SRC_URI[md5sum] = "e83d430947fb7c9ad1a174987317d1dc"
> +SRC_URI[sha256sum] = 
> "66952d9c95490e5875f04c9f8fa313b5e816d1b7b4d6cda3fb2ff749ad405dee"
>  # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, 
> not for openvpn.
>  CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569"
> -- 
> 2.39.2
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#101205): https://lists.openembedded.org/g/openembedded-devel/message/101205
> Mute This Topic: https://lists.openembedded.org/mt/97156570/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [meta-networking][dunfell][PATCH 2/2] openvpn: upgrade 2.4.9 -> 2.4.12

[Hugo Simeliere]

[-- Attachment #1: Type: text/plain, Size: 371 bytes --]

Hi,

No these CVE's affect only the version in Dunfell.
Best regards,
Hugo Simeliere

On Wed, Feb 22, 2023 at 05:21 PM, Armin Kuster wrote:

> 
> Hugo,
> 
> On 2/22/23 4:39 AM, Hugo Simeliere via lists.openembedded.org wrote:
> 
>> Fixes below CVEs:
>> * CVE-2022-0547
>> * CVE-2020-15078
> 
> Do these CVE's affect the version in Master?
> 
> -armin

[-- Attachment #2: Type: text/html, Size: 446 bytes --]

Re: [meta-networking][dunfell][PATCH 2/2] openvpn: upgrade 2.4.9 -> 2.4.12

[Hugo Simeliere]

[-- Attachment #1: Type: text/plain, Size: 79 bytes --]

Hello, will this patch to fix CVE-2022-0547 and CVE-2020-15078 be integrated?

[-- Attachment #2: Type: text/html, Size: 79 bytes --]