diff options
author | Andrii Davydenko <andrii.davydenko@globallogic.com> | 2022-12-14 12:08:42 +0200 |
---|---|---|
committer | Mykyta Dorokhin <mykyta.dorokhin@globallogic.com> | 2023-01-24 12:41:29 +0200 |
commit | 2eaa3fd064097eb221b56d5df0e7136ba705a0cd (patch) | |
tree | 2ca46c9a625d6f743933b1ea7e2fc6bd2581e6eb /recipes-core/openvpn/openvpn_2.4.12.bb | |
parent | 1e52890ac41318d28923787af35541a8f9ee0653 (diff) | |
download | meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.gz meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.bz2 meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.zip |
CVE Packages Update
Move libfastjson to the rsyslog directory
rsyslog 8.2002.0 -> 8.2206.0
add ntp4.2.8 recipe with fixed CVEs
update cryptsetup to 2.4.3
fix libxml2 CVE-2016-3709
curl 7.75.0 -> 7.86.0
strongswan 5.8.4 -> 5.9.8
libmodbus 3.1.6 -> 3.1.7
libesmtp 1.0.6 -> 1.1.0
cifs-utils 6.1 -> 7.0
update libtirpc to version 1.3.3
update rsync to version 3.2.5
Add zlib 1.2.13
upgrade gnutls to 3.7.8
upgrade openssh to 8.9p1
Add cmake 3.24.2 and cmake-native 3.24.2 to avoid loop dependecies building expat
Add expat 2.5.0 to fix CVE-2022-40674 and CVE-2022-43680
openvpn 2.4.9 -> 2.4.12
hostapd 2.9 -> 2.10
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Openssh 8.9p1 no longer needed, because all necessary CVE fixes, backports and whitelists are present for current Openssh 8.4p1. There are no new CVE's in report.
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patches for python3 component. Need to remove after upgrading Yocto to version more than 3.1.21.
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patch for sudo component.
Added 2 CVE's to whitelist for OpenVPN component.
Diffstat (limited to 'recipes-core/openvpn/openvpn_2.4.12.bb')
-rw-r--r-- | recipes-core/openvpn/openvpn_2.4.12.bb | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/recipes-core/openvpn/openvpn_2.4.12.bb b/recipes-core/openvpn/openvpn_2.4.12.bb new file mode 100644 index 0000000..55e6603 --- /dev/null +++ b/recipes-core/openvpn/openvpn_2.4.12.bb @@ -0,0 +1,76 @@ +SUMMARY = "A full-featured SSL VPN solution via tun device." +HOMEPAGE = "https://openvpn.net/" +SECTION = "net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=7aee596ed2deefe3e8a861e24292abba" +DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +inherit autotools systemd update-rc.d + +SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ + file://openvpn \ + file://openvpn@.service \ + file://openvpn-volatile.conf" + +UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" + +SRC_URI[md5sum] = "e83d430947fb7c9ad1a174987317d1dc" +SRC_URI[sha256sum] = "66952d9c95490e5875f04c9f8fa313b5e816d1b7b4d6cda3fb2ff749ad405dee" + +# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. +CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569" + +SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service" +SYSTEMD_AUTO_ENABLE = "disable" + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME_${PN} = "openvpn" +INITSCRIPT_PARAMS_${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ." + +CFLAGS += "-fno-inline" + +# I want openvpn to be able to read password from file (hrw) +EXTRA_OECONF += "--enable-iproute2" +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}" + +# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host. +EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip" + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d + + install -d ${D}/${sysconfdir}/openvpn + install -d ${D}/${sysconfdir}/openvpn/sample + install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf + install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf + install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys + install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service + + install -d ${D}/${localstatedir} + install -d ${D}/${localstatedir}/lib + install -d -m 710 ${D}/${localstatedir}/lib/openvpn + + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + fi +} + +PACKAGES =+ " ${PN}-sample " + +RRECOMMENDS_${PN} = "kernel-module-tun" + +FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug" +FILES_${PN} += "${systemd_unitdir}/system/openvpn@.service \ + ${sysconfdir}/tmpfiles.d \ + " +FILES_${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \ + ${systemd_unitdir}/system/openvpn@loopback-client.service \ + ${sysconfdir}/openvpn/sample/" |