From patchwork Wed Feb 22 09:35:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugo Simeliere X-Patchwork-Id: 19979 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1CE88C64ED6 for ; Wed, 22 Feb 2023 09:36:06 +0000 (UTC) Received: from EUR03-AM7-obe.outbound.protection.outlook.com (EUR03-AM7-obe.outbound.protection.outlook.com [40.107.105.60]) by mx.groups.io with SMTP id smtpd.web10.4964.1677058560175320989 for ; Wed, 22 Feb 2023 01:36:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@witekio.com header.s=selector2 header.b=cGr+QP/p; spf=pass (domain: witekio.com, ip: 40.107.105.60, mailfrom: hsimeliere.opensource@witekio.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lSastOae2neAxaOECzDDfgRhFzvxCYQsVUuTzqTmwfM0lrrK/zyTgEG1eeyQTpoaIH64MheM0XX+dWeCRcqPKVGmgKLQ1hVa6jIu7VpmV65t275VNLI35E/vWKAXwX18TX6D9+Jj3dDT6QlBJN1M05UkisF4UXL8pv6exbUb6z5xoEQwo/c7mK3vYkrwz2NTl9JxW3APvAnoE4YXjqLdG82yRsvnQcuay5Zp28nGyYCCBxfLc/gyBLcLVP4kbC9qTQ7OjenvdCoKJ3mFbSxrZiaKPC8VzWtezLTjg2INsr555SkO1ZG7V6UuImkjuBbwSNLj4b/L0e3gNOiTIOw1Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2j0jVSo1QGu45ITN+cSkuB4hM2Rv5LWFJgAEWbHmC2I=; b=mCvz6F7oLo1OItYGOCNp3mB8HRJr6eO5U2kqb1pvzu8OiDrcfBV5rKOOFNFROMWqys2QlZiueh9GtiIqllnaq1pHOeJ4UASBP1sPwyhJ+OMyY9ylyyz6qck4mFQEFqS+VEVtjjECsm8SYUUs4XtRDeRMiddZdP6Z7MG/RzbT4QtcnDo5GkQc2My4CaKnulNerLIAi21r7edhgA+Xp01IWlAoo6zjfg9qF+5I+B6++jiwcMXFoBjhgGqQ/VjckAB2eKQZ5wWjU3jAtpyw5H/AHBuEOpFz2D0ODqbYRFeHwA2GvbsxUbLVBbymCKwU4C2pUv+zLBKbZWRgEb4pkwAXPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=witekio.com; dmarc=pass action=none header.from=witekio.com; dkim=pass header.d=witekio.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=witekio.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2j0jVSo1QGu45ITN+cSkuB4hM2Rv5LWFJgAEWbHmC2I=; b=cGr+QP/pidCSag6GU24yfedoLZzNSQ3cgIRxX7IOmDhqMX/5fby/cqQC/WfkYgaebWx8XidtUTlVWLmt7gyAqTMpemAsfSRX0QKuPEvQIOZjkXJKEuiVm7pvmpeRBRhkYkNIFcFJGM8UKE5e33qePxj7DgY3bZmIGTe6vt0Dc2Pu/k2ewfix6xAiF0edmVxGHwSIKwYreomTOzR604Iisx2COaZ8bpLu1St1RtYhEBaCkfDPyMO+GvV+1d1K66ej1Kuo4TP6hlNfRyM4vVhs6ynYqjUuCNiJCPVn8kenZQWA2OQjb0LMS8bvpU555A0xbQpqSWeoquAicVHdROkQkQ== Received: from PR3P192MB0714.EURP192.PROD.OUTLOOK.COM (2603:10a6:102:48::10) by GV1P192MB1932.EURP192.PROD.OUTLOOK.COM (2603:10a6:150:a1::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.15; Wed, 22 Feb 2023 09:35:56 +0000 Received: from PR3P192MB0714.EURP192.PROD.OUTLOOK.COM ([fe80::c795:3853:7373:322]) by PR3P192MB0714.EURP192.PROD.OUTLOOK.COM ([fe80::c795:3853:7373:322%8]) with mapi id 15.20.6134.019; Wed, 22 Feb 2023 09:35:56 +0000 From: Hugo SIMELIERE To: "openembedded-devel@lists.openembedded.org" Subject: [meta-networking][dunfell][PATCH 1/2] openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist Thread-Topic: [meta-networking][dunfell][PATCH 1/2] openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist Thread-Index: AQHZRqC8jbwzqFxXCE2ZkGes0Mujpw== Date: Wed, 22 Feb 2023 09:35:55 +0000 Message-ID: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=witekio.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PR3P192MB0714:EE_|GV1P192MB1932:EE_ x-ms-office365-filtering-correlation-id: a0b0ddce-9e34-4395-b8f3-08db14b832a4 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: wIEwzlA6pcMn5LavHGWeCX5ocTCldPBtRFDQ36riCIj67ryFcx46DIrHoao5nHpIXnkxM/52y87YUcupOdcsqXgu4rdVTNROk7yICfPsMLSzIeBoyOGSyQtRKZb/xSVEXNi2jm/OQOOkHZd3lHVIIH5l2ka3808Xua0CcNwVYjcuErTLpFdZAqsT8WyRYjC9qnd9v9Jr6WXa4ZCQ6hpklo764UyZFokSVs2lEpqS5vtvIawkEYxIVUg9J8vsUAtJxnWu3XncoyFPT6CDD27bV/nqZscugIRxRPvzQzVtvWBFUclFQkDmzO4DsfqGrWD4T6SK4MnCzwXziGzIkle92CYtvdDqxCjjOJvNAM7lxkmX7kttZEoKed1YIVs8b3VyaRvBIMlo2DFspFmLnZ/DZnUxmmNX+Jo5LsFOUgePE+XNFAbPhu5a45YFykOsrwddl7iDfiy7ONFIaEI0yxmjO0sJ2wPKCyY6Tp6UQ6M08TiiQ5en3nZQ6bxqPX+qT92Iad6D2y5ljOFgMPkEuEOqog3+Stpp72S1x2mWAgTLH+jdlLoGBnCYq81xQfikltTfT6A80ekeJ6cX9zX94YR6ZEVEiUcuYAwhkzfI7CVPsopmJAkTWak3OOg+besk53dsZdvjt96Usta2A5HZxRLJNXMQ4vflinNbkzPyuay9dTF2/SL8vZ+pDwtL4MTU993w x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PR3P192MB0714.EURP192.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230025)(39840400004)(396003)(136003)(376002)(366004)(346002)(451199018)(38070700005)(19627405001)(83380400001)(55016003)(33656002)(7696005)(186003)(38100700002)(316002)(8936002)(86362001)(122000001)(478600001)(26005)(71200400001)(55236004)(66446008)(6506007)(91956017)(66946007)(66476007)(66556008)(76116006)(9686003)(8676002)(6916009)(41300700001)(2906002)(52536014)(5660300002)(64756008);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?g2jtXWuNjVjQll51Oz54mGd?= =?iso-8859-1?q?YgaqvGbJaLbHwApVhFg7bW3XxHtoleiclY8ixdwQJaDr6aMlJpH8/0JcfmcW?= =?iso-8859-1?q?CMcHI39qgAwHrw8q/m2N6ehe4IZeNLaqB0AWtV9dYKeFEpV7wU9OvWuPD/Af?= =?iso-8859-1?q?xZMBeJE9MFohTh2usl97NpbKm7ulH4ECWqzwto2A8P5tAzDp2+rSxXzTEICe?= =?iso-8859-1?q?F3clVvpZpIJirEMKRmv83wJPGSmqizP4b4fTCxntMQdAEI3dhE81fk0oVHOu?= =?iso-8859-1?q?bTYfVZbLw4n5jMbLUeZQw4vWm9bR2UsetT9lvZPnzhDcv0+OYfC5ysEhdJcq?= =?iso-8859-1?q?vS/fLKfQ8P2alc29fIZ9qSuy4PH5yhu5DSavonpqeyiqKwQt4Z1PEmGs8CfD?= =?iso-8859-1?q?IDdvGtLpFn/YiEQ9zZK2gpWzFomzpR63NmPaRKesEnQ8kbSmJoeHb92hU3NL?= =?iso-8859-1?q?IPKBXijMAt2JHVJ9OuxZGXRrENzRUxAEOeWayV6bKuQW8/NnHhSdfrCOT5n5?= =?iso-8859-1?q?nS3r/voDMjn90Ms0xG40+H0v1CWWdP9Wb3PK4KaAKDSFphJTZtRsfTMpaTiF?= =?iso-8859-1?q?hOnNAHOIMTDuEHaqTv95kmHWZh+mi/XKhMJbKVUEOiR5zx3bTjpwJ2iLOrja?= =?iso-8859-1?q?V2XMqqHfhpvEG3M9miNAs2edb15dgK4A+U22uZOoVRsKJF/LYb7ItQQ8E/JR?= =?iso-8859-1?q?2h7M6T0AXsEQF0rsRXlFdwbAIc6jPUKUijM0EseCIFh8aS8ACnptts5Jdnbv?= =?iso-8859-1?q?vy6egAHbA/Yr/4CVicu8PfjbMnN5zPUg/DLzp2YVeCpw9eJypW7+0uyIDkah?= =?iso-8859-1?q?b+/rlW69HQfuUWjZK8ygeoNLw7MGZ/s6tuoT/Ttd4UylxZHE4QM30K+WYb1J?= =?iso-8859-1?q?HO8XbJOlEqzBukGHeKz1+ogVotk92PaUXQ1/eWXip1PnqEl3PuL5b2AH9rpC?= =?iso-8859-1?q?OGYngmnWHAt3orx0ipaUoBW7X/QAawe4E3Jo3pUXIvGujt1wVQR4V5Iy3l1u?= =?iso-8859-1?q?8LELR2+4KngX+SIvt2JYLrr4sSqz7Zs7Kn3MQUiX1MnibbD9X46dERYoj150?= =?iso-8859-1?q?AQPlFq/dh6e6MeSPaba9NbUDwiCH0Md/Nix9WYV3nh4nrTOOqVZmSLvsUxnz?= =?iso-8859-1?q?z45x6GQT60sTXrAFZ7kCGvz8MhJth/IMlCZ9mmH0WWu5hTRCJeeq3y9e2nvv?= =?iso-8859-1?q?jrtp6fOZKwr1sh346hJtfMH5Fjvx1nzlD6QDNBpH/mdAGtBIdqCE4WCQ++za?= =?iso-8859-1?q?+9lXFWVM0oYLxB2OdEzqP3/jPagQqiLwJxQZb2ugpYpXSyOf69RYsNkQVV0g?= =?iso-8859-1?q?3Y6UsB5thWTU6EQVTo4f0hRXXXMRcIYpah4TBW2oQjZZQV852+EfLmYIscrt?= =?iso-8859-1?q?8dkfcrNWlwqfDsTgaj/fYq0aReGQ1lkLYXkLI5EN+WYH2572tjyQ+q1ov25r?= =?iso-8859-1?q?kXM7/Jddke9WaWrn1BevxGdhFWiElovlCnOGNKKS+c5KOLOvVACoGHEi+pHJ?= =?iso-8859-1?q?C/m30qhKjryvB7+SId8zeV/p1Nl97E2vM0lqFQ/BlT3yhesZHTT7EgC9Rd5D?= =?iso-8859-1?q?t6TW4IB1vVWiQgPbuXQE/I6F0SQCoEE4ccCz7R76ZRuMxqy2uPuMcg1Ls/uR?= =?iso-8859-1?q?QnYxq0elkn+Tz2Mhs?= MIME-Version: 1.0 X-OriginatorOrg: witekio.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PR3P192MB0714.EURP192.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: a0b0ddce-9e34-4395-b8f3-08db14b832a4 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2023 09:35:55.9094 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 317e086a-301a-49af-9ea4-48a1c458b903 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Uc6YKX/4y7FNTi7m2J+vKNJg+SNIARSSqjWGW3yqh+908B3uUoz5JlUcBFksZ2gG0DkfaYfcoB0XT8gFqP/PnA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P192MB1932 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 22 Feb 2023 09:36:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/101204 CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. Signed-off-by: Akifumi Chikazawa Signed-off-by: Khem Raj (upstream from commit d49e96aac4616c439a2d778b95a793037dac884e) Signed-off-by: Hugo SIMELIERE --- meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb | 3 +++ 1 file changed, 3 insertions(+) -- 2.39.2 diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb b/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb index 529e3912b..4820d3d96 100644 --- a/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb +++ b/meta-networking/recipes-support/openvpn/openvpn_2.4.9.bb @@ -17,6 +17,9 @@ UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" SRC_URI[md5sum] = "52863fa9b98e5a3d7f8bec1d5785a2ba" SRC_URI[sha256sum] = "46b268ef88e67ca6de2e9f19943eb9e5ac8544e55f5c1f3af677298d03e64b6e" +# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. +CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569" + SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service" SYSTEMD_AUTO_ENABLE = "disable"