openvpn: update to 2.5.2

Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Add CI build test script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
author: Magnus Kroken <mkroken@gmail.com> 2021-04-21 22:45:03 +0200
committer: Magnus Kroken <mkroken@gmail.com> 2021-04-22 00:03:05 +0200
commit: 6186fe732b058ef7f1ae43cce2184ba0c4d90184 (patch)
tree: aad67cd14ae1913e2752805d443248f5ccd92f5a /net/openvpn/test.sh
parent: 1b570f7aad1bb160aa86d9d45b578551b93d49eb (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/net/openvpn/test.sh b/net/openvpn/test.sh
new file mode 100755
index 000000000..b51ccd6a1
--- /dev/null
+++ b/net/openvpn/test.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+case "$1" in
+	"openvpn-mbedtls")
+		openvpn --version | grep "$2.*SSL (mbed TLS)"
+		;;
+	"openvpn-openssl")
+		openvpn --version | grep "$2.*SSL (OpenSSL)"
+		;;
+esac
author	Magnus Kroken <mkroken@gmail.com>	2021-04-21 22:45:03 +0200
committer	Magnus Kroken <mkroken@gmail.com>	2021-04-22 00:03:05 +0200
commit	6186fe732b058ef7f1ae43cce2184ba0c4d90184 (patch)
tree	aad67cd14ae1913e2752805d443248f5ccd92f5a /net/openvpn/test.sh
parent	1b570f7aad1bb160aa86d9d45b578551b93d49eb (diff)