aboutsummaryrefslogtreecommitdiff
path: root/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
Commit message (Collapse)AuthorAge
* openvpn: update to 2.6.9Ivan Pavlov2024-02-22
| | | | | | | | | | | | | | | | | | | | | | | | | | - license change is now complete, and all code has been re-licensed under the new license (still GPLv2, but with new linking exception for Apache2 licensed code). Code that could not be re-licensed has been removed or rewritten. - add support for building with mbedTLS 3.x.x - new option "--force-tls-key-material-export" to only accept clients that can do TLS keying material export to generate session keys (mostly an internal option to better deal with TLS 1.0 PRF failures). - Windows: bump vcpkg-ports/pkcs11-helper to 1.30 - Log incoming SSL alerts in easier to understand form and move logging from "--verb 8" to "--verb 3". - protocol_dump(): add support for printing "--tls-crypt" packets and other fixes For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.9/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openvpn: update to 2.6.8Ivan Pavlov2023-11-19
| | | | | | | | | | | | | | | | | | This is a bugfix release containing security fixes. Security Fixes (included in 2.6.7): CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration in some circumstances, leading to a division by zero when --fragment is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openvpn: update to 2.6.5 and add DCO supportMartin Schiller2023-07-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit updates openvpn to version 2.6.5 and add DCO support. There are several changes: - Starting with version 2.6.0, the sources are only provided as .tar.gz file. - removed OPENVPN_<variant>_ENABLE_MULTIHOME: multihome support is always included and cannot be disabled anymore with 2.6.x. - removed OPENVPN_<variant>_ENABLE_DEF_AUTH: deferred auth support is always included and cannot be disabled anymore with 2.6.x. - removed OPENVPN_<variant>_ENABLE_PF: PF (packet filtering) support was removed in 2.6.x. - The internal lz4 library was removed in 2.6.x; we now use the liblz4 package if needed - To increase reproducibility, _DATE_ is only used for development builds and not in release builds in 2.6.x. - wolfSSL support was integrated into upstream openvpn - DES support was removed from openvpn The first two wolfSSL patches were created following these 2 commits: https://github.com/OpenVPN/openvpn/commit/4cf01c8e4381403998341aa32f79f4bf24c7ccb1 https://github.com/OpenVPN/openvpn/commit/028b501734b4a57dc53edb8b11a4b370f5b99e38 Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* openvpn: update to 2.5.7Ivan Pavlov2022-06-09
| | | | | | | Added limited support for OpenSSL 3.0 Fixed some bugs Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openvpn: update to 2.5.3Ivan Pavlov2021-06-18
| | | | | | | | | Fix a possible security issue with OpenSSL config autoloading on Windows (CVE-2021-3606). Include a number of small improvements and bug fixes. remove upstreamed: 115-fix-mbedtls-without-renegotiation.patch Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openvpn: update to 2.5.2Magnus Kroken2021-04-22
| | | | | | | | | | | | | | | | Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Add CI build test script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: update to 2.5.0Magnus Kroken2020-12-01
| | | | | | | | | | | | | | | | | | | | New features: * Per client tls-crypt keys * ChaCha20-Poly1305 can be used to encrypt the data channel * Routes are added/removed via Netlink instead of ifconfig/route (unless iproute2 support is enabled). * VLAN support when using a TAP device Significant changes: * Server support can no longer be disabled. * Crypto support can no longer be disabled, remove nossl variant. * Blowfish (BF-CBC) is no longer implicitly the default cipher. OpenVPN peers prior to 2.4, or peers with data cipher negotiation disabled, will not be able to connect to a 2.5 peer unless option data_fallback_ciphers is set on the 2.5 peer and it contains a cipher supported by the client. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: import from baseRosen Penev2020-12-01
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Powered by cgit, Themed by Ted Yin.