aboutsummaryrefslogtreecommitdiff
path: root/net/openvpn/patches
Commit message (Collapse)AuthorAge
* openvpn: update to 2.5.7Ivan Pavlov2022-06-09
| | | | | | | Added limited support for OpenSSL 3.0 Fixed some bugs Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openvpn: update to 2.5.6Ivan Pavlov2022-03-18
| | | | | | | | | | | | | Maintainer: me / @mkrkn Compile tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500 Run tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500 bugfix release including one security fix ("Disallow multiple deferred authentication plug-ins.", CVE: 2022-0547) several build fixes, refer to https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openvpn: update to 2.5.3Ivan Pavlov2021-06-18
| | | | | | | | | Fix a possible security issue with OpenSSL config autoloading on Windows (CVE-2021-3606). Include a number of small improvements and bug fixes. remove upstreamed: 115-fix-mbedtls-without-renegotiation.patch Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openvpn: enable using wolfSSL cryptographic API engineIvan Pavlov2021-06-13
| | | | | | | | | | Support for wolfSSL has been upstreamed to the master OpenVPN branch in f6dca235ae560597a0763f0c98fcc9130b80ccf4 so we can use wolfSSL directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN in systems based on wolfSSL library Compiled && tested on ramips/mt7620, ramips/mt7621 Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openvpn: update to 2.5.2Magnus Kroken2021-04-22
| | | | | | | | | | | | | | | | Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Add CI build test script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: update to 2.5.0Magnus Kroken2020-12-01
| | | | | | | | | | | | | | | | | | | | New features: * Per client tls-crypt keys * ChaCha20-Poly1305 can be used to encrypt the data channel * Routes are added/removed via Netlink instead of ifconfig/route (unless iproute2 support is enabled). * VLAN support when using a TAP device Significant changes: * Server support can no longer be disabled. * Crypto support can no longer be disabled, remove nossl variant. * Blowfish (BF-CBC) is no longer implicitly the default cipher. OpenVPN peers prior to 2.4, or peers with data cipher negotiation disabled, will not be able to connect to a 2.5 peer unless option data_fallback_ciphers is set on the 2.5 peer and it contains a cipher supported by the client. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: import from baseRosen Penev2020-12-01
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Powered by cgit, Themed by Ted Yin.