From 6186fe732b058ef7f1ae43cce2184ba0c4d90184 Mon Sep 17 00:00:00 2001
From: Magnus Kroken <mkroken@gmail.com>
Date: Wed, 21 Apr 2021 22:45:03 +0200
Subject: openvpn: update to 2.5.2

Fixes two related security vulnerabilities (CVE-2020-15078) which
under very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup. In combination with "--auth-gen-token" or
a user-specific token auth solution it can be possible to get access to
a VPN with an otherwise-invalid account.

OpenVPN 2.5.2 also includes other bug fixes and improvements.

Add CI build test script.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
---
 net/openvpn/test.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100755 net/openvpn/test.sh

(limited to 'net/openvpn/test.sh')

diff --git a/net/openvpn/test.sh b/net/openvpn/test.sh
new file mode 100755
index 000000000..b51ccd6a1
--- /dev/null
+++ b/net/openvpn/test.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+case "$1" in
+	"openvpn-mbedtls")
+		openvpn --version | grep "$2.*SSL (mbed TLS)"
+		;;
+	"openvpn-openssl")
+		openvpn --version | grep "$2.*SSL (OpenSSL)"
+		;;
+esac
-- 
cgit v1.2.3