packages

openwrt-mirror/packages

Fork 0

mirror of https://github.com/openwrt/packages.git synced 2025-12-26 11:16:31 +04:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Ivan Pavlov	04d25b2bc1	openvpn: update to 2.6.11 This is a bugfix release containing several security fixes. Security fixes -------------- - CVE-2024-4877: Windows: harden interactive service pipe. Security scope: a malicious process with "some" elevated privileges could open the pipe a second time, tricking openvn GUI into providing user credentials (tokens), getting full access to the account openvpn-gui.exe runs as. - CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. - CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client Bug fixes --------- - fix connect timeout when using SOCKS proxies - work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers - Add bracket in fingerprint message and do not warn about missing verification For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>	2024-06-21 15:28:10 -07:00
Martin Schiller	0eedafdbda	openvpn: update to 2.6.5 and add DCO support This commit updates openvpn to version 2.6.5 and add DCO support. There are several changes: - Starting with version 2.6.0, the sources are only provided as .tar.gz file. - removed OPENVPN_<variant>_ENABLE_MULTIHOME: multihome support is always included and cannot be disabled anymore with 2.6.x. - removed OPENVPN_<variant>_ENABLE_DEF_AUTH: deferred auth support is always included and cannot be disabled anymore with 2.6.x. - removed OPENVPN_<variant>_ENABLE_PF: PF (packet filtering) support was removed in 2.6.x. - The internal lz4 library was removed in 2.6.x; we now use the liblz4 package if needed - To increase reproducibility, _DATE_ is only used for development builds and not in release builds in 2.6.x. - wolfSSL support was integrated into upstream openvpn - DES support was removed from openvpn The first two wolfSSL patches were created following these 2 commits: `4cf01c8e43` `028b501734` Signed-off-by: Martin Schiller <ms@dev.tdt.de>	2023-07-24 22:50:06 -07:00
Ivan Pavlov	1813c82ff3	openvpn: enable using wolfSSL cryptographic API engine Support for wolfSSL has been upstreamed to the master OpenVPN branch in f6dca235ae560597a0763f0c98fcc9130b80ccf4 so we can use wolfSSL directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN in systems based on wolfSSL library Compiled && tested on ramips/mt7620, ramips/mt7621 Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>	2021-06-13 13:07:15 +03:00

Ivan Pavlov

04d25b2bc1

openvpn: update to 2.6.11

This is a bugfix release containing several security fixes.

Security fixes
--------------
 - CVE-2024-4877: Windows: harden interactive service pipe.
   Security scope: a malicious process with "some" elevated privileges
   could open the pipe a second time, tricking openvn GUI
   into providing user credentials (tokens),  getting full access
   to the account openvpn-gui.exe runs as.

 - CVE-2024-5594: control channel: refuse control channel messages
   with nonprintable characters in them.
   Security scope: a malicious openvpn peer can send garbage to openvpn log,
   or cause high CPU load.

 - CVE-2024-28882: only call schedule_exit() once (on a given peer).
   Security scope: an authenticated client can make the server "keep the session"
   even when the server has been told to disconnect this client

Bug fixes
---------
 - fix connect timeout when using SOCKS proxies

 - work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers

 - Add bracket in fingerprint message and do not warn about missing verification

For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>

2024-06-21 15:28:10 -07:00

Martin Schiller

0eedafdbda

openvpn: update to 2.6.5 and add DCO support

This commit updates openvpn to version 2.6.5 and add DCO support.

There are several changes:

- Starting with version 2.6.0, the sources are only provided as .tar.gz
  file.

- removed OPENVPN_<variant>_ENABLE_MULTIHOME:
  multihome support is always included and cannot be disabled anymore
  with 2.6.x.

- removed OPENVPN_<variant>_ENABLE_DEF_AUTH:
  deferred auth support is always included and cannot be disabled
  anymore with 2.6.x.

- removed OPENVPN_<variant>_ENABLE_PF:
  PF (packet filtering) support was removed in 2.6.x.

- The internal lz4 library was removed in 2.6.x; we now use the liblz4
  package if needed

- To increase reproducibility, _DATE_ is only used for development
  builds and not in release builds in 2.6.x.

- wolfSSL support was integrated into upstream openvpn

- DES support was removed from openvpn

The first two wolfSSL patches were created following these 2 commits:
4cf01c8e43
028b501734

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

2023-07-24 22:50:06 -07:00

Ivan Pavlov

1813c82ff3

openvpn: enable using wolfSSL cryptographic API engine

Support for wolfSSL has been upstreamed to the master OpenVPN branch
in f6dca235ae560597a0763f0c98fcc9130b80ccf4 so we can use wolfSSL
directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN
in systems based on wolfSSL library
Compiled && tested on ramips/mt7620, ramips/mt7621

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>

2021-06-13 13:07:15 +03:00

3 Commits