aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/openvpn/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* openvpn: increase procd termination timeout to 15sJo-Philipp Wich2018-12-181-1/+1
| | | | | | | | | | Increase the termination timeout to 15s to let OpenVPN properly tear down its connections, especially when weak links or complex down scripts are involved. Fixes FS#859. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from 28d3a1b54b6726a0a93477d75d09a25f74ee361f)
* openvpn: re-add option comp_lzoMartin Schiller2018-12-121-1/+1
| | | | | | | | | | | This option is deprecated but needs to be kept for backward compatibility. [0] [0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#a--comp-lzo Signed-off-by: Martin Schiller <ms@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit 3850b41f01925a7eddc24033ed155503c1ad2112)
* mbedtls: Update to 2.12.0Hauke Mehrtens2018-08-081-1/+1
| | | | | | | | | | | | | | | | | | | Multiple security fixes * CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Disable OFB block mode and XTS block cipher mode, added in 2.11.0. Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0 Patch the so version back to the original one, the API changes are looking no so invasive. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.967 Bytes ipkg for mips_24kc after: 164.753 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openvpn: remove deprecated config optionsHans Dedecker2018-03-201-1/+1
| | | | | | | | Remove deprecated config options in 2.5 as described in [0] [0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: add config param verify_client_certChristian Bayer2018-03-171-1/+1
| | | | | | | | | Option --client-cert-not-required DEPRECATED is deprecated in v2.4 and removed in OpenVPN 2.5. Replaced by param --verify-client-cert none|optional|require in v2.4 see https://community.openvpn.net/openvpn/wiki/ DeprecatedOptions#a--client-cert-not-required Signed-off-by: Christian Bayer <cave@cavebeat.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_ RELEASE increase]
* openvpn: update to 2.4.5Magnus Kroken2018-03-091-3/+3
| | | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* openvpn: add support to start/stop single instancesMartin Schiller2017-11-131-1/+1
| | | | | Signed-off-by: Martin Schiller <ms@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* openvpn: update to 2.4.4Magnus Kroken2017-09-281-5/+4
| | | | | | | | | Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: add "extra-certs" optionSven Roederer2017-09-191-1/+1
| | | | | | | | This option is used to specify a file containing PEM certs, to complete the local certificate chain. Which is quite usefull for "split-CA" setups. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openvpn: update to 2.4.3Magnus Kroken2017-06-261-3/+4
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: update to v2.4.2Jo-Philipp Wich2017-05-121-2/+2
| | | | | | | | | | | | | Update to version 2.4.2 in order to address two potential Denial-of-Service vectors in OpenVPN. CVE-2017-7478 - Don't assert out on receiving too-large control packets CVE-2017-7479 - Drop packets instead of assert out if packet id rolls over Ref: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.2 Ref: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: add myself as maintainerFelix Fietkau2017-04-121-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* OpenVPN: Update to 2.4.1Daniel Engberg2017-04-121-4/+6
| | | | | | | | | Update OpenVPN to 2.4.1 Remove 200-small_build_enable_occ.patch as it's included upstream. Refresh patches Add mirror and switch to HTTPS Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* openvpn: move list of params and bools to a separate fileYousong Zhou2017-03-071-1/+5
| | | | | | | So that future patches for addition/removal of them can be more readable Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openvpn: ssl-enabled variants also provide a virtual openvpn-crypto packageSven Roederer2017-01-261-1/+5
| | | | | | | | | | When relying on x.509 certs for auth and / or encryption of traffic you can't use package openvpn-nossl. Just have your package depend on openvpn-crypto to have SSL-encryption and X.509-support enabled in OpenVPN. If encryption / X.509 is not a must, use virtual packge openvpn, which is provided by all OpenVPN-variants. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* openvpn: let all openvpn variants provide a virtual openvpn packageJo-Philipp Wich2017-01-211-1/+2
| | | | | | | | | | Add PROVIDES:=openvpn to the default recipe in order to let all build variants provide a virtual openvpn package. The advantage of this approach is that downstream packages can depend on just "openvpn" without having to require a specific flavor. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: update to 2.4.0Magnus Kroken2016-12-301-2/+2
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: use conditional dependencies to avoid pulling in unused ssl librariesFelix Fietkau2016-12-221-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: reduce binary size using --gc-sections on linkingFelix Fietkau2016-12-221-0/+3
| | | | | | Saves around 9kb gzipped on MIPS Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: update to 2.4_rc2Magnus Kroken2016-12-221-8/+9
| | | | | | | | | | | | | | | | | OpenVPN 2.4 builds with mbedTLS 2.x, rename openvpn-polarssl variant to openvpn-mbedtls. Some feature highlights: * Data channel cipher negotiation * AEAD cipher support for data channel encryption (currently only * AES-GCM) * ECDH key exchange for control channel * LZ4 compression support See https://github.com/OpenVPN/openvpn/blob/master/Changes.rst for additional change notes. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: update to 2.3.13Magnus Kroken2016-11-211-2/+2
| | | | | | Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: update to 2.3.12Magnus Kroken2016-08-241-3/+3
| | | | | | | | | 300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream. Replaced 101-remove_polarssl_debug_call.patch with upstream backport. Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: fix missing cipher list for polarssl in v2.3.11Jo-Philipp Wich2016-06-281-1/+1
| | | | | | | | | | | Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <seb@metafly.info> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: update to 2.3.11Magnus Kroken2016-06-131-3/+3
| | | | | | | | | | Security fixes: * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: add support for tls-version-minMatteo Panella2016-06-071-1/+1
| | | | | | | | | | | | | Currently, the uci data model does not provide support for specifying the minimum TLS version supported in an OpenVPN instance (be it server or client). This patch adds support for writing the relevant option to the openvpn configuration file at service startup. Signed-off-by: Matteo Panella <morpheus@level28.org> [Jo-Philipp Wich: shorten commit title, bump pkg release] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: remove unrecognized optionDirk Neukirchen2016-06-011-1/+0
| | | | | | | | removed upstream in https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f now its always on Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* openvpn: update to version 2.3.10Felix Fietkau2016-01-111-3/+3
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48201
* openvpn: fix configure optionsJohn Crispin2015-12-231-2/+1
| | | | | | | | | | | | | | | - eurephia: commit: Remove the --disable-eurephia configure option - fix option name: http proxy option is now called http-proxy (see configure.ac) fixes: configure: WARNING: unrecognized options: --disable-nls, --disable-eurephia, --enable-http Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 47979
* package: replace ifconfig-usage with ipSteven Barth2015-09-081-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46832
* openvpn: bump to 2.3.7.Felix Fietkau2015-06-181-3/+3
| | | | | | | | Two patches are dropped as they were already applied upstream. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 46027
* openvpn: bump PKG_RELEASE.Felix Fietkau2015-06-141-1/+1
| | | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 45962
* openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)Jo-Philipp Wich2015-05-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | OpenVPN assumes that its control channel messages are sent and received unfragmented, this assumption is broken when CBC record splitting is enabled in mbedTLS. The record splitting is intended as countermeasure against BEAST attacks which do not apply to OpenVPN, therefore we simply disable it until upstream OpenVPN gains the ability to process fragmented control messages. Disabling the splitting also works around a (not remotely triggerable) segmentation fault in mbedTLS. References: * https://dev.openwrt.org/ticket/19101 * https://community.openvpn.net/openvpn/ticket/524 * https://github.com/ARMmbed/mbedtls/pull/185 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45602
* openvpn: autostart openvpn instances for each .conf file in /etc/openvpnJo-Philipp Wich2015-02-071-1/+1
| | | | | | | | | | | | | | | Align init behaviour with other distros by starting an OpenVPN instance for each config file found in /etc/openvpn/. This removes the additional requirement to "register" the configs with uci and thus simplifies the setup. Make sure to respect the disabled state in uci to not suddenly autostart instances which have been previously set to disabled, also skip configs which are already started due to uci configuration. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44310
* openvpn: bump PKG_REVISION and copyright yearJo-Philipp Wich2015-01-061-2/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43859
* openvpn: update to 2.3.6, fixes CVE-2014-8104Felix Fietkau2014-12-011-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 43482
* license info - revert r43155John Crispin2014-11-031-3/+0
| | | | | | | | turns out that r43155 adds duplicate info. Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 43167
* Add more license tags with SPDX identifiersJohn Crispin2014-11-031-0/+3
| | | | | | | | | | | | | | | | | | Note, that licensing stuff is a nightmare: many packages does not clearly state their licenses, and often multiple source files are simply copied together - each with different licensing information in the file headers. I tried hard to ensure, that the license information extracted into the OpenWRT's makefiles fit the "spirit" of the packages, e.g. such small packages which come without a dedicated source archive "inherites" the OpenWRT's own license in my opinion. However, I can not garantee that I always picked the correct information and/or did not miss license information. Signed-off-by: Michael Heimpold <mhei@heimpold.de> SVN-Revision: 43155
* Add a few SPDX tagsSteven Barth2014-11-021-0/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43151
* openvpn: update to version 2.3.4Felix Fietkau2014-06-301-3/+3
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 41416
* openvpn: make size optimization configurableFelix Fietkau2014-03-111-1/+1
| | | | | | Signed-off-by: Christoph Kottke <christoph.kottke@gmx.de> SVN-Revision: 39872
* openvpn: make comp_lzo a parameterLuka Perkov2013-10-151-1/+1
| | | | | | | | Possible parameters are yes, no and adaptive. See manpage for more information. Signed-off-by: Philipp Borgers <borgers@mi.fu-berlin.de> SVN-Revision: 38412
* openvpn: switch to new procd init script styleLuka Perkov2013-10-071-2/+2
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> SVN-Revision: 38331
* openvpn: update to 2.3.2Felix Fietkau2013-07-261-1/+2
| | | | | | | | | | | | this patches updates openvpn to v2.3.2 and adds a PKG_MD5SUM to the Makefile This release fixes a memory access violation when cipher none is used on ar71xx - at least with my config Signed-off-by: Peter Wagner <tripolar@gmx.at> SVN-Revision: 37560
* openvpn: enable password save support (#13245)Felix Fietkau2013-04-011-0/+1
| | | | SVN-Revision: 36144
* openvpn: remove the stale PKG_REV variableFelix Fietkau2013-02-051-1/+0
| | | | SVN-Revision: 35499
* openvpn: split easy-rsa into a separate package, it is no longer bundled ↵Felix Fietkau2013-02-051-25/+0
| | | | | | with the release tarball SVN-Revision: 35498
* openvpn: add from openvpn-devel from /packages, fix support for current polarsslFelix Fietkau2013-01-301-0/+148
SVN-Revision: 35412
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-05 11:44:23 +0000