openwrt/upstream - upstream openwrt

	Commit message (Collapse)	Author	Age	Files	Lines
*	openvpn: update to 2.4.9	Magnus Kroken	2020-04-18	2	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is primarily a maintenance release with bugfixes and improvements. This release also fixes a security issue (CVE-2020-11810) which allows disrupting service of a freshly connected client that has not yet negotiated session keys. The vulnerability cannot be used to inject or steal VPN traffic. Release announcement: https://openvpn.net/community-downloads/#heading-13812 Full list of changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: update to 2.4.8	Magnus Kroken	2019-12-22	4	-2/+125
\| \| \| \| \| \| \| \| \| \|	Backport two upstream commits that allow building openvpn-openssl without OpenSSLs deprecated APIs. Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: update to 2.4.7	Magnus Kroken	2019-04-01	2	-2/+2
\| \| \| \|	Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: update to 2.4.6	Jo-Philipp Wich	2018-11-28	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Update the OpenVPN package to version 2.4.6, refresh patches and drop menuconfig options which are not supported upstream anymore. Also fix the x509-alt-username configure flag - it is not supported by mbedtls and was syntactically wrong in the Makefile - and the port-share option which has been present in menuconfig but not been used in the Makefile. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
*	openvpn: update to 2.4.5	Magnus Kroken	2018-03-09	3	-21/+16
\| \| \| \| \|	Signed-off-by: Magnus Kroken <mkroken@gmail.com> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
*	openvpn: fix interface with mbedtls_sha256	Russell Senior	2018-02-17	1	-0/+11
\| \| \| \| \| \| \| \| \|	Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions were deprecated in favor of functions returning an int error code. Use the new function mbedtls_sha256_ret(). Signed-off-by: Russell Senior <russell@personaltelco.net> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
*	openvpn: update to 2.4.4	Magnus Kroken	2017-09-28	1	-29/+54
\| \| \| \| \| \| \| \| \|	Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: update to 2.4.3	Magnus Kroken	2017-06-26	4	-10/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	OpenVPN: Update to 2.4.1	Daniel Engberg	2017-04-12	3	-16/+6
\| \| \| \| \| \| \| \| \|	Update OpenVPN to 2.4.1 Remove 200-small_build_enable_occ.patch as it's included upstream. Refresh patches Add mirror and switch to HTTPS Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
*	openvpn: fix disabling DES support in mbedtls	Felix Fietkau	2016-12-22	1	-0/+81
\| \| \| \| \|	Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: update to 2.4_rc2	Magnus Kroken	2016-12-22	6	-49/+57
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	OpenVPN 2.4 builds with mbedTLS 2.x, rename openvpn-polarssl variant to openvpn-mbedtls. Some feature highlights: * Data channel cipher negotiation * AEAD cipher support for data channel encryption (currently only * AES-GCM) * ECDH key exchange for control channel * LZ4 compression support See https://github.com/OpenVPN/openvpn/blob/master/Changes.rst for additional change notes. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: update to 2.3.12	Magnus Kroken	2016-08-24	4	-64/+34
\| \| \| \| \| \| \| \| \|	300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream. Replaced 101-remove_polarssl_debug_call.patch with upstream backport. Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: fix missing cipher list for polarssl in v2.3.11	Jo-Philipp Wich	2016-06-28	1	-0/+42
\| \| \| \| \| \| \| \| \| \| \|	Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <seb@metafly.info> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
*	openvpn: update to 2.3.11	Magnus Kroken	2016-06-13	2	-1/+22
\| \| \| \| \| \| \| \| \| \|	Security fixes: * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
*	openvpn: update to version 2.3.10	Felix Fietkau	2016-01-11	4	-273/+2
\| \| \| \| \| \|	Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48201
*	openvpn: enable options consistency check even in the small build	Felix Fietkau	2015-11-10	1	-0/+12
\| \| \| \| \| \| \| \| \|	Only costs about 3k compressed, but significantly improves handling of configuration mismatch Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47439
*	openvpn: remove __DATE__ from options output	Felix Fietkau	2015-09-11	1	-0/+10
\| \| \| \| \| \| \| \| \|	reported by: https://reproducible.debian.net/openwrt/dbd/ar71xx/base/openvpn-nossl_2.3.7-1_ar71xx.ipk.html Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 46860
*	openvpn: bump to 2.3.7.	Felix Fietkau	2015-06-18	4	-75/+3
\| \| \| \| \| \| \| \|	Two patches are dropped as they were already applied upstream. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 46027
*	openvpn: replace polarssl run-time version check with a compile-time one	Felix Fietkau	2015-05-05	1	-0/+11
\| \| \| \| \| \|	Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45608
*	openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)	Jo-Philipp Wich	2015-05-04	1	-0/+16
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	OpenVPN assumes that its control channel messages are sent and received unfragmented, this assumption is broken when CBC record splitting is enabled in mbedTLS. The record splitting is intended as countermeasure against BEAST attacks which do not apply to OpenVPN, therefore we simply disable it until upstream OpenVPN gains the ability to process fragmented control messages. Disabling the splitting also works around a (not remotely triggerable) segmentation fault in mbedTLS. References: * https://dev.openwrt.org/ticket/19101 * https://community.openvpn.net/openvpn/ticket/524 * https://github.com/ARMmbed/mbedtls/pull/185 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45602
*	openvpn: backport an upstream fix for a regression in using --cipher none ↵	Felix Fietkau	2015-01-04	1	-0/+57
\| \| \| \| \| \| \| \|	(fixes #18676) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 43823
*	openvpn: update to 2.3.6, fixes CVE-2014-8104	Felix Fietkau	2014-12-01	1	-23/+44
\| \| \| \| \| \|	Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 43482
*	openvpn: fix compile error with musl	Felix Fietkau	2014-06-30	1	-0/+13
\| \| \| \| \| \|	Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 41425
*	openvpn: update to version 2.3.4	Felix Fietkau	2014-06-30	1	-63/+78
\| \| \| \| \| \|	Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 41416
*	polarssl: update to version 1.3.4 and add openssl compat patch	Felix Fietkau	2014-03-14	1	-0/+221
\| \| \| \| \| \|	Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39930
*	openvpn: update to 2.3.2	Felix Fietkau	2013-07-26	1	-60/+0
\| \| \| \| \| \| \| \| \| \| \| \|	this patches updates openvpn to v2.3.2 and adds a PKG_MD5SUM to the Makefile This release fixes a memory access violation when cipher none is used on ar71xx - at least with my config Signed-off-by: Peter Wagner <tripolar@gmx.at> SVN-Revision: 37560
*	openvpn: add from openvpn-devel from /packages, fix support for current polarssl	Felix Fietkau	2013-01-30	1	-0/+60
	SVN-Revision: 35412