jca
4fa9faa879
Mention mbedTLS FLAVOR
...
Suggested by kn@
2020-05-17 08:53:27 +00:00
jca
19867e48cf
SECURITY update to openvpn-2.4.9
...
Fix for CVE-2020-11810
Changes:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9
2020-04-21 23:43:55 +00:00
jca
b6aaf26b17
${BUILD_PACKAGES} instead of -
2019-11-10 21:50:23 +00:00
jca
f25ebe7b90
Provide debug-openvpn
2019-11-10 17:50:00 +00:00
jca
27ba9cabc4
Update to openvpn-2.4.8
...
Release notes:
https://openvpn.net/download/openvpn-2-4-8-released-on-2019-10-31/
Successful test report from gonzalo@ aside from my own testing.
2019-11-05 17:53:17 +00:00
jca
bcf347998a
Move the ports I maintain to PERMIT_PACKAGE
2019-06-22 22:44:06 +00:00
sthen
49adee401a
OpenVPN announced that it was sending three addresses in the route socket
...
messages to lookup the default gateway (RTA_DST | RTA_NETMASK | RTA_IFP),
but did not actually send RTA_IFP. This is caught by the recently added
check in sys/net/rtsock.c r1.284 causing a failure. Remove RTA_IFP from
rtm_addrs to unbreak. Help/ok bluhm@, ok jca@.
2019-04-05 06:56:00 +00:00
jca
c35744bdca
Fix memory leak, unused variable pointed out by the compiler
2019-02-21 23:41:12 +00:00
jca
b1ebcec12a
Update to openvpn-2.4.7
...
Adds TLSv1.3 support, not supported by LibreSSL yet.
#ifdef OPENSSL_DEFINES_MAZE proofread by and ok tb@
2019-02-21 23:32:23 +00:00
danj
3121eb60a0
Remove "Upgrading from OpenBSD 5.8 or earlier"
...
ok jca@ (maintainer)
2018-12-07 18:31:33 +00:00
espie
f4b7f81318
convert to PKGSTEM
2018-09-04 12:46:09 +00:00
jca
29fb757b18
Update to openvpn-2.4.6
...
ok gonzalo@
2018-04-24 17:32:43 +00:00
jca
d4cb88a62f
Add an openvpn rc script
...
This script doesn't set any default flag, usage is documented in README
as suggested by sthen@ and ajacoutot@. ok remi@ danj@ sthen@ ajacoutot@
2018-03-09 12:37:12 +00:00
jca
cb2f3855cd
Document LD_LIBRARY_PATH workaround for hostname.if openvpn setups
...
It appears that after upgrading from snaps, openvpn can't find
liblzo2.so/liblz4.so when started from hostname.if. Probably because
ldconfig is run later during boot, as noted by sthen@. Forcing
LD_LIBRARY_PATH works around the problem as long as /usr is mounted.
Reported by Atanas Vladimirov, sthen@ helped with the debugging.
2018-03-06 12:44:29 +00:00
jca
2fd0de64d8
Add a temporary workaround, snaps don't ship the latest ssl.h yet.
2018-03-05 22:45:24 +00:00
jca
5dba73d084
Update to openvpn-2.4.5
...
Tested by Jiri B. and myself.
NB: this needs a recent ssl.h
2018-03-04 19:03:00 +00:00
jca
9b9ee90826
Pushed upstream
2017-11-05 01:09:28 +00:00
jca
ce24cf2b43
Uncomment and hook up the mbedtls FLAVOR
...
Seems to work well light testing. Requested earlier by sthen@ and
ajacoutot@
2017-10-26 08:22:36 +00:00
jca
f007244af6
Re-disable the mbedtls flavor by default
...
sthen@ and ajacoutot@ suggested to hook up this flavor, but I'd feel
better is we first updated our mbedtls port (mbedtls-2.6.0 doesn't
build out of the box).
2017-10-19 00:55:02 +00:00
jca
0af9eed525
--enable-password-save is ignored (it is now the default)
2017-10-18 19:26:22 +00:00
jca
af9dec8e72
Uncomment mbedtls (formerly polarssl) FLAVOR
2017-10-18 19:24:44 +00:00
jca
18a679f3df
Correctly print time_t, fixes a crash on arm (and probably i386)
2017-10-18 18:41:45 +00:00
jca
9ba97f6bee
SECURITY update to openvpn-2.4.4
...
Among other changes, fix for
o CVE-2017-12166: out of bounds write in key-method 1
https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
ok sthen@
2017-09-29 16:36:23 +00:00
jca
b4c7ab72a1
Switch to self-hosted tarballs
...
Upstream seems to serve two versions of the 2.4.3 tarball (issues with
cloudflare ?).
2017-06-21 19:01:23 +00:00
jca
a2403ca8e7
SECURITY update to openvpn-2.4.3
...
Fixes for:
- CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet
- CVE-2017-7520 Pre-authentication remote crash/information disclosure
for clients
- CVE-2017-7521 Potential double-free in --x509-alt-username
- CVE-2017-7512 Remote-triggerable memory leaks
- CVE-2017-7522 Post-authentication remote DoS when using
the --x509-track option
- Null-pointer dereference in establish_http_proxy_passthru()
Full description at
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
This update kills some of our patches that were committed upstream.
Similar diff proposed by pirofti@, ok pirofti@ stsp@
2017-06-21 12:51:08 +00:00
jca
acedfd1692
Pushed upstream.
2017-06-11 12:15:50 +00:00
jca
d372ba1d90
Add support for non-0 routing tables
...
Patch from Steven McDonald, already committed upstream.
2017-05-21 16:12:43 +00:00
jca
c750a780c9
openvpn-plugin.h now makes use of size_t, so include stddef.h
...
Unbreaks openvpn-auth-ldap. Reported by naddy@
2017-05-15 14:30:56 +00:00
danj
8528c2492a
Security update to openvpn-2.4.2
...
OK gonzalo@ jca@ (maitainer)
2017-05-14 16:43:33 +00:00
stsp
63ba77727a
Fix unaligned access in openvpn to unbreak it on sparc64 and such platforms.
...
ok jca@ uwe@
2017-04-16 20:14:17 +00:00
jca
db7b1ffac3
Update to openvpn-2.4.1
...
ok danj@
2017-03-28 22:16:37 +00:00
kurt
ff1a692232
Add missing header to fix this message in the log:
...
NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)
okay jca@
2017-02-16 21:16:55 +00:00
jca
0720b0eab1
Update to openvpn-2.4.0
...
Lots of new features and changes, see
https://github.com/OpenVPN/openvpn/blob/master/Changes.rst
Tests by danj@ and Bryan Linton, ok danj@
2017-02-06 10:22:35 +00:00
jca
458f27b328
Update to openvpn-2.3.14
...
Kill most of our tun patches go away in the process.
2016-12-18 18:58:01 +00:00
jca
a76ebfb541
Take maintainership
...
Discussed with sthen@
2016-11-29 10:10:44 +00:00
jca
5acccec629
Update to openvpn-2.3.13
...
ChangeLog at https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
ok sthen@ (maintainer)
2016-11-29 09:22:02 +00:00
jca
147a8db288
Add a hack for topology subnet setups and bump REVISION.
...
Previously route insertion failed with ELOOP because the gateway wasn't
directly connected.
ok sthen@
2016-11-18 16:21:44 +00:00
jca
df79334763
More useful HOMEPAGE
...
ok sthen@
2016-11-18 16:19:29 +00:00
jca
6da368ecef
Add support for on-link routes.
...
ok sthen@
2016-11-18 16:18:52 +00:00
jca
090e506629
We have gcc >= 3 on all platforms now.
2016-11-18 16:17:58 +00:00
sthen
402475cd62
update to openvpn-2.3.11
2016-05-14 13:14:46 +00:00
sthen
c2e2dca563
mention tap in openvpn readme
2016-04-25 18:21:09 +00:00
sthen
3a90f883c0
remove a couple of PFRAG.shared
2016-03-17 11:44:56 +00:00
sthen
3bd9321a86
update to openvpn-2.3.10
...
patch for OPENSSL_VERSION_NUMBER check
2016-01-06 11:03:21 +00:00
sthen
6d6b942d3e
update to openvpn-2.3.9
2015-12-18 02:17:45 +00:00
sthen
24848258fb
Adjust OpenVPN following the split of tun(4)'s "link0" mode into tap(4).
2015-10-23 15:10:36 +00:00
sthen
748fa28250
fix mis-merge in previous, had a link0 which should have been -link0
2015-09-16 09:07:30 +00:00
sthen
a489604d37
Consolidate OpenVPN's ifconfig tun handling for NetBSD/OpenBSD. noop for now,
...
makes it easier to understand tun/tap handling. Thanks Ralf Hortsmann and
Johan Huldtgren for testing.
2015-09-16 08:45:15 +00:00
sthen
a14f2f481a
update to openvpn-2.3.8
2015-09-08 19:10:55 +00:00
sthen
94101c9c79
update to openvpn-2.3.7
...
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
2015-06-25 08:46:49 +00:00