aboutsummaryrefslogtreecommitdiff
path: root/package/openvpn
Commit message (Collapse)AuthorAgeFilesLines
* package/openvpn: requires DES support in opensslGravatar Fabrice Fontaine7 days1-0/+1
| | | | | | | | | | | Enable DES in openssl to fix build failure raised since commit a83d41867c8d69a77d5cd0a665aa216af5340359 Fixes: - http://autobuild.buildroot.org/results/a371f455d9550cb1593b5e349278082001245178 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/openvpn: security bump version to 2.5.2Gravatar Bernd Kuhls2021-04-232-2/+2
| | | | | | | | Fixes CVE-2020-15078: https://forums.openvpn.net/viewtopic.php?f=20&t=32179 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: bump version to 2.5.1Gravatar Bernd Kuhls2021-03-282-2/+2
| | | | | | | | Release notes: https://sourceforge.net/p/openvpn/mailman/message/37226597/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* linux, package: do not use <pkg>_NAME when defining CPE ID variablesGravatar Thomas Petazzoni2021-01-151-1/+1
| | | | | | | | | | As we discussed on the mailing list, using $(<pkg>_NAME) when defining CPE ID variables feels a bit odd and needlessly complicated. Just use the package name directly. Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openvpn: set OPENVPN_CPE_ID_VENDORGravatar Fabrice Fontaine2021-01-091-0/+1
| | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openvpn: use make install instead of custom install stepGravatar Thomas Petazzoni2020-12-311-12/+0
| | | | | | | | | | | | | | Commit 7105e65cd6b8f857bab54e4c0a8c57da776b0564 ("package/openvpn: adds target install of systemd unit files") added the installation of systemd unit files. But in fact, they can be installed by openvpn's build system. It was simply not working due to the custom install step implemented in openvpn.mk. So instead, let's have the autotools-package infra call "make install", which properly installs everything that's needed for openvpn, including systemd units, but also plugins, etc. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: adds target install of systemd unit filesGravatar Edmundo Ferreira2020-12-311-0/+7
| | | | | Signed-off-by: Edmundo Ferreira <fc.edmundo@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: bump to version 2.5.0Gravatar Fabrice Fontaine2020-11-072-8/+5
| | | | | | | | | | | | | | | | - Disable unit-tests which are enabled by default if cmocka is found: https://github.com/OpenVPN/openvpn/commit/222e691739a111f5becbce39c4cceaa8fff3c284 - Drop --enable-iproute2 to enable netlink(3) support (and so drop IFCONFIG, IPROUTE and ROUTE environment variables and keep NETSTAT even if it is only used by tests/t_client.sh.in). netlink is much faster than calling ifconfig or route and also enables OpenVPN to run with less privileges. - Update indentation in hash file (two spaces) https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: add mbedtls supportGravatar Fabrice Fontaine2020-11-032-3/+10
| | | | | | | | | | | mbedtls (former polarssl) support was dropped with commit 3380da69c5ab490e5c51dca0c4389b0da91743d0 Put it back as openvpn supports mbedtls 2.x since version 2.4.0 and https://github.com/OpenVPN/openvpn/commit/86d8cd6860dfc74cb1a040ff8fe03140ebe7f930 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openvpn: use start-stop-daemon to perform start/stop actionsGravatar Maxim Kochetkov2020-10-081-7/+7
| | | | | | | | Using 'start-stop-daemon' prevents multiple instances creation by '/etc/init.d/S60openvpn start'. Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: security bump version to 2.4.9Gravatar Bernd Kuhls2020-04-192-2/+2
| | | | | | | | | | Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.4/ChangeLog Fixes CVE-2020-11810. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: add pkcs11 supportGravatar Adam Duskett2020-04-121-0/+7
| | | | | | | | If the pkcs11-helper package is selected, add the package to the dependency list and explicitly set --enable-pkcs11. Signed-off-by: Adam Duskett <Aduskett@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: enable pam plugin supportGravatar Adam Duskett2020-01-021-1/+7
| | | | | | | | If the linux-pam package is selected, add the package to the dependency list and explicitly set --enable-plugin-auth-pam. Signed-off-by: Adam Duskett <Aduskett@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: bump version to 2.4.8Gravatar Bernd Kuhls2019-10-312-2/+2
| | | | | | | | Changelog: https://github.com/OpenVPN/openvpn/commit/3976acda9bf10b5e62375b66ee42d85eda08fbcf#diff-8ca39f14de952fe02a97ac77c27eab25 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: add libselinux supportGravatar Adam Duskett2019-10-301-0/+7
| | | | | | | | If the libselinux package is selected, add the package to the dependency list and explicitly set --enable-selinux. Signed-off-by: Adam Duskett <Aduskett@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/openvpn: add systemd supportGravatar Adam Duskett2019-10-301-0/+7
| | | | | | | | If the systemd package is selected, add the package to the dependency list and explicitly set --enable-systemd. Signed-off-by: Adam Duskett <Aduskett@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/openvpn: bump version to 2.4.7Gravatar Bernd Kuhls2019-03-152-2/+2
| | | | | | | | | | | | Quoting https://openvpn.net/community-downloads/ "This is primarily a maintenance release with bugfixes and improvements. One of the big things is enhanced TLS 1.3 support." Release notes: https://github.com/OpenVPN/openvpn/commit/2b8aec62d5db2c17d5d4052991bc18272748bf29 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* packages: update sysv S* scripts to 644Gravatar Matt Weber2019-02-081-0/+0
| | | | | Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: bump to version 2.4.6Gravatar Baruch Siach2018-05-042-13/+4
| | | | | | | | | | | Note that CVE-2018-9336 fixed in this version does not affect Buildroot since it is Windows specific. Drop interoperability with older busybox versions. We removed support for busybox version selection long ago. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* openvpn: don't test if the binary exists in the init scriptGravatar Carlos Santos2018-04-161-5/+1
| | | | | | | | | | | The test doesn't make sense. It just exits without any error if the binary doesn't exist, which is silly. Replace the DAEMON variable, which was used only once, by the full path of the binary file. Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: bump version to 2.4.5Gravatar Bernd Kuhls2018-04-022-2/+3
| | | | | | | | | | | | | | | Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 This bump depends on libressl 2.7.2 to avoid a build error with this defconfig: BR2_PACKAGE_LIBRESSL=y BR2_PACKAGE_OPENVPN=y Added license hash. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: security bump to version 2.4.4Gravatar Bernd Kuhls2017-09-272-2/+2
| | | | | | | | | | Fixes CVE-2017-12166: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: security bump to version 2.4.3Gravatar Baruch Siach2017-06-222-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2017-7508 - Remotely-triggerable ASSERT() on malformed IPv6 packet CVE-2017-7520 - Pre-authentication remote crash/information disclosure for clients CVE-2017-7521 - Potential double-free in --x509-alt-username CVE-2017-7521 - Remote-triggerable memory leaks CVE-2017-7522 - Post-authentication remote DoS when using the --x509-track option Details at https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openvpn: security bump to 2.4.2Gravatar Bernd Kuhls2017-05-112-2/+2
| | | | | | | | Fixes CVE-2017-7478 & CVE-2017-7479: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+Gravatar Rahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license strings as much as possible. SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+. This change is done by using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: Add explicit support for external lz4Gravatar Jeroen Roovers2017-03-252-0/+13
| | | | | | | | 2.4.0 added lz4 support. Make that choice explicit or the bundled compat-lz4 "stub" will be used. Signed-off-by: Jeroen Roovers <jer@airfi.aero> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump version to 2.4.1Gravatar Vicente Olivert Riera2017-03-252-4/+3
| | | | | | | --disable-eurephia configure option doesn't exist, so remove it. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump version to 2.4.0Gravatar Vicente Olivert Riera2017-01-243-14/+2
| | | | | | | | | | | | --enable-password-save option has been removed (https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f). Since it now defaults to "enabled" in the upstream package, there is no point in adding Config.in.legacy support for it: Config.in.legacy logic only kicks in when the option is enabled, but the upstream package precisely preserve the compatibility with this situation. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/openvpn: bump version to 2.3.14Gravatar Bernd Kuhls2016-12-082-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/openvpn: bump to version 2.3.13Gravatar Bernd Kuhls2016-11-042-3/+3
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump to version 2.3.12Gravatar Gustavo Zacarias2016-08-232-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: security bump to version 2.3.11Gravatar Gustavo Zacarias2016-05-152-2/+2
| | | | | | | | Fixed port-share bug with DoS potential. Fix buffer overflow by user supplied data. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: remove polarssl crypto backend optionGravatar Gustavo Zacarias2016-05-152-31/+3
| | | | | | | | | | | | | | | Now that we need to bump openvpn to version 2.3.11 for security fixes the time has come to remove the polarssl option. Add legacy handling explaining the situation: PolarSSL 1.2.x can coexist with mbedTLS 2.x+, but OpenVPN requires PolarSSL/mbedTLS 1.3.x (the transition branch) >= 1.3.8 but doesn't build/work with the 2.x series. And PolarSSL/mbedTLS 1.3.x can't coexist with mbedTLS 2.x on the same target. So, unfortunately, openssl is now the only option (until libressl arrives) which means no more backend options in general. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Revert "package/openvpn: bump version to 2.3.10"Gravatar Gustavo Zacarias2016-01-312-3/+3
| | | | | | | | | | | openvpn 2.3.10 doesn't work with polarssl 1.2.x, hence this bump breaks builds for the polarssl backend. This reverts commit 06f3e7904f13ec08492fcc7f6e7287a90eac6347. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openvpn: bump version to 2.3.10Gravatar Bernd Kuhls2016-01-312-3/+3
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: bump to version 2.3.9Gravatar Gustavo Zacarias2015-12-172-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: Replace 'echo -n' by 'printf'Gravatar Maxime Hadjinlian2015-10-041-11/+11
| | | | | | | | | | | | 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: add option for --enable-password-saveGravatar Andreas Wetzel2015-09-302-0/+12
| | | | | | | | | | | Added configuration option BR2_PACKAGE_OPENVPN_PWSAVE that adds --enable-password-save to OPENVPN_CONF_OPTS if selected. [Thomas: rewrap Config.in help text, as suggested by Vicente.] Signed-off-by: Andreas Wetzel <andreas.wetzel@nanotronic.ch> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump to version 2.3.8Gravatar Gustavo Zacarias2015-08-092-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump to version 2.3.7Gravatar Gustavo Zacarias2015-06-092-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: remove non-IPv6 dependencies and tweaksGravatar Gustavo Zacarias2015-04-221-5/+0
| | | | | | | | Now that IPv6 is mandatory remove package dependencies and conditionals for it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: indentation cleanupGravatar Jerzy Grzegorek2015-03-311-8/+12
| | | | | | | This commit doesn't touch infra packages. Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBSGravatar Thomas Petazzoni2014-12-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed from "prefer static libraries when possible" to "use only static libraries". The former semantic didn't make much sense, since the user had absolutely no control/idea of which package would use static libraries, and which packages would not. Therefore, for quite some time, we have been starting to enforce that BR2_PREFER_STATIC_LIB should really build everything with static libraries. As a consequence, this patch renames BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS, and adjust the Config.in option accordingly. This also helps preparing the addition of other options to select shared, shared+static or just static. Note that we have verified that this commit can be reproduced by simply doing a global rename of BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
* openvpn: CVE-2014-8104: bump to version 2.3.6Gravatar Fabian Mewes2014-12-022-2/+2
| | | | | | | | see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b Signed-off-by: Fabian Mewes <architekt@coding4coffee.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: use <pkg>_INSTALL_INIT_SYSV mechanismGravatar Thomas Petazzoni2014-12-011-0/+3
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: bump to version 2.3.5Gravatar Gustavo Zacarias2014-10-292-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: add hash fileGravatar Gustavo Zacarias2014-10-191-0/+2
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* infra: Move --enable/--disable-debug to package/Makefile.inGravatar Bernd Kuhls2014-10-191-1/+1
| | | | | | | | | | | | A lot of packages ignored BR2_ENABLE_DEBUG. This patch simplifies the handling of this option by adding the corresponding configure option to the global Makefile for target packages. For host packages --disable-debug is added to the global Makefile. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSGravatar Thomas De Schampheleire2014-10-041-5/+5
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: disable plugins for static buildsGravatar Gustavo Zacarias2014-07-091-1/+2
| | | | | | | | Fixes: http://autobuild.buildroot.net/results/082/08295cdcb3d14198bc7fbddec89d6fead946afba/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>