summaryrefslogtreecommitdiffstats
path: root/package/openvpn
Commit message (Collapse)AuthorAgeFilesLines
* packages: update sysv S* scripts to 644Matt Weber2019-02-081-0/+0
| | | | | Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: bump to version 2.4.6Baruch Siach2018-05-042-13/+4
| | | | | | | | | | | Note that CVE-2018-9336 fixed in this version does not affect Buildroot since it is Windows specific. Drop interoperability with older busybox versions. We removed support for busybox version selection long ago. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* openvpn: don't test if the binary exists in the init scriptCarlos Santos2018-04-161-5/+1
| | | | | | | | | | | The test doesn't make sense. It just exits without any error if the binary doesn't exist, which is silly. Replace the DAEMON variable, which was used only once, by the full path of the binary file. Signed-off-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: bump version to 2.4.5Bernd Kuhls2018-04-022-2/+3
| | | | | | | | | | | | | | | Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 This bump depends on libressl 2.7.2 to avoid a build error with this defconfig: BR2_PACKAGE_LIBRESSL=y BR2_PACKAGE_OPENVPN=y Added license hash. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openvpn: security bump to version 2.4.4Bernd Kuhls2017-09-272-2/+2
| | | | | | | | | | Fixes CVE-2017-12166: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: security bump to version 2.4.3Baruch Siach2017-06-222-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2017-7508 - Remotely-triggerable ASSERT() on malformed IPv6 packet CVE-2017-7520 - Pre-authentication remote crash/information disclosure for clients CVE-2017-7521 - Potential double-free in --x509-alt-username CVE-2017-7521 - Remote-triggerable memory leaks CVE-2017-7522 - Post-authentication remote DoS when using the --x509-track option Details at https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openvpn: security bump to 2.4.2Bernd Kuhls2017-05-112-2/+2
| | | | | | | | Fixes CVE-2017-7478 & CVE-2017-7479: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+Rahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license strings as much as possible. SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+. This change is done by using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: Add explicit support for external lz4Jeroen Roovers2017-03-252-0/+13
| | | | | | | | 2.4.0 added lz4 support. Make that choice explicit or the bundled compat-lz4 "stub" will be used. Signed-off-by: Jeroen Roovers <jer@airfi.aero> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump version to 2.4.1Vicente Olivert Riera2017-03-252-4/+3
| | | | | | | --disable-eurephia configure option doesn't exist, so remove it. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump version to 2.4.0Vicente Olivert Riera2017-01-243-14/+2
| | | | | | | | | | | | --enable-password-save option has been removed (https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f). Since it now defaults to "enabled" in the upstream package, there is no point in adding Config.in.legacy support for it: Config.in.legacy logic only kicks in when the option is enabled, but the upstream package precisely preserve the compatibility with this situation. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/openvpn: bump version to 2.3.14Bernd Kuhls2016-12-082-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/openvpn: bump to version 2.3.13Bernd Kuhls2016-11-042-3/+3
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump to version 2.3.12Gustavo Zacarias2016-08-232-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: security bump to version 2.3.11Gustavo Zacarias2016-05-152-2/+2
| | | | | | | | Fixed port-share bug with DoS potential. Fix buffer overflow by user supplied data. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: remove polarssl crypto backend optionGustavo Zacarias2016-05-152-31/+3
| | | | | | | | | | | | | | | Now that we need to bump openvpn to version 2.3.11 for security fixes the time has come to remove the polarssl option. Add legacy handling explaining the situation: PolarSSL 1.2.x can coexist with mbedTLS 2.x+, but OpenVPN requires PolarSSL/mbedTLS 1.3.x (the transition branch) >= 1.3.8 but doesn't build/work with the 2.x series. And PolarSSL/mbedTLS 1.3.x can't coexist with mbedTLS 2.x on the same target. So, unfortunately, openssl is now the only option (until libressl arrives) which means no more backend options in general. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Revert "package/openvpn: bump version to 2.3.10"Gustavo Zacarias2016-01-312-3/+3
| | | | | | | | | | | openvpn 2.3.10 doesn't work with polarssl 1.2.x, hence this bump breaks builds for the polarssl backend. This reverts commit 06f3e7904f13ec08492fcc7f6e7287a90eac6347. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openvpn: bump version to 2.3.10Bernd Kuhls2016-01-312-3/+3
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: bump to version 2.3.9Gustavo Zacarias2015-12-172-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: Replace 'echo -n' by 'printf'Maxime Hadjinlian2015-10-041-11/+11
| | | | | | | | | | | | 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: add option for --enable-password-saveAndreas Wetzel2015-09-302-0/+12
| | | | | | | | | | | Added configuration option BR2_PACKAGE_OPENVPN_PWSAVE that adds --enable-password-save to OPENVPN_CONF_OPTS if selected. [Thomas: rewrap Config.in help text, as suggested by Vicente.] Signed-off-by: Andreas Wetzel <andreas.wetzel@nanotronic.ch> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump to version 2.3.8Gustavo Zacarias2015-08-092-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: bump to version 2.3.7Gustavo Zacarias2015-06-092-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: remove non-IPv6 dependencies and tweaksGustavo Zacarias2015-04-221-5/+0
| | | | | | | | Now that IPv6 is mandatory remove package dependencies and conditionals for it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: indentation cleanupJerzy Grzegorek2015-03-311-8/+12
| | | | | | | This commit doesn't touch infra packages. Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBSThomas Petazzoni2014-12-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed from "prefer static libraries when possible" to "use only static libraries". The former semantic didn't make much sense, since the user had absolutely no control/idea of which package would use static libraries, and which packages would not. Therefore, for quite some time, we have been starting to enforce that BR2_PREFER_STATIC_LIB should really build everything with static libraries. As a consequence, this patch renames BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS, and adjust the Config.in option accordingly. This also helps preparing the addition of other options to select shared, shared+static or just static. Note that we have verified that this commit can be reproduced by simply doing a global rename of BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
* openvpn: CVE-2014-8104: bump to version 2.3.6Fabian Mewes2014-12-022-2/+2
| | | | | | | | see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b Signed-off-by: Fabian Mewes <architekt@coding4coffee.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: use <pkg>_INSTALL_INIT_SYSV mechanismThomas Petazzoni2014-12-011-0/+3
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: bump to version 2.3.5Gustavo Zacarias2014-10-292-2/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: add hash fileGustavo Zacarias2014-10-191-0/+2
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* infra: Move --enable/--disable-debug to package/Makefile.inBernd Kuhls2014-10-191-1/+1
| | | | | | | | | | | | A lot of packages ignored BR2_ENABLE_DEBUG. This patch simplifies the handling of this option by adding the corresponding configure option to the global Makefile for target packages. For host packages --disable-debug is added to the global Makefile. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSThomas De Schampheleire2014-10-041-5/+5
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openvpn: disable plugins for static buildsGustavo Zacarias2014-07-091-1/+2
| | | | | | | | Fixes: http://autobuild.buildroot.net/results/082/08295cdcb3d14198bc7fbddec89d6fead946afba/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* replace references to Busybox with BusyBoxSimon Dawson2014-06-011-1/+1
| | | | | | | | | The correct capitalised form appears to be "BusyBox" rather than "Busybox"; fix all references to the latter form. (Most such references occur in the manual and in commentary in package makefiles.) Signed-off-by: Simon Dawson <spdawson@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: bump to version 2.3.4Gustavo Zacarias2014-05-141-1/+1
| | | | | | | Fixes TLS version interoperability issues. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openvpn: bump to version 2.3.3Gustavo Zacarias2014-04-151-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Config.in files: fix incorrect indentationThomas De Schampheleire2013-12-251-1/+1
| | | | | | | Tab instead of spaces Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: remove uninstall commandsThomas De Schampheleire2013-12-061-5/+0
| | | | | Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Config.in files: add missing dependencies to toolchain option commentsThomas De Schampheleire2013-11-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a package A depends on config option B and toolchain option C, then the comment that is given when C is not fulfilled should also depend on B. For example: config BR2_PACKAGE_A depends on BR2_B depends on BR2_LARGEFILE depends on BR2_WCHAR comment "A needs a toolchain w/ largefile, wchar" depends on !BR2_LARGEFILE || !BR2_WCHAR This comment should actually be: comment "A needs a toolchain w/ largefile, wchar" depends on BR2_B depends on !BR2_LARGEFILE || !BR2_WCHAR or if possible (typically when B is a package config option declared in that same Config.in file): if BR2_B comment "A needs a toolchain w/ largefile, wchar" depends on !BR2_LARGEFILE || !BR2_WCHAR [other config options depending on B] endif Otherwise, the comment would be visible even though the other dependencies are not met. This patch adds such missing dependencies, and changes existing such dependencies from depends on BR2_BASE_DEP && !BR2_TOOLCHAIN_USES_GLIBC to depends on BR2_BASE_DEP depends on !BR2_TOOLCHAIN_USES_GLIBC so that (positive) base dependencies are separate from the (negative) toolchain dependencies. This strategy makes it easier to write such comments (because one can simply copy the base dependency from the actual package config option), but also avoids complex and long boolean expressions. Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (untested) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Config.in files: unify comments of toolchain option dependenciesThomas De Schampheleire2013-10-141-1/+1
| | | | | | | | This patch lines up the comments in Config.in files that clarify which toolchain options the package depends on. Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* change package tarball compression to xz whenever possibleJerzy Grzegorek2013-09-081-0/+1
| | | | | | [Peter: leave change xz tarball format to not end up with circular deps] Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openvpn: define licenseGustavo Zacarias2013-06-281-0/+2
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openvpn: bump to version 2.3.2Gustavo Zacarias2013-06-121-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Normalize separator size to 80Alexandre Belloni2013-06-061-2/+2
| | | | | Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openvpn: adjust iproute2 path logicGustavo Zacarias2013-04-071-1/+5
| | | | | | | | | | | As reported in bug #6164 when using busybox iproute2 openvpn can fail to locate the 'ip' utility. This was correct until busybox 1.21.0 was released since it changed the location of /bin/ip to /sbin/ip (what iproute2 proper does). So adjust the ip path accordingly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openvpn: bump to version 2.3.1Gustavo Zacarias2013-04-032-73/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openvpn: fix init script namePeter Korsgaard2013-01-152-5/+3
| | | | | | | | | | | | | | Our default (busybox) rc.S implementation requires init scripts to be named S??*, so rename the openvpn one to S60openvpn (E.G. after network). At the same time remove the deprecated check-if-custom-skeleton-provided-file and just always install the init script. People can always fixup/remove it in their post-build script if needed. Also name the init script source the same as the destination file name in TARGET_DIR for consistency. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openvpn: bump to version 2.3.0Gustavo Zacarias2013-01-154-47/+126
| | | | | | | | | | | | | Toolchain IPv6 support isn't optional any more. New PolarSSL backend besides the usual OpenSSL one. New small binary option, reduces binary file size ~100 KiB depending on target architecture. Removed no crypto option - it still requires some SSL library headers and it's pointless anyway, after all we're talking about a VPN solution here. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openvpn: Fix paths to external utilitiesValentine Barshak2012-10-081-1/+10
| | | | | | | | | | | This sets paths to ifconfig, route, netstat and ip in the target root filesystem. Otherwise the paths leak from the host and may not match those on the target. Signed-off-by: Valentine Barshak <gvaxon@gmail.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* all packages: rename XXXTARGETS to xxx-packageArnout Vandecappelle (Essensium/Mind)2012-07-171-1/+1
| | | | | | | | | | | | | Also remove the redundant $(call ...). This is a purely mechanical change, performed with find package linux toolchain boot -name \*.mk | \ xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \ -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \ -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
OpenPOWER on IntegriCloud