packages

Author SHA1 Message Date

Author	SHA1	Message	Date
Magnus Kroken	29eab35c68	openvpn: update to 2.5.3 Remove upstreamed patch and fix test.sh script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>	2021-06-23 22:00:04 +02:00
Magnus Kroken	22b2389989	openvpn: update to 2.5.2 Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Add CI build test script. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry-picked from `6186fe732b`)	2021-04-22 20:36:22 +02:00

Magnus Kroken

29eab35c68

openvpn: update to 2.5.3

Remove upstreamed patch and fix test.sh script.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>

2021-06-23 22:00:04 +02:00

Magnus Kroken

22b2389989

openvpn: update to 2.5.2

Fixes two related security vulnerabilities (CVE-2020-15078) which
under very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup. In combination with "--auth-gen-token" or
a user-specific token auth solution it can be possible to get access to
a VPN with an otherwise-invalid account.

OpenVPN 2.5.2 also includes other bug fixes and improvements.

Add CI build test script.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from 6186fe732b)

2021-04-22 20:36:22 +02:00

2 commits