openvpn: update to 2.5.2
Fixes two related security vulnerabilities (CVE-2020-15078) which
under very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup. In combination with "--auth-gen-token" or
a user-specific token auth solution it can be possible to get access to
a VPN with an otherwise-invalid account.
OpenVPN 2.5.2 also includes other bug fixes and improvements.
Add CI build test script.
Signed-off-by:
Magnus Kroken <mkroken@gmail.com>
Showing
- net/openvpn/Makefile 3 additions, 3 deletionsnet/openvpn/Makefile
- net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch 1 addition, 1 deletion...n/patches/100-mbedtls-disable-runtime-version-check.patch
- net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch 42 additions, 0 deletions...envpn/patches/115-fix-mbedtls-without-renegotiation.patch
- net/openvpn/test.sh 10 additions, 0 deletionsnet/openvpn/test.sh
Loading
Please register or sign in to comment