Commit Graph

52 Commits

Author SHA1 Message Date
Khem Raj 04395fd148 openvpn: upgrade 2.6.3 -> 2.6.6
License-Update: Added Apache2 linking exception

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 45ad525348)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-01-05 07:52:16 -05:00
Andrej Valek 8af2f17a6f cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
  version

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-07-27 08:54:40 -07:00
Wang Mingyu f613df1f33 openvpn: upgrade 2.6.2 -> 2.6.3
Changelog:
==========
  GHA: remove Ubuntu 18.04 builds
  vcpkg: request "tools" feature of openssl for MSVC build
  doc: run rst2* with --strict to catch warnings
  Support of DNS domain for DHCP-less drivers
  Bug-fix: segfault in dco_get_peer_stats()

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-17 09:53:31 -07:00
Wang Mingyu fc221b3211 openvpn: upgrade 2.6.1 -> 2.6.2
Changelog:
==========
 dco: don't use NetLink to exchange control packets
 dco: print version to log if available
 dco-linux: remove M_ERRNO flag when printing netlink error message
 multi: don't call DCO APIs if DCO is disabled
 dco-freebsd: use m->instances[] instead of m->hash
 dco-linux: implement dco_get_peer_stats{, multi} API
 Set netlink socket to be non-blocking
 Ensure n = 2 is set in key2 struct in tls_crypt_v2_unwrap_client_key
 Fix memory leaks in open_tun_dco()
 Fix memory leaks in HMAC initial packet generation
 Use key_state instead of multi for tls_send_payload parameter
 Make sending plain text control message session aware
 Only update frame calculation if we have a valid link sockets
 Improve description of compat-mode
 Simplify --compress parsing in options.c
 Refuse connection if server pushes an option contradicting allow-compress
 Add 'allow-compression stub-only' internally for DCO
 Parse compression options and bail out when compression is disabled
 tests/unit_tests: Fix 'make distcheck' with subdir-objects enabled
 preparing release 2.6.2
 dns option: allow up to eight addresses per server
 dco: print FreeBSD version
 Support --inactive option for DCO
 Fix '--inactive <time> 0' behavior for DCO
 Print DCO client stats on SIGUSR2
 Don't overwrite socket flags when using DCO on Windows
 using OpenSSL3 API for EVP PKEY type name reporting
 Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded form
 Import some sample certificates into Windows store for testing
 Add tests for finding certificates in Windows cert store
 Refactor SSL_CTX_use_CryptoAPI_certificate()
 Add a test for signing with certificates in Windows store
 Unit tests: add test for SSL_CTX_use_Cryptoapi_certificate()
 Improve error message on short read from socks proxy
 Make error in setting metric for IPv6 interface non-fatal

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-04-04 13:39:46 -07:00
Petr Gotthard 4138f34899 openvpn: upgrade 2.6.0 -> 2.6.1
Changelog:
https://github.com/OpenVPN/openvpn/blob/v2.6.1/Changes.rst

Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-10 17:21:15 -08:00
Petr Gotthard 2c1b55a059 openvpn: upgrade 2.5.8 -> 2.6.0
New features and improvements in 2.6.0 compared to 2.5.8:
 - Data Channel Offload (DCO) kernel acceleration support for Windows,
   Linux, and FreeBSD.
 - OpenSSL 3 support.
 - Improved handling of tunnel MTU, including support for pushable MTU.
 - Outdated cryptographic algorithms disabled by default, but there are
   options to override if necessary.
 - Reworked TLS handshake, making OpenVPN immune to replay-packet state
   exhaustion attacks.
 - Added --peer-fingerprint mode for a more simplistic certificate setup
   and verification.
 - Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
 - Improved protocol negotiation, leading to faster connection setup.

Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-02-24 08:45:44 -08:00
Wang Mingyu cc976ef344 openvpn: upgrade 2.5.7 -> 2.5.8
Changelog:
==========
  tls-crypt-v2: bail out if the client key is too small
  Remove useless empty line from CR_RESPONSE message
  Allow running a default configuration with TLS libraries without BF-CBC
  Change command help to match man page and implementation
  Fix OpenVPN querying user/password if auth-token with user expires
  t_client: Allow to force FAIL on prerequisite fails
  t_client.sh: do not require fping6
  Preparing release 2.5.8
  msvc: add branch name and commit hash to version output
  Update the replay-window backtrack log message
  Do not skip ERROR:/SUCCESS: response from management interface
  Fix auth-token usage with management-def-auth
  Allow a few levels of recursion in virtual_output_callback()
  Ensure --auth-nocache is handled during renegotiation
  Purge auth-token as well while purging passwords
  Do not copy auth_token username to itself

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-11-09 10:17:15 -08:00
Alex Stewart 59be04fbcd openvpn: distribute sample-config-files
The openvpn tarball has additional sample config files which are
generally useful to users, and which are typically distributed in other
distros' openvpn packages.

Include these sample configs in the OE recipe.

Signed-off-by: Bill Pittman <bill.pittman@ni.com>

Rebased to openvpn_2.5.7.

Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-07-08 22:43:03 -04:00
Yi Zhao e0e1eb4bed openvpn: add PACKAGECONFIG for selinux
This is useful for selinux distro feature.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-07-07 10:26:37 -04:00
Yi Zhao c098cf9190 openvpn: add PACKAGECONFIG for systemd
The systemd support had been integrated to openvpn for a long time. Add
PACKAGECONFIG for it and use its own service files and volatile file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-07-07 10:26:37 -04:00
Yi Zhao 63d49fd481 openvpn: eliminate build path from openvpn --version option
Before the patch:
$ openvpn  --version
OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
[snip]
Compile time defines: enable_async_push=no enable_comp_stub=no
[snip]
with_crypto_library=openssl with_gnu_ld=yes
with_libtool_sysroot=/buildarea/build/tmp/work/core2-64-poky-linux/openvpn/2.5.7-r0/recipe-sysroot
with_mem_check=no with_openssl_engine=auto

After the patch:
$ openvpn  --version
OpenVPN 2.5.7 x86_64-poky-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
[snip]
Compile time defines: enable_async_push=no enable_comp_stub=no
[snip]
with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no
with_openssl_engine=auto

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-06-30 13:39:27 -04:00
Wang Mingyu 3d357069a3 openvpn: upgrade 2.5.6 -> 2.5.7
Changelog:
=========
      networking: use OPENVPN_ETH_ALEN instead of ETH_ALEN
      networking_iproute2: don't pass M_WARN to openvpn_execve_check()
      t_net.sh: delete dummy iface using iproute command
      auth-pam.c: add missing include limits.h
      Add insecure tls-cert-profile options
      Refactor early initialisation and uninitialisation into methods
      Allow loading of non default providers
      Add ubuntu 22.04 to Github Actions
      Add macos OpenSSL 3.0 and ASAN builds
      Add --with-openssl-engine autoconf option (auto|yes|no)
      Fix allowing/showing unsupported ciphers and digests
      Remove dependency on BF-CBC existance from test_ncp
      Add message when decoding PKCS12 file fails.
      Translate OpenSSL 3.0 digest names to OpenSSL 1.1 digest names
      Fix client-pending-auth error message to say ERROR instead of SUCCESS
      Preparing release 2.5.7
      cipher-negotiation.rst missing from doc/Makefile.am
      vcpkg-ports\pkcs11-helper: shorten patch filename
      msvc: adjust build options to harden binaries
      vcpkg-ports: remove openssl port
      vcpkg: switch to manifest
      Fix M_ERRNO behavior on Windows
      vcpkg-ports/pkcs11-helper: bump to release 1.29
      tapctl: Resolve MSVC C4996 warnings

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-06-06 13:58:43 -07:00
wangmy 5a974137fa openvpn: upgrade 2.5.5 -> 2.5.6
Liense-Update : year updated to 2022.

Changelog:
=========
 GitHub Actions: update script to same version as master
 update copyright year to 2022
 keyingmaterialexporter.c: include strings.h
 remove unused sitnl.h file
 sample-plugin: New plugin for testing multiple auth plugins
 plug-ins: Disallow multiple deferred authentication plug-ins
 doc/Makefile: rebuild rst docs if input files change
 doc/options: clean up documentation for --proto and related options
 fix Changes.rst errors in 2.5.3 and 2.5.5 announcement
 Repair --inactive with 'bytes' argument larger 2Gbytes.
 Fix --mtu-disc maybe|yes on Linux.
 Preparing release 2.5.6
 CI: github actions: keep "pdb" in artifacts
 auth_token.c: add NULL initialization
 vcpkg-ports/pkcs11-helper: bump to release 1.28
 vcpkg-ports/pkcs11-helper: indicate OpenSSL EC support
 msvc: cleanup
 vcpkg: link lzo statically
 vcpkg-ports/pkcs11-helper: adapt to new upstream URL
 vcpkg-ports: add openssl 1.1.1n

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-24 09:45:25 -07:00
Khem Raj 7d8a0e840d recipes: Update LICENSE variable to use SPDX license identifiers
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-04 17:41:45 -08:00
Khem Raj f2df270179 recipes: Use new CVE_CHECK_IGNORE variable
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
zhengruoqin 2867330535 openvpn: upgrade 2.5.4 -> 2.5.5
Changelog:
=========
 Fix error in example firewall.sh script
 configure: remove useless -Wno-* from default CFLAGS
 Add argv_insert_head__empty_argv__head_only to argv tests
 Move deprecation of SWEET32/64bit block size ciphers to 2.7
 Include --push-remove in the output of --help.
 Move '--push-peer-info' documentation from 'server' to 'client options'
 add test case(s) to notice 'openvpn --show-cipher' crashing
 BUILD: enable CFG and Spectre mitigation for MSVC
 Fix loading PKCS12 files on Windows
 msvc: fix product version display
 msvc: add missing header to project file
 config-msvc.h: fix OpenSSL-related defines
 contrib/vcpkg-ports: remove openssl port
 GitHub Actions: use latest working lukka/run-vcpkg
 Use network address for emulated DHCP server as a default
 Load OpenSSL config on Windows from trusted location
 ring_buffer.h: fix GCC warning about unused function
 ssh_openssl.h: remove unused declaration
 vcpkg/pkcs11-helper: compatibility with latest vcpkg
 config-msvc.h: indicate key material export support
 Don't use BF-CBC in unit tests if we don't have it
 Define have_blowfish variable in ncp unit tests
 doc link-options.rst: Use free open-source dynamic-DNS provider URL
 Fix some more wrong defines in config-msvc.h
 Ensure the current common_name is in the environment for scripts
 Require EC key support in Windows builds
 resolvconf fails with -p
 Update IRC information in CONTRIBUTING.rst
 doc/man (vpn-network-options): fix foreign_option_{n} typo
 README.down-root: Fix plugin module name

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-21 18:49:37 -08:00
wangmy 54567412b5 openvpn: Change the default cipher to AES-256-GCM for server configurations
This change makes the server use AES-256-GCM instead of BF-CBC as the default
cipher for the VPN tunnel.  To avoid breaking existing running configurations
defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains
the BF-CBC in addition to AES-CBC.  This makes it possible to migrate
existing older client configurations one-by-one to use at least AES-CBC unless
the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically)

Upstream-Status: Backport [https://src.fedoraproject.org/rpms/openvpn/blob/rawhide/f/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch]

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-15 18:04:23 -08:00
wangmy 1bcc09e8ff openvpn: upgrade 2.5.3 -> 2.5.4
2021.10.04 -- Version 2.5.4

Antonio Quartulli (3):
      route.c: pass the right parameter to IN6_IS_ADDR_UNSPECIFIED
      configure: search also for rst2{man, html}.py
      networking: add networking API net_addr_ll_set() and use it on Linux

Arne Schwabe (1):
      Move examples into openvpn-examples(5) man page

David Korczynski (1):
      Fix argv leaks in add_route() and add_route_ipv6()

David Sommerseth (2):
      doc: Use generic rules for man/html generation
      man: Clarify IV_HWADDR

Gert Doering (1):
      Add error reporting to get_console_input_win32().

Lev Stipakov (3):
      Fix console prompts with redirected log
      Add building man page on Windows
      GitHub Actions: remove Ubuntu 16.04 environment

Max Fillinger (1):
      Update Fox e-mail address in copyright notices

Selva Nair (1):
      Minor doc correction: tls-crypt-v2 key generation

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-10-14 07:16:58 -07:00
Martin Jansa c61dc077bb Convert to new override syntax
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03 10:21:25 -07:00
Akifumi Chikazawa d49e96aac4 openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.

Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-06-26 00:45:10 -07:00
zangrc 471cc226a6 openvpn: upgrade 2.5.2 -> 2.5.3
-License-Update: Copyright year updated to 2021.

Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-06-23 23:20:35 -07:00
zangrc b12a2818b9 openvpn: upgrade 2.5.1 -> 2.5.2
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-04-29 09:02:39 -07:00
zangrc 7e4485adcb openvpn: upgrade 2.5.0 -> 2.5.1
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-04 09:04:24 -08:00
Zang Ruochen f20a4ba04f openvpn: upgrade 2.4.9 -> 2.5.0
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-09 13:41:02 -08:00
Andreas Müller 2333cb1f0a openvpn: upgrade 2.4.8 -> 2.4.9
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-05-03 14:29:17 -07:00
Pierre-Jean Texier 86c5a40313 openvpn: fix upstream check URL
Fixes:

$: devtool check-upgrade-status openvpn
<...>

INFO: openvpn                   2.4.8           UNKNOWN_BROKEN  None

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-03-24 08:09:11 -07:00
Pierre-Jean Texier 369dcf2e0e openvpn: upgrade 2.4.7 -> 2.4.8
See full changelog https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-03-24 08:09:11 -07:00
Fabian Klemp 910891d722 openvpn: respect pid file in init.d service start
openvpn only provides options to update a pid file but not to check it
for running processes. Consecutive issued start commands therefore lead
to multiple running processes with the same configurations, which is the
origin of all kinds of problems of which unnecessary resource usage is the least.

Using start-stop-daemon the pid file is inspected for running processes
before start.

Signed-off-by: Fabian Klemp <fabian.klemp@axino-group.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-07-30 19:15:24 -07:00
Oleksandr Kravchuk c1c8895609 openvpn: update to 2.4.7
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-05-11 23:35:30 -07:00
Armin Kuster 09ae486b7c openvpn: update to 2.4.6
LIC_FILES_CHKSUM changed do to "Update copyright to include 2018 plus company name change"
includes: CVE-2018-9336

see: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-10-09 19:08:26 -07:00
Armin Kuster f818700c23 openvpn: enable sysvinit
add INITSCRIPT

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-10-08 10:48:17 -07:00
fan.xin 58a6f21a54 openvpn: Upgrade 2.4.3 -> 2.4.4
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2018-01-08 11:51:47 -05:00
Kai Kang 0a949fb897 openvpn: 2.4.2 -> 2.4.3
Upgrade openvpn from 2.4.2 to 2.4.3.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-09-12 10:37:19 -04:00
fan.xin 0d010f8241 openvpn: Upgrade 2.3.9 -> 2.4.2
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-06-28 10:27:31 -04:00
Andrea Galbusera b6adc8bae7 openvpn: avoid hardcoded path
Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:38 -04:00
Andrea Galbusera a6916b2241 openvpn: avoid packaging /run
/run is in FILES_${PN} but nothing either populate or even create it.

Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Andrea Galbusera 07e8b8ebe3 openvpn: openvpn-volatile.conf: avoid hardcoded localstatedir
Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Andrea Galbusera eb0a49cc9c openvpn: remove duplicate attempt to create dir in ${localstatedir}
When systemd is in DISTRO_FEATURES we have two attempts to create
${localstatedir}/run/openvpn: one at build time with install command and
the other via systemd-tmpfiles at runtime which is enabled by installing
openvpn-volatile.conf. Beside looking redundant, by dropping the build-time
dir creation attempt solves the following error when building images with
both base-files and openvpn:

Error: Transaction check error:
  file /var/run conflicts between attempted installs of
  openvpn-2.3.9-r0.cortexa7hf_neon_vfpv4 and
  base-files-3.0.14-r89.raspberrypi3

Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Andrea Galbusera ccaf0a99d8 openvpn: ensure ${sysconfdir}/tmpfiles.d is packaged
The file was installed but never packaged, ending up in no systemd-tmpfiles
configuration on the final rootfs.

Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-25 15:55:37 -04:00
Wang Xin fab248ae6d openvpn: 2.3.8 -> 2.3.9
1) Upgrade openvpn from 2.3.8 to 2.3.9.
2) Modify EXTRA_OECONF, Since the Changelog in the new version shows:
    Remove --enable-password-save option
    Reflect enable-password-save change in documentation
    Also remove second instance of enable-password-save in the man page
3) Fix the Warning:
    WARNING: openvpn-2.3.9-r0 do_configure: QA Issue: openvpn: configure was passed unrecognised options: --enable-password-save [unknown-configure-option]

Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-09-05 13:34:12 -04:00
Ross Burton 275b6c30fb meta-networking: use bb.utils.contains() instead of base_contains()
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-05-05 11:41:28 -04:00
Dai Caiyun 514149c972 openvpn: 2.3.7 -> 2.3.8
Upgrade openvpn from 2.3.7 to 2.3.8.

Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-01-20 21:41:46 -05:00
Li xin b78cd2f4f9 openvpn: upgrade 2.3.6 -> 2.3.7
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-08-06 15:44:09 -04:00
Joe MacDonald 8980f0d2a2 meta-networking: standardize SECTION values
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-06-05 20:42:25 -04:00
Bian Naimeng 050486a093 openvpn: install /etc/tmpfiles.d/openvpn.conf
Directory /var/run/openvpn is required by service.

Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-02-23 13:21:54 -05:00
Bian Naimeng 3add4db0fc openvpn: upgrade to 2.3.6.
The purpose of this patch as below.

 1. upgrade openvpn to 2.3.6 in order to fix CVE-2014-8104

 2. enable systemd

 3. provide new packages named ${PN}-sample to help user create config file
    easily and check whether is openvpn work.

Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-12-19 20:10:56 +01:00
Ben Shelton 6aee572984 openvpn: bypass check for /sbin/ip on the host
In the commit 'openvpn: use default iproute2 path', the configure flag
to explicitly set the iproute2 path was removed, since busybox now
provides the 'ip' applet at the default path.  However, setting this
flag is necessary to bypass the configure-time check for /sbin/ip on the
host, which will otherwise fail if iproute2 is not installed on the
host.  Add back the flag (pointing to the correct path), and add a
comment to describe why this is necessary.

Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-10-30 09:15:20 +01:00
pieterg 1cd3c1a945 openvpn: use default iproute2 path
Since busybox 1.21, the 'ip' applet has the default
path (/sbin/ip)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-10-10 12:47:34 +02:00
Roy Li 042f9a89c6 openvpn: not use the hardcoded libdir
it will lead to QA failure, since .debug dir can not be installed into dbg package

    ERROR: QA Issue: non debug package contains .debug directory: openvpn path
    /work/core2-64-wrs-linux/openvpn/2.3.4-r0/packages-split/openvpn/usr/lib64i
    /openvpn/plugins/.debug/openvpn-plugin-down-root.so [debug-files]

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-07-30 09:21:04 +02:00
Richard Tollerton f647f319fc openvpn: update and enable iproute2 support
- Added .bb for version 2.3.4.
- The download URL was broken; it's changed to reflect where the website
  points to.
- Force use of iproute2, which is generally recommended when running
  OpenVPN as an unprivileged user. Ref:
  http://community.openvpn.net/openvpn/wiki/UnprivilegedUser
- Explicitly add libpam to DEPENDS if pam is enabled, and disable the
  auth-pam plugin if pam is not enabled.
- Pass the path to the 'ip' utility to the configure script to keep it
  from trying to find it on the host.

Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-07-22 00:01:58 +02:00