mirror of
https://github.com/openwrt/packages.git
synced 2025-02-12 00:00:55 +00:00
04d25b2bc1
This is a bugfix release containing several security fixes. Security fixes -------------- - CVE-2024-4877: Windows: harden interactive service pipe. Security scope: a malicious process with "some" elevated privileges could open the pipe a second time, tricking openvn GUI into providing user credentials (tokens), getting full access to the account openvpn-gui.exe runs as. - CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. - CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client Bug fixes --------- - fix connect timeout when using SOCKS proxies - work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers - Add bracket in fingerprint message and do not warn about missing verification For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
61 lines
1.4 KiB
Plaintext
61 lines
1.4 KiB
Plaintext
if PACKAGE_openvpn-wolfssl
|
|
|
|
config OPENVPN_wolfssl
|
|
bool
|
|
default y
|
|
select WOLFSSL_HAS_OPENVPN
|
|
|
|
config OPENVPN_wolfssl_ENABLE_LZO
|
|
bool "Enable LZO compression support"
|
|
default n
|
|
|
|
config OPENVPN_wolfssl_ENABLE_LZ4
|
|
bool "Enable LZ4 compression support"
|
|
default y
|
|
|
|
config OPENVPN_wolfssl_ENABLE_X509_ALT_USERNAME
|
|
bool "Enable the --x509-username-field feature"
|
|
default n
|
|
|
|
#config OPENVPN_wolfssl_ENABLE_EUREPHIA
|
|
# bool "Enable support for the eurephia plug-in"
|
|
# default n
|
|
|
|
config OPENVPN_wolfssl_ENABLE_MANAGEMENT
|
|
bool "Enable management server support"
|
|
default n
|
|
|
|
#config OPENVPN_wolfssl_ENABLE_PKCS11
|
|
# bool "Enable pkcs11 support"
|
|
# default n
|
|
|
|
config OPENVPN_wolfssl_ENABLE_FRAGMENT
|
|
bool "Enable internal fragmentation support (--fragment)"
|
|
default y
|
|
|
|
config OPENVPN_wolfssl_ENABLE_PORT_SHARE
|
|
bool "Enable TCP server port-share support (--port-share)"
|
|
default y
|
|
|
|
config OPENVPN_wolfssl_ENABLE_IPROUTE2
|
|
bool "Enable support for iproute2"
|
|
default n
|
|
|
|
config OPENVPN_wolfssl_ENABLE_DCO
|
|
depends on !OPENVPN_wolfssl_ENABLE_IPROUTE2
|
|
bool "Enable support for data channel offload"
|
|
default n if OPENVPN_openssl_ENABLE_IPROUTE2
|
|
select WOLFSSL_HAS_OPENVPN
|
|
help
|
|
enable data channel offload support
|
|
using the ovpn-dco-v2 kernel module
|
|
|
|
config OPENVPN_wolfssl_ENABLE_SMALL
|
|
bool "Enable size optimization"
|
|
default y
|
|
help
|
|
enable smaller executable size (disable OCC, usage
|
|
message, and verb 4 parm list)
|
|
|
|
endif
|