Commit Graph

61 Commits

Author SHA1 Message Date
Aaron Jheng
2b24d0d98e
openvpn: 2.5.6 -> 2.5.8 2022-11-03 23:52:13 +00:00
ajs124
5cb3e07081 openvpn*: use matching openssl version for each release 2022-08-17 20:16:19 +02:00
Peter Hoeg
7aa2c5cfb4 openvpn: use update-systemd-resolved instead of vendoring it 2022-04-12 22:59:11 +08:00
Markus S. Wamser
448d02ec22 openvpn: 2.4.11 -> 2.4.12 (security, CVE-2022-0547)
Release Notes:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-2412https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst

Fixes: CVE-2022-0547
2022-03-17 22:47:40 +01:00
Markus S. Wamser
1098fc9221 openvpn: 2.5.5 -> 2.5.6 (security, CVE-2022-0547)
Release Notes:
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst

Fixes: CVE-2022-0547
2022-03-17 15:07:23 +01:00
Ben Wolsieffer
75741425ce openvpn: 2.5.2 -> 2.5.5
Also, increase the minimum version that requires iproute2 (for documentation
purposes only, since we are upgrading to a later version). Until 2.5.4, iproute2
was required to set the MAC address on the VPN interface.
2022-01-08 13:01:30 -05:00
Thomas Gerbet
e2df9554b0 openvpn_24: 2.4.9 -> 2.4.11
Fixes CVE-2020-15078.
https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
2021-05-23 15:52:46 +02:00
Thomas Gerbet
82f90f892f openvpn: 2.5.0 -> 2.5.2
Fixes CVE-2020-15078.
https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
2021-05-23 15:46:06 +02:00
Sandro Jäckel
9378fdf87e
iproute: deprecate alias 2021-04-04 01:43:46 +02:00
Sandro Jäckel
ec5be00b37
openvpn: remove ? null 2021-03-17 22:55:11 +01:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Peter Hoeg
31cf796be6 openvpn: 2.4.9 -> 2.5.0 2020-11-22 20:36:57 +08:00
Peter Hoeg
1f2368d387 openvpn: update and wrap update-systemd-resolved
The string replacement we were doing was just too brittle, so wrap the
script with a modified PATH instead as it is less likely to break on new
versions.
2020-05-21 20:54:25 +08:00
Martin Milata
f35d50c68c openvpn: 2.4.7 -> 2.4.9
Fixes CVE-2020-11736
2020-04-23 14:25:37 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
lassulus
acc3eec8da openvpn: fix pkcs11 helper 2019-05-20 10:39:24 +02:00
Peter Hoeg
8f81838ab5
Merge pull request #58800 from peterhoeg/f/openvpn
openvpn: support for updating systemd-resolved with DNS servers
2019-04-28 21:54:26 +08:00
Peter Hoeg
36c344ac00 openvpn: support for updating systemd-resolved with DNS servers 2019-04-03 09:35:27 +08:00
R. RyanTM
ddc5666b28 openvpn: 2.4.6 -> 2.4.7
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/openvpn/versions
2019-03-11 01:00:15 -07:00
Ryan Mulligan
038a0c9a60 treewide: http to https 2018-04-30 21:39:20 -07:00
R. RyanTM
8898063828 openvpn: 2.4.5 -> 2.4.6
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/openvpn/versions.

These checks were done:

- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 2.4.6 with grep in /nix/store/5hj70y409c0b01zmx4rddiicgq7jajb2-openvpn-2.4.6
- directory tree listing: https://gist.github.com/ce0bc5e31d7d26ead341febdc7bdc6ee
2018-04-26 01:20:56 -07:00
Ryan Mulligan
b0e306b192 openvpn: 2.4.4 -> 2.4.5
Semi-automatic update. These checks were done:

- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 2.4.5 with grep in /nix/store/a2wdxd4c08b1gilnj2mcvkmvpnqxw942-openvpn-2.4.5
- found 2.4.5 in filename of file in /nix/store/a2wdxd4c08b1gilnj2mcvkmvpnqxw942-openvpn-2.4.5
2018-03-09 05:42:34 -08:00
Kier Davis
397daef205
openvpn: make systemd dependency optional
systemd is a fairly large dependency, and it doesn't appear to
be necessary in all circumstances - e.g. when openvpn is
not run as a systemd service (as is usually the case when it is
run in a Docker container).

This change makes the dependency on systemd optional, controlled
by a new argument `useSystemd`. The default behaviour remains
the same as it was before this change: enabled only on Linux systems.

For me, this change reduces the size of my container image (dominated
by the closure of openvpn) from about 110 MB to 45 MB.

Version 2: rename argument to `useSystemd` (was `systemdSupport`), and
rebase onto master
2018-01-06 15:05:44 +00:00
Franz Pletz
8e4586d077
openvpn: 2.4.3 -> 2.4.4 for CVE-2017-12166
https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
2017-09-28 12:27:01 +02:00
Franz Pletz
5521b542a2
openvpn: 2.4.2 -> 2.4.3
See https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

Fixed:

  * CVE-2017-7508
  * CVE-2017-7520
  * CVE-2017-7521
  * CVE-2017-7512
  * CVE-2017-7522
2017-06-21 13:36:10 +02:00
Peter Simons
ae6f9324cd openvpn: update to version 2.4.2 to fix CVE-2017-7478 and CVE-2017-7479 2017-05-12 13:35:37 +02:00
Jörg Thalheim
e09b950f54
openvpn: remove no longer correct systemd-notify.patch
This patch was only necessary for 2.3.x, while 2.4.0 improved
its own systemd notify support.

See: https://github.com/NixOS/nixpkgs/issues/24817
2017-04-11 08:51:56 +02:00
Michael Raskin
277e7119be openvpn: 2.3.13 -> 2.4.0 2017-01-02 15:38:46 +01:00
Hendrik Schaeidt
d6d12ebc55
openvpn: disable libpam support on OSX to enable build 2016-10-06 20:24:02 +02:00
Tim Steinbach
244aee5cd1
openvpn: 2.3.11 -> 2.3.12 2016-09-23 09:24:00 -04:00
John Ericson
ea1caf9272 openvpn: Optional pkcs11 support 2016-09-16 07:24:03 -07:00
Matthias Beyer
340a5d6fbf openvpn: 2.3.10 -> 2.3.11
Taken from #15856.
2016-07-09 15:04:55 +02:00
Franz Pletz
4962f52b88 openvpn: --enable-password-save was removed 2016-05-26 19:17:39 +02:00
Franz Pletz
bf12560053 openvpn: Fix build for systemd 230 2016-05-26 19:16:45 +02:00
Eelco Dolstra
38afa836b3 openvpn: 2.3.8 -> 2.3.10
In particular, this fixes the systemd-ask-password regression
re-introduced by cb1c818491.
2016-03-27 23:29:53 +02:00
John Wiegley
31e5abf788 openvpn: Enable building on Darwin 2015-12-03 13:12:49 -05:00
John Wiegley
cb1c818491 openvpn: 2.3.7 -> 2.3.8 2015-11-25 12:54:02 -08:00
John Wiegley
17044e0e71 openvpn: Allow building on non-Linux systems 2015-11-16 20:34:56 -08:00
Eelco Dolstra
9000ddce90 openvpn: Update to 2.3.7 2015-08-31 17:54:56 +02:00
Eelco Dolstra
a88b9bf19e Revert "openvpn: 2.3.6 -> 2.3.8"
This reverts commit f547eaab44 because
it breaks asking passphrased via systemd.
2015-08-31 17:54:56 +02:00
Edward Tjörnhammar
f547eaab44 openvpn: 2.3.6 -> 2.3.8 2015-08-26 13:00:23 +02:00
Domen Kožar
f57d22fd05 openvpn: fix build 2014-12-02 15:30:25 +01:00
Domen Kožar
cc0d52846e openvpn: 2.3.4 -> 2.3.6 (CVE-2014-8104) 2014-12-02 13:11:37 +01:00
Mateusz Kowalczyk
7a45996233 Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
William A. Kennington III
6ddafad82a openvpn: Update 2.3.3 -> 2.3.4 2014-05-13 16:49:31 -05:00
Eelco Dolstra
27a8cada79 openvpn: Add systemd startup notification
This causes OpenVPN services to reach the "active" state when the VPN
connection is up (i.e., after OpenVPN prints "Initialization Sequence
Completed"). This allows units to be ordered correctly after openvpn-*
units, and makes systemctl present a password prompt:

  $ start openvpn-foo
  Enter Private Key Password: *************

(I first tried to implement this by calling "systemd-notify --ready"
from the "up" script, but systemd-notify is not reliable.)
2014-04-22 13:14:58 +02:00
Eelco Dolstra
33b4ab3ac1 openvpn: Update to 2.3.3 2014-04-22 13:14:58 +02:00