This picks up the latest bugfixes, and adds new features such as data channel cipher negotiation: https://www.ghacks.net/2016/12/28/openvpn-2-4-0-is-out/
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/c0b3cce905fff5560fdb63fd9cb9844aaa1a6bda commit c0b3cce905fff5560fdb63fd9cb9844aaa1a6bda Author: Kevin Cernekee <cernekee@chromium.org> Date: Tue May 02 02:18:20 2017 dev-libs/pkcs11-helper: Upgrade package to v1.21 This is required by the latest openvpn ebuilds. BUG= chromium:716913 TEST=manually emerge + deploy to samus; connect to a cert based VPN Change-Id: I437bfd4c5859efd60b334c2d690a356380f64042 Reviewed-on: https://chromium-review.googlesource.com/491070 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [add] https://crrev.com/c0b3cce905fff5560fdb63fd9cb9844aaa1a6bda/dev-libs/pkcs11-helper/pkcs11-helper-1.21.ebuild [modify] https://crrev.com/c0b3cce905fff5560fdb63fd9cb9844aaa1a6bda/dev-libs/pkcs11-helper/metadata.xml [delete] https://crrev.com/a6aaba18462357dcb073da1e6aabccf0a7867d68/dev-libs/pkcs11-helper/pkcs11-helper-1.07.ebuild [modify] https://crrev.com/c0b3cce905fff5560fdb63fd9cb9844aaa1a6bda/dev-libs/pkcs11-helper/Manifest [add] https://crrev.com/c0b3cce905fff5560fdb63fd9cb9844aaa1a6bda/eclass/ltprune.eclass
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/564695270bda927136cbb18a2ba4701ef5467b1a commit 564695270bda927136cbb18a2ba4701ef5467b1a Author: Kevin Cernekee <cernekee@chromium.org> Date: Wed May 03 15:31:15 2017 net-vpn/openvpn: Upgrade package to upstream v2.4.1 Upstream has moved this package into the new "net-vpn" category, so the references to it have been adjusted accordingly. Patches iv_plat, redirect-gateway, and pkcs11-slot are carried forward from 2.3.2 with minor formatting/context tweaks only. The large-passwords patch is newly introduced in 2.4.1 in order to support passing long passwords from shill. BUG= chromium:716913 TEST=manually connect to openvpn server TEST=autotests CQ-DEPEND=CL:491070 Change-Id: I1b02095ec5e38f517c189e34d679274223d937cd Reviewed-on: https://chromium-review.googlesource.com/491107 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> [delete] https://crrev.com/fc1a674a2293454f6fbea1204c4031588536e8de/net-misc/openvpn/Manifest [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/openvpn-2.4.1-pkcs11-slot.patch [delete] https://crrev.com/fc1a674a2293454f6fbea1204c4031588536e8de/net-misc/openvpn/files/openvpn-2.3.2-iv_plat.patch [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/down.sh [modify] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/profiles/categories [delete] https://crrev.com/fc1a674a2293454f6fbea1204c4031588536e8de/net-misc/openvpn/files/openvpn-2.3.2-pkcs11-slot.patch [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/Manifest [delete] https://crrev.com/fc1a674a2293454f6fbea1204c4031588536e8de/net-misc/openvpn/openvpn-2.3.2.ebuild [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/openvpn-2.1.conf [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/openvpn-2.4.1-iv_plat.patch [rename] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/metadata.xml [delete] https://crrev.com/fc1a674a2293454f6fbea1204c4031588536e8de/net-misc/openvpn/files/openvpn-2.3.2-redirect-gateway.patch [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/openvpn-external-cmocka.patch [modify] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/chromeos-base/shill/shill-9999.ebuild [delete] https://crrev.com/fc1a674a2293454f6fbea1204c4031588536e8de/net-misc/openvpn/openvpn-2.3.2-r2.ebuild [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/openvpn-2.4.1-redirect-gateway.patch [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/openvpn.tmpfile [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/chromeos/config/env/net-vpn/openvpn [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/up.sh [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/openvpn-2.4.1-large-passwords.patch [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/files/openvpn-2.1.init [add] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/net-vpn/openvpn/openvpn-2.4.1.ebuild [modify] https://crrev.com/564695270bda927136cbb18a2ba4701ef5467b1a/profiles/targets/chromeos/package.use
OpenVPN v2.4.2 was just released with fixes for multiple security issues. https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/ https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/ Can ChromeOS be updated with this new version?
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/58541f1ab47194df544da0e210dfdebc781ea7bb commit 58541f1ab47194df544da0e210dfdebc781ea7bb Author: Kevin Cernekee <cernekee@chromium.org> Date: Fri May 19 20:57:52 2017 net-vpn/openvpn: Upgrade to v2.4.2 from upstream This fixes a couple of security issues found during an audit: https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/ BUG= chromium:716913 TEST=manually connect to test server TEST=autotests Change-Id: I561eb27d946da91f42861cea2628b401a590f75a Reviewed-on: https://chromium-review.googlesource.com/505929 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/58541f1ab47194df544da0e210dfdebc781ea7bb/net-vpn/openvpn/Manifest [rename] https://crrev.com/58541f1ab47194df544da0e210dfdebc781ea7bb/net-vpn/openvpn/openvpn-2.4.2.ebuild [add] https://crrev.com/58541f1ab47194df544da0e210dfdebc781ea7bb/net-vpn/openvpn/openvpn-2.4.2-r1.ebuild
Comment 1 by cernekee@chromium.org
, Apr 30 2017