openvpn 2.5.9-0ubuntu0.22.04.2 source package in Ubuntu


openvpn (2.5.9-0ubuntu0.22.04.2) jammy; urgency=medium

  * d/rules: Use --with-openssl-engine=yes during configuration to maintain the
    existing behavior of technically allowing openssl engine access in jammy.
    For more information see

openvpn (2.5.9-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release 2.5.9 (LP: #2004676):
    - The version is being updated to the latest in 2.5.x rather than 2.6.x to
      avoid feature releases and focus on bug fixes
    - Updates:
      + Allow optional ciphers in --data-ciphers
    - Bug Fixes Include:
      + Fix null pointer error when running openvpn --show-tls with mbedtls
      + Fix corner case that could lead to leaked file descriptor
      + Fix parsing issue in pull-filter when there are leading spaces
      + Fix possible buffer overflow in parse_line argument
      + See for
        additional bug fixes and information

openvpn (2.5.8-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream releases 2.5.6-2.5.8 (LP: #2004676):
    - The version is being updated to the latest in 2.5.x rather than 2.6.x to
      avoid feature releases and focus on bug fixes
    - Updates:
      + OpenSSL3 support
      + pkcs11-helper upgrade to 1.28.4
      + allow running a default configuration with TLS libraries without BF-CBC
    - Bug Fixes Include:
      + CVE-2022-0547
      + Fix potential memory leaks in add_route() and add_route_ipv6()
      + Fix PATH_MAX build failure in auth-pam.c
      + Fix using --auth-token together with --management-client-auth
      + Fix clearing of username+password when using --auth-nocache
      + See for
        additional bug fixes and information
  * Remove patches fixed upstream:
    - d/p/CVE-2022-0547.patch
      [Included in upstream release 2.5.6]
    - d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
    - d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
    - d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
    - d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
    - d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
    - d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
     [Included in upstream release 2.5.7]
    - d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
    - d/p/match-manpage-and-command-help.patch
      [Included in upstream release 2.5.8]

 -- Lena Voytek <email address hidden>  Fri, 29 Sep 2023 16:14:48 -0700

Upload details

Uploaded by:
Lena Voytek
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy updates main net


File Size SHA-256 Checksum
openvpn_2.5.9.orig.tar.gz 1.8 MiB 8794b7125998c68f30de654267a702b9581454ca1e7061511fcc5f99fea4bd32
openvpn_2.5.9-0ubuntu0.22.04.2.debian.tar.xz 63.9 KiB 3023855cbcedad8de67cee616387cfb868c498d8530a49797b6e7df607991077
openvpn_2.5.9-0ubuntu0.22.04.2.dsc 2.2 KiB b3245b136f2b475206721be7a2af0f3e543a457bd98d73f5435214db0257f6a8

View changes file

Binary packages built by this source

openvpn: virtual private network daemon

 OpenVPN is an application to securely tunnel IP networks over a
 single UDP or TCP port. It can be used to access remote sites, make
 secure point-to-point connections, enhance wireless security, etc.
 OpenVPN uses all of the encryption, authentication, and certification
 features provided by the OpenSSL library (any cipher, key size, or
 HMAC digest).
 OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It
 also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels
 over NAT or connection-oriented stateful firewalls (such as Linux's iptables).

openvpn-dbgsym: debug symbols for openvpn