-
openvpn (2.5.9-0ubuntu0.22.04.2) jammy; urgency=medium
* d/rules: Use --with-openssl-engine=yes during configuration to maintain the
existing behavior of technically allowing openssl engine access in jammy.
For more information see
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2004676/comments/6
openvpn (2.5.9-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream release 2.5.9 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ Allow optional ciphers in --data-ciphers
- Bug Fixes Include:
+ Fix null pointer error when running openvpn --show-tls with mbedtls
+ Fix corner case that could lead to leaked file descriptor
+ Fix parsing issue in pull-filter when there are leading spaces
+ Fix possible buffer overflow in parse_line argument
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
openvpn (2.5.8-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream releases 2.5.6-2.5.8 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ OpenSSL3 support
+ pkcs11-helper upgrade to 1.28.4
+ allow running a default configuration with TLS libraries without BF-CBC
- Bug Fixes Include:
+ CVE-2022-0547
+ Fix potential memory leaks in add_route() and add_route_ipv6()
+ Fix PATH_MAX build failure in auth-pam.c
+ Fix using --auth-token together with --management-client-auth
+ Fix clearing of username+password when using --auth-nocache
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
* Remove patches fixed upstream:
- d/p/CVE-2022-0547.patch
[Included in upstream release 2.5.6]
- d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
- d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
into-methods.patch
- d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
- d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
- d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
- d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
digest-names.patch
[Included in upstream release 2.5.7]
- d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
libraries-without-BF-CBC.patch
- d/p/match-manpage-and-command-help.patch
[Included in upstream release 2.5.8]
-- Lena Voytek <email address hidden> Fri, 29 Sep 2023 16:14:48 -0700
-
openvpn (2.5.8-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream releases 2.5.6-2.5.8 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ OpenSSL3 support
+ pkcs11-helper upgrade to 1.28.4
+ allow running a default configuration with TLS libraries without BF-CBC
- Bug Fixes Include:
+ CVE-2022-0547
+ Fix potential memory leaks in add_route() and add_route_ipv6()
+ Fix PATH_MAX build failure in auth-pam.c
+ Fix using --auth-token together with --management-client-auth
+ Fix clearing of username+password when using --auth-nocache
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
* Remove patches fixed upstream:
- d/p/CVE-2022-0547.patch
[Included in upstream release 2.5.6]
- d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
- d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
into-methods.patch
- d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
- d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
- d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
- d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
digest-names.patch
[Included in upstream release 2.5.7]
- d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
libraries-without-BF-CBC.patch
- d/p/match-manpage-and-command-help.patch
[Included in upstream release 2.5.8]
-- Lena Voytek <email address hidden> Fri, 03 Feb 2023 15:49:35 -0700
-
openvpn (2.5.5-1ubuntu3.1) jammy; urgency=medium
* d/p/openssl-3/*.patch: backport upstream patch set to better support
OpenSSL 3 (LP: #1975574)
-- Lucas Kanashiro <email address hidden> Thu, 14 Jul 2022 11:21:14 -0300
-
openvpn (2.5.5-1ubuntu3) jammy; urgency=medium
* debian/patches/CVE-2022-0547.patch: updated to properly patch actual
manpage file in doc/openvpn.8.
-- Marc Deslauriers <email address hidden> Tue, 22 Mar 2022 13:22:27 -0400
-
openvpn (2.5.5-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: authentication bypass via multiple deferred
authentication plug-ins
- debian/patches/CVE-2022-0547.patch: disallow multiple deferred
authentication plug-ins in doc/man-sections/plugin-options.rst,
src/openvpn/plugin.c.
- CVE-2022-0547
-- Marc Deslauriers <email address hidden> Tue, 22 Mar 2022 10:37:55 -0400
-
openvpn (2.5.5-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1946884). Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
- d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980)
-- Sergio Durigan Junior <email address hidden> Wed, 23 Feb 2022 10:14:27 -0500
-
openvpn (2.5.1-3ubuntu5) jammy; urgency=medium
* No-change rebuild to update maintainer scripts, see LP: 1959054
-- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:16:30 +0000
-
openvpn (2.5.1-3ubuntu4) jammy; urgency=medium
* d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
the OpenSSL3 branch and the OpenVPN 2.5 branch (LP: #1945980)
-- Simon Chopin <email address hidden> Thu, 18 Nov 2021 15:05:21 +0100
-
openvpn (2.5.1-3ubuntu3) jammy; urgency=medium
* No-change rebuild against openssl3
-- Simon Chopin <email address hidden> Wed, 01 Dec 2021 16:09:52 +0000
-
openvpn (2.5.1-3ubuntu2) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:21:59 +0200
-
openvpn (2.5.1-3ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
* Dropped changes:
- d/t/server-setup-*: adapt tests to output of v2.5.0
[Included in 2.5.1-3]
openvpn (2.5.1-3) unstable; urgency=medium
* Fix autopkgtest (Closes: #983662)
- adapt autopkgtest output to 2.5 (from Ubuntu)
- Fix easyrsa batch mode invocation
* Cherry-Pick "Fix condition to generate session keys" (Closes: #988478)
-- Utkarsh Gupta <email address hidden> Mon, 17 May 2021 14:38:17 +0530