-
openvpn (2.4.4-2ubuntu1.7) bionic-security; urgency=medium
* SECURITY UPDATE: authentication bypass via multiple deferred
authentication plug-ins
- debian/patches/CVE-2022-0547.patch: disallow multiple deferred
authentication plug-ins in doc/openvpn.8, src/openvpn/plugin.c.
- CVE-2022-0547
-- Marc Deslauriers <email address hidden> Tue, 22 Mar 2022 10:41:25 -0400
-
openvpn (2.4.4-2ubuntu1.6) bionic; urgency=medium
* d/p/increase-listen-backlog-queue-to-32.patch: Increase listen backlog queue
to 32 (LP: #1934781)
-- Athos Ribeiro <email address hidden> Mon, 19 Jul 2021 19:53:26 -0300
-
openvpn (2.4.4-2ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: data channel v2 packet injection
- debian/patches/CVE-2020-11810.patch: fix illegal client float in
src/openvpn/multi.c.
- CVE-2020-11810
* SECURITY UPDATE: Authentication bypass with deferred authentication
- debian/patches/CVE-2020-15078.patch: ensure key state is
authenticated before sending push reply in src/openvpn/push.c.
- CVE-2020-15078
-- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 10:54:29 -0400
-
openvpn (2.4.4-2ubuntu1.4) bionic; urgency=medium
* Drop reload support from systemd unit files (LP: #1868127)
-- Lucas Kanashiro <email address hidden> Wed, 27 May 2020 19:36:40 -0300
-
openvpn (2.4.4-2ubuntu1.3) bionic; urgency=medium
* d/p/lp-1828771-CapabilityBoundingSet-for-auth_pam.patch: Add CAP_AUDIT_WRITE
to upstreams set of .service files to avoid issues with callout scripts
breaking due to sudo/pam being unable to audit the action (LP: #1828771)
-- Christian Ehrhardt <email address hidden> Tue, 14 May 2019 10:25:51 +0200
-
openvpn (2.4.4-2ubuntu1.2) bionic; urgency=medium
* d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF.
(LP: #1807439)
-- Joy Latten <email address hidden> Wed, 09 Jan 2019 15:50:03 -0600
-
openvpn (2.4.4-2ubuntu1.1) bionic; urgency=medium
* d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout
scripts breaking due to sudo/pam being unable to audit the action.
Fixed in upstream issue #918, suggested to Debian in #868806 (LP: #1787208)
-- Christian Ehrhardt <email address hidden> Wed, 05 Sep 2018 14:43:16 +0200
-
openvpn (2.4.4-2ubuntu1) bionic; urgency=low
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
openvpn (2.4.4-2) unstable; urgency=medium
* Build against OpenSSL 1.1.0 (Closes: #828447)
* Bump Standards-Version to 4.1.2, no changes necessary
-- Dimitri John Ledkov <email address hidden> Sat, 10 Feb 2018 20:27:56 +0000
-
openvpn (2.4.4-1ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
openvpn (2.4.4-1) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* New Upstream release:
- Fix bounds check in read_key() (CVE-2017-12166) (Closes: #877089).
* Declare compliance with Debian Policy 4.1.1. (No changes needed).
* Drop dh-systemd from both Build-Depends and dh command line as
it is enabled by default for dh compat level 10.
* New debian/openvpn.lintian-overrides:
- Override duplicate upstream changelog warning.
* Remote obsolete directory /usr/lib/openvpn (The plugins directory are now
/usr/lib/*/openvpn/plugins):
- Remove /usr/lib/openvpn from debian/dirs.
- Add debian/postrm to remove /usr/lib/openvpn on purge and remove.
- Rewrite plugin section at README.Debian
* Use pathfind() instead hard coded path for invoke-rc.d at debian/prerm
and debian/postinst.
* Remove outdated debian/README.source.
* Remove obsolete syslog.target from debian/openvpn@.service.
* Update Catalan translation (Closes: #870351).
- Thanks to Alytidae <email address hidden>.
* New directory /var/log/openvpn for log and status files
(Closes: #444431, #553303):
- Add var/log/openvpn into debian/dirs.
- New debian/patches/move_log_dir.patch to change the conf files
to the new log directory.
[ Bernhard Schmidt ]
* Further changes to debian/openvpn@.service copied from upstream
- Enable Restart=on-failure
- Use KillMode=process
-- Jeremy Bicha <email address hidden> Sat, 28 Oct 2017 15:13:58 -0400
-
openvpn (2.4.3-4ubuntu1) artful; urgency=medium
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
openvpn (2.4.3-4) unstable; urgency=medium
* fix FTBFS on kfreebsd
* Adjust debian openvpn@.service to be closer to the upstream
ones (Closes: #858558, #864031):
- adjust Documentation URL to OpenVPN 2.4
- use systemd READY signalling (Type=notify)
- add ProtectHome=true
- add After/Wants network-online.target
- adjust CapabililtyBoundingSet
openvpn (2.4.3-3) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* debian/control:
- Set Bernhard Schmidt <email address hidden> as maintainer and myself as
Uploader (Closes: #865555)
- Many thanks to Alberto Gonzalez Iniesta.
- Change Vcs-Browser to cgit.
* Migrate to debhelper 10:
- Change debian/compat to 10.
- Bump minimum debhelper version in debian/control to >= 10.
* Declare compliance with Debian Policy 4.0.0. (No changes needed).
[ Bernhard Schmidt ]
* properly remove obsolete /etc/tmpfiles.d/openvpn.conf using
dpkg-maintscript-helper (Closes: #865717)
* Change Vcs-Git and Homepage to https
openvpn (2.4.3-2) unstable; urgency=medium
* The "Bye bye OpenVPN" revenge release
* Put upstream tmpfiles conf in the right place and merge with Debian's.
(Closes: #865589)
openvpn (2.4.3-1) unstable; urgency=high
* The "Bye bye OpenVPN" release.
* New upstream release fixing: (Closes: #865480)
- CVE-2017-7508
- CVE-2017-7520
- CVE-2017-7521
- CVE-2017-7522
* Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins
* debian/rules:
- Remove obsolete options to configure script (enable-password-save,
with-plugindir (now in ENV_VARS))
- No need to install upstream's systemd unit files from debian/rules
openvpn (2.4.0-6) unstable; urgency=medium
* Apply upstream patch to fix shrinking MTU sizes on reconnects causing not
usable VPN tunnels.
-- Jeremy Bicha <email address hidden> Sun, 02 Jul 2017 23:05:35 -0400
