-
openvpn (2.4.9-3ubuntu1.1) groovy-security; urgency=medium
* SECURITY UPDATE: Authentication bypass with deferred authentication
- debian/patches/CVE-2020-15078.patch: ensure key state is
authenticated before sending push reply in src/openvpn/push.c.
- CVE-2020-15078
-- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 10:49:50 -0400
-
openvpn (2.4.9-3ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
- d/tests: add two DEP-8 test cases
+ d/t/server-setup-with-static-key: test the OpenVPN server side setup
using a static key.
+ d/t/server-setup-with-ca: test the OpenVPN server side setup using a
CA built with easy-rsa.
- d/openvpn*.service: Drop reload support from systemd unit files
(LP #1868127). The current reload implementation (sending a SIGHUP
signal to the process) fails, and the difference between reload and
restart is not clear. Systemd does not require an implementation for
reload.
-- Lucas Kanashiro <email address hidden> Tue, 18 Aug 2020 08:42:11 -0300
-
openvpn (2.4.9-2ubuntu2) groovy; urgency=medium
* Drop reload support from systemd unit files (LP: #1868127)
-- Lucas Kanashiro <email address hidden> Tue, 26 May 2020 19:04:33 -0300
-
openvpn (2.4.9-2ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP 1454725)
- Allow MD5 for PRF in FIPS mode openssl.
* Added changes:
- d/tests: add two DEP-8 test cases
+ d/t/server-setup-with-static-key: test the OpenVPN server side setup
using a static key.
+ d/t/server-setup-with-ca: test the OpenVPN server side setup using a
CA built with easy-rsa.
openvpn (2.4.9-2) unstable; urgency=medium
* Cherry-Pick upstream patch to fix ssl_do_config error with
invalid OpenSSL system configuration (Closes: #958296)
Thanks to Jonas Andradas for reporting and Arne Schwabe for debugging.
* Use DEB_HOST_MULTIARCH for libraries (Closes: #958315)
* Enable Salsa CI
openvpn (2.4.9-1) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* New upstream release (Closes: #950610).
* Refresh debian/patches/openvpn-pkcs11warn.patch.
* Remove upstream applied fix-pkcs11-helper-hang.patch.
* Add libp11-kit-dev to Build - Depends (Closes: #940727).
* Add symlinks for plugins into /usr/lib/openvpn/ (Closes: #946348).
* Declare compliance with Debian Policy 4.5.0 (No changes needed).
* Switch to debhelper-compat:
- debian/control: change to debhelper-compat (=12).
- remove debian/compat.
* debian/copyright:
- Add year 2020 to debian/*.
- Add year 2019 to *.
* debian/control:
- Add Rules-Requires-Root: No.
[ Bernhard Schmidt ]
* New upstream version 2.4.9
- CVE-2020-11810
illegal client float can break VPN session for other users
-- Lucas Kanashiro <email address hidden> Wed, 29 Apr 2020 15:35:56 -0300
-
openvpn (2.4.7-1ubuntu2) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:05:25 +0000
