Ubuntu
openvpn package

Merge openvpn from Debian unstable for kinetic

Bug #1971306 reported by Bryce Harrington
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Fix Released
Undecided
Lucas Kanashiro
Ubuntu ubuntu-22.07

Bug Description

Upstream: tbd
Debian: 2.5.6-1 2.6.0~git20220317+dco-1
Ubuntu: 2.5.5-1ubuntu3

Debian new has 2.6.0~git20220317+dco-1

### New Debian Changes ###

openvpn (2.5.6-1) unstable; urgency=high

  * New upstream version 2.5.6
    CVE-2022-0547 - Potential authentication by-pass with multiple deferred
    authentication plug-ins plug-ins (Closes: #1008015)

 -- Bernhard Schmidt <email address hidden> Sun, 20 Mar 2022 21:42:05 +0100

openvpn (2.5.5-1) unstable; urgency=medium

  [ Jörg Frings-Fürst ]
  * New upstream version 2.5.5
  * Declare compliance with Debian Policy 4.6.0.1
  * d/copyright:
    - Remove duplicate entries;
    - Refresh for new upstream release
    - Add 2021 to myself

  [ Bernhard Schmidt ]
  * Refresh patches for new upstream version

 -- Bernhard Schmidt <email address hidden> Mon, 21 Feb 2022 12:05:55 +0100

openvpn (2.5.1-3) unstable; urgency=medium

  * Fix autopkgtest (Closes: #983662)
    - adapt autopkgtest output to 2.5 (from Ubuntu)
    - Fix easyrsa batch mode invocation
  * Cherry-Pick 'Fix condition to generate session keys' (Closes: #988478)

 -- Bernhard Schmidt <email address hidden> Fri, 14 May 2021 09:40:04 +0200

openvpn (2.5.1-2) unstable; urgency=high

  * Cherry-Pick 3 (+ 1 predependency) patches from upstream to fix
    authentication bypass with deferred authentication
    (CVE-2020-15078) (Closes: #987380)

 -- Bernhard Schmidt <email address hidden> Wed, 28 Apr 2021 14:41:58 +0200

openvpn (2.5.1-1) unstable; urgency=medium

  * New upstream version 2.5.1 (bugfix release)

 -- Bernhard Schmidt <email address hidden> Wed, 24 Feb 2021 19:54:34 +0100

openvpn (2.5.0-1) unstable; urgency=medium

  * New upstream version 2.5.0 - final release

 -- Bernhard Schmidt <email address hidden> Wed, 28 Oct 2020 19:37:34 +0100

openvpn (2.5~rc3-1) unstable; urgency=medium

  * New upstream version 2.5~rc3

 -- Bernhard Schmidt <email address hidden> Tue, 20 Oct 2020 19:17:43 +0200

openvpn (2.5~rc2-1) unstable; urgency=medium

  * Downgrade debhelper-compat to 12 for easier backports
  * New upstream version 2.5~rc2

 -- Bernhard Schmidt <email address hidden> Wed, 30 Sep 2020 21:12:11 +0200

openvpn (2.5~beta3-1) unstable; urgency=medium

  * Release to unstable.

  [ Lucas Kanashiro ]
  * Add two DEP-8 test cases for the server side
  * Drop reload support from systemd unit files (LP: #1868127)

  [ Bernhard Schmidt ]
  * Revert 'd/gbp.conf for experimental 2.5 branch'
  * New upstream version 2.5~beta3

 -- Bernhard Schmidt <email address hidden> Tue, 01 Sep 2020 16:53:43 +0200

openvpn (2.5~beta1-3) experimental; urgency=medium

  * Disable iproute2 support in favour of the new netlink based default.
    Thanks to Fabio Pedretti

 -- Bernhard Schmidt <email address hidden> Sun, 16 Aug 2020 14:04:11 +0200

openvpn (2.5~beta1-2) experimental; urgency=medium

  * Set Build-Conflicts: systemctl, see Bug#959828

 -- Bernhard Schmidt <email address hidden> Sun, 16 Aug 2020 10:33:47 +0200

openvpn (2.5~beta1-1) experimental; urgency=medium

  * d/gbp.conf for experimental 2.5 branch
  * New upstream version 2.5~beta1
  * Adjust patches for new major upstream version
  * Add python3-docutils to build-depends for manpage generation

 -- Bernhard Schmidt <email address hidden> Sat, 15 Aug 2020 21:32:49 +0200

### Old Ubuntu Delta ###

openvpn (2.5.5-1ubuntu3) jammy; urgency=medium

  * debian/patches/CVE-2022-0547.patch: updated to properly patch actual
    manpage file in doc/openvpn.8.

 -- Marc Deslauriers <email address hidden> Tue, 22 Mar 2022 13:22:27 -0400

openvpn (2.5.5-1ubuntu2) jammy; urgency=medium

  * SECURITY UPDATE: authentication bypass via multiple deferred
    authentication plug-ins
    - debian/patches/CVE-2022-0547.patch: disallow multiple deferred
      authentication plug-ins in doc/man-sections/plugin-options.rst,
      src/openvpn/plugin.c.
    - CVE-2022-0547

 -- Marc Deslauriers <email address hidden> Tue, 22 Mar 2022 10:37:55 -0400

openvpn (2.5.5-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1946884). Remaining changes:
    - d/control: Demote easy-rsa to Suggests (universe package).
    - debian/openvpn@.service: Add '--script-security 2' similar to what
      got added to debian/openvpn.init.d ages ago (LP #1454725)
    - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
    - d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
      the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980)

 -- Sergio Durigan Junior <email address hidden> Wed, 23 Feb 2022 10:14:27 -0500

Bryce Harrington (bryce)
Changed in openvpn (Ubuntu):
milestone: none → ubuntu-22.06
Lucas Kanashiro (lucaskanashiro)
Changed in openvpn (Ubuntu):
assignee: nobody → Lucas Kanashiro (lucaskanashiro)
Lucas Kanashiro (lucaskanashiro)
Changed in openvpn (Ubuntu):
milestone: ubuntu-22.06 → ubuntu-22.07
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

openvpn/2.6.0~git20220518+dco-2ubuntu3 is already available in kinetic.

Changed in openvpn (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.