* New upstream release 2.5.9 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ Allow optional ciphers in --data-ciphers
- Bug Fixes Include:
+ Fix null pointer error when running openvpn --show-tls with mbedtls
+ Fix corner case that could lead to leaked file descriptor
+ Fix parsing issue in pull-filter when there are leading spaces
+ Fix possible buffer overflow in parse_line argument
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
* New upstream releases 2.5.6-2.5.8 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ OpenSSL3 support
+ pkcs11-helper upgrade to 1.28.4
+ allow running a default configuration with TLS libraries without BF-CBC
- Bug Fixes Include:
+ CVE-2022-0547
+ Fix potential memory leaks in add_route() and add_route_ipv6()
+ Fix PATH_MAX build failure in auth-pam.c
+ Fix using --auth-token together with --management-client-auth
+ Fix clearing of username+password when using --auth-nocache
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
* Remove patches fixed upstream:
- d/p/CVE-2022-0547.patch
[Included in upstream release 2.5.6]
- d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
- d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
into-methods.patch
- d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
- d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
- d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
- d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
digest-names.patch
[Included in upstream release 2.5.7]
- d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
libraries-without-BF-CBC.patch
- d/p/match-manpage-and-command-help.patch
[Included in upstream release 2.5.8]
This bug was fixed in the package openvpn - 2.5.9-0ubuntu0. 22.04.2
--------------- 0ubuntu0. 22.04.2) jammy; urgency=medium
openvpn (2.5.9-
* d/rules: Use --with- openssl- engine= yes during configuration to maintain the /bugs.launchpad .net/ubuntu/ +source/ openvpn/ +bug/2004676/ comments/ 6
existing behavior of technically allowing openssl engine access in jammy.
For more information see
https:/
openvpn (2.5.9- 0ubuntu0. 22.04.1) jammy; urgency=medium
* New upstream release 2.5.9 (LP: #2004676): /community. openvpn. net/openvpn/ wiki/ChangesInO penvpn25 for
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ Allow optional ciphers in --data-ciphers
- Bug Fixes Include:
+ Fix null pointer error when running openvpn --show-tls with mbedtls
+ Fix corner case that could lead to leaked file descriptor
+ Fix parsing issue in pull-filter when there are leading spaces
+ Fix possible buffer overflow in parse_line argument
+ See https:/
additional bug fixes and information
openvpn (2.5.8- 0ubuntu0. 22.04.1) jammy; urgency=medium
* New upstream releases 2.5.6-2.5.8 (LP: #2004676): client- auth /community. openvpn. net/openvpn/ wiki/ChangesInO penvpn25 for 2022-0547. patch 3/0001- Add-insecure- tls-cert- profile- options. patch 3/0002- Refactor- early-initialis ation-and- uninitialisatio n- methods. patch 3/0003- Allow-loading- of-non- default- providers. patch 3/0004- Fix-allowing- showing- unsupported- ciphers- digests. patch 3/0005- Add-message- when-decoding- PKCS12- file-fails. patch 3/0006- Translate- OpenSSL- 3.0-digest- names-to- OpenSSL- 1.1- names.patch 3/0007- Allow-running- a-default- configuration- with-TLS- -without- BF-CBC. patch manpage- and-command- help.patch
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ OpenSSL3 support
+ pkcs11-helper upgrade to 1.28.4
+ allow running a default configuration with TLS libraries without BF-CBC
- Bug Fixes Include:
+ CVE-2022-0547
+ Fix potential memory leaks in add_route() and add_route_ipv6()
+ Fix PATH_MAX build failure in auth-pam.c
+ Fix using --auth-token together with --management-
+ Fix clearing of username+password when using --auth-nocache
+ See https:/
additional bug fixes and information
* Remove patches fixed upstream:
- d/p/CVE-
[Included in upstream release 2.5.6]
- d/p/openssl-
- d/p/openssl-
into-
- d/p/openssl-
- d/p/openssl-
- d/p/openssl-
- d/p/openssl-
digest-
[Included in upstream release 2.5.7]
- d/p/openssl-
libraries
- d/p/match-
[Included in upstream release 2.5.8]
-- Lena Voytek <email address hidden> Fri, 29 Sep 2023 16:14:48 -0700