Comment 25 for bug 2004676

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openvpn - 2.5.9-0ubuntu0.22.04.2

---------------
openvpn (2.5.9-0ubuntu0.22.04.2) jammy; urgency=medium

  * d/rules: Use --with-openssl-engine=yes during configuration to maintain the
    existing behavior of technically allowing openssl engine access in jammy.
    For more information see
    https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2004676/comments/6

openvpn (2.5.9-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release 2.5.9 (LP: #2004676):
    - The version is being updated to the latest in 2.5.x rather than 2.6.x to
      avoid feature releases and focus on bug fixes
    - Updates:
      + Allow optional ciphers in --data-ciphers
    - Bug Fixes Include:
      + Fix null pointer error when running openvpn --show-tls with mbedtls
      + Fix corner case that could lead to leaked file descriptor
      + Fix parsing issue in pull-filter when there are leading spaces
      + Fix possible buffer overflow in parse_line argument
      + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
        additional bug fixes and information

openvpn (2.5.8-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream releases 2.5.6-2.5.8 (LP: #2004676):
    - The version is being updated to the latest in 2.5.x rather than 2.6.x to
      avoid feature releases and focus on bug fixes
    - Updates:
      + OpenSSL3 support
      + pkcs11-helper upgrade to 1.28.4
      + allow running a default configuration with TLS libraries without BF-CBC
    - Bug Fixes Include:
      + CVE-2022-0547
      + Fix potential memory leaks in add_route() and add_route_ipv6()
      + Fix PATH_MAX build failure in auth-pam.c
      + Fix using --auth-token together with --management-client-auth
      + Fix clearing of username+password when using --auth-nocache
      + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
        additional bug fixes and information
  * Remove patches fixed upstream:
    - d/p/CVE-2022-0547.patch
      [Included in upstream release 2.5.6]
    - d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
    - d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
      into-methods.patch
    - d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
    - d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
    - d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
    - d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
      digest-names.patch
     [Included in upstream release 2.5.7]
    - d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
      libraries-without-BF-CBC.patch
    - d/p/match-manpage-and-command-help.patch
      [Included in upstream release 2.5.8]

 -- Lena Voytek <email address hidden> Fri, 29 Sep 2023 16:14:48 -0700