Ubuntu
openvpn package

Merge openvpn from Debian unstable for oracular

Bug #2064436 reported by Bryce Harrington on 2024-05-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openvpn (Ubuntu)	Fix Released	Undecided	Lena Voytek	Ubuntu ubuntu-24.05

Bug Description

Scheduled-For: Backlog
Upstream: tbd
Debian: 2.6.9-1
Ubuntu: 2.6.9-1ubuntu4

There is nothing yet to merge for openvpn currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38

### New Debian Changes ###

openvpn (2.6.9-1) unstable; urgency=medium

  * New upstream version 2.6.9
  * Switch to systemd-dev (Closes: #1060500)
  * Install systemd generator and units into /usr. (Closes: #1064399)

-- Bernhard Schmidt <email address hidden> Wed, 28 Feb 2024 08:43:25 +0100

openvpn (2.6.7-1) unstable; urgency=medium

  [ Aquila Macedo ]
  * d/control: bump debhelper-compat level to 13.
  * d/patches: Remove outdated patches
  * d/patches: fix typo in openvpn binary
  * d/patches: fix typo in manpages
  * d/copyright: Update license to BSD-2
  * d/openvpn.service: add documentation

  [ Bernhard Schmidt ]
  * New upstream version 2.6.7, fixing two CVEs (Closes: #1055805)
    - CVE-2023-46849: Use of --fragment option can lead to a division by zero
      error which can be fatal
    - CVE-2023-46850: Incorrect use of send buffer can cause memory to be sent
      to peer
  * Pick patch recommended by upstream in GH#449 to fix segfault
    introduced in 2.6.7

[ Remus-Gabriel Chelu ]
* Add Romanian templates translation (Closes: #1033179)

-- Bernhard Schmidt <email address hidden> Sat, 11 Nov 2023 22:01:15 +0100

openvpn (2.6.3-2.1) unstable; urgency=medium

* Non-maintainer upload.

[ Helmut Grohne ]
* Do not install systemd units twice (Closes: #1054083)

-- Jochen Sprickerhof <email address hidden> Fri, 27 Oct 2023 16:26:34 +0200

openvpn (2.6.3-2) unstable; urgency=medium

  * Cherry-pick two bugfix commits from upstream
    - Memory leak in dco_get_peer_stats_multi for Linux
    - dangling pointer passed to pkcs11-helper

-- Bernhard Schmidt <email address hidden> Sat, 20 May 2023 17:43:32 +0200

openvpn (2.6.3-1) unstable; urgency=medium

  * New upstream version 2.6.2
    - drop patches applied upstream
    - needs new openvpn-dco-dkms version. Not adding a versioned dependency
      to untangle testing migration, because it will just not use the
      'wrong' version and run unaccelerated.
  * New upstream version 2.6.3

-- Bernhard Schmidt <email address hidden> Thu, 13 Apr 2023 09:19:40 +0200

openvpn (2.6.1-1) unstable; urgency=medium

  * Upload to unstable targetting bookworm
  * Cherry-Pick upstream commits from 2.6.2
    - fix rare ASSERT in tls-crypt
    - fix memory leaks in HMAC initial packet generation
    - set netlink socket to be non-blocking

-- Bernhard Schmidt <email address hidden> Sun, 26 Mar 2023 11:14:26 +0200

openvpn (2.6.1-1~exp1) experimental; urgency=medium

* New upstream version 2.6.1
- target experimental due to the freeze

-- Bernhard Schmidt <email address hidden> Fri, 10 Mar 2023 09:02:22 +0100

openvpn (2.6.0-1) unstable; urgency=medium

  * New upstream version 2.6.0
  * Drop dco netlink buffer overflow patch applied upstream
  * Drop obsolete lsb-base dependency

-- Bernhard Schmidt <email address hidden> Wed, 25 Jan 2023 22:27:04 +0100

openvpn (2.6.0~rc2-1) unstable; urgency=medium

* New upstream version 2.6.0~rc2
* Add upstream pending patch to work around dco netlink buffer overflow

-- Bernhard Schmidt <email address hidden> Fri, 13 Jan 2023 19:02:01 +0100

openvpn (2.6.0~rc1-1) unstable; urgency=medium

* New upstream version 2.6.0~rc1 (Closes: #1014376)
* Drop DCO workaround applied upstream

-- Bernhard Schmidt <email address hidden> Wed, 28 Dec 2022 22:51:31 +0100

openvpn (2.6.0~git20221222-1) unstable; urgency=medium

### Old Ubuntu Delta ###

openvpn (2.6.9-1ubuntu4) noble; urgency=high

* No change rebuild against libssl3t64.

-- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 16:47:03 +0200

openvpn (2.6.9-1ubuntu3) noble; urgency=medium

* No-change rebuild for CVE-2024-3094

-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 09:23:46 +0000

openvpn (2.6.9-1ubuntu2) noble; urgency=medium

* No-change rebuild against libssl3t64

-- Steve Langasek <email address hidden> Mon, 04 Mar 2024 20:31:57 +0000

openvpn (2.6.9-1ubuntu1) noble; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - d/control: Demote easy-rsa to Suggests (universe package).
    - debian/openvpn@.service: Add '--script-security 2' similar to what
      got added to debian/openvpn.init.d ages ago (LP #1454725)

-- Gianfranco Costamagna <email address hidden> Thu, 29 Feb 2024 17:22:31 +0100

Tags:

Related branches

~lvoytek/ubuntu/+source/openvpn:update-2.6.10-oracular

Merged into ubuntu/+source/openvpn:ubuntu/devel at revision 626c51111b6ea32e78017385711e98e6e9200b3a

git-ubuntu bot: Approve on 2024-05-07

Andreas Hasenack: Approve on 2024-05-07

Canonical Server Reporter: Pending requested 2024-05-01

Diff: 10151 lines (+2204/-1313)

307 files modified

COPYING (+1/-1)
ChangeLog (+33/-1)
Changes.rst (+52/-1)
Makefile.am (+2/-2)
Makefile.in (+3/-2)
PORTS (+1/-1)
README.mbedtls (+0/-16)
build/Makefile.in (+1/-0)
config.guess (+5/-11)
config.sub (+7/-13)
configure (+251/-128)
configure.ac (+1/-1)
contrib/OCSP_check/OCSP_check.sh (+1/-1)
contrib/cmake/git-version.py (+1/-1)
contrib/cmake/parse-version.m4.py (+1/-1)
debian/changelog (+20/-0)
debian/patches/series (+0/-1)
dev/null (+0/-86)
distro/Makefile.am (+1/-1)
distro/Makefile.in (+2/-1)
distro/systemd/Makefile.am (+5/-2)
distro/systemd/Makefile.in (+6/-2)
distro/systemd/openvpn-client@.service.in (+2/-2)
distro/systemd/openvpn-server@.service.in (+2/-2)
doc/Makefile.am (+1/-1)
doc/Makefile.in (+2/-1)
doc/doxygen/Makefile.in (+1/-0)
doc/man-sections/cipher-negotiation.rst (+1/-1)
doc/man-sections/client-options.rst (+11/-0)
doc/man-sections/generic-options.rst (+1/-1)
doc/man-sections/inline-files.rst (+1/-1)
doc/man-sections/vpn-network-options.rst (+2/-2)
doc/openvpn-examples.5 (+5/-5)
doc/openvpn-examples.5.html (+4/-4)
doc/openvpn.8 (+131/-113)
doc/openvpn.8.html (+18/-9)
include/Makefile.am (+1/-1)
include/Makefile.in (+2/-1)
include/openvpn-msg.h (+1/-1)
include/openvpn-plugin.h (+2/-2)
include/openvpn-plugin.h.in (+1/-1)
ltmain.sh (+523/-338)
m4/libtool.m4 (+141/-135)
m4/ltoptions.m4 (+2/-2)
m4/ltsugar.m4 (+1/-1)
m4/ltversion.m4 (+7/-6)
m4/lt~obsolete.m4 (+2/-2)
sample/Makefile.am (+1/-1)
sample/Makefile.in (+2/-1)
sample/sample-config-files/server.conf (+1/-1)
sample/sample-keys/gen-sample-keys.sh (+1/-1)
sample/sample-plugins/Makefile (+60/-59)
sample/sample-plugins/Makefile.am (+1/-1)
sample/sample-plugins/Makefile.in (+3/-2)
sample/sample-plugins/Makefile.plugins (+1/-1)
sample/sample-plugins/client-connect/sample-client-connect.c (+1/-1)
sample/sample-plugins/defer/multi-auth.c (+1/-1)
sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c (+1/-1)
sample/sample-plugins/log/log.c (+1/-1)
sample/sample-plugins/log/log_v3.c (+2/-2)
sample/sample-plugins/simple/base64.c (+1/-1)
sample/sample-plugins/simple/simple.c (+1/-1)
src/Makefile.am (+1/-1)
src/Makefile.in (+2/-1)
src/compat/Makefile.am (+1/-1)
src/compat/Makefile.in (+2/-1)
src/compat/compat-gettimeofday.c (+1/-1)
src/compat/compat-strsep.c (+1/-1)
src/openvpn/Makefile.am (+1/-1)
src/openvpn/Makefile.in (+2/-1)
src/openvpn/argv.c (+1/-1)
src/openvpn/argv.h (+1/-1)
src/openvpn/auth_token.h (+1/-1)
src/openvpn/basic.h (+1/-1)
src/openvpn/block_dns.c (+1/-1)
src/openvpn/block_dns.h (+1/-1)
src/openvpn/buffer.c (+1/-1)
src/openvpn/buffer.h (+1/-1)
src/openvpn/circ_list.h (+1/-1)
src/openvpn/clinat.c (+1/-1)
src/openvpn/clinat.h (+1/-1)
src/openvpn/common.h (+1/-1)
src/openvpn/comp-lz4.c (+2/-2)
src/openvpn/comp-lz4.h (+2/-2)
src/openvpn/comp.c (+2/-2)
src/openvpn/comp.h (+1/-1)
src/openvpn/compstub.c (+1/-1)
src/openvpn/console.c (+2/-2)
src/openvpn/console.h (+2/-2)
src/openvpn/console_builtin.c (+2/-2)
src/openvpn/crypto.c (+1/-1)
src/openvpn/crypto.h (+1/-1)
src/openvpn/crypto_backend.h (+1/-1)
src/openvpn/crypto_mbedtls.c (+1/-1)
src/openvpn/crypto_mbedtls.h (+1/-1)
src/openvpn/crypto_openssl.c (+1/-1)
src/openvpn/crypto_openssl.h (+1/-1)
src/openvpn/dco.c (+10/-4)
src/openvpn/dco.h (+3/-3)
src/openvpn/dco_internal.h (+2/-2)
src/openvpn/dco_linux.c (+3/-3)
src/openvpn/dco_linux.h (+3/-3)
src/openvpn/dco_win.c (+2/-2)
src/openvpn/dco_win.h (+2/-2)
src/openvpn/dhcp.c (+1/-1)
src/openvpn/dhcp.h (+1/-1)
src/openvpn/dns.c (+1/-1)
src/openvpn/dns.h (+1/-1)
src/openvpn/env_set.c (+2/-2)
src/openvpn/env_set.h (+1/-1)
src/openvpn/errlevel.h (+1/-1)
src/openvpn/error.c (+1/-1)
src/openvpn/error.h (+2/-8)
src/openvpn/event.c (+1/-1)
src/openvpn/event.h (+1/-1)
src/openvpn/fdmisc.c (+1/-1)
src/openvpn/fdmisc.h (+1/-1)
src/openvpn/forward.c (+1/-1)
src/openvpn/forward.h (+1/-1)
src/openvpn/fragment.c (+1/-1)
src/openvpn/fragment.h (+2/-2)
src/openvpn/gremlin.c (+1/-1)
src/openvpn/gremlin.h (+1/-1)
src/openvpn/helper.c (+1/-1)
src/openvpn/helper.h (+1/-1)
src/openvpn/httpdigest.c (+1/-1)
src/openvpn/httpdigest.h (+1/-1)
src/openvpn/init.c (+1/-7)
src/openvpn/init.h (+1/-1)
src/openvpn/integer.h (+1/-1)
src/openvpn/interval.c (+1/-1)
src/openvpn/interval.h (+1/-1)
src/openvpn/list.c (+1/-1)
src/openvpn/list.h (+1/-1)
src/openvpn/lzo.c (+1/-1)
src/openvpn/lzo.h (+1/-1)
src/openvpn/manage.c (+1/-1)
src/openvpn/manage.h (+1/-1)
src/openvpn/mbuf.c (+1/-1)
src/openvpn/mbuf.h (+1/-1)
src/openvpn/memdbg.h (+1/-1)
src/openvpn/misc.c (+2/-2)
src/openvpn/misc.h (+1/-1)
src/openvpn/mroute.c (+1/-1)
src/openvpn/mroute.h (+1/-1)
src/openvpn/mss.c (+1/-1)
src/openvpn/mss.h (+1/-1)
src/openvpn/mstats.c (+1/-1)
src/openvpn/mstats.h (+1/-1)
src/openvpn/mtcp.c (+1/-1)
src/openvpn/mtcp.h (+1/-1)
src/openvpn/mtu.c (+1/-1)
src/openvpn/mtu.h (+1/-1)
src/openvpn/mudp.c (+1/-1)
src/openvpn/mudp.h (+1/-1)
src/openvpn/multi.c (+1/-1)
src/openvpn/multi.h (+1/-1)
src/openvpn/networking.h (+1/-1)
src/openvpn/networking_iproute2.c (+1/-1)
src/openvpn/networking_iproute2.h (+1/-1)
src/openvpn/networking_sitnl.c (+1/-1)
src/openvpn/networking_sitnl.h (+1/-1)
src/openvpn/occ.c (+1/-1)
src/openvpn/occ.h (+1/-1)
src/openvpn/openssl_compat.h (+1/-1)
src/openvpn/openvpn.c (+1/-1)
src/openvpn/openvpn.h (+1/-1)
src/openvpn/options.c (+3/-3)
src/openvpn/options.h (+1/-1)
src/openvpn/options_util.c (+1/-1)
src/openvpn/options_util.h (+1/-1)
src/openvpn/otime.c (+1/-1)
src/openvpn/otime.h (+1/-1)
src/openvpn/packet_id.c (+1/-1)
src/openvpn/packet_id.h (+1/-1)
src/openvpn/perf.c (+1/-1)
src/openvpn/perf.h (+1/-1)
src/openvpn/ping.c (+1/-1)
src/openvpn/ping.h (+1/-1)
src/openvpn/pkcs11.c (+1/-1)
src/openvpn/pkcs11.h (+1/-1)
src/openvpn/pkcs11_backend.h (+1/-1)
src/openvpn/pkcs11_mbedtls.c (+1/-1)
src/openvpn/pkcs11_openssl.c (+1/-1)
src/openvpn/platform.c (+1/-1)
src/openvpn/platform.h (+1/-1)
src/openvpn/plugin.c (+16/-4)
src/openvpn/plugin.h (+1/-1)
src/openvpn/pool.c (+1/-1)
src/openvpn/pool.h (+1/-1)
src/openvpn/proto.c (+1/-1)
src/openvpn/proto.h (+1/-1)
src/openvpn/proxy.c (+1/-1)
src/openvpn/proxy.h (+1/-1)
src/openvpn/ps.c (+1/-1)
src/openvpn/ps.h (+1/-1)
src/openvpn/push.c (+1/-1)
src/openvpn/push.h (+1/-1)
src/openvpn/pushlist.h (+1/-1)
src/openvpn/reflect_filter.c (+1/-1)
src/openvpn/reflect_filter.h (+1/-1)
src/openvpn/reliable.c (+1/-1)
src/openvpn/reliable.h (+1/-1)
src/openvpn/ring_buffer.h (+1/-1)
src/openvpn/route.c (+1/-1)
src/openvpn/route.h (+1/-1)
src/openvpn/run_command.c (+1/-1)
src/openvpn/run_command.h (+1/-1)
src/openvpn/schedule.c (+1/-1)
src/openvpn/schedule.h (+1/-1)
src/openvpn/session_id.c (+1/-1)
src/openvpn/session_id.h (+1/-1)
src/openvpn/shaper.c (+1/-1)
src/openvpn/shaper.h (+1/-1)
src/openvpn/sig.c (+1/-1)
src/openvpn/sig.h (+1/-1)
src/openvpn/socket.c (+1/-1)
src/openvpn/socket.h (+1/-1)
src/openvpn/socks.c (+1/-1)
src/openvpn/socks.h (+1/-1)
src/openvpn/ssl.c (+2/-2)
src/openvpn/ssl.h (+1/-1)
src/openvpn/ssl_backend.h (+1/-1)
src/openvpn/ssl_common.h (+1/-1)
src/openvpn/ssl_mbedtls.c (+1/-1)
src/openvpn/ssl_mbedtls.h (+1/-1)
src/openvpn/ssl_ncp.c (+2/-2)
src/openvpn/ssl_ncp.h (+1/-1)
src/openvpn/ssl_openssl.c (+1/-1)
src/openvpn/ssl_openssl.h (+1/-1)
src/openvpn/ssl_pkt.c (+1/-1)
src/openvpn/ssl_pkt.h (+1/-1)
src/openvpn/ssl_util.c (+1/-1)
src/openvpn/ssl_util.h (+1/-1)
src/openvpn/ssl_verify.c (+1/-1)
src/openvpn/ssl_verify.h (+1/-1)
src/openvpn/ssl_verify_backend.h (+1/-1)
src/openvpn/ssl_verify_mbedtls.c (+1/-1)
src/openvpn/ssl_verify_mbedtls.h (+1/-1)
src/openvpn/ssl_verify_openssl.c (+1/-1)
src/openvpn/ssl_verify_openssl.h (+1/-1)
src/openvpn/status.c (+1/-1)
src/openvpn/status.h (+1/-1)
src/openvpn/syshead.h (+1/-1)
src/openvpn/tun.c (+1/-1)
src/openvpn/tun.h (+1/-1)
src/openvpn/vlan.c (+1/-1)
src/openvpn/vlan.h (+1/-1)
src/openvpn/win32-util.c (+1/-1)
src/openvpn/win32-util.h (+1/-1)
src/openvpn/win32.c (+66/-13)
src/openvpn/win32.h (+28/-1)
src/openvpn/xkey_common.h (+1/-1)
src/openvpn/xkey_helper.c (+1/-1)
src/openvpn/xkey_provider.c (+1/-1)
src/openvpnmsica/Makefile.am (+2/-2)
src/openvpnmsica/Makefile.in (+3/-2)
src/openvpnmsica/dllmain.c (+1/-1)
src/openvpnmsica/msica_arg.c (+1/-1)
src/openvpnmsica/msica_arg.h (+1/-1)
src/openvpnmsica/msiex.c (+1/-1)
src/openvpnmsica/msiex.h (+1/-1)
src/openvpnmsica/openvpnmsica.c (+1/-1)
src/openvpnmsica/openvpnmsica.h (+1/-1)
src/openvpnmsica/openvpnmsica_resources.rc (+1/-1)
src/openvpnserv/Makefile.am (+1/-1)
src/openvpnserv/Makefile.in (+2/-1)
src/openvpnserv/common.c (+1/-1)
src/openvpnserv/interactive.c (+24/-17)
src/openvpnserv/service.h (+1/-1)
src/openvpnserv/validate.c (+1/-1)
src/openvpnserv/validate.h (+1/-1)
src/plugins/Makefile.am (+1/-1)
src/plugins/Makefile.in (+2/-1)
src/plugins/auth-pam/Makefile.in (+1/-0)
src/plugins/auth-pam/auth-pam.c (+2/-2)
src/plugins/auth-pam/utils.c (+1/-1)
src/plugins/auth-pam/utils.h (+1/-1)
src/plugins/down-root/Makefile.in (+1/-0)
src/plugins/down-root/down-root.c (+1/-1)
src/tapctl/Makefile.am (+2/-2)
src/tapctl/Makefile.in (+3/-2)
src/tapctl/basic.h (+2/-2)
src/tapctl/error.c (+2/-2)
src/tapctl/error.h (+2/-2)
src/tapctl/main.c (+2/-2)
src/tapctl/tap.c (+1/-1)
src/tapctl/tap.h (+1/-1)
src/tapctl/tapctl_resources.rc (+1/-1)
tests/Makefile.am (+15/-1)
tests/Makefile.in (+330/-13)
tests/ntlm_support.c (+52/-0)
tests/t_client.rc-sample (+25/-7)
tests/t_client.sh.in (+14/-0)
tests/unit_tests/Makefile.in (+1/-0)
tests/unit_tests/example_test/Makefile.in (+1/-0)
tests/unit_tests/openvpn/Makefile.in (+1/-0)
tests/unit_tests/openvpn/cert_data.h (+1/-1)
tests/unit_tests/openvpn/mock_msg.c (+13/-1)
tests/unit_tests/openvpn/mock_win32_execve.c (+2/-2)
tests/unit_tests/openvpn/test_cryptoapi.c (+1/-1)
tests/unit_tests/openvpn/test_misc.c (+1/-1)
tests/unit_tests/openvpn/test_ncp.c (+1/-1)
tests/unit_tests/openvpn/test_provider.c (+1/-1)
tests/unit_tests/plugins/Makefile.in (+1/-0)
tests/unit_tests/plugins/auth-pam/Makefile.in (+1/-0)
version.m4 (+1/-1)

Bryce Harrington (bryce) on 2024-05-01

Changed in openvpn (Ubuntu):
status:	New → Incomplete

Lena Voytek (lvoytek) on 2024-05-01

Changed in openvpn (Ubuntu):
assignee:	nobody → Lena Voytek (lvoytek)

Revision history for this message

Lena Voytek (lvoytek) wrote on 2024-05-01:

Updating to 2.6.10 in oracular to get the MRE going for jammy/mantic/noble

Changed in openvpn (Ubuntu):
milestone:	none → ubuntu-24.05
status:	Incomplete → In Progress

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-05-19:

This bug was fixed in the package openvpn - 2.6.10-0ubuntu1

---------------
openvpn (2.6.10-0ubuntu1) oracular; urgency=medium

  * New upstream version 2.6.10 (LP: #2064436)
    - Updates:
      + t_client.sh can now run pre-tests and skip a test block if needed.
      + Remove license warnings about mbedTLS linking.
      + Update documentation references in systemd unit files.
      + Remove obsolete tls-*.conf sample files.
      + document that auth-user-pass may be inlined.
    - Bug fixes:
      + Fix checking option consistency for compiled-in compression algorithm
        support.
      + Remove obsolete syslog.target in systemd unit files.
      + Additional Windows bug fixes.
    - See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 for
      additional bug fixes and information.
  * d/p/systemd.patch: Remove - Fixed upstream

-- Lena Voytek <email address hidden> Wed, 01 May 2024 10:02:39 -0700

Changed in openvpn (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenvpn package