Backport of openvpn for jammy and noble
Bug #2073318 reported by
Bryce Harrington
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openvpn (Ubuntu) |
In Progress
|
Wishlist
|
Lena Voytek | ||
| Jammy |
In Progress
|
Undecided
|
Lena Voytek | ||
| Noble |
In Progress
|
Undecided
|
Lena Voytek | ||
Bug Description
This bug tracks an update for the OpenVPN package, moving to versions:
* Noble (24.04): openvpn 2.6.12
* Jammy (22.04): openvpn 2.5.11
These updates include bug fixes following the SRU policy exception defined at https:/
[Upstream changes]
Changes from 2.6.9 to 2.6.12 include:
CVE Fixes:
CVE-2024-4877
CVE-2024-5594
CVE-2024-28882
CVE-2024-27459
CVE-2024-24974
CVE-2024-27903
Updates:
Allow trailing \r and \n in control channel message
Implement --server-
Implement Windows CA template match for Crypto-API selector
Update sample configuration files
Update systemd unit file documentation references
Remove After=syslog.target in suggested systemd service files
Bug Fixes:
Fix issue with proxy credentials caching
Fix LibreSSL crashing when enumerating digests/cipher with workaround
Use snprintf instead of sprintf for get_ssl_
Fix disabling DCO when proxy is set via management interface
Looking through each commit from the release of 2.6.9 to 2.6.12, I could not find any backwards-
Full release notes for versions 2.6.9-2.6.12: https:/
Changes from 2.5.9 to 2.5.11 include:
CVE-2024-5594
CVE-2024-27459
CVE-2024-24974
CVE-2024-27903
Updates:
Allow trailing \r and \n in control channel message
2.5.x updates are less common, focusing on CVE fixes. Going commit by commit here, no backwards-
Full release notes for versions 2.5.9-2.5.11: https:/
[Test Plan]
DEP-8 Tests:
server-
server-
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. This would most likely include the change of behavior for --server-
Related branches
~lvoytek/ubuntu/+source/openvpn:backport-2.6.12-noble
- Canonical Server Reporter: Pending requested
- Canonical Server: Pending requested
-
Diff: 12718 lines (+3082/-1627)321 files modifiedCOPYING (+1/-1)
ChangeLog (+80/-1)
Changes.rst (+138/-1)
Makefile.am (+2/-2)
Makefile.in (+3/-2)
PORTS (+1/-1)
README.mbedtls (+0/-16)
build/Makefile.in (+1/-0)
config.guess (+5/-11)
config.h.cmake.in (+0/-6)
config.h.in (+0/-6)
config.sub (+7/-13)
configure (+340/-159)
configure.ac (+21/-14)
contrib/OCSP_check/OCSP_check.sh (+1/-1)
contrib/cmake/git-version.py (+1/-1)
contrib/cmake/parse-version.m4.py (+1/-1)
debian/changelog (+28/-0)
debian/patches/series (+0/-3)
dev/null (+0/-86)
distro/Makefile.am (+1/-1)
distro/Makefile.in (+2/-1)
distro/systemd/Makefile.am (+5/-2)
distro/systemd/Makefile.in (+6/-2)
distro/systemd/openvpn-client@.service.in (+2/-2)
distro/systemd/openvpn-server@.service.in (+2/-2)
doc/Makefile.am (+1/-1)
doc/Makefile.in (+2/-1)
doc/doxygen/Makefile.in (+1/-0)
doc/man-sections/cipher-negotiation.rst (+9/-9)
doc/man-sections/client-options.rst (+11/-0)
doc/man-sections/encryption-options.rst (+3/-3)
doc/man-sections/generic-options.rst (+2/-5)
doc/man-sections/inline-files.rst (+1/-1)
doc/man-sections/pkcs11-options.rst (+1/-1)
doc/man-sections/renegotiation.rst (+1/-1)
doc/man-sections/script-options.rst (+27/-11)
doc/man-sections/tls-options.rst (+1/-1)
doc/man-sections/vpn-network-options.rst (+2/-2)
doc/man-sections/windows-options.rst (+7/-0)
doc/openvpn-examples.5 (+5/-5)
doc/openvpn-examples.5.html (+4/-4)
doc/openvpn.8 (+131/-113)
doc/openvpn.8.html (+18/-9)
include/Makefile.am (+1/-1)
include/Makefile.in (+2/-1)
include/openvpn-msg.h (+1/-1)
include/openvpn-plugin.h (+2/-2)
include/openvpn-plugin.h.in (+1/-1)
ltmain.sh (+523/-338)
m4/libtool.m4 (+141/-135)
m4/ltoptions.m4 (+2/-2)
m4/ltsugar.m4 (+1/-1)
m4/ltversion.m4 (+7/-6)
m4/lt~obsolete.m4 (+2/-2)
sample/Makefile.am (+1/-1)
sample/Makefile.in (+2/-1)
sample/sample-config-files/README (+2/-0)
sample/sample-config-files/client.conf (+8/-15)
sample/sample-config-files/server.conf (+24/-29)
sample/sample-keys/gen-sample-keys.sh (+1/-1)
sample/sample-plugins/Makefile (+63/-62)
sample/sample-plugins/Makefile.am (+1/-1)
sample/sample-plugins/Makefile.in (+3/-2)
sample/sample-plugins/Makefile.plugins (+1/-1)
sample/sample-plugins/client-connect/sample-client-connect.c (+1/-1)
sample/sample-plugins/defer/multi-auth.c (+1/-1)
sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c (+1/-1)
sample/sample-plugins/log/log.c (+1/-1)
sample/sample-plugins/log/log_v3.c (+2/-2)
sample/sample-plugins/simple/base64.c (+1/-1)
sample/sample-plugins/simple/simple.c (+1/-1)
src/Makefile.am (+1/-1)
src/Makefile.in (+2/-1)
src/compat/Makefile.am (+1/-1)
src/compat/Makefile.in (+2/-1)
src/compat/compat-gettimeofday.c (+1/-1)
src/compat/compat-strsep.c (+1/-1)
src/openvpn/Makefile.am (+1/-1)
src/openvpn/Makefile.in (+2/-1)
src/openvpn/argv.c (+1/-1)
src/openvpn/argv.h (+1/-1)
src/openvpn/auth_token.h (+1/-1)
src/openvpn/basic.h (+1/-1)
src/openvpn/block_dns.c (+1/-1)
src/openvpn/block_dns.h (+1/-1)
src/openvpn/buffer.c (+18/-1)
src/openvpn/buffer.h (+12/-1)
src/openvpn/circ_list.h (+1/-1)
src/openvpn/clinat.c (+1/-1)
src/openvpn/clinat.h (+1/-1)
src/openvpn/common.h (+1/-1)
src/openvpn/comp-lz4.c (+2/-2)
src/openvpn/comp-lz4.h (+2/-2)
src/openvpn/comp.c (+2/-2)
src/openvpn/comp.h (+1/-1)
src/openvpn/compstub.c (+1/-1)
src/openvpn/console.c (+2/-2)
src/openvpn/console.h (+2/-2)
src/openvpn/console_builtin.c (+2/-2)
src/openvpn/crypto.c (+1/-1)
src/openvpn/crypto.h (+1/-1)
src/openvpn/crypto_backend.h (+1/-1)
src/openvpn/crypto_mbedtls.c (+1/-1)
src/openvpn/crypto_mbedtls.h (+1/-1)
src/openvpn/crypto_openssl.c (+26/-2)
src/openvpn/crypto_openssl.h (+1/-1)
src/openvpn/cryptoapi.c (+98/-3)
src/openvpn/dco.c (+10/-4)
src/openvpn/dco.h (+3/-3)
src/openvpn/dco_freebsd.c (+17/-11)
src/openvpn/dco_internal.h (+2/-2)
src/openvpn/dco_linux.c (+3/-3)
src/openvpn/dco_linux.h (+3/-3)
src/openvpn/dco_win.c (+2/-2)
src/openvpn/dco_win.h (+2/-2)
src/openvpn/dhcp.c (+1/-1)
src/openvpn/dhcp.h (+1/-1)
src/openvpn/dns.c (+1/-1)
src/openvpn/dns.h (+1/-1)
src/openvpn/env_set.c (+2/-2)
src/openvpn/env_set.h (+1/-1)
src/openvpn/errlevel.h (+1/-1)
src/openvpn/error.c (+1/-1)
src/openvpn/error.h (+2/-8)
src/openvpn/event.c (+1/-1)
src/openvpn/event.h (+1/-1)
src/openvpn/fdmisc.c (+1/-1)
src/openvpn/fdmisc.h (+1/-1)
src/openvpn/forward.c (+64/-49)
src/openvpn/forward.h (+2/-2)
src/openvpn/fragment.c (+1/-1)
src/openvpn/fragment.h (+2/-2)
src/openvpn/gremlin.c (+1/-1)
src/openvpn/gremlin.h (+1/-1)
src/openvpn/helper.c (+1/-1)
src/openvpn/helper.h (+1/-1)
src/openvpn/httpdigest.c (+1/-1)
src/openvpn/httpdigest.h (+1/-1)
src/openvpn/init.c (+5/-8)
src/openvpn/init.h (+1/-1)
src/openvpn/integer.h (+1/-1)
src/openvpn/interval.c (+1/-1)
src/openvpn/interval.h (+1/-1)
src/openvpn/list.c (+1/-1)
src/openvpn/list.h (+1/-1)
src/openvpn/lzo.c (+3/-3)
src/openvpn/lzo.h (+6/-13)
src/openvpn/manage.c (+1/-1)
src/openvpn/manage.h (+1/-1)
src/openvpn/mbuf.c (+1/-1)
src/openvpn/mbuf.h (+1/-1)
src/openvpn/memdbg.h (+1/-1)
src/openvpn/misc.c (+4/-8)
src/openvpn/misc.h (+3/-11)
src/openvpn/mroute.c (+1/-1)
src/openvpn/mroute.h (+1/-1)
src/openvpn/mss.c (+1/-1)
src/openvpn/mss.h (+1/-1)
src/openvpn/mstats.c (+1/-1)
src/openvpn/mstats.h (+1/-1)
src/openvpn/mtcp.c (+1/-1)
src/openvpn/mtcp.h (+1/-1)
src/openvpn/mtu.c (+1/-1)
src/openvpn/mtu.h (+1/-1)
src/openvpn/mudp.c (+1/-1)
src/openvpn/mudp.h (+1/-1)
src/openvpn/multi.c (+1/-1)
src/openvpn/multi.h (+1/-1)
src/openvpn/networking.h (+1/-1)
src/openvpn/networking_iproute2.c (+1/-1)
src/openvpn/networking_iproute2.h (+1/-1)
src/openvpn/networking_sitnl.c (+1/-1)
src/openvpn/networking_sitnl.h (+1/-1)
src/openvpn/occ.c (+1/-1)
src/openvpn/occ.h (+1/-1)
src/openvpn/openssl_compat.h (+1/-1)
src/openvpn/openvpn.c (+1/-1)
src/openvpn/openvpn.h (+1/-1)
src/openvpn/options.c (+10/-4)
src/openvpn/options.h (+1/-1)
src/openvpn/options_util.c (+1/-1)
src/openvpn/options_util.h (+1/-1)
src/openvpn/otime.c (+1/-1)
src/openvpn/otime.h (+1/-1)
src/openvpn/packet_id.c (+1/-1)
src/openvpn/packet_id.h (+1/-1)
src/openvpn/perf.c (+1/-1)
src/openvpn/perf.h (+1/-1)
src/openvpn/ping.c (+1/-1)
src/openvpn/ping.h (+1/-1)
src/openvpn/pkcs11.c (+1/-1)
src/openvpn/pkcs11.h (+1/-1)
src/openvpn/pkcs11_backend.h (+1/-1)
src/openvpn/pkcs11_mbedtls.c (+1/-1)
src/openvpn/pkcs11_openssl.c (+1/-1)
src/openvpn/platform.c (+1/-1)
src/openvpn/platform.h (+1/-1)
src/openvpn/plugin.c (+16/-4)
src/openvpn/plugin.h (+1/-1)
src/openvpn/pool.c (+1/-1)
src/openvpn/pool.h (+1/-1)
src/openvpn/proto.c (+1/-1)
src/openvpn/proto.h (+1/-1)
src/openvpn/proxy.c (+15/-12)
src/openvpn/proxy.h (+3/-1)
src/openvpn/ps.c (+1/-1)
src/openvpn/ps.h (+1/-1)
src/openvpn/push.c (+8/-6)
src/openvpn/push.h (+1/-1)
src/openvpn/pushlist.h (+1/-1)
src/openvpn/reflect_filter.c (+1/-1)
src/openvpn/reflect_filter.h (+1/-1)
src/openvpn/reliable.c (+1/-1)
src/openvpn/reliable.h (+1/-1)
src/openvpn/ring_buffer.h (+1/-1)
src/openvpn/route.c (+1/-1)
src/openvpn/route.h (+1/-1)
src/openvpn/run_command.c (+1/-1)
src/openvpn/run_command.h (+1/-1)
src/openvpn/schedule.c (+1/-1)
src/openvpn/schedule.h (+1/-1)
src/openvpn/session_id.c (+1/-1)
src/openvpn/session_id.h (+1/-1)
src/openvpn/shaper.c (+1/-1)
src/openvpn/shaper.h (+1/-1)
src/openvpn/sig.c (+1/-1)
src/openvpn/sig.h (+1/-1)
src/openvpn/socket.c (+6/-3)
src/openvpn/socket.h (+1/-1)
src/openvpn/socks.c (+15/-12)
src/openvpn/socks.h (+3/-1)
src/openvpn/ssl.c (+12/-3)
src/openvpn/ssl.h (+6/-1)
src/openvpn/ssl_backend.h (+1/-1)
src/openvpn/ssl_common.h (+1/-1)
src/openvpn/ssl_mbedtls.c (+2/-2)
src/openvpn/ssl_mbedtls.h (+1/-1)
src/openvpn/ssl_ncp.c (+2/-2)
src/openvpn/ssl_ncp.h (+1/-1)
src/openvpn/ssl_openssl.c (+1/-1)
src/openvpn/ssl_openssl.h (+1/-1)
src/openvpn/ssl_pkt.c (+41/-1)
src/openvpn/ssl_pkt.h (+15/-1)
src/openvpn/ssl_util.c (+1/-1)
src/openvpn/ssl_util.h (+1/-1)
src/openvpn/ssl_verify.c (+3/-3)
src/openvpn/ssl_verify.h (+1/-1)
src/openvpn/ssl_verify_backend.h (+1/-1)
src/openvpn/ssl_verify_mbedtls.c (+1/-1)
src/openvpn/ssl_verify_mbedtls.h (+1/-1)
src/openvpn/ssl_verify_openssl.c (+1/-1)
src/openvpn/ssl_verify_openssl.h (+1/-1)
src/openvpn/status.c (+1/-1)
src/openvpn/status.h (+1/-1)
src/openvpn/syshead.h (+1/-1)
src/openvpn/tun.c (+1/-1)
src/openvpn/tun.h (+1/-1)
src/openvpn/vlan.c (+1/-1)
src/openvpn/vlan.h (+1/-1)
src/openvpn/win32-util.c (+1/-1)
src/openvpn/win32-util.h (+1/-1)
src/openvpn/win32.c (+66/-13)
src/openvpn/win32.h (+28/-1)
src/openvpn/xkey_common.h (+1/-1)
src/openvpn/xkey_helper.c (+1/-1)
src/openvpn/xkey_provider.c (+1/-1)
src/openvpnmsica/Makefile.am (+2/-2)
src/openvpnmsica/Makefile.in (+3/-2)
src/openvpnmsica/dllmain.c (+1/-1)
src/openvpnmsica/msica_arg.c (+1/-1)
src/openvpnmsica/msica_arg.h (+1/-1)
src/openvpnmsica/msiex.c (+1/-1)
src/openvpnmsica/msiex.h (+1/-1)
src/openvpnmsica/openvpnmsica.c (+1/-1)
src/openvpnmsica/openvpnmsica.h (+1/-1)
src/openvpnmsica/openvpnmsica_resources.rc (+1/-1)
src/openvpnserv/Makefile.am (+1/-1)
src/openvpnserv/Makefile.in (+2/-1)
src/openvpnserv/common.c (+1/-1)
src/openvpnserv/interactive.c (+52/-68)
src/openvpnserv/service.h (+1/-1)
src/openvpnserv/validate.c (+1/-1)
src/openvpnserv/validate.h (+1/-1)
src/plugins/Makefile.am (+1/-1)
src/plugins/Makefile.in (+2/-1)
src/plugins/auth-pam/Makefile.in (+1/-0)
src/plugins/auth-pam/auth-pam.c (+2/-2)
src/plugins/auth-pam/utils.c (+1/-1)
src/plugins/auth-pam/utils.h (+1/-1)
src/plugins/down-root/Makefile.in (+1/-0)
src/plugins/down-root/down-root.c (+1/-1)
src/tapctl/Makefile.am (+2/-2)
src/tapctl/Makefile.in (+3/-2)
src/tapctl/basic.h (+2/-2)
src/tapctl/error.c (+2/-2)
src/tapctl/error.h (+2/-2)
src/tapctl/main.c (+2/-2)
src/tapctl/tap.c (+1/-1)
src/tapctl/tap.h (+1/-1)
src/tapctl/tapctl_resources.rc (+1/-1)
tests/Makefile.am (+15/-1)
tests/Makefile.in (+330/-13)
tests/ntlm_support.c (+52/-0)
tests/t_client.rc-sample (+25/-7)
tests/t_client.sh.in (+14/-0)
tests/unit_tests/Makefile.in (+1/-0)
tests/unit_tests/example_test/Makefile.in (+1/-0)
tests/unit_tests/openvpn/Makefile.in (+1/-0)
tests/unit_tests/openvpn/cert_data.h (+1/-1)
tests/unit_tests/openvpn/mock_msg.c (+13/-1)
tests/unit_tests/openvpn/mock_win32_execve.c (+2/-2)
tests/unit_tests/openvpn/test_buffer.c (+109/-0)
tests/unit_tests/openvpn/test_cryptoapi.c (+1/-1)
tests/unit_tests/openvpn/test_misc.c (+1/-1)
tests/unit_tests/openvpn/test_ncp.c (+1/-1)
tests/unit_tests/openvpn/test_pkt.c (+35/-0)
tests/unit_tests/openvpn/test_provider.c (+1/-1)
tests/unit_tests/plugins/Makefile.in (+1/-0)
tests/unit_tests/plugins/auth-pam/Makefile.in (+1/-0)
version.m4 (+2/-2)
| Changed in openvpn (Ubuntu): | |
| importance: | Undecided → Wishlist |
| milestone: | none → ubuntu-24.08 |
| Changed in openvpn (Ubuntu): | |
| assignee: | nobody → Lena Voytek (lvoytek) |
| Changed in openvpn (Ubuntu Focal): | |
| assignee: | nobody → Lena Voytek (lvoytek) |
| Changed in openvpn (Ubuntu Jammy): | |
| assignee: | nobody → Lena Voytek (lvoytek) |
| Changed in openvpn (Ubuntu Noble): | |
| assignee: | nobody → Lena Voytek (lvoytek) |
Revision history for this message
| Lena Voytek (lvoytek) wrote | #1 |
| Changed in openvpn (Ubuntu): | |
| milestone: | ubuntu-24.08 → ubuntu-24.09 |
Revision history for this message
| Lena Voytek (lvoytek) wrote | #2 |
| description: | updated |
| summary: |
- Backport of openvpn for focal, jammy and noble + Backport of openvpn for jammy and noble |
| no longer affects: | openvpn (Ubuntu Focal) |
| Changed in openvpn (Ubuntu Jammy): | |
| status: | New → In Progress |
| Changed in openvpn (Ubuntu Noble): | |
| status: | New → In Progress |
| Changed in openvpn (Ubuntu): | |
| status: | New → In Progress |
To post a comment you must log in.
Got delayed by bind9 issues, I will get OpenVPN updated in September