2024-07-17 00:00:15 |
Bryce Harrington |
bug |
|
|
added bug |
2024-07-17 00:00:17 |
Bryce Harrington |
openvpn (Ubuntu): importance |
Undecided |
Wishlist |
|
2024-07-17 00:00:17 |
Bryce Harrington |
openvpn (Ubuntu): milestone |
|
ubuntu-24.08 |
|
2024-07-17 00:00:18 |
Bryce Harrington |
nominated for series |
|
Ubuntu Focal |
|
2024-07-17 00:00:20 |
Bryce Harrington |
bug task added |
|
openvpn (Ubuntu Focal) |
|
2024-07-17 00:00:22 |
Bryce Harrington |
nominated for series |
|
Ubuntu Jammy |
|
2024-07-17 00:00:25 |
Bryce Harrington |
bug task added |
|
openvpn (Ubuntu Jammy) |
|
2024-07-17 00:00:26 |
Bryce Harrington |
nominated for series |
|
Ubuntu Noble |
|
2024-07-17 00:00:27 |
Bryce Harrington |
bug task added |
|
openvpn (Ubuntu Noble) |
|
2024-07-17 00:00:29 |
Bryce Harrington |
bug |
|
|
added subscriber Canonical Server |
2024-07-19 02:26:31 |
Bryce Harrington |
openvpn (Ubuntu): assignee |
|
Lena Voytek (lvoytek) |
|
2024-07-19 02:26:38 |
Bryce Harrington |
openvpn (Ubuntu Focal): assignee |
|
Lena Voytek (lvoytek) |
|
2024-07-19 02:26:44 |
Bryce Harrington |
openvpn (Ubuntu Jammy): assignee |
|
Lena Voytek (lvoytek) |
|
2024-07-19 02:26:49 |
Bryce Harrington |
openvpn (Ubuntu Noble): assignee |
|
Lena Voytek (lvoytek) |
|
2024-07-26 04:45:56 |
Haw Loeung |
bug |
|
|
added subscriber The Canonical Sysadmins |
2024-07-26 04:45:59 |
Haw Loeung |
bug |
|
|
added subscriber Haw Loeung |
2024-08-28 15:02:34 |
Lena Voytek |
openvpn (Ubuntu): milestone |
ubuntu-24.08 |
ubuntu-24.09 |
|
2024-09-17 17:01:56 |
Lena Voytek |
description |
Backport openvpn to focal, jammy and noble once the update for oracular has been completed.
<List exact versions being upgraded from and to for each release>
[Impact]
TBD
<List bug links to former cases of SRU backports for this package>[Major Changes]
TBD
[Test Plan]
<Link to wiki SRU backport page>TBD
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters.
<Also, ...>
|
This bug tracks an update for the OpenVPN package, moving to versions:
* Noble (24.04): openvpn 2.6.12
* Jammy (22.04): openvpn 2.5.11
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/OpenVPNUpdates.
[Upstream changes]
Changes from 2.6.9 to 2.6.12 include:
CVE Fixes:
CVE-2024-4877
CVE-2024-5594
CVE-2024-28882
CVE-2024-27459
CVE-2024-24974
CVE-2024-27903
Updates:
Allow trailing \r and \n in control channel message
Implement --server-poll-timeout on SOCKS proxies
Implement Windows CA template match for Crypto-API selector
Update sample configuration files
Update systemd unit file documentation references
Remove After=syslog.target in suggested systemd service files
Bug Fixes:
Fix issue with proxy credentials caching
Fix LibreSSL crashing when enumerating digests/cipher with workaround
Use snprintf instead of sprintf for get_ssl_library_version
Fix disabling DCO when proxy is set via management interface
Looking through each commit from the release of 2.6.9 to 2.6.12, I could not find any backwards-incompatible changes. There are minor changes to the user experience though. As listed in the updates section, --server-poll-timeout now works for SOCKS proxies. Some documentation has changed too. None of the commits should affect existing configurations though.
Full release notes for versions 2.6.9-2.6.12: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26
Changes from 2.5.9 to 2.5.11 include:
CVE-2024-5594
CVE-2024-27459
CVE-2024-24974
CVE-2024-27903
Updates:
Allow trailing \r and \n in control channel message
2.5.x updates are less common, focusing on CVE fixes. Going commit by commit here, no backwards-incompatible changes exist.
Full release notes for versions 2.5.9-2.5.11: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25
[Test Plan]
DEP-8 Tests:
server-setup-with-ca - creates and tests an OpenVPN server setup with its own certificate authority
server-setup-with-static-key - creates and tests an OpenVPN server setup using a static key for authentication
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. This would most likely include the change of behavior for --server-poll-timeout and allowing \r and \n in control channel messages. |
|
2024-09-17 17:02:05 |
Lena Voytek |
summary |
Backport of openvpn for focal, jammy and noble |
Backport of openvpn for jammy and noble |
|
2024-09-17 17:02:12 |
Lena Voytek |
bug task deleted |
openvpn (Ubuntu Focal) |
|
|
2024-09-17 17:03:11 |
Lena Voytek |
openvpn (Ubuntu Jammy): status |
New |
In Progress |
|
2024-09-17 17:03:14 |
Lena Voytek |
openvpn (Ubuntu Noble): status |
New |
In Progress |
|
2024-09-17 17:03:21 |
Lena Voytek |
openvpn (Ubuntu): status |
New |
In Progress |
|
2024-09-17 21:08:19 |
Lena Voytek |
merge proposal linked |
|
https://code.launchpad.net/~lvoytek/ubuntu/+source/openvpn/+git/openvpn/+merge/473394 |
|