[ubuntu/focal-proposed] openvpn 2.4.12-0ubuntu0.20.04.1 (Accepted)
Lena Voytek
lena.voytek at canonical.com
Tue Nov 21 18:10:38 UTC 2023
openvpn (2.4.12-0ubuntu0.20.04.1) focal; urgency=medium
* New upstream releases 2.4.8-2.4.12 (LP: #2004676)
- The version is being updated to the latest in 2.4.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ Support compiling with OpenSSL 1.1 without deprecated APIs
+ Handle PSS padding in cryptoapicert (necessary for TLS >= 1.2)
+ Client will now announce the acceptable ciphers to the server
(IV_CIPHER=...), so NCP cipher negotiation works better
- Bug Fixes Include:
+ CVE-2020-11810
+ CVE-2020-15078
+ CVE-2022-0547
+ Fix "--mtu-disc maybe|yes"
+ Fix argv leaks in add_route() and add_route_ipv6()
+ Ensure the current common_name is in the environment for scripts
+ Apply connect-retry backoff only to one side of the connection for p2p
+ Fix PIN querying in systemd environments
+ Fix condition where a client's session could float to a new IP address
that is not authorized
+ Fix combination of async push and NCP
+ Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
+ Fix broken fragmentation logic when using NCP
+ Fix handling of 'route remote_host' for IPv6 transport case
+ Fix fatal error at switching remotes
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 for
additional bug fixes and information
* Remove patches fixed upstream:
- fix-pkcs11-helper-hang.patch
- increase-listen-backlog-queue-to-32.patch
[Included in upstream release 2.4.8]
- CVE-2020-11810.patch
[Included in upstream release 2.4.9]
- CVE-2020-15078.patch
[Included in upstream release 2.4.11]
- CVE-2022-0547.patch
[Included in upstream release 2.4.12]
* Add DEP-8 tests from later releases
- d/t/server-setup-with-static-key: test the OpenVPN server side setup
using a static key.
- d/t/server-setup-with-ca: test the OpenVPN server side setup using a
CA built with easy-rsa.
- The tests match those seen in Jammy and later with the exception of
checking for /sbin/ip commands instead of net_... commands
Date: Mon, 21 Aug 2023 11:08:59 -0700
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openvpn/2.4.12-0ubuntu0.20.04.1
-------------- next part --------------
Format: 1.8
Date: Mon, 21 Aug 2023 11:08:59 -0700
Source: openvpn
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.12-0ubuntu0.20.04.1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2004676
Changes:
openvpn (2.4.12-0ubuntu0.20.04.1) focal; urgency=medium
.
* New upstream releases 2.4.8-2.4.12 (LP: #2004676)
- The version is being updated to the latest in 2.4.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ Support compiling with OpenSSL 1.1 without deprecated APIs
+ Handle PSS padding in cryptoapicert (necessary for TLS >= 1.2)
+ Client will now announce the acceptable ciphers to the server
(IV_CIPHER=...), so NCP cipher negotiation works better
- Bug Fixes Include:
+ CVE-2020-11810
+ CVE-2020-15078
+ CVE-2022-0547
+ Fix "--mtu-disc maybe|yes"
+ Fix argv leaks in add_route() and add_route_ipv6()
+ Ensure the current common_name is in the environment for scripts
+ Apply connect-retry backoff only to one side of the connection for p2p
+ Fix PIN querying in systemd environments
+ Fix condition where a client's session could float to a new IP address
that is not authorized
+ Fix combination of async push and NCP
+ Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
+ Fix broken fragmentation logic when using NCP
+ Fix handling of 'route remote_host' for IPv6 transport case
+ Fix fatal error at switching remotes
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 for
additional bug fixes and information
* Remove patches fixed upstream:
- fix-pkcs11-helper-hang.patch
- increase-listen-backlog-queue-to-32.patch
[Included in upstream release 2.4.8]
- CVE-2020-11810.patch
[Included in upstream release 2.4.9]
- CVE-2020-15078.patch
[Included in upstream release 2.4.11]
- CVE-2022-0547.patch
[Included in upstream release 2.4.12]
* Add DEP-8 tests from later releases
- d/t/server-setup-with-static-key: test the OpenVPN server side setup
using a static key.
- d/t/server-setup-with-ca: test the OpenVPN server side setup using a
CA built with easy-rsa.
- The tests match those seen in Jammy and later with the exception of
checking for /sbin/ip commands instead of net_... commands
Checksums-Sha1:
d805c02a646f814cbdc526bd7498d4f2b47c7551 2282 openvpn_2.4.12-0ubuntu0.20.04.1.dsc
6a2b67d4f56da70ebdfc32340ba554af1f211d67 971924 openvpn_2.4.12.orig.tar.xz
fb7e0a2135d060e59469b0e0974ca875df65b4c7 63340 openvpn_2.4.12-0ubuntu0.20.04.1.debian.tar.xz
3b24c658587fdfb988d1ae26c6894dc0034bbbfc 8252 openvpn_2.4.12-0ubuntu0.20.04.1_source.buildinfo
Checksums-Sha256:
c1dee804f8be771c246a7fc7e43a839019660a705d9b1affdd1f00c0059f293d 2282 openvpn_2.4.12-0ubuntu0.20.04.1.dsc
7426b99b2058b942552af2680ee58546fbf63712992557328bd0014093aa7da4 971924 openvpn_2.4.12.orig.tar.xz
391408e8cd7e3449992d24d84a68b05474699920ae06ccfef9c42e40be60927f 63340 openvpn_2.4.12-0ubuntu0.20.04.1.debian.tar.xz
bda7d824c1a156e51bb2f07e73b9412a647844780c73f4f6d26447a031b7b0c4 8252 openvpn_2.4.12-0ubuntu0.20.04.1_source.buildinfo
Files:
e25476531b60c7115f9ee3b6c9ebb249 2282 net optional openvpn_2.4.12-0ubuntu0.20.04.1.dsc
eb413eb9cc2d7a859992949212505dff 971924 net optional openvpn_2.4.12.orig.tar.xz
0fab05481b69de8070780d1a15cc9d90 63340 net optional openvpn_2.4.12-0ubuntu0.20.04.1.debian.tar.xz
a985edae19dd480014e0c5213aecec04 8252 net optional openvpn_2.4.12-0ubuntu0.20.04.1_source.buildinfo
Original-Maintainer: Bernhard Schmidt <berni at debian.org>
Vcs-Git: https://git.launchpad.net/~lvoytek/ubuntu/+source/openvpn
Vcs-Git-Commit: 3b27c83c99883055b5cd2c2fd5fb6a6287db330e
Vcs-Git-Ref: refs/heads/MRE-focal-2.4.12
More information about the Focal-changes
mailing list