[ubuntu/jammy-proposed] openvpn 2.5.9-0ubuntu0.22.04.2 (Accepted)

Lena Voytek lena.voytek at canonical.com
Tue Nov 21 18:05:38 UTC 2023 

openvpn (2.5.9-0ubuntu0.22.04.2) jammy; urgency=medium

  * d/rules: Use --with-openssl-engine=yes during configuration to maintain the
    existing behavior of technically allowing openssl engine access in jammy.
    For more information see
    https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2004676/comments/6

openvpn (2.5.9-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release 2.5.9 (LP: #2004676):
    - The version is being updated to the latest in 2.5.x rather than 2.6.x to
      avoid feature releases and focus on bug fixes
    - Updates:
      + Allow optional ciphers in --data-ciphers
    - Bug Fixes Include:
      + Fix null pointer error when running openvpn --show-tls with mbedtls
      + Fix corner case that could lead to leaked file descriptor
      + Fix parsing issue in pull-filter when there are leading spaces
      + Fix possible buffer overflow in parse_line argument
      + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
        additional bug fixes and information

openvpn (2.5.8-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream releases 2.5.6-2.5.8 (LP: #2004676):
    - The version is being updated to the latest in 2.5.x rather than 2.6.x to
      avoid feature releases and focus on bug fixes
    - Updates:
      + OpenSSL3 support
      + pkcs11-helper upgrade to 1.28.4
      + allow running a default configuration with TLS libraries without BF-CBC
    - Bug Fixes Include:
      + CVE-2022-0547
      + Fix potential memory leaks in add_route() and add_route_ipv6()
      + Fix PATH_MAX build failure in auth-pam.c
      + Fix using --auth-token together with --management-client-auth
      + Fix clearing of username+password when using --auth-nocache
      + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
        additional bug fixes and information
  * Remove patches fixed upstream:
    - d/p/CVE-2022-0547.patch
      [Included in upstream release 2.5.6]
    - d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
    - d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
      into-methods.patch
    - d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
    - d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
    - d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
    - d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
      digest-names.patch
     [Included in upstream release 2.5.7]
    - d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
      libraries-without-BF-CBC.patch
    - d/p/match-manpage-and-command-help.patch
      [Included in upstream release 2.5.8]

Date: Fri, 29 Sep 2023 16:14:48 -0700
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openvpn/2.5.9-0ubuntu0.22.04.2
-------------- next part --------------
Format: 1.8
Date: Fri, 29 Sep 2023 16:14:48 -0700
Source: openvpn
Built-For-Profiles: noudeb
Architecture: source
Version: 2.5.9-0ubuntu0.22.04.2
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2004676
Changes:
 openvpn (2.5.9-0ubuntu0.22.04.2) jammy; urgency=medium
 .
   * d/rules: Use --with-openssl-engine=yes during configuration to maintain the
     existing behavior of technically allowing openssl engine access in jammy.
     For more information see
     https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2004676/comments/6
 .
 openvpn (2.5.9-0ubuntu0.22.04.1) jammy; urgency=medium
 .
   * New upstream release 2.5.9 (LP: #2004676):
     - The version is being updated to the latest in 2.5.x rather than 2.6.x to
       avoid feature releases and focus on bug fixes
     - Updates:
       + Allow optional ciphers in --data-ciphers
     - Bug Fixes Include:
       + Fix null pointer error when running openvpn --show-tls with mbedtls
       + Fix corner case that could lead to leaked file descriptor
       + Fix parsing issue in pull-filter when there are leading spaces
       + Fix possible buffer overflow in parse_line argument
       + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
         additional bug fixes and information
 .
 openvpn (2.5.8-0ubuntu0.22.04.1) jammy; urgency=medium
 .
   * New upstream releases 2.5.6-2.5.8 (LP: #2004676):
     - The version is being updated to the latest in 2.5.x rather than 2.6.x to
       avoid feature releases and focus on bug fixes
     - Updates:
       + OpenSSL3 support
       + pkcs11-helper upgrade to 1.28.4
       + allow running a default configuration with TLS libraries without BF-CBC
     - Bug Fixes Include:
       + CVE-2022-0547
       + Fix potential memory leaks in add_route() and add_route_ipv6()
       + Fix PATH_MAX build failure in auth-pam.c
       + Fix using --auth-token together with --management-client-auth
       + Fix clearing of username+password when using --auth-nocache
       + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
         additional bug fixes and information
   * Remove patches fixed upstream:
     - d/p/CVE-2022-0547.patch
       [Included in upstream release 2.5.6]
     - d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
     - d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
       into-methods.patch
     - d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
     - d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
     - d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
     - d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
       digest-names.patch
      [Included in upstream release 2.5.7]
     - d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
       libraries-without-BF-CBC.patch
     - d/p/match-manpage-and-command-help.patch
       [Included in upstream release 2.5.8]
Checksums-Sha1:
 f41fd1ccf8bf0fb916ae0c5d973c718b73c2a61e 2298 openvpn_2.5.9-0ubuntu0.22.04.2.dsc
 aaea4f2aba173ae2a7d5599e78252778af277390 1840560 openvpn_2.5.9.orig.tar.gz
 7d171b960f24b8bf32af0517c5da19ef5a31690f 65392 openvpn_2.5.9-0ubuntu0.22.04.2.debian.tar.xz
 3534bcb6aab66230d84f89ef2ef1c1d1e9c614cc 8725 openvpn_2.5.9-0ubuntu0.22.04.2_source.buildinfo
Checksums-Sha256:
 b3245b136f2b475206721be7a2af0f3e543a457bd98d73f5435214db0257f6a8 2298 openvpn_2.5.9-0ubuntu0.22.04.2.dsc
 8794b7125998c68f30de654267a702b9581454ca1e7061511fcc5f99fea4bd32 1840560 openvpn_2.5.9.orig.tar.gz
 3023855cbcedad8de67cee616387cfb868c498d8530a49797b6e7df607991077 65392 openvpn_2.5.9-0ubuntu0.22.04.2.debian.tar.xz
 05d933a696b68a6cc1e7e19b9df6ef1127efea1dcff0d7a5604b971752165c56 8725 openvpn_2.5.9-0ubuntu0.22.04.2_source.buildinfo
Files:
 3893da36980bf427f709ee9e372edcf1 2298 net optional openvpn_2.5.9-0ubuntu0.22.04.2.dsc
 ef70ed036018b21403c921f72ff518af 1840560 net optional openvpn_2.5.9.orig.tar.gz
 2e5e87efdf95ce6485b19bfbaeb15fe1 65392 net optional openvpn_2.5.9-0ubuntu0.22.04.2.debian.tar.xz
 42e0bd76e0ecb71a9f9e384bdce30a04 8725 net optional openvpn_2.5.9-0ubuntu0.22.04.2_source.buildinfo
Original-Maintainer: Bernhard Schmidt <berni at debian.org>
Vcs-Git: https://git.launchpad.net/~lvoytek/ubuntu/+source/openvpn
Vcs-Git-Commit: 59bc5060a27cf09b38664f5f51a727997ae1d4ed
Vcs-Git-Ref: refs/heads/2.5.8-MRE-jammy-allow-openssl-engines

More information about the jammy-changes mailing list