openvpn (2.5.11-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream release 2.5.11 (LP: #2073318):
- CVE Fixes:
+ CVE-2024-5594, CVE-2024-27459, CVE-2024-24974, CVE-2024-27903
- Updates:
+ Allow trailing r and n in control channel message
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
* Remove patches fixed upstream:
- d/p/CVE-2024-5594.patch
[Fixed in 2.5.11]
-- Lena Voytek <lena.voytek@canonical.com> Tue, 17 Sep 2024 13:25:49 -0700
openvpn (2.5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: malicious peer can DoS or send garbage to logs
- debian/patches/CVE-2024-5594.patch: properly handle null bytes and
invalid characters in control messages in src/openvpn/buffer.*,
src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c.
- CVE-2024-5594
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 27 Jun 2024 14:49:38 -0400
openvpn (2.5.9-0ubuntu0.22.04.2) jammy; urgency=medium
* d/rules: Use --with-openssl-engine=yes during configuration to maintain the
existing behavior of technically allowing openssl engine access in jammy.
For more information see
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2004676/comments/6
-- Lena Voytek <lena.voytek@canonical.com> Fri, 29 Sep 2023 16:14:48 -0700
openvpn (2.5.9-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream release 2.5.9 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ Allow optional ciphers in --data-ciphers
- Bug Fixes Include:
+ Fix null pointer error when running openvpn --show-tls with mbedtls
+ Fix corner case that could lead to leaked file descriptor
+ Fix parsing issue in pull-filter when there are leading spaces
+ Fix possible buffer overflow in parse_line argument
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
-- Lena Voytek <lena.voytek@canonical.com> Tue, 15 Aug 2023 10:48:49 -0700
openvpn (2.5.8-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream releases 2.5.6-2.5.8 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ OpenSSL3 support
+ pkcs11-helper upgrade to 1.28.4
+ allow running a default configuration with TLS libraries without BF-CBC
- Bug Fixes Include:
+ CVE-2022-0547
+ Fix potential memory leaks in add_route() and add_route_ipv6()
+ Fix PATH_MAX build failure in auth-pam.c
+ Fix using --auth-token together with --management-client-auth
+ Fix clearing of username+password when using --auth-nocache
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
* Remove patches fixed upstream:
- d/p/CVE-2022-0547.patch
[Included in upstream release 2.5.6]
- d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
- d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
into-methods.patch
- d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
- d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
- d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
- d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
digest-names.patch
[Included in upstream release 2.5.7]
- d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
libraries-without-BF-CBC.patch
- d/p/match-manpage-and-command-help.patch
[Included in upstream release 2.5.8]
-- Lena Voytek <lena.voytek@canonical.com> Fri, 03 Feb 2023 15:49:35 -0700
openvpn (2.5.5-1ubuntu3.1) jammy; urgency=medium
* d/p/openssl-3/*.patch: backport upstream patch set to better support
OpenSSL 3 (LP: #1975574)
-- Lucas Kanashiro <kanashiro@ubuntu.com> Thu, 14 Jul 2022 11:21:14 -0300
openvpn (2.5.5-1ubuntu3) jammy; urgency=medium
* debian/patches/CVE-2022-0547.patch: updated to properly patch actual
manpage file in doc/openvpn.8.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 Mar 2022 13:22:27 -0400
openvpn (2.5.5-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: authentication bypass via multiple deferred
authentication plug-ins
- debian/patches/CVE-2022-0547.patch: disallow multiple deferred
authentication plug-ins in doc/man-sections/plugin-options.rst,
src/openvpn/plugin.c.
- CVE-2022-0547
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 Mar 2022 10:37:55 -0400
openvpn (2.5.5-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1946884). Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
- d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980)
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 23 Feb 2022 10:14:27 -0500
openvpn (2.5.5-1) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* New upstream version 2.5.5
* Declare compliance with Debian Policy 4.6.0.1
* d/copyright:
- Remove duplicate entries;
- Refresh for new upstream release
- Add 2021 to myself
[ Bernhard Schmidt ]
* Refresh patches for new upstream version
-- Bernhard Schmidt <berni@debian.org> Mon, 21 Feb 2022 12:05:55 +0100
# For older changelog entries, run 'apt-get changelog openvpn'
Generated by dwww version 1.14 on Mon Sep 1 16:08:15 CEST 2025.