Change log for openvpn package in Ubuntu
| 51 → 100 of 163 results | First • Previous • Next • Last |
| Superseded in groovy-release |
| Published in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
openvpn (2.4.7-1ubuntu2) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:05:25 +0000
Available diffs
- diff from 2.4.7-1ubuntu1 to 2.4.7-1ubuntu2 (347 bytes)
openvpn (2.4.6-1ubuntu3.1) disco; urgency=medium
* d/p/lp-1828771-CapabilityBoundingSet-for-auth_pam.patch: Add CAP_AUDIT_WRITE
to upstreams set of .service files to avoid issues with callout scripts
breaking due to sudo/pam being unable to audit the action (LP: #1828771)
-- Christian Ehrhardt <email address hidden> Tue, 14 May 2019 10:21:37 +0200
Available diffs
openvpn (2.4.4-2ubuntu1.3) bionic; urgency=medium
* d/p/lp-1828771-CapabilityBoundingSet-for-auth_pam.patch: Add CAP_AUDIT_WRITE
to upstreams set of .service files to avoid issues with callout scripts
breaking due to sudo/pam being unable to audit the action (LP: #1828771)
-- Christian Ehrhardt <email address hidden> Tue, 14 May 2019 10:25:51 +0200
Available diffs
openvpn (2.4.6-1ubuntu2.2) cosmic; urgency=medium
* d/p/lp-1828771-CapabilityBoundingSet-for-auth_pam.patch: Add CAP_AUDIT_WRITE
to upstreams set of .service files to avoid issues with callout scripts
breaking due to sudo/pam being unable to audit the action (LP: #1828771)
-- Christian Ehrhardt <email address hidden> Tue, 14 May 2019 10:24:03 +0200
Available diffs
openvpn (2.4.7-1ubuntu1) eoan; urgency=medium * Merge with Debian unstable (LP: #1828771). Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP 1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF. (LP 1807439) * Dropped changes: - d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout scripts breaking due to sudo/pam being unable to audit the action. Fixed in upstream issue #918, suggested to Debian in #868806 (LP 1787208) [in Debian now] -- Christian Ehrhardt <email address hidden> Mon, 13 May 2019 15:55:22 +0200
Available diffs
- diff from 2.4.6-1ubuntu3 to 2.4.7-1ubuntu1 (79.1 KiB)
openvpn (2.3.10-1ubuntu2.2) xenial; urgency=medium
* d/p/openvpn-fips140-2.3.2.patch: Replace MD5 internal hash
with SHA256 and allow MD5 for PRF. (LP: #1807439)
-- Joy Latten <email address hidden> Wed, 09 Jan 2019 16:31:45 -0600
Available diffs
openvpn (2.4.4-2ubuntu1.2) bionic; urgency=medium
* d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF.
(LP: #1807439)
-- Joy Latten <email address hidden> Wed, 09 Jan 2019 15:50:03 -0600
Available diffs
openvpn (2.4.6-1ubuntu2.1) cosmic; urgency=medium
* d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF.
(LP: #1807439)
-- Joy Latten <email address hidden> Thu, 10 Jan 2019 13:48:21 -0600
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
openvpn (2.4.6-1ubuntu3) disco; urgency=medium
* d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF.
(LP: #1807439)
-- Joy Latten <email address hidden> Wed, 09 Jan 2019 12:25:59 -0600
Available diffs
openvpn (2.4.4-2ubuntu1.1) bionic; urgency=medium
* d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout
scripts breaking due to sudo/pam being unable to audit the action.
Fixed in upstream issue #918, suggested to Debian in #868806 (LP: #1787208)
-- Christian Ehrhardt <email address hidden> Wed, 05 Sep 2018 14:43:16 +0200
Available diffs
- diff from 2.4.4-2ubuntu1 to 2.4.4-2ubuntu1.1 (704 bytes)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
openvpn (2.4.6-1ubuntu2) cosmic; urgency=medium
* d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout
scripts breaking due to sudo/pam being unable to audit the action.
Fixed in upstream issue #918, suggested to Debian in #868806 (LP: #1787208)
-- Christian Ehrhardt <email address hidden> Mon, 03 Sep 2018 10:57:35 +0200
Available diffs
- diff from 2.4.6-1ubuntu1 to 2.4.6-1ubuntu2 (690 bytes)
openvpn (2.4.6-1ubuntu1) cosmic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what got
added to debian/openvpn.init.d ages ago (LP 1454725)
-- Christian Ehrhardt <email address hidden> Mon, 20 Aug 2018 13:30:20 +0200
Available diffs
- diff from 2.4.4-2ubuntu1 to 2.4.6-1ubuntu1 (279.4 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
openvpn (2.4.4-2ubuntu1) bionic; urgency=low
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
Available diffs
- diff from 2.4.4-1ubuntu1 to 2.4.4-2ubuntu1 (746 bytes)
openvpn (2.4.4-1ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
Available diffs
- diff from 2.4.3-4ubuntu1 to 2.4.4-1ubuntu1 (272.1 KiB)
openvpn (2.2.1-8ubuntu1.5) precise-security; urgency=medium
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- NO CVE number
-- <email address hidden> (Leonidas S. Barbosa) Wed, 02 Aug 2017 11:23:00 -0300
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
openvpn (2.4.3-4ubuntu1) artful; urgency=medium
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
Available diffs
- diff from 2.4.0-5ubuntu2 to 2.4.3-4ubuntu1 (329.4 KiB)
openvpn (2.4.0-5ubuntu2) artful; urgency=medium
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 14:10:56 -0400
Available diffs
openvpn (2.3.2-7ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: birthday attack when using 64-bit block cipher
- debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c.
- CVE-2016-6329
* SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
- debian/patches/CVE-2017-7479-pre.patch: merge
packet_id_alloc_outgoing() into packet_id_write() in
src/openvpn/crypto.c, src/openvpn/packet_id.c,
src/openvpn/packet_id.h.
- debian/patches/CVE-2017-7479.patch: drop packets instead of assert
out if packet id rolls over in src/openvpn/crypto.c,
src/openvpn/packet_id.c, src/openvpn/packet_id.h.
- CVE-2017-7479
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 10:51:34 -0400
Available diffs
openvpn (2.3.10-1ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: birthday attack when using 64-bit block cipher
- debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c,
src/openvpn/crypto_polarssl.c, tests/t_lpback.sh.
- CVE-2016-6329
* SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
- debian/patches/CVE-2017-7479-pre.patch: merge
packet_id_alloc_outgoing() into packet_id_write() in
src/openvpn/crypto.c, src/openvpn/packet_id.c,
src/openvpn/packet_id.h.
- debian/patches/CVE-2017-7479.patch: drop packets instead of assert
out if packet id rolls over in src/openvpn/crypto.c,
src/openvpn/packet_id.c, src/openvpn/packet_id.h.
- CVE-2017-7479
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 10:32:09 -0400
Available diffs
openvpn (2.3.11-1ubuntu2.1) yakkety-security; urgency=medium
* SECURITY UPDATE: birthday attack when using 64-bit block cipher
- debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c,
src/openvpn/crypto_polarssl.c, tests/t_lpback.sh.
- CVE-2016-6329
* SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
- debian/patches/CVE-2017-7479-pre.patch: merge
packet_id_alloc_outgoing() into packet_id_write() in
src/openvpn/crypto.c, src/openvpn/packet_id.c,
src/openvpn/packet_id.h.
- debian/patches/CVE-2017-7479.patch: drop packets instead of assert
out if packet id rolls over in src/openvpn/crypto.c,
src/openvpn/packet_id.c, src/openvpn/packet_id.h.
- CVE-2017-7479
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 09:04:47 -0400
Available diffs
openvpn (2.4.0-4ubuntu1.3) zesty-security; urgency=medium
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 08:37:49 -0400
Available diffs
openvpn (2.4.0-5ubuntu1) artful; urgency=medium
* Sync with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
-- Jeremy Bicha <email address hidden> Thu, 11 May 2017 17:28:23 -0400
Available diffs
- diff from 2.4.0-4ubuntu1 to 2.4.0-5ubuntu1 (13.5 KiB)
openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium
* SECURITY UPDATE: pre-authentication denial-of-service vulnerability
(both client and server) from a too-large control packet.
- debian/patches/CVE-2017-7478.patch: Do not assert on too-large
control packet
- CVE-2017-7478
* SECURITY UPDATE: authenticated remote DoS vulnerability due to
packet ID rollover
- debian/patches/CVE-2017-7479-prereq.patch: merge
packet_id_alloc_outgoing() into packet_id_write()
- debian/patches/CVE-2017-7478.patch: do not assert when packet ID
rollover occurs
- CVE-2017-7478
* SECURITY UPDATE: auth tokens left in memory after de-auth
- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
as soon as a TLS session is considered broken.
-- Steve Beattie <email address hidden> Wed, 10 May 2017 15:21:05 -0700
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
openvpn (2.4.0-4ubuntu1) zesty; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
* Drop:
- debian/control: Actually drop the initscripts dependency.
(Closes: #804968). Already in Debian
-- Jon Grimm <email address hidden> Fri, 10 Feb 2017 12:16:57 -0600
Available diffs
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
openvpn (2.3.11-1ubuntu2) yakkety; urgency=medium
* debian/control: Actually drop the initscripts dependency.
(Closes: #804968)
-- Martin Pitt <email address hidden> Wed, 22 Jun 2016 16:54:51 +0200
Available diffs
- diff from 2.3.11-1ubuntu1 to 2.3.11-1ubuntu2 (599 bytes)
openvpn (2.3.11-1ubuntu1) yakkety; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (see LP: #260291).
- Demote easy-rsa to Suggests (universe package).
* Drop intrusive changes (showing per-VPN result messages) from
debian/openvpn.init.d. This isn't being used under systemd.
Available diffs
- diff from 2.3.10-1ubuntu2 to 2.3.11-1ubuntu1 (289.7 KiB)
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
openvpn (2.3.10-1ubuntu2) xenial; urgency=medium
* debian/openvpn@.service: Add --script-security similar to what got added
to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725)
-- Martin Pitt <email address hidden> Tue, 02 Feb 2016 13:33:39 +0100
Available diffs
- diff from 2.3.10-1ubuntu1 to 2.3.10-1ubuntu2 (824 bytes)
openvpn (2.3.10-1ubuntu1) xenial; urgency=medium * Merge with Debian unstable (LP: #1536568). Remaining Ubuntu changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and </dev/null to avoid blocking boot. + Show per-VPN result messages. + Add "--script-security 2" by default for backwards compatabliity. - Demote easy-rsa to Suggests
Available diffs
- diff from 2.3.8-1ubuntu1 to 2.3.10-1ubuntu1 (41.4 KiB)
openvpn (2.3.8-1ubuntu1) xenial; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Run openvpn@.service before systemd-user-sessions.service to avoid
gettys and lightdm starting on top of possible password prompts. This
provides the equivalent of the init.d script's X-Start-Before:.
(Closes: #803032)
Available diffs
- diff from 2.3.7-2ubuntu1 to 2.3.8-1ubuntu1 (13.4 KiB)
openvpn (2.3.7-2ubuntu1) xenial; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Run openvpn@.service before systemd-user-sessions.service to avoid
gettys and lightdm starting on top of possible password prompts. This
provides the equivalent of the init.d script's X-Start-Before:.
(Closes: #803032)
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
openvpn (2.3.7-1ubuntu1) wily; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Run openvpn@.service before systemd-user-sessions.service to avoid
gettys and lightdm starting on top of possible password prompts. This
provides the equivalent of the init.d script's X-Start-Before:.
Available diffs
- diff from 2.3.4-5ubuntu1 to 2.3.7-1ubuntu1 (121.6 KiB)
openvpn (2.3.4-5ubuntu1) wily; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Run openvpn@.service before systemd-user-sessions.service to avoid
gettys and lightdm starting on top of possible password prompts. This
provides the equivalent of the init.d script's X-Start-Before:.
Available diffs
- diff from 2.3.2-9ubuntu4 to 2.3.4-5ubuntu1 (146.3 KiB)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
openvpn (2.3.2-9ubuntu4) vivid; urgency=medium
* Run openvpn@.service before systemd-user-sessions.service to avoid gettys
and lightdm starting on top of possible password prompts. This provides
the equivalent of the init.d script's X-Start-Before:.
-- Martin Pitt <email address hidden> Mon, 13 Apr 2015 16:09:01 -0500
Available diffs
- diff from 2.3.2-9ubuntu3 to 2.3.2-9ubuntu4 (559 bytes)
openvpn (2.3.2-9ubuntu3) vivid; urgency=medium
* Add better_systemd_detection.patch to avoid calling systemd-ask-password
under upstart. Backported from upstream. (Closes: #747265)
* Add systemd unit and generator from current Debian package. This avoids
using the init.d script, which unnecessarily blocks lightdm startup on the
network becoming online even if there are no auto-start connections
(LP: #1443489).
-- Martin Pitt <email address hidden> Mon, 13 Apr 2015 11:22:56 -0500
Available diffs
openvpn (2.2.1-8ubuntu1.4) precise-security; urgency=medium
* SECURITY UPDATE: server denial of service via too-short control channel
packets
- debian/patches/CVE-2014-8104.patch: drop too-short control channel
packets instead of asserting out in ssl.c.
- CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.
-- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 17:11:38 -0500
Available diffs
openvpn (2.3.2-7ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: server denial of service via too-short control channel
packets
- debian/patches/CVE-2014-8104.patch: drop too-short control channel
packets instead of asserting out in src/openvpn/ssl.c.
- CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.
-- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 17:10:01 -0500
Available diffs
openvpn (2.3.2-9ubuntu1.1) utopic-security; urgency=medium
* SECURITY UPDATE: server denial of service via too-short control channel
packets
- debian/patches/CVE-2014-8104.patch: drop too-short control channel
packets instead of asserting out in src/openvpn/ssl.c.
- CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.
-- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 17:09:10 -0500
Available diffs
openvpn (2.3.2-9ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: server denial of service via too-short control channel
packets
- debian/patches/CVE-2014-8104.patch: drop too-short control channel
packets instead of asserting out in src/openvpn/ssl.c.
- CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.
-- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 15:26:58 -0500
Available diffs
- diff from 2.3.2-9ubuntu1 to 2.3.2-9ubuntu2 (18.0 KiB)
openvpn (2.2.1-8ubuntu1.3) precise-security; urgency=medium
* SECURITY UPDATE: timing attack when using UDP mode
- debian/patches/CVE-2013-2061.patch: use constant time memcmp when
comparing HMACs in crypto.c, added warning to buffer.h.
- CVE-2013-2061
-- Marc Deslauriers <email address hidden> Tue, 30 Sep 2014 14:55:59 -0400
Available diffs
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
openvpn (2.3.2-9ubuntu1) utopic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Patch libtool.m4 and configure to support ppc64el.
- Refresh delta with debian/openvpn.init.d:
+ Make stop action reliable by killing if needed
(LP: #1274254, LP: #1200519)
+ Use new path for status file (LP: #1261088)
Available diffs
openvpn (2.2.1-8ubuntu1.2) precise-proposed; urgency=low
* d/p/lp992012-detect-openssl-properly.patch: fix "openssl.cnf file
could be found" error using easy-rsa by parsing openssl version
properly. (LP: #992012)
-- Nobuto MURATA <email address hidden> Tue, 18 Feb 2014 14:35:32 +0900
Available diffs
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
openvpn (2.3.2-7ubuntu3) trusty; urgency=medium
[ Simon Deziel ]
* Refresh delta with debian/openvpn.init.d:
- Make stop action reliable by killing if needed
(LP: #1274254, LP: #1200519)
- Use new path for status file (LP: #1261088)
-- Stephane Graber <email address hidden> Tue, 04 Feb 2014 09:31:39 -0500
Available diffs
- diff from 2.3.2-7ubuntu2 to 2.3.2-7ubuntu3 (979 bytes)
openvpn (2.3.2-7ubuntu2) trusty; urgency=medium * Patch libtool.m4 and configure to support ppc64el. -- Matthias Klose <email address hidden> Mon, 30 Dec 2013 12:32:35 +0100
Available diffs
- diff from 2.3.2-7ubuntu1 to 2.3.2-7ubuntu2 (729 bytes)
openvpn (2.3.2-7ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
Available diffs
openvpn (2.3.2-5ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
Available diffs
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
openvpn (2.3.2-4ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
Available diffs
openvpn (2.3.1-2ubuntu2) saucy; urgency=low
* Move easy-rsa from Recommends to Suggests as it's not in main and isn't
actually required to operate an openvpn server.
-- Stephane Graber <email address hidden> Wed, 19 Jun 2013 14:37:54 -0400
Available diffs
- diff from 2.3.1-2ubuntu1 to 2.3.1-2ubuntu2 (675 bytes)
openvpn (2.3.1-2ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
Available diffs
openvpn (2.2.1-8ubuntu1.1) precise-proposed; urgency=low
[ Marc Gariépy ]
* Add --script-security to the init.d script (was generated but not passed
to openvpn). (LP: #1124398)
-- Stephane Graber <email address hidden> Wed, 13 Feb 2013 16:17:34 -0500
Available diffs
- diff from 2.2.1-8ubuntu1 to 2.2.1-8ubuntu1.1 (655 bytes)
openvpn (2.2.1-8ubuntu2.1) quantal-proposed; urgency=low
[ Marc Gariépy ]
* Add --script-security to the init.d script (was generated but not passed
to openvpn). (LP: #1124398)
-- Stephane Graber <email address hidden> Wed, 13 Feb 2013 16:10:48 -0500
Available diffs
- diff from 2.2.1-8ubuntu2 to 2.2.1-8ubuntu2.1 (663 bytes)
| 51 → 100 of 163 results | First • Previous • Next • Last |
