-
openvpn (2.4.3-4ubuntu1) artful; urgency=medium
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
openvpn (2.4.3-4) unstable; urgency=medium
* fix FTBFS on kfreebsd
* Adjust debian openvpn@.service to be closer to the upstream
ones (Closes: #858558, #864031):
- adjust Documentation URL to OpenVPN 2.4
- use systemd READY signalling (Type=notify)
- add ProtectHome=true
- add After/Wants network-online.target
- adjust CapabililtyBoundingSet
openvpn (2.4.3-3) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* debian/control:
- Set Bernhard Schmidt <email address hidden> as maintainer and myself as
Uploader (Closes: #865555)
- Many thanks to Alberto Gonzalez Iniesta.
- Change Vcs-Browser to cgit.
* Migrate to debhelper 10:
- Change debian/compat to 10.
- Bump minimum debhelper version in debian/control to >= 10.
* Declare compliance with Debian Policy 4.0.0. (No changes needed).
[ Bernhard Schmidt ]
* properly remove obsolete /etc/tmpfiles.d/openvpn.conf using
dpkg-maintscript-helper (Closes: #865717)
* Change Vcs-Git and Homepage to https
openvpn (2.4.3-2) unstable; urgency=medium
* The "Bye bye OpenVPN" revenge release
* Put upstream tmpfiles conf in the right place and merge with Debian's.
(Closes: #865589)
openvpn (2.4.3-1) unstable; urgency=high
* The "Bye bye OpenVPN" release.
* New upstream release fixing: (Closes: #865480)
- CVE-2017-7508
- CVE-2017-7520
- CVE-2017-7521
- CVE-2017-7522
* Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins
* debian/rules:
- Remove obsolete options to configure script (enable-password-save,
with-plugindir (now in ENV_VARS))
- No need to install upstream's systemd unit files from debian/rules
openvpn (2.4.0-6) unstable; urgency=medium
* Apply upstream patch to fix shrinking MTU sizes on reconnects causing not
usable VPN tunnels.
-- Jeremy Bicha <email address hidden> Sun, 02 Jul 2017 23:05:35 -0400
-
openvpn (2.4.0-5ubuntu2) artful; urgency=medium
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 14:10:56 -0400
-
openvpn (2.4.0-5ubuntu1) artful; urgency=medium
* Sync with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
-- Jeremy Bicha <email address hidden> Thu, 11 May 2017 17:28:23 -0400
-
openvpn (2.4.0-4ubuntu1) zesty; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
* Drop:
- debian/control: Actually drop the initscripts dependency.
(Closes: #804968). Already in Debian
-- Jon Grimm <email address hidden> Fri, 10 Feb 2017 12:16:57 -0600