ubuntu/+source/openvpn:ubuntu/trusty-devel

Last commit made on 2017-06-22
Get this branch:
git clone -b ubuntu/trusty-devel https://git.launchpad.net/ubuntu/+source/openvpn
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-devel
Repository:
lp:ubuntu/+source/openvpn

Recent commits

6fda2ac... by Marc Deslauriers on 2017-06-22

Import patches-unapplied version 2.3.2-7ubuntu3.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7c0e241b9607d0bd389330c104ad8f63499a985c

New changelog entries:
  * SECURITY UPDATE: birthday attack when using 64-bit block cipher
    - debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
      selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c.
    - CVE-2016-6329
  * SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
    - debian/patches/CVE-2017-7479-pre.patch: merge
      packet_id_alloc_outgoing() into packet_id_write() in
      src/openvpn/crypto.c, src/openvpn/packet_id.c,
      src/openvpn/packet_id.h.
    - debian/patches/CVE-2017-7479.patch: drop packets instead of assert
      out if packet id rolls over in src/openvpn/crypto.c,
      src/openvpn/packet_id.c, src/openvpn/packet_id.h.
    - CVE-2017-7479
  * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
    - debian/patches/CVE-2017-7508.patch: remove assert in
      src/openvpn/mss.c.
    - CVE-2017-7508
  * SECURITY UPDATE: Remote-triggerable memory leaks
    - debian/patches/CVE-2017-7512.patch: fix leaks in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7512
  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: Potential double-free in --x509-alt-username and
    memory leaks
    - debian/patches/CVE-2017-7521.patch: fix double-free in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7521
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - No CVE number

7c0e241... by Marc Deslauriers on 2014-12-01

Import patches-unapplied version 2.3.2-7ubuntu3.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0ef5af2899b5f2ffc60d397c398d459a1d385266

New changelog entries:
  * SECURITY UPDATE: server denial of service via too-short control channel
    packets
    - debian/patches/CVE-2014-8104.patch: drop too-short control channel
      packets instead of asserting out in src/openvpn/ssl.c.
    - CVE-2014-8104
  * debian/patches/update_certs.patch: update test certs to fix FTBFS.

0ef5af2... by St├ęphane Graber on 2014-02-04

Import patches-unapplied version 2.3.2-7ubuntu3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 3cd0cb4280553911f39896ec2981b9bb34f6a657

New changelog entries:
  [ Simon Deziel ]
  * Refresh delta with debian/openvpn.init.d:
   - Make stop action reliable by killing if needed
     (LP: #1274254, LP: #1200519)
   - Use new path for status file (LP: #1261088)

3cd0cb4... by Matthias Klose on 2013-12-30

Import patches-unapplied version 2.3.2-7ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 2be6306560ee131d714053c0ef86678ecb5f65f1

New changelog entries:
  * Patch libtool.m4 and configure to support ppc64el.

2be6306... by St├ęphane Graber on 2013-12-02

Import patches-unapplied version 2.3.2-7ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 0454ddd10786bb5392544836a3149443d6897c2c

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/openvpn.init.d:
      + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
      + Show per-VPN result messages.
      + Add "--script-security 2" by default for backwards compatabliity.
    - Demote easy-rsa to Suggests

0454ddd... by Alberto Gonzalez Iniesta <email address hidden> on 2013-11-28

Import patches-unapplied version 2.3.2-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c427f452edb94ae39a6e4ecd1008c4d55614b947

New changelog entries:
  * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/.
    (Closes: #730679)

c427f45... by Alberto Gonzalez Iniesta <email address hidden> on 2013-11-27

Import patches-unapplied version 2.3.2-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3eb44ace820b6867d49d47d81c7c849bf30249ee

New changelog entries:
  * Move PID and status files to openvpn subdir in /run.
    (Closes: #614036). Thanks Stephen Gildea for the patch and Simon Deziel
    for the upgrade path.
  * Add --enable-x509-alt-username option to ./configure

3eb44ac... by Alberto Gonzalez Iniesta <email address hidden> on 2013-07-15

Import patches-unapplied version 2.3.2-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 38f6b5f4140d0991c736037939d48bc2f7206382

New changelog entries:
  * Patch init script to fix race conditions on restarts.
    (Closes: #716794). Thanks Simon Deziel for the patch.
  * Improve update-resolv-conf script. Thanks Thomas Hood
    for the patch. (Closes: #721082)

38f6b5f... by Alberto Gonzalez Iniesta <email address hidden> on 2013-06-21

Import patches-unapplied version 2.3.2-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2ecf7cc30bc615f88d8a7b3c01fde46ceaa86325

New changelog entries:
  * Fix depends on iproute to iproute2.

2ecf7cc... by Alberto Gonzalez Iniesta <email address hidden> on 2013-06-20

Import patches-unapplied version 2.3.2-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4433fe868723b02c576a2a664be2b788d871db2a

New changelog entries:
  * Add iproute2 support on linux archs.
  * Add versioned Build-Depends on dpkg-dev since --export=configure
    is used. (Closes: #697560)