ubuntu/+source/openvpn:ubuntu/xenial-devel

Last commit made on 2019-05-08
Get this branch:
git clone -b ubuntu/xenial-devel https://git.launchpad.net/ubuntu/+source/openvpn
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-devel
Repository:
lp:ubuntu/+source/openvpn

Recent commits

297e276... by Joy Latten on 2019-01-09

Import patches-unapplied version 2.3.10-1ubuntu2.2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Upload parent: 8c4584bd5ceeb65241566e00049c7be88166646f

8c4584b... by Joy Latten on 2019-01-09

Changelog: Use SHA256 and Allow MD5 for PRF in FIPS mode openssl.

Signed-off-by: Joy Latten <email address hidden>

b312c76... by Joy Latten on 2019-01-09

Use SHA256 and Allow MD5 for PRF in FIPS mode openssl.

Signed-off-by: Joy Latten <email address hidden>

61edac6... by Marc Deslauriers on 2017-06-22

Import patches-unapplied version 2.3.10-1ubuntu2.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: d3359abb8b88490e79e776e1339c4947581e23c4

New changelog entries:
  * SECURITY UPDATE: birthday attack when using 64-bit block cipher
    - debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
      selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c,
      src/openvpn/crypto_polarssl.c, tests/t_lpback.sh.
    - CVE-2016-6329
  * SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
    - debian/patches/CVE-2017-7479-pre.patch: merge
      packet_id_alloc_outgoing() into packet_id_write() in
      src/openvpn/crypto.c, src/openvpn/packet_id.c,
      src/openvpn/packet_id.h.
    - debian/patches/CVE-2017-7479.patch: drop packets instead of assert
      out if packet id rolls over in src/openvpn/crypto.c,
      src/openvpn/packet_id.c, src/openvpn/packet_id.h.
    - CVE-2017-7479
  * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
    - debian/patches/CVE-2017-7508.patch: remove assert in
      src/openvpn/mss.c.
    - CVE-2017-7508
  * SECURITY UPDATE: Remote-triggerable memory leaks
    - debian/patches/CVE-2017-7512.patch: fix leaks in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7512
  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: Potential double-free in --x509-alt-username and
    memory leaks
    - debian/patches/CVE-2017-7521.patch: fix double-free in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7521
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - No CVE number

d3359ab... by Martin Pitt on 2016-02-02

Import patches-unapplied version 2.3.10-1ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 0f77d2688e495a1b29af0bc688b11a597631feaf

New changelog entries:
  * debian/openvpn@.service: Add --script-security similar to what got added
    to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725)

0f77d26... by Gianfranco Costamagna on 2016-01-21

Import patches-unapplied version 2.3.10-1ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: c07fed5ec9e72ca6d6e579115ae009ffd3e4aaed

New changelog entries:
  * Merge with Debian unstable (LP: #1536568). Remaining Ubuntu changes:
    - debian/openvpn.init.d:
      + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
      + Show per-VPN result messages.
      + Add "--script-security 2" by default for backwards compatabliity.
    - Demote easy-rsa to Suggests

c07fed5... by Alberto Gonzalez Iniesta <email address hidden> on 2016-01-20

Import patches-unapplied version 2.3.10-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 30470c8603ba5b41192d7be2408be40c58d7b1ec

New changelog entries:
  * New upstream release. (Closes: #804368)
    Drop password_prompt_in_systemd.patch. Applied upstream.
  * Unify pidfile path on systemd and sysV. (Closes: #811010)
    Thanks Guillem Jover for noticing.
  * Increase start-stop-daemon timeout on stop to let openvpn
    tear down the connection properly in some cases.
    (Closes: #799592, #796914)
  * Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet
    to fix auth-pam plugin. (Closes: #795313)
  * Patch from Martin Pitt to start OpenVPN before user sessions
    to avoid hidding possible password prompts. (Closes: #803032)
  * Make another copy of t_client.sh to help keeping the build
    environment clean. (Closes: #765447)

30470c8... by Alberto Gonzalez Iniesta <email address hidden> on 2015-10-28

Import patches-unapplied version 2.3.8-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ab67501a9fdcebc65b782cdcf011fb3bb03e1e9b

New changelog entries:
  * New upstream release. Drop patch from 2.3.7-2.
    Hopefully (Closes: #791829)
  * Apply upstream fix for systemd password prompt that
    delayed this upload. Sorry SysV users.
  * debian/rules: remove obsolete options (*-path) to configure
  * openvpn@.service: Use KillMode=mixed to fix signaling of some plugins.
    (Closes: #792907). Also add PrivateTmp & LimitNPROC options.
    Thanks Daniel Hahler for the patch.

ab67501... by Alberto Gonzalez Iniesta <email address hidden> on 2015-09-08

Import patches-unapplied version 2.3.7-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 242defcf6824e354ecbfb1ecb3dfc4b1b5abe5bd

New changelog entries:
  * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev.
    Add Build-Dep on systemd. (Closes: #791904)
  * Bumped Standards-Version to 3.9.6
  * Apply upstream patch to fix stdin password prompt.
    (Closes: #791829)

242defc... by Alberto Gonzalez Iniesta <email address hidden> on 2015-07-01

Import patches-unapplied version 2.3.7-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 21f9de4acb15a9c34f52c182b5646cfc24297e9c

New changelog entries:
  * New upstream version
  * Add --no-block to if-up.d script to avoid hanging boot on
    interfaces with openvpn instances. (Closes: #787090, #785200)
  * Add ProtectSystem=yes to systemd's service file. (Closes: #771626)
  * Removed upstream applied patches:
     - 0001-Drop-too-short-control-channel-packets-instead-of-as.patch
     - update_sample_certs.patch
  * New upstream release. Removed patches applied upstream:
    client_connect_tmp_files.patch
    better_systemd_detection.patch
  * Add Build-Depends on libsystemd-daemon-dev.