Public bug reported: Upstream: tbd Debian: 2.5.6-1 2.6.0~git20220317+dco-1 Ubuntu: 2.5.5-1ubuntu3
Debian new has 2.6.0~git20220317+dco-1 ### New Debian Changes ### openvpn (2.5.6-1) unstable; urgency=high * New upstream version 2.5.6 CVE-2022-0547 - Potential authentication by-pass with multiple deferred authentication plug-ins plug-ins (Closes: #1008015) -- Bernhard Schmidt <be...@debian.org> Sun, 20 Mar 2022 21:42:05 +0100 openvpn (2.5.5-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New upstream version 2.5.5 * Declare compliance with Debian Policy 4.6.0.1 * d/copyright: - Remove duplicate entries; - Refresh for new upstream release - Add 2021 to myself [ Bernhard Schmidt ] * Refresh patches for new upstream version -- Bernhard Schmidt <be...@debian.org> Mon, 21 Feb 2022 12:05:55 +0100 openvpn (2.5.1-3) unstable; urgency=medium * Fix autopkgtest (Closes: #983662) - adapt autopkgtest output to 2.5 (from Ubuntu) - Fix easyrsa batch mode invocation * Cherry-Pick 'Fix condition to generate session keys' (Closes: #988478) -- Bernhard Schmidt <be...@debian.org> Fri, 14 May 2021 09:40:04 +0200 openvpn (2.5.1-2) unstable; urgency=high * Cherry-Pick 3 (+ 1 predependency) patches from upstream to fix authentication bypass with deferred authentication (CVE-2020-15078) (Closes: #987380) -- Bernhard Schmidt <be...@debian.org> Wed, 28 Apr 2021 14:41:58 +0200 openvpn (2.5.1-1) unstable; urgency=medium * New upstream version 2.5.1 (bugfix release) -- Bernhard Schmidt <be...@debian.org> Wed, 24 Feb 2021 19:54:34 +0100 openvpn (2.5.0-1) unstable; urgency=medium * New upstream version 2.5.0 - final release -- Bernhard Schmidt <be...@debian.org> Wed, 28 Oct 2020 19:37:34 +0100 openvpn (2.5~rc3-1) unstable; urgency=medium * New upstream version 2.5~rc3 -- Bernhard Schmidt <be...@debian.org> Tue, 20 Oct 2020 19:17:43 +0200 openvpn (2.5~rc2-1) unstable; urgency=medium * Downgrade debhelper-compat to 12 for easier backports * New upstream version 2.5~rc2 -- Bernhard Schmidt <be...@debian.org> Wed, 30 Sep 2020 21:12:11 +0200 openvpn (2.5~beta3-1) unstable; urgency=medium * Release to unstable. [ Lucas Kanashiro ] * Add two DEP-8 test cases for the server side * Drop reload support from systemd unit files (LP: #1868127) [ Bernhard Schmidt ] * Revert 'd/gbp.conf for experimental 2.5 branch' * New upstream version 2.5~beta3 -- Bernhard Schmidt <be...@debian.org> Tue, 01 Sep 2020 16:53:43 +0200 openvpn (2.5~beta1-3) experimental; urgency=medium * Disable iproute2 support in favour of the new netlink based default. Thanks to Fabio Pedretti -- Bernhard Schmidt <be...@debian.org> Sun, 16 Aug 2020 14:04:11 +0200 openvpn (2.5~beta1-2) experimental; urgency=medium * Set Build-Conflicts: systemctl, see Bug#959828 -- Bernhard Schmidt <be...@debian.org> Sun, 16 Aug 2020 10:33:47 +0200 openvpn (2.5~beta1-1) experimental; urgency=medium * d/gbp.conf for experimental 2.5 branch * New upstream version 2.5~beta1 * Adjust patches for new major upstream version * Add python3-docutils to build-depends for manpage generation -- Bernhard Schmidt <be...@debian.org> Sat, 15 Aug 2020 21:32:49 +0200 ### Old Ubuntu Delta ### openvpn (2.5.5-1ubuntu3) jammy; urgency=medium * debian/patches/CVE-2022-0547.patch: updated to properly patch actual manpage file in doc/openvpn.8. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 22 Mar 2022 13:22:27 -0400 openvpn (2.5.5-1ubuntu2) jammy; urgency=medium * SECURITY UPDATE: authentication bypass via multiple deferred authentication plug-ins - debian/patches/CVE-2022-0547.patch: disallow multiple deferred authentication plug-ins in doc/man-sections/plugin-options.rst, src/openvpn/plugin.c. - CVE-2022-0547 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 22 Mar 2022 10:37:55 -0400 openvpn (2.5.5-1ubuntu1) jammy; urgency=medium * Merge with Debian unstable (LP: #1946884). Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP #1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. - d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980) -- Sergio Durigan Junior <sergio.duri...@canonical.com> Wed, 23 Feb 2022 10:14:27 -0500 ** Affects: openvpn (Ubuntu) Importance: Undecided Status: New ** Tags: bite-size needs-merge upgrade-software-version ** Changed in: openvpn (Ubuntu) Milestone: None => ubuntu-22.06 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971306 Title: Merge openvpn from Debian unstable for kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1971306/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs