[Bug 1971306] [NEW] Merge openvpn from Debian unstable for kinetic

[Bryce Harrington]

Public bug reported:

Upstream: tbd
Debian:   2.5.6-1    2.6.0~git20220317+dco-1
Ubuntu:   2.5.5-1ubuntu3


Debian new has 2.6.0~git20220317+dco-1


### New Debian Changes ###

openvpn (2.5.6-1) unstable; urgency=high

  * New upstream version 2.5.6
    CVE-2022-0547 - Potential authentication by-pass with multiple deferred
    authentication plug-ins plug-ins (Closes: #1008015)

 -- Bernhard Schmidt <be...@debian.org>  Sun, 20 Mar 2022 21:42:05 +0100

openvpn (2.5.5-1) unstable; urgency=medium

  [ Jörg Frings-Fürst ]
  * New upstream version 2.5.5
  * Declare compliance with Debian Policy 4.6.0.1
  * d/copyright:
    - Remove duplicate entries;
    - Refresh for new upstream release
    - Add 2021 to myself

  [ Bernhard Schmidt ]
  * Refresh patches for new upstream version

 -- Bernhard Schmidt <be...@debian.org>  Mon, 21 Feb 2022 12:05:55 +0100

openvpn (2.5.1-3) unstable; urgency=medium

  * Fix autopkgtest (Closes: #983662)
    - adapt autopkgtest output to 2.5 (from Ubuntu)
    - Fix easyrsa batch mode invocation
  * Cherry-Pick 'Fix condition to generate session keys' (Closes: #988478)

 -- Bernhard Schmidt <be...@debian.org>  Fri, 14 May 2021 09:40:04 +0200

openvpn (2.5.1-2) unstable; urgency=high

  * Cherry-Pick 3 (+ 1 predependency) patches from upstream to fix
    authentication bypass with deferred authentication
    (CVE-2020-15078) (Closes: #987380)

 -- Bernhard Schmidt <be...@debian.org>  Wed, 28 Apr 2021 14:41:58 +0200

openvpn (2.5.1-1) unstable; urgency=medium

  * New upstream version 2.5.1 (bugfix release)

 -- Bernhard Schmidt <be...@debian.org>  Wed, 24 Feb 2021 19:54:34 +0100

openvpn (2.5.0-1) unstable; urgency=medium

  * New upstream version 2.5.0 - final release

 -- Bernhard Schmidt <be...@debian.org>  Wed, 28 Oct 2020 19:37:34 +0100

openvpn (2.5~rc3-1) unstable; urgency=medium

  * New upstream version 2.5~rc3

 -- Bernhard Schmidt <be...@debian.org>  Tue, 20 Oct 2020 19:17:43 +0200

openvpn (2.5~rc2-1) unstable; urgency=medium

  * Downgrade debhelper-compat to 12 for easier backports
  * New upstream version 2.5~rc2

 -- Bernhard Schmidt <be...@debian.org>  Wed, 30 Sep 2020 21:12:11 +0200

openvpn (2.5~beta3-1) unstable; urgency=medium

  * Release to unstable.

  [ Lucas Kanashiro ]
  * Add two DEP-8 test cases for the server side
  * Drop reload support from systemd unit files (LP: #1868127)

  [ Bernhard Schmidt ]
  * Revert 'd/gbp.conf for experimental 2.5 branch'
  * New upstream version 2.5~beta3

 -- Bernhard Schmidt <be...@debian.org>  Tue, 01 Sep 2020 16:53:43 +0200

openvpn (2.5~beta1-3) experimental; urgency=medium

  * Disable iproute2 support in favour of the new netlink based default.
    Thanks to Fabio Pedretti

 -- Bernhard Schmidt <be...@debian.org>  Sun, 16 Aug 2020 14:04:11 +0200

openvpn (2.5~beta1-2) experimental; urgency=medium

  * Set Build-Conflicts: systemctl, see Bug#959828

 -- Bernhard Schmidt <be...@debian.org>  Sun, 16 Aug 2020 10:33:47 +0200

openvpn (2.5~beta1-1) experimental; urgency=medium

  * d/gbp.conf for experimental 2.5 branch
  * New upstream version 2.5~beta1
  * Adjust patches for new major upstream version
  * Add python3-docutils to build-depends for manpage generation

 -- Bernhard Schmidt <be...@debian.org>  Sat, 15 Aug 2020 21:32:49 +0200


### Old Ubuntu Delta ###

openvpn (2.5.5-1ubuntu3) jammy; urgency=medium

  * debian/patches/CVE-2022-0547.patch: updated to properly patch actual
    manpage file in doc/openvpn.8.

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Tue, 22 Mar 2022
13:22:27 -0400

openvpn (2.5.5-1ubuntu2) jammy; urgency=medium

  * SECURITY UPDATE: authentication bypass via multiple deferred
    authentication plug-ins
    - debian/patches/CVE-2022-0547.patch: disallow multiple deferred
      authentication plug-ins in doc/man-sections/plugin-options.rst,
      src/openvpn/plugin.c.
    - CVE-2022-0547

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Tue, 22 Mar 2022
10:37:55 -0400

openvpn (2.5.5-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1946884). Remaining changes:
    - d/control: Demote easy-rsa to Suggests (universe package).
    - debian/openvpn@.service: Add '--script-security 2' similar to what
      got added to debian/openvpn.init.d ages ago (LP #1454725)
    - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
    - d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
      the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980)

 -- Sergio Durigan Junior <sergio.duri...@canonical.com>  Wed, 23 Feb
2022 10:14:27 -0500

** Affects: openvpn (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: bite-size needs-merge upgrade-software-version

** Changed in: openvpn (Ubuntu)
    Milestone: None => ubuntu-22.06

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971306

Title:
  Merge openvpn from Debian unstable for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1971306/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs