Bug#870604: stretch-pu: package openvpn/2.4.0-6+deb9u2

Thu, 03 Aug 2017 02:15:36 -0700 

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

Hi,

I'd like to fix RC bug #863110 in Stretch, causing OpenVPN connections to be 
broken when they are reestablished after a timeout.

The patch has been part of several upstream releases which have been in 
sid/buster for a couple of weeks now. The submitter tested the patch to be
fixing this issue.

diff attached

Best Regards,
Bernhard

diff --git a/debian/changelog b/debian/changelog
index 0f96932..dd7f177 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openvpn (2.4.0-6+deb9u2) stretch; urgency=medium
+
+  * Fix broken reconnect on connection loss due to wrong push digest 
calculation.
+    Thanks to Patrick Matthäi for testing (Closes: #863110)
+
+ -- Bernhard Schmidt <be...@debian.org>  Tue, 18 Jul 2017 22:15:17 +0200
+
 openvpn (2.4.0-6+deb9u1) stretch-security; urgency=high
 
    * SECURITY UPDATE: (Closes: #865480)
diff --git a/debian/patches/812-fix-push-options-digest-update.patch 
b/debian/patches/812-fix-push-options-digest-update.patch
new file mode 100644
index 0000000..f79a27c
--- /dev/null
+++ b/debian/patches/812-fix-push-options-digest-update.patch
@@ -0,0 +1,31 @@
+From: Selva Nair <selva.n...@gmail.com>
+Date: Tue, 3 Jan 2017 16:42:18 -0500
+Subject: [PATCH] Fix push options digest update
+Bug: https://community.openvpn.net/openvpn/ticket/812
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863110
+
+Trac: #812
+
+Signed-off-by: Selva Nair <selva.n...@gmail.com>
+Acked-by: Steffan Karger <steffan.kar...@fox-it.com>
+Message-Id: <1483479738-17672-1-git-send-email-selva.n...@gmail.com>
+URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13816.html
+Signed-off-by: Gert Doering <g...@greenie.muc.de>
+---
+ src/openvpn/push.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/openvpn/push.c b/src/openvpn/push.c
+index f5154756a..c9c04a630 100644
+--- a/src/openvpn/push.c
++++ b/src/openvpn/push.c
+@@ -692,8 +692,8 @@ push_update_digest(md_ctx_t *ctx, struct buffer *buf, 
const struct options *opt)
+         {
+             continue;
+         }
++        md_ctx_update(ctx, (const uint8_t *) line, strlen(line)+1);
+     }
+-    md_ctx_update(ctx, (const uint8_t *) line, strlen(line)+1);
+ }
+ 
+ int
diff --git a/debian/patches/series b/debian/patches/series
index a83cda1..4357c69 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,3 +12,4 @@ CVE-2017-7508.patch
 CVE-2017-7520.patch
 CVE-2017-7521.patch
 CVE-2017-7521bis.patch
+812-fix-push-options-digest-update.patch

Reply via email to