Removing focal as it has reached the final 2.4.x version ** Description changed:
- Backport openvpn to focal, jammy and noble once the update for oracular - has been completed. + This bug tracks an update for the OpenVPN package, moving to versions: - <List exact versions being upgraded from and to for each release> + * Noble (24.04): openvpn 2.6.12 + * Jammy (22.04): openvpn 2.5.11 - [Impact] - TBD + These updates include bug fixes following the SRU policy exception + defined at https://wiki.ubuntu.com/OpenVPNUpdates. - <List bug links to former cases of SRU backports for this package>[Major Changes] - TBD + [Upstream changes] + + Changes from 2.6.9 to 2.6.12 include: + + CVE Fixes: + + CVE-2024-4877 + CVE-2024-5594 + CVE-2024-28882 + CVE-2024-27459 + CVE-2024-24974 + CVE-2024-27903 + + Updates: + + Allow trailing \r and \n in control channel message + Implement --server-poll-timeout on SOCKS proxies + Implement Windows CA template match for Crypto-API selector + Update sample configuration files + Update systemd unit file documentation references + Remove After=syslog.target in suggested systemd service files + + Bug Fixes: + + Fix issue with proxy credentials caching + Fix LibreSSL crashing when enumerating digests/cipher with workaround + Use snprintf instead of sprintf for get_ssl_library_version + Fix disabling DCO when proxy is set via management interface + + Looking through each commit from the release of 2.6.9 to 2.6.12, I could + not find any backwards-incompatible changes. There are minor changes to + the user experience though. As listed in the updates section, --server- + poll-timeout now works for SOCKS proxies. Some documentation has changed + too. None of the commits should affect existing configurations though. + + Full release notes for versions 2.6.9-2.6.12: + https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 + + Changes from 2.5.9 to 2.5.11 include: + + CVE-2024-5594 + CVE-2024-27459 + CVE-2024-24974 + CVE-2024-27903 + + Updates: + + Allow trailing \r and \n in control channel message + + 2.5.x updates are less common, focusing on CVE fixes. Going commit by + commit here, no backwards-incompatible changes exist. + + Full release notes for versions 2.5.9-2.5.11: + https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 [Test Plan] - <Link to wiki SRU backport page>TBD + + DEP-8 Tests: + server-setup-with-ca - creates and tests an OpenVPN server setup with its own certificate authority + server-setup-with-static-key - creates and tests an OpenVPN server setup using a static key for authentication [Regression Potential] - Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. - <Also, ...> + + Upstream has an extensive build and integration test suite. So + regressions would likely arise from a change in interaction with Ubuntu- + specific integrations. This would most likely include the change of + behavior for --server-poll-timeout and allowing \r and \n in control + channel messages. ** Summary changed: - Backport of openvpn for focal, jammy and noble + Backport of openvpn for jammy and noble ** No longer affects: openvpn (Ubuntu Focal) ** Changed in: openvpn (Ubuntu Jammy) Status: New => In Progress ** Changed in: openvpn (Ubuntu Noble) Status: New => In Progress ** Changed in: openvpn (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073318 Title: Backport of openvpn for jammy and noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2073318/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs