Your message dated Fri, 31 Oct 2025 09:17:25 +0000
with message-id <[email protected]>
and subject line Bug#1118479: fixed in openvpn-auth-radius 2.1-9+deb13u1
has caused the Debian Bug report #1118479,
regarding openvpn-auth-radius: fails to authenticate response packets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1118479: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118479
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openvpn-auth-radius
Version: 2.1-9
Severity: important
X-Debbugs-Cc: [email protected]
Dear Maintainer,
I recently upgraded one of my boxes to Debian 13 Trixie.
With the same configs, I was unable to authenticate against an unchanged RADIUS
server.
I downloaded the source, removed the 0007 BLASTRadius mitigation patch, and
rebuilt. This allowed me to successfuly connect to OpenVPN again.
I reapplied the patch and debugged the issue. I submitted a fix and it has been
accepted into unstable (2.1-10) with many thanks to sthibault.
I believe this bug renders the package completely unusable in stable. There is
a function which authenticates received packets which never succeeds because
the secret key is copied from a temporary string c_str and has garbage in it by
the time it is used to perform the necessary hashes.
Is there a way to get this patch in stable?
Thank you,
Martin Rampersad
-- System Information:
Debian Release: 13.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.48+deb13-amd64 (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openvpn-auth-radius depends on:
ii libc6 2.41-12
ii libgcc-s1 14.2.0-19
ii libgcrypt20 1.11.0-7
ii libstdc++6 14.2.0-19
ii openvpn 2.6.14-1
openvpn-auth-radius recommends no packages.
openvpn-auth-radius suggests no packages.
--- End Message ---
--- Begin Message ---
Source: openvpn-auth-radius
Source-Version: 2.1-9+deb13u1
Done: Samuel Thibault <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openvpn-auth-radius, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Samuel Thibault <[email protected]> (supplier of updated openvpn-auth-radius
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 Oct 2025 18:28:22 +0100
Source: openvpn-auth-radius
Architecture: source
Version: 2.1-9+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian QA Group <[email protected]>
Changed-By: Samuel Thibault <[email protected]>
Closes: 1118479
Changes:
openvpn-auth-radius (2.1-9+deb13u1) trixie; urgency=medium
.
* patches/0008-authenticate-fix: Fix packet authentication
(Closes: Bug#1118479)
Checksums-Sha1:
cca1dc77d475b051d04a51c58a4393aa31ded0f2 1985
openvpn-auth-radius_2.1-9+deb13u1.dsc
2d6eddee322ebd94bdf133b89a77ddfa83b1cc8a 9352
openvpn-auth-radius_2.1-9+deb13u1.debian.tar.xz
9ead0942f88397a53e5846ef83aa67ecb58d534e 6391
openvpn-auth-radius_2.1-9+deb13u1_amd64.buildinfo
Checksums-Sha256:
cb176fa74299dd23732bef88be9aa6eda45c4764d23c701e12fa35841742014b 1985
openvpn-auth-radius_2.1-9+deb13u1.dsc
111b237e3953ed8fe618d38488ecddc67c33b18984fe102332cb04553d737c19 9352
openvpn-auth-radius_2.1-9+deb13u1.debian.tar.xz
52330d78d6575aa9804aa90801d6e53b2ffcb22560b5d9da116abf97689a0020 6391
openvpn-auth-radius_2.1-9+deb13u1_amd64.buildinfo
Files:
10856cff122616176e6250d03a41e92a 1985 net optional
openvpn-auth-radius_2.1-9+deb13u1.dsc
3e8d71e80b41e686801ba2274dd5d93c 9352 net optional
openvpn-auth-radius_2.1-9+deb13u1.debian.tar.xz
6fa07b79b4e24a9b645093bcce05cff5 6391 net optional
openvpn-auth-radius_2.1-9+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEqpLrvfAUiqYaQ7iu5IlMrEVBS7AFAmj+XRQACgkQ5IlMrEVB
S7CLaxAAjKMJAUnHSDzGesyLROCdML5aCMffAsQfsQNYq35cAzVZdlf4HLSkbRSz
HNuR3zq1TxtD7l5ln376Lxj7ha5Zh6Fw5+Co4SSx+JWU8QRzGyvn9Ovrjh3tDAH3
akaUFwdb/VBE2IUEE58cqCsztLsGhF/TeF9PE+qlr+PbobZzIS9FTIGe1Wz5F0D2
+YGaeb8ztMpuqEXc0gir2neo7dR76POLx+zvbVkPlPhnpffuXgrBi6wPPI2WWZ5r
HZZGPT4j2UMGwrAN86CImI4X4rnvIJ1Cx4aeX12V7TCj6I3X42fk1SoE3AXKTsNQ
V2PKBRVCQ8ys/KOEw3yhDFxT+pINiiR6mrxYN5FQT50awt/BUwrrSVCsI5HBZcTm
OjcklpS05B/lAvdnyJv9Px7EKe7qBZnSWuv4jWzuYiWx+95pqjl7jEMd0GXJmQTD
HPy1FZiOtbJSiB9LEB2OwnGuC7lVhG/6a7jHPJVP8kEVE5GdDta8/A/pGgM2iQJ9
98tWlYQUjuNVm3L+CjZYKiNWgsSrm21u+N9dOB8z4zYgyT4ukoXOXSxLCQEojPGU
TeXGOd6CIZqoYZKO6u752fFA37gMkSrNYGbtdFhatjIil2QhmSTLYlhmS5jqllpH
/flZH18KxG2ABahnASefEiVp6UxXowappw8Op6vNHPmrS5yED88=
=nboP
-----END PGP SIGNATURE-----
pgpmpAB5RegB4.pgp
Description: PGP signature
--- End Message ---
