** Description changed: This bug tracks an update for the OpenVPN package, moving to versions: * Noble (24.04): openvpn 2.6.12 * Jammy (22.04): openvpn 2.5.11 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/OpenVPNUpdates. + + Note that openvpn does not have an accepted micro-release exception. + However, the SRU team has agreed to consider further releases given a + full knowledge and possible mitigation of backwards-incompatible + changes. See https://lists.ubuntu.com/archives/ubuntu- + release/2023-July/005688.html [Upstream changes] Changes from 2.6.9 to 2.6.12 include: CVE Fixes: CVE-2024-4877 CVE-2024-5594 CVE-2024-28882 CVE-2024-27459 CVE-2024-24974 CVE-2024-27903 Updates: Allow trailing \r and \n in control channel message Implement --server-poll-timeout on SOCKS proxies Implement Windows CA template match for Crypto-API selector Update sample configuration files Update systemd unit file documentation references Remove After=syslog.target in suggested systemd service files Bug Fixes: Fix issue with proxy credentials caching Fix LibreSSL crashing when enumerating digests/cipher with workaround Use snprintf instead of sprintf for get_ssl_library_version Fix disabling DCO when proxy is set via management interface Looking through each commit from the release of 2.6.9 to 2.6.12, I could not find any backwards-incompatible changes. There are minor changes to the user experience though. As listed in the updates section, --server- poll-timeout now works for SOCKS proxies. Some documentation has changed too. None of the commits should affect existing configurations though. Full release notes for versions 2.6.9-2.6.12: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 Changes from 2.5.9 to 2.5.11 include: CVE-2024-5594 CVE-2024-27459 CVE-2024-24974 CVE-2024-27903 Updates: Allow trailing \r and \n in control channel message 2.5.x updates are less common, focusing on CVE fixes. Going commit by commit here, no backwards-incompatible changes exist. Full release notes for versions 2.5.9-2.5.11: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 [Test Plan] DEP-8 Tests: server-setup-with-ca - creates and tests an OpenVPN server setup with its own certificate authority server-setup-with-static-key - creates and tests an OpenVPN server setup using a static key for authentication [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu- specific integrations. This would most likely include the change of behavior for --server-poll-timeout and allowing \r and \n in control channel messages.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073318 Title: Backport of openvpn for jammy and noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2073318/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
