Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-04-28 | CVE-2020-15078: Authentication bypass with deferred authentication | Bernhard Schmidt | |
Overview OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. Detailed description This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. Pre-Dependency: CVE-2020-15078-0.patch: https://github.com/OpenVPN/openvpn/commit/14511010 CVE-Fix: CVE-2020-15078-1.patch: https://github.com/OpenVPN/openvpn/commit/3aca477a CVE-2020-15078-2.patch: https://github.com/OpenVPN/openvpn/commit/3d18e308 CVE-2020-15078-3.patch: https://github.com/OpenVPN/openvpn/commit/f7b3bf06 Closes: #987380 | |||
2020-08-15 | Adjust patches for new major upstream version | Bernhard Schmidt | |
2020-04-21 | Cherry-Pick upstream patch to fix ssl_do_config error with invalid OpenSSL ↵ | Bernhard Schmidt | |
system configuration Closes: #958296 | |||
2020-04-10 | Refresh d/p/openvpn-pkcs11warn.patch: Remove d/p/fix-pkcs11-helper-hang.patch | Jörg Frings-Fürst | |
2019-02-20 | Avoid hangs when spawhning child processes by not setting pkcs11-helper ↵ | Hilko Bengen | |
"safe fork mode" (Closes: #772812, #900805, #907452) | |||
2019-02-20 | adjust kfreebsd_support.patch for new upstream version | Bernhard Schmidt | |
2018-07-29 | New d/p/systemd.patch to remove obsolete syslog.target | Jörg Frings-Fürst | |
2018-07-29 | Refresh patches; New d/p/spelling_errors.patch | Jörg Frings-Fürst | |
2017-10-04 | New directory /var/log/openvpn for log and status files | Jörg Frings-Fürst | |
2017-06-22 | Refresh patches for 2.4.3 | Alberto Gonzalez Iniesta | |
2017-05-22 | Add patch to fix upstream's issue 879 | Alberto Gonzalez Iniesta | |
2017-05-11 | Security fixes for sid. CVE-2017-7478 & CVE-2017-7479debian/2.4.0-5 | Alberto Gonzalez Iniesta | |
2017-05-11 | Match command line help and manpage | Alberto Gonzalez Iniesta | |
2016-12-27 | Patches cleanup | Alberto Gonzalez Iniesta | |
2016-12-12 | Update & re-enable kfreebsd_support patch | Alberto Gonzalez Iniesta | |
2016-12-07 | Update close_socket_before_scripts.patch for 2.4 | Alberto Gonzalez Iniesta | |
2016-11-21 | Refresh patches for 2.4 | Alberto Gonzalez Iniesta | |
2016-05-11 | Remove old patchesdebian/2.3.11-1 | Alberto Gonzalez Iniesta | |
2016-05-10 | Fix FTBFS in kfreebsd (Closes: #815283) | Alberto Gonzalez Iniesta | |
2016-05-10 | New upstream release | Alberto Gonzalez Iniesta | |
2016-01-20 | New upstream release | Alberto Gonzalez Iniesta | |
2015-12-15 | Fix password prompt on systemd systems | Alberto Gonzalez Iniesta | |
2015-09-05 | Drop configure patch, add systemd as Build-Dep | Alberto Gonzalez Iniesta | |
2015-09-04 | Patch configure to build without libsystemd-daemon-dev | Alberto Gonzalez Iniesta | |
2015-07-01 | Refresh patches | Alberto Gonzalez Iniesta | |
2015-07-01 | Merge branch 'jessie' | Alberto Gonzalez Iniesta | |
Conflicts: debian/changelog debian/control debian/patches/series | |||
2014-12-01 | Patch expired certs in order to get a build-able package | Alberto Gonzalez Iniesta | |
2014-12-01 | Apply upstream patch to fix CVE-2014-8104 | Alberto Gonzalez Iniesta | |
2014-10-30 | Refresh patches, remove unneeded | Alberto Gonzalez Iniesta | |
2014-10-13 | Fix temp file leak. Closes: #764651debian/2.3.4-3 | Alberto Gonzalez Iniesta | |
2014-09-02 | Refresh patches for 2.3.4 | Alberto Gonzalez Iniesta | |
2014-05-14 | Add patch to fix #747265, refresh patches | Alberto Gonzalez Iniesta | |
2013-06-03 | Upstream 2.3.2 | Alberto Gonzalez Iniesta | |
2013-05-17 | new upstream | Alberto Gonzalez Iniesta | |
2013-05-17 | Fix CVE-2013-2061 | Alberto Gonzalez Iniesta | |
2013-01-10 | Moving to 2.3 | Alberto Gonzalez Iniesta | |
2012-03-16 | Add dpkg-buildflags to plugins build flagsdebian/2.2.1-7 | Alberto Gonzalez Iniesta | |
2012-02-23 | Add "Description" to latest patches. Fix manpage | Alberto Gonzalez Iniesta | |
2012-02-23 | Fix spelling and hyphen warnings in manpage | Alberto Gonzalez Iniesta | |
2012-02-23 | Fix spelling error in occ.c | Alberto Gonzalez Iniesta | |
2012-02-21 | Imported Debian patch 2.2.1-1debian/2.2.1-1 | Alberto Gonzalez Iniesta | |