summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2021-04-28CVE-2020-15078: Authentication bypass with deferred authenticationBernhard Schmidt
Overview OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. Detailed description This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. Pre-Dependency: CVE-2020-15078-0.patch: https://github.com/OpenVPN/openvpn/commit/14511010 CVE-Fix: CVE-2020-15078-1.patch: https://github.com/OpenVPN/openvpn/commit/3aca477a CVE-2020-15078-2.patch: https://github.com/OpenVPN/openvpn/commit/3d18e308 CVE-2020-15078-3.patch: https://github.com/OpenVPN/openvpn/commit/f7b3bf06 Closes: #987380
2021-02-24Changelog for 2.5.1-1debian/2.5.1-1Bernhard Schmidt
2020-10-28Changelog for 2.5.0-1debian/2.5.0-1Bernhard Schmidt
2020-10-20Changelog for 2.5~rc3-1debian/2.5_rc3-1Bernhard Schmidt
2020-09-30Changelog for 2.5~rc2-1Bernhard Schmidt
2020-09-30Downgrade debhelper-compat to 12 for easier backportsBernhard Schmidt
2020-09-01Changelog for 2.5~beta3-1debian/2.5_beta3-1Bernhard Schmidt
2020-09-01Revert "d/gbp.conf for experimental 2.5 branch"Bernhard Schmidt
This reverts commit d3986a312f5fbcfd0e78e6b147eef419fb4e5f54.
2020-09-01Drop reload support from systemd unit files (LP: #1868127)Lucas Kanashiro
The current reload implementation (sending a SIGHUP signal to the process) fails, and the difference between reload and restart is not clear. Systemd does not require an implementation for reload.
2020-09-01Add two DEP-8 test cases for the server sideLucas Kanashiro
Two scenarios are tested, server setup using: a static key and a CA.
2020-08-16Changelog for 2.5~beta1-3debian/2.5_beta1-3Bernhard Schmidt
2020-08-16Disable iproute2 support in favour of the new netlink based defaultBernhard Schmidt
Thanks: Fabio Pedretti
2020-08-16Changelog for 2.5~beta1-2debian/2.5_beta1-2Bernhard Schmidt
2020-08-16Set Build-Conflicts: systemctl, see Bug#959828Bernhard Schmidt
2020-08-15Changelog for 2.5~beta1-1debian/2.5_beta1-1Bernhard Schmidt
2020-08-15Add python3-docutils to build-depends for manpage generationBernhard Schmidt
2020-08-15Adjust patches for new major upstream versionBernhard Schmidt
2020-08-15d/gbp.conf for experimental 2.5 branchBernhard Schmidt
2020-08-15d/copyright: Remove duplicatedebian/2.4.9-3Bernhard Schmidt
2020-05-02d/changelog: Change distribution to unstable, Change date and timeJörg Frings-Fürst
2020-05-02d/copyright: Add year 2020 to Bernhard SchmidtJörg Frings-Fürst
2020-05-02Add hint to reboot if openvpn is running; Add new chapter into debian/NEWSJörg Frings-Fürst
2020-05-02d/postinst: Remove now useless code for version less than 2.3.2-6Jörg Frings-Fürst
2020-05-02Remove restart from debian/postinst; Migrate to debhelper 13Jörg Frings-Fürst
2020-05-02Fix the bug (Device or resource busy) that occurs during the updateJörg Frings-Fürst
2020-04-21Update changelogdebian/2.4.9-2Bernhard Schmidt
2020-04-21Changelog for 2.4.9-2Bernhard Schmidt
2020-04-21Enable Salsa CIBernhard Schmidt
2020-04-21Use DEB_HOST_MULTIARCH for librariesBernhard Schmidt
Closes: #958315
2020-04-21Cherry-Pick upstream patch to fix ssl_do_config error with invalid OpenSSL ↵Bernhard Schmidt
system configuration Closes: #958296
2020-04-19Changelog for 2.4.9-1debian/2.4.9-1Bernhard Schmidt
2020-04-19Fix spelling errorBernhard Schmidt
2020-04-14d/control: Add Rules-Requires-Root: NoJörg Frings-Fürst
2020-04-14Add symlinks for plugins into /usr/lib/openvpn/; Switch to debhelper-compat; ↵Jörg Frings-Fürst
Refresh d/copyright
2020-04-13Declare compliance with Debian Policy 4.5.0Jörg Frings-Fürst
2020-04-13Add libp11-kit-dev to Build-DependsJörg Frings-Fürst
2020-04-10Refresh d/p/openvpn-pkcs11warn.patch: Remove d/p/fix-pkcs11-helper-hang.patchJörg Frings-Fürst
2019-02-20Changelog for 2.4.7-1debian/2.4.7-1Bernhard Schmidt
2019-02-20Merge branch 'sdeziel-guest/openvpn-suggests-openvpn-systemd-resolved'Bernhard Schmidt
2019-02-20openvpn@.service: Bump LimitNPROC to 100Bernhard Schmidt
This generally seems to be the wrong knob to protect against runaway forks (as it does not limit per instance, but per user systemwide), but a general mediation is still under discussion. Meanwhile bump the limit for the Debian unit to 100. Upstream openvpn-client@.service and openvpn-server@.service still use 10 See Bug#861923 for discussion.
2019-02-20Avoid hangs when spawhning child processes by not setting pkcs11-helper ↵Hilko Bengen
"safe fork mode" (Closes: #772812, #900805, #907452)
2019-02-20Add CAP_AUDIT_WRITE for auth_pamBernhard Schmidt
Same change has been done upstream in 2.4.7 Closes: #868806
2019-02-20adjust kfreebsd_support.patch for new upstream versionBernhard Schmidt
2018-11-26d/control: suggests openvpn-systemd-resolvedSimon Deziel
2018-08-04Reverted to justified commitJörg Frings-Fürst
2018-08-04d/openvpn-generator: Use service file from /etc/systemd/system if existsJörg Frings-Fürst
2018-07-30d/changelog: Change date/timedebian/2.4.6-1Jörg Frings-Fürst
2018-07-30Remove essential package coreutils from SuggestsJörg Frings-Fürst
2018-07-30d/update-resolv-conf: Add syslog message if used without binary resolvconfJörg Frings-Fürst
2018-07-30New README.source to explain the branching model usedJörg Frings-Fürst