openvpn
NOTE: Automatically created during Factory devel project migration by admin.
- Links to network:vpn / openvpn
- Has a link diff
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:bjoernv:branches:network:vpn/openvpn && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| _link | 0000000119 119 Bytes | |
| client-netconfig.down | 0000001043 1.02 KB | |
| client-netconfig.up | 0000002188 2.14 KB | |
| openvpn-2.3-plugin-man.dif | 0000000787 787 Bytes | |
| openvpn-2.6.7.tar.gz | 0001895682 1.81 MB | |
| openvpn-2.6.7.tar.gz.asc | 0000000833 833 Bytes | |
| openvpn-tmpfile.conf | 0000000032 32 Bytes | |
| openvpn.README.SUSE | 0000000821 821 Bytes | |
| openvpn.changes | 0000083903 81.9 KB | |
| openvpn.keyring | 0000032042 31.3 KB | |
| openvpn.service | 0000000484 484 Bytes | |
| openvpn.spec | 0000007566 7.39 KB | |
| openvpn.target | 0000000097 97 Bytes | |
| rcopenvpn | 0000000535 535 Bytes |
Revision 56 (latest revision is 63)
Björn Voigt (bjoernv)
committed
(revision 56)
- update to 2.6.7:
* CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
use a send buffer after it has been free()d in some circumstances,
causing some free()d memory to be sent to the peer. All
configurations using TLS (e.g. not using --secret) are affected by
this issue. (found while tracking down CVE-2023-46849 / Github #400,
#417)
* CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
restore --fragment configuration in some circumstances, leading to a
division by zero when --fragment is used. On platforms where
division by zero is fatal, this will cause an OpenVPN
crash. Reported by Niccolo Belli <niccolo.belli@linuxsystems.it> and
WIPocket (Github #400, #417).
* DCO: warn if DATA_V1 packets are sent by the other side - this a
hard incompatibility between a 2.6.x client connecting to a
2.4.0-2.4.4 server, and the only fix is to use --disable-dco.
* Remove OpenSSL Engine method for loading a key. This had to be
removed because the original author did not agree to relicensing the
code with the new linking exception added. This was a somewhat
obsolete feature anyway as it only worked with OpenSSL 1.x, which is
end-of-support.
* add warning if p2p NCP client connects to a p2mp server - this is a
combination that used to work without cipher negotiation (pre 2.6 on
both ends), but would fail in non-obvious ways with 2.6 to 2.6.
* add warning to --show-groups that not all supported groups are
listed (this is due the internal enumeration in OpenSSL being a bit
weird, omitting X448 and X25519 curves).
* --dns: remove support for exclude-domains argument (this was a new
2.6 option, with no backend support implemented yet on any platform,
and it turns out that no platform supported it at all - so remove
option again)
* warn user if INFO control message too long, do not forward to
management client (safeguard against protocol-violating server
implementations)
* DCO-WIN: get and log driver version (for easier debugging).
* print "peer temporary key details" in TLS handshake
* log OpenSSL errors on failure to set certificate, for example if the
algorithms used are in acceptable to OpenSSL (misleading message
would be printed in cryptoapi / pkcs#11 scenarios)
* add CMake build system for MinGW and MSVC builds
* remove old MSVC build system
* improve cmocka unit test building for Windows
Comments 0