diff --git a/openvpn-2.6.6.tar.gz b/openvpn-2.6.6.tar.gz deleted file mode 100644 index 4179eb3..0000000 --- a/openvpn-2.6.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3b074f392818b31aa529b84f76e8b5e4ad03fca764924f46d906bceaaf421034 -size 1901689 diff --git a/openvpn-2.6.6.tar.gz.asc b/openvpn-2.6.6.tar.gz.asc deleted file mode 100644 index 83ed6f2..0000000 --- a/openvpn-2.6.6.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEvlj1OdBZuAYxwSlKQdIJZcLoLccFAmTbN38ACgkQQdIJZcLo -LcdAHBAAo8g+SFz/nugWizgbNwFVyS020Wj8NCX1Miq5z+0CD+M8L43M3KVUQ8TD -oQkHxiUQx0R2foNojXC9jS3Aa/a//c6zbVBmlK8Y9X5vesUX1ii4rQ/eOgy/RkqA -EX1/TYhHFLSqepdDbhXwl7awj/9HZQLh1yJy3Xx6cmOE2kVuvuvcTn5zc6mKpJzY -665lxmXv/Vz/0c/5vAfOV/X/lG0Mgqalv7gbFL3vrLRTHJlmw8o3OCQNkpk2uHtL -pWf3mU7lbo/nZO4WGctEXBcnKTGsDJ3IXc5a0i4ufeDBXiJoFHHWfZvSvsvmxcnc -rTE0uteQYDRhz7//1HDe8rmvC6SFiZgzOvxkjZlolBphe1KOy9csikbj/TSJdY1o -qTPvjzF1k6FUUuEkAQgNQfv1XmaSUlOmQ1DofC0p4fxtb99nNZ6J6syVY8t/WF2e -hmno5/QmHe0aqaxLzy+oLUKv0NhT6MJVIoeG6yB0yIpgIfdmUafDml3qSuGdqgyk -NL4f9zyo2V81qo6VaF2t+f+N2vNbDn0FEHM6oJJ/Ig3EX6vccMPSSe4IrzaCe5ZG -McaxOJ2kVYhiIbPuoshiQEGKhXJwmdaJg8ESGvlVr08+r3U6U50WCkObnM0fN1ab -4pNVMXh+4jL9UKMaTCboVhWS4sY9IZfn1AAcPHcAyHzq9vxq118= -=n6/m ------END PGP SIGNATURE----- diff --git a/openvpn-2.6.7.tar.gz b/openvpn-2.6.7.tar.gz new file mode 100644 index 0000000..1bfae9a --- /dev/null +++ b/openvpn-2.6.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ee9877340b1d8de47eb5b52712c3366855fa6a4a1955bf950c68577bd2039913 +size 1895682 diff --git a/openvpn-2.6.7.tar.gz.asc b/openvpn-2.6.7.tar.gz.asc new file mode 100644 index 0000000..fa686eb --- /dev/null +++ b/openvpn-2.6.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEvlj1OdBZuAYxwSlKQdIJZcLoLccFAmVMo8cACgkQQdIJZcLo +LcfdHhAArFFPHjJIuKNBu6ipSWIvhzBnjGOo70fTdtctpj8P/dc2wg58iM9mPh66 +de4H+YbdBJqYhPGgrOIQg3RgWWU/11wcfqhgWPuCTDGC9zQEpK+NpBSPKZSXkBRe +29CscrTaVT8sapK7f7YeQp2PQwdKhZt0zkz+EV3/3IOYWd4CaJgSdEHlvxVp9fKF +chDv5LbbZVJ9oJH2hCpggerrHXwLBV7SHaUOASJiqIDGURr6qsmPQegmNFJN8rJJ +hXfhALUoUyhqOKhitSO/8H2lXzWG9G5eDUXQ7h0zTN82ytCfPAJ78YDpAcUQJ/7V +IMMAzRGVGlQ4z+eUhuEiFJnXs5mA7NanR4BxxMn+BhOB7LtPDrsJ2RnCBo+zfNh/ +ZHtqVkKU0L05VpMJxi8pAchVD83XF3Cuvwz/rVpUNqwKPTR26AAw727qUjzs8Fe3 +GugklilgGOERwUma+NK/idhee8qPaA/cWYNmcXnj0BttTt5eXKYwyeXB2mnQTvSO +JGsqqnaRR1A9PK0R31Ch2ASIjRsCw5BBg0XLutilCYzUsXZuUh/L8lOmfAgfJBzN +6Uk4Hpb3nPmRlE8F55WV0c0HsMG7t4Wu8mlqEZ5CMBEG/pyHdT/nKvqeBPZlfKow +hbSxUP7uGRG9DuChiAZf0PF7VY/dDi21Tr7nNP+kN3q9StYK/sc= +=1hkR +-----END PGP SIGNATURE----- diff --git a/openvpn.changes b/openvpn.changes index 4d630a3..59dc7ed 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Wed Nov 15 07:41:26 UTC 2023 - Mohd Saquib + +- update to 2.6.7: + * CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly + use a send buffer after it has been free()d in some circumstances, + causing some free()d memory to be sent to the peer. All configurations + using TLS (e.g. not using --secret) are affected by this issue. + * CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly + restore --fragment configuration in some circumstances, leading to a + division by zero when --fragment is used. On platforms where division + by zero is fatal, this will cause an OpenVPN crash. + * DCO: warn if DATA_V1 packets are sent by the other side - this a hard + incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4 + server, and the only fix is to use --disable-dco. + * Remove OpenSSL Engine method for loading a key. This had to be removed + because the original author did not agree to relicensing the code with + the new linking exception added. This was a somewhat obsolete feature + anyway as it only worked with OpenSSL 1.x, which is end-of-support. + * add warning if p2p NCP client connects to a p2mp server - this is a + combination that used to work without cipher negotiation (pre 2.6 on + both ends), but would fail in non-obvious ways with 2.6 to 2.6. + * add warning to --show-groups that not all supported groups are listed + (this is due the internal enumeration in OpenSSL being a bit weird, + omitting X448 and X25519 curves). + * --dns: remove support for exclude-domains argument (this was a new 2.6 + option, with no backend support implemented yet on any platform, and it + turns out that no platform supported it at all - so remove option again) + * warn user if INFO control message too long, do not forward to management + client (safeguard against protocol-violating server implementations) + * DCO-WIN: get and log driver version (for easier debugging). + * print "peer temporary key details" in TLS handshake + * log OpenSSL errors on failure to set certificate, for example if the + algorithms used are in acceptable to OpenSSL (misleading message would be + printed in cryptoapi / pkcs11 scenarios) + * add CMake build system for MinGW and MSVC builds + * remove old MSVC build system + * improve cmocka unit test building for Windows + ------------------------------------------------------------------- Wed Aug 16 18:56:40 UTC 2023 - Mohd Saquib diff --git a/openvpn.spec b/openvpn.spec index 47f1256..30cce79 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -20,7 +20,7 @@ %define _rundir %{_localstatedir}/run %endif Name: openvpn -Version: 2.6.6 +Version: 2.6.7 Release: 0 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface License: GPL-2.0-only WITH openvpn-openssl-exception