forked from pool/openvpn
475b121128
- update to 2.6.7:
* CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
use a send buffer after it has been free()d in some circumstances,
causing some free()d memory to be sent to the peer. All configurations
using TLS (e.g. not using --secret) are affected by this issue.
* CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
restore --fragment configuration in some circumstances, leading to a
division by zero when --fragment is used. On platforms where division
by zero is fatal, this will cause an OpenVPN crash.
* DCO: warn if DATA_V1 packets are sent by the other side - this a hard
incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4
server, and the only fix is to use --disable-dco.
* Remove OpenSSL Engine method for loading a key. This had to be removed
because the original author did not agree to relicensing the code with
the new linking exception added. This was a somewhat obsolete feature
anyway as it only worked with OpenSSL 1.x, which is end-of-support.
* add warning if p2p NCP client connects to a p2mp server - this is a
combination that used to work without cipher negotiation (pre 2.6 on
both ends), but would fail in non-obvious ways with 2.6 to 2.6.
* add warning to --show-groups that not all supported groups are listed
(this is due the internal enumeration in OpenSSL being a bit weird,
omitting X448 and X25519 curves).
* --dns: remove support for exclude-domains argument (this was a new 2.6
option, with no backend support implemented yet on any platform, and it
turns out that no platform supported it at all - so remove option again)
* warn user if INFO control message too long, do not forward to management
client (safeguard against protocol-violating server implementations)
* DCO-WIN: get and log driver version (for easier debugging).
* print "peer temporary key details" in TLS handshake
* log OpenSSL errors on failure to set certificate, for example if the
OBS-URL: https://build.opensuse.org/request/show/1126537
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=197
17 lines
833 B
Plaintext
17 lines
833 B
Plaintext
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIzBAABCAAdFiEEvlj1OdBZuAYxwSlKQdIJZcLoLccFAmVMo8cACgkQQdIJZcLo
|
|
LcfdHhAArFFPHjJIuKNBu6ipSWIvhzBnjGOo70fTdtctpj8P/dc2wg58iM9mPh66
|
|
de4H+YbdBJqYhPGgrOIQg3RgWWU/11wcfqhgWPuCTDGC9zQEpK+NpBSPKZSXkBRe
|
|
29CscrTaVT8sapK7f7YeQp2PQwdKhZt0zkz+EV3/3IOYWd4CaJgSdEHlvxVp9fKF
|
|
chDv5LbbZVJ9oJH2hCpggerrHXwLBV7SHaUOASJiqIDGURr6qsmPQegmNFJN8rJJ
|
|
hXfhALUoUyhqOKhitSO/8H2lXzWG9G5eDUXQ7h0zTN82ytCfPAJ78YDpAcUQJ/7V
|
|
IMMAzRGVGlQ4z+eUhuEiFJnXs5mA7NanR4BxxMn+BhOB7LtPDrsJ2RnCBo+zfNh/
|
|
ZHtqVkKU0L05VpMJxi8pAchVD83XF3Cuvwz/rVpUNqwKPTR26AAw727qUjzs8Fe3
|
|
GugklilgGOERwUma+NK/idhee8qPaA/cWYNmcXnj0BttTt5eXKYwyeXB2mnQTvSO
|
|
JGsqqnaRR1A9PK0R31Ch2ASIjRsCw5BBg0XLutilCYzUsXZuUh/L8lOmfAgfJBzN
|
|
6Uk4Hpb3nPmRlE8F55WV0c0HsMG7t4Wu8mlqEZ5CMBEG/pyHdT/nKvqeBPZlfKow
|
|
hbSxUP7uGRG9DuChiAZf0PF7VY/dDi21Tr7nNP+kN3q9StYK/sc=
|
|
=1hkR
|
|
-----END PGP SIGNATURE-----
|