diff mbox series

openvpn: Update to version 2.6.19

Message ID 20260214152040.3720549-17-adolf.belka@ipfire.org
State New
Headers
Series openvpn: Update to version 2.6.19 |

Commit Message

Adolf Belka 14 Feb 2026, 3:20 p.m. UTC 
- Update from version 2.6.17 to 2.6.19
- No change to rootfile
- Changelog
    2.6.19
Bugfixes
    make dist would fail to pack unit_tests/openvpn/test_common.h, breaking make check
	on the tarball if cmocka is installed. Fix.
    2.6.18
New features / User visible changes
    disable DCO if --bind-dev option is given (no support for this in the old
	out-of-kernel Linux DCO implementation)
    on Windows, if using --ip-win32 netsh and not using the interactive service, IPv4
	addresses would be installed as "permanent", possibly causing problems later on
	with using that IPv4 address on a different interface. Change to "store=active".
	(GH: #915)
Code maintenance / Compat changes
    backport fixes needed to build unit tests with cmocka 2.0.0 and -Werror (some parts
	of the old API have been deprecated and would raise warnings)
    backport "ensure that all unit tests use unbuffered stdout+stderr" change,
	otherwise we get no output at all if a unit test crashes
    add explicit error message for failing read in multi_process_file_closed()
	(reported by SRL)
    test framework: permit overriding the openvpn binary called
    configure.ac: remove use of PKCS11_HELPER_LIBS in mbedTLS checks (old code, purpose
	unclear, effects non-useful)
    configure.ac: try to use pkg-config to detect mbedTLS
Documentation updates
    improve pull-filter documentation, emphasizing possible problems if used as a naive
	security measure (reported by SRLabs).
Bugfixes
    p2mp server: fix incorrect file descriptor handling on "inotify" FD during a
	SIGUSR1 restart (GH: #966)
    management interface: fix bug where --management-forget-disconnect and
	--management-signal could be executed even if password authentication to
	managment interface was still pending (Zeropath finding)
    repair client-side interaction on reconnect between DCO event handling and
	--persist-tun - after a ping timeout and reconnect, the DCO event handler would
	not be armed, and the next ping timeout would not be received by userland,
	causing non-working connections with nothing in the openvpn log (Linux and
	FreeBSD only, GH: #947)
    prevent crash on invalid server-ipv6 argument, calling freeaddrinfo() with a NULL
	pointer. This only affects OpenBSD. (Klemens Nanni).

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/openvpn | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/lfs/openvpn b/lfs/openvpn
index 25e186f12..10f1f54c4 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 2.6.17
+VER        = 2.6.19
 
 THISAPP    = openvpn-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = a5cff9bf4de85b647bd0cef808586b2cd29694ad0134ae6e4b3f74251c2ce0908cf86cbc041768f7fbc495e3ad5c5dbb9c491fe351b99da330dd2390142b353e
+$(DL_FILE)_BLAKE2 = 4eabecd3be43c7a45dbf2fb92236f568d5273978b18d5068200277771a5f6cad5fd3cc138232812c7f2e3c9a7812e73ca63c362ec942f361401c0712dc7d8498
 
 install : $(TARGET)