From patchwork Sat Feb 14 15:20:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9516 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4fCt6G3jKRz3wkY for ; Sat, 14 Feb 2026 15:21:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4fCt6F0Hs1z5lQ for ; Sat, 14 Feb 2026 15:21:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4fCt6264nNz36Vn for ; Sat, 14 Feb 2026 15:20:58 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4fCt5v0PD7z34Nf for ; Sat, 14 Feb 2026 15:20:51 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4fCt5r5Ym6z5rH; Sat, 14 Feb 2026 15:20:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1771082448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m2t4eUVmvwqe0tkZ5WCHaixAbfZvxEbqToU+uU3R960=; b=Zwl+hpGYrtojY2yyTDa9rvidJhqB9aBuEWkQPPVHqHsJ5YXf1Hio3hwA83E4QVhLLw0iHE 6LDP4Chfu3BCQnnRXNOR8eDappgfAdh5vVX0uw6NrUJJPGqYp78nkGEWLuvXq9QiI6rp/j MbG5tusN/2kWb/pP2F2RNoCD4PuTOKz1IucEQMvRCnX+tAjgm8lvgdAdMdUqtTEcbwV232 r2UVy9uMUNpX9Wo+iYYyaw2wpTIamMMRmZcJXf7uiWF9r20Lg1nFw84tm3Q9khzNndi+zY 5jHHDg9EAOOHyxxeR7sgjykl6B58Q7NReL4E4gP2fg5ZoSrnKAxrYE0aVHqcPg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1771082448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m2t4eUVmvwqe0tkZ5WCHaixAbfZvxEbqToU+uU3R960=; b=751KvchgaFSbybsfnyZa1Vfuh070e4FGdr8rsqN+PujY4spWWp1GMgnA2Fz37RRHK7z5Aq cl+KcL5T0KTyOeDw== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] openvpn: Update to version 2.6.19 Date: Sat, 14 Feb 2026 16:20:37 +0100 Message-ID: <20260214152040.3720549-17-adolf.belka@ipfire.org> In-Reply-To: <20260214152040.3720549-1-adolf.belka@ipfire.org> References: <20260214152040.3720549-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 2.6.17 to 2.6.19 - No change to rootfile - Changelog 2.6.19 Bugfixes make dist would fail to pack unit_tests/openvpn/test_common.h, breaking make check on the tarball if cmocka is installed. Fix. 2.6.18 New features / User visible changes disable DCO if --bind-dev option is given (no support for this in the old out-of-kernel Linux DCO implementation) on Windows, if using --ip-win32 netsh and not using the interactive service, IPv4 addresses would be installed as "permanent", possibly causing problems later on with using that IPv4 address on a different interface. Change to "store=active". (GH: #915) Code maintenance / Compat changes backport fixes needed to build unit tests with cmocka 2.0.0 and -Werror (some parts of the old API have been deprecated and would raise warnings) backport "ensure that all unit tests use unbuffered stdout+stderr" change, otherwise we get no output at all if a unit test crashes add explicit error message for failing read in multi_process_file_closed() (reported by SRL) test framework: permit overriding the openvpn binary called configure.ac: remove use of PKCS11_HELPER_LIBS in mbedTLS checks (old code, purpose unclear, effects non-useful) configure.ac: try to use pkg-config to detect mbedTLS Documentation updates improve pull-filter documentation, emphasizing possible problems if used as a naive security measure (reported by SRLabs). Bugfixes p2mp server: fix incorrect file descriptor handling on "inotify" FD during a SIGUSR1 restart (GH: #966) management interface: fix bug where --management-forget-disconnect and --management-signal could be executed even if password authentication to managment interface was still pending (Zeropath finding) repair client-side interaction on reconnect between DCO event handling and --persist-tun - after a ping timeout and reconnect, the DCO event handler would not be armed, and the next ping timeout would not be received by userland, causing non-working connections with nothing in the openvpn log (Linux and FreeBSD only, GH: #947) prevent crash on invalid server-ipv6 argument, calling freeaddrinfo() with a NULL pointer. This only affects OpenBSD. (Klemens Nanni). Signed-off-by: Adolf Belka --- lfs/openvpn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/openvpn b/lfs/openvpn index 25e186f12..10f1f54c4 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2025 IPFire Team # +# Copyright (C) 2007-2026 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.6.17 +VER = 2.6.19 THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a5cff9bf4de85b647bd0cef808586b2cd29694ad0134ae6e4b3f74251c2ce0908cf86cbc041768f7fbc495e3ad5c5dbb9c491fe351b99da330dd2390142b353e +$(DL_FILE)_BLAKE2 = 4eabecd3be43c7a45dbf2fb92236f568d5273978b18d5068200277771a5f6cad5fd3cc138232812c7f2e3c9a7812e73ca63c362ec942f361401c0712dc7d8498 install : $(TARGET)