diff mbox series

openvpn: Update to version 2.7.3

Message ID 20260430183648.2774994-4-adolf.belka@ipfire.org
State Staged
Commit 4eaf33e0126233b40f00a5c997c14781ecd7b9cd
Headers
Series openvpn: Update to version 2.7.3 |

Commit Message

Adolf Belka 30 Apr 2026, 6:36 p.m. UTC 
- Update from version 2.7.1 to 2.7.3
- No change to rootfile
- 2 CVE fixes in 2.7.2. These have also been applied to 2.6.20 on the 2.6 branch
- Changelog
2.7.3
bugfixes
	in combination with --management-query-passwords, setups using --auth-user-pass
	 file or inline auth-user-pass would no longer use the configured passwords and
	 prompt on the management interface instead (OpenVPN GUI would then provide an
	 empty user/password prompt) (Github: OpenVPN/openpvn#1021).
2.7.2
Security fixes
    fix race condition in TLS handshake that could lead to leaking of packet data from
	a previous handshake under specific circumstances (CVE-2026-40215)
        (Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com))
    fix server ASSERT() on receiving a suitably malformed packet with a valid
	tls-crypt-v2 key (CVE-2026-35058)
        (Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com)
        and independently by Emma Reuter of Cisco ASIG (TALOS-2026-2381))
Bugfixes
    when using a config file with inlined username and no password, fix prompting for
	the password from management interface.
    Windows: fix DNSSEC flag handling - this got never applied due to a bad comparison
	being always false.
    Windows: fix deinstallation progress bar on adapter deletion.
New features
    management interface: permit input of very long passwords in base64-encoded
	multiline format. Signal support to management clients via
	"management version 6".
Documentation
    improve documentation and error messages related to old and new Linux DCO modules
    remove some references to pre-2.3 OpenVPN
    improve manpage for --learn-address config
User-visible Changes
    improve error messages on --verify-x509-name failures
    improve error logging when overlong username or passwords can not be written to TLS
	buffer
Long-term code maintenance
    fully support OpenSSL 4.0 now, without "deprecated API" warnings (multiple small
	changes to adapt to 3.5 -> 4.0 API changes)
    add unit tests for certificate detail printing
    add unit tests for "empty password on inline credentials" handling

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/openvpn | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/lfs/openvpn b/lfs/openvpn
index 80eb94032..c1d0f69b6 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 2.7.1
+VER        = 2.7.3
 
 THISAPP    = openvpn-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = a5f598a4f2366c3134578af6bf08750c3d4269ab036f1b49b44799174bca01dc4d79c8ddfce2b5948f186a7729cd96e428b74dda4a685bf44323aaa188739405
+$(DL_FILE)_BLAKE2 = ef569507072af64cab3d2458f3f1ec86478975c4df9a33320b3e96df63d1e8ecbec9bc1b12344c58bdd2c9c734b065100a71f1d7954f324a325f39d220b914cc
 
 install : $(TARGET)