openvpn.git/debian/patches, branch debian/2.5.1-3 Debian repo for openvpn Cherry-Pick "Fix condition to generate session keys" 2021-05-14T07:39:26+00:00 Bernhard Schmidt berni@debian.org 2021-05-14T07:39:26+00:00 730212a2ac6d5c920b605763c7b62a7730f5f3f3 Closes: #988478 
Closes: #988478
CVE-2020-15078: Authentication bypass with deferred authentication 2021-04-28T13:12:01+00:00 Bernhard Schmidt berni@debian.org 2021-04-28T12:38:07+00:00 a398f557fd1320096e140f8ca297481ae75e12b3 Overview OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. Detailed description This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. Pre-Dependency: CVE-2020-15078-0.patch: https://github.com/OpenVPN/openvpn/commit/14511010 CVE-Fix: CVE-2020-15078-1.patch: https://github.com/OpenVPN/openvpn/commit/3aca477a CVE-2020-15078-2.patch: https://github.com/OpenVPN/openvpn/commit/3d18e308 CVE-2020-15078-3.patch: https://github.com/OpenVPN/openvpn/commit/f7b3bf06 Closes: #987380 
Overview

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass
authentication and access control channel data on servers configured
with deferred authentication, which can be used to potentially trigger
further information leaks.

Detailed description

This bug allows - under very specific circumstances - to trick a server
using delayed authentication (plugin or management) into returning a
PUSH_REPLY before the AUTH_FAILED message, which can possibly be used
to gather information about a VPN setup.

In combination with "--auth-gen-token" or a user-specific token auth
solution it can be possible to get access to a VPN with an
otherwise-invalid account.

Pre-Dependency:
CVE-2020-15078-0.patch: https://github.com/OpenVPN/openvpn/commit/14511010

CVE-Fix:
CVE-2020-15078-1.patch: https://github.com/OpenVPN/openvpn/commit/3aca477a
CVE-2020-15078-2.patch: https://github.com/OpenVPN/openvpn/commit/3d18e308
CVE-2020-15078-3.patch: https://github.com/OpenVPN/openvpn/commit/f7b3bf06

Closes: #987380
Adjust patches for new major upstream version 2020-08-15T19:59:32+00:00 Bernhard Schmidt berni@debian.org 2020-08-15T19:59:32+00:00 0d85c7a4b77d7841435ae1ea6f3c70640f4e974b 






Cherry-Pick upstream patch to fix ssl_do_config error with invalid OpenSSL system configuration
2020-04-21T14:56:12+00:00

Bernhard Schmidt
berni@debian.org

2020-04-21T14:56:12+00:00

9df4f6e383b6ad4a63b4402a6f1f690b2bb654f2

Closes: #958296





Closes: #958296







Refresh d/p/openvpn-pkcs11warn.patch: Remove d/p/fix-pkcs11-helper-hang.patch
2020-04-10T21:32:00+00:00

Jörg Frings-Fürst
debian@jff.email

2020-04-10T21:32:00+00:00

8643b24ca3c740fc17384a41125be80d0c5a369a












Avoid hangs when spawhning child processes by not setting pkcs11-helper "safe fork mode" (Closes: #772812, #900805, #907452)
2019-02-20T13:29:56+00:00

Hilko Bengen
bengen@debian.org

2019-02-19T09:37:53+00:00

89368d36202104dd4bc3827ab0611b229de05b27












adjust kfreebsd_support.patch for new upstream version
2019-02-20T13:17:05+00:00

Bernhard Schmidt
berni@debian.org

2019-02-20T13:17:05+00:00

5fd18a24d4e47f0baba4a9b74a6308ca75f9d820












New d/p/systemd.patch to remove obsolete syslog.target
2018-07-29T20:21:33+00:00

Jörg Frings-Fürst
debian@jff.email

2018-07-29T20:21:33+00:00

880051903016a9118576e933bf99c33a4acb6c5d












Refresh patches; New d/p/spelling_errors.patch
2018-07-29T13:45:10+00:00

Jörg Frings-Fürst
debian@jff.email

2018-07-29T13:45:10+00:00

b6452a67b11028479cdb5179c8cbb1a0f33e97e0












New directory /var/log/openvpn for log and status files
2017-10-03T22:07:15+00:00

Jörg Frings-Fürst
debian@jff-webhosting.net

2017-10-03T22:07:15+00:00

abb6ab3918792141a92a8e5b91074b66153b2eb3