Package "openvpn"

  openvpn (2.6.14-0ubuntu0.24.04.2) noble; urgency=medium

  * d/p/handle_intentional_route_push_float_ip.patch: Fix floating IP due
    to "route VPN_IP net_gateway", which can lead to incorrect blocking of
    a source IP switch for 60 seconds immediately after connection setup.
    (LP: #2108860)

 -- Jonas Jelten <email address hidden> Tue, 09 Sep 2025 16:36:28 +0200

  openvpn (2.6.14-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version 2.6.14 (LP: #2040467):
    - CVE Fixes:
      + CVE-2025-2704
    - Updates:
      + Send uname() release from client to server as IV_PLAT_VER.
      + Pass --timeout=0 argument to systemd-ask-password, to avoid default
        timeout of 90 seconds.
    - Bug Fixes:
      + Repair source IP selection for --multihome.
      + Allow tls-crypt-v2 to be setup only on initial packet of a session.
      + Fix some missing spaces in messages.
      + Fix parsing of usernames or passwords longer than USER_PASS_LEN on the
        server side to avoid IV variable misparsing and misleading errors.
      + Purge proxy authentication credentials from memory after use (if
        --auth-nocache is in use).
    - See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 for
      additional bug fixes and information.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-2704.patch
    [Fixed in 2.6.14]
  * d/t/control: Move to isolation-container to enable armhf/LXD coverage (LP 2104146).

 -- Lena Voytek <email address hidden> Fri, 30 May 2025 11:24:52 -0400