| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| move_log_dir.patch | Set default logdir to /var/log/openvpn https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553303 | Jrg Frings-Frst <debian@jff-webhosting.net> | not-needed | debian | 2017-10-03 | |
| auth-pam_libpam_so_filename.patch | Fix libpam.so filename to /lib/libpam.so.0 in pam plugin=================================================================== | Alberto Gonzalez Iniesta <agi@inittab.org> | no | debian | ||
| openvpn-pkcs11warn.patch | Warn users about deprecated pkcs11 options=================================================================== | Florian Kulzer <florian.kulzer+debian@icfo.es> | no | debian | ||
| systemd.patch | remove syslog.target | Jrg Frings-Frst <debian@jff.email> | no | 2018-07-29 | ||
| fix-dangling-pointer-in-pkcs11.patch | [PATCH] Bugfix: dangling pointer passed to pkcs11-helper (cherry picked from commit f4850745709c5b80ab7d09c03a86c5ceea6d10a2) |
Selva Nair <selva.nair@gmail.com> | no | 2023-05-09 | ||
| fix-memleak-in-dco_get_peer_stats_multi.patch | [PATCH] DCO: fix memory leak in dco_get_peer_stats_multi for Linux Leaks a small amount of memory every 15s. (cherry picked from commit 276f7c86d70666bc2ab4e6192ef5f1dcbd6a230f) |
Frank Lichtenheld <frank@lichtenheld.com> | no | 2023-05-15 | ||
| CVE-2023-46849.patch | [PATCH] Remove saving initial frame code This code was necessary before the frame/buffer refactoring as we always did relative adjustment to the frame. This also fixes also that previously initial_frame was initialised too early before the fragment related options were initialised and contained 0 for the maximum frame size. This resulted in a DIV by 0 that caused an abort on platforms that throw an exception for that. Only people with --fragment in their config are affected |
Arne Schwabe <arne@rfc2549.org> | no | 2023-10-19 | ||
| CVE-2023-46850.patch | [PATCH] Fix using to_link buffer after freed When I refactored the tls_state_change method in 9a7b95fda5 I accidentally changed a break into a return true while it should return a false. The code here is extremely fragile in the sense that it assumes that settings a keystate to S_ERROR cannot have any outgoing buffer or we will have a use after free. The previous break and now restored return false ensure this by skipping any further tls_process_state loops that might set to ks->S_ERROR and ensure that the to_link is sent out and cleared before having more loops in tls_state_change. This affects everyone, even with tls-auth/tls-crypt enabled. (cherry picked from commit 57a5cd1e12f193927c9b7429f8778fec7e04c50a) |
Arne Schwabe <arne@rfc2549.org> | no | 2023-10-27 |