[Buildroot] [PATCH for 2025.02.x] package/openvpn: security bump to v2.6.20

[Buildroot] [PATCH for 2025.02.x] package/openvpn: security bump to v2.6.20

[Titouan Christophe via buildroot]

See the release notes:
https://github.com/OpenVPN/openvpn/blob/v2.6.20/Changes.rst

This fixes 2 security issues:
- CVE-2026-40215:
    race condition in TLS handshake that could lead to leaking of packet
    data from a previous handshake under specific circumstances
- CVE-2026-35058:
    server ASSERT() on receiving a suitably malformed packet with a valid
    tls-crypt-v2 key

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
---
 package/openvpn/openvpn.hash | 2 +-
 package/openvpn/openvpn.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/openvpn/openvpn.hash b/package/openvpn/openvpn.hash
index 0123babe4b..957537dde6 100644
--- a/package/openvpn/openvpn.hash
+++ b/package/openvpn/openvpn.hash
@@ -1,3 +1,3 @@
 # Locally calculated after checking signature
-sha256  05cb5fdf1ea33fcba719580b31a97feaa019c4a3050563e88bc3b34675e6fed4  openvpn-2.6.16.tar.gz
+sha256  952ecee5b911a5353c0a6d40af62a7076c6dea1481ef204ce6d3f10481531315  openvpn-2.6.20.tar.gz
 sha256  edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6  COPYRIGHT.GPL
diff --git a/package/openvpn/openvpn.mk b/package/openvpn/openvpn.mk
index 0175c51d63..a117f6ee8c 100644
--- a/package/openvpn/openvpn.mk
+++ b/package/openvpn/openvpn.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENVPN_VERSION = 2.6.16
+OPENVPN_VERSION = 2.6.20
 OPENVPN_SITE = https://swupdate.openvpn.net/community/releases
 OPENVPN_DEPENDENCIES = host-pkgconf libcap-ng
 OPENVPN_LICENSE = GPL-2.0
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH for 2025.02.x] package/openvpn: security bump to v2.6.20

[Thomas Perale via buildroot]

In reply of:
> See the release notes:
> https://github.com/OpenVPN/openvpn/blob/v2.6.20/Changes.rst
> 
> This fixes 2 security issues:
> - CVE-2026-40215:
>     race condition in TLS handshake that could lead to leaking of packet
>     data from a previous handshake under specific circumstances
> - CVE-2026-35058:
>     server ASSERT() on receiving a suitably malformed packet with a valid
>     tls-crypt-v2 key
> 
> Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>

Applied to 2025.02.x & 2026.02.x. Thanks

> ---
>  package/openvpn/openvpn.hash | 2 +-
>  package/openvpn/openvpn.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/package/openvpn/openvpn.hash b/package/openvpn/openvpn.hash
> index 0123babe4b..957537dde6 100644
> --- a/package/openvpn/openvpn.hash
> +++ b/package/openvpn/openvpn.hash
> @@ -1,3 +1,3 @@
>  # Locally calculated after checking signature
> -sha256  05cb5fdf1ea33fcba719580b31a97feaa019c4a3050563e88bc3b34675e6fed4  openvpn-2.6.16.tar.gz
> +sha256  952ecee5b911a5353c0a6d40af62a7076c6dea1481ef204ce6d3f10481531315  openvpn-2.6.20.tar.gz
>  sha256  edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6  COPYRIGHT.GPL
> diff --git a/package/openvpn/openvpn.mk b/package/openvpn/openvpn.mk
> index 0175c51d63..a117f6ee8c 100644
> --- a/package/openvpn/openvpn.mk
> +++ b/package/openvpn/openvpn.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -OPENVPN_VERSION = 2.6.16
> +OPENVPN_VERSION = 2.6.20
>  OPENVPN_SITE = https://swupdate.openvpn.net/community/releases
>  OPENVPN_DEPENDENCIES = host-pkgconf libcap-ng
>  OPENVPN_LICENSE = GPL-2.0
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot