* [Buildroot] [PATCH for 2025.02.x] package/openvpn: security bump to v2.6.20
@ 2026-04-30 9:00 Titouan Christophe via buildroot
2026-05-04 14:47 ` Thomas Perale via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Titouan Christophe via buildroot @ 2026-04-30 9:00 UTC (permalink / raw)
To: buildroot; +Cc: Bernd Kuhls, thomas.perale
See the release notes:
https://github.com/OpenVPN/openvpn/blob/v2.6.20/Changes.rst
This fixes 2 security issues:
- CVE-2026-40215:
race condition in TLS handshake that could lead to leaking of packet
data from a previous handshake under specific circumstances
- CVE-2026-35058:
server ASSERT() on receiving a suitably malformed packet with a valid
tls-crypt-v2 key
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
---
package/openvpn/openvpn.hash | 2 +-
package/openvpn/openvpn.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/openvpn/openvpn.hash b/package/openvpn/openvpn.hash
index 0123babe4b..957537dde6 100644
--- a/package/openvpn/openvpn.hash
+++ b/package/openvpn/openvpn.hash
@@ -1,3 +1,3 @@
# Locally calculated after checking signature
-sha256 05cb5fdf1ea33fcba719580b31a97feaa019c4a3050563e88bc3b34675e6fed4 openvpn-2.6.16.tar.gz
+sha256 952ecee5b911a5353c0a6d40af62a7076c6dea1481ef204ce6d3f10481531315 openvpn-2.6.20.tar.gz
sha256 edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6 COPYRIGHT.GPL
diff --git a/package/openvpn/openvpn.mk b/package/openvpn/openvpn.mk
index 0175c51d63..a117f6ee8c 100644
--- a/package/openvpn/openvpn.mk
+++ b/package/openvpn/openvpn.mk
@@ -4,7 +4,7 @@
#
################################################################################
-OPENVPN_VERSION = 2.6.16
+OPENVPN_VERSION = 2.6.20
OPENVPN_SITE = https://swupdate.openvpn.net/community/releases
OPENVPN_DEPENDENCIES = host-pkgconf libcap-ng
OPENVPN_LICENSE = GPL-2.0
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [Buildroot] [PATCH for 2025.02.x] package/openvpn: security bump to v2.6.20
2026-04-30 9:00 [Buildroot] [PATCH for 2025.02.x] package/openvpn: security bump to v2.6.20 Titouan Christophe via buildroot
@ 2026-05-04 14:47 ` Thomas Perale via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Perale via buildroot @ 2026-05-04 14:47 UTC (permalink / raw)
To: Titouan Christophe; +Cc: Thomas Perale, buildroot
In reply of:
> See the release notes:
> https://github.com/OpenVPN/openvpn/blob/v2.6.20/Changes.rst
>
> This fixes 2 security issues:
> - CVE-2026-40215:
> race condition in TLS handshake that could lead to leaking of packet
> data from a previous handshake under specific circumstances
> - CVE-2026-35058:
> server ASSERT() on receiving a suitably malformed packet with a valid
> tls-crypt-v2 key
>
> Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Applied to 2025.02.x & 2026.02.x. Thanks
> ---
> package/openvpn/openvpn.hash | 2 +-
> package/openvpn/openvpn.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/openvpn/openvpn.hash b/package/openvpn/openvpn.hash
> index 0123babe4b..957537dde6 100644
> --- a/package/openvpn/openvpn.hash
> +++ b/package/openvpn/openvpn.hash
> @@ -1,3 +1,3 @@
> # Locally calculated after checking signature
> -sha256 05cb5fdf1ea33fcba719580b31a97feaa019c4a3050563e88bc3b34675e6fed4 openvpn-2.6.16.tar.gz
> +sha256 952ecee5b911a5353c0a6d40af62a7076c6dea1481ef204ce6d3f10481531315 openvpn-2.6.20.tar.gz
> sha256 edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6 COPYRIGHT.GPL
> diff --git a/package/openvpn/openvpn.mk b/package/openvpn/openvpn.mk
> index 0175c51d63..a117f6ee8c 100644
> --- a/package/openvpn/openvpn.mk
> +++ b/package/openvpn/openvpn.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -OPENVPN_VERSION = 2.6.16
> +OPENVPN_VERSION = 2.6.20
> OPENVPN_SITE = https://swupdate.openvpn.net/community/releases
> OPENVPN_DEPENDENCIES = host-pkgconf libcap-ng
> OPENVPN_LICENSE = GPL-2.0
> --
> 2.53.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-04 14:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-30 9:00 [Buildroot] [PATCH for 2025.02.x] package/openvpn: security bump to v2.6.20 Titouan Christophe via buildroot
2026-05-04 14:47 ` Thomas Perale via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox