From: Adolf Belka Date: Sat, 14 Feb 2026 15:20:37 +0000 (+0100) Subject: openvpn: Update to version 2.6.19 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0074cd7889affdb2d3fa716346aaec03090ada9e;p=ipfire-2.x.git openvpn: Update to version 2.6.19 - Update from version 2.6.17 to 2.6.19 - No change to rootfile - Changelog 2.6.19 Bugfixes make dist would fail to pack unit_tests/openvpn/test_common.h, breaking make check on the tarball if cmocka is installed. Fix. 2.6.18 New features / User visible changes disable DCO if --bind-dev option is given (no support for this in the old out-of-kernel Linux DCO implementation) on Windows, if using --ip-win32 netsh and not using the interactive service, IPv4 addresses would be installed as "permanent", possibly causing problems later on with using that IPv4 address on a different interface. Change to "store=active". (GH: #915) Code maintenance / Compat changes backport fixes needed to build unit tests with cmocka 2.0.0 and -Werror (some parts of the old API have been deprecated and would raise warnings) backport "ensure that all unit tests use unbuffered stdout+stderr" change, otherwise we get no output at all if a unit test crashes add explicit error message for failing read in multi_process_file_closed() (reported by SRL) test framework: permit overriding the openvpn binary called configure.ac: remove use of PKCS11_HELPER_LIBS in mbedTLS checks (old code, purpose unclear, effects non-useful) configure.ac: try to use pkg-config to detect mbedTLS Documentation updates improve pull-filter documentation, emphasizing possible problems if used as a naive security measure (reported by SRLabs). Bugfixes p2mp server: fix incorrect file descriptor handling on "inotify" FD during a SIGUSR1 restart (GH: #966) management interface: fix bug where --management-forget-disconnect and --management-signal could be executed even if password authentication to managment interface was still pending (Zeropath finding) repair client-side interaction on reconnect between DCO event handling and --persist-tun - after a ping timeout and reconnect, the DCO event handler would not be armed, and the next ping timeout would not be received by userland, causing non-working connections with nothing in the openvpn log (Linux and FreeBSD only, GH: #947) prevent crash on invalid server-ipv6 argument, calling freeaddrinfo() with a NULL pointer. This only affects OpenBSD. (Klemens Nanni). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- diff --git a/lfs/openvpn b/lfs/openvpn index 25e186f12..10f1f54c4 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2025 IPFire Team # +# Copyright (C) 2007-2026 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2.6.17 +VER = 2.6.19 THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a5cff9bf4de85b647bd0cef808586b2cd29694ad0134ae6e4b3f74251c2ce0908cf86cbc041768f7fbc495e3ad5c5dbb9c491fe351b99da330dd2390142b353e +$(DL_FILE)_BLAKE2 = 4eabecd3be43c7a45dbf2fb92236f568d5273978b18d5068200277771a5f6cad5fd3cc138232812c7f2e3c9a7812e73ca63c362ec942f361401c0712dc7d8498 install : $(TARGET)