From patchwork Mon Dec 27 09:16:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2186 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.58]) by backend41.mail.ord1d.rsapps.net with LMTP id eBVgHFcfymFncwAAqwncew (envelope-from ) for ; Mon, 27 Dec 2021 15:17:27 -0500 Received: from proxy21.mail.iad3a.rsapps.net ([172.27.255.58]) by director11.mail.ord1d.rsapps.net with LMTP id OGqZMlcfymGBeAAAvGGmqA (envelope-from ) for ; Mon, 27 Dec 2021 15:17:27 -0500 Received: from smtp34.gate.iad3a ([172.27.255.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy21.mail.iad3a.rsapps.net with LMTPS id ANSlK1cfymHlbQAASBQwCQ (envelope-from ) for ; Mon, 27 Dec 2021 15:17:27 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp34.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 024011a0-6752-11ec-a3f7-525400865cc7-1-1 Received: from [216.105.38.7] ([216.105.38.7:49696] helo=lists.sourceforge.net) by smtp34.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 29/6B-11905-65F1AC16; Mon, 27 Dec 2021 15:17:27 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1n1wQ2-0003i3-So; Mon, 27 Dec 2021 20:16:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n1wQ0-0003hx-Vi for openvpn-devel@lists.sourceforge.net; Mon, 27 Dec 2021 20:16:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RZCS5d3sM3z0xWzBqEUm2kMuc4q6mcgRCn31m4Wvquc=; b=GStYiUc86MaK0VxKQ9lg8Q8zOH khqOl6ZChTh6Q/lN+eeeX3ONQ6v/8prHx0gftxevnD7IjY1T8EMf5sgZPxpqJuEOsowQwjRrp2H3L qgnlrhDF14TRWDnH6T7M/800W3Sup3q3L6kq881FieTn2YV9ionPCIEFmt0iuQzAU2C8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RZCS5d3sM3z0xWzBqEUm2kMuc4q6mcgRCn31m4Wvquc=; b=hMHHATQnV71qxmoPHB+zWwHKQj S4tol7EOIGCxQhZxkGmsYY1n8CKgUODxJRO04/VigIbDb3VCM39VoUdD4fI5RH8fB8efha09XEbqA 9XqIqJd+HhxrSj4aIPZf7sMk+B0ZKl6Fq7UUJL6EKNub8L6j0U6f+4v9a4hAq4NhWX1M=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1n1wPy-00B9G5-W9 for openvpn-devel@lists.sourceforge.net; Mon, 27 Dec 2021 20:16:28 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.15.2/8.14.9) with ESMTP id 1BRKGGcV013364 for ; Mon, 27 Dec 2021 21:16:16 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.15.2/8.14.9/Submit) id 1BRKGGqj013363 for openvpn-devel@lists.sourceforge.net; Mon, 27 Dec 2021 21:16:16 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 27 Dec 2021 21:16:16 +0100 Message-Id: <20211227201616.13315-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.3 In-Reply-To: <20211227111504.31173-1-gert@greenie.muc.de> References: <20211227111504.31173-1-gert@greenie.muc.de> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: - 2.5.3 had a typo in the CVE ID (CVE-2121-3606 should be -2021-) - 2.5.5 had windows paths with backslashes, which need to be doubled (CVE ID typo also reported by "@attritionorg" in Github PR 165) v2: SSL -> ssl, and .cfg -> .cnf Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1n1wPy-00B9G5-W9 Subject: [Openvpn-devel] [PATCH v2] fix Changes.rst errors in 2.5.3 and 2.5.5 announcement X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox - 2.5.3 had a typo in the CVE ID (CVE-2121-3606 should be -2021-) - 2.5.5 had windows paths with backslashes, which need to be doubled (CVE ID typo also reported by "@attritionorg" in Github PR 165) v2: SSL -> ssl, and .cfg -> .cnf Signed-off-by: Gert Doering Acked-By: Selva Nair --- Changes.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Changes.rst b/Changes.rst index b6f98d51..4e4f2018 100644 --- a/Changes.rst +++ b/Changes.rst @@ -18,8 +18,8 @@ New features - Windows build: use CFG and Spectre mitigations on MSVC builds - bring back OpenSSL config loading to Windows builds. - OpenSSL config is loaded from %installdir%\SSL\openssl.cfg - (typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists. + OpenSSL config is loaded from %installdir%\\ssl\\openssl.cnf + (typically: c:\\program files\\openvpn\\ssl\\openssl.cnf) if it exists. This is important for some hardware tokens which need special OpenSSL config for correct operation. Trac #1296 @@ -102,7 +102,7 @@ Overview of changes in 2.5.3 ============================ Bugfixes -------- -- CVE-2121-3606 +- CVE-2021-3606 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements OpenVPN windows builds could possibly load OpenSSL Config files from