-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 22:54:51 +0100
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: ppc64el
Version: 2.6.3-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: ppc64el Build Daemon (ppc64el-conova-01) <buildd_ppc64el-ppc64el-conova-01@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1112516 1121086
Changes:
 openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
 .
   [ Aquila Macedo ]
   * Add new autopkgtest for unit tests.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from
     upstream to fix a regression introduced with CVE-2024-5594's fix. Namely,
     "Allow trailing \r and \n in control channel message". (Closes: #1112516)
   * debian/salsa-ci:
       - Allow lintian job to fail. Sid's version dislikes things from bookworm.
       - Disable gbp setup-gitattributes.
       - Disable reprotest on bookworm. It can't run on bookworm, so the build
         fails because of build dependencies problems.
   * debian/tests/unit-tests: enable unit-tests in configure and be verbose.
Checksums-Sha1:
 7c9790d388174d7b1eed8308eb1d90d3444c074d 1301056 openvpn-dbgsym_2.6.3-1+deb12u4_ppc64el.deb
 20ddf32846c7e57956a78e7e42f2f60797800a66 7831 openvpn_2.6.3-1+deb12u4_ppc64el-buildd.buildinfo
 533bca1de0e1be8f4e99f71a7e28b4f2fa72c4b2 680280 openvpn_2.6.3-1+deb12u4_ppc64el.deb
Checksums-Sha256:
 e21e02b7c3e4ff2631548f47966039c945f903775a384fc0c5c7cd0af3ec1c7f 1301056 openvpn-dbgsym_2.6.3-1+deb12u4_ppc64el.deb
 698ce7cc6463ae99426f6df8eb5cc800947eeb716244719c500dcb2dec66dc13 7831 openvpn_2.6.3-1+deb12u4_ppc64el-buildd.buildinfo
 8179f080ba778f18bcd41eff620048056c1d7afe24693269444d78840b2f9026 680280 openvpn_2.6.3-1+deb12u4_ppc64el.deb
Files:
 2cd1571b2b7149be645df9cd5c704cfd 1301056 debug optional openvpn-dbgsym_2.6.3-1+deb12u4_ppc64el.deb
 9725769c1b8cc48d12037e52aef81b3e 7831 net optional openvpn_2.6.3-1+deb12u4_ppc64el-buildd.buildinfo
 572c5ea091500ed37db44079192c89d3 680280 net optional openvpn_2.6.3-1+deb12u4_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvNkWZvjZkiWgJGRETMSrGPLkYxUFAmksyBQACgkQTMSrGPLk
YxX96A/9G5rAu91RlPhmjs630NMGeavZGLjyWzpUelcRQK5FyE0Q4WwirxLx9Xgl
HDv7S8w79XY2X1hFiCxZ2c9JpPYo3xhxtFduMZxNHSJPF45LVkB/oYcTxcC70lQ0
nm4wId0dPsHdACPgwjwYxCiPOWq/OOP1d4assB1ulhNdQrsP+7/GkcQFkRJ/SoWp
j7bPdl+7yvxAfqFmnpW+l0B/L5nFNqrXiUepSCWxsjHQDu23KjTgv73fyLbb+mt4
Tnig4c+JOO07H2lu5xd49nR1prajzlUHCGNUBh9mFYNF3W5ZpNsjIlrMNoh0c0bG
LWcyeAMLAjdMaCuUNLiTf76XiZDnB1rmGTr8CR9NAxM0RMUCN429CKQ+wpD0fith
x7VVDrAKg38FJBYsoNskVg2t9iClnIxoAJ9+lfYyuVpU7OLSuCkftW/qvkAEEZpX
PGCGbpr5EYpDi5EWOotY1EGadwyv7Uc24eTd/7jVQF7BJ33vWUPtT6HHfw7eQB7+
MfGPbaZAv1uFgGuc52KPslH634JKnPUJWEfDZMAH6/ky02qUmr5lGthh4gYqievI
+LMdXkKYpEYkiLqexlYbVVlv3OOqXUHyWkhqGgwksX+jp4nVcB+kcesI5m0GkS7z
SdGmPBaw8Un2ytFvEB6bf6rtd98wahzyWYTE0KXm+GoXfgt5hCg=
=YsvT
-----END PGP SIGNATURE-----