Issues with the openvpn-2.3.15 source release

All comments and questions related to the functionality of the OpenVPN web pages and forum should go here.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Locked
4367be43a437994fbb137d596406b05c
OpenVpn Newbie
Posts: 1
Joined: Thu May 18, 2017 12:00 pm

Issues with the openvpn-2.3.15 source release

Post by 4367be43a437994fbb137d596406b05c » Thu May 18, 2017 12:21 pm

Downloading http://swupdate.openvpn.net/community/r ... .15.tar.xz from different locations in Germany gives me a file with MD5 sum fcc00e0c7650a260a606b84d41dda9fa. Downloading the same file from Switzerland gives me a MD5 4367be43a437994fbb137d596406b05c.

Here is the diff:

Code: Select all

diff -r openvpn-2.3.15-de/ChangeLog openvpn-2.3.15-ch/ChangeLog
18c18
< Steffan Karger (6):
---
> Steffan Karger (5):
24d23
<       Don't assert out on receiving too-large control packets (CVE-2017-7478)
Only in openvpn-2.3.15-de/sample/sample-plugins/defer: Makefile~
Only in openvpn-2.3.15-de/sample/sample-plugins/defer: defer-w-pf.o
Only in openvpn-2.3.15-de/sample/sample-plugins/defer: defer-w-pf.so
Only in openvpn-2.3.15-de/sample/sample-plugins/defer: test.c~
Only in openvpn-2.3.15-de/sample/sample-plugins/log: log_v3.o
Only in openvpn-2.3.15-de/sample/sample-plugins/log: log_v3.so
Only in openvpn-2.3.15-de/sample/sample-plugins/simple: base64.o
Only in openvpn-2.3.15-de/sample/sample-plugins/simple: base64.so
diff -r openvpn-2.3.15-de/src/openvpn/ssl.c openvpn-2.3.15-ch/src/openvpn/ssl.c
3228,3233c3228
<                           if (!buf_copy (in, buf))
<                             {
<                               msg (D_MULTI_DROPPED,
<                                    "Incoming control channel packet too big, dropping.");
<                               goto error;
<                             }
---
>                           ASSERT (buf_copy (in, buf));
That looks quite obvious like a mistake, but it should be documented somewhere.

User avatar
dazo
OpenVPN Inc.
Posts: 155
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ libera.chat

Re: Different file versions for openvpn-2.3.15.tar.xz

Post by dazo » Thu May 18, 2017 1:16 pm

Yes, unfortunately we managed to make a real mess with the v2.3.15 tarballs. This was a big mistake, and we are truly sorry for that. We were made aware of these issues quite recently.

We're now in the middle of fixing this, so please do await further updates on this thread.

User avatar
dazo
OpenVPN Inc.
Posts: 155
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ libera.chat

Re: Issues with the openvpn-2.3.15 source release

Post by dazo » Tue Nov 14, 2017 2:55 pm

This got resolved ages ago, and the latest releases are 2.3.18 and 2.4.4. So this is no longer an issue and have been resolved.

For latest updates, please see here: https://openvpn.net/index.php/open-sour ... loads.html

Locked