File openvpn-CVE-2025-13086.patch of Package openvpn

diff -Nrup src.orig/openvpn/ssl_pkt.c src/openvpn/ssl_pkt.c
--- src.orig/openvpn/ssl_pkt.c	2025-04-02 12:23:10.000000000 +0530
+++ src/openvpn/ssl_pkt.c	2026-01-22 10:32:14.093952635 +0530
@@ -545,13 +545,14 @@ check_session_id_hmac(struct tls_pre_dec
         return false;
     }
 
-    /* check adjacent timestamps too */
-    for (int offset = -2; offset <= 1; offset++)
+    /* check adjacent timestamps too, the handwindow is split in 2 for the
+     * offset, so we check the current timeslot and the two before that */
+    for (int offset = -2; offset <= 0; offset++)
     {
         struct session_id expected_id =
             calculate_session_id_hmac(state->peer_session_id, from, hmac, handwindow, offset);
 
-        if (memcmp_constant_time(&expected_id, &state->server_session_id, SID_SIZE))
+        if (memcmp_constant_time(&expected_id, &state->server_session_id, SID_SIZE)==0)
         {
             return true;
         }