Revisions of openvpn
Richard Brown (RBrownSUSE)
accepted
request 911848
from
Factory Maintainer (factory-maintainer)
(revision 94)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 899936
from
Factory Maintainer (factory-maintainer)
(revision 93)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 898085
from
Reinhard Max (rmax)
(revision 92)
- update to 2.4.11 (bsc#1185279): * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements * This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. * In combination with "--auth-gen-token" or an user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. * Fix potential NULL ptr crash if compiled with DMALLOC - drop sysv5 init support, it hasn't build successfully in ages and is build-disabled in devel project
Dominique Leuenberger (dimstar_suse)
accepted
request 720978
from
Factory Maintainer (factory-maintainer)
(revision 83)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 601900
from
Reinhard Max (rmax)
(revision 81)
- Update to 2.4.6: * CVE-2018-9336, bsc#1090839: Fix potential double-free() in Interactive Service * Delete the IPv6 route to the "connected" network on tun close * Management: warn about password only when the option is in use * Avoid overflow in wakeup time computation - Remove --askpass again, because it was also asking for a password when none was needed. As a workaround for keys that need a password, the "askpass" statement should be added to the config file (bsc#1078026). - Use Type=notify in openvpn.service to reflect what openvpn is actually doing. - Import the new signing key from upstream. - Remove obsolete configure switch --enable-password-save . - Update to 2.4.5 * New features + The new option --tls-cert-profile can be used to restrict the set of allowed crypto algorithms in TLS certificates in mbed TLS builds. The default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any elliptic curve certificates. The default will be changed to the 'preferred' profile in the future, which requires SHA2+, RSA-2048+ and any curve. + openvpnserv: Add support for multi-instances (to support multiple parallel OpenVPN installations, like EduVPN and regular OpenVPN) + Use P_DATA_V2 for server->client packets too (better packet alignment) + improve management interface documentation
Dominique Leuenberger (dimstar_suse)
accepted
request 578447
from
Factory Maintainer (factory-maintainer)
(revision 80)
Automatic submission by obs-autosubmit
Displaying revisions 21 - 40 of 115