Revisions of openvpn
buildservice-autocommit
accepted
request 1065524
from
Mohd Saquib (msaquib)
(revision 186)
baserev update by copy to link target
Mohd Saquib (msaquib)
accepted
request 1065450
from
Thorsten Kukuk (kukuk)
(revision 185)
- Remove migration from openvpn.service to openvpn@.service and depending requires, this is from pre SLE12 times and not supported anymore.
buildservice-autocommit
accepted
request 1057073
from
Reinhard Max (rmax)
(revision 184)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 183)
- bsc#1123557: --suppress-timestamps isn't needed by default.
buildservice-autocommit
accepted
request 1037543
from
Reinhard Max (rmax)
(revision 182)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 1036732
from
Dirk Mueller (dirkmueller)
(revision 181)
- update to 2.5.8: * allow running a default configuration with TLS libraries without BF-CBC (even if TLS cipher negotiation would not actually use BF-CBC, the long-term compatibility "default cipher BF-CBC" would trigger an error on such TLS libraries) * ``--auth-nocache'' was not always correctly clearing username+password after a renegotiation * ensure that auth-token received from server is cleared if requested by the management interface ("forget password" or automatically via ``--management-forget-disconnect'') * in a setup without username+password, but with auth-token and auth-token-username pushed by the server, OpenVPN would start asking for username+password on token expiry. Fix. * using ``--auth-token`` together with ``--management-client-auth`` (on the server) would lead to TLS keys getting out of sync and client being disconnected. Fix. * management interface would sometimes get stuck if client and server try to write something simultaneously. Fix by allowing a limited level of recursion in virtual_output_callback() * fix management interface not returning ERROR:/SUCCESS: response on "signal SIGxxx" commands when in HOLD state * tls-crypt-v2: abort connection if client-key is too short * make man page agree with actual code on replay-window backtrag log message * remove useless empty line from CR_RESPONSE message
buildservice-autocommit
accepted
request 1004129
from
Reinhard Max (rmax)
(revision 180)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 1003012
from
Dirk Mueller (dirkmueller)
(revision 179)
- build with enable-iproute2 again to have root-less mode working (bsc#1202792)
buildservice-autocommit
accepted
request 981470
from
Reinhard Max (rmax)
(revision 178)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 980821
from
Dirk Mueller (dirkmueller)
(revision 177)
- update to 2.5.7: * Limited OpenSSL 3.0 support * print OpenSSL error stack if decoding PKCS12 file fails * fix omission of cipher-negotiation.rst in tarballs * fix errno handling on Windows (Windows has different classes of error codes, GetLastError() and C runtime errno, these should now be handled correctly) * fix PATH_MAX build failure in auth-pam.c * fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface * fix overlong path names, leading to missing pkcs11-helper patch in tarball
buildservice-autocommit
accepted
request 965876
from
Factory Maintainer (factory-maintainer)
(revision 176)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 175)
- update to 2.5.6: * bsc#1197341, CVE-2022-0547: possible authentication bypass in external authentication plug-in * Fix "--mtu-disc maybe|yes" on Linux * Fix $common_name variable passed to scripts when username-as-common-name is in effect. * Fix potential memory leaks in add_route() and add_route_ipv6(). * Apply connect-retry backoff only to one side of the connection in p2p mode. * repair "--inactive" handling with a 'bytes' parameter larger than 2 Gbytes. * new plugin (sample-plugin/defer/multi-auth.c) to help testing with multiple parallel plugins that succeed/fail in direct/deferred mode.
Reinhard Max (rmax)
committed
(revision 174)
Reinhard Max (rmax)
committed
(revision 173)
- Fix license tag in spec file.
Reinhard Max (rmax)
accepted
request 935683
from
Jan Engelhardt (jengelh)
(revision 172)
- Avoid bashisms and use POSIX sh syntax. - Use more efficient find commands. - Trim marketing filler words from description.
Reinhard Max (rmax)
accepted
request 940795
from
Dirk Mueller (dirkmueller)
(revision 171)
- update to 2.5.5: * SWEET32/64bit cipher deprecation change was postponed to 2.7 * improve "make check" to notice if "openvpn --show-cipher" crashes * improve argv unit tests * ensure unit tests work with mbedTLS builds without BF-CBC ciphers * include "--push-remove" in the output of "openvpn --help" * fix error in iptables syntax in example firewall.sh script * fix "resolvconf -p" invocation in example "up" script * fix "common_name" environment for script calls when "--username-as-common-name" is in effect (Trac #1434) * move "push-peer-info" documentation from "server options" to "client" * correct "foreign_option_{n}" typo in manpage * README.down-root: fix plugin module name
Reinhard Max (rmax)
committed
(revision 170)
- Drop 0001-preform-deferred-authentication-in-the-background.patch Upstream has meanwhile solved this differently and the two implementations interfere (boo#1193017). - Obsoleted SLE patches up to this point: * openvpn-CVE-2020-15078.patch * openvpn-CVE-2020-11810.patch * openvpn-CVE-2018-7544.patch * openvpn-CVE-2018-9336.patch (bsc#1085803, CVE-2018-7544)
Reinhard Max (rmax)
committed
(revision 169)
- Disable 0001-preform-deferred-authentication-in-the-background.patch for testing, because the PAM module now has upstream support for deferred authentication.
Reinhard Max (rmax)
accepted
request 928265
from
Dirk Mueller (dirkmueller)
(revision 168)
- update to 2.5.4: * fix prompting for password on windows console if stderr redirection is in use - this breaks 2.5.x on Win11/ARM, and might also break on Win11/adm64 when released. * fix setting MAC address on TAP adapters (--lladdr) to use sitnl (was overlooked, and still used "ifconfig" calls) * various improvements for man page building (rst2man/rst2html etc) * minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on at least one platform strictly checking this) * fix minor memory leak under certain conditions in add_route() and add_route_ipv6() * documentation improvements * copyright updates where needed * better error reporting when win32 console access fails
Reinhard Max (rmax)
committed
(revision 167)
Displaying revisions 21 - 40 of 206