Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openvpn

Reinhard Max's avatar Reinhard Max (rmax) accepted request 764916 from Bjørn Lie's avatar Bjørn Lie (iznogood) (revision 146) 
Include SR#758278 also
- Update to version 2.4.8:
  * mbedtls: fix segfault by calling mbedtls_cipher_free() in
    cipher_ctx_free()
  * cleanup: Remove RPM openvpn.spec build approach
  * docs: Update INSTALL
  * build: Package missing mock_msg.h
  * Increase listen() backlog queue to 32
  * Force combinationation of --socks-proxy and --proto UDP to use
    IPv4.
  * Wrong FILETYPE in .rc files
  * Do not set pkcs11-helper 'safe fork mode'
  * tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.
  * Fix various compiler warnings
  * Fix regression, reinstate LibreSSL support.
  * man: correct the description of --capath and --crl-verify
    regarding CRLs
  * Fix typo in NTLM proxy debug message
  * Ignore --pull-filter for --mode server
  * openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
  * Better error message when script fails due to script-security
    setting
  * Correct the return value of cryptoapi RSA signature callbacks
  * Handle PSS padding in cryptoapicert
  * cmocka: use relative paths
  * Fix documentation of tls-verify script argument
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
  Allow OBS to shortcut through the -mini flavors.
buildservice-autocommit accepted request 741878 from Reinhard Max's avatar Reinhard Max (rmax) (revision 145) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) accepted request 731645 from Michal Hrusecky (old before rename to _miska_)'s avatar Michal Hrusecky (old before rename to _miska_) (-miska-) (revision 144) 
Add p11kit build time dependency for pkcs providers autodetection

Not necessary during runtime, if not available falls back into previous
behaviour where you have to specidy provider manually.
buildservice-autocommit accepted request 720978 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 143) 
baserev update by copy to link target
buildservice-autocommit accepted request 717528 from Reinhard Max's avatar Reinhard Max (rmax) (revision 142) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 141) 
- Clarify in the service file that the reload action doesn't work
  when dropping root privileges (boo#1142830).
Reinhard Max's avatar Reinhard Max (rmax) accepted request 713197 from Michael Ströder's avatar Michael Ströder (stroeder) (revision 140) 
Updated openvpn.keyring
Reinhard Max's avatar Reinhard Max (rmax) accepted request 678070 from Franck Bui's avatar Franck Bui (fbui) (revision 139) 
- Drop use of $FIRST_ARG in openvpn.spec
  The use of $FIRST_ARG was probably required because of the
  %service_* rpm macros were playing tricks with the shell positional
  parameters. This is bad practice and error prones so let's assume
  that no macros should do that anymore and hence it's safe to assume
  that positional parameters remains unchanged after any rpm macro
  call.
Reinhard Max's avatar Reinhard Max (rmax) accepted request 677833 from Michael Ströder's avatar Michael Ströder (stroeder) (revision 138) 
Update to 2.4.7
buildservice-autocommit accepted request 601900 from Reinhard Max's avatar Reinhard Max (rmax) (revision 137) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 136) 
- Update to 2.4.6:
  * CVE-2018-9336, bsc#1090839: Fix potential double-free() in
    Interactive Service
  * Delete the IPv6 route to the "connected" network on tun close
  * Management: warn about password only when the option is in use
  * Avoid overflow in wakeup time computation
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 135) 
Remove accidentally added openvpn-2.4.4.tar.gz
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 134) 
- Remove --askpass again, because it was also asking for a password
  when none was needed. As a workaround for keys that need a
  password, the "askpass" statement should be added to the config
  file (bsc#1078026).
- Use Type=notify in openvpn.service to reflect what openvpn is
  actually doing.
- Import the new signing key from upstream.
- Remove obsolete configure switch --enable-password-save .
Reinhard Max's avatar Reinhard Max (rmax) accepted request 586118 from Avindra Goolcharan's avatar Avindra Goolcharan (avindra) (revision 133) 
- Update to 2.4.5
  * New features
    + The new option --tls-cert-profile can be used to restrict the
      set of allowed crypto algorithms in TLS certificates in mbed
      TLS builds. The default profile is 'legacy' for now, which
      allows SHA1+, RSA-1024+ and any elliptic curve certificates.
      The default will be changed to the 'preferred' profile in the
      future, which requires SHA2+, RSA-2048+ and any curve.
    + openvpnserv: Add support for multi-instances (to support
      multiple parallel OpenVPN installations, like EduVPN and
      regular OpenVPN)
    + Use P_DATA_V2 for server->client packets too (better packet
      alignment)
    + improve management interface documentation
    + rework registry key handling for OpenVPN service, notably
      making most registry values optional, falling back to
      reasonable defaults
    + accept IPv6 address for pushed "dhcp-option DNS ..." (make
      OpenVPN 2 option compatible with OpenVPN 3 iOS and Android
      clients)
  * Bug fixes
    + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
    + Fix lots of compiler warnings (format string, type casts, ...)
    + reload HTTP proxy credentials when moving to the next
      connection profile
    + Fix build with LibreSSL (multiple times)
    + Remove non-useful warning on pushed tun-ipv6 option.
    + autoconf: Fix engine checks for openssl 1.1
    + lz4: Rebase compat-lz4 against upstream v1.7.5
    + lz4: Fix broken builds when pkg-config is not present but
      system library is
    + Fix '--bind ipv6only'
    + Allow learning iroutes with network made up of all 0s
- Includes 2.4.4
  * Bug fixes
    + Fix issues when a pushed cipher via the Negotiable Crypto
      Parameters (NCP) is rejected by the remote side
    + Ignore --keysize when NCP have resulted in a changed cipher
    + Configurations using --auth-nocache and the management
      interface to provide user credentials (like NetworkManager)
      on client side with servers implementing authentication
      tokens (for example, using --auth-gen-token) will now behave
      correctly and not query the user for an, to them, unknown
      authentication token on renegotiations of the tunnel.
    + Invalid or corrupt SOCKS port number when changing the proxy
      via the management interface.
    + man page should now have proper escaping of hyphen/minus
      characters and other minor corrections.
  * User-visible Changes
    + Linux servers with systemd which use the openvpn-server@.service
      unit file for server configurations will now utilize the
      automatic restart feature in systemd. If the OpenVPN server
      process dies unexpectedly, systemd will ensure the OpenVPN
      configuration will be restarted automatically.
  * Deprecated
    + --no-replay (will be removed in 2.5)
    + --keysize (will be removed in 2.6)
  * Security
    + CVE-2017-12166: Fix bounds check for configurations using
      --key-method 1. Before this fix, attackers could send a
      malformed packet to trigger a stack overflow. This is
      considered to be a low risk issue, as --key-method 2 has
      been the default since 2.0 (released on 2005-04-17). This
      option is already deprecated in v2.4 and will be completely
      removed in v2.5.
- Rebase openvpn-fips140-2.3.2.patch
- Drop 0002-Fix-bounds-check-in-read_key.patch
  * upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255
- Partial cleanup with spec-cleaner
buildservice-autocommit accepted request 578447 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 132) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 131) 
- Add --askpass to ExecStart, so that the user name and password
  are correctly being queried from the user.
  (bsc#1078026, boo#985798, boo#1031748)
- Use %service_add/del macros throughout (bsc#1038406).
buildservice-autocommit accepted request 545137 from Nirmoy Das's avatar Nirmoy Das (ndas) (revision 130) 
baserev update by copy to link target
Nirmoy Das's avatar Nirmoy Das (ndas) accepted request 544813 from Richard Brown's avatar Richard Brown (RBrownSUSE) (revision 129) 
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
buildservice-autocommit accepted request 533032 from Nirmoy Das's avatar Nirmoy Das (ndas) (revision 128) 
baserev update by copy to link target
Nirmoy Das's avatar Nirmoy Das (ndas) accepted request 533031 from Nirmoy Das's avatar Nirmoy Das (ndas) (revision 127) 
- Do bound check in read_key before using values(CVE-2017-12166 bsc#1060877).
  [+ 0002-Fix-bounds-check-in-read_key.patch]
Displaying revisions 61 - 80 of 206
openSUSE Build Service is sponsored by
Places