Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openvpn

Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 911848 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 94) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 899936 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 93) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 898085 from Reinhard Max's avatar Reinhard Max (rmax) (revision 92) 
- update to 2.4.11 (bsc#1185279):
  * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
  * This bug allows - under very specific circumstances - to trick a server using
    delayed authentication (plugin or management) into returning a PUSH_REPLY
    before the AUTH_FAILED message, which can possibly be used to gather
    information about a VPN setup.
  * In combination with "--auth-gen-token" or an user-specific token auth
    solution it can be possible to get access to a VPN with an
    otherwise-invalid account.
  * Fix potential NULL ptr crash if compiled with DMALLOC
- drop sysv5 init support, it hasn't build successfully in ages
  and is build-disabled in devel project
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 720978 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 83) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 601900 from Reinhard Max's avatar Reinhard Max (rmax) (revision 81) 
- Update to 2.4.6:
  * CVE-2018-9336, bsc#1090839: Fix potential double-free() in
    Interactive Service
  * Delete the IPv6 route to the "connected" network on tun close
  * Management: warn about password only when the option is in use
  * Avoid overflow in wakeup time computation

- Remove --askpass again, because it was also asking for a password
  when none was needed. As a workaround for keys that need a
  password, the "askpass" statement should be added to the config
  file (bsc#1078026).
- Use Type=notify in openvpn.service to reflect what openvpn is
  actually doing.
- Import the new signing key from upstream.
- Remove obsolete configure switch --enable-password-save .

- Update to 2.4.5
  * New features
    + The new option --tls-cert-profile can be used to restrict the
      set of allowed crypto algorithms in TLS certificates in mbed
      TLS builds. The default profile is 'legacy' for now, which
      allows SHA1+, RSA-1024+ and any elliptic curve certificates.
      The default will be changed to the 'preferred' profile in the
      future, which requires SHA2+, RSA-2048+ and any curve.
    + openvpnserv: Add support for multi-instances (to support
      multiple parallel OpenVPN installations, like EduVPN and
      regular OpenVPN)
    + Use P_DATA_V2 for server->client packets too (better packet
      alignment)
    + improve management interface documentation
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 578447 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 80) 
Automatic submission by obs-autosubmit
Displaying revisions 21 - 40 of 115
openSUSE Build Service is sponsored by
Places