commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2020-09-23 18:37:47
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new.4249 (New)
Package is "openvpn"
Wed Sep 23 18:37:47 2020 rev:89 rq:834319 version:2.4.9
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2020-09-03
01:13:17.376451479 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new.4249/openvpn.changes
2020-09-23 18:38:27.605215278 +0200
@@ -1,0 +2,19 @@
+Fri Sep 11 11:52:54 UTC 2020 - Dirk Mueller
+
+- update to 2.4.9 (CVE-2020-11810, bsc#1169925O):
+ * Allow unicode search string in --cryptoapicert option (Windows)
+ * Skip expired certificates in Windows certificate store (Windows) (trac
#966)
+ * OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623)
+ * fix condition where a client's session could "float" to a new IP address
that is not authorized ("fix illegal client float").
+ This can be used to disrupt service to a freshly connected client (no session
+ keys negotiated yet). It can not be used to inject or steal VPN traffic.
+ CVE-2020-11810).
+ * fix combination of async push (deferred auth) and NCP (trac #1259)
+ * Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228)
+ * Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
+ * mbedTLS: Make sure TLS session survives move (trac #880)
+ * Fix OpenSSL private key passphrase notices
+ * Fix building with --enable-async-push in FreeBSD (trac #1256)
+ * Fix broken fragmentation logic when using NCP (trac #1140)
+
+---
Old:
openvpn-2.4.8.tar.xz
openvpn-2.4.8.tar.xz.asc
New:
openvpn-2.4.9.tar.xz
openvpn-2.4.9.tar.xz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.PFTb7F/_old 2020-09-23 18:38:32.077219174 +0200
+++ /var/tmp/diff_new_pack.PFTb7F/_new 2020-09-23 18:38:32.077219174 +0200
@@ -29,7 +29,7 @@
%define _rundir %{_localstatedir}/run
%endif
Name: openvpn
-Version:2.4.8
+Version:2.4.9
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only
++ openvpn-2.4.8.tar.xz -> openvpn-2.4.9.tar.xz ++
4805 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/openvpn-2.4.8/ChangeLog new/openvpn-2.4.9/ChangeLog
--- old/openvpn-2.4.8/ChangeLog 2019-10-30 13:37:55.0 +0100
+++ new/openvpn-2.4.9/ChangeLog 2020-04-16 15:26:45.0 +0200
@@ -1,6 +1,43 @@
OpenVPN Change Log
Copyright (C) 2002-2018 OpenVPN Inc
+2020.04.16 -- Version 2.4.9
+Antonio Quartulli (1):
+ socks: use the right function when printing struct openvpn_sockaddr
+
+Arne Schwabe (3):
+ Fetch OpenSSL versions via source/old links
+ Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
+ Fix OpenSSL 1.1.1 not using auto elliptic curve selection
+
+Lev Stipakov (4):
+ Fix broken fragmentation logic when using NCP
+ Fix building with --enable-async-push in FreeBSD
+ Fix broken async push with NCP is used
+ Fix illegal client float (CVE-2020-11810)
+
+Maxim Plotnikov (1):
+ OpenSSL: Fix --crl-verify not loading multiple CRLs in one file
+
+Santtu Lakkala (1):
+ Fix OpenSSL private key passphrase notices
+
+Selva Nair (7):
+ Swap the order of checks for validating interactive service user
+ Move querying username/password from management interface to a function
+ When auth-user-pass file has no password query the management interface
(if available).
+ Fix possibly uninitialized return value in GetOpenvpnSettings()
+ Fix possible access of uninitialized pipe handles
+ Skip expired certificates in Windows certificate store
+ Allow unicode search string in --cryptoapicert option
+
+Tom van Leeuwen (1):
+ mbedTLS: Make sure TLS session survives move
+
+WGH (1):
+ docs: Add reference to X509_LOOKUP_hash_dir(3)
+
+
2019.10.30 -- Version 2.4.8
Antonio Quartulli (1):
mbedtls: fix segfault by calling mbedtls_cipher_free() in
cipher_ctx_free()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2020-09-03 01:12:56
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new.3399 (New)
Package is "openvpn"
Thu Sep 3 01:12:56 2020 rev:88 rq:830245 version:2.4.8
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2020-03-11
18:45:18.495375851 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new.3399/openvpn.changes
2020-09-03 01:13:17.376451479 +0200
@@ -1,0 +2,18 @@
+Wed Aug 26 17:12:44 UTC 2020 - Franck Bui
+
+- Modernize openvpn.service
+ * /var/run has been obsoleted since a long time.
+ * on reload, send HUP signal directly rather than relying on
+killproc to look for the main process.
+
+---
+Wed Aug 26 17:00:43 UTC 2020 - Franck Bui
+
+- Explicitly requires sysvinit-tools as some of the tools shipped by
+ this package are used in various places regardless of whether
+ openvpn is built for systemd or non systemd systems.
+
+ For the context: sysvinit-tools was pulled in by systemd since 2014
+ but it's no longer the case so better to be safe than sorry.
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.A3YPjT/_old 2020-09-03 01:13:19.864452394 +0200
+++ /var/tmp/diff_new_pack.A3YPjT/_new 2020-09-03 01:13:19.868452395 +0200
@@ -62,6 +62,7 @@
BuildRequires: xz
Requires: iproute2
Requires: pkcs11-helper >= 1.11
+Requires: sysvinit-tools
%if %{with_systemd}
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(systemd)
++ openvpn.service ++
--- /var/tmp/diff_new_pack.A3YPjT/_old 2020-09-03 01:13:19.984452438 +0200
+++ /var/tmp/diff_new_pack.A3YPjT/_new 2020-09-03 01:13:19.984452438 +0200
@@ -6,10 +6,10 @@
[Service]
Type=notify
PrivateTmp=true
-PIDFile=/var/run/openvpn/%i.pid
-ExecStart=/usr/sbin/openvpn --daemon openvpn@%i --suppress-timestamps
--writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
+PIDFile=/run/openvpn/%i.pid
+ExecStart=/usr/sbin/openvpn --daemon openvpn@%i --suppress-timestamps
--writepid /run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
# boo#1142830: "reload" does not work if openvpn drops root privileges after
startup.
-ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn
+ExecReload=/usr/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target openvpn.target
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2020-03-11 18:43:09 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new.3160 (New) Package is "openvpn" Wed Mar 11 18:43:09 2020 rev:87 rq:782856 version:2.4.8 Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2020-02-03 11:11:44.653797196 +0100 +++ /work/SRC/openSUSE:Factory/.openvpn.new.3160/openvpn.changes 2020-03-11 18:45:18.495375851 +0100 @@ -1,0 +2,7 @@ +Wed Mar 4 07:30:38 UTC 2020 - Fabian Vogt + +- Fix inconsistency in openvpn.service: + * It uses the unescape instance name as config file basename, +so use that in the description as well + +--- Other differences: -- ++ openvpn.service ++ --- /var/tmp/diff_new_pack.HlIMFS/_old 2020-03-11 18:45:22.527378324 +0100 +++ /var/tmp/diff_new_pack.HlIMFS/_new 2020-03-11 18:45:22.551378339 +0100 @@ -1,5 +1,5 @@ [Unit] -Description=OpenVPN tunneling daemon instance using /etc/openvpn/%I.conf +Description=OpenVPN tunneling daemon instance using /etc/openvpn/%i.conf After=network.target PartOf=openvpn.target
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2020-02-03 11:11:28
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new.26092 (New)
Package is "openvpn"
Mon Feb 3 11:11:28 2020 rev:86 rq:768341 version:2.4.8
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2020-01-19
20:54:02.747943351 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new.26092/openvpn.changes
2020-02-03 11:11:44.653797196 +0100
@@ -1,0 +2,10 @@
+Fri Jan 24 11:22:01 UTC 2020 - Dominique Leuenberger
+
+- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
+ shortcut through the -mini flavors.
+- Use %systemd_ordering instead of systemd_requires: in fact,
+ systemd is not a hard requirement for openvpn. But in case a
+ system is being installed with systemd, we want systemd to be
+ there before openvpn is being installed.
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.pDGwhg/_old 2020-02-03 11:11:45.873797813 +0100
+++ /var/tmp/diff_new_pack.pDGwhg/_new 2020-02-03 11:11:45.877797815 +0100
@@ -63,17 +63,13 @@
Requires: iproute2
Requires: pkcs11-helper >= 1.11
%if %{with_systemd}
-%{?systemd_requires}
+BuildRequires: pkgconfig(libsystemd)
+BuildRequires: pkgconfig(systemd)
+%systemd_ordering
%else
PreReq: %fillup_prereq
PreReq: %insserv_prereq
%endif
-%if %{with_systemd}
-BuildRequires: systemd
-%endif
-%if %{with_systemd}
-BuildRequires: pkgconfig(libsystemd)
-%endif
%description
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2020-01-19 20:53:28
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new.26092 (New)
Package is "openvpn"
Sun Jan 19 20:53:28 2020 rev:85 rq:764977 version:2.4.8
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2019-10-25
18:40:14.703790049 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new.26092/openvpn.changes
2020-01-19 20:54:02.747943351 +0100
@@ -1,0 +2,35 @@
+Tue Jan 7 21:28:42 UTC 2020 - Bjørn Lie
+
+- Update to version 2.4.8:
+ * mbedtls: fix segfault by calling mbedtls_cipher_free() in
+cipher_ctx_free()
+ * cleanup: Remove RPM openvpn.spec build approach
+ * docs: Update INSTALL
+ * build: Package missing mock_msg.h
+ * Increase listen() backlog queue to 32
+ * Force combinationation of --socks-proxy and --proto UDP to use
+IPv4.
+ * Wrong FILETYPE in .rc files
+ * Do not set pkcs11-helper 'safe fork mode'
+ * tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.
+ * Fix various compiler warnings
+ * Fix regression, reinstate LibreSSL support.
+ * man: correct the description of --capath and --crl-verify
+regarding CRLs
+ * Fix typo in NTLM proxy debug message
+ * Ignore --pull-filter for --mode server
+ * openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
+ * Better error message when script fails due to script-security
+setting
+ * Correct the return value of cryptoapi RSA signature callbacks
+ * Handle PSS padding in cryptoapicert
+ * cmocka: use relative paths
+ * Fix documentation of tls-verify script argument
+
+---
+Thu Dec 19 15:30:15 UTC 2019 - Dominique Leuenberger
+
+- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
+ Allow OBS to shortcut through the -mini flavors.
+
+---
Old:
openvpn-2.4.7.tar.xz
openvpn-2.4.7.tar.xz.asc
New:
openvpn-2.4.8.tar.xz
openvpn-2.4.8.tar.xz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.LWbDIu/_old 2020-01-19 20:54:03.603943801 +0100
+++ /var/tmp/diff_new_pack.LWbDIu/_new 2020-01-19 20:54:03.607943804 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,12 +29,12 @@
%define _rundir %{_localstatedir}/run
%endif
Name: openvpn
-Version:2.4.7
+Version:2.4.8
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only
Group: Productivity/Networking/Security
-Url:http://openvpn.net/
+URL:http://openvpn.net/
Source:
https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz
Source1:
https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz.asc
Source2:%{name}.init
@@ -72,7 +72,7 @@
BuildRequires: systemd
%endif
%if %{with_systemd}
-BuildRequires: systemd-devel
+BuildRequires: pkgconfig(libsystemd)
%endif
%description
++ openvpn-2.4.7.tar.xz -> openvpn-2.4.8.tar.xz ++
4119 lines of diff (skipped)
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2019-10-25 18:40:12 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new.2990 (New) Package is "openvpn" Fri Oct 25 18:40:12 2019 rev:84 rq:741878 version:2.4.7 Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2019-08-15 12:24:01.546626766 +0200 +++ /work/SRC/openSUSE:Factory/.openvpn.new.2990/openvpn.changes 2019-10-25 18:40:14.703790049 +0200 @@ -1,0 +2,5 @@ +Wed Sep 18 06:52:56 UTC 2019 - Michal Hrusecky + +- Add p11kit build time dependency for pkcs providers autodetection + +--- Other differences: -- ++ openvpn.spec ++ --- /var/tmp/diff_new_pack.0ttwPr/_old 2019-10-25 18:40:15.555790851 +0200 +++ /var/tmp/diff_new_pack.0ttwPr/_new 2019-10-25 18:40:15.563790858 +0200 @@ -56,6 +56,7 @@ BuildRequires: libselinux-devel BuildRequires: lzo-devel BuildRequires: openssl-devel +BuildRequires: p11-kit-devel BuildRequires: pam-devel BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: xz
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2019-08-15 12:24:00 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new.9556 (New) Package is "openvpn" Thu Aug 15 12:24:00 2019 rev:83 rq:720978 version:2.4.7 Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2019-07-29 17:23:12.910372756 +0200 +++ /work/SRC/openSUSE:Factory/.openvpn.new.9556/openvpn.changes 2019-08-15 12:24:01.546626766 +0200 @@ -1,0 +2,6 @@ +Mon Jul 29 07:43:00 UTC 2019 - Reinhard Max + +- Clarify in the service file that the reload action doesn't work + when dropping root privileges (boo#1142830). + +--- Other differences: -- ++ openvpn.service ++ --- /var/tmp/diff_new_pack.JxSH3o/_old 2019-08-15 12:24:02.570626511 +0200 +++ /var/tmp/diff_new_pack.JxSH3o/_new 2019-08-15 12:24:02.570626511 +0200 @@ -8,6 +8,7 @@ PrivateTmp=true PIDFile=/var/run/openvpn/%i.pid ExecStart=/usr/sbin/openvpn --daemon openvpn@%i --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf +# boo#1142830: "reload" does not work if openvpn drops root privileges after startup. ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn [Install]
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2019-07-29 17:23:11 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new.4126 (New) Package is "openvpn" Mon Jul 29 17:23:11 2019 rev:82 rq:717528 version:2.4.7 Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2018-04-30 22:56:46.345203820 +0200 +++ /work/SRC/openSUSE:Factory/.openvpn.new.4126/openvpn.changes 2019-07-29 17:23:12.910372756 +0200 @@ -1,0 +2,80 @@ +Tue Jun 25 19:15:00 UTC 2019 - Michael Ströder + +- Updated openvpn.keyring with public key downloaded from + https://swupdate.openvpn.net/community/keys/security-key-2019.asc + +--- +Thu Feb 21 18:26:42 UTC 2019 - Franck Bui + +- Drop use of $FIRST_ARG in openvpn.spec + + The use of $FIRST_ARG was probably required because of the + %service_* rpm macros were playing tricks with the shell positional + parameters. This is bad practice and error prones so let's assume + that no macros should do that anymore and hence it's safe to assume + that positional parameters remains unchanged after any rpm macro + call. + +--- +Wed Feb 20 21:22:25 UTC 2019 - Michael Ströder + +- Update to 2.4.7: + Adam Ciarcin?ski (1): +* Fix subnet topology on NetBSD (2.4). + Antonio Quartulli (3): +* add support for %lu in argv_printf and prevent ASSERT +* buffer_list: add functions documentation +* ifconfig-ipv6(-push): allow using hostnames + Arne Schwabe (7): +* Properly free tuntap struct on android when emulating persist-tun +* Add OpenSSL compat definition for RSA_meth_set_sign +* Add support for tls-ciphersuites for TLS 1.3 +* Add better support for showing TLS 1.3 ciphersuites in --show-tls +* Use right function to set TLS1.3 restrictions in show-tls +* Add message explaining early TLS client hello failure +* Fallback to password authentication when auth-token fails + Christian Ehrhardt (1): +* systemd: extend CapabilityBoundingSet for auth_pam + David Sommerseth (1): +* plugin: Export base64 encode and decode functions + Gert Doering (3): +* Add %d, %u and %lu tests to test_argv unit tests. +* Fix combination of --dev tap and --topology subnet across multiple platforms. +* Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6. + Gert van Dijk (1): +* Minor reliability layer documentation fixes + James Bekkema (1): +* Resolves small IV_GUI_VER typo in the documentation. + Jonathan K. Bullard (1): +* Clarify and expand management interface documentation + Lev Stipakov (5): +* Refactor NCP-negotiable options handling +* init.c: refine functions names and description +* interactive.c: fix usage of potentially uninitialized variable +* options.c: fix broken unary minus usage +* Remove extra token after #endif + Richard van den Berg via Openvpn-devel (1): +* Fix error message when using RHEL init script + Samy Mahmoudi (1): +* man: correct a --redirection-gateway option flag + Selva Nair (7): +* Replace M_DEBUG with D_LOW as the former is too verbose +* Correct the declaration of handle in 'struct openvpn_plugin_args_open_return' +* Bump version of openvpn plugin argument structs to 5 +* Move get system directory to a separate function +* Enable dhcp on tap adapter using interactive service +* Pass the hash without the DigestInfo header to NCryptSignHash() +* White-list pull-filter and script-security in interactive service + Simon Rozman (2): +* Add Interactive Service developer documentation +* Detect TAP interfaces with root-enumerated hardware ID + Steffan Karger (7): +* man: add security considerations to --compress section +* mbedtls: print warning if random personalisation fails +* Fix memory leak after sighup +* travis: add OpenSSL 1.1 Windows build +* Fix --disable-crypto build +* Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' +* buffer_list_aggregate_separator(): simplify code + +--- Old: openvpn-2.4.6.tar.xz openvpn-2.4.6.tar.xz.asc New: openvpn-2.4.7.tar.xz openvpn-2.4.7.tar.xz.asc Other differences: -- ++ openvpn.spec ++ --- /var/tmp/diff_new_pack.4lE9MG/_old 2019-07-29 17:23:13.710372460 +0200 +++ /var/tmp/diff_new_pack.4lE9MG/_new 2019-07-29 17:23:13.710372460 +0200 @@ -1,7 +1,7 @@ # # spec file for package openvpn # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +#
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2018-04-30 22:54:10 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) Package is "openvpn" Mon Apr 30 22:54:10 2018 rev:81 rq:601900 version:2.4.6 Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2018-02-21 14:12:40.839576730 +0100 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2018-04-30 22:56:46.345203820 +0200 @@ -1,0 +2,95 @@ +Fri Apr 27 12:25:19 UTC 2018 - m...@suse.com + +- Update to 2.4.6: + * CVE-2018-9336, bsc#1090839: Fix potential double-free() in +Interactive Service + * Delete the IPv6 route to the "connected" network on tun close + * Management: warn about password only when the option is in use + * Avoid overflow in wakeup time computation + +--- +Tue Apr 10 14:29:18 UTC 2018 - m...@suse.com + +- Remove --askpass again, because it was also asking for a password + when none was needed. As a workaround for keys that need a + password, the "askpass" statement should be added to the config + file (bsc#1078026). +- Use Type=notify in openvpn.service to reflect what openvpn is + actually doing. +- Import the new signing key from upstream. +- Remove obsolete configure switch --enable-password-save . + +--- +Tue Mar 13 01:32:52 UTC 2018 - avin...@opensuse.org + +- Update to 2.4.5 + * New features ++ The new option --tls-cert-profile can be used to restrict the + set of allowed crypto algorithms in TLS certificates in mbed + TLS builds. The default profile is 'legacy' for now, which + allows SHA1+, RSA-1024+ and any elliptic curve certificates. + The default will be changed to the 'preferred' profile in the + future, which requires SHA2+, RSA-2048+ and any curve. ++ openvpnserv: Add support for multi-instances (to support + multiple parallel OpenVPN installations, like EduVPN and + regular OpenVPN) ++ Use P_DATA_V2 for server->client packets too (better packet + alignment) ++ improve management interface documentation ++ rework registry key handling for OpenVPN service, notably + making most registry values optional, falling back to + reasonable defaults ++ accept IPv6 address for pushed "dhcp-option DNS ..." (make + OpenVPN 2 option compatible with OpenVPN 3 iOS and Android + clients) + * Bug fixes ++ Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ ++ Fix lots of compiler warnings (format string, type casts, ...) ++ reload HTTP proxy credentials when moving to the next + connection profile ++ Fix build with LibreSSL (multiple times) ++ Remove non-useful warning on pushed tun-ipv6 option. ++ autoconf: Fix engine checks for openssl 1.1 ++ lz4: Rebase compat-lz4 against upstream v1.7.5 ++ lz4: Fix broken builds when pkg-config is not present but + system library is ++ Fix '--bind ipv6only' ++ Allow learning iroutes with network made up of all 0s +- Includes 2.4.4 + * Bug fixes ++ Fix issues when a pushed cipher via the Negotiable Crypto + Parameters (NCP) is rejected by the remote side ++ Ignore --keysize when NCP have resulted in a changed cipher ++ Configurations using --auth-nocache and the management + interface to provide user credentials (like NetworkManager) + on client side with servers implementing authentication + tokens (for example, using --auth-gen-token) will now behave + correctly and not query the user for an, to them, unknown + authentication token on renegotiations of the tunnel. ++ Invalid or corrupt SOCKS port number when changing the proxy + via the management interface. ++ man page should now have proper escaping of hyphen/minus + characters and other minor corrections. + * User-visible Changes ++ Linux servers with systemd which use the openvpn-server@.service + unit file for server configurations will now utilize the + automatic restart feature in systemd. If the OpenVPN server + process dies unexpectedly, systemd will ensure the OpenVPN + configuration will be restarted automatically. + * Deprecated ++ --no-replay (will be removed in 2.5) ++ --keysize (will be removed in 2.6) + * Security ++ CVE-2017-12166: Fix bounds check for configurations using + --key-method 1. Before this fix, attackers could send a + malformed packet to trigger a stack overflow. This is + considered to be a low risk issue, as --key-method 2 has + been the default since 2.0 (released on 2005-04-17). This + option is already deprecated in v2.4 and
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2018-02-21 14:12:37
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Wed Feb 21 14:12:37 2018 rev:80 rq:578447 version:2.4.3
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-11-25
08:43:58.399384512 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2018-02-21
14:12:40.839576730 +0100
@@ -1,0 +2,8 @@
+Tue Feb 13 17:49:09 UTC 2018 - m...@suse.com
+
+- Add --askpass to ExecStart, so that the user name and password
+ are correctly being queried from the user.
+ (bsc#1078026, boo#985798, boo#1031748)
+- Use %service_add/del macros throughout (bsc#1038406).
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.bTcJIS/_old 2018-02-21 14:12:43.519480221 +0100
+++ /var/tmp/diff_new_pack.bTcJIS/_new 2018-02-21 14:12:43.523480077 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -211,6 +211,9 @@
rm -rf %{buildroot}%{_datadir}/doc/{OpenVPN,%{name}}
find sample -name .gitignore | xargs rm -f
+%pre
+%service_add_pre %{name}.target
+
%post
%if %{with_systemd}
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||:
@@ -262,7 +265,7 @@
%postun
%if %{with_systemd}
-/bin/systemctl --system daemon-reload &>/dev/null || :
+%service_del_postun %{name}.target
%else
%{?insserv_cleanup:%insserv_cleanup}
%endif
++ openvpn.service ++
--- /var/tmp/diff_new_pack.bTcJIS/_old 2018-02-21 14:12:43.667474891 +0100
+++ /var/tmp/diff_new_pack.bTcJIS/_new 2018-02-21 14:12:43.667474891 +0100
@@ -7,7 +7,7 @@
Type=forking
PrivateTmp=true
PIDFile=/var/run/openvpn/%i.pid
-ExecStart=/usr/sbin/openvpn --daemon --suppress-timestamps --writepid
/var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
+ExecStart=/usr/sbin/openvpn --daemon --askpass --suppress-timestamps
--writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn
[Install]
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2017-11-25 08:43:50
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Sat Nov 25 08:43:50 2017 rev:79 rq:545137 version:2.4.3
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-10-11
23:02:07.986852519 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-11-25
08:43:58.399384512 +0100
@@ -1,0 +2,6 @@
+Thu Nov 23 13:52:15 UTC 2017 - rbr...@suse.com
+
+- Replace references to /var/adm/fillup-templates with new
+ %_fillupdir macro (boo#1069468)
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.lj0pq9/_old 2017-11-25 08:43:59.823332631 +0100
+++ /var/tmp/diff_new_pack.lj0pq9/_new 2017-11-25 08:43:59.827332485 +0100
@@ -16,6 +16,11 @@
#
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+ %define _fillupdir /var/adm/fillup-templates
+%endif
+
%if 0%{?suse_version} > 1210
%define with_systemd 1
%else
@@ -194,9 +199,9 @@
install -D -m 755 $RPM_SOURCE_DIR/openvpn.init
%{buildroot}/%{_sysconfdir}/init.d/openvpn
ln -sv %{_sysconfdir}/init.d/openvpn %{buildroot}/%{_sbindir}/rcopenvpn
# the /etc/sysconfig/openvpn template only with sysvinit, no needed with
systemd
-install -d -m0755 %{buildroot}%{_localstatedir}/adm/fillup-templates
+install -d -m0755 %{buildroot}%{_fillupdir}
install-m0600 $RPM_SOURCE_DIR/openvpn.sysconfig \
-
%{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.openvpn
+ %{buildroot}%{_fillupdir}/sysconfig.openvpn
%endif
cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE
install -m 755 $RPM_SOURCE_DIR/client-netconfig.up
sample/sample-scripts/client-netconfig.up
@@ -214,7 +219,7 @@
if test ${FIRST_ARG:-$1} -ge 1 -a \
-x /bin/systemctl -a \
-f %{_sysconfdir}/sysconfig/openvpn -a \
- -f %{_localstatedir}/adm/fillup-templates/sysconfig.openvpn && \
+ -f %{_fillupdir}/sysconfig.openvpn && \
/bin/systemctl --quiet is-enabled openvpn.service &>/dev/null ;
then
. %{_sysconfdir}/sysconfig/openvpn
@@ -282,7 +287,7 @@
%dir %attr(0750,root,root) %ghost %{_rundir}/openvpn/
%else
%config %{_sysconfdir}/init.d/openvpn
-%{_localstatedir}/adm/fillup-templates/sysconfig.openvpn
+%{_fillupdir}/sysconfig.openvpn
%dir %attr(750,root,root) %{_rundir}/openvpn/
%endif
%{_sbindir}/rcopenvpn
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2017-10-11 23:02:04
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Wed Oct 11 23:02:04 2017 rev:78 rq:533032 version:2.4.3
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-10-05
12:05:47.721421506 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-10-11
23:02:07.986852519 +0200
@@ -1,0 +2,6 @@
+Tue Oct 10 14:10:30 CEST 2017 - n...@suse.de
+
+- Do bound check in read_key before using values(CVE-2017-12166 bsc#1060877).
+ [+ 0002-Fix-bounds-check-in-read_key.patch]
+
+---
New:
0002-Fix-bounds-check-in-read_key.patch
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.WdjALE/_old 2017-10-11 23:02:09.738775765 +0200
+++ /var/tmp/diff_new_pack.WdjALE/_new 2017-10-11 23:02:09.754775064 +0200
@@ -54,6 +54,7 @@
Patch7: openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch
Patch8: openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
Patch9: 0001-preform-deferred-authentication-in-the-background.patch
+Patch10:0002-Fix-bounds-check-in-read_key.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: iproute2
BuildRequires: lzo-devel
@@ -141,6 +142,7 @@
%patch7 -p1
%patch8 -p1
%patch9 -p1
+%patch10 -p1
sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
-i src/openvpn/options.c
++ 0002-Fix-bounds-check-in-read_key.patch ++
>From 3b1a61e9fb27213c46f76312f4065816bee8ed01 Mon Sep 17 00:00:00 2001
From: Steffan Karger
Date: Tue, 15 Aug 2017 10:04:33 +0200
Subject: [PATCH] Fix bounds check in read_key()
The bounds check in read_key() was performed after using the value, instead
of before. If 'key-method 1' is used, this allowed an attacker to send a
malformed packet to trigger a stack buffer overflow.
Fix this by moving the input validation to before the writes.
Note that 'key-method 1' has been replaced by 'key method 2' as the default
in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4
and marked for removal in 2.5. This should limit the amount of users
impacted by this issue.
CVE: 2017-12166
Signed-off-by: Steffan Karger
Acked-by: Gert Doering
Acked-by: David Sommerseth
Message-Id: <80690690-67ac-3320-1891-9fecedc6a...@fox-it.com>
URL:
https://www.mail-archive.com/search?l=mid=80690690-67ac-3320-1891-9fecedc6a...@fox-it.com
Signed-off-by: David Sommerseth
---
src/openvpn/crypto.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 131257e5..3f3caa1c 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1666,6 +1666,11 @@ read_key(struct key *key, const struct key_type *kt,
struct buffer *buf)
goto read_err;
}
+if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length)
+{
+goto key_len_err;
+}
+
if (!buf_read(buf, key->cipher, cipher_length))
{
goto read_err;
@@ -1675,11 +1680,6 @@ read_key(struct key *key, const struct key_type *kt,
struct buffer *buf)
goto read_err;
}
-if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length)
-{
-goto key_len_err;
-}
-
return 1;
read_err:
--
2.13.6
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2017-10-05 12:02:06
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Thu Oct 5 12:02:06 2017 rev:77 rq:531163 version:2.4.3
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-06-20
09:41:10.277504005 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-10-05
12:05:47.721421506 +0200
@@ -1,0 +2,50 @@
+Fri Aug 11 13:43:39 UTC 2017 - sebix+novell@sebix.at
+
+- Do not package empty /usr/lib64/tmpfiles.d
+
+---
+Fri Jun 23 11:47:38 CEST 2017 - n...@suse.de
+
+- Update to 2.4.3 (bsc#1045489)
+- Ignore auth-nocache for auth-user-pass if auth-token is pushed
+- crypto: Enable SHA256 fingerprint checking in --verify-hash
+- copyright: Update GPLv2 license texts
+- auth-token with auth-nocache fix broke --disable-crypto builds
+- OpenSSL: don't use direct access to the internal of X509
+- OpenSSL: don't use direct access to the internal of EVP_PKEY
+- OpenSSL: don't use direct access to the internal of RSA
+- OpenSSL: don't use direct access to the internal of DSA
+- OpenSSL: force meth->name as non-const when we free() it
+- OpenSSL: don't use direct access to the internal of EVP_MD_CTX
+- OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
+- OpenSSL: don't use direct access to the internal of HMAC_CTX
+- Fix NCP behaviour on TLS reconnect.
+- Remove erroneous limitation on max number of args for --plugin
+- Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
+- Fix potential 1-byte overread in TCP option parsing.
+- Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
+- Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
+- refactor my_strupr
+- Fix 2 memory leaks in proxy authentication routine
+- Fix memory leak in add_option() for option 'connection'
+- Ensure option array p[] is always NULL-terminated
+- Fix a null-pointer dereference in establish_http_proxy_passthru()
+- Prevent two kinds of stack buffer OOB reads and a crash for invalid
input data
+- Fix an unaligned access on OpenBSD/sparc64
+- Missing include for socket-flags TCP_NODELAY on OpenBSD
+- Make openvpn-plugin.h self-contained again.
+- Pass correct buffer size to GetModuleFileNameW()
+- Log the negotiated (NCP) cipher
+- Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
+- Skip tls-crypt unit tests if required crypto mode not supported
+- openssl: fix overflow check for long --tls-cipher option
+- Add a DSA test key/cert pair to sample-keys
+- Fix mbedtls fingerprint calculation
+- mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
+- mbedtls: require C-string compatible types for --x509-username-field
+- Fix remote-triggerable memory leaks (CVE-2017-7521)
+- Restrict --x509-alt-username extension types
+- Fix potential double-free in --x509-alt-username (CVE-2017-7521)
+- Fix gateway detection with OpenBSD routing domains
+
+---
@@ -9 +59 @@
-- Update tp 2.4.2
+- Update to 2.4.2
Old:
openvpn-2.4.2.tar.xz
openvpn-2.4.2.tar.xz.asc
New:
openvpn-2.4.3.tar.xz
openvpn-2.4.3.tar.xz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.WtTiAp/_old 2017-10-05 12:05:51.072949419 +0200
+++ /var/tmp/diff_new_pack.WtTiAp/_new 2017-10-05 12:05:51.072949419 +0200
@@ -32,7 +32,7 @@
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.4.2
+Version:2.4.3
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@@ -273,7 +273,7 @@
%doc %{_mandir}/man8/openvpn.8.gz
%config(noreplace) %{_sysconfdir}/openvpn/
%if %{with_systemd}
-%dir %{_libdir}/tmpfiles.d
+%dir %{_tmpfilesdir}
%{_unitdir}/%{name}@.service
%{_unitdir}/%{name}.target
%{_tmpfilesdir}/%{name}.conf
++ openvpn-2.3.x-fixed-multiple-low-severity-issues.patch ++
--- /var/tmp/diff_new_pack.WtTiAp/_old 2017-10-05 12:05:51.128941532 +0200
+++ /var/tmp/diff_new_pack.WtTiAp/_new 2017-10-05 12:05:51.128941532 +0200
@@ -1,8 +1,8 @@
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
-index 09659aa..b35d884 100644
+index ff0f9a7..fb27b36 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
-@@ -119,7 +119,7 @@ openvpn_encrypt_aead(struct buffer
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2017-06-20 09:41:09
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Tue Jun 20 09:41:09 2017 rev:76 rq:504783 version:2.4.2
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-06-12
15:30:42.230982401 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-06-20
09:41:10.277504005 +0200
@@ -1,0 +2,5 @@
+Wed Jun 14 12:05:14 CEST 2017 - n...@suse.de
+
+- use %{_tmpfilesdir} for tmpfiles.d/openvpn.conf (bsc#1044223)
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.arGeIw/_old 2017-06-20 09:41:11.105387278 +0200
+++ /var/tmp/diff_new_pack.arGeIw/_new 2017-06-20 09:41:11.105387278 +0200
@@ -180,12 +180,14 @@
%if %{with_systemd}
rm %{buildroot}%{_libdir}/systemd/system/openvpn-client@.service
rm %{buildroot}%{_libdir}/systemd/system/openvpn-server@.service
+#use one proveded by suse
+rm %{buildroot}%{_libdir}/tmpfiles.d/openvpn.conf
install -D -m 644 %{name}.service %{buildroot}/%{_unitdir}/%{name}@.service
install -D -m 644 $RPM_SOURCE_DIR/%{name}.target
%{buildroot}/%{_unitdir}/%{name}.target
install -D -m 755 $RPM_SOURCE_DIR/rc%{name} %{buildroot}%{_sbindir}/rc%{name}
# tmpfiles.d
-mkdir -p %{buildroot}%{_libdir}/tmpfiles.d
-install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf
%{buildroot}%{_libdir}/tmpfiles.d/%{name}.conf
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf
%{buildroot}%{_tmpfilesdir}/%{name}.conf
%else
install -D -m 755 $RPM_SOURCE_DIR/openvpn.init
%{buildroot}/%{_sysconfdir}/init.d/openvpn
ln -sv %{_sysconfdir}/init.d/openvpn %{buildroot}/%{_sbindir}/rcopenvpn
@@ -204,7 +206,7 @@
%post
%if %{with_systemd}
-systemd-tmpfiles --create %{_libdir}/tmpfiles.d/%{name}.conf ||:
+systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||:
%service_add_post %{name}.target
# try to migrate openvpn.service autostart to openvpn@.service
if test ${FIRST_ARG:-$1} -ge 1 -a \
@@ -274,7 +276,7 @@
%dir %{_libdir}/tmpfiles.d
%{_unitdir}/%{name}@.service
%{_unitdir}/%{name}.target
-%{_libdir}/tmpfiles.d/%{name}.conf
+%{_tmpfilesdir}/%{name}.conf
%dir %attr(0750,root,root) %ghost %{_rundir}/openvpn/
%else
%config %{_sysconfdir}/init.d/openvpn
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2017-06-12 15:30:13
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Mon Jun 12 15:30:13 2017 rev:75 rq:501452 version:2.4.2
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-05-08
19:03:00.964127085 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-06-12
15:30:42.230982401 +0200
@@ -1,0 +2,20 @@
+Tue Jun 6 14:59:29 CEST 2017 - n...@suse.de
+
+- Update tp 2.4.2
+- auth-token: Ensure tokens are always wiped on de-auth
+- Make --cipher/--auth none more explicit on the risks
+- Use SHA256 for the internal digest, instead of MD5
+- Deprecate --ns-cert-type
+- Deprecate --no-iv
+- Support --block-outside-dns on multiple tunnels
+- Limit --reneg-bytes to 64MB when using small block ciphers
+- Fix --tls-version-max in mbed TLS builds
+ Details changelogs are avilable in
+ https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
+ [*0001-preform-deferred-authentication-in-the-background.patch
+ *openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
+ *openvpn-fips140-2.3.2.patch]
+- pkcs11-helper-devel >= 1.11 is needed for openvpn-2.4.2
+- cleanup the spec file
+
+---
Old:
openvpn-2.3.14.tar.xz
openvpn-2.3.14.tar.xz.asc
New:
openvpn-2.4.2.tar.xz
openvpn-2.4.2.tar.xz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.QHVtIS/_old 2017-06-12 15:30:47.802196665 +0200
+++ /var/tmp/diff_new_pack.QHVtIS/_new 2017-06-12 15:30:47.806196101 +0200
@@ -32,7 +32,7 @@
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.3.14
+Version:2.4.2
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@@ -63,8 +63,8 @@
BuildRequires: systemd
%endif
BuildRequires: libselinux-devel
-BuildRequires: pkcs11-helper-devel
-Requires: pkcs11-helper
+BuildRequires: pkcs11-helper-devel >= 1.11
+Requires: pkcs11-helper >= 1.11
%if %{with_systemd}
BuildRequires: systemd-devel
%endif
@@ -147,14 +147,14 @@
sed -e "s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g" \
-e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \
-i doc/openvpn.8
-sed -e "s|/var/run|%{_rundir}|g" < \
+sed -e "s|%{_localstatedir}/run|%{_rundir}|g" < \
$RPM_SOURCE_DIR/%{name}.service > %{name}.service
# %%doc items shouldn't be executable.
find contrib sample -type f -exec chmod a-x \{\} \;
%build
-export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -W -Wall
-fno-strict-aliasing"
+export CFLAGS="%{optflags} $(getconf LFS_CFLAGS) -W -Wall -fno-strict-aliasing"
export LDFLAGS
%configure \
--enable-iproute2 \
@@ -169,52 +169,54 @@
--enable-plugin-auth-pam\
CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS" \
LDFLAGS="$LDFLAGS -pie -lpam -rdynamic
-Wl,-rpath,%{_libdir}/%{name}/plugins"
-make
+make %{_smp_mflags}
%install
make DESTDIR=$RPM_BUILD_ROOT install
-find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn
-mkdir -p $RPM_BUILD_ROOT/%{_rundir}/openvpn
-mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn
+find %{buildroot} -type f -name "*.la" -delete -print
+mkdir -p %{buildroot}/%{_sysconfdir}/openvpn
+mkdir -p %{buildroot}/%{_rundir}/openvpn
+mkdir -p %{buildroot}/%{_datadir}/openvpn
%if %{with_systemd}
+rm %{buildroot}%{_libdir}/systemd/system/openvpn-client@.service
+rm %{buildroot}%{_libdir}/systemd/system/openvpn-server@.service
install -D -m 644 %{name}.service %{buildroot}/%{_unitdir}/%{name}@.service
install -D -m 644 $RPM_SOURCE_DIR/%{name}.target
%{buildroot}/%{_unitdir}/%{name}.target
install -D -m 755 $RPM_SOURCE_DIR/rc%{name} %{buildroot}%{_sbindir}/rc%{name}
# tmpfiles.d
-mkdir -p %{buildroot}%{_libexecdir}/tmpfiles.d
-install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf
%{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
+mkdir -p %{buildroot}%{_libdir}/tmpfiles.d
+install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf
%{buildroot}%{_libdir}/tmpfiles.d/%{name}.conf
%else
-install -D -m 755 $RPM_SOURCE_DIR/openvpn.init
$RPM_BUILD_ROOT/%{_sysconfdir}/init.d/openvpn
-ln -sv %{_sysconfdir}/init.d/openvpn $RPM_BUILD_ROOT/%{_sbindir}/rcopenvpn
+install -D -m 755 $RPM_SOURCE_DIR/openvpn.init
%{buildroot}/%{_sysconfdir}/init.d/openvpn
+ln -sv %{_sysconfdir}/init.d/openvpn %{buildroot}/%{_sbindir}/rcopenvpn
# the /etc/sysconfig/openvpn template
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2017-05-08 19:02:41
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Mon May 8 19:02:41 2017 rev:74 rq:492826 version:2.3.14
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-01-25
23:33:51.207649062 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-05-08
19:03:00.964127085 +0200
@@ -1,0 +2,13 @@
+Fri Apr 21 14:55:09 CEST 2017 - n...@suse.de
+
+- Preform deferred authentication in the background to not
+ cause main daemon processing delays when the underlying pam mechanism (e.g.
+ ldap) needs longer to response (bsc#959511).
+ [+ 0001-preform-deferred-authentication-in-the-background.patch]
+- Added fix for possible heap overflow on read accessing getaddrinfo
+ result (bsc#959714).
+ [+openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch]
+- Added a patch to fix multiple low severity issues (bsc#934237).
+ [+openvpn-2.3.x-fixed-multiple-low-severity-issues.patch]
+
+---
New:
0001-preform-deferred-authentication-in-the-background.patch
openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch
openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.56XWf9/_old 2017-05-08 19:03:01.879997703 +0200
+++ /var/tmp/diff_new_pack.56XWf9/_new 2017-05-08 19:03:01.883997138 +0200
@@ -51,6 +51,9 @@
Source11: rc%{name}
Patch1: %{name}-2.3-plugin-man.dif
Patch6: %{name}-fips140-2.3.2.patch
+Patch7: openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch
+Patch8: openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
+Patch9: 0001-preform-deferred-authentication-in-the-background.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: iproute2
BuildRequires: lzo-devel
@@ -135,6 +138,9 @@
%setup -q -n %{name}-%{version}
%patch1 -p0
%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
-i src/openvpn/options.c
++ 0001-preform-deferred-authentication-in-the-background.patch ++
>From 8c39dbd45d3551e838310732a73e05f6d2d2e784 Mon Sep 17 00:00:00 2001
From: Nirmoy Das
Date: Thu, 12 May 2016 12:08:56 +0200
Subject: [PATCH] preform deferred authentication in the background to not
cause main daemon processing delays when the underlying pam mechanism (e.g.
ldap) needs longer to response.
References: bsc#959511
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index bd71792..119fc31 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -55,6 +55,7 @@
/* Command codes for foreground -> background communication */
#define COMMAND_VERIFY 0
#define COMMAND_EXIT 1
+#define COMMAND_VERIFY_V2 2
/* Response codes for background -> foreground communication */
#define RESPONSE_INIT_SUCCEEDED 10
@@ -108,6 +109,7 @@ struct user_pass {
char username[128];
char password[128];
char common_name[128];
+ char auth_control_file[PATH_MAX];
const struct name_value_list *name_value_list;
};
@@ -687,6 +689,21 @@ pam_auth (const char *service, const struct user_pass *up)
return ret;
}
+static int handle_auth_control_file(char *auth_control_file, int status)
+{
+ FILE *fp = fopen(auth_control_file, "w");
+
+ if (fp) {
+ if (fprintf (fp, "%d\n", status) < 0) {
+ fclose(fp);
+ return -1;
+ }
+ fclose(fp);
+ return 0;
+ }
+ return -1;
+}
+
/*
* Background process -- runs with privilege.
*/
@@ -781,6 +798,41 @@ pam_server (int fd, const char *service, int verb, const
struct name_value_list
}
break;
+ case COMMAND_VERIFY_V2:
+ if (recv_string (fd, up.username, sizeof (up.username)) == -1
+ || recv_string (fd, up.password, sizeof (up.password))
== -1
+ || recv_string (fd, up.common_name, sizeof
(up.common_name)) == -1
+ || recv_string (fd, up.auth_control_file, sizeof
(up.auth_control_file)) == -1)
+ {
+ fprintf (stderr, "AUTH-PAM: BACKGROUND: read error on
command channel: code=%d, exiting\n",
+ command);
+ goto done;
+ }
+
+ if (DEBUG (verb))
+ {
+#if 0
+ fprintf
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2017-01-25 23:33:47
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-01-10
10:52:01.367138159 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-01-25
23:33:51.207649062 +0100
@@ -1,0 +2,34 @@
+Sun Jan 22 15:21:17 UTC 2017 - mrueck...@suse.de
+
+- silence warning about %{_rundir}/openvpn
+ - for non systemd case: just package the %{_rundir}/openvpn in
+the package
+ - for systemd case: call systemd-tmpfiles and own the dir as
+%ghost in the filelist
+
+---
+Sun Jan 22 14:51:44 UTC 2017 - mrueck...@suse.de
+
+- refreshed patches to apply cleanly again
+ openvpn-2.3-plugin-man.dif
+ openvpn-fips140-2.3.2.patch
+
+---
+Sun Jan 22 14:47:39 UTC 2017 - mrueck...@suse.de
+
+- update to 2.3.14
+ - update year in copyright message
+ - Document the --auth-token option
+ - Repair topology subnet on FreeBSD 11
+ - Repair topology subnet on OpenBSD
+ - Drop recursively routed packets
+ - Support --block-outside-dns on multiple tunnels
+ - When parsing '--setenv opt xx ..' make sure a third parameter
+is present
+ - Map restart signals from event loop to SIGTERM during
+exit-notification wait
+ - Correctly state the default dhcp server address in man page
+ - Clean up format_hex_ex()
+- enabled pkcs11 support
+
+---
Old:
openvpn-2.3.13.tar.xz
openvpn-2.3.13.tar.xz.asc
New:
openvpn-2.3.14.tar.xz
openvpn-2.3.14.tar.xz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.NzaYsJ/_old 2017-01-25 23:33:52.127510450 +0100
+++ /var/tmp/diff_new_pack.NzaYsJ/_new 2017-01-25 23:33:52.131509847 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,7 +32,7 @@
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.3.13
+Version:2.3.14
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@@ -154,6 +154,7 @@
--enable-iproute2 \
--enable-x509-alt-username \
--enable-password-save \
+ --enable-pkcs11 \
%if %{with_systemd}
--enable-systemd\
%endif
@@ -194,8 +195,8 @@
find sample -name .gitignore | xargs rm -f
%post
-%__mkdir_p -m750 %{_rundir}/openvpn
%if %{with_systemd}
+systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf ||:
%service_add_post %{name}.target
# try to migrate openvpn.service autostart to openvpn@.service
if test ${FIRST_ARG:-$1} -ge 1 -a \
@@ -265,13 +266,14 @@
%{_unitdir}/%{name}@.service
%{_unitdir}/%{name}.target
%{_libexecdir}/tmpfiles.d/%{name}.conf
+%dir %attr(0750,root,root) %ghost %{_rundir}/openvpn/
%else
%config %{_sysconfdir}/init.d/openvpn
/var/adm/fillup-templates/sysconfig.openvpn
+%dir %attr(750,root,root) %{_rundir}/openvpn/
%endif
%{_sbindir}/rcopenvpn
%{_sbindir}/openvpn
-%attr(0750,root,root) %dir %ghost %{_rundir}/openvpn
%files down-root-plugin
%defattr(-,root,root)
++ openvpn-2.3-plugin-man.dif ++
--- /var/tmp/diff_new_pack.NzaYsJ/_old 2017-01-25 23:33:52.191500807 +0100
+++ /var/tmp/diff_new_pack.NzaYsJ/_new 2017-01-25 23:33:52.191500807 +0100
@@ -1,6 +1,8 @@
doc/openvpn.8
-+++ doc/openvpn.8 2015/03/02 08:58:02
-@@ -2569,12 +2569,11 @@ plug-in modules, see the README file in
+Index: doc/openvpn.8
+===
+--- doc/openvpn.8.orig
doc/openvpn.8
+@@ -2690,12 +2690,11 @@ plug-in modules, see the README file in
.B plugin
folder of the OpenVPN source distribution.
++ openvpn-2.3.13.tar.xz -> openvpn-2.3.14.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openvpn-2.3.13/ChangeLog new/openvpn-2.3.14/ChangeLog
--- old/openvpn-2.3.13/ChangeLog2016-11-03 09:52:28.0 +0100
+++ new/openvpn-2.3.14/ChangeLog2016-12-07 12:35:43.0 +0100
@@ -1,6 +1,30 @@
OpenVPN Change Log
Copyright (C) 2002-2015 OpenVPN Technologies,
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2016-11-29 12:50:18
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2016-09-16
11:01:44.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2016-11-29
12:50:19.0 +0100
@@ -1,0 +2,6 @@
+Mon Nov 28 16:33:34 UTC 2016 - matwey.korni...@gmail.com
+
+- Require iproute2 explicitly. openvpn uses /bin/ip from iproute2,
+ so it should be installed
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.mKyYnz/_old 2016-11-29 12:50:20.0 +0100
+++ /var/tmp/diff_new_pack.mKyYnz/_new 2016-11-29 12:50:20.0 +0100
@@ -67,6 +67,7 @@
%if %{with_systemd}
BuildRequires: systemd-devel
%endif
+Requires: iproute2
BuildRequires: xz
%description
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2016-09-16 11:01:41
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2016-06-07
23:48:42.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2016-09-16
11:01:44.0 +0200
@@ -1,0 +2,8 @@
+Thu Sep 8 13:26:16 UTC 2016 - astie...@suse.com
+
+- Add an example for a FIPS 140-2 approved cipher configuration to
+ the sample configuration files. Fixes bsc#988522
+ adding openvpn-fips140-AES-cipher-in-config-template.patch
+- remove gpg-offline signature verification, now a source service
+
+---
New:
openvpn-fips140-AES-cipher-in-config-template.patch
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.zI3Rao/_old 2016-09-16 11:01:46.0 +0200
+++ /var/tmp/diff_new_pack.zI3Rao/_new 2016-09-16 11:01:46.0 +0200
@@ -52,8 +52,8 @@
Patch1: %{name}-2.3-plugin-man.dif
Patch5: %{name}-2.3.0-man-dot.diff
Patch6: %{name}-fips140-2.3.2.patch
+Patch7: openvpn-fips140-AES-cipher-in-config-template.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: gpg-offline
BuildRequires: iproute2
BuildRequires: lzo-devel
BuildRequires: openssl-devel
@@ -133,11 +133,11 @@
This package provides the header file to build external plugins.
%prep
-%gpg_verify %{S:1}
%setup -q -n %{name}-%{version}
%patch1 -p0
%patch5 -p0
%patch6 -p1
+%patch7 -p1
sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
-i src/openvpn/options.c
++ openvpn-fips140-AES-cipher-in-config-template.patch ++
From: Andreas Stieger
Date: Thu, 08 Sep 2016 15:23:12 +0200
Subject: Add an example for a FIPS 140-2 approved cipher configuration to the
sample configuration file
References: bsc#988522
https://github.com/OpenVPN/openvpn/commit/bde1b90da0db2d68d13d274102986f0ca7096c00
Upstream: no
The 2.3 default is blowfish which does not work in FIPS mode.
This change was done in 2.4, and 2.4 will negotiate AES-256-GCM in TLS mode.
Index: openvpn-2.3.8/sample/sample-config-files/client.conf
===
--- openvpn-2.3.8.orig/sample/sample-config-files/client.conf 2015-07-17
07:43:32.0 +0200
+++ openvpn-2.3.8/sample/sample-config-files/client.conf2016-09-08
15:12:32.650248879 +0200
@@ -111,6 +111,8 @@ remote-cert-tls server
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
+# Use a FIPS 140-2 approved cipher in FIPS mode
+;cipher AES-256-CBC # AES-256
# Enable compression on the VPN link.
# Don't enable this unless it is also
Index: openvpn-2.3.8/sample/sample-config-files/server.conf
===
--- openvpn-2.3.8.orig/sample/sample-config-files/server.conf 2015-07-17
07:43:32.0 +0200
+++ openvpn-2.3.8/sample/sample-config-files/server.conf2016-09-08
15:11:55.869874892 +0200
@@ -249,6 +249,8 @@ keepalive 10 120
;cipher BF-CBC# Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
+# Use a FIPS 140-2 approved cipher in FIPS mode
+;cipher AES-256-CBC # AES-256
# Enable compression on the VPN link.
# If you enable it here, you must also
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2016-06-07 23:48:41
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2016-01-07
00:25:26.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2016-06-07
23:48:42.0 +0200
@@ -1,0 +2,13 @@
+Tue May 10 16:16:02 UTC 2016 - idon...@suse.com
+
+- Update to version 2.3.11
+ * Fixed port-share bug with DoS potential
+ * Fix buffer overflow by user supplied data
+ * Fix undefined signed shift overflow
+ * Ensure input read using systemd-ask-password is null terminated
+ * Support reading the challenge-response from console
+ * hardening: add safe FD_SET() wrapper openvpn_fd_set()
+ * Restrict default TLS cipher list
+- Add BuildRequires on xz for SLE11
+
+---
Old:
openvpn-2.3.10.tar.gz
openvpn-2.3.10.tar.gz.asc
New:
openvpn-2.3.11.tar.xz
openvpn-2.3.11.tar.xz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.Yymv6f/_old 2016-06-07 23:48:43.0 +0200
+++ /var/tmp/diff_new_pack.Yymv6f/_new 2016-06-07 23:48:43.0 +0200
@@ -32,13 +32,13 @@
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.3.10
+Version:2.3.11
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
Group: Productivity/Networking/Security
-Source:
http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz
-Source1:
http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz.asc
+Source:
https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz
+Source1:
https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz.asc
Source2:%{name}.init
Source6:%{name}.sysconfig
Source3:%{name}.README.SUSE
@@ -67,6 +67,7 @@
%if %{with_systemd}
BuildRequires: systemd-devel
%endif
+BuildRequires: xz
%description
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2016-01-07 00:25:14
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2015-12-20
10:52:43.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2016-01-07
00:25:26.0 +0100
@@ -1,0 +2,34 @@
+Mon Jan 4 17:22:37 UTC 2016 - idon...@suse.com
+
+- Update to version 2.3.10
+ * Warn user if their certificate has expired
+ * Fix regression in setups without a client certificate
+
+---
+Wed Dec 16 14:30:49 UTC 2015 - idon...@suse.com
+
+- Update to version 2.3.9
+ * Show extra-certs in current parameters.
+ * Do not set the buffer size by default but rely on the operation system
default.
+ * Remove --enable-password-save option
+ * Detect config lines that are too long and give a warning/error
+ * Log serial number of revoked certificate
+ * Avoid partial authentication state when using --disabled in CCD configs
+ * Replace unaligned 16bit access to TCP MSS value with bytewise access
+ * Fix possible heap overflow on read accessing getaddrinfo() result.
+ * Fix isatty() check for good. (obsoletes revert-daemonize.patch)
+ * Client-side part for server restart notification
+ * Fix privilege drop if first connection attempt fails
+ * Support for username-only auth file.
+ * Increase control channel packet size for faster handshakes
+ * hardening: add insurance to exit on a failed ASSERT()
+ * Fix memory leak in auth-pam plugin
+ * Fix (potential) memory leak in init_route_list()
+ * Fix unintialized variable in plugin_vlog()
+ * Add macro to ensure we exit on fatal errors
+ * Fix memory leak in add_option() by simplifying get_ipv6_addr
+ * openssl: properly check return value of RAND_bytes()
+ * Fix rand_bytes return value checking
+ * Fix "White space before end tags can break the config parser"
+
+---
Old:
openvpn-2.3.8.tar.gz
openvpn-2.3.8.tar.gz.asc
revert-daemonize.patch
New:
openvpn-2.3.10.tar.gz
openvpn-2.3.10.tar.gz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.dlC3Ne/_old 2016-01-07 00:25:28.0 +0100
+++ /var/tmp/diff_new_pack.dlC3Ne/_new 2016-01-07 00:25:28.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,7 +32,7 @@
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.3.8
+Version:2.3.10
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@@ -52,7 +52,6 @@
Patch1: %{name}-2.3-plugin-man.dif
Patch5: %{name}-2.3.0-man-dot.diff
Patch6: %{name}-fips140-2.3.2.patch
-Patch7: revert-daemonize.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gpg-offline
BuildRequires: iproute2
@@ -138,7 +137,7 @@
%patch1 -p0
%patch5 -p0
%patch6 -p1
-%patch7 -p1
+
sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
-i src/openvpn/options.c
sed -e "s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g" \
++ openvpn-2.3.8.tar.gz -> openvpn-2.3.10.tar.gz ++
4350 lines of diff (skipped)
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2015-12-20 10:52:41
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is "openvpn"
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2015-08-23
17:45:54.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2015-12-20
10:52:43.0 +0100
@@ -1,0 +2,5 @@
+Thu Dec 3 14:07:17 UTC 2015 - m...@suse.com
+
+- Adjust /var/run to _rundir macro value in openvpn@.service too.
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.EDjZOx/_old 2015-12-20 10:52:44.0 +0100
+++ /var/tmp/diff_new_pack.EDjZOx/_new 2015-12-20 10:52:44.0 +0100
@@ -144,6 +144,8 @@
sed -e "s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g" \
-e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \
-i doc/openvpn.8
+sed -e "s|/var/run|%{_rundir}|g" < \
+$RPM_SOURCE_DIR/%{name}.service > %{name}.service
# %%doc items shouldn't be executable.
find contrib sample -type f -exec chmod a-x \{\} \;
@@ -172,7 +174,7 @@
mkdir -p $RPM_BUILD_ROOT/%{_rundir}/openvpn
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn
%if %{with_systemd}
-install -D -m 644 $RPM_SOURCE_DIR/%{name}.service
%{buildroot}/%{_unitdir}/%{name}@.service
+install -D -m 644 %{name}.service %{buildroot}/%{_unitdir}/%{name}@.service
install -D -m 644 $RPM_SOURCE_DIR/%{name}.target
%{buildroot}/%{_unitdir}/%{name}.target
install -D -m 755 $RPM_SOURCE_DIR/rc%{name} %{buildroot}%{_sbindir}/rc%{name}
# tmpfiles.d
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2015-08-23 15:43:34
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2015-08-17
15:35:12.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2015-08-23
17:45:54.0 +0200
@@ -1,0 +2,6 @@
+Thu Aug 20 08:43:33 UTC 2015 - m...@suse.com
+
+- Removed obsolete --with-lzo-headers option, readded LFS_CFLAGS.
+- Moved openvpn-plugin.h into a devel package, removed .gitignore
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.NlbTzL/_old 2015-08-23 17:45:55.0 +0200
+++ /var/tmp/diff_new_pack.NlbTzL/_new 2015-08-23 17:45:55.0 +0200
@@ -124,6 +124,14 @@
even if you drop openvpn daemon privileges using the user, group, or
chroot directives.
+%package devel
+Summary:OpenVPN plugin header
+Group: Development/Libraries/C and C++
+Requires: %{name} = %{version}
+
+%description devel
+This package provides the header file to build external plugins.
+
%prep
%gpg_verify %{S:1}
%setup -q -n %{name}-%{version}
@@ -153,8 +161,7 @@
--enable-plugins\
--enable-plugin-down-root \
--enable-plugin-auth-pam\
- --with-lzo-headers=%_includedir/lzo \
- CFLAGS=$CFLAGS -fPIE $PLUGIN_DEFS \
+ CFLAGS=$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS \
LDFLAGS=$LDFLAGS -pie -lpam -rdynamic
-Wl,-rpath,%{_libdir}/%{name}/plugins
make
@@ -185,6 +192,7 @@
# we install docs via spec into _defaultdocdir/name/management-notes.txt
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
+find sample -name .gitignore | xargs rm -f
%post
%__mkdir_p -m750 %{_rundir}/openvpn
@@ -265,7 +273,6 @@
%{_sbindir}/rcopenvpn
%{_sbindir}/openvpn
%attr(0750,root,root) %dir %ghost %{_rundir}/openvpn
-%{_includedir}/%{name}-plugin.h
%files down-root-plugin
%defattr(-,root,root)
@@ -279,4 +286,8 @@
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so
+%files devel
+%defattr(-,root,root)
+%{_includedir}/%{name}-plugin.h
+
%changelog
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2015-08-17 15:35:10
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2015-08-11
08:27:06.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2015-08-17
15:35:12.0 +0200
@@ -1,0 +2,7 @@
+Thu Aug 13 08:29:35 UTC 2015 - idon...@suse.com
+
+- Add revert-daemonize.patch, looks like under systemd the stdin
+ and stdout are not TTYs by default. This reverts to previous
+ behaviour fixing bsc#941569
+
+---
New:
revert-daemonize.patch
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.GZqkMp/_old 2015-08-17 15:35:13.0 +0200
+++ /var/tmp/diff_new_pack.GZqkMp/_new 2015-08-17 15:35:13.0 +0200
@@ -52,6 +52,7 @@
Patch1: %{name}-2.3-plugin-man.dif
Patch5: %{name}-2.3.0-man-dot.diff
Patch6: %{name}-fips140-2.3.2.patch
+Patch7: revert-daemonize.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gpg-offline
BuildRequires: iproute2
@@ -129,6 +130,7 @@
%patch1 -p0
%patch5 -p0
%patch6 -p1
+%patch7 -p1
sed -e s|\ __DATE__|$(date '+%b %e %Y' -r version.m4)\|g \
-i src/openvpn/options.c
sed -e s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g \
++ revert-daemonize.patch ++
Index: openvpn-2.3.8/src/openvpn/misc.c
===
--- openvpn-2.3.8.orig/src/openvpn/misc.c
+++ openvpn-2.3.8/src/openvpn/misc.c
@@ -1088,12 +1088,6 @@ get_user_pass_cr (struct user_pass *up,
*/
else if (from_stdin)
{
-#ifndef WIN32
- /* did we --daemon'ize before asking for passwords? */
- if ( !isatty(0) !isatty(2) )
- { msg(M_FATAL, neither stdin nor stderr are a tty device, can't
ask for %s password. If you used --daemon, you need to use --askpass to make
passphrase-protected keys work, and you can not use --auth-nocache., prefix );
}
-#endif
-
#ifdef ENABLE_CLIENT_CR
if (auth_challenge (flags GET_USER_PASS_DYNAMIC_CHALLENGE))
{
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2015-08-11 08:27:04 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) Package is openvpn Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2015-06-30 10:16:18.0 +0200 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2015-08-11 08:27:06.0 +0200 @@ -1,0 +2,17 @@ +Wed Aug 5 12:03:33 UTC 2015 - idon...@suse.com + +- Update to version 2.3.8 + * Report missing endtags of inline files as warnings + * Fix commit e473b7c if an inline file happens to have a +line break exactly at buffer limit + * Produce a meaningful error message if --daemon gets in the way of +asking for passwords. + * Document --daemon changes and consequences (--askpass, --auth-nocache) + * Del ipv6 addr on close of linux tun interface + * Fix --askpass not allowing for password input via stdin + * Write pid file immediately after daemonizing + * Fix regression: query password before becoming daemon + * Fix using management interface to get passwords + * Fix overflow check in openvpn_decrypt() + +--- Old: openvpn-2.3.7.tar.gz openvpn-2.3.7.tar.gz.asc New: openvpn-2.3.8.tar.gz openvpn-2.3.8.tar.gz.asc Other differences: -- ++ openvpn.spec ++ --- /var/tmp/diff_new_pack.WcwPm0/_old 2015-08-11 08:27:07.0 +0200 +++ /var/tmp/diff_new_pack.WcwPm0/_new 2015-08-11 08:27:07.0 +0200 @@ -32,7 +32,7 @@ %else PreReq: %insserv_prereq %fillup_prereq %endif -Version:2.3.7 +Version:2.3.8 Release:0 Summary:Full-featured SSL VPN solution using a TUN/TAP Interface License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 ++ openvpn-2.3.7.tar.gz - openvpn-2.3.8.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.7/ChangeLog new/openvpn-2.3.8/ChangeLog --- old/openvpn-2.3.7/ChangeLog 2015-06-08 08:16:35.0 +0200 +++ new/openvpn-2.3.8/ChangeLog 2015-08-04 09:24:25.0 +0200 @@ -1,6 +1,29 @@ OpenVPN Change Log Copyright (C) 2002-2015 OpenVPN Technologies, Inc. sa...@openvpn.net +2015.08.03 -- Version 2.3.8 +Arne Schwabe (2): + Report missing endtags of inline files as warnings + Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit + +Gert Doering (2): + Produce a meaningful error message if --daemon gets in the way of asking for passwords. + Document --daemon changes and consequences (--askpass, --auth-nocache). + +Holger Kummert (1): + Del ipv6 addr on close of linux tun interface + +James Geboski (1): + Fix --askpass not allowing for password input via stdin + +Steffan Karger (5): + write pid file immediately after daemonizing + Make __func__ work with Visual Studio too + fix regression: query password before becoming daemon + Fix using management interface to get passwords. + Fix overflow check in openvpn_decrypt() + + 2015.06.02 -- Version 2.3.7 Alexander Pyhalov (1): Default gateway can't be determined on illumos/Solaris platforms diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.7/aclocal.m4 new/openvpn-2.3.8/aclocal.m4 --- old/openvpn-2.3.7/aclocal.m42015-06-08 08:19:03.0 +0200 +++ new/openvpn-2.3.8/aclocal.m42015-08-04 09:29:52.0 +0200 @@ -103,9 +103,10 @@ # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], -[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl -# Expand $ac_aux_dir to an absolute path. -am_aux_dir=`cd $ac_aux_dir pwd` +[dnl Rely on autoconf to set up CDPATH properly. +AC_PREREQ([2.50])dnl +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir pwd` ]) # AM_CONDITIONAL-*- Autoconf -*- @@ -572,8 +573,7 @@ END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi -fi -]) +fi]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openvpn-2.3.7/config.sub new/openvpn-2.3.8/config.sub --- old/openvpn-2.3.7/config.sub2015-06-01 11:10:52.0 +0200 +++ new/openvpn-2.3.8/config.sub2015-08-04 09:29:54.0 +0200 @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2014 Free Software Foundation, Inc.
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2015-06-30 10:16:16 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) Package is openvpn Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2015-03-11 09:58:00.0 +0100 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2015-06-30 10:16:18.0 +0200 @@ -1,0 +2,35 @@ +Tue Jun 9 15:51:06 UTC 2015 - idon...@suse.com + +- Update to version 2.3.7 + * down-root plugin: Replaced system() calls with execve() + * sockets: Remove the limitation of --tcp-nodelay to be server-only + * pkcs11: Load p11-kit-proxy.so module by default + * New approach to handle peer-id related changes to link-mtu + * Fix incorrect use of get_ipv6_addr() for iroute options + * Print helpful error message on --mktun/--rmtun if not available + * Explain effect of --topology subnet on --ifconfig + * Add note about file permissions and --crl-verify to manpage + * Repair --dev null breakage caused by db950be85d37 + * Correct note about DNS randomization in openvpn.8 + * Disallow usage of --server-poll-timeout in --secret key mode + * Slightly enhance documentation about --cipher + * On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo() + * Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo() + * Fix --redirect-private in --dev tap mode + * Updated manpage for --rport and --lport + * Properly escape dashes on the man-page + * Improve documentation in --script-security section of the man-page + * Really fix '--cipher none' regression + * Set tls-version-max to 1.1 if cryptoapicert is used + * Account for peer-id in frame size calculation + * Disable SSL compression + * Fix frame size calculation for non-CBC modes. + * Allow for CN/username of 64 characters (fixes off-by-one) + * Re-enable TLS version negotiation by default + * Remove size limit for files inlined in config + * Improve --tls-cipher and --show-tls man page description + * Re-read auth-user-pass file on (re)connect if required + * Clarify --capath option in manpage + * Call daemon() before initializing crypto library + +--- Old: openvpn-2.3.6.tar.gz openvpn-2.3.6.tar.gz.asc New: openvpn-2.3.7.tar.gz openvpn-2.3.7.tar.gz.asc Other differences: -- ++ openvpn.spec ++ --- /var/tmp/diff_new_pack.afNh9b/_old 2015-06-30 10:16:19.0 +0200 +++ /var/tmp/diff_new_pack.afNh9b/_new 2015-06-30 10:16:19.0 +0200 @@ -32,7 +32,7 @@ %else PreReq: %insserv_prereq %fillup_prereq %endif -Version:2.3.6 +Version:2.3.7 Release:0 Summary:Full-featured SSL VPN solution using a TUN/TAP Interface License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 ++ openvpn-2.3.6.tar.gz - openvpn-2.3.7.tar.gz ++ 8142 lines of diff (skipped)
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2015-03-11 09:57:59
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2015-02-27
11:00:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2015-03-11
09:58:00.0 +0100
@@ -2 +2 @@
-Wed Feb 18 17:20:46 UTC 2015 - m...@suse.de
+Mon Mar 2 08:26:08 UTC 2015 - m...@suse.de
@@ -4 +4,3 @@
-- Fixed to use correct sha digest data length (boo#914166)
+- Fixed to use correct sha digest data length and in fips mode,
+ use aes instead of the disallowed blowfish crypto (boo#914166).
+- Fixed to provide actual plugin/doc dirs in openvpn(8) man page.
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.BgQ9kc/_old 2015-03-11 09:58:01.0 +0100
+++ /var/tmp/diff_new_pack.BgQ9kc/_new 2015-03-11 09:58:01.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -129,7 +129,11 @@
%patch1 -p0
%patch5 -p0
%patch6 -p1
-sed -e s|\ __DATE__|$(date '+%b %e %Y' -r version.m4)\|g -i
src/openvpn/options.c
+sed -e s|\ __DATE__|$(date '+%b %e %Y' -r version.m4)\|g \
+-i src/openvpn/options.c
+sed -e s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g \
+-e s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g \
+-i doc/openvpn.8
# %%doc items shouldn't be executable.
find contrib sample -type f -exec chmod a-x \{\} \;
@@ -148,8 +152,8 @@
--enable-plugin-down-root \
--enable-plugin-auth-pam\
--with-lzo-headers=%_includedir/lzo \
- CFLAGS=$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS \
- LDFLAGS=$LDFLAGS -pie -lpam -rdynamic
-Wl,-rpath,%{_libdir}/%{name}/plugin/lib
+ CFLAGS=$CFLAGS -fPIE $PLUGIN_DEFS \
+ LDFLAGS=$LDFLAGS -pie -lpam -rdynamic
-Wl,-rpath,%{_libdir}/%{name}/plugins
make
%install
++ openvpn-2.3-plugin-man.dif ++
--- /var/tmp/diff_new_pack.BgQ9kc/_old 2015-03-11 09:58:01.0 +0100
+++ /var/tmp/diff_new_pack.BgQ9kc/_new 2015-03-11 09:58:01.0 +0100
@@ -1,20 +1,20 @@
-Index: openvpn.8
-===
doc/openvpn.8.orig
-+++ doc/openvpn.8
-@@ -2563,11 +2563,10 @@
+--- doc/openvpn.8
doc/openvpn.8 2015/03/02 08:58:02
+@@ -2569,12 +2569,11 @@ plug-in modules, see the README file in
+ .B plugin
folder of the OpenVPN source distribution.
- If you are using an RPM install of OpenVPN, see
+-If you are using an RPM install of OpenVPN, see
-/usr/share/openvpn/plugin. The documentation is
-in
-.B doc
-and the actual plugin modules are in
-.B lib.
-+@PLUGIN_DIR@. The actual plugin modules are in
++If you are using an RPM install of OpenVPN, the actual
++plugin modules are in
+.B @PLUGIN_LIBDIR@
+and the documentation is in
-+.B @PLUGIN_DOCDIR@.
++.B @PLUGIN_DOCDIR@/README.plugin-name.
Multiple plugin modules can be cascaded, and modules can be
used in tandem with scripts. The modules will be called by
++ openvpn-fips140-2.3.2.patch ++
--- /var/tmp/diff_new_pack.BgQ9kc/_old 2015-03-11 09:58:01.0 +0100
+++ /var/tmp/diff_new_pack.BgQ9kc/_new 2015-03-11 09:58:01.0 +0100
@@ -1,6 +1,5 @@
-diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_backend.h
openvpn-2.3.2/src/openvpn/crypto_backend.h
openvpn-2.3.2.orig/src/openvpn/crypto_backend.h2013-08-13
03:24:16.465313821 +0200
-+++ openvpn-2.3.2/src/openvpn/crypto_backend.h 2013-08-13 05:55:40.914256287
+0200
+--- openvpn-2.3.2/src/openvpn/crypto_backend.h
openvpn-2.3.2/src/openvpn/crypto_backend.h 2015/02/19 09:15:02
@@ -452,10 +452,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_
* @param key The key to use for the HMAC
* @param key_len The key length to use
@@ -14,9 +13,8 @@
/*
* Free the given HMAC context.
-diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto.c
openvpn-2.3.2/src/openvpn/crypto.c
openvpn-2.3.2.orig/src/openvpn/crypto.c2013-08-13 03:24:16.466313824
+0200
-+++ openvpn-2.3.2/src/openvpn/crypto.c 2013-08-13 05:54:09.655008218 +0200
+--- openvpn-2.3.2/src/openvpn/crypto.c
openvpn-2.3.2/src/openvpn/crypto.c 2015/02/19 09:15:02
@@ -486,7 +486,7 @@ init_key_ctx (struct key_ctx *ctx, struc
if (kt-digest kt-hmac_length 0)
{
@@ -104,9 +102,8 @@
}
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2015-02-27 10:59:47
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2014-12-03
22:48:19.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2015-02-27
11:00:24.0 +0100
@@ -1,0 +2,5 @@
+Wed Feb 18 17:20:46 UTC 2015 - m...@suse.de
+
+- Fixed to use correct sha digest data length (boo#914166)
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.Yh4grf/_old 2015-02-27 11:00:26.0 +0100
+++ /var/tmp/diff_new_pack.Yh4grf/_new 2015-02-27 11:00:26.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
++ openvpn-fips140-2.3.2.patch ++
--- /var/tmp/diff_new_pack.Yh4grf/_old 2015-02-27 11:00:26.0 +0100
+++ /var/tmp/diff_new_pack.Yh4grf/_new 2015-02-27 11:00:26.0 +0100
@@ -121,8 +121,9 @@
};
-struct md5_digest {
+- uint8_t digest [MD5_DIGEST_LENGTH];
+struct sha1_digest {
- uint8_t digest [MD5_DIGEST_LENGTH];
++ uint8_t digest [SHA_DIGEST_LENGTH];
};
-const char *md5sum(uint8_t *buf, int len, int n_print_chars, struct gc_arena
*gc);
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2014-12-03 22:47:57 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) Package is openvpn Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2014-11-07 09:06:41.0 +0100 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2014-12-03 22:48:19.0 +0100 @@ -1,0 +2,8 @@ +Mon Dec 1 19:37:29 UTC 2014 - m...@suse.de + +- Update to version 2.3.6 fixing a denial-of-service vulnerability + where an authenticated client could stop the server by triggering + a server-side ASSERT (bnc#907764,CVE-2014-8104). + See ChangeLog file for a complete list of changes. + +--- Old: openvpn-2.3.5.tar.gz openvpn-2.3.5.tar.gz.asc New: openvpn-2.3.6.tar.gz openvpn-2.3.6.tar.gz.asc Other differences: -- ++ openvpn.spec ++ --- /var/tmp/diff_new_pack.RqeCqG/_old 2014-12-03 22:48:20.0 +0100 +++ /var/tmp/diff_new_pack.RqeCqG/_new 2014-12-03 22:48:20.0 +0100 @@ -32,7 +32,7 @@ %else PreReq: %insserv_prereq %fillup_prereq %endif -Version:2.3.5 +Version:2.3.6 Release:0 Summary:Full-featured SSL VPN solution using a TUN/TAP Interface License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 ++ openvpn-2.3.5.tar.gz - openvpn-2.3.6.tar.gz ++ 1918 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2014-11-07 09:06:08
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2014-08-28
21:05:51.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2014-11-07
09:06:41.0 +0100
@@ -1,0 +2,7 @@
+Thu Oct 30 12:28:48 UTC 2014 - idon...@suse.com
+
+- Update to version 2.3.5
+ * See included changelog
+- Depend on systemd-devel for the daemon check functionality
+
+---
Old:
openvpn-2.3.4.tar.gz
openvpn-2.3.4.tar.gz.asc
New:
openvpn-2.3.5.tar.gz
openvpn-2.3.5.tar.gz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.Oa97nk/_old 2014-11-07 09:06:42.0 +0100
+++ /var/tmp/diff_new_pack.Oa97nk/_new 2014-11-07 09:06:42.0 +0100
@@ -32,7 +32,7 @@
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.3.4
+Version:2.3.5
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@@ -65,7 +65,7 @@
BuildRequires: pkcs11-helper-devel
Requires: pkcs11-helper
%if %{with_systemd}
-BuildRequires: systemd
+BuildRequires: systemd-devel
%endif
%description
++ openvpn-2.3.4.tar.gz - openvpn-2.3.5.tar.gz ++
2713 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2014-08-28 21:05:32 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) Package is openvpn Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2014-06-10 14:39:20.0 +0200 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2014-08-28 21:05:51.0 +0200 @@ -1,0 +2,7 @@ +Mon Aug 25 09:12:08 UTC 2014 - idon...@suse.com + +- Update to version 2.3.4 + * Add support for client-cert-not-required for PolarSSL. + * Introduce safety check for http proxy options. + +--- Old: openvpn-2.3.2.tar.gz openvpn-2.3.2.tar.gz.asc New: openvpn-2.3.4.tar.gz openvpn-2.3.4.tar.gz.asc Other differences: -- ++ openvpn.spec ++ --- /var/tmp/diff_new_pack.zEaw7q/_old 2014-08-28 21:05:52.0 +0200 +++ /var/tmp/diff_new_pack.zEaw7q/_new 2014-08-28 21:05:52.0 +0200 @@ -32,7 +32,7 @@ %else PreReq: %insserv_prereq %fillup_prereq %endif -Version:2.3.2 +Version:2.3.4 Release:0 Summary:Full-featured SSL VPN solution using a TUN/TAP Interface License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 ++ openvpn-2.3.2.tar.gz - openvpn-2.3.4.tar.gz ++ 13864 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2014-06-10 14:39:19
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2014-05-21
16:20:42.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2014-06-10
14:39:20.0 +0200
@@ -1,0 +2,5 @@
+Mon May 26 15:41:34 UTC 2014 - crrodrig...@opensuse.org
+
+- Build with large file support in 32 bit systems.
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.NMkW6H/_old 2014-06-10 14:39:21.0 +0200
+++ /var/tmp/diff_new_pack.NMkW6H/_new 2014-06-10 14:39:21.0 +0200
@@ -135,7 +135,7 @@
find contrib sample -type f -exec chmod a-x \{\} \;
%build
-export CFLAGS=$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing
+export CFLAGS=$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -W -Wall
-fno-strict-aliasing
export LDFLAGS
%configure \
--enable-iproute2 \
@@ -148,7 +148,7 @@
--enable-plugin-down-root \
--enable-plugin-auth-pam\
--with-lzo-headers=%_includedir/lzo \
- CFLAGS=$CFLAGS -fPIE $PLUGIN_DEFS \
+ CFLAGS=$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS \
LDFLAGS=$LDFLAGS -pie -lpam -rdynamic
-Wl,-rpath,%{_libdir}/%{name}/plugin/lib
make
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2014-05-21 16:20:41
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2014-01-23
15:50:51.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2014-05-21
16:20:42.0 +0200
@@ -1,0 +2,6 @@
+Sun May 11 07:58:52 UTC 2014 - co...@suse.com
+
+- use %_rundir for %ghost directory - leaving /var/run everywhere
+ else
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.oqpxhI/_old 2014-05-21 16:20:46.0 +0200
+++ /var/tmp/diff_new_pack.oqpxhI/_new 2014-05-21 16:20:46.0 +0200
@@ -21,6 +21,9 @@
%else
%define with_systemd 0
%endif
+%if ! %{defined _rundir}
+%define _rundir %{_localstatedir}/run
+%endif
Name: openvpn
Url:http://openvpn.net/
@@ -153,7 +156,7 @@
make DESTDIR=$RPM_BUILD_ROOT install
find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn
-mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn
+mkdir -p $RPM_BUILD_ROOT/%{_rundir}/openvpn
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn
%if %{with_systemd}
install -D -m 644 $RPM_SOURCE_DIR/%{name}.service
%{buildroot}/%{_unitdir}/%{name}@.service
@@ -178,7 +181,7 @@
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
%post
-%__mkdir_p -m750 %{_localstatedir}/run/openvpn
+%__mkdir_p -m750 %{_rundir}/openvpn
%if %{with_systemd}
%service_add_post %{name}.target
# try to migrate openvpn.service autostart to openvpn@CONF.service
@@ -255,7 +258,7 @@
%endif
%{_sbindir}/rcopenvpn
%{_sbindir}/openvpn
-%attr(0750,root,root) %dir %ghost %{_localstatedir}/run/openvpn
+%attr(0750,root,root) %dir %ghost %{_rundir}/openvpn
%{_includedir}/%{name}-plugin.h
%files down-root-plugin
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2014-01-20 16:24:24
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2014-01-14
19:52:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2014-01-23
15:50:51.0 +0100
@@ -7,0 +8,7 @@
+Thu Jan 9 14:14:19 UTC 2014 - meiss...@suse.com
+
+- openvpn-fips140-2.3.2.patch: Allow usage of SHA1 instead of MD5 in
+ some internal checking routines. This allows operation in FIPS 140-2
+ mode.
+
+---
New:
openvpn-fips140-2.3.2.patch
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.9fwUmU/_old 2014-01-23 15:50:52.0 +0100
+++ /var/tmp/diff_new_pack.9fwUmU/_new 2014-01-23 15:50:52.0 +0100
@@ -48,6 +48,7 @@
Source11: rc%{name}
Patch1: %{name}-2.3-plugin-man.dif
Patch5: %{name}-2.3.0-man-dot.diff
+Patch6: %{name}-fips140-2.3.2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gpg-offline
BuildRequires: iproute2
@@ -124,6 +125,7 @@
%setup -q -n %{name}-%{version}
%patch1 -p0
%patch5 -p0
+%patch6 -p1
sed -e s|\ __DATE__|$(date '+%b %e %Y' -r version.m4)\|g -i
src/openvpn/options.c
# %%doc items shouldn't be executable.
++ openvpn-fips140-2.3.2.patch ++
diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_backend.h
openvpn-2.3.2/src/openvpn/crypto_backend.h
--- openvpn-2.3.2.orig/src/openvpn/crypto_backend.h 2013-08-13
03:24:16.465313821 +0200
+++ openvpn-2.3.2/src/openvpn/crypto_backend.h 2013-08-13 05:55:40.914256287
+0200
@@ -452,10 +452,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_
* @param key The key to use for the HMAC
* @param key_len The key length to use
* @param kt Static message digest parameters
+ * @param prf_use Intended use for PRF in TLS protocol
*
*/
void hmac_ctx_init (hmac_ctx_t *ctx, const uint8_t *key, int key_length,
-const md_kt_t *kt);
+const md_kt_t *kt, bool prf_use);
/*
* Free the given HMAC context.
diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto.c
openvpn-2.3.2/src/openvpn/crypto.c
--- openvpn-2.3.2.orig/src/openvpn/crypto.c 2013-08-13 03:24:16.466313824
+0200
+++ openvpn-2.3.2/src/openvpn/crypto.c 2013-08-13 05:54:09.655008218 +0200
@@ -486,7 +486,7 @@ init_key_ctx (struct key_ctx *ctx, struc
if (kt-digest kt-hmac_length 0)
{
ALLOC_OBJ(ctx-hmac, hmac_ctx_t);
- hmac_ctx_init (ctx-hmac, key-hmac, kt-hmac_length, kt-digest);
+ hmac_ctx_init (ctx-hmac, key-hmac, kt-hmac_length, kt-digest, 0);
msg (D_HANDSHAKE,
%s: Using %d bit message hash '%s' for HMAC authentication,
@@ -1409,61 +1409,61 @@ free_ssl_lib (void)
#endif /* ENABLE_SSL */
/*
- * md5 functions
+ * sha1 functions
*/
const char *
-md5sum (uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc)
+sha1sum (uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc)
{
- uint8_t digest[MD5_DIGEST_LENGTH];
- const md_kt_t *md5_kt = md_kt_get(MD5);
+ uint8_t digest[SHA_DIGEST_LENGTH];
+ const md_kt_t *sha1_kt = md_kt_get(SHA1);
- md_full(md5_kt, buf, len, digest);
+ md_full(sha1_kt, buf, len, digest);
- return format_hex (digest, MD5_DIGEST_LENGTH, n_print_chars, gc);
+ return format_hex (digest, SHA_DIGEST_LENGTH, n_print_chars, gc);
}
void
-md5_state_init (struct md5_state *s)
+sha1_state_init (struct sha1_state *s)
{
- const md_kt_t *md5_kt = md_kt_get(MD5);
+ const md_kt_t *sha1_kt = md_kt_get(SHA1);
- md_ctx_init(s-ctx, md5_kt);
+ md_ctx_init(s-ctx, sha1_kt);
}
void
-md5_state_update (struct md5_state *s, void *data, size_t len)
+sha1_state_update (struct sha1_state *s, void *data, size_t len)
{
md_ctx_update(s-ctx, data, len);
}
void
-md5_state_final (struct md5_state *s, struct md5_digest *out)
+sha1_state_final (struct sha1_state *s, struct sha1_digest *out)
{
md_ctx_final(s-ctx, out-digest);
md_ctx_cleanup(s-ctx);
}
void
-md5_digest_clear (struct md5_digest *digest)
+sha1_digest_clear (struct sha1_digest *digest)
{
CLEAR (*digest);
}
bool
-md5_digest_defined (const struct md5_digest *digest)
+sha1_digest_defined (const struct sha1_digest *digest)
{
int i;
- for (i = 0; i MD5_DIGEST_LENGTH; ++i)
+ for (i = 0; i SHA_DIGEST_LENGTH; ++i)
if (digest-digest[i])
return true;
return false;
}
bool
-md5_digest_equal (const struct md5_digest *d1, const struct md5_digest *d2)
+sha1_digest_equal (const struct sha1_digest
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2014-01-14 19:52:22 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) Package is openvpn Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2014-01-02 11:15:20.0 +0100 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2014-01-14 19:52:24.0 +0100 @@ -1,0 +2,6 @@ +Tue Jan 14 10:43:19 UTC 2014 - m...@suse.de + +- Updated README.SUSE, documented also the rcopenvpn compatibility + wrapper script (bnc#848070). + +--- Other differences: -- ++ openvpn.spec ++ --- /var/tmp/diff_new_pack.2y1ioB/_old 2014-01-14 19:52:25.0 +0100 +++ /var/tmp/diff_new_pack.2y1ioB/_new 2014-01-14 19:52:25.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package openvpn # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ openvpn.README.SUSE ++ --- /var/tmp/diff_new_pack.2y1ioB/_old 2014-01-14 19:52:25.0 +0100 +++ /var/tmp/diff_new_pack.2y1ioB/_new 2014-01-14 19:52:25.0 +0100 @@ -2,11 +2,27 @@ Notes about the OpenVPN package In a fresh installation, you will find an empty directory /etc/openvpn. -The directory is meant to contain *.conf files -- the openvpn init script -will automatically look for them there, so you can start/stop all tunnels with -rcopenvpn (start|stop), as well as starting them at boot time. - -With openSUSE post-12.3 either all instances are handled by calling -'systemctl start|stop|enable|disbale|status openvpn.target' or one named -service 'systemctl start|stop|enable|disbale|status openvpn@name.service' -while the configuration is stored in a file named /etc/openvpn/name.conf . +The directory is meant to contain *.conf files. + +With openSUSE post-12.3 either all enabled instances are handled by +calling + +'systemctl start|stop|status openvpn.target' + +or each one tunnel/config separately using openvpn service template: + +'systemctl start|stop|status|enable|disbale openvpn@name.service' + +while name is the name of the configuration file /etc/openvpn/name.conf. + +The OPENVPN_AUTOSTART sysconfig variable, which were specifying the +list of enabled configs is migrated to systemctl enable on update. + +Alternatively, you can also use the rcopenvpn compatiblity wrapper: + + rcopenvpn start|stop|status + +or per config/tunnel: + + rcopenvpn start|stop|status|enable|disable name + -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2014-01-02 11:15:18
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2013-11-04
07:08:38.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2014-01-02
11:15:20.0 +0100
@@ -1,0 +2,5 @@
+Tue Dec 17 15:26:16 UTC 2013 - m...@suse.de
+
+- Readded rcopenvpn helper script under systemd (bnc#848070)
+
+---
New:
rcopenvpn
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.XGCALD/_old 2014-01-02 11:15:21.0 +0100
+++ /var/tmp/diff_new_pack.XGCALD/_new 2014-01-02 11:15:21.0 +0100
@@ -45,6 +45,7 @@
Source8:%{name}.service
Source9:%{name}.target
Source10: %{name}-tmpfile.conf
+Source11: rc%{name}
Patch1: %{name}-2.3-plugin-man.dif
Patch5: %{name}-2.3.0-man-dot.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -155,6 +156,7 @@
%if %{with_systemd}
install -D -m 644 $RPM_SOURCE_DIR/%{name}.service
%{buildroot}/%{_unitdir}/%{name}@.service
install -D -m 644 $RPM_SOURCE_DIR/%{name}.target
%{buildroot}/%{_unitdir}/%{name}.target
+install -D -m 755 $RPM_SOURCE_DIR/rc%{name} %{buildroot}%{_sbindir}/rc%{name}
# tmpfiles.d
mkdir -p %{buildroot}%{_libexecdir}/tmpfiles.d
install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf
%{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
@@ -248,8 +250,8 @@
%else
%config %{_sysconfdir}/init.d/openvpn
/var/adm/fillup-templates/sysconfig.openvpn
-%{_sbindir}/rcopenvpn
%endif
+%{_sbindir}/rcopenvpn
%{_sbindir}/openvpn
%attr(0750,root,root) %dir %ghost %{_localstatedir}/run/openvpn
%{_includedir}/%{name}-plugin.h
++ rcopenvpn ++
#! /bin/bash
SYSTEMD_NO_WRAP=1 . /etc/rc.status
rc_reset
action=$1 ; shift
config=$1 ; shift
if test -n $config ; then
systemctl ${action} openvpn@${config}.service
else
case $action in
status)
n=0
l=`systemctl show -p ConsistsOf openvpn.target 2/dev/null`
for s in ${l#ConsistsOf=} ; do
case $s in
openvpn@*.service)
systemctl status $s
rc_check
((++n))
;;
esac
done
if test $n -gt 0 ; then
rc_status
else
rc_status -u
fi
;;
*)
systemctl ${action} openvpn.target
;;
esac
fi
rc_exit
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2013-11-04 07:08:37
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2013-08-28
21:16:24.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2013-11-04
07:08:38.0 +0100
@@ -1,0 +2,5 @@
+Thu Oct 31 18:45:02 UTC 2013 - m...@suse.de
+
+- Fixed invalid mode in exec bit removal call from doc files
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.ls2qPO/_old 2013-11-04 07:08:38.0 +0100
+++ /var/tmp/diff_new_pack.ls2qPO/_new 2013-11-04 07:08:39.0 +0100
@@ -126,8 +126,7 @@
sed -e s|\ __DATE__|$(date '+%b %e %Y' -r version.m4)\|g -i
src/openvpn/options.c
# %%doc items shouldn't be executable.
-find contrib sample -type f -perm +100 \
--exec chmod a-x {} \;
+find contrib sample -type f -exec chmod a-x \{\} \;
%build
export CFLAGS=$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2013-08-28 21:16:23 Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) Package is openvpn Changes: --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2013-06-05 17:46:18.0 +0200 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2013-08-28 21:16:24.0 +0200 @@ -1,0 +2,6 @@ +Tue Aug 27 16:28:52 UTC 2013 - lmue...@suse.com + +- Add a section about how to control all or a named configuration with the + help of systemctl to the README.SUSE file. + +--- Other differences: -- ++ openvpn.README.SUSE ++ --- /var/tmp/diff_new_pack.zybqwP/_old 2013-08-28 21:16:25.0 +0200 +++ /var/tmp/diff_new_pack.zybqwP/_new 2013-08-28 21:16:25.0 +0200 @@ -2,6 +2,11 @@ Notes about the OpenVPN package In a fresh installation, you will find an empty directory /etc/openvpn. -The directory is meant to contain *.conf files -- the openvpn init script +The directory is meant to contain *.conf files -- the openvpn init script will automatically look for them there, so you can start/stop all tunnels with -rcopenvpn (start|stop), as well as start tham at boot time. +rcopenvpn (start|stop), as well as starting them at boot time. + +With openSUSE post-12.3 either all instances are handled by calling +'systemctl start|stop|enable|disbale|status openvpn.target' or one named +service 'systemctl start|stop|enable|disbale|status openvpn@name.service' +while the configuration is stored in a file named /etc/openvpn/name.conf . -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2013-06-05 17:46:17
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2013-05-16
11:18:49.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2013-06-05
17:46:18.0 +0200
@@ -1,0 +2,35 @@
+Mon Jun 3 22:09:09 UTC 2013 - mrd...@opensuse.org
+
+- Update to 2.3.2
+ +Fixes since 2.3.0
+- Remove dead code path and putenv functionality
+- Remove unused function xor
+- Move static prototype definition from header into c file
+- Remove unused function no_tap_ifconfig
+- fix build with automake 1.13(.1)
+- Fix corner case in NTLM authentication (trac #172)
+- Update README.IPv6 to match what is in 2.3.0
+- Repair tcp server queue overflow brokenness, more stdbool.h fallout.
+- Permit pool size of /64.../112 for ifconfig-ipv6-pool
+- Add MIN() compatibility macro
+- Fix directly connected routes for topology subnet on Solaris.
+- close more file descriptors on exec
+- Ignore UTF-8 byte order mark
+- reintroduce --no-name-remapping option
+- make --tls-remote compatible with pre 2.3 configs
+- add new option for X.509 name verification
+- add man page patch for missing options
+- Fix parameter listing in non-debug builds at verb 4
+- (updated) [PATCH] Warn when using verb levels =7 without debug
+- Enable TCP_NODELAY configuration on FreeBSD.
+- Updated README
+- Cleaned up and updated INSTALL
+- PolarSSL-1.2 support
+- Improve PolarSSL key_state_read_{cipher, plain}text messages
+- Improve verify_callback messages
+- Config compatibility patch. Added translate_cipher_name.
+- Switch to IANA names for TLS ciphers.
+- Fixed autoconf script to properly detect missing pkcs11 with polarssl.
+- Use constant time memcmp when comparing HMACs in openvpn_decrypt.
+
+---
Old:
openvpn-2.3.0.tar.gz
openvpn-2.3.0.tar.gz.asc
New:
openvpn-2.3.2.tar.gz
openvpn-2.3.2.tar.gz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.vEf3mz/_old 2013-06-05 17:46:19.0 +0200
+++ /var/tmp/diff_new_pack.vEf3mz/_new 2013-06-05 17:46:19.0 +0200
@@ -29,7 +29,7 @@
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.3.0
+Version:2.3.2
Release:0
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
++ openvpn-2.3.0.tar.gz - openvpn-2.3.2.tar.gz ++
19812 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2013-05-16 11:18:49
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2013-04-23
17:25:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2013-05-16
11:18:49.0 +0200
@@ -1,0 +2,6 @@
+Mon May 6 11:13:49 UTC 2013 - m...@suse.de
+
+- Try to migrate openvpn.service autostart to openvpn@CONF.service
+ instance enablement.
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.g9VTJT/_old 2013-05-16 11:18:50.0 +0200
+++ /var/tmp/diff_new_pack.g9VTJT/_new 2013-05-16 11:18:50.0 +0200
@@ -178,6 +178,40 @@
%__mkdir_p -m750 %{_localstatedir}/run/openvpn
%if %{with_systemd}
%service_add_post %{name}.target
+# try to migrate openvpn.service autostart to openvpn@CONF.service
+if test ${FIRST_ARG:-$1} -ge 1 -a \
+ -x /bin/systemctl -a \
+ -f /etc/sysconfig/openvpn -a \
+ -f /var/adm/fillup-templates/sysconfig.openvpn \
+ /bin/systemctl --quiet is-enabled openvpn.service /dev/null ;
+then
+ . /etc/sysconfig/openvpn
+ try_service_cgroup_join()
+ {
+ local p=/var/run/openvpn/${1}.pid
+ local t=/sys/fs/cgroup/systemd/system/openvpn@.service/${1}
+ /sbin/checkproc -p $p %{_sbindir}/openvpn /dev/null ||
return 0
+ test -d $t || mkdir -p $t 2/dev/null || return 1
+ cat $p $t/tasks 2/dev/null || return 1
+ }
+ if test X$OPENVPN_AUTOSTART != X ; then
+ for conf in $OPENVPN_AUTOSTART ; do
+ test -f /etc/openvpn/${conf}.conf \
+ /bin/systemctl enable openvpn@${conf}.service \
+ try_service_cgroup_join $conf || continue
+ done
+ else
+ shopt -s nullglob || :
+ for conf in /etc/openvpn/*.conf ; do
+ conf=${conf##*/}
+ conf=${conf%.conf}
+ test -f /etc/openvpn/${conf}.conf \
+ /bin/systemctl enable openvpn@${conf}.service \
+ try_service_cgroup_join $conf || continue
+ done
+ fi
+fi
+rm -f /etc/sysconfig/openvpn || :
%else
%{?fillup_and_insserv:%fillup_and_insserv}
%endif
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2013-04-23 17:25:34
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2013-03-26
19:48:31.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2013-04-23
17:25:36.0 +0200
@@ -1,0 +2,12 @@
+Tue Apr 23 13:20:48 UTC 2013 - m...@suse.de
+
+- Fixed to enable systemd support in configure
+- Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group.
+- Added openvpn.target file allowing to handle all instances at once.
+- Fixed to install the service template correctly as openvpn@.service.
+ Use systemctl enable openvpn@foo.service to enable instance using
+ /etc/openvpn/foo.conf.
+- Disabled systemd variant of restart on update rpm macro, adopted other
+ macros to use openvpn.target to e.g. stop all instances on uninstall.
+
+---
New:
openvpn.target
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.UTQqM3/_old 2013-04-23 17:25:38.0 +0200
+++ /var/tmp/diff_new_pack.UTQqM3/_new 2013-04-23 17:25:38.0 +0200
@@ -43,7 +43,8 @@
Source5:client-netconfig.down
Source7:%{name}.keyring
Source8:%{name}.service
-Source9:%{name}-tmpfile.conf
+Source9:%{name}.target
+Source10: %{name}-tmpfile.conf
Patch1: %{name}-2.3-plugin-man.dif
Patch5: %{name}-2.3.0-man-dot.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -135,6 +136,9 @@
--enable-iproute2 \
--enable-x509-alt-username \
--enable-password-save \
+%if %{with_systemd}
+ --enable-systemd\
+%endif
--enable-plugins\
--enable-plugin-down-root \
--enable-plugin-auth-pam\
@@ -150,7 +154,8 @@
mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/openvpn
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn
%if %{with_systemd}
-install -D -m 644 $RPM_SOURCE_DIR/%{name}.service
%{buildroot}/%{_unitdir}/%{name}.service
+install -D -m 644 $RPM_SOURCE_DIR/%{name}.service
%{buildroot}/%{_unitdir}/%{name}@.service
+install -D -m 644 $RPM_SOURCE_DIR/%{name}.target
%{buildroot}/%{_unitdir}/%{name}.target
# tmpfiles.d
mkdir -p %{buildroot}%{_libexecdir}/tmpfiles.d
install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf
%{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
@@ -170,22 +175,23 @@
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
%post
+%__mkdir_p -m750 %{_localstatedir}/run/openvpn
%if %{with_systemd}
-%service_add_post %{name}.service
+%service_add_post %{name}.target
%else
%{?fillup_and_insserv:%fillup_and_insserv}
%endif
%preun
%if %{with_systemd}
-%service_del_preun %{name}.service
+%service_del_preun %{name}.target
%else
%{?stop_on_removal:%stop_on_removal openvpn}
%endif
%postun
%if %{with_systemd}
-%service_del_postun %{name}.service
+/bin/systemctl --system daemon-reload /dev/null || :
%else
%{?insserv_cleanup:%insserv_cleanup}
%endif
@@ -203,7 +209,8 @@
%doc %{_mandir}/man8/openvpn.8.gz
%config(noreplace) %{_sysconfdir}/openvpn/
%if %{with_systemd}
-%{_unitdir}/%{name}.service
+%{_unitdir}/%{name}@.service
+%{_unitdir}/%{name}.target
%{_libexecdir}/tmpfiles.d/%{name}.conf
%else
%config %{_sysconfdir}/init.d/openvpn
@@ -211,7 +218,7 @@
%{_sbindir}/rcopenvpn
%endif
%{_sbindir}/openvpn
-%attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn
+%attr(0750,root,root) %dir %ghost %{_localstatedir}/run/openvpn
%{_includedir}/%{name}-plugin.h
%files down-root-plugin
++ openvpn-tmpfile.conf ++
--- /var/tmp/diff_new_pack.UTQqM3/_old 2013-04-23 17:25:38.0 +0200
+++ /var/tmp/diff_new_pack.UTQqM3/_new 2013-04-23 17:25:38.0 +0200
@@ -1 +1 @@
-D /var/run/openvpn 0710 root openvpn -
+D /var/run/openvpn 0750 root root -
++ openvpn.service ++
--- /var/tmp/diff_new_pack.UTQqM3/_old 2013-04-23 17:25:38.0 +0200
+++ /var/tmp/diff_new_pack.UTQqM3/_new 2013-04-23 17:25:38.0 +0200
@@ -1,14 +1,15 @@
[Unit]
-Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
-After=syslog.target network.target
+Description=OpenVPN tunneling daemon instance using /etc/openvpn/%I.conf
+After=network.target
+PartOf=openvpn.target
[Service]
-PrivateTmp=true
Type=forking
+PrivateTmp=true
PIDFile=/var/run/openvpn/%i.pid
-ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2013-03-26 19:48:27
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2013-01-29
06:46:28.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2013-03-26
19:48:31.0 +0100
@@ -1,0 +2,53 @@
+Tue Mar 26 14:38:48 UTC 2013 - a...@suse.com
+
+- Remove _unitdir definition, it is provided by systemd.
+- Install service file without x permissions
+
+---
+Mon Mar 25 14:55:35 UTC 2013 - p.drou...@gmail.com
+
+Update to version 2.3.0:
+ * Full IPv6 support
+ * SSL layer modularised, enabling easier implementation for other SSL
libraries
+ * PolarSSL support as a drop-in replacement for OpenSSL
+ * New plug-in API providing direct certificate access, improved logging API
+ and easier to extend in the future
+ * Added 'dev_type' environment variable to scripts and plug-ins - which is
+ set to 'TUN' or 'TAP'
+ * New feature: --management-external-key - to provide access to the encryption
+ keys via the management interface
+ * New feature: --x509-track option, more fine grained access to X.509 fields
+ in scripts and plug-ins
+ * New feature: --client-nat support
+ * New feature: --mark which can mark encrypted packets from the tunnel,
suitable
+ for more advanced routing and firewalling
+ * New feature: --management-query-proxy - manage proxy settings via the
management
+ interface (supercedes --http-proxy-fallback)
+ * New feature: --stale-routes-check, which cleans up the internal routing
table
+ * New feature: --x509-username-field, where other X.509v3 fields can be used
for
+ the authentication instead of Common Name
+ * Improved client-kill management interface command
+ * Improved UTF-8 support - and added --compat-names to provide backwards
compatibility
+ with older scripts/plug-ins
+ * Improved auth-pam with COMMONNAME support, passing the certificate's common
+ name in the PAM conversation
+ * More options can now be used inside connection blocks
+ * Completely new build system, enabling easier cross-compilation and Windows
builds
+ * Much of the code has been better documented
+ * Many documentation updates
+ * Plenty of bug fixes and other code clean-ups
+- Add systemd native support for OpenSUSE 12.1
+- Adapt patchs to upstream release:
+ * openvpn-2.1-plugin-man.dif openvpn-2.3-plugin-man.dif
+ * openvpn-2.1.0-man-dot.diff openvpn-2.3.0-man-dot.diff
+- Remove obsolete patchs; fixed or merged on upstream release:
+ * 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
+ * openvpn-2.1-plugin-build.dif
+ * openvpn-2.1-systemd-passwd.patch
+- Rebase specfile to upstream changes:
+ * easy-rsa is not provided anymore with main package
+ * remove %clean section
+ * autoreconf -fi is no needed
+- Update openvpn.keyring file for upstream release asc key
+
+---
Old:
0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
openvpn-2.1-plugin-build.dif
openvpn-2.1-plugin-man.dif
openvpn-2.1-systemd-passwd.patch
openvpn-2.2.1-man-dot.diff
openvpn-2.2.2.tar.gz
openvpn-2.2.2.tar.gz.asc
New:
openvpn-2.3-plugin-man.dif
openvpn-2.3.0-man-dot.diff
openvpn-2.3.0.tar.gz
openvpn-2.3.0.tar.gz.asc
openvpn-tmpfile.conf
openvpn.service
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.0m0wjr/_old 2013-03-26 19:48:33.0 +0100
+++ /var/tmp/diff_new_pack.0m0wjr/_new 2013-03-26 19:48:33.0 +0100
@@ -16,46 +16,51 @@
#
+%if 0%{?suse_version} 1210
+%define with_systemd 1
+%else
+%define with_systemd 0
+%endif
+
Name: openvpn
Url:http://openvpn.net/
-%if 0%{?suse_version}
+%if %{with_systemd}
+%{?systemd_requires}
+%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.2.2
+Version:2.3.0
Release:0
-%define upstream_version %version
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
License:SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
Group: Productivity/Networking/Security
-Source:
http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz
-Source1:
http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz.asc
-Source2:openvpn.init
-Source3:openvpn.README.SUSE
+Source:
http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2013-01-29 06:46:26
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2012-12-14
10:14:38.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2013-01-29
06:46:28.0 +0100
@@ -1,0 +2,6 @@
+Mon Jan 28 13:59:07 UTC 2013 - m...@suse.com
+
+- Join openvpn.service systemd cgroup in start when needed, e.g.
+ when starting with further parameters. (bnc#781106)
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.uiOEQt/_old 2013-01-29 06:46:30.0 +0100
+++ /var/tmp/diff_new_pack.uiOEQt/_new 2013-01-29 06:46:30.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
++ openvpn.init ++
--- /var/tmp/diff_new_pack.uiOEQt/_old 2013-01-29 06:46:30.0 +0100
+++ /var/tmp/diff_new_pack.uiOEQt/_new 2013-01-29 06:46:30.0 +0100
@@ -72,6 +72,35 @@
action=$1 ; shift
config=$1 ; shift
+systemd_cgroup_dir=/sys/fs/cgroup/systemd
+openvpn_cgroup_dir=${systemd_cgroup_dir}/system/openvpn.service
+
+join_openvpn_service_cgroup()
+{
+ local pid dummy
+
+ # when the systemd cgroup mountpoint does not exists,
+ # assume we run unter systemv init - nothing to do.
+ /bin/mountpoint -q ${systemd_cgroup_dir} || return 0
+
+ # create the openvpn.service cgroup when needed
+ if test ! -d ${openvpn_cgroup_dir} ; then
+ /bin/mkdir -p ${openvpn_cgroup_dir} || return 1
+ fi
+
+ # check if the openvpn.service cgroup task list exists
+ if test -f ${openvpn_cgroup_dir}/tasks ; then
+ # when we're already a member, all is done
+ while read pid dummy ; do
+ test $pid = $$ return 0
+ done ${openvpn_cgroup_dir}/tasks
+
+ # otherwise join the openvpn.service cgroup
+ echo $$ ${openvpn_cgroup_dir}/tasks return 0
+ fi
+ return 1
+}
+
autostart_filter()
{
test x$config != xreturn 0
@@ -84,6 +113,8 @@
case $action in
start)
+ join_openvpn_service_cgroup
+
/sbin/modprobe tun /dev/null
name=
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2012-12-14 10:14:36
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2012-09-25
10:43:29.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2012-12-14
10:14:38.0 +0100
@@ -1,0 +2,5 @@
+Thu Nov 29 18:19:40 CET 2012 - sbra...@suse.cz
+
+- Verify GPG signature.
+
+---
New:
openvpn.keyring
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.9c1Rn1/_old 2012-12-14 10:14:40.0 +0100
+++ /var/tmp/diff_new_pack.9c1Rn1/_new 2012-12-14 10:14:40.0 +0100
@@ -34,6 +34,7 @@
Source4:client-netconfig.up
Source5:client-netconfig.down
Source6:openvpn.sysconfig
+Source7:%{name}.keyring
Patch1: %{name}-2.1-plugin-man.dif
Patch2: %{name}-2.1-plugin-build.dif
Patch3: openvpn-2.1-systemd-passwd.patch
@@ -41,6 +42,7 @@
Patch5: openvpn-2.2.1-man-dot.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: automake
+BuildRequires: gpg-offline
BuildRequires: iproute2
BuildRequires: lzo-devel
BuildRequires: openssl-devel
@@ -129,6 +131,7 @@
James Yonan j...@yonan.net
%prep
+%gpg_verify %{S:1}
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
%patch2 -p0
++ openvpn.keyring ++
pub 1024D/1FBF51F3 2003-11-20
uid James Yonan j...@yonan.net
sub 2048g/4B9741E3 2003-11-20
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v2.0.19 (GNU/Linux)
mQGiBD+9OaARBAC41lHwut4og8RL+QvChit93Yg8JloaZzqvKQHMKvcb14OY27QB
00oEtwxotBRkvJHy/cR4feK9Itje556FbzC7ODesYtjZh1V81B2ep4tfwRQSPqZT
xy2jwzW5SwReBuIPxBOFts+OeeLQuKFU/VSItU9abA51cvKEvaV0CZx6ZwCg/h70
OgABmkCl8u+nHK2EHMSjZAUD/RP1jLNub1wlg2vJvfty+Nu7PoDJxSG7LzsSFC6W
a5KiryIMvokp3cZQ7EnTG1Jc5y5tsZrRfTa7QLcooQrYivWSCSldkAowEh/tUGwb
CurQZtDAmmuqLJAG+zDh6qFINHPnkVZBMuN+Lhkg0gqo+Mgsjn0ZzuGgQYb2b3wn
pXckBACZE6EJSnICN/Cn5657of5znOwixZUdl4Pvsv7X5LuUJ0SeUtfSjNfUFu0b
j/s0BXpQ/Y933rS+m0axbiElRNHzwtBb4W+TzwLvkwHw5WrIw5tcZXcZpos1NkhW
lUDKLQ63WMqg5SBpilo3/wFU4+ngvPMcfbL1vgMYuuWfSPRt5LQbSmFtZXMgWW9u
YW4gPGppbUB5b25hbi5uZXQ+iF4EExECAB4FAj+9OaACGwMGCwkIBwMCAxUCAwMW
AgECHgECF4AACgkQHQtJlh+/UfMaFgCeOIDuybiePnFpYbm7faiqT34NvzYAoLjO
ob+WiwJECbjpV62fmItBsYI9uQINBD+9OcAQCAC4wi4knBzA3bGbb2XSnZcIt+Tf
9JGXoG7+cpLT6wGZqzaAHNdgiZZf5Gdod9ud3CcLwrc1WXJljZXBhnpNNypen6O9
uGCb9OXKO7PuYV014D0pKv96rYtgPNE7MUO101lDt7bE8Zmw+HmOpyf6TnIg8GWw
3Vj8n0HfGvsx/WW2PZ1tXxUFAbsVIU/W5EJlCAhJbaZZCBj+P0QJFGuP41E7V0iO
2UMGRbzoQrwmGQopjVrzXcWAr5NvKKd8HL4ESkp8xdZrhCukNIBE9EEt6H+EvPut
KdvpH2fIUTyEeZY4zDtm0ZS0zGZBET9SdcX/+sAuseiojPKd/D67oMG5FcF7AAMG
CACfOcVjPcqYAhkGo6HNrpU7HMuaxy3Tuy5HI+4kU/POlLlm2AsfmHr4BtRCFMBt
uNxybJwMMew1o1E4H4RvTEfPpVS0WW2lkOcpet429xf4oX1HL2nvlLmOAaMKgLhL
ZxPPTCzmjyIVIeRF8BC+VQYh346v/LocO2obbD0chO0mApVgxVhO4E0vlu0Rdmsp
d7+mCuani1wS9n0lgYVnHYdxRPL/AWj11KDgKm2LjoJt0WHHyEHGMjJTUB0JhM2a
EfWkimDELeAb3pjdVEtmW6aF+q8sd6tn+mM0Z2I+6kwiMsdoWzjosuvXPzFsvkWq
0QY2wWyYYsNaXscfjKnjBUcpiEkEGBECAAkFAj+9OcACGwwACgkQHQtJlh+/UfOR
TACgpg5MZJMgULtP31swTRmPGZ3driAAniP+Xg3U2KxAiS9Mxf0BOen8FgW5
=eZlZ
-END PGP PUBLIC KEY BLOCK-
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2012-09-21 14:52:24
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2012-08-23
15:30:29.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2012-09-21
14:52:26.0 +0200
@@ -1,0 +2,8 @@
+Thu Sep 20 10:50:23 UTC 2012 - m...@suse.com
+
+- Fixed openvpn init script to not map reopen to reload so the
+ reopen code is without any effect (bnc#781106).
+- Added requested OPENVPN_AUTOSTART variable allowing to provide
+ an optional list of config names started by default (bnc#692440).
+
+---
New:
openvpn.sysconfig
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.ZtdFM0/_old 2012-09-21 14:52:30.0 +0200
+++ /var/tmp/diff_new_pack.ZtdFM0/_new 2012-09-21 14:52:30.0 +0200
@@ -33,6 +33,7 @@
Source3:openvpn.README.SUSE
Source4:client-netconfig.up
Source5:client-netconfig.down
+Source6:openvpn.sysconfig
Patch1: %{name}-2.1-plugin-man.dif
Patch2: %{name}-2.1-plugin-build.dif
Patch3: openvpn-2.1-systemd-passwd.patch
@@ -194,12 +195,16 @@
done
# we install docs via spec into _defaultdocdir/name/management-notes.txt
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
+# the /etc/sysconfig/openvpn template
+install -d -m0755 %{buildroot}/var/adm/fillup-templates
+install-m0600 $RPM_SOURCE_DIR/openvpn.sysconfig \
+ %{buildroot}/var/adm/fillup-templates/sysconfig.openvpn
%clean
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
%post
-%{?fillup_and_insserv:%fillup_and_insserv -f}
+%{?fillup_and_insserv:%fillup_and_insserv}
%preun
%{?stop_on_removal:%stop_on_removal openvpn}
@@ -228,6 +233,7 @@
%dir %{_libdir}/%{name}
%dir %{plugin_dir}
%dir %{plugin_libdir}
+/var/adm/fillup-templates/sysconfig.openvpn
%files down-root-plugin
%defattr(-,root,root)
++ openvpn.init ++
--- /var/tmp/diff_new_pack.ZtdFM0/_old 2012-09-21 14:52:30.0 +0200
+++ /var/tmp/diff_new_pack.ZtdFM0/_new 2012-09-21 14:52:30.0 +0200
@@ -24,9 +24,8 @@
# Description: Start OpenVPN tunnel
### END INIT INFO
-# we don't use any...
-# test -s /etc/sysconfig/openvpn \
-# . /etc/sysconfig/openvpn
+test -s /etc/sysconfig/openvpn \
+ . /etc/sysconfig/openvpn
DAEMON=OpenVPN
openvpn=/usr/sbin/openvpn
@@ -73,6 +72,16 @@
action=$1 ; shift
config=$1 ; shift
+autostart_filter()
+{
+ test x$config != xreturn 0
+ test x$OPENVPN_AUTOSTART = x return 0
+ for n in ${OPENVPN_AUTOSTART} ; do
+ test x$n = x$1 return 0
+ done
+ return 1
+}
+
case $action in
start)
/sbin/modprobe tun /dev/null
@@ -81,6 +90,7 @@
for conf in $confdir/${config:-*}.conf ; do
test -f $conf || continue
name=$(basename ${conf%%.conf})
+ autostart_filter $name || continue
pidfile=$piddir/${name}.pid
echo -n Starting $DAEMON [$name]
@@ -164,14 +174,30 @@
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
- $0 stop ${config:+$config}
- sleep 3
- $0 start ${config:+$config}
+ # When nothing is running, start specified config or
+ # the defult (autostart) set. Otherwise we stop the
+ # specified one or all that are currently running.
+ # Then start specified one or all that were running
+ # before and have a config. Makes sense? :-)
+ name=
+ list=($config)
+ for pidfile in $piddir/${config:-*}.pid; do
+ test -f $pidfile || continue
+ name=$(basename ${pidfile%%.pid})
+ $0 stop $name
+ rc_status
+ test x$name = x$config continue # in list
+ test -f $confdir/${name}.conf list+=($name)
+ done
+
+ test x$name = x || sleep 3 # for what was this needed?
+
+ $0 start ${list[@]}
# Remember status and be quiet
rc_status
;;
-reopen|reload|force-reload)
+reload|force-reload)
for pidfile in $piddir/${config:-*}.pid; do
test -f $pidfile || continue
name=$(basename ${pidfile%%.pid})
@@ -219,6 +245,7 @@
for conf in $confdir/${config:-*}.conf ; do
test -f $conf || continue
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2012-08-23 15:30:27
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2012-04-17
07:47:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2012-08-23
15:30:29.0 +0200
@@ -1,0 +2,6 @@
+Wed Aug 22 14:50:39 UTC 2012 - cfarr...@suse.com
+
+- license update: GPL-2.0-with-openssl-exception and LGPL-2.1
+ openssl has an openssl exception (also, it is GPL-2.0 only)
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.shj7iP/_old 2012-08-23 15:30:30.0 +0200
+++ /var/tmp/diff_new_pack.shj7iP/_new 2012-08-23 15:30:30.0 +0200
@@ -25,7 +25,7 @@
Release:0
%define upstream_version %version
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
-License:GPL-2.0+ ; LGPL-2.1+
+License:GPL-2.0-with-openssl-exception and LGPL-2.1
Group: Productivity/Networking/Security
Source:
http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz
Source1:
http://swupdate.openvpn.org/community/releases/openvpn-%{upstream_version}.tar.gz.asc
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2012-04-17 07:47:41
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2012-02-16
14:58:56.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2012-04-17
07:47:46.0 +0200
@@ -1,0 +2,6 @@
+Thu Mar 29 09:45:56 UTC 2012 - m...@suse.com
+
+- Fixed SLES build readding Group tags to sub-packages in spec,
+ not require libselinux-devel on SLE-10 and datadir/doc cleanup.
+
+---
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.GHSpz0/_old 2012-04-17 07:47:47.0 +0200
+++ /var/tmp/diff_new_pack.GHSpz0/_new 2012-04-17 07:47:47.0 +0200
@@ -16,7 +16,6 @@
#
-
Name: openvpn
Url:http://openvpn.net/
%if 0%{?suse_version}
@@ -42,10 +41,12 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: automake
BuildRequires: iproute2
-BuildRequires: libselinux-devel
BuildRequires: lzo-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
+%if 0%{?suse_version} 1010
+BuildRequires: libselinux-devel
+%endif
%if 0%{?suse_version} 1030
BuildRequires: pkcs11-helper-devel
Requires: pkcs11-helper
@@ -80,6 +81,7 @@
%package down-root-plugin
Summary:OpenVPN down-root plugin
+Group: Productivity/Networking/Security
Requires: %{name} = %{version}
%description down-root-plugin
@@ -102,6 +104,7 @@
%package auth-pam-plugin
Summary:OpenVPN auth-pam plugin
+Group: Productivity/Networking/Security
Requires: %{name} = %{version}
%description auth-pam-plugin
@@ -190,8 +193,7 @@
$RPM_BUILD_ROOT%{plugin_libdir}/
done
# we install docs via spec into _defaultdocdir/name/management-notes.txt
-rm $RPM_BUILD_ROOT%{_datadir}/doc/%name/management-notes.txt
-rmdir $RPM_BUILD_ROOT%{_datadir}/doc/%name
+rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
%clean
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2012-02-16 14:58:54
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2011-12-08
14:45:56.0 +0100
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2012-02-16
14:58:56.0 +0100
@@ -1,0 +2,8 @@
+Wed Feb 15 15:21:32 UTC 2012 - m...@suse.com
+
+- Updated to openvpn-2.2.2:
+ - Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2
+ - Pkcs11 support built into the Windows version
+ - Fixed a bug in the Windows TAP-driver
+
+---
Old:
openvpn-2.2.1.tar.gz
openvpn-2.2.1.tar.gz.asc
New:
openvpn-2.2.2.tar.gz
openvpn-2.2.2.tar.gz.asc
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.oBsYgT/_old 2012-02-16 14:58:58.0 +0100
+++ /var/tmp/diff_new_pack.oBsYgT/_new 2012-02-16 14:58:58.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
%if 0%{?suse_version}
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version:2.2.1
+Version:2.2.2
Release:0
%define upstream_version %version
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
++ openvpn-2.2.1.tar.gz - openvpn-2.2.2.tar.gz ++
3371 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2011-12-06 18:34:57
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
Package is openvpn, Maintainer is m...@suse.com
Changes:
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.9IDSk0/_old 2011-12-06 18:56:26.0 +0100
+++ /var/tmp/diff_new_pack.9IDSk0/_new 2011-12-06 18:56:26.0 +0100
@@ -20,7 +20,7 @@
Name: openvpn
Url:http://openvpn.net/
-License:GPLv2+ ; LGPLv2.1+
+License:GPL-2.0+ ; LGPL-2.1+
Group: Productivity/Networking/Security
AutoReqProv:on
%if 0%{?suse_version}
@@ -78,7 +78,7 @@
James Yonan j...@yonan.net
%package down-root-plugin
-License:GPLv2+ ; LGPLv2.1+
+License:GPL-2.0+ ; LGPL-2.1+
Summary:OpenVPN down-root plugin
Group: Productivity/Networking/Security
AutoReqProv:on
@@ -103,7 +103,7 @@
James Yonan j...@yonan.net
%package auth-pam-plugin
-License:GPLv2+ ; LGPLv2.1+
+License:GPL-2.0+ ; LGPL-2.1+
Summary:OpenVPN auth-pam plugin
Group: Productivity/Networking/Security
AutoReqProv:on
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openvpn for openSUSE:Factory
Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory
checked in at Tue Aug 30 16:11:26 CEST 2011.
--- openvpn/openvpn.changes 2011-07-11 16:51:08.0 +0200
+++ openvpn/openvpn.changes 2011-08-29 20:33:56.0 +0200
@@ -1,0 +2,19 @@
+Mon Aug 29 18:05:30 UTC 2011 - m...@suse.com
+
+- Marked /var/run/openvpn as ghost (bnc#710270), man page and
+ other rpmlint warning fixes
+
+---
+Tue Aug 23 15:41:00 UTC 2011 - crrodrig...@opensuse.org
+
+- BuildRequires libselinux-devel
+- Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent
+ upstream as https://community.openvpn.net/openvpn/ticket/157
+
+---
+Mon Aug 22 09:55:44 UTC 2011 - fcro...@novell.com
+
+- Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to
+ support systemd password query (bnc#675406)
+
+---
calling whatdependson for head-i586
New:
0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
openvpn-2.1-systemd-passwd.patch
openvpn-2.2.1-man-dot.diff
Other differences:
--
++ openvpn.spec ++
--- /var/tmp/diff_new_pack.yq4BYo/_old 2011-08-30 16:07:55.0 +0200
+++ /var/tmp/diff_new_pack.yq4BYo/_new 2011-08-30 16:07:55.0 +0200
@@ -27,7 +27,7 @@
PreReq: %insserv_prereq %fillup_prereq
%endif
Version:2.2.1
-Release:1
+Release:16
%define upstream_version %version
Summary:Full-featured SSL VPN solution using a TUN/TAP Interface
Source: http://openvpn.net/release/openvpn-%{upstream_version}.tar.gz
@@ -38,9 +38,13 @@
Source5:client-netconfig.down
Patch1: %{name}-2.1-plugin-man.dif
Patch2: %{name}-2.1-plugin-build.dif
+Patch3: openvpn-2.1-systemd-passwd.patch
+Patch4: 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch
+Patch5: openvpn-2.2.1-man-dot.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: lzo-devel openssl-devel
BuildRequires: iproute2 pam-devel
+BuildRequires: libselinux-devel
%if 0%{?suse_version} 1030
BuildRequires: pkcs11-helper-devel
Requires: pkcs11-helper
@@ -129,6 +133,9 @@
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
%patch2 -p0
+%patch3 -p1
+%patch4 -p1
+%patch5 -p0
sed -e s|@PLUGIN_DIR@|%{plugin_dir}|g \
-e s|@PLUGIN_LIBDIR@|%{plugin_libdir}|g \
-e s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g \
@@ -187,7 +194,7 @@
install -m 755 plugin/$pi/openvpn-$pi.so \
$RPM_BUILD_ROOT%{plugin_libdir}/
done
-# we install docs via spec into %{_defaultdocdir}/name/management-notes.txt
+# we install docs via spec into _defaultdocdir/name/management-notes.txt
rm $RPM_BUILD_ROOT%{_datadir}/doc/%name/management-notes.txt
rmdir $RPM_BUILD_ROOT%{_datadir}/doc/%name
@@ -205,7 +212,7 @@
%files
%defattr(-,root,root)
-%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS PORTS README
+%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README
%doc README.*
%doc contrib
%doc sample-config-files
@@ -218,7 +225,7 @@
%config %{_sysconfdir}/init.d/openvpn
%{_sbindir}/openvpn
%{_sbindir}/rcopenvpn
-%dir %{_localstatedir}/run/openvpn
+%attr(0755,root,root) %dir %ghost %{_localstatedir}/run/openvpn
%dir %{_datadir}/openvpn
%{_datadir}/openvpn/easy-rsa
%dir %{_libdir}/%{name}
++ 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch ++
From db33132094f4748ccc63aadbfa4b7446bb95b350 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= crrodrig...@opensuse.org
Date: Sat, 20 Aug 2011 18:12:28 -0400
Subject: [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Cristian Rodríguez crrodrig...@opensuse.org
---
ssl.c |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/ssl.c b/ssl.c
index ea7b204..459e66c 100644
--- a/ssl.c
+++ b/ssl.c
@@ -2073,6 +2073,9 @@ init_ssl (const struct options *options)
}
/* Set SSL options */
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ SSL_CTX_set_mode (ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF);
SSL_CTX_set_options (ctx, SSL_OP_SINGLE_DH_USE);
--
1.7.4.1
++ openvpn-2.1-systemd-passwd.patch ++
Index: openvpn-2.2.1/misc.c
===
--- openvpn-2.2.1.orig/misc.c
+++ openvpn-2.2.1/misc.c
@@ -1333,26 +1333,49 @@ get_console_input (const char *prompt, c
ASSERT (input);
ASSERT (capacity 0);
input[0] = '\0';
+ bool is_systemd_running;
+ struct stat a, b;
+
+ /* We simply test whether the systemd cgroup hierarchy is
+ * mounted */
+
+ is_systemd_running =
