Author: Martin Pitt
Revision Date: 2015-07-08 12:28:54 UTC

* Merge with Debian unstable. Remaining Ubuntu changes:
  - debian/openvpn.init.d:
    + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
    + Show per-VPN result messages.
    + Add "--script-security 2" by default for backwards compatabliity.
  - Demote easy-rsa to Suggests
  - Run openvpn@.service before systemd-user-sessions.service to avoid
    gettys and lightdm starting on top of possible password prompts. This
    provides the equivalent of the init.d script's X-Start-Before:.

Author: Martin Pitt
Revision Date: 2015-07-08 12:28:54 UTC

* Merge with Debian unstable. Remaining Ubuntu changes:
  - debian/openvpn.init.d:
    + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
    + Show per-VPN result messages.
    + Add "--script-security 2" by default for backwards compatabliity.
  - Demote easy-rsa to Suggests
  - Run openvpn@.service before systemd-user-sessions.service to avoid
    gettys and lightdm starting on top of possible password prompts. This
    provides the equivalent of the init.d script's X-Start-Before:.

Author: Martin Pitt
Revision Date: 2015-04-13 16:09:01 UTC

Run openvpn@.service before systemd-user-sessions.service to avoid gettys
and lightdm starting on top of possible password prompts. This provides
the equivalent of the init.d script's X-Start-Before:.

Author: Martin Pitt
Revision Date: 2015-04-13 16:09:01 UTC

Run openvpn@.service before systemd-user-sessions.service to avoid gettys
and lightdm starting on top of possible password prompts. This provides
the equivalent of the init.d script's X-Start-Before:.

Author: Marc Deslauriers
Revision Date: 2014-12-01 17:09:10 UTC

* SECURITY UPDATE: server denial of service via too-short control channel
  packets
  - debian/patches/CVE-2014-8104.patch: drop too-short control channel
    packets instead of asserting out in src/openvpn/ssl.c.
  - CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.

Author: Marc Deslauriers
Revision Date: 2014-12-01 17:10:01 UTC

* SECURITY UPDATE: server denial of service via too-short control channel
  packets
  - debian/patches/CVE-2014-8104.patch: drop too-short control channel
    packets instead of asserting out in src/openvpn/ssl.c.
  - CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.

Author: Marc Deslauriers
Revision Date: 2014-12-01 17:09:10 UTC

* SECURITY UPDATE: server denial of service via too-short control channel
  packets
  - debian/patches/CVE-2014-8104.patch: drop too-short control channel
    packets instead of asserting out in src/openvpn/ssl.c.
  - CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.

Author: Marc Deslauriers
Revision Date: 2014-12-01 17:10:01 UTC

* SECURITY UPDATE: server denial of service via too-short control channel
  packets
  - debian/patches/CVE-2014-8104.patch: drop too-short control channel
    packets instead of asserting out in src/openvpn/ssl.c.
  - CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.

Author: Marc Deslauriers
Revision Date: 2014-12-01 17:11:38 UTC

* SECURITY UPDATE: server denial of service via too-short control channel
  packets
  - debian/patches/CVE-2014-8104.patch: drop too-short control channel
    packets instead of asserting out in ssl.c.
  - CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.

Author: Marc Deslauriers
Revision Date: 2014-12-01 17:11:38 UTC

* SECURITY UPDATE: server denial of service via too-short control channel
  packets
  - debian/patches/CVE-2014-8104.patch: drop too-short control channel
    packets instead of asserting out in ssl.c.
  - CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.

Author: Stéphane Graber
Revision Date: 2014-05-02 16:00:55 UTC

* Merge from Debian unstable. Remaining changes:
  - debian/openvpn.init.d:
    + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
    + Show per-VPN result messages.
    + Add "--script-security 2" by default for backwards compatabliity.
  - Demote easy-rsa to Suggests
  - Patch libtool.m4 and configure to support ppc64el.
  - Refresh delta with debian/openvpn.init.d:
    + Make stop action reliable by killing if needed
      (LP: #1274254, LP: #1200519)
    + Use new path for status file (LP: #1261088)

Author: Stéphane Graber
Revision Date: 2014-05-02 20:01:07 UTC

releasing version 2.3.2-9ubuntu1

Author: Nobuto Murata
Revision Date: 2014-02-18 14:35:32 UTC

d/p/lp992012-detect-openssl-properly.patch: fix "openssl.cnf file
could be found" error using easy-rsa by parsing openssl version
properly. (LP: #992012)

Author: Stéphane Graber
Revision Date: 2014-02-04 09:31:39 UTC

[ Simon Deziel ]
* Refresh delta with debian/openvpn.init.d:
 - Make stop action reliable by killing if needed
   (LP: #1274254, LP: #1200519)
 - Use new path for status file (LP: #1261088)

Author: Stéphane Graber
Revision Date: 2014-02-04 14:31:46 UTC

releasing version 2.3.2-7ubuntu3

Author: Stéphane Graber
Revision Date: 2013-07-09 17:20:31 UTC

* Merge from Debian unstable. Remaining changes:
  - debian/openvpn.init.d:
    + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
    + Show per-VPN result messages.
    + Add "--script-security 2" by default for backwards compatabliity.

Author: Stéphane Graber
Revision Date: 2013-07-09 17:20:31 UTC

* Merge from Debian unstable. Remaining changes:
  - debian/openvpn.init.d:
    + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
    + Show per-VPN result messages.
    + Add "--script-security 2" by default for backwards compatabliity.

Author: Stéphane Graber
Revision Date: 2013-02-13 16:10:48 UTC

[ Marc Gariépy ]
Add --script-security to the init.d script (was generated but not passed
to openvpn). (LP: #1124398)

Author: Stéphane Graber
Revision Date: 2013-02-13 16:10:48 UTC

[ Marc Gariépy ]
Add --script-security to the init.d script (was generated but not passed
to openvpn). (LP: #1124398)

Author: Stéphane Graber
Revision Date: 2013-02-13 16:10:48 UTC

[ Marc Gariépy ]
Add --script-security to the init.d script (was generated but not passed
to openvpn). (LP: #1124398)

Author: Stéphane Graber
Revision Date: 2013-02-13 21:10:51 UTC

releasing version 2.2.1-8ubuntu3

Author: Colin Watson
Revision Date: 2012-10-08 08:36:47 UTC

Rebuild for new armel compiler default of ARMv5t.

Author: Stéphane Graber
Revision Date: 2012-03-30 13:19:09 UTC

* Merge at Simon Deziel's request to build with PIE.
* Merge from Debian unstable. Remaining changes:
  + debian/openvpn.init.d:
    - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
    - Show per-VPN result messages.
    - Add "--script-security 2" by default for backwards compatabliity.
  + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()

Author: Chuck Short
Revision Date: 2011-06-16 18:33:37 UTC

* Merge from debian unstable. Remaining changes:
 + debian/openvpn.init.d:
    - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
    - Show per-VPN result messages.
    - Add "--script-security 2" by default for backwards compatabliity.
  + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
  + debian/update-resolv-conf: Support multiple domains.
  + fix bug where '--script-security 2' would be passed for all
    daemons after the first. (LP: #794916

Author: Scott Moser
Revision Date: 2011-06-09 18:02:14 UTC

fix bug where '--script-security 2' would be passed for all
daemons after the first. (LP: #794916)

Author: Dave Walker
Revision Date: 2011-03-11 00:52:36 UTC

update-resolv-conf: Correctly handle multiple dns search domains,
using the same logic as nameservers. Patch courtesy of Jeremy
Zawodny. (LP: #662847)

Author: Imre Gergely
Revision Date: 2010-12-14 17:56:23 UTC

ssl.c: re-applied fix from upstream to fix extract_x509_field_ssl
where the extraction would fail on the first field of the subject
name (LP: #265058)

Author: Imre Gergely
Revision Date: 2010-12-14 17:56:23 UTC

ssl.c: re-applied fix from upstream to fix extract_x509_field_ssl
where the extraction would fail on the first field of the subject
name (LP: #265058)

Author: Chuck Short
Revision Date: 2010-07-16 13:46:18 UTC

debian/patches/client_hang_when_server_dont_push.patch: Fix client hanging
on PUSH_REQUEST when server does not push any option (LP: #579737)

Author: Chuck Short
Revision Date: 2010-07-16 13:46:18 UTC

debian/patches/client_hang_when_server_dont_push.patch: Fix client hanging
on PUSH_REQUEST when server does not push any option (LP: #579737)

Author: Chuck Short
Revision Date: 2010-07-12 09:39:43 UTC

* Merge from debian unstable. Remaining changes:
  + debian/openvpn.init.d:
    - Do not use start-stop-daemon and use </dev/null to avoid blocking boot
    - Show per-VPN result messages
    - Add "--script-security 2" by default for backwards compatablitiy
  + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()

Author: JanBrinkmann
Revision Date: 2010-01-22 00:47:33 UTC

* Merge from debian testing (LP: #509078), remaining changes:
  + debian/openvpn.init.d:
    - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot
    - Show per-VPN result messages
    - Add "--script-security 2" by default for backwards compatibility
  + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()

Author: Thierry Carrez
Revision Date: 2009-10-13 09:31:20 UTC

debian/patches/redirect-gateway.patch: Fix regression introduced in
2.1rc17 that makes redirect-gateway (without options) to be ignored.
Patch cherrypicked from upstream 2.1rc20 (SVN r5011), LP: #445695

Author: Jamie Strandboge
Revision Date: 2008-06-11 13:39:12 UTC

* init.c: send modulus to openssl-vulnkey rather than calling
  openssl-vulnkey on the file. This allows for password protected ssl keys
  (LP: #230197)
* debian/control: Depends on openssl-blacklist > 0.3.2

Author: Jamie Strandboge
Revision Date: 2008-06-11 15:01:41 UTC

* init.c: send modulus to openssl-vulnkey rather than calling
  openssl-vulnkey on the file. This allows for password protected ssl keys
  (LP: #230197)
* debian/control: Depends on openssl-blacklist > 0.3.2

Author: Michael Jeanson
Revision Date: 2009-03-09 16:02:50 UTC

* debian/openvpn.init.d:
  - Fix unexpected operator on startup (LP: #340120)

Author: Thierry Carrez
Revision Date: 2008-10-15 17:12:54 UTC

* debian/openvpn.init.d:
  - Revert fix from #454371 that was merged at 2.1~rc7-4 to prevent
    openvpn prompts from blocking the boot (LP: #280428)
  - Fix VPNs always reported started [ OK ]

Author: Jamie Strandboge
Revision Date: 2008-06-11 15:05:04 UTC

* init.c: send modulus to openssl-vulnkey rather than calling
  openssl-vulnkey on the file. This allows for password protected ssl keys
  (LP: #230197)
* debian/control: Depends on openssl-blacklist > 0.3.2

Author: Chuck Short
Revision Date: 2008-02-20 13:43:29 UTC

* More init script LSB compliance. (LP: #134210)
* Added warning about max-locked-memory-limit to Readme.Debian. (LP: #154696)

Author: Jamie Strandboge
Revision Date: 2008-06-11 15:01:41 UTC

* init.c: send modulus to openssl-vulnkey rather than calling
  openssl-vulnkey on the file. This allows for password protected ssl keys
  (LP: #230197)
* debian/control: Depends on openssl-blacklist > 0.3.2

Author: Alberto Gonzalez Iniesta
Revision Date: 2007-05-19 18:12:12 UTC

Install /etc/openvpn/update-resolv-conf with correct permissions

Author: Jamie Strandboge
Revision Date: 2008-06-11 15:05:04 UTC

* init.c: send modulus to openssl-vulnkey rather than calling
  openssl-vulnkey on the file. This allows for password protected ssl keys
  (LP: #230197)
* debian/control: Depends on openssl-blacklist > 0.3.2

Author: Alberto Gonzalez Iniesta
Revision Date: 2007-02-28 00:36:14 UTC

Added Galician debconf translation. (Closes: #412492)
Thanks Jacobo Tarrio

Author: Alberto Gonzalez Iniesta
Revision Date: 2006-07-22 20:44:52 UTC

* The 'Translators, translators, translators' release.
* New upstream version.
* Added Dutch debconf translation. (Closes: #370073)
  Thanks Kurt De Bree
* Updated Danish debconf translation. (Closes: #369772, #376704)
  Thanks Claus Hindsgaul
* Updated French debconf translation. (Closes: #373191)
  Thanks Michel Grentzinger

Author: Alberto Gonzalez Iniesta
Revision Date: 2006-04-05 12:17:26 UTC

* New upstream release. Urgency high due to security fix.
  - Disallow "setenv" to be pushed to clients from the server.
    (Closes: #360559)

Author: Alberto Gonzalez Iniesta
Revision Date: 2005-08-28 13:05:49 UTC

* The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :)
* New upstream release (Closes: #323594)
* Fixed use of backslash in username authentication. (Closes: #309787)
* Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532
  CAN-2005-2533 CAN-2005-2534. (Closes: #324167)
* Changed group option from 'nobody' to 'nogroup' in all the
  *example* files... (Closes: #317987)
* Included openvpn-plugin.h to allow building third party plugins.
  (Closes: #316139)
* Stop openvpn's daemon later to allow some services stopping later to use
  it. Added debconf template to ask permission to make the change
  on older installations. (Closes: #312371)
* Workaround to fix proper daemonize when 'log' option is used.
  (Closes: #309944) Thanks Jason Lunz for the patch.
* Modified output of init.d script to make it more friendly when
  passphrase for a tunnel certificate is asked.
  Thanks Pavel Vávra for the patch.

Author: Ubuntu Archive Auto-Sync
Revision Date: 2005-07-26 14:17:09 UTC

Automated backport upload; no source changes.

Author: Gerardo Di Giacomo
Revision Date: 2005-09-07 23:18:44 UTC

Reupload with a higher version, previous version was uploaded as a native
package.

Author: Alberto Gonzalez Iniesta
Revision Date: 2005-01-05 19:03:11 UTC

* The 'Three Wise Men' release.
* New upstream release.
* Update README.Debian with comments on changed string remapping.
  Thanks ron@debian.org for noting this first. (Closes: #288669)

Author: Alberto Gonzalez Iniesta
Revision Date: 2004-06-10 15:59:39 UTC

* Included Catalan debconf templates. (Closes: #248750)
  Thanks Aleix Badia i Bosch.
* Added debconf question on whether the daemon should be stopped at
  the begining of and upgrade or not. Thus being more reliable on
  remote upgrades. (Closes: #250558)