lp:ubuntu/hardy-security/openvpn

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

20. By Jamie Strandboge on 2008-06-11

* init.c: send modulus to openssl-vulnkey rather than calling
  openssl-vulnkey on the file. This allows for password protected ssl keys
  (LP: #230197)
* debian/control: Depends on openssl-blacklist > 0.3.2

19. By Martin Pitt on 2008-05-14

init.c: Do not attempt to verify the key file with openvpn-vulnkey if it
is not accessible (any more). This happens when using the 'user', 'group',
or 'chroot' options in multi-client mode, and the SSL key file thus
becomes unreadable from the second time on. If the key file is not
accessible at the very start, this is already handled anyway, so we can
safely ignore this condition. (LP: #230208)
Note that this is not an issue when using pre-shared keys
(do_init_crypto_static(), since multi-client mode only works with TLS.
However, we also check it here just to be on the safe side.

18. By Jamie Strandboge on 2008-05-12

* SECURITY UPDATE: don't allow use of known vulnerable weak SSL/TLS and
  shared secret keys caused by Debian openssl bug
* init.c: patch do_init_crypto_static() to use openvpn-vulnkey and
  do_init_crypto_tls() to use openssl-vulnkey
* debian/control: Depends on libssl0.9.8 (>= 0.9.8g-4ubuntu3.1),
  openssl-blacklist and openvpn-blacklist
* add critical debconf note
* References
  CVE-2008-0166
  http://www.ubuntu.com/usn/usn-612-1

17. By Chuck Short on 2008-02-20

* More init script LSB compliance. (LP: #134210)
* Added warning about max-locked-memory-limit to Readme.Debian. (LP: #154696)

16. By Chuck Short on 2008-02-15

Made init script more lsb compliant.

15. By Chuck Short on 2008-02-12

* New upstream version (LP: #157144).
* Disable creation of tun, let udev handle it.

14. By Alberto Gonzalez Iniesta <email address hidden> on 2007-12-08

* Upload to unstable. New upstream fixes:
   - Bug with: Assertion failed at multi.c. (Closes: #411633)
   - Hangs with tcp clients goin down with new option:
     --connect-timeout. (Closes: #296834)
* Use rm -f to remove PIDFILE, in case rm wants to ask.
  (Closes: #429932)
* Updated Vietnamese debconf templates. (Closes: #427048)
  Thanks Clytie Siddall.
* Added note on resolvconf use with openvpn. (Closes: #451319)

13. By Alberto Gonzalez Iniesta <email address hidden> on 2007-05-19

Install /etc/openvpn/update-resolv-conf with correct permissions

12. By Alberto Gonzalez Iniesta <email address hidden> on 2007-05-15

* Fixed init.d script to avoid running multiple instances of the
  same VPN. Thanks Keith Kyzivat for pushing me into looking
  again into this issue. (Closes: #326080)
* Included patch to README.Debian from Peter Rabbitson describing
  /etc/network/interfaces integration. (Closes: #413732)
* Also included joeyh's suggestion on the previous subject.
  (Closes: 419797)
* Avoid restarting a vpn instead of reloading it due to wrong
  detection of 'user' option in init.d script. Thanks Josip Rodin.
  (Closes: 403503)
* Added Russian debconf translation. (Closes: #414088)
  Thanks Yuriy Talakan.
* Built against liblzo2 instead of liblzo. (Closes: #423366)

11. By Alberto Gonzalez Iniesta <email address hidden> on 2007-02-28

Added Galician debconf translation. (Closes: #412492)
Thanks Jacobo Tarrio