ubuntu/+source/openvpn:applied/ubuntu/hardy-security

Last commit made on 2008-06-12
Get this branch:
git clone -b applied/ubuntu/hardy-security https://git.launchpad.net/ubuntu/+source/openvpn
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/hardy-security
Repository:
lp:ubuntu/+source/openvpn

Recent commits

5ecaec2... by Jamie Strandboge on 2008-06-11

Import patches-applied version 2.1~rc7-1ubuntu3.3 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: aeb6eeaa2dd446b102a785620249a8f5e820ad7b
Unapplied parent: eb37981b8e8a600bee3ad89c16a5fbeeef5ccffb

New changelog entries:
  * init.c: send modulus to openssl-vulnkey rather than calling
    openssl-vulnkey on the file. This allows for password protected ssl keys
    (LP: #230197)
  * debian/control: Depends on openssl-blacklist > 0.3.2

eb37981... by Jamie Strandboge on 2008-06-11

Import patches-unapplied version 2.1~rc7-1ubuntu3.3 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: df993d8545b8268f160c503652e93f9b12909cf2

New changelog entries:
  * init.c: send modulus to openssl-vulnkey rather than calling
    openssl-vulnkey on the file. This allows for password protected ssl keys
    (LP: #230197)
  * debian/control: Depends on openssl-blacklist > 0.3.2

aeb6eea... by Martin Pitt on 2008-05-14

Import patches-applied version 2.1~rc7-1ubuntu3.2 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 08890d879b045517c4f667566c19d80b7b943677
Unapplied parent: df993d8545b8268f160c503652e93f9b12909cf2

New changelog entries:
  * init.c: Do not attempt to verify the key file with openvpn-vulnkey if it
    is not accessible (any more). This happens when using the 'user', 'group',
    or 'chroot' options in multi-client mode, and the SSL key file thus
    becomes unreadable from the second time on. If the key file is not
    accessible at the very start, this is already handled anyway, so we can
    safely ignore this condition. (LP: #230208)
    Note that this is not an issue when using pre-shared keys
    (do_init_crypto_static(), since multi-client mode only works with TLS.
    However, we also check it here just to be on the safe side.

df993d8... by Martin Pitt on 2008-05-14

Import patches-unapplied version 2.1~rc7-1ubuntu3.2 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 8f326aa0a48f8d9fcc49bce904cffb03afe8b878

New changelog entries:
  * init.c: Do not attempt to verify the key file with openvpn-vulnkey if it
    is not accessible (any more). This happens when using the 'user', 'group',
    or 'chroot' options in multi-client mode, and the SSL key file thus
    becomes unreadable from the second time on. If the key file is not
    accessible at the very start, this is already handled anyway, so we can
    safely ignore this condition. (LP: #230208)
    Note that this is not an issue when using pre-shared keys
    (do_init_crypto_static(), since multi-client mode only works with TLS.
    However, we also check it here just to be on the safe side.

08890d8... by Jamie Strandboge on 2008-05-13

Import patches-applied version 2.1~rc7-1ubuntu3.1 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 9686ca74d9c154b76f5384b70374dd8d418431ae
Unapplied parent: 8f326aa0a48f8d9fcc49bce904cffb03afe8b878

New changelog entries:
  * SECURITY UPDATE: don't allow use of known vulnerable weak SSL/TLS and
    shared secret keys caused by Debian openssl bug
  * init.c: patch do_init_crypto_static() to use openvpn-vulnkey and
    do_init_crypto_tls() to use openssl-vulnkey
  * debian/control: Depends on libssl0.9.8 (>= 0.9.8g-4ubuntu3.1),
    openssl-blacklist and openvpn-blacklist
  * add critical debconf note
  * References
    CVE-2008-0166
    http://www.ubuntu.com/usn/usn-612-1

8f326aa... by Jamie Strandboge on 2008-05-13

Import patches-unapplied version 2.1~rc7-1ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 163d1a8145775a883f813ffc58af2cf60bc902c9

New changelog entries:
  * SECURITY UPDATE: don't allow use of known vulnerable weak SSL/TLS and
    shared secret keys caused by Debian openssl bug
  * init.c: patch do_init_crypto_static() to use openvpn-vulnkey and
    do_init_crypto_tls() to use openssl-vulnkey
  * debian/control: Depends on libssl0.9.8 (>= 0.9.8g-4ubuntu3.1),
    openssl-blacklist and openvpn-blacklist
  * add critical debconf note
  * References
    CVE-2008-0166
    http://www.ubuntu.com/usn/usn-612-1

9686ca7... by Chuck Short on 2008-02-20

Import patches-applied version 2.1~rc7-1ubuntu3 to applied/ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 225632007291cbb4329f9b1a7306fe10518d7bc0
Unapplied parent: 163d1a8145775a883f813ffc58af2cf60bc902c9

New changelog entries:
  * More init script LSB compliance. (LP: #134210)
  * Added warning about max-locked-memory-limit to Readme.Debian. (LP: #154696)

163d1a8... by Chuck Short on 2008-02-20

Import patches-unapplied version 2.1~rc7-1ubuntu3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 268e4a1af9b67b217073fd5ddaba6a1c70da880c

New changelog entries:
  * More init script LSB compliance. (LP: #134210)
  * Added warning about max-locked-memory-limit to Readme.Debian. (LP: #154696)

2256320... by Chuck Short on 2008-02-15

Import patches-applied version 2.1~rc7-1ubuntu2 to applied/ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 7b993a41fc298dbca9beff37dc818326ca3a6d3b
Unapplied parent: 268e4a1af9b67b217073fd5ddaba6a1c70da880c

New changelog entries:
  * Made init script more lsb compliant.

268e4a1... by Chuck Short on 2008-02-15

Import patches-unapplied version 2.1~rc7-1ubuntu2 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 0cbfcca78bca80929eb249dbd777959fc87fc748

New changelog entries:
  * Made init script more lsb compliant.