ubuntu/+source/openvpn:ubuntu/bionic

Last commit made on 2018-02-10
Get this branch:
git clone -b ubuntu/bionic https://git.launchpad.net/ubuntu/+source/openvpn
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/bionic
Repository:
lp:ubuntu/+source/openvpn

Recent commits

bb7b452... by Dimitri John Ledkov on 2018-02-10

Import patches-unapplied version 2.4.4-2ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 13de63e978feae059966826cb2150de5cf287731

New changelog entries:
  * Sync with Debian. Remaining changes:
    - debian/openvpn@.service: Add "--script-security 2" similar to what got
      added to debian/openvpn.init.d ages ago (LP: #1454725)
    - Demote easy-rsa to Suggests (universe package).

13de63e... by Bernhard Schmidt <email address hidden> on 2017-12-10

Import patches-unapplied version 2.4.4-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 422563fdb534ab0e05c5a25bb43c954f2e41136f

New changelog entries:
  * Build against OpenSSL 1.1.0 (Closes: #828447)
  * Bump Standards-Version to 4.1.2, no changes necessary

422563f... by Bernhard Schmidt <email address hidden> on 2017-10-25

Import patches-unapplied version 2.4.4-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 86a1297ef6e98f4ffdbe095519a344ed35eaeb2e

New changelog entries:
  [ Jörg Frings-Fürst ]
  * New Upstream release:
    - Fix bounds check in read_key() (CVE-2017-12166) (Closes: #877089).
  * Declare compliance with Debian Policy 4.1.1. (No changes needed).
  * Drop dh-systemd from both Build-Depends and dh command line as
    it is enabled by default for dh compat level 10.
  * New debian/openvpn.lintian-overrides:
    - Override duplicate upstream changelog warning.
  * Remote obsolete directory /usr/lib/openvpn (The plugins directory are now
      /usr/lib/*/openvpn/plugins):
    - Remove /usr/lib/openvpn from debian/dirs.
    - Add debian/postrm to remove /usr/lib/openvpn on purge and remove.
    - Rewrite plugin section at README.Debian
  * Use pathfind() instead hard coded path for invoke-rc.d at debian/prerm
    and debian/postinst.
  * Remove outdated debian/README.source.
  * Remove obsolete syslog.target from debian/openvpn@.service.
  * Update Catalan translation (Closes: #870351).
    - Thanks to Alytidae <email address hidden>.
  * New directory /var/log/openvpn for log and status files
      (Closes: #444431, #553303):
    - Add var/log/openvpn into debian/dirs.
    - New debian/patches/move_log_dir.patch to change the conf files
      to the new log directory.
  [ Bernhard Schmidt ]
  * Further changes to debian/openvpn@.service copied from upstream
    - Enable Restart=on-failure
    - Use KillMode=process

86a1297... by Bernhard Schmidt <email address hidden> on 2017-06-30

Import patches-unapplied version 2.4.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 92e0b2f4dcc5cb045ef578a2857b0a20b3d077b9

New changelog entries:
  * fix FTBFS on kfreebsd
  * Adjust debian openvpn@.service to be closer to the upstream
    ones (Closes: #858558, #864031):
    - adjust Documentation URL to OpenVPN 2.4
    - use systemd READY signalling (Type=notify)
    - add ProtectHome=true
    - add After/Wants network-online.target
    - adjust CapabililtyBoundingSet

92e0b2f... by Bernhard Schmidt <email address hidden> on 2017-06-29

Import patches-unapplied version 2.4.3-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6e90c5d6ae933bb0e9a2da215a32e56ed92e5968

New changelog entries:
  [ Jörg Frings-Fürst ]
  * debian/control:
    - Set Bernhard Schmidt <email address hidden> as maintainer and myself as
      Uploader (Closes: #865555)
    - Many thanks to Alberto Gonzalez Iniesta.
    - Change Vcs-Browser to cgit.
  * Migrate to debhelper 10:
    - Change debian/compat to 10.
    - Bump minimum debhelper version in debian/control to >= 10.
  * Declare compliance with Debian Policy 4.0.0. (No changes needed).
  [ Bernhard Schmidt ]
  * properly remove obsolete /etc/tmpfiles.d/openvpn.conf using
    dpkg-maintscript-helper (Closes: #865717)
  * Change Vcs-Git and Homepage to https

6e90c5d... by Alberto Gonzalez Iniesta <email address hidden> on 2017-06-23

Import patches-unapplied version 2.4.3-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e4e481d05661383fd5b855db9730de73c6aa7b18

New changelog entries:
  * The "Bye bye OpenVPN" revenge release
  * Put upstream tmpfiles conf in the right place and merge with Debian's.
    (Closes: #865589)

e4e481d... by Alberto Gonzalez Iniesta <email address hidden> on 2017-06-22

Import patches-unapplied version 2.4.3-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7670e2f3929bc31c3627fca36a1605b2f0012f8f

New changelog entries:
  * The "Bye bye OpenVPN" release.
  * New upstream release fixing: (Closes: #865480)
    - CVE-2017-7508
    - CVE-2017-7520
    - CVE-2017-7521
    - CVE-2017-7522
  * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins
  * debian/rules:
    - Remove obsolete options to configure script (enable-password-save,
      with-plugindir (now in ENV_VARS))
    - No need to install upstream's systemd unit files from debian/rules

7670e2f... by Alberto Gonzalez Iniesta <email address hidden> on 2017-05-22

Import patches-unapplied version 2.4.0-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 10aa56344657d099455cfeb3a5d6e66a820436b3

New changelog entries:
  * Apply upstream patch to fix shrinking MTU sizes on reconnects causing not
    usable VPN tunnels.

10aa563... by Alberto Gonzalez Iniesta <email address hidden> on 2017-05-11

Import patches-unapplied version 2.4.0-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 258a949b60bbd840885264854bd2bcd80e577aab

New changelog entries:
  * Change typo fix in command line help.
  * SECURITY UPDATE: pre-authentication denial-of-service vulnerability
    (both client and server) from a too-large control packet.
    - debian/patches/CVE-2017-7478.patch: Do not assert on too-large
      control packet
    - CVE-2017-7478
  * SECURITY UPDATE: authenticated remote DoS vulnerability due to
    packet ID rollover
    - debian/patches/CVE-2017-7479-prereq.patch: merge
      packet_id_alloc_outgoing() into packet_id_write()
    - debian/patches/CVE-2017-7479.patch: do not assert when packet ID
      rollover occurs
    - CVE-2017-7479
  * SECURITY UPDATE: auth tokens left in memory after de-auth
    - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
      as soon as a TLS session is considered broken.
   * Kudos to Steve Beattie <email address hidden> for doing all the
     backporting work for this upload.

258a949... by Alberto Gonzalez Iniesta <email address hidden> on 2017-02-02

Import patches-unapplied version 2.4.0-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a922daea2ba0a9a697f442595cf8144d42236c0e

New changelog entries:
  * Add NEWS entries on possible 2.4 migration issues.
    (Closes: #852381, #849909)