Merge ~utkarsh/ubuntu/+source/openvpn:merge-lp1917438-hirsute into ubuntu/+source/openvpn:debian/sid
- Git
- lp:~utkarsh/ubuntu/+source/openvpn
- merge-lp1917438-hirsute
- Merge into debian/sid
Status: | Merged |
---|---|
Approved by: | Lucas Kanashiro |
Approved revision: | 36550535eb0463f8b89e93144386c8a11333090e |
Merge reported by: | Bryce Harrington |
Merged at revision: | 36550535eb0463f8b89e93144386c8a11333090e |
Proposed branch: | ~utkarsh/ubuntu/+source/openvpn:merge-lp1917438-hirsute |
Merge into: | ubuntu/+source/openvpn:debian/sid |
Diff against target: |
1112 lines (+782/-9) 7 files modified
debian/changelog (+682/-1) debian/control (+4/-3) debian/openvpn@.service (+1/-1) debian/patches/openvpn-fips-2.4.patch (+90/-0) debian/patches/series (+1/-0) debian/tests/server-setup-with-ca (+2/-2) debian/tests/server-setup-with-static-key (+2/-2) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Lucas Kanashiro (community) | Approve | ||
Canonical Server packageset reviewers | Pending | ||
Canonical Server | Pending | ||
Review via email: mp+398987@code.launchpad.net |
Commit message
Description of the change
Hey,
This MP is a merge with what's in Debian sid (which is a bux fix release from upstream),
PPA could be found at: https:/
Tests passing:
```
autopkgtest [19:48:45]: test server-
autopkgtest [19:48:46]: test server-
server-
autopkgtest [19:48:46]: @@@@@@@
server-
server-
```
Requesting you to review and upload the same. TIA! :)
Lucas Kanashiro (lucaskanashiro) wrote : | # |
Uploaded:
$ git push pkg upload/
Enumerating objects: 43, done.
Counting objects: 100% (43/43), done.
Delta compression using up to 8 threads
Compressing objects: 100% (28/28), done.
Writing objects: 100% (33/33), 10.41 KiB | 1.49 MiB/s, done.
Total 33 (delta 23), reused 6 (delta 5), pack-reused 0
To ssh://git.
* [new tag] upload/
$ dput ubuntu ../openvpn_
D: Setting host argument.
Checking signature on .changes
gpg: ../openvpn_
Checking signature on .dsc
gpg: ../openvpn_
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading openvpn_
Uploading openvpn_
Uploading openvpn_
Successfully uploaded packages.
Bryce Harrington (bryce) wrote : | # |
This has migrated
* openvpn: merge-lp1917438
- Source Package: openvpn
- Current Version: 2.5.1-1ubuntu1
- Debian Version: 2.5.1-1
- New Version: 2.5.1-1ubuntu1
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog | |||
2 | index 0636869..845db0b 100644 | |||
3 | --- a/debian/changelog | |||
4 | +++ b/debian/changelog | |||
5 | @@ -1,9 +1,44 @@ | |||
6 | 1 | openvpn (2.5.1-1ubuntu1) hirsute; urgency=medium | ||
7 | 2 | |||
8 | 3 | * Merge with Debian unstable (LP: #1917438). Remaining changes: | ||
9 | 4 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
10 | 5 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
11 | 6 | got added to debian/openvpn.init.d ages ago (LP #1454725) | ||
12 | 7 | - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. | ||
13 | 8 | + d/t/server-setup-*: adapt tests to output of v2.5.0 | ||
14 | 9 | |||
15 | 10 | -- Utkarsh Gupta <utkarsh.gupta@canonical.com> Tue, 02 Mar 2021 16:35:37 +0530 | ||
16 | 11 | |||
17 | 1 | openvpn (2.5.1-1) unstable; urgency=medium | 12 | openvpn (2.5.1-1) unstable; urgency=medium |
18 | 2 | 13 | ||
19 | 3 | * New upstream version 2.5.1 (bugfix release) | 14 | * New upstream version 2.5.1 (bugfix release) |
20 | 4 | 15 | ||
21 | 5 | -- Bernhard Schmidt <berni@debian.org> Wed, 24 Feb 2021 19:54:34 +0100 | 16 | -- Bernhard Schmidt <berni@debian.org> Wed, 24 Feb 2021 19:54:34 +0100 |
22 | 6 | 17 | ||
23 | 18 | openvpn (2.5.0-1ubuntu1) hirsute; urgency=medium | ||
24 | 19 | |||
25 | 20 | * Merge with Debian unstable. Remaining changes: | ||
26 | 21 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
27 | 22 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
28 | 23 | got added to debian/openvpn.init.d ages ago (LP #1454725) | ||
29 | 24 | - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. | ||
30 | 25 | [updated to match 2.5.0] | ||
31 | 26 | * Dropped changes [in Debian since 2.5~beta3-1] | ||
32 | 27 | - d/tests: add two DEP-8 test cases | ||
33 | 28 | + d/t/server-setup-with-static-key: test the OpenVPN server side setup | ||
34 | 29 | using a static key. | ||
35 | 30 | + d/t/server-setup-with-ca: test the OpenVPN server side setup using a | ||
36 | 31 | CA built with easy-rsa. | ||
37 | 32 | - d/openvpn*.service: Drop reload support from systemd unit files | ||
38 | 33 | (LP #1868127). The current reload implementation (sending a SIGHUP | ||
39 | 34 | signal to the process) fails, and the difference between reload and | ||
40 | 35 | restart is not clear. Systemd does not require an implementation for | ||
41 | 36 | reload. | ||
42 | 37 | * Added Changes: | ||
43 | 38 | - d/t/server-setup-*: adapt tests to output of v2.5.0 | ||
44 | 39 | |||
45 | 40 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 01 Dec 2020 16:15:12 +0100 | ||
46 | 41 | |||
47 | 7 | openvpn (2.5.0-1) unstable; urgency=medium | 42 | openvpn (2.5.0-1) unstable; urgency=medium |
48 | 8 | 43 | ||
49 | 9 | * New upstream version 2.5.0 - final release | 44 | * New upstream version 2.5.0 - final release |
50 | @@ -29,7 +64,7 @@ openvpn (2.5~beta3-1) unstable; urgency=medium | |||
51 | 29 | 64 | ||
52 | 30 | [ Lucas Kanashiro ] | 65 | [ Lucas Kanashiro ] |
53 | 31 | * Add two DEP-8 test cases for the server side | 66 | * Add two DEP-8 test cases for the server side |
55 | 32 | * Drop reload support from systemd unit files (LP: #1868127) | 67 | * Drop reload support from systemd unit files (LP 1868127) |
56 | 33 | 68 | ||
57 | 34 | [ Bernhard Schmidt ] | 69 | [ Bernhard Schmidt ] |
58 | 35 | * Revert "d/gbp.conf for experimental 2.5 branch" | 70 | * Revert "d/gbp.conf for experimental 2.5 branch" |
59 | @@ -59,6 +94,26 @@ openvpn (2.5~beta1-1) experimental; urgency=medium | |||
60 | 59 | 94 | ||
61 | 60 | -- Bernhard Schmidt <berni@debian.org> Sat, 15 Aug 2020 21:32:49 +0200 | 95 | -- Bernhard Schmidt <berni@debian.org> Sat, 15 Aug 2020 21:32:49 +0200 |
62 | 61 | 96 | ||
63 | 97 | openvpn (2.4.9-3ubuntu1) groovy; urgency=medium | ||
64 | 98 | |||
65 | 99 | * Merge with Debian unstable. Remaining changes: | ||
66 | 100 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
67 | 101 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
68 | 102 | got added to debian/openvpn.init.d ages ago (LP #1454725) | ||
69 | 103 | - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. | ||
70 | 104 | - d/tests: add two DEP-8 test cases | ||
71 | 105 | + d/t/server-setup-with-static-key: test the OpenVPN server side setup | ||
72 | 106 | using a static key. | ||
73 | 107 | + d/t/server-setup-with-ca: test the OpenVPN server side setup using a | ||
74 | 108 | CA built with easy-rsa. | ||
75 | 109 | - d/openvpn*.service: Drop reload support from systemd unit files | ||
76 | 110 | (LP #1868127). The current reload implementation (sending a SIGHUP | ||
77 | 111 | signal to the process) fails, and the difference between reload and | ||
78 | 112 | restart is not clear. Systemd does not require an implementation for | ||
79 | 113 | reload. | ||
80 | 114 | |||
81 | 115 | -- Lucas Kanashiro <kanashiro@ubuntu.com> Tue, 18 Aug 2020 08:42:11 -0300 | ||
82 | 116 | |||
83 | 62 | openvpn (2.4.9-3) unstable; urgency=medium | 117 | openvpn (2.4.9-3) unstable; urgency=medium |
84 | 63 | 118 | ||
85 | 64 | [ Jörg Frings-Fürst ] | 119 | [ Jörg Frings-Fürst ] |
86 | @@ -77,6 +132,28 @@ openvpn (2.4.9-3) unstable; urgency=medium | |||
87 | 77 | 132 | ||
88 | 78 | -- Jörg Frings-Fürst <debian@jff.email> Sat, 02 May 2020 18:14:36 +0200 | 133 | -- Jörg Frings-Fürst <debian@jff.email> Sat, 02 May 2020 18:14:36 +0200 |
89 | 79 | 134 | ||
90 | 135 | openvpn (2.4.9-2ubuntu2) groovy; urgency=medium | ||
91 | 136 | |||
92 | 137 | * Drop reload support from systemd unit files (LP: #1868127) | ||
93 | 138 | |||
94 | 139 | -- Lucas Kanashiro <kanashiro@ubuntu.com> Tue, 26 May 2020 19:04:33 -0300 | ||
95 | 140 | |||
96 | 141 | openvpn (2.4.9-2ubuntu1) groovy; urgency=medium | ||
97 | 142 | |||
98 | 143 | * Merge with Debian unstable. Remaining changes: | ||
99 | 144 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
100 | 145 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
101 | 146 | got added to debian/openvpn.init.d ages ago (LP 1454725) | ||
102 | 147 | - Allow MD5 for PRF in FIPS mode openssl. | ||
103 | 148 | * Added changes: | ||
104 | 149 | - d/tests: add two DEP-8 test cases | ||
105 | 150 | + d/t/server-setup-with-static-key: test the OpenVPN server side setup | ||
106 | 151 | using a static key. | ||
107 | 152 | + d/t/server-setup-with-ca: test the OpenVPN server side setup using a | ||
108 | 153 | CA built with easy-rsa. | ||
109 | 154 | |||
110 | 155 | -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Wed, 29 Apr 2020 15:35:56 -0300 | ||
111 | 156 | |||
112 | 80 | openvpn (2.4.9-2) unstable; urgency=medium | 157 | openvpn (2.4.9-2) unstable; urgency=medium |
113 | 81 | 158 | ||
114 | 82 | * Cherry-Pick upstream patch to fix ssl_do_config error with | 159 | * Cherry-Pick upstream patch to fix ssl_do_config error with |
115 | @@ -112,6 +189,28 @@ openvpn (2.4.9-1) unstable; urgency=medium | |||
116 | 112 | 189 | ||
117 | 113 | -- Bernhard Schmidt <berni@debian.org> Sun, 19 Apr 2020 15:52:57 +0200 | 190 | -- Bernhard Schmidt <berni@debian.org> Sun, 19 Apr 2020 15:52:57 +0200 |
118 | 114 | 191 | ||
119 | 192 | openvpn (2.4.7-1ubuntu2) eoan; urgency=medium | ||
120 | 193 | |||
121 | 194 | * No-change upload with strops.h and sys/strops.h removed in glibc. | ||
122 | 195 | |||
123 | 196 | -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:05:25 +0000 | ||
124 | 197 | |||
125 | 198 | openvpn (2.4.7-1ubuntu1) eoan; urgency=medium | ||
126 | 199 | |||
127 | 200 | * Merge with Debian unstable (LP: #1828771). Remaining changes: | ||
128 | 201 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
129 | 202 | - debian/openvpn@.service: Add '--script-security 2' similar to what got | ||
130 | 203 | added to debian/openvpn.init.d ages ago (LP 1454725) | ||
131 | 204 | - d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF. | ||
132 | 205 | (LP 1807439) | ||
133 | 206 | * Dropped changes: | ||
134 | 207 | - d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout | ||
135 | 208 | scripts breaking due to sudo/pam being unable to audit the action. | ||
136 | 209 | Fixed in upstream issue #918, suggested to Debian in #868806 (LP 1787208) | ||
137 | 210 | [in Debian now] | ||
138 | 211 | |||
139 | 212 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 13 May 2019 15:55:22 +0200 | ||
140 | 213 | |||
141 | 115 | openvpn (2.4.7-1) unstable; urgency=medium | 214 | openvpn (2.4.7-1) unstable; urgency=medium |
142 | 116 | 215 | ||
143 | 117 | [ Bernhard Schmidt ] | 216 | [ Bernhard Schmidt ] |
144 | @@ -131,6 +230,30 @@ openvpn (2.4.7-1) unstable; urgency=medium | |||
145 | 131 | 230 | ||
146 | 132 | -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100 | 231 | -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100 |
147 | 133 | 232 | ||
148 | 233 | openvpn (2.4.6-1ubuntu3) disco; urgency=medium | ||
149 | 234 | |||
150 | 235 | * d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF. | ||
151 | 236 | (LP: #1807439) | ||
152 | 237 | |||
153 | 238 | -- Joy Latten <joy.latten@canonical.com> Wed, 09 Jan 2019 12:25:59 -0600 | ||
154 | 239 | |||
155 | 240 | openvpn (2.4.6-1ubuntu2) cosmic; urgency=medium | ||
156 | 241 | |||
157 | 242 | * d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout | ||
158 | 243 | scripts breaking due to sudo/pam being unable to audit the action. | ||
159 | 244 | Fixed in upstream issue #918, suggested to Debian in #868806 (LP: #1787208) | ||
160 | 245 | |||
161 | 246 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Sep 2018 10:57:35 +0200 | ||
162 | 247 | |||
163 | 248 | openvpn (2.4.6-1ubuntu1) cosmic; urgency=medium | ||
164 | 249 | |||
165 | 250 | * Merge with Debian unstable. Remaining changes: | ||
166 | 251 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
167 | 252 | - debian/openvpn@.service: Add '--script-security 2' similar to what got | ||
168 | 253 | added to debian/openvpn.init.d ages ago (LP 1454725) | ||
169 | 254 | |||
170 | 255 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 13:30:20 +0200 | ||
171 | 256 | |||
172 | 134 | openvpn (2.4.6-1) unstable; urgency=medium | 257 | openvpn (2.4.6-1) unstable; urgency=medium |
173 | 135 | 258 | ||
174 | 136 | [ Jörg Frings-Fürst ] | 259 | [ Jörg Frings-Fürst ] |
175 | @@ -174,6 +297,15 @@ openvpn (2.4.5-1) unstable; urgency=medium | |||
176 | 174 | 297 | ||
177 | 175 | -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100 | 298 | -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100 |
178 | 176 | 299 | ||
179 | 300 | openvpn (2.4.4-2ubuntu1) bionic; urgency=low | ||
180 | 301 | |||
181 | 302 | * Sync with Debian. Remaining changes: | ||
182 | 303 | - debian/openvpn@.service: Add "--script-security 2" similar to what got | ||
183 | 304 | added to debian/openvpn.init.d ages ago (LP: #1454725) | ||
184 | 305 | - Demote easy-rsa to Suggests (universe package). | ||
185 | 306 | |||
186 | 307 | -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 10 Feb 2018 20:27:56 +0000 | ||
187 | 308 | |||
188 | 177 | openvpn (2.4.4-2) unstable; urgency=medium | 309 | openvpn (2.4.4-2) unstable; urgency=medium |
189 | 178 | 310 | ||
190 | 179 | * Build against OpenSSL 1.1.0 (Closes: #828477) | 311 | * Build against OpenSSL 1.1.0 (Closes: #828477) |
191 | @@ -181,6 +313,15 @@ openvpn (2.4.4-2) unstable; urgency=medium | |||
192 | 181 | 313 | ||
193 | 182 | -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100 | 314 | -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100 |
194 | 183 | 315 | ||
195 | 316 | openvpn (2.4.4-1ubuntu1) bionic; urgency=medium | ||
196 | 317 | |||
197 | 318 | * Sync with Debian. Remaining changes: | ||
198 | 319 | - debian/openvpn@.service: Add "--script-security 2" similar to what got | ||
199 | 320 | added to debian/openvpn.init.d ages ago (LP: #1454725) | ||
200 | 321 | - Demote easy-rsa to Suggests (universe package). | ||
201 | 322 | |||
202 | 323 | -- Jeremy Bicha <jbicha@ubuntu.com> Sat, 28 Oct 2017 15:13:58 -0400 | ||
203 | 324 | |||
204 | 184 | openvpn (2.4.4-1) unstable; urgency=medium | 325 | openvpn (2.4.4-1) unstable; urgency=medium |
205 | 185 | 326 | ||
206 | 186 | [ Jörg Frings-Fürst ] | 327 | [ Jörg Frings-Fürst ] |
207 | @@ -302,6 +443,65 @@ openvpn (2.4.0-5) unstable; urgency=high | |||
208 | 302 | 443 | ||
209 | 303 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 May 2017 14:15:21 +0200 | 444 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 May 2017 14:15:21 +0200 |
210 | 304 | 445 | ||
211 | 446 | openvpn (2.4.0-4ubuntu1.3) zesty-security; urgency=medium | ||
212 | 447 | |||
213 | 448 | * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet | ||
214 | 449 | - debian/patches/CVE-2017-7508.patch: remove assert in | ||
215 | 450 | src/openvpn/mss.c. | ||
216 | 451 | - CVE-2017-7508 | ||
217 | 452 | * SECURITY UPDATE: Remote-triggerable memory leaks | ||
218 | 453 | - debian/patches/CVE-2017-7512.patch: fix leaks in | ||
219 | 454 | src/openvpn/ssl_verify_openssl.c. | ||
220 | 455 | - CVE-2017-7512 | ||
221 | 456 | * SECURITY UPDATE: Pre-authentication remote crash/information disclosure | ||
222 | 457 | for clients | ||
223 | 458 | - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer | ||
224 | 459 | OOB reads and a crash for invalid input data in src/openvpn/ntlm.c. | ||
225 | 460 | - CVE-2017-7520 | ||
226 | 461 | * SECURITY UPDATE: Potential double-free in --x509-alt-username and | ||
227 | 462 | memory leaks | ||
228 | 463 | - debian/patches/CVE-2017-7521.patch: fix double-free in | ||
229 | 464 | src/openvpn/ssl_verify_openssl.c. | ||
230 | 465 | - CVE-2017-7521 | ||
231 | 466 | * SECURITY UPDATE: DoS in establish_http_proxy_passthru() | ||
232 | 467 | - debian/patches/establish_http_proxy_passthru_dos.patch: fix | ||
233 | 468 | null-pointer dereference in src/openvpn/proxy.c. | ||
234 | 469 | - No CVE number | ||
235 | 470 | |||
236 | 471 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 22 Jun 2017 08:37:49 -0400 | ||
237 | 472 | |||
238 | 473 | openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium | ||
239 | 474 | |||
240 | 475 | * SECURITY UPDATE: pre-authentication denial-of-service vulnerability | ||
241 | 476 | (both client and server) from a too-large control packet. | ||
242 | 477 | - debian/patches/CVE-2017-7478.patch: Do not assert on too-large | ||
243 | 478 | control packet | ||
244 | 479 | - CVE-2017-7478 | ||
245 | 480 | * SECURITY UPDATE: authenticated remote DoS vulnerability due to | ||
246 | 481 | packet ID rollover | ||
247 | 482 | - debian/patches/CVE-2017-7479-prereq.patch: merge | ||
248 | 483 | packet_id_alloc_outgoing() into packet_id_write() | ||
249 | 484 | - debian/patches/CVE-2017-7478.patch: do not assert when packet ID | ||
250 | 485 | rollover occurs | ||
251 | 486 | - CVE-2017-7478 | ||
252 | 487 | * SECURITY UPDATE: auth tokens left in memory after de-auth | ||
253 | 488 | - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token | ||
254 | 489 | as soon as a TLS session is considered broken. | ||
255 | 490 | |||
256 | 491 | -- Steve Beattie <sbeattie@ubuntu.com> Wed, 10 May 2017 15:21:05 -0700 | ||
257 | 492 | |||
258 | 493 | openvpn (2.4.0-4ubuntu1) zesty; urgency=medium | ||
259 | 494 | |||
260 | 495 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
261 | 496 | - debian/openvpn@.service: Add "--script-security 2" similar to what got | ||
262 | 497 | added to debian/openvpn.init.d ages ago (LP: #1454725) | ||
263 | 498 | - Demote easy-rsa to Suggests (universe package). | ||
264 | 499 | * Drop: | ||
265 | 500 | - debian/control: Actually drop the initscripts dependency. | ||
266 | 501 | (Closes: #804968). Already in Debian | ||
267 | 502 | |||
268 | 503 | -- Jon Grimm <jon.grimm@canonical.com> Fri, 10 Feb 2017 12:16:57 -0600 | ||
269 | 504 | |||
270 | 305 | openvpn (2.4.0-4) unstable; urgency=medium | 505 | openvpn (2.4.0-4) unstable; urgency=medium |
271 | 306 | 506 | ||
272 | 307 | * Add NEWS entries on possible 2.4 migration issues. | 507 | * Add NEWS entries on possible 2.4 migration issues. |
273 | @@ -371,6 +571,24 @@ openvpn (2.3.11-2) unstable; urgency=medium | |||
274 | 371 | 571 | ||
275 | 372 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 23 May 2016 09:55:30 +0200 | 572 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 23 May 2016 09:55:30 +0200 |
276 | 373 | 573 | ||
277 | 574 | openvpn (2.3.11-1ubuntu2) yakkety; urgency=medium | ||
278 | 575 | |||
279 | 576 | * debian/control: Actually drop the initscripts dependency. | ||
280 | 577 | (Closes: #804968) | ||
281 | 578 | |||
282 | 579 | -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 22 Jun 2016 16:54:51 +0200 | ||
283 | 580 | |||
284 | 581 | openvpn (2.3.11-1ubuntu1) yakkety; urgency=medium | ||
285 | 582 | |||
286 | 583 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
287 | 584 | - debian/openvpn@.service: Add "--script-security 2" similar to what got | ||
288 | 585 | added to debian/openvpn.init.d ages ago (see LP: #260291). | ||
289 | 586 | - Demote easy-rsa to Suggests (universe package). | ||
290 | 587 | * Drop intrusive changes (showing per-VPN result messages) from | ||
291 | 588 | debian/openvpn.init.d. This isn't being used under systemd. | ||
292 | 589 | |||
293 | 590 | -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 20 May 2016 17:30:27 +0200 | ||
294 | 591 | |||
295 | 374 | openvpn (2.3.11-1) unstable; urgency=medium | 592 | openvpn (2.3.11-1) unstable; urgency=medium |
296 | 375 | 593 | ||
297 | 376 | * New upstream release. | 594 | * New upstream release. |
298 | @@ -382,6 +600,25 @@ openvpn (2.3.11-1) unstable; urgency=medium | |||
299 | 382 | 600 | ||
300 | 383 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2016 17:41:53 +0200 | 601 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2016 17:41:53 +0200 |
301 | 384 | 602 | ||
302 | 603 | openvpn (2.3.10-1ubuntu2) xenial; urgency=medium | ||
303 | 604 | |||
304 | 605 | * debian/openvpn@.service: Add --script-security similar to what got added | ||
305 | 606 | to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725) | ||
306 | 607 | |||
307 | 608 | -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 02 Feb 2016 13:33:39 +0100 | ||
308 | 609 | |||
309 | 610 | openvpn (2.3.10-1ubuntu1) xenial; urgency=medium | ||
310 | 611 | |||
311 | 612 | * Merge with Debian unstable (LP: #1536568). Remaining Ubuntu changes: | ||
312 | 613 | - debian/openvpn.init.d: | ||
313 | 614 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
314 | 615 | + Show per-VPN result messages. | ||
315 | 616 | + Add "--script-security 2" by default for backwards compatabliity. | ||
316 | 617 | (LP #260291) | ||
317 | 618 | - Demote easy-rsa to Suggests | ||
318 | 619 | |||
319 | 620 | -- Gianfranco Costamagna <locutusofborg@debian.org> Thu, 21 Jan 2016 11:37:08 +0100 | ||
320 | 621 | |||
321 | 385 | openvpn (2.3.10-1) unstable; urgency=medium | 622 | openvpn (2.3.10-1) unstable; urgency=medium |
322 | 386 | 623 | ||
323 | 387 | * New upstream release. (Closes: #804368) | 624 | * New upstream release. (Closes: #804368) |
324 | @@ -400,6 +637,21 @@ openvpn (2.3.10-1) unstable; urgency=medium | |||
325 | 400 | 637 | ||
326 | 401 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100 | 638 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100 |
327 | 402 | 639 | ||
328 | 640 | openvpn (2.3.8-1ubuntu1) xenial; urgency=medium | ||
329 | 641 | |||
330 | 642 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
331 | 643 | - debian/openvpn.init.d: | ||
332 | 644 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
333 | 645 | + Show per-VPN result messages. | ||
334 | 646 | + Add "--script-security 2" by default for backwards compatabliity. | ||
335 | 647 | - Demote easy-rsa to Suggests | ||
336 | 648 | - Run openvpn@.service before systemd-user-sessions.service to avoid | ||
337 | 649 | gettys and lightdm starting on top of possible password prompts. This | ||
338 | 650 | provides the equivalent of the init.d script's X-Start-Before:. | ||
339 | 651 | (Closes: #803032) | ||
340 | 652 | |||
341 | 653 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 04 Jan 2016 11:48:31 +0100 | ||
342 | 654 | |||
343 | 403 | openvpn (2.3.8-1) unstable; urgency=medium | 655 | openvpn (2.3.8-1) unstable; urgency=medium |
344 | 404 | 656 | ||
345 | 405 | * New upstream release. Drop patch from 2.3.7-2. | 657 | * New upstream release. Drop patch from 2.3.7-2. |
346 | @@ -413,6 +665,21 @@ openvpn (2.3.8-1) unstable; urgency=medium | |||
347 | 413 | 665 | ||
348 | 414 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Oct 2015 17:34:26 +0100 | 666 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Oct 2015 17:34:26 +0100 |
349 | 415 | 667 | ||
350 | 668 | openvpn (2.3.7-2ubuntu1) xenial; urgency=medium | ||
351 | 669 | |||
352 | 670 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
353 | 671 | - debian/openvpn.init.d: | ||
354 | 672 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
355 | 673 | + Show per-VPN result messages. | ||
356 | 674 | + Add "--script-security 2" by default for backwards compatabliity. | ||
357 | 675 | - Demote easy-rsa to Suggests | ||
358 | 676 | - Run openvpn@.service before systemd-user-sessions.service to avoid | ||
359 | 677 | gettys and lightdm starting on top of possible password prompts. This | ||
360 | 678 | provides the equivalent of the init.d script's X-Start-Before:. | ||
361 | 679 | (Closes: #803032) | ||
362 | 680 | |||
363 | 681 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 26 Oct 2015 09:32:31 +0100 | ||
364 | 682 | |||
365 | 416 | openvpn (2.3.7-2) unstable; urgency=medium | 683 | openvpn (2.3.7-2) unstable; urgency=medium |
366 | 417 | 684 | ||
367 | 418 | * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev. | 685 | * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev. |
368 | @@ -423,6 +690,20 @@ openvpn (2.3.7-2) unstable; urgency=medium | |||
369 | 423 | 690 | ||
370 | 424 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 08 Sep 2015 08:23:19 +0000 | 691 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 08 Sep 2015 08:23:19 +0000 |
371 | 425 | 692 | ||
372 | 693 | openvpn (2.3.7-1ubuntu1) wily; urgency=medium | ||
373 | 694 | |||
374 | 695 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
375 | 696 | - debian/openvpn.init.d: | ||
376 | 697 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
377 | 698 | + Show per-VPN result messages. | ||
378 | 699 | + Add "--script-security 2" by default for backwards compatabliity. | ||
379 | 700 | - Demote easy-rsa to Suggests | ||
380 | 701 | - Run openvpn@.service before systemd-user-sessions.service to avoid | ||
381 | 702 | gettys and lightdm starting on top of possible password prompts. This | ||
382 | 703 | provides the equivalent of the init.d script's X-Start-Before:. | ||
383 | 704 | |||
384 | 705 | -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 08 Jul 2015 12:28:54 +0200 | ||
385 | 706 | |||
386 | 426 | openvpn (2.3.7-1) unstable; urgency=medium | 707 | openvpn (2.3.7-1) unstable; urgency=medium |
387 | 427 | 708 | ||
388 | 428 | * New upstream version | 709 | * New upstream version |
389 | @@ -444,6 +725,20 @@ openvpn (2.3.5-1) unstable; urgency=medium | |||
390 | 444 | 725 | ||
391 | 445 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Oct 2014 17:44:06 +0100 | 726 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Oct 2014 17:44:06 +0100 |
392 | 446 | 727 | ||
393 | 728 | openvpn (2.3.4-5ubuntu1) wily; urgency=medium | ||
394 | 729 | |||
395 | 730 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
396 | 731 | - debian/openvpn.init.d: | ||
397 | 732 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
398 | 733 | + Show per-VPN result messages. | ||
399 | 734 | + Add "--script-security 2" by default for backwards compatabliity. | ||
400 | 735 | - Demote easy-rsa to Suggests | ||
401 | 736 | - Run openvpn@.service before systemd-user-sessions.service to avoid | ||
402 | 737 | gettys and lightdm starting on top of possible password prompts. This | ||
403 | 738 | provides the equivalent of the init.d script's X-Start-Before:. | ||
404 | 739 | |||
405 | 740 | -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 07 May 2015 15:35:52 +0200 | ||
406 | 741 | |||
407 | 447 | openvpn (2.3.4-5) unstable; urgency=high | 742 | openvpn (2.3.4-5) unstable; urgency=high |
408 | 448 | 743 | ||
409 | 449 | * Apply upstream patch that fixes possible DoS by authenticated | 744 | * Apply upstream patch that fixes possible DoS by authenticated |
410 | @@ -502,6 +797,52 @@ openvpn (2.3.3-1) experimental; urgency=medium | |||
411 | 502 | 797 | ||
412 | 503 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 19:40:12 +0100 | 798 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 19:40:12 +0100 |
413 | 504 | 799 | ||
414 | 800 | openvpn (2.3.2-9ubuntu4) vivid; urgency=medium | ||
415 | 801 | |||
416 | 802 | * Run openvpn@.service before systemd-user-sessions.service to avoid gettys | ||
417 | 803 | and lightdm starting on top of possible password prompts. This provides | ||
418 | 804 | the equivalent of the init.d script's X-Start-Before:. | ||
419 | 805 | |||
420 | 806 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 13 Apr 2015 16:09:01 -0500 | ||
421 | 807 | |||
422 | 808 | openvpn (2.3.2-9ubuntu3) vivid; urgency=medium | ||
423 | 809 | |||
424 | 810 | * Add better_systemd_detection.patch to avoid calling systemd-ask-password | ||
425 | 811 | under upstart. Backported from upstream. (Closes: #747265) | ||
426 | 812 | * Add systemd unit and generator from current Debian package. This avoids | ||
427 | 813 | using the init.d script, which unnecessarily blocks lightdm startup on the | ||
428 | 814 | network becoming online even if there are no auto-start connections | ||
429 | 815 | (LP: #1443489). | ||
430 | 816 | |||
431 | 817 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 13 Apr 2015 11:22:56 -0500 | ||
432 | 818 | |||
433 | 819 | openvpn (2.3.2-9ubuntu2) vivid; urgency=medium | ||
434 | 820 | |||
435 | 821 | * SECURITY UPDATE: server denial of service via too-short control channel | ||
436 | 822 | packets | ||
437 | 823 | - debian/patches/CVE-2014-8104.patch: drop too-short control channel | ||
438 | 824 | packets instead of asserting out in src/openvpn/ssl.c. | ||
439 | 825 | - CVE-2014-8104 | ||
440 | 826 | * debian/patches/update_certs.patch: update test certs to fix FTBFS. | ||
441 | 827 | |||
442 | 828 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Dec 2014 15:26:58 -0500 | ||
443 | 829 | |||
444 | 830 | openvpn (2.3.2-9ubuntu1) utopic; urgency=medium | ||
445 | 831 | |||
446 | 832 | * Merge from Debian unstable. Remaining changes: | ||
447 | 833 | - debian/openvpn.init.d: | ||
448 | 834 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
449 | 835 | + Show per-VPN result messages. | ||
450 | 836 | + Add "--script-security 2" by default for backwards compatabliity. | ||
451 | 837 | - Demote easy-rsa to Suggests | ||
452 | 838 | - Patch libtool.m4 and configure to support ppc64el. | ||
453 | 839 | - Refresh delta with debian/openvpn.init.d: | ||
454 | 840 | + Make stop action reliable by killing if needed | ||
455 | 841 | (LP: #1274254, LP: #1200519) | ||
456 | 842 | + Use new path for status file (LP: #1261088) | ||
457 | 843 | |||
458 | 844 | -- Stéphane Graber <stgraber@ubuntu.com> Fri, 02 May 2014 16:00:55 -0400 | ||
459 | 845 | |||
460 | 505 | openvpn (2.3.2-9) unstable; urgency=medium | 846 | openvpn (2.3.2-9) unstable; urgency=medium |
461 | 506 | 847 | ||
462 | 507 | * Create /run/openvpn in init script even if no VPN is | 848 | * Create /run/openvpn in init script even if no VPN is |
463 | @@ -517,6 +858,33 @@ openvpn (2.3.2-8) unstable; urgency=medium | |||
464 | 517 | 858 | ||
465 | 518 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 14 Mar 2014 12:59:57 +0100 | 859 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 14 Mar 2014 12:59:57 +0100 |
466 | 519 | 860 | ||
467 | 861 | openvpn (2.3.2-7ubuntu3) trusty; urgency=medium | ||
468 | 862 | |||
469 | 863 | [ Simon Deziel ] | ||
470 | 864 | * Refresh delta with debian/openvpn.init.d: | ||
471 | 865 | - Make stop action reliable by killing if needed | ||
472 | 866 | (LP: #1274254, LP: #1200519) | ||
473 | 867 | - Use new path for status file (LP: #1261088) | ||
474 | 868 | |||
475 | 869 | -- Stéphane Graber <stgraber@ubuntu.com> Tue, 04 Feb 2014 09:31:39 -0500 | ||
476 | 870 | |||
477 | 871 | openvpn (2.3.2-7ubuntu2) trusty; urgency=medium | ||
478 | 872 | |||
479 | 873 | * Patch libtool.m4 and configure to support ppc64el. | ||
480 | 874 | |||
481 | 875 | -- Matthias Klose <doko@ubuntu.com> Mon, 30 Dec 2013 12:32:35 +0100 | ||
482 | 876 | |||
483 | 877 | openvpn (2.3.2-7ubuntu1) trusty; urgency=low | ||
484 | 878 | |||
485 | 879 | * Merge from Debian unstable. Remaining changes: | ||
486 | 880 | - debian/openvpn.init.d: | ||
487 | 881 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
488 | 882 | + Show per-VPN result messages. | ||
489 | 883 | + Add "--script-security 2" by default for backwards compatabliity. | ||
490 | 884 | - Demote easy-rsa to Suggests | ||
491 | 885 | |||
492 | 886 | -- Stéphane Graber <stgraber@ubuntu.com> Mon, 02 Dec 2013 18:14:42 -0500 | ||
493 | 887 | |||
494 | 520 | openvpn (2.3.2-7) unstable; urgency=low | 888 | openvpn (2.3.2-7) unstable; urgency=low |
495 | 521 | 889 | ||
496 | 522 | * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/. | 890 | * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/. |
497 | @@ -533,6 +901,17 @@ openvpn (2.3.2-6) unstable; urgency=low | |||
498 | 533 | 901 | ||
499 | 534 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 27 Nov 2013 13:58:33 +0100 | 902 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 27 Nov 2013 13:58:33 +0100 |
500 | 535 | 903 | ||
501 | 904 | openvpn (2.3.2-5ubuntu1) trusty; urgency=low | ||
502 | 905 | |||
503 | 906 | * Merge from Debian unstable. Remaining changes: | ||
504 | 907 | - debian/openvpn.init.d: | ||
505 | 908 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
506 | 909 | + Show per-VPN result messages. | ||
507 | 910 | + Add "--script-security 2" by default for backwards compatabliity. | ||
508 | 911 | - Demote easy-rsa to Suggests | ||
509 | 912 | |||
510 | 913 | -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 13:07:37 -0400 | ||
511 | 914 | |||
512 | 536 | openvpn (2.3.2-5) unstable; urgency=low | 915 | openvpn (2.3.2-5) unstable; urgency=low |
513 | 537 | 916 | ||
514 | 538 | * Patch init script to fix race conditions on restarts. | 917 | * Patch init script to fix race conditions on restarts. |
515 | @@ -542,6 +921,16 @@ openvpn (2.3.2-5) unstable; urgency=low | |||
516 | 542 | 921 | ||
517 | 543 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 15 Jul 2013 16:10:59 +0200 | 922 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 15 Jul 2013 16:10:59 +0200 |
518 | 544 | 923 | ||
519 | 924 | openvpn (2.3.2-4ubuntu1) saucy; urgency=low | ||
520 | 925 | |||
521 | 926 | * Merge from Debian unstable. Remaining changes: | ||
522 | 927 | - debian/openvpn.init.d: | ||
523 | 928 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
524 | 929 | + Show per-VPN result messages. | ||
525 | 930 | + Add "--script-security 2" by default for backwards compatabliity. | ||
526 | 931 | |||
527 | 932 | -- Stéphane Graber <stgraber@ubuntu.com> Tue, 09 Jul 2013 17:20:31 -0400 | ||
528 | 933 | |||
529 | 545 | openvpn (2.3.2-4) unstable; urgency=low | 934 | openvpn (2.3.2-4) unstable; urgency=low |
530 | 546 | 935 | ||
531 | 547 | * Fix depends on iproute to iproute2. | 936 | * Fix depends on iproute to iproute2. |
532 | @@ -574,6 +963,23 @@ openvpn (2.3.2-1) unstable; urgency=low | |||
533 | 574 | 963 | ||
534 | 575 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 03 Jun 2013 18:48:44 +0200 | 964 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 03 Jun 2013 18:48:44 +0200 |
535 | 576 | 965 | ||
536 | 966 | openvpn (2.3.1-2ubuntu2) saucy; urgency=low | ||
537 | 967 | |||
538 | 968 | * Move easy-rsa from Recommends to Suggests as it's not in main and isn't | ||
539 | 969 | actually required to operate an openvpn server. | ||
540 | 970 | |||
541 | 971 | -- Stéphane Graber <stgraber@ubuntu.com> Wed, 19 Jun 2013 14:37:54 -0400 | ||
542 | 972 | |||
543 | 973 | openvpn (2.3.1-2ubuntu1) saucy; urgency=low | ||
544 | 974 | |||
545 | 975 | * Merge from Debian unstable. Remaining changes: | ||
546 | 976 | - debian/openvpn.init.d: | ||
547 | 977 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
548 | 978 | + Show per-VPN result messages. | ||
549 | 979 | + Add "--script-security 2" by default for backwards compatabliity. | ||
550 | 980 | |||
551 | 981 | -- Stéphane Graber <stgraber@ubuntu.com> Fri, 24 May 2013 17:42:45 -0400 | ||
552 | 982 | |||
553 | 577 | openvpn (2.3.1-2) unstable; urgency=low | 983 | openvpn (2.3.1-2) unstable; urgency=low |
554 | 578 | 984 | ||
555 | 579 | * Add net-tools to Build-Depends. (Closes: #709108) | 985 | * Add net-tools to Build-Depends. (Closes: #709108) |
556 | @@ -601,6 +1007,32 @@ openvpn (2.3~rc1-1) experimental; urgency=low | |||
557 | 601 | 1007 | ||
558 | 602 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 05 Nov 2012 16:31:15 +0100 | 1008 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 05 Nov 2012 16:31:15 +0100 |
559 | 603 | 1009 | ||
560 | 1010 | openvpn (2.2.1-8ubuntu3) raring; urgency=low | ||
561 | 1011 | |||
562 | 1012 | [ Marc Gariépy ] | ||
563 | 1013 | * Add --script-security to the init.d script (was generated but not passed | ||
564 | 1014 | to openvpn). (LP: #1124398) | ||
565 | 1015 | |||
566 | 1016 | -- Stéphane Graber <stgraber@ubuntu.com> Wed, 13 Feb 2013 16:10:48 -0500 | ||
567 | 1017 | |||
568 | 1018 | openvpn (2.2.1-8ubuntu2) quantal; urgency=low | ||
569 | 1019 | |||
570 | 1020 | * Rebuild for new armel compiler default of ARMv5t. | ||
571 | 1021 | |||
572 | 1022 | -- Colin Watson <cjwatson@ubuntu.com> Mon, 08 Oct 2012 08:36:47 +0100 | ||
573 | 1023 | |||
574 | 1024 | openvpn (2.2.1-8ubuntu1) precise; urgency=low | ||
575 | 1025 | |||
576 | 1026 | * Merge at Simon Deziel's request to build with PIE. | ||
577 | 1027 | * Merge from Debian unstable. Remaining changes: | ||
578 | 1028 | + debian/openvpn.init.d: | ||
579 | 1029 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
580 | 1030 | - Show per-VPN result messages. | ||
581 | 1031 | - Add "--script-security 2" by default for backwards compatabliity. | ||
582 | 1032 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
583 | 1033 | |||
584 | 1034 | -- Stéphane Graber <stgraber@ubuntu.com> Fri, 30 Mar 2012 13:19:09 -0400 | ||
585 | 1035 | |||
586 | 604 | openvpn (2.2.1-8) unstable; urgency=low | 1036 | openvpn (2.2.1-8) unstable; urgency=low |
587 | 605 | 1037 | ||
588 | 606 | * Enable "PIE" and "BINDOW" hardening flags. | 1038 | * Enable "PIE" and "BINDOW" hardening flags. |
589 | @@ -625,6 +1057,17 @@ openvpn (2.2.1-6) unstable; urgency=low | |||
590 | 625 | 1057 | ||
591 | 626 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Mar 2012 13:44:50 +0100 | 1058 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Mar 2012 13:44:50 +0100 |
592 | 627 | 1059 | ||
593 | 1060 | openvpn (2.2.1-5ubuntu1) precise; urgency=low | ||
594 | 1061 | |||
595 | 1062 | * Merge from Debian unstable. Remaining changes: (LP: #907828) | ||
596 | 1063 | + debian/openvpn.init.d: | ||
597 | 1064 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
598 | 1065 | - Show per-VPN result messages. | ||
599 | 1066 | - Add "--script-security 2" by default for backwards compatabliity. | ||
600 | 1067 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
601 | 1068 | |||
602 | 1069 | -- Stéphane Graber <stgraber@ubuntu.com> Sat, 25 Feb 2012 21:08:48 -0500 | ||
603 | 1070 | |||
604 | 628 | openvpn (2.2.1-5) unstable; urgency=low | 1071 | openvpn (2.2.1-5) unstable; urgency=low |
605 | 629 | 1072 | ||
606 | 630 | * Avoid sending ICMP redirects when using tun devices and "subnet" | 1073 | * Avoid sending ICMP redirects when using tun devices and "subnet" |
607 | @@ -647,6 +1090,20 @@ openvpn (2.2.1-4) unstable; urgency=low | |||
608 | 647 | 1090 | ||
609 | 648 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 08 Feb 2012 16:31:32 +0100 | 1091 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 08 Feb 2012 16:31:32 +0100 |
610 | 649 | 1092 | ||
611 | 1093 | openvpn (2.2.1-3ubuntu1) precise; urgency=low | ||
612 | 1094 | |||
613 | 1095 | * Merge from Debian testing. Remaining changes: | ||
614 | 1096 | + debian/openvpn.init.d: | ||
615 | 1097 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
616 | 1098 | - Show per-VPN result messages. | ||
617 | 1099 | - Add "--script-security 2" by default for backwards compatabliity. | ||
618 | 1100 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
619 | 1101 | + debian/update-resolv-conf: Support multiple domains. | ||
620 | 1102 | + fix bug where '--script-security 2' would be passed for all | ||
621 | 1103 | daemons after the first. (LP: #794916) | ||
622 | 1104 | |||
623 | 1105 | -- Chuck Short <zulcss@ubuntu.com> Sat, 31 Dec 2011 04:55:56 +0000 | ||
624 | 1106 | |||
625 | 650 | openvpn (2.2.1-3) unstable; urgency=low | 1107 | openvpn (2.2.1-3) unstable; urgency=low |
626 | 651 | 1108 | ||
627 | 652 | * The iproute fiasco release. | 1109 | * The iproute fiasco release. |
628 | @@ -675,6 +1132,20 @@ openvpn (2.2.1-1) unstable; urgency=low | |||
629 | 675 | 1132 | ||
630 | 676 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 13 Dec 2011 11:04:22 +0100 | 1133 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 13 Dec 2011 11:04:22 +0100 |
631 | 677 | 1134 | ||
632 | 1135 | openvpn (2.2.0-2ubuntu1) oneiric; urgency=low | ||
633 | 1136 | |||
634 | 1137 | * Merge from debian unstable. Remaining changes: | ||
635 | 1138 | + debian/openvpn.init.d: | ||
636 | 1139 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
637 | 1140 | - Show per-VPN result messages. | ||
638 | 1141 | - Add "--script-security 2" by default for backwards compatabliity. | ||
639 | 1142 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
640 | 1143 | + debian/update-resolv-conf: Support multiple domains. | ||
641 | 1144 | + fix bug where '--script-security 2' would be passed for all | ||
642 | 1145 | daemons after the first. (LP: #794916 | ||
643 | 1146 | |||
644 | 1147 | -- Chuck Short <zulcss@ubuntu.com> Thu, 16 Jun 2011 18:33:37 +0100 | ||
645 | 1148 | |||
646 | 678 | openvpn (2.2.0-2) unstable; urgency=low | 1149 | openvpn (2.2.0-2) unstable; urgency=low |
647 | 679 | 1150 | ||
648 | 680 | * Upload to unstable | 1151 | * Upload to unstable |
649 | @@ -709,6 +1180,45 @@ openvpn (2.1.3-5) experimental; urgency=low | |||
650 | 709 | 1180 | ||
651 | 710 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:57:18 +0100 | 1181 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:57:18 +0100 |
652 | 711 | 1182 | ||
653 | 1183 | openvpn (2.1.3-4.1ubuntu2) oneiric; urgency=low | ||
654 | 1184 | |||
655 | 1185 | [Alexander Zielke] | ||
656 | 1186 | * fix bug where '--script-security 2' would be passed for all | ||
657 | 1187 | daemons after the first. (LP: #794916) | ||
658 | 1188 | |||
659 | 1189 | -- Scott Moser <smoser@ubuntu.com> Thu, 09 Jun 2011 13:59:08 -0400 | ||
660 | 1190 | |||
661 | 1191 | openvpn (2.1.3-4.1ubuntu1) oneiric; urgency=low | ||
662 | 1192 | |||
663 | 1193 | * Merge from debian unstable. Remaining changes: | ||
664 | 1194 | + debian/openvpn.init.d: | ||
665 | 1195 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
666 | 1196 | - Show per-VPN result messages. | ||
667 | 1197 | - Add "--script-security 2" by default for backwards compatabliity. | ||
668 | 1198 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
669 | 1199 | + debian/update-resolv-conf: Support multiple domains. | ||
670 | 1200 | |||
671 | 1201 | -- Chuck Short <zulcss@ubuntu.com> Tue, 17 May 2011 02:14:39 +0100 | ||
672 | 1202 | |||
673 | 1203 | openvpn (2.1.3-4.1) unstable; urgency=low | ||
674 | 1204 | |||
675 | 1205 | * Non-maintainer upload. | ||
676 | 1206 | * Drop hard-coded dependency on libssl0.9.8. (Closes: #623503) | ||
677 | 1207 | |||
678 | 1208 | -- Philipp Kern <pkern@debian.org> Mon, 09 May 2011 23:20:03 +0200 | ||
679 | 1209 | |||
680 | 1210 | openvpn (2.1.3-4ubuntu1) oneiric; urgency=low | ||
681 | 1211 | |||
682 | 1212 | * Merge from debian unstable. Remaining changes: | ||
683 | 1213 | + debian/openvpn.init.d: | ||
684 | 1214 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
685 | 1215 | - Show per-VPN result messages. | ||
686 | 1216 | - Add "--script-security 2" by default for backwards compatabliity. | ||
687 | 1217 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
688 | 1218 | + debian/update-resolv-conf: Support multiple domains. | ||
689 | 1219 | |||
690 | 1220 | -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Mar 2011 23:28:26 +0000 | ||
691 | 1221 | |||
692 | 712 | openvpn (2.1.3-4) unstable; urgency=low | 1222 | openvpn (2.1.3-4) unstable; urgency=low |
693 | 713 | 1223 | ||
694 | 714 | * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd. | 1224 | * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd. |
695 | @@ -731,6 +1241,31 @@ openvpn (2.1.3-3) unstable; urgency=low | |||
696 | 731 | 1241 | ||
697 | 732 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Mar 2011 13:08:12 +0100 | 1242 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Mar 2011 13:08:12 +0100 |
698 | 733 | 1243 | ||
699 | 1244 | openvpn (2.1.3-2ubuntu3) natty; urgency=low | ||
700 | 1245 | |||
701 | 1246 | * update-resolv-conf: Correctly handle multiple dns search domains, | ||
702 | 1247 | using the same logic as nameservers. Patch courtesy of Jeremy | ||
703 | 1248 | Zawodny. (LP: #662847) | ||
704 | 1249 | |||
705 | 1250 | -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Fri, 11 Mar 2011 00:23:59 +0000 | ||
706 | 1251 | |||
707 | 1252 | openvpn (2.1.3-2ubuntu2) natty; urgency=low | ||
708 | 1253 | |||
709 | 1254 | * update-resolv-conf: Support mulitple domains (LP: #714358) | ||
710 | 1255 | |||
711 | 1256 | -- Chuck Short <zulcss@ubuntu.com> Mon, 14 Feb 2011 15:21:46 -0500 | ||
712 | 1257 | |||
713 | 1258 | openvpn (2.1.3-2ubuntu1) natty; urgency=low | ||
714 | 1259 | |||
715 | 1260 | * Merge from debian unstable. Remaining changes: | ||
716 | 1261 | + debian/openvpn.init.d: | ||
717 | 1262 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
718 | 1263 | - Show per-VPN result messages. | ||
719 | 1264 | - Add "--script-security 2" by default for backwards compatabliity. | ||
720 | 1265 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
721 | 1266 | |||
722 | 1267 | -- Chuck Short <zulcss@ubuntu.com> Sat, 23 Oct 2010 01:59:28 +0100 | ||
723 | 1268 | |||
724 | 734 | openvpn (2.1.3-2) unstable; urgency=low | 1269 | openvpn (2.1.3-2) unstable; urgency=low |
725 | 735 | 1270 | ||
726 | 736 | * Applied upstream patch to solve random routes added when using | 1271 | * Applied upstream patch to solve random routes added when using |
727 | @@ -738,6 +1273,24 @@ openvpn (2.1.3-2) unstable; urgency=low | |||
728 | 738 | 1273 | ||
729 | 739 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 21 Oct 2010 12:21:33 +0200 | 1274 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 21 Oct 2010 12:21:33 +0200 |
730 | 740 | 1275 | ||
731 | 1276 | openvpn (2.1.3-1ubuntu2) natty; urgency=low | ||
732 | 1277 | |||
733 | 1278 | * Fix jjo-ipv6-support.patch to avoid assertion failure at socket.c:629 in | ||
734 | 1279 | corner cases where ! host && addr (LP: #627973) | ||
735 | 1280 | |||
736 | 1281 | -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Wed, 20 Oct 2010 16:22:25 +0200 | ||
737 | 1282 | |||
738 | 1283 | openvpn (2.1.3-1ubuntu1) natty; urgency=low | ||
739 | 1284 | |||
740 | 1285 | * Merge from debian unstable. Remaining changes: | ||
741 | 1286 | + debian/openvpn.init.d: | ||
742 | 1287 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
743 | 1288 | - Show per-VPN result messages. | ||
744 | 1289 | - Add "--script-security 2" by default for backwards compatablitiy | ||
745 | 1290 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
746 | 1291 | |||
747 | 1292 | -- Chuck Short <zulcss@ubuntu.com> Tue, 05 Oct 2010 06:21:14 +0100 | ||
748 | 1293 | |||
749 | 741 | openvpn (2.1.3-1) unstable; urgency=low | 1294 | openvpn (2.1.3-1) unstable; urgency=low |
750 | 742 | 1295 | ||
751 | 743 | * New upstream release (Closes: #595684) | 1296 | * New upstream release (Closes: #595684) |
752 | @@ -749,6 +1302,17 @@ openvpn (2.1.3-1) unstable; urgency=low | |||
753 | 749 | 1302 | ||
754 | 750 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Sep 2010 13:07:37 +0200 | 1303 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Sep 2010 13:07:37 +0200 |
755 | 751 | 1304 | ||
756 | 1305 | openvpn (2.1.0-3ubuntu1) maverick; urgency=low | ||
757 | 1306 | |||
758 | 1307 | * Merge from debian unstable. Remaining changes: | ||
759 | 1308 | + debian/openvpn.init.d: | ||
760 | 1309 | - Do not use start-stop-daemon and use </dev/null to avoid blocking boot | ||
761 | 1310 | - Show per-VPN result messages | ||
762 | 1311 | - Add "--script-security 2" by default for backwards compatablitiy | ||
763 | 1312 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
764 | 1313 | |||
765 | 1314 | -- Chuck Short <zulcss@ubuntu.com> Mon, 12 Jul 2010 09:39:43 -0400 | ||
766 | 1315 | |||
767 | 752 | openvpn (2.1.0-3) unstable; urgency=low | 1316 | openvpn (2.1.0-3) unstable; urgency=low |
768 | 753 | 1317 | ||
769 | 754 | * The 'happy birthday to me' release | 1318 | * The 'happy birthday to me' release |
770 | @@ -758,6 +1322,24 @@ openvpn (2.1.0-3) unstable; urgency=low | |||
771 | 758 | 1322 | ||
772 | 759 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Jul 2010 12:22:09 +0200 | 1323 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Jul 2010 12:22:09 +0200 |
773 | 760 | 1324 | ||
774 | 1325 | openvpn (2.1.0-2ubuntu2) maverick; urgency=low | ||
775 | 1326 | |||
776 | 1327 | * debian/patches/client_hang_when_server_dont_push.patch: Fix client hanging | ||
777 | 1328 | on PUSH_REQUEST when server does not push any option (LP: #579737) | ||
778 | 1329 | |||
779 | 1330 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 28 Jun 2010 10:45:23 +0200 | ||
780 | 1331 | |||
781 | 1332 | openvpn (2.1.0-2ubuntu1) maverick; urgency=low | ||
782 | 1333 | |||
783 | 1334 | * Merge from debian unstable. Remaining changes: | ||
784 | 1335 | + debian/openvpn.init.d: | ||
785 | 1336 | - Do not use start-stop-daemon and use </dev/null to avoid blocking boot | ||
786 | 1337 | - Show per-VPN result messages | ||
787 | 1338 | - Add "--script-security 2" by default for backwards compatablitiy | ||
788 | 1339 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
789 | 1340 | |||
790 | 1341 | -- Chuck Short <zulcss@ubuntu.com> Wed, 05 May 2010 03:06:19 +0100 | ||
791 | 1342 | |||
792 | 761 | openvpn (2.1.0-2) unstable; urgency=low | 1343 | openvpn (2.1.0-2) unstable; urgency=low |
793 | 762 | 1344 | ||
794 | 763 | * Patched ssl.[ch] to fix integer overflow. (Closes: #576827) | 1345 | * Patched ssl.[ch] to fix integer overflow. (Closes: #576827) |
795 | @@ -770,6 +1352,17 @@ openvpn (2.1.0-2) unstable; urgency=low | |||
796 | 770 | 1352 | ||
797 | 771 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Apr 2010 17:26:42 +0200 | 1353 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Apr 2010 17:26:42 +0200 |
798 | 772 | 1354 | ||
799 | 1355 | openvpn (2.1.0-1ubuntu1) lucid; urgency=low | ||
800 | 1356 | |||
801 | 1357 | * Merge from debian testing (LP: #509078), remaining changes: | ||
802 | 1358 | + debian/openvpn.init.d: | ||
803 | 1359 | - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot | ||
804 | 1360 | - Show per-VPN result messages | ||
805 | 1361 | - Add "--script-security 2" by default for backwards compatibility | ||
806 | 1362 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
807 | 1363 | |||
808 | 1364 | -- Jan Brinkmann <lucky@the-luckyduck.de> Fri, 22 Jan 2010 00:47:33 +0100 | ||
809 | 1365 | |||
810 | 773 | openvpn (2.1.0-1) unstable; urgency=low | 1366 | openvpn (2.1.0-1) unstable; urgency=low |
811 | 774 | 1367 | ||
812 | 775 | * New upstream release | 1368 | * New upstream release |
813 | @@ -807,6 +1400,20 @@ openvpn (2.1~rc20-3) unstable; urgency=low | |||
814 | 807 | 1400 | ||
815 | 808 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 04 Nov 2009 17:18:03 +0100 | 1401 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 04 Nov 2009 17:18:03 +0100 |
816 | 809 | 1402 | ||
817 | 1403 | openvpn (2.1~rc20-2ubuntu1) lucid; urgency=low | ||
818 | 1404 | |||
819 | 1405 | * Merge from debian testing, remaining changes: | ||
820 | 1406 | + debian/openvpn.init.d: | ||
821 | 1407 | - Do not use start-stop-daemon and use < /dev/null to avoid blocking | ||
822 | 1408 | boot. | ||
823 | 1409 | - show per-VPN result messages | ||
824 | 1410 | - add "--script-security 2" by default for backwards compatibility | ||
825 | 1411 | - Add lab-base >= 3.2-14 to allow status_of_proc() | ||
826 | 1412 | + Dropped debian/patches/redirect-gateway.patch: Already applied | ||
827 | 1413 | upstream. | ||
828 | 1414 | |||
829 | 1415 | -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 01:36:35 +0000 | ||
830 | 1416 | |||
831 | 810 | openvpn (2.1~rc20-2) unstable; urgency=low | 1417 | openvpn (2.1~rc20-2) unstable; urgency=low |
832 | 811 | 1418 | ||
833 | 812 | * init.d script: Added X-Interactive header. (Closes: #549424) | 1419 | * init.d script: Added X-Interactive header. (Closes: #549424) |
834 | @@ -831,6 +1438,25 @@ openvpn (2.1~rc19-2) unstable; urgency=low | |||
835 | 831 | 1438 | ||
836 | 832 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 30 Aug 2009 20:20:11 +0200 | 1439 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 30 Aug 2009 20:20:11 +0200 |
837 | 833 | 1440 | ||
838 | 1441 | openvpn (2.1~rc19-1ubuntu2) karmic; urgency=low | ||
839 | 1442 | |||
840 | 1443 | * debian/patches/redirect-gateway.patch: Fix regression introduced in | ||
841 | 1444 | 2.1rc17 that makes redirect-gateway (without options) to be ignored. | ||
842 | 1445 | Patch cherrypicked from upstream 2.1rc20 (SVN r5011), LP: #445695 | ||
843 | 1446 | |||
844 | 1447 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 13 Oct 2009 09:31:20 +0200 | ||
845 | 1448 | |||
846 | 1449 | openvpn (2.1~rc19-1ubuntu1) karmic; urgency=low | ||
847 | 1450 | |||
848 | 1451 | * Merge from debian unstable (LP: #404099), remaining changes: | ||
849 | 1452 | - debian/openvpn.init.d: | ||
850 | 1453 | - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot | ||
851 | 1454 | - show per-VPN result messages | ||
852 | 1455 | - add "--script-security 2" by default for backwards compatibility | ||
853 | 1456 | - Added lsb-base>=3.2-14 depend to allow status_of_proc() | ||
854 | 1457 | |||
855 | 1458 | -- Bhavani Shankar <right2bhavi@gmail.com> Fri, 24 Jul 2009 19:22:13 +0530 | ||
856 | 1459 | |||
857 | 834 | openvpn (2.1~rc19-1) unstable; urgency=low | 1460 | openvpn (2.1~rc19-1) unstable; urgency=low |
858 | 835 | 1461 | ||
859 | 836 | * New upstream version | 1462 | * New upstream version |
860 | @@ -840,6 +1466,17 @@ openvpn (2.1~rc19-1) unstable; urgency=low | |||
861 | 840 | 1466 | ||
862 | 841 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 Jul 2009 17:00:56 +0200 | 1467 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 Jul 2009 17:00:56 +0200 |
863 | 842 | 1468 | ||
864 | 1469 | openvpn (2.1~rc15-1ubuntu1) karmic; urgency=low | ||
865 | 1470 | |||
866 | 1471 | * Merge from debian unstable (LP: #372358), remaining changes: | ||
867 | 1472 | - debian/openvpn.init.d: | ||
868 | 1473 | - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot | ||
869 | 1474 | - show per-VPN result messages | ||
870 | 1475 | - add "--script-security 2" by default for backwards compatibility | ||
871 | 1476 | - Added lsb-base>=3.2-14 depend to allow status_of_proc() | ||
872 | 1477 | |||
873 | 1478 | -- Andres Rodriguez <andreserl@ubuntu.com> Tue, 05 May 2009 14:25:37 -0500 | ||
874 | 1479 | |||
875 | 843 | openvpn (2.1~rc15-1) unstable; urgency=low | 1480 | openvpn (2.1~rc15-1) unstable; urgency=low |
876 | 844 | 1481 | ||
877 | 845 | * New upstream version (Closes: #515575) | 1482 | * New upstream version (Closes: #515575) |
878 | @@ -859,6 +1496,33 @@ openvpn (2.1~rc15-1) unstable; urgency=low | |||
879 | 859 | 1496 | ||
880 | 860 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +0200 | 1497 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +0200 |
881 | 861 | 1498 | ||
882 | 1499 | openvpn (2.1~rc11-1ubuntu3) jaunty; urgency=low | ||
883 | 1500 | |||
884 | 1501 | * debian/openvpn.init.d: | ||
885 | 1502 | - Fix unexpected operator on startup (LP: #340120) | ||
886 | 1503 | |||
887 | 1504 | -- Michael Jeanson <mjeanson@revolutionlinux.com> Mon, 09 Mar 2009 16:02:50 -0400 | ||
888 | 1505 | |||
889 | 1506 | openvpn (2.1~rc11-1ubuntu2) intrepid; urgency=low | ||
890 | 1507 | |||
891 | 1508 | * debian/openvpn.init.d: | ||
892 | 1509 | - Revert fix from #454371 that was merged at 2.1~rc7-4 to prevent | ||
893 | 1510 | openvpn prompts from blocking the boot (LP: #280428) | ||
894 | 1511 | - Fix VPNs always reported started [ OK ] | ||
895 | 1512 | |||
896 | 1513 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Wed, 15 Oct 2008 17:12:54 +0200 | ||
897 | 1514 | |||
898 | 1515 | openvpn (2.1~rc11-1ubuntu1) intrepid; urgency=low | ||
899 | 1516 | |||
900 | 1517 | * Merge with Debian (LP: #279655), remaining diffs: | ||
901 | 1518 | - debian/openvpn.init.d: Added 'status' action to init script, show | ||
902 | 1519 | per-VPN result messages and add "--script-security 2" by default for | ||
903 | 1520 | backwards compatibility | ||
904 | 1521 | - debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc() | ||
905 | 1522 | * Fixes regression when calling commands with arguments (LP: #277447) | ||
906 | 1523 | |||
907 | 1524 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 07 Oct 2008 16:30:44 +0200 | ||
908 | 1525 | |||
909 | 862 | openvpn (2.1~rc11-1) unstable; urgency=low | 1526 | openvpn (2.1~rc11-1) unstable; urgency=low |
910 | 863 | 1527 | ||
911 | 864 | * New upstream version | 1528 | * New upstream version |
912 | @@ -879,6 +1543,23 @@ openvpn (2.1~rc10-1) unstable; urgency=low | |||
913 | 879 | 1543 | ||
914 | 880 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 Sep 2008 16:58:37 +0200 | 1544 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 Sep 2008 16:58:37 +0200 |
915 | 881 | 1545 | ||
916 | 1546 | openvpn (2.1~rc9-3ubuntu2) intrepid; urgency=low | ||
917 | 1547 | |||
918 | 1548 | * debian/openvpn.init.d: | ||
919 | 1549 | - Added 'status' action to init script (LP: #251641) | ||
920 | 1550 | - Restored per-VPN result messages by using log_action_begin_msg and | ||
921 | 1551 | one log_daemon_msg per VPN instead of log_progress_msg (LP: #264966) | ||
922 | 1552 | * debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc() | ||
923 | 1553 | |||
924 | 1554 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 09 Sep 2008 10:45:45 +0200 | ||
925 | 1555 | |||
926 | 1556 | openvpn (2.1~rc9-3ubuntu1) intrepid; urgency=low | ||
927 | 1557 | |||
928 | 1558 | * debian/openvpn.init.d: Add "--script-security 2" by default for backwards compatibility | ||
929 | 1559 | (LP: #260291) | ||
930 | 1560 | |||
931 | 1561 | -- Chuck Short <zulcss@ubuntu.com> Mon, 25 Aug 2008 10:20:31 -0400 | ||
932 | 1562 | |||
933 | 882 | openvpn (2.1~rc9-3) unstable; urgency=low | 1563 | openvpn (2.1~rc9-3) unstable; urgency=low |
934 | 883 | 1564 | ||
935 | 884 | * debian/rules: run ./configure with path to 'route', for | 1565 | * debian/rules: run ./configure with path to 'route', for |
936 | diff --git a/debian/control b/debian/control | |||
937 | index 63a8262..40ed491 100644 | |||
938 | --- a/debian/control | |||
939 | +++ b/debian/control | |||
940 | @@ -1,7 +1,8 @@ | |||
941 | 1 | Source: openvpn | 1 | Source: openvpn |
942 | 2 | Section: net | 2 | Section: net |
943 | 3 | Priority: optional | 3 | Priority: optional |
945 | 4 | Maintainer: Bernhard Schmidt <berni@debian.org> | 4 | Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
946 | 5 | XSBC-Original-Maintainer: Bernhard Schmidt <berni@debian.org> | ||
947 | 5 | Uploaders: Jörg Frings-Fürst <debian@jff.email> | 6 | Uploaders: Jörg Frings-Fürst <debian@jff.email> |
948 | 6 | Build-Depends: | 7 | Build-Depends: |
949 | 7 | debhelper-compat (= 12), | 8 | debhelper-compat (= 12), |
950 | @@ -39,8 +40,8 @@ Depends: | |||
951 | 39 | Suggests: | 40 | Suggests: |
952 | 40 | openssl, | 41 | openssl, |
953 | 41 | resolvconf, | 42 | resolvconf, |
956 | 42 | openvpn-systemd-resolved | 43 | openvpn-systemd-resolved, |
957 | 43 | Recommends: easy-rsa | 44 | easy-rsa |
958 | 44 | Description: virtual private network daemon | 45 | Description: virtual private network daemon |
959 | 45 | OpenVPN is an application to securely tunnel IP networks over a | 46 | OpenVPN is an application to securely tunnel IP networks over a |
960 | 46 | single UDP or TCP port. It can be used to access remote sites, make | 47 | single UDP or TCP port. It can be used to access remote sites, make |
961 | diff --git a/debian/openvpn@.service b/debian/openvpn@.service | |||
962 | index 945874b..6d59b13 100644 | |||
963 | --- a/debian/openvpn@.service | |||
964 | +++ b/debian/openvpn@.service | |||
965 | @@ -12,7 +12,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO | |||
966 | 12 | Type=notify | 12 | Type=notify |
967 | 13 | PrivateTmp=true | 13 | PrivateTmp=true |
968 | 14 | WorkingDirectory=/etc/openvpn | 14 | WorkingDirectory=/etc/openvpn |
970 | 15 | ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid | 15 | ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid |
971 | 16 | PIDFile=/run/openvpn/%i.pid | 16 | PIDFile=/run/openvpn/%i.pid |
972 | 17 | KillMode=process | 17 | KillMode=process |
973 | 18 | CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE | 18 | CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE |
974 | diff --git a/debian/patches/openvpn-fips-2.4.patch b/debian/patches/openvpn-fips-2.4.patch | |||
975 | 19 | new file mode 100644 | 19 | new file mode 100644 |
976 | index 0000000..1c4f068 | |||
977 | --- /dev/null | |||
978 | +++ b/debian/patches/openvpn-fips-2.4.patch | |||
979 | @@ -0,0 +1,90 @@ | |||
980 | 1 | Description: Use openssl FIPS flag to indicate MD5 use for PRF. | ||
981 | 2 | MD5 is not allowed in FIPS 140-2 except for PRF. OpenVPN needs | ||
982 | 3 | to send EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag to FIPS mode openssl | ||
983 | 4 | for PRF to indicate the exception. | ||
984 | 5 | Bug: https://community.openvpn.net/openvpn/ticket/725 | ||
985 | 6 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1807439 | ||
986 | 7 | Author: Stephan Mueller <stephan.mueller@atsec.com> | ||
987 | 8 | |||
988 | 9 | --- a/src/openvpn/crypto.c | ||
989 | 10 | +++ b/src/openvpn/crypto.c | ||
990 | 11 | @@ -849,7 +849,7 @@ init_key_ctx(struct key_ctx *ctx, const | ||
991 | 12 | if (kt->digest && kt->hmac_length > 0) | ||
992 | 13 | { | ||
993 | 14 | ctx->hmac = hmac_ctx_new(); | ||
994 | 15 | - hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest); | ||
995 | 16 | + hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest, 0); | ||
996 | 17 | |||
997 | 18 | msg(D_HANDSHAKE, | ||
998 | 19 | "%s: Using %d bit message hash '%s' for HMAC authentication", | ||
999 | 20 | --- a/src/openvpn/crypto_backend.h | ||
1000 | 21 | +++ b/src/openvpn/crypto_backend.h | ||
1001 | 22 | @@ -634,10 +634,11 @@ void hmac_ctx_free(hmac_ctx_t *ctx); | ||
1002 | 23 | * @param key The key to use for the HMAC | ||
1003 | 24 | * @param key_len The key length to use | ||
1004 | 25 | * @param kt Static message digest parameters | ||
1005 | 26 | + * @param prf_use Intended use for PRF in TLS protocol | ||
1006 | 27 | * | ||
1007 | 28 | */ | ||
1008 | 29 | void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_length, | ||
1009 | 30 | - const md_kt_t *kt); | ||
1010 | 31 | + const md_kt_t *kt, bool prf_use); | ||
1011 | 32 | |||
1012 | 33 | /* | ||
1013 | 34 | * Free the given HMAC context. | ||
1014 | 35 | --- a/src/openvpn/crypto_mbedtls.c | ||
1015 | 36 | +++ b/src/openvpn/crypto_mbedtls.c | ||
1016 | 37 | @@ -919,7 +919,7 @@ hmac_ctx_free(mbedtls_md_context_t *ctx) | ||
1017 | 38 | |||
1018 | 39 | void | ||
1019 | 40 | hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, int key_len, | ||
1020 | 41 | - const mbedtls_md_info_t *kt) | ||
1021 | 42 | + const mbedtls_md_info_t *kt, bool prf_use) | ||
1022 | 43 | { | ||
1023 | 44 | ASSERT(NULL != kt && NULL != ctx); | ||
1024 | 45 | |||
1025 | 46 | --- a/src/openvpn/crypto_openssl.c | ||
1026 | 47 | +++ b/src/openvpn/crypto_openssl.c | ||
1027 | 48 | @@ -1006,11 +1006,17 @@ hmac_ctx_free(HMAC_CTX *ctx) | ||
1028 | 49 | |||
1029 | 50 | void | ||
1030 | 51 | hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, | ||
1031 | 52 | - const EVP_MD *kt) | ||
1032 | 53 | + const EVP_MD *kt, bool prf_use) | ||
1033 | 54 | { | ||
1034 | 55 | ASSERT(NULL != kt && NULL != ctx); | ||
1035 | 56 | |||
1036 | 57 | HMAC_CTX_reset(ctx); | ||
1037 | 58 | + | ||
1038 | 59 | + /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not | ||
1039 | 60 | + * to be used anywhere else */ | ||
1040 | 61 | + if(kt == EVP_md5() && prf_use) | ||
1041 | 62 | + HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
1042 | 63 | + | ||
1043 | 64 | HMAC_Init_ex(ctx, key, key_len, kt, NULL); | ||
1044 | 65 | |||
1045 | 66 | /* make sure we used a big enough key */ | ||
1046 | 67 | --- a/src/openvpn/ntlm.c | ||
1047 | 68 | +++ b/src/openvpn/ntlm.c | ||
1048 | 69 | @@ -88,7 +88,7 @@ gen_hmac_md5(const uint8_t *data, int da | ||
1049 | 70 | const md_kt_t *md5_kt = md_kt_get("MD5"); | ||
1050 | 71 | hmac_ctx_t *hmac_ctx = hmac_ctx_new(); | ||
1051 | 72 | |||
1052 | 73 | - hmac_ctx_init(hmac_ctx, key, key_len, md5_kt); | ||
1053 | 74 | + hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0); | ||
1054 | 75 | hmac_ctx_update(hmac_ctx, data, data_len); | ||
1055 | 76 | hmac_ctx_final(hmac_ctx, result); | ||
1056 | 77 | hmac_ctx_cleanup(hmac_ctx); | ||
1057 | 78 | --- a/src/openvpn/ssl.c | ||
1058 | 79 | +++ b/src/openvpn/ssl.c | ||
1059 | 80 | @@ -1632,8 +1632,8 @@ tls1_P_hash(const md_kt_t *md_kt, | ||
1060 | 81 | int chunk = md_kt_size(md_kt); | ||
1061 | 82 | unsigned int A1_len = md_kt_size(md_kt); | ||
1062 | 83 | |||
1063 | 84 | - hmac_ctx_init(ctx, sec, sec_len, md_kt); | ||
1064 | 85 | - hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt); | ||
1065 | 86 | + hmac_ctx_init(ctx, sec, sec_len, md_kt, 1); | ||
1066 | 87 | + hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt, 1); | ||
1067 | 88 | |||
1068 | 89 | hmac_ctx_update(ctx,seed,seed_len); | ||
1069 | 90 | hmac_ctx_final(ctx, A1); | ||
1070 | diff --git a/debian/patches/series b/debian/patches/series | |||
1071 | index 55bae8e..12d3a83 100644 | |||
1072 | --- a/debian/patches/series | |||
1073 | +++ b/debian/patches/series | |||
1074 | @@ -5,3 +5,4 @@ openvpn-pkcs11warn.patch | |||
1075 | 5 | #kfreebsd_support.patch | 5 | #kfreebsd_support.patch |
1076 | 6 | match-manpage-and-command-help.patch | 6 | match-manpage-and-command-help.patch |
1077 | 7 | systemd.patch | 7 | systemd.patch |
1078 | 8 | openvpn-fips-2.4.patch | ||
1079 | diff --git a/debian/tests/server-setup-with-ca b/debian/tests/server-setup-with-ca | |||
1080 | index 58df2e9..08a879e 100755 | |||
1081 | --- a/debian/tests/server-setup-with-ca | |||
1082 | +++ b/debian/tests/server-setup-with-ca | |||
1083 | @@ -75,10 +75,10 @@ info "Check if Diffie-Hellman was initialized" | |||
1084 | 75 | cat $LOG_FILE | grep 'Diffie-Hellman initialized' | 75 | cat $LOG_FILE | grep 'Diffie-Hellman initialized' |
1085 | 76 | 76 | ||
1086 | 77 | info "Check if the $DEVICE is linked" | 77 | info "Check if the $DEVICE is linked" |
1088 | 78 | cat $LOG_FILE | grep "/sbin/ip link set dev $DEVICE up" | 78 | cat $LOG_FILE | grep "net_iface_up: set $DEVICE up" |
1089 | 79 | 79 | ||
1090 | 80 | info "Check if the network route was correctly configured" | 80 | info "Check if the network route was correctly configured" |
1092 | 81 | cat $LOG_FILE | grep "/sbin/ip route add $IP_NETWORK/24" | 81 | cat $LOG_FILE | grep "net_route_v4_add: $IP_NETWORK/24 via" |
1093 | 82 | 82 | ||
1094 | 83 | info "Check if the Initialization Sequence completed" | 83 | info "Check if the Initialization Sequence completed" |
1095 | 84 | cat $LOG_FILE | grep 'Initialization Sequence Completed' | 84 | cat $LOG_FILE | grep 'Initialization Sequence Completed' |
1096 | diff --git a/debian/tests/server-setup-with-static-key b/debian/tests/server-setup-with-static-key | |||
1097 | index 9ddaecd..8c0addf 100755 | |||
1098 | --- a/debian/tests/server-setup-with-static-key | |||
1099 | +++ b/debian/tests/server-setup-with-static-key | |||
1100 | @@ -50,10 +50,10 @@ info "Check if the $STATIC_KEY is used by OpenVPN" | |||
1101 | 50 | cat $LOG_FILE | grep "shared_secret_file = '$CONFIG_DIR/$STATIC_KEY'" | 50 | cat $LOG_FILE | grep "shared_secret_file = '$CONFIG_DIR/$STATIC_KEY'" |
1102 | 51 | 51 | ||
1103 | 52 | info "Check if the $DEVICE is linked" | 52 | info "Check if the $DEVICE is linked" |
1105 | 53 | cat $LOG_FILE | grep "/sbin/ip link set dev $DEVICE up" | 53 | cat $LOG_FILE | grep "net_iface_up: set $DEVICE up" |
1106 | 54 | 54 | ||
1107 | 55 | info "Check if the specified IP addresses were configured" | 55 | info "Check if the specified IP addresses were configured" |
1109 | 56 | cat $LOG_FILE | grep "/sbin/ip addr add dev tun0 local $IP_SERVER peer $IP_CLIENT" | 56 | cat $LOG_FILE | grep "net_addr_ptp_v4_add: $IP_SERVER peer $IP_CLIENT dev tun0" |
1110 | 57 | 57 | ||
1111 | 58 | # Clean up: kill tha OpenVPN process, remove the $DEVICE created and $STATIC_KEY | 58 | # Clean up: kill tha OpenVPN process, remove the $DEVICE created and $STATIC_KEY |
1112 | 59 | cleanup() { | 59 | cleanup() { |
* Changelog:
- [√] old content and logical tag match as expected
- [√] changelog entry correct version and targeted codename
- [√] changelog entries correct
- [√] update-maintainer has been run
* Actual changes:
- [√] no upstream changes to consider
- [√] no further upstream version to consider
- [√] debian changes look safe
* Old Delta:
- [-] dropped changes are ok to be dropped
- [√] nothing else to drop
- [√] changes forwarded upstream/debian (if appropriate)
* New Delta: patches/ series
- [√] no new patches added
- [-] patches match what was proposed upstream
- [-] patches correctly included in debian/
- [-] patches have correct DEP3 metadata
* Build/Test:
- [√] build is ok
- [√] verified PPA package installs/uninstalls
- [√] autopkgtest against the PPA package passes
- [√] sanity checks test fine
LGTM, +1.
I am going to sponsor this upload for you, please track its migration to the release pocket.