Ubuntu
openvpn package

Merge ~utkarsh/ubuntu/+source/openvpn:merge-lp1917438-hirsute into ubuntu/+source/openvpn:debian/sid

  1. Git
  2. lp:~utkarsh/ubuntu/+source/openvpn
  3. merge-lp1917438-hirsute
  4. Merge into debian/sid
Proposed by Utkarsh Gupta
Status: Merged
Approved by: Lucas Kanashiro
Approved revision: 36550535eb0463f8b89e93144386c8a11333090e
Merge reported by: Bryce Harrington
Merged at revision: 36550535eb0463f8b89e93144386c8a11333090e
Proposed branch: ~utkarsh/ubuntu/+source/openvpn:merge-lp1917438-hirsute
Merge into: ubuntu/+source/openvpn:debian/sid
Diff against target: 1112 lines (+782/-9)
7 files modified
debian/changelog (+682/-1)
debian/control (+4/-3)
debian/openvpn@.service (+1/-1)
debian/patches/openvpn-fips-2.4.patch (+90/-0)
debian/patches/series (+1/-0)
debian/tests/server-setup-with-ca (+2/-2)
debian/tests/server-setup-with-static-key (+2/-2)
Reviewer Review Type Date Requested Status
Lucas Kanashiro (community) Approve
Canonical Server packageset reviewers Pending
Canonical Server Pending
Review via email: mp+398987@code.launchpad.net

Description of the change

Hey,

This MP is a merge with what's in Debian sid (which is a bux fix release from upstream),

PPA could be found at: https://launchpad.net/~utkarsh/+archive/ubuntu/openvpn-merge-1917438

Tests passing:
```
autopkgtest [19:48:45]: test server-setup-with-static-key: -----------------------]
autopkgtest [19:48:46]: test server-setup-with-static-key: - - - - - - - - - - results - - - - - - - - - -
server-setup-with-static-key PASS
autopkgtest [19:48:46]: @@@@@@@@@@@@@@@@@@@@ summary
server-setup-with-ca PASS
server-setup-with-static-key PASS
```

Requesting you to review and upload the same. TIA! :)

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

* Changelog:
  - [√] old content and logical tag match as expected
  - [√] changelog entry correct version and targeted codename
  - [√] changelog entries correct
  - [√] update-maintainer has been run

* Actual changes:
  - [√] no upstream changes to consider
  - [√] no further upstream version to consider
  - [√] debian changes look safe

* Old Delta:
  - [-] dropped changes are ok to be dropped
  - [√] nothing else to drop
  - [√] changes forwarded upstream/debian (if appropriate)

* New Delta:
  - [√] no new patches added
  - [-] patches match what was proposed upstream
  - [-] patches correctly included in debian/patches/series
  - [-] patches have correct DEP3 metadata

* Build/Test:
  - [√] build is ok
  - [√] verified PPA package installs/uninstalls
  - [√] autopkgtest against the PPA package passes
  - [√] sanity checks test fine

LGTM, +1.

I am going to sponsor this upload for you, please track its migration to the release pocket.

review: Approve
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Uploaded:

$ git push pkg upload/2.5.1-1ubuntu1
Enumerating objects: 43, done.
Counting objects: 100% (43/43), done.
Delta compression using up to 8 threads
Compressing objects: 100% (28/28), done.
Writing objects: 100% (33/33), 10.41 KiB | 1.49 MiB/s, done.
Total 33 (delta 23), reused 6 (delta 5), pack-reused 0
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openvpn
 * [new tag] upload/2.5.1-1ubuntu1 -> upload/2.5.1-1ubuntu1
$ dput ubuntu ../openvpn_2.5.1-1ubuntu1_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: ../openvpn_2.5.1-1ubuntu1_source.changes: Valid signature from F823A2729883C97C
Checking signature on .dsc
gpg: ../openvpn_2.5.1-1ubuntu1.dsc: Valid signature from F823A2729883C97C
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openvpn_2.5.1-1ubuntu1.dsc: done.
  Uploading openvpn_2.5.1-1ubuntu1.debian.tar.xz: done.
  Uploading openvpn_2.5.1-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Bryce Harrington (bryce) wrote :

This has migrated

* openvpn: merge-lp1917438-hirsute -> debian/sid
  - Source Package: openvpn
  - Current Version: 2.5.1-1ubuntu1
  - Debian Version: 2.5.1-1
  - New Version: 2.5.1-1ubuntu1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 0636869..845db0b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,44 @@
1openvpn (2.5.1-1ubuntu1) hirsute; urgency=medium
2
3 * Merge with Debian unstable (LP: #1917438). Remaining changes:
4 - d/control: Demote easy-rsa to Suggests (universe package).
5 - debian/openvpn@.service: Add '--script-security 2' similar to what
6 got added to debian/openvpn.init.d ages ago (LP #1454725)
7 - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
8 + d/t/server-setup-*: adapt tests to output of v2.5.0
9
10 -- Utkarsh Gupta <utkarsh.gupta@canonical.com> Tue, 02 Mar 2021 16:35:37 +0530
11
1openvpn (2.5.1-1) unstable; urgency=medium12openvpn (2.5.1-1) unstable; urgency=medium
213
3 * New upstream version 2.5.1 (bugfix release)14 * New upstream version 2.5.1 (bugfix release)
415
5 -- Bernhard Schmidt <berni@debian.org> Wed, 24 Feb 2021 19:54:34 +010016 -- Bernhard Schmidt <berni@debian.org> Wed, 24 Feb 2021 19:54:34 +0100
617
18openvpn (2.5.0-1ubuntu1) hirsute; urgency=medium
19
20 * Merge with Debian unstable. Remaining changes:
21 - d/control: Demote easy-rsa to Suggests (universe package).
22 - debian/openvpn@.service: Add '--script-security 2' similar to what
23 got added to debian/openvpn.init.d ages ago (LP #1454725)
24 - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
25 [updated to match 2.5.0]
26 * Dropped changes [in Debian since 2.5~beta3-1]
27 - d/tests: add two DEP-8 test cases
28 + d/t/server-setup-with-static-key: test the OpenVPN server side setup
29 using a static key.
30 + d/t/server-setup-with-ca: test the OpenVPN server side setup using a
31 CA built with easy-rsa.
32 - d/openvpn*.service: Drop reload support from systemd unit files
33 (LP #1868127). The current reload implementation (sending a SIGHUP
34 signal to the process) fails, and the difference between reload and
35 restart is not clear. Systemd does not require an implementation for
36 reload.
37 * Added Changes:
38 - d/t/server-setup-*: adapt tests to output of v2.5.0
39
40 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 01 Dec 2020 16:15:12 +0100
41
7openvpn (2.5.0-1) unstable; urgency=medium42openvpn (2.5.0-1) unstable; urgency=medium
843
9 * New upstream version 2.5.0 - final release44 * New upstream version 2.5.0 - final release
@@ -29,7 +64,7 @@ openvpn (2.5~beta3-1) unstable; urgency=medium
2964
30 [ Lucas Kanashiro ]65 [ Lucas Kanashiro ]
31 * Add two DEP-8 test cases for the server side66 * Add two DEP-8 test cases for the server side
32 * Drop reload support from systemd unit files (LP: #1868127)67 * Drop reload support from systemd unit files (LP 1868127)
3368
34 [ Bernhard Schmidt ]69 [ Bernhard Schmidt ]
35 * Revert "d/gbp.conf for experimental 2.5 branch"70 * Revert "d/gbp.conf for experimental 2.5 branch"
@@ -59,6 +94,26 @@ openvpn (2.5~beta1-1) experimental; urgency=medium
5994
60 -- Bernhard Schmidt <berni@debian.org> Sat, 15 Aug 2020 21:32:49 +020095 -- Bernhard Schmidt <berni@debian.org> Sat, 15 Aug 2020 21:32:49 +0200
6196
97openvpn (2.4.9-3ubuntu1) groovy; urgency=medium
98
99 * Merge with Debian unstable. Remaining changes:
100 - d/control: Demote easy-rsa to Suggests (universe package).
101 - debian/openvpn@.service: Add '--script-security 2' similar to what
102 got added to debian/openvpn.init.d ages ago (LP #1454725)
103 - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
104 - d/tests: add two DEP-8 test cases
105 + d/t/server-setup-with-static-key: test the OpenVPN server side setup
106 using a static key.
107 + d/t/server-setup-with-ca: test the OpenVPN server side setup using a
108 CA built with easy-rsa.
109 - d/openvpn*.service: Drop reload support from systemd unit files
110 (LP #1868127). The current reload implementation (sending a SIGHUP
111 signal to the process) fails, and the difference between reload and
112 restart is not clear. Systemd does not require an implementation for
113 reload.
114
115 -- Lucas Kanashiro <kanashiro@ubuntu.com> Tue, 18 Aug 2020 08:42:11 -0300
116
62openvpn (2.4.9-3) unstable; urgency=medium117openvpn (2.4.9-3) unstable; urgency=medium
63118
64 [ Jörg Frings-Fürst ]119 [ Jörg Frings-Fürst ]
@@ -77,6 +132,28 @@ openvpn (2.4.9-3) unstable; urgency=medium
77132
78 -- Jörg Frings-Fürst <debian@jff.email> Sat, 02 May 2020 18:14:36 +0200133 -- Jörg Frings-Fürst <debian@jff.email> Sat, 02 May 2020 18:14:36 +0200
79134
135openvpn (2.4.9-2ubuntu2) groovy; urgency=medium
136
137 * Drop reload support from systemd unit files (LP: #1868127)
138
139 -- Lucas Kanashiro <kanashiro@ubuntu.com> Tue, 26 May 2020 19:04:33 -0300
140
141openvpn (2.4.9-2ubuntu1) groovy; urgency=medium
142
143 * Merge with Debian unstable. Remaining changes:
144 - d/control: Demote easy-rsa to Suggests (universe package).
145 - debian/openvpn@.service: Add '--script-security 2' similar to what
146 got added to debian/openvpn.init.d ages ago (LP 1454725)
147 - Allow MD5 for PRF in FIPS mode openssl.
148 * Added changes:
149 - d/tests: add two DEP-8 test cases
150 + d/t/server-setup-with-static-key: test the OpenVPN server side setup
151 using a static key.
152 + d/t/server-setup-with-ca: test the OpenVPN server side setup using a
153 CA built with easy-rsa.
154
155 -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Wed, 29 Apr 2020 15:35:56 -0300
156
80openvpn (2.4.9-2) unstable; urgency=medium157openvpn (2.4.9-2) unstable; urgency=medium
81158
82 * Cherry-Pick upstream patch to fix ssl_do_config error with159 * Cherry-Pick upstream patch to fix ssl_do_config error with
@@ -112,6 +189,28 @@ openvpn (2.4.9-1) unstable; urgency=medium
112189
113 -- Bernhard Schmidt <berni@debian.org> Sun, 19 Apr 2020 15:52:57 +0200190 -- Bernhard Schmidt <berni@debian.org> Sun, 19 Apr 2020 15:52:57 +0200
114191
192openvpn (2.4.7-1ubuntu2) eoan; urgency=medium
193
194 * No-change upload with strops.h and sys/strops.h removed in glibc.
195
196 -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:05:25 +0000
197
198openvpn (2.4.7-1ubuntu1) eoan; urgency=medium
199
200 * Merge with Debian unstable (LP: #1828771). Remaining changes:
201 - d/control: Demote easy-rsa to Suggests (universe package).
202 - debian/openvpn@.service: Add '--script-security 2' similar to what got
203 added to debian/openvpn.init.d ages ago (LP 1454725)
204 - d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF.
205 (LP 1807439)
206 * Dropped changes:
207 - d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout
208 scripts breaking due to sudo/pam being unable to audit the action.
209 Fixed in upstream issue #918, suggested to Debian in #868806 (LP 1787208)
210 [in Debian now]
211
212 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 13 May 2019 15:55:22 +0200
213
115openvpn (2.4.7-1) unstable; urgency=medium214openvpn (2.4.7-1) unstable; urgency=medium
116215
117 [ Bernhard Schmidt ]216 [ Bernhard Schmidt ]
@@ -131,6 +230,30 @@ openvpn (2.4.7-1) unstable; urgency=medium
131230
132 -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100231 -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100
133232
233openvpn (2.4.6-1ubuntu3) disco; urgency=medium
234
235 * d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF.
236 (LP: #1807439)
237
238 -- Joy Latten <joy.latten@canonical.com> Wed, 09 Jan 2019 12:25:59 -0600
239
240openvpn (2.4.6-1ubuntu2) cosmic; urgency=medium
241
242 * d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout
243 scripts breaking due to sudo/pam being unable to audit the action.
244 Fixed in upstream issue #918, suggested to Debian in #868806 (LP: #1787208)
245
246 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Sep 2018 10:57:35 +0200
247
248openvpn (2.4.6-1ubuntu1) cosmic; urgency=medium
249
250 * Merge with Debian unstable. Remaining changes:
251 - d/control: Demote easy-rsa to Suggests (universe package).
252 - debian/openvpn@.service: Add '--script-security 2' similar to what got
253 added to debian/openvpn.init.d ages ago (LP 1454725)
254
255 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 13:30:20 +0200
256
134openvpn (2.4.6-1) unstable; urgency=medium257openvpn (2.4.6-1) unstable; urgency=medium
135258
136 [ Jörg Frings-Fürst ]259 [ Jörg Frings-Fürst ]
@@ -174,6 +297,15 @@ openvpn (2.4.5-1) unstable; urgency=medium
174297
175 -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100298 -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100
176299
300openvpn (2.4.4-2ubuntu1) bionic; urgency=low
301
302 * Sync with Debian. Remaining changes:
303 - debian/openvpn@.service: Add "--script-security 2" similar to what got
304 added to debian/openvpn.init.d ages ago (LP: #1454725)
305 - Demote easy-rsa to Suggests (universe package).
306
307 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 10 Feb 2018 20:27:56 +0000
308
177openvpn (2.4.4-2) unstable; urgency=medium309openvpn (2.4.4-2) unstable; urgency=medium
178310
179 * Build against OpenSSL 1.1.0 (Closes: #828477)311 * Build against OpenSSL 1.1.0 (Closes: #828477)
@@ -181,6 +313,15 @@ openvpn (2.4.4-2) unstable; urgency=medium
181313
182 -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100314 -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100
183315
316openvpn (2.4.4-1ubuntu1) bionic; urgency=medium
317
318 * Sync with Debian. Remaining changes:
319 - debian/openvpn@.service: Add "--script-security 2" similar to what got
320 added to debian/openvpn.init.d ages ago (LP: #1454725)
321 - Demote easy-rsa to Suggests (universe package).
322
323 -- Jeremy Bicha <jbicha@ubuntu.com> Sat, 28 Oct 2017 15:13:58 -0400
324
184openvpn (2.4.4-1) unstable; urgency=medium325openvpn (2.4.4-1) unstable; urgency=medium
185326
186 [ Jörg Frings-Fürst ]327 [ Jörg Frings-Fürst ]
@@ -302,6 +443,65 @@ openvpn (2.4.0-5) unstable; urgency=high
302443
303 -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 May 2017 14:15:21 +0200444 -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 May 2017 14:15:21 +0200
304445
446openvpn (2.4.0-4ubuntu1.3) zesty-security; urgency=medium
447
448 * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
449 - debian/patches/CVE-2017-7508.patch: remove assert in
450 src/openvpn/mss.c.
451 - CVE-2017-7508
452 * SECURITY UPDATE: Remote-triggerable memory leaks
453 - debian/patches/CVE-2017-7512.patch: fix leaks in
454 src/openvpn/ssl_verify_openssl.c.
455 - CVE-2017-7512
456 * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
457 for clients
458 - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
459 OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
460 - CVE-2017-7520
461 * SECURITY UPDATE: Potential double-free in --x509-alt-username and
462 memory leaks
463 - debian/patches/CVE-2017-7521.patch: fix double-free in
464 src/openvpn/ssl_verify_openssl.c.
465 - CVE-2017-7521
466 * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
467 - debian/patches/establish_http_proxy_passthru_dos.patch: fix
468 null-pointer dereference in src/openvpn/proxy.c.
469 - No CVE number
470
471 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 22 Jun 2017 08:37:49 -0400
472
473openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium
474
475 * SECURITY UPDATE: pre-authentication denial-of-service vulnerability
476 (both client and server) from a too-large control packet.
477 - debian/patches/CVE-2017-7478.patch: Do not assert on too-large
478 control packet
479 - CVE-2017-7478
480 * SECURITY UPDATE: authenticated remote DoS vulnerability due to
481 packet ID rollover
482 - debian/patches/CVE-2017-7479-prereq.patch: merge
483 packet_id_alloc_outgoing() into packet_id_write()
484 - debian/patches/CVE-2017-7478.patch: do not assert when packet ID
485 rollover occurs
486 - CVE-2017-7478
487 * SECURITY UPDATE: auth tokens left in memory after de-auth
488 - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
489 as soon as a TLS session is considered broken.
490
491 -- Steve Beattie <sbeattie@ubuntu.com> Wed, 10 May 2017 15:21:05 -0700
492
493openvpn (2.4.0-4ubuntu1) zesty; urgency=medium
494
495 * Merge with Debian unstable. Remaining Ubuntu changes:
496 - debian/openvpn@.service: Add "--script-security 2" similar to what got
497 added to debian/openvpn.init.d ages ago (LP: #1454725)
498 - Demote easy-rsa to Suggests (universe package).
499 * Drop:
500 - debian/control: Actually drop the initscripts dependency.
501 (Closes: #804968). Already in Debian
502
503 -- Jon Grimm <jon.grimm@canonical.com> Fri, 10 Feb 2017 12:16:57 -0600
504
305openvpn (2.4.0-4) unstable; urgency=medium505openvpn (2.4.0-4) unstable; urgency=medium
306506
307 * Add NEWS entries on possible 2.4 migration issues.507 * Add NEWS entries on possible 2.4 migration issues.
@@ -371,6 +571,24 @@ openvpn (2.3.11-2) unstable; urgency=medium
371571
372 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 23 May 2016 09:55:30 +0200572 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 23 May 2016 09:55:30 +0200
373573
574openvpn (2.3.11-1ubuntu2) yakkety; urgency=medium
575
576 * debian/control: Actually drop the initscripts dependency.
577 (Closes: #804968)
578
579 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 22 Jun 2016 16:54:51 +0200
580
581openvpn (2.3.11-1ubuntu1) yakkety; urgency=medium
582
583 * Merge with Debian unstable. Remaining Ubuntu changes:
584 - debian/openvpn@.service: Add "--script-security 2" similar to what got
585 added to debian/openvpn.init.d ages ago (see LP: #260291).
586 - Demote easy-rsa to Suggests (universe package).
587 * Drop intrusive changes (showing per-VPN result messages) from
588 debian/openvpn.init.d. This isn't being used under systemd.
589
590 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 20 May 2016 17:30:27 +0200
591
374openvpn (2.3.11-1) unstable; urgency=medium592openvpn (2.3.11-1) unstable; urgency=medium
375593
376 * New upstream release.594 * New upstream release.
@@ -382,6 +600,25 @@ openvpn (2.3.11-1) unstable; urgency=medium
382600
383 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2016 17:41:53 +0200601 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2016 17:41:53 +0200
384602
603openvpn (2.3.10-1ubuntu2) xenial; urgency=medium
604
605 * debian/openvpn@.service: Add --script-security similar to what got added
606 to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725)
607
608 -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 02 Feb 2016 13:33:39 +0100
609
610openvpn (2.3.10-1ubuntu1) xenial; urgency=medium
611
612 * Merge with Debian unstable (LP: #1536568). Remaining Ubuntu changes:
613 - debian/openvpn.init.d:
614 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
615 + Show per-VPN result messages.
616 + Add "--script-security 2" by default for backwards compatabliity.
617 (LP #260291)
618 - Demote easy-rsa to Suggests
619
620 -- Gianfranco Costamagna <locutusofborg@debian.org> Thu, 21 Jan 2016 11:37:08 +0100
621
385openvpn (2.3.10-1) unstable; urgency=medium622openvpn (2.3.10-1) unstable; urgency=medium
386623
387 * New upstream release. (Closes: #804368)624 * New upstream release. (Closes: #804368)
@@ -400,6 +637,21 @@ openvpn (2.3.10-1) unstable; urgency=medium
400637
401 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100638 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100
402639
640openvpn (2.3.8-1ubuntu1) xenial; urgency=medium
641
642 * Merge with Debian unstable. Remaining Ubuntu changes:
643 - debian/openvpn.init.d:
644 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
645 + Show per-VPN result messages.
646 + Add "--script-security 2" by default for backwards compatabliity.
647 - Demote easy-rsa to Suggests
648 - Run openvpn@.service before systemd-user-sessions.service to avoid
649 gettys and lightdm starting on top of possible password prompts. This
650 provides the equivalent of the init.d script's X-Start-Before:.
651 (Closes: #803032)
652
653 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 04 Jan 2016 11:48:31 +0100
654
403openvpn (2.3.8-1) unstable; urgency=medium655openvpn (2.3.8-1) unstable; urgency=medium
404656
405 * New upstream release. Drop patch from 2.3.7-2.657 * New upstream release. Drop patch from 2.3.7-2.
@@ -413,6 +665,21 @@ openvpn (2.3.8-1) unstable; urgency=medium
413665
414 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Oct 2015 17:34:26 +0100666 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Oct 2015 17:34:26 +0100
415667
668openvpn (2.3.7-2ubuntu1) xenial; urgency=medium
669
670 * Merge with Debian unstable. Remaining Ubuntu changes:
671 - debian/openvpn.init.d:
672 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
673 + Show per-VPN result messages.
674 + Add "--script-security 2" by default for backwards compatabliity.
675 - Demote easy-rsa to Suggests
676 - Run openvpn@.service before systemd-user-sessions.service to avoid
677 gettys and lightdm starting on top of possible password prompts. This
678 provides the equivalent of the init.d script's X-Start-Before:.
679 (Closes: #803032)
680
681 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 26 Oct 2015 09:32:31 +0100
682
416openvpn (2.3.7-2) unstable; urgency=medium683openvpn (2.3.7-2) unstable; urgency=medium
417684
418 * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev.685 * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev.
@@ -423,6 +690,20 @@ openvpn (2.3.7-2) unstable; urgency=medium
423690
424 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 08 Sep 2015 08:23:19 +0000691 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 08 Sep 2015 08:23:19 +0000
425692
693openvpn (2.3.7-1ubuntu1) wily; urgency=medium
694
695 * Merge with Debian unstable. Remaining Ubuntu changes:
696 - debian/openvpn.init.d:
697 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
698 + Show per-VPN result messages.
699 + Add "--script-security 2" by default for backwards compatabliity.
700 - Demote easy-rsa to Suggests
701 - Run openvpn@.service before systemd-user-sessions.service to avoid
702 gettys and lightdm starting on top of possible password prompts. This
703 provides the equivalent of the init.d script's X-Start-Before:.
704
705 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 08 Jul 2015 12:28:54 +0200
706
426openvpn (2.3.7-1) unstable; urgency=medium707openvpn (2.3.7-1) unstable; urgency=medium
427708
428 * New upstream version709 * New upstream version
@@ -444,6 +725,20 @@ openvpn (2.3.5-1) unstable; urgency=medium
444725
445 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Oct 2014 17:44:06 +0100726 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Oct 2014 17:44:06 +0100
446727
728openvpn (2.3.4-5ubuntu1) wily; urgency=medium
729
730 * Merge with Debian unstable. Remaining Ubuntu changes:
731 - debian/openvpn.init.d:
732 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
733 + Show per-VPN result messages.
734 + Add "--script-security 2" by default for backwards compatabliity.
735 - Demote easy-rsa to Suggests
736 - Run openvpn@.service before systemd-user-sessions.service to avoid
737 gettys and lightdm starting on top of possible password prompts. This
738 provides the equivalent of the init.d script's X-Start-Before:.
739
740 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 07 May 2015 15:35:52 +0200
741
447openvpn (2.3.4-5) unstable; urgency=high742openvpn (2.3.4-5) unstable; urgency=high
448743
449 * Apply upstream patch that fixes possible DoS by authenticated744 * Apply upstream patch that fixes possible DoS by authenticated
@@ -502,6 +797,52 @@ openvpn (2.3.3-1) experimental; urgency=medium
502797
503 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 19:40:12 +0100798 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 19:40:12 +0100
504799
800openvpn (2.3.2-9ubuntu4) vivid; urgency=medium
801
802 * Run openvpn@.service before systemd-user-sessions.service to avoid gettys
803 and lightdm starting on top of possible password prompts. This provides
804 the equivalent of the init.d script's X-Start-Before:.
805
806 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 13 Apr 2015 16:09:01 -0500
807
808openvpn (2.3.2-9ubuntu3) vivid; urgency=medium
809
810 * Add better_systemd_detection.patch to avoid calling systemd-ask-password
811 under upstart. Backported from upstream. (Closes: #747265)
812 * Add systemd unit and generator from current Debian package. This avoids
813 using the init.d script, which unnecessarily blocks lightdm startup on the
814 network becoming online even if there are no auto-start connections
815 (LP: #1443489).
816
817 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 13 Apr 2015 11:22:56 -0500
818
819openvpn (2.3.2-9ubuntu2) vivid; urgency=medium
820
821 * SECURITY UPDATE: server denial of service via too-short control channel
822 packets
823 - debian/patches/CVE-2014-8104.patch: drop too-short control channel
824 packets instead of asserting out in src/openvpn/ssl.c.
825 - CVE-2014-8104
826 * debian/patches/update_certs.patch: update test certs to fix FTBFS.
827
828 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Dec 2014 15:26:58 -0500
829
830openvpn (2.3.2-9ubuntu1) utopic; urgency=medium
831
832 * Merge from Debian unstable. Remaining changes:
833 - debian/openvpn.init.d:
834 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
835 + Show per-VPN result messages.
836 + Add "--script-security 2" by default for backwards compatabliity.
837 - Demote easy-rsa to Suggests
838 - Patch libtool.m4 and configure to support ppc64el.
839 - Refresh delta with debian/openvpn.init.d:
840 + Make stop action reliable by killing if needed
841 (LP: #1274254, LP: #1200519)
842 + Use new path for status file (LP: #1261088)
843
844 -- Stéphane Graber <stgraber@ubuntu.com> Fri, 02 May 2014 16:00:55 -0400
845
505openvpn (2.3.2-9) unstable; urgency=medium846openvpn (2.3.2-9) unstable; urgency=medium
506847
507 * Create /run/openvpn in init script even if no VPN is848 * Create /run/openvpn in init script even if no VPN is
@@ -517,6 +858,33 @@ openvpn (2.3.2-8) unstable; urgency=medium
517858
518 -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 14 Mar 2014 12:59:57 +0100859 -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 14 Mar 2014 12:59:57 +0100
519860
861openvpn (2.3.2-7ubuntu3) trusty; urgency=medium
862
863 [ Simon Deziel ]
864 * Refresh delta with debian/openvpn.init.d:
865 - Make stop action reliable by killing if needed
866 (LP: #1274254, LP: #1200519)
867 - Use new path for status file (LP: #1261088)
868
869 -- Stéphane Graber <stgraber@ubuntu.com> Tue, 04 Feb 2014 09:31:39 -0500
870
871openvpn (2.3.2-7ubuntu2) trusty; urgency=medium
872
873 * Patch libtool.m4 and configure to support ppc64el.
874
875 -- Matthias Klose <doko@ubuntu.com> Mon, 30 Dec 2013 12:32:35 +0100
876
877openvpn (2.3.2-7ubuntu1) trusty; urgency=low
878
879 * Merge from Debian unstable. Remaining changes:
880 - debian/openvpn.init.d:
881 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
882 + Show per-VPN result messages.
883 + Add "--script-security 2" by default for backwards compatabliity.
884 - Demote easy-rsa to Suggests
885
886 -- Stéphane Graber <stgraber@ubuntu.com> Mon, 02 Dec 2013 18:14:42 -0500
887
520openvpn (2.3.2-7) unstable; urgency=low888openvpn (2.3.2-7) unstable; urgency=low
521889
522 * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/.890 * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/.
@@ -533,6 +901,17 @@ openvpn (2.3.2-6) unstable; urgency=low
533901
534 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 27 Nov 2013 13:58:33 +0100902 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 27 Nov 2013 13:58:33 +0100
535903
904openvpn (2.3.2-5ubuntu1) trusty; urgency=low
905
906 * Merge from Debian unstable. Remaining changes:
907 - debian/openvpn.init.d:
908 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
909 + Show per-VPN result messages.
910 + Add "--script-security 2" by default for backwards compatabliity.
911 - Demote easy-rsa to Suggests
912
913 -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 13:07:37 -0400
914
536openvpn (2.3.2-5) unstable; urgency=low915openvpn (2.3.2-5) unstable; urgency=low
537916
538 * Patch init script to fix race conditions on restarts.917 * Patch init script to fix race conditions on restarts.
@@ -542,6 +921,16 @@ openvpn (2.3.2-5) unstable; urgency=low
542921
543 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 15 Jul 2013 16:10:59 +0200922 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 15 Jul 2013 16:10:59 +0200
544923
924openvpn (2.3.2-4ubuntu1) saucy; urgency=low
925
926 * Merge from Debian unstable. Remaining changes:
927 - debian/openvpn.init.d:
928 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
929 + Show per-VPN result messages.
930 + Add "--script-security 2" by default for backwards compatabliity.
931
932 -- Stéphane Graber <stgraber@ubuntu.com> Tue, 09 Jul 2013 17:20:31 -0400
933
545openvpn (2.3.2-4) unstable; urgency=low934openvpn (2.3.2-4) unstable; urgency=low
546935
547 * Fix depends on iproute to iproute2.936 * Fix depends on iproute to iproute2.
@@ -574,6 +963,23 @@ openvpn (2.3.2-1) unstable; urgency=low
574963
575 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 03 Jun 2013 18:48:44 +0200964 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 03 Jun 2013 18:48:44 +0200
576965
966openvpn (2.3.1-2ubuntu2) saucy; urgency=low
967
968 * Move easy-rsa from Recommends to Suggests as it's not in main and isn't
969 actually required to operate an openvpn server.
970
971 -- Stéphane Graber <stgraber@ubuntu.com> Wed, 19 Jun 2013 14:37:54 -0400
972
973openvpn (2.3.1-2ubuntu1) saucy; urgency=low
974
975 * Merge from Debian unstable. Remaining changes:
976 - debian/openvpn.init.d:
977 + Do not use start-stop-daemon and </dev/null to avoid blocking boot.
978 + Show per-VPN result messages.
979 + Add "--script-security 2" by default for backwards compatabliity.
980
981 -- Stéphane Graber <stgraber@ubuntu.com> Fri, 24 May 2013 17:42:45 -0400
982
577openvpn (2.3.1-2) unstable; urgency=low983openvpn (2.3.1-2) unstable; urgency=low
578984
579 * Add net-tools to Build-Depends. (Closes: #709108)985 * Add net-tools to Build-Depends. (Closes: #709108)
@@ -601,6 +1007,32 @@ openvpn (2.3~rc1-1) experimental; urgency=low
6011007
602 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 05 Nov 2012 16:31:15 +01001008 -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 05 Nov 2012 16:31:15 +0100
6031009
1010openvpn (2.2.1-8ubuntu3) raring; urgency=low
1011
1012 [ Marc Gariépy ]
1013 * Add --script-security to the init.d script (was generated but not passed
1014 to openvpn). (LP: #1124398)
1015
1016 -- Stéphane Graber <stgraber@ubuntu.com> Wed, 13 Feb 2013 16:10:48 -0500
1017
1018openvpn (2.2.1-8ubuntu2) quantal; urgency=low
1019
1020 * Rebuild for new armel compiler default of ARMv5t.
1021
1022 -- Colin Watson <cjwatson@ubuntu.com> Mon, 08 Oct 2012 08:36:47 +0100
1023
1024openvpn (2.2.1-8ubuntu1) precise; urgency=low
1025
1026 * Merge at Simon Deziel's request to build with PIE.
1027 * Merge from Debian unstable. Remaining changes:
1028 + debian/openvpn.init.d:
1029 - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
1030 - Show per-VPN result messages.
1031 - Add "--script-security 2" by default for backwards compatabliity.
1032 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1033
1034 -- Stéphane Graber <stgraber@ubuntu.com> Fri, 30 Mar 2012 13:19:09 -0400
1035
604openvpn (2.2.1-8) unstable; urgency=low1036openvpn (2.2.1-8) unstable; urgency=low
6051037
606 * Enable "PIE" and "BINDOW" hardening flags.1038 * Enable "PIE" and "BINDOW" hardening flags.
@@ -625,6 +1057,17 @@ openvpn (2.2.1-6) unstable; urgency=low
6251057
626 -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Mar 2012 13:44:50 +01001058 -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Mar 2012 13:44:50 +0100
6271059
1060openvpn (2.2.1-5ubuntu1) precise; urgency=low
1061
1062 * Merge from Debian unstable. Remaining changes: (LP: #907828)
1063 + debian/openvpn.init.d:
1064 - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
1065 - Show per-VPN result messages.
1066 - Add "--script-security 2" by default for backwards compatabliity.
1067 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1068
1069 -- Stéphane Graber <stgraber@ubuntu.com> Sat, 25 Feb 2012 21:08:48 -0500
1070
628openvpn (2.2.1-5) unstable; urgency=low1071openvpn (2.2.1-5) unstable; urgency=low
6291072
630 * Avoid sending ICMP redirects when using tun devices and "subnet"1073 * Avoid sending ICMP redirects when using tun devices and "subnet"
@@ -647,6 +1090,20 @@ openvpn (2.2.1-4) unstable; urgency=low
6471090
648 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 08 Feb 2012 16:31:32 +01001091 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 08 Feb 2012 16:31:32 +0100
6491092
1093openvpn (2.2.1-3ubuntu1) precise; urgency=low
1094
1095 * Merge from Debian testing. Remaining changes:
1096 + debian/openvpn.init.d:
1097 - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
1098 - Show per-VPN result messages.
1099 - Add "--script-security 2" by default for backwards compatabliity.
1100 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1101 + debian/update-resolv-conf: Support multiple domains.
1102 + fix bug where '--script-security 2' would be passed for all
1103 daemons after the first. (LP: #794916)
1104
1105 -- Chuck Short <zulcss@ubuntu.com> Sat, 31 Dec 2011 04:55:56 +0000
1106
650openvpn (2.2.1-3) unstable; urgency=low1107openvpn (2.2.1-3) unstable; urgency=low
6511108
652 * The iproute fiasco release.1109 * The iproute fiasco release.
@@ -675,6 +1132,20 @@ openvpn (2.2.1-1) unstable; urgency=low
6751132
676 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 13 Dec 2011 11:04:22 +01001133 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 13 Dec 2011 11:04:22 +0100
6771134
1135openvpn (2.2.0-2ubuntu1) oneiric; urgency=low
1136
1137 * Merge from debian unstable. Remaining changes:
1138 + debian/openvpn.init.d:
1139 - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
1140 - Show per-VPN result messages.
1141 - Add "--script-security 2" by default for backwards compatabliity.
1142 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1143 + debian/update-resolv-conf: Support multiple domains.
1144 + fix bug where '--script-security 2' would be passed for all
1145 daemons after the first. (LP: #794916
1146
1147 -- Chuck Short <zulcss@ubuntu.com> Thu, 16 Jun 2011 18:33:37 +0100
1148
678openvpn (2.2.0-2) unstable; urgency=low1149openvpn (2.2.0-2) unstable; urgency=low
6791150
680 * Upload to unstable1151 * Upload to unstable
@@ -709,6 +1180,45 @@ openvpn (2.1.3-5) experimental; urgency=low
7091180
710 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:57:18 +01001181 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:57:18 +0100
7111182
1183openvpn (2.1.3-4.1ubuntu2) oneiric; urgency=low
1184
1185 [Alexander Zielke]
1186 * fix bug where '--script-security 2' would be passed for all
1187 daemons after the first. (LP: #794916)
1188
1189 -- Scott Moser <smoser@ubuntu.com> Thu, 09 Jun 2011 13:59:08 -0400
1190
1191openvpn (2.1.3-4.1ubuntu1) oneiric; urgency=low
1192
1193 * Merge from debian unstable. Remaining changes:
1194 + debian/openvpn.init.d:
1195 - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
1196 - Show per-VPN result messages.
1197 - Add "--script-security 2" by default for backwards compatabliity.
1198 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1199 + debian/update-resolv-conf: Support multiple domains.
1200
1201 -- Chuck Short <zulcss@ubuntu.com> Tue, 17 May 2011 02:14:39 +0100
1202
1203openvpn (2.1.3-4.1) unstable; urgency=low
1204
1205 * Non-maintainer upload.
1206 * Drop hard-coded dependency on libssl0.9.8. (Closes: #623503)
1207
1208 -- Philipp Kern <pkern@debian.org> Mon, 09 May 2011 23:20:03 +0200
1209
1210openvpn (2.1.3-4ubuntu1) oneiric; urgency=low
1211
1212 * Merge from debian unstable. Remaining changes:
1213 + debian/openvpn.init.d:
1214 - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
1215 - Show per-VPN result messages.
1216 - Add "--script-security 2" by default for backwards compatabliity.
1217 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1218 + debian/update-resolv-conf: Support multiple domains.
1219
1220 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Mar 2011 23:28:26 +0000
1221
712openvpn (2.1.3-4) unstable; urgency=low1222openvpn (2.1.3-4) unstable; urgency=low
7131223
714 * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd.1224 * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd.
@@ -731,6 +1241,31 @@ openvpn (2.1.3-3) unstable; urgency=low
7311241
732 -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Mar 2011 13:08:12 +01001242 -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Mar 2011 13:08:12 +0100
7331243
1244openvpn (2.1.3-2ubuntu3) natty; urgency=low
1245
1246 * update-resolv-conf: Correctly handle multiple dns search domains,
1247 using the same logic as nameservers. Patch courtesy of Jeremy
1248 Zawodny. (LP: #662847)
1249
1250 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Fri, 11 Mar 2011 00:23:59 +0000
1251
1252openvpn (2.1.3-2ubuntu2) natty; urgency=low
1253
1254 * update-resolv-conf: Support mulitple domains (LP: #714358)
1255
1256 -- Chuck Short <zulcss@ubuntu.com> Mon, 14 Feb 2011 15:21:46 -0500
1257
1258openvpn (2.1.3-2ubuntu1) natty; urgency=low
1259
1260 * Merge from debian unstable. Remaining changes:
1261 + debian/openvpn.init.d:
1262 - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
1263 - Show per-VPN result messages.
1264 - Add "--script-security 2" by default for backwards compatabliity.
1265 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1266
1267 -- Chuck Short <zulcss@ubuntu.com> Sat, 23 Oct 2010 01:59:28 +0100
1268
734openvpn (2.1.3-2) unstable; urgency=low1269openvpn (2.1.3-2) unstable; urgency=low
7351270
736 * Applied upstream patch to solve random routes added when using1271 * Applied upstream patch to solve random routes added when using
@@ -738,6 +1273,24 @@ openvpn (2.1.3-2) unstable; urgency=low
7381273
739 -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 21 Oct 2010 12:21:33 +02001274 -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 21 Oct 2010 12:21:33 +0200
7401275
1276openvpn (2.1.3-1ubuntu2) natty; urgency=low
1277
1278 * Fix jjo-ipv6-support.patch to avoid assertion failure at socket.c:629 in
1279 corner cases where ! host && addr (LP: #627973)
1280
1281 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Wed, 20 Oct 2010 16:22:25 +0200
1282
1283openvpn (2.1.3-1ubuntu1) natty; urgency=low
1284
1285 * Merge from debian unstable. Remaining changes:
1286 + debian/openvpn.init.d:
1287 - Do not use start-stop-daemon and </dev/null to avoid blocking boot.
1288 - Show per-VPN result messages.
1289 - Add "--script-security 2" by default for backwards compatablitiy
1290 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1291
1292 -- Chuck Short <zulcss@ubuntu.com> Tue, 05 Oct 2010 06:21:14 +0100
1293
741openvpn (2.1.3-1) unstable; urgency=low1294openvpn (2.1.3-1) unstable; urgency=low
7421295
743 * New upstream release (Closes: #595684)1296 * New upstream release (Closes: #595684)
@@ -749,6 +1302,17 @@ openvpn (2.1.3-1) unstable; urgency=low
7491302
750 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Sep 2010 13:07:37 +02001303 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Sep 2010 13:07:37 +0200
7511304
1305openvpn (2.1.0-3ubuntu1) maverick; urgency=low
1306
1307 * Merge from debian unstable. Remaining changes:
1308 + debian/openvpn.init.d:
1309 - Do not use start-stop-daemon and use </dev/null to avoid blocking boot
1310 - Show per-VPN result messages
1311 - Add "--script-security 2" by default for backwards compatablitiy
1312 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1313
1314 -- Chuck Short <zulcss@ubuntu.com> Mon, 12 Jul 2010 09:39:43 -0400
1315
752openvpn (2.1.0-3) unstable; urgency=low1316openvpn (2.1.0-3) unstable; urgency=low
7531317
754 * The 'happy birthday to me' release1318 * The 'happy birthday to me' release
@@ -758,6 +1322,24 @@ openvpn (2.1.0-3) unstable; urgency=low
7581322
759 -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Jul 2010 12:22:09 +02001323 -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Jul 2010 12:22:09 +0200
7601324
1325openvpn (2.1.0-2ubuntu2) maverick; urgency=low
1326
1327 * debian/patches/client_hang_when_server_dont_push.patch: Fix client hanging
1328 on PUSH_REQUEST when server does not push any option (LP: #579737)
1329
1330 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 28 Jun 2010 10:45:23 +0200
1331
1332openvpn (2.1.0-2ubuntu1) maverick; urgency=low
1333
1334 * Merge from debian unstable. Remaining changes:
1335 + debian/openvpn.init.d:
1336 - Do not use start-stop-daemon and use </dev/null to avoid blocking boot
1337 - Show per-VPN result messages
1338 - Add "--script-security 2" by default for backwards compatablitiy
1339 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1340
1341 -- Chuck Short <zulcss@ubuntu.com> Wed, 05 May 2010 03:06:19 +0100
1342
761openvpn (2.1.0-2) unstable; urgency=low1343openvpn (2.1.0-2) unstable; urgency=low
7621344
763 * Patched ssl.[ch] to fix integer overflow. (Closes: #576827)1345 * Patched ssl.[ch] to fix integer overflow. (Closes: #576827)
@@ -770,6 +1352,17 @@ openvpn (2.1.0-2) unstable; urgency=low
7701352
771 -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Apr 2010 17:26:42 +02001353 -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Apr 2010 17:26:42 +0200
7721354
1355openvpn (2.1.0-1ubuntu1) lucid; urgency=low
1356
1357 * Merge from debian testing (LP: #509078), remaining changes:
1358 + debian/openvpn.init.d:
1359 - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot
1360 - Show per-VPN result messages
1361 - Add "--script-security 2" by default for backwards compatibility
1362 + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
1363
1364 -- Jan Brinkmann <lucky@the-luckyduck.de> Fri, 22 Jan 2010 00:47:33 +0100
1365
773openvpn (2.1.0-1) unstable; urgency=low1366openvpn (2.1.0-1) unstable; urgency=low
7741367
775 * New upstream release1368 * New upstream release
@@ -807,6 +1400,20 @@ openvpn (2.1~rc20-3) unstable; urgency=low
8071400
808 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 04 Nov 2009 17:18:03 +01001401 -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 04 Nov 2009 17:18:03 +0100
8091402
1403openvpn (2.1~rc20-2ubuntu1) lucid; urgency=low
1404
1405 * Merge from debian testing, remaining changes:
1406 + debian/openvpn.init.d:
1407 - Do not use start-stop-daemon and use < /dev/null to avoid blocking
1408 boot.
1409 - show per-VPN result messages
1410 - add "--script-security 2" by default for backwards compatibility
1411 - Add lab-base >= 3.2-14 to allow status_of_proc()
1412 + Dropped debian/patches/redirect-gateway.patch: Already applied
1413 upstream.
1414
1415 -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 01:36:35 +0000
1416
810openvpn (2.1~rc20-2) unstable; urgency=low1417openvpn (2.1~rc20-2) unstable; urgency=low
8111418
812 * init.d script: Added X-Interactive header. (Closes: #549424)1419 * init.d script: Added X-Interactive header. (Closes: #549424)
@@ -831,6 +1438,25 @@ openvpn (2.1~rc19-2) unstable; urgency=low
8311438
832 -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 30 Aug 2009 20:20:11 +02001439 -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 30 Aug 2009 20:20:11 +0200
8331440
1441openvpn (2.1~rc19-1ubuntu2) karmic; urgency=low
1442
1443 * debian/patches/redirect-gateway.patch: Fix regression introduced in
1444 2.1rc17 that makes redirect-gateway (without options) to be ignored.
1445 Patch cherrypicked from upstream 2.1rc20 (SVN r5011), LP: #445695
1446
1447 -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 13 Oct 2009 09:31:20 +0200
1448
1449openvpn (2.1~rc19-1ubuntu1) karmic; urgency=low
1450
1451 * Merge from debian unstable (LP: #404099), remaining changes:
1452 - debian/openvpn.init.d:
1453 - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot
1454 - show per-VPN result messages
1455 - add "--script-security 2" by default for backwards compatibility
1456 - Added lsb-base>=3.2-14 depend to allow status_of_proc()
1457
1458 -- Bhavani Shankar <right2bhavi@gmail.com> Fri, 24 Jul 2009 19:22:13 +0530
1459
834openvpn (2.1~rc19-1) unstable; urgency=low1460openvpn (2.1~rc19-1) unstable; urgency=low
8351461
836 * New upstream version1462 * New upstream version
@@ -840,6 +1466,17 @@ openvpn (2.1~rc19-1) unstable; urgency=low
8401466
841 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 Jul 2009 17:00:56 +02001467 -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 Jul 2009 17:00:56 +0200
8421468
1469openvpn (2.1~rc15-1ubuntu1) karmic; urgency=low
1470
1471 * Merge from debian unstable (LP: #372358), remaining changes:
1472 - debian/openvpn.init.d:
1473 - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot
1474 - show per-VPN result messages
1475 - add "--script-security 2" by default for backwards compatibility
1476 - Added lsb-base>=3.2-14 depend to allow status_of_proc()
1477
1478 -- Andres Rodriguez <andreserl@ubuntu.com> Tue, 05 May 2009 14:25:37 -0500
1479
843openvpn (2.1~rc15-1) unstable; urgency=low1480openvpn (2.1~rc15-1) unstable; urgency=low
8441481
845 * New upstream version (Closes: #515575)1482 * New upstream version (Closes: #515575)
@@ -859,6 +1496,33 @@ openvpn (2.1~rc15-1) unstable; urgency=low
8591496
860 -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +02001497 -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +0200
8611498
1499openvpn (2.1~rc11-1ubuntu3) jaunty; urgency=low
1500
1501 * debian/openvpn.init.d:
1502 - Fix unexpected operator on startup (LP: #340120)
1503
1504 -- Michael Jeanson <mjeanson@revolutionlinux.com> Mon, 09 Mar 2009 16:02:50 -0400
1505
1506openvpn (2.1~rc11-1ubuntu2) intrepid; urgency=low
1507
1508 * debian/openvpn.init.d:
1509 - Revert fix from #454371 that was merged at 2.1~rc7-4 to prevent
1510 openvpn prompts from blocking the boot (LP: #280428)
1511 - Fix VPNs always reported started [ OK ]
1512
1513 -- Thierry Carrez <thierry.carrez@ubuntu.com> Wed, 15 Oct 2008 17:12:54 +0200
1514
1515openvpn (2.1~rc11-1ubuntu1) intrepid; urgency=low
1516
1517 * Merge with Debian (LP: #279655), remaining diffs:
1518 - debian/openvpn.init.d: Added 'status' action to init script, show
1519 per-VPN result messages and add "--script-security 2" by default for
1520 backwards compatibility
1521 - debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc()
1522 * Fixes regression when calling commands with arguments (LP: #277447)
1523
1524 -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 07 Oct 2008 16:30:44 +0200
1525
862openvpn (2.1~rc11-1) unstable; urgency=low1526openvpn (2.1~rc11-1) unstable; urgency=low
8631527
864 * New upstream version1528 * New upstream version
@@ -879,6 +1543,23 @@ openvpn (2.1~rc10-1) unstable; urgency=low
8791543
880 -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 Sep 2008 16:58:37 +02001544 -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 Sep 2008 16:58:37 +0200
8811545
1546openvpn (2.1~rc9-3ubuntu2) intrepid; urgency=low
1547
1548 * debian/openvpn.init.d:
1549 - Added 'status' action to init script (LP: #251641)
1550 - Restored per-VPN result messages by using log_action_begin_msg and
1551 one log_daemon_msg per VPN instead of log_progress_msg (LP: #264966)
1552 * debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc()
1553
1554 -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 09 Sep 2008 10:45:45 +0200
1555
1556openvpn (2.1~rc9-3ubuntu1) intrepid; urgency=low
1557
1558 * debian/openvpn.init.d: Add "--script-security 2" by default for backwards compatibility
1559 (LP: #260291)
1560
1561 -- Chuck Short <zulcss@ubuntu.com> Mon, 25 Aug 2008 10:20:31 -0400
1562
882openvpn (2.1~rc9-3) unstable; urgency=low1563openvpn (2.1~rc9-3) unstable; urgency=low
8831564
884 * debian/rules: run ./configure with path to 'route', for1565 * debian/rules: run ./configure with path to 'route', for
diff --git a/debian/control b/debian/control
index 63a8262..40ed491 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: openvpn1Source: openvpn
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Bernhard Schmidt <berni@debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Bernhard Schmidt <berni@debian.org>
5Uploaders: Jörg Frings-Fürst <debian@jff.email>6Uploaders: Jörg Frings-Fürst <debian@jff.email>
6Build-Depends:7Build-Depends:
7 debhelper-compat (= 12),8 debhelper-compat (= 12),
@@ -39,8 +40,8 @@ Depends:
39Suggests:40Suggests:
40 openssl,41 openssl,
41 resolvconf,42 resolvconf,
42 openvpn-systemd-resolved43 openvpn-systemd-resolved,
43Recommends: easy-rsa44 easy-rsa
44Description: virtual private network daemon45Description: virtual private network daemon
45 OpenVPN is an application to securely tunnel IP networks over a46 OpenVPN is an application to securely tunnel IP networks over a
46 single UDP or TCP port. It can be used to access remote sites, make47 single UDP or TCP port. It can be used to access remote sites, make
diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 945874b..6d59b13 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -12,7 +12,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
12Type=notify12Type=notify
13PrivateTmp=true13PrivateTmp=true
14WorkingDirectory=/etc/openvpn14WorkingDirectory=/etc/openvpn
15ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid15ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid
16PIDFile=/run/openvpn/%i.pid16PIDFile=/run/openvpn/%i.pid
17KillMode=process17KillMode=process
18CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE18CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
diff --git a/debian/patches/openvpn-fips-2.4.patch b/debian/patches/openvpn-fips-2.4.patch
19new file mode 10064419new file mode 100644
index 0000000..1c4f068
--- /dev/null
+++ b/debian/patches/openvpn-fips-2.4.patch
@@ -0,0 +1,90 @@
1Description: Use openssl FIPS flag to indicate MD5 use for PRF.
2 MD5 is not allowed in FIPS 140-2 except for PRF. OpenVPN needs
3 to send EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag to FIPS mode openssl
4 for PRF to indicate the exception.
5Bug: https://community.openvpn.net/openvpn/ticket/725
6Bug-Ubuntu: https://bugs.launchpad.net/bugs/1807439
7Author: Stephan Mueller <stephan.mueller@atsec.com>
8
9--- a/src/openvpn/crypto.c
10+++ b/src/openvpn/crypto.c
11@@ -849,7 +849,7 @@ init_key_ctx(struct key_ctx *ctx, const
12 if (kt->digest && kt->hmac_length > 0)
13 {
14 ctx->hmac = hmac_ctx_new();
15- hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
16+ hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest, 0);
17
18 msg(D_HANDSHAKE,
19 "%s: Using %d bit message hash '%s' for HMAC authentication",
20--- a/src/openvpn/crypto_backend.h
21+++ b/src/openvpn/crypto_backend.h
22@@ -634,10 +634,11 @@ void hmac_ctx_free(hmac_ctx_t *ctx);
23 * @param key The key to use for the HMAC
24 * @param key_len The key length to use
25 * @param kt Static message digest parameters
26+ * @param prf_use Intended use for PRF in TLS protocol
27 *
28 */
29 void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_length,
30- const md_kt_t *kt);
31+ const md_kt_t *kt, bool prf_use);
32
33 /*
34 * Free the given HMAC context.
35--- a/src/openvpn/crypto_mbedtls.c
36+++ b/src/openvpn/crypto_mbedtls.c
37@@ -919,7 +919,7 @@ hmac_ctx_free(mbedtls_md_context_t *ctx)
38
39 void
40 hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, int key_len,
41- const mbedtls_md_info_t *kt)
42+ const mbedtls_md_info_t *kt, bool prf_use)
43 {
44 ASSERT(NULL != kt && NULL != ctx);
45
46--- a/src/openvpn/crypto_openssl.c
47+++ b/src/openvpn/crypto_openssl.c
48@@ -1006,11 +1006,17 @@ hmac_ctx_free(HMAC_CTX *ctx)
49
50 void
51 hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
52- const EVP_MD *kt)
53+ const EVP_MD *kt, bool prf_use)
54 {
55 ASSERT(NULL != kt && NULL != ctx);
56
57 HMAC_CTX_reset(ctx);
58+
59+ /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not
60+ * to be used anywhere else */
61+ if(kt == EVP_md5() && prf_use)
62+ HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
63+
64 HMAC_Init_ex(ctx, key, key_len, kt, NULL);
65
66 /* make sure we used a big enough key */
67--- a/src/openvpn/ntlm.c
68+++ b/src/openvpn/ntlm.c
69@@ -88,7 +88,7 @@ gen_hmac_md5(const uint8_t *data, int da
70 const md_kt_t *md5_kt = md_kt_get("MD5");
71 hmac_ctx_t *hmac_ctx = hmac_ctx_new();
72
73- hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
74+ hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0);
75 hmac_ctx_update(hmac_ctx, data, data_len);
76 hmac_ctx_final(hmac_ctx, result);
77 hmac_ctx_cleanup(hmac_ctx);
78--- a/src/openvpn/ssl.c
79+++ b/src/openvpn/ssl.c
80@@ -1632,8 +1632,8 @@ tls1_P_hash(const md_kt_t *md_kt,
81 int chunk = md_kt_size(md_kt);
82 unsigned int A1_len = md_kt_size(md_kt);
83
84- hmac_ctx_init(ctx, sec, sec_len, md_kt);
85- hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt);
86+ hmac_ctx_init(ctx, sec, sec_len, md_kt, 1);
87+ hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt, 1);
88
89 hmac_ctx_update(ctx,seed,seed_len);
90 hmac_ctx_final(ctx, A1);
diff --git a/debian/patches/series b/debian/patches/series
index 55bae8e..12d3a83 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ openvpn-pkcs11warn.patch
5#kfreebsd_support.patch5#kfreebsd_support.patch
6match-manpage-and-command-help.patch6match-manpage-and-command-help.patch
7systemd.patch7systemd.patch
8openvpn-fips-2.4.patch
diff --git a/debian/tests/server-setup-with-ca b/debian/tests/server-setup-with-ca
index 58df2e9..08a879e 100755
--- a/debian/tests/server-setup-with-ca
+++ b/debian/tests/server-setup-with-ca
@@ -75,10 +75,10 @@ info "Check if Diffie-Hellman was initialized"
75cat $LOG_FILE | grep 'Diffie-Hellman initialized'75cat $LOG_FILE | grep 'Diffie-Hellman initialized'
7676
77info "Check if the $DEVICE is linked"77info "Check if the $DEVICE is linked"
78cat $LOG_FILE | grep "/sbin/ip link set dev $DEVICE up"78cat $LOG_FILE | grep "net_iface_up: set $DEVICE up"
7979
80info "Check if the network route was correctly configured"80info "Check if the network route was correctly configured"
81cat $LOG_FILE | grep "/sbin/ip route add $IP_NETWORK/24"81cat $LOG_FILE | grep "net_route_v4_add: $IP_NETWORK/24 via"
8282
83info "Check if the Initialization Sequence completed"83info "Check if the Initialization Sequence completed"
84cat $LOG_FILE | grep 'Initialization Sequence Completed'84cat $LOG_FILE | grep 'Initialization Sequence Completed'
diff --git a/debian/tests/server-setup-with-static-key b/debian/tests/server-setup-with-static-key
index 9ddaecd..8c0addf 100755
--- a/debian/tests/server-setup-with-static-key
+++ b/debian/tests/server-setup-with-static-key
@@ -50,10 +50,10 @@ info "Check if the $STATIC_KEY is used by OpenVPN"
50cat $LOG_FILE | grep "shared_secret_file = '$CONFIG_DIR/$STATIC_KEY'"50cat $LOG_FILE | grep "shared_secret_file = '$CONFIG_DIR/$STATIC_KEY'"
5151
52info "Check if the $DEVICE is linked"52info "Check if the $DEVICE is linked"
53cat $LOG_FILE | grep "/sbin/ip link set dev $DEVICE up"53cat $LOG_FILE | grep "net_iface_up: set $DEVICE up"
5454
55info "Check if the specified IP addresses were configured"55info "Check if the specified IP addresses were configured"
56cat $LOG_FILE | grep "/sbin/ip addr add dev tun0 local $IP_SERVER peer $IP_CLIENT"56cat $LOG_FILE | grep "net_addr_ptp_v4_add: $IP_SERVER peer $IP_CLIENT dev tun0"
5757
58# Clean up: kill tha OpenVPN process, remove the $DEVICE created and $STATIC_KEY58# Clean up: kill tha OpenVPN process, remove the $DEVICE created and $STATIC_KEY
59cleanup() {59cleanup() {

Subscribers

People subscribed via source and target branches