Merge ~utkarsh/ubuntu/+source/openvpn:merge-openvpn-impish into ubuntu/+source/openvpn:debian/sid
- Git
- lp:~utkarsh/ubuntu/+source/openvpn
- merge-openvpn-impish
- Merge into debian/sid
Status: | Merged |
---|---|
Merge reported by: | Utkarsh Gupta |
Merged at revision: | 769fd64b627bdae3d18ca552a2b84988f290d33c |
Proposed branch: | ~utkarsh/ubuntu/+source/openvpn:merge-openvpn-impish |
Merge into: | ubuntu/+source/openvpn:debian/sid |
Diff against target: |
1116 lines (+802/-5) 5 files modified
debian/changelog (+706/-1) debian/control (+4/-3) debian/openvpn@.service (+1/-1) debian/patches/openvpn-fips-2.4.patch (+90/-0) debian/patches/series (+1/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Robie Basak | Approve | ||
Christian Ehrhardt (community) | Abstain | ||
Canonical Server | Pending | ||
Canonical Server packageset reviewers | Pending | ||
git-ubuntu developers | Pending | ||
Review via email:
|
Commit message
Description of the change
Hey,
Yet another merge -> bug fixes one though.
PPA at https:/
Build's good and autopkgtest passes:
```
autopkgtest [16:56:46]: @@@@@@@
server-
server-
```
Requesting you to please review and sponsor the upload. TIA! \o/
[Assigning review to Robie]
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Robie Basak (racb) wrote : | # |
Looks good!
Although merge is correct, your logical tag is wrong. The tree of lp1917438/
Uploaded.
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Utkarsh Gupta (utkarsh) wrote : | # |
Ooh yeah, I *did* drop the delta already and then tagged the logical tag. My bad. Thanks for the upload, though! \o/
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog | |||
2 | index f1c969f..a1eb824 100644 | |||
3 | --- a/debian/changelog | |||
4 | +++ b/debian/changelog | |||
5 | @@ -1,3 +1,16 @@ | |||
6 | 1 | openvpn (2.5.1-3ubuntu1) impish; urgency=medium | ||
7 | 2 | |||
8 | 3 | * Merge with Debian unstable. Remaining changes: | ||
9 | 4 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
10 | 5 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
11 | 6 | got added to debian/openvpn.init.d ages ago (LP #1454725) | ||
12 | 7 | - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. | ||
13 | 8 | * Dropped changes: | ||
14 | 9 | - d/t/server-setup-*: adapt tests to output of v2.5.0 | ||
15 | 10 | [Included in 2.5.1-3] | ||
16 | 11 | |||
17 | 12 | -- Utkarsh Gupta <utkarsh.gupta@canonical.com> Mon, 17 May 2021 14:38:17 +0530 | ||
18 | 13 | |||
19 | 1 | openvpn (2.5.1-3) unstable; urgency=medium | 14 | openvpn (2.5.1-3) unstable; urgency=medium |
20 | 2 | 15 | ||
21 | 3 | * Fix autopkgtest (Closes: #983662) | 16 | * Fix autopkgtest (Closes: #983662) |
22 | @@ -7,6 +20,17 @@ openvpn (2.5.1-3) unstable; urgency=medium | |||
23 | 7 | 20 | ||
24 | 8 | -- Bernhard Schmidt <berni@debian.org> Fri, 14 May 2021 09:40:04 +0200 | 21 | -- Bernhard Schmidt <berni@debian.org> Fri, 14 May 2021 09:40:04 +0200 |
25 | 9 | 22 | ||
26 | 23 | openvpn (2.5.1-2ubuntu1) impish; urgency=medium | ||
27 | 24 | |||
28 | 25 | * Merge with Debian unstable. Remaining changes: | ||
29 | 26 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
30 | 27 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
31 | 28 | got added to debian/openvpn.init.d ages ago (LP #1454725) | ||
32 | 29 | - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. | ||
33 | 30 | - d/t/server-setup-*: adapt tests to output of v2.5.0 | ||
34 | 31 | |||
35 | 32 | -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 03 May 2021 17:56:39 -0300 | ||
36 | 33 | |||
37 | 10 | openvpn (2.5.1-2) unstable; urgency=high | 34 | openvpn (2.5.1-2) unstable; urgency=high |
38 | 11 | 35 | ||
39 | 12 | * Cherry-Pick 3 (+ 1 predependency) patches from upstream to fix | 36 | * Cherry-Pick 3 (+ 1 predependency) patches from upstream to fix |
40 | @@ -15,12 +39,47 @@ openvpn (2.5.1-2) unstable; urgency=high | |||
41 | 15 | 39 | ||
42 | 16 | -- Bernhard Schmidt <berni@debian.org> Wed, 28 Apr 2021 14:41:58 +0200 | 40 | -- Bernhard Schmidt <berni@debian.org> Wed, 28 Apr 2021 14:41:58 +0200 |
43 | 17 | 41 | ||
44 | 42 | openvpn (2.5.1-1ubuntu1) hirsute; urgency=medium | ||
45 | 43 | |||
46 | 44 | * Merge with Debian unstable (LP: #1917438). Remaining changes: | ||
47 | 45 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
48 | 46 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
49 | 47 | got added to debian/openvpn.init.d ages ago (LP #1454725) | ||
50 | 48 | - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. | ||
51 | 49 | + d/t/server-setup-*: adapt tests to output of v2.5.0 | ||
52 | 50 | |||
53 | 51 | -- Utkarsh Gupta <utkarsh.gupta@canonical.com> Tue, 02 Mar 2021 16:35:37 +0530 | ||
54 | 52 | |||
55 | 18 | openvpn (2.5.1-1) unstable; urgency=medium | 53 | openvpn (2.5.1-1) unstable; urgency=medium |
56 | 19 | 54 | ||
57 | 20 | * New upstream version 2.5.1 (bugfix release) | 55 | * New upstream version 2.5.1 (bugfix release) |
58 | 21 | 56 | ||
59 | 22 | -- Bernhard Schmidt <berni@debian.org> Wed, 24 Feb 2021 19:54:34 +0100 | 57 | -- Bernhard Schmidt <berni@debian.org> Wed, 24 Feb 2021 19:54:34 +0100 |
60 | 23 | 58 | ||
61 | 59 | openvpn (2.5.0-1ubuntu1) hirsute; urgency=medium | ||
62 | 60 | |||
63 | 61 | * Merge with Debian unstable. Remaining changes: | ||
64 | 62 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
65 | 63 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
66 | 64 | got added to debian/openvpn.init.d ages ago (LP #1454725) | ||
67 | 65 | - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. | ||
68 | 66 | [updated to match 2.5.0] | ||
69 | 67 | * Dropped changes [in Debian since 2.5~beta3-1] | ||
70 | 68 | - d/tests: add two DEP-8 test cases | ||
71 | 69 | + d/t/server-setup-with-static-key: test the OpenVPN server side setup | ||
72 | 70 | using a static key. | ||
73 | 71 | + d/t/server-setup-with-ca: test the OpenVPN server side setup using a | ||
74 | 72 | CA built with easy-rsa. | ||
75 | 73 | - d/openvpn*.service: Drop reload support from systemd unit files | ||
76 | 74 | (LP #1868127). The current reload implementation (sending a SIGHUP | ||
77 | 75 | signal to the process) fails, and the difference between reload and | ||
78 | 76 | restart is not clear. Systemd does not require an implementation for | ||
79 | 77 | reload. | ||
80 | 78 | * Added Changes: | ||
81 | 79 | - d/t/server-setup-*: adapt tests to output of v2.5.0 | ||
82 | 80 | |||
83 | 81 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 01 Dec 2020 16:15:12 +0100 | ||
84 | 82 | |||
85 | 24 | openvpn (2.5.0-1) unstable; urgency=medium | 83 | openvpn (2.5.0-1) unstable; urgency=medium |
86 | 25 | 84 | ||
87 | 26 | * New upstream version 2.5.0 - final release | 85 | * New upstream version 2.5.0 - final release |
88 | @@ -46,7 +105,7 @@ openvpn (2.5~beta3-1) unstable; urgency=medium | |||
89 | 46 | 105 | ||
90 | 47 | [ Lucas Kanashiro ] | 106 | [ Lucas Kanashiro ] |
91 | 48 | * Add two DEP-8 test cases for the server side | 107 | * Add two DEP-8 test cases for the server side |
93 | 49 | * Drop reload support from systemd unit files (LP: #1868127) | 108 | * Drop reload support from systemd unit files (LP 1868127) |
94 | 50 | 109 | ||
95 | 51 | [ Bernhard Schmidt ] | 110 | [ Bernhard Schmidt ] |
96 | 52 | * Revert "d/gbp.conf for experimental 2.5 branch" | 111 | * Revert "d/gbp.conf for experimental 2.5 branch" |
97 | @@ -76,6 +135,26 @@ openvpn (2.5~beta1-1) experimental; urgency=medium | |||
98 | 76 | 135 | ||
99 | 77 | -- Bernhard Schmidt <berni@debian.org> Sat, 15 Aug 2020 21:32:49 +0200 | 136 | -- Bernhard Schmidt <berni@debian.org> Sat, 15 Aug 2020 21:32:49 +0200 |
100 | 78 | 137 | ||
101 | 138 | openvpn (2.4.9-3ubuntu1) groovy; urgency=medium | ||
102 | 139 | |||
103 | 140 | * Merge with Debian unstable. Remaining changes: | ||
104 | 141 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
105 | 142 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
106 | 143 | got added to debian/openvpn.init.d ages ago (LP #1454725) | ||
107 | 144 | - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. | ||
108 | 145 | - d/tests: add two DEP-8 test cases | ||
109 | 146 | + d/t/server-setup-with-static-key: test the OpenVPN server side setup | ||
110 | 147 | using a static key. | ||
111 | 148 | + d/t/server-setup-with-ca: test the OpenVPN server side setup using a | ||
112 | 149 | CA built with easy-rsa. | ||
113 | 150 | - d/openvpn*.service: Drop reload support from systemd unit files | ||
114 | 151 | (LP #1868127). The current reload implementation (sending a SIGHUP | ||
115 | 152 | signal to the process) fails, and the difference between reload and | ||
116 | 153 | restart is not clear. Systemd does not require an implementation for | ||
117 | 154 | reload. | ||
118 | 155 | |||
119 | 156 | -- Lucas Kanashiro <kanashiro@ubuntu.com> Tue, 18 Aug 2020 08:42:11 -0300 | ||
120 | 157 | |||
121 | 79 | openvpn (2.4.9-3) unstable; urgency=medium | 158 | openvpn (2.4.9-3) unstable; urgency=medium |
122 | 80 | 159 | ||
123 | 81 | [ Jörg Frings-Fürst ] | 160 | [ Jörg Frings-Fürst ] |
124 | @@ -94,6 +173,28 @@ openvpn (2.4.9-3) unstable; urgency=medium | |||
125 | 94 | 173 | ||
126 | 95 | -- Jörg Frings-Fürst <debian@jff.email> Sat, 02 May 2020 18:14:36 +0200 | 174 | -- Jörg Frings-Fürst <debian@jff.email> Sat, 02 May 2020 18:14:36 +0200 |
127 | 96 | 175 | ||
128 | 176 | openvpn (2.4.9-2ubuntu2) groovy; urgency=medium | ||
129 | 177 | |||
130 | 178 | * Drop reload support from systemd unit files (LP: #1868127) | ||
131 | 179 | |||
132 | 180 | -- Lucas Kanashiro <kanashiro@ubuntu.com> Tue, 26 May 2020 19:04:33 -0300 | ||
133 | 181 | |||
134 | 182 | openvpn (2.4.9-2ubuntu1) groovy; urgency=medium | ||
135 | 183 | |||
136 | 184 | * Merge with Debian unstable. Remaining changes: | ||
137 | 185 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
138 | 186 | - debian/openvpn@.service: Add '--script-security 2' similar to what | ||
139 | 187 | got added to debian/openvpn.init.d ages ago (LP 1454725) | ||
140 | 188 | - Allow MD5 for PRF in FIPS mode openssl. | ||
141 | 189 | * Added changes: | ||
142 | 190 | - d/tests: add two DEP-8 test cases | ||
143 | 191 | + d/t/server-setup-with-static-key: test the OpenVPN server side setup | ||
144 | 192 | using a static key. | ||
145 | 193 | + d/t/server-setup-with-ca: test the OpenVPN server side setup using a | ||
146 | 194 | CA built with easy-rsa. | ||
147 | 195 | |||
148 | 196 | -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Wed, 29 Apr 2020 15:35:56 -0300 | ||
149 | 197 | |||
150 | 97 | openvpn (2.4.9-2) unstable; urgency=medium | 198 | openvpn (2.4.9-2) unstable; urgency=medium |
151 | 98 | 199 | ||
152 | 99 | * Cherry-Pick upstream patch to fix ssl_do_config error with | 200 | * Cherry-Pick upstream patch to fix ssl_do_config error with |
153 | @@ -129,6 +230,28 @@ openvpn (2.4.9-1) unstable; urgency=medium | |||
154 | 129 | 230 | ||
155 | 130 | -- Bernhard Schmidt <berni@debian.org> Sun, 19 Apr 2020 15:52:57 +0200 | 231 | -- Bernhard Schmidt <berni@debian.org> Sun, 19 Apr 2020 15:52:57 +0200 |
156 | 131 | 232 | ||
157 | 233 | openvpn (2.4.7-1ubuntu2) eoan; urgency=medium | ||
158 | 234 | |||
159 | 235 | * No-change upload with strops.h and sys/strops.h removed in glibc. | ||
160 | 236 | |||
161 | 237 | -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:05:25 +0000 | ||
162 | 238 | |||
163 | 239 | openvpn (2.4.7-1ubuntu1) eoan; urgency=medium | ||
164 | 240 | |||
165 | 241 | * Merge with Debian unstable (LP: #1828771). Remaining changes: | ||
166 | 242 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
167 | 243 | - debian/openvpn@.service: Add '--script-security 2' similar to what got | ||
168 | 244 | added to debian/openvpn.init.d ages ago (LP 1454725) | ||
169 | 245 | - d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF. | ||
170 | 246 | (LP 1807439) | ||
171 | 247 | * Dropped changes: | ||
172 | 248 | - d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout | ||
173 | 249 | scripts breaking due to sudo/pam being unable to audit the action. | ||
174 | 250 | Fixed in upstream issue #918, suggested to Debian in #868806 (LP 1787208) | ||
175 | 251 | [in Debian now] | ||
176 | 252 | |||
177 | 253 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 13 May 2019 15:55:22 +0200 | ||
178 | 254 | |||
179 | 132 | openvpn (2.4.7-1) unstable; urgency=medium | 255 | openvpn (2.4.7-1) unstable; urgency=medium |
180 | 133 | 256 | ||
181 | 134 | [ Bernhard Schmidt ] | 257 | [ Bernhard Schmidt ] |
182 | @@ -148,6 +271,30 @@ openvpn (2.4.7-1) unstable; urgency=medium | |||
183 | 148 | 271 | ||
184 | 149 | -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100 | 272 | -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100 |
185 | 150 | 273 | ||
186 | 274 | openvpn (2.4.6-1ubuntu3) disco; urgency=medium | ||
187 | 275 | |||
188 | 276 | * d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF. | ||
189 | 277 | (LP: #1807439) | ||
190 | 278 | |||
191 | 279 | -- Joy Latten <joy.latten@canonical.com> Wed, 09 Jan 2019 12:25:59 -0600 | ||
192 | 280 | |||
193 | 281 | openvpn (2.4.6-1ubuntu2) cosmic; urgency=medium | ||
194 | 282 | |||
195 | 283 | * d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout | ||
196 | 284 | scripts breaking due to sudo/pam being unable to audit the action. | ||
197 | 285 | Fixed in upstream issue #918, suggested to Debian in #868806 (LP: #1787208) | ||
198 | 286 | |||
199 | 287 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 03 Sep 2018 10:57:35 +0200 | ||
200 | 288 | |||
201 | 289 | openvpn (2.4.6-1ubuntu1) cosmic; urgency=medium | ||
202 | 290 | |||
203 | 291 | * Merge with Debian unstable. Remaining changes: | ||
204 | 292 | - d/control: Demote easy-rsa to Suggests (universe package). | ||
205 | 293 | - debian/openvpn@.service: Add '--script-security 2' similar to what got | ||
206 | 294 | added to debian/openvpn.init.d ages ago (LP 1454725) | ||
207 | 295 | |||
208 | 296 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Aug 2018 13:30:20 +0200 | ||
209 | 297 | |||
210 | 151 | openvpn (2.4.6-1) unstable; urgency=medium | 298 | openvpn (2.4.6-1) unstable; urgency=medium |
211 | 152 | 299 | ||
212 | 153 | [ Jörg Frings-Fürst ] | 300 | [ Jörg Frings-Fürst ] |
213 | @@ -191,6 +338,15 @@ openvpn (2.4.5-1) unstable; urgency=medium | |||
214 | 191 | 338 | ||
215 | 192 | -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100 | 339 | -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100 |
216 | 193 | 340 | ||
217 | 341 | openvpn (2.4.4-2ubuntu1) bionic; urgency=low | ||
218 | 342 | |||
219 | 343 | * Sync with Debian. Remaining changes: | ||
220 | 344 | - debian/openvpn@.service: Add "--script-security 2" similar to what got | ||
221 | 345 | added to debian/openvpn.init.d ages ago (LP: #1454725) | ||
222 | 346 | - Demote easy-rsa to Suggests (universe package). | ||
223 | 347 | |||
224 | 348 | -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 10 Feb 2018 20:27:56 +0000 | ||
225 | 349 | |||
226 | 194 | openvpn (2.4.4-2) unstable; urgency=medium | 350 | openvpn (2.4.4-2) unstable; urgency=medium |
227 | 195 | 351 | ||
228 | 196 | * Build against OpenSSL 1.1.0 (Closes: #828477) | 352 | * Build against OpenSSL 1.1.0 (Closes: #828477) |
229 | @@ -198,6 +354,15 @@ openvpn (2.4.4-2) unstable; urgency=medium | |||
230 | 198 | 354 | ||
231 | 199 | -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100 | 355 | -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100 |
232 | 200 | 356 | ||
233 | 357 | openvpn (2.4.4-1ubuntu1) bionic; urgency=medium | ||
234 | 358 | |||
235 | 359 | * Sync with Debian. Remaining changes: | ||
236 | 360 | - debian/openvpn@.service: Add "--script-security 2" similar to what got | ||
237 | 361 | added to debian/openvpn.init.d ages ago (LP: #1454725) | ||
238 | 362 | - Demote easy-rsa to Suggests (universe package). | ||
239 | 363 | |||
240 | 364 | -- Jeremy Bicha <jbicha@ubuntu.com> Sat, 28 Oct 2017 15:13:58 -0400 | ||
241 | 365 | |||
242 | 201 | openvpn (2.4.4-1) unstable; urgency=medium | 366 | openvpn (2.4.4-1) unstable; urgency=medium |
243 | 202 | 367 | ||
244 | 203 | [ Jörg Frings-Fürst ] | 368 | [ Jörg Frings-Fürst ] |
245 | @@ -319,6 +484,65 @@ openvpn (2.4.0-5) unstable; urgency=high | |||
246 | 319 | 484 | ||
247 | 320 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 May 2017 14:15:21 +0200 | 485 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 May 2017 14:15:21 +0200 |
248 | 321 | 486 | ||
249 | 487 | openvpn (2.4.0-4ubuntu1.3) zesty-security; urgency=medium | ||
250 | 488 | |||
251 | 489 | * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet | ||
252 | 490 | - debian/patches/CVE-2017-7508.patch: remove assert in | ||
253 | 491 | src/openvpn/mss.c. | ||
254 | 492 | - CVE-2017-7508 | ||
255 | 493 | * SECURITY UPDATE: Remote-triggerable memory leaks | ||
256 | 494 | - debian/patches/CVE-2017-7512.patch: fix leaks in | ||
257 | 495 | src/openvpn/ssl_verify_openssl.c. | ||
258 | 496 | - CVE-2017-7512 | ||
259 | 497 | * SECURITY UPDATE: Pre-authentication remote crash/information disclosure | ||
260 | 498 | for clients | ||
261 | 499 | - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer | ||
262 | 500 | OOB reads and a crash for invalid input data in src/openvpn/ntlm.c. | ||
263 | 501 | - CVE-2017-7520 | ||
264 | 502 | * SECURITY UPDATE: Potential double-free in --x509-alt-username and | ||
265 | 503 | memory leaks | ||
266 | 504 | - debian/patches/CVE-2017-7521.patch: fix double-free in | ||
267 | 505 | src/openvpn/ssl_verify_openssl.c. | ||
268 | 506 | - CVE-2017-7521 | ||
269 | 507 | * SECURITY UPDATE: DoS in establish_http_proxy_passthru() | ||
270 | 508 | - debian/patches/establish_http_proxy_passthru_dos.patch: fix | ||
271 | 509 | null-pointer dereference in src/openvpn/proxy.c. | ||
272 | 510 | - No CVE number | ||
273 | 511 | |||
274 | 512 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 22 Jun 2017 08:37:49 -0400 | ||
275 | 513 | |||
276 | 514 | openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium | ||
277 | 515 | |||
278 | 516 | * SECURITY UPDATE: pre-authentication denial-of-service vulnerability | ||
279 | 517 | (both client and server) from a too-large control packet. | ||
280 | 518 | - debian/patches/CVE-2017-7478.patch: Do not assert on too-large | ||
281 | 519 | control packet | ||
282 | 520 | - CVE-2017-7478 | ||
283 | 521 | * SECURITY UPDATE: authenticated remote DoS vulnerability due to | ||
284 | 522 | packet ID rollover | ||
285 | 523 | - debian/patches/CVE-2017-7479-prereq.patch: merge | ||
286 | 524 | packet_id_alloc_outgoing() into packet_id_write() | ||
287 | 525 | - debian/patches/CVE-2017-7478.patch: do not assert when packet ID | ||
288 | 526 | rollover occurs | ||
289 | 527 | - CVE-2017-7478 | ||
290 | 528 | * SECURITY UPDATE: auth tokens left in memory after de-auth | ||
291 | 529 | - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token | ||
292 | 530 | as soon as a TLS session is considered broken. | ||
293 | 531 | |||
294 | 532 | -- Steve Beattie <sbeattie@ubuntu.com> Wed, 10 May 2017 15:21:05 -0700 | ||
295 | 533 | |||
296 | 534 | openvpn (2.4.0-4ubuntu1) zesty; urgency=medium | ||
297 | 535 | |||
298 | 536 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
299 | 537 | - debian/openvpn@.service: Add "--script-security 2" similar to what got | ||
300 | 538 | added to debian/openvpn.init.d ages ago (LP: #1454725) | ||
301 | 539 | - Demote easy-rsa to Suggests (universe package). | ||
302 | 540 | * Drop: | ||
303 | 541 | - debian/control: Actually drop the initscripts dependency. | ||
304 | 542 | (Closes: #804968). Already in Debian | ||
305 | 543 | |||
306 | 544 | -- Jon Grimm <jon.grimm@canonical.com> Fri, 10 Feb 2017 12:16:57 -0600 | ||
307 | 545 | |||
308 | 322 | openvpn (2.4.0-4) unstable; urgency=medium | 546 | openvpn (2.4.0-4) unstable; urgency=medium |
309 | 323 | 547 | ||
310 | 324 | * Add NEWS entries on possible 2.4 migration issues. | 548 | * Add NEWS entries on possible 2.4 migration issues. |
311 | @@ -388,6 +612,24 @@ openvpn (2.3.11-2) unstable; urgency=medium | |||
312 | 388 | 612 | ||
313 | 389 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 23 May 2016 09:55:30 +0200 | 613 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 23 May 2016 09:55:30 +0200 |
314 | 390 | 614 | ||
315 | 615 | openvpn (2.3.11-1ubuntu2) yakkety; urgency=medium | ||
316 | 616 | |||
317 | 617 | * debian/control: Actually drop the initscripts dependency. | ||
318 | 618 | (Closes: #804968) | ||
319 | 619 | |||
320 | 620 | -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 22 Jun 2016 16:54:51 +0200 | ||
321 | 621 | |||
322 | 622 | openvpn (2.3.11-1ubuntu1) yakkety; urgency=medium | ||
323 | 623 | |||
324 | 624 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
325 | 625 | - debian/openvpn@.service: Add "--script-security 2" similar to what got | ||
326 | 626 | added to debian/openvpn.init.d ages ago (see LP: #260291). | ||
327 | 627 | - Demote easy-rsa to Suggests (universe package). | ||
328 | 628 | * Drop intrusive changes (showing per-VPN result messages) from | ||
329 | 629 | debian/openvpn.init.d. This isn't being used under systemd. | ||
330 | 630 | |||
331 | 631 | -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 20 May 2016 17:30:27 +0200 | ||
332 | 632 | |||
333 | 391 | openvpn (2.3.11-1) unstable; urgency=medium | 633 | openvpn (2.3.11-1) unstable; urgency=medium |
334 | 392 | 634 | ||
335 | 393 | * New upstream release. | 635 | * New upstream release. |
336 | @@ -399,6 +641,25 @@ openvpn (2.3.11-1) unstable; urgency=medium | |||
337 | 399 | 641 | ||
338 | 400 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2016 17:41:53 +0200 | 642 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2016 17:41:53 +0200 |
339 | 401 | 643 | ||
340 | 644 | openvpn (2.3.10-1ubuntu2) xenial; urgency=medium | ||
341 | 645 | |||
342 | 646 | * debian/openvpn@.service: Add --script-security similar to what got added | ||
343 | 647 | to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725) | ||
344 | 648 | |||
345 | 649 | -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 02 Feb 2016 13:33:39 +0100 | ||
346 | 650 | |||
347 | 651 | openvpn (2.3.10-1ubuntu1) xenial; urgency=medium | ||
348 | 652 | |||
349 | 653 | * Merge with Debian unstable (LP: #1536568). Remaining Ubuntu changes: | ||
350 | 654 | - debian/openvpn.init.d: | ||
351 | 655 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
352 | 656 | + Show per-VPN result messages. | ||
353 | 657 | + Add "--script-security 2" by default for backwards compatabliity. | ||
354 | 658 | (LP #260291) | ||
355 | 659 | - Demote easy-rsa to Suggests | ||
356 | 660 | |||
357 | 661 | -- Gianfranco Costamagna <locutusofborg@debian.org> Thu, 21 Jan 2016 11:37:08 +0100 | ||
358 | 662 | |||
359 | 402 | openvpn (2.3.10-1) unstable; urgency=medium | 663 | openvpn (2.3.10-1) unstable; urgency=medium |
360 | 403 | 664 | ||
361 | 404 | * New upstream release. (Closes: #804368) | 665 | * New upstream release. (Closes: #804368) |
362 | @@ -417,6 +678,21 @@ openvpn (2.3.10-1) unstable; urgency=medium | |||
363 | 417 | 678 | ||
364 | 418 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100 | 679 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100 |
365 | 419 | 680 | ||
366 | 681 | openvpn (2.3.8-1ubuntu1) xenial; urgency=medium | ||
367 | 682 | |||
368 | 683 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
369 | 684 | - debian/openvpn.init.d: | ||
370 | 685 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
371 | 686 | + Show per-VPN result messages. | ||
372 | 687 | + Add "--script-security 2" by default for backwards compatabliity. | ||
373 | 688 | - Demote easy-rsa to Suggests | ||
374 | 689 | - Run openvpn@.service before systemd-user-sessions.service to avoid | ||
375 | 690 | gettys and lightdm starting on top of possible password prompts. This | ||
376 | 691 | provides the equivalent of the init.d script's X-Start-Before:. | ||
377 | 692 | (Closes: #803032) | ||
378 | 693 | |||
379 | 694 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 04 Jan 2016 11:48:31 +0100 | ||
380 | 695 | |||
381 | 420 | openvpn (2.3.8-1) unstable; urgency=medium | 696 | openvpn (2.3.8-1) unstable; urgency=medium |
382 | 421 | 697 | ||
383 | 422 | * New upstream release. Drop patch from 2.3.7-2. | 698 | * New upstream release. Drop patch from 2.3.7-2. |
384 | @@ -430,6 +706,21 @@ openvpn (2.3.8-1) unstable; urgency=medium | |||
385 | 430 | 706 | ||
386 | 431 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Oct 2015 17:34:26 +0100 | 707 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Oct 2015 17:34:26 +0100 |
387 | 432 | 708 | ||
388 | 709 | openvpn (2.3.7-2ubuntu1) xenial; urgency=medium | ||
389 | 710 | |||
390 | 711 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
391 | 712 | - debian/openvpn.init.d: | ||
392 | 713 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
393 | 714 | + Show per-VPN result messages. | ||
394 | 715 | + Add "--script-security 2" by default for backwards compatabliity. | ||
395 | 716 | - Demote easy-rsa to Suggests | ||
396 | 717 | - Run openvpn@.service before systemd-user-sessions.service to avoid | ||
397 | 718 | gettys and lightdm starting on top of possible password prompts. This | ||
398 | 719 | provides the equivalent of the init.d script's X-Start-Before:. | ||
399 | 720 | (Closes: #803032) | ||
400 | 721 | |||
401 | 722 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 26 Oct 2015 09:32:31 +0100 | ||
402 | 723 | |||
403 | 433 | openvpn (2.3.7-2) unstable; urgency=medium | 724 | openvpn (2.3.7-2) unstable; urgency=medium |
404 | 434 | 725 | ||
405 | 435 | * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev. | 726 | * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev. |
406 | @@ -440,6 +731,20 @@ openvpn (2.3.7-2) unstable; urgency=medium | |||
407 | 440 | 731 | ||
408 | 441 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 08 Sep 2015 08:23:19 +0000 | 732 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 08 Sep 2015 08:23:19 +0000 |
409 | 442 | 733 | ||
410 | 734 | openvpn (2.3.7-1ubuntu1) wily; urgency=medium | ||
411 | 735 | |||
412 | 736 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
413 | 737 | - debian/openvpn.init.d: | ||
414 | 738 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
415 | 739 | + Show per-VPN result messages. | ||
416 | 740 | + Add "--script-security 2" by default for backwards compatabliity. | ||
417 | 741 | - Demote easy-rsa to Suggests | ||
418 | 742 | - Run openvpn@.service before systemd-user-sessions.service to avoid | ||
419 | 743 | gettys and lightdm starting on top of possible password prompts. This | ||
420 | 744 | provides the equivalent of the init.d script's X-Start-Before:. | ||
421 | 745 | |||
422 | 746 | -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 08 Jul 2015 12:28:54 +0200 | ||
423 | 747 | |||
424 | 443 | openvpn (2.3.7-1) unstable; urgency=medium | 748 | openvpn (2.3.7-1) unstable; urgency=medium |
425 | 444 | 749 | ||
426 | 445 | * New upstream version | 750 | * New upstream version |
427 | @@ -461,6 +766,20 @@ openvpn (2.3.5-1) unstable; urgency=medium | |||
428 | 461 | 766 | ||
429 | 462 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Oct 2014 17:44:06 +0100 | 767 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Oct 2014 17:44:06 +0100 |
430 | 463 | 768 | ||
431 | 769 | openvpn (2.3.4-5ubuntu1) wily; urgency=medium | ||
432 | 770 | |||
433 | 771 | * Merge with Debian unstable. Remaining Ubuntu changes: | ||
434 | 772 | - debian/openvpn.init.d: | ||
435 | 773 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
436 | 774 | + Show per-VPN result messages. | ||
437 | 775 | + Add "--script-security 2" by default for backwards compatabliity. | ||
438 | 776 | - Demote easy-rsa to Suggests | ||
439 | 777 | - Run openvpn@.service before systemd-user-sessions.service to avoid | ||
440 | 778 | gettys and lightdm starting on top of possible password prompts. This | ||
441 | 779 | provides the equivalent of the init.d script's X-Start-Before:. | ||
442 | 780 | |||
443 | 781 | -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 07 May 2015 15:35:52 +0200 | ||
444 | 782 | |||
445 | 464 | openvpn (2.3.4-5) unstable; urgency=high | 783 | openvpn (2.3.4-5) unstable; urgency=high |
446 | 465 | 784 | ||
447 | 466 | * Apply upstream patch that fixes possible DoS by authenticated | 785 | * Apply upstream patch that fixes possible DoS by authenticated |
448 | @@ -519,6 +838,52 @@ openvpn (2.3.3-1) experimental; urgency=medium | |||
449 | 519 | 838 | ||
450 | 520 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 19:40:12 +0100 | 839 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 19:40:12 +0100 |
451 | 521 | 840 | ||
452 | 841 | openvpn (2.3.2-9ubuntu4) vivid; urgency=medium | ||
453 | 842 | |||
454 | 843 | * Run openvpn@.service before systemd-user-sessions.service to avoid gettys | ||
455 | 844 | and lightdm starting on top of possible password prompts. This provides | ||
456 | 845 | the equivalent of the init.d script's X-Start-Before:. | ||
457 | 846 | |||
458 | 847 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 13 Apr 2015 16:09:01 -0500 | ||
459 | 848 | |||
460 | 849 | openvpn (2.3.2-9ubuntu3) vivid; urgency=medium | ||
461 | 850 | |||
462 | 851 | * Add better_systemd_detection.patch to avoid calling systemd-ask-password | ||
463 | 852 | under upstart. Backported from upstream. (Closes: #747265) | ||
464 | 853 | * Add systemd unit and generator from current Debian package. This avoids | ||
465 | 854 | using the init.d script, which unnecessarily blocks lightdm startup on the | ||
466 | 855 | network becoming online even if there are no auto-start connections | ||
467 | 856 | (LP: #1443489). | ||
468 | 857 | |||
469 | 858 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 13 Apr 2015 11:22:56 -0500 | ||
470 | 859 | |||
471 | 860 | openvpn (2.3.2-9ubuntu2) vivid; urgency=medium | ||
472 | 861 | |||
473 | 862 | * SECURITY UPDATE: server denial of service via too-short control channel | ||
474 | 863 | packets | ||
475 | 864 | - debian/patches/CVE-2014-8104.patch: drop too-short control channel | ||
476 | 865 | packets instead of asserting out in src/openvpn/ssl.c. | ||
477 | 866 | - CVE-2014-8104 | ||
478 | 867 | * debian/patches/update_certs.patch: update test certs to fix FTBFS. | ||
479 | 868 | |||
480 | 869 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 01 Dec 2014 15:26:58 -0500 | ||
481 | 870 | |||
482 | 871 | openvpn (2.3.2-9ubuntu1) utopic; urgency=medium | ||
483 | 872 | |||
484 | 873 | * Merge from Debian unstable. Remaining changes: | ||
485 | 874 | - debian/openvpn.init.d: | ||
486 | 875 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
487 | 876 | + Show per-VPN result messages. | ||
488 | 877 | + Add "--script-security 2" by default for backwards compatabliity. | ||
489 | 878 | - Demote easy-rsa to Suggests | ||
490 | 879 | - Patch libtool.m4 and configure to support ppc64el. | ||
491 | 880 | - Refresh delta with debian/openvpn.init.d: | ||
492 | 881 | + Make stop action reliable by killing if needed | ||
493 | 882 | (LP: #1274254, LP: #1200519) | ||
494 | 883 | + Use new path for status file (LP: #1261088) | ||
495 | 884 | |||
496 | 885 | -- Stéphane Graber <stgraber@ubuntu.com> Fri, 02 May 2014 16:00:55 -0400 | ||
497 | 886 | |||
498 | 522 | openvpn (2.3.2-9) unstable; urgency=medium | 887 | openvpn (2.3.2-9) unstable; urgency=medium |
499 | 523 | 888 | ||
500 | 524 | * Create /run/openvpn in init script even if no VPN is | 889 | * Create /run/openvpn in init script even if no VPN is |
501 | @@ -534,6 +899,33 @@ openvpn (2.3.2-8) unstable; urgency=medium | |||
502 | 534 | 899 | ||
503 | 535 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 14 Mar 2014 12:59:57 +0100 | 900 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 14 Mar 2014 12:59:57 +0100 |
504 | 536 | 901 | ||
505 | 902 | openvpn (2.3.2-7ubuntu3) trusty; urgency=medium | ||
506 | 903 | |||
507 | 904 | [ Simon Deziel ] | ||
508 | 905 | * Refresh delta with debian/openvpn.init.d: | ||
509 | 906 | - Make stop action reliable by killing if needed | ||
510 | 907 | (LP: #1274254, LP: #1200519) | ||
511 | 908 | - Use new path for status file (LP: #1261088) | ||
512 | 909 | |||
513 | 910 | -- Stéphane Graber <stgraber@ubuntu.com> Tue, 04 Feb 2014 09:31:39 -0500 | ||
514 | 911 | |||
515 | 912 | openvpn (2.3.2-7ubuntu2) trusty; urgency=medium | ||
516 | 913 | |||
517 | 914 | * Patch libtool.m4 and configure to support ppc64el. | ||
518 | 915 | |||
519 | 916 | -- Matthias Klose <doko@ubuntu.com> Mon, 30 Dec 2013 12:32:35 +0100 | ||
520 | 917 | |||
521 | 918 | openvpn (2.3.2-7ubuntu1) trusty; urgency=low | ||
522 | 919 | |||
523 | 920 | * Merge from Debian unstable. Remaining changes: | ||
524 | 921 | - debian/openvpn.init.d: | ||
525 | 922 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
526 | 923 | + Show per-VPN result messages. | ||
527 | 924 | + Add "--script-security 2" by default for backwards compatabliity. | ||
528 | 925 | - Demote easy-rsa to Suggests | ||
529 | 926 | |||
530 | 927 | -- Stéphane Graber <stgraber@ubuntu.com> Mon, 02 Dec 2013 18:14:42 -0500 | ||
531 | 928 | |||
532 | 537 | openvpn (2.3.2-7) unstable; urgency=low | 929 | openvpn (2.3.2-7) unstable; urgency=low |
533 | 538 | 930 | ||
534 | 539 | * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/. | 931 | * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/. |
535 | @@ -550,6 +942,17 @@ openvpn (2.3.2-6) unstable; urgency=low | |||
536 | 550 | 942 | ||
537 | 551 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 27 Nov 2013 13:58:33 +0100 | 943 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 27 Nov 2013 13:58:33 +0100 |
538 | 552 | 944 | ||
539 | 945 | openvpn (2.3.2-5ubuntu1) trusty; urgency=low | ||
540 | 946 | |||
541 | 947 | * Merge from Debian unstable. Remaining changes: | ||
542 | 948 | - debian/openvpn.init.d: | ||
543 | 949 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
544 | 950 | + Show per-VPN result messages. | ||
545 | 951 | + Add "--script-security 2" by default for backwards compatabliity. | ||
546 | 952 | - Demote easy-rsa to Suggests | ||
547 | 953 | |||
548 | 954 | -- Stéphane Graber <stgraber@ubuntu.com> Mon, 21 Oct 2013 13:07:37 -0400 | ||
549 | 955 | |||
550 | 553 | openvpn (2.3.2-5) unstable; urgency=low | 956 | openvpn (2.3.2-5) unstable; urgency=low |
551 | 554 | 957 | ||
552 | 555 | * Patch init script to fix race conditions on restarts. | 958 | * Patch init script to fix race conditions on restarts. |
553 | @@ -559,6 +962,16 @@ openvpn (2.3.2-5) unstable; urgency=low | |||
554 | 559 | 962 | ||
555 | 560 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 15 Jul 2013 16:10:59 +0200 | 963 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 15 Jul 2013 16:10:59 +0200 |
556 | 561 | 964 | ||
557 | 965 | openvpn (2.3.2-4ubuntu1) saucy; urgency=low | ||
558 | 966 | |||
559 | 967 | * Merge from Debian unstable. Remaining changes: | ||
560 | 968 | - debian/openvpn.init.d: | ||
561 | 969 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
562 | 970 | + Show per-VPN result messages. | ||
563 | 971 | + Add "--script-security 2" by default for backwards compatabliity. | ||
564 | 972 | |||
565 | 973 | -- Stéphane Graber <stgraber@ubuntu.com> Tue, 09 Jul 2013 17:20:31 -0400 | ||
566 | 974 | |||
567 | 562 | openvpn (2.3.2-4) unstable; urgency=low | 975 | openvpn (2.3.2-4) unstable; urgency=low |
568 | 563 | 976 | ||
569 | 564 | * Fix depends on iproute to iproute2. | 977 | * Fix depends on iproute to iproute2. |
570 | @@ -591,6 +1004,23 @@ openvpn (2.3.2-1) unstable; urgency=low | |||
571 | 591 | 1004 | ||
572 | 592 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 03 Jun 2013 18:48:44 +0200 | 1005 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 03 Jun 2013 18:48:44 +0200 |
573 | 593 | 1006 | ||
574 | 1007 | openvpn (2.3.1-2ubuntu2) saucy; urgency=low | ||
575 | 1008 | |||
576 | 1009 | * Move easy-rsa from Recommends to Suggests as it's not in main and isn't | ||
577 | 1010 | actually required to operate an openvpn server. | ||
578 | 1011 | |||
579 | 1012 | -- Stéphane Graber <stgraber@ubuntu.com> Wed, 19 Jun 2013 14:37:54 -0400 | ||
580 | 1013 | |||
581 | 1014 | openvpn (2.3.1-2ubuntu1) saucy; urgency=low | ||
582 | 1015 | |||
583 | 1016 | * Merge from Debian unstable. Remaining changes: | ||
584 | 1017 | - debian/openvpn.init.d: | ||
585 | 1018 | + Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
586 | 1019 | + Show per-VPN result messages. | ||
587 | 1020 | + Add "--script-security 2" by default for backwards compatabliity. | ||
588 | 1021 | |||
589 | 1022 | -- Stéphane Graber <stgraber@ubuntu.com> Fri, 24 May 2013 17:42:45 -0400 | ||
590 | 1023 | |||
591 | 594 | openvpn (2.3.1-2) unstable; urgency=low | 1024 | openvpn (2.3.1-2) unstable; urgency=low |
592 | 595 | 1025 | ||
593 | 596 | * Add net-tools to Build-Depends. (Closes: #709108) | 1026 | * Add net-tools to Build-Depends. (Closes: #709108) |
594 | @@ -618,6 +1048,32 @@ openvpn (2.3~rc1-1) experimental; urgency=low | |||
595 | 618 | 1048 | ||
596 | 619 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 05 Nov 2012 16:31:15 +0100 | 1049 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 05 Nov 2012 16:31:15 +0100 |
597 | 620 | 1050 | ||
598 | 1051 | openvpn (2.2.1-8ubuntu3) raring; urgency=low | ||
599 | 1052 | |||
600 | 1053 | [ Marc Gariépy ] | ||
601 | 1054 | * Add --script-security to the init.d script (was generated but not passed | ||
602 | 1055 | to openvpn). (LP: #1124398) | ||
603 | 1056 | |||
604 | 1057 | -- Stéphane Graber <stgraber@ubuntu.com> Wed, 13 Feb 2013 16:10:48 -0500 | ||
605 | 1058 | |||
606 | 1059 | openvpn (2.2.1-8ubuntu2) quantal; urgency=low | ||
607 | 1060 | |||
608 | 1061 | * Rebuild for new armel compiler default of ARMv5t. | ||
609 | 1062 | |||
610 | 1063 | -- Colin Watson <cjwatson@ubuntu.com> Mon, 08 Oct 2012 08:36:47 +0100 | ||
611 | 1064 | |||
612 | 1065 | openvpn (2.2.1-8ubuntu1) precise; urgency=low | ||
613 | 1066 | |||
614 | 1067 | * Merge at Simon Deziel's request to build with PIE. | ||
615 | 1068 | * Merge from Debian unstable. Remaining changes: | ||
616 | 1069 | + debian/openvpn.init.d: | ||
617 | 1070 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
618 | 1071 | - Show per-VPN result messages. | ||
619 | 1072 | - Add "--script-security 2" by default for backwards compatabliity. | ||
620 | 1073 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
621 | 1074 | |||
622 | 1075 | -- Stéphane Graber <stgraber@ubuntu.com> Fri, 30 Mar 2012 13:19:09 -0400 | ||
623 | 1076 | |||
624 | 621 | openvpn (2.2.1-8) unstable; urgency=low | 1077 | openvpn (2.2.1-8) unstable; urgency=low |
625 | 622 | 1078 | ||
626 | 623 | * Enable "PIE" and "BINDOW" hardening flags. | 1079 | * Enable "PIE" and "BINDOW" hardening flags. |
627 | @@ -642,6 +1098,17 @@ openvpn (2.2.1-6) unstable; urgency=low | |||
628 | 642 | 1098 | ||
629 | 643 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Mar 2012 13:44:50 +0100 | 1099 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Mar 2012 13:44:50 +0100 |
630 | 644 | 1100 | ||
631 | 1101 | openvpn (2.2.1-5ubuntu1) precise; urgency=low | ||
632 | 1102 | |||
633 | 1103 | * Merge from Debian unstable. Remaining changes: (LP: #907828) | ||
634 | 1104 | + debian/openvpn.init.d: | ||
635 | 1105 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
636 | 1106 | - Show per-VPN result messages. | ||
637 | 1107 | - Add "--script-security 2" by default for backwards compatabliity. | ||
638 | 1108 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
639 | 1109 | |||
640 | 1110 | -- Stéphane Graber <stgraber@ubuntu.com> Sat, 25 Feb 2012 21:08:48 -0500 | ||
641 | 1111 | |||
642 | 645 | openvpn (2.2.1-5) unstable; urgency=low | 1112 | openvpn (2.2.1-5) unstable; urgency=low |
643 | 646 | 1113 | ||
644 | 647 | * Avoid sending ICMP redirects when using tun devices and "subnet" | 1114 | * Avoid sending ICMP redirects when using tun devices and "subnet" |
645 | @@ -664,6 +1131,20 @@ openvpn (2.2.1-4) unstable; urgency=low | |||
646 | 664 | 1131 | ||
647 | 665 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 08 Feb 2012 16:31:32 +0100 | 1132 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 08 Feb 2012 16:31:32 +0100 |
648 | 666 | 1133 | ||
649 | 1134 | openvpn (2.2.1-3ubuntu1) precise; urgency=low | ||
650 | 1135 | |||
651 | 1136 | * Merge from Debian testing. Remaining changes: | ||
652 | 1137 | + debian/openvpn.init.d: | ||
653 | 1138 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
654 | 1139 | - Show per-VPN result messages. | ||
655 | 1140 | - Add "--script-security 2" by default for backwards compatabliity. | ||
656 | 1141 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
657 | 1142 | + debian/update-resolv-conf: Support multiple domains. | ||
658 | 1143 | + fix bug where '--script-security 2' would be passed for all | ||
659 | 1144 | daemons after the first. (LP: #794916) | ||
660 | 1145 | |||
661 | 1146 | -- Chuck Short <zulcss@ubuntu.com> Sat, 31 Dec 2011 04:55:56 +0000 | ||
662 | 1147 | |||
663 | 667 | openvpn (2.2.1-3) unstable; urgency=low | 1148 | openvpn (2.2.1-3) unstable; urgency=low |
664 | 668 | 1149 | ||
665 | 669 | * The iproute fiasco release. | 1150 | * The iproute fiasco release. |
666 | @@ -692,6 +1173,20 @@ openvpn (2.2.1-1) unstable; urgency=low | |||
667 | 692 | 1173 | ||
668 | 693 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 13 Dec 2011 11:04:22 +0100 | 1174 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 13 Dec 2011 11:04:22 +0100 |
669 | 694 | 1175 | ||
670 | 1176 | openvpn (2.2.0-2ubuntu1) oneiric; urgency=low | ||
671 | 1177 | |||
672 | 1178 | * Merge from debian unstable. Remaining changes: | ||
673 | 1179 | + debian/openvpn.init.d: | ||
674 | 1180 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
675 | 1181 | - Show per-VPN result messages. | ||
676 | 1182 | - Add "--script-security 2" by default for backwards compatabliity. | ||
677 | 1183 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
678 | 1184 | + debian/update-resolv-conf: Support multiple domains. | ||
679 | 1185 | + fix bug where '--script-security 2' would be passed for all | ||
680 | 1186 | daemons after the first. (LP: #794916 | ||
681 | 1187 | |||
682 | 1188 | -- Chuck Short <zulcss@ubuntu.com> Thu, 16 Jun 2011 18:33:37 +0100 | ||
683 | 1189 | |||
684 | 695 | openvpn (2.2.0-2) unstable; urgency=low | 1190 | openvpn (2.2.0-2) unstable; urgency=low |
685 | 696 | 1191 | ||
686 | 697 | * Upload to unstable | 1192 | * Upload to unstable |
687 | @@ -726,6 +1221,45 @@ openvpn (2.1.3-5) experimental; urgency=low | |||
688 | 726 | 1221 | ||
689 | 727 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:57:18 +0100 | 1222 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:57:18 +0100 |
690 | 728 | 1223 | ||
691 | 1224 | openvpn (2.1.3-4.1ubuntu2) oneiric; urgency=low | ||
692 | 1225 | |||
693 | 1226 | [Alexander Zielke] | ||
694 | 1227 | * fix bug where '--script-security 2' would be passed for all | ||
695 | 1228 | daemons after the first. (LP: #794916) | ||
696 | 1229 | |||
697 | 1230 | -- Scott Moser <smoser@ubuntu.com> Thu, 09 Jun 2011 13:59:08 -0400 | ||
698 | 1231 | |||
699 | 1232 | openvpn (2.1.3-4.1ubuntu1) oneiric; urgency=low | ||
700 | 1233 | |||
701 | 1234 | * Merge from debian unstable. Remaining changes: | ||
702 | 1235 | + debian/openvpn.init.d: | ||
703 | 1236 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
704 | 1237 | - Show per-VPN result messages. | ||
705 | 1238 | - Add "--script-security 2" by default for backwards compatabliity. | ||
706 | 1239 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
707 | 1240 | + debian/update-resolv-conf: Support multiple domains. | ||
708 | 1241 | |||
709 | 1242 | -- Chuck Short <zulcss@ubuntu.com> Tue, 17 May 2011 02:14:39 +0100 | ||
710 | 1243 | |||
711 | 1244 | openvpn (2.1.3-4.1) unstable; urgency=low | ||
712 | 1245 | |||
713 | 1246 | * Non-maintainer upload. | ||
714 | 1247 | * Drop hard-coded dependency on libssl0.9.8. (Closes: #623503) | ||
715 | 1248 | |||
716 | 1249 | -- Philipp Kern <pkern@debian.org> Mon, 09 May 2011 23:20:03 +0200 | ||
717 | 1250 | |||
718 | 1251 | openvpn (2.1.3-4ubuntu1) oneiric; urgency=low | ||
719 | 1252 | |||
720 | 1253 | * Merge from debian unstable. Remaining changes: | ||
721 | 1254 | + debian/openvpn.init.d: | ||
722 | 1255 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
723 | 1256 | - Show per-VPN result messages. | ||
724 | 1257 | - Add "--script-security 2" by default for backwards compatabliity. | ||
725 | 1258 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
726 | 1259 | + debian/update-resolv-conf: Support multiple domains. | ||
727 | 1260 | |||
728 | 1261 | -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Mar 2011 23:28:26 +0000 | ||
729 | 1262 | |||
730 | 729 | openvpn (2.1.3-4) unstable; urgency=low | 1263 | openvpn (2.1.3-4) unstable; urgency=low |
731 | 730 | 1264 | ||
732 | 731 | * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd. | 1265 | * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd. |
733 | @@ -748,6 +1282,31 @@ openvpn (2.1.3-3) unstable; urgency=low | |||
734 | 748 | 1282 | ||
735 | 749 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Mar 2011 13:08:12 +0100 | 1283 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Mar 2011 13:08:12 +0100 |
736 | 750 | 1284 | ||
737 | 1285 | openvpn (2.1.3-2ubuntu3) natty; urgency=low | ||
738 | 1286 | |||
739 | 1287 | * update-resolv-conf: Correctly handle multiple dns search domains, | ||
740 | 1288 | using the same logic as nameservers. Patch courtesy of Jeremy | ||
741 | 1289 | Zawodny. (LP: #662847) | ||
742 | 1290 | |||
743 | 1291 | -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Fri, 11 Mar 2011 00:23:59 +0000 | ||
744 | 1292 | |||
745 | 1293 | openvpn (2.1.3-2ubuntu2) natty; urgency=low | ||
746 | 1294 | |||
747 | 1295 | * update-resolv-conf: Support mulitple domains (LP: #714358) | ||
748 | 1296 | |||
749 | 1297 | -- Chuck Short <zulcss@ubuntu.com> Mon, 14 Feb 2011 15:21:46 -0500 | ||
750 | 1298 | |||
751 | 1299 | openvpn (2.1.3-2ubuntu1) natty; urgency=low | ||
752 | 1300 | |||
753 | 1301 | * Merge from debian unstable. Remaining changes: | ||
754 | 1302 | + debian/openvpn.init.d: | ||
755 | 1303 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
756 | 1304 | - Show per-VPN result messages. | ||
757 | 1305 | - Add "--script-security 2" by default for backwards compatabliity. | ||
758 | 1306 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
759 | 1307 | |||
760 | 1308 | -- Chuck Short <zulcss@ubuntu.com> Sat, 23 Oct 2010 01:59:28 +0100 | ||
761 | 1309 | |||
762 | 751 | openvpn (2.1.3-2) unstable; urgency=low | 1310 | openvpn (2.1.3-2) unstable; urgency=low |
763 | 752 | 1311 | ||
764 | 753 | * Applied upstream patch to solve random routes added when using | 1312 | * Applied upstream patch to solve random routes added when using |
765 | @@ -755,6 +1314,24 @@ openvpn (2.1.3-2) unstable; urgency=low | |||
766 | 755 | 1314 | ||
767 | 756 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 21 Oct 2010 12:21:33 +0200 | 1315 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 21 Oct 2010 12:21:33 +0200 |
768 | 757 | 1316 | ||
769 | 1317 | openvpn (2.1.3-1ubuntu2) natty; urgency=low | ||
770 | 1318 | |||
771 | 1319 | * Fix jjo-ipv6-support.patch to avoid assertion failure at socket.c:629 in | ||
772 | 1320 | corner cases where ! host && addr (LP: #627973) | ||
773 | 1321 | |||
774 | 1322 | -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Wed, 20 Oct 2010 16:22:25 +0200 | ||
775 | 1323 | |||
776 | 1324 | openvpn (2.1.3-1ubuntu1) natty; urgency=low | ||
777 | 1325 | |||
778 | 1326 | * Merge from debian unstable. Remaining changes: | ||
779 | 1327 | + debian/openvpn.init.d: | ||
780 | 1328 | - Do not use start-stop-daemon and </dev/null to avoid blocking boot. | ||
781 | 1329 | - Show per-VPN result messages. | ||
782 | 1330 | - Add "--script-security 2" by default for backwards compatablitiy | ||
783 | 1331 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
784 | 1332 | |||
785 | 1333 | -- Chuck Short <zulcss@ubuntu.com> Tue, 05 Oct 2010 06:21:14 +0100 | ||
786 | 1334 | |||
787 | 758 | openvpn (2.1.3-1) unstable; urgency=low | 1335 | openvpn (2.1.3-1) unstable; urgency=low |
788 | 759 | 1336 | ||
789 | 760 | * New upstream release (Closes: #595684) | 1337 | * New upstream release (Closes: #595684) |
790 | @@ -766,6 +1343,17 @@ openvpn (2.1.3-1) unstable; urgency=low | |||
791 | 766 | 1343 | ||
792 | 767 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Sep 2010 13:07:37 +0200 | 1344 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Sep 2010 13:07:37 +0200 |
793 | 768 | 1345 | ||
794 | 1346 | openvpn (2.1.0-3ubuntu1) maverick; urgency=low | ||
795 | 1347 | |||
796 | 1348 | * Merge from debian unstable. Remaining changes: | ||
797 | 1349 | + debian/openvpn.init.d: | ||
798 | 1350 | - Do not use start-stop-daemon and use </dev/null to avoid blocking boot | ||
799 | 1351 | - Show per-VPN result messages | ||
800 | 1352 | - Add "--script-security 2" by default for backwards compatablitiy | ||
801 | 1353 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
802 | 1354 | |||
803 | 1355 | -- Chuck Short <zulcss@ubuntu.com> Mon, 12 Jul 2010 09:39:43 -0400 | ||
804 | 1356 | |||
805 | 769 | openvpn (2.1.0-3) unstable; urgency=low | 1357 | openvpn (2.1.0-3) unstable; urgency=low |
806 | 770 | 1358 | ||
807 | 771 | * The 'happy birthday to me' release | 1359 | * The 'happy birthday to me' release |
808 | @@ -775,6 +1363,24 @@ openvpn (2.1.0-3) unstable; urgency=low | |||
809 | 775 | 1363 | ||
810 | 776 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Jul 2010 12:22:09 +0200 | 1364 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Jul 2010 12:22:09 +0200 |
811 | 777 | 1365 | ||
812 | 1366 | openvpn (2.1.0-2ubuntu2) maverick; urgency=low | ||
813 | 1367 | |||
814 | 1368 | * debian/patches/client_hang_when_server_dont_push.patch: Fix client hanging | ||
815 | 1369 | on PUSH_REQUEST when server does not push any option (LP: #579737) | ||
816 | 1370 | |||
817 | 1371 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 28 Jun 2010 10:45:23 +0200 | ||
818 | 1372 | |||
819 | 1373 | openvpn (2.1.0-2ubuntu1) maverick; urgency=low | ||
820 | 1374 | |||
821 | 1375 | * Merge from debian unstable. Remaining changes: | ||
822 | 1376 | + debian/openvpn.init.d: | ||
823 | 1377 | - Do not use start-stop-daemon and use </dev/null to avoid blocking boot | ||
824 | 1378 | - Show per-VPN result messages | ||
825 | 1379 | - Add "--script-security 2" by default for backwards compatablitiy | ||
826 | 1380 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
827 | 1381 | |||
828 | 1382 | -- Chuck Short <zulcss@ubuntu.com> Wed, 05 May 2010 03:06:19 +0100 | ||
829 | 1383 | |||
830 | 778 | openvpn (2.1.0-2) unstable; urgency=low | 1384 | openvpn (2.1.0-2) unstable; urgency=low |
831 | 779 | 1385 | ||
832 | 780 | * Patched ssl.[ch] to fix integer overflow. (Closes: #576827) | 1386 | * Patched ssl.[ch] to fix integer overflow. (Closes: #576827) |
833 | @@ -787,6 +1393,17 @@ openvpn (2.1.0-2) unstable; urgency=low | |||
834 | 787 | 1393 | ||
835 | 788 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Apr 2010 17:26:42 +0200 | 1394 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Apr 2010 17:26:42 +0200 |
836 | 789 | 1395 | ||
837 | 1396 | openvpn (2.1.0-1ubuntu1) lucid; urgency=low | ||
838 | 1397 | |||
839 | 1398 | * Merge from debian testing (LP: #509078), remaining changes: | ||
840 | 1399 | + debian/openvpn.init.d: | ||
841 | 1400 | - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot | ||
842 | 1401 | - Show per-VPN result messages | ||
843 | 1402 | - Add "--script-security 2" by default for backwards compatibility | ||
844 | 1403 | + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() | ||
845 | 1404 | |||
846 | 1405 | -- Jan Brinkmann <lucky@the-luckyduck.de> Fri, 22 Jan 2010 00:47:33 +0100 | ||
847 | 1406 | |||
848 | 790 | openvpn (2.1.0-1) unstable; urgency=low | 1407 | openvpn (2.1.0-1) unstable; urgency=low |
849 | 791 | 1408 | ||
850 | 792 | * New upstream release | 1409 | * New upstream release |
851 | @@ -824,6 +1441,20 @@ openvpn (2.1~rc20-3) unstable; urgency=low | |||
852 | 824 | 1441 | ||
853 | 825 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 04 Nov 2009 17:18:03 +0100 | 1442 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 04 Nov 2009 17:18:03 +0100 |
854 | 826 | 1443 | ||
855 | 1444 | openvpn (2.1~rc20-2ubuntu1) lucid; urgency=low | ||
856 | 1445 | |||
857 | 1446 | * Merge from debian testing, remaining changes: | ||
858 | 1447 | + debian/openvpn.init.d: | ||
859 | 1448 | - Do not use start-stop-daemon and use < /dev/null to avoid blocking | ||
860 | 1449 | boot. | ||
861 | 1450 | - show per-VPN result messages | ||
862 | 1451 | - add "--script-security 2" by default for backwards compatibility | ||
863 | 1452 | - Add lab-base >= 3.2-14 to allow status_of_proc() | ||
864 | 1453 | + Dropped debian/patches/redirect-gateway.patch: Already applied | ||
865 | 1454 | upstream. | ||
866 | 1455 | |||
867 | 1456 | -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Nov 2009 01:36:35 +0000 | ||
868 | 1457 | |||
869 | 827 | openvpn (2.1~rc20-2) unstable; urgency=low | 1458 | openvpn (2.1~rc20-2) unstable; urgency=low |
870 | 828 | 1459 | ||
871 | 829 | * init.d script: Added X-Interactive header. (Closes: #549424) | 1460 | * init.d script: Added X-Interactive header. (Closes: #549424) |
872 | @@ -848,6 +1479,25 @@ openvpn (2.1~rc19-2) unstable; urgency=low | |||
873 | 848 | 1479 | ||
874 | 849 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 30 Aug 2009 20:20:11 +0200 | 1480 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 30 Aug 2009 20:20:11 +0200 |
875 | 850 | 1481 | ||
876 | 1482 | openvpn (2.1~rc19-1ubuntu2) karmic; urgency=low | ||
877 | 1483 | |||
878 | 1484 | * debian/patches/redirect-gateway.patch: Fix regression introduced in | ||
879 | 1485 | 2.1rc17 that makes redirect-gateway (without options) to be ignored. | ||
880 | 1486 | Patch cherrypicked from upstream 2.1rc20 (SVN r5011), LP: #445695 | ||
881 | 1487 | |||
882 | 1488 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 13 Oct 2009 09:31:20 +0200 | ||
883 | 1489 | |||
884 | 1490 | openvpn (2.1~rc19-1ubuntu1) karmic; urgency=low | ||
885 | 1491 | |||
886 | 1492 | * Merge from debian unstable (LP: #404099), remaining changes: | ||
887 | 1493 | - debian/openvpn.init.d: | ||
888 | 1494 | - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot | ||
889 | 1495 | - show per-VPN result messages | ||
890 | 1496 | - add "--script-security 2" by default for backwards compatibility | ||
891 | 1497 | - Added lsb-base>=3.2-14 depend to allow status_of_proc() | ||
892 | 1498 | |||
893 | 1499 | -- Bhavani Shankar <right2bhavi@gmail.com> Fri, 24 Jul 2009 19:22:13 +0530 | ||
894 | 1500 | |||
895 | 851 | openvpn (2.1~rc19-1) unstable; urgency=low | 1501 | openvpn (2.1~rc19-1) unstable; urgency=low |
896 | 852 | 1502 | ||
897 | 853 | * New upstream version | 1503 | * New upstream version |
898 | @@ -857,6 +1507,17 @@ openvpn (2.1~rc19-1) unstable; urgency=low | |||
899 | 857 | 1507 | ||
900 | 858 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 Jul 2009 17:00:56 +0200 | 1508 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 Jul 2009 17:00:56 +0200 |
901 | 859 | 1509 | ||
902 | 1510 | openvpn (2.1~rc15-1ubuntu1) karmic; urgency=low | ||
903 | 1511 | |||
904 | 1512 | * Merge from debian unstable (LP: #372358), remaining changes: | ||
905 | 1513 | - debian/openvpn.init.d: | ||
906 | 1514 | - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot | ||
907 | 1515 | - show per-VPN result messages | ||
908 | 1516 | - add "--script-security 2" by default for backwards compatibility | ||
909 | 1517 | - Added lsb-base>=3.2-14 depend to allow status_of_proc() | ||
910 | 1518 | |||
911 | 1519 | -- Andres Rodriguez <andreserl@ubuntu.com> Tue, 05 May 2009 14:25:37 -0500 | ||
912 | 1520 | |||
913 | 860 | openvpn (2.1~rc15-1) unstable; urgency=low | 1521 | openvpn (2.1~rc15-1) unstable; urgency=low |
914 | 861 | 1522 | ||
915 | 862 | * New upstream version (Closes: #515575) | 1523 | * New upstream version (Closes: #515575) |
916 | @@ -876,6 +1537,33 @@ openvpn (2.1~rc15-1) unstable; urgency=low | |||
917 | 876 | 1537 | ||
918 | 877 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +0200 | 1538 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +0200 |
919 | 878 | 1539 | ||
920 | 1540 | openvpn (2.1~rc11-1ubuntu3) jaunty; urgency=low | ||
921 | 1541 | |||
922 | 1542 | * debian/openvpn.init.d: | ||
923 | 1543 | - Fix unexpected operator on startup (LP: #340120) | ||
924 | 1544 | |||
925 | 1545 | -- Michael Jeanson <mjeanson@revolutionlinux.com> Mon, 09 Mar 2009 16:02:50 -0400 | ||
926 | 1546 | |||
927 | 1547 | openvpn (2.1~rc11-1ubuntu2) intrepid; urgency=low | ||
928 | 1548 | |||
929 | 1549 | * debian/openvpn.init.d: | ||
930 | 1550 | - Revert fix from #454371 that was merged at 2.1~rc7-4 to prevent | ||
931 | 1551 | openvpn prompts from blocking the boot (LP: #280428) | ||
932 | 1552 | - Fix VPNs always reported started [ OK ] | ||
933 | 1553 | |||
934 | 1554 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Wed, 15 Oct 2008 17:12:54 +0200 | ||
935 | 1555 | |||
936 | 1556 | openvpn (2.1~rc11-1ubuntu1) intrepid; urgency=low | ||
937 | 1557 | |||
938 | 1558 | * Merge with Debian (LP: #279655), remaining diffs: | ||
939 | 1559 | - debian/openvpn.init.d: Added 'status' action to init script, show | ||
940 | 1560 | per-VPN result messages and add "--script-security 2" by default for | ||
941 | 1561 | backwards compatibility | ||
942 | 1562 | - debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc() | ||
943 | 1563 | * Fixes regression when calling commands with arguments (LP: #277447) | ||
944 | 1564 | |||
945 | 1565 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 07 Oct 2008 16:30:44 +0200 | ||
946 | 1566 | |||
947 | 879 | openvpn (2.1~rc11-1) unstable; urgency=low | 1567 | openvpn (2.1~rc11-1) unstable; urgency=low |
948 | 880 | 1568 | ||
949 | 881 | * New upstream version | 1569 | * New upstream version |
950 | @@ -896,6 +1584,23 @@ openvpn (2.1~rc10-1) unstable; urgency=low | |||
951 | 896 | 1584 | ||
952 | 897 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 Sep 2008 16:58:37 +0200 | 1585 | -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 Sep 2008 16:58:37 +0200 |
953 | 898 | 1586 | ||
954 | 1587 | openvpn (2.1~rc9-3ubuntu2) intrepid; urgency=low | ||
955 | 1588 | |||
956 | 1589 | * debian/openvpn.init.d: | ||
957 | 1590 | - Added 'status' action to init script (LP: #251641) | ||
958 | 1591 | - Restored per-VPN result messages by using log_action_begin_msg and | ||
959 | 1592 | one log_daemon_msg per VPN instead of log_progress_msg (LP: #264966) | ||
960 | 1593 | * debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc() | ||
961 | 1594 | |||
962 | 1595 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Tue, 09 Sep 2008 10:45:45 +0200 | ||
963 | 1596 | |||
964 | 1597 | openvpn (2.1~rc9-3ubuntu1) intrepid; urgency=low | ||
965 | 1598 | |||
966 | 1599 | * debian/openvpn.init.d: Add "--script-security 2" by default for backwards compatibility | ||
967 | 1600 | (LP: #260291) | ||
968 | 1601 | |||
969 | 1602 | -- Chuck Short <zulcss@ubuntu.com> Mon, 25 Aug 2008 10:20:31 -0400 | ||
970 | 1603 | |||
971 | 899 | openvpn (2.1~rc9-3) unstable; urgency=low | 1604 | openvpn (2.1~rc9-3) unstable; urgency=low |
972 | 900 | 1605 | ||
973 | 901 | * debian/rules: run ./configure with path to 'route', for | 1606 | * debian/rules: run ./configure with path to 'route', for |
974 | diff --git a/debian/control b/debian/control | |||
975 | index 63a8262..40ed491 100644 | |||
976 | --- a/debian/control | |||
977 | +++ b/debian/control | |||
978 | @@ -1,7 +1,8 @@ | |||
979 | 1 | Source: openvpn | 1 | Source: openvpn |
980 | 2 | Section: net | 2 | Section: net |
981 | 3 | Priority: optional | 3 | Priority: optional |
983 | 4 | Maintainer: Bernhard Schmidt <berni@debian.org> | 4 | Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
984 | 5 | XSBC-Original-Maintainer: Bernhard Schmidt <berni@debian.org> | ||
985 | 5 | Uploaders: Jörg Frings-Fürst <debian@jff.email> | 6 | Uploaders: Jörg Frings-Fürst <debian@jff.email> |
986 | 6 | Build-Depends: | 7 | Build-Depends: |
987 | 7 | debhelper-compat (= 12), | 8 | debhelper-compat (= 12), |
988 | @@ -39,8 +40,8 @@ Depends: | |||
989 | 39 | Suggests: | 40 | Suggests: |
990 | 40 | openssl, | 41 | openssl, |
991 | 41 | resolvconf, | 42 | resolvconf, |
994 | 42 | openvpn-systemd-resolved | 43 | openvpn-systemd-resolved, |
995 | 43 | Recommends: easy-rsa | 44 | easy-rsa |
996 | 44 | Description: virtual private network daemon | 45 | Description: virtual private network daemon |
997 | 45 | OpenVPN is an application to securely tunnel IP networks over a | 46 | OpenVPN is an application to securely tunnel IP networks over a |
998 | 46 | single UDP or TCP port. It can be used to access remote sites, make | 47 | single UDP or TCP port. It can be used to access remote sites, make |
999 | diff --git a/debian/openvpn@.service b/debian/openvpn@.service | |||
1000 | index 945874b..6d59b13 100644 | |||
1001 | --- a/debian/openvpn@.service | |||
1002 | +++ b/debian/openvpn@.service | |||
1003 | @@ -12,7 +12,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO | |||
1004 | 12 | Type=notify | 12 | Type=notify |
1005 | 13 | PrivateTmp=true | 13 | PrivateTmp=true |
1006 | 14 | WorkingDirectory=/etc/openvpn | 14 | WorkingDirectory=/etc/openvpn |
1008 | 15 | ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid | 15 | ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid |
1009 | 16 | PIDFile=/run/openvpn/%i.pid | 16 | PIDFile=/run/openvpn/%i.pid |
1010 | 17 | KillMode=process | 17 | KillMode=process |
1011 | 18 | CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE | 18 | CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE |
1012 | diff --git a/debian/patches/openvpn-fips-2.4.patch b/debian/patches/openvpn-fips-2.4.patch | |||
1013 | 19 | new file mode 100644 | 19 | new file mode 100644 |
1014 | index 0000000..1c4f068 | |||
1015 | --- /dev/null | |||
1016 | +++ b/debian/patches/openvpn-fips-2.4.patch | |||
1017 | @@ -0,0 +1,90 @@ | |||
1018 | 1 | Description: Use openssl FIPS flag to indicate MD5 use for PRF. | ||
1019 | 2 | MD5 is not allowed in FIPS 140-2 except for PRF. OpenVPN needs | ||
1020 | 3 | to send EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag to FIPS mode openssl | ||
1021 | 4 | for PRF to indicate the exception. | ||
1022 | 5 | Bug: https://community.openvpn.net/openvpn/ticket/725 | ||
1023 | 6 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1807439 | ||
1024 | 7 | Author: Stephan Mueller <stephan.mueller@atsec.com> | ||
1025 | 8 | |||
1026 | 9 | --- a/src/openvpn/crypto.c | ||
1027 | 10 | +++ b/src/openvpn/crypto.c | ||
1028 | 11 | @@ -849,7 +849,7 @@ init_key_ctx(struct key_ctx *ctx, const | ||
1029 | 12 | if (kt->digest && kt->hmac_length > 0) | ||
1030 | 13 | { | ||
1031 | 14 | ctx->hmac = hmac_ctx_new(); | ||
1032 | 15 | - hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest); | ||
1033 | 16 | + hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest, 0); | ||
1034 | 17 | |||
1035 | 18 | msg(D_HANDSHAKE, | ||
1036 | 19 | "%s: Using %d bit message hash '%s' for HMAC authentication", | ||
1037 | 20 | --- a/src/openvpn/crypto_backend.h | ||
1038 | 21 | +++ b/src/openvpn/crypto_backend.h | ||
1039 | 22 | @@ -634,10 +634,11 @@ void hmac_ctx_free(hmac_ctx_t *ctx); | ||
1040 | 23 | * @param key The key to use for the HMAC | ||
1041 | 24 | * @param key_len The key length to use | ||
1042 | 25 | * @param kt Static message digest parameters | ||
1043 | 26 | + * @param prf_use Intended use for PRF in TLS protocol | ||
1044 | 27 | * | ||
1045 | 28 | */ | ||
1046 | 29 | void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_length, | ||
1047 | 30 | - const md_kt_t *kt); | ||
1048 | 31 | + const md_kt_t *kt, bool prf_use); | ||
1049 | 32 | |||
1050 | 33 | /* | ||
1051 | 34 | * Free the given HMAC context. | ||
1052 | 35 | --- a/src/openvpn/crypto_mbedtls.c | ||
1053 | 36 | +++ b/src/openvpn/crypto_mbedtls.c | ||
1054 | 37 | @@ -919,7 +919,7 @@ hmac_ctx_free(mbedtls_md_context_t *ctx) | ||
1055 | 38 | |||
1056 | 39 | void | ||
1057 | 40 | hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, int key_len, | ||
1058 | 41 | - const mbedtls_md_info_t *kt) | ||
1059 | 42 | + const mbedtls_md_info_t *kt, bool prf_use) | ||
1060 | 43 | { | ||
1061 | 44 | ASSERT(NULL != kt && NULL != ctx); | ||
1062 | 45 | |||
1063 | 46 | --- a/src/openvpn/crypto_openssl.c | ||
1064 | 47 | +++ b/src/openvpn/crypto_openssl.c | ||
1065 | 48 | @@ -1006,11 +1006,17 @@ hmac_ctx_free(HMAC_CTX *ctx) | ||
1066 | 49 | |||
1067 | 50 | void | ||
1068 | 51 | hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, | ||
1069 | 52 | - const EVP_MD *kt) | ||
1070 | 53 | + const EVP_MD *kt, bool prf_use) | ||
1071 | 54 | { | ||
1072 | 55 | ASSERT(NULL != kt && NULL != ctx); | ||
1073 | 56 | |||
1074 | 57 | HMAC_CTX_reset(ctx); | ||
1075 | 58 | + | ||
1076 | 59 | + /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not | ||
1077 | 60 | + * to be used anywhere else */ | ||
1078 | 61 | + if(kt == EVP_md5() && prf_use) | ||
1079 | 62 | + HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
1080 | 63 | + | ||
1081 | 64 | HMAC_Init_ex(ctx, key, key_len, kt, NULL); | ||
1082 | 65 | |||
1083 | 66 | /* make sure we used a big enough key */ | ||
1084 | 67 | --- a/src/openvpn/ntlm.c | ||
1085 | 68 | +++ b/src/openvpn/ntlm.c | ||
1086 | 69 | @@ -88,7 +88,7 @@ gen_hmac_md5(const uint8_t *data, int da | ||
1087 | 70 | const md_kt_t *md5_kt = md_kt_get("MD5"); | ||
1088 | 71 | hmac_ctx_t *hmac_ctx = hmac_ctx_new(); | ||
1089 | 72 | |||
1090 | 73 | - hmac_ctx_init(hmac_ctx, key, key_len, md5_kt); | ||
1091 | 74 | + hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0); | ||
1092 | 75 | hmac_ctx_update(hmac_ctx, data, data_len); | ||
1093 | 76 | hmac_ctx_final(hmac_ctx, result); | ||
1094 | 77 | hmac_ctx_cleanup(hmac_ctx); | ||
1095 | 78 | --- a/src/openvpn/ssl.c | ||
1096 | 79 | +++ b/src/openvpn/ssl.c | ||
1097 | 80 | @@ -1632,8 +1632,8 @@ tls1_P_hash(const md_kt_t *md_kt, | ||
1098 | 81 | int chunk = md_kt_size(md_kt); | ||
1099 | 82 | unsigned int A1_len = md_kt_size(md_kt); | ||
1100 | 83 | |||
1101 | 84 | - hmac_ctx_init(ctx, sec, sec_len, md_kt); | ||
1102 | 85 | - hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt); | ||
1103 | 86 | + hmac_ctx_init(ctx, sec, sec_len, md_kt, 1); | ||
1104 | 87 | + hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt, 1); | ||
1105 | 88 | |||
1106 | 89 | hmac_ctx_update(ctx,seed,seed_len); | ||
1107 | 90 | hmac_ctx_final(ctx, A1); | ||
1108 | diff --git a/debian/patches/series b/debian/patches/series | |||
1109 | index 6bb0685..3d2c83a 100644 | |||
1110 | --- a/debian/patches/series | |||
1111 | +++ b/debian/patches/series | |||
1112 | @@ -10,3 +10,4 @@ CVE-2020-15078-1.patch | |||
1113 | 10 | CVE-2020-15078-2.patch | 10 | CVE-2020-15078-2.patch |
1114 | 11 | CVE-2020-15078-3.patch | 11 | CVE-2020-15078-3.patch |
1115 | 12 | Fix-condition-to-generate-session-keys.patch | 12 | Fix-condition-to-generate-session-keys.patch |
1116 | 13 | openvpn-fips-2.4.patch |
Really not meant to be free for all, so I consumed the Team review slot with this update