openSUSE Build Service

Björn Voigt (bjoernv) committed about 7 years ago (revision 23)

Typo

Björn Voigt (bjoernv) committed about 7 years ago (revision 22)

- reverted parts of the patch openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
  because of breaks the crypto self-test
- see bug bsc#1062157

Björn Voigt (bjoernv) committed about 7 years ago (revision 21)

- Do not package empty /usr/lib64/tmpfiles.d

Björn Voigt (bjoernv) committed about 7 years ago (revision 20)

FIPS 140 support (Patch openvpn-fips140-2.3.2.patch) currently disabled

Björn Voigt (bjoernv) committed about 7 years ago (revision 19)

Refreshed openvpn-fips140-2.3.2.patch from home:Miuku (miukumac@outlook.com)

Björn Voigt (bjoernv) committed about 7 years ago (revision 18)

- Update to 2.4.4
  http://https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst

Björn Voigt (bjoernv) committed about 7 years ago (revision 17)

- Update to 2.4.4
  http://https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst

Björn Voigt (bjoernv) committed over 7 years ago (revision 16)

Björn Voigt (bjoernv) committed over 7 years ago (revision 15)

reverted the PIN entry patch to openvpn-2.4-work-around-for-bug538.patch

Björn Voigt (bjoernv) committed over 7 years ago (revision 14)

- work-around for OpenVPN bug #538
  (attention: the work-around may break setups, where OpenVPN
  needs a password during boot) 

- Update to 2.4.3 (bsc#1045489)
    - Ignore auth-nocache for auth-user-pass if auth-token is pushed
    - crypto: Enable SHA256 fingerprint checking in --verify-hash
    - copyright: Update GPLv2 license texts
    - auth-token with auth-nocache fix broke --disable-crypto builds
    - OpenSSL: don't use direct access to the internal of X509
    - OpenSSL: don't use direct access to the internal of EVP_PKEY
    - OpenSSL: don't use direct access to the internal of RSA
    - OpenSSL: don't use direct access to the internal of DSA
    - OpenSSL: force meth->name as non-const when we free() it
    - OpenSSL: don't use direct access to the internal of EVP_MD_CTX
    - OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
    - OpenSSL: don't use direct access to the internal of HMAC_CTX
    - Fix NCP behaviour on TLS reconnect.
    - Remove erroneous limitation on max number of args for --plugin
    - Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
    - Fix potential 1-byte overread in TCP option parsing.
    - Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
    - Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
    - refactor my_strupr
    - Fix 2 memory leaks in proxy authentication routine
    - Fix memory leak in add_option() for option 'connection'
    - Ensure option array p[] is always NULL-terminated
    - Fix a null-pointer dereference in establish_http_proxy_passthru()
    - Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
    - Fix an unaligned access on OpenBSD/sparc64

Björn Voigt (bjoernv) committed over 7 years ago (revision 13)

- Update to 2.4.3
  - see https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
- openvpn-fips140-2.3.2.patch deactivated because of conflicts
- patch  openvpn-2.4-work-around-for-bug538.patch from
  https://community.openvpn.net/openvpn/ticket/538 enabled
  (this patch enables PKCS#11 PIN prompts, but may fails if
  OpenVPN starts during boot with a PIN prompt)

- use %{_tmpfilesdir} for tmpfiles.d/openvpn.conf (bsc#1044223)

- Update to 2.4.2
    - auth-token: Ensure tokens are always wiped on de-auth
    - Make --cipher/--auth none more explicit on the risks
    - Use SHA256 for the internal digest, instead of MD5
    - Deprecate --ns-cert-type
    - Deprecate --no-iv
    - Support --block-outside-dns on multiple tunnels
    - Limit --reneg-bytes to 64MB when using small block ciphers
    - Fix --tls-version-max in mbed TLS builds
  Details changelogs are avilable in 
  https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
  [*0001-preform-deferred-authentication-in-the-background.patch
   *openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
   *openvpn-fips140-2.3.2.patch]
- pkcs11-helper-devel >= 1.11 is needed for openvpn-2.4.2
- cleanup the spec file
- Preform deferred authentication in the background to not
  cause main daemon processing delays when the underlying pam mechanism (e.g.
  ldap) needs longer to response (bsc#959511).
  [+ 0001-preform-deferred-authentication-in-the-background.patch]

Björn Voigt (bjoernv) committed over 7 years ago (revision 12)

- Update to version 2.4.2
  * see https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24

- Added fix for possible heap overflow on read accessing getaddrinfo 
  result (bsc#959714).
  [+openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch]

Björn Voigt (bjoernv) committed over 7 years ago (revision 11)

- Update to version 2.4.1
  * see https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24

Björn Voigt (bjoernv) committed almost 8 years ago (revision 10)

- Merge from parent project

Björn Voigt (bjoernv) committed almost 8 years ago (revision 9)

Björn Voigt (bjoernv) committed almost 8 years ago (revision 8)

- Update to version 2.4.0
  * see https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24

Björn Voigt (bjoernv) committed almost 8 years ago (revision 7)

- Update to version 2.3.14
  * see https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

Björn Voigt (bjoernv) committed almost 8 years ago (revision 6)

- Require iproute2 explicitly. openvpn uses /bin/ip from iproute2,
  so it should be installed

Björn Voigt (bjoernv) committed almost 8 years ago (revision 5)

Thu, 01 Dec 2016 14:17:12 +0100 - bjoernv@arcor.com
- removed openvpn-fips140-2.3.2.patch because it conflicts with
  version 2.3.13
- Update to version 2.3.13
  * see https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

Björn Voigt (bjoernv) committed about 8 years ago (revision 4)

Require pkcs11-helper >= 1.11

Places

Revisions of openvpn

Places