openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openvpn

buildservice-autocommit accepted request 1218829 from

Rahul Jain (rjain) 24 days ago (revision 209)

baserev update by copy to link target

Rahul Jain (rjain) accepted request 1208875 from

Rahul Jain (rjain) 25 days ago (revision 208)

bugowner:rjain Patch applied for the submission by rjain

Alexandre Vicenzi (avicenzi) accepted request 1174409 from

Bernhard Wiedemann (bmwiedemann) 5 months ago (revision 207)

Enable Data-Channel-Offloading (DCO) for better performance (jsc#PED-8305)
  if libnl >= 3.4 is available

now recommends ovpn-dco kmp

still needs testing

buildservice-autocommit accepted request 1160011 from

Mohd Saquib (msaquib) 8 months ago (revision 206)

baserev update by copy to link target

Mohd Saquib (msaquib) accepted request 1160010 from

Mohd Saquib (msaquib) 8 months ago (revision 205)

- update to 2.6.10:
  * t_client.sh can now run pre-tests and skip a test block if needed
    (e.g. skip NTLM proxy tests if SSL library does not support MD4)
  * Compression: minor bugfix in checking option consistency vs.
    compiled-in algorithm support
  * systemd unit files: remove obsolete syslog.target

buildservice-autocommit accepted request 1151654 from

Mohd Saquib (msaquib) 9 months ago (revision 204)

baserev update by copy to link target

Mohd Saquib (msaquib) accepted request 1151424 from

Dominique Leuenberger (dimstar) 9 months ago (revision 203)

Prepare for RPM 4.20

buildservice-autocommit accepted request 1146253 from

Mohd Saquib (msaquib) 9 months ago (revision 202)

baserev update by copy to link target

Mohd Saquib (msaquib) accepted request 1146252 from

Mohd Saquib (msaquib) 9 months ago (revision 201)

- update to 2.6.9:
  * Remove unused function prototype crypto_adjust_frame_parameters
  * Log SSL alerts more prominently
  * Document tls-exit option mainly as test option
  * Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway
  * Fix check_session_buf_not_used using wrong index
  * Add missing check for nl_socket_alloc failure
  * Add check for nice in cmake config
  * Remove compat versionhelpers.h and remove cmake/configure check for it
  * Extend the error message when TLS 1.0 PRF fails
  * Fix unaligned access in macOS, FreeBSD, Solaris hwaddr
  * Check PRF availability on initialisation and add --force-tls-key-material-export
  * Make it more explicit and visible when pkg-config is not found
  * Clarify that the tls-crypt-v2-verify has a very limited env set
  * Implement the --tls-export-cert feature
  * Remove conditional text for Apache2 linking exception
  * Remove --tls-export-cert
  * Remove superfluous x509_write_pem()
  * sample-keys: renew for the next 10 years
  * GHA: clean up libressl builds with newer libressl
  * configure.ac: Remove unused AC_TYPE_SIGNAL macro
  * documentation: remove reference to removed option --show-proxy-settings
  * unit_tests: remove includes for mock_msg.h
  * documentation: improve documentation of --x509-track
  * NTLM: add length check to add_security_buffer
  * NTLM: increase size of phase 2 response we can handle
  * proxy-options.rst: Add proper documentation for --http-proxy-user-pass
  * buf_string_match_head_str: Fix Coverity issue 'Unsigned compared against 0'
  * --http-proxy-user-pass: allow to specify in either order with --http-proxy
  * README.cmake.md: Document minimum required CMake version for --preset

buildservice-autocommit accepted request 1127629 from

Mohd Saquib (msaquib) about 1 year ago (revision 200)

baserev update by copy to link target

Mohd Saquib (msaquib) accepted request 1127628 from

Mohd Saquib (msaquib) about 1 year ago (revision 199)

- update to 2.6.8:
  * SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF
    state - the new sanity check function introduced in 2.6.7 sometimes
    tried to use a NULL pointer after an unsuccessful TLS handshake

buildservice-autocommit accepted request 1126538 from

Mohd Saquib (msaquib) about 1 year ago (revision 198)

baserev update by copy to link target

Mohd Saquib (msaquib) accepted request 1126537 from

Mohd Saquib (msaquib) about 1 year ago (revision 197)

- update to 2.6.7:
  * CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
    use a send buffer after it has been free()d in some circumstances,
    causing some free()d memory to be sent to the peer. All configurations
    using TLS (e.g. not using --secret) are affected by this issue. 
  * CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
    restore --fragment configuration in some circumstances, leading to a
    division by zero when --fragment is used. On platforms where division
    by zero is fatal, this will cause an OpenVPN crash.
  * DCO: warn if DATA_V1 packets are sent by the other side - this a hard
    incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4
    server, and the only fix is to use --disable-dco.
  * Remove OpenSSL Engine method for loading a key. This had to be removed
    because the original author did not agree to relicensing the code with
    the new linking exception added. This was a somewhat obsolete feature
    anyway as it only worked with OpenSSL 1.x, which is end-of-support.
  * add warning if p2p NCP client connects to a p2mp server - this is a
    combination that used to work without cipher negotiation (pre 2.6 on
    both ends), but would fail in non-obvious ways with 2.6 to 2.6.
  * add warning to --show-groups that not all supported groups are listed
    (this is due the internal enumeration in OpenSSL being a bit weird,
    omitting X448 and X25519 curves).
  * --dns: remove support for exclude-domains argument (this was a new 2.6
    option, with no backend support implemented yet on any platform, and it
    turns out that no platform supported it at all - so remove option again)
  * warn user if INFO control message too long, do not forward to management
    client (safeguard against protocol-violating server implementations)
  * DCO-WIN: get and log driver version (for easier debugging).
  * print "peer temporary key details" in TLS handshake
  * log OpenSSL errors on failure to set certificate, for example if the

buildservice-autocommit accepted request 1104121 from

Mohd Saquib (msaquib) over 1 year ago (revision 196)

baserev update by copy to link target

Mohd Saquib (msaquib) accepted request 1104114 from

Mohd Saquib (msaquib) over 1 year ago (revision 195)

- update to 2.6.6:
  * configure.ac: fix typ0 in LIBCAPNG_CFALGS
  * Avoid unused function warning/error on FreeBSD (and potientially others)
  * fix warning with gcc 12.2.0 (compiler bug?)
  * Fix CR_RESPONSE mangaement message using wrong key_id
  * Print a more user-friendly error when tls-crypt-v2 client auth fails
  * Ignore Ipv6 route delete request on Android and set ipv4 verbosity to 7
  * Revert commit 423ced962d
  * Implement using --peer-fingerprint without CA certificates
  * show extra info for OpenSSL errors
  * dist: add more missing files only used in the MSVC build
  * dist: Include all documentation in distribution
  * unit_tests: Add missing cert_data.h to source list for unit tests
  * test_tls_crypt: Improve mock() usage to be more portable
  * Remove old Travis CI related files
  * options: Do not hide variables from parent scope
  * pkcs11_openssl: Disable unused code
  * route: Fix overriding return value of add_route3

buildservice-autocommit accepted request 1093056 from

Mohd Saquib (msaquib) over 1 year ago (revision 194)

baserev update by copy to link target

Mohd Saquib (msaquib) accepted request 1093055 from

Mohd Saquib (msaquib) over 1 year ago (revision 193)

- update to 2.6.5:
  * apctl (windows): generate driver-specific names (if using tapctl
    to create additional tap/wintun/dco devices, and not using
    --name) (Github #337) 
  * interactive service (windows): do not force target desktop for
    openvpn.exe - this has no impact for normal use, but enables
    running of OpenVPN in a scripted way when no user is logged on
    (for example, via task scheduler) (Github OpenVPN/openvpn-gui#626)
  * fix use-after-free with EVP_CIPHER_free
  * fix building with MSVC from release tarball (missing version.m4.in)
  * dco-win: repair use of --dev-node to select specific DCO drivers
    (Github #336)
  * fix missing malloc() return check in dco_freebsd.c
  * windows: correctly handle unicode names for "exit event"
  * fix memleak in client-connect example plugin
  * fix fortify build problem in keying-material-exporter-demo plugin
  * fix memleak in dco_linux.c/dco_get_peer_stats_multi() - this will
    leak a small amount of memory every 15s on DCO enabled servers,
    leading to noticeable memory waste for long-running processes.
  * dco_linux.c: properly close dco version file (fd leak)

buildservice-autocommit accepted request 1086774 from

Mohd Saquib (msaquib) over 1 year ago (revision 192)

baserev update by copy to link target

Mohd Saquib (msaquib) accepted request 1086749 from

Paolo Stivanin (polslinux) over 1 year ago (revision 191)

- Update to 2.6.4:
  * DCO: support kernel-triggered key rotation (avoid IV reuse after 
    2^32 packets). This is the userland side, accepting a message
    from kernel, and initiating a TLS renegotiation. As of release,
  * fix pkcs#11 usage with OpenSSL 3.x and PSS signing (Github #323)
  * fix compile error on TARGET_ANDROID
  * fix typo in help text
  * manpage updates (--topology)
  * encoding of non-ASCII windows error messages in log + management fixed
- Update openvpn.keyring

buildservice-autocommit accepted request 1082780 from

Mohd Saquib (msaquib) over 1 year ago (revision 190)

baserev update by copy to link target

Displaying revisions 1 - 20 of 209

Places

Revisions of openvpn

Places