Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openvpn

Mohd Saquib's avatar Mohd Saquib (msaquib) accepted request 1082779 from Mohd Saquib's avatar Mohd Saquib (msaquib) (revision 189) 
- update to 2.6.3:
  * For full changelog please refer to:
    https://github.com/OpenVPN/openvpn/blob/v2.6.3/Changes.rst
  * implement byte counter statistics for DCO Linux (p2mp server
    and client)
  * implement byte counter statistics for DCO Windows (client only)
  * '--dns server <n> address ...' now permits up to 8 v4 or v6
    addresses
  * fix a few cases of possibly undefined behaviour detected by ASAN
  * add more unit tests for Windows cryptoapi interface
  * Dynamic TLS Crypt When both peers are OpenVPN 2.6.1+, OpenVPN
    will dynamically create a tls-crypt key that is used for
    renegotiation. This ensure that only the previously authenticated
    peer can do trigger renegotiation and complete renegotiations.
  * Keying Material Exporters (RFC 5705) based key generation
  * As part of the cipher negotiation OpenVPN will automatically prefer
    the RFC5705 based key material generation to the current custom
    OpenVPN PRF. This feature requires OpenSSL or mbed TLS 2.18+.
  * OpenVPN will now work with OpenSSL in FIPS mode. Note, no effort
    has been made to check or implement all the requirements/
    recommendation of FIPS 140-2. This just allows OpenVPN to be run on
    a system that be configured OpenSSL in FIPS mode.
  * mlock will now check if enough memlock-able memory has been reserved,
    and if less than 100MB RAM are available, use setrlimit() to upgrade
    the limit. See Trac #1390. Not available on OpenSolaris.
  * The --peer-fingerprint option has been introduced to give users an
    easy to use alternative to the tls-verify for matching the fingerprint
    of the peer. The option takes use a number of allowed SHA256
    certificate fingerprints.
  * When --peer-fingerprint is used, the --ca and --capath option become
buildservice-autocommit accepted request 1068620 from Mohd Saquib's avatar Mohd Saquib (msaquib) (revision 188) 
baserev update by copy to link target
Mohd Saquib's avatar Mohd Saquib (msaquib) accepted request 1068619 from Mohd Saquib's avatar Mohd Saquib (msaquib) (revision 187) 
- update to 2.5.9:
  * Optional ciphers in --data-ciphers Ciphers in --data-ciphers
    can now be prefixed with a ? to mark those as optional and only
    use them if the SSL library supports them.
  * when compiling from a git checkout, put proper branch names into
    windows builds
  * do not include auth-token in pulled-option digest (interferes
    with persist-tun when auth-token is in use, GH #200).
  * fix corner case that might lead to leaked file descriptor
  * fix parser bug (parse_line()) that can lead to buffer overflows
    on malformed command line or server ccd file handling.
    Not exploitable.
  * pull-filter: ignore leading spaces in option names (work around
    server side bug with erroneous extra spaces)
  * push: do not add leading spaces to "out of renegotiations" pushed
    auth-token fix NULL pointer crash on "openvpn --show-tls" with
    mbedtls
buildservice-autocommit accepted request 1065524 from Mohd Saquib's avatar Mohd Saquib (msaquib) (revision 186) 
baserev update by copy to link target
Mohd Saquib's avatar Mohd Saquib (msaquib) accepted request 1065450 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 185) 
- Remove migration from openvpn.service to openvpn@.service and
  depending requires, this is from pre SLE12 times and not supported
  anymore.
buildservice-autocommit accepted request 1057073 from Reinhard Max's avatar Reinhard Max (rmax) (revision 184) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 183) 
- bsc#1123557: --suppress-timestamps isn't needed by default.
buildservice-autocommit accepted request 1037543 from Reinhard Max's avatar Reinhard Max (rmax) (revision 182) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) accepted request 1036732 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 181) 
- update to 2.5.8:
  * allow running a default configuration with TLS libraries without BF-CBC
    (even if TLS cipher negotiation would not actually use BF-CBC, the
    long-term compatibility "default cipher BF-CBC" would trigger an error
    on such TLS libraries)
  * ``--auth-nocache'' was not always correctly clearing username+password
    after a renegotiation
  * ensure that auth-token received from server is cleared if requested
    by the management interface ("forget password" or automatically
    via ``--management-forget-disconnect'')
  * in a setup without username+password, but with auth-token and
    auth-token-username pushed by the server, OpenVPN would start asking
    for username+password on token expiry.  Fix.
  * using ``--auth-token`` together with ``--management-client-auth``
    (on the server) would lead to TLS keys getting out of sync and client
    being disconnected.  Fix.
  * management interface would sometimes get stuck if client and server
    try to write something simultaneously.  Fix by allowing a limited
    level of recursion in virtual_output_callback()
  * fix management interface not returning ERROR:/SUCCESS: response
    on "signal SIGxxx" commands when in HOLD state
  * tls-crypt-v2: abort connection if client-key is too short
  * make man page agree with actual code on replay-window backtrag log message
  * remove useless empty line from CR_RESPONSE message
buildservice-autocommit accepted request 1004129 from Reinhard Max's avatar Reinhard Max (rmax) (revision 180) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) accepted request 1003012 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 179) 
- build with enable-iproute2 again to have root-less mode working (bsc#1202792)
buildservice-autocommit accepted request 981470 from Reinhard Max's avatar Reinhard Max (rmax) (revision 178) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) accepted request 980821 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 177) 
- update to 2.5.7:
  * Limited OpenSSL 3.0 support
  * print OpenSSL error stack if decoding PKCS12 file fails
  * fix omission of cipher-negotiation.rst in tarballs
  * fix errno handling on Windows (Windows has different classes of
    error codes, GetLastError() and C runtime errno, these should now
    be handled correctly)
  * fix PATH_MAX build failure in auth-pam.c
  * fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface
  * fix overlong path names, leading to missing pkcs11-helper patch
    in tarball
buildservice-autocommit accepted request 965876 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 176) 
baserev update by copy to link target
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 175) 
- update to 2.5.6:
  * bsc#1197341, CVE-2022-0547: possible authentication bypass in
    external authentication plug-in
  * Fix "--mtu-disc maybe|yes" on Linux
  * Fix $common_name variable passed to scripts when
    username-as-common-name is in effect.
  * Fix potential memory leaks in add_route() and add_route_ipv6().
  * Apply connect-retry backoff only to one side of the connection
    in p2p mode.
  * repair "--inactive" handling with a 'bytes' parameter larger
    than 2 Gbytes.
  * new plugin (sample-plugin/defer/multi-auth.c) to help testing
    with multiple parallel plugins that succeed/fail in
    direct/deferred mode.
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 174)
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 173) 
- Fix license tag in spec file.
Reinhard Max's avatar Reinhard Max (rmax) accepted request 935683 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 172) 
- Avoid bashisms and use POSIX sh syntax.
- Use more efficient find commands.
- Trim marketing filler words from description.
Reinhard Max's avatar Reinhard Max (rmax) accepted request 940795 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 171) 
- update to 2.5.5:
  * SWEET32/64bit cipher deprecation change was postponed to 2.7
  * improve "make check" to notice if "openvpn --show-cipher" crashes
  * improve argv unit tests
  * ensure unit tests work with mbedTLS builds without BF-CBC ciphers
  * include "--push-remove" in the output of "openvpn --help"
  * fix error in iptables syntax in example firewall.sh script
  * fix "resolvconf -p" invocation in example "up" script
  * fix "common_name" environment for script calls when
    "--username-as-common-name" is in effect (Trac #1434)
  * move "push-peer-info" documentation from "server options" to "client"
  * correct "foreign_option_{n}" typo in manpage
  * README.down-root: fix plugin module name
Reinhard Max's avatar Reinhard Max (rmax) committed (revision 170) 
- Drop 0001-preform-deferred-authentication-in-the-background.patch
  Upstream has meanwhile solved this differently and the two
  implementations interfere (boo#1193017).
- Obsoleted SLE patches up to this point:
  * openvpn-CVE-2020-15078.patch
  * openvpn-CVE-2020-11810.patch
  * openvpn-CVE-2018-7544.patch
  * openvpn-CVE-2018-9336.patch
      (bsc#1085803, CVE-2018-7544)
Displaying revisions 21 - 40 of 209
openSUSE Build Service is sponsored by
Places