|
|
|
|
Changelog for openvpn-debuginfo-2.3.2-73.1.x86_64.rpm :
Mon Jun 3 14:00:00 2013 mrdocsAATTopensuse.org - Update to 2.3.2 +Fixes since 2.3.0 - Remove dead code path and putenv functionality - Remove unused function xor - Move static prototype definition from header into c file - Remove unused function no_tap_ifconfig - fix build with automake 1.13(.1) - Fix corner case in NTLM authentication (trac #172) - Update README.IPv6 to match what is in 2.3.0 - Repair \"tcp server queue overflow\" brokenness, more fallout. - Permit pool size of /64.../112 for ifconfig-ipv6-pool - Add MIN() compatibility macro - Fix directly connected routes for \"topology subnet\" on Solaris. - close more file descriptors on exec - Ignore UTF-8 byte order mark - reintroduce --no-name-remapping option - make --tls-remote compatible with pre 2.3 configs - add new option for X.509 name verification - add man page patch for missing options - Fix parameter listing in non-debug builds at verb 4 - (updated) [PATCH] Warn when using verb levels >=7 without debug - Enable TCP_NODELAY configuration on FreeBSD. - Updated README - Cleaned up and updated INSTALL - PolarSSL-1.2 support - Improve PolarSSL key_state_read_{cipher, plain}text messages - Improve verify_callback messages - Config compatibility patch. Added translate_cipher_name. - Switch to IANA names for TLS ciphers. - Fixed autoconf script to properly detect missing pkcs11 with polarssl. - Use constant time memcmp when comparing HMACs in openvpn_decrypt.
Mon May 6 14:00:00 2013 mtAATTsuse.de - Try to migrate openvpn.service autostart to openvpnAATT.service instance enablement.
Tue Apr 23 14:00:00 2013 mtAATTsuse.de - Fixed to enable systemd support in configure - Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group. - Added openvpn.target file allowing to handle all instances at once. - Fixed to install the service template correctly as openvpnAATT.service. Use \"systemctl enable openvpnAATTfoo.service\" to enable instance using /etc/openvpn/foo.conf. - Disabled systemd variant of restart on update rpm macro, adopted other macros to use openvpn.target to e.g. stop all instances on uninstall.
Tue Mar 26 13:00:00 2013 ajAATTsuse.com - Remove _unitdir definition, it is provided by systemd. - Install service file without x permissions
Mon Mar 25 13:00:00 2013 p.drouandAATTgmail.com Update to version 2.3.0: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added \'dev_type\' environment variable to scripts and plug-ins - which is set to \'TUN\' or \'TAP\' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate\'s common name in the PAM conversation * More options can now be used inside blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups - Add systemd native support for OpenSUSE > 12.1 - Adapt patchs to upstream release: * openvpn-2.1-plugin-man.dif > openvpn-2.3-plugin-man.dif * openvpn-2.1.0-man-dot.diff > openvpn-2.3.0-man-dot.diff - Remove obsolete patchs; fixed or merged on upstream release: * 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch * openvpn-2.1-plugin-build.dif * openvpn-2.1-systemd-passwd.patch - Rebase specfile to upstream changes: * easy-rsa is not provided anymore with main package * remove %clean section * autoreconf -fi is no needed - Update openvpn.keyring file for upstream release asc key
Mon Jan 28 13:00:00 2013 mtAATTsuse.com - Join openvpn.service systemd cgroup in start when needed, e.g. when starting with further parameters. (bnc#781106)
Thu Nov 29 13:00:00 2012 sbrabecAATTsuse.cz - Verify GPG signature.
Fri Sep 21 14:00:00 2012 cooloAATTsuse.com - fix ciaran\'s previous license entry. the license has a SUSE prefix
Thu Sep 20 14:00:00 2012 mtAATTsuse.com - Fixed openvpn init script to not map reopen to reload so the reopen code is without any effect (bnc#781106). - Added requested OPENVPN_AUTOSTART variable allowing to provide an optional list of config names started by default (bnc#692440).
Wed Aug 22 14:00:00 2012 cfarrellAATTsuse.com - license update: GPL-2.0-with-openssl-exception and LGPL-2.1 openssl has an openssl exception (also, it is GPL-2.0 only)
Thu Mar 29 14:00:00 2012 mtAATTsuse.com - Fixed SLES build readding Group tags to sub-packages in spec, not require libselinux-devel on SLE-10 and datadir/doc cleanup.
Wed Feb 15 13:00:00 2012 mtAATTsuse.com - Updated to openvpn-2.2.2: - Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2 - Pkcs11 support built into the Windows version - Fixed a bug in the Windows TAP-driver
Thu Dec 8 13:00:00 2011 ajAATTsuse.de - Fix source URLs.
Fri Dec 2 13:00:00 2011 cooloAATTsuse.com - add automake as buildrequire to avoid implicit dependency
Mon Aug 29 14:00:00 2011 mtAATTsuse.com - Marked /var/run/openvpn as ghost (bnc#710270), man page and other rpmlint warning fixes
Tue Aug 23 14:00:00 2011 crrodriguezAATTopensuse.org - BuildRequires libselinux-devel - Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent upstream as https://community.openvpn.net/openvpn/ticket/157
Mon Aug 22 14:00:00 2011 fcrozatAATTnovell.com - Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to support systemd password query (bnc#675406)
Mon Jul 11 14:00:00 2011 mtAATTsuse.de - Updated to openvpn-2.2.1, a new version series providing several new features. This version fixes build issues and provides updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125), - Adopted spec file, enabled saving password in a file and to specify an alternative username in x509 cert. - Removed X-Interactive from init script again, as systemd isn\'t able to use it correctly [any more?] (bnc#675406). We will address it later and probably use /bin/systemd-ask-password.
Tue Mar 15 13:00:00 2011 crrodriguezAATTopensuse.org - KVPNC is unable to parse openvpn version [bnc#679153]
Thu Feb 17 13:00:00 2011 mtAATTsuse.de - Added X-Interactive: true LSB tag to the init script.
Tue Nov 16 13:00:00 2010 mtAATTsuse.de - Updated to openvpn 2.1.4, providing several bug fixes and improvements, such as: * Fix of a problem with special case route targets * Try to ensure, that the tun/tap interface gets closed on non-graceful aborts. * Several AUTH_FAILED reporting fixes causing the connection to fail without any error indication. * Enable exponential backoff in reliability layer retransmits. * Proxy improvements Please review the ChangeLog file for a complete and exact list.
Wed Sep 8 14:00:00 2010 cristian.rodriguezAATTopensuse.org - Do not include build date in binaries
Tue Jun 15 14:00:00 2010 mtAATTsuse.de - Improved netconfig based client up and down sample scripts.
Fri Jun 11 14:00:00 2010 anschneiderAATTexsuse.de - Added netconfig based client up and down scripts to samples.
Thu Mar 11 13:00:00 2010 mtAATTsuse.de - Updated to openvpn 2.1.1; linux related changes since 2.1_rc20: * Fixed a couple issues in sample plugins auth-pam.c and down-root.c. (1) Fail gracefully rather than segfault if calloc returns NULL. (2) The openvpn_plugin_abort_v1 function can potentially be called with handle == NULL. Add code to detect this case, and if so, avoid dereferencing pointers derived from handle (Thanks to David Sommerseth for finding this bug). * Documented \"multihome\" option in the man page. * Added a hard failure when peer provides a certificate chain with depth > 16. Previously, a warning was issued. * Added additional session renegotiation hardening. OpenVPN has always required that mid-session renegotiations build up a new SSL/TLS session from scratch. While the client certificate common name is already locked against changes in mid-session TLS renegotiations, we now extend this locking to the auth-user-pass username as well as all certificate content in the full client certificate chain. - Improved openvpn init script adding messages giving a hint about pid write failure and to look into the log messages (bnc#559041). - Added -fno-strict-aliasing to compile flags in the spec file.
Thu Dec 17 13:00:00 2009 mtAATTsuse.de - Updated to openvpn 2.1 2.1_rc20, fixing problems in route and option handling provided by the from server (bnc#552440). For complete list of changes, see ChangeLog file, here just the IMO most important: * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the redirect-gateway option by itself, without any extra parameters, would cause the option to be ignored. * Optimized PUSH_REQUEST handshake sequence to shave several seconds off of a typical client connection initiation. * The maximum number of \"route\" directives (specified in the config file or pulled from a server) can now be configured via the new \"max-routes\" directive. * Eliminated the limitation on the number of options that can be pushed to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. * Added --server-poll-timeout option : when polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server. * Added the ability for the server to provide a custom reason string when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. * client-kill management interface command, when issued on server, will now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list.
Fri Oct 2 14:00:00 2009 mtAATTsuse.de - Added network-remotefs to init script dependencies (bnc#522279).
Wed Jun 10 14:00:00 2009 mtAATTsuse.de - Updated to openvpn 2.1 [2.1_rc18] series (fate#305289). - Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558). - Adopted spec file and patches, improved init script. - Disabled installation of easy-rsa for Windows.
Tue Feb 17 13:00:00 2009 mtAATTsuse.de - Improved init script to show config name in action messages and allow to specify a config name in the second argument.
Mon Dec 1 13:00:00 2008 mtAATTsuse.de - Removed restart_on_update rpm install hook that may break the update process, e.g. when openvpn asks for auth data or the update process is running over the tunnel (bnc#450390).
Tue Oct 28 13:00:00 2008 mtAATTsuse.de - Fixed init script to handle pid files correctly (bnc#435421).
Thu May 29 14:00:00 2008 mtAATTsuse.de - Added $time $named to Should-Start in the init script to avoid time related certificate errors and name resolving problems. - Added iproute2 to BuildRequires to avoid openvpn rely on PATH.
Mon May 26 14:00:00 2008 mtAATTsuse.de - Reverted init script changes adding startproc, since they break user auth query and multiple tunnels (bnc#394360, bnc#394353).
Thu May 22 14:00:00 2008 mtAATTsuse.de - Added -lpam to LDFLAGS of openvpn, because linking the openvpn auth-pam plugin against pam is not sufficient. Many pam modules that are loaded by pam during the authentication process are not linked against pam and contain undefined symbols, causing the authentication to fail (bnc#334773). - Replaced patch loading plugins from /usr/%_lib/openvpn/plugin/lib with -rpath linker flags (bnc#334773). - Fixed init script to use startproc to return 0 when started twice.
Tue Feb 19 13:00:00 2008 mtAATTsuse.de - Fixed spec file to not set pie flags when building plugins
Thu Jan 17 13:00:00 2008 mtAATTsuse.de - Bug #334773: Enabled build of down-root and auth-pam plugins, sub-packaged as openvpn-auth-pam-plugin/down-root-plugin. - Added patch to load plugins from /usr/%_lib/openvpn/plugin/lib first, when the plugin name is specified as basename only. - Added patch adoptiong plugin path informations in openvpn.8. - Added patch to build plugins with RPM_OPT_FLAGS. - Fixed init script to use Should-Start/Stop LSB info tags. - Bug #343106: Enabled iproute2 support / usage
Mon Jun 4 14:00:00 2007 mtAATTsuse.de - fixed easy-rsa installation (no exec in doc directory) - improved spec to use configure directory variables and cleaned up macro calls in RPM pre/post scripts. - fixed openvpn binary check in the init script.
Fri Oct 27 14:00:00 2006 mtAATTsuse.de - upstream 2.0.9, Windows related fixes only * Windows installer updated with OpenSSL 0.9.7l DLLs to fix published vulnerabilities. * Fixed TAP-Win32 bug that caused BSOD on Windows Vista (Henry Nestler). The TAP-Win32 driver has now been upgraded to version 8.4.
Wed Sep 27 14:00:00 2006 poemlAATTsuse.de - upstream 2.0.8 * Windows installer updated with OpenSSL 0.9.7k DLLs to fix RSA Signature Forgery (CVE-2006-4339). * No changes to OpenVPN source code between 2.0.7 and 2.0.8.
|
|
|