SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openvpn-2.3.2-1.5.i686.rpm :
Tue Jun 11 14:00:00 2013 mludvigAATTlogix.net.nz
- Upgrade to 2.3.2

Thu May 23 14:00:00 2013 mludvigAATTlogix.net.nz
- Upgrade to 2.3.1

Thu Mar 7 13:00:00 2013 mludvigAATTlogix.net.nz
- Upgrade to 2.3.0

Fri Nov 2 13:00:00 2012 mludvigAATTlogix.net.nz
- Upgrade to 2.3-rc1

Thu Sep 27 14:00:00 2012 mludvigAATTlogix.net.nz
- Upgrade to 2.3-beta1

Wed Feb 22 13:00:00 2012 mludvigAATTlogix.net.nz
- Upgrade to 2.3-alpha1

Tue Feb 7 13:00:00 2012 mludvigAATTlogix.net.nz
- Added openvpn-0001-Fix-assert-situations-where-gc_malloc-is-called-with.patch

Mon Feb 6 13:00:00 2012 mludvigAATTlogix.net.nz
- Fixed compatibility with RedHat-based distros (iproute2 vs
iproute)

Mon Feb 6 13:00:00 2012 mludvigAATTlogix.net.nz
- Updated to GIT version 003e76b (pre-2.3)

Mon Jan 16 13:00:00 2012 mludvigAATTlogix.net.nz
- Updated to GIT version cb383dc (pre-2.3)

Thu Nov 17 13:00:00 2011 mludvigAATTlogix.net.nz
- Updated to GIT version 10b9972 (pre-2.3)

Mon Aug 29 14:00:00 2011 mtAATTsuse.com
- Marked /var/run/openvpn as ghost (bnc#710270), man page and
other rpmlint warning fixes

Tue Aug 23 14:00:00 2011 crrodriguezAATTopensuse.org
- BuildRequires libselinux-devel
- Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent
upstream as https://community.openvpn.net/openvpn/ticket/157

Mon Aug 22 14:00:00 2011 fcrozatAATTnovell.com
- Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to
support systemd password query (bnc#675406)

Thu Aug 4 14:00:00 2011 mludvigAATTlogix.net.nz
- Updated to GIT version g3b75dec - pre-2.3 development line with
IPv6 transport and payload merged.

Mon Jul 11 14:00:00 2011 mtAATTsuse.de
- Updated to openvpn-2.2.1, a new version series providing several
new features. This version fixes build issues and provides
updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125),
- Adopted spec file, enabled saving password in a file and to
specify an alternative username in x509 cert.
- Removed X-Interactive from init script again, as systemd isn\'t
able to use it correctly [any more?] (bnc#675406). We will
address it later and probably use /bin/systemd-ask-password.

Tue Mar 15 13:00:00 2011 crrodriguezAATTopensuse.org
- KVPNC is unable to parse openvpn version [bnc#679153]

Thu Feb 17 13:00:00 2011 mtAATTsuse.de
- Added X-Interactive: true LSB tag to the init script.

Tue Nov 16 13:00:00 2010 mtAATTsuse.de
- Updated to openvpn 2.1.4, providing several bug fixes and
improvements, such as:

* Fix of a problem with special case route targets

* Try to ensure, that the tun/tap interface gets closed on
non-graceful aborts.

* Several AUTH_FAILED reporting fixes causing the connection
to fail without any error indication.

* Enable exponential backoff in reliability layer retransmits.

* Proxy improvements
Please review the ChangeLog file for a complete and exact list.

Wed Sep 8 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Do not include build date in binaries

Tue Jun 15 14:00:00 2010 mtAATTsuse.de
- Improved netconfig based client up and down sample scripts.

Fri Jun 11 14:00:00 2010 anschneiderAATTexsuse.de
- Added netconfig based client up and down scripts to samples.

Thu Mar 11 13:00:00 2010 mtAATTsuse.de
- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:

* Fixed a couple issues in sample plugins auth-pam.c and
down-root.c.
(1) Fail gracefully rather than segfault if calloc returns NULL.
(2) The openvpn_plugin_abort_v1 function can potentially be
called with handle == NULL. Add code to detect this case,
and if so, avoid dereferencing pointers derived from handle
(Thanks to David Sommerseth for finding this bug).

* Documented \"multihome\" option in the man page.

* Added a hard failure when peer provides a certificate chain
with depth > 16. Previously, a warning was issued.

* Added additional session renegotiation hardening. OpenVPN has
always required that mid-session renegotiations build up a new
SSL/TLS session from scratch. While the client certificate
common name is already locked against changes in mid-session
TLS renegotiations, we now extend this locking to the
auth-user-pass username as well as all certificate content in
the full client certificate chain.
- Improved openvpn init script adding messages giving a hint about
pid write failure and to look into the log messages (bnc#559041).
- Added -fno-strict-aliasing to compile flags in the spec file.

Thu Dec 17 13:00:00 2009 mtAATTsuse.de
- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and
option handling provided by the from server (bnc#552440).
For complete list of changes, see ChangeLog file, here just
the IMO most important:

* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using
the redirect-gateway option by itself, without any extra
parameters, would cause the option to be ignored.

* Optimized PUSH_REQUEST handshake sequence to shave several
seconds off of a typical client connection initiation.

* The maximum number of \"route\" directives (specified in the
config file or pulled from a server) can now be configured
via the new \"max-routes\" directive.

* Eliminated the limitation on the number of options that can
be pushed to clients, including routes. Previously, all
pushed options needed to fit within a 1024 byte options
string.

* Added --server-poll-timeout option : when polling possible
remote servers to connect to in a round-robin fashion,
spend no more than n seconds waiting for a response before
trying the next server.

* Added the ability for the server to provide a custom reason
string when an AUTH_FAILED message is returned to the client.
This string can be set by the server-side managment interface
and read by the client-side management interface.

* client-kill management interface command, when issued on server,
will now send a RESTART message to client. This feature is
intended to make UDP clients respond the same as TCP clients
in the case where the server issues a RESTART message in order
to force the client to reconnect and pull a new options/route
list.

Fri Oct 2 14:00:00 2009 mtAATTsuse.de
- Added network-remotefs to init script dependencies (bnc#522279).

Wed Jun 10 14:00:00 2009 mtAATTsuse.de
- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289).
- Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558).
- Adopted spec file and patches, improved init script.
- Disabled installation of easy-rsa for Windows.

Tue Feb 17 13:00:00 2009 mtAATTsuse.de
- Improved init script to show config name in action messages
and allow to specify a config name in the second argument.

Mon Dec 1 13:00:00 2008 mtAATTsuse.de
- Removed restart_on_update rpm install hook that may break the
update process, e.g. when openvpn asks for auth data or the
update process is running over the tunnel (bnc#450390).

Tue Oct 28 13:00:00 2008 mtAATTsuse.de
- Fixed init script to handle pid files correctly (bnc#435421).

Thu May 29 14:00:00 2008 mtAATTsuse.de
- Added $time $named to Should-Start in the init script to avoid
time related certificate errors and name resolving problems.
- Added iproute2 to BuildRequires to avoid openvpn rely on PATH.

Mon May 26 14:00:00 2008 mtAATTsuse.de
- Reverted init script changes adding startproc, since they break
user auth query and multiple tunnels (bnc#394360, bnc#394353).

Thu May 22 14:00:00 2008 mtAATTsuse.de
- Added -lpam to LDFLAGS of openvpn, because linking the openvpn
auth-pam plugin against pam is not sufficient. Many pam modules
that are loaded by pam during the authentication process are not
linked against pam and contain undefined symbols, causing the
authentication to fail (bnc#334773).
- Replaced patch loading plugins from /usr/%_lib/openvpn/plugin/lib
with -rpath linker flags (bnc#334773).
- Fixed init script to use startproc to return 0 when started twice.

Tue Feb 19 13:00:00 2008 mtAATTsuse.de
- Fixed spec file to not set pie flags when building plugins

Thu Jan 17 13:00:00 2008 mtAATTsuse.de
- Bug #334773: Enabled build of down-root and auth-pam plugins,
sub-packaged as openvpn-auth-pam-plugin/down-root-plugin.
- Added patch to load plugins from /usr/%_lib/openvpn/plugin/lib
first, when the plugin name is specified as basename only.
- Added patch adoptiong plugin path informations in openvpn.8.
- Added patch to build plugins with RPM_OPT_FLAGS.
- Fixed init script to use Should-Start/Stop LSB info tags.
- Bug #343106: Enabled iproute2 support / usage

Mon Jun 4 14:00:00 2007 mtAATTsuse.de
- fixed easy-rsa installation (no exec in doc directory)
- improved spec to use configure directory variables and
cleaned up macro calls in RPM pre/post scripts.
- fixed openvpn binary check in the init script.

Fri Oct 27 14:00:00 2006 mtAATTsuse.de
- upstream 2.0.9, Windows related fixes only

* Windows installer updated with OpenSSL 0.9.7l DLLs to fix
published vulnerabilities.

* Fixed TAP-Win32 bug that caused BSOD on Windows Vista
(Henry Nestler). The TAP-Win32 driver has now been
upgraded to version 8.4.

Wed Sep 27 14:00:00 2006 poemlAATTsuse.de
- upstream 2.0.8

* Windows installer updated with OpenSSL 0.9.7k DLLs to fix
RSA Signature Forgery (CVE-2006-4339).

* No changes to OpenVPN source code between 2.0.7 and 2.0.8.

Fri Jun 23 14:00:00 2006 poemlAATTsuse.de
- upstream 2.0.7, with bug fixes:

* When deleting routes under Linux, use the route metric
as a differentiator to ensure that the route teardown
process only deletes the identical route which was originally
added via the \"route\" directive (Roy Marples).

* Fixed bug where --server directive in --dev tap mode
claimed that it would support subnets of /30 or less
but actually would only accept /29 or less.

* Extend byte counters to 64 bits (M. van Cuijk).

* Better sanity checking of --server and --server-bridge
IP pool ranges, so as not to hit the assertion at
pool.c:119 (2.0.5).

* Fixed bug where --daemon and --management-query-passwords
used together would cause OpenVPN to block prior to
daemonization.

* Fixed client/server race condition which could occur
when --auth-retry interact is set and the initially
provided auth-user-pass credentials are incorrect,
forcing a username/password re-query.

* Fixed bug where if --daemon and --management-hold are
used together, --user or --group options would be ignored.

* fix for CVE-2006-1629 integrated (disallow \"setenv\" to be pushed
to clients from the server)
- build with fPIE/pie on SUSE 10.0 or newer, or on any other platform

Wed Apr 19 14:00:00 2006 poemlAATTsuse.de
- security fix (CVE-2006-1629): disallow \"setenv\" to be pushed to
clients from the server [#165123]

Wed Jan 25 13:00:00 2006 mlsAATTsuse.de
- converted neededforbuild to BuildRequires

Thu Nov 3 13:00:00 2005 poemlAATTsuse.de
- update to 2.0.5, with two security fixes -- see below. [#132003]
2005.11.02 -- Version 2.0.5

* Fixed bug in Linux get_default_gateway function
introduced in 2.0.4, which would cause redirect-gateway
on Linux clients to fail.

* Restored easy-rsa/2.0 tree (backported from 2.1 beta
series) which accidentally disappeared in
2.0.2 -> 2.0.4 transition.
2005.11.01 -- Version 2.0.4

* Security fix -- Affects non-Windows OpenVPN clients of
version 2.0 or higher which connect to a malicious or
compromised server. A format string vulnerability
in the foreign_option function in options.c could
potentially allow a malicious or compromised server
to execute arbitrary code on the client. Only
non-Windows clients are affected. The vulnerability
only exists if (a) the client\'s TLS negotiation with
the server succeeds, (b) the server is malicious or
has been compromised such that it is configured to
push a maliciously crafted options string to the client,
and (c) the client indicates its willingness to accept
pushed options from the server by having \"pull\" or
\"client\" in its configuration file (Credit: Vade79).
CVE-2005-3393

* Security fix -- Potential DoS vulnerability on the
server in TCP mode. If the TCP server accept() call
returns an error status, the resulting exception handler
may attempt to indirect through a NULL pointer, causing
a segfault. Affects all OpenVPN 2.0 versions.
CVE-2005-3409

* Fix attempt of assertion at multi.c:1586 (note that
this precise line number will vary across different
versions of OpenVPN).

* Added \".PHONY: plugin\" to Makefile.am to work around
\"make dist\" issue.

* Fixed double fork issue that occurs when --management-hold
is used.

* Moved TUN/TAP read/write log messages from --verb 8 to 6.

* Warn when multiple clients having the same common name or
username usurp each other when --duplicate-cn is not used.

* Modified Windows and Linux versions of get_default_gateway
to return the route with the smallest metric
if multiple 0.0.0.0/0.0.0.0 entries are present.
2005.09.25 -- Version 2.0.3-rc1

* openvpn_plugin_abort_v1 function wasn\'t being properly
registered on Windows.

* Fixed a bug where --mode server --proto tcp-server --cipher none
operation could cause tunnel packet truncation.

Tue Aug 30 14:00:00 2005 poemlAATTsuse.de
- update to 2.0.2 [#106258] relevant changes:

* Fixed bug where \"--proto tcp-server --mode p2p --management
host port\" would cause the management port to not respond until
the OpenVPN peer connects.

* Modified pkitool script to be /bin/sh compatible (Johnny Lam).

Tue Aug 23 14:00:00 2005 poemlAATTsuse.de
- update to 2.0.1 [#106258]

* Security Fix -- DoS attack against server when run with \"verb 0\" and
without \"tls-auth\". If a client connection to the server fails
certificate verification, the OpenSSL error queue is not properly
flushed, which can result in another unrelated client instance on the
server seeing the error and responding to it, resulting in disconnection
of the unrelated client (CAN-2005-2531).

* Security Fix -- DoS attack against server by authenticated client.
This bug presents a potential DoS attack vector against the server
which can only be initiated by a connected and authenticated client.
If the client sends a packet which fails to decrypt on the server,
the OpenSSL error queue is not properly flushed, which can result in
another unrelated client instance on the server seeing the error and
responding to it, resulting in disconnection of the unrelated client
(CAN-2005-2532).

* Security Fix -- DoS attack against server by authenticated client.
A malicious client in \"dev tap\" ethernet bridging mode could
theoretically flood the server with packets appearing to come from
hundreds of thousands of different MAC addresses, causing the OpenVPN
process to deplete system virtual memory as it expands its internal
routing table. A --max-routes-per-client directive has been added
(default=256) to limit the maximum number of routes in OpenVPN\'s
internal routing table which can be associated with a given client
(CAN-2005-2533).

* Security Fix -- DoS attack against server by authenticated client.
If two or more client machines try to connect to the server at the
same time via TCP, using the same client certificate, and when
- -duplicate-cn is not enabled on the server, a race condition can
crash the server with \"Assertion failed at mtcp.c:411\"
(CAN-2005-2534).

* Fixed server bug where under certain circumstances, the client instance
object deletion function would try to delete iroutes which had never been
added in the first place, triggering \"Assertion failed at mroute.c:349\".

* Added --auth-retry option to prevent auth errors from being fatal
on the client side, and to permit username/password requeries in case
of error. Also controllable via new \"auth-retry\" management interface
command. See man page for more info.

* Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0

* Fixed bug in openvpn.spec where rpmbuild --define \'without_pam 1\'
would fail to build.

* Implement \"make check\" to perform loopback tests (Matthias Andree).
- drop obsolete patch which fixed finding lzo libraries

Tue Jun 28 14:00:00 2005 mrueckertAATTsuse.de
- The previous patch didnt work with lzo1 based distros. Fixed.

Tue Jun 28 14:00:00 2005 cthielAATTsuse.de
- fixed build with lzo2 (added lzo2.diff)

Wed Jun 22 14:00:00 2005 roAATTsuse.de
- build with fPIE/pie

Thu Jun 2 14:00:00 2005 hvogelAATTsuse.de
- lzo headers are in a subdirectory now

Tue Apr 19 14:00:00 2005 cthielAATTsuse.de
- update to 2.0

Thu Feb 17 13:00:00 2005 poemlAATTsuse.de
- update to 2.0_rc14
- add README.SUSE

Fri Jan 28 13:00:00 2005 poemlAATTsuse.de
- update to 2.0_rc10

Wed Dec 29 13:00:00 2004 poemlAATTsuse.de
- update to 2.0_rc6

Wed Dec 29 13:00:00 2004 poemlAATTsuse.de
- update to 2.0_rc1 (closing #45979)
IMPORTANT: OpenVPN\'s default port number is now 1194, based on an
official port number assignment by IANA. OpenVPN 2.0-beta16 and
earlier used 5000 as the default port.
- > see http://openvpn.net/20notes.html
- remove lzo sources, which come in a separate package since 9.2

Mon Jul 26 14:00:00 2004 poemlAATTsuse.de
- update to 1.6_rc4
- bzip2 sources

Sun Jan 11 13:00:00 2004 adrianAATTsuse.de
- build as user

Tue Dec 16 13:00:00 2003 wengelAATTsuse.de
- update to version 1.5.0

Sun Sep 7 14:00:00 2003 poemlAATTsuse.de
- add an init script
- use RPM_OPT_FLAGS
- add /var/run/openvpn directory for pid files

Thu Jul 31 14:00:00 2003 wengelAATTsuse.de
- update to new version -> 1.4.2

Tue May 27 14:00:00 2003 cooloAATTsuse.de
- use BuildRoot
- package a bit more straightforward

Mon May 19 14:00:00 2003 wengelAATTsuse.de
- update to version 1.4.1

Mon Jan 20 13:00:00 2003 wengelAATTsuse.de
- initial package


  
ICM