SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openvpn-2.3.4-2.15.2.x86_64.rpm :
Thu Feb 11 13:00:00 2016 ndasAATTsuse.de
- Added for possible heap overflow on read accessing getaddrinfo
result (bsc#959714).
[+openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch]
- Added a patch to fix multiple low severity issues (bsc#934237).
[+openvpn-2.3.x-fixed-multiple-low-severity-issues.patch]

Thu Jul 2 14:00:00 2015 mtAATTsuse.de
- Fixed to use correct sha digest data length and in fips mode,
use aes instead of the disallowed blowfish crypto (boo#914166).
[
* openvpn-fips140-2.3.2.patch]
- Fixed to mention actual plugin/doc dirs in openvpn(8) man page.
- Depend on systemd-devel for the daemon check functionality,
removed obsolete --with-lzo-headers configure option.

Mon Dec 1 13:00:00 2014 mtAATTsuse.de
- Applied upstream patch fixing a denial-of-service vulnerability
where an authenticated client could stop the server by triggering
a server-side ASSERT (bnc#907764,CVE-2014-8104),
[+ 0007-Drop-too-short-control-channel-packets.CVE-2014-8104.patch]

Mon Aug 25 14:00:00 2014 idonmezAATTsuse.com
- Update to version 2.3.4

* Add support for client-cert-not-required for PolarSSL.

* Introduce safety check for http proxy options.

Mon May 26 14:00:00 2014 crrodriguezAATTopensuse.org
- Build with large file support in 32 bit systems.

Sun May 11 14:00:00 2014 cooloAATTsuse.com
- use %_rundir for %ghost directory - leaving /var/run everywhere
else

Tue Jan 14 13:00:00 2014 mtAATTsuse.de
- Updated README.SUSE, documented also the rcopenvpn compatibility
wrapper script (bnc#848070).

Thu Jan 9 13:00:00 2014 meissnerAATTsuse.com
- openvpn-fips140-2.3.2.patch: Allow usage of SHA1 instead of MD5 in
some internal checking routines. This allows operation in FIPS 140-2
mode.

Tue Dec 17 13:00:00 2013 mtAATTsuse.de
- Readded rcopenvpn helper script under systemd (bnc#848070)

Thu Oct 31 13:00:00 2013 mtAATTsuse.de
- Fixed invalid mode in exec bit removal call from doc files

Tue Aug 27 14:00:00 2013 lmuelleAATTsuse.com
- Add a section about how to control all or a named configuration with the
help of systemctl to the README.SUSE file.

Mon Jun 3 14:00:00 2013 mrdocsAATTopensuse.org
- Update to 2.3.2
+Fixes since 2.3.0
- Remove dead code path and putenv functionality
- Remove unused function xor
- Move static prototype definition from header into c file
- Remove unused function no_tap_ifconfig
- fix build with automake 1.13(.1)
- Fix corner case in NTLM authentication (trac #172)
- Update README.IPv6 to match what is in 2.3.0
- Repair \"tcp server queue overflow\" brokenness, more fallout.
- Permit pool size of /64.../112 for ifconfig-ipv6-pool
- Add MIN() compatibility macro
- Fix directly connected routes for \"topology subnet\" on Solaris.
- close more file descriptors on exec
- Ignore UTF-8 byte order mark
- reintroduce --no-name-remapping option
- make --tls-remote compatible with pre 2.3 configs
- add new option for X.509 name verification
- add man page patch for missing options
- Fix parameter listing in non-debug builds at verb 4
- (updated) [PATCH] Warn when using verb levels >=7 without debug
- Enable TCP_NODELAY configuration on FreeBSD.
- Updated README
- Cleaned up and updated INSTALL
- PolarSSL-1.2 support
- Improve PolarSSL key_state_read_{cipher, plain}text messages
- Improve verify_callback messages
- Config compatibility patch. Added translate_cipher_name.
- Switch to IANA names for TLS ciphers.
- Fixed autoconf script to properly detect missing pkcs11 with polarssl.
- Use constant time memcmp when comparing HMACs in openvpn_decrypt.

Mon May 6 14:00:00 2013 mtAATTsuse.de
- Try to migrate openvpn.service autostart to openvpnAATT.service
instance enablement.

Tue Apr 23 14:00:00 2013 mtAATTsuse.de
- Fixed to enable systemd support in configure
- Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group.
- Added openvpn.target file allowing to handle all instances at once.
- Fixed to install the service template correctly as openvpnAATT.service.
Use \"systemctl enable openvpnAATTfoo.service\" to enable instance using
/etc/openvpn/foo.conf.
- Disabled systemd variant of restart on update rpm macro, adopted other
macros to use openvpn.target to e.g. stop all instances on uninstall.

Tue Mar 26 13:00:00 2013 ajAATTsuse.com
- Remove _unitdir definition, it is provided by systemd.
- Install service file without x permissions

Mon Mar 25 13:00:00 2013 p.drouandAATTgmail.com
Update to version 2.3.0:

* Full IPv6 support

* SSL layer modularised, enabling easier implementation for other SSL libraries

* PolarSSL support as a drop-in replacement for OpenSSL

* New plug-in API providing direct certificate access, improved logging API
and easier to extend in the future

* Added \'dev_type\' environment variable to scripts and plug-ins - which is
set to \'TUN\' or \'TAP\'

* New feature: --management-external-key - to provide access to the encryption
keys via the management interface

* New feature: --x509-track option, more fine grained access to X.509 fields
in scripts and plug-ins

* New feature: --client-nat support

* New feature: --mark which can mark encrypted packets from the tunnel, suitable
for more advanced routing and firewalling

* New feature: --management-query-proxy - manage proxy settings via the management
interface (supercedes --http-proxy-fallback)

* New feature: --stale-routes-check, which cleans up the internal routing table

* New feature: --x509-username-field, where other X.509v3 fields can be used for
the authentication instead of Common Name

* Improved client-kill management interface command

* Improved UTF-8 support - and added --compat-names to provide backwards compatibility
with older scripts/plug-ins

* Improved auth-pam with COMMONNAME support, passing the certificate\'s common
name in the PAM conversation

* More options can now be used inside blocks

* Completely new build system, enabling easier cross-compilation and Windows builds

* Much of the code has been better documented

* Many documentation updates

* Plenty of bug fixes and other code clean-ups
- Add systemd native support for OpenSUSE > 12.1
- Adapt patchs to upstream release:

* openvpn-2.1-plugin-man.dif > openvpn-2.3-plugin-man.dif

* openvpn-2.1.0-man-dot.diff > openvpn-2.3.0-man-dot.diff
- Remove obsolete patchs; fixed or merged on upstream release:

* 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch

* openvpn-2.1-plugin-build.dif

* openvpn-2.1-systemd-passwd.patch
- Rebase specfile to upstream changes:

* easy-rsa is not provided anymore with main package

* remove %clean section

* autoreconf -fi is no needed
- Update openvpn.keyring file for upstream release asc key

Mon Jan 28 13:00:00 2013 mtAATTsuse.com
- Join openvpn.service systemd cgroup in start when needed, e.g.
when starting with further parameters. (bnc#781106)

Thu Nov 29 13:00:00 2012 sbrabecAATTsuse.cz
- Verify GPG signature.

Fri Sep 21 14:00:00 2012 cooloAATTsuse.com
- fix ciaran\'s previous license entry. the license has a SUSE prefix

Thu Sep 20 14:00:00 2012 mtAATTsuse.com
- Fixed openvpn init script to not map reopen to reload so the
reopen code is without any effect (bnc#781106).
- Added requested OPENVPN_AUTOSTART variable allowing to provide
an optional list of config names started by default (bnc#692440).

Wed Aug 22 14:00:00 2012 cfarrellAATTsuse.com
- license update: GPL-2.0-with-openssl-exception and LGPL-2.1
openssl has an openssl exception (also, it is GPL-2.0 only)

Thu Mar 29 14:00:00 2012 mtAATTsuse.com
- Fixed SLES build readding Group tags to sub-packages in spec,
not require libselinux-devel on SLE-10 and datadir/doc cleanup.

Wed Feb 15 13:00:00 2012 mtAATTsuse.com
- Updated to openvpn-2.2.2:
- Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2
- Pkcs11 support built into the Windows version
- Fixed a bug in the Windows TAP-driver

Thu Dec 8 13:00:00 2011 ajAATTsuse.de
- Fix source URLs.

Fri Dec 2 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency

Mon Aug 29 14:00:00 2011 mtAATTsuse.com
- Marked /var/run/openvpn as ghost (bnc#710270), man page and
other rpmlint warning fixes

Tue Aug 23 14:00:00 2011 crrodriguezAATTopensuse.org
- BuildRequires libselinux-devel
- Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent
upstream as https://community.openvpn.net/openvpn/ticket/157

Mon Aug 22 14:00:00 2011 fcrozatAATTnovell.com
- Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to
support systemd password query (bnc#675406)

Mon Jul 11 14:00:00 2011 mtAATTsuse.de
- Updated to openvpn-2.2.1, a new version series providing several
new features. This version fixes build issues and provides
updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125),
- Adopted spec file, enabled saving password in a file and to
specify an alternative username in x509 cert.
- Removed X-Interactive from init script again, as systemd isn\'t
able to use it correctly [any more?] (bnc#675406). We will
address it later and probably use /bin/systemd-ask-password.

Tue Mar 15 13:00:00 2011 crrodriguezAATTopensuse.org
- KVPNC is unable to parse openvpn version [bnc#679153]

Thu Feb 17 13:00:00 2011 mtAATTsuse.de
- Added X-Interactive: true LSB tag to the init script.

Tue Nov 16 13:00:00 2010 mtAATTsuse.de
- Updated to openvpn 2.1.4, providing several bug fixes and
improvements, such as:

* Fix of a problem with special case route targets

* Try to ensure, that the tun/tap interface gets closed on
non-graceful aborts.

* Several AUTH_FAILED reporting fixes causing the connection
to fail without any error indication.

* Enable exponential backoff in reliability layer retransmits.

* Proxy improvements
Please review the ChangeLog file for a complete and exact list.

Wed Sep 8 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Do not include build date in binaries

Tue Jun 15 14:00:00 2010 mtAATTsuse.de
- Improved netconfig based client up and down sample scripts.

Fri Jun 11 14:00:00 2010 anschneiderAATTexsuse.de
- Added netconfig based client up and down scripts to samples.

Thu Mar 11 13:00:00 2010 mtAATTsuse.de
- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:

* Fixed a couple issues in sample plugins auth-pam.c and
down-root.c.
(1) Fail gracefully rather than segfault if calloc returns NULL.
(2) The openvpn_plugin_abort_v1 function can potentially be
called with handle == NULL. Add code to detect this case,
and if so, avoid dereferencing pointers derived from handle
(Thanks to David Sommerseth for finding this bug).

* Documented \"multihome\" option in the man page.

* Added a hard failure when peer provides a certificate chain
with depth > 16. Previously, a warning was issued.

* Added additional session renegotiation hardening. OpenVPN has
always required that mid-session renegotiations build up a new
SSL/TLS session from scratch. While the client certificate
common name is already locked against changes in mid-session
TLS renegotiations, we now extend this locking to the
auth-user-pass username as well as all certificate content in
the full client certificate chain.
- Improved openvpn init script adding messages giving a hint about
pid write failure and to look into the log messages (bnc#559041).
- Added -fno-strict-aliasing to compile flags in the spec file.

Thu Dec 17 13:00:00 2009 mtAATTsuse.de
- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and
option handling provided by the from server (bnc#552440).
For complete list of changes, see ChangeLog file, here just
the IMO most important:

* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using
the redirect-gateway option by itself, without any extra
parameters, would cause the option to be ignored.

* Optimized PUSH_REQUEST handshake sequence to shave several
seconds off of a typical client connection initiation.

* The maximum number of \"route\" directives (specified in the
config file or pulled from a server) can now be configured
via the new \"max-routes\" directive.

* Eliminated the limitation on the number of options that can
be pushed to clients, including routes. Previously, all
pushed options needed to fit within a 1024 byte options
string.

* Added --server-poll-timeout option : when polling possible
remote servers to connect to in a round-robin fashion,
spend no more than n seconds waiting for a response before
trying the next server.

* Added the ability for the server to provide a custom reason
string when an AUTH_FAILED message is returned to the client.
This string can be set by the server-side managment interface
and read by the client-side management interface.

* client-kill management interface command, when issued on server,
will now send a RESTART message to client. This feature is
intended to make UDP clients respond the same as TCP clients
in the case where the server issues a RESTART message in order
to force the client to reconnect and pull a new options/route
list.

Fri Oct 2 14:00:00 2009 mtAATTsuse.de
- Added network-remotefs to init script dependencies (bnc#522279).

Wed Jun 10 14:00:00 2009 mtAATTsuse.de
- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289).
- Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558).
- Adopted spec file and patches, improved init script.
- Disabled installation of easy-rsa for Windows.


  
ICM