SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openvpn-2.1.4-11.34.1.i586.rpm :

* Mon Nov 04 2013 johann.luceAATTwanadoo.fr- Applied upstream patch changing to use a constant time memcmp when comparing HMACs in openvpn_decrypt to address ciphertext injection in UDP mode (CVE-2013-2061, bnc#843509). [0006-openvpn-2.0.9-HMAC-memcmp-CVE-2013-2061_bnc843509.patch]
* Wed Oct 17 2012 mtAATTsuse.com- Fixed openvpn init script to not map reopen to reload so the reopen code is without any effect (bnc#781106).- Added requested OPENVPN_AUTOSTART variable allowing to provide an optional list of config names started by default (bnc#692440).
* Tue Mar 15 2011 crrodriguezAATTopensuse.org- KVPNC is unable to parse openvpn version [bnc#679153]
* Thu Feb 17 2011 mtAATTsuse.de- Added X-Interactive: true LSB tag to the init script.
* Tue Nov 16 2010 mtAATTsuse.de- Updated to openvpn 2.1.4, providing several bug fixes and improvements, such as:
* Fix of a problem with special case route targets
* Try to ensure, that the tun/tap interface gets closed on non-graceful aborts.
* Several AUTH_FAILED reporting fixes causing the connection to fail without any error indication.
* Enable exponential backoff in reliability layer retransmits.
* Proxy improvements Please review the ChangeLog file for a complete and exact list.
* Wed Sep 08 2010 cristian.rodriguezAATTopensuse.org- Do not include build date in binaries
* Tue Jun 15 2010 mtAATTsuse.de- Improved netconfig based client up and down sample scripts.
* Fri Jun 11 2010 anschneiderAATTexsuse.de- Added netconfig based client up and down scripts to samples.
* Thu Mar 11 2010 mtAATTsuse.de- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:
* Fixed a couple issues in sample plugins auth-pam.c and down-root.c. (1) Fail gracefully rather than segfault if calloc returns NULL. (2) The openvpn_plugin_abort_v1 function can potentially be called with handle == NULL. Add code to detect this case, and if so, avoid dereferencing pointers derived from handle (Thanks to David Sommerseth for finding this bug).
* Documented \"multihome\" option in the man page.
* Added a hard failure when peer provides a certificate chain with depth > 16. Previously, a warning was issued.
* Added additional session renegotiation hardening. OpenVPN has always required that mid-session renegotiations build up a new SSL/TLS session from scratch. While the client certificate common name is already locked against changes in mid-session TLS renegotiations, we now extend this locking to the auth-user-pass username as well as all certificate content in the full client certificate chain.- Improved openvpn init script adding messages giving a hint about pid write failure and to look into the log messages (bnc#559041).- Added -fno-strict-aliasing to compile flags in the spec file.
* Thu Dec 17 2009 mtAATTsuse.de- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and option handling provided by the from server (bnc#552440). For complete list of changes, see ChangeLog file, here just the IMO most important:
* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the redirect-gateway option by itself, without any extra parameters, would cause the option to be ignored.
* Optimized PUSH_REQUEST handshake sequence to shave several seconds off of a typical client connection initiation.
* The maximum number of \"route\" directives (specified in the config file or pulled from a server) can now be configured via the new \"max-routes\" directive.
* Eliminated the limitation on the number of options that can be pushed to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string.
* Added --server-poll-timeout option : when polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server.
* Added the ability for the server to provide a custom reason string when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface.
* client-kill management interface command, when issued on server, will now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list.
* Fri Oct 02 2009 mtAATTsuse.de- Added network-remotefs to init script dependencies (bnc#522279).
* Wed Jun 10 2009 mtAATTsuse.de- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289).- Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558).- Adopted spec file and patches, improved init script.- Disabled installation of easy-rsa for Windows.
  
ICM