OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

openvpn-2.0.9.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:347c551e7c88affc1f4b7a4b715080253c9298dcc512ed29fe8ca5cd26d015d9
+size 669076

openvpn-2.0.9.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (GNU/Linux)
+
+iD8DBQBFH7kKHQtJlh+/UfMRAsIdAJ41usSP8OGmeaW+/7osfXhjiRCKIACfSzex
+ilPdxBhlGGL833OuyqRUgLY=
+=fiJg
+-----END PGP SIGNATURE-----

openvpn.README.SUSE

@@ -0,0 +1,7 @@
+
+Notes about the OpenVPN package
+
+In a fresh installation, you will find an empty directory /etc/openvpn.
+The directory is meant to contain *.conf files -- the openvpn init script 
+will automatically look for them there, so you can start/stop all tunnels with
+"rcopenvpn (start|stop)", as well as start tham at boot time.

openvpn.changes

@@ -0,0 +1,259 @@
+-------------------------------------------------------------------
+Fri Oct 27 10:40:59 CEST 2006 - mt@suse.de
+
+- upstream 2.0.9, Windows related fixes only
+  * Windows installer updated with OpenSSL 0.9.7l DLLs to fix
+    published vulnerabilities.
+  * Fixed TAP-Win32 bug that caused BSOD on Windows Vista
+    (Henry Nestler).  The TAP-Win32 driver has now been
+    upgraded to version 8.4.
+
+-------------------------------------------------------------------
+Wed Sep 27 14:34:48 CEST 2006 - poeml@suse.de
+
+- upstream 2.0.8
+  * Windows installer updated with OpenSSL 0.9.7k DLLs to fix
+    RSA Signature Forgery (CVE-2006-4339).
+  * No changes to OpenVPN source code between 2.0.7 and 2.0.8.
+
+-------------------------------------------------------------------
+Fri Jun 23 11:55:10 CEST 2006 - poeml@suse.de
+
+- upstream 2.0.7, with bug fixes:
+* When deleting routes under Linux, use the route metric
+  as a differentiator to ensure that the route teardown
+  process only deletes the identical route which was originally
+  added via the "route" directive (Roy Marples).
+* Fixed bug where --server directive in --dev tap mode
+  claimed that it would support subnets of /30 or less
+  but actually would only accept /29 or less.
+* Extend byte counters to 64 bits (M. van Cuijk).
+* Better sanity checking of --server and --server-bridge
+  IP pool ranges, so as not to hit the assertion at
+  pool.c:119 (2.0.5).
+* Fixed bug where --daemon and --management-query-passwords
+  used together would cause OpenVPN to block prior to
+  daemonization.
+* Fixed client/server race condition which could occur
+  when --auth-retry interact is set and the initially
+  provided auth-user-pass credentials are incorrect,
+  forcing a username/password re-query.
+* Fixed bug where if --daemon and --management-hold are
+  used together, --user or --group options would be ignored.
+* fix for CVE-2006-1629 integrated (disallow "setenv" to be pushed
+  to clients from the server)
+- build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
+
+-------------------------------------------------------------------
+Wed Apr 19 13:10:56 CEST 2006 - poeml@suse.de
+
+- security fix (CVE-2006-1629): disallow "setenv" to be pushed to
+  clients from the server [#165123]
+
+-------------------------------------------------------------------
+Wed Jan 25 21:39:08 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Thu Nov  3 15:25:01 CET 2005 - poeml@suse.de
+
+- update to 2.0.5, with two security fixes -- see below. [#132003]
+  2005.11.02 -- Version 2.0.5
+  * Fixed bug in Linux get_default_gateway function
+    introduced in 2.0.4, which would cause redirect-gateway
+    on Linux clients to fail.
+  * Restored easy-rsa/2.0 tree (backported from 2.1 beta
+    series) which accidentally disappeared in
+    2.0.2 -> 2.0.4 transition.
+  2005.11.01 -- Version 2.0.4
+  * Security fix -- Affects non-Windows OpenVPN clients of
+    version 2.0 or higher which connect to a malicious or
+    compromised server.  A format string vulnerability
+    in the foreign_option function in options.c could
+    potentially allow a malicious or compromised server
+    to execute arbitrary code on the client.  Only
+    non-Windows clients are affected.  The vulnerability
+    only exists if (a) the client's TLS negotiation with
+    the server succeeds, (b) the server is malicious or
+    has been compromised such that it is configured to
+    push a maliciously crafted options string to the client,
+    and (c) the client indicates its willingness to accept
+    pushed options from the server by having "pull" or
+    "client" in its configuration file (Credit: Vade79).
+    CVE-2005-3393
+  * Security fix -- Potential DoS vulnerability on the
+    server in TCP mode.  If the TCP server accept() call
+    returns an error status, the resulting exception handler
+    may attempt to indirect through a NULL pointer, causing
+    a segfault.  Affects all OpenVPN 2.0 versions.
+    CVE-2005-3409
+  * Fix attempt of assertion at multi.c:1586 (note that
+    this precise line number will vary across different
+    versions of OpenVPN).
+  * Added ".PHONY: plugin" to Makefile.am to work around
+    "make dist" issue.
+  * Fixed double fork issue that occurs when --management-hold
+    is used.
+  * Moved TUN/TAP read/write log messages from --verb 8 to 6.
+  * Warn when multiple clients having the same common name or
+    username usurp each other when --duplicate-cn is not used.
+  * Modified Windows and Linux versions of get_default_gateway
+    to return the route with the smallest metric
+    if multiple 0.0.0.0/0.0.0.0 entries are present.
+  2005.09.25 -- Version 2.0.3-rc1        
+  * openvpn_plugin_abort_v1 function wasn't being properly
+    registered on Windows.
+  * Fixed a bug where --mode server --proto tcp-server --cipher none
+    operation could cause tunnel packet truncation.
+
+-------------------------------------------------------------------
+Tue Aug 30 15:05:08 CEST 2005 - poeml@suse.de
+
+- update to 2.0.2 [#106258] relevant changes:
+  * Fixed bug where "--proto tcp-server --mode p2p --management
+    host port" would cause the management port to not respond until
+    the OpenVPN peer connects.
+  * Modified pkitool script to be /bin/sh compatible (Johnny Lam).
+
+-------------------------------------------------------------------
+Tue Aug 23 13:56:27 CEST 2005 - poeml@suse.de
+
+- update to 2.0.1 [#106258]
+  * Security Fix -- DoS attack against server when run with "verb 0" and
+    without "tls-auth".  If a client connection to the server fails
+    certificate verification, the OpenSSL error queue is not properly
+    flushed, which can result in another unrelated client instance on the
+    server seeing the error and responding to it, resulting in disconnection
+    of the unrelated client (CAN-2005-2531).
+  * Security Fix -- DoS attack against server by authenticated client.
+    This bug presents a potential DoS attack vector against the server
+    which can only be initiated by a connected and authenticated client.
+    If the client sends a packet which fails to decrypt on the server,
+    the OpenSSL error queue is not properly flushed, which can result in
+    another unrelated client instance on the server seeing the error and
+    responding to it, resulting in disconnection of the unrelated client
+    (CAN-2005-2532).
+  * Security Fix -- DoS attack against server by authenticated client.
+    A malicious client in "dev tap" ethernet bridging mode could
+    theoretically flood the server with packets appearing to come from
+    hundreds of thousands of different MAC addresses, causing the OpenVPN
+    process to deplete system virtual memory as it expands its internal
+    routing table.  A --max-routes-per-client directive has been added
+    (default=256) to limit the maximum number of routes in OpenVPN's
+    internal routing table which can be associated with a given client
+    (CAN-2005-2533).
+  * Security Fix -- DoS attack against server by authenticated client.
+    If two or more client machines try to connect to the server at the
+    same time via TCP, using the same client certificate, and when
+    --duplicate-cn is not enabled on the server, a race condition can
+    crash the server with "Assertion failed at mtcp.c:411"
+    (CAN-2005-2534).
+  * Fixed server bug where under certain circumstances, the client instance
+    object deletion function would try to delete iroutes which had never been
+    added in the first place, triggering "Assertion failed at mroute.c:349".
+  * Added --auth-retry option to prevent auth errors from being fatal
+    on the client side, and to permit username/password requeries in case
+    of error.  Also controllable via new "auth-retry" management interface
+    command.  See man page for more info.
+  * Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0
+  * Fixed bug in openvpn.spec where rpmbuild --define 'without_pam 1'
+    would fail to build.
+  * Implement "make check" to perform loopback tests (Matthias Andree).
+- drop obsolete patch which fixed finding lzo libraries
+
+-------------------------------------------------------------------
+Tue Jun 28 14:27:17 CEST 2005 - mrueckert@suse.de
+
+- The previous patch didnt work with lzo1 based distros. Fixed.
+
+-------------------------------------------------------------------
+Tue Jun 28 11:25:32 CEST 2005 - cthiel@suse.de
+
+- fixed build with lzo2 (added lzo2.diff)
+
+-------------------------------------------------------------------
+Thu Jun 23 01:48:38 CEST 2005 - ro@suse.de
+
+- build with fPIE/pie 
+
+-------------------------------------------------------------------
+Thu Jun  2 18:01:18 CEST 2005 - hvogel@suse.de
+
+- lzo headers are in a subdirectory now
+
+-------------------------------------------------------------------
+Tue Apr 19 10:28:32 CEST 2005 - cthiel@suse.de
+
+- update to 2.0
+
+-------------------------------------------------------------------
+Thu Feb 17 21:57:20 CET 2005 - poeml@suse.de
+
+- update to 2.0_rc14
+- add README.SUSE
+
+-------------------------------------------------------------------
+Fri Jan 28 10:52:55 CET 2005 - poeml@suse.de
+
+- update to 2.0_rc10
+
+-------------------------------------------------------------------
+Wed Dec 29 14:10:20 CET 2004 - poeml@suse.de
+
+- update to 2.0_rc6
+
+-------------------------------------------------------------------
+Wed Dec 29 10:35:28 CET 2004 - poeml@suse.de
+
+- update to 2.0_rc1 (closing #45979)
+  IMPORTANT: OpenVPN's default port number is now 1194, based on an
+  official port number assignment by IANA.  OpenVPN 2.0-beta16 and
+  earlier used 5000 as the default port.
+  -> see http://openvpn.net/20notes.html
+- remove lzo sources, which come in a separate package since 9.2
+
+-------------------------------------------------------------------
+Mon Jul 26 15:43:00 CEST 2004 - poeml@suse.de
+
+- update to 1.6_rc4
+- bzip2 sources
+
+-------------------------------------------------------------------
+Sun Jan 11 11:33:35 CET 2004 - adrian@suse.de
+
+- build as user
+
+-------------------------------------------------------------------
+Tue Dec 16 16:07:29 CET 2003 - wengel@suse.de
+
+- update to version 1.5.0
+
+-------------------------------------------------------------------
+Sun Sep  7 18:41:23 CEST 2003 - poeml@suse.de
+
+- add an init script
+- use RPM_OPT_FLAGS
+- add /var/run/openvpn directory for pid files
+
+-------------------------------------------------------------------
+Thu Jul 31 14:24:14 CEST 2003 - wengel@suse.de
+
+- update to new version -> 1.4.2
+
+-------------------------------------------------------------------
+Tue May 27 10:45:35 CEST 2003 - coolo@suse.de
+
+- use BuildRoot
+- package a bit more straightforward
+
+-------------------------------------------------------------------
+Mon May 19 08:41:42 CEST 2003 - wengel@suse.de
+
+- update to version 1.4.1
+
+-------------------------------------------------------------------
+Mon Jan 20 17:05:53 CET 2003 - wengel@suse.de
+
+- initial package
+

openvpn.init

@@ -0,0 +1,157 @@
+#! /bin/sh
+# Copyright (c) 2003 SuSE Linux AG
+#
+# Author: Peter Poeml <poeml@suse.de>
+#
+# inspired by the init script contributed to the OpenVPN project by 
+# Douglas Keller <doug@voidstar.dyndns.org>
+#
+# /etc/init.d/openvpn
+#   and its symbolic link
+# /usr/sbin/rcopenvpn
+#
+### BEGIN INIT INFO
+# Provides:			openvpn
+# Required-Start:		$local_fs $remote_fs $network 
+# X-UnitedLinux-Should-Start:	$syslog
+# Required-Stop:		$local_fs $remote_fs $network
+# X-UnitedLinux-Should-Stop:	$syslog 
+# Default-Start:		3 5
+# Default-Stop:			0 1 2 6
+# Short-Description:		OpenVPN tunnel
+# Description:			Start OpenVPN tunnel
+### END INIT INFO
+
+
+# test -s /etc/sysconfig/openvpn && \
+#       . /etc/sysconfig/openvpn
+
+DAEMON="OpenVPN"
+openvpn=/usr/sbin/openvpn
+confdir=/etc/openvpn
+piddir=/var/run/openvpn
+test -d $piddir || mkdir $piddir
+
+test -x $openvpn || exit 5
+
+# Shell functions sourced from /etc/rc.status:
+#      rc_check         check and set local and overall rc status
+#      rc_status        check and set local and overall rc status
+#      rc_status -v     ditto but be verbose in local rc status
+#      rc_status -v -r  ditto and clear the local rc status
+#      rc_failed        set local and overall rc status to failed
+#      rc_failed <num>  set local and overall rc status to <num><num>
+#      rc_reset         clear local rc status (overall remains)
+#      rc_exit          exit appropriate to overall rc status
+. /etc/rc.status
+
+# First reset status of this service
+rc_reset
+
+# Return values acc. to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+# 
+# Note that starting an already running service, stopping
+# or restarting a not-running service as well as the restart
+# with force-reload (in case signalling is not supported) are
+# considered a success.
+
+shopt -s nullglob
+ret=true
+
+case "$1" in
+    start)
+	echo -n "Starting $DAEMON "
+
+	/sbin/modprobe tun &>/dev/null
+
+	for conf in $confdir/*.conf; do
+		pidfile=$(basename ${conf%%.conf}).pid
+		$openvpn --daemon \
+			--writepid $piddir/$pidfile \
+			--config $conf \
+			--cd $confdir \
+			|| ret=false
+	done
+
+	# Remember status and be verbose
+	$ret
+	rc_status -v
+	;;
+    stop)
+	echo -n "Shutting down $DAEMON "
+
+	## Stop daemon with killproc(8) and if this fails
+	## set echo the echo return value.
+
+	for i in $piddir/*.pid; do
+		killproc -p $i -TERM $openvpn || ret=false
+	done
+
+	# Remember status and be verbose
+	$ret
+	rc_status -v
+	;;
+    try-restart)
+        ## Do a restart only if the service was active before.
+        ## Note: try-restart is now part of LSB (as of 1.9).
+        ## RH has a similar command named condrestart.
+        $0 status
+        if test $? = 0; then
+                $0 restart
+        else
+                rc_reset        # Not running is not a failure.
+        fi
+        # Remember status and be quiet
+        rc_status
+        ;;
+    restart)
+	## Stop the service and regardless of whether it was
+	## running or not, start it again.
+	$0 stop
+	sleep 3
+	$0 start
+
+	# Remember status and be quiet
+	rc_status
+	;;
+    reload)
+	for i in $piddir/*.pid; do
+		killproc -p $i -HUP $openvpn || ret=false
+	done
+	rc_status -v
+	;;
+    reopen)
+	for i in $piddir/*.pid; do
+		killproc -p $i -USR1 $openvpn || ret=false
+	done
+	rc_status -v
+	;;
+    status)
+	echo -n "Checking for $DAEMON: "
+	running=false
+	for i in $piddir/*.pid; do
+		running=true
+		killproc -p $i -USR2 $openvpn || { rv=$?; ret=false; }
+	done
+	if $running; then
+		$ret
+		rc_status -v
+		echo Status written to /var/log/messages
+	else
+		rc_failed 3
+		rc_status -v
+	fi
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|try-restart|restart|reload|reopen}"
+	exit 1
+esac
+rc_exit

openvpn.spec

@@ -0,0 +1,285 @@
+#
+# spec file for package openvpn (Version 2.0.9)
+#
+# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# This file and all modifications and additions to the pristine
+# package are under the same license as the package itself.
+#
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+# norootforbuild
+
+Name:           openvpn
+BuildRequires:  lzo-devel openssl-devel
+URL:            http://openvpn.sourceforge.net/
+License:        GNU General Public License (GPL), GNU Library General Public License v. 2.0 and 2.1 (LGPL)
+Group:          Productivity/Networking/Security
+Autoreqprov:    on
+%if 0%{?suse_version}
+PreReq:         %insserv_prereq %fillup_prereq
+%endif
+Version:        2.0.9
+Release:        1
+Summary:        Create VPN over Wireless and Ethernet Networks using a Tun Device
+Source:         http://openvpn.net/release/openvpn-%{version}.tar.gz
+Source1:        http://openvpn.net/signatures/openvpn-%{version}.tar.gz.asc
+Source2:        openvpn.init
+Source3:        openvpn.README.SUSE
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+Create VPN over wireless and ethernet networks using a tun device.
+
+
+
+Authors:
+--------
+    James Yonan <jim@yonan.net>
+
+%prep
+%setup
+
+%build
+autoreconf -fi
+export CFLAGS="$RPM_OPT_FLAGS -Wall"
+export LDFLAGS=
+# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
+%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
+CFLAGS="$CFLAGS -fPIE"
+LDFLAGS="$LDFLAGS -pie"
+%endif
+./configure --prefix=/usr --enable-pthread \
+	--mandir=%_mandir --with-lzo-headers=%_includedir/lzo
+make
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make DESTDIR=$RPM_BUILD_ROOT install
+mkdir -p $RPM_BUILD_ROOT/etc/openvpn
+mkdir -p $RPM_BUILD_ROOT/var/run/openvpn
+install -D -m 755 $RPM_SOURCE_DIR/openvpn.init $RPM_BUILD_ROOT/etc/init.d/openvpn
+ln -sv ../../etc/init.d/openvpn $RPM_BUILD_ROOT/usr/sbin/rcopenvpn
+cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE
+rm -f easy-rsa/build-key-server.orig
+
+%clean
+if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
+
+%post
+%{fillup_and_insserv -f}
+%if %{?suse_version:%suse_version}%{?!suse_version:0} > 820
+
+%preun
+%stop_on_removal openvpn
+%endif
+
+%postun
+%if %{?suse_version:%suse_version}%{?!suse_version:0} > 820
+%restart_on_update openvpn
+%endif
+%insserv_cleanup
+
+%files
+%defattr(-,root,root)
+%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS PORTS README
+%doc README.SUSE
+%doc contrib
+%doc easy-rsa
+%doc management
+%doc sample-config-files
+%doc sample-keys
+%doc sample-scripts
+%doc suse
+/usr/sbin/openvpn
+%doc %{_mandir}/man8/openvpn.8.gz
+%config(noreplace) /etc/openvpn/
+%config /etc/init.d/openvpn
+/usr/sbin/rcopenvpn
+%dir /var/run/openvpn
+
+%changelog -n openvpn
+* Fri Oct 27 2006 - mt@suse.de
+- upstream 2.0.9, Windows related fixes only
+  * Windows installer updated with OpenSSL 0.9.7l DLLs to fix
+  published vulnerabilities.
+  * Fixed TAP-Win32 bug that caused BSOD on Windows Vista
+  (Henry Nestler).  The TAP-Win32 driver has now been
+  upgraded to version 8.4.
+* Wed Sep 27 2006 - poeml@suse.de
+- upstream 2.0.8
+  * Windows installer updated with OpenSSL 0.9.7k DLLs to fix
+  RSA Signature Forgery (CVE-2006-4339).
+  * No changes to OpenVPN source code between 2.0.7 and 2.0.8.
+* Fri Jun 23 2006 - poeml@suse.de
+- upstream 2.0.7, with bug fixes:
+  * When deleting routes under Linux, use the route metric
+  as a differentiator to ensure that the route teardown
+  process only deletes the identical route which was originally
+  added via the "route" directive (Roy Marples).
+  * Fixed bug where --server directive in --dev tap mode
+  claimed that it would support subnets of /30 or less
+  but actually would only accept /29 or less.
+  * Extend byte counters to 64 bits (M. van Cuijk).
+  * Better sanity checking of --server and --server-bridge
+  IP pool ranges, so as not to hit the assertion at
+  pool.c:119 (2.0.5).
+  * Fixed bug where --daemon and --management-query-passwords
+  used together would cause OpenVPN to block prior to
+  daemonization.
+  * Fixed client/server race condition which could occur
+  when --auth-retry interact is set and the initially
+  provided auth-user-pass credentials are incorrect,
+  forcing a username/password re-query.
+  * Fixed bug where if --daemon and --management-hold are
+  used together, --user or --group options would be ignored.
+  * fix for CVE-2006-1629 integrated (disallow "setenv" to be pushed
+  to clients from the server)
+- build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
+* Wed Apr 19 2006 - poeml@suse.de
+- security fix (CVE-2006-1629): disallow "setenv" to be pushed to
+  clients from the server [#165123]
+* Wed Jan 25 2006 - mls@suse.de
+- converted neededforbuild to BuildRequires
+* Thu Nov 03 2005 - poeml@suse.de
+- update to 2.0.5, with two security fixes -- see below. [#132003]
+  2005.11.02 -- Version 2.0.5
+  * Fixed bug in Linux get_default_gateway function
+  introduced in 2.0.4, which would cause redirect-gateway
+  on Linux clients to fail.
+  * Restored easy-rsa/2.0 tree (backported from 2.1 beta
+  series) which accidentally disappeared in
+  2.0.2 -> 2.0.4 transition.
+  2005.11.01 -- Version 2.0.4
+  * Security fix -- Affects non-Windows OpenVPN clients of
+  version 2.0 or higher which connect to a malicious or
+  compromised server.  A format string vulnerability
+  in the foreign_option function in options.c could
+  potentially allow a malicious or compromised server
+  to execute arbitrary code on the client.  Only
+  non-Windows clients are affected.  The vulnerability
+  only exists if (a) the client's TLS negotiation with
+  the server succeeds, (b) the server is malicious or
+  has been compromised such that it is configured to
+  push a maliciously crafted options string to the client,
+  and (c) the client indicates its willingness to accept
+  pushed options from the server by having "pull" or
+  "client" in its configuration file (Credit: Vade79).
+  CVE-2005-3393
+  * Security fix -- Potential DoS vulnerability on the
+  server in TCP mode.  If the TCP server accept() call
+  returns an error status, the resulting exception handler
+  may attempt to indirect through a NULL pointer, causing
+  a segfault.  Affects all OpenVPN 2.0 versions.
+  CVE-2005-3409
+  * Fix attempt of assertion at multi.c:1586 (note that
+  this precise line number will vary across different
+  versions of OpenVPN).
+  * Added ".PHONY: plugin" to Makefile.am to work around
+  "make dist" issue.
+  * Fixed double fork issue that occurs when --management-hold
+  is used.
+  * Moved TUN/TAP read/write log messages from --verb 8 to 6.
+  * Warn when multiple clients having the same common name or
+  username usurp each other when --duplicate-cn is not used.
+  * Modified Windows and Linux versions of get_default_gateway
+  to return the route with the smallest metric
+  if multiple 0.0.0.0/0.0.0.0 entries are present.
+  2005.09.25 -- Version 2.0.3-rc1
+  * openvpn_plugin_abort_v1 function wasn't being properly
+  registered on Windows.
+  * Fixed a bug where --mode server --proto tcp-server --cipher none
+  operation could cause tunnel packet truncation.
+* Tue Aug 30 2005 - poeml@suse.de
+- update to 2.0.2 [#106258] relevant changes:
+  * Fixed bug where "--proto tcp-server --mode p2p --management
+  host port" would cause the management port to not respond until
+  the OpenVPN peer connects.
+  * Modified pkitool script to be /bin/sh compatible (Johnny Lam).
+* Tue Aug 23 2005 - poeml@suse.de
+- update to 2.0.1 [#106258]
+  * Security Fix -- DoS attack against server when run with "verb 0" and
+  without "tls-auth".  If a client connection to the server fails
+  certificate verification, the OpenSSL error queue is not properly
+  flushed, which can result in another unrelated client instance on the
+  server seeing the error and responding to it, resulting in disconnection
+  of the unrelated client (CAN-2005-2531).
+  * Security Fix -- DoS attack against server by authenticated client.
+  This bug presents a potential DoS attack vector against the server
+  which can only be initiated by a connected and authenticated client.
+  If the client sends a packet which fails to decrypt on the server,
+  the OpenSSL error queue is not properly flushed, which can result in
+  another unrelated client instance on the server seeing the error and
+  responding to it, resulting in disconnection of the unrelated client
+  (CAN-2005-2532).
+  * Security Fix -- DoS attack against server by authenticated client.
+  A malicious client in "dev tap" ethernet bridging mode could
+  theoretically flood the server with packets appearing to come from
+  hundreds of thousands of different MAC addresses, causing the OpenVPN
+  process to deplete system virtual memory as it expands its internal
+  routing table.  A --max-routes-per-client directive has been added
+  (default=256) to limit the maximum number of routes in OpenVPN's
+  internal routing table which can be associated with a given client
+  (CAN-2005-2533).
+  * Security Fix -- DoS attack against server by authenticated client.
+  If two or more client machines try to connect to the server at the
+  same time via TCP, using the same client certificate, and when
+    --duplicate-cn is not enabled on the server, a race condition can
+  crash the server with "Assertion failed at mtcp.c:411"
+  (CAN-2005-2534).
+  * Fixed server bug where under certain circumstances, the client instance
+  object deletion function would try to delete iroutes which had never been
+  added in the first place, triggering "Assertion failed at mroute.c:349".
+  * Added --auth-retry option to prevent auth errors from being fatal
+  on the client side, and to permit username/password requeries in case
+  of error.  Also controllable via new "auth-retry" management interface
+  command.  See man page for more info.
+  * Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0
+  * Fixed bug in openvpn.spec where rpmbuild --define 'without_pam 1'
+  would fail to build.
+  * Implement "make check" to perform loopback tests (Matthias Andree).
+- drop obsolete patch which fixed finding lzo libraries
+* Tue Jun 28 2005 - mrueckert@suse.de
+- The previous patch didnt work with lzo1 based distros. Fixed.
+* Tue Jun 28 2005 - cthiel@suse.de
+- fixed build with lzo2 (added lzo2.diff)
+* Thu Jun 23 2005 - ro@suse.de
+- build with fPIE/pie
+* Thu Jun 02 2005 - hvogel@suse.de
+- lzo headers are in a subdirectory now
+* Tue Apr 19 2005 - cthiel@suse.de
+- update to 2.0
+* Thu Feb 17 2005 - poeml@suse.de
+- update to 2.0_rc14
+- add README.SUSE
+* Fri Jan 28 2005 - poeml@suse.de
+- update to 2.0_rc10
+* Wed Dec 29 2004 - poeml@suse.de
+- update to 2.0_rc6
+* Wed Dec 29 2004 - poeml@suse.de
+- update to 2.0_rc1 (closing #45979)
+  IMPORTANT: OpenVPN's default port number is now 1194, based on an
+  official port number assignment by IANA.  OpenVPN 2.0-beta16 and
+  earlier used 5000 as the default port.
+  -> see http://openvpn.net/20notes.html
+- remove lzo sources, which come in a separate package since 9.2
+* Mon Jul 26 2004 - poeml@suse.de
+- update to 1.6_rc4
+- bzip2 sources
+* Sun Jan 11 2004 - adrian@suse.de
+- build as user
+* Tue Dec 16 2003 - wengel@suse.de
+- update to version 1.5.0
+* Sun Sep 07 2003 - poeml@suse.de
+- add an init script
+- use RPM_OPT_FLAGS
+- add /var/run/openvpn directory for pid files
+* Thu Jul 31 2003 - wengel@suse.de
+- update to new version -> 1.4.2
+* Tue May 27 2003 - coolo@suse.de
+- use BuildRoot
+- package a bit more straightforward
+* Mon May 19 2003 - wengel@suse.de
+- update to version 1.4.1
+* Mon Jan 20 2003 - wengel@suse.de
+- initial package