Accepting request 505857 from home:ndas:branches:network:vpn
- Update to 2.4.3 (bsc#1045489) - Ignore auth-nocache for auth-user-pass if auth-token is pushed - crypto: Enable SHA256 fingerprint checking in --verify-hash - copyright: Update GPLv2 license texts - auth-token with auth-nocache fix broke --disable-crypto builds - OpenSSL: don't use direct access to the internal of X509 - OpenSSL: don't use direct access to the internal of EVP_PKEY - OpenSSL: don't use direct access to the internal of RSA - OpenSSL: don't use direct access to the internal of DSA - OpenSSL: force meth->name as non-const when we free() it - OpenSSL: don't use direct access to the internal of EVP_MD_CTX - OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX - OpenSSL: don't use direct access to the internal of HMAC_CTX - Fix NCP behaviour on TLS reconnect. - Remove erroneous limitation on max number of args for --plugin - Fix edge case with clients failing to set up cipher on empty PUSH_REPLY. - Fix potential 1-byte overread in TCP option parsing. - Fix remotely-triggerable ASSERT() on malformed IPv6 packet. - Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst) - refactor my_strupr - Fix 2 memory leaks in proxy authentication routine - Fix memory leak in add_option() for option 'connection' - Ensure option array p[] is always NULL-terminated - Fix a null-pointer dereference in establish_http_proxy_passthru() - Prevent two kinds of stack buffer OOB reads and a crash for invalid input data - Fix an unaligned access on OpenBSD/sparc64 - Missing include for socket-flags TCP_NODELAY on OpenBSD - Make openvpn-plugin.h self-contained again. - Pass correct buffer size to GetModuleFileNameW() - Log the negotiated (NCP) cipher OBS-URL: https://build.opensuse.org/request/show/505857 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=124
This commit is contained in:
parent
6eab1b0fe1
commit
774c998664
@ -1,8 +1,8 @@
|
|||||||
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
|
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
|
||||||
index 09659aa..b35d884 100644
|
index ff0f9a7..fb27b36 100644
|
||||||
--- a/src/openvpn/crypto.c
|
--- a/src/openvpn/crypto.c
|
||||||
+++ b/src/openvpn/crypto.c
|
+++ b/src/openvpn/crypto.c
|
||||||
@@ -119,7 +119,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
|
@@ -118,7 +118,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
|
||||||
dmsg(D_PACKET_CONTENT, "ENCRYPT FROM: %s", format_hex(BPTR(buf), BLEN(buf), 80, &gc));
|
dmsg(D_PACKET_CONTENT, "ENCRYPT FROM: %s", format_hex(BPTR(buf), BLEN(buf), 80, &gc));
|
||||||
|
|
||||||
/* Buffer overflow check */
|
/* Buffer overflow check */
|
||||||
@ -11,7 +11,7 @@ index 09659aa..b35d884 100644
|
|||||||
{
|
{
|
||||||
msg(D_CRYPT_ERRORS,
|
msg(D_CRYPT_ERRORS,
|
||||||
"ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d",
|
"ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d",
|
||||||
@@ -238,7 +238,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
|
@@ -237,7 +237,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
|
||||||
ASSERT(cipher_ctx_reset(ctx->cipher, iv_buf));
|
ASSERT(cipher_ctx_reset(ctx->cipher, iv_buf));
|
||||||
|
|
||||||
/* Buffer overflow check */
|
/* Buffer overflow check */
|
||||||
@ -20,7 +20,7 @@ index 09659aa..b35d884 100644
|
|||||||
{
|
{
|
||||||
msg(D_CRYPT_ERRORS, "ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d cbs=%d",
|
msg(D_CRYPT_ERRORS, "ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d cbs=%d",
|
||||||
buf->capacity,
|
buf->capacity,
|
||||||
@@ -379,7 +379,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
|
@@ -378,7 +378,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
|
||||||
const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher);
|
const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher);
|
||||||
uint8_t *tag_ptr = NULL;
|
uint8_t *tag_ptr = NULL;
|
||||||
int tag_size = 0;
|
int tag_size = 0;
|
||||||
@ -29,7 +29,7 @@ index 09659aa..b35d884 100644
|
|||||||
struct gc_arena gc;
|
struct gc_arena gc;
|
||||||
|
|
||||||
gc_init(&gc);
|
gc_init(&gc);
|
||||||
@@ -456,7 +456,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
|
@@ -455,7 +455,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
|
||||||
dmsg(D_PACKET_CONTENT, "DECRYPT FROM: %s", format_hex(BPTR(buf), BLEN(buf), 0, &gc));
|
dmsg(D_PACKET_CONTENT, "DECRYPT FROM: %s", format_hex(BPTR(buf), BLEN(buf), 0, &gc));
|
||||||
|
|
||||||
/* Buffer overflow check (should never fail) */
|
/* Buffer overflow check (should never fail) */
|
||||||
@ -38,7 +38,7 @@ index 09659aa..b35d884 100644
|
|||||||
{
|
{
|
||||||
CRYPT_ERROR("potential buffer overflow");
|
CRYPT_ERROR("potential buffer overflow");
|
||||||
}
|
}
|
||||||
@@ -602,7 +602,7 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work,
|
@@ -601,7 +601,7 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Buffer overflow check (should never happen) */
|
/* Buffer overflow check (should never happen) */
|
||||||
@ -48,10 +48,10 @@ index 09659aa..b35d884 100644
|
|||||||
CRYPT_ERROR("potential buffer overflow");
|
CRYPT_ERROR("potential buffer overflow");
|
||||||
}
|
}
|
||||||
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
|
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
|
||||||
index f8ddbc8..7706b02 100644
|
index 60a2812..c191695 100644
|
||||||
--- a/src/openvpn/crypto_openssl.h
|
--- a/src/openvpn/crypto_openssl.h
|
||||||
+++ b/src/openvpn/crypto_openssl.h
|
+++ b/src/openvpn/crypto_openssl.h
|
||||||
@@ -53,6 +53,9 @@ typedef HMAC_CTX hmac_ctx_t;
|
@@ -52,6 +52,9 @@ typedef HMAC_CTX hmac_ctx_t;
|
||||||
/** Maximum length of an IV */
|
/** Maximum length of an IV */
|
||||||
#define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH
|
#define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH
|
||||||
|
|
||||||
@ -62,10 +62,10 @@ index f8ddbc8..7706b02 100644
|
|||||||
#define OPENVPN_MODE_CBC EVP_CIPH_CBC_MODE
|
#define OPENVPN_MODE_CBC EVP_CIPH_CBC_MODE
|
||||||
|
|
||||||
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
|
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
|
||||||
index 66126ef..b8d4a8c 100644
|
index 0652ef4..9fa3352 100644
|
||||||
--- a/src/openvpn/init.c
|
--- a/src/openvpn/init.c
|
||||||
+++ b/src/openvpn/init.c
|
+++ b/src/openvpn/init.c
|
||||||
@@ -3052,8 +3052,8 @@ init_context_buffers(const struct frame *frame)
|
@@ -3067,8 +3067,8 @@ init_context_buffers(const struct frame *frame)
|
||||||
b->aux_buf = alloc_buf(BUF_SIZE(frame));
|
b->aux_buf = alloc_buf(BUF_SIZE(frame));
|
||||||
|
|
||||||
#ifdef ENABLE_CRYPTO
|
#ifdef ENABLE_CRYPTO
|
||||||
@ -77,10 +77,10 @@ index 66126ef..b8d4a8c 100644
|
|||||||
|
|
||||||
#ifdef USE_COMP
|
#ifdef USE_COMP
|
||||||
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
|
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
|
||||||
index b0ed327..0ad0385 100644
|
index 7a737ea..592bd97 100644
|
||||||
--- a/src/openvpn/proxy.c
|
--- a/src/openvpn/proxy.c
|
||||||
+++ b/src/openvpn/proxy.c
|
+++ b/src/openvpn/proxy.c
|
||||||
@@ -74,6 +74,9 @@ recv_line(socket_descriptor_t sd,
|
@@ -73,6 +73,9 @@ recv_line(socket_descriptor_t sd,
|
||||||
struct buffer la;
|
struct buffer la;
|
||||||
int lastc = 0;
|
int lastc = 0;
|
||||||
|
|
||||||
@ -90,7 +90,7 @@ index b0ed327..0ad0385 100644
|
|||||||
CLEAR(la);
|
CLEAR(la);
|
||||||
if (lookahead)
|
if (lookahead)
|
||||||
{
|
{
|
||||||
@@ -312,11 +315,11 @@ get_proxy_authenticate(socket_descriptor_t sd,
|
@@ -311,11 +314,11 @@ get_proxy_authenticate(socket_descriptor_t sd,
|
||||||
struct gc_arena *gc,
|
struct gc_arena *gc,
|
||||||
volatile int *signal_received)
|
volatile int *signal_received)
|
||||||
{
|
{
|
||||||
@ -102,8 +102,8 @@ index b0ed327..0ad0385 100644
|
|||||||
- if (!recv_line(sd, buf, sizeof(buf), timeout, true, NULL, signal_received))
|
- if (!recv_line(sd, buf, sizeof(buf), timeout, true, NULL, signal_received))
|
||||||
+ if (!recv_line(sd, buf, sizeof(buf) - 1, timeout, true, NULL, signal_received))
|
+ if (!recv_line(sd, buf, sizeof(buf) - 1, timeout, true, NULL, signal_received))
|
||||||
{
|
{
|
||||||
|
free(*data);
|
||||||
*data = NULL;
|
*data = NULL;
|
||||||
return HTTP_AUTH_NONE;
|
|
||||||
@@ -631,9 +634,9 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
|
@@ -631,9 +634,9 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
|
||||||
volatile int *signal_received)
|
volatile int *signal_received)
|
||||||
{
|
{
|
||||||
@ -147,7 +147,7 @@ index b0ed327..0ad0385 100644
|
|||||||
{
|
{
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
@@ -952,7 +958,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
|
@@ -959,7 +965,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* receive reply from proxy */
|
/* receive reply from proxy */
|
||||||
@ -158,10 +158,10 @@ index b0ed327..0ad0385 100644
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
|
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
|
||||||
index 7d3dd60..334c47e 100644
|
index 4e7e3f9..93ea889 100644
|
||||||
--- a/src/openvpn/socket.c
|
--- a/src/openvpn/socket.c
|
||||||
+++ b/src/openvpn/socket.c
|
+++ b/src/openvpn/socket.c
|
||||||
@@ -1163,6 +1163,9 @@ socket_listen_accept(socket_descriptor_t sd,
|
@@ -1162,6 +1162,9 @@ socket_listen_accept(socket_descriptor_t sd,
|
||||||
/* struct openvpn_sockaddr *remote = &act->dest; */
|
/* struct openvpn_sockaddr *remote = &act->dest; */
|
||||||
struct openvpn_sockaddr remote_verify = act->dest;
|
struct openvpn_sockaddr remote_verify = act->dest;
|
||||||
socket_descriptor_t new_sd = SOCKET_UNDEFINED;
|
socket_descriptor_t new_sd = SOCKET_UNDEFINED;
|
||||||
@ -171,7 +171,7 @@ index 7d3dd60..334c47e 100644
|
|||||||
|
|
||||||
CLEAR(*act);
|
CLEAR(*act);
|
||||||
socket_do_listen(sd, local, do_listen, true);
|
socket_do_listen(sd, local, do_listen, true);
|
||||||
@@ -1315,6 +1318,9 @@ openvpn_connect(socket_descriptor_t sd,
|
@@ -1314,6 +1317,9 @@ openvpn_connect(socket_descriptor_t sd,
|
||||||
{
|
{
|
||||||
int status = 0;
|
int status = 0;
|
||||||
|
|
||||||
@ -182,10 +182,10 @@ index 7d3dd60..334c47e 100644
|
|||||||
protect_fd_nonlocal(sd, remote);
|
protect_fd_nonlocal(sd, remote);
|
||||||
#endif
|
#endif
|
||||||
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
|
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
|
||||||
index b50cac3..79632a8 100644
|
index 92747ec..f8e02a4 100644
|
||||||
--- a/src/openvpn/socks.c
|
--- a/src/openvpn/socks.c
|
||||||
+++ b/src/openvpn/socks.c
|
+++ b/src/openvpn/socks.c
|
||||||
@@ -99,13 +99,16 @@ socks_username_password_auth(struct socks_proxy_info *p,
|
@@ -98,13 +98,16 @@ socks_username_password_auth(struct socks_proxy_info *p,
|
||||||
socket_descriptor_t sd,
|
socket_descriptor_t sd,
|
||||||
volatile int *signal_received)
|
volatile int *signal_received)
|
||||||
{
|
{
|
||||||
@ -204,7 +204,7 @@ index b50cac3..79632a8 100644
|
|||||||
creds.defined = 0;
|
creds.defined = 0;
|
||||||
if (!get_user_pass(&creds, p->authfile, UP_TYPE_SOCKS, GET_USER_PASS_MANAGEMENT))
|
if (!get_user_pass(&creds, p->authfile, UP_TYPE_SOCKS, GET_USER_PASS_MANAGEMENT))
|
||||||
{
|
{
|
||||||
@@ -194,7 +197,7 @@ socks_handshake(struct socks_proxy_info *p,
|
@@ -193,7 +196,7 @@ socks_handshake(struct socks_proxy_info *p,
|
||||||
socket_descriptor_t sd,
|
socket_descriptor_t sd,
|
||||||
volatile int *signal_received)
|
volatile int *signal_received)
|
||||||
{
|
{
|
||||||
@ -213,7 +213,7 @@ index b50cac3..79632a8 100644
|
|||||||
int len = 0;
|
int len = 0;
|
||||||
const int timeout_sec = 5;
|
const int timeout_sec = 5;
|
||||||
ssize_t size;
|
ssize_t size;
|
||||||
@@ -206,6 +209,9 @@ socks_handshake(struct socks_proxy_info *p,
|
@@ -205,6 +208,9 @@ socks_handshake(struct socks_proxy_info *p,
|
||||||
method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */
|
method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -223,7 +223,7 @@ index b50cac3..79632a8 100644
|
|||||||
size = send(sd, method_sel, sizeof(method_sel), MSG_NOSIGNAL);
|
size = send(sd, method_sel, sizeof(method_sel), MSG_NOSIGNAL);
|
||||||
if (size != sizeof(method_sel))
|
if (size != sizeof(method_sel))
|
||||||
{
|
{
|
||||||
@@ -313,9 +319,12 @@ recv_socks_reply(socket_descriptor_t sd,
|
@@ -312,9 +318,12 @@ recv_socks_reply(socket_descriptor_t sd,
|
||||||
char atyp = '\0';
|
char atyp = '\0';
|
||||||
int alen = 0;
|
int alen = 0;
|
||||||
int len = 0;
|
int len = 0;
|
||||||
@ -237,7 +237,7 @@ index b50cac3..79632a8 100644
|
|||||||
if (addr != NULL)
|
if (addr != NULL)
|
||||||
{
|
{
|
||||||
addr->addr.in4.sin_family = AF_INET;
|
addr->addr.in4.sin_family = AF_INET;
|
||||||
@@ -396,7 +405,7 @@ recv_socks_reply(socket_descriptor_t sd,
|
@@ -395,7 +404,7 @@ recv_socks_reply(socket_descriptor_t sd,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* store char in buffer */
|
/* store char in buffer */
|
||||||
@ -246,7 +246,7 @@ index b50cac3..79632a8 100644
|
|||||||
{
|
{
|
||||||
buf[len] = c;
|
buf[len] = c;
|
||||||
}
|
}
|
||||||
@@ -448,7 +457,7 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p,
|
@@ -447,7 +456,7 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p,
|
||||||
const char *servname, /* openvpn server port */
|
const char *servname, /* openvpn server port */
|
||||||
volatile int *signal_received)
|
volatile int *signal_received)
|
||||||
{
|
{
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:df5c4f384b7df6b08a2f6fa8a84b9fd382baf59c2cef1836f82e2a7f62f1bff9
|
|
||||||
size 918448
|
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iQEcBAABAgAGBQJZFE4hAAoJEClYTZ9AhkV454EIAMI6GwqVrxgO+XewvCFWMrXv
|
|
||||||
GuVpFx8w4DVoBN6Kc6bLrcP1R4m04SCYrsey88ahDP5113Z4QlGkuVo3GSKSqFtS
|
|
||||||
ZvO0r9c37VnSUpIp8yD1F/F/K9np1mvywyF8/1cHDFoIMwEe5TNti3Fvo0TaFO7k
|
|
||||||
rLnNdcTILWveqTQBP4Hhma9Hl0MRLOXY9CPcwKBhYZqh8UBjlmbnAyOPXD9hQe/q
|
|
||||||
QP96ZCl6sClvPyBTfGw8q0bxsdWjTJQjZnioO61xkR4JyQr7dpOLr2gCwnL1l9U6
|
|
||||||
feV9EyjHQxX9lbr+SvfuDOWMZXAAqMfx0Ltz7oopB3DTAtiN9TAWQn5v7kSxwxc=
|
|
||||||
=Wkw4
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
openvpn-2.4.3.tar.xz
Normal file
3
openvpn-2.4.3.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb
|
||||||
|
size 938440
|
17
openvpn-2.4.3.tar.xz.asc
Normal file
17
openvpn-2.4.3.tar.xz.asc
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iQIcBAABAgAGBQJZSkg4AAoJENcq80SMwrA0XBwQAKoiJYeq99LnxrXrxDNVyGTr
|
||||||
|
r8hFA7zo5Py3ZLelliKqVldBVeX6kkfrJAD5Immwt35PzffzSfVjUCd8mTUCoTdK
|
||||||
|
nOuxVRsIfccb2B9yF25HmKPk7tXYfOg7QCCPK8Za8QJxLV85U9h0amTa5veRC4wm
|
||||||
|
xQ4TRSk3yQRRKarOySpAJU7ue59LJ3jVBbuiNU0i6xGTzykrnqrli6pAzvFuTqfi
|
||||||
|
DOIO8lwMFxwyDXonlX2faglfWanjVSv8nIwmP7EzefhTUkT9EU+7aoA1Lluh2HR6
|
||||||
|
DmqOxh0x2DCR+pv37PHgQ0LhBJ2IVRp5sKskzUqkupV3S5dqj8OVFGly6+4D5aoO
|
||||||
|
mTd9ZtVK1GAM/yw7QKO+jguSxRn/usIgBmxFcVcLZESycTCSS2iqtdQfSp/PtcGM
|
||||||
|
0pQfNsyOm6vutlYFaUQqeGYIlqnlBEDeJr7zI9TdQoJ12DmeYyWABQ4MswnEWOGa
|
||||||
|
LwD1PeKLNLddXiSXI1b4b/9TDmSiYw2MH9wDbMvKep+1IQhoh1Zubtv+DbcXXXCR
|
||||||
|
cKWkDcTDzGoE55yHAPiP5VCZJvwTWEUA6z9hW38vVY2wauHMNXTeNcVGeTggq+YJ
|
||||||
|
NfVv5Np7UP2BbSOPAspGsVlV5sekHvl1YAXuA5Y6hyixt1+KxZdJfFbqsU+fYm1n
|
||||||
|
B1yC9E8sA2QK4kahvDj/
|
||||||
|
=GwRO
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,21 +1,36 @@
|
|||||||
|
From a33c0d811ad976561e5cb5bfc8431c1a286e796b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nirmoy Das <ndas@suse.de>
|
||||||
|
Date: Fri, 23 Jun 2017 11:00:08 +0200
|
||||||
|
Subject: [PATCH] fips-140
|
||||||
|
|
||||||
|
Signed-off-by: Nirmoy Das <ndas@suse.de>
|
||||||
|
---
|
||||||
|
src/openvpn/crypto.c | 2 +-
|
||||||
|
src/openvpn/crypto_backend.h | 3 ++-
|
||||||
|
src/openvpn/crypto_openssl.c | 6 +++++-
|
||||||
|
src/openvpn/ntlm.c | 2 +-
|
||||||
|
src/openvpn/options.c | 4 ++++
|
||||||
|
src/openvpn/ssl.c | 4 ++--
|
||||||
|
6 files changed, 15 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
|
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
|
||||||
index 4b54279..09659aa 100644
|
index 5f482d0..ff0f9a7 100644
|
||||||
--- a/src/openvpn/crypto.c
|
--- a/src/openvpn/crypto.c
|
||||||
+++ b/src/openvpn/crypto.c
|
+++ b/src/openvpn/crypto.c
|
||||||
@@ -877,7 +877,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key,
|
@@ -876,7 +876,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key,
|
||||||
if (kt->digest && kt->hmac_length > 0)
|
if (kt->digest && kt->hmac_length > 0)
|
||||||
{
|
{
|
||||||
ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
|
ctx->hmac = hmac_ctx_new();
|
||||||
- hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
|
- hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
|
||||||
+ hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest, 0);
|
+ hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest, 0);
|
||||||
|
|
||||||
msg(D_HANDSHAKE,
|
msg(D_HANDSHAKE,
|
||||||
"%s: Using %d bit message hash '%s' for HMAC authentication",
|
"%s: Using %d bit message hash '%s' for HMAC authentication",
|
||||||
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
|
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
|
||||||
index 2c79baa..81848c9 100644
|
index b7f519b..2911248 100644
|
||||||
--- a/src/openvpn/crypto_backend.h
|
--- a/src/openvpn/crypto_backend.h
|
||||||
+++ b/src/openvpn/crypto_backend.h
|
+++ b/src/openvpn/crypto_backend.h
|
||||||
@@ -557,10 +557,11 @@ void md_ctx_final(md_ctx_t *ctx, uint8_t *dst);
|
@@ -604,10 +604,11 @@ void hmac_ctx_free(hmac_ctx_t *ctx);
|
||||||
* @param key The key to use for the HMAC
|
* @param key The key to use for the HMAC
|
||||||
* @param key_len The key length to use
|
* @param key_len The key length to use
|
||||||
* @param kt Static message digest parameters
|
* @param kt Static message digest parameters
|
||||||
@ -29,10 +44,10 @@ index 2c79baa..81848c9 100644
|
|||||||
/*
|
/*
|
||||||
* Free the given HMAC context.
|
* Free the given HMAC context.
|
||||||
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
|
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
|
||||||
index 881a2d1..deb41c7 100644
|
index a55e65c..79f5530 100644
|
||||||
--- a/src/openvpn/crypto_openssl.c
|
--- a/src/openvpn/crypto_openssl.c
|
||||||
+++ b/src/openvpn/crypto_openssl.c
|
+++ b/src/openvpn/crypto_openssl.c
|
||||||
@@ -891,13 +891,17 @@ md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
|
@@ -926,11 +926,15 @@ hmac_ctx_free(HMAC_CTX *ctx)
|
||||||
|
|
||||||
void
|
void
|
||||||
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
|
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
|
||||||
@ -41,31 +56,29 @@ index 881a2d1..deb41c7 100644
|
|||||||
{
|
{
|
||||||
ASSERT(NULL != kt && NULL != ctx);
|
ASSERT(NULL != kt && NULL != ctx);
|
||||||
|
|
||||||
CLEAR(*ctx);
|
|
||||||
|
|
||||||
HMAC_CTX_init(ctx);
|
HMAC_CTX_init(ctx);
|
||||||
+ /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not
|
+ /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not
|
||||||
+ * to be used anywhere else */
|
+ * * to be used anywhere else */
|
||||||
+ if(kt == EVP_md5() && prf_use)
|
+ if(kt == EVP_md5() && prf_use)
|
||||||
+ HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
+ HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||||
HMAC_Init_ex(ctx, key, key_len, kt, NULL);
|
HMAC_Init_ex(ctx, key, key_len, kt, NULL);
|
||||||
|
|
||||||
/* make sure we used a big enough key */
|
/* make sure we used a big enough key */
|
||||||
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
|
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
|
||||||
index 0c43681..c3d5613 100644
|
index 0b1163e..93283bc 100644
|
||||||
--- a/src/openvpn/ntlm.c
|
--- a/src/openvpn/ntlm.c
|
||||||
+++ b/src/openvpn/ntlm.c
|
+++ b/src/openvpn/ntlm.c
|
||||||
@@ -89,7 +89,7 @@ gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char *
|
@@ -87,7 +87,7 @@ gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char *
|
||||||
hmac_ctx_t hmac_ctx;
|
const md_kt_t *md5_kt = md_kt_get("MD5");
|
||||||
CLEAR(hmac_ctx);
|
hmac_ctx_t *hmac_ctx = hmac_ctx_new();
|
||||||
|
|
||||||
- hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt);
|
- hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
|
||||||
+ hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt, 0);
|
+ hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0);
|
||||||
hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len);
|
hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len);
|
||||||
hmac_ctx_final(&hmac_ctx, (unsigned char *)result);
|
hmac_ctx_final(hmac_ctx, (unsigned char *)result);
|
||||||
hmac_ctx_cleanup(&hmac_ctx);
|
hmac_ctx_cleanup(hmac_ctx);
|
||||||
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
|
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
|
||||||
index 9fef394..6b52dec 100644
|
index fef5e90..33b6976 100644
|
||||||
--- a/src/openvpn/options.c
|
--- a/src/openvpn/options.c
|
||||||
+++ b/src/openvpn/options.c
|
+++ b/src/openvpn/options.c
|
||||||
@@ -850,6 +850,10 @@ init_options(struct options *o, const bool init_gc)
|
@@ -850,6 +850,10 @@ init_options(struct options *o, const bool init_gc)
|
||||||
@ -80,17 +93,20 @@ index 9fef394..6b52dec 100644
|
|||||||
o->ncp_enabled = true;
|
o->ncp_enabled = true;
|
||||||
#else
|
#else
|
||||||
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
|
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
|
||||||
index 51c7b95..2f89df7 100644
|
index 15cd94a..21f50f1 100644
|
||||||
--- a/src/openvpn/ssl.c
|
--- a/src/openvpn/ssl.c
|
||||||
+++ b/src/openvpn/ssl.c
|
+++ b/src/openvpn/ssl.c
|
||||||
@@ -1626,8 +1626,8 @@ tls1_P_hash(const md_kt_t *md_kt,
|
@@ -1635,8 +1635,8 @@ tls1_P_hash(const md_kt_t *md_kt,
|
||||||
chunk = md_kt_size(md_kt);
|
chunk = md_kt_size(md_kt);
|
||||||
A1_len = md_kt_size(md_kt);
|
A1_len = md_kt_size(md_kt);
|
||||||
|
|
||||||
- hmac_ctx_init(&ctx, sec, sec_len, md_kt);
|
- hmac_ctx_init(ctx, sec, sec_len, md_kt);
|
||||||
- hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt);
|
- hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt);
|
||||||
+ hmac_ctx_init(&ctx, sec, sec_len, md_kt, 1);
|
+ hmac_ctx_init(ctx, sec, sec_len, md_kt, 1);
|
||||||
+ hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt, 1);
|
+ hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt, 1);
|
||||||
|
|
||||||
|
hmac_ctx_update(ctx,seed,seed_len);
|
||||||
|
hmac_ctx_final(ctx, A1);
|
||||||
|
--
|
||||||
|
2.13.1
|
||||||
|
|
||||||
hmac_ctx_update(&ctx,seed,seed_len);
|
|
||||||
hmac_ctx_final(&ctx, A1);
|
|
||||||
|
@ -1,3 +1,48 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 23 11:47:38 CEST 2017 - ndas@suse.de
|
||||||
|
|
||||||
|
- Update to 2.4.3 (bsc#1045489)
|
||||||
|
- Ignore auth-nocache for auth-user-pass if auth-token is pushed
|
||||||
|
- crypto: Enable SHA256 fingerprint checking in --verify-hash
|
||||||
|
- copyright: Update GPLv2 license texts
|
||||||
|
- auth-token with auth-nocache fix broke --disable-crypto builds
|
||||||
|
- OpenSSL: don't use direct access to the internal of X509
|
||||||
|
- OpenSSL: don't use direct access to the internal of EVP_PKEY
|
||||||
|
- OpenSSL: don't use direct access to the internal of RSA
|
||||||
|
- OpenSSL: don't use direct access to the internal of DSA
|
||||||
|
- OpenSSL: force meth->name as non-const when we free() it
|
||||||
|
- OpenSSL: don't use direct access to the internal of EVP_MD_CTX
|
||||||
|
- OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
|
||||||
|
- OpenSSL: don't use direct access to the internal of HMAC_CTX
|
||||||
|
- Fix NCP behaviour on TLS reconnect.
|
||||||
|
- Remove erroneous limitation on max number of args for --plugin
|
||||||
|
- Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
|
||||||
|
- Fix potential 1-byte overread in TCP option parsing.
|
||||||
|
- Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
|
||||||
|
- Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
|
||||||
|
- refactor my_strupr
|
||||||
|
- Fix 2 memory leaks in proxy authentication routine
|
||||||
|
- Fix memory leak in add_option() for option 'connection'
|
||||||
|
- Ensure option array p[] is always NULL-terminated
|
||||||
|
- Fix a null-pointer dereference in establish_http_proxy_passthru()
|
||||||
|
- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
|
||||||
|
- Fix an unaligned access on OpenBSD/sparc64
|
||||||
|
- Missing include for socket-flags TCP_NODELAY on OpenBSD
|
||||||
|
- Make openvpn-plugin.h self-contained again.
|
||||||
|
- Pass correct buffer size to GetModuleFileNameW()
|
||||||
|
- Log the negotiated (NCP) cipher
|
||||||
|
- Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
|
||||||
|
- Skip tls-crypt unit tests if required crypto mode not supported
|
||||||
|
- openssl: fix overflow check for long --tls-cipher option
|
||||||
|
- Add a DSA test key/cert pair to sample-keys
|
||||||
|
- Fix mbedtls fingerprint calculation
|
||||||
|
- mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
|
||||||
|
- mbedtls: require C-string compatible types for --x509-username-field
|
||||||
|
- Fix remote-triggerable memory leaks (CVE-2017-7521)
|
||||||
|
- Restrict --x509-alt-username extension types
|
||||||
|
- Fix potential double-free in --x509-alt-username (CVE-2017-7521)
|
||||||
|
- Fix gateway detection with OpenBSD routing domains
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 14 12:05:14 CEST 2017 - ndas@suse.de
|
Wed Jun 14 12:05:14 CEST 2017 - ndas@suse.de
|
||||||
|
|
||||||
@ -6,7 +51,7 @@ Wed Jun 14 12:05:14 CEST 2017 - ndas@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jun 6 14:59:29 CEST 2017 - ndas@suse.de
|
Tue Jun 6 14:59:29 CEST 2017 - ndas@suse.de
|
||||||
|
|
||||||
- Update tp 2.4.2
|
- Update to 2.4.2
|
||||||
- auth-token: Ensure tokens are always wiped on de-auth
|
- auth-token: Ensure tokens are always wiped on de-auth
|
||||||
- Make --cipher/--auth none more explicit on the risks
|
- Make --cipher/--auth none more explicit on the risks
|
||||||
- Use SHA256 for the internal digest, instead of MD5
|
- Use SHA256 for the internal digest, instead of MD5
|
||||||
|
142
openvpn.keyring
142
openvpn.keyring
@ -1,41 +1,109 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
Version: GnuPG v1
|
Version: GnuPG v1
|
||||||
|
|
||||||
mQENBFilZHYBCADGVuvyV9yg2GW7bslnPylaa9cxb3IXmb0qC7hUJueGnz0vLdit
|
mQINBFicXUkBEAC9j2L+kJxqetXfslRL/UOqZUNpfNGUjpP2yb+j9UYdZbS3dq67
|
||||||
/fPPPfsI3/hgcQYK1Y8cP5p2Pq+CZL0TVQWBEu2naH2unwxtfNm1EJcWDsky9DzW
|
i0oYINqKRO4fZEg0VLpW611fTUL3qhKADmSlrktY8p26T79I/TYAUuwlijTFKUVw
|
||||||
CZQrcZ/v/coaV4UqMTVzGQaxQOzzeaP5nRgdX95dVKqXqsG8wKoIJmBuILAqkOPi
|
3RGpMsfuldnk007uhx7Go5Ss6y7fPzwWxhvwuRhNdh8I+vswrsBMp08dQ36sIjnv
|
||||||
4EG9NQt2Lbqaiszo3LdsqyeGYK2yc745xBX4UDgIN7XTrXcQDyUOb4dsJynbM+Z9
|
5QQ1MekBiIiOnMwQBgUUSG7rsbGtrIlW0mlScO3fOAI2CtT2J4s3uGnktKsGSuoe
|
||||||
8NMQxdA5q0s6BwWSA1xK/gKUCzfF7D1fwWuO2MoedHveB45rOMSFlfVUgr7fa1CR
|
s3qmRVrKceLygEJE9nB3vV7JhCfQWR97HCGrORcq6lBzi4dC0l9Mp28npQ/mcEtg
|
||||||
zCe7lccu0APfgXrTnNWwWMVoQMO8HIyk2iGnABEBAAG0JVNhbXVsaSBTZXBww6Ru
|
B2oKA4Gs8qyhhhVLC6lBF38z9gfoLVqA+d9dY1l33atTyNfvA6swiA9hjklAzL3P
|
||||||
ZW4gPHNhbXVsaUBvcGVudnBuLm5ldD6JATgEEwECACIFAlilZtwCGwMGCwkIBwMC
|
zUqabmRzKalhVwhNKnua3Zw21OphLUk6vzZPZ6VB/Xddmenu0MCLx8mubKr+H+cj
|
||||||
BhUIAgkKCwQWAgMBAh4BAheAAAoJEClYTZ9AhkV46tEH/Aot7SnpcLHpEkkCX7Jm
|
2YRgn9Np2NR7J6reSWD/WbG12DKa84rTrCw3bpUDR3PvB3IztRfDGlBonDaL1i62
|
||||||
ERrWuqIwYJp7fQlbOPAVZG1+iC/3KlhYxHmH1/Dj6rP3LEEfWpCQSHSbBFkzPtZ6
|
bav3zvqEia7kQiR6qLd6KMk4dcpE5UAdLii8yGNBF93aU4UPJg4zhTl4hBANp8jf
|
||||||
AGnEfaxovXjso/tgnAAjYnxy9R0+1t0g5T6anXzCAjl3+mOssjzWBICBDZaFW9Rd
|
tCd4LfxB1aurGfqSlwfE3c1wYXOAplzG/CAbvHch0mA1ckKKb9MYvmInYj/cnPxT
|
||||||
R47vCA92Fp9kAy3N+AMOv1HfTabaPo6p8HbaBSUQtgdOrfoBSXaFzaPSp8uwonQW
|
ZBhjT5qBq91qiqNbStVquyBwuyEsa3FpeUopTZWxeO6Ik6hz89g3+Mu2awARAQAB
|
||||||
xRvpG91XtDrEoQio13460025ww+sZe5mIH4c7xhKBEZPswO2xnFszcFp3u12Glbj
|
tDZPcGVuVlBOIC0gU2VjdXJpdHkgTWFpbGluZyBMaXN0IDxzZWN1cml0eUBvcGVu
|
||||||
eloAn8oxNycEuw11DfsHf2ctlbQCOLlJJxh2MND5SyL0SjCWMqO7v2c8UUUe4igS
|
dnBuLm5ldD6JAj8EEwECACkFAlicXUkCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsE
|
||||||
xeuIRgQQEQIABgUCWKVo6wAKCRDCnZftGY0ioxDUAJ45kbXxCH3hiUexMvlJzvgN
|
FgIDAQIeAQIXgAAKCRAS9fe0LysB56coD/4/z1WaO6S6MW9GJUHnQC0xym6ZW3Ax
|
||||||
mZmpyACg0UKbcmHUiFhnhyjtTTmAS5TjB8G0LFNhbXVsaSBTZXBww6RuZW4gPHNh
|
c+iRT2M1FnBBEYEZXdPtQg6dkuAozip/V7MsYt/0xo0bR0ViE8SA53R+E3KW5/zW
|
||||||
bXVsaS5zZXBwYW5lbkBnbWFpbC5jb20+iQE4BBMBAgAiBQJYpWR2AhsDBgsJCAcD
|
lebAF9E/QZMobVU3T2fbMDHckRyrSXfjTWnUi4EKrXbC41axwiRJisbFMPAY9aNP
|
||||||
AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRApWE2fQIZFeLAeB/9lGhVfON8TR6o6+lbm
|
SHhPDvYvKCNvuVYB1cPOZ0pJYzeuGSiv4FGaUYKdNQOZhinVGccev/+ll/g1yW/Y
|
||||||
GslU2xqV3PQ3hVuAlEttxpP4hCTKU0PwLLb7gtc0UF642qyB7ho2RtU+bg1tiq5z
|
2qFnQPh/z0LJnTwk4PAxrtt6sc+AUXo0CFAnGVYfw42TFqNb23osO8IFHENSS5Uo
|
||||||
R93Ka92Aex4yJDI4viEJ04MTX2WLRv6ogGTRrytIqmYGbYHTFXlnMnQD7Tf+O4sv
|
XakMbw+EZYd2gCnUptRUMLLH2mUexVQaFaIdi9j+zqhOfgZ9MRa9OhmC7sq+Poz6
|
||||||
8tJj5gguB/zT8MXQGqU6zq9CF6b3XXdPSITkC7df/CU425HI4V5HvluC/4GrzFZI
|
SxmQz6W//TczylpXixRJsK8rdIYMp717ycShX8mOqSWX53Ehc2q8kSCor1xOhDXt
|
||||||
za4Hv/d8G1tXzHXDqoLIBdS44g6GRdXak3PfROKsuk7sG/MmtfbfUPnyBI+yaGQk
|
oBkKYHucX33/+NS6l9XjyW6RMJg1sV4XSvu6Dfw/qnUFj+z00N8lQUiM7KPU6EhN
|
||||||
jhlj3BRY0b1dg7T5SiZ6NoMXFH9zKEh7KnG8CaoqiNWDSp2sazy8kbZR5HUp2jOt
|
/h5PeyLKxppkpndlBuHZ9YvpiQNnfPRlfwPi1o59N/rhN6Xet5kbD5e8yPnNXZlc
|
||||||
yXmgiEYEEBECAAYFAlilaOsACgkQwp2X7RmNIqOStQCePGpvkvmpISX4fR+lGAlt
|
gwanJBkwFyrgIKq9zoGD08TfVha44sIsq8iy+3QwFp1BgjBNFthl1JYWVHpnM5ni
|
||||||
VtWf3XgAmwQTECYXlq3NMdefzLxA5dnxstlEuQENBFilZHYBCADEe46V63aYL+VL
|
FIx87RaRp5CQJZ4+PfZ4B/oisX4Pr9QkEhGxqIy/34zOGnv/k1TDIPwYVXSx0zsK
|
||||||
nZbmBz78KA0fOb5qopFQsOp79FdCQevGXa6JtdibaOLhWUiaMNgkGXma0rSzv/yc
|
Q4GdxmxB0QRTbYkCOwQTAQIAJQIbAwUJEswDAAIeAQIXgAUCWJzLrgQLCQgHBBUK
|
||||||
kDX310JSSrNvbXtbn29MdmCZhWum3lT0bhHltF2w23ha913AEneUq1TAESZz74zJ
|
CQgFFgIDAQAACgkQEvX3tC8rAecE3A/+LCiwUH30gbauYFlk6tWL8GfEKmGqjyYV
|
||||||
wGtoej7f2H0e3qjOKtwIzItnHRQSHXFRZUh1IRbZAqXQKqRRWiYVLG3pgF1iC9gA
|
IJAmmkdlHXg/oiP96Xjrg6aOHLm/QNIvNIM2Z8u+0i/UxpPcnXp1qxy6YEl2rgbi
|
||||||
jLcihK9P89G8jUmB8Ko+9Guw6JszKN+l5SVuK+ttrKCRi8hrkOIiazQUL4gu9PZs
|
b0njCC2L23ziEVQniPBrZCWvp5wQdMy3BG+1cvYV+H84YlW3IZm/P6mqgKNU1U1j
|
||||||
aGPxNdwnzKGHGZKT0WglXavZFMWHunb6I9/CrCK3ekyHWAvYF7IY95r4SH+CtKqj
|
Y4zpIVe6oF+WhM7ijZGQFOYzaFBK3kZw5TNguXiQEdisDZF25zHBcz7aR1WtYsd6
|
||||||
QoW8fOeVABEBAAGJAR8EGAECAAkFAlilZHYCGwwACgkQKVhNn0CGRXiO1QgAh3/I
|
Zm/Tfeaoaa8SW23GdhueruDpIEsEAcMrwfsYnUPTuIQ/NsiQoQWVKHRMxONuJB53
|
||||||
EELh+pTiII5IiolHXEKEmgJ6WUU4RzM26Pfv3yMQKqUKBeEvKc21ZWmMKzPWXOE8
|
o07/1T8C8GPBL3t5xVZZK2Go0XQryUWuW380IrT120B+patIpdySOTzBlDeX75nN
|
||||||
1np7DVXcp0ayiXrfGheGbXSpFP5WGlquYdYjVegBgRJ+v/r/QR+Oy2kbq0lsWuNz
|
dM2epY8mBmlR6Jx1RTAAY1ImYD1myv2+kYZYczfThpN04G2L2LXbnOJ99UmAxGIv
|
||||||
Eia08fEHr7PM7mct0d1rFVuSS1m+1YOZNN8e/eSox84HvboSq6xk+3IC1NGXXdUQ
|
abPYawYriEYI1r7+WeQXHoHS8SxZex7tSzuVkYYE3mxT0YaPD9FGjbcu/79GYF8O
|
||||||
qObWceUyU0KmmBFMV86pUgI/YbA2uMxkFK8XGsOqMgTBdBWHTTcSOfmPsu/04zDl
|
qouKUcjFTDOzL3yBZIbJSXlxgXD+AjIOjV54F9+xkmT0GAC55QbCPmvgMLhAbl8b
|
||||||
MuQ+GC2WcUHoTtxytA432TzOixF5wfunqTzXeZxAybQPkETmAFgHT0BmUVShwPQ0
|
+maKw0MORCTqhzpF5jOVPjhT36ZJXpCNCZ4MA0U1qWY5v/qKKpaP14CXV/rT8VR6
|
||||||
XuwT7RpGDZ6jBfphYQ==
|
7MgEBdIMUtRM0uMYQHYvHh2Am3BU/Oee4ns3s7OCVhhMeWQ85UEYKQ894fRwOANG
|
||||||
=FKLE
|
NlSPHWw+LvKJAhwEEAEIAAYFAlijkAkACgkQV9udq2E7jaFf4w//d+Tx2ti5mWEj
|
||||||
|
/7ZygilmqwR8w1yUZAZBeMXkSF4NEeGkInt2bLBDDHoEiRpM7pmPUq4uKEJmm145
|
||||||
|
cLnfN2RScxefOAxGN2NhAKTHRbN7QIAy7oX7FVvEydOZzFYRYDLdC0fKiSg1BJG4
|
||||||
|
+kaan18S2oWLfAQ9gEH8KD8zbF7a9okeM5GSUkIs6WdNjU3YM1bGiXIbPQWqHI1w
|
||||||
|
/6GpraPbKRCDE/td6FjInpQy7eQl4GW0HPekLdWnrLyZ5KOwTAaDXkIVqse4bwi2
|
||||||
|
e/4OWZLZGM3G5aCkMZ5aUehli4fAIRbjqhfh1lxtIZQsnImrHIIEp3cm/4DghoII
|
||||||
|
aqqmJ2Tngp/uLfVqy2uNFkM1dAhrW1U7TbLa+DmiYH9X5/0ctd75H1ZQoEjKwKGN
|
||||||
|
qgw/Rq75rxSBvFSLU9fvuH7WG14WXdCwdFroXXDjhd1g+Pc4qvr9W8yJjBjfi/NI
|
||||||
|
1s50iWhTXoBt7rKWwvYhy/LFAo9leEo+RzU6+ugUaOaPOU7F91HwLTut0Gri9rLe
|
||||||
|
tujpNn59ZHk4zr+Mcw7UC8X57oW7dW6ZI19G0SWPPhyaU9epcfumlMSqI1r/66Ji
|
||||||
|
4LJ11Td7Nv2JUTjo/SVGor2IUzABsNjb9s/ffLFvSePjRDJLe2I8l1Qs6bubjGPQ
|
||||||
|
HZM2VxQw8mA5MjTFDDd+bk4AEU0bhpG5Ag0EWJxdSQEQAKO2FBTqXkiAYeur4Wzq
|
||||||
|
OakSDPk8qeVGaGzWIkehy5l/JV3npacqgRLafPvOTdUDujd1+pAaRABUrA5L+LlJ
|
||||||
|
98AZgLzxWywIbTdkLVE+65gdGTchGU95WxqT9HYBzORMdXpc3avWbnX0AJ5DfbBG
|
||||||
|
j3nPsxwTTeyg8Gut8p5BGUYJg2vvZ2XJjPQrFUqpN71FLXwlq4j6fQwG8rp5/LCX
|
||||||
|
QwA1KPJoNm6W8HT2V812ZcKXmfV0bK88qI9ukvhM6e/2OmOChfm27gR0+A3iGk6E
|
||||||
|
x9KhA0HhfWPByI14PsFHC6mSg1nJBjN4F7IY5ddP3bg2EILz6Dx0cydh/FznZHM/
|
||||||
|
iXHHeQWu1vkUUnDZ2Lp+QUu8YaHjUbFof0gExnU6T/IAxUjRfNBf+1/5O4beo3gD
|
||||||
|
7deXLwUQ5UqFUjEdiGr97zRteLvE6BcMQXEv59gbWgvXKEt47oA5iSCC6/Kxk1vd
|
||||||
|
90WrPWSP8FGz8W/vZDYLvHqLAZ0LdM2jVraVx5F1ESjsyXQ89s9BfWaWM2l8WlpG
|
||||||
|
CnPv/z7sAkzfTIZuqBUB3RkvSNeFOhkydqXxCK1moE13Cdo/YJEAYBoSf28w0Fxm
|
||||||
|
fiWUVuq71lpMXbUbQZRg+AyHG/bSTii4riZPKws+k38a4oqHNfBcIHokWj9bLh7m
|
||||||
|
iemW8EAm+iMzlg4Qc6XYuvN7ABEBAAGJAiUEGAECAA8CGwwFAliji0QFCQICv3sA
|
||||||
|
CgkQEvX3tC8rAefqWg/+Jp2z1PSfQvAcTzrDgGfssQQRDhH8p5KPlbQnjdc54Oz5
|
||||||
|
gF2qvJNBVnGEJqMq8HyuyXaGND5PlptV6NTulxgX2U6d7g667ad6aqufO8EAzOj7
|
||||||
|
EUxaONVH/jGcRi95g2LTR4CJ9mzS7M1VZ4oUWfx785uhyyyxHuiuFRfMq1zZYOuc
|
||||||
|
xJ3fI3zIUJMHt6HKzxB14YtwPfyJ5RD/VViaq/Agck9GCaAeDm0dqZnlQf5yx6R4
|
||||||
|
xuEpfp+9CK9iuaPGXui5KQsYaIqS2xqFakGKQ02JrrhQgHTP7BRIjzXv4gv94Eiv
|
||||||
|
N48L5jaoNk1eHKHFD20XMT2honheB/KXCzdYzz4bIlfNossHpcRahcqMOAud57Ag
|
||||||
|
CmO/X8husUfc38rJUMlrcvsTEMFoWoNXkhKko/hdRdYG0CiAAsRhCpY+b43NUPgG
|
||||||
|
M549KDyJtHLi8jczBy1FYWd73HK95EgS+suTdWN/JIbzYE2PHNW+4CfT2WPBiUxk
|
||||||
|
oV0ZuzAecjmsffYZDKZgT3+WVmewxyVQGNyGmeRQ2iNDxfntkgL4DRHJkB/ryDsS
|
||||||
|
lltRmqwOMbI0unMt1j0CQLllzY3TQvWIiYRcMBESFREgxWrv5kJKZMze0+BNwCMS
|
||||||
|
iEkwNvm2Jz50EZmOTiNGl5d0SqYgQyw8/i1uxBSs80WA1E60JlI7EqTJHT2Dgs65
|
||||||
|
Ag0EWJxd7gEQAK/OTSfxwn91jNGTy2D29/pIPAR9Q2aYV+AZ1V8sprXwg5XeFvHg
|
||||||
|
Msc47wCHSihu3oNGZR2XF5O+gXE6k4/BZpBgBxdijGtb+P3aYHjr0xUNmMWw1VdJ
|
||||||
|
ODh6f2t+1r/GLUUF38GUYL6Hjy54sTF8CHTu5afm4DugxU1bDwOfH1QXMOYC7tIn
|
||||||
|
Q1y9JWoowKItCcRKfG3DvHfgfnB8jfbGOdyUcLMNIuxCXcAt9rPh1QRCbK+OBBom
|
||||||
|
S9pNwXVi6AtGbkw4LNemhspk1rm+kZOMJALKpz2nOc+VA9Ci+6oHkXaUTJt5rJm9
|
||||||
|
llqD49p0Tt/wtIWPyr0ThJXoTwuu1aeSiT22vtDO8LoJrognRuxzbDs05pT68W3i
|
||||||
|
wBc8P8F8jNJim5Fzu9U0hkqkJv0wHP4Ap/MCDGZ36BMSAE8oQXBsTjHydVye/YL2
|
||||||
|
8cg3GRckL4C1E8kY1Bn2hmHA9QQbK3iCNduISBmN8abYX9RDJjqrCkrspRefIkbB
|
||||||
|
5WUo0f6hW+7+UVhQUCD23GA5qPza6Ue2HjSEW2Y8RPXbcBGk0pgX3ee+yRbp9izN
|
||||||
|
jn5zb/tSYx5GneMaTwDrbDeB0P0pow9NoH2ONGs+hkXvsKL+pc7crkuFZqRETAfI
|
||||||
|
NOvQDvUF/eto2vfArNW4hxcosrMB78pUQ8LOgtFxjJBR4EHEC25gwXlJABEBAAGJ
|
||||||
|
BEQEGAECAA8FAlicXe4CGwIFCQICKQACKQkQEvX3tC8rAefBXSAEGQECAAYFAlic
|
||||||
|
Xe4ACgkQ1yrzRIzCsDSaeg/+Pr9O9qKYgfmg8nE0M43P5bWO6ootkaf/Uc2LQDuX
|
||||||
|
qiS8WXmzK8S5zIujxnBH9B4z8nrwCvTZ6JZHUygyhdkvnkDXBtO+MTWPugalxmMW
|
||||||
|
AaGK/V1M2ZXWHdQpwAfK7dqfuAP9Tse1SoQJVsLFjJ7L33lHAygKG24zJhowQCRG
|
||||||
|
Hc1N491MvbgsEdCCiaIQByVko8itJxLlOa5A7jDJy6I1L5YcoBFY5i5Cm0y/8TRX
|
||||||
|
kfCLhwtslXeltPDpHBqd7iKHBc2OYZz9clZNgr1oQFnlntCS9HlnuSPVS50xg4Rd
|
||||||
|
idyyNvR7tm8LKx0Ptm4Aj8q6+2s1zUVY1yZbyd8vLqZ/QwN7pZhAhiGZXr/e+Prc
|
||||||
|
lL5BalQR2FndYrGY77HAcubWpTkzXC+iGizPSa1nni562rwHdQWXWPt3R5KBmcdJ
|
||||||
|
KirNfeF2WiHP77gFnyCg7o9XzvWsqni7XTm+HGDq+E/RMFYdeSzYJ0wL/kWavpbS
|
||||||
|
kdCN4FBQ4HAc3hypsSHG3Vuian4kykJ0i5uDtgdeLxJmtgQ9PpNZScSrMC1lGBdE
|
||||||
|
36cRCvAR3wwf7nzD1F1voTfe5MMx7k7IVdyfs1Ajnjrrm/hlShFifl8hQ2UIyhNM
|
||||||
|
+bQ/YeHvL1OjpDTmIvxuelJcPmM9+g+gGrV8DYw+ZPrFDOTfEPgRqPze1608JQp1
|
||||||
|
P7FuzA//Zd6iLDL7EmVlx3sJs756SkiUfS1Yj9vTbNRVP/GX+D7rqHQL/vRHQlc4
|
||||||
|
rxqpQIf/T1jhanqXB+NCIGwV49xO1ODsDkSZuJqjPUyW8BpqskR/l+OXbCa04oCy
|
||||||
|
RBriMtWFUUQ0uquagdvte4dEo6gC4l73cz8emUnB6bOKCq/QxvtjoQSa/VsWrs3D
|
||||||
|
xIowQOCTk9eW9YOkpwhrSSnksumYS0V+VQ5NpgYesR7oH36d7Sh5RNEk97v9T+OQ
|
||||||
|
cjDtPXBD2fD5e7nwo+UV0px0y+pAzzf6Gwh20D/gnIJobOAgFl5u/l3LGaYZnUvL
|
||||||
|
4xIaKVNHxjldX8BmHos1+7xC0i5JH0IdNoCHGXF8BmkTz7t9CwuESZeFp6ucsvTt
|
||||||
|
LfLsJW73E5V1y4yWLE2Baucpj3+WFwQBVM311/X2mGMTF6FO7n5UiBE52dmy78kS
|
||||||
|
EyfpNwdTJ4NbpiZaeRFusWE9J3zVP+AKXlyANjil/F7xkgbqK32CrD6OLd/AjyoS
|
||||||
|
QeqBuFk0KIEWnj8FcRnSZCTy0V5iqx/guBvy9gHyGHs39xRH4amybmn/wHX9vULd
|
||||||
|
KJY9YjVdjtH6OpQw+7Jc9xH4+tInHBB+MErX9Q1TCeg/kANZPAD0aHgUrbawyNHQ
|
||||||
|
QvVy6MJDfWSsx6t/SAwUHF6rKPiN3nfWTCN8JQccPjw+Ziu+C8E=
|
||||||
|
=iBcj
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
@ -32,7 +32,7 @@ Url: http://openvpn.net/
|
|||||||
%else
|
%else
|
||||||
PreReq: %insserv_prereq %fillup_prereq
|
PreReq: %insserv_prereq %fillup_prereq
|
||||||
%endif
|
%endif
|
||||||
Version: 2.4.2
|
Version: 2.4.3
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
|
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
|
||||||
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
|
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
|
||||||
|
Loading…
Reference in New Issue
Block a user