Accepting request 34608 from network:vpn

Copy from network:vpn/openvpn based on submit request 34608 from user mtomaschewski OBS-URL: https://build.opensuse.org/request/show/34608 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=16
2010-03-12 00:52:28 +00:00 · 2010-03-12 00:52:28 +00:00 · 82c4f8f868
commit 82c4f8f868
parent 3f091f1bb8
7 changed files with 54 additions and 19 deletions
--- a/openvpn-2.1.1.tar.gz
+++ b/openvpn-2.1.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a3180d7af5ff7b05196b2a26bad263291c1987f67e116ebbdcdaf5f678634842
+size 880115
--- a/openvpn-2.1.1.tar.gz.asc
+++ b/openvpn-2.1.1.tar.gz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+iD8DBQBLItqnHQtJlh+/UfMRAo5uAJ9ovr/2lUDvWI/x4A1WdDx+REqjJQCgxJzb
+dUqMdv3It4GlUnU92MeO5CE=
+=rZfg
+-----END PGP SIGNATURE-----
--- a/openvpn-2.1_rc20.tar.gz
+++ b/openvpn-2.1_rc20.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4d423b48cb3ccc66b5669b9404dcb028cb62af410361c09e6056db0c5d2a1267
-size 844253
--- a/openvpn-2.1_rc20.tar.gz.asc
+++ b/openvpn-2.1_rc20.tar.gz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.6 (GNU/Linux)
-
-iD8DBQBKzHhmHQtJlh+/UfMRAqn2AKCPIjlkmlwP4q7ZOItfdFKHPIe+OQCgpkA6
-HRQJORs7umHZ4I8V+db2Tu8=
-=/thl
-----END PGP SIGNATURE-----
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Thu Mar 11 08:51:39 UTC 2010 - mt@suse.de
+
+- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:
+  * Fixed a couple issues in sample plugins auth-pam.c and
+    down-root.c.
+    (1) Fail gracefully rather than segfault if calloc returns NULL.
+    (2) The openvpn_plugin_abort_v1 function can potentially be
+        called with handle == NULL.  Add code to detect this case,
+	and if so, avoid dereferencing pointers derived from handle
+	(Thanks to David Sommerseth for finding this bug).
+  * Documented "multihome" option in the man page.
+  * Added a hard failure when peer provides a certificate chain
+    with depth > 16.  Previously, a warning was issued.
+  * Added additional session renegotiation hardening. OpenVPN has
+    always required that mid-session renegotiations build up a new
+    SSL/TLS session from scratch. While the client certificate
+    common name is already locked against changes in mid-session
+    TLS renegotiations, we now extend this locking to the
+    auth-user-pass username as well as all certificate content in
+    the full client certificate chain.
+- Improved openvpn init script adding messages giving a hint about
+  pid write failure and to look into the log messages (bnc#559041).
+- Added -fno-strict-aliasing to compile flags in the spec file.
+
 -------------------------------------------------------------------
 Fri Dec 17 23:00:46 CET 2009 - mt@suse.de

--- a/openvpn.init
+++ b/openvpn.init
@ -104,9 +104,19 @@ case "$action" in
 		$openvpn --daemon \
 			--writepid "$pidfile" \
 			--config "$conf" \
-			--cd $confdir \
-			|| rc_failed 1
-
+			--cd $confdir || \
+		{
+			rc_status -v1
+			if [ ! -w "$piddir" ]; then
+				# this is one possible reason, but common to
+				# all instances and better than nothing ...
+				echo "  Can not write $pidfile"
+				rc_exit
+			fi
+			echo "  See /var/log/messages for the failure reason"
+			rc_failed 1
+			continue
+		}
 		# write the status one line up
 		rc_status -v1
 	done
--- a/openvpn.spec
+++ b/openvpn.spec
@ -1,7 +1,7 @@
 #
-# spec file for package openvpn (Version 2.1.0.20)
+# spec file for package openvpn (Version 2.1.1)
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@

 # norootforbuild

-%define         upstream_version 2.1_rc20
+%define         upstream_version 2.1.1

 Name:           openvpn
 Url:            http://openvpn.net/
@ -27,7 +27,7 @@ AutoReqProv:    on
 %if 0%{?suse_version}
 PreReq:         %insserv_prereq %fillup_prereq
 %endif
-Version:        2.1.0.20
+Version:        2.1.1
 Release:        1
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 Source:         http://openvpn.net/release/openvpn-%{upstream_version}.tar.gz
@ -47,7 +47,7 @@ Requires:       pkcs11-helper
 %define         plugin_libdir     %{plugin_dir}/lib

 %description
-OpenVPN is a full-featured SSL VPN solution which can accomodate a wide
+OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
 range of configurations, including remote access, site-to-site VPNs,
 WiFi security, and enterprise-scale remote access solutions with load
 balancing, failover, and fine-grained access-controls.
@ -134,7 +134,7 @@ sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \

 %build
 autoreconf -fi
-export CFLAGS="$RPM_OPT_FLAGS -W -Wall"
+export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing"
 export LDFLAGS
 %configure \
 	--enable-pthread --enable-iproute2  \