diff --git a/openvpn-2.1.1.tar.gz b/openvpn-2.1.1.tar.gz new file mode 100644 index 0000000..3cfea20 --- /dev/null +++ b/openvpn-2.1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3180d7af5ff7b05196b2a26bad263291c1987f67e116ebbdcdaf5f678634842 +size 880115 diff --git a/openvpn-2.1.1.tar.gz.asc b/openvpn-2.1.1.tar.gz.asc new file mode 100644 index 0000000..54cb056 --- /dev/null +++ b/openvpn-2.1.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (GNU/Linux) + +iD8DBQBLItqnHQtJlh+/UfMRAo5uAJ9ovr/2lUDvWI/x4A1WdDx+REqjJQCgxJzb +dUqMdv3It4GlUnU92MeO5CE= +=rZfg +-----END PGP SIGNATURE----- diff --git a/openvpn-2.1_rc20.tar.gz b/openvpn-2.1_rc20.tar.gz deleted file mode 100644 index acc5d52..0000000 --- a/openvpn-2.1_rc20.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d423b48cb3ccc66b5669b9404dcb028cb62af410361c09e6056db0c5d2a1267 -size 844253 diff --git a/openvpn-2.1_rc20.tar.gz.asc b/openvpn-2.1_rc20.tar.gz.asc deleted file mode 100644 index 2558396..0000000 --- a/openvpn-2.1_rc20.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.6 (GNU/Linux) - -iD8DBQBKzHhmHQtJlh+/UfMRAqn2AKCPIjlkmlwP4q7ZOItfdFKHPIe+OQCgpkA6 -HRQJORs7umHZ4I8V+db2Tu8= -=/thl ------END PGP SIGNATURE----- diff --git a/openvpn.changes b/openvpn.changes index 9708880..2f4b7b8 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Thu Mar 11 08:51:39 UTC 2010 - mt@suse.de + +- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20: + * Fixed a couple issues in sample plugins auth-pam.c and + down-root.c. + (1) Fail gracefully rather than segfault if calloc returns NULL. + (2) The openvpn_plugin_abort_v1 function can potentially be + called with handle == NULL. Add code to detect this case, + and if so, avoid dereferencing pointers derived from handle + (Thanks to David Sommerseth for finding this bug). + * Documented "multihome" option in the man page. + * Added a hard failure when peer provides a certificate chain + with depth > 16. Previously, a warning was issued. + * Added additional session renegotiation hardening. OpenVPN has + always required that mid-session renegotiations build up a new + SSL/TLS session from scratch. While the client certificate + common name is already locked against changes in mid-session + TLS renegotiations, we now extend this locking to the + auth-user-pass username as well as all certificate content in + the full client certificate chain. +- Improved openvpn init script adding messages giving a hint about + pid write failure and to look into the log messages (bnc#559041). +- Added -fno-strict-aliasing to compile flags in the spec file. + ------------------------------------------------------------------- Fri Dec 17 23:00:46 CET 2009 - mt@suse.de diff --git a/openvpn.init b/openvpn.init index 2a04034..a9c3774 100644 --- a/openvpn.init +++ b/openvpn.init @@ -104,9 +104,19 @@ case "$action" in $openvpn --daemon \ --writepid "$pidfile" \ --config "$conf" \ - --cd $confdir \ - || rc_failed 1 - + --cd $confdir || \ + { + rc_status -v1 + if [ ! -w "$piddir" ]; then + # this is one possible reason, but common to + # all instances and better than nothing ... + echo " Can not write $pidfile" + rc_exit + fi + echo " See /var/log/messages for the failure reason" + rc_failed 1 + continue + } # write the status one line up rc_status -v1 done diff --git a/openvpn.spec b/openvpn.spec index 5aed026..0edc39f 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,7 +1,7 @@ # -# spec file for package openvpn (Version 2.1.0.20) +# spec file for package openvpn (Version 2.1.1) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ # norootforbuild -%define upstream_version 2.1_rc20 +%define upstream_version 2.1.1 Name: openvpn Url: http://openvpn.net/ @@ -27,7 +27,7 @@ AutoReqProv: on %if 0%{?suse_version} PreReq: %insserv_prereq %fillup_prereq %endif -Version: 2.1.0.20 +Version: 2.1.1 Release: 1 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface Source: http://openvpn.net/release/openvpn-%{upstream_version}.tar.gz @@ -47,7 +47,7 @@ Requires: pkcs11-helper %define plugin_libdir %{plugin_dir}/lib %description -OpenVPN is a full-featured SSL VPN solution which can accomodate a wide +OpenVPN is a full-featured SSL VPN solution which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. @@ -134,7 +134,7 @@ sed -e "s|@PLUGIN_DIR@|%{plugin_dir}|g" \ %build autoreconf -fi -export CFLAGS="$RPM_OPT_FLAGS -W -Wall" +export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing" export LDFLAGS %configure \ --enable-pthread --enable-iproute2 \