From 06ccbd25ceff107576c1648a9fd221e3e39d3cb7e14c21e5edf3ee6829f5f95b Mon Sep 17 00:00:00 2001 From: Martin Caj Date: Wed, 6 Jan 2016 09:47:33 +0000 Subject: [PATCH] Accepting request 351949 from home:namtrac:branches:network:vpn - Update to version 2.3.10 * Warn user if their certificate has expired * Fix regression in setups without a client certificate - Update to version 2.3.9 * Show extra-certs in current parameters. * Do not set the buffer size by default but rely on the operation system default. * Remove --enable-password-save option * Detect config lines that are too long and give a warning/error * Log serial number of revoked certificate * Avoid partial authentication state when using --disabled in CCD configs * Replace unaligned 16bit access to TCP MSS value with bytewise access * Fix possible heap overflow on read accessing getaddrinfo() result. * Fix isatty() check for good. (obsoletes revert-daemonize.patch) * Client-side part for server restart notification * Fix privilege drop if first connection attempt fails * Support for username-only auth file. * Increase control channel packet size for faster handshakes * hardening: add insurance to exit on a failed ASSERT() * Fix memory leak in auth-pam plugin * Fix (potential) memory leak in init_route_list() * Fix unintialized variable in plugin_vlog() * Add macro to ensure we exit on fatal errors * Fix memory leak in add_option() by simplifying get_ipv6_addr * openssl: properly check return value of RAND_bytes() * Fix rand_bytes return value checking * Fix "White space before end tags can break the config parser" OBS-URL: https://build.opensuse.org/request/show/351949 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=103 --- openvpn-2.3.10.tar.gz | 3 +++ openvpn-2.3.10.tar.gz.asc | 7 +++++++ openvpn-2.3.8.tar.gz | 3 --- openvpn-2.3.8.tar.gz.asc | 7 ------- openvpn.changes | 34 ++++++++++++++++++++++++++++++++++ openvpn.spec | 7 +++---- revert-daemonize.patch | 17 ----------------- 7 files changed, 47 insertions(+), 31 deletions(-) create mode 100644 openvpn-2.3.10.tar.gz create mode 100644 openvpn-2.3.10.tar.gz.asc delete mode 100644 openvpn-2.3.8.tar.gz delete mode 100644 openvpn-2.3.8.tar.gz.asc delete mode 100644 revert-daemonize.patch diff --git a/openvpn-2.3.10.tar.gz b/openvpn-2.3.10.tar.gz new file mode 100644 index 0000000..c4b9f37 --- /dev/null +++ b/openvpn-2.3.10.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8b0b5b92e35bbca1db1a7e6b49e04639e45634e9accd460459b40b2c99ec8f6 +size 1225636 diff --git a/openvpn-2.3.10.tar.gz.asc b/openvpn-2.3.10.tar.gz.asc new file mode 100644 index 0000000..67ade21 --- /dev/null +++ b/openvpn-2.3.10.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlaKY3oACgkQwp2X7RmNIqN7cACbB9fpKL84DyE2OPkjKz5CV5qD +XzEAn2WfGAwaVUHPCUB7TPzsDjHEKMwR +=5cgd +-----END PGP SIGNATURE----- diff --git a/openvpn-2.3.8.tar.gz b/openvpn-2.3.8.tar.gz deleted file mode 100644 index 9deda59..0000000 --- a/openvpn-2.3.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:532435eff61c14b44a583f27b72f93e7864e96c95fe51134ec0ad4b1b1107c51 -size 1214843 diff --git a/openvpn-2.3.8.tar.gz.asc b/openvpn-2.3.8.tar.gz.asc deleted file mode 100644 index 5dbcee9..0000000 --- a/openvpn-2.3.8.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlXA9x0ACgkQwp2X7RmNIqOi7wCfTR3IkWcWiiqmnTXwLxc2R1wa -l4UAnjxpKS6xiaTSBcTwkYNcbqfStIPg -=S4Rx ------END PGP SIGNATURE----- diff --git a/openvpn.changes b/openvpn.changes index 9379406..708432d 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Mon Jan 4 17:22:37 UTC 2016 - idonmez@suse.com + +- Update to version 2.3.10 + * Warn user if their certificate has expired + * Fix regression in setups without a client certificate + +------------------------------------------------------------------- +Wed Dec 16 14:30:49 UTC 2015 - idonmez@suse.com + +- Update to version 2.3.9 + * Show extra-certs in current parameters. + * Do not set the buffer size by default but rely on the operation system default. + * Remove --enable-password-save option + * Detect config lines that are too long and give a warning/error + * Log serial number of revoked certificate + * Avoid partial authentication state when using --disabled in CCD configs + * Replace unaligned 16bit access to TCP MSS value with bytewise access + * Fix possible heap overflow on read accessing getaddrinfo() result. + * Fix isatty() check for good. (obsoletes revert-daemonize.patch) + * Client-side part for server restart notification + * Fix privilege drop if first connection attempt fails + * Support for username-only auth file. + * Increase control channel packet size for faster handshakes + * hardening: add insurance to exit on a failed ASSERT() + * Fix memory leak in auth-pam plugin + * Fix (potential) memory leak in init_route_list() + * Fix unintialized variable in plugin_vlog() + * Add macro to ensure we exit on fatal errors + * Fix memory leak in add_option() by simplifying get_ipv6_addr + * openssl: properly check return value of RAND_bytes() + * Fix rand_bytes return value checking + * Fix "White space before end tags can break the config parser" + ------------------------------------------------------------------- Thu Dec 3 14:07:17 UTC 2015 - mt@suse.com diff --git a/openvpn.spec b/openvpn.spec index 5619cef..70a3fc7 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,7 +1,7 @@ # # spec file for package openvpn # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +32,7 @@ Url: http://openvpn.net/ %else PreReq: %insserv_prereq %fillup_prereq %endif -Version: 2.3.8 +Version: 2.3.10 Release: 0 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 @@ -52,7 +52,6 @@ Source11: rc%{name} Patch1: %{name}-2.3-plugin-man.dif Patch5: %{name}-2.3.0-man-dot.diff Patch6: %{name}-fips140-2.3.2.patch -Patch7: revert-daemonize.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gpg-offline BuildRequires: iproute2 @@ -138,7 +137,7 @@ This package provides the header file to build external plugins. %patch1 -p0 %patch5 -p0 %patch6 -p1 -%patch7 -p1 + sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \ -i src/openvpn/options.c sed -e "s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g" \ diff --git a/revert-daemonize.patch b/revert-daemonize.patch deleted file mode 100644 index ea3405b..0000000 --- a/revert-daemonize.patch +++ /dev/null @@ -1,17 +0,0 @@ -Index: openvpn-2.3.8/src/openvpn/misc.c -=================================================================== ---- openvpn-2.3.8.orig/src/openvpn/misc.c -+++ openvpn-2.3.8/src/openvpn/misc.c -@@ -1088,12 +1088,6 @@ get_user_pass_cr (struct user_pass *up, - */ - else if (from_stdin) - { --#ifndef WIN32 -- /* did we --daemon'ize before asking for passwords? */ -- if ( !isatty(0) && !isatty(2) ) -- { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); } --#endif -- - #ifdef ENABLE_CLIENT_CR - if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE)) - {