From cb59f07662b5008d7f72c02edefdde032efd36c4448ead38d77183cbf6393078 Mon Sep 17 00:00:00 2001
From: Reinhard Max <max@suse.com>
Date: Wed, 23 Nov 2022 10:27:06 +0000
Subject: [PATCH] Accepting request 1036732 from home:dirkmueller:Factory

- update to 2.5.8:
  * allow running a default configuration with TLS libraries without BF-CBC
    (even if TLS cipher negotiation would not actually use BF-CBC, the
    long-term compatibility "default cipher BF-CBC" would trigger an error
    on such TLS libraries)
  * ``--auth-nocache'' was not always correctly clearing username+password
    after a renegotiation
  * ensure that auth-token received from server is cleared if requested
    by the management interface ("forget password" or automatically
    via ``--management-forget-disconnect'')
  * in a setup without username+password, but with auth-token and
    auth-token-username pushed by the server, OpenVPN would start asking
    for username+password on token expiry.  Fix.
  * using ``--auth-token`` together with ``--management-client-auth``
    (on the server) would lead to TLS keys getting out of sync and client
    being disconnected.  Fix.
  * management interface would sometimes get stuck if client and server
    try to write something simultaneously.  Fix by allowing a limited
    level of recursion in virtual_output_callback()
  * fix management interface not returning ERROR:/SUCCESS: response
    on "signal SIGxxx" commands when in HOLD state
  * tls-crypt-v2: abort connection if client-key is too short
  * make man page agree with actual code on replay-window backtrag log message
  * remove useless empty line from CR_RESPONSE message

OBS-URL: https://build.opensuse.org/request/show/1036732
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=181
---
 openvpn-2.5.7.tar.gz     |  3 ---
 openvpn-2.5.7.tar.gz.asc | 16 ----------------
 openvpn-2.5.8.tar.gz     |  3 +++
 openvpn-2.5.8.tar.gz.asc | 16 ++++++++++++++++
 openvpn.changes          | 28 ++++++++++++++++++++++++++++
 openvpn.spec             |  2 +-
 6 files changed, 48 insertions(+), 20 deletions(-)
 delete mode 100644 openvpn-2.5.7.tar.gz
 delete mode 100644 openvpn-2.5.7.tar.gz.asc
 create mode 100644 openvpn-2.5.8.tar.gz
 create mode 100644 openvpn-2.5.8.tar.gz.asc

diff --git a/openvpn-2.5.7.tar.gz b/openvpn-2.5.7.tar.gz
deleted file mode 100644
index 9799f3d..0000000
--- a/openvpn-2.5.7.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08340a389905c84196b6cd750add1bc0fa2d46a1afebfd589c24120946c13e68
-size 1855516
diff --git a/openvpn-2.5.7.tar.gz.asc b/openvpn-2.5.7.tar.gz.asc
deleted file mode 100644
index e357180..0000000
--- a/openvpn-2.5.7.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEVmH/adZUFVhLcg/Ai3QXs+uzswkFAmKMneUACgkQi3QXs+uz
-swnI4w/7BJ86vNrXtEzxlYSCmC4q+fptZN4IAIJLQhAYMBqUZ+mDXePJk4lCYQiX
-vUKXUUPr5SSdR5no1mBgw5UFHBozuCEOPPK9m1UXDZaJqm7QYdJwhoqIeN/Cmft1
-aQq/1oPrKKAt6+SMpus2e2N+NhLiMWHXBn60Wo5sJlq1Y2flfQWiMzLG8K8a0HIQ
-j+Febq6yLLXK/P+CojJc+wB5+/y9BPCUgQoXwO3+I935llS1um9bA2VIdZ7WuLw6
-vOqeylJH5uFkGsbbtl8NHn7iQgRieeFgwIe67GTPgIok4/xtKeEF739BCJG+zuRT
-hD077gLwRW9hrUUozoLwhWv0H7LQXEeGgfufsfevaaKDFRU/53b6eT89Z1dVBqB2
-aY6ZqOtWaKIrolkszU1z3TriKTQgik+VqyBRJZ8Fhjh2yKAatj3kH9PdRKOcGC1g
-aMAEeP7laIylM9EuUwvpUw6J1Dg6rz5LjXvl3PRFnfFbQoD5C7sCiZgxSu+AjPNh
-7hijoCY7y2OJqYtOuWVL52BXAvG9is2GBAK2ap/Mk3Ixxa37VzqlZLjRUDYfktVM
-e6UMjB0JlhY8j1sItwC0tXDSSUW5MXre8RdIITWaV7QzBXhjuWh9wqDVkgtqADZ9
-+nVh7dwBp5C5PJfgwrwUsskBIPF+gXNuZhNJNqvgGzQ3EJHC5jM=
-=R9aX
------END PGP SIGNATURE-----
diff --git a/openvpn-2.5.8.tar.gz b/openvpn-2.5.8.tar.gz
new file mode 100644
index 0000000..b172c6d
--- /dev/null
+++ b/openvpn-2.5.8.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a6f315b7231d44527e65901ff646f87d7f07862c87f33531daa109fb48c53db2
+size 1875551
diff --git a/openvpn-2.5.8.tar.gz.asc b/openvpn-2.5.8.tar.gz.asc
new file mode 100644
index 0000000..2ba3cc8
--- /dev/null
+++ b/openvpn-2.5.8.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEVmH/adZUFVhLcg/Ai3QXs+uzswkFAmNbl+IACgkQi3QXs+uz
+swmfqw/+I/X41ch6CudbrcmAvn83ja+ea1faFhWm1TNrK/Vf3shD30aeX7haCUYJ
+IMPV4d+OgQftceKlsRmTkLOJW7CsSws3lV1eAirIfrxtHDF73yRHd+mFaY6iycJG
+3Bm3P75FIlAo9e9huHun3quuSdr1m01+WNrJYdz2fS6SYV04KjnAaWrciJPCLXaE
+HayTSvCn8+agZUJWUvIPsTtq3lLcZMxdHRCFTekeiDVPmMhRKR1G5aqFu2GTJ9j/
+Z8jOPswuzfnVVDUWo3uehjfAEI1xmNlYlg46dn+uWyUiFXH++bzJ8FSFV4bK/0vf
+UahzAmWu2124J09Ij3O98gISk8j+1qAkVOlOvsZTf5y4eFR5Ef9CVWHgQ573a7QI
+nO9OudjnWvD47HudHN4npol15d9DZ8r6fR1eSqG7yP7r0L2ol1yHwO+CrFXTNJXa
+/LYq07iNnNzamskGshN09a0xLR4Uv2glxzuhplS91fquUgY1ykNLzbZ28QTjlKD8
+y5bJGU3wiQ057MVibfxfe3KCRRUAX3B3d340n7MxAIVraZT+gXof2+eVF+m/IK92
+mNSGHk0r530Gevwvnltexm7mqnw4sa30AgDLcAGJ7U8hmzX8bLIyHPgIrFL4j5r4
+EBtxcD8YBwt/MI2PwzJAuzmtQBqDeEXfRopxb5fKMDPkEXSwcvs=
+=jlvY
+-----END PGP SIGNATURE-----
diff --git a/openvpn.changes b/openvpn.changes
index 07c6217..f789dd1 100644
--- a/openvpn.changes
+++ b/openvpn.changes
@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Fri Nov 18 21:40:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.5.8:
+  * allow running a default configuration with TLS libraries without BF-CBC
+    (even if TLS cipher negotiation would not actually use BF-CBC, the
+    long-term compatibility "default cipher BF-CBC" would trigger an error
+    on such TLS libraries)
+  * ``--auth-nocache'' was not always correctly clearing username+password
+    after a renegotiation
+  * ensure that auth-token received from server is cleared if requested
+    by the management interface ("forget password" or automatically
+    via ``--management-forget-disconnect'')
+  * in a setup without username+password, but with auth-token and
+    auth-token-username pushed by the server, OpenVPN would start asking
+    for username+password on token expiry.  Fix.
+  * using ``--auth-token`` together with ``--management-client-auth``
+    (on the server) would lead to TLS keys getting out of sync and client
+    being disconnected.  Fix.
+  * management interface would sometimes get stuck if client and server
+    try to write something simultaneously.  Fix by allowing a limited
+    level of recursion in virtual_output_callback()
+  * fix management interface not returning ERROR:/SUCCESS: response
+    on "signal SIGxxx" commands when in HOLD state
+  * tls-crypt-v2: abort connection if client-key is too short
+  * make man page agree with actual code on replay-window backtrag log message
+  * remove useless empty line from CR_RESPONSE message
+
 -------------------------------------------------------------------
 Mon Sep 12 15:31:52 UTC 2022 - Dirk Müller <dmueller@suse.com>
 
diff --git a/openvpn.spec b/openvpn.spec
index e723e4d..275812f 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -24,7 +24,7 @@
 %define _rundir %{_localstatedir}/run
 %endif
 Name:           openvpn
-Version:        2.5.7
+Version:        2.5.8
 Release:        0
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 License:        GPL-2.0-only WITH openvpn-openssl-exception