From 42c7e8bef40323eeec35a94f507a093248e108e87b08b42706ac16331eb0091d Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 10 Apr 2018 14:14:26 +0000 Subject: [PATCH 1/4] Accepting request 586118 from home:avindra - Update to 2.4.5 * New features + The new option --tls-cert-profile can be used to restrict the set of allowed crypto algorithms in TLS certificates in mbed TLS builds. The default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any elliptic curve certificates. The default will be changed to the 'preferred' profile in the future, which requires SHA2+, RSA-2048+ and any curve. + openvpnserv: Add support for multi-instances (to support multiple parallel OpenVPN installations, like EduVPN and regular OpenVPN) + Use P_DATA_V2 for server->client packets too (better packet alignment) + improve management interface documentation + rework registry key handling for OpenVPN service, notably making most registry values optional, falling back to reasonable defaults + accept IPv6 address for pushed "dhcp-option DNS ..." (make OpenVPN 2 option compatible with OpenVPN 3 iOS and Android clients) * Bug fixes + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ + Fix lots of compiler warnings (format string, type casts, ...) + reload HTTP proxy credentials when moving to the next connection profile + Fix build with LibreSSL (multiple times) + Remove non-useful warning on pushed tun-ipv6 option. + autoconf: Fix engine checks for openssl 1.1 + lz4: Rebase compat-lz4 against upstream v1.7.5 + lz4: Fix broken builds when pkg-config is not present but system library is + Fix '--bind ipv6only' + Allow learning iroutes with network made up of all 0s - Includes 2.4.4 * Bug fixes + Fix issues when a pushed cipher via the Negotiable Crypto Parameters (NCP) is rejected by the remote side + Ignore --keysize when NCP have resulted in a changed cipher + Configurations using --auth-nocache and the management interface to provide user credentials (like NetworkManager) on client side with servers implementing authentication tokens (for example, using --auth-gen-token) will now behave correctly and not query the user for an, to them, unknown authentication token on renegotiations of the tunnel. + Invalid or corrupt SOCKS port number when changing the proxy via the management interface. + man page should now have proper escaping of hyphen/minus characters and other minor corrections. * User-visible Changes + Linux servers with systemd which use the openvpn-server@.service unit file for server configurations will now utilize the automatic restart feature in systemd. If the OpenVPN server process dies unexpectedly, systemd will ensure the OpenVPN configuration will be restarted automatically. * Deprecated + --no-replay (will be removed in 2.5) + --keysize (will be removed in 2.6) * Security + CVE-2017-12166: Fix bounds check for configurations using --key-method 1. Before this fix, attackers could send a malformed packet to trigger a stack overflow. This is considered to be a low risk issue, as --key-method 2 has been the default since 2.0 (released on 2005-04-17). This option is already deprecated in v2.4 and will be completely removed in v2.5. - Rebase openvpn-fips140-2.3.2.patch - Drop 0002-Fix-bounds-check-in-read_key.patch * upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255 - Partial cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/586118 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=133 --- 0002-Fix-bounds-check-in-read_key.patch | 58 -------------------- openvpn-2.4.3.tar.xz | 3 - openvpn-2.4.3.tar.xz.asc | 17 ------ openvpn-2.4.5.tar.xz | 3 + openvpn-2.4.5.tar.xz.asc | 16 ++++++ openvpn-fips140-2.3.2.patch | 10 ++-- openvpn.changes | 73 +++++++++++++++++++++++++ openvpn.spec | 53 ++++++++---------- 8 files changed, 120 insertions(+), 113 deletions(-) delete mode 100644 0002-Fix-bounds-check-in-read_key.patch delete mode 100644 openvpn-2.4.3.tar.xz delete mode 100644 openvpn-2.4.3.tar.xz.asc create mode 100644 openvpn-2.4.5.tar.xz create mode 100644 openvpn-2.4.5.tar.xz.asc diff --git a/0002-Fix-bounds-check-in-read_key.patch b/0002-Fix-bounds-check-in-read_key.patch deleted file mode 100644 index 3a81f40..0000000 --- a/0002-Fix-bounds-check-in-read_key.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 3b1a61e9fb27213c46f76312f4065816bee8ed01 Mon Sep 17 00:00:00 2001 -From: Steffan Karger -Date: Tue, 15 Aug 2017 10:04:33 +0200 -Subject: [PATCH] Fix bounds check in read_key() - -The bounds check in read_key() was performed after using the value, instead -of before. If 'key-method 1' is used, this allowed an attacker to send a -malformed packet to trigger a stack buffer overflow. - -Fix this by moving the input validation to before the writes. - -Note that 'key-method 1' has been replaced by 'key method 2' as the default -in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4 -and marked for removal in 2.5. This should limit the amount of users -impacted by this issue. - -CVE: 2017-12166 -Signed-off-by: Steffan Karger -Acked-by: Gert Doering -Acked-by: David Sommerseth -Message-Id: <80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com> -URL: https://www.mail-archive.com/search?l=mid&q=80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com -Signed-off-by: David Sommerseth ---- - src/openvpn/crypto.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c -index 131257e5..3f3caa1c 100644 ---- a/src/openvpn/crypto.c -+++ b/src/openvpn/crypto.c -@@ -1666,6 +1666,11 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf) - goto read_err; - } - -+ if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length) -+ { -+ goto key_len_err; -+ } -+ - if (!buf_read(buf, key->cipher, cipher_length)) - { - goto read_err; -@@ -1675,11 +1680,6 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf) - goto read_err; - } - -- if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length) -- { -- goto key_len_err; -- } -- - return 1; - - read_err: --- -2.13.6 - diff --git a/openvpn-2.4.3.tar.xz b/openvpn-2.4.3.tar.xz deleted file mode 100644 index 9b0cb20..0000000 --- a/openvpn-2.4.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb -size 938440 diff --git a/openvpn-2.4.3.tar.xz.asc b/openvpn-2.4.3.tar.xz.asc deleted file mode 100644 index 869c53e..0000000 --- a/openvpn-2.4.3.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJZSkg4AAoJENcq80SMwrA0XBwQAKoiJYeq99LnxrXrxDNVyGTr -r8hFA7zo5Py3ZLelliKqVldBVeX6kkfrJAD5Immwt35PzffzSfVjUCd8mTUCoTdK -nOuxVRsIfccb2B9yF25HmKPk7tXYfOg7QCCPK8Za8QJxLV85U9h0amTa5veRC4wm -xQ4TRSk3yQRRKarOySpAJU7ue59LJ3jVBbuiNU0i6xGTzykrnqrli6pAzvFuTqfi -DOIO8lwMFxwyDXonlX2faglfWanjVSv8nIwmP7EzefhTUkT9EU+7aoA1Lluh2HR6 -DmqOxh0x2DCR+pv37PHgQ0LhBJ2IVRp5sKskzUqkupV3S5dqj8OVFGly6+4D5aoO -mTd9ZtVK1GAM/yw7QKO+jguSxRn/usIgBmxFcVcLZESycTCSS2iqtdQfSp/PtcGM -0pQfNsyOm6vutlYFaUQqeGYIlqnlBEDeJr7zI9TdQoJ12DmeYyWABQ4MswnEWOGa -LwD1PeKLNLddXiSXI1b4b/9TDmSiYw2MH9wDbMvKep+1IQhoh1Zubtv+DbcXXXCR -cKWkDcTDzGoE55yHAPiP5VCZJvwTWEUA6z9hW38vVY2wauHMNXTeNcVGeTggq+YJ -NfVv5Np7UP2BbSOPAspGsVlV5sekHvl1YAXuA5Y6hyixt1+KxZdJfFbqsU+fYm1n -B1yC9E8sA2QK4kahvDj/ -=GwRO ------END PGP SIGNATURE----- diff --git a/openvpn-2.4.5.tar.xz b/openvpn-2.4.5.tar.xz new file mode 100644 index 0000000..be42dc9 --- /dev/null +++ b/openvpn-2.4.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:43c0a363a332350f620d1cd93bb431e082bedbc93d4fb872f758650d53c1d29e +size 942696 diff --git a/openvpn-2.4.5.tar.xz.asc b/openvpn-2.4.5.tar.xz.asc new file mode 100644 index 0000000..2afee6d --- /dev/null +++ b/openvpn-2.4.5.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEtZYG4tjG4QuAvisx1yrzRIzCsDQFAlqXrFYACgkQ1yrzRIzC +sDTqwA//XYEvyevywKRZlrzoO9BfCH+hu2SK6BVlba5nEiR+akJ952TdUo7kHYRF +Ha4roGtQsCRa/oUYLeZ47wd0OvYFy+65iu3/6cK8eCZgy2oq7/3bAV+A/3S13FU/ +Si4MB1g442rYB9g6153XHC/tIQZbBmFkaIMJ0ObSzQIhcLdQFduMtzXOIMtJYa8k +sjty85JvWuJGvkOgQDUn9V/5Io4uanVnSpRhBgEetH3vr70sl5623ePLkp4TLGzM +f5mSapOOw31Wal1nTNXuIQWTXaj7br/yBLdxarJCH5WfwQksop2EvArdVM7wZ78C +DEo4vUWvdWrGbQniPsD4dQkCy3g1wHD+f+O1QfM2xikIZ+n80K7jYqaaxJvMQ5r5 +AuKGhBT4wlU++BjOA8uIN0mZjEdhUt3Z8qLDDo9TPt4CA7FPmorMM8qdAQJkDHnC +JYJysg9l7dCdavF9abRbz+Uj5vK1h3zMFq7V8mqPbuUKuloNL8yuyEvbTK65CAbi +8JvVgbeeFiu61dAIjqBG20nIyUzPpv/Bv4rG8/WDZJtoByI8piEYO73stuQa1oS5 +CUciSEpDXriG6kkdTuqYq68aqKc74qSpJ5cLSYH6WVggIxtSnxCD+GmpP8CWLJhW +O7pl8IKesdmU9sDnCv8jDLumEtZkZen4kpou+tm+FehLSHzIBUA= +=I1E6 +-----END PGP SIGNATURE----- diff --git a/openvpn-fips140-2.3.2.patch b/openvpn-fips140-2.3.2.patch index 7b6d4d5..8239c66 100644 --- a/openvpn-fips140-2.3.2.patch +++ b/openvpn-fips140-2.3.2.patch @@ -47,7 +47,7 @@ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index a55e65c..79f5530 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c -@@ -926,11 +926,15 @@ hmac_ctx_free(HMAC_CTX *ctx) +@@ -926,11 +926,15 @@ void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, @@ -56,7 +56,7 @@ index a55e65c..79f5530 100644 { ASSERT(NULL != kt && NULL != ctx); - HMAC_CTX_init(ctx); + HMAC_CTX_reset(ctx); + /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not + * * to be used anywhere else */ + if(kt == EVP_md5() && prf_use) @@ -68,14 +68,14 @@ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index 0b1163e..93283bc 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c -@@ -87,7 +87,7 @@ gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char * +@@ -88,7 +88,7 @@ const md_kt_t *md5_kt = md_kt_get("MD5"); hmac_ctx_t *hmac_ctx = hmac_ctx_new(); - hmac_ctx_init(hmac_ctx, key, key_len, md5_kt); + hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0); - hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len); - hmac_ctx_final(hmac_ctx, (unsigned char *)result); + hmac_ctx_update(hmac_ctx, data, data_len); + hmac_ctx_final(hmac_ctx, result); hmac_ctx_cleanup(hmac_ctx); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index fef5e90..33b6976 100644 diff --git a/openvpn.changes b/openvpn.changes index 9f1f1db..da9ec8f 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,76 @@ +------------------------------------------------------------------- +Tue Mar 13 01:32:52 UTC 2018 - avindra@opensuse.org + +- Update to 2.4.5 + * New features + + The new option --tls-cert-profile can be used to restrict the + set of allowed crypto algorithms in TLS certificates in mbed + TLS builds. The default profile is 'legacy' for now, which + allows SHA1+, RSA-1024+ and any elliptic curve certificates. + The default will be changed to the 'preferred' profile in the + future, which requires SHA2+, RSA-2048+ and any curve. + + openvpnserv: Add support for multi-instances (to support + multiple parallel OpenVPN installations, like EduVPN and + regular OpenVPN) + + Use P_DATA_V2 for server->client packets too (better packet + alignment) + + improve management interface documentation + + rework registry key handling for OpenVPN service, notably + making most registry values optional, falling back to + reasonable defaults + + accept IPv6 address for pushed "dhcp-option DNS ..." (make + OpenVPN 2 option compatible with OpenVPN 3 iOS and Android + clients) + * Bug fixes + + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ + + Fix lots of compiler warnings (format string, type casts, ...) + + reload HTTP proxy credentials when moving to the next + connection profile + + Fix build with LibreSSL (multiple times) + + Remove non-useful warning on pushed tun-ipv6 option. + + autoconf: Fix engine checks for openssl 1.1 + + lz4: Rebase compat-lz4 against upstream v1.7.5 + + lz4: Fix broken builds when pkg-config is not present but + system library is + + Fix '--bind ipv6only' + + Allow learning iroutes with network made up of all 0s +- Includes 2.4.4 + * Bug fixes + + Fix issues when a pushed cipher via the Negotiable Crypto + Parameters (NCP) is rejected by the remote side + + Ignore --keysize when NCP have resulted in a changed cipher + + Configurations using --auth-nocache and the management + interface to provide user credentials (like NetworkManager) + on client side with servers implementing authentication + tokens (for example, using --auth-gen-token) will now behave + correctly and not query the user for an, to them, unknown + authentication token on renegotiations of the tunnel. + + Invalid or corrupt SOCKS port number when changing the proxy + via the management interface. + + man page should now have proper escaping of hyphen/minus + characters and other minor corrections. + * User-visible Changes + + Linux servers with systemd which use the openvpn-server@.service + unit file for server configurations will now utilize the + automatic restart feature in systemd. If the OpenVPN server + process dies unexpectedly, systemd will ensure the OpenVPN + configuration will be restarted automatically. + * Deprecated + + --no-replay (will be removed in 2.5) + + --keysize (will be removed in 2.6) + * Security + + CVE-2017-12166: Fix bounds check for configurations using + --key-method 1. Before this fix, attackers could send a + malformed packet to trigger a stack overflow. This is + considered to be a low risk issue, as --key-method 2 has + been the default since 2.0 (released on 2005-04-17). This + option is already deprecated in v2.4 and will be completely + removed in v2.5. +- Rebase openvpn-fips140-2.3.2.patch +- Drop 0002-Fix-bounds-check-in-read_key.patch + * upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255 +- Partial cleanup with spec-cleaner + ------------------------------------------------------------------- Tue Feb 13 17:49:09 UTC 2018 - max@suse.com diff --git a/openvpn.spec b/openvpn.spec index 943fa8c..7155212 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -18,9 +18,8 @@ #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} - %define _fillupdir /var/adm/fillup-templates + %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif - %if 0%{?suse_version} > 1210 %define with_systemd 1 %else @@ -29,26 +28,20 @@ %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run %endif - Name: openvpn -Url: http://openvpn.net/ -%if %{with_systemd} -%{?systemd_requires} -%else -PreReq: %insserv_prereq %fillup_prereq -%endif -Version: 2.4.3 +Version: 2.4.5 Release: 0 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface -License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 +License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only Group: Productivity/Networking/Security +Url: http://openvpn.net/ Source: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz Source1: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz.asc Source2: %{name}.init -Source6: %{name}.sysconfig Source3: %{name}.README.SUSE Source4: client-netconfig.up Source5: client-netconfig.down +Source6: %{name}.sysconfig Source7: %{name}.keyring Source8: %{name}.service Source9: %{name}.target @@ -59,23 +52,27 @@ Patch6: %{name}-fips140-2.3.2.patch Patch7: openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch Patch8: openvpn-2.3.x-fixed-multiple-low-severity-issues.patch Patch9: 0001-preform-deferred-authentication-in-the-background.patch -Patch10: 0002-Fix-bounds-check-in-read_key.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: iproute2 +BuildRequires: libselinux-devel BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel +BuildRequires: pkcs11-helper-devel >= 1.11 +BuildRequires: xz +Requires: iproute2 +Requires: pkcs11-helper >= 1.11 +%if %{with_systemd} +%{?systemd_requires} +%else +PreReq: %fillup_prereq +PreReq: %insserv_prereq +%endif %if %{with_systemd} BuildRequires: systemd %endif -BuildRequires: libselinux-devel -BuildRequires: pkcs11-helper-devel >= 1.11 -Requires: pkcs11-helper >= 1.11 %if %{with_systemd} BuildRequires: systemd-devel %endif -Requires: iproute2 -BuildRequires: xz %description OpenVPN is a full-featured SSL VPN solution which can accommodate a wide @@ -141,13 +138,12 @@ Requires: %{name} = %{version} This package provides the header file to build external plugins. %prep -%setup -q -n %{name}-%{version} -%patch1 -p0 +%setup -q +%patch1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \ -i src/openvpn/options.c @@ -176,10 +172,10 @@ export LDFLAGS --enable-plugin-auth-pam \ CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS" \ LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins" -make %{_smp_mflags} +make %{?_smp_mflags} %install -make DESTDIR=$RPM_BUILD_ROOT install +%make_install find %{buildroot} -type f -name "*.la" -delete -print mkdir -p %{buildroot}/%{_sysconfdir}/openvpn mkdir -p %{buildroot}/%{_rundir}/openvpn @@ -271,8 +267,8 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || : %endif %files -%defattr(-,root,root) -%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README +%license COPYING +%doc AUTHORS COPYRIGHT.GPL ChangeLog PORTS README %doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root} %doc README.* %doc contrib @@ -280,7 +276,7 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || : %doc sample/sample-keys %doc sample/sample-scripts %doc doc/management-notes.txt -%doc %{_mandir}/man8/openvpn.8.gz +%{_mandir}/man8/openvpn.8%{?ext_man} %config(noreplace) %{_sysconfdir}/openvpn/ %if %{with_systemd} %dir %{_tmpfilesdir} @@ -297,19 +293,16 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || : %{_sbindir}/openvpn %files down-root-plugin -%defattr(-,root,root) %dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/plugins %{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so %files auth-pam-plugin -%defattr(-,root,root) %dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/plugins %{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so %files devel -%defattr(-,root,root) %{_includedir}/%{name}-plugin.h %{_includedir}/%{name}-msg.h From 283c2a8f8b9f57b3809c261cc66858707bdf73e94f69e66c6727205f8c1e604b Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 10 Apr 2018 14:40:39 +0000 Subject: [PATCH 2/4] - Remove --askpass again, because it was also asking for a password when none was needed. As a workaround for keys that need a password, the "askpass" statement should be added to the config file (bsc#1078026). - Use Type=notify in openvpn.service to reflect what openvpn is actually doing. - Import the new signing key from upstream. - Remove obsolete configure switch --enable-password-save . OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=134 --- openvpn-2.4.4.tar.gz | 3 + openvpn-2.4.5.tar.xz.asc | 26 +-- openvpn.changes | 12 ++ openvpn.keyring | 408 ++++++++++++++++++++++++++++++--------- openvpn.service | 4 +- openvpn.spec | 5 +- 6 files changed, 347 insertions(+), 111 deletions(-) create mode 100644 openvpn-2.4.4.tar.gz diff --git a/openvpn-2.4.4.tar.gz b/openvpn-2.4.4.tar.gz new file mode 100644 index 0000000..9c0ac10 --- /dev/null +++ b/openvpn-2.4.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1ae883d9522c9fa6d189e5e4aaa058a93edd3d0b897e3c2664107c4785099fc3 +size 1390194 diff --git a/openvpn-2.4.5.tar.xz.asc b/openvpn-2.4.5.tar.xz.asc index 2afee6d..9a91255 100644 --- a/openvpn-2.4.5.tar.xz.asc +++ b/openvpn-2.4.5.tar.xz.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCAAdFiEEtZYG4tjG4QuAvisx1yrzRIzCsDQFAlqXrFYACgkQ1yrzRIzC -sDTqwA//XYEvyevywKRZlrzoO9BfCH+hu2SK6BVlba5nEiR+akJ952TdUo7kHYRF -Ha4roGtQsCRa/oUYLeZ47wd0OvYFy+65iu3/6cK8eCZgy2oq7/3bAV+A/3S13FU/ -Si4MB1g442rYB9g6153XHC/tIQZbBmFkaIMJ0ObSzQIhcLdQFduMtzXOIMtJYa8k -sjty85JvWuJGvkOgQDUn9V/5Io4uanVnSpRhBgEetH3vr70sl5623ePLkp4TLGzM -f5mSapOOw31Wal1nTNXuIQWTXaj7br/yBLdxarJCH5WfwQksop2EvArdVM7wZ78C -DEo4vUWvdWrGbQniPsD4dQkCy3g1wHD+f+O1QfM2xikIZ+n80K7jYqaaxJvMQ5r5 -AuKGhBT4wlU++BjOA8uIN0mZjEdhUt3Z8qLDDo9TPt4CA7FPmorMM8qdAQJkDHnC -JYJysg9l7dCdavF9abRbz+Uj5vK1h3zMFq7V8mqPbuUKuloNL8yuyEvbTK65CAbi -8JvVgbeeFiu61dAIjqBG20nIyUzPpv/Bv4rG8/WDZJtoByI8piEYO73stuQa1oS5 -CUciSEpDXriG6kkdTuqYq68aqKc74qSpJ5cLSYH6WVggIxtSnxCD+GmpP8CWLJhW -O7pl8IKesdmU9sDnCv8jDLumEtZkZen4kpou+tm+FehLSHzIBUA= -=I1E6 +iQIzBAABCAAdFiEE1Ri5vWQ8+U2l7Zlw8TKxy68THK4FAlqyMPsACgkQ8TKxy68T +HK7KxA/+LAIyRraYxL4baacnzfKY9zIkSYF8WT5OiWw/x100C+MmY+nvCG43GLAA +AC9NVTkWYauCyP58IIwOmg/Z+yusCBgCieIuFm6WooLKrQUZS90v8F0+0YQa6Pel +BD1UTB5TBxvDlOfOdl2Kp9L0Sxr1roeNAV6ezFK23WXoYGMzg5gu1MC6Ig8K4w2X +T5S8GH3DqYbMo5ao15f9fgwDC1smZP7+uBPLw4FgLBz5/8RKJ4kVRPxymK189EXg +NSkDDSgNvRT1VrttGGbcYpYBkqxsvepcS+UsYEzKdv3a/hNSbt5it1vI0fd33SyX +okIaHB7z6e+sBM4Hh9ZVe4QG8n/HV5SVyBLKnhDtPk9uarb45oP/YDKvSnc/93K4 +edKOPEuYCOFczsQnsE9bJO82WshRnpiYXSXOSCjCpfwYaGv4uxAsiYDoiHnvfQqS +5BJ1CX8P8flQBGu/DLg7or+s018pMv3tY4FyJ+/0DG6BUcoqOKincHAd0ctXqHMZ +7NPX7XaoDDpKe4r/QFHDXmb1pwGEwuTraIoT0Wr4nNhspuTgbnAeSanLQhf/y0Fi +H3JA5G7RS7Lx533yTTY/AQdfcTMVokFV1Y2jwvxENg8ahp8e5JDVK2DHcFae//+x +wwZSkdFYSFXVOXRqEh7CeDhJt8uhCLr0j/Un8FaJ2a4fs82pOG4= +=jjwg -----END PGP SIGNATURE----- diff --git a/openvpn.changes b/openvpn.changes index da9ec8f..5f95d86 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Apr 10 14:29:18 UTC 2018 - max@suse.com + +- Remove --askpass again, because it was also asking for a password + when none was needed. As a workaround for keys that need a + password, the "askpass" statement should be added to the config + file (bsc#1078026). +- Use Type=notify in openvpn.service to reflect what openvpn is + actually doing. +- Import the new signing key from upstream. +- Remove obsolete configure switch --enable-password-save . + ------------------------------------------------------------------- Tue Mar 13 01:32:52 UTC 2018 - avindra@opensuse.org diff --git a/openvpn.keyring b/openvpn.keyring index 3fcfd4b..f7c5073 100644 --- a/openvpn.keyring +++ b/openvpn.keyring @@ -1,5 +1,4 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 mQINBFicXUkBEAC9j2L+kJxqetXfslRL/UOqZUNpfNGUjpP2yb+j9UYdZbS3dq67 i0oYINqKRO4fZEg0VLpW611fTUL3qhKADmSlrktY8p26T79I/TYAUuwlijTFKUVw @@ -13,97 +12,318 @@ bav3zvqEia7kQiR6qLd6KMk4dcpE5UAdLii8yGNBF93aU4UPJg4zhTl4hBANp8jf tCd4LfxB1aurGfqSlwfE3c1wYXOAplzG/CAbvHch0mA1ckKKb9MYvmInYj/cnPxT ZBhjT5qBq91qiqNbStVquyBwuyEsa3FpeUopTZWxeO6Ik6hz89g3+Mu2awARAQAB tDZPcGVuVlBOIC0gU2VjdXJpdHkgTWFpbGluZyBMaXN0IDxzZWN1cml0eUBvcGVu -dnBuLm5ldD6JAj8EEwECACkFAlicXUkCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsE -FgIDAQIeAQIXgAAKCRAS9fe0LysB56coD/4/z1WaO6S6MW9GJUHnQC0xym6ZW3Ax -c+iRT2M1FnBBEYEZXdPtQg6dkuAozip/V7MsYt/0xo0bR0ViE8SA53R+E3KW5/zW -lebAF9E/QZMobVU3T2fbMDHckRyrSXfjTWnUi4EKrXbC41axwiRJisbFMPAY9aNP -SHhPDvYvKCNvuVYB1cPOZ0pJYzeuGSiv4FGaUYKdNQOZhinVGccev/+ll/g1yW/Y -2qFnQPh/z0LJnTwk4PAxrtt6sc+AUXo0CFAnGVYfw42TFqNb23osO8IFHENSS5Uo -XakMbw+EZYd2gCnUptRUMLLH2mUexVQaFaIdi9j+zqhOfgZ9MRa9OhmC7sq+Poz6 -SxmQz6W//TczylpXixRJsK8rdIYMp717ycShX8mOqSWX53Ehc2q8kSCor1xOhDXt -oBkKYHucX33/+NS6l9XjyW6RMJg1sV4XSvu6Dfw/qnUFj+z00N8lQUiM7KPU6EhN -/h5PeyLKxppkpndlBuHZ9YvpiQNnfPRlfwPi1o59N/rhN6Xet5kbD5e8yPnNXZlc -gwanJBkwFyrgIKq9zoGD08TfVha44sIsq8iy+3QwFp1BgjBNFthl1JYWVHpnM5ni -FIx87RaRp5CQJZ4+PfZ4B/oisX4Pr9QkEhGxqIy/34zOGnv/k1TDIPwYVXSx0zsK -Q4GdxmxB0QRTbYkCOwQTAQIAJQIbAwUJEswDAAIeAQIXgAUCWJzLrgQLCQgHBBUK -CQgFFgIDAQAACgkQEvX3tC8rAecE3A/+LCiwUH30gbauYFlk6tWL8GfEKmGqjyYV -IJAmmkdlHXg/oiP96Xjrg6aOHLm/QNIvNIM2Z8u+0i/UxpPcnXp1qxy6YEl2rgbi -b0njCC2L23ziEVQniPBrZCWvp5wQdMy3BG+1cvYV+H84YlW3IZm/P6mqgKNU1U1j -Y4zpIVe6oF+WhM7ijZGQFOYzaFBK3kZw5TNguXiQEdisDZF25zHBcz7aR1WtYsd6 -Zm/Tfeaoaa8SW23GdhueruDpIEsEAcMrwfsYnUPTuIQ/NsiQoQWVKHRMxONuJB53 -o07/1T8C8GPBL3t5xVZZK2Go0XQryUWuW380IrT120B+patIpdySOTzBlDeX75nN -dM2epY8mBmlR6Jx1RTAAY1ImYD1myv2+kYZYczfThpN04G2L2LXbnOJ99UmAxGIv -abPYawYriEYI1r7+WeQXHoHS8SxZex7tSzuVkYYE3mxT0YaPD9FGjbcu/79GYF8O -qouKUcjFTDOzL3yBZIbJSXlxgXD+AjIOjV54F9+xkmT0GAC55QbCPmvgMLhAbl8b -+maKw0MORCTqhzpF5jOVPjhT36ZJXpCNCZ4MA0U1qWY5v/qKKpaP14CXV/rT8VR6 -7MgEBdIMUtRM0uMYQHYvHh2Am3BU/Oee4ns3s7OCVhhMeWQ85UEYKQ894fRwOANG -NlSPHWw+LvKJAhwEEAEIAAYFAlijkAkACgkQV9udq2E7jaFf4w//d+Tx2ti5mWEj -/7ZygilmqwR8w1yUZAZBeMXkSF4NEeGkInt2bLBDDHoEiRpM7pmPUq4uKEJmm145 -cLnfN2RScxefOAxGN2NhAKTHRbN7QIAy7oX7FVvEydOZzFYRYDLdC0fKiSg1BJG4 -+kaan18S2oWLfAQ9gEH8KD8zbF7a9okeM5GSUkIs6WdNjU3YM1bGiXIbPQWqHI1w -/6GpraPbKRCDE/td6FjInpQy7eQl4GW0HPekLdWnrLyZ5KOwTAaDXkIVqse4bwi2 -e/4OWZLZGM3G5aCkMZ5aUehli4fAIRbjqhfh1lxtIZQsnImrHIIEp3cm/4DghoII -aqqmJ2Tngp/uLfVqy2uNFkM1dAhrW1U7TbLa+DmiYH9X5/0ctd75H1ZQoEjKwKGN -qgw/Rq75rxSBvFSLU9fvuH7WG14WXdCwdFroXXDjhd1g+Pc4qvr9W8yJjBjfi/NI -1s50iWhTXoBt7rKWwvYhy/LFAo9leEo+RzU6+ugUaOaPOU7F91HwLTut0Gri9rLe -tujpNn59ZHk4zr+Mcw7UC8X57oW7dW6ZI19G0SWPPhyaU9epcfumlMSqI1r/66Ji -4LJ11Td7Nv2JUTjo/SVGor2IUzABsNjb9s/ffLFvSePjRDJLe2I8l1Qs6bubjGPQ -HZM2VxQw8mA5MjTFDDd+bk4AEU0bhpG5Ag0EWJxdSQEQAKO2FBTqXkiAYeur4Wzq -OakSDPk8qeVGaGzWIkehy5l/JV3npacqgRLafPvOTdUDujd1+pAaRABUrA5L+LlJ -98AZgLzxWywIbTdkLVE+65gdGTchGU95WxqT9HYBzORMdXpc3avWbnX0AJ5DfbBG -j3nPsxwTTeyg8Gut8p5BGUYJg2vvZ2XJjPQrFUqpN71FLXwlq4j6fQwG8rp5/LCX -QwA1KPJoNm6W8HT2V812ZcKXmfV0bK88qI9ukvhM6e/2OmOChfm27gR0+A3iGk6E -x9KhA0HhfWPByI14PsFHC6mSg1nJBjN4F7IY5ddP3bg2EILz6Dx0cydh/FznZHM/ -iXHHeQWu1vkUUnDZ2Lp+QUu8YaHjUbFof0gExnU6T/IAxUjRfNBf+1/5O4beo3gD -7deXLwUQ5UqFUjEdiGr97zRteLvE6BcMQXEv59gbWgvXKEt47oA5iSCC6/Kxk1vd -90WrPWSP8FGz8W/vZDYLvHqLAZ0LdM2jVraVx5F1ESjsyXQ89s9BfWaWM2l8WlpG -CnPv/z7sAkzfTIZuqBUB3RkvSNeFOhkydqXxCK1moE13Cdo/YJEAYBoSf28w0Fxm -fiWUVuq71lpMXbUbQZRg+AyHG/bSTii4riZPKws+k38a4oqHNfBcIHokWj9bLh7m -iemW8EAm+iMzlg4Qc6XYuvN7ABEBAAGJAiUEGAECAA8CGwwFAliji0QFCQICv3sA -CgkQEvX3tC8rAefqWg/+Jp2z1PSfQvAcTzrDgGfssQQRDhH8p5KPlbQnjdc54Oz5 -gF2qvJNBVnGEJqMq8HyuyXaGND5PlptV6NTulxgX2U6d7g667ad6aqufO8EAzOj7 -EUxaONVH/jGcRi95g2LTR4CJ9mzS7M1VZ4oUWfx785uhyyyxHuiuFRfMq1zZYOuc -xJ3fI3zIUJMHt6HKzxB14YtwPfyJ5RD/VViaq/Agck9GCaAeDm0dqZnlQf5yx6R4 -xuEpfp+9CK9iuaPGXui5KQsYaIqS2xqFakGKQ02JrrhQgHTP7BRIjzXv4gv94Eiv -N48L5jaoNk1eHKHFD20XMT2honheB/KXCzdYzz4bIlfNossHpcRahcqMOAud57Ag -CmO/X8husUfc38rJUMlrcvsTEMFoWoNXkhKko/hdRdYG0CiAAsRhCpY+b43NUPgG -M549KDyJtHLi8jczBy1FYWd73HK95EgS+suTdWN/JIbzYE2PHNW+4CfT2WPBiUxk -oV0ZuzAecjmsffYZDKZgT3+WVmewxyVQGNyGmeRQ2iNDxfntkgL4DRHJkB/ryDsS -lltRmqwOMbI0unMt1j0CQLllzY3TQvWIiYRcMBESFREgxWrv5kJKZMze0+BNwCMS -iEkwNvm2Jz50EZmOTiNGl5d0SqYgQyw8/i1uxBSs80WA1E60JlI7EqTJHT2Dgs65 -Ag0EWJxd7gEQAK/OTSfxwn91jNGTy2D29/pIPAR9Q2aYV+AZ1V8sprXwg5XeFvHg -Msc47wCHSihu3oNGZR2XF5O+gXE6k4/BZpBgBxdijGtb+P3aYHjr0xUNmMWw1VdJ -ODh6f2t+1r/GLUUF38GUYL6Hjy54sTF8CHTu5afm4DugxU1bDwOfH1QXMOYC7tIn -Q1y9JWoowKItCcRKfG3DvHfgfnB8jfbGOdyUcLMNIuxCXcAt9rPh1QRCbK+OBBom -S9pNwXVi6AtGbkw4LNemhspk1rm+kZOMJALKpz2nOc+VA9Ci+6oHkXaUTJt5rJm9 -llqD49p0Tt/wtIWPyr0ThJXoTwuu1aeSiT22vtDO8LoJrognRuxzbDs05pT68W3i -wBc8P8F8jNJim5Fzu9U0hkqkJv0wHP4Ap/MCDGZ36BMSAE8oQXBsTjHydVye/YL2 -8cg3GRckL4C1E8kY1Bn2hmHA9QQbK3iCNduISBmN8abYX9RDJjqrCkrspRefIkbB -5WUo0f6hW+7+UVhQUCD23GA5qPza6Ue2HjSEW2Y8RPXbcBGk0pgX3ee+yRbp9izN -jn5zb/tSYx5GneMaTwDrbDeB0P0pow9NoH2ONGs+hkXvsKL+pc7crkuFZqRETAfI -NOvQDvUF/eto2vfArNW4hxcosrMB78pUQ8LOgtFxjJBR4EHEC25gwXlJABEBAAGJ -BEQEGAECAA8FAlicXe4CGwIFCQICKQACKQkQEvX3tC8rAefBXSAEGQECAAYFAlic -Xe4ACgkQ1yrzRIzCsDSaeg/+Pr9O9qKYgfmg8nE0M43P5bWO6ootkaf/Uc2LQDuX -qiS8WXmzK8S5zIujxnBH9B4z8nrwCvTZ6JZHUygyhdkvnkDXBtO+MTWPugalxmMW -AaGK/V1M2ZXWHdQpwAfK7dqfuAP9Tse1SoQJVsLFjJ7L33lHAygKG24zJhowQCRG -Hc1N491MvbgsEdCCiaIQByVko8itJxLlOa5A7jDJy6I1L5YcoBFY5i5Cm0y/8TRX -kfCLhwtslXeltPDpHBqd7iKHBc2OYZz9clZNgr1oQFnlntCS9HlnuSPVS50xg4Rd -idyyNvR7tm8LKx0Ptm4Aj8q6+2s1zUVY1yZbyd8vLqZ/QwN7pZhAhiGZXr/e+Prc -lL5BalQR2FndYrGY77HAcubWpTkzXC+iGizPSa1nni562rwHdQWXWPt3R5KBmcdJ -KirNfeF2WiHP77gFnyCg7o9XzvWsqni7XTm+HGDq+E/RMFYdeSzYJ0wL/kWavpbS -kdCN4FBQ4HAc3hypsSHG3Vuian4kykJ0i5uDtgdeLxJmtgQ9PpNZScSrMC1lGBdE -36cRCvAR3wwf7nzD1F1voTfe5MMx7k7IVdyfs1Ajnjrrm/hlShFifl8hQ2UIyhNM -+bQ/YeHvL1OjpDTmIvxuelJcPmM9+g+gGrV8DYw+ZPrFDOTfEPgRqPze1608JQp1 -P7FuzA//Zd6iLDL7EmVlx3sJs756SkiUfS1Yj9vTbNRVP/GX+D7rqHQL/vRHQlc4 -rxqpQIf/T1jhanqXB+NCIGwV49xO1ODsDkSZuJqjPUyW8BpqskR/l+OXbCa04oCy -RBriMtWFUUQ0uquagdvte4dEo6gC4l73cz8emUnB6bOKCq/QxvtjoQSa/VsWrs3D -xIowQOCTk9eW9YOkpwhrSSnksumYS0V+VQ5NpgYesR7oH36d7Sh5RNEk97v9T+OQ -cjDtPXBD2fD5e7nwo+UV0px0y+pAzzf6Gwh20D/gnIJobOAgFl5u/l3LGaYZnUvL -4xIaKVNHxjldX8BmHos1+7xC0i5JH0IdNoCHGXF8BmkTz7t9CwuESZeFp6ucsvTt -LfLsJW73E5V1y4yWLE2Baucpj3+WFwQBVM311/X2mGMTF6FO7n5UiBE52dmy78kS -EyfpNwdTJ4NbpiZaeRFusWE9J3zVP+AKXlyANjil/F7xkgbqK32CrD6OLd/AjyoS -QeqBuFk0KIEWnj8FcRnSZCTy0V5iqx/guBvy9gHyGHs39xRH4amybmn/wHX9vULd -KJY9YjVdjtH6OpQw+7Jc9xH4+tInHBB+MErX9Q1TCeg/kANZPAD0aHgUrbawyNHQ -QvVy6MJDfWSsx6t/SAwUHF6rKPiN3nfWTCN8JQccPjw+Ziu+C8E= -=iBcj +dnBuLm5ldD6IXQQQEQIAHRYhBJ1Sw0fqLFJAInfhLR/HT6mBfHpSBQJZ2PE1AAoJ +EB/HT6mBfHpSozAAn1xyDljEjokbnI7wNbGcCDlUlNW7AKCuxM+zG26UM2r0DxVe +fWTFhBIV+4heBBAWCAAGBQJaX6COAAoJEBu4nAYCNnRJ+tABAP7T3P1mw5hv3fl/ +F1K8RT9+ohTf/yrSzKahNT75AFKbAQDUv4MCnH6qrBQCD/kvOUcOcvmvjFN6sev9 +5kR/dEPJDokBHAQQAQgABgUCWXeoHgAKCRA6fjL5C7vds051CAClxiDpvmUjgDnH +xm3+cesx8XhxykokxI6Pc7MWSuSvFHBy16PTrtv9ePOfqG3jpfO1ZSYBT89OO2bT +cLPioHTNj+aYivCYRXf4An2ciPdurTDlQmhv5z8bC2NztCMSgVRN8j+ZWPZh/jv3 +LSIRdxjk563NL4vdq8U6Meezz5UVfaSm4G8N4oNNDZwK7UVoIYHlyjuPdW6RtBqT +rNggs99QwFfRDWYYRoIZvC1qbOGepzPZhluDMmknkvVctV5aheqtPPSGhS4C98i/ +PV8r6j2+usNKHABpabC4pU3JKBWNK0mR/VidF9zNtqtCyIewtxv7E5Avqq+MzuPx +gcxl4cEXiQEcBBABCAAGBQJZpYy/AAoJEC20u+/5mSLkoEcH/2PFU/80HepTS6o8 +RJRmEyBQp+1aGv3gt5MYkUEYTeTLW73qEqt0n4XXeCxnOrmFdhjf6PCK4yp+gk3K +lmZ7b+ELxqMTF/7IpnlVUztio7NCsJStnJMaLiFPpa5AmZYn8xmsgvsrXiVerkvd +F7txY7T8Cus6BXTn1Sp1av/c86zeU+Ibe9ZkGY/+Wns6TxOAplwHcG4uLXj2oxz9 +ry8r7Tgg/qB8Vo77c/+wS4hkiP4SyAwRVPHhzipN5eBlFwyW01lqESBYIhqD2z8v +jPRTBwe0xyKa/KpeibD8KLf6fPMWGjQASLe6yRZTDAFOBAnatECtRp5SyWzbUfK7 +oO87wQ2JARwEEAEIAAYFAlqc7RwACgkQ17bfzgpEGOVeEwf9GacB2u9Cl/weGXgO +L9abfQpyQsVf+xnZHnpcqfqXc4ES7ucJyObJ4Le+UOOkDgmWJ71w/v+dl10nQCG+ +DRoMQlMe0PQdxEYG3lAvWnfrxqVXz41nyqQmSOTfn/GMAe8EbCIuy2rqXYTLOStq +xAAnfwHzo8l0tV+uwUvP8Q/2fEwoWJsNoiVQkVoKmeeLH/QAdh1JmO1StNMO8N3I +76qiUffkTbdAnBZmeruO9DGpgyoAfRins7SJGRHth6ikGuuYc6dHa3PA10IGc+Ad +YoxPy4J443DiHhEmsBF95wJowJCDAspmhhDOpnPShvfGcU6O8x2Vez+EbnsSrTTQ +XQ/TdYkBHAQSAQgABgUCWZqAkQAKCRAjRRsQeqA5Qc0tB/9gG3MLp3yTuqkJ3JgX +ZEgdJn5VY9U8fVAmG8lqbr8e9fM2ZDIbWg99w1T/KW/kBOxhlSt/YNQk+SU2x61u +rRQFwKleJsHlaVRUc6eoAhiHzOwf1I6RT6pn31dhqhNpx2tvJtOLmKZkB53tkA3d +OVbZaU3KaGVYzW2iMlT1aJOwTy7RMFO+pLxmIWqczNeAcu1zersa4nkIQI4F3snY +I5WZwyuBeIWRK1YPvJqUm1IxKvigfmozos9+y72b6yjFcRllDKIt0eb9JnZ30TPm +3nHBzXlLgNVvuQ0oN3s8waVgXnNSIUsbvOkWIsOz5r9Czt9c6cPFhPY6GCIUrvZ8 +T//BiQEzBBABCAAdFiEEVQXkUwUfTo/Nvb03sUAmce0N+90FAlnW1ssACgkQsUAm +ce0N+93lzgf+Nh+LSw3YHfwOBb/M/cvWB+2z42tDxLgfDri7rBKCprFW10pX5z6B +X7aWvvG/o24McC6d15FTEpLw06tnIDWe52fUTI1HZkGtfl6c5W2Iz2ov5UXLjzfG ++wN7Ep1xUEjC8sgST7+pOLz0QJ1Ac5GnMNnDAztqL+P5UOlAHAI1DaR5XLk7AVYA +AJ9D+5I76oDfaIABn+ZMWzIoDgKcpX3hlgFrow66GHZZJI/1lxB+8KNTY21fIYoN +T52rT1RaLpNL1CqT7QkTs0Sy0HiFTeLfM8xRkMxML5e68nF13x4PR8LABXmZp2EC +M5Selr2p0uJQFCtjHX0ARp3IxdUry32LUokBMwQQAQgAHRYhBIIXWIefkIahtKRX +o23OmZIpa7SiBQJaREaZAAoJEG3OmZIpa7SiSrUH/R2PYGiE+0SWTiYTgziSbX2T +TsV5M+9N5bJk+ApyjxmvrOrRUeI7MSxwlLBgr3fVc02za+Bdv9ZcwqvaW1b3W1vB +vHO8AxNId9HVY1g+HZYirmSo/RLy4S7Rq29Q4cd+kaUrl5ElynDVdNKkkAvfGySv +DiUD6QgsojSjHZuUVjTJAIGaV8jOiJwfc3v87e9+0V5mng613wv6ObgDSVc66X0b +GmUJSUq2rqfAE06SqLQ/Dtm4UpJuBA7QdFbQewHVJtw38haK47qPPyp7FV64y/K5 +4W+ZPyZ6qb0q93uMeRp0Be82M4tKYG0+VW40eeYsNwRRs48XUBtmwj5eDg48hJyJ +ATMEEAEIAB0WIQSWaLi1rt+ia7Hj4S/ruxlddiv0cgUCWmy76wAKCRDruxlddiv0 +cnXOB/9djGvR1v3PK76yvbtiqG8nZnfVmu8em3sne1LIA5oHUYtqsWCHUrpEY5Lm +lqUDVD5EUir/EAZDy9Muf3PPMrWzg1NPZK4wuO3N62aU3ZgG/aaBJXuLHHA6rYjt +PUt2unuIIEmLgzKst6AY8hJuov3C6l07WzE2guvTC8jvZtsJGikgVnEpgIyN6sY2 +QrxxJJbWaM+4bomZh/tFMaczupv98cRZzFv3JlCuNCG4TPUgNI5q7vxRGr2FnVqV +TJ7ZR5AsIakBvAo2pzxE9M5q3ukyYpgMFG5LcUwNO/nRoHXCTh2HEEYPf3VGKbHM +raDswhlBL/J45Aqp3uh8tT+Jw4MEiQEzBBABCAAdFiEEp2KtXeBBcXlrRORD2yVH +L6i/yo0FAlpLhN8ACgkQ2yVHL6i/yo10Lgf+JehUT4dgsR/8+J4pM9EdQYBXH1SV +aRzFsV/moLGiFfJEkM4aBe99gVDWY7ddfljLx/s3VbyiWCX0DuPojCkTGnaXoYgP +EmXrXmjftihPz8hHUXrKkMESGHQYDBtgds7cLEx8M8Zg8BK5zwbMWug+y9JJV24q +HMttVCLYbWarHS7VCj8wrIUmLzZeQgi9T0U+D3jv007m4T2E40/UpclAe+nexDb0 +/ehbFKbkVVafIRq8mRcxuoNUChG6RvhD1rV4W904DqdEO+eIgDOMO6GRuaSav9Nu +dG6wd8hlk/TFipTX9XUxhanrjGXmm2o0YjQ4vjwqvjy92rcxhTaX/oe5IokBOQQT +AQgAIxYhBG9AVoIRUvA7ayTy/PhIn4Odc2fzBQJalK8lBYMHhh+AAAoJEPhIn4Od +c2fzLbwIAKRAjVowy/tiaBhO52PgKEjDAgq5sCOUiohptA5IIONt8heIIl3YRf8m +IRIwGUZGyTCf34lIYsMIhAuVizGxnbREZXeC1D5BWuvQ6PQEMRnTWttt2htaNZVX +uJh8CJjFY5bYQP0Gqdqg39HZgYnuPTdMN7x3yUzUbPKcRoh77gUjyzOroqS0kGmo +R0u0tHL+kCEKCHafsDqsXHz023yxlMuYdK+RPnsjBNXi2ygoU/DEpa1f+5E6ypDM +103Fiebaal2OI2dCdVTXHbOZFMjiApQYWa8iL2R8/og++JLzf7V28pLjpd1ildCm +nccCcHQMMVq9rq4v5Pbjj0wxGmBwlEKJAZwEEAEKAAYFAlnluYYACgkQ/a4lZvPw +GAdB7wv+LZrFo7356w6ui8U3a7/KJhlaX1/Kn/7mUMjrI52uprs65DHLSJzrt3Iq +B7uAmdhpsAyzJaSbRz0f7oKziZ/gFZvLw3Xofo9rMuj0ecZFpULCugZ/s2tWSXYZ +cFcQZA4tz24ZREIm7f+SEGMMfAI4jymBnxNJKahxvC3wdPCKD3ts0oK9YOzm6Wno +yZLLwFAa1QUQ+/SbgqsO3I4/wn3BU2EvFihDtW1w1wIiNUZ3S940WCFHdMPeFg3i +tzLa9vat/+pSyA/fc5CufWeX7Hv9ie6jXofWzir1cFoQGB2YdBNCb6AwuABnMzKV +xLPQsTwksQ4twDBUifqDLUk85O7Y5ae49600SKRBb/qqERTQKTw+5QSG1RLdMHPr +F0qUFDJ9U1mrKMZYmK8iCKx6W6BJsvV5Tsjz3YL2ZV881Bn0LIzL2CBZLmLqgao3 +GI2nFsrPICfj0u7o7apK75chVXo/LNSbKpqsx5NXMQq8NvVd09HKK50oUohL3e2q +YFDt0evEiQIcBBABCAAGBQJYo5AJAAoJEFfbnathO42hX+MP/3fk8drYuZlhI/+2 +coIpZqsEfMNclGQGQXjF5EheDRHhpCJ7dmywQwx6BIkaTO6Zj1KuLihCZpteOXC5 +3zdkUnMXnzgMRjdjYQCkx0Wze0CAMu6F+xVbxMnTmcxWEWAy3QtHyokoNQSRuPpG +mp9fEtqFi3wEPYBB/Cg/M2xe2vaJHjORklJCLOlnTY1N2DNWxolyGz0FqhyNcP+h +qa2j2ykQgxP7XehYyJ6UMu3kJeBltBz3pC3Vp6y8meSjsEwGg15CFarHuG8Itnv+ +DlmS2RjNxuWgpDGeWlHoZYuHwCEW46oX4dZcbSGULJyJqxyCBKd3Jv+A4IaCCGqq +pidk54Kf7i31astrjRZDNXQIa1tVO02y2vg5omB/V+f9HLXe+R9WUKBIysChjaoM +P0au+a8UgbxUi1PX77h+1hteFl3QsHRa6F1w44XdYPj3OKr6/VvMiYwY34vzSNbO +dIloU16Abe6ylsL2IcvyxQKPZXhKPkc1OvroFGjmjzlOxfdR8C07rdBq4vay3rbo +6TZ+fWR5OM6/jHMO1AvF+e6Fu3VumSNfRtEljz4cmlPXqXH7ppTEqiNa/+uiYuCy +ddU3ezb9iVE46P0lRqK9iFMwAbDY2/bP33yxb0nj40QyS3tiPJdULOm7m4xj0B2T +NlcUMPJgOTI0xQw3fm5OABFNG4aRiQIcBBABCAAGBQJZl1x/AAoJEGzo53jf9lJ3 +/P0QAJ6tKU2y2zAZ6SCKnTHlJXUtTSsSHN4m4X1lzlKJj8a5+TG1l8ucAG3q76BX ++tOriTQXUY6tsOIS69aI2BrkiEoSEsUb0DEZgjL4Nulql+/sSmyc4EB58BQLQG9Z +hXdWtkaatyOSiMwsoQvwjfVvpzzDTfEK8AujRKNYiZ7zDp//juI8zioYSubuNzNQ +JOUOr5/+9CUeyRMW88zqXesc+PTkB264DBpNGTXpshgYe38IMGsqhYxu5iW88SCb +1f6Adi6ZDBfhg7OrJXqs9w8IgSauSD2uaAWXwQHDyxm/KmCs/crywzxvY3WkMdzY +VoWO/jptY0YdgQkToef7b/MFILSQUgjpUbCKn1BEFVEy/12sb7hWx2r9C12jooue +Cg+APvKWe7jKAVDvXtC5Vx0xc6fEPY53wnVSgSfhf1uBHHoZeBLgWTr+lQjrKLI1 +v3uu2vGDwKk3octTh665Dc94tYO5o7uXIRvCetq4TlcBnRDyESMh1SQW06RZdGtP +AY/LKfASYGZggTUBo5KIKGf4MhbwinDuldiRvjC4eASkDncwE68Cggq4cvE1vDvL +dC9IfVexcayJHcm6yc75gOdkq4YxgUUL1C7pB5MnawQoI+4LQcmwMPdiIOcnBFX7 +ICTUc0/LIIr22yteSG4E8DBRzJpdGV4AS2OySyuzRva6Pk/liQIcBBABCAAGBQJa +BU8SAAoJEMsRIiOnlU8G6psQAKQRrLKzj4eI80vVV0vaV5xETUZQ0pTsek2hJN2E +3C/qCYKWocD6a+JJWHlalFtirdgo1jh9AjFSBWHXJ1R8EeLbQRhH4vGkMKZgmyJa +/3NKqjWO4+jMR1tCZqdWT+qIIzu2tB5c2cYDgNo0r62179axcYhYX+xkXzCdw82F +Z8BISkczmP7qlvgxgx3vt7Sbm6hgOo/jdpHNIk3sMNMLmIkKc1RRqZJqAaeVZT/j +CNVr80uafW7bDmWbVJG2db1h7ArnGTj+Zdkte6KiajVTpxYQNq6TdXcj5PTpf0NZ +yAOEhWO7EDUXODxu6TggXETThdSSF5lLp4WbW3Xj7+MxNhNoGfBigwQRxN7KlyuJ +Z9qusQkwCrButK4cQ0qfnO0jUbK/Rz5IjYCTW14gpHlD7v76/mIoE6NbPL6jFSri +1PUffyyRmLmURJ4DVUx/ywMNCkNb+0sgJmltoNQJ+ABHJ1ar89i8Z+BSWHlgio4d +IYZyB4xrQ5H19z44Na7gedXxWx+Ba5h2nzHtzMEEpEmbgs79Tzy9U2kRIDV7CL95 +ttDmvcBskGFruUsgEEqvwI/NBHh7QN6VpsR1Lz6GuF/LKP2JCrZ4QEd+vhvwr2oU +BghBO2Qqo6vjpy02K1WYinUpdxoyeFkovXpR6BD3Y7tQFeVQP7CleVJICCeZeqyS +lOW3iQIzBBABCAAdFiEEM9fTErlUMy8TGMhG2vXIZQnVyJgFAlqrP0oACgkQ2vXI +ZQnVyJiWRxAAvqqyzPQlgKQX10hGqmG3xouYbigUrPXp/Px8GD12ISX+3tQbCueI +DxOmp9vzM4gKmZ6Qwdi23154hw6DmOOtSTgpTLVrb9F+Htyv5QSkcXMM3fb4TcEP +NeQlmqueZMYJelbwz+Euas7i6J3ZIFaGwPwu3x5QMvINYzj0X+wIKTwlxa65Cgmp +MDI0wkZYkk25dda081xry3nz3UlVnE+YMQqOewGWWbmhVObEOAVlnC+M5fzQXdgt +hx0mdrfYpsna/qkoAuwqB2l/v1zXWXZ9tqDOA1k4gx37Kaekgp1Rkijki8pOeKni +cfALgejLU5eTBdGuzWjpjYfMJEYy0UOiz9mWcytm7d7UKFmeI3GdsKJ2pB8K7AmZ +krFC0zKMOo8e0V0ZwnCVts+BEvaQjsuhac+lplHLn2jDwzundy6ZPtEHP1X0Uqdp +lrAUMVj7yCoUBG8ylvPzS688iBhNa0Mo5gghjxKs0BPxvDu6vtl401YiW92exk1+ +V0XUDrO2V8uZN5PkLZs/9DmVj2OwM+sXPDI7puWytADCiWE7+c55GB5KDG9AllhW +PwMIDHAL3sZe3leNdFKw64efUDyMJhiqVjrhaDfg4W9p6I/rtF20u+7f8KTs+pnM +tGJ3Fn1xTDiEKJ2H3ql0QLsJM0SNLj539Ouq71u3qCCJ/j9IJLZw7NOJAjMEEAEI +AB0WIQRMPD6e3S2TZSduUuoN/Vzk05JP/QUCWpyVMAAKCRAN/Vzk05JP/VCcD/wK +pl8H1ejxjD4Y9Z2s5vJRPS2fxXtdtMWqegP9k9K/33/WqEXXspFB7kQk36TSLJu6 +FT+Y7PaQUQY2GWcvsmZdQRX2jy3SYIWuuQBoFudTSNMcZBwE98LKaSSkGI9p68M9 +Cx7ym5EYfNj5vp6wYCdOggk95I4v8tAy+2a97FAWea2TBqNOq2Yt4Du4J6hSlIfU +aqUKH4sQ0F8oU+dGBsMxWW7EJP2rCSyQfiv1CHgRT9hnDSTXvRpWH/VkojY7d/2k +P6ga5GN3hwi5db2rFY2wF/ZN4QFprqSpc6aRbibrGiS61aL/25JCz01Od72mwz2E +3njK44uHSZoQamkcO9qqq1+6QrYsFegHQHEnOw5PGpGNGqs5HIfxaptwOYSLeuQL +6TAPaYqpuwHc4FXdz1y1ZtnWXfaaAOQ+mYaasZvrPpfoEDojS3DgP7Wg+2wjtNJA +k5xtO+bf9+7b/dhQ/rTsDCx4I7p96XAXBqDmFBlLcsDgEufGOii3EkpxjW6Xyuw/ +SnlQ4SpBorUoujLRCj3rRL3MyMXTxxGydxUbEjTbmnPO7rN2XY4L9gcStgo4t1Sc +jT+Hsd9rPnvd9v10+UvflEIhYnlREGFYnJodk2R9DKMIBEBVK9+Oln0tH4Q6bzXG +eHDopsKvEiZ1n59Xa9lqsfzqONiGATneIiRlsmzRnIkCMwQQAQgAHRYhBJ7tSGmo +2iHzohr6Kc4eHKDusIDrBQJapS1mAAoJEM4eHKDusIDrL/wP/ihBvSKDk53liF3m +yN6DLCWpCSTBjP30jxneWkQJv8Edf+jVxVOOp9XgONpksjx3mb7EbgHqWFmzu0zV +UfXgHdKizSXZTTUuhTy6f2bcfzX0/LlRYJuY0hyG/3gNhIgWubaGPANU2RxHFpoc +t+0STw5XBBm7Z5hIh5OeuH9LwzGR+vU5U9OI6NPzhMDgA7K3CSqZCcqara1BkNJG +48Dj0E5aYMAdmcFroo83Q8Asxpb/Dbe7+gswuGsDxbShFxpLFqXe7LT2LP1aMrGl +zd2IQtQ8M77wimKMZDF1KFZm5jAOmmdts7C2KTEAXOYi/OXMxj/eCN8rJQ7SpI2O +FHusWrL66jMcUIYHIVuyaOHFs8QBqaWC7+I2GbK5DVO2M3i/m8/QFemvqsgmZZbX +oH55O6c/TKrV+bI6cG1yOxNdmzW7mfRNuNwh88nV2pWNT1vV8ZaPT/KtgbaDop7H +coTl1VD9QvE9m3LFyCoffou1eFM+YlEdDg1eN4DR77w+pO76zb5yjgjn1zW0d61K +VRpSGwJv1TM7ttEgAXWxve1VAtCBD7jJXufa7wuBf8WC648Q9rqI9lWwdomWtbu1 +kC8SLobRxDngjRHt/Y677V7i1uH0CWOisP6t22uYvf+eA+bh19rWBiJAInCuXwQa +BV6qzcOANjgAjsM9XSMYxttIiclMiQIzBBABCAAdFiEEzDhU424zJSWRT79Mt4Wy +9/ObCB0FAlpjfVEACgkQt4Wy9/ObCB3EmQ//ZJdjAgCO9UN1jCzHxc2MNqO+hm8y +lUoadobcgNFDXI7xgOTY88f99iv6PE8WDOcU2rPngqtjC9xgTzJMQNAWYXekF6xj +gxpjN/Vx9osMmjHysO1sqCBr97Db8GkJlxuRsO/5ikumAwxQMryWDRi19mhVut2Q +8ehuLYoT7PDtgUQmHHLLV0VeqRRz+zg+uzV/uMeK4q9c9ent1arkaWKHtyGMdEhv +3jfDhKjCkevjj2NFK8LwYgI0BciSaORwkPkxsrgFb0PP1E9AL2T30Y2e2Dm+/Bvs +OiluUi04fIfQ0iAyH5wryvWuHcgfkijPQ8o/erxrk63glZYoL3b2KWKfzuPrc2F4 +926R6lHXXNTc2Dq32jBbvLZcOaZlxtnfDVA5OyosUsPnh1PxDbUYVvwQ3DG90M1e +he5tBUz28HPC0QDHqVuRdAhKrihZloZRXlL64wOB2FVwnHGHDQwm3zSxb1IjpdsP +pJE7AkTOuileWjm9+hbpYrFcfsNeCUqTSOFjFml2nZryQMbYwaWHnYr1h/01MkQx +5JCOuScQjxZbJBErIvs4ZMw6bSx9BW6JBYRg8HfoQ+PSGoLtqNDZ4wefUSOBHEtf +JgpdGjp7rXREzAeuXYTo6U9tvhFYEvtvaGvz0u9rPMG0LF/MJZEKRBrsFOGUQowM +EDcUmvmCXJkNJTaJAjMEEwEIAB0WIQTFm5JsvLuu0WF2I64e3w25nYt6hAUCWrGO +OgAKCRAe3w25nYt6hGDSD/4p5gJWdiKLGA8U5Tj+qIVbn4RCIRJRZFtRrXwwtcM5 +N6RWWqVeTqpWFbpyOdVsvvolIjPtv85SFNREzOSQ/J5HVRAwbmgun6hleaWrFoJA +YlglWLiWt+gx7ARhUHgao20QOIknk+gI6LIbMbU+hxRtK4szaDrJVQjvZ0laEkqy +tlJKL4PVXJsHJ8JrZlxAr6q6E/8JoYmxVx0X6L615ORpLVK1G3SkAd4/hjEMsl7v +mcHqniDFQfoCn6rt4NrvDgWnyVQwmUPkz+YSN7DIkXjrs82spV7qccRRJK0zijWD +sJ5XaXXdybKOHbAwXJ0I625bf5vM1swJz9FlllBlkor9+1NrZCJAIWB/pnYL8BMi +C3mfjzGbZe1MdDCdIpPbN0C2xNKMonVyr9znAQQI1jlh2WUkEOlm/Z6ksTOooQIx +5Auw0Fra93e+cqapvyxSiODotpIClj1xuaJX8+2ZI8n7Us4DxVjWaUNeou9vrDjq +RGNNeOSzw216RAuUJRiaykIC6nR51wSJU+NjPvcpzkKmkj2flQeygTsOdlwIcBW9 +fMpDD4PDiGVDgxS6bzENDwILw+1iLZZy6evaotQoiPPucb6t3VImw6uEjozmMn8f +rKjfW6TT70NrWX5GHxj0UAC+fsxtm/p+Qbopes+SsfIVRDwypgwnFQ2s/eF8V5CG +f4kCMwQTAQgAHRYhBPFNpZ21ZX1vSx6MHSPyK/O8drqJBQJasY9SAAoJECPyK/O8 +drqJ1u0P/irt0WUhKBHcYuGV8bp1QipW7uigU7EqpF2uV0duc2+PwY6c/CTFGzKc +o7RXdN5qm9IbDW5E4c+gmRSp3MIruvtt8GMHvGX7WxqiJWHT+4sjJL94ykr/1AOZ +dbiJ956gEZ8G6I8cyn0HwfQXxiLCK2GVipIe90Ymo/F9Zc0lY9BEvpDvTJb1jlGm +d9Ch5QO6xpsptzMXBxMAdzSTkLLuwJpgxAyV4xK313DICq1qt6l3Jh3ISl2ZH8Qk ++HZN5NMJKKq3tq9AtIxldBT4id1gPy/koE51bqNx9v/3CAR76y3uBksi+eOEAKle +EpSnVsGkbUi6thAgThdaP4ege4ZbWRwpnF396Rq/upXSWzAEGgQVO2dFnEGTFWcG +JXmzkScbCcd0azUkfQBXbN6jva85OvfvKYNTFr8yDrygAmZD33kxedEXkC2e2Ikz +nZU3wBsflEpIwix4GiGI/Nbnv7MdIM7zc4UyUF78l9FihhF3KjuPNnJ8e/lbX7Xw +ubqZzUFXGOdCvVk7niOhXLmGrrEp4Vikyh0VW6r0wfYiUVAVEs6APlOmFbJR1ac2 +rPhYHfrrgPPRziOtYSyS+kdWf9A8F06Tc/N/oZtJau8HOD/YeUpZc93RMeRAjwZX +wXwIxWUp1gNB3Vh2M3aUsgOApQ6qeFa7qjrQ2oMao1a00cc4mxwJiQI7BBMBAgAl +AhsDBQkSzAMAAh4BAheABQJYnMuuBAsJCAcEFQoJCAUWAgMBAAAKCRAS9fe0LysB +5wTcD/4sKLBQffSBtq5gWWTq1YvwZ8QqYaqPJhUgkCaaR2UdeD+iI/3peOuDpo4c +ub9A0i80gzZny77SL9TGk9ydenWrHLpgSXauBuJvSeMILYvbfOIRVCeI8GtkJa+n +nBB0zLcEb7Vy9hX4fzhiVbchmb8/qaqAo1TVTWNjjOkhV7qgX5aEzuKNkZAU5jNo +UEreRnDlM2C5eJAR2KwNkXbnMcFzPtpHVa1ix3pmb9N95qhprxJbbcZ2G56u4Okg +SwQBwyvB+xidQ9O4hD82yJChBZUodEzE424kHnejTv/VPwLwY8Eve3nFVlkrYajR +dCvJRa5bfzQitPXbQH6lq0il3JI5PMGUN5fvmc10zZ6ljyYGaVHonHVFMABjUiZg +PWbK/b6RhlhzN9OGk3TgbYvYtduc4n31SYDEYi9ps9hrBiuIRgjWvv5Z5BcegdLx +LFl7Hu1LO5WRhgTebFPRho8P0UaNty7/v0ZgXw6qi4pRyMVMM7MvfIFkhslJeXGB +cP4CMg6NXngX37GSZPQYALnlBsI+a+AwuEBuXxv6ZorDQw5EJOqHOkXmM5U+OFPf +pklekI0JngwDRTWpZjm/+ooqlo/XgJdX+tPxVHrsyAQF0gxS1EzS4xhAdi8eHYCb +cFT8557iezezs4JWGEx5ZDzlQRgpDz3h9HA4A0Y2VI8dbD4u8okCPwQTAQIAKQUC +WJxdSQIbAwUJEswDAAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEBL197Qv +KwHnpygP/j/PVZo7pLoxb0YlQedALTHKbplbcDFz6JFPYzUWcEERgRld0+1CDp2S +4CjOKn9Xsyxi3/TGjRtHRWITxIDndH4Tcpbn/NaV5sAX0T9BkyhtVTdPZ9swMdyR +HKtJd+NNadSLgQqtdsLjVrHCJEmKxsUw8Bj1o09IeE8O9i8oI2+5VgHVw85nSklj +N64ZKK/gUZpRgp01A5mGKdUZxx6//6WX+DXJb9jaoWdA+H/PQsmdPCTg8DGu23qx +z4BRejQIUCcZVh/DjZMWo1vbeiw7wgUcQ1JLlShdqQxvD4Rlh3aAKdSm1FQwssfa +ZR7FVBoVoh2L2P7OqE5+Bn0xFr06GYLuyr4+jPpLGZDPpb/9NzPKWleLFEmwryt0 +hgynvXvJxKFfyY6pJZfncSFzaryRIKivXE6ENe2gGQpge5xfff/41LqX1ePJbpEw +mDWxXhdK+7oN/D+qdQWP7PTQ3yVBSIzso9ToSE3+Hk97IsrGmmSmd2UG4dn1i+mJ +A2d89GV/A+LWjn03+uE3pd63mRsPl7zI+c1dmVyDBqckGTAXKuAgqr3OgYPTxN9W +FrjiwiyryLL7dDAWnUGCME0W2GXUlhZUemczmeIUjHztFpGnkJAlnj499ngH+iKx +fg+v1CQSEbGojL/fjM4ae/+TVMMg/BhVdLHTOwpDgZ3GbEHRBFNtuQINBFicXUkB +EACjthQU6l5IgGHrq+Fs6jmpEgz5PKnlRmhs1iJHocuZfyVd56WnKoES2nz7zk3V +A7o3dfqQGkQAVKwOS/i5SffAGYC88VssCG03ZC1RPuuYHRk3IRlPeVsak/R2Aczk +THV6XN2r1m519ACeQ32wRo95z7McE03soPBrrfKeQRlGCYNr72dlyYz0KxVKqTe9 +RS18JauI+n0MBvK6efywl0MANSjyaDZulvB09lfNdmXCl5n1dGyvPKiPbpL4TOnv +9jpjgoX5tu4EdPgN4hpOhMfSoQNB4X1jwciNeD7BRwupkoNZyQYzeBeyGOXXT924 +NhCC8+g8dHMnYfxc52RzP4lxx3kFrtb5FFJw2di6fkFLvGGh41GxaH9IBMZ1Ok/y +AMVI0XzQX/tf+TuG3qN4A+3Xly8FEOVKhVIxHYhq/e80bXi7xOgXDEFxL+fYG1oL +1yhLeO6AOYkgguvysZNb3fdFqz1kj/BRs/Fv72Q2C7x6iwGdC3TNo1a2lceRdREo +7Ml0PPbPQX1mljNpfFpaRgpz7/8+7AJM30yGbqgVAd0ZL0jXhToZMnal8QitZqBN +dwnaP2CRAGAaEn9vMNBcZn4llFbqu9ZaTF21G0GUYPgMhxv20k4ouK4mTysLPpN/ +GuKKhzXwXCB6JFo/Wy4e5onplvBAJvojM5YOEHOl2LrzewARAQABiQIlBBgBAgAP +AhsMBQJYo4tEBQkCAr97AAoJEBL197QvKwHn6loP/iads9T0n0LwHE86w4Bn7LEE +EQ4R/KeSj5W0J43XOeDs+YBdqryTQVZxhCajKvB8rsl2hjQ+T5abVejU7pcYF9lO +ne4Ouu2nemqrnzvBAMzo+xFMWjjVR/4xnEYveYNi00eAifZs0uzNVWeKFFn8e/Ob +ocsssR7orhUXzKtc2WDrnMSd3yN8yFCTB7ehys8QdeGLcD38ieUQ/1VYmqvwIHJP +RgmgHg5tHamZ5UH+csekeMbhKX6fvQivYrmjxl7ouSkLGGiKktsahWpBikNNia64 +UIB0z+wUSI817+IL/eBIrzePC+Y2qDZNXhyhxQ9tFzE9oaJ4Xgfylws3WM8+GyJX +zaLLB6XEWoXKjDgLneewIApjv1/IbrFH3N/KyVDJa3L7ExDBaFqDV5ISpKP4XUXW +BtAogALEYQqWPm+NzVD4BjOePSg8ibRy4vI3MwctRWFne9xyveRIEvrLk3VjfySG +82BNjxzVvuAn09ljwYlMZKFdGbswHnI5rH32GQymYE9/llZnsMclUBjchpnkUNoj +Q8X57ZIC+A0RyZAf68g7EpZbUZqsDjGyNLpzLdY9AkC5Zc2N00L1iImEXDAREhUR +IMVq7+ZCSmTM3tPgTcAjEohJMDb5tic+dBGZjk4jRpeXdEqmIEMsPP4tbsQUrPNF +gNROtCZSOxKkyR09g4LOuQINBFicXe4BEACvzk0n8cJ/dYzRk8tg9vf6SDwEfUNm +mFfgGdVfLKa18IOV3hbx4DLHOO8Ah0oobt6DRmUdlxeTvoFxOpOPwWaQYAcXYoxr +W/j92mB469MVDZjFsNVXSTg4en9rfta/xi1FBd/BlGC+h48ueLExfAh07uWn5uA7 +oMVNWw8Dnx9UFzDmAu7SJ0NcvSVqKMCiLQnESnxtw7x34H5wfI32xjnclHCzDSLs +Ql3ALfaz4dUEQmyvjgQaJkvaTcF1YugLRm5MOCzXpobKZNa5vpGTjCQCyqc9pznP +lQPQovuqB5F2lEybeayZvZZag+PadE7f8LSFj8q9E4SV6E8LrtWnkok9tr7QzvC6 +Ca6IJ0bsc2w7NOaU+vFt4sAXPD/BfIzSYpuRc7vVNIZKpCb9MBz+AKfzAgxmd+gT +EgBPKEFwbE4x8nVcnv2C9vHINxkXJC+AtRPJGNQZ9oZhwPUEGyt4gjXbiEgZjfGm +2F/UQyY6qwpK7KUXnyJGweVlKNH+oVvu/lFYUFAg9txgOaj82ulHth40hFtmPET1 +23ARpNKYF93nvskW6fYszY5+c2/7UmMeRp3jGk8A62w3gdD9KaMPTaB9jjRrPoZF +77Ci/qXO3K5LhWakREwHyDTr0A71Bf3raNr3wKzVuIcXKLKzAe/KVEPCzoLRcYyQ +UeBBxAtuYMF5SQARAQABiF4EEBYIAAYFAlpfoI4ACgkQG7icBgI2dEn60AEA/tPc +/WbDmG/d+X8XUrxFP36iFN//KtLMpqE1PvkAUpsBANS/gwKcfqqsFAIP+S85Rw5y ++a+MU3qx6/3mRH90Q8kOiQREBBgBAgAPBQJYnF3uAhsCBQkCAikAAikJEBL197Qv +KwHnwV0gBBkBAgAGBQJYnF3uAAoJENcq80SMwrA0mnoP/j6/TvaimIH5oPJxNDON +z+W1juqKLZGn/1HNi0A7l6okvFl5syvEucyLo8ZwR/QeM/J68Ar02eiWR1MoMoXZ +L55A1wbTvjE1j7oGpcZjFgGhiv1dTNmV1h3UKcAHyu3an7gD/U7HtUqECVbCxYye +y995RwMoChtuMyYaMEAkRh3NTePdTL24LBHQgomiEAclZKPIrScS5TmuQO4wycui +NS+WHKARWOYuQptMv/E0V5Hwi4cLbJV3pbTw6Rwane4ihwXNjmGc/XJWTYK9aEBZ +5Z7QkvR5Z7kj1UudMYOEXYncsjb0e7ZvCysdD7ZuAI/KuvtrNc1FWNcmW8nfLy6m +f0MDe6WYQIYhmV6/3vj63JS+QWpUEdhZ3WKxmO+xwHLm1qU5M1wvohosz0mtZ54u +etq8B3UFl1j7d0eSgZnHSSoqzX3hdlohz++4BZ8goO6PV871rKp4u105vhxg6vhP +0TBWHXks2CdMC/5Fmr6W0pHQjeBQUOBwHN4cqbEhxt1bomp+JMpCdIubg7YHXi8S +ZrYEPT6TWUnEqzAtZRgXRN+nEQrwEd8MH+58w9Rdb6E33uTDMe5OyFXcn7NQI546 +65v4ZUoRYn5fIUNlCMoTTPm0P2Hh7y9To6Q05iL8bnpSXD5jPfoPoBq1fA2MPmT6 +xQzk3xD4Eaj83tetPCUKdT+xbswP/2Xeoiwy+xJlZcd7CbO+ekpIlH0tWI/b02zU +VT/xl/g+66h0C/70R0JXOK8aqUCH/09Y4Wp6lwfjQiBsFePcTtTg7A5Embiaoz1M +lvAaarJEf5fjl2wmtOKAskQa4jLVhVFENLqrmoHb7XuHRKOoAuJe93M/HplJwemz +igqv0Mb7Y6EEmv1bFq7Nw8SKMEDgk5PXlvWDpKcIa0kp5LLpmEtFflUOTaYGHrEe +6B9+ne0oeUTRJPe7/U/jkHIw7T1wQ9nw+Xu58KPlFdKcdMvqQM83+hsIdtA/4JyC +aGzgIBZebv5dyxmmGZ1Ly+MSGilTR8Y5XV/AZh6LNfu8QtIuSR9CHTaAhxlxfAZp +E8+7fQsLhEmXhaernLL07S3y7CVu9xOVdcuMlixNgWrnKY9/lhcEAVTN9df19phj +ExehTu5+VIgROdnZsu/JEhMn6TcHUyeDW6YmWnkRbrFhPSd81T/gCl5cgDY4pfxe +8ZIG6it9gqw+ji3fwI8qEkHqgbhZNCiBFp4/BXEZ0mQk8tFeYqsf4Lgb8vYB8hh7 +N/cUR+Gpsm5p/8B1/b1C3SiWPWI1XY7R+jqUMPuyXPcR+PrSJxwQfjBK1/UNUwno +P5ADWTwA9Gh4FK22sMjR0EL1cujCQ31krMerf0gMFBxeqyj4jd531kwjfCUHHD48 +PmYrvgvBuQINBFqgQNgBEADPqgmj4AdMhHak5YXxljAYuiN6dy5+653LbyWqe+zJ +vOuo54MFXGMwVhHFYYqDakwKBN8GsCF9DGo0jKHqLCDfYJgcTleF9PZQtjn5l80M +dFqG/+8i+TMDh6vpe2Y9vHDu7RCYzd3+RJWUhqjE4ut+lbgqr/pLjOvItk7iUSRw +YArS/Ax4nVRukQVtUvloNKGwECK6nr3PmOeKfJieZwaesbbBAsrtkqQ0QrRBybpX +qJ61nSztqCyqHmmRnUANNWzjmL5ASEwaoJs3yMt7Nj4/IrKd/2P0qBpjnkcnvB3N +HUTysH1j2nciAs7PuOnyP+m8QyDkVK+vAnO8wUcpMOSBxqGk21OapPZYAgIyH8jZ +SdnlThzA6LyI7Kuht+5KgdDGcTHYBVzEKLXEuseokTa+CFvLjZTs+wy6KgNORahk +niKoQITppW0l9/bh2GvNxeQaW5KHzsmGWPX0mNPFZZUEkUOvor4McQAm1u1NOdNS +4VFoQE/m4jYpZYbaQamdY3qK0m7gmPo+VDFB+0/zrBUfWR/PA7zzioIClkOJ/LxN +dDKaH3iPWul0kWu+C5q8xW0U6SBj963MnF+Q0l7fRxS3T7pM6+uKjAHUAoKitdjS +A9wH7ARCYIJKogv+k6B5c7Fkw7eSV/biRV+j5ggN8TrSYpGPljyj0NJi1xWs+A/I +ZwARAQABiQREBBgBAgAPBQJaoEDYAhsCBQkB4TOAAikJEBL197QvKwHnwV0gBBkB +AgAGBQJaoEDYAAoJEPEyscuvExyu+3YP/09D/XesaBhnPs3xMjyTHDDinzJw6XeO +7WySemlSDcIsKhbrRVbSNRubMTjBx/jlS4XfN0R7SgMrLwNz5s8cl4iW01ZliWx/ +/Ie3ryfPUmhnl6mWXUDSx8BPVwyGNH0nijBh0C53DfjVHxd0All+orLmGp7lopgK +rZeO8WBbK/HFwn+PTZKr+/SubJQsmQ55G5ys4bIUVi8wenaI9jNdia05YBXxPN4x +xDqBYIzQ28HnkivH6S6zr7b6S45gia80l7/2CSPuoNwe81nns2pzPigCKs3aFBsM +KBX+kkSRktEjbyDslSGzXChWnwoR1Iv/XlwhQCFRk7K3MLrqsUof8q/jWqBDA+lT +K5j81R9p6oeb7Fnh/8qNYcGvEgHfo+ZV1ihushI9a381vuYq66RNhoBwdZJliwjI +R6Z1UWP2jXhfyAcUhxcryOzdGPbj+LmKrDXGg46wXod5wNAMA0g0JYoXruM2O2tp +gHtCVW/R3RSD07ipubVHAW2RwCC7mhUfrUZP6WMkyhGsNas0zcRPt9v66YXc0Mcp +ilbh3g1hcgb5H55YJyZW9IMVFWZqy3ewbI4DIyLQnrUW/yhhtlloBfEaenEEvnfo +SWyr1o4W90lk3CjjHGqQ7sPG68lwtSxKCdrAR69cb/EtYl5hllqgeok75zOXJX6H +kSDp3gKear1ZZucP/RdIEGmuQETA/7LzZF1gbQx/luWgXUJcmiqDDN0zlN+VrAqj +cmWrkJACDF1gA/p7cA+mC22j1ENJLXWdOi9rNvoJxHP2Zcndc3EH/UkQJzp5KnNv +9gedqAGrzlmaih9uSuH9Pukep5+tMJdJaXq0vPctM8iFdy+9iv8ocikBDGc/miDq +Xg2VDypUCyOqCAlVpAGqrxVXkeSNUceVzaEAQgjC+ehXgDtzHhtkgAtTLPzarufA +cjt2kbLFdbELR8Fefq9jGXoCoWfVQUlxLHIPRh1L+11Y6T9DAMGi94kAxWxUn1oQ +N32UQPrN88CePPrOngZ3gv9CLGbY2Ml/XlT1o6dk209Gauy8dxjraJoXq4WQ+hHv +JSW0qR+n9E/an/apvIbndUCOzqBTzCoIG5LqfEiLEADez7V1YICaofZpL7RW4GoY +PbLJMnfPq6PgHtT5QZVTQO98dZeZwmekMhwB7CTLGROp//Ko/FJ9hqE8pZ+N7Nrd +v+WN/wq9dUjmSHDEbhTTNMJwcRadla7Dhcq4Gvb3lBpoy1o+DbLsEoDuQ3vivEaP +X64eM9LGYkeBID0zv/LWQoYwBh5kqDyfxTLeOhr6VlueGWn2jNEao9e9Sn4psiKc +73lcyOecSPhJ1Y3WJz5pqkU88P3KoFHwuztzxx/997XGEU8vcUQSmSmerv+muQIN +BFqgQQcBEADPVquej+jmKwI7TVFgcsNGjJG92IQr27+1soFTzIvK7KceG603+LzJ +AqUi5gCgz9qNwCV3C83iAPMhwJlJEQiNTJpHHOLw06MgD/A1BJEv+IAgNxGJEPxM +eBmENqzxGJBu27l4F7xfybN7jRRIy1sCyeuO+onaL9Z4ig0YMKYqMJQncA2NjZk2 +3ABB5PSMmUUxJ5ZimuLGhJ6qOUoZGsEKtMk2D3rgD6otng44ATakOHJ8cTJvfhPu +qdJrIUeE6VslR0B61NW5wy2HfmEGyS4ZyBZZGKwxDHYMuBwIDnBf6ed9/8/V8z6R +5J286vQzMy5DDTp9gRhvogDaX9lp+/RWAylFsZtFJquJ0GFyMkl48fA3CQ59HAXj +Ln5//BWH3WJMQu6oJGOm2it3LwasyYT5OlbxbPyxEG3htWB5aN5iFYHKMUoGcFkG +hxMeIOYUvLYk8Esk5v8FH74R3ar5dd39sXdSbq1ZSoFy9A/kYBTQXc/OjnXlhzDc +EbozSPNwfyxzED52ftFG74ZiJbaKZb2cJSsJlcx+KvWLr+2DEC/VBSmYjUTvVtSW +J2xBqomspYcHZvTk2J8T5+LUf7HoXCDMTfLQp4nvcFN5Kz7wfbbrAWmjZ4ppEYzb +RWMY4aiNtcPTrFAwhkfSWc2gGEZgETItbncrdfRzVw4cB3EVDBlThwARAQABiQIl +BBgBAgAPBQJaoEEHAhsMBQkB4TOAAAoJEBL197QvKwHnonEQAIY6nWM/GEp/eEd0 +gmlcUM9Cyv9m5PbARSum0CF3X5pzwbnY1ckg9ZAFUTI2og72o0SKPUgcoUvFFxZW +V/+418ffZP6/zWDC9hOZjkgLM3R3uIVDN8HdjAC/ybf1gTQpEM0PfslsKgqomrXB +8Lw+oqxkK8Uk0Le9zDsaFdZC/tpzGnTQouuo6B9gHTbpwHrtNTkkHqZh6t7+Jh9p +hgVBxVgx6T1qKP4nx0x0qfAyv8dAVmp2uUxVO7tsK5pXwjT01293JKTQxLfyJI1/ +90ydtdsfVJobU8T2Tcin+EIMuaf7PfYb+7cTkCU82Sa/C2e7t8krXYN3Hk3/t7dd +RecJSPmwhOijr5PuuGQerF47ovcH3XyyeWK7fOSqiX7jS3MIK9HaN1il18M2qZWl +TzZQ614FZh/AwJN4uNTO2MdxHXqVSgvmp+QCYNoiyYBl4qE26L72XEVIcXxiMGlX +wWJQI6+P0r+CjhJyY+vNdfaxy4HadD1h13KfsLNZc4+yKsxXerKZmCDIET+wFe1b +PFsRNFfwKLjB+CCDqTpF4l03YlPwZwsghaQ8g+NZfl4qyR8NXospGuv7S7gBpsg6 +Icy08LU4uylmFHmVCPJSYXYtjkYRZMyEy8BEOiwQT2bLmePqqRS1GN5uz6ytX41E +U9coVPCcdBfWUAxoPoOCPH/eNug4 +=00Rq -----END PGP PUBLIC KEY BLOCK----- diff --git a/openvpn.service b/openvpn.service index 496d838..8b94153 100644 --- a/openvpn.service +++ b/openvpn.service @@ -4,10 +4,10 @@ After=network.target PartOf=openvpn.target [Service] -Type=forking +Type=notify PrivateTmp=true PIDFile=/var/run/openvpn/%i.pid -ExecStart=/usr/sbin/openvpn --daemon --askpass --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf +ExecStart=/usr/sbin/openvpn --daemon openvpn@%i --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn [Install] diff --git a/openvpn.spec b/openvpn.spec index 7155212..02f3085 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -162,8 +162,7 @@ export LDFLAGS %configure \ --enable-iproute2 \ --enable-x509-alt-username \ - --enable-password-save \ - --enable-pkcs11 \ + --enable-pkcs11 \ %if %{with_systemd} --enable-systemd \ %endif @@ -208,7 +207,9 @@ rm -rf %{buildroot}%{_datadir}/doc/{OpenVPN,%{name}} find sample -name .gitignore | xargs rm -f %pre +%if %{with_systemd} %service_add_pre %{name}.target +%endif %post %if %{with_systemd} From a1ceeccc0c15c85b94d56120a55316149f5be66e6b3ca5953975252d7d74953f Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 10 Apr 2018 14:41:57 +0000 Subject: [PATCH 3/4] Remove accidentally added openvpn-2.4.4.tar.gz OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=135 --- openvpn-2.4.4.tar.gz | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 openvpn-2.4.4.tar.gz diff --git a/openvpn-2.4.4.tar.gz b/openvpn-2.4.4.tar.gz deleted file mode 100644 index 9c0ac10..0000000 --- a/openvpn-2.4.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1ae883d9522c9fa6d189e5e4aaa058a93edd3d0b897e3c2664107c4785099fc3 -size 1390194 From 01270aa102a0aaa73acc6b65a23911820ffd3980515895e23e76416e20309487 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Fri, 27 Apr 2018 12:35:13 +0000 Subject: [PATCH 4/4] - Update to 2.4.6: * CVE-2018-9336, bsc#1090839: Fix potential double-free() in Interactive Service * Delete the IPv6 route to the "connected" network on tun close * Management: warn about password only when the option is in use * Avoid overflow in wakeup time computation OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=136 --- openvpn-2.4.5.tar.xz | 3 --- openvpn-2.4.5.tar.xz.asc | 16 ---------------- openvpn-2.4.6.tar.xz | 3 +++ openvpn-2.4.6.tar.xz.asc | 16 ++++++++++++++++ openvpn.changes | 10 ++++++++++ openvpn.spec | 4 ++-- 6 files changed, 31 insertions(+), 21 deletions(-) delete mode 100644 openvpn-2.4.5.tar.xz delete mode 100644 openvpn-2.4.5.tar.xz.asc create mode 100644 openvpn-2.4.6.tar.xz create mode 100644 openvpn-2.4.6.tar.xz.asc diff --git a/openvpn-2.4.5.tar.xz b/openvpn-2.4.5.tar.xz deleted file mode 100644 index be42dc9..0000000 --- a/openvpn-2.4.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:43c0a363a332350f620d1cd93bb431e082bedbc93d4fb872f758650d53c1d29e -size 942696 diff --git a/openvpn-2.4.5.tar.xz.asc b/openvpn-2.4.5.tar.xz.asc deleted file mode 100644 index 9a91255..0000000 --- a/openvpn-2.4.5.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE1Ri5vWQ8+U2l7Zlw8TKxy68THK4FAlqyMPsACgkQ8TKxy68T -HK7KxA/+LAIyRraYxL4baacnzfKY9zIkSYF8WT5OiWw/x100C+MmY+nvCG43GLAA -AC9NVTkWYauCyP58IIwOmg/Z+yusCBgCieIuFm6WooLKrQUZS90v8F0+0YQa6Pel -BD1UTB5TBxvDlOfOdl2Kp9L0Sxr1roeNAV6ezFK23WXoYGMzg5gu1MC6Ig8K4w2X -T5S8GH3DqYbMo5ao15f9fgwDC1smZP7+uBPLw4FgLBz5/8RKJ4kVRPxymK189EXg -NSkDDSgNvRT1VrttGGbcYpYBkqxsvepcS+UsYEzKdv3a/hNSbt5it1vI0fd33SyX -okIaHB7z6e+sBM4Hh9ZVe4QG8n/HV5SVyBLKnhDtPk9uarb45oP/YDKvSnc/93K4 -edKOPEuYCOFczsQnsE9bJO82WshRnpiYXSXOSCjCpfwYaGv4uxAsiYDoiHnvfQqS -5BJ1CX8P8flQBGu/DLg7or+s018pMv3tY4FyJ+/0DG6BUcoqOKincHAd0ctXqHMZ -7NPX7XaoDDpKe4r/QFHDXmb1pwGEwuTraIoT0Wr4nNhspuTgbnAeSanLQhf/y0Fi -H3JA5G7RS7Lx533yTTY/AQdfcTMVokFV1Y2jwvxENg8ahp8e5JDVK2DHcFae//+x -wwZSkdFYSFXVOXRqEh7CeDhJt8uhCLr0j/Un8FaJ2a4fs82pOG4= -=jjwg ------END PGP SIGNATURE----- diff --git a/openvpn-2.4.6.tar.xz b/openvpn-2.4.6.tar.xz new file mode 100644 index 0000000..4eb0842 --- /dev/null +++ b/openvpn-2.4.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4f6434fa541cc9e363434ea71a16a62cf2615fb2f16af5b38f43ab5939998c26 +size 943376 diff --git a/openvpn-2.4.6.tar.xz.asc b/openvpn-2.4.6.tar.xz.asc new file mode 100644 index 0000000..48db35e --- /dev/null +++ b/openvpn-2.4.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE1Ri5vWQ8+U2l7Zlw8TKxy68THK4FAlre2XIACgkQ8TKxy68T +HK44BQ//aJOa+mT+BvGqhz3gZCrz3Ez6QumwJcn7Sx/zovxDf9KpNhFzykcwvtEd +cNdorJ0il/WkW819srV6u+665MssiIxm6VFg5WzPz5I+nDO23QfETsSu54PIWQBX +FrI9+6Rec+v4/Y/ktV4FVqUZ/36rnZjX43YYxwijs+tHXROiU9IhIKNmlGVfB7Iy +tysJrqg5wzwhO+CTYTmMKwrb6LLTwcHxyWMqPiPrflIGY6sy41RlmvP90u1zmugx +wIka3oOp7cD70KWMJns68Lc0OkFIz3RO2YW7KhunxdcNzCoHrlCr+HCBLSf8lPbx +yL1sFOVk4ibZxFKzOvtOEJH1wYquI2B5Gd9QQxIeCNUUAvSh3E/0nMZNqJkwlObx +OtxakHSqfskxVrpAz7OT9ARHIZUWVfYv/B+2454VfxRM2Rr+Job6xO2i5ukTKHc7 +AdCyY2lZlI8909MjJ0cc/ZeNyB4+jugUPz4XX8ebUctBP1gdUD6XZ6DDo11n9JpD +lwbc/U1w2dmdGIZ3VrfVr3UiNhB5rxhwlxjSj24pczCjP58FQHKhX5u+3y8/MJ/7 +Efirugzny3ie1xpW7MOsrndjiv+wQD/gwaszA9HSQnJ4M49byOKJJSg+/Y0vR/PN +8oIR7vnEJ5CS0EVaxBJeZifp+gM5L05xdfaGk5WJ9HZDsP4HkUE= +=dY7S +-----END PGP SIGNATURE----- diff --git a/openvpn.changes b/openvpn.changes index 5f95d86..a97758d 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Apr 27 12:25:19 UTC 2018 - max@suse.com + +- Update to 2.4.6: + * CVE-2018-9336, bsc#1090839: Fix potential double-free() in + Interactive Service + * Delete the IPv6 route to the "connected" network on tun close + * Management: warn about password only when the option is in use + * Avoid overflow in wakeup time computation + ------------------------------------------------------------------- Tue Apr 10 14:29:18 UTC 2018 - max@suse.com diff --git a/openvpn.spec b/openvpn.spec index 02f3085..550eb5e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -29,7 +29,7 @@ %define _rundir %{_localstatedir}/run %endif Name: openvpn -Version: 2.4.5 +Version: 2.4.6 Release: 0 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only @@ -213,7 +213,7 @@ find sample -name .gitignore | xargs rm -f %post %if %{with_systemd} -systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||: +%tmpfiles_create %{_tmpfilesdir}/%{name}.conf %service_add_post %{name}.target # try to migrate openvpn.service autostart to openvpn@.service if test ${FIRST_ARG:-$1} -ge 1 -a \