122fb57252
- Drop 0001-preform-deferred-authentication-in-the-background.patch Upstream has meanwhile solved this differently and the two implementations interfere (boo#1193017). - Obsoleted SLE patches up to this point: * openvpn-CVE-2020-15078.patch * openvpn-CVE-2020-11810.patch * openvpn-CVE-2018-7544.patch * openvpn-CVE-2018-9336.patch (bsc#1085803, CVE-2018-7544)
Reinhard Max2021-12-09 14:14:14 +00:00
57f3be6b74
- Drop 0001-preform-deferred-authentication-in-the-background.patch Upstream has meanwhile solved this differently and the two implementations interfere (boo#1193017). - Obsoleted SLE patches up to this point: * openvpn-CVE-2020-15078.patch * openvpn-CVE-2020-11810.patch * openvpn-CVE-2018-7544.patch * openvpn-CVE-2018-9336.patch (bsc#1085803, CVE-2018-7544)
Reinhard Max2021-12-09 14:14:14 +00:00
b9f6a97b59
- Disable 0001-preform-deferred-authentication-in-the-background.patch for testing, because the PAM module now has upstream support for deferred authentication.
Reinhard Max2021-11-26 13:36:45 +00:00
8d1f8ac471
- Disable 0001-preform-deferred-authentication-in-the-background.patch for testing, because the PAM module now has upstream support for deferred authentication.
Reinhard Max2021-11-26 13:36:45 +00:00
1a18403b79
Accepting request 928265 from home:dirkmueller:Factory
Reinhard Max2021-11-25 08:35:25 +00:00
925a8064c0
Accepting request 928265 from home:dirkmueller:Factory
Reinhard Max2021-11-25 08:35:25 +00:00
15b329165b
Accepting request 911848 from network:vpn
Richard Brown
2021-08-16 08:09:00 +00:00
c96cd498b7
Accepting request 911848 from network:vpn
Richard Brown
2021-08-16 08:09:00 +00:00
5126890df2
- Update to 2.5.3: * Removal of BF-CBC support in default configuration *** POSSIBLE INCOMPATIBILITY *** See section "DATA CHANNEL CIPHER NEGOTIATION" in openvpn(8). * Connections setup is now much faster * Support ChaCha20-Poly1305 cipher in the OpenVPN data channel * Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer * Client-specific tls-crypt keys (--tls-crypt-v2) * Improved Data channel cipher negotiation * HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers * Asynchronous (deferred) authentication support for auth-pam plugin * Asynchronous (deferred) support for client-connect scripts and plugins * Support IPv4 configs with /31 netmasks * 802.1q VLAN support on TAP servers * Support IPv6-only tunnels * New option --block-ipv6 to reject all IPv6 packets (ICMPv6) * Support Virtual Routing and Forwarding (VRF) * Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands) * Obsoletes openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch - bsc#1062157: The fix for bsc#934237 causes problems with the crypto self-test of newer openvpn versions. Remove openvpn-2.3.x-fixed-multiple-low-severity-issues.patch .
Reinhard Max2021-08-05 14:32:44 +00:00
4a067f8e3e
- Update to 2.5.3: * Removal of BF-CBC support in default configuration *** POSSIBLE INCOMPATIBILITY *** See section "DATA CHANNEL CIPHER NEGOTIATION" in openvpn(8). * Connections setup is now much faster * Support ChaCha20-Poly1305 cipher in the OpenVPN data channel * Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer * Client-specific tls-crypt keys (--tls-crypt-v2) * Improved Data channel cipher negotiation * HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers * Asynchronous (deferred) authentication support for auth-pam plugin * Asynchronous (deferred) support for client-connect scripts and plugins * Support IPv4 configs with /31 netmasks * 802.1q VLAN support on TAP servers * Support IPv6-only tunnels * New option --block-ipv6 to reject all IPv6 packets (ICMPv6) * Support Virtual Routing and Forwarding (VRF) * Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands) * Obsoletes openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch - bsc#1062157: The fix for bsc#934237 causes problems with the crypto self-test of newer openvpn versions. Remove openvpn-2.3.x-fixed-multiple-low-severity-issues.patch .
Reinhard Max2021-08-05 14:32:44 +00:00
b9c4125b9d
- Clarify in the service file that the reload action doesn't work when dropping root privileges (boo#1142830).
Reinhard Max2019-07-29 08:10:52 +00:00
1aad56035b
- Clarify in the service file that the reload action doesn't work when dropping root privileges (boo#1142830).
Reinhard Max2019-07-29 08:10:52 +00:00
47e69c0aeb
Accepting request 713197 from home:stroeder:branches:network:vpn
Reinhard Max2019-07-22 10:03:44 +00:00
fa952df31c
Accepting request 713197 from home:stroeder:branches:network:vpn
Reinhard Max2019-07-22 10:03:44 +00:00
da2b12d9c6
Accepting request 678070 from home:fbui:branches:network:vpn
Reinhard Max2019-03-04 09:06:34 +00:00
ad94d31456
Accepting request 678070 from home:fbui:branches:network:vpn
Reinhard Max2019-03-04 09:06:34 +00:00
fa93dcb71e
Accepting request 677833 from home:stroeder:branches:network:vpn
Reinhard Max2019-03-03 08:52:07 +00:00
ecdfcb40ba
Accepting request 677833 from home:stroeder:branches:network:vpn
Reinhard Max2019-03-03 08:52:07 +00:00
01270aa102
- Update to 2.4.6: * CVE-2018-9336, bsc#1090839: Fix potential double-free() in Interactive Service * Delete the IPv6 route to the "connected" network on tun close * Management: warn about password only when the option is in use * Avoid overflow in wakeup time computation
Reinhard Max2018-04-27 12:35:13 +00:00
cdcec78c1e
- Update to 2.4.6: * CVE-2018-9336, bsc#1090839: Fix potential double-free() in Interactive Service * Delete the IPv6 route to the "connected" network on tun close * Management: warn about password only when the option is in use * Avoid overflow in wakeup time computation
Reinhard Max2018-04-27 12:35:13 +00:00
283c2a8f8b
- Remove --askpass again, because it was also asking for a password when none was needed. As a workaround for keys that need a password, the "askpass" statement should be added to the config file (bsc#1078026). - Use Type=notify in openvpn.service to reflect what openvpn is actually doing. - Import the new signing key from upstream. - Remove obsolete configure switch --enable-password-save .
Reinhard Max2018-04-10 14:40:39 +00:00
7b31390dca
- Remove --askpass again, because it was also asking for a password when none was needed. As a workaround for keys that need a password, the "askpass" statement should be added to the config file (bsc#1078026). - Use Type=notify in openvpn.service to reflect what openvpn is actually doing. - Import the new signing key from upstream. - Remove obsolete configure switch --enable-password-save .
Reinhard Max2018-04-10 14:40:39 +00:00
42c7e8bef4
Accepting request 586118 from home:avindra
Reinhard Max2018-04-10 14:14:26 +00:00
ff41cae7c4
Accepting request 586118 from home:avindra
Reinhard Max2018-04-10 14:14:26 +00:00
f33ffa2f73
- Add --askpass to ExecStart, so that the user name and password are correctly being queried from the user. (bsc#1078026, boo#985798, boo#1031748) - Use %service_add/del macros throughout (bsc#1038406).
Reinhard Max2018-02-13 18:21:21 +00:00
8df9abed73
- Add --askpass to ExecStart, so that the user name and password are correctly being queried from the user. (bsc#1078026, boo#985798, boo#1031748) - Use %service_add/del macros throughout (bsc#1038406).
Reinhard Max2018-02-13 18:21:21 +00:00
Reinhard Max
Dominique Leuenberger
Richard Brown
OBS User buildservice-autocommit
Nirmoy Das