SHA256
1
0
forked from pool/openvpn

Accepting request 351949 from home:namtrac:branches:network:vpn

- Update to version 2.3.10
  * Warn user if their certificate has expired
  * Fix regression in setups without a client certificate

- Update to version 2.3.9
  * Show extra-certs in current parameters.
  * Do not set the buffer size by default but rely on the operation system default.
  * Remove --enable-password-save option
  * Detect config lines that are too long and give a warning/error
  * Log serial number of revoked certificate
  * Avoid partial authentication state when using --disabled in CCD configs
  * Replace unaligned 16bit access to TCP MSS value with bytewise access
  * Fix possible heap overflow on read accessing getaddrinfo() result.
  * Fix isatty() check for good. (obsoletes revert-daemonize.patch)
  * Client-side part for server restart notification
  * Fix privilege drop if first connection attempt fails
  * Support for username-only auth file.
  * Increase control channel packet size for faster handshakes
  * hardening: add insurance to exit on a failed ASSERT()
  * Fix memory leak in auth-pam plugin
  * Fix (potential) memory leak in init_route_list()
  * Fix unintialized variable in plugin_vlog()
  * Add macro to ensure we exit on fatal errors
  * Fix memory leak in add_option() by simplifying get_ipv6_addr
  * openssl: properly check return value of RAND_bytes()
  * Fix rand_bytes return value checking
  * Fix "White space before end tags can break the config parser"

OBS-URL: https://build.opensuse.org/request/show/351949
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=103
This commit is contained in:
Martin Caj 2016-01-06 09:47:33 +00:00 committed by Git OBS Bridge
parent 39b88922eb
commit 06ccbd25ce
7 changed files with 47 additions and 31 deletions

3
openvpn-2.3.10.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f8b0b5b92e35bbca1db1a7e6b49e04639e45634e9accd460459b40b2c99ec8f6
size 1225636

View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlaKY3oACgkQwp2X7RmNIqN7cACbB9fpKL84DyE2OPkjKz5CV5qD
XzEAn2WfGAwaVUHPCUB7TPzsDjHEKMwR
=5cgd
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:532435eff61c14b44a583f27b72f93e7864e96c95fe51134ec0ad4b1b1107c51
size 1214843

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlXA9x0ACgkQwp2X7RmNIqOi7wCfTR3IkWcWiiqmnTXwLxc2R1wa
l4UAnjxpKS6xiaTSBcTwkYNcbqfStIPg
=S4Rx
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Mon Jan 4 17:22:37 UTC 2016 - idonmez@suse.com
- Update to version 2.3.10
* Warn user if their certificate has expired
* Fix regression in setups without a client certificate
-------------------------------------------------------------------
Wed Dec 16 14:30:49 UTC 2015 - idonmez@suse.com
- Update to version 2.3.9
* Show extra-certs in current parameters.
* Do not set the buffer size by default but rely on the operation system default.
* Remove --enable-password-save option
* Detect config lines that are too long and give a warning/error
* Log serial number of revoked certificate
* Avoid partial authentication state when using --disabled in CCD configs
* Replace unaligned 16bit access to TCP MSS value with bytewise access
* Fix possible heap overflow on read accessing getaddrinfo() result.
* Fix isatty() check for good. (obsoletes revert-daemonize.patch)
* Client-side part for server restart notification
* Fix privilege drop if first connection attempt fails
* Support for username-only auth file.
* Increase control channel packet size for faster handshakes
* hardening: add insurance to exit on a failed ASSERT()
* Fix memory leak in auth-pam plugin
* Fix (potential) memory leak in init_route_list()
* Fix unintialized variable in plugin_vlog()
* Add macro to ensure we exit on fatal errors
* Fix memory leak in add_option() by simplifying get_ipv6_addr
* openssl: properly check return value of RAND_bytes()
* Fix rand_bytes return value checking
* Fix "White space before end tags can break the config parser"
-------------------------------------------------------------------
Thu Dec 3 14:07:17 UTC 2015 - mt@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package openvpn
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -32,7 +32,7 @@ Url: http://openvpn.net/
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
Version: 2.3.8
Version: 2.3.10
Release: 0
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@ -52,7 +52,6 @@ Source11: rc%{name}
Patch1: %{name}-2.3-plugin-man.dif
Patch5: %{name}-2.3.0-man-dot.diff
Patch6: %{name}-fips140-2.3.2.patch
Patch7: revert-daemonize.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gpg-offline
BuildRequires: iproute2
@ -138,7 +137,7 @@ This package provides the header file to build external plugins.
%patch1 -p0
%patch5 -p0
%patch6 -p1
%patch7 -p1
sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
-i src/openvpn/options.c
sed -e "s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g" \

View File

@ -1,17 +0,0 @@
Index: openvpn-2.3.8/src/openvpn/misc.c
===================================================================
--- openvpn-2.3.8.orig/src/openvpn/misc.c
+++ openvpn-2.3.8/src/openvpn/misc.c
@@ -1088,12 +1088,6 @@ get_user_pass_cr (struct user_pass *up,
*/
else if (from_stdin)
{
-#ifndef WIN32
- /* did we --daemon'ize before asking for passwords? */
- if ( !isatty(0) && !isatty(2) )
- { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); }
-#endif
-
#ifdef ENABLE_CLIENT_CR
if (auth_challenge && (flags & GET_USER_PASS_DYNAMIC_CHALLENGE))
{