From 3d06f177270aacdcf8606d1a4c6127fa0b3d080f059213bfbdad7769be6c0038 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Thu, 25 Jun 2015 11:58:40 +0000 Subject: [PATCH] Accepting request 313671 from home:namtrac:bugfix - Update to version 2.3.7 * down-root plugin: Replaced system() calls with execve() * sockets: Remove the limitation of --tcp-nodelay to be server-only * pkcs11: Load p11-kit-proxy.so module by default * New approach to handle peer-id related changes to link-mtu * Fix incorrect use of get_ipv6_addr() for iroute options * Print helpful error message on --mktun/--rmtun if not available * Explain effect of --topology subnet on --ifconfig * Add note about file permissions and --crl-verify to manpage * Repair --dev null breakage caused by db950be85d37 * Correct note about DNS randomization in openvpn.8 * Disallow usage of --server-poll-timeout in --secret key mode * Slightly enhance documentation about --cipher * On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo() * Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo() * Fix --redirect-private in --dev tap mode * Updated manpage for --rport and --lport * Properly escape dashes on the man-page * Improve documentation in --script-security section of the man-page * Really fix '--cipher none' regression * Set tls-version-max to 1.1 if cryptoapicert is used * Account for peer-id in frame size calculation * Disable SSL compression * Fix frame size calculation for non-CBC modes. * Allow for CN/username of 64 characters (fixes off-by-one) * Re-enable TLS version negotiation by default * Remove size limit for files inlined in config * Improve --tls-cipher and --show-tls man page description * Re-read auth-user-pass file on (re)connect if required * Clarify --capath option in manpage OBS-URL: https://build.opensuse.org/request/show/313671 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=92 --- openvpn-2.3.6.tar.gz | 3 --- openvpn-2.3.6.tar.gz.asc | 7 ------- openvpn-2.3.7.tar.gz | 3 +++ openvpn-2.3.7.tar.gz.asc | 7 +++++++ openvpn.changes | 35 +++++++++++++++++++++++++++++++++++ openvpn.spec | 2 +- 6 files changed, 46 insertions(+), 11 deletions(-) delete mode 100644 openvpn-2.3.6.tar.gz delete mode 100644 openvpn-2.3.6.tar.gz.asc create mode 100644 openvpn-2.3.7.tar.gz create mode 100644 openvpn-2.3.7.tar.gz.asc diff --git a/openvpn-2.3.6.tar.gz b/openvpn-2.3.6.tar.gz deleted file mode 100644 index c4bd872..0000000 --- a/openvpn-2.3.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7baed2ff39c12e1a1a289ec0b46fcc49ff094ca58b8d8d5f29b36ac649ee5b26 -size 1213272 diff --git a/openvpn-2.3.6.tar.gz.asc b/openvpn-2.3.6.tar.gz.asc deleted file mode 100644 index 124358e..0000000 --- a/openvpn-2.3.6.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlR8NIAACgkQwp2X7RmNIqOgMgCg4LWcWBiy+dr/Dp0COmB4a3yf -JZUAnRiDBUUFJEk5j63sIaMMc+5Waqqk -=DC+g ------END PGP SIGNATURE----- diff --git a/openvpn-2.3.7.tar.gz b/openvpn-2.3.7.tar.gz new file mode 100644 index 0000000..509e870 --- /dev/null +++ b/openvpn-2.3.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1f02a4cd6aeb6250ca9311560875b10ce8957a3c9101a8005bd1e17e5b03146e +size 1199706 diff --git a/openvpn-2.3.7.tar.gz.asc b/openvpn-2.3.7.tar.gz.asc new file mode 100644 index 0000000..ef629d3 --- /dev/null +++ b/openvpn-2.3.7.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlV1NhIACgkQwp2X7RmNIqM+8ACeKAjKw7db3ksLCwk8I+fl3kMp +l8AAoJU8e9oHJCa8GwBfU7knOAgOSs4U +=ViDt +-----END PGP SIGNATURE----- diff --git a/openvpn.changes b/openvpn.changes index fdeca40..628d445 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Tue Jun 9 15:51:06 UTC 2015 - idonmez@suse.com + +- Update to version 2.3.7 + * down-root plugin: Replaced system() calls with execve() + * sockets: Remove the limitation of --tcp-nodelay to be server-only + * pkcs11: Load p11-kit-proxy.so module by default + * New approach to handle peer-id related changes to link-mtu + * Fix incorrect use of get_ipv6_addr() for iroute options + * Print helpful error message on --mktun/--rmtun if not available + * Explain effect of --topology subnet on --ifconfig + * Add note about file permissions and --crl-verify to manpage + * Repair --dev null breakage caused by db950be85d37 + * Correct note about DNS randomization in openvpn.8 + * Disallow usage of --server-poll-timeout in --secret key mode + * Slightly enhance documentation about --cipher + * On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo() + * Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo() + * Fix --redirect-private in --dev tap mode + * Updated manpage for --rport and --lport + * Properly escape dashes on the man-page + * Improve documentation in --script-security section of the man-page + * Really fix '--cipher none' regression + * Set tls-version-max to 1.1 if cryptoapicert is used + * Account for peer-id in frame size calculation + * Disable SSL compression + * Fix frame size calculation for non-CBC modes. + * Allow for CN/username of 64 characters (fixes off-by-one) + * Re-enable TLS version negotiation by default + * Remove size limit for files inlined in config + * Improve --tls-cipher and --show-tls man page description + * Re-read auth-user-pass file on (re)connect if required + * Clarify --capath option in manpage + * Call daemon() before initializing crypto library + ------------------------------------------------------------------- Mon Mar 2 08:26:08 UTC 2015 - mt@suse.de diff --git a/openvpn.spec b/openvpn.spec index 05e9e8e..ac7892c 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -32,7 +32,7 @@ Url: http://openvpn.net/ %else PreReq: %insserv_prereq %fillup_prereq %endif -Version: 2.3.6 +Version: 2.3.7 Release: 0 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1