Accepting request 21597 from network

Copy from network/openvpn based on submit request 21597 from user mtomaschewski OBS-URL: https://build.opensuse.org/request/show/21597 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=13
2009-10-03 01:40:21 +00:00 · 2009-10-03 01:40:21 +00:00 · 52de9bf7fb
commit 52de9bf7fb
parent 9bca38bf3c
3 changed files with 10 additions and 235 deletions
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct  2 15:14:51 CEST 2009 - mt@suse.de
+
+- Added network-remotefs to init script dependencies (bnc#522279).
+
 -------------------------------------------------------------------
 Wed Jun 10 10:24:06 CEST 2009 - mt@suse.de

--- a/openvpn.init
+++ b/openvpn.init
@ -15,9 +15,9 @@
 ### BEGIN INIT INFO
 # Provides:			openvpn
 # Required-Start:		$local_fs $remote_fs $network
-# Should-Start:			$syslog $time $named
+# Should-Start:			$syslog $time $named network-remotefs
 # Required-Stop:		$local_fs $remote_fs $network
-# Should-Stop:			$syslog $time $named
+# Should-Stop:			$syslog $time $named network-remotefs
 # Default-Start:		3 5
 # Default-Stop:			0 1 2 6
 # Short-Description:		OpenVPN tunnel
--- a/openvpn.spec
+++ b/openvpn.spec
@ -28,7 +28,7 @@ AutoReqProv:    on
 PreReq:         %insserv_prereq %fillup_prereq
 %endif
 Version:        2.1.0.18
-Release:        1
+Release:        2
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 Source:         http://openvpn.net/release/openvpn-%{upstream_version}.tar.gz
 Source1:        http://openvpn.net/signatures/openvpn-%{upstream_version}.tar.gz.asc
@ -72,7 +72,7 @@ Authors:
    James Yonan <jim@yonan.net>

 %package down-root-plugin
-License:        GPL v2 or later; LGPL v2.1 or later
+License:        GPL v2 or later ; LGPL v2.1 or later
 Summary:        OpenVPN down-root plugin
 Group:          Productivity/Networking/Security
 AutoReqProv:    on
@ -97,7 +97,7 @@ Authors:
    James Yonan <jim@yonan.net>

 %package auth-pam-plugin
-License:        GPL v2 or later; LGPL v2.1 or later
+License:        GPL v2 or later ; LGPL v2.1 or later
 Summary:        OpenVPN auth-pam plugin
 Group:          Productivity/Networking/Security
 AutoReqProv:    on
@ -221,233 +221,3 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
 %{plugin_libdir}/openvpn-auth-pam.so

 %changelog
-* Wed Jun 10 2009 mt@suse.de
- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289).
- Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558).
- Adopted spec file and patches, improved init script.
- Disabled installation of easy-rsa for Windows.
-* Tue Feb 17 2009 mt@suse.de
- Improved init script to show config name in action messages
-  and allow to specify a config name in the second argument.
-* Mon Dec 01 2008 mt@suse.de
- Removed restart_on_update rpm install hook that may break the
-  update process, e.g. when openvpn asks for auth data or the
-  update process is running over the tunnel (bnc#450390).
-* Tue Oct 28 2008 mt@suse.de
- Fixed init script to handle pid files correctly (bnc#435421).
-* Thu May 29 2008 mt@suse.de
- Added $time $named to Should-Start in the init script to avoid
-  time related certificate errors and name resolving problems.
- Added iproute2 to BuildRequires to avoid openvpn rely on PATH.
-* Mon May 26 2008 mt@suse.de
- Reverted init script changes adding startproc, since they break
-  user auth query and multiple tunnels (bnc#394360, bnc#394353).
-* Thu May 22 2008 mt@suse.de
- Added -lpam to LDFLAGS of openvpn, because linking the openvpn
-  auth-pam plugin against pam is not sufficient. Many pam modules
-  that are loaded by pam during the authentication process are not
-  linked against pam and contain undefined symbols, causing the
-  authentication to fail (bnc#334773).
- Replaced patch loading plugins from /usr/%%_lib/openvpn/plugin/lib
-  with -rpath linker flags (bnc#334773).
- Fixed init script to use startproc to return 0 when started twice.
-* Tue Feb 19 2008 mt@suse.de
- Fixed spec file to not set pie flags when building plugins
-* Thu Jan 17 2008 mt@suse.de
- Bug #334773: Enabled build of down-root and auth-pam plugins,
-  sub-packaged as openvpn-auth-pam-plugin/down-root-plugin.
- Added patch to load plugins from /usr/%%_lib/openvpn/plugin/lib
-  first, when the plugin name is specified as basename only.
- Added patch adoptiong plugin path informations in openvpn.8.
- Added patch to build plugins with RPM_OPT_FLAGS.
- Fixed init script to use Should-Start/Stop LSB info tags.
- Bug #343106: Enabled iproute2 support / usage
-* Mon Jun 04 2007 mt@suse.de
- fixed easy-rsa installation (no exec in doc directory)
- improved spec to use configure directory variables and
-  cleaned up macro calls in RPM pre/post scripts.
- fixed openvpn binary check in the init script.
-* Fri Oct 27 2006 mt@suse.de
- upstream 2.0.9, Windows related fixes only
-  * Windows installer updated with OpenSSL 0.9.7l DLLs to fix
-  published vulnerabilities.
-  * Fixed TAP-Win32 bug that caused BSOD on Windows Vista
-  (Henry Nestler).  The TAP-Win32 driver has now been
-  upgraded to version 8.4.
-* Wed Sep 27 2006 poeml@suse.de
- upstream 2.0.8
-  * Windows installer updated with OpenSSL 0.9.7k DLLs to fix
-  RSA Signature Forgery (CVE-2006-4339).
-  * No changes to OpenVPN source code between 2.0.7 and 2.0.8.
-* Fri Jun 23 2006 poeml@suse.de
- upstream 2.0.7, with bug fixes:
-  * When deleting routes under Linux, use the route metric
-  as a differentiator to ensure that the route teardown
-  process only deletes the identical route which was originally
-  added via the "route" directive (Roy Marples).
-  * Fixed bug where --server directive in --dev tap mode
-  claimed that it would support subnets of /30 or less
-  but actually would only accept /29 or less.
-  * Extend byte counters to 64 bits (M. van Cuijk).
-  * Better sanity checking of --server and --server-bridge
-  IP pool ranges, so as not to hit the assertion at
-  pool.c:119 (2.0.5).
-  * Fixed bug where --daemon and --management-query-passwords
-  used together would cause OpenVPN to block prior to
-  daemonization.
-  * Fixed client/server race condition which could occur
-  when --auth-retry interact is set and the initially
-  provided auth-user-pass credentials are incorrect,
-  forcing a username/password re-query.
-  * Fixed bug where if --daemon and --management-hold are
-  used together, --user or --group options would be ignored.
-  * fix for CVE-2006-1629 integrated (disallow "setenv" to be pushed
-  to clients from the server)
- build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
-* Wed Apr 19 2006 poeml@suse.de
- security fix (CVE-2006-1629): disallow "setenv" to be pushed to
-  clients from the server [#165123]
-* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
-* Thu Nov 03 2005 poeml@suse.de
- update to 2.0.5, with two security fixes -- see below. [#132003]
-  2005.11.02 -- Version 2.0.5
-  * Fixed bug in Linux get_default_gateway function
-  introduced in 2.0.4, which would cause redirect-gateway
-  on Linux clients to fail.
-  * Restored easy-rsa/2.0 tree (backported from 2.1 beta
-  series) which accidentally disappeared in
-  2.0.2 -> 2.0.4 transition.
-  2005.11.01 -- Version 2.0.4
-  * Security fix -- Affects non-Windows OpenVPN clients of
-  version 2.0 or higher which connect to a malicious or
-  compromised server.  A format string vulnerability
-  in the foreign_option function in options.c could
-  potentially allow a malicious or compromised server
-  to execute arbitrary code on the client.  Only
-  non-Windows clients are affected.  The vulnerability
-  only exists if (a) the client's TLS negotiation with
-  the server succeeds, (b) the server is malicious or
-  has been compromised such that it is configured to
-  push a maliciously crafted options string to the client,
-  and (c) the client indicates its willingness to accept
-  pushed options from the server by having "pull" or
-  "client" in its configuration file (Credit: Vade79).
-  CVE-2005-3393
-  * Security fix -- Potential DoS vulnerability on the
-  server in TCP mode.  If the TCP server accept() call
-  returns an error status, the resulting exception handler
-  may attempt to indirect through a NULL pointer, causing
-  a segfault.  Affects all OpenVPN 2.0 versions.
-  CVE-2005-3409
-  * Fix attempt of assertion at multi.c:1586 (note that
-  this precise line number will vary across different
-  versions of OpenVPN).
-  * Added ".PHONY: plugin" to Makefile.am to work around
-  "make dist" issue.
-  * Fixed double fork issue that occurs when --management-hold
-  is used.
-  * Moved TUN/TAP read/write log messages from --verb 8 to 6.
-  * Warn when multiple clients having the same common name or
-  username usurp each other when --duplicate-cn is not used.
-  * Modified Windows and Linux versions of get_default_gateway
-  to return the route with the smallest metric
-  if multiple 0.0.0.0/0.0.0.0 entries are present.
-  2005.09.25 -- Version 2.0.3-rc1
-  * openvpn_plugin_abort_v1 function wasn't being properly
-  registered on Windows.
-  * Fixed a bug where --mode server --proto tcp-server --cipher none
-  operation could cause tunnel packet truncation.
-* Tue Aug 30 2005 poeml@suse.de
- update to 2.0.2 [#106258] relevant changes:
-  * Fixed bug where "--proto tcp-server --mode p2p --management
-  host port" would cause the management port to not respond until
-  the OpenVPN peer connects.
-  * Modified pkitool script to be /bin/sh compatible (Johnny Lam).
-* Tue Aug 23 2005 poeml@suse.de
- update to 2.0.1 [#106258]
-  * Security Fix -- DoS attack against server when run with "verb 0" and
-  without "tls-auth".  If a client connection to the server fails
-  certificate verification, the OpenSSL error queue is not properly
-  flushed, which can result in another unrelated client instance on the
-  server seeing the error and responding to it, resulting in disconnection
-  of the unrelated client (CAN-2005-2531).
-  * Security Fix -- DoS attack against server by authenticated client.
-  This bug presents a potential DoS attack vector against the server
-  which can only be initiated by a connected and authenticated client.
-  If the client sends a packet which fails to decrypt on the server,
-  the OpenSSL error queue is not properly flushed, which can result in
-  another unrelated client instance on the server seeing the error and
-  responding to it, resulting in disconnection of the unrelated client
-  (CAN-2005-2532).
-  * Security Fix -- DoS attack against server by authenticated client.
-  A malicious client in "dev tap" ethernet bridging mode could
-  theoretically flood the server with packets appearing to come from
-  hundreds of thousands of different MAC addresses, causing the OpenVPN
-  process to deplete system virtual memory as it expands its internal
-  routing table.  A --max-routes-per-client directive has been added
-  (default=256) to limit the maximum number of routes in OpenVPN's
-  internal routing table which can be associated with a given client
-  (CAN-2005-2533).
-  * Security Fix -- DoS attack against server by authenticated client.
-  If two or more client machines try to connect to the server at the
-  same time via TCP, using the same client certificate, and when
-    --duplicate-cn is not enabled on the server, a race condition can
-  crash the server with "Assertion failed at mtcp.c:411"
-  (CAN-2005-2534).
-  * Fixed server bug where under certain circumstances, the client instance
-  object deletion function would try to delete iroutes which had never been
-  added in the first place, triggering "Assertion failed at mroute.c:349".
-  * Added --auth-retry option to prevent auth errors from being fatal
-  on the client side, and to permit username/password requeries in case
-  of error.  Also controllable via new "auth-retry" management interface
-  command.  See man page for more info.
-  * Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0
-  * Fixed bug in openvpn.spec where rpmbuild --define 'without_pam 1'
-  would fail to build.
-  * Implement "make check" to perform loopback tests (Matthias Andree).
- drop obsolete patch which fixed finding lzo libraries
-* Tue Jun 28 2005 mrueckert@suse.de
- The previous patch didnt work with lzo1 based distros. Fixed.
-* Tue Jun 28 2005 cthiel@suse.de
- fixed build with lzo2 (added lzo2.diff)
-* Thu Jun 23 2005 ro@suse.de
- build with fPIE/pie
-* Thu Jun 02 2005 hvogel@suse.de
- lzo headers are in a subdirectory now
-* Tue Apr 19 2005 cthiel@suse.de
- update to 2.0
-* Thu Feb 17 2005 poeml@suse.de
- update to 2.0_rc14
- add README.SUSE
-* Fri Jan 28 2005 poeml@suse.de
- update to 2.0_rc10
-* Wed Dec 29 2004 poeml@suse.de
- update to 2.0_rc6
-* Wed Dec 29 2004 poeml@suse.de
- update to 2.0_rc1 (closing #45979)
-  IMPORTANT: OpenVPN's default port number is now 1194, based on an
-  official port number assignment by IANA.  OpenVPN 2.0-beta16 and
-  earlier used 5000 as the default port.
-  -> see http://openvpn.net/20notes.html
- remove lzo sources, which come in a separate package since 9.2
-* Mon Jul 26 2004 poeml@suse.de
- update to 1.6_rc4
- bzip2 sources
-* Sun Jan 11 2004 adrian@suse.de
- build as user
-* Tue Dec 16 2003 wengel@suse.de
- update to version 1.5.0
-* Sun Sep 07 2003 poeml@suse.de
- add an init script
- use RPM_OPT_FLAGS
- add /var/run/openvpn directory for pid files
-* Thu Jul 31 2003 wengel@suse.de
- update to new version -> 1.4.2
-* Tue May 27 2003 coolo@suse.de
- use BuildRoot
- package a bit more straightforward
-* Mon May 19 2003 wengel@suse.de
- update to version 1.4.1
-* Mon Jan 20 2003 wengel@suse.de
- initial package