Accepting request 1036732 from home:dirkmueller:Factory

- update to 2.5.8: * allow running a default configuration with TLS libraries without BF-CBC (even if TLS cipher negotiation would not actually use BF-CBC, the long-term compatibility "default cipher BF-CBC" would trigger an error on such TLS libraries) * ``--auth-nocache'' was not always correctly clearing username+password after a renegotiation * ensure that auth-token received from server is cleared if requested by the management interface ("forget password" or automatically via ``--management-forget-disconnect'') * in a setup without username+password, but with auth-token and auth-token-username pushed by the server, OpenVPN would start asking for username+password on token expiry. Fix. * using ``--auth-token`` together with ``--management-client-auth`` (on the server) would lead to TLS keys getting out of sync and client being disconnected. Fix. * management interface would sometimes get stuck if client and server try to write something simultaneously. Fix by allowing a limited level of recursion in virtual_output_callback() * fix management interface not returning ERROR:/SUCCESS: response on "signal SIGxxx" commands when in HOLD state * tls-crypt-v2: abort connection if client-key is too short * make man page agree with actual code on replay-window backtrag log message * remove useless empty line from CR_RESPONSE message OBS-URL: https://build.opensuse.org/request/show/1036732 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=181
2022-11-23 10:27:06 +00:00 · 2022-11-23 10:27:06 +00:00 · cb59f07662
commit cb59f07662
parent f4f04bce09
6 changed files with 48 additions and 20 deletions
--- a/openvpn-2.5.7.tar.gz
+++ b/openvpn-2.5.7.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08340a389905c84196b6cd750add1bc0fa2d46a1afebfd589c24120946c13e68
-size 1855516
--- a/openvpn-2.5.7.tar.gz.asc
+++ b/openvpn-2.5.7.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEVmH/adZUFVhLcg/Ai3QXs+uzswkFAmKMneUACgkQi3QXs+uz
-swnI4w/7BJ86vNrXtEzxlYSCmC4q+fptZN4IAIJLQhAYMBqUZ+mDXePJk4lCYQiX
-vUKXUUPr5SSdR5no1mBgw5UFHBozuCEOPPK9m1UXDZaJqm7QYdJwhoqIeN/Cmft1
-aQq/1oPrKKAt6+SMpus2e2N+NhLiMWHXBn60Wo5sJlq1Y2flfQWiMzLG8K8a0HIQ
-j+Febq6yLLXK/P+CojJc+wB5+/y9BPCUgQoXwO3+I935llS1um9bA2VIdZ7WuLw6
-vOqeylJH5uFkGsbbtl8NHn7iQgRieeFgwIe67GTPgIok4/xtKeEF739BCJG+zuRT
-hD077gLwRW9hrUUozoLwhWv0H7LQXEeGgfufsfevaaKDFRU/53b6eT89Z1dVBqB2
-aY6ZqOtWaKIrolkszU1z3TriKTQgik+VqyBRJZ8Fhjh2yKAatj3kH9PdRKOcGC1g
-aMAEeP7laIylM9EuUwvpUw6J1Dg6rz5LjXvl3PRFnfFbQoD5C7sCiZgxSu+AjPNh
-7hijoCY7y2OJqYtOuWVL52BXAvG9is2GBAK2ap/Mk3Ixxa37VzqlZLjRUDYfktVM
-e6UMjB0JlhY8j1sItwC0tXDSSUW5MXre8RdIITWaV7QzBXhjuWh9wqDVkgtqADZ9
-+nVh7dwBp5C5PJfgwrwUsskBIPF+gXNuZhNJNqvgGzQ3EJHC5jM=
-=R9aX
-----END PGP SIGNATURE-----
--- a/openvpn-2.5.8.tar.gz
+++ b/openvpn-2.5.8.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a6f315b7231d44527e65901ff646f87d7f07862c87f33531daa109fb48c53db2
+size 1875551
--- a/openvpn-2.5.8.tar.gz.asc
+++ b/openvpn-2.5.8.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEVmH/adZUFVhLcg/Ai3QXs+uzswkFAmNbl+IACgkQi3QXs+uz
+swmfqw/+I/X41ch6CudbrcmAvn83ja+ea1faFhWm1TNrK/Vf3shD30aeX7haCUYJ
+IMPV4d+OgQftceKlsRmTkLOJW7CsSws3lV1eAirIfrxtHDF73yRHd+mFaY6iycJG
+3Bm3P75FIlAo9e9huHun3quuSdr1m01+WNrJYdz2fS6SYV04KjnAaWrciJPCLXaE
+HayTSvCn8+agZUJWUvIPsTtq3lLcZMxdHRCFTekeiDVPmMhRKR1G5aqFu2GTJ9j/
+Z8jOPswuzfnVVDUWo3uehjfAEI1xmNlYlg46dn+uWyUiFXH++bzJ8FSFV4bK/0vf
+UahzAmWu2124J09Ij3O98gISk8j+1qAkVOlOvsZTf5y4eFR5Ef9CVWHgQ573a7QI
+nO9OudjnWvD47HudHN4npol15d9DZ8r6fR1eSqG7yP7r0L2ol1yHwO+CrFXTNJXa
+/LYq07iNnNzamskGshN09a0xLR4Uv2glxzuhplS91fquUgY1ykNLzbZ28QTjlKD8
+y5bJGU3wiQ057MVibfxfe3KCRRUAX3B3d340n7MxAIVraZT+gXof2+eVF+m/IK92
+mNSGHk0r530Gevwvnltexm7mqnw4sa30AgDLcAGJ7U8hmzX8bLIyHPgIrFL4j5r4
+EBtxcD8YBwt/MI2PwzJAuzmtQBqDeEXfRopxb5fKMDPkEXSwcvs=
+=jlvY
+-----END PGP SIGNATURE-----
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Fri Nov 18 21:40:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.5.8:
+  * allow running a default configuration with TLS libraries without BF-CBC
+    (even if TLS cipher negotiation would not actually use BF-CBC, the
+    long-term compatibility "default cipher BF-CBC" would trigger an error
+    on such TLS libraries)
+  * ``--auth-nocache'' was not always correctly clearing username+password
+    after a renegotiation
+  * ensure that auth-token received from server is cleared if requested
+    by the management interface ("forget password" or automatically
+    via ``--management-forget-disconnect'')
+  * in a setup without username+password, but with auth-token and
+    auth-token-username pushed by the server, OpenVPN would start asking
+    for username+password on token expiry.  Fix.
+  * using ``--auth-token`` together with ``--management-client-auth``
+    (on the server) would lead to TLS keys getting out of sync and client
+    being disconnected.  Fix.
+  * management interface would sometimes get stuck if client and server
+    try to write something simultaneously.  Fix by allowing a limited
+    level of recursion in virtual_output_callback()
+  * fix management interface not returning ERROR:/SUCCESS: response
+    on "signal SIGxxx" commands when in HOLD state
+  * tls-crypt-v2: abort connection if client-key is too short
+  * make man page agree with actual code on replay-window backtrag log message
+  * remove useless empty line from CR_RESPONSE message
+
 -------------------------------------------------------------------
 Mon Sep 12 15:31:52 UTC 2022 - Dirk Müller <dmueller@suse.com>

--- a/openvpn.spec
+++ b/openvpn.spec
@ -24,7 +24,7 @@
 %define _rundir %{_localstatedir}/run
 %endif
 Name:           openvpn
-Version:        2.5.7
+Version:        2.5.8
 Release:        0
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 License:        GPL-2.0-only WITH openvpn-openssl-exception