Accepting request 1036732 from home:dirkmueller:Factory

- update to 2.5.8: * allow running a default configuration with TLS libraries without BF-CBC (even if TLS cipher negotiation would not actually use BF-CBC, the long-term compatibility "default cipher BF-CBC" would trigger an error on such TLS libraries) * ``--auth-nocache'' was not always correctly clearing username+password after a renegotiation * ensure that auth-token received from server is cleared if requested by the management interface ("forget password" or automatically via ``--management-forget-disconnect'') * in a setup without username+password, but with auth-token and auth-token-username pushed by the server, OpenVPN would start asking for username+password on token expiry. Fix. * using ``--auth-token`` together with ``--management-client-auth`` (on the server) would lead to TLS keys getting out of sync and client being disconnected. Fix. * management interface would sometimes get stuck if client and server try to write something simultaneously. Fix by allowing a limited level of recursion in virtual_output_callback() * fix management interface not returning ERROR:/SUCCESS: response on "signal SIGxxx" commands when in HOLD state * tls-crypt-v2: abort connection if client-key is too short * make man page agree with actual code on replay-window backtrag log message * remove useless empty line from CR_RESPONSE message OBS-URL: https://build.opensuse.org/request/show/1036732 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=181
2022-11-23 10:27:06 +00:00 · 2022-11-23 10:27:06 +00:00 · cb59f07662
commit cb59f07662
parent f4f04bce09
6 changed files with 48 additions and 20 deletions
--- a/openvpn-2.5.7.tar.gz
+++ b/openvpn-2.5.7.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:08340a389905c84196b6cd750add1bc0fa2d46a1afebfd589c24120946c13e68
 size 1855516
--- a/openvpn-2.5.7.tar.gz.asc
+++ b/openvpn-2.5.7.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEVmH/adZUFVhLcg/Ai3QXs+uzswkFAmKMneUACgkQi3QXs+uz
 swnI4w/7BJ86vNrXtEzxlYSCmC4q+fptZN4IAIJLQhAYMBqUZ+mDXePJk4lCYQiX
 vUKXUUPr5SSdR5no1mBgw5UFHBozuCEOPPK9m1UXDZaJqm7QYdJwhoqIeN/Cmft1
 aQq/1oPrKKAt6+SMpus2e2N+NhLiMWHXBn60Wo5sJlq1Y2flfQWiMzLG8K8a0HIQ
 j+Febq6yLLXK/P+CojJc+wB5+/y9BPCUgQoXwO3+I935llS1um9bA2VIdZ7WuLw6
 vOqeylJH5uFkGsbbtl8NHn7iQgRieeFgwIe67GTPgIok4/xtKeEF739BCJG+zuRT
 hD077gLwRW9hrUUozoLwhWv0H7LQXEeGgfufsfevaaKDFRU/53b6eT89Z1dVBqB2
 aY6ZqOtWaKIrolkszU1z3TriKTQgik+VqyBRJZ8Fhjh2yKAatj3kH9PdRKOcGC1g
 aMAEeP7laIylM9EuUwvpUw6J1Dg6rz5LjXvl3PRFnfFbQoD5C7sCiZgxSu+AjPNh
 7hijoCY7y2OJqYtOuWVL52BXAvG9is2GBAK2ap/Mk3Ixxa37VzqlZLjRUDYfktVM
 e6UMjB0JlhY8j1sItwC0tXDSSUW5MXre8RdIITWaV7QzBXhjuWh9wqDVkgtqADZ9
 +nVh7dwBp5C5PJfgwrwUsskBIPF+gXNuZhNJNqvgGzQ3EJHC5jM=
 =R9aX
 -----END PGP SIGNATURE-----
--- a/openvpn-2.5.8.tar.gz
+++ b/openvpn-2.5.8.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a6f315b7231d44527e65901ff646f87d7f07862c87f33531daa109fb48c53db2
 size 1875551
--- a/openvpn-2.5.8.tar.gz.asc
+++ b/openvpn-2.5.8.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEVmH/adZUFVhLcg/Ai3QXs+uzswkFAmNbl+IACgkQi3QXs+uz
 swmfqw/+I/X41ch6CudbrcmAvn83ja+ea1faFhWm1TNrK/Vf3shD30aeX7haCUYJ
 IMPV4d+OgQftceKlsRmTkLOJW7CsSws3lV1eAirIfrxtHDF73yRHd+mFaY6iycJG
 3Bm3P75FIlAo9e9huHun3quuSdr1m01+WNrJYdz2fS6SYV04KjnAaWrciJPCLXaE
 HayTSvCn8+agZUJWUvIPsTtq3lLcZMxdHRCFTekeiDVPmMhRKR1G5aqFu2GTJ9j/
 Z8jOPswuzfnVVDUWo3uehjfAEI1xmNlYlg46dn+uWyUiFXH++bzJ8FSFV4bK/0vf
 UahzAmWu2124J09Ij3O98gISk8j+1qAkVOlOvsZTf5y4eFR5Ef9CVWHgQ573a7QI
 nO9OudjnWvD47HudHN4npol15d9DZ8r6fR1eSqG7yP7r0L2ol1yHwO+CrFXTNJXa
 /LYq07iNnNzamskGshN09a0xLR4Uv2glxzuhplS91fquUgY1ykNLzbZ28QTjlKD8
 y5bJGU3wiQ057MVibfxfe3KCRRUAX3B3d340n7MxAIVraZT+gXof2+eVF+m/IK92
 mNSGHk0r530Gevwvnltexm7mqnw4sa30AgDLcAGJ7U8hmzX8bLIyHPgIrFL4j5r4
 EBtxcD8YBwt/MI2PwzJAuzmtQBqDeEXfRopxb5fKMDPkEXSwcvs=
 =jlvY
 -----END PGP SIGNATURE-----
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,3 +1,31 @@
 -------------------------------------------------------------------
 Fri Nov 18 21:40:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - update to 2.5.8:
  * allow running a default configuration with TLS libraries without BF-CBC
    (even if TLS cipher negotiation would not actually use BF-CBC, the
    long-term compatibility "default cipher BF-CBC" would trigger an error
    on such TLS libraries)
  * ``--auth-nocache'' was not always correctly clearing username+password
    after a renegotiation
  * ensure that auth-token received from server is cleared if requested
    by the management interface ("forget password" or automatically
    via ``--management-forget-disconnect'')
  * in a setup without username+password, but with auth-token and
    auth-token-username pushed by the server, OpenVPN would start asking
    for username+password on token expiry.  Fix.
  * using ``--auth-token`` together with ``--management-client-auth``
    (on the server) would lead to TLS keys getting out of sync and client
    being disconnected.  Fix.
  * management interface would sometimes get stuck if client and server
    try to write something simultaneously.  Fix by allowing a limited
    level of recursion in virtual_output_callback()
  * fix management interface not returning ERROR:/SUCCESS: response
    on "signal SIGxxx" commands when in HOLD state
  * tls-crypt-v2: abort connection if client-key is too short
  * make man page agree with actual code on replay-window backtrag log message
  * remove useless empty line from CR_RESPONSE message
 -------------------------------------------------------------------
 Mon Sep 12 15:31:52 UTC 2022 - Dirk Müller <dmueller@suse.com>
--- a/openvpn.spec
+++ b/openvpn.spec
@ -24,7 +24,7 @@
 %define _rundir %{_localstatedir}/run
 %endif
 Name:           openvpn
-Version:        2.5.7
+Version:        2.5.8
 Release:        0
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 License:        GPL-2.0-only WITH openvpn-openssl-exception