- Update to version 2.3.11
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data
* Fix undefined signed shift overflow
* Ensure input read using systemd-ask-password is null terminated
* Support reading the challenge-response from console
* hardening: add safe FD_SET() wrapper openvpn_fd_set()
* Restrict default TLS cipher list
- Add BuildRequires on xz for SLE11
OBS-URL: https://build.opensuse.org/request/show/394676
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=105
- Update to version 2.3.10
* Warn user if their certificate has expired
* Fix regression in setups without a client certificate
- Update to version 2.3.9
* Show extra-certs in current parameters.
* Do not set the buffer size by default but rely on the operation system default.
* Remove --enable-password-save option
* Detect config lines that are too long and give a warning/error
* Log serial number of revoked certificate
* Avoid partial authentication state when using --disabled in CCD configs
* Replace unaligned 16bit access to TCP MSS value with bytewise access
* Fix possible heap overflow on read accessing getaddrinfo() result.
* Fix isatty() check for good. (obsoletes revert-daemonize.patch)
* Client-side part for server restart notification
* Fix privilege drop if first connection attempt fails
* Support for username-only auth file.
* Increase control channel packet size for faster handshakes
* hardening: add insurance to exit on a failed ASSERT()
* Fix memory leak in auth-pam plugin
* Fix (potential) memory leak in init_route_list()
* Fix unintialized variable in plugin_vlog()
* Add macro to ensure we exit on fatal errors
* Fix memory leak in add_option() by simplifying get_ipv6_addr
* openssl: properly check return value of RAND_bytes()
* Fix rand_bytes return value checking
* Fix "White space before end tags can break the config parser"
OBS-URL: https://build.opensuse.org/request/show/351949
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=103
- Update to version 2.3.8
* Report missing endtags of inline files as warnings
* Fix commit e473b7c if an inline file happens to have a
line break exactly at buffer limit
* Produce a meaningful error message if --daemon gets in the way of
asking for passwords.
* Document --daemon changes and consequences (--askpass, --auth-nocache)
* Del ipv6 addr on close of linux tun interface
* Fix --askpass not allowing for password input via stdin
* Write pid file immediately after daemonizing
* Fix regression: query password before becoming daemon
* Fix using management interface to get passwords
* Fix overflow check in openvpn_decrypt()
OBS-URL: https://build.opensuse.org/request/show/320680
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=94
- Update to version 2.3.7
* down-root plugin: Replaced system() calls with execve()
* sockets: Remove the limitation of --tcp-nodelay to be server-only
* pkcs11: Load p11-kit-proxy.so module by default
* New approach to handle peer-id related changes to link-mtu
* Fix incorrect use of get_ipv6_addr() for iroute options
* Print helpful error message on --mktun/--rmtun if not available
* Explain effect of --topology subnet on --ifconfig
* Add note about file permissions and --crl-verify to manpage
* Repair --dev null breakage caused by db950be85d37
* Correct note about DNS randomization in openvpn.8
* Disallow usage of --server-poll-timeout in --secret key mode
* Slightly enhance documentation about --cipher
* On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo()
* Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo()
* Fix --redirect-private in --dev tap mode
* Updated manpage for --rport and --lport
* Properly escape dashes on the man-page
* Improve documentation in --script-security section of the man-page
* Really fix '--cipher none' regression
* Set tls-version-max to 1.1 if cryptoapicert is used
* Account for peer-id in frame size calculation
* Disable SSL compression
* Fix frame size calculation for non-CBC modes.
* Allow for CN/username of 64 characters (fixes off-by-one)
* Re-enable TLS version negotiation by default
* Remove size limit for files inlined in config
* Improve --tls-cipher and --show-tls man page description
* Re-read auth-user-pass file on (re)connect if required
* Clarify --capath option in manpage
OBS-URL: https://build.opensuse.org/request/show/313671
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=92
- Fixed to enable systemd support in configure
- Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group.
- Added openvpn.target file allowing to handle all instances at once.
- Fixed to install the service template correctly as openvpn@.service.
Use "systemctl enable openvpn@foo.service" to enable instance using
/etc/openvpn/foo.conf.
- Disabled systemd variant of restart on update rpm macro, adopted other
macros to use openvpn.target to e.g. stop all instances on uninstall.
OBS-URL: https://build.opensuse.org/request/show/173037
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=46
- Fixed to install the service template correctly as openvpn@.service.
Use "systemctl enable openvpn@foo.service" to enable instance using
/etc/openvpn/foo.conf.
- Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group.
- Disabled all systemd post install macros trying to use not existing
openvpn.service file.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=57
